summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRainer Gerhards <rgerhards@adiscon.com>2007-12-28 16:04:39 +0000
committerRainer Gerhards <rgerhards@adiscon.com>2007-12-28 16:04:39 +0000
commitf02c825c9518f576a4447152fd024726193a7dec (patch)
treee33f9d3ef65fe5be38456ae8d15c35e5218bd030
parentf67509d5707978f2acd0e335af58266afc04e372 (diff)
downloadrsyslog-f02c825c9518f576a4447152fd024726193a7dec.tar.gz
rsyslog-f02c825c9518f576a4447152fd024726193a7dec.tar.xz
rsyslog-f02c825c9518f576a4447152fd024726193a7dec.zip
removed gss-api code from omfwd.c
-rw-r--r--omfwd.c257
1 files changed, 1 insertions, 256 deletions
diff --git a/omfwd.c b/omfwd.c
index f9c85709..857ce648 100644
--- a/omfwd.c
+++ b/omfwd.c
@@ -48,9 +48,6 @@
#include <zlib.h>
#endif
#include <pthread.h>
-#ifdef USE_GSSAPI
-#include <gssapi/gssapi.h>
-#endif
#include "syslogd.h"
#include "syslogd-types.h"
#include "srUtils.h"
@@ -61,9 +58,6 @@
#include "tcpsyslog.h"
#include "cfsysline.h"
#include "module-template.h"
-#ifdef USE_GSSAPI
-#include "gss-misc.h"
-#endif
MODULE_TYPE_OUTPUT
@@ -107,21 +101,8 @@ typedef struct _instanceData {
# define FORW_TCP 1
/* following fields for TCP-based delivery */
time_t ttSuspend; /* time selector was suspended */
-# ifdef USE_GSSAPI
- gss_ctx_id_t gss_context;
- OM_uint32 gss_flags;
-# endif
} instanceData;
-#ifdef USE_GSSAPI
-static char *gss_base_service_name = NULL;
-static enum gss_mode_t {
- GSSMODE_NONE, /* GSSAPI is NOT support (aka "we use plain tcp") - the default */
- GSSMODE_MIC,
- GSSMODE_ENC
-} gss_mode;
-#endif
-
/* get the syslog forward port from selector_t. The passed in
* struct must be one that is setup for forwarding.
* rgerhards, 2007-06-28
@@ -161,24 +142,6 @@ CODESTARTfreeInstance
free(pData->port);
break;
}
-# ifdef USE_GSSAPI
- if (gss_mode != GSSMODE_NONE) {
- OM_uint32 maj_stat, min_stat;
-
- if (pData->gss_context != GSS_C_NO_CONTEXT) {
- maj_stat = gss_delete_sec_context(&min_stat, &pData->gss_context, GSS_C_NO_BUFFER);
- if (maj_stat != GSS_S_COMPLETE)
- display_status("deleting context", maj_stat, min_stat);
- }
- }
- /* this is meant to be done when module is unloaded,
- but since this module is static...
- */
- if (gss_base_service_name != NULL) {
- free(gss_base_service_name);
- gss_base_service_name = NULL;
- }
-# endif
/* final cleanup */
if(pData->sock >= 0)
@@ -244,172 +207,6 @@ static rsRetVal UDPSend(instanceData *pData, char *msg, size_t len)
/* CODE FOR SENDING TCP MESSAGES */
-#ifdef USE_GSSAPI
-/* This function is called immediately before a send retry is attempted.
- * It shall clean up whatever makes sense.
