EXPORT UNSIGNED32 STDCALL TaggantInitializeLibrary(__in_opt TAGGANTFUNCTIONS *pFuncs, __out UNSIGNED64 *puVersion)
{
/* Get the pointer to callbacks structure */
TAGGANTFUNCTIONS* callbacks = get_callbacks();
/* Initialize structure */
memset(callbacks, 0, sizeof(TAGGANTFUNCTIONS));
if (pFuncs != NULL)
{
memcpy((char*)callbacks, (char*)pFuncs, get_min((unsigned long)pFuncs->size, sizeof(TAGGANTFUNCTIONS)));
}
callbacks->size = sizeof(TAGGANTFUNCTIONS);
/* If any of memory callbacks are NULL then redirect them to internal callbacks */
if (callbacks->MemoryAllocCallBack == NULL || callbacks->MemoryFreeCallBack == NULL || callbacks->MemoryReallocCallBack == NULL)
{
callbacks->MemoryAllocCallBack = (void* (__DECLARATION*)(size_t))&internal_alloc;
callbacks->MemoryFreeCallBack = (void (__DECLARATION*)(void*))&internal_free;
callbacks->MemoryReallocCallBack = (void* (__DECLARATION*)(void*, size_t))&internal_realloc;
}
CRYPTO_set_mem_functions(memory_alloc, memory_realloc, memory_free);
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
/* Return the maximim version number supported by the library */
*puVersion = TAGGANT_LIBRARY_CURRENTVERSION;
lib_initialized = 1;
return TNOERR;
}
SSLInitCls::SSLInitCls()
{
Socket::Init();
MemoryIgnoreLeaksBlock __;
CRYPTO_set_mem_functions(SSLAlloc, SSLRealloc, SSLFree);
SSL_load_error_strings();
SSL_library_init();
AddThread();
}
isc_result_t
dst__openssl_init() {
isc_result_t result;
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
nlocks = CRYPTO_num_locks();
locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
if (locks == NULL)
return (ISC_R_NOMEMORY);
result = isc_mutexblock_init(locks, nlocks);
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
CRYPTO_set_id_callback(id_callback);
rm = mem_alloc(sizeof(RAND_METHOD));
if (rm == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_mutexinit;
}
rm->seed = NULL;
rm->bytes = entropy_get;
rm->cleanup = NULL;
rm->add = entropy_add;
rm->pseudorand = entropy_getpseudo;
rm->status = entropy_status;
#ifdef USE_ENGINE
e = ENGINE_new();
if (e == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_rm;
}
ENGINE_set_RAND(e, rm);
RAND_set_rand_method(rm);
#else
RAND_set_rand_method(rm);
#endif /* USE_ENGINE */
return (ISC_R_SUCCESS);
#ifdef USE_ENGINE
cleanup_rm:
mem_free(rm);
#endif
cleanup_mutexinit:
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
cleanup_mutexalloc:
mem_free(locks);
return (result);
}
/* this has to be the first function called from ui_*.c */
void tls_init() {
tls_platform_init();
tls_initialized=1;
ui_tls=tls_alloc(NULL, NULL, "ui");
#if OPENSSL_VERSION_NUMBER>=0x10100000L
CRYPTO_set_mem_functions(str_alloc_detached_debug,
str_realloc_detached_debug, str_free_debug);
#else
CRYPTO_set_mem_ex_functions(str_alloc_detached_debug,
str_realloc_detached_debug, free_function);
#endif
}
RSA_DSA_Factory::RSA_DSA_Factory(Allocator *normAlloc, Allocator *privAlloc)
{
setNormAllocator(normAlloc);
setPrivAllocator(privAlloc);
/* once-per-address space */
CRYPTO_set_mem_functions(osMalloc, osRealloc, osFree);
CRYPTO_set_locked_mem_functions(osMalloc, osFree);
/* these should go in a lib somewhere */
ERR_load_RSA_strings();
ERR_load_BN_strings();
ERR_load_DSA_strings();
}
void _ws_set_memory_functions(ws_malloc_replacement_f malloc_replace,
ws_free_replacement_f free_replace,
ws_realloc_replacement_f realloc_replace)
{
replaced_ws_malloc = malloc_replace;
replaced_ws_free = free_replace;
replaced_ws_realloc = realloc_replace;
event_set_mem_functions(malloc_replace, realloc_replace, free_replace);
#ifdef LIBWS_WITH_OPENSSL
CRYPTO_set_mem_functions(malloc_replace, realloc_replace, free_replace);
#endif
}
CRYPTO_API void xr_crypto_init ()
{
string256 random_string;
sprintf_s (random_string, "%I64d_%s", CPU::QPC(), rnd_seed);
//sprintf_s (random_string, "%s", rnd_seed);
CRYPTO_set_mem_functions (xr_malloc, xr_realloc, unsafe_xr_free);
RAND_seed (random_string, xr_strlen(random_string));
//unsigned int siglen;
//tmp_dsa_params->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
//ZeroMemory(sig, sizeof(sig));
//DSA_sign(0, digest, sizeof(digest), sig, &siglen, tmp_dsa_params);
