From c55997638f8833daec34d7f51b9ff6694620f6f8 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Thu, 8 Sep 2011 15:05:04 +0200 Subject: added $InputRELPServerBindRuleset directive to specify rulesets for RELP --- ChangeLog | 3 +++ dirty.h | 2 +- doc/imrelp.html | 9 ++++--- plugins/im3195/im3195.c | 2 +- plugins/imrelp/imrelp.c | 62 ++++++++++++++++++++++++++++++++++++++----------- tools/syslogd.c | 3 ++- 6 files changed, 62 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0cc502b6..335972e8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,7 @@ --------------------------------------------------------------------------- +Version 6.3.6 [DEVEL] 2011-09-?? +- added $InputRELPServerBindRuleset directive to specify rulesets for RELP +--------------------------------------------------------------------------- Version 6.3.5 [DEVEL] (rgerhards/al), 2011-09-01 - bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: mark message processing did not work correctly diff --git a/dirty.h b/dirty.h index a831dd06..a3940cb9 100644 --- a/dirty.h +++ b/dirty.h @@ -30,7 +30,7 @@ rsRetVal multiSubmitMsg(multi_submit_t *pMultiSub); rsRetVal submitMsg(msg_t *pMsg); rsRetVal logmsgInternal(int iErr, int pri, uchar *msg, int flags); -rsRetVal parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int flags, flowControl_t flowCtlTypeu, prop_t *pInputName, struct syslogTime *stTime, time_t ttGenTime); +rsRetVal parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int flags, flowControl_t flowCtlTypeu, prop_t *pInputName, struct syslogTime *stTime, time_t ttGenTime, ruleset_t *pRuleset); rsRetVal diagGetMainMsgQSize(int *piSize); /* for imdiag */ rsRetVal createMainQueue(qqueue_t **ppQueue, uchar *pszQueueName); diff --git a/doc/imrelp.html b/doc/imrelp.html index 2cf9c1f7..d83b2a15 100644 --- a/doc/imrelp.html +++ b/doc/imrelp.html @@ -29,6 +29,8 @@ syslog and so it is highly suggested to use RELP instead of plain tcp. Clients send messages to the RELP server via omrelp.

Configuration Directives:

@@ -38,6 +40,8 @@ Starts a RELP server on selected port
  • To obtain the remote system's IP address, you need to have at least librelp 1.0.0 installed. Versions below it return the hostname instead of the IP address.
    • +
  • Contrary to other inputs, the ruleset can only be bound to all listeners, +not specific ones. This is due to a currently existing limitation in librelp.

    Sample:

    This sets up a RELP server on port 20514.
    @@ -48,9 +52,8 @@ $InputRELPServerRun 20514

    [rsyslog.conf overview] [manual index] [rsyslog site]

    This documentation is part of the -rsyslog -project.
    -Copyright © 2008 by Rainer +rsyslog project.
    +Copyright © 2008-2011 by Rainer Gerhards and Adiscon. Released under the GNU GPL version 3 or higher.

