rpms / rsyslog

Clone
Source Code
GIT

6ebb96 import rsyslog-8.1911.0-3.el8

Authored and Committed by centosrcm 4 years ago
raw patch tree parent
18 files changed. 296 lines added. 3071 lines removed.
.gitignore
file modified
+2 -2
.rsyslog.metadata
file modified
+2 -2
SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch
file added
+28
SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patchSOURCES/rsyslog-8.37.0-rhbz1659898-imjournal-default-tag.patch
file renamed
+17 -17
SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch
file added
+142
SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch
file added
+58
SOURCES/rsyslog-8.1911.0-service.patchSOURCES/rsyslog-8.32.0-service.patch
file renamed
+1 -1
SOURCES/rsyslog-8.37.0-rhbz1614179-imfile-symlink-support.patch
file removed
-416
SOURCES/rsyslog-8.37.0-rhbz1614181-imtcp-imudp-preservecase-option.patch
file removed
-286
SOURCES/rsyslog-8.37.0-rhbz1622768-kubernetes-404-handling.patch
file removed
-761
SOURCES/rsyslog-8.37.0-rhbz1627941-imfile-support-for-endmsg.regex.patch
file removed
-263
SOURCES/rsyslog-8.37.0-rhbz1674471-imfile-log-rotation.patch
file removed
-368
SOURCES/rsyslog-8.37.0-rhbz1677037-short-offMsg-overrun-crash.patch
file removed
-86
SOURCES/rsyslog-8.37.0-rhbz1716867-imjournal-memleak.patch
file removed
-60
SOURCES/rsyslog-8.37.0-rhbz1722165-imjournal-flooding-errors.patch
file removed
-136
SOURCES/rsyslog-8.37.0-rhbz1724218-imrelp-old-syntax.patch
file removed
-28
SOURCES/rsyslog-8.37.0-rhbz1733244-TLS-CC-compatibility.patch
file removed
-618
SPECS/rsyslog.spec
file modified
+46 -27 
    import rsyslog-8.1911.0-3.el8
file modified
+2 -2
.gitignore CHANGED
@@ -1,2 +1,2 @@
1
- SOURCES/rsyslog-8.37.0.tar.gz
2
- SOURCES/rsyslog-doc-8.37.0.tar.gz
1
+ SOURCES/rsyslog-8.1911.0.tar.gz
2
+ SOURCES/rsyslog-doc-8.1911.0.tar.gz
file modified
+2 -2
.rsyslog.metadata CHANGED
@@ -1,2 +1,2 @@
1
- 43076e3010fc3fd5178201a916beb93848b5249c SOURCES/rsyslog-8.37.0.tar.gz
2
- 4c75f56e2d55c4c87d07781fb6d9deabf63395fb SOURCES/rsyslog-doc-8.37.0.tar.gz
1
+ 30dfc2b99d73598788e2bd0d0ac45e16e7c3a3d5 SOURCES/rsyslog-8.1911.0.tar.gz
2
+ 8bcb23571ab8011b712ccf52acee20f8940b7f03 SOURCES/rsyslog-doc-8.1911.0.tar.gz
file added
+28
SOURCES/rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch ADDED
@@ -0,0 +1,28 @@
1
+ From fec4535f1c407f39d35ed4f3921662f94710a10e Mon Sep 17 00:00:00 2001
2
+ From: Rainer Gerhards <rgerhards@adiscon.com>
3
+ Date: Mon, 9 Dec 2019 08:46:27 +0100
4
+ Subject: [PATCH] core/config bugfix: false error msg when config.enabled="on"
5
+ is used
6
+
7
+ When the 'config.enabled="on"' config parameter an invalid error message
8
+ was emitted that this parameter is not supported. However, it was still
9
+ applied properly. This commit removes the invalid error message.
10
+
11
+ closes https://github.com/rsyslog/rsyslog/issues/4011
12
+ ---
13
+ grammar/rainerscript.c | 2 ++
14
+ 1 file changed, 2 insertions(+)
15
+
16
+ diff --git a/grammar/rainerscript.c b/grammar/rainerscript.c
17
+ index 1b8581b537..fd55360472 100644
18
+ --- a/grammar/rainerscript.c
19
+ +++ b/grammar/rainerscript.c
20
+ @@ -1219,6 +1219,8 @@ nvlstGetParams(struct nvlst *lst, struct cnfparamblk *params,
21
+ for(val = lst; val != NULL ; val = val->next) {
22
+ val->bUsed = 1;
23
+ }
24
+ + } else {
25
+ + valnode->bUsed = 1;
26
+ }
27
+ }
28
+
SOURCES/rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch SOURCES/rsyslog-8.37.0-rhbz1659898-imjournal-default-tag.patch
file renamed
+17 -17
SOURCES/{rsyslog-8.37.0-rhbz1659898-imjournal-default-tag.patch → rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch} RENAMED
@@ -2,19 +2,19 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
2
2
--- ./plugins/imjournal/imjournal.c.default-tag 2018-05-17 08:50:11.416418022 -0400
3
3
+++ ./plugins/imjournal/imjournal.c 2018-05-17 08:53:02.884418022 -0400
4
4
@@ -78,6 +78,7 @@ static struct configSettings_s {
5
- int bUseJnlPID;
6
- char *usePid;
7
- int bWorkAroundJournalBug;
5
+ int bWorkAroundJournalBug; /* deprecated, left for backwards compatibility only */
6
+ int bFsync;
7
+ int bRemote;
8
8
+ char *dfltTag;
9
9
} cs;
10
10
11
11
static rsRetVal facilityHdlr(uchar **pp, void *pVal);
12
12
@@ -93,7 +94,8 @@ static struct cnfparamdescr modpdescr[]
13
- { "defaultfacility", eCmdHdlrString, 0 },
14
- { "usepidfromsystem", eCmdHdlrBinary, 0 },
15
13
{ "usepid", eCmdHdlrString, 0 },
16
- - { "workaroundjournalbug", eCmdHdlrBinary, 0 }
17
- + { "workaroundjournalbug", eCmdHdlrBinary, 0 },
14
+ { "workaroundjournalbug", eCmdHdlrBinary, 0 },
15
+ { "fsync", eCmdHdlrBinary, 0 },
16
+ - { "remote", eCmdHdlrBinary, 0 }
17
+ + { "remote", eCmdHdlrBinary, 0 },
18
18
+ { "defaulttag", eCmdHdlrGetWord, 0 }
19
19
};
20
20
static struct cnfparamblk modpblk =
@@ -34,10 +34,10 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
34
34
- char *sys_iden;
35
35
+ char *sys_iden = NULL;
36
36
char *sys_iden_help = NULL;
37
- char *c = NULL;
38
37
38
+ const void *get;
39
39
@@ -331,7 +334,7 @@ readjournal(void)
40
- if (sd_journal_get_data(j, "SYSLOG_IDENTIFIER", &get, &length) >= 0) {
40
+ if (journalGetData("SYSLOG_IDENTIFIER", &get, &length) >= 0) {
41
41
CHKiRet(sanitizeValue(((const char *)get) + 18, length - 18, &sys_iden));
42
42
} else {
43
43
- CHKmalloc(sys_iden = strdup("journal"));
@@ -58,9 +58,9 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
58
58
pidFieldName = "_PID";
59
59
bPidFallBack = 0;
60
60
@@ -732,6 +740,7 @@ CODESTARTbeginCnfLoad
61
- cs.bUseJnlPID = -1;
62
- cs.usePid = NULL;
63
- cs.bWorkAroundJournalBug = 0;
61
+ cs.bWorkAroundJournalBug = 1;
62
+ cs.bFsync = 0;
63
+ cs.bRemote = 0;
64
64
+ cs.dfltTag = NULL;
65
65
ENDbeginCnfLoad
66
66
@@ -70,13 +70,13 @@ diff -up ./plugins/imjournal/imjournal.c.default-tag ./plugins/imjournal/imjourn
70
70
free(cs.stateFile);
71
71
free(cs.usePid);
72
72
+ free(cs.dfltTag);
73
- statsobj.Destruct(&(statsCounter.stats));
73
+ free(journalContext.cursor);
74
+ statsobj.Destruct(&(statsCounter.stats));
74
75
ENDfreeCnf
75
-
76
76
@@ -832,6 +842,8 @@ CODESTARTsetModCnf
77
- cs.usePid = (char *)es_str2cstr(pvals[i].val.d.estr, NULL);
78
- } else if (!strcmp(modpblk.descr[i].name, "workaroundjournalbug")) {
79
- cs.bWorkAroundJournalBug = (int) pvals[i].val.d.n;
77
+ cs.bFsync = (int) pvals[i].val.d.n;
78
+ } else if (!strcmp(modpblk.descr[i].name, "remote")) {
79
+ cs.bRemote = (int) pvals[i].val.d.n;
80
80
+ } else if (!strcmp(modpblk.descr[i].name, "defaulttag")) {
81
81
+ cs.dfltTag = (char *)es_str2cstr(pvals[i].val.d.estr, NULL);
82
82
} else {
file added
+142
SOURCES/rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch ADDED
@@ -0,0 +1,142 @@
1
+ From ac30968b7858d4ca3743d2b4d296eca543864fe2 Mon Sep 17 00:00:00 2001
2
+ From: Jiri Vymazal <jvymazal@redhat.com>
3
+ Date: Fri, 22 Nov 2019 14:25:59 +0100
4
+ Subject: [PATCH] Thorougher state-file renaming and cleaning
5
+
6
+ Now checking if file-id changes and reanming - cleaning state file
7
+ accordingly and always checking and cleaning old inode-only style
8
+ state files.
9
+ ---
10
+ plugins/imfile/imfile.c | 66 +++++++++++++++++++++++++++--------------
11
+ 1 file changed, 43 insertions(+), 23 deletions(-)
12
+
13
+ diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
14
+ index d9bf0fbb6d..9db2b47ac9 100644
15
+ --- a/plugins/imfile/imfile.c
16
+ +++ b/plugins/imfile/imfile.c
17
+ @@ -182,6 +182,7 @@ struct act_obj_s {
18
+ time_t timeoutBase; /* what time to calculate the timeout against? */
19
+ /* file dynamic data */
20
+ char file_id[FILE_ID_HASH_SIZE]; /* file id for this entry, once we could obtain it */
21
+ + char file_id_prev[FILE_ID_HASH_SIZE]; /* previous file id for this entry, set if changed */
22
+ int in_move; /* workaround for inotify move: if set, state file must not be deleted */
23
+ ino_t ino; /* current inode nbr */
24
+ int fd; /* fd to file in order to obtain file_id (needs to be preserved across move) */
25
+ @@ -711,7 +712,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file,
26
+ if (is_file) {
27
+ LogError(errno, RS_RET_ERR, "imfile: error accessing file '%s'", name);
28
+ } else { /* reporting only in debug for dirs as higher lvl paths are likely blocked by selinux */
29
+ - DBGPRINTF("imfile: error accessing file '%s'", name);
30
+ + DBGPRINTF("imfile: error accessing directory '%s'", name);
31
+ }
32
+ FINALIZE;
33
+ }
34
+ @@ -727,6 +728,7 @@ act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file,
35
+ act->ino = ino;
36
+ act->fd = fd;
37
+ act->file_id[0] = '\0';
38
+ + act->file_id_prev[0] = '\0';
39
+ act->is_symlink = is_symlink;
40
+ if (source) { /* we are target of symlink */
41
+ CHKmalloc(act->source_name = strdup(source));
42
+ @@ -1256,17 +1258,15 @@ get_file_id_hash(const char *data, size_t lendata,
43
+ static void ATTR_NONNULL(1)
44
+ getFileID(act_obj_t *const act)
45
+ {
46
+ - if(act->file_id[0] != '\0') {
47
+ - return; /* everything already done */
48
+ - }
49
+ + /* save the old id for cleaning purposes */
50
+ + strncpy(act->file_id_prev, (const char*)act->file_id, FILE_ID_HASH_SIZE);
51
+ + act->file_id[0] = '\0';
52
+ assert(act->fd >= 0); /* fd must have been opened at act_obj_t creation! */
53
+ char filedata[FILE_ID_SIZE];
54
+ + lseek(act->fd, 0, SEEK_SET); /* Seek to beginning of file so we have correct id */
55
+ const int r = read(act->fd, filedata, FILE_ID_SIZE);
56
+ if(r == FILE_ID_SIZE) {
57
+ get_file_id_hash(filedata, sizeof(filedata), act->file_id, sizeof(act->file_id));
58
+ - dbgprintf("file_id '%s' obtained, closing monitoring file handle\n", act->file_id);
59
+ - close(act->fd); /* we will never go here! */
60
+ - act->fd = -1;
61
+ } else {
62
+ DBGPRINTF("getFileID partial or error read, ret %d\n", r);
63
+ }
64
+ @@ -1378,28 +1378,13 @@ openFileWithStateFile(act_obj_t *const act)
65
+ if(fd < 0) {
66
+ if(errno == ENOENT) {
67
+ if(act->file_id[0] != '\0') {
68
+ - const char *pszSFNamHash = strdup((const char*)pszSFNam);
69
+ - CHKmalloc(pszSFNamHash);
70
+ DBGPRINTF("state file %s for %s does not exist - trying to see if "
71
+ "inode-only file exists\n", pszSFNam, act->name);
72
+ getFullStateFileName(statefn, "", pszSFNam, sizeof(pszSFNam));
73
+ fd = open((char*)pszSFNam, O_CLOEXEC | O_NOCTTY | O_RDONLY, 0600);
74
+ if(fd >= 0) {
75
+ - dbgprintf("found inode-only state file, renaming it now that we "
76
+ - "know the file_id, new name: %s\n", pszSFNamHash);
77
+ - /* we now can use identify the file, so let's rename it */
78
+ - if(rename((const char*)pszSFNam, pszSFNamHash) != 0) {
79
+ - LogError(errno, RS_RET_IO_ERROR,
80
+ - "imfile error trying to rename state file for '%s' - "
81
+ - "ignoring this error, usually this means a file no "
82
+ - "longer file is left over, but this may also cause "
83
+ - "some real trouble. Still the best we can do ",
84
+ - act->name);
85
+ - free((void*) pszSFNamHash);
86
+ - ABORT_FINALIZE(RS_RET_IO_ERROR);
87
+ - }
88
+ + dbgprintf("found inode-only state file, will be renamed at next persist\n");
89
+ }
90
+ - free((void*) pszSFNamHash);
91
+ }
92
+ if(fd < 0) {
93
+ DBGPRINTF("state file %s for %s does not exist - trying to see if "
94
+ @@ -2609,6 +2594,36 @@ atomicWriteStateFile(const char *fn, const char *content)
95
+ RETiRet;
96
+ }
97
+
98
+ +/* This function should be called after any file ID change - that is if
99
+ + * file grown from hash-only statefile, or was truncated, this will ensure
100
+ + * we delete the old file so we do not make garbage in our working dir and
101
+ + * there are no leftover statefiles which can in theory later bind to something
102
+ + * and cause data loss.
103
+ + * jvymazal 2019-11-27
104
+ + */
105
+ +static void
106
+ +removeOldStatefile(const uchar *statefn, const char *hashToDelete)
107
+ +{
108
+ + int ret;
109
+ + uchar statefname[MAXFNAME];
110
+ +
111
+ + getFullStateFileName(statefn, hashToDelete, statefname, sizeof(statefname));
112
+ + DBGPRINTF("removing old state file: '%s'\n", statefname);
113
+ + ret = unlink((const char*)statefname);
114
+ + if(ret != 0) {
115
+ + if (errno != ENOENT) {
116
+ + LogError(errno, RS_RET_IO_ERROR,
117
+ + "imfile error trying to delete old state file: '%s' - ignoring this "
118
+ + "error, usually this means a file no longer file is left over, but "
119
+ + "this may also cause some real trouble. Still the best we can do ",
120
+ + statefname);
121
+ + } else {
122
+ + DBGPRINTF("trying to delete no longer valid statefile '%s' which no "
123
+ + "longer exists (probably already deleted)\n", statefname);
124
+ + }
125
+ + }
126
+ +}
127
+ +
128
+
129
+ /* This function persists information for a specific file being monitored.
130
+ * To do so, it simply persists the stream object. We do NOT abort on error
131
+ @@ -2660,6 +2675,11 @@ persistStrmState(act_obj_t *const act)
132
+ CHKiRet(atomicWriteStateFile((const char*)statefname, jstr));
133
+ json_object_put(json);
134
+
135
+ + /* file-id changed remove the old statefile */
136
+ + if (strncmp((const char *)act->file_id_prev, (const char *)act->file_id, FILE_ID_HASH_SIZE)) {
137
+ + removeOldStatefile(statefn, act->file_id_prev);
138
+ + }
139
+ +
140
+ finalize_it:
141
+ if(iRet != RS_RET_OK) {
142
+ LogError(0, iRet, "imfile: could not persist state "
file added
+58
SOURCES/rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch ADDED
@@ -0,0 +1,58 @@
1
+ From 0de93c9e1597b20f71bb61d5375ded546cfd2fa8 Mon Sep 17 00:00:00 2001
2
+ From: Jiri Vymazal <jvymazal@redhat.com>
3
+ Date: Wed, 11 Dec 2019 15:35:26 +0100
4
+ Subject: [PATCH] Changed default for permitExpiredCerts to "off"
5
+
6
+ This is to be conssitent with rsyslog's prior behavior where
7
+ expired certs were automatically rejected
8
+ ---
9
+ runtime/nsd_gtls.c | 10 +++++-----
10
+ runtime/nsd_ossl.c | 8 ++++----
11
+ 2 files changed, 9 insertions(+), 9 deletions(-)
12
+
13
+ diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
14
+ index 5df12994d1..2be0ca9c92 100644
15
+ --- a/runtime/nsd_gtls.c
16
+ +++ b/runtime/nsd_gtls.c
17
+ @@ -1461,16 +1461,16 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode)
18
+ nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
19
+
20
+ ISOBJ_TYPE_assert((pThis), nsd_gtls);
21
+ - /* default is set to warn! */
22
+ - if(mode == NULL || !strcasecmp((char*)mode, "warn")) {
23
+ - pThis->permitExpiredCerts = GTLS_EXPIRED_WARN;
24
+ - } else if(!strcasecmp((char*) mode, "off")) {
25
+ + /* default is set to off! */
26
+ + if(mode == NULL || !strcasecmp((char*)mode, "off")) {
27
+ pThis->permitExpiredCerts = GTLS_EXPIRED_DENY;
28
+ + } else if(!strcasecmp((char*) mode, "warn")) {
29
+ + pThis->permitExpiredCerts = GTLS_EXPIRED_WARN;
30
+ } else if(!strcasecmp((char*) mode, "on")) {
31
+ pThis->permitExpiredCerts = GTLS_EXPIRED_PERMIT;
32
+ } else {
33
+ LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: permitexpiredcerts mode '%s' not supported by "
34
+ - "ossl netstream driver", mode);
35
+ + "gtls netstream driver", mode);
36
+ ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
37
+ }
38
+
39
+ diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c
40
+ index 4f8dd845ab..ebb2537d72 100644
41
+ --- a/runtime/nsd_ossl.c
42
+ +++ b/runtime/nsd_ossl.c
43
+ @@ -1130,11 +1130,11 @@ SetPermitExpiredCerts(nsd_t *pNsd, uchar *mode)
44
+ nsd_ossl_t *pThis = (nsd_ossl_t*) pNsd;
45
+
46
+ ISOBJ_TYPE_assert((pThis), nsd_ossl);
47
+ - /* default is set to warn! */
48
+ - if(mode == NULL || !strcasecmp((char*)mode, "warn")) {
49
+ - pThis->permitExpiredCerts = OSSL_EXPIRED_WARN;
50
+ - } else if(!strcasecmp((char*) mode, "off")) {
51
+ + /* default is set to off! */
52
+ + if(mode == NULL || !strcasecmp((char*)mode, "off")) {
53
+ pThis->permitExpiredCerts = OSSL_EXPIRED_DENY;
54
+ + } else if(!strcasecmp((char*) mode, "warn")) {
55
+ + pThis->permitExpiredCerts = OSSL_EXPIRED_WARN;
56
+ } else if(!strcasecmp((char*) mode, "on")) {
57
+ pThis->permitExpiredCerts = OSSL_EXPIRED_PERMIT;
58
+ } else {
SOURCES/rsyslog-8.1911.0-service.patch SOURCES/rsyslog-8.32.0-service.patch
file renamed
+1 -1
SOURCES/{rsyslog-8.32.0-service.patch → rsyslog-8.1911.0-service.patch} RENAMED
@@ -8,7 +8,7 @@ diff -up ./rsyslog.service.in.service ./rsyslog.service.in
8
8
+Wants=network.target network-online.target
9
9
+After=network.target network-online.target
10
10
Documentation=man:rsyslogd(8)
11
- Documentation=http://www.rsyslog.com/doc/
11
+ Documentation=https://www.rsyslog.com/doc/
12
12
13
13
[Service]
14
14
Type=notify
file removed
-416
SOURCES/rsyslog-8.37.0-rhbz1614179-imfile-symlink-support.patch DELETED
@@ -1,416 +0,0 @@
1
- From 3822da837e4d531e8a9cd78ae76359a410f8d98d Mon Sep 17 00:00:00 2001
2
- From: Jiri Vymazal <jvymazal@redhat.com>
3
- Date: Thu, 31 May 2018 16:30:08 +0200
4
- Subject: [PATCH] Symlink support for imfile
5
-
6
- this introduces symlink detection and following as well
7
- as monitoring changes on them. Also added test for the new
8
- functionality and ensuring the original symlink behavior
9
- stays as well.
10
- ---
11
- plugins/imfile/imfile.c | 182 +++++++++++++++++++++++++++----------
12
- 1 file changed, 133 insertions(+), 49 deletions(-)
13
-
14
- diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
15
- index 3c9308bfe..4ca23d2ca 100644
16
- --- a/plugins/imfile/imfile.c
17
- +++ b/plugins/imfile/imfile.c
18
- @@ -152,6 +152,7 @@ struct act_obj_s {
19
- fs_edge_t *edge; /* edge which this object belongs to */
20
- char *name; /* full path name of active object */
21
- char *basename; /* only basename */ //TODO: remove when refactoring rename support
22
- + char *source_name; /* if this object is target of a symlink, source_name is its name (else NULL) */
23
- //char *statefile; /* base name of state file (for move operations) */
24
- int wd;
25
- #if defined(OS_SOLARIS) && defined (HAVE_PORT_SOURCE_FILE)
26
- @@ -167,6 +168,7 @@ struct act_obj_s {
27
- int nRecords; /**< How many records did we process before persisting the stream? */
28
- ratelimit_t *ratelimiter;
29
- multi_submit_t multiSub;
30
- + int is_symlink;
31
- };
32
- struct fs_edge_s {
33
- fs_node_t *parent;
34
- @@ -181,7 +182,8 @@ struct act_obj_s {
35
- instanceConf_t **instarr;
36
- };
37
- struct fs_node_s {
38
- - fs_edge_t *edges;
39
- + fs_edge_t *edges; /* NULL in leaf nodes */
40
- + fs_node_t *root; /* node one level up (NULL for file system root) */
41
- };
42
-
43
-
44
- @@ -189,7 +191,7 @@ static rsRetVal persistStrmState(act_obj_t *);
45
- static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal);
46
- static rsRetVal ATTR_NONNULL(1) pollFile(act_obj_t *act);
47
- static int ATTR_NONNULL() getBasename(uchar *const __restrict__ basen, uchar *const __restrict__ path);
48
- -static void ATTR_NONNULL() act_obj_unlink(act_obj_t *const act);
49
- +static void ATTR_NONNULL() act_obj_unlink(act_obj_t *act);
50
- static uchar * ATTR_NONNULL(1, 2) getStateFileName(const act_obj_t *, uchar *, const size_t);
51
- static int ATTR_NONNULL() getFullStateFileName(const uchar *const, uchar *const pszout, const size_t ilenout);
52
-
53
- @@ -483,14 +485,17 @@ in_setupWatch(act_obj_t *const act, const int is_file)
54
- goto done;
55
-
56
- wd = inotify_add_watch(ino_fd, act->name,
57
- - (is_file) ? IN_MODIFY : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO);
58
- + (is_file) ? IN_MODIFY|IN_DONT_FOLLOW : IN_CREATE|IN_DELETE|IN_MOVED_FROM|IN_MOVED_TO);
59
- if(wd < 0) {
60
- - LogError(errno, RS_RET_IO_ERROR, "imfile: cannot watch object '%s'",
61
- - act->name);
62
- + if (errno == EACCES) { /* There is high probability of selinux denial on top-level paths */
63
- + DBGPRINTF("imfile: permission denied when adding watch for '%s'\n", act->name);
64
- + } else {
65
- + LogError(errno, RS_RET_IO_ERROR, "imfile: cannot watch object '%s'", act->name);
66
- + }
67
- goto done;
68
- }
69
- wdmapAdd(wd, act);
70
- - DBGPRINTF("in_setupDirWatch: watch %d added for dir %s(%p)\n", wd, act->name, act);
71
- + DBGPRINTF("in_setupWatch: watch %d added for %s(object %p)\n", wd, act->name, act);
72
- done: return wd;
73
- }
74
-
75
- @@ -605,7 +610,7 @@ done: return;
76
- static void ATTR_NONNULL()
77
- fen_setupWatch(act_obj_t *const act __attribute__((unused)))
78
- {
79
- - DBGPRINTF("fen_setupWatch: DUMMY CALLED - not on Solaris?");
80
- + DBGPRINTF("fen_setupWatch: DUMMY CALLED - not on Solaris?\n");
81
- }
82
- #endif /* FEN */
83
-
84
- @@ -633,38 +638,48 @@ fs_node_print(const fs_node_t *const node, const int level)
85
- }
86
- }
87
-
88
- -
89
- /* add a new file system object if it not yet exists, ignore call
90
- * if it already does.
