mirror of
https://github.com/rsyslog/rsyslog.git
synced 2025-12-13 13:00:40 +01:00
(working but partial) evening snap for udp_allowed_senders
This commit is contained in:
Rainer Gerhards
parent
28d5d9de0b
commit
6610aee651
74
syslogd.c
74
syslogd.c
@ -670,16 +670,20 @@ extern int errno;
|
|||||||
* list roots, one for UDP and one for TCP.
|
* list roots, one for UDP and one for TCP.
|
||||||
* rgerhards, 2005-09-26
|
* rgerhards, 2005-09-26
|
||||||
*/
|
*/
|
||||||
|
#ifdef SYSLOG_INET
|
||||||
struct AllowedSenders {
|
struct AllowedSenders {
|
||||||
unsigned long allowedSender; /* ip addres allowed */
|
unsigned long allowedSender;/* ip address allowed */
|
||||||
unsigned char bitsToShift; /* defines how many bits should be discarded (eqiv to mask) */
|
unsigned char bitsToShift; /* defines how many bits should be discarded (eqiv to mask) */
|
||||||
struct AllowedSenders *pNext;
|
struct AllowedSenders *pNext;
|
||||||
};
|
};
|
||||||
|
|
||||||
int option_DisallowWarning = 1; /* complain if message from disallowed sender is received */
|
|
||||||
|
|
||||||
static struct AllowedSenders *pAllowedSenders_UDP = NULL; /* the roots of the allowed sender */
|
static struct AllowedSenders *pAllowedSenders_UDP = NULL; /* the roots of the allowed sender */
|
||||||
static struct AllowedSenders *pAllowedSenders_TCP = NULL; /* lists. If NULL, all senders are ok! */
|
static struct AllowedSenders *pAllowedSenders_TCP = NULL; /* lists. If NULL, all senders are ok! */
|
||||||
|
static struct AllowedSenders *pLastAllowedSenders_UDP = NULL; /* and now the pointers to the last */
|
||||||
|
static struct AllowedSenders *pLastAllowedSenders_TCP = NULL; /* element in the respective list */
|
||||||
|
#endif /* #ifdef SYSLOG_INET */
|
||||||
|
|
||||||
|
int option_DisallowWarning = 1; /* complain if message from disallowed sender is received */
|
||||||
|
|
||||||
|
|
||||||
/* hardcoded standard templates (used for defaults) */
|
/* hardcoded standard templates (used for defaults) */
|
||||||
@ -737,21 +741,61 @@ static int create_udp_socket();
|
|||||||
/* Code for handling allowed/disallowed senders
|
/* Code for handling allowed/disallowed senders
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* check if a sender is allowed. The root of the the allowed sender
|
#ifdef SYSLOG_INET
|
||||||
|
/* function to add an allowed sender to the allowed sender list. The
|
||||||
|
* root of the list is caller-provided, so it can be used for all
|
||||||
|
* supported lists. The caller must provide a pointer to the root,
|
||||||
|
* as it eventually needs to be updated. Also, a pointer to the
|
||||||
|
* pointer to the last element must be provided (to speed up adding
|
||||||
|
* list elements).
|
||||||
|
* returns 1 if sender could be added, 0 otherwise (this probably indicates
|
||||||
|
* big trouble with the memory allocator).
|
||||||
|
* rgerhards, 2005-09-26
|
||||||
|
*/
|
||||||
|
static int AddAllowedSender(struct AllowedSenders **ppRoot, struct AllowedSenders **ppLast,
|
||||||
|
unsigned int iAllow, int iSignificantBits)
|
||||||
|
{
|
||||||
|
struct AllowedSenders *pEntry;
|
||||||
|
|
||||||
|
assert(ppRoot != NULL);
|
||||||
|
assert(ppLast != NULL);
|
||||||
|
|
||||||
|
if((pEntry = (struct AllowedSenders*) calloc(1, sizeof(struct AllowedSenders)))
|
||||||
|
== NULL)
|
||||||
|
return 0; /* no options left :( */
|
||||||
|
|
||||||
|
/* populate entry */
|
||||||
|
pEntry->bitsToShift = 32 - iSignificantBits; /* IPv4! */
|
||||||
|
pEntry->allowedSender = iAllow >> pEntry->bitsToShift;
|
||||||
|
pEntry->pNext = NULL;
|
||||||
|
|
||||||
|
/* enqueue */
|
||||||
|
if(*ppRoot == NULL) {
|
||||||
|
*ppRoot = pEntry;
|
||||||
|
} else {
|
||||||
|
(*ppLast)->pNext = pEntry;
|
||||||
|
}
|
||||||
|
*ppLast = pEntry;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
#endif /* #ifdef SYSLOG_INET */
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef SYSLOG_INET
|
||||||
|
/* check if a sender is allowed. The root of the the allowed sender.
|
||||||
* list must be proveded by the caller. As such, this function can be
|
* list must be proveded by the caller. As such, this function can be
|
||||||
* used to check both UDP and TCP allowed sender lists.
|
* used to check both UDP and TCP allowed sender lists.
|
||||||
* returns 1, if the sender is allowed, 0 otherwise.
|
* returns 1, if the sender is allowed, 0 otherwise.
|
||||||
* rgerhads, 2005-09-26
|
* rgerhads, 2005-09-26
|
||||||
*/
|
*/
|
||||||
int isAllowedUDPSender(struct AllowedSenders *pAllowRoot, struct sockaddr_in *pFrom)
|
static int isAllowedSender(struct AllowedSenders *pAllowRoot, struct sockaddr_in *pFrom)
|
||||||
{
|
{
|
||||||
struct AllowedSenders *pAllow;
|
struct AllowedSenders *pAllow;
|
||||||
unsigned long ulAddrInLocalByteOrder;
|
unsigned long ulAddrInLocalByteOrder;
|
||||||
|
|
||||||
assert(pFrom != NULL);
|
assert(pFrom != NULL);
|
||||||
|
|
||||||
printf("checking allowed sender %x\n", ntohl(pFrom->sin_addr.s_addr));
|
|
||||||
|
|
||||||
if(pAllowRoot == NULL)
|
if(pAllowRoot == NULL)
|
||||||
return 1; /* checking disabled, everything is valid! */
|
return 1; /* checking disabled, everything is valid! */
|
||||||
|
|
||||||
@ -767,12 +811,18 @@ int isAllowedUDPSender(struct AllowedSenders *pAllowRoot, struct sockaddr_in *pF
|
|||||||
* that the sender is disallowed.
|
* that the sender is disallowed.
|
||||||
*/
|
*/
|
||||||
for(pAllow = pAllowRoot ; pAllow != NULL ; pAllow = pAllow->pNext) {
|
for(pAllow = pAllowRoot ; pAllow != NULL ; pAllow = pAllow->pNext) {
|
||||||
|
dprintf("checking sender %x against %x (%d bits)\n",
|
||||||
|
ulAddrInLocalByteOrder, pAllow->allowedSender,
|
||||||
|
pAllow->bitsToShift);
|
||||||
if( (ulAddrInLocalByteOrder >> pAllow->bitsToShift)
|
if( (ulAddrInLocalByteOrder >> pAllow->bitsToShift)
|
||||||
== pAllow->allowedSender)
|
== pAllow->allowedSender)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dprintf("Sender %x was not in list of allowed senders!\n", ulAddrInLocalByteOrder);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#endif /* #ifdef SYSLOG_INET */
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -2358,9 +2408,7 @@ char *MsgGetProp(struct msg *pMsg, struct templateEntry *pTpe,
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
int main(argc, argv)
|
int main(int argc, char **argv)
|
||||||
int argc;
|
|
||||||
char **argv;
|
|
||||||
{ register int i;
|
{ register int i;
|
||||||
register char *p;
|
register char *p;
|
||||||
#if !defined(__GLIBC__)
|
#if !defined(__GLIBC__)
|
||||||
@ -2408,7 +2456,7 @@ int main(argc, argv)
|
|||||||
funix[i] = -1;
|
funix[i] = -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
while ((ch = getopt(argc, argv, "a:dhi:f:l:m:nop:r:s:t:v")) != EOF)
|
while ((ch = getopt(argc, argv, "a:dhi:f:l:m:nop:r:s:t:vw")) != EOF)
|
||||||
switch((char)ch) {
|
switch((char)ch) {
|
||||||
case 'a':
|
case 'a':
|
||||||
if (nfunix < MAXFUNIX)
|
if (nfunix < MAXFUNIX)
|
||||||
@ -2491,6 +2539,8 @@ int main(argc, argv)
|
|||||||
if ((argc -= optind))
|
if ((argc -= optind))
|
||||||
usage();
|
usage();
|
||||||
|
|
||||||
|
printf("Test addAllowed %d\n", AddAllowedSender(&pAllowedSenders_UDP, &pLastAllowedSenders_UDP,
|
||||||
|
0xac120000, 16));
|
||||||
#ifndef TESTING
|
#ifndef TESTING
|
||||||
if ( !(Debug || NoFork) )
|
if ( !(Debug || NoFork) )
|
||||||
{
|
{
|
||||||
@ -2851,7 +2901,7 @@ int main(argc, argv)
|
|||||||
* configured to do this).
|
* configured to do this).
|
||||||
* rgerhards, 2005-09-26
|
* rgerhards, 2005-09-26
|
||||||
*/
|
*/
|
||||||
if(isAllowedUDPSender(pAllowedSenders_UDP, &frominet)) {
|
if(isAllowedSender(pAllowedSenders_UDP, &frominet)) {
|
||||||
line[i] = line[i+1] = '\0';
|
line[i] = line[i+1] = '\0';
|
||||||
printchopped(from, line, i + 2, finet, SOURCE_INET);
|
printchopped(from, line, i + 2, finet, SOURCE_INET);
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user