added new "netstrm" class (not yet implemented)

1 files changed, 284 insertions, 0 deletions

diff --git a/runtime/netstrm.c b/runtime/netstrm.c
new file mode 100644
index 00000000..0afb4a5e
--- /dev/null
+++ b/runtime/netstrm.c
@@ -0,0 +1,284 @@
+/* netstrmstrm.c
+ * 
+ * This class implements a generic netstrmwork stream class. It supports
+ * sending and receiving data streams over a netstrmwork. The class abstracts
+ * the transport, though it is a safe assumption that TCP is being used.
+ * The class has a number of properties, among which are also ones to
+ * select privacy settings, eg by enabling TLS and/or GSSAPI. In the 
+ * long run, this class shall provide all stream-oriented netstrmwork
+ * functionality inside rsyslog.
+ *
+ * It is a high-level class, which uses a number of helper objects
+ * to carry out its work (including, and most importantly, transport
+ * drivers).
+ *
+ * Copyright 2007, 2008 Rainer Gerhards and Adiscon GmbH.
+ *
+ * This file is part of the rsyslog runtime library.
+ *
+ * The rsyslog runtime library is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * The rsyslog runtime library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the rsyslog runtime library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * A copy of the GPL can be found in the file "COPYING" in this distribution.
+ * A copy of the LGPL can be found in the file "COPYING.LESSER" in this distribution.
+ */
+#include "config.h"
+
+#include "rsyslog.h"
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+#include <signal.h>
+#include <ctype.h>
+#include <netdb.h>
+#include <fnmatch.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "syslogd-types.h"
+#include "module-template.h"
+#include "parse.h"
+#include "srUtils.h"
+#include "obj.h"
+#include "errmsg.h"
+#include "netstrm.h"
+
+MODULE_TYPE_LIB
+
+/* static data */
+DEFobjStaticHelpers
+DEFobjCurrIf(errmsg)
+DEFobjCurrIf(glbl)
+
+
+/* The following #ifdef sequence is a small compatibility 
+ * layer. It tries to work around the different availality
+ * levels of SO_BSDCOMPAT on linuxes...
+ * I borrowed this code from
+ *    http://www.erlang.org/ml-archive/erlang-questions/200307/msg00037.html
+ * It still needs to be a bit better adapted to rsyslog.
+ * rgerhards 2005-09-19
+ */
+#include <sys/utsname.h>
+static int
+should_use_so_bsdcompat(void)
+{
+#ifndef OS_BSD
+    static int init_done;
+    static int so_bsdcompat_is_obsolete;
+
+    if (!init_done) {
+	struct utsname myutsname;
+	unsigned int version, patchlevel;
+
+	init_done = 1;
+	if (uname(&myutsname) < 0) {
+		char errStr[1024];
+		dbgprintf("uname: %s\r\n", rs_strerror_r(errno, errStr, sizeof(errStr)));
+		return 1;
+	}
+	/* Format is <version>.<patchlevel>.<sublevel><extraversion>
+	   where the first three are unsigned integers and the last
+	   is an arbitrary string. We only care about the first two. */
+	if (sscanf(myutsname.release, "%u.%u", &version, &patchlevel) != 2) {
+	    dbgprintf("uname: unexpected release '%s'\r\n",
+		    myutsname.release);
+	    return 1;
+	}
+	/* SO_BSCOMPAT is deprecated and triggers warnings in 2.5
+	   kernels. It is a no-op in 2.4 but not in 2.2 kernels. */
+	if (version > 2 || (version == 2 && patchlevel >= 5))
+	    so_bsdcompat_is_obsolete = 1;
+    }
+    return !so_bsdcompat_is_obsolete;
+#else	/* #ifndef OS_BSD */
+    return 1;
+#endif	/* #ifndef OS_BSD */
+}
+#ifndef SO_BSDCOMPAT
+/* this shall prevent compiler errors due to undfined name */
+#define SO_BSDCOMPAT 0
+#endif
+
+
+/* get the hostname of the message source. This was originally in cvthname()
+ * but has been moved out of it because of clarity and fuctional separation.
+ * It must be provided by the socket we received the message on as well as
+ * a NI_MAXHOST size large character buffer for the FQDN.
+ *
+ * Please see http://www.hmug.org/man/3/getnameinfo.php (under Caveats)
+ * for some explanation of the code found below. We do by default not
+ * discard message where we detected malicouos DNS PTR records. However,
+ * there is a user-configurabel option that will tell us if
+ * we should abort. For this, the return value tells the caller if the
+ * message should be processed (1) or discarded (0).
+ */
+static rsRetVal
+gethname(struct sockaddr_storage *f, uchar *pszHostFQDN)
+{
+	DEFiRet;
+	int error;
+	sigset_t omask, nmask;
+	char ip[NI_MAXHOST];
+	struct addrinfo hints, *res;
+	
+	assert(f != NULL);
+	assert(pszHostFQDN != NULL);
+
+        error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *)f),
+			    ip, sizeof ip, NULL, 0, NI_NUMERICHOST);
+
+        if (error) {
+                dbgprintf("Malformed from address %s\n", gai_strerror(error));
+		strcpy((char*) pszHostFQDN, "???");
+		ABORT_FINALIZE(RS_RET_INVALID_SOURCE);
+	}
+
+	if(!glbl.GetDisableDNS()) {
+		sigemptyset(&nmask);
+		sigaddset(&nmask, SIGHUP);
+		pthread_sigmask(SIG_BLOCK, &nmask, &omask);
+
+		error = getnameinfo((struct sockaddr *)f, SALEN((struct sockaddr *) f),
+				    (char*)pszHostFQDN, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
+		
+		if (error == 0) {
+			memset (&hints, 0, sizeof (struct addrinfo));
+			hints.ai_flags = AI_NUMERICHOST;
+			hints.ai_socktype = SOCK_STREAM;
+
+			/* we now do a lookup once again. This one should fail,
+			 * because we should not have obtained a non-numeric address. If
+			 * we got a numeric one, someone messed with DNS!
