Navigation

← Previous Changeset
Next Changeset →

Changeset b7ec8071a69b07dca745fa521b287c9f4ffec06e

Timestamp:

02/21/08 20:39:44 (5 years ago)

Author:

Theo Schlossnagle <jesus@omniti.com>

git-committer:

Theo Schlossnagle <jesus@omniti.com> 1203626384 +0000

git-parent:

[b7d1fe90ade5801d7ff5a7292a5b81478def06b2]

git-author:

Theo Schlossnagle <jesus@omniti.com> 1203626384 +0000

Message:

SSL support that doesn't quite work -- so so so close.

Files:

configure.in (modified) (1 diff)
src/Makefile.in (modified) (2 diffs)
src/eventer/Makefile.in (modified) (1 diff)
src/eventer/eventer.h (modified) (3 diffs)
src/eventer/eventer_SSL_fd_opset.c (added)
src/eventer/eventer_SSL_fd_opset.h (added)
src/eventer/eventer_impl.c (modified) (1 diff)
src/noit_console.c (modified) (4 diffs)
src/noit_console.h (modified) (1 diff)
src/noit_listener.c (modified) (11 diffs)
src/noit_listener.h (modified) (3 diffs)
src/sample.conf (modified) (1 diff)
src/utils/noit_hash.c (modified) (1 diff)
src/utils/noit_hash.h (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

configure.in

r37a1f1d	rb7ec807
61	61	AC_CHECK_LIB(termcap, tputs, , )
62	62	AC_CHECK_LIB(curses, clear, , )
	63	AC_CHECK_LIB(ssl, SSL_library_init, ,
	64	[
	65	AC_MSG_ERROR([libssl not found, but required])
	66	]
	67	)
	68	AC_CHECK_LIB(crypto, ERR_load_CRYPTO_strings, ,
	69	[
	70	AC_MSG_ERROR([libssl not found, but required])
	71	]
	72	)
63	73
64	74	AC_MSG_CHECKING([libxml2 cflags])

src/Makefile.in

r7b92762	rb7ec807
55	55	re2c -o $@ noit_tokenizer.re
56	56
	57	test.key:
	58	openssl genrsa -out test.key
	59
	60	test.csr: test.key
	61	openssl req -key test.key -days 365 -new -out test.csr
	62
	63	test.crt: test.key test.crt
	64	openssl x509 -req -in test.csr -signkey test.key -out test.crt
	65
	66	testcerts: test.key test.crt
	67
57	68	clean-subdirs:
58	69	for dir in $(SUBS) ; do \
…	…
61	72
62	73	clean: clean-subdirs
63		rm -f *.o noitd
	74	rm -f *.o noitd test.key test.csr test.crt
64	75

src/eventer/Makefile.in

r3b3b432	rb7ec807
13	13	eventer_kqueue_impl.o \
14	14	eventer_POSIX_fd_opset.o \
	15	eventer_SSL_fd_opset.o \
15	16	eventer_jobq.o
16	17

src/eventer/eventer.h

r3b3b432	rb7ec807
21	21
22	22	/* All of these functions act like their POSIX couterparts with two
23		* additional arguments. The first is the mask they require o be active
	23	* additional arguments. The first is the mask they require to be active
24	24	* to make progress in the event of an EAGAIN. The second is a closure
25	25	* which is the event itself.
…	…
42	42
43	43	typedef struct _event *eventer_t;
	44
	45	#include "eventer/eventer_POSIX_fd_opset.h"
	46	#include "eventer/eventer_SSL_fd_opset.h"
	47
44	48	typedef int (*eventer_func_t)
45	49	(eventer_t e, int mask, void closure, struct timeval tv);
…	…
51	55	int mask;
52	56	eventer_fd_opset_t opset;
	57	void *opset_ctx;
53	58	void *closure;
54	59	};

src/eventer/eventer_impl.c

r3b3b432 rb7ec807

50 50 int i;
51 51 eventer_t e;
52 eventer_ssl_init();
52 53 eventer_jobq_init(&__global_backq);
53 54 e = eventer_alloc();

src/noit_console.c

r624c3f9	rb7ec807
252	252	int newmask = EVENTER_READ \| EVENTER_EXCEPTION;
253	253	int keep_going;
254		noit_console_closure_t ncct = closure;
	254	acceptor_closure_t *ac = closure;
	255	noit_console_closure_t ncct = ac->service_ctx;
255	256
256	257	if(mask & EVENTER_EXCEPTION \|\| (ncct && ncct->wants_shutdown)) {
…	…
260	261	e->opset->close(e->fd, &newmask, e);
261	262	if(ncct) noit_console_closure_free(ncct);
	263	free(ac);
262	264	return 0;
263	265	}
264	266
265		if(!ncct) {
	267	if(!ac->service_ctx) {
	268	ncct = ac->service_ctx = noit_console_closure_alloc();
	269	}
	270	if(!ncct->initialized) {
266	271	int on = 1;
267		~~ncct = closure = e->closure = noit_console_closure_alloc();~~
268	272	ncct->e = e;
269	273	if(openpty(&ncct->pty_master, &ncct->pty_slave, NULL, NULL, NULL) \|\|
…	…
273	277	}
274	278	else {
	279	const char *line_protocol;
275	280	HistEvent ev;
276	281	ncct->hist = history_init();
…	…
280	285	el_set(ncct->el, EL_EDITOR, "emacs");
281	286	el_set(ncct->el, EL_HIST, history, ncct->hist);
282		ncct->telnet = noit_console_telnet_alloc(ncct);
283		ncct->output_cooker = nc_telnet_cooker;
	287	if(!noit_hash_retrieve(ac->config,
	288	"line_protocol", strlen("line_protocol"),
	289	(void **)&line_protocol)) {
	290	line_protocol = NULL;
	291	}
	292	if(line_protocol && !strcasecmp(line_protocol, "telnet")) {
	293	ncct->telnet = noit_console_telnet_alloc(ncct);
	294	ncct->output_cooker = nc_telnet_cooker;
	295	}
284	296	noit_console_state_init(ncct);
285	297	}
	298	ncct->initialized = 1;
286	299	}
287	300