91
- */
92
- -static rsRetVal ATTR_NONNULL()
93
- +static rsRetVal ATTR_NONNULL(1,2)
94
- act_obj_add(fs_edge_t *const edge, const char *const name, const int is_file,
95
- - const ino_t ino)
96
- + const ino_t ino, const int is_symlink, const char *const source)
97
- {
98
- act_obj_t *act;
99
- char basename[MAXFNAME];
100
- DEFiRet;
101
-
102
- - DBGPRINTF("act_obj_add: edge %p, name '%s'\n", edge, name);
103
- + DBGPRINTF("act_obj_add: edge %p, name '%s' (source '%s')\n", edge, name, source? source : "---");
104
- for(act = edge->active ; act != NULL ; act = act->next) {
105
- if(!strcmp(act->name, name)) {
106
- - DBGPRINTF("active object '%s' already exists in '%s' - no need to add\n",
107
- - name, edge->path);
108
- - FINALIZE;
109
- + if (!source || !act->source_name || !strcmp(act->source_name, source)) {
110
- + DBGPRINTF("active object '%s' already exists in '%s' - no need to add\n",
111
- + name, edge->path);
112
- + FINALIZE;
113
- + }
114
- }
115
- }
116
- DBGPRINTF("add new active object '%s' in '%s'\n", name, edge->path);
117
- CHKmalloc(act = calloc(sizeof(act_obj_t), 1));
118
- CHKmalloc(act->name = strdup(name));
119
- - getBasename((uchar*)basename, (uchar*)name);
120
- - CHKmalloc(act->basename = strdup(basename));
121
- + if (-1 == getBasename((uchar*)basename, (uchar*)name)) {
122
- + CHKmalloc(act->basename = strdup(name)); /* assume basename is same as name */
123
- + } else {
124
- + CHKmalloc(act->basename = strdup(basename));
125
- + }
126
- act->edge = edge;
127
- act->ino = ino;
128
- + act->is_symlink = is_symlink;
129
- + if (source) { /* we are target of symlink */
130
- + CHKmalloc(act->source_name = strdup(source));
131
- + } else {
132
- + act->source_name = NULL;
133
- + }
134
- #ifdef HAVE_INOTIFY_INIT
135
- act->wd = in_setupWatch(act, is_file);
136
- #endif
137
- fen_setupWatch(act);
138
- - if(is_file) {
139
- + if(is_file && !is_symlink) {
140
- const instanceConf_t *const inst = edge->instarr[0];// TODO: same file, multiple instances?
141
- CHKiRet(ratelimitNew(&act->ratelimiter, "imfile", name));
142
- CHKmalloc(act->multiSub.ppMsgs = MALLOC(inst->nMultiSub * sizeof(smsg_t *)));
143
- @@ -702,27 +717,24 @@ detect_updates(fs_edge_t *const edge)
144
- {
145
- act_obj_t *act;
146
- struct stat fileInfo;
147
- + int restart = 0;
148
-
149
- - for(act = edge->active ; act != NULL ; ) {
150
- + for(act = edge->active ; act != NULL ; act = act->next) {
151
- DBGPRINTF("detect_updates checking active obj '%s'\n", act->name);
152
- - const int r = stat(act->name, &fileInfo);
153
- + const int r = lstat(act->name, &fileInfo);
154
- if(r == -1) { /* object gone away? */
155
- DBGPRINTF("object gone away, unlinking: '%s'\n", act->name);
156
- - act_obj_t *toDel = act;
157
- - act = act->next;
158
- - DBGPRINTF("new next act %p\n", act);
159
- - act_obj_unlink(toDel);
160
- - continue;
161
- + act_obj_unlink(act);
162
- + restart = 1;
163
- + break;
164
- }
165
- // TODO: add inode check for change notification!
166
-
167
- - /* Note: active nodes may get deleted, so we need to do the
168
- - * pointer advancement at the end of the for loop!
169
- - */
170
- - act = act->next;
171
- }
172
-
173
- -
174
- + if (restart) {
175
- + detect_updates(edge);
176
- + }
177
- }
178
-
179
-
180
- @@ -746,14 +758,52 @@ poll_active_files(fs_edge_t *const edge)
181
- }
182
- }
183
-
184
- +static rsRetVal ATTR_NONNULL()
185
- +process_symlink(fs_edge_t *const chld, const char *symlink)
186
- +{
187
- + DEFiRet;
188
- + char *target = NULL;
189
- + CHKmalloc(target = realpath(symlink, target));
190
- + struct stat fileInfo;
191
- + if(lstat(target, &fileInfo) != 0) {
192
- + LogError(errno, RS_RET_ERR, "imfile: process_symlink: cannot stat file '%s' - ignored", target);
193
- + FINALIZE;
194
- + }
195
- + const int is_file = (S_ISREG(fileInfo.st_mode));
196
- + DBGPRINTF("process_symlink: found '%s', File: %d (config file: %d), symlink: %d\n",
197
- + target, is_file, chld->is_file, 0);
198
- + if (act_obj_add(chld, target, is_file, fileInfo.st_ino, 0, symlink) == RS_RET_OK) {
199
- + /* need to watch parent target as well for proper rotation support */
200
- + uint idx = ustrlen(chld->active->name) - ustrlen(chld->active->basename);
201
- + if (idx) { /* basename is different from name */
202
- + char parent[MAXFNAME];
203
- + idx--; /* move past trailing slash */
204
- + memcpy(parent, chld->active->name, idx);
205
- + parent[idx] = '\0';
206
- + if(lstat(parent, &fileInfo) != 0) {
207
- + LogError(errno, RS_RET_ERR,
208
- + "imfile: process_symlink: cannot stat directory '%s' - ignored", parent);
209
- + FINALIZE;
210
- + }
211
- + if (chld->parent->root->edges) {
212
- + DBGPRINTF("process_symlink: adding parent '%s' of target '%s'\n", parent, target);
213
- + act_obj_add(chld->parent->root->edges, parent, 0, fileInfo.st_ino, 0, NULL);
214
- + }
215
- + }
216
- + }
217
- +
218
- +finalize_it:
219
- + free(target);
220
- + RETiRet;
221
- +}
222
-
223
- -static void ATTR_NONNULL() poll_tree(fs_edge_t *const chld);
224
- static void ATTR_NONNULL()
225
- poll_tree(fs_edge_t *const chld)
226
- {
227
- struct stat fileInfo;
228
- glob_t files;
229
- int need_globfree = 0;
230
- + int issymlink;
231
- DBGPRINTF("poll_tree: chld %p, name '%s', path: %s\n", chld, chld->name, chld->path);
232
- detect_updates(chld);
233
- const int ret = glob((char*)chld->path, runModConf->sortFiles|GLOB_BRACE, NULL, &files);
234
- @@ -766,18 +803,27 @@ poll_tree(fs_edge_t *const chld)
235
- goto done;
236
- }
237
- char *const file = files.gl_pathv[i];
238
- - if(stat(file, &fileInfo) != 0) {
239
- + if(lstat(file, &fileInfo) != 0) {
240
- LogError(errno, RS_RET_ERR,
241
- "imfile: poll_tree cannot stat file '%s' - ignored", file);
242
- continue;
243
- }
244
-
245
- - const int is_file = S_ISREG(fileInfo.st_mode);
246
- - DBGPRINTF("poll_tree: found '%s', File: %d (config file: %d)\n",
247
- - file, is_file, chld->is_file);
248
- + if (S_ISLNK(fileInfo.st_mode)) {
249
- + rsRetVal slink_ret = process_symlink(chld, file);
250
- + if (slink_ret != RS_RET_OK) {
251
- + continue;
252
- + }
253
- + issymlink = 1;
254
- + } else {
255
- + issymlink = 0;
256
- + }
257
- + const int is_file = (S_ISREG(fileInfo.st_mode) || issymlink);
258
- + DBGPRINTF("poll_tree: found '%s', File: %d (config file: %d), symlink: %d\n",
259
- + file, is_file, chld->is_file, issymlink);
260
- if(!is_file && S_ISREG(fileInfo.st_mode)) {
261
- LogMsg(0, RS_RET_ERR, LOG_WARNING,
262
- - "imfile: '%s' is neither a regular file nor a "
263
- + "imfile: '%s' is neither a regular file, symlink, nor a "
264
- "directory - ignored", file);
265
- continue;
266
- }
267
- @@ -788,7 +834,7 @@ poll_tree(fs_edge_t *const chld)
268
- (chld->is_file) ? "FILE" : "DIRECTORY");
269
- continue;
270
- }
271
- - act_obj_add(chld, file, is_file, fileInfo.st_ino);
272
- + act_obj_add(chld, file, is_file, fileInfo.st_ino, issymlink, NULL);
273
- }
274
- }
275
-
276
- @@ -829,8 +875,20 @@ act_obj_destroy(act_obj_t *const act, const int is_deleted)
277
- if(act == NULL)
278
- return;
279
-
280
- - DBGPRINTF("act_obj_destroy: act %p '%s', wd %d, pStrm %p, is_deleted %d, in_move %d\n",
281
- - act, act->name, act->wd, act->pStrm, is_deleted, act->in_move);
282
- + DBGPRINTF("act_obj_destroy: act %p '%s' (source '%s'), wd %d, pStrm %p, is_deleted %d, in_move %d\n",
283
- + act, act->name, act->source_name? act->source_name : "---", act->wd, act->pStrm, is_deleted,
284
- + act->in_move);
285
- + if(act->is_symlink && is_deleted) {
286
- + act_obj_t *target_act;
287
- + for(target_act = act->edge->active ; target_act != NULL ; target_act = target_act->next) {
288
- + if(target_act->source_name && !strcmp(target_act->source_name, act->name)) {
289
- + DBGPRINTF("act_obj_destroy: unlinking slink target %s of %s "
290
- + "symlink\n", target_act->name, act->name);
291
- + act_obj_unlink(target_act);
292
- + break;
293
- + }
294
- + }
295
- + }
296
- if(act->ratelimiter != NULL) {
297
- ratelimitDestruct(act->ratelimiter);
298
- }
299
- @@ -862,6 +920,7 @@ act_obj_destroy(act_obj_t *const act, const int is_deleted)
300
- }
301
- #endif
302
- free(act->basename);
303
- + free(act->source_name);
304
- //free(act->statefile);
305
- free(act->multiSub.ppMsgs);
306
- #if defined(OS_SOLARIS) && defined (HAVE_PORT_SOURCE_FILE)
307
- @@ -909,7 +968,7 @@ chk_active(const act_obj_t *act, const act_obj_t *const deleted)
308
- * destruct it.
309
- */
310
- static void //ATTR_NONNULL()
311
- -act_obj_unlink(act_obj_t *const act)
312
- +act_obj_unlink(act_obj_t *act)
313
- {
314
- DBGPRINTF("act_obj_unlink %p: %s\n", act, act->name);
315
- if(act->prev == NULL) {
316
- @@ -921,6 +980,7 @@ act_obj_unlink(act_obj_t *const act)
317
- act->next->prev = act->prev;
318
- }
319
- act_obj_destroy(act, 1);
320
- + act = NULL;
321
- //dbgprintf("printout of fs tree post unlink\n");
322
- //fs_node_print(runModConf->conf_tree, 0);
323
- //dbg_wdmapPrint("wdmap after");
324
- @@ -1025,6 +1038,7 @@ fs_node_walk(fs_node_t *const node,
325
- */
326
- static rsRetVal
327
- fs_node_add(fs_node_t *const node,
328
- + fs_node_t *const source,
329
- const uchar *const toFind,
330
- const size_t pathIdx,
331
- instanceConf_t *const inst)
332
- @@ -1053,6 +1067,7 @@ fs_node_add(fs_node_t *const node,
333
- memcpy(name, toFind+pathIdx, len);
334
- name[len] = '\0';
335
- DBGPRINTF("fs_node_add: name '%s'\n", name);
336
- + node->root = source;
337
-
338
- fs_edge_t *chld;
339
- for(chld = node->edges ; chld != NULL ; chld = chld->next) {
340
- @@ -1064,7 +1079,7 @@ fs_node_add(fs_node_t *const node,
341
- chld->instarr[chld->ninst-1] = inst;
342
- /* recurse */
343
- if(!isFile) {
344
- - CHKiRet(fs_node_add(chld->node, toFind, nextPathIdx, inst));
345
- + CHKiRet(fs_node_add(chld->node, node, toFind, nextPathIdx, inst));
346
- }
347
- FINALIZE;
348
- }
349
- @@ -1086,7 +1101,7 @@ fs_node_add(fs_node_t *const node,
350
- DBGPRINTF("fs_node_add(%p, '%s') returns %p\n", node, toFind, newchld->node);
351
-
352
- if(!isFile) {
353
- - CHKiRet(fs_node_add(newchld->node, toFind, nextPathIdx, inst));
354
- + CHKiRet(fs_node_add(newchld->node, node, toFind, nextPathIdx, inst));
355
- }
356
-
357
- /* link to list */
358
- @@ -1162,7 +1222,11 @@ enqLine(act_obj_t *const act,
359
- msgSetPRI(pMsg, inst->iFacility | inst->iSeverity);
360
- MsgSetRuleset(pMsg, inst->pBindRuleset);
361
- if(inst->addMetadata) {
362
- - metadata_values[0] = (const uchar*)act->name;
363
- + if (act->source_name) {
364
- + metadata_values[0] = (const uchar*)act->source_name;
365
- + } else {
366
- + metadata_values[0] = (const uchar*)act->name;
367
- + }
368
- snprintf((char *)file_offset, MAX_OFFSET_REPRESENTATION_NUM_BYTES+1, "%lld", strtOffs);
369
- metadata_values[1] = file_offset;
370
- msgAddMultiMetadata(pMsg, metadata_names, metadata_values, 2);
371
- @@ -1389,13 +1453,16 @@ pollFile(act_obj_t *const act)
372
- {
373
- cstr_t *pCStr = NULL;
374
- DEFiRet;
375
- + if (act->is_symlink) {
376
- + FINALIZE; /* no reason to poll symlink file */
377
- + }
378
- /* Note: we must do pthread_cleanup_push() immediately, because the POSIX macros
379
- * otherwise do not work if I include the _cleanup_pop() inside an if... -- rgerhards, 2008-08-14
380
- */
381
- pthread_cleanup_push(pollFileCancelCleanup, &pCStr);
382
- iRet = pollFileReal(act, &pCStr);
383
- pthread_cleanup_pop(0);
384
- - RETiRet;
385
- +finalize_it: RETiRet;
386
- }
387
-
388
-
389
- @@ -1931,7 +1946,7 @@ CODESTARTactivateCnf
390
- "be processed. Reason", inst->pszFileName);
391
- }
392
- }
393
- - fs_node_add(runModConf->conf_tree, inst->pszFileName, 0, inst);
394
- + fs_node_add(runModConf->conf_tree, NULL, inst->pszFileName, 0, inst);
395
- }
396
-
397
- if(Debug) {
398
- @@ -2031,6 +2113,9 @@ flag_in_move(fs_edge_t *const edge, const char *name_moved)
399
- DBGPRINTF("name check fails, '%s' != '%s'\n", act->basename, name_moved);
400
- }
401
- }
402
- + if (!act && edge->next) {
403
- + flag_in_move(edge->next, name_moved);
404
- + }
405
- }
406
-
407
- static void ATTR_NONNULL(1)
408
- @@ -2057,7 +2145,7 @@ in_processEvent(struct inotify_event *ev)
409
- }
410
- if(ev->mask & (IN_MOVED_FROM | IN_MOVED_TO)) {
411
- fs_node_walk(etry->act->edge->node, poll_tree);
412
- - } else if(etry->act->edge->is_file) {
413
- + } else if(etry->act->edge->is_file && !(etry->act->is_symlink)) {
414
- in_handleFileEvent(ev, etry); // esentially poll_file()!
415
- } else {
416
- fs_node_walk(etry->act->edge->node, poll_tree);
file removed
-286
SOURCES/rsyslog-8.37.0-rhbz1614181-imtcp-imudp-preservecase-option.patch DELETED
@@ -1,286 +0,0 @@
1
- From 9ac54f0d7d70b8a9879889b4522a1d552fca1100 Mon Sep 17 00:00:00 2001
2
- From: Noriko Hosoi <nhosoi@momo7.localdomain>
3
- Date: Thu, 12 Jul 2018 11:52:04 -0700
4
- Subject: [PATCH] Introducing an option preservecase to imudp and imtcp module
5
- for managing the case of FROMHOST value.
6
-
7
- Usage:
8
- module(load="imudp" [preservecase="on"|"off"])
9
- module(load="imtdp" [preservecase="on"|"off"])
10
-
11
- If preservecase="on", FROMHOST value is handled in the case sensitive manner.
12
- If preservecase="off", FROMHOST value is handled in the case insensitive manner.
13
-
14
- To maintain the current behaviour, the default value of preservecase is
15
- "on" for imtcp and "off" for imudp.
16
-
17
- Incremented tcpsrvCURR_IF_VERSION by 1.
18
-
19
- References:
20
- https://github.com/rsyslog/rsyslog/pull/2774
21
- https://bugzilla.redhat.com/show_bug.cgi?id=1309698
22
- ---
23
- plugins/imtcp/imtcp.c | 14 ++++++++++++--
24
- plugins/imudp/imudp.c | 15 ++++++++++++---
25
- runtime/msg.c | 6 +++++-
26
- runtime/msg.h | 2 ++
27
- runtime/net.c | 2 +-
28
- runtime/tcpsrv.c | 21 +++++++++++++++++++++
29
- runtime/tcpsrv.h | 5 ++++-
30
- 7 files changed, 57 insertions(+), 8 deletions(-)
31
-
32
- diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
33
- index 8e3dcc0a2..45fa240b5 100644
34
- --- a/plugins/imtcp/imtcp.c
35
- +++ b/plugins/imtcp/imtcp.c
36
- @@ -100,6 +100,7 @@ static struct configSettings_s {
37
- int bDisableLFDelim;
38
- int discardTruncatedMsg;
39
- int bUseFlowControl;
40
- + int bPreserveCase;
41
- uchar *gnutlsPriorityString;
42
- uchar *pszStrmDrvrAuthMode;
43
- uchar *pszInputName;
44
- @@ -144,6 +145,7 @@ struct modConfData_s {
45
- uchar *pszStrmDrvrAuthMode; /* authentication mode to use */
46
- struct cnfarray *permittedPeers;
47
- sbool configSetViaV2Method;
48
- + sbool bPreserveCase; /* preserve case of fromhost; true by default */
49
- };
50
-
51
- static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
52
- @@ -169,7 +171,8 @@ static struct cnfparamdescr modpdescr[] = {
53
- { "keepalive.probes", eCmdHdlrPositiveInt, 0 },
54
- { "keepalive.time", eCmdHdlrPositiveInt, 0 },
55
- { "keepalive.interval", eCmdHdlrPositiveInt, 0 },
56
- - { "gnutlsprioritystring", eCmdHdlrString, 0 }
57
- + { "gnutlsprioritystring", eCmdHdlrString, 0 },
58
- + { "preservecase", eCmdHdlrBinary, 0 }
59
- };
60
- static struct cnfparamblk modpblk =
61
- { CNFPARAMBLK_VERSION,
62
- @@ -375,6 +378,7 @@ addListner(modConfData_t *modConf, instanceConf_t *inst)
63
- if(pPermPeersRoot != NULL) {
64
- CHKiRet(tcpsrv.SetDrvrPermPeers(pOurTcpsrv, pPermPeersRoot));
65
- }
66
- + CHKiRet(tcpsrv.SetPreserveCase(pOurTcpsrv, modConf->bPreserveCase));
67
- }
68
-
69
- /* initialized, now add socket and listener params */
70
- @@ -473,6 +477,7 @@ CODESTARTbeginCnfLoad
71
- loadModConf->pszStrmDrvrAuthMode = NULL;
72
- loadModConf->permittedPeers = NULL;
73
- loadModConf->configSetViaV2Method = 0;
74
- + loadModConf->bPreserveCase = 1; /* default to true */
75
- bLegacyCnfModGlobalsPermitted = 1;
76
- /* init legacy config variables */
77
- cs.pszStrmDrvrAuthMode = NULL;
78
- @@ -543,6 +548,8 @@ CODESTARTsetModCnf
79
- loadModConf->pszStrmDrvrName = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
80
- } else if(!strcmp(modpblk.descr[i].name, "permittedpeer")) {
81
- loadModConf->permittedPeers = cnfarrayDup(pvals[i].val.d.ar);
82
- + } else if(!strcmp(modpblk.descr[i].name, "preservecase")) {
83
- + loadModConf->bPreserveCase = (int) pvals[i].val.d.n;
84
- } else {
85
- dbgprintf("imtcp: program error, non-handled "
86
- "param '%s' in beginCnfLoad\n", modpblk.descr[i].name);
87
- @@ -584,6 +591,7 @@ CODESTARTendCnfLoad
88
- loadModConf->pszStrmDrvrAuthMode = cs.pszStrmDrvrAuthMode;
89
- cs.pszStrmDrvrAuthMode = NULL;
90
- }
91
- + pModConf->bPreserveCase = cs.bPreserveCase;
92
- }
93
- free(cs.pszStrmDrvrAuthMode);
94
- cs.pszStrmDrvrAuthMode = NULL;
95
- @@ -731,6 +739,7 @@ resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unus
96
- cs.pszInputName = NULL;
97
- free(cs.pszStrmDrvrAuthMode);
98
- cs.pszStrmDrvrAuthMode = NULL;
99
- + cs.bPreserveCase = 1;
100
- return RS_RET_OK;
101
- }
102
-
103
- @@ -797,7 +806,8 @@ CODEmodInit_QueryRegCFSLineHdlr
104
- NULL, &cs.bEmitMsgOnClose, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
105
- CHKiRet(regCfSysLineHdlr2(UCHAR_CONSTANT("inputtcpserverstreamdrivermode"), 0, eCmdHdlrInt,
106
- NULL, &cs.iStrmDrvrMode, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
107
- -
108
- + CHKiRet(regCfSysLineHdlr2(UCHAR_CONSTANT("inputtcpserverpreservecase"), 1, eCmdHdlrBinary,
109
- + NULL, &cs.bPreserveCase, STD_LOADABLE_MODULE_ID, &bLegacyCnfModGlobalsPermitted));
110
- CHKiRet(omsdRegCFSLineHdlr(UCHAR_CONSTANT("resetconfigvariables"), 1, eCmdHdlrCustomHandler,
111
- resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID));
112
- ENDmodInit
113
- diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c
114
- index 51a9d712a..74437781c 100644
115
- --- a/plugins/imudp/imudp.c
116
- +++ b/plugins/imudp/imudp.c
117
- @@ -152,6 +152,7 @@ struct modConfData_s {
118
- int batchSize; /* max nbr of input batch --> also recvmmsg() max count */
119
- int8_t wrkrMax; /* max nbr of worker threads */
120
- sbool configSetViaV2Method;
121
- + sbool bPreserveCase; /* preserves the case of fromhost; "off" by default */
122
- };
123
- static modConfData_t *loadModConf = NULL;/* modConf ptr to use for the current load process */
124
- static modConfData_t *runModConf = NULL;/* modConf ptr to use for the current load process */
125
- @@ -162,7 +163,8 @@ static struct cnfparamdescr modpdescr[] = {
126
- { "schedulingpriority", eCmdHdlrInt, 0 },
127
- { "batchsize", eCmdHdlrInt, 0 },
128
- { "threads", eCmdHdlrPositiveInt, 0 },
129
- - { "timerequery", eCmdHdlrInt, 0 }
130
- + { "timerequery", eCmdHdlrInt, 0 },
131
- + { "preservecase", eCmdHdlrBinary, 0 }
132
- };
133
- static struct cnfparamblk modpblk =
134
- { CNFPARAMBLK_VERSION,
135
- @@ -447,8 +449,12 @@ processPacket(struct lstn_s *lstn, struct sockaddr_storage *frominetPrev, int *p
136
- if(lstn->dfltTZ != NULL)
137
- MsgSetDfltTZ(pMsg, (char*) lstn->dfltTZ);
138
- pMsg->msgFlags = NEEDS_PARSING | PARSE_HOSTNAME | NEEDS_DNSRESOL;
139
- - if(*pbIsPermitted == 2)
140
- - pMsg->msgFlags |= NEEDS_ACLCHK_U; /* request ACL check after resolution */
141
- + if(*pbIsPermitted == 2) {
142
- + pMsg->msgFlags |= NEEDS_ACLCHK_U; /* request ACL check after resolution */
143
- + }
144
- + if(runModConf->bPreserveCase) {
145
- + pMsg->msgFlags |= PRESERVE_CASE; /* preserve case of fromhost */
146
- + }
147
- CHKiRet(msgSetFromSockinfo(pMsg, frominet));
148
- CHKiRet(ratelimitAddMsg(lstn->ratelimiter, multiSub, pMsg));
149
- STATSCOUNTER_INC(lstn->ctrSubmit, lstn->mutCtrSubmit);
150
- @@ -1030,6 +1036,7 @@ CODESTARTbeginCnfLoad
151
- loadModConf->iTimeRequery = TIME_REQUERY_DFLT;
152
- loadModConf->iSchedPrio = SCHED_PRIO_UNSET;
153
- loadModConf->pszSchedPolicy = NULL;
154
- + loadModConf->bPreserveCase = 0; /* off */
155
- bLegacyCnfModGlobalsPermitted = 1;
156
- /* init legacy config vars */
157
- cs.pszBindRuleset = NULL;
158
- @@ -1079,6 +1086,8 @@ CODESTARTsetModCnf
159
- } else {
160
- loadModConf->wrkrMax = wrkrMax;
161
- }
162
- + } else if(!strcmp(modpblk.descr[i].name, "preservecase")) {
163
- + loadModConf->bPreserveCase = (int) pvals[i].val.d.n;
