Merge pull request #843 from taotetek/master

Problem: we would like to use czmq v3 + encryption and curve authentication

Author: atomicturtle

src/analysisd/analysisd.c

@@ -257,7 +257,11 @@ int main_analysisd(int argc, char **argv)
 #ifdef ZEROMQ_OUTPUT_ENABLED
     /* Start zeromq */
     if (Config.zeromq_output) {
+#if CZMQ_VERSION_MAJOR == 2 
         zeromq_output_start(Config.zeromq_output_uri);
+#elif CZMQ_VERSION_MAJOR >= 3
+        zeromq_output_start(Config.zeromq_output_uri, Config.zeromq_output_client_cert, Config.zeromq_output_server_cert);
+#endif
     }
 #endif
 

src/analysisd/config.c

@@ -32,6 +32,8 @@ int GlobalConf(const char *cfgfile)
     Config.prelude = 0;
     Config.zeromq_output = 0;
     Config.zeromq_output_uri = NULL;
+    Config.zeromq_output_server_cert = NULL;
+    Config.zeromq_output_client_cert = NULL;
     Config.jsonout_output = 0;
     Config.memorysize = 1024;
     Config.mailnotify = -1;

src/analysisd/output/zeromq.c

@@ -13,15 +13,19 @@
 
 #include "shared.h"
 #include "rules.h"
-#include "czmq.h"
 #include "format/to_json.h"
 
 
 /* Global variables */
+#if CZMQ_VERSION_MAJOR == 2
 static zctx_t *zeromq_context;
 static void *zeromq_pubsocket;
+#elif CZMQ_VERSION_MAJOR >= 3
+zsock_t *zeromq_pubsocket;
+zactor_t *auth;
+#endif
 
-
+#if CZMQ_VERSION_MAJOR == 2
 void zeromq_output_start(const char *uri)
 {
     int rc;
@@ -47,13 +51,64 @@ void zeromq_output_start(const char *uri)
         return;
     }
 }
+#elif CZMQ_VERSION_MAJOR >= 3
+void zeromq_output_start(const char *uri, const char *client_cert_path, const char *server_cert_path)
+{
+    int rc;
+
+    debug1("%s: DEBUG: New ZeroMQ Socket: ZMQ_PUB", ARGV0);
+    zeromq_pubsocket = zsock_new(ZMQ_PUB);
+    if (zeromq_pubsocket == NULL) {
+        merror("%s: Unable to initialize ZeroMQ Socket", ARGV0);
+        return;
+    }
 
+    if (zsys_has_curve()) {
+        if (client_cert_path && server_cert_path) {
+            debug1("%s: DEBUG: Initiating CURVE for ZeroMQ Socket", ARGV0);
+            auth = zactor_new(zauth, NULL);
+            if (!auth) {
+                merror("%s: Unable to start auth for ZeroMQ Sock", ARGV0);
+            }
+            zstr_sendx(auth, "CURVE", client_cert_path, NULL);
+            zsock_wait(auth);
+
+            zcert_t *server_cert = zcert_load(server_cert_path);
+            if (!server_cert) {
+                merror("%s: Unable to load server certificate: %s.", ARGV0, server_cert_path);
+            }
+
+            zcert_apply(server_cert, zeromq_pubsocket);
+            zsock_set_curve_server(zeromq_pubsocket, 1);
+
+            zcert_destroy(&server_cert);
+        }
+    }
+
+    debug1("%s: DEBUG: Listening on ZeroMQ Socket: %s", ARGV0, uri);
+    rc = zsock_bind(zeromq_pubsocket, "%s", uri);
+    if (rc) {
+        merror("%s: Unable to bind the ZeroMQ Socket: %s.", ARGV0, uri);
+        return;
+    }
+}
+#endif
+
+#if CZMQ_VERSION_MAJOR == 2
 void zeromq_output_end()
 {
     zsocket_destroy(zeromq_context, zeromq_pubsocket);
     zctx_destroy(&zeromq_context);
 }
+#elif CZMQ_VERSION_MAJOR >= 3
+void zeromq_output_end()
+{
+    zsock_destroy(&zeromq_pubsocket);
+    zactor_destroy(&auth);
+}
+#endif
 
+#if CZMQ_VERSION_MAJOR == 2
 void zeromq_output_event(const Eventinfo *lf)
 {
     char *json_alert = Eventinfo_to_jsonstr(lf);
@@ -64,6 +119,17 @@ void zeromq_output_event(const Eventinfo *lf)
     zmsg_send(&msg, zeromq_pubsocket);
     free(json_alert);
 }
+#elif ZMQ_VERSION_MAJOR >= 3
+void zeromq_output_event(const Eventinfo *lf)
+{
+    char *json_alert = Eventinfo_to_jsonstr(lf);
 
+    zmsg_t *msg = zmsg_new();
+    zmsg_addstr(msg, "ossec.alerts");
+    zmsg_addstr(msg, json_alert);
+    zmsg_send(&msg, zeromq_pubsocket);
+    free(json_alert);
+}
 #endif
 
+#endif

src/analysisd/output/zeromq.h

@@ -13,9 +13,14 @@
 #define _ZEROMQ_H_
 
 #include "eventinfo.h"
+#include <czmq.h>
 
 void zeromq_output_event(const Eventinfo *lf);
+#if CZMQ_VERSION_MAJOR == 2
 void zeromq_output_start(const char *uri);
+#elif CZMQ_VERSION_MAJOR >= 3
+void zeromq_output_start(const char *uri, const char *client_cert_path, const char *server_cert_path);
+#endif
 void zeromq_output_end(void);
 
 

src/config/global-config.c

@@ -105,6 +105,8 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
     const char *xml_prelude_log_level = "prelude_log_level";
     const char *xml_zeromq_output = "zeromq_output";
     const char *xml_zeromq_output_uri = "zeromq_uri";
+    const char *xml_zeromq_output_server_cert = "zeromq_server_cert";
+    const char *xml_zeromq_output_client_cert = "zeromq_client_cert";
     const char *xml_jsonout_output = "jsonout_output";
     const char *xml_stats = "stats";
     const char *xml_memorysize = "memory_size";
@@ -262,6 +264,14 @@ int Read_Global(XML_NODE node, void *configp, void *mailp)
             if (Config) {
                 Config->zeromq_output_uri = strdup(node[i]->content);
             }
+        } else if (strcmp(node[i]->element, xml_zeromq_output_server_cert) == 0) {
+            if (Config) {
+                Config->zeromq_output_server_cert = strdup(node[i]->content);
+            }
+        } else if (strcmp(node[i]->element, xml_zeromq_output_client_cert) == 0) {
+            if (Config) {
+                Config->zeromq_output_client_cert = strdup(node[i]->content);
+            }
         }
         /* jsonout output */
         else if (strcmp(node[i]->element, xml_jsonout_output) == 0) {

src/config/global-config.h

@@ -35,6 +35,8 @@ typedef struct __Config {
     /* ZEROMQ Export */
     u_int8_t zeromq_output;
     char *zeromq_output_uri;
+    char *zeromq_output_server_cert;
+    char *zeromq_output_client_cert;
 
     /* JSONOUT Export */
     u_int8_t jsonout_output;