diff --git a/src/network.c b/src/network.c
index 0ee6ed0b9834f96a9ad1cd885657c0e5f9719c89..f1140608851417958a0dfd9f1382e49d67684930 100644 (file)
--- a/src/network.c
+++ b/src/network.c
gcry_cipher_hd_t cypher;
unsigned char password_hash[32];
#endif
+ cdtime_t next_resolve_reconnect;
+ cdtime_t resolve_interval;
};
struct sockent_server
} /* }}} int network_dispatch_notification */
#if HAVE_LIBGCRYPT
-static void network_init_gcrypt (void) /* {{{ */
+static int network_init_gcrypt (void) /* {{{ */
{
+ gcry_error_t err;
+
/* http://lists.gnupg.org/pipermail/gcrypt-devel/2003-August/000458.html
* Because you can't know in a library whether another library has
* already initialized the library */
if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
- return;
+ return (0);
/* http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html
* To ensure thread-safety, it's important to set GCRYCTL_SET_THREAD_CBS
*
* tl;dr: keep all these gry_* statements in this exact order please. */
# if GCRYPT_VERSION_NUMBER < 0x010600
- gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ if (err)
+ {
+ ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err));
+ return (-1);
+ }
# endif
+
gcry_check_version (NULL);
- gcry_control (GCRYCTL_INIT_SECMEM, 32768);
+
+ err = gcry_control (GCRYCTL_INIT_SECMEM, 32768);
+ if (err)
+ {
+ ERROR ("network plugin: gcry_control (GCRYCTL_INIT_SECMEM) failed: %s", gcry_strerror (err));
+ return (-1);
+ }
+
gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
-} /* }}} void network_init_gcrypt */
+ return (0);
+} /* }}} int network_init_gcrypt */
static gcry_cipher_hd_t network_get_aes256_cypher (sockent_t *se, /* {{{ */
const void *iv, size_t iv_size, const char *username)
} /* int parse_part_number */
static int parse_part_string (void **ret_buffer, size_t *ret_buffer_len,
- char *output, int output_len)
+ char *output, size_t const output_len)
{
char *buffer = *ret_buffer;
size_t buffer_len = *ret_buffer_len;
uint16_t tmp16;
- size_t header_size = 2 * sizeof (uint16_t);
+ size_t const header_size = 2 * sizeof (uint16_t);
uint16_t pkg_length;
+ size_t payload_size;
+
+ if (output_len <= 0)
+ return (EINVAL);
if (buffer_len < header_size)
{
memcpy ((void *) &tmp16, buffer, sizeof (tmp16));
buffer += sizeof (tmp16);
pkg_length = ntohs (tmp16);
+ payload_size = ((size_t) pkg_length) - header_size;
/* Check that packet fits in the input buffer */
if (pkg_length > buffer_len)
/* Check that the package data fits into the output buffer.
* The previous if-statement ensures that:
* `pkg_length > header_size' */
- if ((output_len < 0)
- || ((size_t) output_len < ((size_t) pkg_length - header_size)))
+ if (output_len < payload_size)
{
WARNING ("network plugin: parse_part_string: "
- "Output buffer too small.");
+ "Buffer too small: "
+ "Output buffer holds %zu bytes, "
+ "which is too small to hold the received "
+ "%zu byte string.",
+ output_len, payload_size);
return (-1);
}
/* All sanity checks successfull, let's copy the data over */
- output_len = pkg_length - header_size;
- memcpy ((void *) output, (void *) buffer, output_len);
- buffer += output_len;
+ memcpy ((void *) output, (void *) buffer, payload_size);
+ buffer += payload_size;
/* For some very weird reason '\0' doesn't do the trick on SPARC in
* this statement. */
- if (output[output_len - 1] != 0)
+ if (output[payload_size - 1] != 0)
{
WARNING ("network plugin: parse_part_string: "
"Received string does not end "
printed_ignore_warning = 1;
}
buffer = ((char *) buffer) + pkg_length;
+ buffer_size -= (size_t) pkg_length;
continue;
}
#endif /* HAVE_LIBGCRYPT */
printed_ignore_warning = 1;
}
buffer = ((char *) buffer) + pkg_length;
+ buffer_size -= (size_t) pkg_length;
continue;
}
#endif /* HAVE_LIBGCRYPT */
DEBUG ("network plugin: parse_packet: Unknown part"
" type: 0x%04hx", pkg_type);
buffer = ((char *) buffer) + pkg_length;
+ buffer_size -= (size_t) pkg_length;
}
} /* while (buffer_size > sizeof (part_header_t)) */
{
se->data.client.fd = -1;
se->data.client.addr = NULL;
+ se->data.client.resolve_interval = 0;
+ se->data.client.next_resolve_reconnect = 0;
#if HAVE_LIBGCRYPT
se->data.client.security_level = SECURITY_LEVEL_NONE;
se->data.client.username = NULL;
{
if (se->data.client.security_level > SECURITY_LEVEL_NONE)
{
- network_init_gcrypt ();
+ if (network_init_gcrypt () < 0)
+ {
+ ERROR ("network plugin: Cannot configure client socket with "
+ "security: Failed to initialize crypto library.");
+ return (-1);
+ }
if ((se->data.client.username == NULL)
|| (se->data.client.password == NULL))
}
else /* (se->type == SOCKENT_TYPE_SERVER) */
{
- if (se->data.server.security_level > SECURITY_LEVEL_NONE)
+ if ((se->data.server.security_level > SECURITY_LEVEL_NONE)
+ && (se->data.server.auth_file == NULL))
{
- network_init_gcrypt ();
-
- if (se->data.server.auth_file == NULL)
- {
- ERROR ("network plugin: Server socket with "
- "security requested, but no "
- "password file is configured.");
- return (-1);
- }
+ ERROR ("network plugin: Server socket with security requested, "
+ "but no \"AuthFile\" is configured.");
+ return (-1);
}
if (se->data.server.auth_file != NULL)
{
+ if (network_init_gcrypt () < 0)
+ {
+ ERROR ("network plugin: Cannot configure server socket with security: "
+ "Failed to initialize crypto library.");
+ return (-1);
+ }
+
se->data.server.userdb = fbh_create (se->data.server.auth_file);
if (se->data.server.userdb == NULL)
{
- ERROR ("network plugin: Reading password file "
- "`%s' failed.",
+ ERROR ("network plugin: Reading password file \"%s\" failed.",
se->data.server.auth_file);
- if (se->data.server.security_level > SECURITY_LEVEL_NONE)
- return (-1);
+ return (-1);
}
}
}
return (0);
} /* }}} int sockent_init_crypto */
+static int sockent_client_disconnect (sockent_t *se) /* {{{ */
+{
+ struct sockent_client *client;
+
+ if ((se == NULL) || (se->type != SOCKENT_TYPE_CLIENT))
+ return (EINVAL);
+
+ client = &se->data.client;
+ if (client->fd >= 0) /* connected */
+ {
+ close (client->fd);
+ client->fd = -1;
+ }
+
+ sfree (client->addr);
+ client->addrlen = 0;
+
+ return (0);
+} /* }}} int sockent_client_disconnect */
+
static int sockent_client_connect (sockent_t *se) /* {{{ */
{
static c_complain_t complaint = C_COMPLAIN_INIT_STATIC;
struct addrinfo ai_hints;
struct addrinfo *ai_list = NULL, *ai_ptr;
int status;
+ _Bool reconnect = 0;
+ cdtime_t now;
if ((se == NULL) || (se->type != SOCKENT_TYPE_CLIENT))
return (EINVAL);
client = &se->data.client;
- if (client->fd >= 0) /* already connected */
+
+ now = cdtime ();
+ if (client->resolve_interval != 0 && client->next_resolve_reconnect < now) {
+ DEBUG("network plugin: Reconnecting socket, resolve_interval = %lf, next_resolve_reconnect = %lf",
+ CDTIME_T_TO_DOUBLE(client->resolve_interval), CDTIME_T_TO_DOUBLE(client->next_resolve_reconnect));
+ reconnect = 1;
+ }
+
+ if (client->fd >= 0 && !reconnect) /* already connected and not stale*/
return (0);
memset (&ai_hints, 0, sizeof (ai_hints));
for (ai_ptr = ai_list; ai_ptr != NULL; ai_ptr = ai_ptr->ai_next)
{
+ if (client->fd >= 0) /* when we reconnect */
+ sockent_client_disconnect(se);
+
client->fd = socket (ai_ptr->ai_family,
ai_ptr->ai_socktype,
ai_ptr->ai_protocol);
freeaddrinfo (ai_list);
if (client->fd < 0)
return (-1);
- return (0);
-} /* }}} int sockent_client_connect */
-
-static int sockent_client_disconnect (sockent_t *se) /* {{{ */
-{
- struct sockent_client *client;
-
- if ((se == NULL) || (se->type != SOCKENT_TYPE_CLIENT))
- return (EINVAL);
-
- client = &se->data.client;
- if (client->fd >= 0) /* connected */
- {
- close (client->fd);
- client->fd = -1;
- }
-
- sfree (client->addr);
- client->addrlen = 0;
+ if (client->resolve_interval > 0)
+ client->next_resolve_reconnect = now + client->resolve_interval;
return (0);
-} /* }}} int sockent_client_disconnect */
+} /* }}} int sockent_client_connect */
/* Open the file descriptors for a initialized sockent structure. */
static int sockent_server_listen (sockent_t *se) /* {{{ */
{
int status;
+ /* listen_loop is set to non-zero in the shutdown callback, which is
+ * guaranteed to be called *after* all the write threads have been shut
+ * down. */
+ assert (listen_loop == 0);
+
if (!check_send_okay (vl))
{
#if COLLECT_DEBUG
if (strcasecmp ("Interface", child->key) == 0)
network_config_set_interface (child,
&se->interface);
+ else if (strcasecmp ("ResolveInterval", child->key) == 0)
+ cf_util_get_cdtime(child, &se->data.client.resolve_interval);
else
{
WARNING ("network plugin: Option `%s' is not allowed here.",
return (0);
have_init = 1;
-#if HAVE_LIBGCRYPT
- network_init_gcrypt ();
-#endif
-
if (network_config_stats != 0)
plugin_register_read ("network", network_stats_read);