sysdbd: Add SSL{Certificate,CertificateKey,CACertificates} config options.

diff --git a/src/tools/sysdbd/configfile.c b/src/tools/sysdbd/configfile.c
index 31bfd9bae4375c8ad86507615a010acee09e0943..ee0111c4f5c141be9d087fcbca7154ba82810924 100644 (file)
--- a/src/tools/sysdbd/configfile.c
+++ b/src/tools/sysdbd/configfile.c
@@ -100,7 +100,7 @@ config_get_interval(oconfig_item_t *ci, sdb_time_t *interval)
  * public parse results
  */
 
-char **listen_addresses = NULL;
+daemon_listener_t *listen_addresses = NULL;
 size_t listen_addresses_num = 0;
 
 /*
@@ -115,8 +115,9 @@ typedef struct {
 static int
 daemon_add_listener(oconfig_item_t *ci)
 {
-       char **tmp;
+       daemon_listener_t *listener;
        char *address;
+       int i, ret = 0;
 
        if (oconfig_get_string(ci, &address)) {
                sdb_log(SDB_LOG_ERR, "config: Listen requires a single "
@@ -125,24 +126,64 @@ daemon_add_listener(oconfig_item_t *ci)
                return ERR_INVALID_ARG;
        }
 
-       tmp = realloc(listen_addresses,
+       listener = realloc(listen_addresses,
                        (listen_addresses_num + 1) * sizeof(*listen_addresses));
-       if (! tmp) {
+       if (! listener) {
                char buf[1024];
                sdb_log(SDB_LOG_ERR, "config: Failed to allocate memory: %s",
                                sdb_strerror(errno, buf, sizeof(buf)));
                return -1;
        }
 
-       listen_addresses = tmp;
-       listen_addresses[listen_addresses_num] = strdup(address);
-       if (! listen_addresses[listen_addresses_num]) {
+       listen_addresses = listener;
+       listener = listen_addresses + listen_addresses_num;
+       memset(listener, 0, sizeof(*listener));
+       listener->address = strdup(address);
+       if (! listener->address) {
                char buf[1024];
                sdb_log(SDB_LOG_ERR, "config: Failed to allocate memory: %s",
                                sdb_strerror(errno, buf, sizeof(buf)));
                return -1;
        }
 
+       for (i = 0; i < ci->children_num; ++i) {
+               oconfig_item_t *child = ci->children + i;
+               char *tmp = NULL;
+
+               if (! strcasecmp(child->key, "SSLCertificate")) {
+                       if (oconfig_get_string(child, &tmp)) {
+                               ret = ERR_INVALID_ARG;
+                               break;
+                       }
+                       listener->ssl_opts.cert_file = strdup(tmp);
+               }
+               else if (! strcasecmp(child->key, "SSLCertificateKey")) {
+                       if (oconfig_get_string(child, &tmp)) {
+                               ret = ERR_INVALID_ARG;
+                               break;
+                       }
+                       listener->ssl_opts.key_file = strdup(tmp);
+               }
+               else if (! strcasecmp(child->key, "SSLCACertificates")) {
+                       if (oconfig_get_string(child, &tmp)) {
+                               ret = ERR_INVALID_ARG;
+                               break;
+                       }
+                       listener->ssl_opts.ca_file = strdup(tmp);
+               }
+               else {
+                       sdb_log(SDB_LOG_WARNING, "config: Unknown option '%s' "
+                                       "inside 'Listen' -- see the documentation for "
+                                       "details.", child->key);
+                       continue;
+               }
+       }
+
+       if (ret) {
+               sdb_ssl_free_options(&listener->ssl_opts);
+               return ret;
+       }
+
        ++listen_addresses_num;
        return 0;
 } /* daemon_add_listener */
@@ -278,8 +319,10 @@ daemon_free_listen_addresses(void)
        if (! listen_addresses)
                return;
 
-       for (i = 0; i < listen_addresses_num; ++i)
-               free(listen_addresses[i]);
+       for (i = 0; i < listen_addresses_num; ++i) {
+               free(listen_addresses[i].address);
+               sdb_ssl_free_options(&listen_addresses[i].ssl_opts);
+       }
        free(listen_addresses);
 
        listen_addresses = NULL;

diff --git a/src/tools/sysdbd/configfile.h b/src/tools/sysdbd/configfile.h
index 2d8945c119d2b92890586c6c513711c224fcb357..7ae596116d45d7e370a3b80791130b50857cb7d4 100644 (file)
--- a/src/tools/sysdbd/configfile.h
+++ b/src/tools/sysdbd/configfile.h
@@ -25,6 +25,8 @@
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include "utils/ssl.h"
+
 #include <unistd.h>
 
 #ifndef DAEMON_CONFIG_H
@@ -34,7 +36,12 @@
  * parse result values
  */
 
-extern char **listen_addresses;
+typedef struct {
+       char *address;
+       sdb_ssl_options_t ssl_opts;
+} daemon_listener_t;
+
+extern daemon_listener_t *listen_addresses;
 extern size_t listen_addresses_num;
 
 void

diff --git a/src/tools/sysdbd/main.c b/src/tools/sysdbd/main.c
index c7fad8027b4a0da2fe6175af33001ca6f9fd7145..3e90439f0a8d1f46cf7db892d6d5e4c31ee735e3 100644 (file)
--- a/src/tools/sysdbd/main.c
+++ b/src/tools/sysdbd/main.c
@@ -77,8 +77,8 @@ static sdb_fe_loop_t frontend_main_loop = SDB_FE_LOOP_INIT;
 static char *config_filename = NULL;
 static int reconfigure = 0;
 
-static char *default_listen_addresses[] = {
-       DEFAULT_SOCKET,
+static daemon_listener_t default_listen_addresses[] = {
+       { DEFAULT_SOCKET, SDB_SSL_DEFAULT_OPTIONS },
 };
 
 static void
@@ -257,7 +257,8 @@ main_loop(void)
                }
 
                for (i = 0; i < listen_addresses_num; ++i) {
-                       if (sdb_fe_sock_add_listener(sock, listen_addresses[i], NULL)) {
+                       if (sdb_fe_sock_add_listener(sock, listen_addresses[i].address,
+                                               &listen_addresses[i].ssl_opts)) {
                                status = 1;
                                break;
                        }