diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-03-03 12:40:04 +0000 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-03-03 12:40:04 +0000 |
| commit | cb71628f67e12081db2449eff83667e2a832f495 (patch) | |
| tree | 77ff69744751c5fe9b3f99ad04010fb3d5f98cd0 | |
| parent | 42730360196f1aaafaebb955c1a0a66a185e61ec (diff) | |
| download | rsyslog-cb71628f67e12081db2449eff83667e2a832f495.tar.gz rsyslog-cb71628f67e12081db2449eff83667e2a832f495.tar.xz rsyslog-cb71628f67e12081db2449eff83667e2a832f495.zip | |
fixed newly introduced bugs in imgssapi and imtcp and their helpers now
plain tcp works again
| -rw-r--r-- | obj.c | 8 | ||||
| -rw-r--r-- | plugins/imgssapi/imgssapi.c | 69 | ||||
| -rw-r--r-- | plugins/imtcp/imtcp.c | 11 | ||||
| -rw-r--r-- | queue.c | 6 | ||||
| -rw-r--r-- | rsyslog.h | 1 | ||||
| -rw-r--r-- | tcps_sess.c | 5 | ||||
| -rw-r--r-- | tcpsrv.c | 46 |
7 files changed, 91 insertions, 55 deletions
@@ -176,8 +176,11 @@ DestructObjSelf(obj_t *pThis) DEFiRet; ISOBJ_assert(pThis); - if(pThis->pszName != NULL) + if(pThis->pszName != NULL) { +RUNLOG_VAR("%p", pThis->pszName); free(pThis->pszName); +RUNLOG; + } RETiRet; } @@ -917,8 +920,10 @@ SetName(obj_t *pThis, uchar *pszName) if(pThis->pszName == NULL) ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); +RUNLOG_VAR("%s", pThis->pszName); finalize_it: +RUNLOG_VAR("%d", iRet); RETiRet; } @@ -949,6 +954,7 @@ GetName(obj_t *pThis) } else { ret = pThis->pszName; } +RUNLOG_VAR("%s", pThis->pszName); } else { ret = pThis->pszName; } diff --git a/plugins/imgssapi/imgssapi.c b/plugins/imgssapi/imgssapi.c index bfda9dc4..dccc9172 100644 --- a/plugins/imgssapi/imgssapi.c +++ b/plugins/imgssapi/imgssapi.c @@ -58,8 +58,6 @@ MODULE_TYPE_INPUT -int bEnableTCP; - /* defines */ #define ALLOWEDMETHOD_GSS 2 #define ALLOWEDMETHOD_TCP 1 @@ -128,6 +126,12 @@ finalize_it: } +/* Destruct the user session pointer for a GSSAPI session. Please note + * that it *is* valid to receive a NULL user pointer. In this case, the + * sessions is to be torn down before it was fully initialized. This + * happens in error cases, e.g. when the host ACL did not match. + * rgerhards, 2008-03-03 + */ static rsRetVal OnSessDestruct(void *ppUsr) { @@ -135,7 +139,9 @@ OnSessDestruct(void *ppUsr) gss_sess_t **ppGSess = (gss_sess_t**) ppUsr; assert(ppGSess != NULL); - assert(*ppGSess != NULL); + if(*ppGSess == NULL) + FINALIZE; + //assert(*ppGSess != NULL); if((*ppGSess)->allowedMethods & ALLOWEDMETHOD_GSS) { OM_uint32 maj_stat, min_stat; @@ -147,10 +153,14 @@ OnSessDestruct(void *ppUsr) free(*ppGSess); *ppGSess = NULL; +finalize_it: RETiRet; } +/* Check if the host is permitted to send us messages. + * Note: the pUsrSess may be zero if the server is running in tcp-only mode! + */ static int isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void *pUsrSrv, void*pUsrSess) { @@ -158,19 +168,20 @@ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void *pUsrSrv, void*p gss_sess_t *pGSess; char allowedMethods = 0; + BEGINfunc assert(pUsrSrv != NULL); - assert(pUsrSess != NULL); pGSrv = (gsssrv_t*) pUsrSrv; pGSess = (gss_sess_t*) pUsrSess; - if((bEnableTCP & ALLOWEDMETHOD_TCP) && - isAllowedSender(pAllowedSenders_TCP, (struct sockaddr *)&addr, (char*)fromHostFQDN)) + if((pGSrv->allowedMethods & ALLOWEDMETHOD_TCP) && + isAllowedSender(pAllowedSenders_TCP, addr, (char*)fromHostFQDN)) allowedMethods |= ALLOWEDMETHOD_TCP; - if((bEnableTCP & ALLOWEDMETHOD_GSS) && - isAllowedSender(pAllowedSenders_GSS, (struct sockaddr *)&addr, (char*)fromHostFQDN)) + if((pGSrv->allowedMethods & ALLOWEDMETHOD_GSS) && + isAllowedSender(pAllowedSenders_GSS, addr, (char*)fromHostFQDN)) allowedMethods |= ALLOWEDMETHOD_GSS; - if(allowedMethods) + if(allowedMethods && pGSess != NULL) pGSess->allowedMethods = allowedMethods; + ENDfunc return allowedMethods; } @@ -182,10 +193,14 @@ onSessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) pGSrv = (gsssrv_t*) pThis->pUsr; - if(pGSrv->allowedMethods & ALLOWEDMETHOD_GSS) + if(pGSrv->allowedMethods & ALLOWEDMETHOD_GSS) { +RUNLOG; iRet = OnSessAcceptGSS(pThis, ppSess, fd); - else + } else { +RUNLOG; iRet = tcpsrv.SessAccept(pThis, ppSess, fd); +RUNLOG_VAR("%d", (*ppSess)->sock); + } RETiRet; } @@ -276,7 +291,7 @@ doRcvData(tcps_sess_t *pSess, char *buf, size_t lenBuf) allowedMethods = pGSess->allowedMethods; if(allowedMethods & ALLOWEDMETHOD_GSS) - state = TCPSessGSSRecv(pSess, buf, lenBuf); //XXX + state = TCPSessGSSRecv(pSess, buf, lenBuf); else state = recv(pSess->sock, buf, lenBuf, 0); return state; @@ -308,7 +323,6 @@ addGSSListener(void __attribute__((unused)) *pVal, uchar *pNewVal) CHKiRet(tcpsrv.SetCBIsPermittedHost(pOurTcpsrv, isPermittedHost)); CHKiRet(tcpsrv.SetCBRcvData(pOurTcpsrv, doRcvData)); CHKiRet(tcpsrv.SetCBOpenLstnSocks(pOurTcpsrv, doOpenLstnSocks)); - //CHKiRet(tcpsrv.SetCBOnListenDeinit(pOurTcpsrv, )); CHKiRet(tcpsrv.SetCBOnSessAccept(pOurTcpsrv, onSessAccept)); CHKiRet(tcpsrv.SetCBOnRegularClose(pOurTcpsrv, onRegularClose)); CHKiRet(tcpsrv.SetCBOnErrClose(pOurTcpsrv, onErrClose)); @@ -364,7 +378,6 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) gss_buffer_desc send_tok, recv_tok; gss_name_t client; OM_uint32 maj_stat, min_stat, acc_sec_min_stat; - int iSess; gss_ctx_id_t *context; OM_uint32 *sess_flags; int fdSess; @@ -375,8 +388,8 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) assert(ppSess != NULL); - if((iSess = tcpsrv.SessAccept(pThis, &pSess, fd)) == -1) - ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes + /* first do the usual coding */ + CHKiRet(tcpsrv.SessAccept(pThis, &pSess, fd)); pGSrv = (gsssrv_t*) pThis->pUsr; pGSess = (gss_sess_t*) pSess->pUsr; @@ -388,7 +401,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) char buf[MAXLINE]; int ret = 0; - dbgprintf("GSS-API Trying to accept TCP session %d\n", iSess); + dbgprintf("GSS-API Trying to accept TCP session %p\n", pSess); fdSess = pSess->sock; // TODO: method access! if (allowedMethods & ALLOWEDMETHOD_TCP) { @@ -404,7 +417,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) ret = select(fdSess + 1, &fds, NULL, NULL, &tv); } while (ret < 0 && errno == EINTR); if (ret < 0) { - logerrorInt("TCP session %d will be closed, error ignored\n", iSess); + logerrorVar("TCP session %p will be closed, error ignored\n", pSess); tcps_sess.Close(pSess); ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes // was: return -1; @@ -422,7 +435,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) if (ret == 0) dbgprintf("GSS-API Connection