//DSA_verify(0, digest, sizeof(digest), sig, siglen, tmp_dsa_params);
/*#ifdef DEBUG
CRYPTO_dbg_set_options (V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl (CRYPTO_MEM_CHECK_ON);
#endif*/
}
SSL_CTX *SSLCommon::initialize_ctx(const bool& isServer)
{
SSL_METHOD *meth;
SSL_CTX *ctx;
CRYPTO_set_mem_functions (zeroingMalloc, realloc, free);
SSL_library_init ();
OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */
SSL_load_error_strings(); /* load all error messages */
printf ("Using OpenSSL version \"%s\"\n", SSLeay_version (SSLEAY_VERSION));
/* Set up a SIGPIPE handler */
signal (SIGPIPE, SIG_IGN);
/* Create our context*/
if(isServer)
{
meth = (SSL_METHOD*)SSLv23_server_method(); /* create new server-method instance */
}
else
{
meth = (SSL_METHOD*)SSLv23_client_method(); /* create new client-method instance */
}
ctx = SSL_CTX_new(meth); /* create new context from method */
if (ctx == NULL)
{
cout << "Could not create context" << endl;
ERR_print_errors_fp(stderr);
exitSSL ("SSL_CTX_new");
}
return ctx;
}
/*
* called once from main.c (main process)
*/
int
init_tls(void)
{
int i;
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
#endif
LM_DBG("entered\n");
#if OPENSSL_VERSION_NUMBER < 0x00907000L
LM_WARN("using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
#endif
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
LM_ERR("unable to set the memory allocation functions\n");
return -1;
}
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
/* disabling compression */
LM_WARN("disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LM_INFO("openssl compression already disabled\n");
} else {
sk_SSL_COMP_zero(comp_methods);
}
#endif
if (tls_init_multithread() < 0) {
LM_ERR("failed to init multi-threading support\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
i = check_for_krb();
if (i==-1) {
LM_ERR("kerberos check failed\n");
return -1;
}
if ( ( i ^
#ifndef OPENSSL_NO_KRB5
1
#else
0
#endif
)!=0 ) {
LM_ERR("compiled agaist an openssl with %s"
"kerberos, but run with one with %skerberos\n",
(i==1)?"":"no ",(i!=1)?"no ":"");
return -1;
}
/*
* now initialize tls default domains
*/
if ( (i=init_tls_domains(tls_default_server_domain)) ) {
return i;
}
if ( (i=init_tls_domains(tls_default_client_domain)) ) {
return i;
}
/*
* now initialize tls virtual domains
*/
if ( (i=init_tls_domains(tls_server_domains)) ) {
return i;
}
if ( (i=init_tls_domains(tls_client_domains)) ) {
return i;
}
/*
* we are all set
*/
return 0;
}
int main (int argc, char *argv[])
{
gchar *in_dir;
GList *tmp;
struct evhttp_uri *uri;
struct timeval tv;
log_level = LOG_debug;
event_set_mem_functions (g_malloc, g_realloc, g_free);
// init SSL libraries
CRYPTO_set_mem_functions (g_malloc0, g_realloc, g_free);
ENGINE_load_builtin_engines ();
ENGINE_register_all_complete ();
ERR_load_crypto_strings ();
OpenSSL_add_all_algorithms ();
SSL_load_error_strings ();
SSL_library_init ();
if (!RAND_poll ()) {
fprintf(stderr, "RAND_poll() failed.\n");
return 1;
}
g_random_set_seed (time (NULL));
in_dir = g_dir_make_tmp (NULL, NULL);
g_assert (in_dir);
app = g_new0 (Application, 1);
app->files_count = 10;
app->evbase = event_base_new ();
app->dns_base = evdns_base_new (app->evbase, 1);
app->conf = conf_create ();
conf_add_boolean (app->conf, "log.use_syslog", TRUE);
conf_add_uint (app->conf, "auth.ttl", 85800);
conf_add_int (app->conf, "pool.writers", 2);
conf_add_int (app->conf, "pool.readers", 2);
conf_add_int (app->conf, "pool.operations", 4);
conf_add_uint (app->conf, "pool.max_requests_per_pool", 100);
conf_add_int (app->conf, "connection.timeout", 20);
conf_add_int (app->conf, "connection.retries", -1);
conf_add_uint (app->conf, "filesystem.dir_cache_max_time", 5);
conf_add_boolean (app->conf, "filesystem.cache_enabled", TRUE);
conf_add_string (app->conf, "filesystem.cache_dir", "/tmp/hydrafs");
conf_add_string (app->conf, "filesystem.cache_dir_max_size", "1Gb");
conf_add_boolean (app->conf, "statistics.enabled", TRUE);
conf_add_int (app->conf, "statistics.port", 8011);
conf_add_string (app->conf, "auth.user", "test:tester");
conf_add_string (app->conf, "auth.key", "testing");
uri = evhttp_uri_parse ("https://10.0.0.104:8080/auth/v1.0");