164
- } else {
165
- dbgprintf("imudp: program error, non-handled "
166
- "param '%s' in beginCnfLoad\n", modpblk.descr[i].name);
167
- diff --git a/runtime/msg.c b/runtime/msg.c
168
- index c43f81314..9ed4eaf84 100644
169
- --- a/runtime/msg.c
170
- +++ b/runtime/msg.c
171
- @@ -506,7 +506,11 @@ resolveDNS(smsg_t * const pMsg) {
172
- MsgLock(pMsg);
173
- CHKiRet(objUse(net, CORE_COMPONENT));
174
- if(pMsg->msgFlags & NEEDS_DNSRESOL) {
175
- - localRet = net.cvthname(pMsg->rcvFrom.pfrominet, &localName, NULL, &ip);
176
- + if (pMsg->msgFlags & PRESERVE_CASE) {
177
- + localRet = net.cvthname(pMsg->rcvFrom.pfrominet, NULL, &localName, &ip);
178
- + } else {
179
- + localRet = net.cvthname(pMsg->rcvFrom.pfrominet, &localName, NULL, &ip);
180
- + }
181
- if(localRet == RS_RET_OK) {
182
- /* we pass down the props, so no need for AddRef */
183
- MsgSetRcvFromWithoutAddRef(pMsg, localName);
184
- diff --git a/runtime/msg.h b/runtime/msg.h
185
- index cd530aca3..1287cb7a4 100644
186
- --- a/runtime/msg.h
187
- +++ b/runtime/msg.h
188
- @@ -156,6 +156,8 @@ struct msg {
189
- /* check UDP ACLs after DNS resolution has been done in main queue consumer */
190
- #define NO_PRI_IN_RAW 0x100
191
- /* rawmsg does not include a PRI (Solaris!), but PRI is already set correctly in the msg object */
192
- +#define PRESERVE_CASE 0x200
193
- +/* preserve case in fromhost */
194
-
195
- /* (syslog) protocol types */
196
- #define MSG_LEGACY_PROTOCOL 0
197
- diff --git a/runtime/net.c b/runtime/net.c
198
- index d6ff8a3d4..aef906601 100644
199
- --- a/runtime/net.c
200
- +++ b/runtime/net.c
201
- @@ -1152,7 +1152,7 @@ cvthname(struct sockaddr_storage *f, prop_t **localName, prop_t **fqdn, prop_t *
202
- {
203
- DEFiRet;
204
- assert(f != NULL);
205
- - iRet = dnscacheLookup(f, NULL, fqdn, localName, ip);
206
- + iRet = dnscacheLookup(f, fqdn, NULL, localName, ip);
207
- RETiRet;
208
- }
209
-
210
- diff --git a/runtime/tcpsrv.c b/runtime/tcpsrv.c
211
- index 61e9ff4d2..d5993b4f0 100644
212
- --- a/runtime/tcpsrv.c
213
- +++ b/runtime/tcpsrv.c
214
- @@ -495,6 +495,15 @@ SessAccept(tcpsrv_t *pThis, tcpLstnPortList_t *pLstnInfo, tcps_sess_t **ppSess,
215
-
216
- /* get the host name */
217
- CHKiRet(netstrm.GetRemoteHName(pNewStrm, &fromHostFQDN));
218
- + if (!pThis->bPreserveCase) {
219
- + /* preserve_case = off */
220
- + uchar *p;
221
- + for(p = fromHostFQDN; *p; p++) {
222
- + if (isupper((int) *p)) {
223
- + *p = tolower((int) *p);
224
- + }
225
- + }
226
- + }
227
- CHKiRet(netstrm.GetRemoteIP(pNewStrm, &fromHostIP));
228
- CHKiRet(netstrm.GetRemAddr(pNewStrm, &addr));
229
- /* TODO: check if we need to strip the domain name here -- rgerhards, 2008-04-24 */
230
- @@ -1001,6 +1010,7 @@ BEGINobjConstruct(tcpsrv) /* be sure to specify the object type also in END macr
231
- pThis->ratelimitBurst = 10000;
232
- pThis->bUseFlowControl = 1;
233
- pThis->pszDrvrName = NULL;
234
- + pThis->bPreserveCase = 1; /* preserve case in fromhost; default to true. */
235
- ENDobjConstruct(tcpsrv)
236
-
237
-
238
- @@ -1433,6 +1443,16 @@ SetSessMax(tcpsrv_t *pThis, int iMax)
239
- }
240
-
241
-
242
- +static rsRetVal
243
- +SetPreserveCase(tcpsrv_t *pThis, int bPreserveCase)
244
- +{
245
- + DEFiRet;
246
- + ISOBJ_TYPE_assert(pThis, tcpsrv);
247
- + pThis-> bPreserveCase = bPreserveCase;
248
- + RETiRet;
249
- +}
250
- +
251
- +
252
- /* queryInterface function
253
- * rgerhards, 2008-02-29
254
- */
255
- @@ -1491,6 +1511,7 @@ CODESTARTobjQueryInterface(tcpsrv)
256
- pIf->SetRuleset = SetRuleset;
257
- pIf->SetLinuxLikeRatelimiters = SetLinuxLikeRatelimiters;
258
- pIf->SetNotificationOnRemoteClose = SetNotificationOnRemoteClose;
259
- + pIf->SetPreserveCase = SetPreserveCase;
260
-
261
- finalize_it:
262
- ENDobjQueryInterface(tcpsrv)
263
- diff --git a/runtime/tcpsrv.h b/runtime/tcpsrv.h
264
- index 22a65c20a..f17b1b438 100644
265
- --- a/runtime/tcpsrv.h
266
- +++ b/runtime/tcpsrv.h
267
- @@ -85,6 +85,7 @@ struct tcpsrv_s {
268
- int maxFrameSize; /**< max frame size for octet counted*/
269
- int bDisableLFDelim; /**< if 1, standard LF frame delimiter is disabled (*very dangerous*) */
270
- int discardTruncatedMsg;/**< discard msg part that has been truncated*/
271
- + sbool bPreserveCase; /**< preserve case in fromhost */
272
- int ratelimitInterval;
273
- int ratelimitBurst;
274
- tcps_sess_t **pSessions;/**< array of all of our sessions */
275
- @@ -177,8 +178,10 @@ BEGINinterface(tcpsrv) /* name must also be changed in ENDinterface macro! */
276
- rsRetVal (*SetbSPFramingFix)(tcpsrv_t*, sbool);
277
- /* added v19 -- PascalWithopf, 2017-08-08 */
278
- rsRetVal (*SetGnutlsPriorityString)(tcpsrv_t*, uchar*);
279
- + /* added v21 -- Preserve case in fromhost, 2018-08-16 */
280
- + rsRetVal (*SetPreserveCase)(tcpsrv_t *pThis, int bPreserveCase);
281
- ENDinterface(tcpsrv)
282
- -#define tcpsrvCURR_IF_VERSION 20 /* increment whenever you change the interface structure! */
283
- +#define tcpsrvCURR_IF_VERSION 21 /* increment whenever you change the interface structure! */
284
- /* change for v4:
285
- * - SetAddtlFrameDelim() added -- rgerhards, 2008-12-10
286
- * - SetInputName() added -- rgerhards, 2008-12-10
file removed
-761
SOURCES/rsyslog-8.37.0-rhbz1622768-kubernetes-404-handling.patch DELETED
@@ -1,761 +0,0 @@
1
- From 3987cd929d859f900318b393133c3bdde8dfffd5 Mon Sep 17 00:00:00 2001
2
- From: Rich Megginson <rmeggins@redhat.com>
3
- Date: Tue, 28 Aug 2018 12:44:23 -0600
4
- Subject: [PATCH] mmkubertnetes: action fails preparation cycle if kubernetes
5
- API destroys resource during bootup sequence
6
-
7
- The plugin was not handling 404 Not Found correctly when looking
8
- up pods and namespaces. In this case, we assume the pod/namespace
9
- was deleted, annotate the record with whatever metadata we have,
10
- and cache the fact that the pod/namespace is missing so we don't
11
- attempt to look it up again.
12
- In addition, the plugin was not handling error 429 Busy correctly.
13
- In this case, it should also annotate the record with whatever
14
- metadata it has, and _not_ cache anything. By default the plugin
15
- will retry every 5 seconds to connect to Kubernetes. This
16
- behavior is controlled by the new config param `busyretryinterval`.
17
- This commit also adds impstats counters so that admins can
18
- view the state of the plugin to see if the lookups are working
19
- or are returning errors. The stats are reported per-instance
20
- or per-action to facilitate using multiple different actions
21
- for different Kubernetes servers.
22
- This commit also adds support for client cert auth to
23
- Kubernetes via the two new config params `tls.mycert` and
24
- `tls.myprivkey`.
25
- ---
26
- contrib/mmkubernetes/mmkubernetes.c | 296 ++++++++++++++++++++++++----
27
- 7 files changed, 160 insertions(+), 36 deletions(-)
28
-
29
- diff --git a/contrib/mmkubernetes/mmkubernetes.c b/contrib/mmkubernetes/mmkubernetes.c
30
- index 422cb2577..5bf5b049d 100644
31
- --- a/contrib/mmkubernetes/mmkubernetes.c
32
- +++ b/contrib/mmkubernetes/mmkubernetes.c
33
- @@ -52,9 +52,12 @@
34
- #include "syslogd-types.h"
35
- #include "module-template.h"
36
- #include "errmsg.h"
37
- +#include "statsobj.h"
38
- #include "regexp.h"
39
- #include "hashtable.h"
40
- #include "srUtils.h"
41
- +#include "unicode-helper.h"
42
- +#include "datetime.h"
43
-
44
- /* static data */
45
- MODULE_TYPE_OUTPUT /* this is technically an output plugin */
46
- @@ -62,6 +65,8 @@ MODULE_TYPE_KEEP /* releasing the module would cause a leak through libcurl */
47
- MODULE_CNFNAME("mmkubernetes")
48
- DEF_OMOD_STATIC_DATA
49
- DEFobjCurrIf(regexp)
50
- +DEFobjCurrIf(statsobj)
51
- +DEFobjCurrIf(datetime)
52
-
53
- #define HAVE_LOADSAMPLESFROMSTRING 1
54
- #if defined(NO_LOADSAMPLESFROMSTRING)
55
- @@ -95,12 +100,14 @@ DEFobjCurrIf(regexp)
56
- #define DFLT_CONTAINER_NAME "$!CONTAINER_NAME" /* name of variable holding CONTAINER_NAME value */
57
- #define DFLT_CONTAINER_ID_FULL "$!CONTAINER_ID_FULL" /* name of variable holding CONTAINER_ID_FULL value */
58
- #define DFLT_KUBERNETES_URL "https://kubernetes.default.svc.cluster.local:443"
59
- +#define DFLT_BUSY_RETRY_INTERVAL 5 /* retry every 5 seconds */
60
-
61
- static struct cache_s {
62
- const uchar *kbUrl;
63
- struct hashtable *mdHt;
64
- struct hashtable *nsHt;
65
- pthread_mutex_t *cacheMtx;
66
- + int lastBusyTime;
67
- } **caches;
68
-
69
- typedef struct {
70
- @@ -116,6 +123,8 @@ struct modConfData_s {
71
- uchar *srcMetadataPath; /* where to get data for kubernetes queries */
72
- uchar *dstMetadataPath; /* where to put metadata obtained from kubernetes */
73
- uchar *caCertFile; /* File holding the CA cert (+optional chain) of CA that issued the Kubernetes server cert */
74
- + uchar *myCertFile; /* File holding cert corresponding to private key used for client cert auth */
75
- + uchar *myPrivKeyFile; /* File holding private key corresponding to cert used for client cert auth */
76
- sbool allowUnsignedCerts; /* For testing/debugging - do not check for CA certs (CURLOPT_SSL_VERIFYPEER FALSE) */
77
- uchar *token; /* The token value to use to authenticate to Kubernetes - takes precedence over tokenFile */
78
- uchar *tokenFile; /* The file whose contents is the token value to use to authenticate to Kubernetes */
79
- @@ -127,6 +136,7 @@ struct modConfData_s {
80
- uchar *fnRulebase; /* lognorm rulebase filename for container log filename match */
81
- char *contRules; /* lognorm rules for CONTAINER_NAME value match */
82
- uchar *contRulebase; /* lognorm rulebase filename for CONTAINER_NAME value match */
83
- + int busyRetryInterval; /* how to handle 429 response - 0 means error, non-zero means retry every N seconds */
84
- };
85
-
86
- /* action (instance) configuration data */
87
- @@ -135,6 +145,8 @@ typedef struct _instanceData {
88
- msgPropDescr_t *srcMetadataDescr; /* where to get data for kubernetes queries */
89
- uchar *dstMetadataPath; /* where to put metadata obtained from kubernetes */
90
- uchar *caCertFile; /* File holding the CA cert (+optional chain) of CA that issued the Kubernetes server cert */
91
- + uchar *myCertFile; /* File holding cert corresponding to private key used for client cert auth */
92
- + uchar *myPrivKeyFile; /* File holding private key corresponding to cert used for client cert auth */
93
- sbool allowUnsignedCerts; /* For testing/debugging - do not check for CA certs (CURLOPT_SSL_VERIFYPEER FALSE) */
94
- uchar *token; /* The token value to use to authenticate to Kubernetes - takes precedence over tokenFile */
95
- uchar *tokenFile; /* The file whose contents is the token value to use to authenticate to Kubernetes */
96
- @@ -151,6 +163,7 @@ typedef struct _instanceData {
97
- msgPropDescr_t *contNameDescr; /* CONTAINER_NAME field */
98
- msgPropDescr_t *contIdFullDescr; /* CONTAINER_ID_FULL field */
99
- struct cache_s *cache;
100
- + int busyRetryInterval; /* how to handle 429 response - 0 means error, non-zero means retry every N seconds */
101
- } instanceData;
102
-
103
- typedef struct wrkrInstanceData {
104
- @@ -159,6 +172,16 @@ typedef struct wrkrInstanceData {
105
- struct curl_slist *curlHdr;
106
- char *curlRply;
107
- size_t curlRplyLen;
108
- + statsobj_t *stats; /* stats for this instance */
109
- + STATSCOUNTER_DEF(k8sRecordSeen, mutK8sRecordSeen)
110
- + STATSCOUNTER_DEF(namespaceMetadataSuccess, mutNamespaceMetadataSuccess)
111
- + STATSCOUNTER_DEF(namespaceMetadataNotFound, mutNamespaceMetadataNotFound)
112
- + STATSCOUNTER_DEF(namespaceMetadataBusy, mutNamespaceMetadataBusy)
113
- + STATSCOUNTER_DEF(namespaceMetadataError, mutNamespaceMetadataError)
114
- + STATSCOUNTER_DEF(podMetadataSuccess, mutPodMetadataSuccess)
115
- + STATSCOUNTER_DEF(podMetadataNotFound, mutPodMetadataNotFound)
116
- + STATSCOUNTER_DEF(podMetadataBusy, mutPodMetadataBusy)
117
- + STATSCOUNTER_DEF(podMetadataError, mutPodMetadataError)
118
- } wrkrInstanceData_t;
119
-
120
- /* module parameters (v6 config format) */
121
- @@ -167,6 +190,8 @@ static struct cnfparamdescr modpdescr[] = {
122
- { "srcmetadatapath", eCmdHdlrString, 0 },
123
- { "dstmetadatapath", eCmdHdlrString, 0 },
124
- { "tls.cacert", eCmdHdlrString, 0 },
125
- + { "tls.mycert", eCmdHdlrString, 0 },
126
- + { "tls.myprivkey", eCmdHdlrString, 0 },
127
- { "allowunsignedcerts", eCmdHdlrBinary, 0 },
128
- { "token", eCmdHdlrString, 0 },
129
- { "tokenfile", eCmdHdlrString, 0 },
130
- @@ -174,7 +199,8 @@ static struct cnfparamdescr modpdescr[] = {
131
- { "de_dot", eCmdHdlrBinary, 0 },
132
- { "de_dot_separator", eCmdHdlrString, 0 },
133
- { "filenamerulebase", eCmdHdlrString, 0 },
134
- - { "containerrulebase", eCmdHdlrString, 0 }
135
- + { "containerrulebase", eCmdHdlrString, 0 },
136
- + { "busyretryinterval", eCmdHdlrInt, 0 }
137
- #if HAVE_LOADSAMPLESFROMSTRING == 1
138
- ,
139
- { "filenamerules", eCmdHdlrArray, 0 },
140
- @@ -193,6 +219,8 @@ static struct cnfparamdescr actpdescr[] = {
141
- { "srcmetadatapath", eCmdHdlrString, 0 },
142
- { "dstmetadatapath", eCmdHdlrString, 0 },
143
- { "tls.cacert", eCmdHdlrString, 0 },
144
- + { "tls.mycert", eCmdHdlrString, 0 },
145
- + { "tls.myprivkey", eCmdHdlrString, 0 },
146
- { "allowunsignedcerts", eCmdHdlrBinary, 0 },
147
- { "token", eCmdHdlrString, 0 },
148
- { "tokenfile", eCmdHdlrString, 0 },
149
- @@ -200,7 +228,8 @@ static struct cnfparamdescr actpdescr[] = {
150
- { "de_dot", eCmdHdlrBinary, 0 },
151
- { "de_dot_separator", eCmdHdlrString, 0 },
152
- { "filenamerulebase", eCmdHdlrString, 0 },
153
- - { "containerrulebase", eCmdHdlrString, 0 }
154
- + { "containerrulebase", eCmdHdlrString, 0 },
155
- + { "busyretryinterval", eCmdHdlrInt, 0 }
156
- #if HAVE_LOADSAMPLESFROMSTRING == 1
157
- ,
158
- { "filenamerules", eCmdHdlrArray, 0 },
159
- @@ -493,8 +522,9 @@ ENDbeginCnfLoad
160
- BEGINsetModCnf
161
- struct cnfparamvals *pvals = NULL;
162
- int i;
163
- - FILE *fp;
164
- + FILE *fp = NULL;
165
- int ret;
166
- + char errStr[1024];
167
- CODESTARTsetModCnf
168
- pvals = nvlstGetParams(lst, &modpblk, NULL);
169
- if(pvals == NULL) {
170
- @@ -509,6 +539,7 @@ CODESTARTsetModCnf
171
- }
172
-
173
- loadModConf->de_dot = DFLT_DE_DOT;
174
- + loadModConf->busyRetryInterval = DFLT_BUSY_RETRY_INTERVAL;
175
- for(i = 0 ; i < modpblk.nParams ; ++i) {
176
- if(!pvals[i].bUsed) {
177
- continue;
178
- @@ -528,15 +559,42 @@ CODESTARTsetModCnf
179
- loadModConf->caCertFile = (uchar *) es_str2cstr(pvals[i].val.d.estr, NULL);
180
- fp = fopen((const char*)loadModConf->caCertFile, "r");
181
- if(fp == NULL) {
182
- - char errStr[1024];
183
- rs_strerror_r(errno, errStr, sizeof(errStr));
184
- iRet = RS_RET_NO_FILE_ACCESS;
185
- LogError(0, iRet,
186
- - "error: certificate file %s couldn't be accessed: %s\n",
187
- + "error: 'tls.cacert' file %s couldn't be accessed: %s\n",
188
- loadModConf->caCertFile, errStr);
189
- ABORT_FINALIZE(iRet);
190
- } else {
191
- fclose(fp);
192
- + fp = NULL;
193
- + }
194
- + } else if(!strcmp(modpblk.descr[i].name, "tls.mycert")) {
195
- + free(loadModConf->myCertFile);
196
- + loadModConf->myCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
197
- + fp = fopen((const char*)loadModConf->myCertFile, "r");
198
- + if(fp == NULL) {
199
- + rs_strerror_r(errno, errStr, sizeof(errStr));
200
- + iRet = RS_RET_NO_FILE_ACCESS;
201
- + LogError(0, iRet,
202
- + "error: 'tls.mycert' file %s couldn't be accessed: %s\n",
203
- + loadModConf->myCertFile, errStr);
204
- + } else {
205
- + fclose(fp);
206
- + fp = NULL;
207
- + }
208
- + } else if(!strcmp(modpblk.descr[i].name, "tls.myprivkey")) {
209
- + loadModConf->myPrivKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
210
- + fp = fopen((const char*)loadModConf->myPrivKeyFile, "r");
211
- + if(fp == NULL) {
212
- + rs_strerror_r(errno, errStr, sizeof(errStr));
213
- + iRet = RS_RET_NO_FILE_ACCESS;
214
- + LogError(0, iRet,
215
- + "error: 'tls.myprivkey' file %s couldn't be accessed: %s\n",
216
- + loadModConf->myPrivKeyFile, errStr);
217
- + } else {
218
- + fclose(fp);
219
- + fp = NULL;
220
- }
221
- } else if(!strcmp(modpblk.descr[i].name, "allowunsignedcerts")) {
222
- loadModConf->allowUnsignedCerts = pvals[i].val.d.n;
223
- @@ -548,7 +606,6 @@ CODESTARTsetModCnf
224
- loadModConf->tokenFile = (uchar *) es_str2cstr(pvals[i].val.d.estr, NULL);
225
- fp = fopen((const char*)loadModConf->tokenFile, "r");
226
- if(fp == NULL) {
227
- - char errStr[1024];
228
- rs_strerror_r(errno, errStr, sizeof(errStr));
229
- iRet = RS_RET_NO_FILE_ACCESS;
230
- LogError(0, iRet,
231
- @@ -557,6 +614,7 @@ CODESTARTsetModCnf
232
- ABORT_FINALIZE(iRet);
233
- } else {
234
- fclose(fp);
235
- + fp = NULL;
236
- }
237
- } else if(!strcmp(modpblk.descr[i].name, "annotation_match")) {
238
- free_annotationmatch(&loadModConf->annotation_match);
239
- @@ -577,7 +635,6 @@ CODESTARTsetModCnf
240
- loadModConf->fnRulebase = (uchar *) es_str2cstr(pvals[i].val.d.estr, NULL);
241
- fp = fopen((const char*)loadModConf->fnRulebase, "r");
242
- if(fp == NULL) {
243
- - char errStr[1024];
244
- rs_strerror_r(errno, errStr, sizeof(errStr));
245
- iRet = RS_RET_NO_FILE_ACCESS;
246
- LogError(0, iRet,
247
- @@ -586,6 +643,7 @@ CODESTARTsetModCnf
248
- ABORT_FINALIZE(iRet);
249
- } else {
250
- fclose(fp);
251
- + fp = NULL;
252
- }
253
- #if HAVE_LOADSAMPLESFROMSTRING == 1
254
- } else if(!strcmp(modpblk.descr[i].name, "containerrules")) {
255
- @@ -597,7 +655,6 @@ CODESTARTsetModCnf
256
- loadModConf->contRulebase = (uchar *) es_str2cstr(pvals[i].val.d.estr, NULL);
257
- fp = fopen((const char*)loadModConf->contRulebase, "r");
258
- if(fp == NULL) {
259
- - char errStr[1024];
260
- rs_strerror_r(errno, errStr, sizeof(errStr));
261
- iRet = RS_RET_NO_FILE_ACCESS;
262
- LogError(0, iRet,
263
- @@ -606,7 +663,10 @@ CODESTARTsetModCnf
264
- ABORT_FINALIZE(iRet);
265
- } else {
266
- fclose(fp);
267
- + fp = NULL;
268
- }
269
- + } else if(!strcmp(modpblk.descr[i].name, "busyretryinterval")) {
270
- + loadModConf->busyRetryInterval = pvals[i].val.d.n;
271
- } else {
272
- dbgprintf("mmkubernetes: program error, non-handled "
273
- "param '%s' in module() block\n", modpblk.descr[i].name);
274
- @@ -650,6 +710,8 @@ CODESTARTsetModCnf
275
- caches = calloc(1, sizeof(struct cache_s *));
276
-
277
- finalize_it:
278
- + if (fp)
279
- + fclose(fp);
280
- if(pvals != NULL)
281
- cnfparamvalsDestruct(pvals, &modpblk);
282
- ENDsetModCnf
283
- @@ -667,6 +729,8 @@ CODESTARTfreeInstance
284
- free(pData->srcMetadataDescr);
285
- free(pData->dstMetadataPath);
286
- free(pData->caCertFile);
287
- + free(pData->myCertFile);
288
- + free(pData->myPrivKeyFile);
289
- free(pData->token);
290
- free(pData->tokenFile);
291
- free(pData->fnRules);
292
- @@ -710,6 +774,45 @@ CODESTARTcreateWrkrInstance
293
- char *tokenHdr = NULL;
294
- FILE *fp = NULL;
295
- char *token = NULL;
296
- + char *statsName = NULL;
297
- +
298
- + CHKiRet(statsobj.Construct(&(pWrkrData->stats)));
299
- + if ((-1 == asprintf(&statsName, "mmkubernetes(%s)", pWrkrData->pData->kubernetesUrl)) ||
300
- + (!statsName)) {
301
- + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY);
302
- + }
303
- + CHKiRet(statsobj.SetName(pWrkrData->stats, (uchar *)statsName));
304
- + free(statsName);
305
- + statsName = NULL;
306
- + CHKiRet(statsobj.SetOrigin(pWrkrData->stats, UCHAR_CONSTANT("mmkubernetes")));
307
- + STATSCOUNTER_INIT(pWrkrData->k8sRecordSeen, pWrkrData->mutK8sRecordSeen);
308
- + CHKiRet(statsobj.AddCounter(pWrkrData->stats, UCHAR_CONSTANT("recordseen"),
309
- + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(pWrkrData->k8sRecordSeen)));
310
- + STATSCOUNTER_INIT(pWrkrData->namespaceMetadataSuccess, pWrkrData->mutNamespaceMetadataSuccess);
311
- + CHKiRet(statsobj.AddCounter(pWrkrData->stats, UCHAR_CONSTANT("namespacemetadatasuccess"),
312
- + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(pWrkrData->namespaceMetadataSuccess)));
313
- + STATSCOUNTER_INIT(pWrkrData->namespaceMetadataNotFound, pWrkrData->mutNamespaceMetadataNotFound);
