diff options
| -rw-r--r-- | plugins/imgssapi/imgssapi.c | 27 | ||||
| -rw-r--r-- | runtime/netstrm.c | 17 | ||||
| -rw-r--r-- | runtime/netstrm.h | 9 | ||||
| -rw-r--r-- | runtime/nsd_gtls.c | 5 |
4 files changed, 46 insertions, 12 deletions
diff --git a/plugins/imgssapi/imgssapi.c b/plugins/imgssapi/imgssapi.c index c9ac45d1..48cc99a2 100644 --- a/plugins/imgssapi/imgssapi.c +++ b/plugins/imgssapi/imgssapi.c @@ -54,6 +54,7 @@ #include "tcpsrv.h" #include "tcps_sess.h" #include "errmsg.h" +#include "netstrm.h" MODULE_TYPE_INPUT @@ -77,6 +78,7 @@ DEFobjCurrIf(tcpsrv) DEFobjCurrIf(tcps_sess) DEFobjCurrIf(gssutil) DEFobjCurrIf(errmsg) +DEFobjCurrIf(netstrm) DEFobjCurrIf(net) static tcpsrv_t *pOurTcpsrv = NULL; /* our TCP server(listener) TODO: change for multiple instances */ @@ -241,11 +243,12 @@ onErrClose(tcps_sess_t *pSess) /* open the listen sockets */ -static int* +static rsRetVal doOpenLstnSocks(tcpsrv_t *pSrv) { int *pRet = NULL; gsssrv_t *pGSrv; + DEFiRet; ISOBJ_TYPE_assert(pSrv, tcpsrv); pGSrv = pSrv->pUsr; @@ -261,20 +264,20 @@ doOpenLstnSocks(tcpsrv_t *pSrv) } if(pGSrv->allowedMethods) { /* fallback to plain TCP */ - if((pRet = tcpsrv.create_tcp_socket(pSrv)) != NULL) { - dbgprintf("Opened %d syslog TCP port(s).\n", *pRet); - } + CHKiRet(tcpsrv.create_tcp_socket(pSrv)); + dbgprintf("Opened %d syslog TCP port(s).\n", *pRet); } } - return pRet; +finalize_it: + RETiRet; } static int doRcvData(tcps_sess_t *pSess, char *buf, size_t lenBuf) { - int state; + ssize_t state; int allowedMethods; gss_sess_t *pGSess; @@ -285,8 +288,10 @@ doRcvData(tcps_sess_t *pSess, char *buf, size_t lenBuf) allowedMethods = pGSess->allowedMethods; if(allowedMethods & ALLOWEDMETHOD_GSS) state = TCPSessGSSRecv(pSess, buf, lenBuf); - else - state = recv(pSess->sock, buf, lenBuf, 0); + else { + if(netstrm.Rcv(pSess->pStrm, (uchar*) buf, &state) != RS_RET_OK) + state = -1; // TODO: move this function to an iRet interface! 2008-05-05 + } return state; } @@ -391,7 +396,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess) dbgprintf("GSS-API Trying to accept TCP session %p\n", pSess); - fdSess = pSess->sock; // TODO: method access! + CHKiRet(netstrm.GetSock(pSess->pStrm, &fdSess)); // TODO: method access! if (allowedMethods & ALLOWEDMETHOD_TCP) { int len; fd_set fds; @@ -537,7 +542,7 @@ int TCPSessGSSRecv(tcps_sess_t *pSess, void *buf, size_t buf_len) assert(pSess->pUsr != NULL); pGSess = (gss_sess_t*) pSess->pUsr; - fdSess = pSess->sock; + netstrm.GetSock(pSess->pStrm, &fdSess); // TODO: method access, CHKiRet! if ((state = gssutil.recv_token(fdSess, &xmit_buf)) <= 0) return state; @@ -638,6 +643,7 @@ CODESTARTmodExit objRelease(tcpsrv, LM_TCPSRV_FILENAME); objRelease(gssutil, LM_GSSUTIL_FILENAME); objRelease(errmsg, CORE_COMPONENT); + objRelease(netstrm, LM_NETSTRM_FILENAME); objRelease(net, LM_NET_FILENAME); ENDmodExit @@ -684,6 +690,7 @@ CODEmodInit_QueryRegCFSLineHdlr CHKiRet(objUse(tcpsrv, LM_TCPSRV_FILENAME)); CHKiRet(objUse(gssutil, LM_GSSUTIL_FILENAME)); CHKiRet(objUse(errmsg, CORE_COMPONENT)); + CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME)); CHKiRet(objUse(net, LM_NET_FILENAME)); /* register