File rsyslog-3.18.3-honor-AllowedSender.bnc457273.dif of Package rsyslog
--- net.c
+++ net.c 2008/12/15 12:01:28
@@ -80,6 +80,31 @@
int ACLAddHostnameOnFail = 0; /* add hostname to acl when DNS resolving has failed */
int ACLDontResolve = 0; /* add hostname to acl instead of resolving it to IP(s) */
+/* sets the correct allow root pointer based on provided type
+ * rgerhards, 2008-12-01
+ */
+static inline rsRetVal
+setAllowRoot(struct AllowedSenders **ppAllowRoot, uchar *pszType)
+{
+ DEFiRet;
+
+ if(!strcmp((char*)pszType, "UDP"))
+ *ppAllowRoot = pAllowedSenders_UDP;
+ else if(!strcmp((char*)pszType, "TCP"))
+ *ppAllowRoot = pAllowedSenders_TCP;
+#ifdef USE_GSSAPI
+ else if(!strcmp((char*)pszType, "GSS"))
+ *ppAllowRoot = pAllowedSenders_GSS;
+#endif
+ else {
+ dbgprintf("program error: invalid allowed sender ID '%s', denying...\n", pszType);
+ ABORT_FINALIZE(RS_RET_CODE_ERR); /* everything is invalid for an invalid type */
+ }
+
+finalize_it:
+ RETiRet;
+}
+
/* Code for handling allowed/disallowed senders
*/
static inline void MaskIP6 (struct in6_addr *addr, uint8_t bits) {
@@ -143,24 +168,28 @@
}
/* function to clear the allowed sender structure in cases where
- * it must be freed (occurs most often when HUPed.
- * TODO: reconsider recursive implementation
- * I think there is also a memory leak, because only the last entry
- * is acutally deleted... -- rgerhards, 2007-12-25
+ * it must be freed (occurs most often when HUPed).
+ * rgerhards, 2008-12-02: revamped this code when we fixed the
+ * interface definition. Now an iterative algorithm is used.
*/
-void clearAllowedSenders (struct AllowedSenders *pAllow)
+static void
+clearAllowedSenders(uchar *pszType)
{
- if (pAllow != NULL) {
- if (pAllow->pNext != NULL)
- clearAllowedSenders (pAllow->pNext);
- else {
- if (F_ISSET(pAllow->allowedSender.flags, ADDR_NAME))
- free (pAllow->allowedSender.addr.HostWildcard);
- else
- free (pAllow->allowedSender.addr.NetAddr);
-
- free (pAllow);
- }
+ struct AllowedSenders *pPrev;
+ struct AllowedSenders *pCurr;
+
+ if(setAllowRoot(&pCurr, pszType) != RS_RET_OK)
+ return; /* if something went wrong, so let's leave */
+
+ while(pCurr != NULL) {
+ pPrev = pCurr;
+ pCurr = pCurr->pNext;
+ /* now delete the entry we are right now processing */
+ if(F_ISSET(pPrev->allowedSender.flags, ADDR_NAME))
+ free(pPrev->allowedSender.addr.HostWildcard);
+ else
+ free(pPrev->allowedSender.addr.NetAddr);
+ free(pPrev);
}
}
@@ -545,12 +574,16 @@
* returns 1, if the sender is allowed, 0 otherwise.
* rgerhards, 2005-09-26
*/
-static int isAllowedSender(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost)
+static int isAllowedSender(uchar *pszType, struct sockaddr *pFrom, const char *pszFromHost)
{
struct AllowedSenders *pAllow;
-
+ struct AllowedSenders *pAllowRoot;
+
assert(pFrom != NULL);
+ if(setAllowRoot(&pAllowRoot, pszType) != RS_RET_OK)
+ return 0; /* if something went wrong, we denie access - that's the better choice... */
+
if(pAllowRoot == NULL)
return 1; /* checking disabled, everything is valid! */
--- net.h
+++ net.h 2008/12/15 12:02:00
@@ -92,19 +92,16 @@
/* things to go away after proper modularization */
rsRetVal (*addAllowedSenderLine)(char* pName, uchar** ppRestOfConfLine);
void (*PrintAllowedSenders)(int iListToPrint);
- void (*clearAllowedSenders) ();
+ void (*clearAllowedSenders)(uchar *pszType);
void (*debugListenInfo)(int fd, char *type);
int *(*create_udp_socket)(uchar *hostname, uchar *LogPort, int bIsServer);
void (*closeUDPListenSockets)(int *finet);
- int (*isAllowedSender)(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost);
+ int (*isAllowedSender)(uchar *pszType, struct sockaddr *pFrom, const char *pszFromHost);
rsRetVal (*getLocalHostname)(uchar**);
int (*should_use_so_bsdcompat)(void);
/* data memebers - these should go away over time... TODO */
int *pACLAddHostnameOnFail; /* add hostname to acl when DNS resolving has failed */
