Rainer Gerhards wrote:
> Thanks for the code. Unfortunately, adding the config switch to it is not
> quite easy in that case (good I asked for the actual code). I'd say that you
> best do it similar to the other config directives, like the authentication
> mode. They actual directives are in the upper level code (imtcp/omfwd).
> There, they are shuffled over to the instance data, which goes along with
> each of the configured listeners/sender. Then, when a new network stream is
> created, the params are passed down to the generic stream interface and there
> passed down to the selected stream driver, which finally stores and acts on
> them. It's clumpsy and quite some work, but that is what is needed for the
> old config system. You probably need to add around 50 to 100 lines of code
> altogether to the various files. It's not complex, but easy to forget
> something. Best start by a directive (like $..AuthMode), see how it is
> handled (and passed down) in imtcp and work your way down the stack ;)
>
> Rainer
>
>
Hi Rainer,
I have added some code that I have thought was necessary, but
I am stuck now. In nsd_gtls.c is added function:
static rsRetVal
SetAddClientCN(nsd_t *pNsd, int mode)
{
DEFiRet;
nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
ISOBJ_TYPE_assert((pThis), nsd_gtls);
if(mode != 0 && mode != 1) {
errmsg.LogError(0, RS_RET_INVALID_DRVR_MODE, "error: driver mode
%d not supported by "
"gtls netstream driver", mode);
ABORT_FINALIZE(RS_RET_INVALID_DRVR_MODE);
}
pThis->iAddClientCN = mode;
dbgprintf("GTLS:%d\n", pThis->iAddClientCN);
finalize_it:
RETiRet;
}
The "dbgprintf" shows correct value in pThis, but if I check
pThis->iAddClientCN
later in function:
static rsRetVal
Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
{
DEFiRet;
ssize_t iBytesCopy; /* how many bytes are to be copied to the client
buffer? */
nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
ISOBJ_TYPE_assert(pThis, nsd_gtls);
cstr_t *pstrCN = NULL;
const gnutls_datum *cert_list;
unsigned int cert_list_size = 0;
gnutls_x509_crt cert;
int len = 0;
char *buf_temp;
if(pThis->bAbortConn)
ABORT_FINALIZE(RS_RET_CONNECTION_ABORTREQ);
if(pThis->iMode == 0) {
CHKiRet(nsd_ptcp.Rcv(pThis->pTcp, pBuf, pLenBuf));
FINALIZE;
}
/* --- in TLS mode now --- */
/* Buffer logic applies only if we are in TLS mode. Here we
* assume that we will switch from plain to TLS, but never back. This
* assumption may be unsafe, but it is the model for the time being
and I
* do not see any valid reason why we should switch back to plain
TCP after
* we were in TLS mode. However, in that case we may lose something that
* is already in the receive buffer ... risk accepted. -- rgerhards,
2008-06-23
*/
if(pThis->pszRcvBuf == NULL) {
/* we have no buffer, so we need to malloc one */
CHKmalloc(pThis->pszRcvBuf = MALLOC(NSD_GTLS_MAX_RCVBUF));
pThis->lenRcvBuf = -1;
}
/* now check if we have something in our buffer. If so, we satisfy
* the request from buffer contents.
*/
if(pThis->lenRcvBuf == -1) { /* no data present, must read */
CHKiRet(gtlsRecordRecv(pThis));
}
if(pThis->lenRcvBuf == 0) { /* EOS */
*pLenBuf = 0;
/* in this case, we also need to free the receive buffer, if we
* allocated one. -- rgerhards, 2008-12-03
*/
if(pThis->pszRcvBuf != NULL) {
free(pThis->pszRcvBuf);
pThis->pszRcvBuf = NULL;
}
ABORT_FINALIZE(RS_RET_CLOSED);
}
/* if we reach this point, data is present in the buffer and must be
copied */
iBytesCopy = pThis->lenRcvBuf - pThis->ptrRcvBuf;
if(iBytesCopy > *pLenBuf) {
iBytesCopy = *pLenBuf;
} else {
pThis->lenRcvBuf = -1; /* buffer will be emptied below */
}
dbgprintf("!!!!!!!!!!!%d!!!!!!!!!!!!!!\n\n", pThis->iAddClientCN);
if (pThis->iAddClientCN)
{
if (pThis->clientCNValid != 1)
{
cert_list = gnutls_certificate_get_peers(pThis->sess,
&cert_list_size);
if(cert_list_size > 0)
{
// we only print information about the first certificate
gnutls_x509_crt_init(&cert);
gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
CHKiRet(gtlsGetCN(pThis, &cert, &pstrCN));
len = snprintf(NULL, 0, "CN:%s ",
(char*)cstrGetSzStr(pstrCN));
if ( !(pThis->clientCN = malloc((len + 1)*sizeof(char))) )
return -1;
snprintf(pThis->clientCN, len + 1, "CN:%s ",
(char*)cstrGetSzStr(pstrCN));
pThis->clientCN[len] = '\0';
pThis->clientCNLen = len + 1;
pThis->clientCNValid = 1;
}
}
iBytesCopy = iBytesCopy + pThis->clientCNLen - 1 < *pLenBuf ?
iBytesCopy + pThis->clientCNLen - 1 : *pLenBuf;
buf_temp = (char*)malloc(iBytesCopy);
if (buf_temp)
{
memset(buf_temp, 0, iBytesCopy);
strncpy(buf_temp, pThis->clientCN, iBytesCopy);
buf_temp[strlen(buf_temp)] ='\0';
strncat(buf_temp, pThis->pszRcvBuf, iBytesCopy -
strlen(buf_temp));
buf_temp[strlen(buf_temp)] ='\0';
}
memset(pBuf, 0, *pLenBuf);
memcpy(pBuf, buf_temp + pThis->ptrRcvBuf, iBytesCopy);
if (buf_temp)
free(buf_temp);
}
else
{
memcpy(pBuf, pThis->pszRcvBuf + pThis->ptrRcvBuf, iBytesCopy);
}
pThis->ptrRcvBuf += iBytesCopy;
*pLenBuf = iBytesCopy;
finalize_it:
dbgprintf("gtlsRcv return. nsd %p, iRet %d, lenRcvBuf %d, ptrRcvBuf
%d\n", pThis, iRet, pThis->lenRcvBuf, pThis->ptrRcvBuf);
RETiRet;
}
The value is zero. Can you help me what I have to check in the sources code?
Thanks.
Regards,
Tomas
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
