in_splunk: Handle multiple HEC tokens with comma

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
fluent · Jun 3, 2024 · 8e004d4 · 8e004d4
1 parent 5aa9b99
commit 8e004d4
Show file tree

Hide file tree

Showing 3 changed files with 100 additions and 38 deletions.
diff --git a/plugins/in_splunk/splunk.h b/plugins/in_splunk/splunk.h
@@ -32,6 +32,11 @@
 #define HTTP_BUFFER_MAX_SIZE    "4M"
 #define HTTP_BUFFER_CHUNK_SIZE  "512K"
 
+struct flb_splunk_tokens {
+    flb_sds_t header;
+    struct mk_list _head;
+};
+
 struct flb_splunk {
     flb_sds_t listen;
     flb_sds_t tcp_port;
@@ -41,7 +46,7 @@ struct flb_splunk {
     struct mk_list *success_headers;
 
     /* Token Auth */
-    flb_sds_t auth_header;
+    struct mk_list auth_tokens;
     flb_sds_t ingested_auth_header;
     int store_token_to_metadata;
     flb_sds_t store_token_key;

diff --git a/plugins/in_splunk/splunk_config.c b/plugins/in_splunk/splunk_config.c
@@ -24,6 +24,66 @@
 #include "splunk_conn.h"
 #include "splunk_config.h"
 
+static void delete_hec_tokens(struct flb_splunk *ctx)
+{
+    struct mk_list *tmp;
+    struct mk_list *head;
+    struct flb_splunk_tokens *splunk_token;
+
+    mk_list_foreach_safe(head, tmp, &ctx->auth_tokens) {
+        splunk_token = mk_list_entry(head, struct flb_splunk_tokens, _head);
+        flb_sds_destroy(splunk_token->header);
+        mk_list_del(&splunk_token->_head);
+        flb_free(&splunk_token);
+    }
+}
+
+static int setup_hec_tokens(struct flb_splunk *ctx)
+{
+    int         ret;
+    const char *tmp;
+    char       *tmp_tokens;
+    char       *token;
+    flb_sds_t   auth_header;
+    struct flb_splunk_tokens *splunk_token;
+
+    tmp = flb_input_get_property("splunk_token", ctx->ins);
+    if (tmp) {
+        tmp_tokens = flb_strdup(tmp);
+
+        token = strtok(tmp_tokens, ",");
+        while (token) {
+            auth_header = flb_sds_create("Splunk ");
+            if (auth_header == NULL) {
+                flb_plg_error(ctx->ins, "error on prefix of auth_header generation");
+                return -1;
+            }
+
+            ret = flb_sds_cat_safe(&auth_header, tmp, strlen(tmp));
+            if (ret < 0) {
+                flb_plg_error(ctx->ins, "error on token generation");
+                return -1;
+            }
+
+            /* Create a new token */
+            splunk_token = flb_malloc(sizeof(struct flb_splunk_tokens));
+            if (!splunk_token) {
+                flb_errno();
+                return -1;
+            }
+
+            splunk_token->header = auth_header;
+
+            /* Link to parent list */
+            mk_list_add(&splunk_token->_head, &ctx->auth_tokens);
+
+            token = strtok(NULL, ",");
+        }
+    }
+
+    return 0;
+}
+
 struct flb_splunk *splunk_config_create(struct flb_input_instance *ins)
 {
     struct mk_list            *header_iterator;
@@ -33,7 +93,6 @@ struct flb_splunk *splunk_config_create(struct flb_input_instance *ins)
     char                       port[8];
     int                        ret;
     struct flb_splunk         *ctx;
-    const char                *tmp;
 
     ctx = flb_calloc(1, sizeof(struct flb_splunk));
     if (!ctx) {
@@ -42,6 +101,7 @@ struct flb_splunk *splunk_config_create(struct flb_input_instance *ins)
     }
     ctx->ins = ins;
     mk_list_init(&ctx->connections);
+    mk_list_init(&ctx->auth_tokens);
 
     /* Load the config map */
     ret = flb_input_config_map_set(ins, (void *) ctx);
@@ -50,22 +110,12 @@ struct flb_splunk *splunk_config_create(struct flb_input_instance *ins)
         return NULL;
     }
 