314
- + CHKiRet(statsobj.AddCounter(pWrkrData->stats, UCHAR_CONSTANT("namespacemetadatanotfound"),
315
- + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(pWrkrData->namespaceMetadataNotFound)));
316
- + STATSCOUNTER_INIT(pWrkrData->namespaceMetadataBusy, pWrkrData->mutNamespaceMetadataBusy);
317
- + CHKiRet(statsobj.AddCounter(pWrkrData->stats, UCHAR_CONSTANT("namespacemetadatabusy"),
318
- + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(pWrkrData->namespaceMetadataBusy)));
319
- + STATSCOUNTER_INIT(pWrkrData->namespaceMetadataError, pWrkrData->mutNamespaceMetadataError);
320
- + CHKiRet(statsobj.AddCounter(pWrkrData->stats, UCHAR_CONSTANT("namespacemetadataerror"),
321
- + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(pWrkrData->namespaceMetadataError)));
322
- + STATSCOUNTER_INIT(pWrkrData->podMetadataSuccess, pWrkrData->mutPodMetadataSuccess);
323
- + CHKiRet(statsobj.AddCounter(pWrkrData->stats, UCHAR_CONSTANT("podmetadatasuccess"),
324
- + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(pWrkrData->podMetadataSuccess)));
325
- + STATSCOUNTER_INIT(pWrkrData->podMetadataNotFound, pWrkrData->mutPodMetadataNotFound);
326
- + CHKiRet(statsobj.AddCounter(pWrkrData->stats, UCHAR_CONSTANT("podmetadatanotfound"),
327
- + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(pWrkrData->podMetadataNotFound)));
328
- + STATSCOUNTER_INIT(pWrkrData->podMetadataBusy, pWrkrData->mutPodMetadataBusy);
329
- + CHKiRet(statsobj.AddCounter(pWrkrData->stats, UCHAR_CONSTANT("podmetadatabusy"),
330
- + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(pWrkrData->podMetadataBusy)));
331
- + STATSCOUNTER_INIT(pWrkrData->podMetadataError, pWrkrData->mutPodMetadataError);
332
- + CHKiRet(statsobj.AddCounter(pWrkrData->stats, UCHAR_CONSTANT("podmetadataerror"),
333
- + ctrType_IntCtr, CTR_FLAG_RESETTABLE, &(pWrkrData->podMetadataError)));
334
- + CHKiRet(statsobj.ConstructFinalize(pWrkrData->stats));
335
-
336
- hdr = curl_slist_append(hdr, "Content-Type: text/json; charset=utf-8");
337
- if (pWrkrData->pData->token) {
338
- @@ -749,12 +852,20 @@ CODESTARTcreateWrkrInstance
339
- curl_easy_setopt(ctx, CURLOPT_WRITEDATA, pWrkrData);
340
- if(pWrkrData->pData->caCertFile)
341
- curl_easy_setopt(ctx, CURLOPT_CAINFO, pWrkrData->pData->caCertFile);
342
- + if(pWrkrData->pData->myCertFile)
343
- + curl_easy_setopt(ctx, CURLOPT_SSLCERT, pWrkrData->pData->myCertFile);
344
- + if(pWrkrData->pData->myPrivKeyFile)
345
- + curl_easy_setopt(ctx, CURLOPT_SSLKEY, pWrkrData->pData->myPrivKeyFile);
346
- if(pWrkrData->pData->allowUnsignedCerts)
347
- curl_easy_setopt(ctx, CURLOPT_SSL_VERIFYPEER, 0);
348
-
349
- pWrkrData->curlCtx = ctx;
350
- finalize_it:
351
- free(token);
352
- + free(statsName);
353
- + if ((iRet != RS_RET_OK) && pWrkrData->stats) {
354
- + statsobj.Destruct(&(pWrkrData->stats));
355
- + }
356
- if (fp) {
357
- fclose(fp);
358
- }
359
- @@ -765,6 +876,7 @@ BEGINfreeWrkrInstance
360
- CODESTARTfreeWrkrInstance
361
- curl_easy_cleanup(pWrkrData->curlCtx);
362
- curl_slist_free_all(pWrkrData->curlHdr);
363
- + statsobj.Destruct(&(pWrkrData->stats));
364
- ENDfreeWrkrInstance
365
-
366
-
367
- @@ -790,6 +902,8 @@ cacheNew(const uchar *const url)
368
- key_equals_string, hashtable_json_object_put);
369
- cache->nsHt = create_hashtable(100, hash_from_string,
370
- key_equals_string, hashtable_json_object_put);
371
- + dbgprintf("mmkubernetes: created cache mdht [%p] nsht [%p]\n",
372
- + cache->mdHt, cache->nsHt);
373
- cache->cacheMtx = malloc(sizeof(pthread_mutex_t));
374
- if (!cache->mdHt || !cache->nsHt || !cache->cacheMtx) {
375
- free (cache);
376
- @@ -797,6 +911,7 @@ cacheNew(const uchar *const url)
377
- FINALIZE;
378
- }
379
- pthread_mutex_init(cache->cacheMtx, NULL);
380
- + cache->lastBusyTime = 0;
381
-
382
- finalize_it:
383
- return cache;
384
- @@ -816,9 +931,10 @@ static void cacheFree(struct cache_s *cache)
385
- BEGINnewActInst
386
- struct cnfparamvals *pvals = NULL;
387
- int i;
388
- - FILE *fp;
389
- + FILE *fp = NULL;
390
- char *rxstr = NULL;
391
- char *srcMetadataPath = NULL;
392
- + char errStr[1024];
393
- CODESTARTnewActInst
394
- DBGPRINTF("newActInst (mmkubernetes)\n");
395
-
396
- @@ -840,6 +956,7 @@ CODESTARTnewActInst
397
-
398
- pData->de_dot = loadModConf->de_dot;
399
- pData->allowUnsignedCerts = loadModConf->allowUnsignedCerts;
400
- + pData->busyRetryInterval = loadModConf->busyRetryInterval;
401
- for(i = 0 ; i < actpblk.nParams ; ++i) {
402
- if(!pvals[i].bUsed) {
403
- continue;
404
- @@ -863,7 +980,6 @@ CODESTARTnewActInst
405
- pData->caCertFile = (uchar *) es_str2cstr(pvals[i].val.d.estr, NULL);
406
- fp = fopen((const char*)pData->caCertFile, "r");
407
- if(fp == NULL) {
408
- - char errStr[1024];
409
- rs_strerror_r(errno, errStr, sizeof(errStr));
410
- iRet = RS_RET_NO_FILE_ACCESS;
411
- LogError(0, iRet,
412
- @@ -872,6 +988,33 @@ CODESTARTnewActInst
413
- ABORT_FINALIZE(iRet);
414
- } else {
415
- fclose(fp);
416
- + fp = NULL;
417
- + }
418
- + } else if(!strcmp(actpblk.descr[i].name, "tls.mycert")) {
419
- + pData->myCertFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
420
- + fp = fopen((const char*)pData->myCertFile, "r");
421
- + if(fp == NULL) {
422
- + rs_strerror_r(errno, errStr, sizeof(errStr));
423
- + iRet = RS_RET_NO_FILE_ACCESS;
424
- + LogError(0, iRet,
425
- + "error: 'tls.mycert' file %s couldn't be accessed: %s\n",
426
- + pData->myCertFile, errStr);
427
- + } else {
428
- + fclose(fp);
429
- + fp = NULL;
430
- + }
431
- + } else if(!strcmp(actpblk.descr[i].name, "tls.myprivkey")) {
432
- + pData->myPrivKeyFile = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
433
- + fp = fopen((const char*)pData->myPrivKeyFile, "r");
434
- + if(fp == NULL) {
435
- + rs_strerror_r(errno, errStr, sizeof(errStr));
436
- + iRet = RS_RET_NO_FILE_ACCESS;
437
- + LogError(0, iRet,
438
- + "error: 'tls.myprivkey' file %s couldn't be accessed: %s\n",
439
- + pData->myPrivKeyFile, errStr);
440
- + } else {
441
- + fclose(fp);
442
- + fp = NULL;
443
- }
444
- } else if(!strcmp(actpblk.descr[i].name, "allowunsignedcerts")) {
445
- pData->allowUnsignedCerts = pvals[i].val.d.n;
446
- @@ -883,7 +1026,6 @@ CODESTARTnewActInst
447
- pData->tokenFile = (uchar *) es_str2cstr(pvals[i].val.d.estr, NULL);
448
- fp = fopen((const char*)pData->tokenFile, "r");
449
- if(fp == NULL) {
450
- - char errStr[1024];
451
- rs_strerror_r(errno, errStr, sizeof(errStr));
452
- iRet = RS_RET_NO_FILE_ACCESS;
453
- LogError(0, iRet,
454
- @@ -892,6 +1034,7 @@ CODESTARTnewActInst
455
- ABORT_FINALIZE(iRet);
456
- } else {
457
- fclose(fp);
458
- + fp = NULL;
459
- }
460
- } else if(!strcmp(actpblk.descr[i].name, "annotation_match")) {
461
- free_annotationmatch(&pData->annotation_match);
462
- @@ -912,7 +1055,6 @@ CODESTARTnewActInst
463
- pData->fnRulebase = (uchar *) es_str2cstr(pvals[i].val.d.estr, NULL);
464
- fp = fopen((const char*)pData->fnRulebase, "r");
465
- if(fp == NULL) {
466
- - char errStr[1024];
467
- rs_strerror_r(errno, errStr, sizeof(errStr));
468
- iRet = RS_RET_NO_FILE_ACCESS;
469
- LogError(0, iRet,
470
- @@ -921,6 +1063,7 @@ CODESTARTnewActInst
471
- ABORT_FINALIZE(iRet);
472
- } else {
473
- fclose(fp);
474
- + fp = NULL;
475
- }
476
- #if HAVE_LOADSAMPLESFROMSTRING == 1
477
- } else if(!strcmp(modpblk.descr[i].name, "containerrules")) {
478
- @@ -932,7 +1075,6 @@ CODESTARTnewActInst
479
- pData->contRulebase = (uchar *) es_str2cstr(pvals[i].val.d.estr, NULL);
480
- fp = fopen((const char*)pData->contRulebase, "r");
481
- if(fp == NULL) {
482
- - char errStr[1024];
483
- rs_strerror_r(errno, errStr, sizeof(errStr));
484
- iRet = RS_RET_NO_FILE_ACCESS;
485
- LogError(0, iRet,
486
- @@ -941,7 +1083,10 @@ CODESTARTnewActInst
487
- ABORT_FINALIZE(iRet);
488
- } else {
489
- fclose(fp);
490
- + fp = NULL;
491
- }
492
- + } else if(!strcmp(actpblk.descr[i].name, "busyretryinterval")) {
493
- + pData->busyRetryInterval = pvals[i].val.d.n;
494
- } else {
495
- dbgprintf("mmkubernetes: program error, non-handled "
496
- "param '%s' in action() block\n", actpblk.descr[i].name);
497
- @@ -982,6 +1127,10 @@ CODESTARTnewActInst
498
- pData->dstMetadataPath = (uchar *) strdup((char *) loadModConf->dstMetadataPath);
499
- if(pData->caCertFile == NULL && loadModConf->caCertFile)
500
- pData->caCertFile = (uchar *) strdup((char *) loadModConf->caCertFile);
501
- + if(pData->myCertFile == NULL && loadModConf->myCertFile)
502
- + pData->myCertFile = (uchar *) strdup((char *) loadModConf->myCertFile);
503
- + if(pData->myPrivKeyFile == NULL && loadModConf->myPrivKeyFile)
504
- + pData->myPrivKeyFile = (uchar *) strdup((char *) loadModConf->myPrivKeyFile);
505
- if(pData->token == NULL && loadModConf->token)
506
- pData->token = (uchar *) strdup((char *) loadModConf->token);
507
- if(pData->tokenFile == NULL && loadModConf->tokenFile)
508
- @@ -1018,6 +1167,8 @@ CODESTARTnewActInst
509
- CODE_STD_FINALIZERnewActInst
510
- if(pvals != NULL)
511
- cnfparamvalsDestruct(pvals, &actpblk);
512
- + if(fp)
513
- + fclose(fp);
514
- free(rxstr);
515
- free(srcMetadataPath);
516
- ENDnewActInst
517
- @@ -1061,6 +1212,8 @@ CODESTARTfreeCnf
518
- free(pModConf->srcMetadataPath);
519
- free(pModConf->dstMetadataPath);
520
- free(pModConf->caCertFile);
521
- + free(pModConf->myCertFile);
522
- + free(pModConf->myPrivKeyFile);
523
- free(pModConf->token);
524
- free(pModConf->tokenFile);
525
- free(pModConf->de_dot_separator);
526
- @@ -1069,8 +1222,11 @@ CODESTARTfreeCnf
527
- free(pModConf->contRules);
528
- free(pModConf->contRulebase);
529
- free_annotationmatch(&pModConf->annotation_match);
530
- - for(i = 0; caches[i] != NULL; i++)
531
- + for(i = 0; caches[i] != NULL; i++) {
532
- + dbgprintf("mmkubernetes: freeing cache [%d] mdht [%p] nsht [%p]\n",
533
- + i, caches[i]->mdHt, caches[i]->nsHt);
534
- cacheFree(caches[i]);
535
- + }
536
- free(caches);
537
- ENDfreeCnf
538
-
539
- @@ -1082,6 +1238,8 @@ CODESTARTdbgPrintInstInfo
540
- dbgprintf("\tsrcMetadataPath='%s'\n", pData->srcMetadataDescr->name);
541
- dbgprintf("\tdstMetadataPath='%s'\n", pData->dstMetadataPath);
542
- dbgprintf("\ttls.cacert='%s'\n", pData->caCertFile);
543
- + dbgprintf("\ttls.mycert='%s'\n", pData->myCertFile);
544
- + dbgprintf("\ttls.myprivkey='%s'\n", pData->myPrivKeyFile);
545
- dbgprintf("\tallowUnsignedCerts='%d'\n", pData->allowUnsignedCerts);
546
- dbgprintf("\ttoken='%s'\n", pData->token);
547
- dbgprintf("\ttokenFile='%s'\n", pData->tokenFile);
548
- @@ -1093,6 +1251,7 @@ CODESTARTdbgPrintInstInfo
549
- dbgprintf("\tfilenamerules='%s'\n", pData->fnRules);
550
- dbgprintf("\tcontainerrules='%s'\n", pData->contRules);
551
- #endif
552
- + dbgprintf("\tbusyretryinterval='%d'\n", pData->busyRetryInterval);
553
- ENDdbgPrintInstInfo
554
-
555
-
556
- @@ -1206,6 +1365,24 @@ queryKB(wrkrInstanceData_t *pWrkrData, char *url, struct json_object **rply)
557
- struct json_object *jo;
558
- long resp_code = 400;
559
-
560
- + if (pWrkrData->pData->cache->lastBusyTime) {
561
- + time_t now;
562
- + datetime.GetTime(&now);
563
- + now -= pWrkrData->pData->cache->lastBusyTime;
564
- + if (now < pWrkrData->pData->busyRetryInterval) {
565
- + LogMsg(0, RS_RET_RETRY, LOG_DEBUG,
566
- + "mmkubernetes: Waited [%ld] of [%d] seconds for the requested url [%s]\n",
567
- + now, pWrkrData->pData->busyRetryInterval, url);
568
- + ABORT_FINALIZE(RS_RET_RETRY);
569
- + } else {
570
- + LogMsg(0, RS_RET_OK, LOG_DEBUG,
571
- + "mmkubernetes: Cleared busy status after [%d] seconds - "
572
- + "will retry the requested url [%s]\n",
573
- + pWrkrData->pData->busyRetryInterval, url);
574
- + pWrkrData->pData->cache->lastBusyTime = 0;
575
- + }
576
- + }
577
- +
578
- /* query kubernetes for pod info */
579
- ccode = curl_easy_setopt(pWrkrData->curlCtx, CURLOPT_URL, url);
580
- if(ccode != CURLE_OK)
581
- @@ -1238,17 +1415,23 @@ queryKB(wrkrInstanceData_t *pWrkrData, char *url, struct json_object **rply)
582
- ABORT_FINALIZE(RS_RET_ERR);
583
- }
584
- if(resp_code == 404) {
585
- - LogMsg(0, RS_RET_ERR, LOG_ERR,
586
- + LogMsg(0, RS_RET_NOT_FOUND, LOG_INFO,
587
- "mmkubernetes: Not Found: the resource does not exist at url [%s]\n",
588
- url);
589
- - ABORT_FINALIZE(RS_RET_ERR);
590
- + ABORT_FINALIZE(RS_RET_NOT_FOUND);
591
- }
592
- if(resp_code == 429) {
593
- - LogMsg(0, RS_RET_ERR, LOG_ERR,
594
- + if (pWrkrData->pData->busyRetryInterval) {
595
- + time_t now;
596
- + datetime.GetTime(&now);
597
- + pWrkrData->pData->cache->lastBusyTime = now;
598
- + }
599
- +
600
- + LogMsg(0, RS_RET_RETRY, LOG_INFO,
601
- "mmkubernetes: Too Many Requests: the server is too heavily loaded "
602
- "to provide the data for the requested url [%s]\n",
603
- url);
604
- - ABORT_FINALIZE(RS_RET_ERR);
605
- + ABORT_FINALIZE(RS_RET_RETRY);
606
- }
607
- if(resp_code != 200) {
608
- LogMsg(0, RS_RET_ERR, LOG_ERR,
609
- @@ -1299,12 +1482,14 @@ BEGINdoAction
610
- char *mdKey = NULL;
611
- struct json_object *jMetadata = NULL, *jMetadataCopy = NULL, *jMsgMeta = NULL,
612
- *jo = NULL;
613
- - int add_ns_metadata = 0;
614
- + int add_pod_metadata = 1;
615
- CODESTARTdoAction
616
- CHKiRet_Hdlr(extractMsgMetadata(pMsg, pWrkrData->pData, &jMsgMeta)) {
617
- ABORT_FINALIZE((iRet == RS_RET_NOT_FOUND) ? RS_RET_OK : iRet);
618
- }
619
-
620
- + STATSCOUNTER_INC(pWrkrData->k8sRecordSeen, pWrkrData->mutK8sRecordSeen);
621
- +
622
- if (fjson_object_object_get_ex(jMsgMeta, "pod_name", &jo))
623
- podName = json_object_get_string(jo);
624
- if (fjson_object_object_get_ex(jMsgMeta, "namespace_name", &jo))
625
- @@ -1347,28 +1532,49 @@ CODESTARTdoAction
626
- }
627
- iRet = queryKB(pWrkrData, url, &jReply);
628
- free(url);
629
- - /* todo: implement support for the .orphaned namespace */
630
- - if (iRet != RS_RET_OK) {
631
- + if (iRet == RS_RET_NOT_FOUND) {
632
- + /* negative cache namespace - make a dummy empty namespace metadata object */
633
- + jNsMeta = json_object_new_object();
634
- + STATSCOUNTER_INC(pWrkrData->namespaceMetadataNotFound,
635
- + pWrkrData->mutNamespaceMetadataNotFound);
636
- + } else if (iRet == RS_RET_RETRY) {
637
- + /* server is busy - retry or error */
638
- + STATSCOUNTER_INC(pWrkrData->namespaceMetadataBusy,
639
- + pWrkrData->mutNamespaceMetadataBusy);
640
- + if (0 == pWrkrData->pData->busyRetryInterval) {
641
- + pthread_mutex_unlock(pWrkrData->pData->cache->cacheMtx);
642
- + ABORT_FINALIZE(RS_RET_ERR);
643
- + }
644
- + add_pod_metadata = 0; /* don't cache pod metadata either - retry both */
645
- + } else if (iRet != RS_RET_OK) {
646
- + /* hard error - something the admin needs to fix e.g. network, config, auth */
647
- json_object_put(jReply);
648
- jReply = NULL;
649
- + STATSCOUNTER_INC(pWrkrData->namespaceMetadataError,
650
- + pWrkrData->mutNamespaceMetadataError);
651
- pthread_mutex_unlock(pWrkrData->pData->cache->cacheMtx);
652
- FINALIZE;
653
- - }
654
- -
655
- - if(fjson_object_object_get_ex(jReply, "metadata", &jNsMeta)) {
656
- + } else if (fjson_object_object_get_ex(jReply, "metadata", &jNsMeta)) {
657
- jNsMeta = json_object_get(jNsMeta);
658
- parse_labels_annotations(jNsMeta, &pWrkrData->pData->annotation_match,
659
- pWrkrData->pData->de_dot,
660
- (const char *)pWrkrData->pData->de_dot_separator,
661
- pWrkrData->pData->de_dot_separator_len);
662
- - add_ns_metadata = 1;
663
- + STATSCOUNTER_INC(pWrkrData->namespaceMetadataSuccess,
664
- + pWrkrData->mutNamespaceMetadataSuccess);
665
- } else {
666
- /* namespace with no metadata??? */
667
- LogMsg(0, RS_RET_ERR, LOG_INFO,
668
- "mmkubernetes: namespace [%s] has no metadata!\n", ns);
669
- - jNsMeta = NULL;
670
- + /* negative cache namespace - make a dummy empty namespace metadata object */
671
- + jNsMeta = json_object_new_object();
672
- + STATSCOUNTER_INC(pWrkrData->namespaceMetadataSuccess,
673
- + pWrkrData->mutNamespaceMetadataSuccess);
674
- }
675
-
676
- + if(jNsMeta) {
677
- + hashtable_insert(pWrkrData->pData->cache->nsHt, strdup(ns), jNsMeta);
678
- + }
679
- json_object_put(jReply);
680
- jReply = NULL;
681
- }
682
- @@ -1381,14 +1587,28 @@ CODESTARTdoAction
683
- }
684
- iRet = queryKB(pWrkrData, url, &jReply);
685
- free(url);
686
- - if(iRet != RS_RET_OK) {
687
- - if(jNsMeta && add_ns_metadata) {
688
- - hashtable_insert(pWrkrData->pData->cache->nsHt, strdup(ns), jNsMeta);
689
- + if (iRet == RS_RET_NOT_FOUND) {
690
- + /* negative cache pod - make a dummy empty pod metadata object */
691
- + iRet = RS_RET_OK;
692
- + STATSCOUNTER_INC(pWrkrData->podMetadataNotFound, pWrkrData->mutPodMetadataNotFound);
693
- + } else if (iRet == RS_RET_RETRY) {
694
- + /* server is busy - retry or error */
695
- + STATSCOUNTER_INC(pWrkrData->podMetadataBusy, pWrkrData->mutPodMetadataBusy);
696
- + if (0 == pWrkrData->pData->busyRetryInterval) {
697
- + pthread_mutex_unlock(pWrkrData->pData->cache->cacheMtx);
698
- + ABORT_FINALIZE(RS_RET_ERR);
699
- }
700
- + add_pod_metadata = 0; /* do not cache so that we can retry */
701
- + iRet = RS_RET_OK;
702
- + } else if(iRet != RS_RET_OK) {
703
- + /* hard error - something the admin needs to fix e.g. network, config, auth */
704
- json_object_put(jReply);
705
- jReply = NULL;
706
- + STATSCOUNTER_INC(pWrkrData->podMetadataError, pWrkrData->mutPodMetadataError);
707
- pthread_mutex_unlock(pWrkrData->pData->cache->cacheMtx);
708
- FINALIZE;
709
- + } else {
710
- + STATSCOUNTER_INC(pWrkrData->podMetadataSuccess, pWrkrData->mutPodMetadataSuccess);
711
- }
712
-
713
- jo = json_object_new_object();
714
- @@ -1435,11 +1655,9 @@ CODESTARTdoAction
715
- json_object_object_add(jo, "container_id", json_object_get(jo2));
716
- json_object_object_add(jMetadata, "docker", jo);
717
-
718
- - hashtable_insert(pWrkrData->pData->cache->mdHt, mdKey, jMetadata);
719
- - mdKey = NULL;
720
- - if(jNsMeta && add_ns_metadata) {
721
- - hashtable_insert(pWrkrData->pData->cache->nsHt, strdup(ns), jNsMeta);
722
- - ns = NULL;
723
- + if (add_pod_metadata) {
724
- + hashtable_insert(pWrkrData->pData->cache->mdHt, mdKey, jMetadata);
725
- + mdKey = NULL;
726
- }
727
- }
728
-
729
- @@ -1450,6 +1668,11 @@ CODESTARTdoAction
730
- * outside of the cache lock
731
- */
732
- jMetadataCopy = json_tokener_parse(json_object_get_string(jMetadata));
733
- + if (!add_pod_metadata) {
734
- + /* jMetadata object was created from scratch and not cached */
735
- + json_object_put(jMetadata);
736
- + jMetadata = NULL;
737
- + }
738
- pthread_mutex_unlock(pWrkrData->pData->cache->cacheMtx);
739
- /* the +1 is there to skip the leading '$' */
740
- msgAddJSON(pMsg, (uchar *) pWrkrData->pData->dstMetadataPath + 1, jMetadataCopy, 0, 0);
741
- @@ -1470,7 +1693,9 @@ BEGINmodExit
742
- CODESTARTmodExit
743
- curl_global_cleanup();
744
-
745
- + objRelease(datetime, CORE_COMPONENT);
746
- objRelease(regexp, LM_REGEXP_FILENAME);
747
- + objRelease(statsobj, CORE_COMPONENT);
748
- ENDmodExit
749
-
750
-
751
- @@ -1489,8 +1714,9 @@ CODESTARTmodInit
752
- *ipIFVersProvided = CURR_MOD_IF_VERSION; /* we only support the current interface specification */
753
- CODEmodInit_QueryRegCFSLineHdlr
754
- DBGPRINTF("mmkubernetes: module compiled with rsyslog version %s.\n", VERSION);
755
- + CHKiRet(objUse(statsobj, CORE_COMPONENT));
756
- CHKiRet(objUse(regexp, LM_REGEXP_FILENAME));
757
- -
758
- + CHKiRet(objUse(datetime, CORE_COMPONENT));
759
- /* CURL_GLOBAL_ALL initializes more than is needed but the
760
- * libcurl documentation discourages use of other values
761
- */
file removed
-263
SOURCES/rsyslog-8.37.0-rhbz1627941-imfile-support-for-endmsg.regex.patch DELETED
@@ -1,263 +0,0 @@
1
- From e8d64cbd15fa84907dc23f8b52d6f2f847b46fec Mon Sep 17 00:00:00 2001
2
- From: Rich Megginson <rmeggins@redhat.com>
3
- Date: Mon, 10 Sep 2018 17:25:38 -0600
4
- Subject: [PATCH] imfile: support for endmsg.regex
5
-
6
- This adds support for endmsg.regex. It is similar to
7
- startmsg.regex except that it matches the line that denotes
8
- the end of the message, rather than the start of the next message.