app->ssl_ctx = SSL_CTX_new (TLSv1_client_method ());
app->stats = hfs_stats_srv_create (app);
app->auth_client = auth_client_create (app, uri);
app->http = http_client_create (app);
// start server
start_srv (app->evbase, in_dir);
app->timeout = evtimer_new (app->evbase, on_output_timer, NULL);
evutil_timerclear(&tv);
tv.tv_sec = 0;
tv.tv_usec = 500;
event_add (app->timeout, &tv);
event_base_dispatch (app->evbase);
evhttp_uri_free (uri);
event_del (app->timeout);
event_free (app->timeout);
evhttp_free (app->http_srv);
auth_client_destroy (app->auth_client);
evdns_base_free (app->dns_base, 0);
event_base_free (app->evbase);
conf_destroy (app->conf);
g_free (app);
return 0;
}
/*
* called once from main.c (main process)
*/
int
init_tls(void)
{
struct tls_domain *d;
DBG("init_tls: Entered\n");
#if OPENSSL_VERSION_NUMBER < 0x00907000L
LOG(L_ERR, "WARNING! You are using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
#endif
LOG(L_ALERT, "WARNING! TLS is considered as an EXPERIMENTAL module\n" );
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
LOG(L_ERR,
"init_tls: Unable to set the memory allocation functions\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
/*
* initialize default context first
*/
default_ctx = SSL_CTX_new(ssl_methods[tls_method - 1]);
if (default_ctx == NULL) {
LOG(L_ERR, "init_tls: Cannot create default ssl context\n");
return -1;
}
init_ssl_ctx_behavior( default_ctx );
if (load_certificate(default_ctx, tls_cert_file) < 0)
return -1;
if (tls_ca_file && load_ca(default_ctx, tls_ca_file) < 0)
return -1;
if (load_private_key(default_ctx, tls_pkey_file) < 0)
return -1;
/*
* now initialize tls virtual domains
*/
d = tls_domains;
while (d) {
DBG("init_tls: Processing TLS domain [%s:%d]\n",
ip_addr2a(&d->addr), d->port);
/*
* create context
*/
if (d->method == TLS_METHOD_UNSPEC) {
DBG("init_tls: No method for tls[%s:%d], using default\n",
ip_addr2a(&d->addr), d->port);
d->method = tls_method;
}
d->ctx = SSL_CTX_new(ssl_methods[d->method - 1]);
if (d->ctx == NULL) {
LOG(L_ERR,
"init_tls: Cannot create ssl context for tls[%s:%d]\n",
ip_addr2a(&d->addr), d->port);
return -1;
}
init_ssl_ctx_behavior( d->ctx );
/*
* load certificate
*/
if (!d->cert_file) {
LOG(L_NOTICE,
"init_tls: No certificate for tls[%s:%d] defined, using default '%s'\n",
ip_addr2a(&d->addr), d->port, tls_cert_file);
d->cert_file = tls_cert_file;
}
if (load_certificate(d->ctx, d->cert_file) < 0)
return -1;
/*
* load ca
*/
if (!d->ca_file) {
LOG(L_NOTICE,
"init_tls: No CA for tls[%s:%d] defined, using default '%s'\n",
ip_addr2a(&d->addr), d->port, tls_ca_file);
d->ca_file = tls_ca_file;
}
if (d->ca_file && load_ca(d->ctx, d->ca_file) < 0)
return -1;
d = d->next;
}
/*
* load all private keys as the last step (may prompt for password)
*/
d = tls_domains;
while (d) {
if (!d->pkey_file) {
LOG(L_NOTICE,
"init_tls: No private key for tls[%s:%d] defined, using default '%s'\n",
ip_addr2a(&d->addr), d->port, tls_pkey_file);
d->pkey_file = tls_pkey_file;
}
if (load_private_key(d->ctx, d->pkey_file) < 0)
return -1;
d = d->next;
}
/*
* we are all set
*/
return 0;
}
static int initialize(ErlNifEnv* env, ERL_NIF_TERM load_info)
{
#ifdef OPENSSL_THREADS
ErlNifSysInfo sys_info;
#endif
get_crypto_callbacks_t* funcp;
struct crypto_callbacks* ccb;
int nlocks = 0;
int tpl_arity;
const ERL_NIF_TERM* tpl_array;
int vernum;
ErlNifBinary lib_bin;
char lib_buf[1000];
#ifdef HAVE_DYNAMIC_CRYPTO_LIB
void *handle;
#endif
if (!verify_lib_version())
return __LINE__;
/* load_info: {302, <<"/full/path/of/this/library">>,true|false} */
if (!enif_get_tuple(env, load_info, &tpl_arity, &tpl_array))
return __LINE__;
if (tpl_arity != 3)
return __LINE__;
if (!enif_get_int(env, tpl_array[0], &vernum))
return __LINE__;
if (vernum != 302)
return __LINE__;
if (!enif_inspect_binary(env, tpl_array[1], &lib_bin))
return __LINE__;
if (!init_hmac_ctx(env)) {
return __LINE__;
}
if (!init_hash_ctx(env)) {
return __LINE__;
}
if (!init_cipher_ctx(env)) {
return __LINE__;
}
if (!init_engine_ctx(env)) {
return __LINE__;
}
if (library_initialized) {
/* Repeated loading of this library (module upgrade).
* Atoms and callbacks are already set, we are done.
