int Upload_file(Connection *conn, Handler *handler, int content_len)
{
int rc = 0;
int tmpfd = 0;
bstring tmp_name = NULL;
bstring result = NULL;
if(UPLOAD_STORE == NULL) {
UPLOAD_STORE = Setting_get_str("upload.temp_store", NULL);
error_unless(UPLOAD_STORE, conn, 413, "Request entity is too large: %d, and no upload.temp_store setting for where to put the big files.", content_len);
UPLOAD_STORE = bstrcpy(UPLOAD_STORE);
}
if(UPLOAD_MODE == 0) {
bstring mode = Setting_get_str("upload.temp_store_mode", &UPLOAD_MODE_DEFAULT);
log_info("Will set mode for upload temp store to: %s", bdata(mode));
check(bdata(mode) != NULL, "Mode data is NULL")
UPLOAD_MODE = strtoul((const char *)bdata(mode), NULL, 0);
check(UPLOAD_MODE > 0, "Failed to convert upload.temp_store_mode to a number.");
check(UPLOAD_MODE < 066666, "Invalid mode that's way too big: %s.", bdata(mode));
}
tmp_name = bstrcpy(UPLOAD_STORE);
tmpfd = mkstemp((char *)tmp_name->data);
check(tmpfd != -1, "Failed to create secure tempfile, did you end it with XXXXXX?");
log_info("Writing tempfile %s for large upload.", bdata(tmp_name));
rc = chmod((char *)tmp_name->data, UPLOAD_MODE);
check(rc == 0, "Failed to chmod.");
rc = Upload_notify(conn, handler, "start", tmp_name);
check(rc == 0, "Failed to notify of the start of upload.");
rc = stream_to_disk(conn->iob, content_len, tmpfd);
check(rc == 0, "Failed to stream to disk.");
rc = Upload_notify(conn, handler, "done", tmp_name);
check(rc == 0, "Failed to notify the end of the upload.");
bdestroy(result);
bdestroy(tmp_name);
fdclose(tmpfd);
return 0;
error:
if(result) bdestroy(result);
fdclose(tmpfd);
if(tmp_name != NULL) {
unlink((char *)tmp_name->data);
bdestroy(tmp_name);
}
return -1;
}
static int Server_init_ssl(Server *srv)
{
int rc = 0;
bstring certdir = NULL;
bstring certpath = NULL;
bstring keypath = NULL;
bstring certdir_setting = Setting_get_str("certdir", NULL);
check(certdir_setting != NULL, "to use ssl, you must specify a certdir");
if(srv->chroot != NULL && !Unixy_in_chroot()) {
certdir = bformat("%s%s", bdata(srv->chroot), bdata(certdir_setting));
} else {
certdir = bstrcpy(certdir_setting);
}
certpath = bformat("%s%s.crt", bdata(certdir), bdata(srv->uuid));
check_mem(certpath);
keypath = bformat("%s%s.key", bdata(certdir), bdata(srv->uuid));
check_mem(keypath);
rc = mbedtls_x509_crt_parse_file(&srv->own_cert, bdata(certpath));
check(rc == 0, "Failed to load cert from %s", bdata(certpath));
rc = mbedtls_pk_parse_keyfile(&srv->pk_key, bdata(keypath), NULL);
check(rc == 0, "Failed to load key from %s", bdata(keypath));
bstring ssl_ciphers_val = Setting_get_str("ssl_ciphers", NULL);
bstring ca_chain = Setting_get_str("ssl.ca_chain", NULL);
if ( ca_chain != NULL ) {
rc = mbedtls_x509_crt_parse_file(&srv->ca_chain, bdata(ca_chain));
check(rc == 0, "Failed to load cert from %s", bdata(ca_chain));
} else {
//to indicate no ca_chain was loaded
srv->ca_chain.version=-1;
}
if(ssl_ciphers_val != NULL) {
rc = Server_load_ciphers(srv, ssl_ciphers_val);
check(rc == 0, "Failed to load requested SSL ciphers.");
} else {
srv->ciphers = mbedtls_ssl_list_ciphersuites();
}
srv->dhm_P = MBEDTLS_DHM_RFC5114_MODP_2048_P;
srv->dhm_G = MBEDTLS_DHM_RFC5114_MODP_2048_G;
bdestroy(certdir);
bdestroy(certpath);
bdestroy(keypath);
return 0;
error:
// Do not free certdir_setting, as we're pulling it from Settings
if(certdir != NULL) bdestroy(certdir);
if(certpath != NULL) bdestroy(certpath);
if(keypath != NULL) bdestroy(keypath);
return -1;
}