9
- This is primarily for container log file use cases such as this:
10
-
11
- date stdout P start of message
12
- date stdout P middle of message
13
- date stdout F end of message
14
-
15
- The `F` means this is the line which contains the final part of
16
- the message. The fully assembled message should be
17
- `start of message middle of message end of message`.
18
- `startmsg.regex="^[^ ]+ stdout F "` will match.
19
-
20
- (cherry picked from commit c902a0938fe163b5351829d2b72001d024895c16)
21
- (cherry picked from commit dd4a72c4d52d8da98ed6b86114868e1a450ccb41)
22
- ---
23
- plugins/imfile/imfile.c | 44 ++++--
24
- plugins/imptcp/imptcp.c | 10 +-
25
- runtime/stream.c | 28 +++-
26
- runtime/stream.h | 2 +-
27
- 4 files changed, 62 insertions(+), 20 deletions(-)
28
-
29
- diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
30
- index 7767c9f02..87706082f 100644
31
- --- a/plugins/imfile/imfile.c
32
- +++ b/plugins/imfile/imfile.c
33
- @@ -126,7 +126,9 @@ struct instanceConf_s {
34
- sbool bRMStateOnDel;
35
- uint8_t readMode;
36
- uchar *startRegex;
37
- - regex_t end_preg; /* compiled version of startRegex */
38
- + uchar *endRegex;
39
- + regex_t start_preg; /* compiled version of startRegex */
40
- + regex_t end_preg; /* compiled version of endRegex */
41
- sbool discardTruncatedMsg;
42
- sbool msgDiscardingError;
43
- sbool escapeLF;
44
- @@ -281,6 +283,7 @@ static struct cnfparamdescr inppdescr[] = {
45
- { "ruleset", eCmdHdlrString, 0 },
46
- { "readmode", eCmdHdlrInt, 0 },
47
- { "startmsg.regex", eCmdHdlrString, 0 },
48
- + { "endmsg.regex", eCmdHdlrString, 0 },
49
- { "discardtruncatedmsg", eCmdHdlrBinary, 0 },
50
- { "msgdiscardingerror", eCmdHdlrBinary, 0 },
51
- { "escapelf", eCmdHdlrBinary, 0 },
52
- @@ -1421,6 +1424,7 @@ pollFileReal(act_obj_t *act, cstr_t **pCStr)
53
- int64 strtOffs;
54
- DEFiRet;
55
- int nProcessed = 0;
56
- + regex_t *start_preg = NULL, *end_preg = NULL;
57
-
58
- DBGPRINTF("pollFileReal enter, pStrm %p, name '%s'\n", act->pStrm, act->name);
59
- DBGPRINTF("pollFileReal enter, edge %p\n", act->edge);
60
- @@ -1432,15 +1436,18 @@ pollFileReal(act_obj_t *act, cstr_t **pCStr)
61
- CHKiRet(openFile(act)); /* open file */
62
- }
63
-
64
- + start_preg = (inst->startRegex == NULL) ? NULL : &inst->start_preg;
65
- + end_preg = (inst->endRegex == NULL) ? NULL : &inst->end_preg;
66
- +
67
- /* loop below will be exited when strmReadLine() returns EOF */
68
- while(glbl.GetGlobalInputTermState() == 0) {
69
- if(inst->maxLinesAtOnce != 0 && nProcessed >= inst->maxLinesAtOnce)
70
- break;
71
- - if(inst->startRegex == NULL) {
72
- + if((start_preg == NULL) && (end_preg == NULL)) {
73
- CHKiRet(strm.ReadLine(act->pStrm, pCStr, inst->readMode, inst->escapeLF,
74
- inst->trimLineOverBytes, &strtOffs));
75
- } else {
76
- - CHKiRet(strmReadMultiLine(act->pStrm, pCStr, &inst->end_preg,
77
- + CHKiRet(strmReadMultiLine(act->pStrm, pCStr, start_preg, end_preg,
78
- inst->escapeLF, inst->discardTruncatedMsg, inst->msgDiscardingError, &strtOffs));
79
- }
80
- ++nProcessed;
81
- @@ -1506,6 +1513,7 @@ createInstance(instanceConf_t **const pinst)
82
- inst->iPersistStateInterval = 0;
83
- inst->readMode = 0;
84
- inst->startRegex = NULL;
85
- + inst->endRegex = NULL;
86
- inst->discardTruncatedMsg = 0;
87
- inst->msgDiscardingError = 1;
88
- inst->bRMStateOnDel = 1;
89
- @@ -1713,6 +1721,8 @@ CODESTARTnewInpInst
90
- inst->readMode = (sbool) pvals[i].val.d.n;
91
- } else if(!strcmp(inppblk.descr[i].name, "startmsg.regex")) {
92
- inst->startRegex = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
93
- + } else if(!strcmp(inppblk.descr[i].name, "endmsg.regex")) {
94
- + inst->endRegex = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
95
- } else if(!strcmp(inppblk.descr[i].name, "discardtruncatedmsg")) {
96
- inst->discardTruncatedMsg = (sbool) pvals[i].val.d.n;
97
- } else if(!strcmp(inppblk.descr[i].name, "msgdiscardingerror")) {
98
- @@ -1753,19 +1763,31 @@ CODESTARTnewInpInst
99
- "param '%s'\n", inppblk.descr[i].name);
100
- }
101
- }
102
- - if(inst->readMode != 0 && inst->startRegex != NULL) {
103
- + i = (inst->readMode > 0) ? 1 : 0;
104
- + i = (NULL != inst->startRegex) ? (i+1) : i;
105
- + i = (NULL != inst->endRegex) ? (i+1) : i;
106
- + if(i > 1) {
107
- LogError(0, RS_RET_PARAM_NOT_PERMITTED,
108
- - "readMode and startmsg.regex cannot be set "
109
- - "at the same time --- remove one of them");
110
- + "only one of readMode or startmsg.regex or endmsg.regex can be set "
111
- + "at the same time");
112
- ABORT_FINALIZE(RS_RET_PARAM_NOT_PERMITTED);
113
- }
114
-
115
- if(inst->startRegex != NULL) {
116
- - const int errcode = regcomp(&inst->end_preg, (char*)inst->startRegex, REG_EXTENDED);
117
- + const int errcode = regcomp(&inst->start_preg, (char*)inst->startRegex, REG_EXTENDED);
118
- + if(errcode != 0) {
119
- + char errbuff[512];
120
- + regerror(errcode, &inst->start_preg, errbuff, sizeof(errbuff));
121
- + parser_errmsg("imfile: error in startmsg.regex expansion: %s", errbuff);
122
- + ABORT_FINALIZE(RS_RET_ERR);
123
- + }
124
- + }
125
- + if(inst->endRegex != NULL) {
126
- + const int errcode = regcomp(&inst->end_preg, (char*)inst->endRegex, REG_EXTENDED);
127
- if(errcode != 0) {
128
- char errbuff[512];
129
- regerror(errcode, &inst->end_preg, errbuff, sizeof(errbuff));
130
- - parser_errmsg("imfile: error in regex expansion: %s", errbuff);
131
- + parser_errmsg("imfile: error in endmsg.regex expansion: %s", errbuff);
132
- ABORT_FINALIZE(RS_RET_ERR);
133
- }
134
- }
135
- @@ -1970,9 +1992,13 @@ CODESTARTfreeCnf
136
- free(inst->pszStateFile);
137
- free(inst->pszFileName_forOldStateFile);
138
- if(inst->startRegex != NULL) {
139
- - regfree(&inst->end_preg);
140
- + regfree(&inst->start_preg);
141
- free(inst->startRegex);
142
- }
143
- + if(inst->endRegex != NULL) {
144
- + regfree(&inst->end_preg);
145
- + free(inst->endRegex);
146
- + }
147
- del = inst;
148
- inst = inst->next;
149
- free(del);
150
- diff --git a/plugins/imptcp/imptcp.c b/plugins/imptcp/imptcp.c
151
- index 9b6be0f40..a94b97f41 100644
152
- --- a/plugins/imptcp/imptcp.c
153
- +++ b/plugins/imptcp/imptcp.c
154
- @@ -162,7 +162,7 @@ struct instanceConf_s {
155
- int ratelimitInterval;
156
- int ratelimitBurst;
157
- uchar *startRegex;
158
- - regex_t end_preg; /* compiled version of startRegex */
159
- + regex_t start_preg; /* compiled version of startRegex */
160
- struct instanceConf_s *next;
161
- };
162
-
163
- @@ -961,7 +961,7 @@ processDataRcvd_regexFraming(ptcpsess_t *const __restrict__ pThis,
164
- if(c == '\n') {
165
- pThis->iCurrLine = pThis->iMsg;
166
- } else {
167
- - const int isMatch = !regexec(&inst->end_preg, (char*)pThis->pMsg+pThis->iCurrLine, 0, NULL, 0);
168
- + const int isMatch = !regexec(&inst->start_preg, (char*)pThis->pMsg+pThis->iCurrLine, 0, NULL, 0);
169
- if(isMatch) {
170
- DBGPRINTF("regex match (%d), framing line: %s\n", pThis->iCurrLine, pThis->pMsg);
171
- strcpy((char*)pThis->pMsg_save, (char*) pThis->pMsg+pThis->iCurrLine);
172
- @@ -2188,10 +2188,10 @@ CODESTARTnewInpInst
173
- }
174
-
175
- if(inst->startRegex != NULL) {
176
- - const int errcode = regcomp(&inst->end_preg, (char*)inst->startRegex, REG_EXTENDED);
177
- + const int errcode = regcomp(&inst->start_preg, (char*)inst->startRegex, REG_EXTENDED);
178
- if(errcode != 0) {
179
- char errbuff[512];
180
- - regerror(errcode, &inst->end_preg, errbuff, sizeof(errbuff));
181
- + regerror(errcode, &inst->start_preg, errbuff, sizeof(errbuff));
182
- parser_errmsg("imptcp: error in framing.delimiter.regex expansion: %s", errbuff);
183
- ABORT_FINALIZE(RS_RET_ERR);
184
- }
185
- @@ -2348,7 +2348,7 @@ CODESTARTfreeCnf
186
- free(inst->pszInputName);
187
- free(inst->dfltTZ);
188
- if(inst->startRegex != NULL) {
189
- - regfree(&inst->end_preg);
190
- + regfree(&inst->start_preg);
191
- free(inst->startRegex);
192
- }
193
- del = inst;
194
- diff --git a/runtime/stream.c b/runtime/stream.c
195
- index 6b7e7028e..0f4197103 100644
196
- --- a/runtime/stream.c
197
- +++ b/runtime/stream.c
198
- @@ -942,12 +942,12 @@ strmReadMultiLine_isTimedOut(const strm_t *const __restrict__ pThis)
199
-
200
- /* read a multi-line message from a strm file.
201
- * The multi-line message is terminated based on the user-provided
202
- - * startRegex (Posix ERE). For performance reasons, the regex
203
- + * startRegex or endRegex (Posix ERE). For performance reasons, the regex
204
- * must already have been compiled by the user.
205
- * added 2015-05-12 rgerhards
206
- */
207
- rsRetVal
208
- -strmReadMultiLine(strm_t *pThis, cstr_t **ppCStr, regex_t *preg, const sbool bEscapeLF,
209
- +strmReadMultiLine(strm_t *pThis, cstr_t **ppCStr, regex_t *start_preg, regex_t *end_preg, const sbool bEscapeLF,
210
- const sbool discardTruncatedMsg, const sbool msgDiscardingError, int64 *const strtOffs)
211
- {
212
- uchar c;
213
- @@ -979,9 +979,14 @@ strmReadMultiLine(strm_t *pThis, cstr_t **ppCStr, regex_t *preg, const sbool bEs
214
- cstrFinalize(thisLine);
215
-
216
- /* we have a line, now let's assemble the message */
217
- - const int isMatch = !regexec(preg, (char*)rsCStrGetSzStrNoNULL(thisLine), 0, NULL, 0);
218
- -
219
- - if(isMatch) {
220
- + const int isStartMatch = start_preg ?
221
- + !regexec(start_preg, (char*)rsCStrGetSzStrNoNULL(thisLine), 0, NULL, 0) :
222
- + 0;
223
- + const int isEndMatch = end_preg ?
224
- + !regexec(end_preg, (char*)rsCStrGetSzStrNoNULL(thisLine), 0, NULL, 0) :
225
- + 0;
226
- +
227
- + if(isStartMatch) {
228
- /* in this case, the *previous* message is complete and we are
229
- * at the start of a new one.
230
- */
231
- @@ -1047,6 +1052,19 @@ strmReadMultiLine(strm_t *pThis, cstr_t **ppCStr, regex_t *preg, const sbool bEs
232
- }
233
- }
234
- }
235
- + if(isEndMatch) {
236
- + /* in this case, the *current* message is complete and we are
237
- + * at the end of it.
238
- + */
239
- + if(pThis->ignoringMsg == 0) {
240
- + if(pThis->prevMsgSegment != NULL) {
241
- + finished = 1;
242
- + *ppCStr = pThis->prevMsgSegment;
243
- + pThis->prevMsgSegment= NULL;
244
- + }
245
- + }
246
- + pThis->ignoringMsg = 0;
247
- + }
248
- cstrDestruct(&thisLine);
249
- } while(finished == 0);
250
-
251
- diff --git a/runtime/stream.h b/runtime/stream.h
252
- index 71596879e..7dc597ff5 100644
253
- --- a/runtime/stream.h
254
- +++ b/runtime/stream.h
255
- @@ -225,7 +225,7 @@ ENDinterface(strm)
256
- /* prototypes */
257
- PROTOTYPEObjClassInit(strm);
258
- rsRetVal strmMultiFileSeek(strm_t *pThis, unsigned int fileNum, off64_t offs, off64_t *bytesDel);
259
- -rsRetVal strmReadMultiLine(strm_t *pThis, cstr_t **ppCStr, regex_t *preg,
260
- +rsRetVal strmReadMultiLine(strm_t *pThis, cstr_t **ppCStr, regex_t *start_preg, regex_t *end_preg,
261
- sbool bEscapeLF, sbool discardTruncatedMsg, sbool msgDiscardingError, int64 *const strtOffs);
262
- int strmReadMultiLine_isTimedOut(const strm_t *const __restrict__ pThis);
263
- void strmDebugOutBuf(const strm_t *const pThis);
file removed
-368
SOURCES/rsyslog-8.37.0-rhbz1674471-imfile-log-rotation.patch DELETED
@@ -1,368 +0,0 @@
1
- From f85ef7aabcec84497a5eaf9670616b3402c79d9c Mon Sep 17 00:00:00 2001
2
- From: Rainer Gerhards <rgerhards@adiscon.com>
3
- Date: Sun, 23 Sep 2018 13:19:31 +0200
4
- Subject: File rotation with imfile broken
5
-
6
- Previously, truncation was only detected at end of file. Especially with
7
- busy files that could cause loss of data and possibly also stall imfile
8
- reading. The new code now also checks during each read. Obviously, there
9
- is some additional overhead associated with that, but this is unavoidable.
10
-
11
- It still is highly recommended NOT to turn on "reopenOnTruncate" in imfile.
12
- Note that there are also inherant reliability issues. There is no way to
13
- "fix" these, as they are caused by races between the process(es) who truncate
14
- and rsyslog reading the file. But with the new code, the "problem window"
15
- should be much smaller and, more importantly, imfile should not stall.
16
-
17
- A change in the inode was not detected under all circumstances,
18
- most importantly not in some logrotate cases.
19
-
20
- Includes new tests made by Andre Lorbach. They now use the
21
- logrotate tool natively to reproduce the issue.
22
- ---
23
- runtime/rsyslog.h | 6 ++--
24
- plugins/imfile/imfile.c | 17 +++-
25
- runtime/stream.c | 122 ++++++++----
26
- runtime/stream.h | 7 ++
27
- 4 files changed, 126 insertions(+), 36 deletions(-)
28
-
29
- diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
30
- index 61d0af623..22a1c46d1 100644
31
- --- a/runtime/rsyslog.h
32
- +++ b/runtime/rsyslog.h
33
- @@ -221,9 +221,9 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth
34
- /* begin regular error codes */
35
- RS_RET_NOT_IMPLEMENTED = -7, /**< implementation is missing (probably internal error or lazyness ;)) */
36
- RS_RET_OUT_OF_MEMORY = -6, /**< memory allocation failed */
37
- - RS_RET_PROVIDED_BUFFER_TOO_SMALL = -50,
38
- -/*< the caller provided a buffer, but the called function sees the size of this buffer is too small -
39
- -operation not carried out */
40
- + RS_RET_PROVIDED_BUFFER_TOO_SMALL = -50, /*< the caller provided a buffer, but the called function sees
41
- + the size of this buffer is too small - operation not carried out */
42
- + RS_RET_FILE_TRUNCATED = -51, /**< (input) file was truncated, not an error but a status */
43
- RS_RET_TRUE = -3, /**< to indicate a true state (can be used as TRUE, legacy) */
44
- RS_RET_FALSE = -2, /**< to indicate a false state (can be used as FALSE, legacy) */
45
- RS_RET_NO_IRET = -8, /**< This is a trick for the debuging system - it means no iRet is provided */
46
- diff --git a/plugins/imfile/imfile.c b/plugins/imfile/imfile.c
47
- index f4a4ef9b7..6be8b2999 100644
48
- --- a/plugins/imfile/imfile.c
49
- +++ b/plugins/imfile/imfile.c
50
- @@ -740,8 +740,19 @@ detect_updates(fs_edge_t *const edge)
51
- act_obj_unlink(act);
52
- restart = 1;
53
- break;
54
- + } else if(fileInfo.st_ino != act->ino) {
55
- + DBGPRINTF("file '%s' inode changed from %llu to %llu, unlinking from "
56
- + "internal lists\n", act->name, (long long unsigned) act->ino,
57
- + (long long unsigned) fileInfo.st_ino);
58
- + if(act->pStrm != NULL) {
59
- + /* we do no need to re-set later, as act_obj_unlink
60
- + * will destroy the strm obj */
61
- + strmSet_checkRotation(act->pStrm, STRM_ROTATION_DO_NOT_CHECK);
62
- + }
63
- + act_obj_unlink(act);
64
- + restart = 1;
65
- + break;
66
- }
67
- - // TODO: add inode check for change notification!
68
-
69
- }
70
-
71
- @@ -993,10 +1004,10 @@ chk_active(const act_obj_t *act, const act_obj_t *const deleted)
72
- /* unlink act object from linked list and then
73
- * destruct it.
74
- */
75
- -static void //ATTR_NONNULL()
76
- +static void ATTR_NONNULL()
77
- act_obj_unlink(act_obj_t *act)
78
- {
79
- - DBGPRINTF("act_obj_unlink %p: %s\n", act, act->name);
80
- + DBGPRINTF("act_obj_unlink %p: %s, pStrm %p\n", act, act->name, act->pStrm);
81
- if(act->prev == NULL) {
82
- act->edge->active = act->next;
83
- } else {
84
- diff --git a/runtime/stream.c b/runtime/stream.c
85
- index 0f4197103..32a12b256 100644
86
- --- a/runtime/stream.c
87
- +++ b/runtime/stream.c
88
- @@ -400,6 +400,7 @@ static rsRetVal strmOpenFile(strm_t *pThis)
89
- CHKiRet(doPhysOpen(pThis));
90
-
91
- pThis->iCurrOffs = 0;
92
- + pThis->iBufPtrMax = 0;
93
- CHKiRet(getFileSize(pThis->pszCurrFName, &offset));
94
- if(pThis->tOperationsMode == STREAMMODE_WRITE_APPEND) {
95
- pThis->iCurrOffs = offset;
96
- @@ -636,6 +637,78 @@ strmHandleEOF(strm_t *pThis)
97
- RETiRet;
98
- }
99
-
100
- +
101
- +/* helper to checkTruncation */
102
- +static rsRetVal ATTR_NONNULL()
103
- +rereadTruncated(strm_t *const pThis, const char *const reason)
104
- +{
105
- + DEFiRet;
106
- +
107
- + LogMsg(errno, RS_RET_FILE_TRUNCATED, LOG_WARNING, "file '%s': truncation detected, "
108
- + "(%s) - re-start reading from beginning",
109
- + pThis->pszCurrFName, reason);
110
- + DBGPRINTF("checkTruncation, file %s last buffer CHANGED\n", pThis->pszCurrFName);
111
- + CHKiRet(strmCloseFile(pThis));
112
- + CHKiRet(strmOpenFile(pThis));
113
- + iRet = RS_RET_FILE_TRUNCATED;
114
- +
115
- +finalize_it:
116
- + RETiRet;
117
- +}
118
- +/* helper to read:
119
- + * Check if file has been truncated since last read and, if so, re-set reading
120
- + * to begin of file. To detect truncation, we try to re-read the last block.
121
- + * If that does not succeed or different data than from the original read is
122
- + * returned, truncation is assumed.
123
- + * NOTE: this function must be called only if truncation is enabled AND
124
- + * when the previous read buffer still is valid (aka "before the next read").
125
- + * It is ok to call with a 0-size buffer, which we than assume as begin of
126
- + * reading. In that case, no truncation will be detected.