*/
return 0;
}
if (!init_atoms(env, tpl_array[2], load_info)) {
return __LINE__;
}
#ifdef HAVE_DYNAMIC_CRYPTO_LIB
if (!change_basename(&lib_bin, lib_buf, sizeof(lib_buf), crypto_callback_name))
return __LINE__;
if ((handle = enif_dlopen(lib_buf, &error_handler, NULL)) == NULL)
return __LINE__;
if ((funcp = (get_crypto_callbacks_t*) enif_dlsym(handle, "get_crypto_callbacks",
&error_handler, NULL)) == NULL)
return __LINE__;
#else /* !HAVE_DYNAMIC_CRYPTO_LIB */
funcp = &get_crypto_callbacks;
#endif
#ifdef OPENSSL_THREADS
enif_system_info(&sys_info, sizeof(sys_info));
if (sys_info.scheduler_threads > 1) {
nlocks = CRYPTO_num_locks();
}
/* else no need for locks */
#endif
ccb = (*funcp)(nlocks);
if (!ccb || ccb->sizeof_me != sizeof(*ccb)) {
PRINTF_ERR0("Invalid 'crypto_callbacks'");
return __LINE__;
}
#ifdef HAS_CRYPTO_MEM_FUNCTIONS
if (!CRYPTO_set_mem_functions(ccb->crypto_alloc, ccb->crypto_realloc, ccb->crypto_free))
return __LINE__;
#endif
#ifdef OPENSSL_THREADS
if (nlocks > 0) {
CRYPTO_set_locking_callback(ccb->locking_function);
CRYPTO_set_id_callback(ccb->id_function);
CRYPTO_set_dynlock_create_callback(ccb->dyn_create_function);
CRYPTO_set_dynlock_lock_callback(ccb->dyn_lock_function);
CRYPTO_set_dynlock_destroy_callback(ccb->dyn_destroy_function);
}
#endif /* OPENSSL_THREADS */
init_digest_types(env);
init_cipher_types(env);
init_algorithms_types(env);
library_initialized = 1;
return 0;
}
/*{{{ main */
int main (int argc, char *argv[])
{
Application *app;
gboolean verbose = FALSE;
gboolean version = FALSE;
GError *error = NULL;
GOptionContext *context;
gchar **s_params = NULL;
gchar **s_config = NULL;
gboolean foreground = FALSE;
gchar conf_str[1023];
struct stat st;
gchar **cache_dir = NULL;
gchar **s_fuse_opts = NULL;
gchar **s_log_file = NULL;
guint32 part_size = 0;
gboolean disable_syslog = FALSE;
gboolean disable_stats = FALSE;
gboolean force_head_requests = FALSE;
gint uid = -1;
gint gid = -1;
gint fmode = -1;
gint dmode = -1;
struct event_config *ev_config;
srand (time (NULL));
app = g_new0 (Application, 1);
app->conf_path = g_build_filename (SYSCONFDIR, "riofs.conf.xml", NULL);
g_snprintf (conf_str, sizeof (conf_str), "Path to configuration file. Default: %s", app->conf_path);
GOptionEntry entries[] = {
{ G_OPTION_REMAINING, 0, 0, G_OPTION_ARG_STRING_ARRAY, &s_params, NULL, NULL },
{ "config", 'c', 0, G_OPTION_ARG_FILENAME_ARRAY, &s_config, conf_str, NULL},
{ "uid", 0, 0, G_OPTION_ARG_INT, &uid, "Set UID of filesystem owner.", NULL },
{ "gid", 0, 0, G_OPTION_ARG_INT, &gid, "Set GID of filesystem owner.", NULL },
{ "fmode", 0, 0, G_OPTION_ARG_INT, &fmode, "Set mode for all files.", NULL },
{ "dmode", 0, 0, G_OPTION_ARG_INT, &dmode, "Set mode for all directories.", NULL },
{ "foreground", 'f', 0, G_OPTION_ARG_NONE, &foreground, "Flag. Do not daemonize process.", NULL },
{ "cache-dir", 0, 0, G_OPTION_ARG_STRING_ARRAY, &cache_dir, "Set cache directory.", NULL },
{ "fuse-options", 'o', 0, G_OPTION_ARG_STRING_ARRAY, &s_fuse_opts, "Fuse options.", "\"opt[,opt...]\"" },
{ "disable-syslog", 0, 0, G_OPTION_ARG_NONE, &disable_syslog, "Flag. Disable logging to syslog.", NULL },
{ "disable-stats", 0, 0, G_OPTION_ARG_NONE, &disable_stats, "Flag. Disable Statistics HTTP interface.", NULL },
{ "part-size", 0, 0, G_OPTION_ARG_INT, &part_size, "Set file part size (in bytes).", NULL },
{ "log-file", 'l', 0, G_OPTION_ARG_STRING_ARRAY, &s_log_file, "File to write output.", NULL },
{ "force-head-requests", 0, 0, G_OPTION_ARG_NONE, &force_head_requests, "Flag. Send HEAD request for each file.", NULL },
{ "verbose", 'v', 0, G_OPTION_ARG_NONE, &verbose, "Verbose output.", NULL },
{ "version", 'V', 0, G_OPTION_ARG_NONE, &version, "Show application version and exit.", NULL },
{ NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL }
};
// init libraries
CRYPTO_set_mem_functions (g_malloc0, g_realloc, g_free);
ENGINE_load_builtin_engines ();
ENGINE_register_all_complete ();
ERR_load_crypto_strings ();
OpenSSL_add_all_algorithms ();
#ifdef SSL_ENABLED
SSL_load_error_strings ();
SSL_library_init ();
#endif
g_random_set_seed (time (NULL));
// init main app structure
ev_config = event_config_new ();
#if defined(__APPLE__)
// method select is the preferred method on OS X. kqueue and poll are not supported.