src/noit_console.h

ra9f9cf2	rb7ec807
61	61
62	62	typedef struct __noit_console_closure {
	63	int initialized;
63	64	eventer_t e; /* The event it is attached to. This
64	65	* is needed so it can write itself out */

src/noit_listener.c

rd936b80	rb7ec807
19	19	#include "noit_listener.h"
20	20	#include "noit_conf.h"
	21
	22	static int
	23	noit_listener_accept_ssl(eventer_t e, int mask,
	24	void closure, struct timeval tv) {
	25	int rv;
	26	listener_closure_t listener_closure = (listener_closure_t)closure;
	27	eventer_ssl_ctx_t *ctx;
	28	if(!closure) goto socketfail;
	29
	30	rv = eventer_SSL_accept(e, &mask);
	31	if(rv > 0) {
	32	e->callback = listener_closure->dispatch_callback;
	33	/* We must make a copy of the acceptor_closure_t for each new
	34	* connection.
	35	*/
	36	e->closure = malloc(sizeof(*listener_closure->dispatch_closure));
	37	memcpy(e->closure, listener_closure->dispatch_closure,
	38	sizeof(*listener_closure->dispatch_closure));
	39	return e->callback(e, mask, e->closure, tv);
	40	}
	41	if(errno == EAGAIN) return mask\|EVENTER_EXCEPTION;
	42	ctx = eventer_get_eventer_ssl_ctx(e);
	43	eventer_ssl_ctx_free(ctx);
	44
	45	socketfail:
	46	eventer_remove_fd(e->fd);
	47	close(e->fd);
	48	return 0;
	49	}
21	50
22	51	static int
…	…
33	62
34	63	if(mask & EVENTER_EXCEPTION) {
	64	socketfail:
35	65	eventer_remove_fd(e->fd);
36	66	close(e->fd);
…	…
49	79	newe->fd = conn;
50	80	newe->mask = EVENTER_READ \| EVENTER_WRITE \| EVENTER_EXCEPTION;
51		newe->callback = listener_closure->dispatch_callback;
52		newe->closure = listener_closure->dispatch_closure;
	81	if(listener_closure->sslconfig->size) {
	82	char cert, key, ca, ciphers;
	83	eventer_ssl_ctx_t *ctx;
	84	/* We have an SSL configuration. While our socket accept is
	85	* complete, we now have to SSL_accept, which could require
	86	* several reads and writes and needs its own event callback.
	87	*/
	88	#define SSLCONFGET(var,name) do { \
	89	if(!noit_hash_retrieve(listener_closure->sslconfig, name, strlen(name), \
	90	(void **)&var)) var = NULL; } while(0)
	91	SSLCONFGET(cert, "certificate_file");
	92	SSLCONFGET(key, "key_file");
	93	SSLCONFGET(ca, "ca_chain");
	94	SSLCONFGET(ciphers, "ciphers");
	95	ctx = eventer_ssl_ctx_new(SSL_SERVER, cert, key, ca, ciphers);
	96	if(!ctx) {
	97	eventer_free(newe);
	98	goto socketfail;
	99	}
	100	EVENTER_ATTACH_SSL(newe, ctx);
	101	newe->callback = noit_listener_accept_ssl;
	102	newe->closure = listener_closure;
	103	}
	104	else {
	105	newe->callback = listener_closure->dispatch_callback;
	106	/* We must make a copy of the acceptor_closure_t for each new
	107	* connection.
	108	*/
	109	newe->closure = malloc(sizeof(*listener_closure->dispatch_closure));
	110	memcpy(newe->closure, listener_closure->dispatch_closure,
	111	sizeof(*listener_closure->dispatch_closure));
	112	}
53	113	eventer_add(newe);
54	114	}
…	…
59	119	int
60	120	noit_listener(char *host, unsigned short port, int type,
61		int backlog, eventer_func_t handler, void *closure) {
	121	int backlog, noit_hash_table *sslconfig,
	122	noit_hash_table *config,
	123	eventer_func_t handler, void *service_ctx) {
62	124	int rv, fd;
63	125	int8_t family;
…	…
81	143	host, port, type, backlog,
82	144	(event_name = eventer_name_for_callback(handler))?event_name:"??",
83		~~closure~~);
	145	service_ctx);
84	146	if(host[0] == '/') {
85	147	family = AF_UNIX;
…	…
115	177	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
116	178	(void*)&reuse, sizeof(reuse)) != 0) {
117
118	179	close(fd);
119	180	return -1;
…	…
165	226	listener_closure->family = family;
166	227	listener_closure->port = htons(port);
	228	listener_closure->sslconfig = calloc(1, sizeof(noit_hash_table));
	229	noit_hash_merge_as_dict(listener_closure->sslconfig, sslconfig);
167	230	listener_closure->dispatch_callback = handler;
168		listener_closure->dispatch_closure = closure;
	231
	232	listener_closure->dispatch_closure =
	233	calloc(1, sizeof(*listener_closure->dispatch_closure));
	234	listener_closure->dispatch_closure->config = config;
	235	listener_closure->dispatch_closure->service_ctx = service_ctx;
169	236
170	237	event = eventer_alloc();
…	…
179	246
180	247	void
181		noit_listener_~~init~~() {
	248	noit_listener_reconfig() {
182	249	int i, cnt = 0;
183	250	noit_conf_section_t *listener_configs;
184	251
185		listener_configs = noit_conf_get_sections(NULL, "/noit/listeners/listener",
	252	listener_configs = noit_conf_get_sections(NULL, "/noit/listeners//listener",
186	253	&cnt);
187	254	noitL(noit_stderr, "Found %d /noit/listeners/listener stanzas\n", cnt);
…	…
193	260	int backlog;
194	261	eventer_func_t f;
	262	noit_hash_table sslconfig, config;
195	263
196	264	if(!noit_conf_get_stringbuf(listener_configs[i],
197		"type", type, sizeof(type))) {
	265	"ancestor-or-self::node()/@type",
	266	type, sizeof(type))) {
198	267	noitL(noit_stderr, "No type specified in listener stanza %d\n", i+1);
199	268	continue;
…	…
206	275	}
207	276	if(!noit_conf_get_stringbuf(listener_configs[i],
208		"address", address, sizeof(address))) {
	277	"ancestor-or-self::node()/@address",
	278	address, sizeof(address))) {
209	279	address[0] = '*';
210	280	address[1] = '\0';
211	281	}
212		if(!noit_conf_get_int(listener_configs[i], "port", &portint))
	282	if(!noit_conf_get_int(listener_configs[i],
	283	"ancestor-or-self::node()/@port", &portint))
213	284	portint = 0;
214	285	port = (unsigned short) portint;
…	…
219	290	continue;
220	291	}
221		if(!noit_conf_get_int(listener_configs[i], "backlog", &backlog))
	292	if(!noit_conf_get_int(listener_configs[i],
	293	"ancestor-or-self::node()/@backlog", &backlog))
222	294	backlog = 5;
223	295
224		noit_listener(address, port, SOCK_STREAM, backlog, f, NULL);
225		}
226		}
	296	sslconfig = noit_conf_get_hash(listener_configs[i], "sslconfig/*");
	297	config = noit_conf_get_hash(listener_configs[i], "config/*");
	298
	299	noit_listener(address, port, SOCK_STREAM, backlog,
	300	sslconfig, config, f, NULL);
	301	}
	302	}
	303	void
	304	noit_listener_init() {
	305	eventer_name_callback("noit_listener_acceptor", noit_listener_acceptor);
	306	eventer_name_callback("noit_listener_accept_ssl", noit_listener_accept_ssl);
	307	noit_listener_reconfig();
	308	}
	309

