#include "plugin.h"
#include "common.h"
-#include "configfile.h"
#include "utils_fbhash.h"
#include "utils_cache.h"
#include "utils_complain.h"
} /* }}} int network_dispatch_notification */
#if HAVE_LIBGCRYPT
-static void network_init_gcrypt (void) /* {{{ */
+static int network_init_gcrypt (void) /* {{{ */
{
gcry_error_t err;
* Because you can't know in a library whether another library has
* already initialized the library */
if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
- return;
+ return (0);
/* http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html
* To ensure thread-safety, it's important to set GCRYCTL_SET_THREAD_CBS
if (err)
{
ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err));
- abort ();
+ return (-1);
}
# endif
if (err)
{
ERROR ("network plugin: gcry_control (GCRYCTL_INIT_SECMEM) failed: %s", gcry_strerror (err));
- abort ();
+ return (-1);
}
gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
-} /* }}} void network_init_gcrypt */
+ return (0);
+} /* }}} int network_init_gcrypt */
static gcry_cipher_hd_t network_get_aes256_cypher (sockent_t *se, /* {{{ */
const void *iv, size_t iv_size, const char *username)
if (memcmp (pss.hash, hash, sizeof (pss.hash)) != 0)
{
WARNING ("network plugin: Verifying HMAC-SHA-256 signature failed: "
- "Hash mismatch.");
+ "Hash mismatch. Username: %s", pss.username);
}
else
{
pea.username);
if (cypher == NULL)
{
+ ERROR ("network plugin: Failed to get cypher. Username: %s", pea.username);
sfree (pea.username);
return (-1);
}
if (err != 0)
{
sfree (pea.username);
- ERROR ("network plugin: gcry_cipher_decrypt returned: %s",
- gcry_strerror (err));
+ ERROR ("network plugin: gcry_cipher_decrypt returned: %s. Username: %s",
+ gcry_strerror (err), pea.username);
return (-1);
}
buffer + buffer_offset, payload_len);
if (memcmp (hash, pea.hash, sizeof (hash)) != 0)
{
+ ERROR ("network plugin: Checksum mismatch. Username: %s", pea.username);
sfree (pea.username);
- ERROR ("network plugin: Decryption failed: Checksum mismatch.");
return (-1);
}
#if HAVE_LIBGCRYPT
int packet_was_signed = (flags & PP_SIGNED);
- int packet_was_encrypted = (flags & PP_ENCRYPTED);
+ int packet_was_encrypted = (flags & PP_ENCRYPTED);
int printed_ignore_warning = 0;
#endif /* HAVE_LIBGCRYPT */
{
if (se->data.client.security_level > SECURITY_LEVEL_NONE)
{
- network_init_gcrypt ();
+ if (network_init_gcrypt () < 0)
+ {
+ ERROR ("network plugin: Cannot configure client socket with "
+ "security: Failed to initialize crypto library.");
+ return (-1);
+ }
if ((se->data.client.username == NULL)
|| (se->data.client.password == NULL))
}
else /* (se->type == SOCKENT_TYPE_SERVER) */
{
- if (se->data.server.security_level > SECURITY_LEVEL_NONE)
+ if ((se->data.server.security_level > SECURITY_LEVEL_NONE)
+ && (se->data.server.auth_file == NULL))
{
- network_init_gcrypt ();
-
- if (se->data.server.auth_file == NULL)
- {
- ERROR ("network plugin: Server socket with "
- "security requested, but no "
- "password file is configured.");
- return (-1);
- }
+ ERROR ("network plugin: Server socket with security requested, "
+ "but no \"AuthFile\" is configured.");
+ return (-1);
}
if (se->data.server.auth_file != NULL)
{
+ if (network_init_gcrypt () < 0)
+ {
+ ERROR ("network plugin: Cannot configure server socket with security: "
+ "Failed to initialize crypto library.");
+ return (-1);
+ }
+
se->data.server.userdb = fbh_create (se->data.server.auth_file);
if (se->data.server.userdb == NULL)
{
- ERROR ("network plugin: Reading password file "
- "`%s' failed.",
+ ERROR ("network plugin: Reading password file \"%s\" failed.",
se->data.server.auth_file);
- if (se->data.server.security_level > SECURITY_LEVEL_NONE)
- return (-1);
+ return (-1);
}
}
}
{
int status;
+ /* listen_loop is set to non-zero in the shutdown callback, which is
+ * guaranteed to be called *after* all the write threads have been shut
+ * down. */
+ assert (listen_loop == 0);
+
if (!check_send_okay (vl))
{
#if COLLECT_DEBUG
return (0);
have_init = 1;
-#if HAVE_LIBGCRYPT
- network_init_gcrypt ();
-#endif
-
if (network_config_stats)
plugin_register_read ("network", network_stats_read);