event_config_avoid_method (ev_config, "kqueue");
event_config_avoid_method (ev_config, "poll");
#endif
app->evbase = event_base_new_with_config (ev_config);
event_config_free (ev_config);
if (!app->evbase) {
LOG_err (APP_LOG, "Failed to create event base !");
application_destroy (app);
return -1;
}
app->dns_base = evdns_base_new (app->evbase, 1);
if (!app->dns_base) {
LOG_err (APP_LOG, "Failed to create DNS base !");
application_destroy (app);
return -1;
}
app->f_log = NULL;
app->log_file_name = NULL;
/*{{{ cmd line args */
// parse command line options
context = g_option_context_new ("[bucketname] [mountpoint]");
g_option_context_add_main_entries (context, entries, NULL);
g_option_context_set_description (context, "Please set both AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables!");
if (!g_option_context_parse (context, &argc, &argv, &error)) {
g_fprintf (stderr, "Failed to parse command line options: %s\n", error->message);
application_destroy (app);
g_option_context_free (context);
return -1;
}
g_option_context_free (context);
// check if --version is specified
if (version) {
g_fprintf (stdout, "RioFS File System v%s\n", VERSION);
g_fprintf (stdout, "Copyright (C) 2012-2014 Paul Ionkin <*****@*****.**>\n");
g_fprintf (stdout, "Copyright (C) 2012-2014 Skoobe GmbH. All rights reserved.\n");
g_fprintf (stdout, "Libraries:\n");
g_fprintf (stdout, " GLib: %d.%d.%d libevent: %s fuse: %d.%d",
GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION, GLIB_MICRO_VERSION,
LIBEVENT_VERSION,
FUSE_MAJOR_VERSION, FUSE_MINOR_VERSION
);
#if defined(__APPLE__) || defined(__FreeBSD__) || !defined(__GLIBC__)
g_fprintf (stdout, "\n");
#else
g_fprintf (stdout, " glibc: %s\n", gnu_get_libc_version ());
#endif
g_fprintf (stdout, "Features:\n");
g_fprintf (stdout, " libevent backend method: %s\n", event_base_get_method(app->evbase));
#ifdef SSL_ENABLED
g_fprintf (stdout, " SSL enabled\n");
#endif
/*
{
int i;
const char **methods = event_get_supported_methods ();
g_fprintf (stdout, " Available libevent backend methods:\n");
for (i = 0; methods[i] != NULL; ++i) {
g_fprintf (stdout, " %s\n", methods[i]);
}
}
*/
return 0;
}
if (!s_params || g_strv_length (s_params) != 2) {
LOG_err (APP_LOG, "Wrong number of provided arguments!\nTry `%s --help' for more information.", argv[0]);
application_destroy (app);
return -1;
}
if (verbose)
log_level = LOG_debug;
else
log_level = LOG_msg;
/*}}}*/
/*{{{ parse config file */
// user provided alternative config path
if (s_config && g_strv_length (s_config) > 0) {
g_free (app->conf_path);
app->conf_path = g_strdup (s_config[0]);
g_strfreev (s_config);
}
app->conf = conf_create ();
if (access (app->conf_path, R_OK) == 0) {
LOG_debug (APP_LOG, "Using config file: %s", app->conf_path);
if (!conf_parse_file (app->conf, app->conf_path)) {
LOG_err (APP_LOG, "Failed to parse configuration file: %s", app->conf_path);
application_destroy (app);
return -1;
}
} else {
LOG_err (APP_LOG, "Configuration file is not found !");
application_destroy (app);
return -1;
}
if (!conf_check_keys (app->conf, conf_keys_str, conf_keys_len)) {
LOG_err (APP_LOG, "Configuration file is missing keys, please re-check your configuration file: %s", app->conf_path);
application_destroy (app);
return -1;
}
if (disable_syslog) {
conf_set_boolean (app->conf, "log.use_syslog", FALSE);
}
// update logging settings
logger_set_syslog (conf_get_boolean (app->conf, "log.use_syslog"));
logger_set_color (conf_get_boolean (app->conf, "log.use_color"));
if (cache_dir && g_strv_length (cache_dir) > 0) {
conf_set_string (app->conf, "filesystem.cache_dir", cache_dir[0]);
g_strfreev (cache_dir);
}
if (!verbose)
log_level = conf_get_int (app->conf, "log.level");
if (uid >= 0)
conf_set_int (app->conf, "filesystem.uid", uid);
if (gid >= 0)
conf_set_int (app->conf, "filesystem.gid", gid);
if (fmode >= 0)
conf_set_int (app->conf, "filesystem.file_mode", fmode);
if (dmode >= 0)
conf_set_int (app->conf, "filesystem.dir_mode", dmode);
/*}}}*/
// try to get access parameters from the environment
if (getenv ("AWS_ACCESS_KEY_ID")) {
conf_set_string (app->conf, "s3.access_key_id", getenv ("AWS_ACCESS_KEY_ID"));
// else check if it's set it the config file
} else {
if (!conf_node_exists (app->conf, "s3.access_key_id")) {