closed by peer\n"); else - logerrorInt("TCP(GSS) session %d will be closed, error ignored\n", iSess); + logerrorVar("TCP(GSS) session %p will be closed, error ignored\n", pSess); tcps_sess.Close(pSess); ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes // was: return -1; @@ -445,7 +458,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) if (ret == 0) dbgprintf("GSS-API Connection closed by peer\n"); else - logerrorInt("TCP session %d will be closed, error ignored\n", iSess); + logerrorVar("TCP session %p will be closed, error ignored\n", pSess); tcps_sess.Close(pSess); ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes //was: return -1; @@ -470,7 +483,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) sess_flags = &pGSess->gss_flags; do { if (recv_token(fdSess, &recv_tok) <= 0) { - logerrorVar("TCP session %d will be closed, error ignored\n", iSess); + logerrorVar("TCP session %p will be closed, error ignored\n", pSess); tcps_sess.Close(pSess); ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes //was: return -1; @@ -491,9 +504,9 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) dbgprintf("GSS-API Reverting to plain TCP\n"); dbgprintf("tcp session socket with new data: #%d\n", fdSess); if(tcps_sess.DataRcvd(pSess, buf, ret) == 0) { - logerrorVar("Tearing down TCP Session %d - see " + logerrorVar("Tearing down TCP Session %p - see " "previous messages for reason(s)\n", - iSess); + pSess); tcps_sess.Close(pSess); ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes //was: return -1; @@ -510,7 +523,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) if (send_tok.length != 0) { if (send_token(fdSess, &send_tok) < 0) { gss_release_buffer(&min_stat, &send_tok); - logerrorVar("TCP session %d will be closed, error ignored\n", iSess); + logerrorVar("TCP session %p will be closed, error ignored\n", pSess); if (*context != GSS_C_NO_CONTEXT) gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER); tcps_sess.Close(pSess); @@ -541,7 +554,7 @@ finalize_it: } -/* returns: ? +/* returns: number of bytes read or -1 on error * Replaces recv() for gssapi connections. */ int TCPSessGSSRecv(tcps_sess_t *pSess, void *buf, size_t buf_len) @@ -647,7 +660,8 @@ ENDwillRun BEGINmodExit CODESTARTmodExit - iRet = tcpsrv.Destruct(&pOurTcpsrv); + if(pOurTcpsrv != NULL) + iRet = tcpsrv.Destruct(&pOurTcpsrv); TCPSessGSSDeinit(); ENDmodExit @@ -707,7 +721,8 @@ CHKiRet(objGetObjInterface(&obj)); /* get ourselves ;) */ // TODO: framework mus CHKiRet(objUse(tcpsrv, "tcpsrv")); /* register config file handlers */ - CHKiRet(omsdRegCFSLineHdlr((uchar *)"permitplaintcp", 0, eCmdHdlrBinary, +dbgprintf("imgssapi starting up\n"); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"inputgssserverpermitplaintcp", 0, eCmdHdlrBinary, NULL, &bPermitPlainTcp, STD_LOADABLE_MODULE_ID)); CHKiRet(omsdRegCFSLineHdlr((uchar *)"inputgssserverrun", 0, eCmdHdlrGetWord, addGSSListener, NULL, STD_LOADABLE_MODULE_ID)); diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c index efdc3e9c..9ef186b4 100644 --- a/plugins/imtcp/imtcp.c +++ b/plugins/imtcp/imtcp.c @@ -78,7 +78,7 @@ static rsRetVal onSessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) { DEFiRet; - tcpsrv.SessAccept(pThis, ppSess, fd); + iRet = tcpsrv.SessAccept(pThis, ppSess, fd); RETiRet; } @@ -183,13 +183,8 @@ ENDafterRun BEGINmodExit CODESTARTmodExit - iRet = tcpsrv.Destruct(&pOurTcpsrv); -#if 0 // TODO: remove - /* Close the TCP inet socket. */ - if(sockTCPLstn != NULL && *sockTCPLstn) { - deinit_tcp_listener(); - } -#endif + if(pOurTcpsrv != NULL) + iRet = tcpsrv.Destruct(&pOurTcpsrv); ENDmodExit @@ -1556,7 +1556,11 @@ queueIsIdleDA(queue_t *pThis) static int queueIsIdleReg(queue_t *pThis) { - return(queueGetOverallQueueSize(pThis) == 0 || (pThis->bRunsDA && queueGetOverallQueueSize(pThis) <= pThis->iLowWtrMrk)); + //return(queueGetOverallQueueSize(pThis) == 0 || (pThis->bRunsDA && queueGetOverallQueueSize(pThis) <= pThis->iLowWtrMrk)); + int ret; + ret = queueGetOverallQueueSize(pThis) == 0 || (pThis->bRunsDA && queueGetOverallQueueSize(pThis) <= pThis->iLowWtrMrk); + if(ret) fprintf(stderr, "queue is idle\n"); + return ret; } @@ -137,6 +137,7 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_NOT_A_NUMBER = -2060, /**< e.g. conversion impossible because the string is not a number */ RS_RET_OBJ_ALREADY_REGISTERED = -2061, /**< object (name) is already registered */ RS_RET_OBJ_REGISTRY_OUT_OF_SPACE = -2062, /**< the object registry has run out of space */ + RS_RET_HOST_NOT_PERMITTED = -2063, /**< a host is not permitted to perform an action it requested */ /* RainerScript error messages (range 1000.. 1999) */ RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */ diff --git a/tcps_sess.c b/tcps_sess.c index 56b7d9a5..c8ee4d67 100644 --- a/tcps_sess.c +++ b/tcps_sess.c @@ -71,6 +71,7 @@ static rsRetVal tcps_sessConstructFinalize(tcps_sess_t __attribute__((unused)) *pThis) { DEFiRet; +RUNLOG_VAR("%p", pThis->objData.pszName); ISOBJ_TYPE_assert(pThis, tcps_sess); if(pThis->pSrv->OnSessConstructFinalize != NULL) { CHKiRet(pThis->pSrv->OnSessConstructFinalize(&pThis->pUsr)); @@ -84,6 +85,7 @@ finalize_it: /* destructor for the tcps_sess object */ BEGINobjDestruct(tcps_sess) /* be sure to specify the object type also in END and CODESTART macros! */ CODESTARTobjDestruct(tcps_sess) +RUNLOG_VAR("%p", pThis->objData.pszName); if(pThis->pSrv->pOnSessDestruct != NULL) { pThis->pSrv->pOnSessDestruct(&pThis->pUsr); } @@ -107,6 +109,7 @@ SetHost(tcps_sess_t *pThis, uchar *pszHost) DEFiRet; ISOBJ_TYPE_assert(pThis, tcps_sess); +RUNLOG_VAR("%p", pThis->objData.pszName); if(pThis->fromHost != NULL) { free(pThis->fromHost); @@ -144,9 +147,11 @@ static rsRetVal SetTcpsrv(tcps_sess_t *pThis, tcpsrv_t *pSrv) { DEFiRet; +RUNLOG_VAR("%p", pThis->objData.pszName); ISOBJ_TYPE_assert(pThis, tcps_sess); ISOBJ_TYPE_assert(pSrv, tcpsrv); pThis->pSrv = pSrv; +RUNLOG_VAR("%p", pThis->objData.pszName); RETiRet; } @@ -420,13 +420,13 @@ static int *create_tcp_socket(tcpsrv_t *pThis) * If it does not succeed, no session is created and ppSess is * undefined. -- rgerhards, 2008-03-02 */ -static int +static rsRetVal SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) { DEFiRet; int newConn; - int iSess; + int iSess = -1; struct sockaddr_storage addr; socklen_t addrlen = sizeof(struct sockaddr_storage); uchar fromHost[NI_MAXHOST]; @@ -434,10 +434,12 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) ISOBJ_TYPE_assert(pThis, tcpsrv); +RUNLOG_VAR("%p", pThis->pUsr); newConn = accept(fd, (struct sockaddr*) &addr, &addrlen); if (newConn < 0) { logerror("tcp accept, ignoring error and connection request"); - return -1; + ABORT_FINALIZE(RS_RET_ERR); // TODO: better error code + //was: return -1; } /* Add to session list */ @@ -446,13 +448,16 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) errno = 0; logerror("too many tcp sessions - dropping incoming request"); close(newConn); - return -1; + ABORT_FINALIZE(RS_RET_ERR); // TODO: better error code + //was: return -1; } else { /* we found a free spot and can construct our session object */ - CHKiRet(tcps_sess.Construct(&pThis->pSessions[iSess])); + CHKiRet(tcps_sess.Construct(ppSess)); + CHKiRet(tcps_sess.SetTcpsrv(*ppSess, pThis)); } - *ppSess = pThis->pSessions[iSess]; + + pThis->pSessions[iSess] = *ppSess; /* OK, we have a "good" index... */ /* get the host name */ @@ -462,7 +467,8 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) * Error message has been generated by cvthname. */ close (newConn); - return -1; + ABORT_FINALIZE(RS_RET_ERR); // TODO: better error code + //was: return -1; } /* Here we check if a host is permitted to send us @@ -471,9 +477,7 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) * configured to do this). * rgerhards, 2005-09-26 */ - if(!pThis->pIsPermittedHost((struct sockaddr*) &addr, (char*) fromHostFQDN, - pThis->pUsr, pThis->pSessions[iSess]->pUsr)) - { + if(!pThis->pIsPermittedHost((struct sockaddr*) &addr, (char*) fromHostFQDN, pThis->pUsr, (*ppSess)->pUsr)) { dbgprintf("%s is not an allowed sender\n", (char *) fromHostFQDN); if(option_DisallowWarning) { errno = 0; @@ -481,13 +485,14 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) (char*)fromHost); } close(newConn); - return -1; + ABORT_FINALIZE(RS_RET_HOST_NOT_PERMITTED); } - /* OK, we have an allowed sender, so let's continue */ - /* we first need to construct a new session object */ - CHKiRet(tcps_sess.SetTcpsrv(pThis->pSessions[iSess], pThis)); + /* OK, we have an allowed sender, so let's continue, what + * means we can finally fill in the session object. + */ CHKiRet(tcps_sess.SetHost(pThis->pSessions[iSess], fromHost)); +RUNLOG_VAR("%d", newConn); CHKiRet(tcps_sess.SetSock(pThis->pSessions[iSess], newConn)); CHKiRet(tcps_sess.SetMsgIdx(pThis->pSessions[iSess], 0)); CHKiRet(tcps_sess.ConstructFinalize(pThis->pSessions[iSess])); @@ -495,13 +500,15 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, int fd) finalize_it: RUNLOG_VAR("%d", iRet); if(iRet != RS_RET_OK) { - if(pThis->pSessions[iSess] != NULL) - tcps_sess.Destruct(&pThis->pSessions[iSess]); + if(iSess != -1) { +RUNLOG_VAR("%d", iSess); + if(pThis->pSessions[iSess] != NULL) + tcps_sess.Destruct(&pThis->pSessions[iSess]); + } iSess = -1; // TODO: change this to be fully iRet compliant ;) } - ENDfunc - return iSess; + RETiRet; } @@ -548,8 +555,11 @@ Run(tcpsrv_t *pThis) while(iTCPSess != -1) { int fdSess; fdSess = pThis->pSessions[iTCPSess]->sock; // TODO: NOT CLEAN!, use method +RUNLOG_VAR("%d", iTCPSess); +RUNLOG_VAR("%d", fdSess); dbgprintf("Adding TCP Session %d\n", fdSess); FD_SET(fdSess, &readfds); +RUNLOG; if (fdSess>maxfds) maxfds=fdSess; /* now get next... */ iTCPSess = TCPSessGetNxtSess(pThis, iTCPSess); |