/*
* Create TLS configuration from modparams
*/
static tls_domains_cfg_t* tls_use_modparams(void)
{
tls_domains_cfg_t* ret;
ret = tls_new_cfg();
if (!ret) return;
}
static int mod_init(void)
{
int method;
if (tls_disable){
LOG(L_WARN, "tls support is disabled "
"(set enable_tls=1 in the config to enable it)\n");
return 0;
}
if (fix_tls_cfg(&default_tls_cfg) < 0 ) {
ERR("initial tls configuration fixup failed\n");
return -1;
}
/* declare configuration */
if (cfg_declare("tls", tls_cfg_def, &default_tls_cfg,
cfg_sizeof(tls), (void **)&tls_cfg)) {
ERR("failed to register the configuration\n");
return -1;
}
/* Convert tls_method parameter to integer */
method = tls_parse_method(&cfg_get(tls, tls_cfg, method));
if (method < 0) {
ERR("Invalid tls_method parameter value\n");
return -1;
}
/* fill mod_params */
mod_params.method = method;
mod_params.verify_cert = cfg_get(tls, tls_cfg, verify_cert);
mod_params.verify_depth = cfg_get(tls, tls_cfg, verify_depth);
mod_params.require_cert = cfg_get(tls, tls_cfg, require_cert);
mod_params.pkey_file = cfg_get(tls, tls_cfg, private_key);
mod_params.ca_file = cfg_get(tls, tls_cfg, ca_list);
mod_params.crl_file = cfg_get(tls, tls_cfg, crl);
mod_params.cert_file = cfg_get(tls, tls_cfg, certificate);
mod_params.cipher_list = cfg_get(tls, tls_cfg, cipher_list);
mod_params.server_name = cfg_get(tls, tls_cfg, server_name);
tls_domains_cfg =
(tls_domains_cfg_t**)shm_malloc(sizeof(tls_domains_cfg_t*));
if (!tls_domains_cfg) {
ERR("Not enough shared memory left\n");
goto error;
}
*tls_domains_cfg = NULL;
register_select_table(tls_sel);
/* register the rpc interface */
if (rpc_register_array(tls_rpc)!=0) {
LOG(L_ERR, "failed to register RPC commands\n");
goto error;
}
/* if (init_tls() < 0) return -1; */
tls_domains_cfg_lock = lock_alloc();
if (tls_domains_cfg_lock == 0) {
ERR("Unable to create TLS configuration lock\n");
goto error;
}
if (lock_init(tls_domains_cfg_lock) == 0) {
lock_dealloc(tls_domains_cfg_lock);
ERR("Unable to initialize TLS configuration lock\n");
goto error;
}
if (tls_ct_wq_init() < 0) {
ERR("Unable to initialize TLS buffering\n");
goto error;
}
if (cfg_get(tls, tls_cfg, config_file).s) {
*tls_domains_cfg =
tls_load_config(&cfg_get(tls, tls_cfg, config_file));
if (!(*tls_domains_cfg)) goto error;
} else {
*tls_domains_cfg = tls_new_cfg();
if (!(*tls_domains_cfg)) goto error;
}
if (tls_check_sockets(*tls_domains_cfg) < 0)
goto error;
#ifndef OPENSSL_NO_ECDH
LM_INFO("With ECDH-Support!\n");
#endif
#ifndef OPENSSL_NO_DH
LM_INFO("With Diffie Hellman\n");
#endif
tls_lookup_event_routes();
return 0;
error:
destroy_tls_h();
return -1;
}
static int mod_init(void)
{
int method;
if (tls_disable){
LOG(L_WARN, "WARNING: tls: mod_init: tls support is disabled "
"(set enable_tls=1 in the config to enable it)\n");
return 0;
}
if (cfg_get(tcp, tcp_cfg, async) && !tls_force_run){
ERR("tls does not support tcp in async mode, please use"
" tcp_async=no in the config file\n");
return -1;
}
/* Convert tls_method parameter to integer */
method = tls_parse_method(&tls_method);
if (method < 0) {
ERR("Invalid tls_method parameter value\n");
return -1;
}
mod_params.method = method;
/* Update relative paths of files configured through modparams, relative
* pathnames will be converted to absolute and the directory of the main
* SER configuration file will be used as reference.