127
- + * rgerhards, 2018-09-20
128
- + */
129
- +static rsRetVal ATTR_NONNULL()
130
- +checkTruncation(strm_t *const pThis)
131
- +{
132
- + DEFiRet;
133
- + int ret;
134
- + off64_t backseek;
135
- + assert(pThis->bReopenOnTruncate);
136
- +
137
- + DBGPRINTF("checkTruncation, file %s, iBufPtrMax %zd\n", pThis->pszCurrFName, pThis->iBufPtrMax);
138
- + if(pThis->iBufPtrMax == 0) {
139
- + FINALIZE;
140
- + }
141
- +
142
- + int currpos = lseek64(pThis->fd, 0, SEEK_CUR);
143
- + backseek = -1 * (off64_t) pThis->iBufPtrMax;
144
- + dbgprintf("checkTruncation in actual processing, currpos %d, backseek is %d\n", (int)currpos, (int) backseek);
145
- + ret = lseek64(pThis->fd, backseek, SEEK_CUR);
146
- + if(ret < 0) {
147
- + iRet = rereadTruncated(pThis, "cannot seek backward to begin of last block");
148
- + FINALIZE;
149
- + }
150
- +dbgprintf("checkTruncation seek backwrds: %d\n", ret);
151
- +currpos = lseek64(pThis->fd, 0, SEEK_CUR);
152
- +dbgprintf("checkTruncation in actual processing, NEW currpos %d, backseek is %d\n", (int)currpos, (int) backseek);
153
- +
154
- + const ssize_t lenRead = read(pThis->fd, pThis->pIOBuf_truncation, pThis->iBufPtrMax);
155
- + dbgprintf("checkTruncation proof-read: %d bytes\n", (int) lenRead);
156
- + if(lenRead < 0) {
157
- + iRet = rereadTruncated(pThis, "last block could not be re-read");
158
- + FINALIZE;
159
- + }
160
- +
161
- + if(!memcmp(pThis->pIOBuf_truncation, pThis->pIOBuf, pThis->iBufPtrMax)) {
162
- + DBGPRINTF("checkTruncation, file %s last buffer unchanged\n", pThis->pszCurrFName);
163
- + } else {
164
- + iRet = rereadTruncated(pThis, "last block data different");
165
- + }
166
- +
167
- +finalize_it:
168
- + RETiRet;
169
- +}
170
- +
171
- +
172
- /* read the next buffer from disk
173
- * rgerhards, 2008-02-13
174
- */
175
- @@ -668,6 +741,13 @@ strmReadBuf(strm_t *pThis, int *padBytes)
176
- toRead = (size_t) bytesLeft;
177
- }
178
- }
179
- + if(pThis->bReopenOnTruncate) {
180
- + rsRetVal localRet = checkTruncation(pThis);
181
- + if(localRet == RS_RET_FILE_TRUNCATED) {
182
- + continue;
183
- + }
184
- + CHKiRet(localRet);
185
- + }
186
- iLenRead = read(pThis->fd, pThis->pIOBuf, toRead);
187
- DBGOPRINT((obj_t*) pThis, "file %d read %ld bytes\n", pThis->fd, iLenRead);
188
- /* end crypto */
189
- @@ -1184,6 +1264,7 @@ static rsRetVal strmConstructFinalize(strm_t *pThis)
190
- } else {
191
- /* we work synchronously, so we need to alloc a fixed pIOBuf */
192
- CHKmalloc(pThis->pIOBuf = (uchar*) MALLOC(pThis->sIOBufSize));
193
- + CHKmalloc(pThis->pIOBuf_truncation = (char*) MALLOC(pThis->sIOBufSize));
194
- }
195
-
196
- finalize_it:
197
- @@ -1231,6 +1312,7 @@ CODESTARTobjDestruct(strm)
198
- }
199
- } else {
200
- free(pThis->pIOBuf);
201
- + free(pThis->pIOBuf_truncation);
202
- }
203
-
204
- /* Finally, we can free the resources.
205
- diff --git a/runtime/stream.c b/runtime/stream.c
206
- index 2d494c612..5b52591ef 100644
207
- --- a/runtime/stream.c
208
- +++ b/runtime/stream.c
209
- @@ -360,8 +360,8 @@ CheckFileChange(strm_t *pThis)
210
- CHKiRet(strmSetCurrFName(pThis));
211
- if(stat((char*) pThis->pszCurrFName, &statName) == -1)
212
- ABORT_FINALIZE(RS_RET_IO_ERROR);
213
- - DBGPRINTF("stream/after deserialize checking for file change on '%s', "
214
- - "inode %u/%u, size/currOffs %llu/%llu\n",
215
- + DBGPRINTF("CheckFileChange: stream/after deserialize checking for file change "
216
- + "on '%s', inode %u/%u, size/currOffs %llu/%llu\n",
217
- pThis->pszCurrFName, (unsigned) pThis->inode,
218
- (unsigned) statName.st_ino,
219
- (long long unsigned) statName.st_size,
220
- @@ -574,8 +574,8 @@ strmNextFile(strm_t *pThis)
221
- * circumstances). So starting as of now, we only check the inode number and
222
- * a file change is detected only if the inode changes. -- rgerhards, 2011-01-10
223
- */
224
- -static rsRetVal
225
- -strmHandleEOFMonitor(strm_t *pThis)
226
- +static rsRetVal ATTR_NONNULL()
227
- +strmHandleEOFMonitor(strm_t *const pThis)
228
- {
229
- DEFiRet;
230
- struct stat statName;
231
- @@ -611,8 +611,8 @@ strmHandleEOFMonitor(strm_t *pThis)
232
- * try to open the next one.
233
- * rgerhards, 2008-02-13
234
- */
235
- -static rsRetVal
236
- -strmHandleEOF(strm_t *pThis)
237
- +static rsRetVal ATTR_NONNULL()
238
- +strmHandleEOF(strm_t *const pThis)
239
- {
240
- DEFiRet;
241
-
242
- @@ -629,7 +629,13 @@ strmHandleEOF(strm_t *pThis)
243
- CHKiRet(strmNextFile(pThis));
244
- break;
245
- case STREAMTYPE_FILE_MONITOR:
246
- - CHKiRet(strmHandleEOFMonitor(pThis));
247
- + DBGOPRINT((obj_t*) pThis, "file '%s' (%d) EOF, rotationCheck %d\n",
248
- + pThis->pszCurrFName, pThis->fd, pThis->rotationCheck);
249
- + if(pThis->rotationCheck == STRM_ROTATION_DO_CHECK) {
250
- + CHKiRet(strmHandleEOFMonitor(pThis));
251
- + } else {
252
- + ABORT_FINALIZE(RS_RET_EOF);
253
- + }
254
- break;
255
- }
256
-
257
- @@ -687,9 +693,6 @@ checkTruncation(strm_t *const pThis)
258
- iRet = rereadTruncated(pThis, "cannot seek backward to begin of last block");
259
- FINALIZE;
260
- }
261
- -dbgprintf("checkTruncation seek backwrds: %d\n", ret);
262
- -currpos = lseek64(pThis->fd, 0, SEEK_CUR);
263
- -dbgprintf("checkTruncation in actual processing, NEW currpos %d, backseek is %d\n", (int)currpos, (int) backseek);
264
-
265
- const ssize_t lenRead = read(pThis->fd, pThis->pIOBuf_truncation, pThis->iBufPtrMax);
266
- dbgprintf("checkTruncation proof-read: %d bytes\n", (int) lenRead);
267
- @@ -861,7 +864,7 @@ static rsRetVal strmUnreadChar(strm_t *pThis, uchar c)
268
- * a line, but following lines that are indented are part of the same log entry
269
- */
270
- static rsRetVal
271
- -strmReadLine(strm_t *pThis, cstr_t **ppCStr, uint8_t mode, sbool bEscapeLF,
272
- +strmReadLine(strm_t *const pThis, cstr_t **ppCStr, uint8_t mode, sbool bEscapeLF,
273
- uint32_t trimLineOverBytes, int64 *const strtOffs)
274
- {
275
- uchar c;
276
- @@ -2147,14 +2150,25 @@ DEFpropSetMeth(strm, cryprov, cryprov_if_t*)
277
- DEFpropSetMeth(strm, cryprovData, void*)
278
-
279
- /* sets timeout in seconds */
280
- -void
281
- +void ATTR_NONNULL()
282
- strmSetReadTimeout(strm_t *const __restrict__ pThis, const int val)
283
- {
284
- + ISOBJ_TYPE_assert(pThis, strm);
285
- pThis->readTimeout = val;
286
- }
287
-
288
- -static rsRetVal strmSetbDeleteOnClose(strm_t *pThis, int val)
289
- +void ATTR_NONNULL()
290
- +strmSet_checkRotation(strm_t *const pThis, const int val) {
291
- + ISOBJ_TYPE_assert(pThis, strm);
292
- + assert(val == STRM_ROTATION_DO_CHECK || val == STRM_ROTATION_DO_NOT_CHECK);
293
- + pThis->rotationCheck = val;
294
- +}
295
- +
296
- +
297
- +static rsRetVal ATTR_NONNULL()
298
- +strmSetbDeleteOnClose(strm_t *const pThis, const int val)
299
- {
300
- + ISOBJ_TYPE_assert(pThis, strm);
301
- pThis->bDeleteOnClose = val;
302
- if(pThis->cryprov != NULL) {
303
- pThis->cryprov->SetDeleteOnClose(pThis->cryprovFileData, pThis->bDeleteOnClose);
304
- @@ -2162,15 +2176,19 @@ static rsRetVal strmSetbDeleteOnClose(strm_t *pThis, int val)
305
- return RS_RET_OK;
306
- }
307
-
308
- -static rsRetVal strmSetiMaxFiles(strm_t *pThis, int iNewVal)
309
- +static rsRetVal ATTR_NONNULL()
310
- +strmSetiMaxFiles(strm_t *const pThis, const int iNewVal)
311
- {
312
- + ISOBJ_TYPE_assert(pThis, strm);
313
- pThis->iMaxFiles = iNewVal;
314
- pThis->iFileNumDigits = getNumberDigits(iNewVal);
315
- return RS_RET_OK;
316
- }
317
-
318
- -static rsRetVal strmSetFileNotFoundError(strm_t *pThis, int pFileNotFoundError)
319
- +static rsRetVal ATTR_NONNULL()
320
- +strmSetFileNotFoundError(strm_t *const pThis, const int pFileNotFoundError)
321
- {
322
- + ISOBJ_TYPE_assert(pThis, strm);
323
- pThis->fileNotFoundError = pFileNotFoundError;
324
- return RS_RET_OK;
325
- }
326
- diff --git a/runtime/stream.h b/runtime/stream.h
327
- index 7dc597ff5..e3d6c2372 100644
328
- --- a/runtime/stream.h
329
- +++ b/runtime/stream.h
330
- @@ -124,6 +124,7 @@ typedef struct strm_s {
331
- ino_t inode; /* current inode for files being monitored (undefined else) */
332
- uchar *pszCurrFName; /* name of current file (if open) */
333
- uchar *pIOBuf; /* the iobuffer currently in use to gather data */
334
- + char *pIOBuf_truncation; /* iobuffer used during trucation detection block re-reads */
335
- size_t iBufPtrMax; /* current max Ptr in Buffer (if partial read!) */
336
- size_t iBufPtr; /* pointer into current buffer */
337
- int iUngetC; /* char set via UngetChar() call or -1 if none set */
338
-
339
- diff --git a/runtime/stream.h b/runtime/stream.h
340
- index e3d6c2372..f6f48378a 100644
341
- --- a/runtime/stream.h
342
- +++ b/runtime/stream.h
343
- @@ -91,6 +91,10 @@ typedef enum { /* when extending, do NOT change existing modes! */
344
- STREAMMODE_WRITE_APPEND = 4
345
- } strmMode_t;
346
-
347
- +/* settings for stream rotation (applies not to all processing modes!) */
348
- +#define STRM_ROTATION_DO_CHECK 0
349
- +#define STRM_ROTATION_DO_NOT_CHECK 1
350
- +
351
- #define STREAM_ASYNC_NUMBUFS 2 /* must be a power of 2 -- TODO: make configurable */
352
- /* The strm_t data structure */
353
- typedef struct strm_s {
354
- @@ -114,6 +118,7 @@ typedef struct strm_s {
355
- sbool bDisabled; /* should file no longer be written to? (currently set only if omfile file size limit fails) */
356
- sbool bSync; /* sync this file after every write? */
357
- sbool bReopenOnTruncate;
358
- + int rotationCheck; /* rotation check mode */
359
- size_t sIOBufSize;/* size of IO buffer */
360
- uchar *pszDir; /* Directory */
361
- int lenDir;
362
- @@ -234,5 +239,6 @@ void strmSetReadTimeout(strm_t *const __restrict__ pThis, const int val);
363
- const uchar * ATTR_NONNULL() strmGetPrevLineSegment(strm_t *const pThis);
364
- const uchar * ATTR_NONNULL() strmGetPrevMsgSegment(strm_t *const pThis);
365
- int ATTR_NONNULL() strmGetPrevWasNL(const strm_t *const pThis);
366
- +void ATTR_NONNULL() strmSet_checkRotation(strm_t *const pThis, const int val);
367
-
368
- #endif /* #ifndef STREAM_H_INCLUDED */
file removed
-86
SOURCES/rsyslog-8.37.0-rhbz1677037-short-offMsg-overrun-crash.patch DELETED
@@ -1,86 +0,0 @@
1
- From 1255a67fdec2fc44cd49b6ea8c463f4319910812 Mon Sep 17 00:00:00 2001
2
- From: Jiri Vymazal <jvymazal@redhat.com>
3
- Date: Wed, 27 Feb 2019 11:57:49 +0100
4
- Subject: [PATCH] Enlarged msg offset types for bigger structured messages
5
-
6
- using a large enough (dozens of kBs) structured message
7
- it is possible to overflow the signed short type which leads
8
- to rsyslog crash.
9
- ---
10
- runtime/msg.c | 12 ++++++------
11
- runtime/msg.h | 8 ++++----
12
- 2 files changed, 10 insertions(+), 10 deletions(-)
13
-
14
- diff --git a/runtime/msg.c b/runtime/msg.c
15
- index b82c38b9ee..96306bbeab 100644
16
- --- a/runtime/msg.c
17
- +++ b/runtime/msg.c
18
- @@ -839,7 +839,7 @@ msgBaseConstruct(smsg_t **ppThis)
19
- pM->iFacility = LOG_INVLD;
20
- pM->iLenPROGNAME = -1;
21
- pM->offAfterPRI = 0;
22
- - pM->offMSG = -1;
23
- + pM->offMSG = 0;
24
- pM->iProtocolVersion = 0;
25
- pM->msgFlags = 0;
26
- pM->iLenRawMsg = 0;
27
- @@ -2167,7 +2167,7 @@ MsgSetFlowControlType(smsg_t * const pMsg, flowControl_t eFlowCtl)
28
- * rgerhards, 2009-06-16
29
- */
30
- rsRetVal
31
- -MsgSetAfterPRIOffs(smsg_t * const pMsg, short offs)
32
- +MsgSetAfterPRIOffs(smsg_t * const pMsg, uint32_t offs)
33
- {
34
- assert(pMsg != NULL);
35
- pMsg->offAfterPRI = offs;
36
- @@ -2819,12 +2819,12 @@ void MsgSetHOSTNAME(smsg_t *pThis, const uchar* pszHOSTNAME, const int lenHOSTNA
37
- * (exactly by one). This can happen if we have a message that does not
38
- * contain any MSG part.
39
- */
40
- -void MsgSetMSGoffs(smsg_t * const pMsg, short offs)
41
- +void MsgSetMSGoffs(smsg_t * const pMsg, uint32_t offs)
42
- {
43
- ISOBJ_TYPE_assert(pMsg, msg);
44
- pMsg->offMSG = offs;
45
- - if(offs > pMsg->iLenRawMsg) {
46
- - assert(offs - 1 == pMsg->iLenRawMsg);
47
- + if(offs > (uint32_t)pMsg->iLenRawMsg) {
48
- + assert((int)offs - 1 == pMsg->iLenRawMsg);
49
- pMsg->iLenMSG = 0;
50
- } else {
51
- pMsg->iLenMSG = pMsg->iLenRawMsg - offs;
52
- @@ -2920,7 +2920,7 @@ MsgSetRawMsg(smsg_t *const pThis, const char*const pszRawMsg, const size_t lenMs
53
- memcpy(pThis->pszRawMsg, pszRawMsg, pThis->iLenRawMsg);
54
- pThis->pszRawMsg[pThis->iLenRawMsg] = '\0'; /* this also works with truncation! */
55
- /* correct other information */
56
- - if(pThis->iLenRawMsg > pThis->offMSG)
57
- + if((uint32_t)pThis->iLenRawMsg > pThis->offMSG)
58
- pThis->iLenMSG += deltaSize;
59
- else
60
- pThis->iLenMSG = 0;
61
- diff --git a/runtime/msg.h b/runtime/msg.h
62
- index 74439275b1..722cca6e8a 100644
63
- --- a/runtime/msg.h
64
- +++ b/runtime/msg.h
65
- @@ -67,8 +67,8 @@ struct msg {
66
- sbool bParseSuccess; /* set to reflect state of last executed higher level parser */
67
- unsigned short iSeverity;/* the severity */
68
- unsigned short iFacility;/* Facility code */
69
- - short offAfterPRI; /* offset, at which raw message WITHOUT PRI part starts in pszRawMsg */
70
- - short offMSG; /* offset at which the MSG part starts in pszRawMsg */
71
- + uint32_t offAfterPRI; /* offset, at which raw message WITHOUT PRI part starts in pszRawMsg */
72
- + uint32_t offMSG; /* offset at which the MSG part starts in pszRawMsg */
73
- short iProtocolVersion;/* protocol version of message received 0 - legacy, 1 syslog-protocol) */
74
- int msgFlags; /* flags associated with this message */
75
- int iLenRawMsg; /* length of raw message */
76
- @@ -194,8 +194,8 @@ void MsgSetRcvFromStr(smsg_t *const pMsg, const uchar* pszRcvFrom, const int, pr
77
- rsRetVal MsgSetRcvFromIP(smsg_t *pMsg, prop_t*);
78
- rsRetVal MsgSetRcvFromIPStr(smsg_t *const pThis, const uchar *psz, const int len, prop_t **ppProp);
79
- void MsgSetHOSTNAME(smsg_t *pMsg, const uchar* pszHOSTNAME, const int lenHOSTNAME);
80
- -rsRetVal MsgSetAfterPRIOffs(smsg_t *pMsg, short offs);
81
- -void MsgSetMSGoffs(smsg_t *pMsg, short offs);
82
- +rsRetVal MsgSetAfterPRIOffs(smsg_t *pMsg, uint32_t offs);
83
- +void MsgSetMSGoffs(smsg_t *pMsg, uint32_t offs);
84
- void MsgSetRawMsgWOSize(smsg_t *pMsg, char* pszRawMsg);
85
- void ATTR_NONNULL() MsgSetRawMsg(smsg_t *const pThis, const char*const pszRawMsg, const size_t lenMsg);
86
- rsRetVal MsgReplaceMSG(smsg_t *pThis, const uchar* pszMSG, int lenMSG);
file removed
-60
SOURCES/rsyslog-8.37.0-rhbz1716867-imjournal-memleak.patch DELETED
@@ -1,60 +0,0 @@
1
- From 920c28ff705aac74f389b4613815b14b9482e497 Mon Sep 17 00:00:00 2001
2
- From: Jiri Vymazal <jvymazal@redhat.com>
3
- Date: Mon, 21 Jan 2019 10:58:03 +0100
4
- Subject: [PATCH] Added missing free() calls of received journal cursor
5
-
6
- ---
7
- plugins/imjournal/imjournal.c | 5 +++++
8
- 1 file changed, 5 insertions(+)
9
-
10
- diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c
11
- index a85e521003..f5c2be4b6e 100644
12
- --- a/plugins/imjournal/imjournal.c
13
- +++ b/plugins/imjournal/imjournal.c
14
- @@ -442,8 +437,7 @@ readjournal(void)
15
-
16
- if (cs.bWorkAroundJournalBug) {
17
- /* save journal cursor (at this point we can be sure it is valid) */
18
- - sd_journal_get_cursor(j, &c);
19
- - if (c) {
20
- + if (!sd_journal_get_cursor(j, &c)) {
21
- free(last_cursor);
22
- last_cursor = c;
23
- }
24
- @@ -470,6 +471,7 @@ persistJournalState(void)
25
- }
26
- } else {
27
- int ret;
28
- + free(last_cursor);
29
- if ((ret = sd_journal_get_cursor(j, &last_cursor))) {
30
- LogError(-ret, RS_RET_ERR, "imjournal: sd_journal_get_cursor() failed");
31
- ABORT_FINALIZE(RS_RET_ERR);
32
- @@ -630,6 +632,7 @@ loadJournalState(void)
33
- iRet = RS_RET_ERR;
34
- }
35
- }
36
- + free(tmp_cursor);
37
- }
38
- } else {
39
- LogError(0, RS_RET_IO_ERROR, "imjournal: "
40
- @@ -843,6 +846,7 @@ BEGINfreeCnf
41
- free(cs.stateFile);
42
- free(cs.usePid);
43
- free(cs.dfltTag);
44
- + free(last_cursor);
45
- statsobj.Destruct(&(statsCounter.stats));
46
- ENDfreeCnf
47
-
48
- diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c
49
- index f5c2be4b6e..7225fae1ab 100644
50
- --- a/plugins/imjournal/imjournal.c
51
- +++ b/plugins/imjournal/imjournal.c
52
- @@ -474,6 +474,7 @@ persistJournalState(void)
53
- free(last_cursor);
54
- if ((ret = sd_journal_get_cursor(j, &last_cursor))) {
55
- LogError(-ret, RS_RET_ERR, "imjournal: sd_journal_get_cursor() failed");
56
- + last_cursor = NULL;
57
- ABORT_FINALIZE(RS_RET_ERR);
58
- }
59
- }
60
-
file removed
-136
SOURCES/rsyslog-8.37.0-rhbz1722165-imjournal-flooding-errors.patch DELETED
@@ -1,136 +0,0 @@
1
- From 9c22b31cd639911a2faffad02f2ed9f7cc10b9e1 Mon Sep 17 00:00:00 2001
2
- From: Jiri Vymazal <jvymazal@redhat.com>
3
- Date: Fri, 15 Mar 2019 09:29:04 +0100
4
- Subject: [PATCH] Fetching journal cursor only for valid journal
5
-
6
- The sd_journal_get_cursor() got called regradless of previous
7
- retcodes from other jorunal calls which flooded logs with journald
8
- errors. Now skipping the call in case of previous journal call
9
- non-zero result. Fixed success checking of get_cursor() call
10
- to eliminate double-free possibility.
11
-
12
- Also, making WorkAroundJournalBug true by default, as there were no
13
- confirmed performance regressions for a quite long time.
14
- ---
15
- plugins/imjournal/imjournal.c | 43 ++++++++++++++++++++++------------
16
- 1 file changed, 28 insertions(+), 15 deletions(-)
17
-
18
- diff --git a/plugins/imjournal/imjournal.c b/plugins/imjournal/imjournal.c
19
- index 7225fae1ab..5419762cf1 100644
20
- --- a/plugins/imjournal/imjournal.c
21
- +++ b/plugins/imjournal/imjournal.c
22
- @@ -135,7 +135,7 @@ static char *last_cursor = NULL;
23
-
24
- #define J_PROCESS_PERIOD 1024 /* Call sd_journal_process() every 1,024 records */
25
-
26
- -static rsRetVal persistJournalState(void);
27
- +static rsRetVal persistJournalState(int trySave);
28
- static rsRetVal loadJournalState(void);
29
-
30
- static rsRetVal openJournal(void) {
31
- @@ -158,9 +158,9 @@ static rsRetVal openJournal(void) {
32
- RETiRet;
33
- }
34
-
35
- -static void closeJournal(void) {
36
- +static void closeJournal(int trySave) {
37
- if (cs.stateFile) { /* can't persist without a state file */
38
- - persistJournalState();
39
- + persistJournalState(trySave);
40
- }
41
- sd_journal_close(j);
42
- j_inotify_fd = 0;
43
- @@ -461,7 +461,7 @@ readjournal(void)
44
- /* This function gets journal cursor and saves it into state file
45
- */
46
- static rsRetVal
47
- -persistJournalState(void)
48
- +persistJournalState(int trySave)
49
- {
50
- DEFiRet;
51
- FILE *sf; /* state file */
52
- @@ -469,7 +470,7 @@ persistJournalState(void)
53
- if (!last_cursor) {
54
- ABORT_FINALIZE(RS_RET_OK);
55
- }
56
- - } else {
57
- + } else if (trySave) {
58
- int ret;
59
- free(last_cursor);
60
- if ((ret = sd_journal_get_cursor(j, &last_cursor))) {
61
- @@ -477,6 +478,8 @@ persistJournalState(void)
62
- last_cursor = NULL;
63
- ABORT_FINALIZE(RS_RET_ERR);
64
- }
65
- + } else { /* not trying to get cursor out of invalid journal state */
66
- + ABORT_FINALIZE(RS_RET_OK);
67
- }
68
-
69
- /* we create a temporary name by adding a ".tmp"
70
- @@ -535,14 +535,24 @@ pollJournal(void)
71
- err = sd_journal_wait(j, POLL_TIMEOUT);
72
- if (err == SD_JOURNAL_INVALIDATE) {
73
- STATSCOUNTER_INC(statsCounter.ctrRotations, statsCounter.mutCtrRotations);
74
- - closeJournal();
75
- + closeJournal(0);
76
-
77
- iRet = openJournal();
78
- if (iRet != RS_RET_OK) {
79
- ABORT_FINALIZE(RS_RET_ERR);
80
- }
81
-
82
- - if (cs.stateFile) {
83
- + /* If we have locally saved cursor there is no need to read it from state file */
84
- + if (cs.bWorkAroundJournalBug && last_cursor)
85
- + {
86
- + if (sd_journal_seek_cursor(j, last_cursor) != 0) {
87
- + LogError(0, RS_RET_ERR, "imjournal: "
88
- + "couldn't seek to cursor `%s'\n", last_cursor);
89
- + iRet = RS_RET_ERR;
90
- + }
91
- + sd_journal_next(j);
92
- + }
93
- + else if (cs.stateFile) {
94
- iRet = loadJournalState();
95
- }
96
- LogMsg(0, RS_RET_OK, LOG_NOTICE, "imjournal: journal reloaded...");
97
- @@ -668,10 +680,9 @@ loadJournalState(void)
98
-
99
- static void
100
- tryRecover(void) {
101
- - LogMsg(0, RS_RET_OK, LOG_INFO, "imjournal: trying to recover from unexpected "
102
- - "journal error");
103
- + LogMsg(0, RS_RET_OK, LOG_INFO, "imjournal: trying to recover from journal error");
104
- STATSCOUNTER_INC(statsCounter.ctrRecoveryAttempts, statsCounter.mutCtrRecoveryAttempts);
105
- - closeJournal();
106
- + closeJournal(0);
107
- srSleep(10, 0); // do not hammer machine with too-frequent retries
108
- openJournal();
109
- }
110
- @@ -768,7 +779,7 @@ CODESTARTrunInput
111
- if (cs.stateFile) { /* can't persist without a state file */
112
- /* TODO: This could use some finer metric. */
113
- if ((count % cs.iPersistStateInterval) == 0) {
114
- - persistJournalState();
115
- + persistJournalState(1);
116
- }
117
- }
118
- }
119
- @@ -790,7 +801,7 @@ CODESTARTbeginCnfLoad
120
- cs.iDfltFacility = DFLT_FACILITY;
121
- cs.bUseJnlPID = -1;
122
- cs.usePid = NULL;
123
- - cs.bWorkAroundJournalBug = 0;
124
- + cs.bWorkAroundJournalBug = 1;
125
- cs.dfltTag = NULL;
126
- ENDbeginCnfLoad
127
-
128
- @@ -860,7 +871,7 @@ ENDwillRun
129
- /* close journal */
130
- BEGINafterRun
131
- CODESTARTafterRun
132
- - closeJournal();
133
- + closeJournal(1);
134
- ratelimitDestruct(ratelimiter);
135
- ENDafterRun
136
-
file removed
-28
SOURCES/rsyslog-8.37.0-rhbz1724218-imrelp-old-syntax.patch DELETED
@@ -1,28 +0,0 @@
1
- From f53977817f352ef1c67178687cbfcee849f667fc Mon Sep 17 00:00:00 2001
2
- From: Andre Lorbach <alorbach@adiscon.com>
3
- Date: Tue, 9 Oct 2018 14:31:52 +0200
4
- Subject: [PATCH] imrelp: Fixed issue with oldstyle configuration caused by
5
- commit:
6
-
7
- https://github.com/rsyslog/rsyslog/commit/32b71daa8aadb8f16fe0ca2945e54d593f47a824
8
-
9
- Fixed by setting bEnableLstn in addInstance().
