diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2013-06-18 11:17:11 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2013-06-18 11:17:11 +0200 |
| commit | 520f0325e7c10b6a47f721ac353a6036d554cbc3 (patch) | |
| tree | 7d167a47e839614384fbf4894663cb5c6f1b1db3 /plugins/imrelp/imrelp.c | |
| parent | 41354d1374aaa2fc580c80e22366a95acaf5b3f3 (diff) | |
| download | rsyslog-520f0325e7c10b6a47f721ac353a6036d554cbc3.tar.gz rsyslog-520f0325e7c10b6a47f721ac353a6036d554cbc3.tar.bz2 rsyslog-520f0325e7c10b6a47f721ac353a6036d554cbc3.zip | |
imrelp: support for setting permitted peers (client authentication) added
Diffstat (limited to 'plugins/imrelp/imrelp.c')
| -rw-r--r-- | plugins/imrelp/imrelp.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c index 3e6faf46..9d131ba0 100644 --- a/plugins/imrelp/imrelp.c +++ b/plugins/imrelp/imrelp.c @@ -83,6 +83,11 @@ struct instanceConf_s { uchar *caCertFile; uchar *myCertFile; uchar *myPrivKeyFile; + struct { + int nmemb; + uchar **name; + } permittedPeers; + struct instanceConf_s *next; /* with librelp, this module does not have any own specific session * or listener active data item. As a "work-around", we keep some @@ -122,6 +127,7 @@ static struct cnfparamblk modpblk = static struct cnfparamdescr inppdescr[] = { { "port", eCmdHdlrString, CNFPARAM_REQUIRED }, { "tls", eCmdHdlrBinary, 0 }, + { "tls.permittedpeer", eCmdHdlrArray, 0 }, { "tls.dhbits", eCmdHdlrInt, 0 }, { "tls.prioritystring", eCmdHdlrString, 0 }, { "tls.cacert", eCmdHdlrString, 0 }, @@ -198,6 +204,7 @@ createInstance(instanceConf_t **pinst) inst->bEnableTLSZip = 0; inst->dhBits = 0; inst->pristring = NULL; + inst->permittedPeers.nmemb = 0; /* node created, let's add to config */ if(loadModConf->tail == NULL) { @@ -249,6 +256,7 @@ addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst) { relpSrv_t *pSrv; uchar statname[64]; + int i; DEFiRet; if(pRelpEngine == NULL) { CHKiRet(relpEngineConstruct(&pRelpEngine)); @@ -290,6 +298,9 @@ addListner(modConfData_t __attribute__((unused)) *modConf, instanceConf_t *inst) ABORT_FINALIZE(RS_RET_RELP_ERR); if(relpSrvSetPrivKey(pSrv, (char*) inst->myPrivKeyFile) != RELP_RET_OK) ABORT_FINALIZE(RS_RET_RELP_ERR); + for(i = 0 ; i < inst->permittedPeers.nmemb ; ++i) { + relpSrvAddPermittedPeer(pSrv, (char*)inst->permittedPeers.name[i]); + } } CHKiRet(relpEngineListnerConstructFinalize(pRelpEngine, pSrv)); @@ -301,7 +312,7 @@ finalize_it: BEGINnewInpInst struct cnfparamvals *pvals; instanceConf_t *inst; - int i; + int i,j; CODESTARTnewInpInst DBGPRINTF("newInpInst (imrelp)\n"); @@ -338,6 +349,13 @@ CODESTARTnewInpInst inst->myCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); } else if(!strcmp(inppblk.descr[i].name, "tls.myprivkey")) { inst->myPrivKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(inppblk.descr[i].name, "tls.permittedpeer")) { + inst->permittedPeers.nmemb = pvals[i].val.d.ar->nmemb; + CHKmalloc(inst->permittedPeers.name = + malloc(sizeof(uchar*) * inst->permittedPeers.nmemb)); + for(j = 0 ; j < pvals[i].val.d.ar->nmemb ; ++j) { + inst->permittedPeers.name[j] = (uchar*)es_str2cstr(pvals[i].val.d.ar->arr[j], NULL); + } } else { dbgprintf("imrelp: program error, non-handled " "param '%s'\n", inppblk.descr[i].name); @@ -452,10 +470,14 @@ ENDactivateCnf BEGINfreeCnf instanceConf_t *inst, *del; + int i; CODESTARTfreeCnf for(inst = pModConf->root ; inst != NULL ; ) { free(inst->pszBindPort); statsobj.Destruct(&(inst->data.stats)); + for(i = 0 ; i < inst->permittedPeers.nmemb ; ++i) { + free(inst->permittedPeers.name[i]); + } del = inst; inst = inst->next; free(del); |