The legacy ACL system needs access to the remote sockaddr_storage
data structure. This has been implemented for the ptcp driver and
now follows for gtls. See recent commits for reason.
We also moved up the version numbers in preparation of the release.
While this sounds scary, the situation can not
happen in practice. We use non-blocking IO only for server-based gtls
session setup. As TLS requires the exchange of multiple frames before
the handshake completes, it simply is impossible to do this in one
step. However, it is useful to have the code path correct even for
this case - otherwise, we may run into problems if the code is changed
some time later (e.g. to use blocking sockets).
Signed-off-by: Rainer Gerhards <rgerhards@adiscon.com>
Conflicts:
ChangeLog
conf.c
doc/Makefile.am
doc/manual.html
omfwd.c
plugins/omgssapi/omgssapi.c
This was a bit hard to merge; if there are problems, they
may be in the area of the new "comment in action line" code
that came from the beta.
This maps to bugzilla bug 83: http://bugzilla.adiscon.com/show_bug.cgi?id=83
This is the first test version, posted to user for repro of the problem.
It contains code to handle the case, HOWEVER, I have not been able to test it
in a scenario where a retry actually happens while receiving (I dont't get this
in my environment). So I assume it is buggy and will probably not work.
It is now iRet based. This enables us to communicate
more in-depth information to the upper peers. This is needed
to handle the EGAIN case on rcv (not yet implemented)
This is a debug aid, only. Note that it may reveal sensitive
information, so it should never be active in production code.
Currently, this is a compile-time switch and requires code changes
to (de)activate.
... in gnutls code, resulting in some hard too
understand error messages. Also genereally improved certificate
error messages a bit.
Also, added GnuTLS debugging support.
The TLS server now checks the client fingerprint. This works, but
is highly experimental. Needs to be refined for practice. Also:
- implemented permittedPeers helper construct to store names
- changed omfwd implementation to use new permittedPeers
- made action logic pass optional auth params only if they are
actually configured
- added new authMode and Fingerprint methods to ptcp netstream
driver (keeping them once again generic)
- added diagnostics messages when invalid auth modes were
configured
This is very experimental and needs some more work. It probably even
segfaults - but the base code is there and running. The rest is
refinement.
While working on this, I did these two bugfixes:
- bugfix: small mem leak in omfwd on exit (strmdriver name was not freed)
- bugfix: $ActionSendStreamDriver had no effect
- bugfix: TCP input modules did incorrectly set fromhost property
(always blank)
- bugfix: imklog did not set fromhost property
- added "fromhost-ip" property
- added "RSYSLOG_DebugFormat" canned template
- bugfix: hostname and fromhost were swapped when a persisted message
(in queued mode) was read in