    diff --git a/plugins/im3195/im3195.c b/plugins/im3195/im3195.c index 4214ab95..3967372f 100644 --- a/plugins/im3195/im3195.c +++ b/plugins/im3195/im3195.c @@ -91,7 +91,7 @@ void OnReceive(srAPIObj __attribute__((unused)) *pMyAPI, srSLMGObj* pSLMG) srSLMGGetRawMSG(pSLMG, &pszRawMsg); parseAndSubmitMessage(fromHost, fromHostIP, pszRawMsg, strlen((char*)pszRawMsg), - PARSE_HOSTNAME, eFLOWCTL_FULL_DELAY, (uchar*)"im3195", NULL, 0); + PARSE_HOSTNAME, eFLOWCTL_FULL_DELAY, (uchar*)"im3195", NULL, 0, NULL); } diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c index 5465b2a9..05a7ce31 100644 --- a/plugins/imrelp/imrelp.c +++ b/plugins/imrelp/imrelp.c @@ -46,6 +46,7 @@ #include "msg.h" #include "unicode-helper.h" #include "prop.h" +#include "ruleset.h" MODULE_TYPE_INPUT MODULE_TYPE_NOKEEP @@ -56,14 +57,19 @@ DEF_IMOD_STATIC_DATA DEFobjCurrIf(net) DEFobjCurrIf(prop) DEFobjCurrIf(errmsg) +DEFobjCurrIf(ruleset) /* forward definitions */ static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal); /* Module static data */ +/* config vars for legacy config system */ static relpEngine_t *pRelpEngine; /* our relp engine */ static prop_t *pInputName = NULL; /* there is only one global inputName for all messages generated by this module */ +static struct configSettings_s { + uchar *pszBindRuleset; /* name of Ruleset to bind to */ +} cs; struct instanceConf_s { uchar *pszBindPort; /* port to bind to */ @@ -74,21 +80,13 @@ struct instanceConf_s { struct modConfData_s { rsconf_t *pConf; /* our overall config object */ instanceConf_t *root, *tail; - int iTCPSessMax; /* max number of sessions */ - int iTCPLstnMax; /* max number of sessions */ - int iStrmDrvrMode; /* mode for stream driver, driver-dependent (0 mostly means plain tcp) */ - int bEmitMsgOnClose; /* emit an informational message on close by remote peer */ - int iAddtlFrameDelim; /* addtl frame delimiter, e.g. for netscreen, default none */ - int bDisableLFDelim; /* disable standard LF delimiter */ - int bUseFlowControl; /* use flow control, what means indicate ourselfs a "light delayable" */ - uchar *pszStrmDrvrAuthMode; /* authentication mode to use */ + uchar *pszBindRuleset; /* name of Ruleset to bind to */ + ruleset_t *pBindRuleset; /* due to librelp limitation, we need to bind all listerns to the same set */ }; static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */ static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current load process */ -//#include "im-helper.h" /* must be included AFTER the type definitions! */ - /* ------------------------------ callbacks ------------------------------ */ @@ -107,7 +105,7 @@ onSyslogRcv(uchar *pHostname, uchar *pIP, uchar *pMsg, size_t lenMsg) { DEFiRet; parseAndSubmitMessage(pHostname, pIP, pMsg, lenMsg, PARSE_HOSTNAME, - eFLOWCTL_LIGHT_DELAY, pInputName, NULL, 0); + eFLOWCTL_LIGHT_DELAY, pInputName, NULL, 0, runModConf->pBindRuleset); RETiRet; } @@ -116,6 +114,15 @@ onSyslogRcv(uchar *pHostname, uchar *pIP, uchar *pMsg, size_t lenMsg) /* ------------------------------ end callbacks ------------------------------ */ +/* modified to work for module, not instance (as usual) */ +static inline void +std_checkRuleset_genErrMsg(modConfData_t *modConf, __attribute__((unused)) instanceConf_t *inst) +{ + errmsg.LogError(0, NO_ERRCODE, "imrelp: ruleset '%s' not found - " + "using default ruleset instead", modConf->pszBindRuleset); +} + + /* This function is called when a new listener instace shall be added to * the current config object via the legacy config system. It just shuffles * all parameters to the listener in-memory instance. @@ -170,19 +177,42 @@ CODESTARTbeginCnfLoad loadModConf = pModConf; pModConf->pConf = pConf; /* init legacy config variables */ - resetConfigVariables(NULL, NULL); /* dummy parameters just to fulfill interface def */ + cs.pszBindRuleset = NULL; ENDbeginCnfLoad BEGINendCnfLoad CODESTARTendCnfLoad + if((cs.pszBindRuleset == NULL) || (cs.pszBindRuleset[0] == '\0')) { + loadModConf->pszBindRuleset = NULL; + } else { + CHKmalloc(loadModConf->pszBindRuleset = ustrdup(cs.pszBindRuleset)); + } + loadModConf->pBindRuleset = NULL; +finalize_it: + free(cs.pszBindRuleset); loadModConf = NULL; /* done loading */ ENDendCnfLoad BEGINcheckCnf + rsRetVal localRet; + ruleset_t *pRuleset; CODESTARTcheckCnf - /* so far, we have nothing to check... */ + /* we emulate the standard "ruleset query" code provided by the framework + * for *instances* (which we can currently not support due to librelp). + */ + if(pModConf->pszBindRuleset == NULL) { + pModConf->pBindRuleset = NULL; + } else { + localRet = ruleset.GetRuleset(pModConf->pConf, &pRuleset, pModConf->pszBindRuleset); + if(localRet == RS_RET_NOT_FOUND) { + std_checkRuleset_genErrMsg(pModConf, NULL); + } + CHKiRet(localRet); + pModConf->pBindRuleset = pRuleset; + } +finalize_it: ENDcheckCnf @@ -239,6 +269,7 @@ CODESTARTmodExit prop.Destruct(&pInputName); /* release objects we used */ + objRelease(ruleset, CORE_COMPONENT); objRelease(prop, CORE_COMPONENT); objRelease(net, LM_NET_FILENAME); objRelease(errmsg, CORE_COMPONENT); @@ -248,6 +279,8 @@ ENDmodExit static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal) { + free(cs.pszBindRuleset); + cs.pszBindRuleset = NULL; return RS_RET_OK; } @@ -270,8 +303,11 @@ CODEmodInit_QueryRegCFSLineHdlr CHKiRet(objUse(prop, CORE_COMPONENT)); CHKiRet(objUse(errmsg, CORE_COMPONENT)); CHKiRet(objUse(net, LM_NET_FILENAME)); + CHKiRet(objUse(ruleset, CORE_COMPONENT)); /* register config file handlers */ + CHKiRet(omsdRegCFSLineHdlr((uchar *)"inputrelpserverbindruleset", 0, eCmdHdlrGetWord, + NULL, &cs.pszBindRuleset, STD_LOADABLE_MODULE_ID, eConfObjGlobal)); CHKiRet(omsdRegCFSLineHdlr((uchar *)"inputrelpserverrun", 0, eCmdHdlrGetWord, addInstance, NULL, STD_LOADABLE_MODULE_ID, eConfObjGlobal)); CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, diff --git a/tools/syslogd.c b/tools/syslogd.c index 91df6469..6d794260 100644 --- a/tools/syslogd.c +++ b/tools/syslogd.c @@ -383,7 +383,7 @@ void untty(void) */ rsRetVal parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int flags, flowControl_t flowCtlType, - prop_t *pInputName, struct syslogTime *stTime, time_t ttGenTime) + prop_t *pInputName, struct syslogTime *stTime, time_t ttGenTime, ruleset_t *pRuleset) { prop_t *pProp = NULL; msg_t *pMsg; @@ -399,6 +399,7 @@ parseAndSubmitMessage(uchar *hname, uchar *hnameIP, uchar *msg, int len, int fla MsgSetInputName(pMsg, pInputName); MsgSetRawMsg(pMsg, (char*)msg, len); MsgSetFlowControlType(pMsg, flowCtlType); + MsgSetRuleset(pMsg, pRuleset); pMsg->msgFlags = flags | NEEDS_PARSING; MsgSetRcvFromStr(pMsg, hname, ustrlen(hname), &pProp); -- cgit v1.2.3