blob: 503ed177ae76f7e0fbe7376e46556e9325a74c5b [file] [log] [blame]
/*
* Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
FILE_LICENCE ( GPL2_OR_LATER );
/** @file
*
* Encrypted syslog protocol
*
*/
#include <stdint.h>
#include <stdlib.h>
#include <byteswap.h>
#include <ipxe/xfer.h>
#include <ipxe/open.h>
#include <ipxe/tcpip.h>
#include <ipxe/dhcp.h>
#include <ipxe/settings.h>
#include <ipxe/console.h>
#include <ipxe/lineconsole.h>
#include <ipxe/tls.h>
#include <ipxe/syslog.h>
#include <config/console.h>
/* Set default console usage if applicable */
#if ! ( defined ( CONSOLE_SYSLOGS ) && CONSOLE_EXPLICIT ( CONSOLE_SYSLOGS ) )
#undef CONSOLE_SYSLOGS
#define CONSOLE_SYSLOGS ( CONSOLE_USAGE_ALL & ~CONSOLE_USAGE_TUI )
#endif
struct console_driver syslogs_console __console_driver;
/** The encrypted syslog server */
static struct sockaddr_tcpip logserver = {
.st_family = AF_INET,
.st_port = htons ( SYSLOG_PORT ),
};
/**
* Handle encrypted syslog TLS interface close
*
* @v intf Interface
* @v rc Reason for close
*/
static void syslogs_close ( struct interface *intf __unused, int rc ) {
DBG ( "SYSLOGS console disconnected: %s\n", strerror ( rc ) );
}
/**
* Handle encrypted syslog TLS interface window change
*
* @v intf Interface
*/
static void syslogs_window_changed ( struct interface *intf ) {
/* Mark console as enabled when window first opens, indicating
* that TLS negotiation is complete. (Do not disable console
* when window closes again, since TCP will close the window
* whenever there is unACKed data.)
*/
if ( xfer_window ( intf ) ) {
if ( syslogs_console.disabled )
DBG ( "SYSLOGS console connected\n" );
syslogs_console.disabled = 0;
}
}
/** Encrypted syslog TLS interface operations */
static struct interface_operation syslogs_operations[] = {
INTF_OP ( xfer_window_changed, struct interface *,
syslogs_window_changed ),
INTF_OP ( intf_close, struct interface *, syslogs_close ),
};
/** Encrypted syslog TLS interface descriptor */
static struct interface_descriptor syslogs_desc =
INTF_DESC_PURE ( syslogs_operations );
/** The encrypted syslog TLS interface */
static struct interface syslogs = INTF_INIT ( syslogs_desc );
/******************************************************************************
*
* Console driver
*
******************************************************************************
*/
/** Encrypted syslog line buffer */
static char syslogs_buffer[SYSLOG_BUFSIZE];
/** Encrypted syslog severity */
static unsigned int syslogs_severity = SYSLOG_DEFAULT_SEVERITY;
/**
* Handle ANSI set encrypted syslog priority (private sequence)
*
* @v ctx ANSI escape sequence context
* @v count Parameter count
* @v params List of graphic rendition aspects
*/
static void syslogs_handle_priority ( struct ansiesc_context *ctx __unused,
unsigned int count __unused,
int params[] ) {
if ( params[0] >= 0 ) {
syslogs_severity = params[0];
} else {
syslogs_severity = SYSLOG_DEFAULT_SEVERITY;
}
}
/** Encrypted syslog ANSI escape sequence handlers */
static struct ansiesc_handler syslogs_handlers[] = {
{ ANSIESC_LOG_PRIORITY, syslogs_handle_priority },
{ 0, NULL }
};
/** Encrypted syslog line console */
static struct line_console syslogs_line = {
.buffer = syslogs_buffer,
.len = sizeof ( syslogs_buffer ),
.ctx = {
.handlers = syslogs_handlers,
},
};
/** Encrypted syslog recursion marker */
static int syslogs_entered;
/**
* Print a character to encrypted syslog console
*
* @v character Character to be printed
*/
static void syslogs_putchar ( int character ) {
int rc;
/* Ignore if we are already mid-logging */
if ( syslogs_entered )
return;
/* Fill line buffer */
if ( line_putchar ( &syslogs_line, character ) == 0 )
return;
/* Guard against re-entry */
syslogs_entered = 1;
/* Send log message */
if ( ( rc = syslog_send ( &syslogs, syslogs_severity,
syslogs_buffer, "\n" ) ) != 0 ) {
DBG ( "SYSLOGS could not send log message: %s\n",
strerror ( rc ) );
}
/* Clear re-entry flag */
syslogs_entered = 0;
}
/** Encrypted syslog console driver */
struct console_driver syslogs_console __console_driver = {
.putchar = syslogs_putchar,
.disabled = CONSOLE_DISABLED,
.usage = CONSOLE_SYSLOGS,
};
/******************************************************************************
*
* Settings
*
******************************************************************************
*/
/** Encrypted syslog server setting */
const struct setting syslogs_setting __setting ( SETTING_MISC ) = {
.name = "syslogs",
.description = "Encrypted syslog server",
.tag = DHCP_EB_SYSLOGS_SERVER,
.type = &setting_type_string,
};
/**
* Apply encrypted syslog settings
*
* @ret rc Return status code
*/
static int apply_syslogs_settings ( void ) {
static char *old_server;
char *server;
struct interface *socket;
int rc;
/* Fetch log server */
fetch_string_setting_copy ( NULL, &syslogs_setting, &server );
/* Do nothing unless log server has changed */
if ( ( ( server == NULL ) && ( old_server == NULL ) ) ||
( ( server != NULL ) && ( old_server != NULL ) &&
( strcmp ( server, old_server ) == 0 ) ) ) {
rc = 0;
goto out_no_change;
}
free ( old_server );
old_server = NULL;
/* Reset encrypted syslog connection */
syslogs_console.disabled = CONSOLE_DISABLED;
intf_restart ( &syslogs, 0 );
/* Do nothing unless we have a log server */
if ( ! server ) {
DBG ( "SYSLOGS has no log server\n" );
rc = 0;
goto out_no_server;
}
/* Add TLS filter */
if ( ( rc = add_tls ( &syslogs, server, &socket ) ) != 0 ) {
DBG ( "SYSLOGS cannot create TLS filter: %s\n",
strerror ( rc ) );
goto err_add_tls;
}
/* Connect to log server */
if ( ( rc = xfer_open_named_socket ( socket, SOCK_STREAM,
(( struct sockaddr *) &logserver ),
server, NULL ) ) != 0 ) {
DBG ( "SYSLOGS cannot connect to log server: %s\n",
strerror ( rc ) );
goto err_open_named_socket;
}
DBG ( "SYSLOGS using log server %s\n", server );
/* Record log server */
old_server = server;
server = NULL;
/* Success */
rc = 0;
err_open_named_socket:
err_add_tls:
out_no_server:
out_no_change:
free ( server );
return rc;
}
/** Encrypted syslog settings applicator */
struct settings_applicator syslogs_applicator __settings_applicator = {
.apply = apply_syslogs_settings,
};