int *pACLDontResolve; /* add hostname to acl instead of resolving it to IP(s) */
- struct AllowedSenders *pAllowedSenders_UDP;
- struct AllowedSenders *pAllowedSenders_TCP;
- struct AllowedSenders *pAllowedSenders_GSS;
ENDinterface(net)
#define netCURR_IF_VERSION 2 /* increment whenever you change the interface structure! */
--- plugins/imgssapi/imgssapi.c
+++ plugins/imgssapi/imgssapi.c 2008/12/15 12:08:07
@@ -172,10 +172,10 @@
pGSess = (gss_sess_t*) pUsrSess;
if((pGSrv->allowedMethods & ALLOWEDMETHOD_TCP) &&
- net.isAllowedSender(net.pAllowedSenders_TCP, addr, (char*)fromHostFQDN))
+ net.isAllowedSender((uchar*)"TCP", addr, (char*)fromHostFQDN))
allowedMethods |= ALLOWEDMETHOD_TCP;
if((pGSrv->allowedMethods & ALLOWEDMETHOD_GSS) &&
- net.isAllowedSender(net.pAllowedSenders_GSS, addr, (char*)fromHostFQDN))
+ net.isAllowedSender((uchar*)"GSS", addr, (char*)fromHostFQDN))
allowedMethods |= ALLOWEDMETHOD_GSS;
if(allowedMethods && pGSess != NULL)
pGSess->allowedMethods = allowedMethods;
@@ -645,14 +645,8 @@
BEGINafterRun
CODESTARTafterRun
/* do cleanup here */
- if (net.pAllowedSenders_TCP != NULL) {
- net.clearAllowedSenders (net.pAllowedSenders_TCP);
- net.pAllowedSenders_TCP = NULL;
- }
- if (net.pAllowedSenders_GSS != NULL) {
- net.clearAllowedSenders (net.pAllowedSenders_GSS);
- net.pAllowedSenders_GSS = NULL;
- }
+ net.clearAllowedSenders((uchar*)"TCP");
+ net.clearAllowedSenders((uchar*)"GSS");
ENDafterRun
--- plugins/imrelp/imrelp.c
+++ plugins/imrelp/imrelp.c 2008/12/15 11:20:57
@@ -64,7 +64,7 @@
isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void __attribute__((unused)) *pUsrSrv,
void __attribute__((unused)) *pUsrSess)
{
- return net.isAllowedSender(net.pAllowedSenders_TCP, addr, fromHostFQDN);
+ return net.isAllowedSender((uchar*) "TCP", addr, fromHostFQDN);
}
#endif // #if 0
@@ -135,10 +135,7 @@
CODESTARTafterRun
/* do cleanup here */
#if 0
- if(net.pAllowedSenders_TCP != NULL) {
- net.clearAllowedSenders(net.pAllowedSenders_TCP);
- net.pAllowedSenders_TCP = NULL;
- }
+ net.clearAllowedSenders((uchar*)"TCP");
#endif
ENDafterRun
--- plugins/imtcp/imtcp.c
+++ plugins/imtcp/imtcp.c 2008/12/15 12:08:36
@@ -66,7 +66,7 @@
isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void __attribute__((unused)) *pUsrSrv,
void __attribute__((unused)) *pUsrSess)
{
- return net.isAllowedSender(net.pAllowedSenders_TCP, addr, fromHostFQDN);
+ return net.isAllowedSender((uchar*)"TCP", addr, fromHostFQDN);
}
@@ -158,10 +158,7 @@
BEGINafterRun
CODESTARTafterRun
/* do cleanup here */
- if(net.pAllowedSenders_TCP != NULL) {
- net.clearAllowedSenders(net.pAllowedSenders_TCP);
- net.pAllowedSenders_TCP = NULL;
- }
+ net.clearAllowedSenders((uchar*)"TCP");
ENDafterRun
--- plugins/imudp/imudp.c
+++ plugins/imudp/imudp.c 2008/12/15 12:09:02
@@ -189,7 +189,7 @@
* configured to do this).
* rgerhards, 2005-09-26
*/
- if(net.isAllowedSender(net.pAllowedSenders_UDP,
+ if(net.isAllowedSender((uchar*)"UDP",
(struct sockaddr *)&frominet, (char*)fromHostFQDN)) {
parseAndSubmitMessage((char*)fromHost, (char*) pRcvBuf, l,
MSG_PARSE_HOSTNAME, NOFLAG, eFLOWCTL_NO_DELAY);
@@ -238,10 +238,7 @@
BEGINafterRun
CODESTARTafterRun
/* do cleanup here */
- if (net.pAllowedSenders_UDP != NULL) {
- net.clearAllowedSenders (net.pAllowedSenders_UDP);
- net.pAllowedSenders_UDP = NULL;
- }
+ net.clearAllowedSenders((uchar*)"UDP");
if(udpLstnSocks != NULL)
net.closeUDPListenSockets(udpLstnSocks);
if(pRcvBuf != NULL)
--- rsyslog.h
+++ rsyslog.h 2008/12/15 12:13:12
@@ -172,6 +172,7 @@
RS_RET_MAIL_NO_TO = -2071, /**< recipient for mail destination is missing */
RS_RET_MAIL_NO_FROM = -2072, /**< sender for mail destination is missing */
RS_RET_INVALID_PRI = -2073, /**< PRI value is invalid */
+ RS_RET_CODE_ERR = -2109, /**< program code (internal) error */
/* RainerScript error messages (range 1000.. 1999) */
RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
