From: Sebastian Harl Date: Sat, 31 Jan 2015 14:54:04 +0000 (+0100) Subject: sysdbd: Add SSL{Certificate,CertificateKey,CACertificates} config options. X-Git-Tag: sysdb-0.7.0~27 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=760cef64b4b8ef67d8adaa342480c607a54bf295;p=sysdb.git sysdbd: Add SSL{Certificate,CertificateKey,CACertificates} config options. --- diff --git a/src/tools/sysdbd/configfile.c b/src/tools/sysdbd/configfile.c index 31bfd9b..ee0111c 100644 --- a/src/tools/sysdbd/configfile.c +++ b/src/tools/sysdbd/configfile.c @@ -100,7 +100,7 @@ config_get_interval(oconfig_item_t *ci, sdb_time_t *interval) * public parse results */ -char **listen_addresses = NULL; +daemon_listener_t *listen_addresses = NULL; size_t listen_addresses_num = 0; /* @@ -115,8 +115,9 @@ typedef struct { static int daemon_add_listener(oconfig_item_t *ci) { - char **tmp; + daemon_listener_t *listener; char *address; + int i, ret = 0; if (oconfig_get_string(ci, &address)) { sdb_log(SDB_LOG_ERR, "config: Listen requires a single " @@ -125,24 +126,64 @@ daemon_add_listener(oconfig_item_t *ci) return ERR_INVALID_ARG; } - tmp = realloc(listen_addresses, + listener = realloc(listen_addresses, (listen_addresses_num + 1) * sizeof(*listen_addresses)); - if (! tmp) { + if (! listener) { char buf[1024]; sdb_log(SDB_LOG_ERR, "config: Failed to allocate memory: %s", sdb_strerror(errno, buf, sizeof(buf))); return -1; } - listen_addresses = tmp; - listen_addresses[listen_addresses_num] = strdup(address); - if (! listen_addresses[listen_addresses_num]) { + listen_addresses = listener; + listener = listen_addresses + listen_addresses_num; + memset(listener, 0, sizeof(*listener)); + listener->address = strdup(address); + if (! listener->address) { char buf[1024]; sdb_log(SDB_LOG_ERR, "config: Failed to allocate memory: %s", sdb_strerror(errno, buf, sizeof(buf))); return -1; } + for (i = 0; i < ci->children_num; ++i) { + oconfig_item_t *child = ci->children + i; + char *tmp = NULL; + + if (! strcasecmp(child->key, "SSLCertificate")) { + if (oconfig_get_string(child, &tmp)) { + ret = ERR_INVALID_ARG; + break; + } + listener->ssl_opts.cert_file = strdup(tmp); + } + else if (! strcasecmp(child->key, "SSLCertificateKey")) { + if (oconfig_get_string(child, &tmp)) { + ret = ERR_INVALID_ARG; + break; + } + listener->ssl_opts.key_file = strdup(tmp); + } + else if (! strcasecmp(child->key, "SSLCACertificates")) { + if (oconfig_get_string(child, &tmp)) { + ret = ERR_INVALID_ARG; + break; + } + listener->ssl_opts.ca_file = strdup(tmp); + } + else { + sdb_log(SDB_LOG_WARNING, "config: Unknown option '%s' " + "inside 'Listen' -- see the documentation for " + "details.", child->key); + continue; + } + } + + if (ret) { + sdb_ssl_free_options(&listener->ssl_opts); + return ret; + } + ++listen_addresses_num; return 0; } /* daemon_add_listener */ @@ -278,8 +319,10 @@ daemon_free_listen_addresses(void) if (! listen_addresses) return; - for (i = 0; i < listen_addresses_num; ++i) - free(listen_addresses[i]); + for (i = 0; i < listen_addresses_num; ++i) { + free(listen_addresses[i].address); + sdb_ssl_free_options(&listen_addresses[i].ssl_opts); + } free(listen_addresses); listen_addresses = NULL; diff --git a/src/tools/sysdbd/configfile.h b/src/tools/sysdbd/configfile.h index 2d8945c..7ae5961 100644 --- a/src/tools/sysdbd/configfile.h +++ b/src/tools/sysdbd/configfile.h @@ -25,6 +25,8 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "utils/ssl.h" + #include #ifndef DAEMON_CONFIG_H @@ -34,7 +36,12 @@ * parse result values */ -extern char **listen_addresses; +typedef struct { + char *address; + sdb_ssl_options_t ssl_opts; +} daemon_listener_t; + +extern daemon_listener_t *listen_addresses; extern size_t listen_addresses_num; void diff --git a/src/tools/sysdbd/main.c b/src/tools/sysdbd/main.c index c7fad80..3e90439 100644 --- a/src/tools/sysdbd/main.c +++ b/src/tools/sysdbd/main.c @@ -77,8 +77,8 @@ static sdb_fe_loop_t frontend_main_loop = SDB_FE_LOOP_INIT; static char *config_filename = NULL; static int reconfigure = 0; -static char *default_listen_addresses[] = { - DEFAULT_SOCKET, +static daemon_listener_t default_listen_addresses[] = { + { DEFAULT_SOCKET, SDB_SSL_DEFAULT_OPTIONS }, }; static void @@ -257,7 +257,8 @@ main_loop(void) } for (i = 0; i < listen_addresses_num; ++i) { - if (sdb_fe_sock_add_listener(sock, listen_addresses[i], NULL)) { + if (sdb_fe_sock_add_listener(sock, listen_addresses[i].address, + &listen_addresses[i].ssl_opts)) { status = 1; break; }