LOG_err (APP_LOG, "Environment variables are not set!\nTry `%s --help' for more information.", argv[0]);
application_destroy (app);
return -1;
}
}
if (getenv ("AWS_SECRET_ACCESS_KEY")) {
conf_set_string (app->conf, "s3.secret_access_key", getenv ("AWS_SECRET_ACCESS_KEY"));
} else {
if (!conf_node_exists (app->conf, "s3.secret_access_key")) {
LOG_err (APP_LOG, "Environment variables are not set!\nTry `%s --help' for more information.", argv[0]);
application_destroy (app);
return -1;
}
}
// check if both strings are set
if (!conf_get_string (app->conf, "s3.access_key_id") || !conf_get_string (app->conf, "s3.secret_access_key")) {
LOG_err (APP_LOG, "Environment variables are not set!\nTry `%s --help' for more information.", argv[0]);
application_destroy (app);
return -1;
}
// foreground is set
if (foreground)
conf_set_boolean (app->conf, "app.foreground", foreground);
if (part_size)
conf_set_uint (app->conf, "s3.part_size", part_size);
if (disable_stats)
conf_set_boolean (app->conf, "statistics.enabled", FALSE);
if (force_head_requests)
conf_set_boolean (app->conf, "s3.force_head_requests_on_lookup", TRUE);
else
conf_set_boolean (app->conf, "s3.force_head_requests_on_lookup", FALSE);
conf_set_string (app->conf, "s3.bucket_name", s_params[0]);
if (!application_set_url (app, conf_get_string (app->conf, "s3.endpoint"))) {
application_destroy (app);
return -1;
}
if (s_fuse_opts && g_strv_length (s_fuse_opts) > 0) {
app->fuse_opts = g_strdup (s_fuse_opts[0]);
g_strfreev (s_fuse_opts);
}
if (s_log_file && g_strv_length (s_log_file) > 0) {
app->log_file_name = g_strdup (s_log_file[0]);
app->f_log = fopen (s_log_file[0], "a+");
if (!app->f_log) {
LOG_err (APP_LOG, "Failed to open log file: %s Error: %s", s_log_file[0], strerror (errno));
application_destroy (app);
return -1;
}
LOG_debug (APP_LOG, "Using %s for storing application logs.", s_log_file[0]);
logger_set_file (app->f_log);
g_strfreev (s_log_file);
}
conf_set_string (app->conf, "app.mountpoint", s_params[1]);
// check if directory exists
if (stat (conf_get_string (app->conf, "app.mountpoint"), &st) == -1) {
LOG_err (APP_LOG, "Mountpoint %s does not exist! Please check directory permissions!",
conf_get_string (app->conf, "app.mountpoint"));
application_destroy (app);
return -1;
}
// check if it's a directory
if (!S_ISDIR (st.st_mode)) {
LOG_err (APP_LOG, "Mountpoint %s is not a directory!", conf_get_string (app->conf, "app.mountpoint"));
application_destroy (app);
return -1;
}
g_strfreev (s_params);
#ifdef SSL_ENABLED
app->ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
if (!app->ssl_ctx) {
LOG_err (APP_LOG, "Failed to initialize SSL engine !");
application_exit (app);
return -1;
}
SSL_CTX_set_options (app->ssl_ctx, SSL_OP_ALL);
#endif
#ifdef MAGIC_ENABLED
app->magic_ctx = magic_open(MAGIC_MIME_TYPE);
if (!app->magic_ctx) {
LOG_err(APP_LOG, "Failed to initialize magic library\n");
return -1;
}
if (magic_load(app->magic_ctx, NULL)) {
LOG_err(APP_LOG, "Failed to load magic database: %s\n", magic_error(app->magic_ctx));
magic_close(app->magic_ctx);
return -1;
}
#endif
app->stat_srv = stat_srv_create (app);
if (!app->stat_srv) {
application_exit (app);
return -1;
}
// perform the initial request to get bucket ACL (handles redirect as well)
app->service_con = http_connection_create (app);
if (!app->service_con) {
application_destroy (app);
return -1;
}
bucket_client_get (app->service_con, "/?acl", application_on_bucket_acl_cb, app);
// start the loop
event_base_dispatch (app->evbase);
application_destroy (app);
return 0;
}
isc_result_t
dst__openssl_init() {
isc_result_t result;
#ifdef USE_ENGINE
/* const char *name; */
ENGINE *re;
#endif
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
nlocks = CRYPTO_num_locks();
locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
if (locks == NULL)
return (ISC_R_NOMEMORY);
result = isc_mutexblock_init(locks, nlocks);
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
CRYPTO_set_id_callback(id_callback);
rm = mem_alloc(sizeof(RAND_METHOD));
if (rm == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_mutexinit;
}
rm->seed = NULL;
rm->bytes = entropy_get;
rm->cleanup = NULL;
rm->add = entropy_add;
rm->pseudorand = entropy_getpseudo;
rm->status = entropy_status;
#ifdef USE_ENGINE
OPENSSL_config(NULL);
#ifdef USE_PKCS11
#ifndef PKCS11_SO_PATH
