/* * Create TLS configuration from modparams */ static tls_domains_cfg_t* tls_use_modparams(void) { tls_domains_cfg_t* ret; ret = tls_new_cfg(); if (!ret) return; }
static int mod_init(void) { int method; if (tls_disable){ LOG(L_WARN, "tls support is disabled " "(set enable_tls=1 in the config to enable it)\n"); return 0; } if (fix_tls_cfg(&default_tls_cfg) < 0 ) { ERR("initial tls configuration fixup failed\n"); return -1; } /* declare configuration */ if (cfg_declare("tls", tls_cfg_def, &default_tls_cfg, cfg_sizeof(tls), (void **)&tls_cfg)) { ERR("failed to register the configuration\n"); return -1; } /* Convert tls_method parameter to integer */ method = tls_parse_method(&cfg_get(tls, tls_cfg, method)); if (method < 0) { ERR("Invalid tls_method parameter value\n"); return -1; } /* fill mod_params */ mod_params.method = method; mod_params.verify_cert = cfg_get(tls, tls_cfg, verify_cert); mod_params.verify_depth = cfg_get(tls, tls_cfg, verify_depth); mod_params.require_cert = cfg_get(tls, tls_cfg, require_cert); mod_params.pkey_file = cfg_get(tls, tls_cfg, private_key); mod_params.ca_file = cfg_get(tls, tls_cfg, ca_list); mod_params.crl_file = cfg_get(tls, tls_cfg, crl); mod_params.cert_file = cfg_get(tls, tls_cfg, certificate); mod_params.cipher_list = cfg_get(tls, tls_cfg, cipher_list); mod_params.server_name = cfg_get(tls, tls_cfg, server_name); tls_domains_cfg = (tls_domains_cfg_t**)shm_malloc(sizeof(tls_domains_cfg_t*)); if (!tls_domains_cfg) { ERR("Not enough shared memory left\n"); goto error; } *tls_domains_cfg = NULL; register_select_table(tls_sel); /* register the rpc interface */ if (rpc_register_array(tls_rpc)!=0) { LOG(L_ERR, "failed to register RPC commands\n"); goto error; } /* if (init_tls() < 0) return -1; */ tls_domains_cfg_lock = lock_alloc(); if (tls_domains_cfg_lock == 0) { ERR("Unable to create TLS configuration lock\n"); goto error; } if (lock_init(tls_domains_cfg_lock) == 0) { lock_dealloc(tls_domains_cfg_lock); ERR("Unable to initialize TLS configuration lock\n"); goto error; } if (tls_ct_wq_init() < 0) { ERR("Unable to initialize TLS buffering\n"); goto error; } if (cfg_get(tls, tls_cfg, config_file).s) { *tls_domains_cfg = tls_load_config(&cfg_get(tls, tls_cfg, config_file)); if (!(*tls_domains_cfg)) goto error; } else { *tls_domains_cfg = tls_new_cfg(); if (!(*tls_domains_cfg)) goto error; } if (tls_check_sockets(*tls_domains_cfg) < 0) goto error; #ifndef OPENSSL_NO_ECDH LM_INFO("With ECDH-Support!\n"); #endif #ifndef OPENSSL_NO_DH LM_INFO("With Diffie Hellman\n"); #endif tls_lookup_event_routes(); return 0; error: destroy_tls_h(); return -1; }
static int mod_init(void) { int method; if (tls_disable){ LOG(L_WARN, "WARNING: tls: mod_init: tls support is disabled " "(set enable_tls=1 in the config to enable it)\n"); return 0; } if (cfg_get(tcp, tcp_cfg, async) && !tls_force_run){ ERR("tls does not support tcp in async mode, please use" " tcp_async=no in the config file\n"); return -1; } /* Convert tls_method parameter to integer */ method = tls_parse_method(&tls_method); if (method < 0) { ERR("Invalid tls_method parameter value\n"); return -1; } mod_params.method = method; /* Update relative paths of files configured through modparams, relative * pathnames will be converted to absolute and the directory of the main * SER configuration file will be used as reference. */ if (fix_rel_pathnames() < 0) return -1; tls_cfg = (tls_cfg_t**)shm_malloc(sizeof(tls_cfg_t*)); if (!tls_cfg) { ERR("Not enough shared memory left\n"); return -1; } *tls_cfg = NULL; register_tls_hooks(&tls_h); register_select_table(tls_sel); /* if (init_tls() < 0) return -1; */ tls_cfg_lock = lock_alloc(); if (tls_cfg_lock == 0) { ERR("Unable to create TLS configuration lock\n"); return -1; } if (lock_init(tls_cfg_lock) == 0) { lock_dealloc(tls_cfg_lock); ERR("Unable to initialize TLS configuration lock\n"); return -1; } if (tls_cfg_file.s) { *tls_cfg = tls_load_config(&tls_cfg_file); if (!