10
-
11
- Closes https://github.com/rsyslog/rsyslog/issues/3106
12
- ---
13
- plugins/imrelp/imrelp.c | 2 ++
14
- 1 files changed, 2 insertions(+)
15
-
16
- diff --git a/plugins/imrelp/imrelp.c b/plugins/imrelp/imrelp.c
17
- index c2134e5165..076dd64900 100644
18
- --- a/plugins/imrelp/imrelp.c
19
- +++ b/plugins/imrelp/imrelp.c
20
- @@ -346,6 +346,8 @@ static rsRetVal addInstance(void __attribute__((unused)) *pVal, uchar *pNewVal)
21
- CHKmalloc(inst->pszBindRuleset = ustrdup(cs.pszBindRuleset));
22
- }
23
- inst->pBindRuleset = NULL;
24
- +
25
- + inst->bEnableLstn = -1; /* all ok, ready to start up */
26
- finalize_it:
27
- free(pNewVal);
28
- RETiRet;
file removed
-618
SOURCES/rsyslog-8.37.0-rhbz1733244-TLS-CC-compatibility.patch DELETED
@@ -1,618 +0,0 @@
1
- From b15e6ab7242b25311a9e0dcf14187d21a80a44a6 Mon Sep 17 00:00:00 2001
2
- From: Jiri Vymazal <jvymazal@redhat.com>
3
- Date: Fri, 16 Aug 2019 15:01:11 +0200
4
- Subject: [PATCH] Stricter GnuTLS operation
5
-
6
- This commit adds to new flags which can be set to allow
7
- 1) checking of extendedKeyUsage certificate field
8
- 2) stricter checking of certificate name/adresses
9
- ---
10
- plugins/imtcp/imtcp.c | 12 +++++++
11
- runtime/netstrm.c | 22 +++++++++++++
12
- runtime/netstrm.h | 5 ++-
13
- runtime/netstrms.c | 47 +++++++++++++++++++++++++++
14
- runtime/netstrms.h | 6 ++++
15
- runtime/nsd.h | 7 ++--
16
- runtime/nsd_gtls.c | 74 ++++++++++++++++++++++++++++++++++++++++---
17
- runtime/nsd_gtls.h | 12 +++++++
18
- runtime/nsd_ossl.c | 36 +++++++++++++++++++++
19
- runtime/nsd_ptcp.c | 35 ++++++++++++++++++++
20
- runtime/tcpsrv.c | 24 ++++++++++++++
21
- runtime/tcpsrv.h | 7 +++-
22
- tools/omfwd.c | 12 +++++++
23
- 13 files changed, 291 insertions(+), 8 deletions(-)
24
-
25
- diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
26
- index 55245842d5..6b3401f8fe 100644
27
- --- a/plugins/imtcp/imtcp.c
28
- +++ b/plugins/imtcp/imtcp.c
29
- @@ -131,6 +131,8 @@ struct modConfData_s {
30
- int iTCPSessMax; /* max number of sessions */
31
- int iTCPLstnMax; /* max number of sessions */
32
- int iStrmDrvrMode; /* mode for stream driver, driver-dependent (0 mostly means plain tcp) */
33
- + int iStrmDrvrExtendedCertCheck; /* verify also purpose OID in certificate extended field */
34
- + int iStrmDrvrSANPreference; /* ignore CN when any SAN set */
35
- int iAddtlFrameDelim; /* addtl frame delimiter, e.g. for netscreen, default none */
36
- int maxFrameSize;
37
- int bSuppOctetFram;
38
- @@ -170,6 +172,8 @@ static struct cnfparamdescr modpdescr[] = {
39
- { "streamdriver.mode", eCmdHdlrNonNegInt, 0 },
40
- { "streamdriver.authmode", eCmdHdlrString, 0 },
41
- { "streamdriver.name", eCmdHdlrString, 0 },
42
- + { "streamdriver.CheckExtendedKeyPurpose", eCmdHdlrBinary, 0 },
43
- + { "streamdriver.PrioritizeSAN", eCmdHdlrBinary, 0 },
44
- { "permittedpeer", eCmdHdlrArray, 0 },
45
- { "keepalive", eCmdHdlrBinary, 0 },
46
- { "keepalive.probes", eCmdHdlrPositiveInt, 0 },
47
- @@ -368,6 +372,8 @@ addListner(modConfData_t *modConf, instanceConf_t *inst)
48
- CHKiRet(tcpsrv.SetSessMax(pOurTcpsrv, modConf->iTCPSessMax));
49
- CHKiRet(tcpsrv.SetLstnMax(pOurTcpsrv, modConf->iTCPLstnMax));
50
- CHKiRet(tcpsrv.SetDrvrMode(pOurTcpsrv, modConf->iStrmDrvrMode));
51
- + CHKiRet(tcpsrv.SetDrvrCheckExtendedKeyUsage(pOurTcpsrv, modConf->iStrmDrvrExtendedCertCheck));
52
- + CHKiRet(tcpsrv.SetDrvrPrioritizeSAN(pOurTcpsrv, modConf->iStrmDrvrSANPreference));
53
- CHKiRet(tcpsrv.SetUseFlowControl(pOurTcpsrv, modConf->bUseFlowControl));
54
- CHKiRet(tcpsrv.SetAddtlFrameDelim(pOurTcpsrv, modConf->iAddtlFrameDelim));
55
- CHKiRet(tcpsrv.SetMaxFrameSize(pOurTcpsrv, modConf->maxFrameSize));
56
- @@ -479,6 +485,8 @@ CODESTARTbeginCnfLoad
57
- loadModConf->iTCPLstnMax = 20;
58
- loadModConf->bSuppOctetFram = 1;
59
- loadModConf->iStrmDrvrMode = 0;
60
- + loadModConf->iStrmDrvrExtendedCertCheck = 0;
61
- + loadModConf->iStrmDrvrSANPreference = 0;
62
- loadModConf->bUseFlowControl = 1;
63
- loadModConf->bKeepAlive = 0;
64
- loadModConf->iKeepAliveIntvl = 0;
65
- @@ -560,6 +568,10 @@ CODESTARTsetModCnf
66
- loadModConf->gnutlsPriorityString = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
67
- } else if(!strcmp(modpblk.descr[i].name, "streamdriver.mode")) {
68
- loadModConf->iStrmDrvrMode = (int) pvals[i].val.d.n;
69
- + } else if(!strcmp(modpblk.descr[i].name, "streamdriver.CheckExtendedKeyPurpose")) {
70
- + loadModConf->iStrmDrvrExtendedCertCheck = (int) pvals[i].val.d.n;
71
- + } else if(!strcmp(modpblk.descr[i].name, "streamdriver.PrioritizeSAN")) {
72
- + loadModConf->iStrmDrvrSANPreference = (int) pvals[i].val.d.n;
73
- } else if(!strcmp(modpblk.descr[i].name, "streamdriver.authmode")) {
74
- loadModConf->pszStrmDrvrAuthMode = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
75
- } else if(!strcmp(modpblk.descr[i].name, "streamdriver.name")) {
76
- diff --git a/runtime/netstrm.c b/runtime/netstrm.c
77
- index e1df83edee..59aa135997 100644
78
- --- a/runtime/netstrm.c
79
- +++ b/runtime/netstrm.c
80
- @@ -221,6 +221,26 @@ SetDrvrPermPeers(netstrm_t *pThis, permittedPeers_t *pPermPeers)
81
- RETiRet;
82
- }
83
-
84
- +/* Mandate also verification of Extended key usage / purpose field */
85
- +static rsRetVal
86
- +SetDrvrCheckExtendedKeyUsage(netstrm_t *pThis, int ChkExtendedKeyUsage)
87
- +{
88
- + DEFiRet;
89
- + ISOBJ_TYPE_assert(pThis, netstrm);
90
- + iRet = pThis->Drvr.SetCheckExtendedKeyUsage(pThis->pDrvrData, ChkExtendedKeyUsage);
91
- + RETiRet;
92
- +}
93
- +
94
- +/* Mandate stricter name checking per RFC 6125 - ignoce CN if any SAN present */
95
- +static rsRetVal
96
- +SetDrvrPrioritizeSAN(netstrm_t *pThis, int prioritizeSan)
97
- +{
98
- + DEFiRet;
99
- + ISOBJ_TYPE_assert(pThis, netstrm);
100
- + iRet = pThis->Drvr.SetPrioritizeSAN(pThis->pDrvrData, prioritizeSan);
101
- + RETiRet;
102
- +}
103
- +
104
-
105
- /* End of methods to shuffle autentication settings to the driver.
106
- * -------------------------------------------------------------------------- */
107
- @@ -405,6 +425,8 @@ CODESTARTobjQueryInterface(netstrm)
108
- pIf->SetKeepAliveTime = SetKeepAliveTime;
109
- pIf->SetKeepAliveIntvl = SetKeepAliveIntvl;
110
- pIf->SetGnutlsPriorityString = SetGnutlsPriorityString;
111
- + pIf->SetDrvrCheckExtendedKeyUsage = SetDrvrCheckExtendedKeyUsage;
112
- + pIf->SetDrvrPrioritizeSAN = SetDrvrPrioritizeSAN;
113
- finalize_it:
114
- ENDobjQueryInterface(netstrm)
115
-
116
- diff --git a/runtime/netstrm.h b/runtime/netstrm.h
117
- index 113585d0a5..08b58fd119 100644
118
- --- a/runtime/netstrm.h
119
- +++ b/runtime/netstrm.h
120
- @@ -78,8 +78,11 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */
121
- rsRetVal (*SetKeepAliveTime)(netstrm_t *pThis, int keepAliveTime);
122
- rsRetVal (*SetKeepAliveIntvl)(netstrm_t *pThis, int keepAliveIntvl);
123
- rsRetVal (*SetGnutlsPriorityString)(netstrm_t *pThis, uchar *priorityString);
124
- + /* v12 -- two new binary flags added to gtls driver enabling stricter operation */
125
- + rsRetVal (*SetDrvrCheckExtendedKeyUsage)(netstrm_t *pThis, int ChkExtendedKeyUsage);
126
- + rsRetVal (*SetDrvrPrioritizeSAN)(netstrm_t *pThis, int prioritizeSan);
127
- ENDinterface(netstrm)
128
- -#define netstrmCURR_IF_VERSION 10 /* increment whenever you change the interface structure! */
129
- +#define netstrmCURR_IF_VERSION 12 /* increment whenever you change the interface structure! */
130
- /* interface version 3 added GetRemAddr()
131
- * interface version 4 added EnableKeepAlive() -- rgerhards, 2009-06-02
132
- * interface version 5 changed return of CheckConnection from void to rsRetVal -- alorbach, 2012-09-06
133
- diff --git a/runtime/netstrms.c b/runtime/netstrms.c
134
- index bd6a06bd7f..a8c342b76b 100644
135
- --- a/runtime/netstrms.c
136
- +++ b/runtime/netstrms.c
137
- @@ -279,6 +279,49 @@ GetDrvrMode(netstrms_t *pThis)
138
- }
139
-
140
-
141
- +/* set the driver cert extended key usage check setting -- jvymazal, 2019-08-16 */
142
- +static rsRetVal
143
- +SetDrvrCheckExtendedKeyUsage(netstrms_t *pThis, int ChkExtendedKeyUsage)
144
- +{
145
- + DEFiRet;
146
- + ISOBJ_TYPE_assert(pThis, netstrms);
147
- + pThis->DrvrChkExtendedKeyUsage = ChkExtendedKeyUsage;
148
- + RETiRet;
149
- +}
150
- +
151
- +
152
- +/* return the driver cert extended key usage check setting
153
- + * jvymazal, 2019-08-16
154
- + */
155
- +static int
156
- +GetDrvrCheckExtendedKeyUsage(netstrms_t *pThis)
157
- +{
158
- + ISOBJ_TYPE_assert(pThis, netstrms);
159
- + return pThis->DrvrChkExtendedKeyUsage;
160
- +}
161
- +
162
- +
163
- +/* set the driver name checking policy -- jvymazal, 2019-08-16 */
164
- +static rsRetVal
165
- +SetDrvrPrioritizeSAN(netstrms_t *pThis, int prioritizeSan)
166
- +{
167
- + DEFiRet;
168
- + ISOBJ_TYPE_assert(pThis, netstrms);
169
- + pThis->DrvrPrioritizeSan = prioritizeSan;
170
- + RETiRet;
171
- +}
172
- +
173
- +
174
- +/* return the driver name checking policy
175
- + * jvymazal, 2019-08-16
176
- + */
177
- +static int
178
- +GetDrvrPrioritizeSAN(netstrms_t *pThis)
179
- +{
180
- + ISOBJ_TYPE_assert(pThis, netstrms);
181
- + return pThis->DrvrPrioritizeSan;
182
- +}
183
- +
184
- /* create an instance of a netstrm object. It is initialized with default
185
- * values. The current driver is used. The caller may set netstrm properties
186
- * and must call ConstructFinalize().
187
- @@ -337,6 +380,10 @@ CODESTARTobjQueryInterface(netstrms)
188
- pIf->GetDrvrGnutlsPriorityString = GetDrvrGnutlsPriorityString;
189
- pIf->SetDrvrPermPeers = SetDrvrPermPeers;
190
- pIf->GetDrvrPermPeers = GetDrvrPermPeers;
191
- + pIf->SetDrvrCheckExtendedKeyUsage = SetDrvrCheckExtendedKeyUsage;
192
- + pIf->GetDrvrCheckExtendedKeyUsage = GetDrvrCheckExtendedKeyUsage;
193
- + pIf->SetDrvrPrioritizeSAN = SetDrvrPrioritizeSAN;
194
- + pIf->GetDrvrPrioritizeSAN = GetDrvrPrioritizeSAN;
195
- finalize_it:
196
- ENDobjQueryInterface(netstrms)
197
-
198
- diff --git a/runtime/netstrms.h b/runtime/netstrms.h
199
- index 440beb20c9..f21bd6a8e2 100644
200
- --- a/runtime/netstrms.h
201
- +++ b/runtime/netstrms.h
202
- @@ -33,6 +33,8 @@ struct netstrms_s {
203
- uchar *pDrvrName; /**< full base driver name (set when driver is loaded) */
204
- int iDrvrMode; /**< current default driver mode */
205
- uchar *pszDrvrAuthMode; /**< current driver authentication mode */
206
- + int DrvrChkExtendedKeyUsage; /**< if true, verify extended key usage in certs */
207
- + int DrvrPrioritizeSan; /**< if true, perform stricter checking of names in certs */
208
- uchar *gnutlsPriorityString; /**< priorityString for connection */
209
- permittedPeers_t *pPermPeers;/**< current driver's permitted peers */
210
-
211
- @@ -58,6 +60,10 @@ BEGINinterface(netstrms) /* name must also be changed in ENDinterface macro! */
212
- permittedPeers_t* (*GetDrvrPermPeers)(netstrms_t *pThis);
213
- rsRetVal (*SetDrvrGnutlsPriorityString)(netstrms_t *pThis, uchar*);
214
- uchar* (*GetDrvrGnutlsPriorityString)(netstrms_t *pThis);
215
- + rsRetVal (*SetDrvrCheckExtendedKeyUsage)(netstrms_t *pThis, int ChkExtendedKeyUsage);
216
- + int (*GetDrvrCheckExtendedKeyUsage)(netstrms_t *pThis);
217
- + rsRetVal (*SetDrvrPrioritizeSAN)(netstrms_t *pThis, int prioritizeSan);
218
- + int (*GetDrvrPrioritizeSAN)(netstrms_t *pThis);
219
- ENDinterface(netstrms)
220
- #define netstrmsCURR_IF_VERSION 1 /* increment whenever you change the interface structure! */
221
-
222
- diff --git a/runtime/nsd.h b/runtime/nsd.h
223
- index eab53ad6ae..f0cb5bd1aa 100644
224
- --- a/runtime/nsd.h
225
- +++ b/runtime/nsd.h
226
- @@ -85,8 +85,11 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */
227
- rsRetVal (*SetKeepAliveProbes)(nsd_t *pThis, int keepAliveProbes);
228
- rsRetVal (*SetKeepAliveTime)(nsd_t *pThis, int keepAliveTime);
229
- rsRetVal (*SetGnutlsPriorityString)(nsd_t *pThis, uchar *gnutlsPriorityString);
230
- + /* v13 -- two new binary flags added to gtls driver enabling stricter operation */
231
- + rsRetVal (*SetCheckExtendedKeyUsage)(nsd_t *pThis, int ChkExtendedKeyUsage);
232
- + rsRetVal (*SetPrioritizeSAN)(nsd_t *pThis, int prioritizeSan);
233
- ENDinterface(nsd)
234
- -#define nsdCURR_IF_VERSION 11 /* increment whenever you change the interface structure! */
235
- +#define nsdCURR_IF_VERSION 13 /* increment whenever you change the interface structure! */
236
- /* interface version 4 added GetRemAddr()
237
- * interface version 5 added EnableKeepAlive() -- rgerhards, 2009-06-02
238
- * interface version 6 changed return of CheckConnection from void to rsRetVal -- alorbach, 2012-09-06
239
- diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
240
- index 56238b9cb4..a3662bedf4 100644
241
- --- a/runtime/nsd_gtls.c
242
- +++ b/runtime/nsd_gtls.c
243
- @@ -1004,6 +1004,7 @@ gtlsChkPeerName(nsd_gtls_t *pThis, gnutls_x509_crt_t *pCert)
244
- int iAltName;
245
- size_t szAltNameLen;
246
- int bFoundPositiveMatch;
247
- + int bHaveSAN = 0;
248
- cstr_t *pStr = NULL;
249
- cstr_t *pstrCN = NULL;
250
- int gnuRet;
251
- @@ -1023,6 +1024,7 @@ gtlsChkPeerName(nsd_gtls_t *pThis, gnutls_x509_crt_t *pCert)
252
- if(gnuRet < 0)
253
- break;
254
- else if(gnuRet == GNUTLS_SAN_DNSNAME) {
255
- + bHaveSAN = 1;
256
- dbgprintf("subject alt dnsName: '%s'\n", szAltName);
257
- snprintf((char*)lnBuf, sizeof(lnBuf), "DNSname: %s; ", szAltName);
258
- CHKiRet(rsCStrAppendStr(pStr, lnBuf));
259
- @@ -1032,8 +1034,8 @@ gtlsChkPeerName(nsd_gtls_t *pThis, gnutls_x509_crt_t *pCert)
260
- ++iAltName;
261
- }
262
-
263
- - if(!bFoundPositiveMatch) {
264
- - /* if we did not succeed so far, we try the CN part of the DN... */
265
- + /* Check also CN only if not configured per stricter RFC 6125 or no SAN present*/
266
- + if(!bFoundPositiveMatch && (!pThis->bSANpriority || !bHaveSAN)) {
267
- CHKiRet(gtlsGetCN(pCert, &pstrCN));
268
- if(pstrCN != NULL) { /* NULL if there was no CN present */
269
- dbgprintf("gtls now checking auth for CN '%s'\n", cstrGetSzStrNoNULL(pstrCN));
270
- @@ -1044,7 +1044,19 @@ gtlsChkPeerCertValidity(nsd_gtls_t *pThis)
271
- ABORT_FINALIZE(RS_RET_TLS_NO_CERT);
272
- }
273
-
274
- - CHKgnutls(gnutls_certificate_verify_peers2(pThis->sess, &stateCert));
275
- + if (pThis->dataTypeCheck == GTLS_NONE) {
276
- + CHKgnutls(gnutls_certificate_verify_peers2(pThis->sess, &stateCert));
277
- + } else { /* we have configured data to check in addition to cert */
278
- + gnutls_typed_vdata_st data;
279
- + data.type = GNUTLS_DT_KEY_PURPOSE_OID;
280
- + if (pThis->bIsInitiator) { /* client mode */
281
- + data.data = (uchar *)GNUTLS_KP_TLS_WWW_SERVER;
282
- + } else { /* server mode */
283
- + data.data = (uchar *)GNUTLS_KP_TLS_WWW_CLIENT;
284
- + }
285
- + data.size = ustrlen(data.data);
286
- + CHKgnutls(gnutls_certificate_verify_peers(pThis->sess, &data, 1, &stateCert));
287
- + }
288
-
289
- if(stateCert & GNUTLS_CERT_INVALID) {
290
- /* provide error details if we have them */
291
- @@ -1188,6 +1205,8 @@ gtlsChkPeerCertValidity(nsd_gtls_t *pThis)
292
- pszErrCause = "insecure algorithm";
293
- } else if(stateCert & GNUTLS_CERT_REVOKED) {
294
- pszErrCause = "certificate revoked";
295
- + } else if(stateCert & GNUTLS_CERT_PURPOSE_MISMATCH) {
296
- + pszErrCause = "key purpose OID does not match";
297
- } else {
298
- pszErrCause = "GnuTLS returned no specific reason";
299
- dbgprintf("GnuTLS returned no specific reason for GNUTLS_CERT_INVALID, certificate "
300
- @@ -1499,6 +1516,53 @@ SetGnutlsPriorityString(nsd_t *pNsd, uchar *gnutlsPriorityString)
301
- RETiRet;
302
- }
303
-
304
- +/* Set the driver cert extended key usage check setting
305
- + * 0 - ignore contents of extended key usage
306
- + * 1 - verify that cert contents is compatible with appropriate OID
307
- + * jvymazal, 2019-08-16
308
- + */
309
- +static rsRetVal
310
- +SetCheckExtendedKeyUsage(nsd_t *pNsd, int ChkExtendedKeyUsage)
311
- +{
312
- + DEFiRet;
313
- + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
314
- +
315
- + ISOBJ_TYPE_assert((pThis), nsd_gtls);
316
- + if(ChkExtendedKeyUsage != 0 && ChkExtendedKeyUsage != 1) {
317
- + LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: driver ChkExtendedKeyUsage %d "
318
- + "not supported by gtls netstream driver", ChkExtendedKeyUsage);
319
- + ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
320
- + }
321
- +
322
- + pThis->dataTypeCheck = ChkExtendedKeyUsage;
323
- +
324
- +finalize_it:
325
- + RETiRet;
326
- +}
327
- +
328
- +/* Set the driver name checking strictness
329
- + * 0 - less strict per RFC 5280, section 4.1.2.6 - either SAN or CN match is good
330
- + * 1 - more strict per RFC 6125 - if any SAN present it must match (CN is ignored)
331
- + * jvymazal, 2019-08-16
332
- + */
333
- +static rsRetVal
334
- +SetPrioritizeSAN(nsd_t *pNsd, int prioritizeSan)
335
- +{
336
- + DEFiRet;
337
- + nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
338
- +
339
- + ISOBJ_TYPE_assert((pThis), nsd_gtls);
340
- + if(prioritizeSan != 0 && prioritizeSan != 1) {
341
- + LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: driver prioritizeSan %d "
342
- + "not supported by gtls netstream driver", prioritizeSan);
343
- + ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
344
- + }
345
- +
346
- + pThis->bSANpriority = prioritizeSan;
347
- +
348
- +finalize_it:
349
- + RETiRet;
350
- +}
351
-
352
- /* Provide access to the underlying OS socket. This is primarily
353
- * useful for other drivers (like nsd_gtls) who utilize ourselfs
354
- @@ -2124,6 +2188,8 @@ CODESTARTobjQueryInterface(nsd_gtls)
355
- pIf->SetKeepAliveProbes = SetKeepAliveProbes;
356
- pIf->SetKeepAliveTime = SetKeepAliveTime;
357
- pIf->SetGnutlsPriorityString = SetGnutlsPriorityString;
358
- + pIf->SetCheckExtendedKeyUsage = SetCheckExtendedKeyUsage;
359
- + pIf->SetPrioritizeSAN = SetPrioritizeSAN;
360
- finalize_it:
361
- ENDobjQueryInterface(nsd_gtls)
362
-
363
- diff --git a/runtime/nsd_gtls.h b/runtime/nsd_gtls.h
364
- index 80a86f21d7..d73c0e6a4d 100644
365
- --- a/runtime/nsd_gtls.h
366
- +++ b/runtime/nsd_gtls.h
367
- @@ -54,6 +54,11 @@ struct nsd_gtls_s {
368
- GTLS_AUTH_CERTVALID = 2,
369
- GTLS_AUTH_CERTANON = 3
370
- } authMode;
371
- + enum {
372
- + GTLS_NONE = 0,
373
- + GTLS_PURPOSE = 1
374
- + } dataTypeCheck;
375
- + int bSANpriority; /* if true, we do stricter checking (if any SAN present we do not cehck CN) */
376
- gtlsRtryCall_t rtryCall;/**< what must we retry? */
377
- int bIsInitiator; /**< 0 if socket is the server end (listener), 1 if it is the initiator */
378
- gnutls_session_t sess;
379
- diff --git a/runtime/nsd_ossl.c b/runtime/nsd_ossl.c
380
- index 0a474fd744..419e0e97ef 100644
381
- --- a/runtime/nsd_ossl.c
382
- +++ b/runtime/nsd_ossl.c
383
- @@ -1864,6 +1864,40 @@ SetGnutlsPriorityString(__attribute__((unused)) nsd_t *pNsd, __attribute__((unus
384
- RETiRet;
385
- }
386
-
387
- +/* Set the driver cert extended key usage check setting, for now it is empty wrapper.