#define PKCS11_SO_PATH "/usr/local/lib/engines/engine_pkcs11.so"
#endif
#ifndef PKCS11_MODULE_PATH
#define PKCS11_MODULE_PATH "/usr/lib/libpkcs11.so"
#endif
{
/*
* to use this to config the PIN, add in openssl.cnf:
* - at the beginning: "openssl_conf = openssl_def"
* - at any place these sections:
* [ openssl_def ]
* engines = engine_section
* [ engine_section ]
* pkcs11 = pkcs11_section
* [ pkcs11_section ]
* PIN = my___pin
*/
const char *pre_cmds[] = {
"SO_PATH", PKCS11_SO_PATH,
"LOAD", NULL,
"MODULE_PATH", PKCS11_MODULE_PATH
};
const char *post_cmds[] = {
/* "PIN", "my___pin" */
};
result = dst__openssl_load_engine("pkcs11", "pkcs11",
pre_cmds, 0,
post_cmds, /*1*/ 0);
if (result != ISC_R_SUCCESS)
goto cleanup_rm;
}
#endif /* USE_PKCS11 */
if (engine_id != NULL) {
e = ENGINE_by_id(engine_id);
if (e == NULL) {
result = ISC_R_NOTFOUND;
goto cleanup_rm;
}
if (!ENGINE_init(e)) {
result = ISC_R_FAILURE;
ENGINE_free(e);
goto cleanup_rm;
}
ENGINE_set_default(e, ENGINE_METHOD_ALL);
ENGINE_free(e);
} else {
ENGINE_register_all_complete();
for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
/*
* Something weird here. If we call ENGINE_finish()
* ENGINE_get_default_RAND() will fail.
*/
if (ENGINE_init(e)) {
if (he == NULL)
he = e;
}
}
}
re = ENGINE_get_default_RAND();
if (re == NULL) {
re = ENGINE_new();
if (re == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_rm;
}
ENGINE_set_RAND(re, rm);
ENGINE_set_default_RAND(re);
ENGINE_free(re);
} else
ENGINE_finish(re);
#else
RAND_set_rand_method(rm);
#endif /* USE_ENGINE */
return (ISC_R_SUCCESS);
#ifdef USE_ENGINE
cleanup_rm:
mem_free(rm);
#endif
cleanup_mutexinit:
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
cleanup_mutexalloc:
mem_free(locks);
return (result);
}
static int mod_init(void){
str s;
int n;
LM_INFO("initializing TLS protocol\n");
if (tls_db_enabled != 0 && tls_db_enabled != 1) {
tls_db_enabled = 1;
}
if (tls_db_enabled) {
/* create & init lock */
if ((dom_lock = lock_init_rw()) == NULL) {
LM_CRIT("failed to init lock\n");
return -1;
}
init_db_url(tls_db_url, 0 /*cannot be null*/);
tls_db_table.len = strlen(tls_db_table.s);
if (tls_db_table.len == 0) {
LM_ERR("db url not specified\n");
return -1;
}
id_col.len = strlen(id_col.s);
address_col.len = strlen(address_col.s);
type_col.len = strlen(type_col.s);
method_col.len = strlen(method_col.s);
verify_cert_col.len = strlen(verify_cert_col.s);
require_cert_col.len = strlen(require_cert_col.s);
certificate_col.len = strlen(certificate_col.s);
pk_col.len = strlen(pk_col.s);
crl_check_col.len = strlen(crl_check_col.s);
calist_col.len = strlen(calist_col.s);
cadir_col.len = strlen(cadir_col.s);
cplist_col.len = strlen(cplist_col.s);
dhparams_col.len = strlen(dhparams_col.s);
eccurve_col.len = strlen(eccurve_col.s);
if (db_bind_mod(&tls_db_url, &dr_dbf)) {
LM_CRIT("cannot bind to database module! "
"Did you forget to load a database module ?\n");
return -1;
}
/* init DB connection */
if ((db_hdl = dr_dbf.init(&tls_db_url)) == 0) {
LM_CRIT("cannot initialize database connection\n");
return -1;
}
if (dr_dbf.use_table(db_hdl, &tls_db_table) < 0) {
LM_ERR("cannot select table \"%.*s\"\n", tls_db_table.len, tls_db_table.s);
return -1;
}
}
if (tls_domain_avp) {
s.s = tls_domain_avp;
s.len = strlen(s.s);
if (parse_avp_spec( &s, &tls_client_domain_avp)) {
LM_ERR("cannot parse tls_client_avp");
return -1;
}
}
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
LM_ERR("unable to set the memory allocation functions\n");
LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this "
"version is know to be broken; if so, you need to upgrade or "
"downgrade to a differen openssl version !!\n");
return -1;
}
#if !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
/* disabling compression */
LM_WARN("disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LM_INFO("openssl compression already disabled\n");
} else {
sk_SSL_COMP_zero(comp_methods);
}
#endif
if (tls_init_multithread() < 0) {
LM_ERR("failed to init multi-threading support\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
n = check_for_krb();
if (n==-1) {
LM_ERR("kerberos check failed\n");
return -1;
}
if ( ( n ^
#ifndef OPENSSL_NO_KRB5
1
#else
0
#endif
)!=0 ) {
LM_ERR("compiled agaist an openssl with %s"
"kerberos, but run with one with %skerberos\n",
(n==1)?"":"no ",(n!=1)?"no ":"");
