Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273
  1. /*
  2. * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
  3. *
  4. * This program is free software; you can redistribute it and/or
  5. * modify it under the terms of the GNU General Public License as
  6. * published by the Free Software Foundation; either version 2 of the
  7. * License, or any later version.
  8. *
  9. * This program is distributed in the hope that it will be useful, but
  10. * WITHOUT ANY WARRANTY; without even the implied warranty of
  11. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  12. * General Public License for more details.
  13. *
  14. * You should have received a copy of the GNU General Public License
  15. * along with this program; if not, write to the Free Software
  16. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  17. * 02110-1301, USA.
  18. *
  19. * You can also choose to distribute this program under the terms of
  20. * the Unmodified Binary Distribution Licence (as given in the file
  21. * COPYING.UBDL), provided that you have satisfied its requirements.
  22. */
  23. FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  24. /** @file
  25. *
  26. * Encrypted syslog protocol
  27. *
  28. */
  29. #include <stdint.h>
  30. #include <stdlib.h>
  31. #include <byteswap.h>
  32. #include <ipxe/xfer.h>
  33. #include <ipxe/open.h>
  34. #include <ipxe/tcpip.h>
  35. #include <ipxe/dhcp.h>
  36. #include <ipxe/settings.h>
  37. #include <ipxe/console.h>
  38. #include <ipxe/lineconsole.h>
  39. #include <ipxe/tls.h>
  40. #include <ipxe/syslog.h>
  41. #include <config/console.h>
  42. /* Set default console usage if applicable */
  43. #if ! ( defined ( CONSOLE_SYSLOGS ) && CONSOLE_EXPLICIT ( CONSOLE_SYSLOGS ) )
  44. #undef CONSOLE_SYSLOGS
  45. #define CONSOLE_SYSLOGS ( CONSOLE_USAGE_ALL & ~CONSOLE_USAGE_TUI )
  46. #endif
  47. struct console_driver syslogs_console __console_driver;
  48. /** The encrypted syslog server */
  49. static struct sockaddr_tcpip logserver = {
  50. .st_port = htons ( SYSLOG_PORT ),
  51. };
  52. /**
  53. * Handle encrypted syslog TLS interface close
  54. *
  55. * @v intf Interface
  56. * @v rc Reason for close
  57. */
  58. static void syslogs_close ( struct interface *intf __unused, int rc ) {
  59. DBG ( "SYSLOGS console disconnected: %s\n", strerror ( rc ) );
  60. }
  61. /**
  62. * Handle encrypted syslog TLS interface window change
  63. *
  64. * @v intf Interface
  65. */
  66. static void syslogs_window_changed ( struct interface *intf ) {
  67. /* Mark console as enabled when window first opens, indicating
  68. * that TLS negotiation is complete. (Do not disable console
  69. * when window closes again, since TCP will close the window
  70. * whenever there is unACKed data.)
  71. */
  72. if ( xfer_window ( intf ) ) {
  73. if ( syslogs_console.disabled )
  74. DBG ( "SYSLOGS console connected\n" );
  75. syslogs_console.disabled = 0;
  76. }
  77. }
  78. /** Encrypted syslog TLS interface operations */
  79. static struct interface_operation syslogs_operations[] = {
  80. INTF_OP ( xfer_window_changed, struct interface *,
  81. syslogs_window_changed ),
  82. INTF_OP ( intf_close, struct interface *, syslogs_close ),
  83. };
  84. /** Encrypted syslog TLS interface descriptor */
  85. static struct interface_descriptor syslogs_desc =
  86. INTF_DESC_PURE ( syslogs_operations );
  87. /** The encrypted syslog TLS interface */
  88. static struct interface syslogs = INTF_INIT ( syslogs_desc );
  89. /******************************************************************************
  90. *
  91. * Console driver
  92. *
  93. ******************************************************************************
  94. */
  95. /** Encrypted syslog line buffer */
  96. static char syslogs_buffer[SYSLOG_BUFSIZE];
  97. /** Encrypted syslog severity */
  98. static unsigned int syslogs_severity = SYSLOG_DEFAULT_SEVERITY;
  99. /**
  100. * Handle ANSI set encrypted syslog priority (private sequence)
  101. *
  102. * @v ctx ANSI escape sequence context
  103. * @v count Parameter count
  104. * @v params List of graphic rendition aspects
  105. */
  106. static void syslogs_handle_priority ( struct ansiesc_context *ctx __unused,
  107. unsigned int count __unused,
  108. int params[] ) {
  109. if ( params[0] >= 0 ) {
  110. syslogs_severity = params[0];
  111. } else {
  112. syslogs_severity = SYSLOG_DEFAULT_SEVERITY;
  113. }
  114. }
  115. /** Encrypted syslog ANSI escape sequence handlers */
  116. static struct ansiesc_handler syslogs_handlers[] = {
  117. { ANSIESC_LOG_PRIORITY, syslogs_handle_priority },
  118. { 0, NULL }
  119. };
  120. /** Encrypted syslog line console */
  121. static struct line_console syslogs_line = {
  122. .buffer = syslogs_buffer,
  123. .len = sizeof ( syslogs_buffer ),
  124. .ctx = {
  125. .handlers = syslogs_handlers,
  126. },
  127. };
  128. /** Encrypted syslog recursion marker */
  129. static int syslogs_entered;
  130. /**
  131. * Print a character to encrypted syslog console
  132. *
  133. * @v character Character to be printed
  134. */
  135. static void syslogs_putchar ( int character ) {
  136. int rc;
  137. /* Ignore if we are already mid-logging */
  138. if ( syslogs_entered )
  139. return;
  140. /* Fill line buffer */
  141. if ( line_putchar ( &syslogs_line, character ) == 0 )
  142. return;
  143. /* Guard against re-entry */
  144. syslogs_entered = 1;
  145. /* Send log message */
  146. if ( ( rc = syslog_send ( &syslogs, syslogs_severity,
  147. syslogs_buffer, "\n" ) ) != 0 ) {
  148. DBG ( "SYSLOGS could not send log message: %s\n",
  149. strerror ( rc ) );
  150. }
  151. /* Clear re-entry flag */
  152. syslogs_entered = 0;
  153. }
  154. /** Encrypted syslog console driver */
  155. struct console_driver syslogs_console __console_driver = {
  156. .putchar = syslogs_putchar,
  157. .disabled = CONSOLE_DISABLED,
  158. .usage = CONSOLE_SYSLOGS,
  159. };
  160. /******************************************************************************
  161. *
  162. * Settings
  163. *
  164. ******************************************************************************
  165. */
  166. /** Encrypted syslog server setting */
  167. const struct setting syslogs_setting __setting ( SETTING_MISC, syslogs ) = {
  168. .name = "syslogs",
  169. .description = "Encrypted syslog server",
  170. .tag = DHCP_EB_SYSLOGS_SERVER,
  171. .type = &setting_type_string,
  172. };
  173. /**
  174. * Apply encrypted syslog settings
  175. *
  176. * @ret rc Return status code
  177. */
  178. static int apply_syslogs_settings ( void ) {
  179. static char *old_server;
  180. char *server;
  181. struct interface *socket;
  182. int rc;
  183. /* Fetch log server */
  184. fetch_string_setting_copy ( NULL, &syslogs_setting, &server );
  185. /* Do nothing unless log server has changed */
  186. if ( ( ( server == NULL ) && ( old_server == NULL ) ) ||
  187. ( ( server != NULL ) && ( old_server != NULL ) &&
  188. ( strcmp ( server, old_server ) == 0 ) ) ) {
  189. rc = 0;
  190. goto out_no_change;
  191. }
  192. free ( old_server );
  193. old_server = NULL;
  194. /* Reset encrypted syslog connection */
  195. syslogs_console.disabled = CONSOLE_DISABLED;
  196. intf_restart ( &syslogs, 0 );
  197. /* Do nothing unless we have a log server */
  198. if ( ! server ) {
  199. DBG ( "SYSLOGS has no log server\n" );
  200. rc = 0;
  201. goto out_no_server;
  202. }
  203. /* Add TLS filter */
  204. if ( ( rc = add_tls ( &syslogs, server, &socket ) ) != 0 ) {
  205. DBG ( "SYSLOGS cannot create TLS filter: %s\n",
  206. strerror ( rc ) );
  207. goto err_add_tls;
  208. }
  209. /* Connect to log server */
  210. if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
  211. (( struct sockaddr *) &logserver ),
  212. server, NULL ) ) != 0 ) {
  213. DBG ( "SYSLOGS cannot connect to log server: %s\n",
  214. strerror ( rc ) );
  215. goto err_open_named_socket;
  216. }
  217. DBG ( "SYSLOGS using log server %s\n", server );
  218. /* Record log server */
  219. old_server = server;
  220. server = NULL;
  221. /* Success */
  222. rc = 0;
  223. err_open_named_socket:
  224. err_add_tls:
  225. out_no_server:
  226. out_no_change:
  227. free ( server );
  228. return rc;
  229. }
  230. /** Encrypted syslog settings applicator */
  231. struct settings_applicator syslogs_applicator __settings_applicator = {
  232. .apply = apply_syslogs_settings,
  233. };