388
- + * TODO: implement openSSL version
389
- + * jvymazal, 2019-08-16
390
- + */
391
- +static rsRetVal
392
- +SetCheckExtendedKeyUsage(nsd_t __attribute__((unused)) *pNsd, int ChkExtendedKeyUsage)
393
- +{
394
- + DEFiRet;
395
- + if(ChkExtendedKeyUsage != 0) {
396
- + LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: driver ChkExtendedKeyUsage %d "
397
- + "not supported by ossl netstream driver", ChkExtendedKeyUsage);
398
- + ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
399
- + }
400
- +finalize_it:
401
- + RETiRet;
402
- +}
403
- +
404
- +/* Set the driver name checking strictness, for now it is empty wrapper.
405
- + * TODO: implement openSSL version
406
- + * jvymazal, 2019-08-16
407
- + */
408
- +static rsRetVal
409
- +SetPrioritizeSAN(nsd_t __attribute__((unused)) *pNsd, int prioritizeSan)
410
- +{
411
- + DEFiRet;
412
- + if(prioritizeSan != 0) {
413
- + LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: driver prioritizeSan %d "
414
- + "not supported by ossl netstream driver", prioritizeSan);
415
- + ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
416
- + }
417
- +finalize_it:
418
- + RETiRet;
419
- +}
420
- +
421
- /* queryInterface function */
422
- BEGINobjQueryInterface(nsd_ossl)
423
- CODESTARTobjQueryInterface(nsd_ossl)
424
- @@ -1898,6 +1932,8 @@ CODESTARTobjQueryInterface(nsd_ossl)
425
- pIf->SetKeepAliveProbes = SetKeepAliveProbes;
426
- pIf->SetKeepAliveTime = SetKeepAliveTime;
427
- pIf->SetGnutlsPriorityString = SetGnutlsPriorityString; /* we don't NEED this interface! */
428
- + pIf->SetCheckExtendedKeyUsage = SetCheckExtendedKeyUsage; /* we don't NEED this interface! */
429
- + pIf->SetPrioritizeSAN = SetPrioritizeSAN; /* we don't NEED this interface! */
430
-
431
- finalize_it:
432
- ENDobjQueryInterface(nsd_ossl)
433
- diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c
434
- index 68bed5b9ea..60c40ad444 100644
435
- --- a/runtime/nsd_ptcp.c
436
- +++ b/runtime/nsd_ptcp.c
437
- @@ -150,6 +150,37 @@ SetMode(nsd_t __attribute__((unused)) *pNsd, int mode)
438
- RETiRet;
439
- }
440
-
441
- +/* Set the driver cert extended key usage check setting, not supported in ptcp.
442
- + * jvymazal, 2019-08-16
443
- + */
444
- +static rsRetVal
445
- +SetCheckExtendedKeyUsage(nsd_t __attribute__((unused)) *pNsd, int ChkExtendedKeyUsage)
446
- +{
447
- + DEFiRet;
448
- + if(ChkExtendedKeyUsage != 0) {
449
- + LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: driver ChkExtendedKeyUsage %d "
450
- + "not supported by ptcp netstream driver", ChkExtendedKeyUsage);
451
- + ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
452
- + }
453
- +finalize_it:
454
- + RETiRet;
455
- +}
456
- +
457
- +/* Set the driver name checking strictness, not supported in ptcp.
458
- + * jvymazal, 2019-08-16
459
- + */
460
- +static rsRetVal
461
- +SetPrioritizeSAN(nsd_t __attribute__((unused)) *pNsd, int prioritizeSan)
462
- +{
463
- + DEFiRet;
464
- + if(prioritizeSan != 0) {
465
- + LogError(0, RS_RET_VALUE_NOT_SUPPORTED, "error: driver prioritizeSan %d "
466
- + "not supported by ptcp netstream driver", prioritizeSan);
467
- + ABORT_FINALIZE(RS_RET_VALUE_NOT_SUPPORTED);
468
- + }
469
- +finalize_it:
470
- + RETiRet;
471
- +}
472
-
473
- /* Set the authentication mode. For us, the following is supported:
474
- * anon - no certificate checks whatsoever (discouraged, but supported)
475
- @@ -613,6 +644,8 @@ LstnInit(netstrms_t *pNS, void *pUsr, rsRetVal(*fAddLstn)(void*,netstrm_t*),
476
- CHKiRet(pNS->Drvr.Construct(&pNewNsd));
477
- CHKiRet(pNS->Drvr.SetSock(pNewNsd, sock));
478
- CHKiRet(pNS->Drvr.SetMode(pNewNsd, netstrms.GetDrvrMode(pNS)));
479
- + CHKiRet(pNS->Drvr.SetCheckExtendedKeyUsage(pNewNsd, netstrms.GetDrvrCheckExtendedKeyUsage(pNS)));
480
- + CHKiRet(pNS->Drvr.SetPrioritizeSAN(pNewNsd, netstrms.GetDrvrPrioritizeSAN(pNS)));
481
- CHKiRet(pNS->Drvr.SetAuthMode(pNewNsd, netstrms.GetDrvrAuthMode(pNS)));
482
- CHKiRet(pNS->Drvr.SetPermPeers(pNewNsd, netstrms.GetDrvrPermPeers(pNS)));
483
- CHKiRet(pNS->Drvr.SetGnutlsPriorityString(pNewNsd, netstrms.GetDrvrGnutlsPriorityString(pNS)));
484
- @@ -963,6 +996,8 @@ CODESTARTobjQueryInterface(nsd_ptcp)
485
- pIf->SetKeepAliveIntvl = SetKeepAliveIntvl;
486
- pIf->SetKeepAliveProbes = SetKeepAliveProbes;
487
- pIf->SetKeepAliveTime = SetKeepAliveTime;
488
- + pIf->SetCheckExtendedKeyUsage = SetCheckExtendedKeyUsage;
489
- + pIf->SetPrioritizeSAN = SetPrioritizeSAN;
490
- finalize_it:
491
- ENDobjQueryInterface(nsd_ptcp)
492
-
493
- diff --git a/runtime/tcpsrv.c b/runtime/tcpsrv.c
494
- index d7ea2f9f00..43a6687b4a 100644
495
- --- a/runtime/tcpsrv.c
496
- +++ b/runtime/tcpsrv.c
497
- @@ -1013,6 +1013,8 @@ tcpsrvConstructFinalize(tcpsrv_t *pThis)
498
- if(pThis->pszDrvrName != NULL)
499
- CHKiRet(netstrms.SetDrvrName(pThis->pNS, pThis->pszDrvrName));
500
- CHKiRet(netstrms.SetDrvrMode(pThis->pNS, pThis->iDrvrMode));
501
- + CHKiRet(netstrms.SetDrvrCheckExtendedKeyUsage(pThis->pNS, pThis->DrvrChkExtendedKeyUsage));
502
- + CHKiRet(netstrms.SetDrvrPrioritizeSAN(pThis->pNS, pThis->DrvrPrioritizeSan));
503
- if(pThis->pszDrvrAuthMode != NULL)
504
- CHKiRet(netstrms.SetDrvrAuthMode(pThis->pNS, pThis->pszDrvrAuthMode));
505
- if(pThis->pPermPeers != NULL)
506
- @@ -1405,6 +1407,26 @@ SetDrvrPermPeers(tcpsrv_t *pThis, permittedPeers_t *pPermPeers)
507
- RETiRet;
508
- }
509
-
510
- +/* set the driver cert extended key usage check setting -- jvymazal, 2019-08-16 */
511
- +static rsRetVal
512
- +SetDrvrCheckExtendedKeyUsage(tcpsrv_t *pThis, int ChkExtendedKeyUsage)
513
- +{
514
- + DEFiRet;
515
- + ISOBJ_TYPE_assert(pThis, tcpsrv);
516
- + pThis->DrvrChkExtendedKeyUsage = ChkExtendedKeyUsage;
517
- + RETiRet;
518
- +}
519
- +
520
- +/* set the driver name checking policy -- jvymazal, 2019-08-16 */
521
- +static rsRetVal
522
- +SetDrvrPrioritizeSAN(tcpsrv_t *pThis, int prioritizeSan)
523
- +{
524
- + DEFiRet;
525
- + ISOBJ_TYPE_assert(pThis, tcpsrv);
526
- + pThis->DrvrPrioritizeSan = prioritizeSan;
527
- + RETiRet;
528
- +}
529
- +
530
-
531
- /* End of methods to shuffle autentication settings to the driver.;
532
-
533
- @@ -1522,6 +1544,8 @@ CODESTARTobjQueryInterface(tcpsrv)
534
- pIf->SetLinuxLikeRatelimiters = SetLinuxLikeRatelimiters;
535
- pIf->SetNotificationOnRemoteClose = SetNotificationOnRemoteClose;
536
- pIf->SetPreserveCase = SetPreserveCase;
537
- + pIf->SetDrvrCheckExtendedKeyUsage = SetDrvrCheckExtendedKeyUsage;
538
- + pIf->SetDrvrPrioritizeSAN = SetDrvrPrioritizeSAN;
539
-
540
- finalize_it:
541
- ENDobjQueryInterface(tcpsrv)
542
- diff --git a/runtime/tcpsrv.h b/runtime/tcpsrv.h
543
- index 55aa8e9922..79b659013d 100644
544
- --- a/runtime/tcpsrv.h
545
- +++ b/runtime/tcpsrv.h
546
- @@ -61,6 +61,8 @@ struct tcpsrv_s {
547
- int iKeepAliveTime; /**< socket layer KEEPALIVE timeout */
548
- netstrms_t *pNS; /**< pointer to network stream subsystem */
549
- int iDrvrMode; /**< mode of the stream driver to use */
550
- + int DrvrChkExtendedKeyUsage; /**< if true, verify extended key usage in certs */
551
- + int DrvrPrioritizeSan; /**< if true, perform stricter checking of names in certs */
552
- uchar *gnutlsPriorityString; /**< priority string for gnutls */
553
- uchar *pszDrvrAuthMode; /**< auth mode of the stream driver to use */
554
- uchar *pszDrvrName; /**< name of stream driver to use */
555
- @@ -185,8 +187,11 @@ BEGINinterface(tcpsrv) /* name must also be changed in ENDinterface macro! */
556
- rsRetVal (*SetGnutlsPriorityString)(tcpsrv_t*, uchar*);
557
- /* added v21 -- Preserve case in fromhost, 2018-08-16 */
558
- rsRetVal (*SetPreserveCase)(tcpsrv_t *pThis, int bPreserveCase);
559
- + /* added v23 -- Options for stricter driver behavior, 2019-08-16 */
560
- + rsRetVal (*SetDrvrCheckExtendedKeyUsage)(tcpsrv_t *pThis, int ChkExtendedKeyUsage);
561
- + rsRetVal (*SetDrvrPrioritizeSAN)(tcpsrv_t *pThis, int prioritizeSan);
562
- ENDinterface(tcpsrv)
563
- -#define tcpsrvCURR_IF_VERSION 21 /* increment whenever you change the interface structure! */
564
- +#define tcpsrvCURR_IF_VERSION 23 /* increment whenever you change the interface structure! */
565
- /* change for v4:
566
- * - SetAddtlFrameDelim() added -- rgerhards, 2008-12-10
567
- * - SetInputName() added -- rgerhards, 2008-12-10
568
- diff --git a/tools/omfwd.c b/tools/omfwd.c
569
- index cdb74b8d22..96fa68752c 100644
570
- --- a/tools/omfwd.c
571
- +++ b/tools/omfwd.c
572
- @@ -83,6 +83,8 @@ typedef struct _instanceData {
573
- uchar *pszStrmDrvrAuthMode;
574
- permittedPeers_t *pPermPeers;
575
- int iStrmDrvrMode;
576
- + int iStrmDrvrExtendedCertCheck; /* verify also purpose OID in certificate extended field */
577
- + int iStrmDrvrSANPreference; /* ignore CN when any SAN set */
578
- char *target;
579
- char *address;
580
- char *device;
581
- @@ -189,6 +191,8 @@ static struct cnfparamdescr actpdescr[] = {
582
- { "streamdrivermode", eCmdHdlrInt, 0 },
583
- { "streamdriverauthmode", eCmdHdlrGetWord, 0 },
584
- { "streamdriverpermittedpeers", eCmdHdlrGetWord, 0 },
585
- + { "streamdriver.CheckExtendedKeyPurpose", eCmdHdlrBinary, 0 },
586
- + { "streamdriver.PrioritizeSAN", eCmdHdlrBinary, 0 },
587
- { "resendlastmsgonreconnect", eCmdHdlrBinary, 0 },
588
- { "udp.sendtoall", eCmdHdlrBinary, 0 },
589
- { "udp.senddelay", eCmdHdlrInt, 0 },
590
- @@ -748,6 +752,8 @@ static rsRetVal TCPSendInit(void *pvData)
591
- CHKiRet(netstrms.CreateStrm(pWrkrData->pNS, &pWrkrData->pNetstrm));
592
- CHKiRet(netstrm.ConstructFinalize(pWrkrData->pNetstrm));
593
- CHKiRet(netstrm.SetDrvrMode(pWrkrData->pNetstrm, pData->iStrmDrvrMode));
594
- + CHKiRet(netstrm.SetDrvrCheckExtendedKeyUsage(pWrkrData->pNetstrm, pData->iStrmDrvrExtendedCertCheck));
595
- + CHKiRet(netstrm.SetDrvrPrioritizeSAN(pWrkrData->pNetstrm, pData->iStrmDrvrSANPreference));
596
- /* now set optional params, but only if they were actually configured */
597
- if(pData->pszStrmDrvrAuthMode != NULL) {
598
- CHKiRet(netstrm.SetDrvrAuthMode(pWrkrData->pNetstrm, pData->pszStrmDrvrAuthMode));
599
- @@ -1119,6 +1125,8 @@ setInstParamDefaults(instanceData *pData)
600
- pData->pszStrmDrvr = NULL;
601
- pData->pszStrmDrvrAuthMode = NULL;
602
- pData->iStrmDrvrMode = 0;
603
- + pData->iStrmDrvrExtendedCertCheck = 0;
604
- + pData->iStrmDrvrSANPreference = 0;
605
- pData->iRebindInterval = 0;
606
- pData->bKeepAlive = 0;
607
- pData->iKeepAliveProbes = 0;
608
- @@ -1220,6 +1228,10 @@ CODESTARTnewActInst
609
- pData->pszStrmDrvr = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
610
- } else if(!strcmp(actpblk.descr[i].name, "streamdrivermode")) {
611
- pData->iStrmDrvrMode = pvals[i].val.d.n;
612
- + } else if(!strcmp(actpblk.descr[i].name, "streamdriver.CheckExtendedKeyPurpose")) {
613
- + pData->iStrmDrvrExtendedCertCheck = pvals[i].val.d.n;
614
- + } else if(!strcmp(actpblk.descr[i].name, "streamdriver.PrioritizeSAN")) {
615
- + pData->iStrmDrvrSANPreference = pvals[i].val.d.n;
616
- } else if(!strcmp(actpblk.descr[i].name, "streamdriverauthmode")) {
617
- pData->pszStrmDrvrAuthMode = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
618
- } else if(!strcmp(actpblk.descr[i].name, "streamdriverpermittedpeers")) {
file modified
+46 -27
SPECS/rsyslog.spec CHANGED
@@ -5,8 +5,8 @@
5
5
6
6
Summary: Enhanced system logging and kernel message trapping daemon
7
7
Name: rsyslog
8
- Version: 8.37.0
9
- Release: 13%{?dist}
8
+ Version: 8.1911.0
9
+ Release: 3%{?dist}
10
10
License: (GPLv3+ and ASL 2.0)
11
11
Group: System Environment/Daemons
12
12
ExcludeArch: i686
@@ -44,19 +44,12 @@ Provides: syslog
44
44
Obsoletes: sysklogd < 1.5-11
45
45
46
46
# tweak the upstream service file to honour configuration from /etc/sysconfig/rsyslog
47
- Patch0: rsyslog-8.32.0-service.patch
47
+ Patch0: rsyslog-8.1911.0-service.patch
48
48
# imjournal: adds "journal" when tag/process name is missing
49
- Patch1: rsyslog-8.37.0-rhbz1659898-imjournal-default-tag.patch
50
- Patch2: rsyslog-8.37.0-rhbz1614179-imfile-symlink-support.patch
51
- Patch3: rsyslog-8.37.0-rhbz1622768-kubernetes-404-handling.patch
52
- Patch4: rsyslog-8.37.0-rhbz1627941-imfile-support-for-endmsg.regex.patch
49
+ Patch1: rsyslog-8.1911.0-rhbz1659898-imjournal-default-tag.patch
50
+ Patch2: rsyslog-8.1911.0-rhbz1763757-imfile-statefiles.patch
51
+ Patch3: rsyslog-8.1911.0-rhbz1782353-deny-expired-by-default.patch
52
+ Patch4: rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch
53
- Patch5: rsyslog-8.37.0-rhbz1674471-imfile-log-rotation.patch
54
- Patch6: rsyslog-8.37.0-rhbz1677037-short-offMsg-overrun-crash.patch
55
- Patch7: rsyslog-8.37.0-rhbz1614181-imtcp-imudp-preservecase-option.patch
56
- Patch8: rsyslog-8.37.0-rhbz1716867-imjournal-memleak.patch
57
- Patch9: rsyslog-8.37.0-rhbz1722165-imjournal-flooding-errors.patch
58
- Patch10: rsyslog-8.37.0-rhbz1724218-imrelp-old-syntax.patch
59
- Patch11: rsyslog-8.37.0-rhbz1733244-TLS-CC-compatibility.patch
60
53
61
54
%package crypto
62
55
Summary: Encryption support
@@ -164,8 +157,8 @@ Elasticsearch.
164
157
165
158
%description gnutls
166
159
The rsyslog-gnutls package contains the rsyslog plugins that provide the
167
- ability to receive syslog messages via upcoming syslog-transport-tls
168
- IETF standard protocol.
160
+ ability to send and receive syslog messages via TCP or RELP using TLS
161
+ encryption. For details refer to rsyslog doc on imtcp and omfwd modules.
169
162
170
163
%description gssapi
171
164
The rsyslog-gssapi package contains the rsyslog plugins which support GSSAPI
@@ -230,16 +223,9 @@ mv build doc
230
223
231
224
%patch0 -p1 -b .service
232
225
%patch1 -p1 -b .default-tag
233
- %patch2 -p1 -b .imfile-symlink
234
- %patch3 -p1 -b .mmkubernetes-404
235
- %patch4 -p1 -b .endmsg-regex
226
+ %patch2 -p1 -b .imfile-statefiles
227
+ %patch3 -p1 -b .deny-expired-certs
228
+ %patch4 -p1 -b .config-enabled-on
236
- %patch5 -p1 -b .rotation-detection
237
- %patch6 -p1 -b .short-offmsg-crash
238
- %patch7 -p1 -b .preservecase-option
239
- %patch8 -p1 -b .imjournal-memleak
240
- %patch9 -p1 -b .imjournal-err-flood
241
- %patch10 -p1 -b .imrelp-old-syntax
242
- %patch11 -p1 -b .tls-CC
243
229
244
230
%build
245
231
%ifarch sparc64
@@ -276,6 +262,7 @@ autoreconf -if
276
262
--enable-mmsnmptrapd \
277
263
--enable-mmutf8fix \
278
264
--enable-mysql \
265
+ --enable-omhttp \
279
266
--enable-omjournal \
280
267
--enable-omkafka \
281
268
--enable-omprog \
@@ -367,7 +354,6 @@ done
367
354
%{_libdir}/rsyslog/lmnetstrms.so
368
355
%{_libdir}/rsyslog/lmnsd_ptcp.so
369
356
%{_libdir}/rsyslog/lmregexp.so
370
- %{_libdir}/rsyslog/lmstrmsrv.so
371
357
%{_libdir}/rsyslog/lmtcpclt.so
372
358
%{_libdir}/rsyslog/lmtcpsrv.so
373
359
%{_libdir}/rsyslog/lmzlibw.so
@@ -375,6 +361,7 @@ done
375
361
%{_libdir}/rsyslog/mmcount.so
376
362
%{_libdir}/rsyslog/mmexternal.so
377
363
%{_libdir}/rsyslog/mmutf8fix.so
364
+ %{_libdir}/rsyslog/omhttp.so
378
365
%{_libdir}/rsyslog/omjournal.so
379
366
%{_libdir}/rsyslog/ommail.so
380
367
%{_libdir}/rsyslog/omprog.so
@@ -443,6 +430,38 @@ done
443
430
444
431
445
432
%changelog
433
+ * Wed Dec 11 2019 Jiri Vymazal <jvymazal@redhat.com> - 8.1911.0-3
434
+ RHEL 8.2.0 ERRATUM
435
+ - added patch reverting rejecting expired certs by default
436
+ resolves: rhbz#1782353
437
+ - added patch silencing false errors on config.enabled statement
438
+ resolves: rhbz#1659383
439
+
440
+ * Tue Dec 03 2019 Jiri Vymazal <jvymazal@redhat.com> - 8.1911.0-2
441
+ RHEL 8.2.0 ERRATUM
442
+ - cleaned old patches, fixed patch names
443
+ resolves: rhbz#1740683
444
+
445
+ * Mon Dec 02 2019 Jiri Vymazal <jvymazal@redhat.com> - 8.1911.0-1
446
+ RHEL 8.2.0 ERRATUM
447
+ - rebased to 8.1911.0 upstream version, removed, previously
448
+ upstreamed patches
449
+ resolves: rhbz#1740683
450
+ resolves: rhbz#1659383
451
+ resolves: rhbz#1746876
452
+ resolves: rhbz#1676559
453
+ resolves: rhbz#1692072
454
+ resolves: rhbz#1692073
455
+ resolves: rhbz#1692074
456
+ resolves: rhbz#1699242
457
+ resolves: rhbz#1738213
458
+ resolves: rhbz#1744691
459
+ resolves: rhbz#1755218
460
+ resolves: rhbz#1768321
461
+ resolves: rhbz#1768324
462
+ - added patch fixing imfile stefiles naming
463
+ resolves: rhbz#1763757
464
+
446
465
* Fri Aug 30 2019 Jiri Vymazal <jvymazal@redhat.com> - 8.37.0-13
447
466
RHEL 8.1.0 ERRATUM
448
467
- added patch enabling stricter TLS certs checking conforming to

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation