2
* This is a miscellaneous helper class for gss-api features.
4
* Copyright 2007 Rainer Gerhards and Adiscon GmbH.
6
* This file is part of rsyslog.
8
* Rsyslog is free software: you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation, either version 3 of the License, or
11
* (at your option) any later version.
13
* Rsyslog is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU General Public License for more details.
18
* You should have received a copy of the GNU General Public License
19
* along with Rsyslog. If not, see <http://www.gnu.org/licenses/>.
21
* A copy of the GPL can be found in the file "COPYING" in this distribution.
30
#include <netinet/in.h>
32
#include <arpa/inet.h>
43
#include <gssapi/gssapi.h>
45
#include "syslogd-types.h"
51
#include "tcpsyslog.h"
52
#include "module-template.h"
63
static void display_status_(char *m, OM_uint32 code, int type)
65
OM_uint32 maj_stat, min_stat, msg_ctx = 0;
69
maj_stat = gss_display_status(&min_stat, code, type, GSS_C_NO_OID, &msg_ctx, &msg);
70
if (maj_stat != GSS_S_COMPLETE) {
71
errmsg.LogError(NO_ERRCODE, "GSS-API error in gss_display_status called from <%s>\n", m);
75
snprintf(buf, sizeof(buf), "GSS-API error %s: %s\n", m, (char *) msg.value);
76
buf[sizeof(buf)/sizeof(char) - 1] = '\0';
77
errmsg.LogError(NO_ERRCODE, "%s", buf);
80
gss_release_buffer(&min_stat, &msg);
85
static void display_status(char *m, OM_uint32 maj_stat, OM_uint32 min_stat)
87
display_status_(m, maj_stat, GSS_C_GSS_CODE);
88
display_status_(m, min_stat, GSS_C_MECH_CODE);
92
static void display_ctx_flags(OM_uint32 flags)
94
if (flags & GSS_C_DELEG_FLAG)
95
dbgprintf("GSS_C_DELEG_FLAG\n");
96
if (flags & GSS_C_MUTUAL_FLAG)
97
dbgprintf("GSS_C_MUTUAL_FLAG\n");
98
if (flags & GSS_C_REPLAY_FLAG)
99
dbgprintf("GSS_C_REPLAY_FLAG\n");
100
if (flags & GSS_C_SEQUENCE_FLAG)
101
dbgprintf("GSS_C_SEQUENCE_FLAG\n");
102
if (flags & GSS_C_CONF_FLAG)
103
dbgprintf("GSS_C_CONF_FLAG\n");
104
if (flags & GSS_C_INTEG_FLAG)
105
dbgprintf("GSS_C_INTEG_FLAG\n");
109
static int read_all(int fd, char *buf, unsigned int nbyte)
116
for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
122
if ((ret = select(FD_SETSIZE, &rfds, NULL, NULL, &tv)) <= 0
123
|| !FD_ISSET(fd, &rfds))
125
ret = recv(fd, ptr, nbyte, 0);
130
} else if (ret == 0) {
139
static int write_all(int fd, char *buf, unsigned int nbyte)
144
for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
145
ret = send(fd, ptr, nbyte, 0);
150
} else if (ret == 0) {
159
static int recv_token(int s, gss_buffer_t tok)
162
unsigned char lenbuf[4];
165
ret = read_all(s, (char *) lenbuf, 4);
167
errmsg.LogError(NO_ERRCODE, "GSS-API error reading token length");
171
} else if (ret != 4) {
172
errmsg.LogError(NO_ERRCODE, "GSS-API error reading token length");
176
len = ((lenbuf[0] << 24)
180
tok->length = ntohl(len);
182
tok->value = (char *) malloc(tok->length ? tok->length : 1);
183
if (tok->length && tok->value == NULL) {
184
errmsg.LogError(NO_ERRCODE, "Out of memory allocating token data\n");
188
ret = read_all(s, (char *) tok->value, tok->length);
190
errmsg.LogError(NO_ERRCODE, "GSS-API error reading token data");
193
} else if (ret != (int) tok->length) {
194
errmsg.LogError(NO_ERRCODE, "GSS-API error reading token data");
203
static int send_token(int s, gss_buffer_t tok)
206
unsigned char lenbuf[4];
209
if (tok->length > 0xffffffffUL)
210
abort(); /* TODO: we need to reconsider this, abort() is not really a solution - degrade, but keep running */
211
len = htonl(tok->length);
212
lenbuf[0] = (len >> 24) & 0xff;
213
lenbuf[1] = (len >> 16) & 0xff;
214
lenbuf[2] = (len >> 8) & 0xff;
215
lenbuf[3] = len & 0xff;
217
ret = write_all(s, (char *) lenbuf, 4);
219
errmsg.LogError(NO_ERRCODE, "GSS-API error sending token length");
221
} else if (ret != 4) {
222
errmsg.LogError(NO_ERRCODE, "GSS-API error sending token length");
226
ret = write_all(s, tok->value, tok->length);
228
errmsg.LogError(NO_ERRCODE, "GSS-API error sending token data");
230
} else if (ret != (int) tok->length) {
231
errmsg.LogError(NO_ERRCODE, "GSS-API error sending token data");
239
/* queryInterface function
240
* rgerhards, 2008-02-29
242
BEGINobjQueryInterface(gssutil)
243
CODESTARTobjQueryInterface(gssutil)
244
if(pIf->ifVersion != gssutilCURR_IF_VERSION) { /* check for current version, increment on each change */
245
ABORT_FINALIZE(RS_RET_INTERFACE_NOT_SUPPORTED);
248
/* ok, we have the right interface, so let's fill it
249
* Please note that we may also do some backwards-compatibility
250
* work here (if we can support an older interface version - that,
251
* of course, also affects the "if" above).
253
pIf->recv_token = recv_token;
254
pIf->send_token = send_token;
255
pIf->display_status = display_status;
256
pIf->display_ctx_flags = display_ctx_flags;
259
ENDobjQueryInterface(gssutil)
263
* rgerhards, 2008-03-10
265
BEGINObjClassExit(gssutil, OBJ_IS_LOADABLE_MODULE) /* CHANGE class also in END MACRO! */
266
CODESTARTObjClassExit(gssutil)
267
/* release objects we no longer need */
268
objRelease(errmsg, CORE_COMPONENT);
269
ENDObjClassExit(gssutil)
272
/* Initialize our class. Must be called as the very first method
273
* before anything else is called inside this class.
274
* rgerhards, 2008-02-29
276
BEGINAbstractObjClassInit(gssutil, 1, OBJ_IS_LOADABLE_MODULE) /* class, version - CHANGE class also in END MACRO! */
277
/* request objects we use */
278
CHKiRet(objUse(errmsg, CORE_COMPONENT));
279
ENDObjClassInit(gssutil)
282
/* --------------- here now comes the plumbing that makes as a library module --------------- */
293
CODEqueryEtryPt_STD_LIB_QUERIES
299
*ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
301
/* Initialize all classes that are in our module - this includes ourselfs */
302
CHKiRet(gssutilClassInit(pModInfo)); /* must be done after tcps_sess, as we use it */
added
removed
gss-misc.c