- * rgerhards, 2007-12-28
- */
-static rsRetVal TCPSendGSSPrepRetry(void __attribute__((unused)) *pData)
-{
- /* in case of TCP/GSS, there is nothing to do */
- return RS_RET_OK;
-}
-
-
-static rsRetVal TCPSendGSSInit(void *pvData)
-{
- DEFiRet;
- int s = -1;
- char *base;
- OM_uint32 maj_stat, min_stat, init_sec_min_stat, *sess_flags, ret_flags;
- gss_buffer_desc out_tok, in_tok;
- gss_buffer_t tok_ptr;
- gss_name_t target_name;
- gss_ctx_id_t *context;
- instanceData *pData = (instanceData *) pvData;
-
- assert(pData != NULL);
-
- /* if the socket is already initialized, we are done */
- if(pData->sock > 0)
- ABORT_FINALIZE(RS_RET_OK);
-
- base = (gss_base_service_name == NULL) ? "host" : gss_base_service_name;
- out_tok.length = strlen(pData->f_hname) + strlen(base) + 2;
- if ((out_tok.value = malloc(out_tok.length)) == NULL) {
- ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
- }
- strcpy(out_tok.value, base);
- strcat(out_tok.value, "@");
- strcat(out_tok.value, pData->f_hname);
- dbgprintf("GSS-API service name: %s\n", (char*) out_tok.value);
-
- tok_ptr = GSS_C_NO_BUFFER;
- context = &pData->gss_context;
- *context = GSS_C_NO_CONTEXT;
-
- maj_stat = gss_import_name(&min_stat, &out_tok, GSS_C_NT_HOSTBASED_SERVICE, &target_name);
- free(out_tok.value);
- out_tok.value = NULL;
- out_tok.length = 0;
-
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("parsing name", maj_stat, min_stat);
- goto fail;
- }
-
- sess_flags = &pData->gss_flags;
- *sess_flags = GSS_C_MUTUAL_FLAG;
- if (gss_mode == GSSMODE_MIC) {
- *sess_flags |= GSS_C_INTEG_FLAG;
- }
- if (gss_mode == GSSMODE_ENC) {
- *sess_flags |= GSS_C_CONF_FLAG;
- }
- dbgprintf("GSS-API requested context flags:\n");
- display_ctx_flags(*sess_flags);
-
- do {
- maj_stat = gss_init_sec_context(&init_sec_min_stat, GSS_C_NO_CREDENTIAL, context,
- target_name, GSS_C_NO_OID, *sess_flags, 0, NULL,
- tok_ptr, NULL, &out_tok, &ret_flags, NULL);
- if (tok_ptr != GSS_C_NO_BUFFER)
- free(in_tok.value);
-
- if (maj_stat != GSS_S_COMPLETE
- && maj_stat != GSS_S_CONTINUE_NEEDED) {
- display_status("initializing context", maj_stat, init_sec_min_stat);
- goto fail;
- }
-
- if (s == -1)
- if ((s = pData->sock = TCPSendCreateSocket(pData->f_addr)) == -1)
- goto fail;
-
- if (out_tok.length != 0) {
- dbgprintf("GSS-API Sending init_sec_context token (length: %ld)\n", (long) out_tok.length);
- if (send_token(s, &out_tok) < 0) {
- goto fail;
- }
- }
- gss_release_buffer(&min_stat, &out_tok);
-
- if (maj_stat == GSS_S_CONTINUE_NEEDED) {
- dbgprintf("GSS-API Continue needed...\n");
- if (recv_token(s, &in_tok) <= 0) {
- goto fail;
- }
- tok_ptr = &in_tok;
- }
- } while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
- dbgprintf("GSS-API Provided context flags:\n");
- *sess_flags = ret_flags;
- display_ctx_flags(*sess_flags);
-
- dbgprintf("GSS-API Context initialized\n");
- gss_release_name(&min_stat, &target_name);
-
-finalize_it:
- return iRet;
-
- fail:
- logerror("GSS-API Context initialization failed\n");
- gss_release_name(&min_stat, &target_name);
- gss_release_buffer(&min_stat, &out_tok);
- if (*context != GSS_C_NO_CONTEXT) {
- gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER);
- *context = GSS_C_NO_CONTEXT;
- }
- if (s != -1)
- close(s);
- pData->sock = -1;
- return RS_RET_GSS_SENDINIT_ERROR;
-}
-
-
-static rsRetVal TCPSendGSSSend(void *pvData, char *msg, size_t len)
-{
- int s;
- gss_ctx_id_t *context;
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc in_buf, out_buf;
- instanceData *pData = (instanceData *) pvData;
-
- assert(pData != NULL);
- assert(msg != NULL);
- assert(len > 0);
