rsyslog/rsyslog
1
0
Fork 0
mirror of https://github.com/rsyslog/rsyslog.git synced 2025-12-20 07:20:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

imgssapi: log remote peer ip in some error messages

Browse Source
This commit is contained in:
bodik 2014-09-01 12:47:08 +02:00 committed by Rainer Gerhards
parent 69ca9210d8
commit 7d0676e739
1 changed files with 32 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
plugins/imgssapi/imgssapi.c
View File

@ -88,6 +88,7 @@ DEFobjCurrIf(errmsg)
DEFobjCurrIf(netstrm)
DEFobjCurrIf(net)
DEFobjCurrIf(glbl)
DEFobjCurrIf(prop)
static tcpsrv_t *pOurTcpsrv = NULL; /* our TCP server(listener) TODO: change for multiple instances */
static gss_cred_id_t gss_server_creds = GSS_C_NO_CREDENTIAL;
@ -414,9 +415,11 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
char allowedMethods;
gsssrv_t *pGSrv;
gss_sess_t *pGSess;
uchar *pszPeer = NULL;
int lenPeer = 0;
assert(pSess != NULL);
pGSrv = (gsssrv_t*) pThis->pUsr;
pGSess = (gss_sess_t*) pSess->pUsr;
allowedMethods = pGSrv->allowedMethods;
@ -431,7 +434,9 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
int ret = 0;
CHKmalloc(buf = (char*) MALLOC(sizeof(char) * (glbl.GetMaxLine() + 1)));
dbgprintf("GSS-API Trying to accept TCP session %p\n", pSess);
prop.GetString(pSess->fromHostIP, &pszPeer, &lenPeer);
dbgprintf("GSS-API Trying to accept TCP session %p from %s\n", pSess, (char *)pszPeer);
CHKiRet(netstrm.GetSock(pSess->pStrm, &fdSess)); // TODO: method access!
if (allowedMethods & ALLOWEDMETHOD_TCP) {
@ -452,7 +457,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
ret = select(fdSess + 1, pFds, NULL, NULL, &tv);
} while (ret < 0 && errno == EINTR);
if (ret < 0) {
errmsg.LogError(0, RS_RET_ERR, "TCP session %p will be closed, error ignored\n", pSess);
errmsg.LogError(0, RS_RET_ERR, "TCP session %p from %s will be closed, error ignored\n", pSess, (char *)pszPeer);
ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes
} else if (ret == 0) {
dbgprintf("GSS-API Reverting to plain TCP\n");
@ -464,15 +469,16 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
ret = recv(fdSess, buf, sizeof (buf), MSG_PEEK);
} while (ret < 0 && errno == EINTR);
if (ret <= 0) {
if (ret == 0)
dbgprintf("GSS-API Connection closed by peer\n");
else
errmsg.LogError(0, RS_RET_ERR, "TCP(GSS) session %p will be closed, error ignored\n", pSess);
if (ret == 0) {
dbgprintf("GSS-API Connection closed by peer %s\n", (char *)pszPeer);
} else {
errmsg.LogError(0, RS_RET_ERR, "TCP(GSS) session %p from %s will be closed, error ignored\n", pSess, (char *)pszPeer);
}
ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes
}
if (ret < 4) {
dbgprintf("GSS-API Reverting to plain TCP\n");
dbgprintf("GSS-API Reverting to plain TCP from %s\n", (char *)pszPeer);
pGSess->allowedMethods = ALLOWEDMETHOD_TCP;
ABORT_FINALIZE(RS_RET_OK); // TODO: define good error codes
} else if (ret == 4) {
@ -484,10 +490,11 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
ret = recv(fdSess, buf, sizeof (buf), MSG_PEEK);
} while (ret < 0 && errno == EINTR);
if (ret <= 0) {
if (ret == 0)
dbgprintf("GSS-API Connection closed by peer\n");
else
errmsg.LogError(0, NO_ERRCODE, "TCP session %p will be closed, error ignored\n", pSess);
if (ret == 0) {
dbgprintf("GSS-API Connection closed by peer %s\n", (char *)pszPeer);
} else {
errmsg.LogError(0, NO_ERRCODE, "TCP session %p from %s will be closed, error ignored\n", pSess, (char *)pszPeer);