config file handlers */ diff --git a/runtime/netstrm.c b/runtime/netstrm.c index e270335c..47c67a53 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -239,6 +239,22 @@ Connect(netstrm_t *pThis, int family, uchar *port, uchar *host) } +/* Provide access to the underlying OS socket. This is dirty + * and scheduled to be removed. Does not work with all nsd drivers. + * See comment in netstrm interface for details. + * rgerhards, 2008-05-05 + */ +static rsRetVal +GetSock(netstrm_t *pThis, int *pSock) +{ + DEFiRet; + ISOBJ_TYPE_assert(pThis, netstrm); + assert(pSock != NULL); + iRet = pThis->Drvr.GetSock(pThis->pDrvrData, pSock); + RETiRet; +} + + /* queryInterface function */ BEGINobjQueryInterface(netstrm) @@ -264,6 +280,7 @@ CODESTARTobjQueryInterface(netstrm) pIf->GetRemoteHName = GetRemoteHName; pIf->GetRemoteIP = GetRemoteIP; pIf->SetDrvrMode = SetDrvrMode; + pIf->GetSock = GetSock; finalize_it: ENDobjQueryInterface(netstrm) diff --git a/runtime/netstrm.h b/runtime/netstrm.h index b2131ff7..a15c1d9b 100644 --- a/runtime/netstrm.h +++ b/runtime/netstrm.h @@ -31,7 +31,6 @@ struct netstrm_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ nsd_t *pDrvrData; /**< the driver's data elements (at most other places, this is called pNsd) */ nsd_if_t Drvr; /**< our stream driver */ - //int iDrvrMode; /**< mode to be used for our driver */ netstrms_t *pNS; /**< pointer to our netstream subsystem object */ }; @@ -51,6 +50,14 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */ rsRetVal (*GetRemoteHName)(netstrm_t *pThis, uchar **pszName); rsRetVal (*GetRemoteIP)(netstrm_t *pThis, uchar **pszIP); rsRetVal (*SetDrvrMode)(netstrm_t *pThis, int iMode); + /* the GetSock() below is a hack to make imgssapi work. In the long term, + * we should migrate imgssapi to a stream driver, which will relieve us of + * this problem. Please note that nobody else should use GetSock(). Using it + * will also tie the caller to nsd_ptcp, because other drivers may not support + * it at all. Once the imgssapi problem is solved, GetSock should be removed from + * this interface. -- rgerhards, 2008-05-05 + */ + rsRetVal (*GetSock)(netstrm_t *pThis, int *pSock); ENDinterface(netstrm) #define netstrmCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */ diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index b1713240..630c751b 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -155,7 +155,10 @@ gtlsGlblInitLstn(void) DEFiRet; if(bGlblSrvrInitDone == 0) { - //CHKgnutls(gnutls_certificate_set_x509_crl_file(xcred, CRLFILE, GNUTLS_X509_FMT_PEM)); + /* we do not use CRLs right now, and I doubt we'll ever do. This functionality is + * considered legacy. -- rgerhards, 2008-05-05 + */ + /*CHKgnutls(gnutls_certificate_set_x509_crl_file(xcred, CRLFILE, GNUTLS_X509_FMT_PEM));*/ CHKgnutls(gnutls_certificate_set_x509_key_file(xcred, CERTFILE, KEYFILE, GNUTLS_X509_FMT_PEM)); CHKiRet(generate_dh_params()); gnutls_certificate_set_dh_params(xcred, dh_params); /* this is void */ |