+			 */
+			if (getaddrinfo ((char*)pszHostFQDN, NULL, &hints, &res) == 0) {
+				uchar szErrMsg[1024];
+				freeaddrinfo (res);
+				/* OK, we know we have evil. The question now is what to do about
+				 * it. One the one hand, the message might probably be intended
+				 * to harm us. On the other hand, losing the message may also harm us.
+				 * Thus, the behaviour is controlled by the $DropMsgsWithMaliciousDnsPTRRecords
+				 * option. If it tells us we should discard, we do so, else we proceed,
+				 * but log an error message together with it.
+				 * time being, we simply drop the name we obtained and use the IP - that one
+				 * is OK in any way. We do also log the error message. rgerhards, 2007-07-16
+		 		 */
+		 		if(glbl.GetDropMalPTRMsgs() == 1) {
+					snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar),
+						 "Malicious PTR record, message dropped "
+						 "IP = \"%s\" HOST = \"%s\"",
+						 ip, pszHostFQDN);
+					errmsg.LogError(NO_ERRCODE, "%s", szErrMsg);
+					pthread_sigmask(SIG_SETMASK, &omask, NULL);
+					ABORT_FINALIZE(RS_RET_MALICIOUS_ENTITY);
+				}
+
+				/* Please note: we deal with a malicous entry. Thus, we have crafted
+				 * the snprintf() below so that all text is in front of the entry - maybe
+				 * it contains characters that make the message unreadable
+				 * (OK, I admit this is more or less impossible, but I am paranoid...)
+				 * rgerhards, 2007-07-16
+				 */
+				snprintf((char*)szErrMsg, sizeof(szErrMsg) / sizeof(uchar),
+					 "Malicious PTR record (message accepted, but used IP "
+					 "instead of PTR name: IP = \"%s\" HOST = \"%s\"",
+					 ip, pszHostFQDN);
+				errmsg.LogError(NO_ERRCODE, "%s", szErrMsg);
+
+				error = 1; /* that will trigger using IP address below. */
+			}
+		}		
+		pthread_sigmask(SIG_SETMASK, &omask, NULL);
+	}
+
+        if(error || glbl.GetDisableDNS()) {
+                dbgprintf("Host name for your address (%s) unknown\n", ip);
+		strcpy((char*) pszHostFQDN, ip);
+		ABORT_FINALIZE(RS_RET_ADDRESS_UNKNOWN);
+        }
+
+finalize_it:
+	RETiRet;
+}
+
+
+/* queryInterface function
+ * rgerhards, 2008-03-05
+ */
+BEGINobjQueryInterface(netstrm)
+CODESTARTobjQueryInterface(netstrm)
+	if(pIf->ifVersion != netstrmCURR_IF_VERSION) {/* check for current version, increment on each change */
+		ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
+	}
+
+	/* ok, we have the right interface, so let's fill it
+	 * Please note that we may also do some backwards-compatibility
+	 * work here (if we can support an older interface version - that,
+	 * of course, also affects the "if" above).
+	 */
+	//pIf->cvthname = cvthname;
+finalize_it:
+ENDobjQueryInterface(netstrm)
+
+
+/* exit our class
+ * rgerhards, 2008-03-10
+ */
+BEGINObjClassExit(netstrm, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
+CODESTARTObjClassExit(netstrm)
+	/* release objects we no longer need */
+	objRelease(glbl, CORE_COMPONENT);
+	objRelease(errmsg, CORE_COMPONENT);
+ENDObjClassExit(netstrm)
+
+
+/* Initialize the netstrm class. Must be called as the very first method
+ * before anything else is called inside this class.
+ * rgerhards, 2008-02-19
+ */
+BEGINAbstractObjClassInit(netstrm, 1, OBJ_IS_CORE_MODULE) /* class, version */
+	/* request objects we use */
+	CHKiRet(objUse(errmsg, CORE_COMPONENT));
+	CHKiRet(objUse(glbl, CORE_COMPONENT));
+
+	/* set our own handlers */
+ENDObjClassInit(netstrm)
+
+
+/* --------------- here now comes the plumbing that makes as a library module --------------- */
+
+
+BEGINmodExit
+CODESTARTmodExit
+	netstrmClassExit();
+ENDmodExit
+
+
+BEGINqueryEtryPt
+CODESTARTqueryEtryPt
+CODEqueryEtryPt_STD_LIB_QUERIES
+ENDqueryEtryPt
+
+
+BEGINmodInit()
+CODESTARTmodInit
+	*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
+
+	/* Initialize all classes that are in our module - this includes ourselfs */
+	CHKiRet(netstrmClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
+ENDmodInit
+/* vi:set ai:
+ */