}
ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes
}
}
@ -498,7 +505,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
| (buf[2] << 8)
| buf[3]);
if ((ret - 4) < len || len == 0) {
dbgprintf("GSS-API Reverting to plain TCP\n");
dbgprintf("GSS-API Reverting to plain TCP from %s\n", (char *)pszPeer);
pGSess->allowedMethods = ALLOWEDMETHOD_TCP;
ABORT_FINALIZE(RS_RET_OK); // TODO: define good error codes
}
@ -511,7 +518,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
sess_flags = &pGSess->gss_flags;
do {
if (gssutil.recv_token(fdSess, &recv_tok) <= 0) {
errmsg.LogError(0, NO_ERRCODE, "TCP session %p will be closed, error ignored\n", pSess);
errmsg.LogError(0, NO_ERRCODE, "TCP session %p from %s will be closed, error ignored\n", pSess, (char *)pszPeer);
ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes
}
maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, gss_server_creds,
@ -527,11 +534,11 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER);
if ((allowedMethods & ALLOWEDMETHOD_TCP) &&
(GSS_ROUTINE_ERROR(maj_stat) == GSS_S_DEFECTIVE_TOKEN)) {
dbgprintf("GSS-API Reverting to plain TCP\n");
dbgprintf("GSS-API Reverting to plain TCP from %s\n", (char *)pszPeer);
dbgprintf("tcp session socket with new data: #%d\n", fdSess);
if(tcps_sess.DataRcvd(pSess, buf, ret) != RS_RET_OK) {
errmsg.LogError(0, NO_ERRCODE, "Tearing down TCP Session %p - see "
"previous messages for reason(s)\n", pSess);
errmsg.LogError(0, NO_ERRCODE, "Tearing down TCP Session %p from %s - see "
"previous messages for reason(s)\n", pSess, (char *)pszPeer);
ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes
}
pGSess->allowedMethods = ALLOWEDMETHOD_TCP;
@ -543,7 +550,7 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
if (send_tok.length != 0) {
if(gssutil.send_token(fdSess, &send_tok) < 0) {
gss_release_buffer(&min_stat, &send_tok);
errmsg.LogError(0, NO_ERRCODE, "TCP session %p will be closed, error ignored\n", pSess);
errmsg.LogError(0, NO_ERRCODE, "TCP session %p from %s will be closed, error ignored\n", pSess, (char *)pszPeer);
if (*context != GSS_C_NO_CONTEXT)
gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER);
ABORT_FINALIZE(RS_RET_ERR); // TODO: define good error codes
@ -553,10 +560,11 @@ OnSessAcceptGSS(tcpsrv_t *pThis, tcps_sess_t *pSess)
} while (maj_stat == GSS_S_CONTINUE_NEEDED);
maj_stat = gss_display_name(&min_stat, client, &recv_tok, NULL);
if (maj_stat != GSS_S_COMPLETE)
if (maj_stat != GSS_S_COMPLETE) {
gssutil.display_status("displaying name", maj_stat, min_stat);
else
dbgprintf("GSS-API Accepted connection from: %s\n", (char*) recv_tok.value);
} else {
dbgprintf("GSS-API Accepted connection from peer %s: %s\n", (char *)pszPeer, (char*) recv_tok.value);
}
gss_release_name(&min_stat, &client);
gss_release_buffer(&min_stat, &recv_tok);
@ -724,6 +732,7 @@ CODESTARTmodExit
objRelease(glbl, CORE_COMPONENT);
objRelease(netstrm, LM_NETSTRM_FILENAME);
objRelease(net, LM_NET_FILENAME);
objRelease(prop, CORE_COMPONENT);
ENDmodExit
@ -774,6 +783,7 @@ CODEmodInit_QueryRegCFSLineHdlr
CHKiRet(objUse(glbl, CORE_COMPONENT));
CHKiRet(objUse(netstrm, LM_NETSTRM_FILENAME));
CHKiRet(objUse(net, LM_NET_FILENAME));
CHKiRet(objUse(prop, CORE_COMPONENT));
/* register config file handlers */
CHKiRet(omsdRegCFSLineHdlr((uchar *)"inputgssserverpermitplaintcp", 0, eCmdHdlrBinary,