*/
if (fix_rel_pathnames() < 0) return -1;
tls_cfg = (tls_cfg_t**)shm_malloc(sizeof(tls_cfg_t*));
if (!tls_cfg) {
ERR("Not enough shared memory left\n");
return -1;
}
*tls_cfg = NULL;
register_tls_hooks(&tls_h);
register_select_table(tls_sel);
/* if (init_tls() < 0) return -1; */
tls_cfg_lock = lock_alloc();
if (tls_cfg_lock == 0) {
ERR("Unable to create TLS configuration lock\n");
return -1;
}
if (lock_init(tls_cfg_lock) == 0) {
lock_dealloc(tls_cfg_lock);
ERR("Unable to initialize TLS configuration lock\n");
return -1;
}
if (tls_cfg_file.s) {
*tls_cfg = tls_load_config(&tls_cfg_file);
if (!(*tls_cfg)) return -1;
} else {
*tls_cfg = tls_new_cfg();
if (!(*tls_cfg)) return -1;
}
if (tls_check_sockets(*tls_cfg) < 0) return -1;
/* fix the timeouts from s to ticks */
if (tls_con_lifetime<0){
/* set to max value (~ 1/2 MAX_INT) */
tls_con_lifetime=MAX_TLS_CON_LIFETIME;
}else{
if ((unsigned)tls_con_lifetime >
(unsigned)TICKS_TO_S(MAX_TLS_CON_LIFETIME)){
LOG(L_WARN, "tls: mod_init: tls_con_lifetime too big (%u s), "
" the maximum value is %u\n", tls_con_lifetime,
TICKS_TO_S(MAX_TLS_CON_LIFETIME));
tls_con_lifetime=MAX_TLS_CON_LIFETIME;
}else{
tls_con_lifetime=S_TO_TICKS(tls_con_lifetime);
}
}
return 0;
}
/*
* Create configuration structures from configuration file
*/
tls_domains_cfg_t* tls_load_config(str* filename)
{
cfg_parser_t* parser;
str empty;
struct stat file_status;
char tmp_name[13] = "configXXXXXX";
str filename_str;
DIR *dir;
struct dirent *ent;
int out_fd, in_fd, filename_is_directory;
char *file_path, ch;
parser = NULL;
memset(&file_status, 0, sizeof(struct stat));
dir = (DIR *)NULL;
in_fd = out_fd = filename_is_directory = 0;
file_path = (char *)0;
if ((cfg = tls_new_cfg()) == NULL) goto error;
if (stat(filename->s, &file_status) != 0) {
LOG(L_ERR, "cannot stat config file %s\n", filename->s);
goto error;
}
if (S_ISDIR(file_status.st_mode)) {
filename_is_directory = 1;
dir = opendir(filename->s);
if (dir == NULL) {
LOG(L_ERR, "cannot open directory file %s\n", filename->s);
goto error;
}
out_fd = mkstemp(&(tmp_name[0]));
if (out_fd == -1) {
LOG(L_ERR, "cannot make tmp file %s\n", &(tmp_name[0]));
goto error;
}
while ((ent = readdir(dir)) != NULL) {
file_path = pkg_malloc(filename->len + 1 + 256);
memcpy(file_path, filename->s, filename->len);
file_path[filename->len] = '/';
strcpy(file_path + filename->len + 1, ent->d_name);
if (stat(file_path, &file_status) != 0) {
LOG(L_ERR, "cannot get status of config file %s\n",
file_path);
goto error;
}
if (S_ISREG(file_status.st_mode)) {
in_fd = open(file_path, O_RDONLY);
if (in_fd == -1) {
LOG(L_ERR, "cannot open config file %s\n",
file_path);
goto error;
}
pkg_free(file_path);
while (read(in_fd, &ch, 1)) {
write(out_fd, &ch, 1);
}
close(in_fd);
in_fd = 0;
ch = '\n';
write(out_fd, &ch, 1);
}
}
closedir(dir);
close(out_fd);
dir = (DIR *)NULL;
out_fd = 0;
}
empty.s = 0;
empty.len = 0;
if (filename_is_directory) {
filename_str.s = &(tmp_name[0]);
filename_str.len = strlen(&(tmp_name[0]));
if ((parser = cfg_parser_init(&empty, &filename_str)) == NULL) {
ERR("tls: Error while initializing configuration file parser.\n");
unlink(&(tmp_name[0]));
goto error;
}
unlink(&(tmp_name[0]));
} else {
if ((parser = cfg_parser_init(&empty, filename)) == NULL) {
ERR("tls: Error while initializing configuration file parser.\n");
goto error;
}
}
cfg_section_parser(parser, parse_domain, NULL);
if (sr_cfg_parse(parser)) goto error;
cfg_parser_close(parser);
return cfg;
error:
if (dir) closedir(dir);
if (out_fd > 0) {
close(out_fd);
unlink(&(tmp_name[0]));
}
if (file_path) pkg_free(file_path);
if (parser) cfg_parser_close(parser);
if (cfg) tls_free_cfg(cfg);
return 0;
}
