From: Sebastian Harl Date: Sat, 31 Jan 2015 14:51:47 +0000 (+0100) Subject: frontend: Support custom SSL options for each listener. X-Git-Tag: sysdb-0.7.0~28 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=eb349b8f286dcd4e587c1229fb78c8d6ad41d1c9;p=sysdb.git frontend: Support custom SSL options for each listener. --- diff --git a/src/frontend/sock.c b/src/frontend/sock.c index eb75315..c2a805a 100644 --- a/src/frontend/sock.c +++ b/src/frontend/sock.c @@ -80,6 +80,7 @@ typedef struct { int type; /* optional SSL settings */ + sdb_ssl_options_t ssl_opts; sdb_ssl_server_t *ssl; /* listener configuration */ @@ -290,8 +291,7 @@ open_tcp(listener_t *listener) assert(listener); - /* TODO: make options configurable */ - listener->ssl = sdb_ssl_server_create(NULL); + listener->ssl = sdb_ssl_server_create(&listener->ssl_opts); if (! listener->ssl) return -1; @@ -444,6 +444,7 @@ listener_destroy(listener_t *listener) return; listener_close(listener); + sdb_ssl_free_options(&listener->ssl_opts); if (listener->address) free(listener->address); @@ -480,6 +481,7 @@ listener_create(sdb_fe_socket_t *sock, const char *address) if ((! strncmp(address, listener_impls[type].prefix, len)) && (address[len] == ':')) address += strlen(listener_impls[type].prefix) + 1; + memset(listener, 0, sizeof(*listener)); listener->sock_fd = -1; listener->address = strdup(address); @@ -494,12 +496,6 @@ listener_create(sdb_fe_socket_t *sock, const char *address) listener->setup = NULL; listener->ssl = NULL; - if (listener_impls[type].open(listener)) { - /* prints error */ - listener_destroy(listener); - return NULL; - } - ++sock->listeners_num; return listener; } /* listener_create */ @@ -714,7 +710,8 @@ sdb_fe_sock_destroy(sdb_fe_socket_t *sock) } /* sdb_fe_sock_destroy */ int -sdb_fe_sock_add_listener(sdb_fe_socket_t *sock, const char *address) +sdb_fe_sock_add_listener(sdb_fe_socket_t *sock, const char *address, + const sdb_ssl_options_t *opts) { listener_t *listener; @@ -724,6 +721,44 @@ sdb_fe_sock_add_listener(sdb_fe_socket_t *sock, const char *address) listener = listener_create(sock, address); if (! listener) return -1; + + if (opts) { + int ret = 0; + + if (opts->ca_file) { + listener->ssl_opts.ca_file = strdup(opts->ca_file); + if (! listener->ssl_opts.ca_file) + ret = -1; + } + if (opts->key_file) { + listener->ssl_opts.key_file = strdup(opts->key_file); + if (! listener->ssl_opts.key_file) + ret = -1; + } + if (opts->cert_file) { + listener->ssl_opts.cert_file = strdup(opts->cert_file); + if (! listener->ssl_opts.cert_file) + ret = -1; + } + if (opts->crl_file) { + listener->ssl_opts.crl_file = strdup(opts->crl_file); + if (! listener->ssl_opts.crl_file) + ret = -1; + } + + if (ret) { + listener_destroy(listener); + --sock->listeners_num; + return ret; + } + } + + if (listener_impls[listener->type].open(listener)) { + /* prints error */ + listener_destroy(listener); + --sock->listeners_num; + return -1; + } return 0; } /* sdb_fe_sock_add_listener */ diff --git a/src/include/frontend/sock.h b/src/include/frontend/sock.h index be07329..37354c2 100644 --- a/src/include/frontend/sock.h +++ b/src/include/frontend/sock.h @@ -25,6 +25,8 @@ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "utils/ssl.h" + #include #include @@ -77,12 +79,15 @@ sdb_fe_sock_destroy(sdb_fe_socket_t *sock); * * - unix: listen on a UNIX socket * + * If specified, the SSL options will be used for any SSL connection. + * * Returns: * - 0 on success * - a negative value else */ int -sdb_fe_sock_add_listener(sdb_fe_socket_t *sock, const char *address); +sdb_fe_sock_add_listener(sdb_fe_socket_t *sock, const char *address, + const sdb_ssl_options_t *opts); /* * sdb_fe_sock_clear_listeners: diff --git a/src/tools/sysdbd/main.c b/src/tools/sysdbd/main.c index 9d85ba8..c7fad80 100644 --- a/src/tools/sysdbd/main.c +++ b/src/tools/sysdbd/main.c @@ -257,7 +257,7 @@ main_loop(void) } for (i = 0; i < listen_addresses_num; ++i) { - if (sdb_fe_sock_add_listener(sock, listen_addresses[i])) { + if (sdb_fe_sock_add_listener(sock, listen_addresses[i], NULL)) { status = 1; break; } diff --git a/t/unit/frontend/sock_test.c b/t/unit/frontend/sock_test.c index be2c46d..6d69ed9 100644 --- a/t/unit/frontend/sock_test.c +++ b/t/unit/frontend/sock_test.c @@ -75,7 +75,7 @@ sock_listen(char *tmp_file) int check; sprintf(sock_addr, "unix:%s", tmp_file); - check = sdb_fe_sock_add_listener(sock, sock_addr); + check = sdb_fe_sock_add_listener(sock, sock_addr, NULL); fail_unless(check == 0, "sdb_fe_sock_add_listener(%s) = %i; expected: 0", sock_addr, check);