Merge branch 'collectd-5.5' into collectd-5.6

[collectd.git] / src / network.c

diff --git a/src/network.c b/src/network.c
index 1b560c4..9a0f429 100644 (file)
--- a/src/network.c
+++ b/src/network.c
@@ -29,7 +29,6 @@
 
 #include "plugin.h"
 #include "common.h"
-#include "configfile.h"
 #include "utils_fbhash.h"
 #include "utils_cache.h"
 #include "utils_complain.h"
@@ -490,7 +489,7 @@ static int network_dispatch_notification (notification_t *n) /* {{{ */
 } /* }}} int network_dispatch_notification */
 
 #if HAVE_LIBGCRYPT
-static void network_init_gcrypt (void) /* {{{ */
+static int network_init_gcrypt (void) /* {{{ */
 {
   gcry_error_t err;
 
@@ -498,7 +497,7 @@ static void network_init_gcrypt (void) /* {{{ */
    * Because you can't know in a library whether another library has
    * already initialized the library */
   if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
-    return;
+    return (0);
 
  /* http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html
   * To ensure thread-safety, it's important to set GCRYCTL_SET_THREAD_CBS
@@ -512,7 +511,7 @@ static void network_init_gcrypt (void) /* {{{ */
   if (err)
   {
     ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err));
-    abort ();
+    return (-1);
   }
 # endif
 
@@ -522,11 +521,12 @@ static void network_init_gcrypt (void) /* {{{ */
   if (err)
   {
     ERROR ("network plugin: gcry_control (GCRYCTL_INIT_SECMEM) failed: %s", gcry_strerror (err));
-    abort ();
+    return (-1);
   }
 
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
-} /* }}} void network_init_gcrypt */
+  return (0);
+} /* }}} int network_init_gcrypt */
 
 static gcry_cipher_hd_t network_get_aes256_cypher (sockent_t *se, /* {{{ */
     const void *iv, size_t iv_size, const char *username)
@@ -1148,7 +1148,7 @@ static int parse_part_sign_sha256 (sockent_t *se, /* {{{ */
   if (memcmp (pss.hash, hash, sizeof (pss.hash)) != 0)
   {
     WARNING ("network plugin: Verifying HMAC-SHA-256 signature failed: "
-        "Hash mismatch.");
+        "Hash mismatch. Username: %s", pss.username);
   }
   else
   {
@@ -1283,6 +1283,7 @@ static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
       pea.username);
   if (cypher == NULL)
   {
+    ERROR ("network plugin: Failed to get cypher. Username: %s", pea.username);
     sfree (pea.username);
     return (-1);
   }
@@ -1298,8 +1299,8 @@ static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
   if (err != 0)
   {
     sfree (pea.username);
-    ERROR ("network plugin: gcry_cipher_decrypt returned: %s",
-        gcry_strerror (err));
+    ERROR ("network plugin: gcry_cipher_decrypt returned: %s. Username: %s",
+        gcry_strerror (err), pea.username);
     return (-1);
   }
 
@@ -1315,8 +1316,8 @@ static int parse_part_encr_aes256 (sockent_t *se, /* {{{ */
       buffer + buffer_offset, payload_len);
   if (memcmp (hash, pea.hash, sizeof (hash)) != 0)
   {
+    ERROR ("network plugin: Checksum mismatch. Username: %s", pea.username);
     sfree (pea.username);
-    ERROR ("network plugin: Decryption failed: Checksum mismatch.");
     return (-1);
   }
 
@@ -1395,7 +1396,7 @@ static int parse_packet (sockent_t *se, /* {{{ */
 
 #if HAVE_LIBGCRYPT
        int packet_was_signed = (flags & PP_SIGNED);
-        int packet_was_encrypted = (flags & PP_ENCRYPTED);
+       int packet_was_encrypted = (flags & PP_ENCRYPTED);
        int printed_ignore_warning = 0;
 #endif /* HAVE_LIBGCRYPT */
 
@@ -2061,7 +2062,12 @@ static int sockent_init_crypto (sockent_t *se) /* {{{ */
        {
                if (se->data.client.security_level > SECURITY_LEVEL_NONE)
                {
-                       network_init_gcrypt ();
+                       if (network_init_gcrypt () < 0)
+                       {
+                               ERROR ("network plugin: Cannot configure client socket with "
+                                               "security: Failed to initialize crypto library.");
+                               return (-1);
+                       }
 
                        if ((se->data.client.username == NULL)
                                        || (se->data.client.password == NULL))
@@ -2079,28 +2085,28 @@ static int sockent_init_crypto (sockent_t *se) /* {{{ */
        }
        else /* (se->type == SOCKENT_TYPE_SERVER) */
        {
-               if (se->data.server.security_level > SECURITY_LEVEL_NONE)
+               if ((se->data.server.security_level > SECURITY_LEVEL_NONE)
+                               && (se->data.server.auth_file == NULL))
                {
-                       network_init_gcrypt ();
-
-                       if (se->data.server.auth_file == NULL)
-                       {
-                               ERROR ("network plugin: Server socket with "
-                                               "security requested, but no "
-                                               "password file is configured.");
-                               return (-1);
-                       }
+                       ERROR ("network plugin: Server socket with security requested, "
+                                       "but no \"AuthFile\" is configured.");
+                       return (-1);
                }
                if (se->data.server.auth_file != NULL)
                {
+                       if (network_init_gcrypt () < 0)
+                       {
+                               ERROR ("network plugin: Cannot configure server socket with security: "
+                                               "Failed to initialize crypto library.");
+                               return (-1);
+                       }
+
                        se->data.server.userdb = fbh_create (se->data.server.auth_file);
                        if (se->data.server.userdb == NULL)
                        {
-                               ERROR ("network plugin: Reading password file "
-                                               "`%s' failed.",
+                               ERROR ("network plugin: Reading password file \"%s\" failed.",
                                                se->data.server.auth_file);
-                               if (se->data.server.security_level > SECURITY_LEVEL_NONE)
-                                       return (-1);
+                               return (-1);
                        }
                }
        }
@@ -2880,6 +2886,11 @@ static int network_write (const data_set_t *ds, const value_list_t *vl,
 {
        int status;
 
+       /* listen_loop is set to non-zero in the shutdown callback, which is
+        * guaranteed to be called *after* all the write threads have been shut
+        * down. */
+       assert (listen_loop == 0);
+
        if (!check_send_okay (vl))
        {
 #if COLLECT_DEBUG
@@ -3433,10 +3444,6 @@ static int network_init (void)
                return (0);
        have_init = 1;
 
-#if HAVE_LIBGCRYPT
-       network_init_gcrypt ();
-#endif
-
        if (network_config_stats)
                plugin_register_read ("network", network_stats_read);