-    ctx->auth_header = NULL;
     ctx->ingested_auth_header = NULL;
-    tmp = flb_input_get_property("splunk_token", ins);
-    if (tmp) {
-        ctx->auth_header = flb_sds_create("Splunk ");
-        if (ctx->auth_header == NULL) {
-            flb_plg_error(ctx->ins, "error on prefix of auth_header generation");
-            splunk_config_destroy(ctx);
-            return NULL;
-        }
-        ret = flb_sds_cat_safe(&ctx->auth_header, tmp, strlen(tmp));
-        if (ret < 0) {
-            flb_plg_error(ctx->ins, "error on token generation");
-            splunk_config_destroy(ctx);
-            return NULL;
-        }
+
+    ret = setup_hec_tokens(ctx);
+    if (ret != 0) {
+        splunk_config_destroy(ctx);
+        return NULL;
     }
 
     /* Listen interface (if not set, defaults to 0.0.0.0:8088) */
@@ -161,10 +211,6 @@ int splunk_config_destroy(struct flb_splunk *ctx)
         ctx->collector_id = -1;
     }
 
-    if (ctx->auth_header != NULL) {
-        flb_sds_destroy(ctx->auth_header);
-    }
-
     if (ctx->downstream != NULL) {
         flb_downstream_destroy(ctx->downstream);
     }
@@ -181,6 +227,7 @@ int splunk_config_destroy(struct flb_splunk *ctx)
         flb_sds_destroy(ctx->success_headers_str);
     }
 
+    delete_hec_tokens(ctx);
 
     flb_free(ctx->listen);
     flb_free(ctx->tcp_port);

diff --git a/plugins/in_splunk/splunk_prot.c b/plugins/in_splunk/splunk_prot.c
@@ -481,9 +481,12 @@ static ssize_t parse_hec_payload_json(struct flb_splunk *ctx, flb_sds_t tag,
 
 static int validate_auth_header(struct flb_splunk *ctx, struct mk_http_request *request)
 {
+    struct mk_list *tmp;
+    struct mk_list *head;
     struct mk_http_header *auth_header = NULL;
+    struct flb_splunk_tokens *splunk_token;
 
-    if (ctx->auth_header == NULL) {
+    if (mk_list_size(&ctx->auth_tokens) == 0) {
         return SPLUNK_AUTH_UNAUTH;
     }
 
@@ -494,14 +497,16 @@ static int validate_auth_header(struct flb_splunk *ctx, struct mk_http_request *
     }
 
     if (auth_header != NULL && auth_header->val.len > 0) {
-        if (strncmp(ctx->auth_header,
-                    auth_header->val.data,
-                    strlen(ctx->auth_header)) == 0) {
-            return SPLUNK_AUTH_SUCCESS;
-        }
-        else {
-            return SPLUNK_AUTH_UNAUTHORIZED;
+        mk_list_foreach_safe(head, tmp, &ctx->auth_tokens) {
+            splunk_token = mk_list_entry(head, struct flb_splunk_tokens, _head);
+            if (strncmp(splunk_token->header,
+                        auth_header->val.data,
+                        strlen(splunk_token->header)) == 0) {
+                return SPLUNK_AUTH_SUCCESS;
+            }
         }
+
+        return SPLUNK_AUTH_UNAUTHORIZED;
     }
     else {
         return SPLUNK_AUTH_MISSING_CRED;
@@ -935,27 +940,32 @@ static int send_json_message_response_ng(struct flb_http_response *response,
 
 static int validate_auth_header_ng(struct flb_splunk *ctx, struct flb_http_request *request)
 {
+    struct mk_list *tmp;
+    struct mk_list *head;
     char *auth_header;
+    struct flb_splunk_tokens *splunk_token;
 
-    if (ctx->auth_header == NULL) {
+    if (mk_list_size(&ctx->auth_tokens) == 0) {
         return SPLUNK_AUTH_UNAUTH;
     }
-    
+
     auth_header = flb_http_request_get_header(request, "authorization");
 
     if (auth_header == NULL) {
         return SPLUNK_AUTH_MISSING_CRED;
     }
 
     if (auth_header != NULL && strlen(auth_header) > 0) {
-        if (strncmp(ctx->auth_header,
-                    auth_header,
-                    strlen(ctx->auth_header)) == 0) {
-            return SPLUNK_AUTH_SUCCESS;
-        }
-        else {
-            return SPLUNK_AUTH_UNAUTHORIZED;
+        mk_list_foreach_safe(head, tmp, &ctx->auth_tokens) {
+            splunk_token = mk_list_entry(head, struct flb_splunk_tokens, _head);
+            if (strncmp(splunk_token->header,
+                        auth_header,
+                        strlen(splunk_token->header)) == 0) {
+                return SPLUNK_AUTH_SUCCESS;
+            }
         }
+
+        return SPLUNK_AUTH_UNAUTHORIZED;
     }
     else {
         return SPLUNK_AUTH_MISSING_CRED;