(*tls_cfg)) return -1; } else { *tls_cfg = tls_new_cfg(); if (!(*tls_cfg)) return -1; } if (tls_check_sockets(*tls_cfg) < 0) return -1; /* fix the timeouts from s to ticks */ if (tls_con_lifetime<0){ /* set to max value (~ 1/2 MAX_INT) */ tls_con_lifetime=MAX_TLS_CON_LIFETIME; }else{ if ((unsigned)tls_con_lifetime > (unsigned)TICKS_TO_S(MAX_TLS_CON_LIFETIME)){ LOG(L_WARN, "tls: mod_init: tls_con_lifetime too big (%u s), " " the maximum value is %u\n", tls_con_lifetime, TICKS_TO_S(MAX_TLS_CON_LIFETIME)); tls_con_lifetime=MAX_TLS_CON_LIFETIME; }else{ tls_con_lifetime=S_TO_TICKS(tls_con_lifetime); } } return 0; }
/* * Create configuration structures from configuration file */ tls_domains_cfg_t* tls_load_config(str* filename) { cfg_parser_t* parser; str empty; struct stat file_status; char tmp_name[13] = "configXXXXXX"; str filename_str; DIR *dir; struct dirent *ent; int out_fd, in_fd, filename_is_directory; char *file_path, ch; parser = NULL; memset(&file_status, 0, sizeof(struct stat)); dir = (DIR *)NULL; in_fd = out_fd = filename_is_directory = 0; file_path = (char *)0; if ((cfg = tls_new_cfg()) == NULL) goto error; if (stat(filename->s, &file_status) != 0) { LOG(L_ERR, "cannot stat config file %s\n", filename->s); goto error; } if (S_ISDIR(file_status.st_mode)) { filename_is_directory = 1; dir = opendir(filename->s); if (dir == NULL) { LOG(L_ERR, "cannot open directory file %s\n", filename->s); goto error; } out_fd = mkstemp(&(tmp_name[0])); if (out_fd == -1) { LOG(L_ERR, "cannot make tmp file %s\n", &(tmp_name[0])); goto error; } while ((ent = readdir(dir)) != NULL) { file_path = pkg_malloc(filename->len + 1 + 256); memcpy(file_path, filename->s, filename->len); file_path[filename->len] = '/'; strcpy(file_path + filename->len + 1, ent->d_name); if (stat(file_path, &file_status) != 0) { LOG(L_ERR, "cannot get status of config file %s\n", file_path); goto error; } if (S_ISREG(file_status.st_mode)) { in_fd = open(file_path, O_RDONLY); if (in_fd == -1) { LOG(L_ERR, "cannot open config file %s\n", file_path); goto error; } pkg_free(file_path); while (read(in_fd, &ch, 1)) { write(out_fd, &ch, 1); } close(in_fd); in_fd = 0; ch = '\n'; write(out_fd, &ch, 1); } } closedir(dir); close(out_fd); dir = (DIR *)NULL; out_fd = 0; } empty.s = 0; empty.len = 0; if (filename_is_directory) { filename_str.s = &(tmp_name[0]); filename_str.len = strlen(&(tmp_name[0])); if ((parser = cfg_parser_init(&empty, &filename_str)) == NULL) { ERR("tls: Error while initializing configuration file parser.\n"); unlink(&(tmp_name[0])); goto error; } unlink(&(tmp_name[0])); } else { if ((parser = cfg_parser_init(&empty, filename)) == NULL) { ERR("tls: Error while initializing configuration file parser.\n"); goto error; } } cfg_section_parser(parser, parse_domain, NULL); if (sr_cfg_parse(parser)) goto error; cfg_parser_close(parser); return cfg; error: if (dir) closedir(dir); if (out_fd > 0) { close(out_fd); unlink(&(tmp_name[0])); } if (file_path) pkg_free(file_path); if (parser) cfg_parser_close(parser); if (cfg) tls_free_cfg(cfg); return 0; }