-
- s = pData->sock;
- context = &pData->gss_context;
- in_buf.value = msg;
- in_buf.length = len;
- maj_stat = gss_wrap(&min_stat, *context, (gss_mode == GSSMODE_ENC) ? 1 : 0, GSS_C_QOP_DEFAULT,
- &in_buf, NULL, &out_buf);
- if (maj_stat != GSS_S_COMPLETE) {
- display_status("wrapping message", maj_stat, min_stat);
- goto fail;
- }
-
- if (send_token(s, &out_buf) < 0) {
- goto fail;
- }
- gss_release_buffer(&min_stat, &out_buf);
-
- return RS_RET_OK;
-
- fail:
- close(s);
- pData->sock = -1;
- gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER);
- *context = GSS_C_NO_CONTEXT;
- gss_release_buffer(&min_stat, &out_buf);
- dbgprintf("message not (GSS/tcp)send");
- return RS_RET_GSS_SEND_ERROR;
-}
-#endif /* #ifdef USE_GSSAPI */
-
-
/* Send a frame via plain TCP protocol
* rgerhards, 2007-12-28
*/
@@ -557,11 +354,8 @@ CODESTARTdoAction
* rgerhards, 2007-12-26
*/
if(pData->protocol == FORW_UDP) {
-dbgprintf("We have a udp selector, send socket 0x%lx\n", (unsigned long) pData->pSockArray);
if(pData->pSockArray == NULL) {
-dbgprintf("UDP send socket not yet initialized, doing it now\n");
pData->pSockArray = create_udp_socket((uchar*)pData->f_hname, NULL, 0);
- // CHKiRet(UDPSendCreateSocket(&pData->pSockArray));
}
}
if ( 0) // TODO: think about this strcmp(getHOSTNAME(f->f_pMsg), LocalHostName) && NoHops )
@@ -624,19 +418,13 @@ dbgprintf("UDP send socket not yet initialized, doing it now\n");
} else {
/* forward via TCP */
int ret;
-# ifdef USE_GSSAPI
- if(gss_mode != GSSMODE_NONE) {
- ret = TCPSend(pData, psz, l, pData->tcp_framing, TCPSendGSSInit, TCPSendGSSSend, TCPSendGSSPrepRetry);
- } else
-# endif
- ret = TCPSend(pData, psz, l, pData->tcp_framing, TCPSendInit, TCPSendFrame, TCPSendPrepRetry);
+ ret = TCPSend(pData, psz, l, pData->tcp_framing, TCPSendInit, TCPSendFrame, TCPSendPrepRetry);
if(ret != RS_RET_OK) {
/* error! */
dbgprintf("error forwarding via tcp, suspending\n");
pData->eDestState = eDestFORW_SUSP;
iRet = RS_RET_SUSPENDED;
}
-dbgprintf("forwarded\n");
}
}
break;
@@ -825,53 +613,10 @@ CODEqueryEtryPt_STD_OMOD_QUERIES
ENDqueryEtryPt
-#ifdef USE_GSSAPI
-/* set a new GSSMODE based on config directive */
-static rsRetVal setGSSMode(void __attribute__((unused)) *pVal, uchar *mode)
-{
- if (!strcmp((char *) mode, "none")) {
- gss_mode = GSSMODE_NONE;
- free(mode);
- dbgprintf("GSS-API gssmode set to GSSMODE_NONE\n");
- } else if (!strcmp((char *) mode, "integrity")) {
- gss_mode = GSSMODE_MIC;
- free(mode);
- dbgprintf("GSS-API gssmode set to GSSMODE_MIC\n");
- } else if (!strcmp((char *) mode, "encryption")) {
- gss_mode = GSSMODE_ENC;
- free(mode);
- dbgprintf("GSS-API gssmode set to GSSMODE_ENC\n");
- } else {
- logerrorSz("unknown gssmode parameter: %s", (char *) mode);
- free(mode);
- return RS_RET_ERR;
- }
-
- return RS_RET_OK;
-}
-
-
-static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal)
-{
- gss_mode = GSSMODE_NONE;
- if (gss_base_service_name != NULL) {
- free(gss_base_service_name);
- gss_base_service_name = NULL;
- }
- return RS_RET_OK;
-}
-#endif /* #ifdef USE_GSSAPI */
-
-
BEGINmodInit(Fwd)
CODESTARTmodInit
*ipIFVersProvided = 1; /* so far, we only support the initial definition */
CODEmodInit_QueryRegCFSLineHdlr
-# ifdef xUSE_GSSAPI
- CHKiRet(omsdRegCFSLineHdlr((uchar *)"gssforwardservicename", 0, eCmdHdlrGetWord, NULL, &gss_base_service_name, STD_LOADABLE_MODULE_ID));
- CHKiRet(omsdRegCFSLineHdlr((uchar *)"gssmode", 0, eCmdHdlrGetWord, setGSSMode, &gss_mode, STD_LOADABLE_MODULE_ID));
- CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID));
-# endif
ENDmodInit
#endif /* #ifdef SYSLOG_INET */