return -1;
}
/*
* finish setting up the tls default domains
*/
tls_default_client_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_CLI ;
tls_default_client_domain.addr.af = AF_INET;
tls_default_server_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_SRV;
tls_default_server_domain.addr.af = AF_INET;
/*
* now initialize tls default domains
*/
if ( (n=init_tls_domains(&tls_default_server_domain)) ) {
return n;
}
if ( (n=init_tls_domains(&tls_default_client_domain)) ) {
return n;
}
/*
* now initialize tls virtual domains
*/
if (tls_db_enabled && load_info(&dr_dbf, db_hdl, &tls_db_table, &tls_server_domains,
&tls_client_domains)){
return -1;
}
if ( (n=init_tls_domains(tls_server_domains)) ) {
return n;
}
if ( (n=init_tls_domains(tls_client_domains)) ) {
return n;
}
/*
* we are all set
*/
return 0;
}
isc_result_t
dst__openssl_init(const char *engine) {
isc_result_t result;
#ifdef USE_ENGINE
ENGINE *re;
#else
UNUSED(engine);
#endif
#ifdef DNS_CRYPTO_LEAKS
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#endif
CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
nlocks = CRYPTO_num_locks();
locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
if (locks == NULL)
return (ISC_R_NOMEMORY);
result = isc_mutexblock_init(locks, nlocks);
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_set_id_callback(id_callback);
#endif
ERR_load_crypto_strings();
rm = mem_alloc(sizeof(RAND_METHOD));
if (rm == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_mutexinit;
}
rm->seed = NULL;
rm->bytes = entropy_get;
rm->cleanup = NULL;
rm->add = entropy_add;
rm->pseudorand = entropy_getpseudo;
rm->status = entropy_status;
#ifdef USE_ENGINE
OPENSSL_config(NULL);
if (engine != NULL && *engine == '\0')
engine = NULL;
if (engine != NULL) {
e = ENGINE_by_id(engine);
if (e == NULL) {
result = DST_R_NOENGINE;
goto cleanup_rm;
}
/* This will init the engine. */
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
result = DST_R_NOENGINE;
goto cleanup_rm;
}
}
re = ENGINE_get_default_RAND();
if (re == NULL) {
re = ENGINE_new();
if (re == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_rm;
}
ENGINE_set_RAND(re, rm);
ENGINE_set_default_RAND(re);
ENGINE_free(re);
} else
ENGINE_finish(re);
#else
RAND_set_rand_method(rm);
#endif /* USE_ENGINE */
return (ISC_R_SUCCESS);
#ifdef USE_ENGINE
cleanup_rm:
if (e != NULL)
ENGINE_free(e);
e = NULL;
mem_free(rm);
rm = NULL;
#endif
cleanup_mutexinit:
CRYPTO_set_locking_callback(NULL);
DESTROYMUTEXBLOCK(locks, nlocks);
cleanup_mutexalloc:
mem_free(locks);
locks = NULL;
return (result);
}
static int mod_init(void)
{
str s;
int n;
LM_INFO("initializing TLS protocol\n");
if (tls_domain_avp) {
s.s = tls_domain_avp;
s.len = strlen(s.s);
if (parse_avp_spec( &s, &tls_client_domain_avp)) {
LM_ERR("cannot parse tls_client_avp");
return -1;
}
}
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
LM_ERR("unable to set the memory allocation functions\n");
return -1;
}
#if !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
/* disabling compression */
LM_WARN("disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LM_INFO("openssl compression already disabled\n");
} else {
sk_SSL_COMP_zero(comp_methods);
}
#endif
if (tls_init_multithread() < 0) {
LM_ERR("failed to init multi-threading support\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
n = check_for_krb();
if (n==-1) {
LM_ERR("kerberos check failed\n");
return -1;
}
if ( ( n ^
#ifndef OPENSSL_NO_KRB5
1
#else
0
#endif
)!=0 ) {
LM_ERR("compiled agaist an openssl with %s"
"kerberos, but run with one with %skerberos\n",
(n==1)?"":"no ",(n!=1)?"no ":"");
return -1;
}
/*
* finish setting up the tls default domains
*/
tls_default_client_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_CLI ;
tls_default_client_domain.addr.af = AF_INET;
tls_default_server_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_SRV;
tls_default_server_domain.addr.af = AF_INET;
/*
* now initialize tls default domains
*/
if ( (n=init_tls_domains(&tls_default_server_domain)) ) {
return n;
}
if ( (n=init_tls_domains(&tls_default_client_domain)) ) {
return n;
}
/*
* now initialize tls virtual domains
*/
if ( (n=init_tls_domains(tls_server_domains)) ) {
return n;
}
if ( (n=init_tls_domains(tls_client_domains)) ) {
return n;
}
/*
* we are all set
*/
return 0;
}
