diff options
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/omrelp/omrelp.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/plugins/omrelp/omrelp.c b/plugins/omrelp/omrelp.c index 1da66b5a..473bc105 100644 --- a/plugins/omrelp/omrelp.c +++ b/plugins/omrelp/omrelp.c @@ -73,6 +73,7 @@ typedef struct _instanceData { sbool bEnableTLSZip; sbool bHadAuthFail; /**< set on auth failure, will cause retry to disable action */ uchar *pristring; /* GnuTLS priority string (NULL if not to be provided) */ + uchar *authmode; uchar *caCertFile; uchar *myCertFile; uchar *myPrivKeyFile; @@ -99,6 +100,7 @@ static struct cnfparamdescr actpdescr[] = { { "tls.cacert", eCmdHdlrString, 0 }, { "tls.mycert", eCmdHdlrString, 0 }, { "tls.myprivkey", eCmdHdlrString, 0 }, + { "tls.authmode", eCmdHdlrString, 0 }, { "tls.permittedpeer", eCmdHdlrArray, 0 }, { "port", eCmdHdlrGetWord, 0 }, { "rebindinterval", eCmdHdlrInt, 0 }, @@ -157,6 +159,11 @@ doCreateRelpClient(instanceData *pData) } if(relpCltSetGnuTLSPriString(pData->pRelpClt, (char*) pData->pristring) != RELP_RET_OK) ABORT_FINALIZE(RS_RET_RELP_ERR); + if(relpCltSetAuthMode(pData->pRelpClt, (char*) pData->authmode) != RELP_RET_OK) { + errmsg.LogError(0, RS_RET_RELP_ERR, + "omrelp: invalid auth mode '%s'\n", pData->authmode); + ABORT_FINALIZE(RS_RET_RELP_ERR); + } if(relpCltSetCACert(pData->pRelpClt, (char*) pData->caCertFile) != RELP_RET_OK) ABORT_FINALIZE(RS_RET_RELP_ERR); if(relpCltSetOwnCert(pData->pRelpClt, (char*) pData->myCertFile) != RELP_RET_OK) @@ -185,6 +192,7 @@ CODESTARTcreateInstance pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP; pData->bHadAuthFail = 0; pData->pristring = NULL; + pData->authmode = NULL; pData->caCertFile = NULL; pData->myCertFile = NULL; pData->myPrivKeyFile = NULL; @@ -200,6 +208,7 @@ CODESTARTfreeInstance free(pData->port); free(pData->tplName); free(pData->pristring); + free(pData->authmode); free(pData->caCertFile); free(pData->myCertFile); free(pData->myPrivKeyFile); @@ -219,6 +228,7 @@ setInstParamDefaults(instanceData *pData) pData->bEnableTLS = DFLT_ENABLE_TLS; pData->bEnableTLSZip = DFLT_ENABLE_TLSZIP; pData->pristring = NULL; + pData->authmode = NULL; pData->caCertFile = NULL; pData->myCertFile = NULL; pData->myPrivKeyFile = NULL; @@ -262,6 +272,8 @@ CODESTARTnewActInst pData->myCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); } else if(!strcmp(actpblk.descr[i].name, "tls.myprivkey")) { pData->myPrivKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); + } else if(!strcmp(actpblk.descr[i].name, "tls.authmode")) { + pData->authmode = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL); } else if(!strcmp(actpblk.descr[i].name, "tls.permittedpeer")) { pData->permittedPeers.nmemb = pvals[i].val.d.ar->nmemb; CHKmalloc(pData->permittedPeers.name = |