Bug 1264374 - rsyslog gssapi looses messages between little endian and big endian machines
rsyslog gssapi looses messages between little endian and big endian machines
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: rsyslog (Show other bugs)
7.3
Unspecified Unspecified
low Severity unspecified
: rc
: ---
Assigned To: Radovan Sroka
Stefan Dordevic
: Triaged
Depends On:
Blocks: 1295396 1296594 1313485
  Show dependency treegraph
 
Reported: 2015-09-18 06:13 EDT by Marek Marusic
Modified: 2017-08-24 10:03 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-24 10:03:16 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marek Marusic 2015-09-18 06:13:12 EDT
Description of problem:
Rsyslog gssapi looses messages sending messages from little endian machine to big endian machine (and vice versa).

SERVER's rsyslog.conf:
$ModLoad imuxsock.so    # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal
$ModLoad imklog.so      # provides kernel logging support (previously done by rklogd)

$ModLoad imgssapi
$InputGSSServerServiceName host
$InputGSSServerPermitPlainTCP on
$InputGSSServerRun 514

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state

*.*   /var/log/rsyslog-gssapi-log

CLIENT's rsyslog.conf:
$ModLoad imuxsock.so
$ModLoad imjournal
$ModLoad imklog.so

$ModLoad omgssapi
$GSSForwardServiceName host

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state

# send everything to the remote server

*.*   /var/log/rsyslog-gssapi-log
local1.* :omgssapi:$SERVER:514
local2.* @@$SERVER:514


Version-Release number of selected component (if applicable):
rsyslog-7.4.7-12

How reproducible:
always

Steps to Reproduce:
1.Setup little endian machine (e.q. x86_64) and big endian machine (e.q. ppc64).
2.Update rsyslog.conf files and restart rsyslog.
3.Send messages from client to server through gssapi.

Actual results:

CLIENT:
# logger -p local2.info testMSG
# tail /var/log/rsyslog-gssapi-log
Sep 18 05:55:31 ibm-p8-kvm-03-guest-04 polkitd[1420]: Unregistered Authentication Agent for unix-process:17171:1057598 (system bus name :1.138, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus)
Sep 18 05:55:47 ibm-p8-kvm-03-guest-04 polkitd[1420]: Registered Authentication Agent for unix-process:17297:1059222 (system bus name :1.139 [/usr/bin/pkttyagent --notify-fd 26 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8)
Sep 18 05:55:47 ibm-p8-kvm-03-guest-04 polkitd[1420]: Unregistered Authentication Agent for unix-process:17297:1059222 (system bus name :1.139, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus)
Sep 18 05:55:54 ibm-p8-kvm-03-guest-04 polkitd[1420]: Registered Authentication Agent for unix-process:17462:1059889 (system bus name :1.140 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8)
Sep 18 05:55:54 ibm-p8-kvm-03-guest-04 systemd: Starting System Logging Service...
Sep 18 05:55:54 ibm-p8-kvm-03-guest-04 systemd: Started System Logging Service.
Sep 18 05:55:54 ibm-p8-kvm-03-guest-04 polkitd[1420]: Unregistered Authentication Agent for unix-process:17462:1059889 (system bus name :1.140, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus)
Sep 18 05:55:59 ibm-p8-kvm-03-guest-04 root: testMSG
Sep 18 05:56:06 ibm-p8-kvm-03-guest-04 NetworkManager[1305]: <error> [1442570166.720496] [devices/nm-device.c:2617] activation_source_schedule(): (enp0s1): activation stage already scheduled
Sep 18 05:56:50 ibm-p8-kvm-03-guest-04 root: testMSG

# ausearch -m avc -ts recent
<no matches>

SERVER:
# tail /var/log/rsyslog-gssapi-log
Sep 18 05:59:04 cisco-e160dp-01 polkitd[966]: Registered Authentication Agent for unix-process:32217:1067511 (system bus name :1.201 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8)
Sep 18 05:59:04 cisco-e160dp-01 rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="32201" x-info="http://www.rsyslog.com"] exiting on signal 15.
Sep 18 05:59:04 cisco-e160dp-01 rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="32223" x-info="http://www.rsyslog.com"] start
Sep 18 05:59:04 cisco-e160dp-01 systemd: Stopping System Logging Service...
Sep 18 05:59:04 cisco-e160dp-01 systemd: Starting System Logging Service...
Sep 18 05:59:04 cisco-e160dp-01 systemd: Started System Logging Service.
Sep 18 05:59:04 cisco-e160dp-01 polkitd[966]: Unregistered Authentication Agent for unix-process:32217:1067511 (system bus name :1.201, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus)
Sep 18 05:59:15 cisco-e160dp-01 rsyslogd: GSS-API error reading token data
Sep 18 05:59:15 cisco-e160dp-01 rsyslogd: TCP session 0x7f3da8000d10 will be closed, error ignored

# ausearch -m avc -ts recent
<no matches>


Expected results:
Message from client over gssapi should be logged.

Additional info:
I have done some testing on RHEL7.2 with various architectures,
here are my results so far:
x86_64 & ppc64 failed in "server-is-accepting-messages-via-gssapi-only"
x86_64 & s390x failed in "server-is-accepting-messages-via-gssapi-only"
s390x & ppc64 Works fine
ppc64 & ppc64 Works fine
x86_64 & x86_64 Works fine
x86_64 & aarch64 Works fine
ppc64le & aarch64 Works fine

Note You need to log in before you can comment on or make changes to this bug.