src/noit_listener.h

rcaa7b86	rb7ec807
9	9	#include "noit_defines.h"
10	10	#include "eventer/eventer.h"
	11	#include "utils/noit_hash.h"
	12
	13	typedef struct {
	14	noit_hash_table *config;
	15	void *service_ctx;
	16	} acceptor_closure_t;
11	17
12	18	typedef struct {
…	…
14	20	unsigned short port;
15	21	eventer_func_t dispatch_callback;
16		void *dispatch_closure;
	22	acceptor_closure_t *dispatch_closure;
	23	noit_hash_table *sslconfig;
17	24	} * listener_closure_t;
18	25
…	…
21	28	API_EXPORT(int)
22	29	noit_listener(char *host, unsigned short port, int type,
23		int backlog, eventer_func_t handler, void *closure);
	30	int backlog, noit_hash_table *sslconfig,
	31	noit_hash_table *config,
	32	eventer_func_t handler, void *service_ctx);
24	33
25	34	#endif

src/sample.conf

r7b92762	rb7ec807
50	50	</modules>
51	51	<listeners>
52		<listener>
53		<type>noit_console</type>
54		<address>/tmp/noit</address>
55		</listener>
56		<listener>
57		<type>noit_console</type>
58		<address>*</address>
59		<port>32323</port>
60		</listener>
	52	<consoles type="noit_console">
	53	<listener address="/tmp/noit"/>
	54	<listener address="*" port="32323">
	55	<config><line_protocol>*telnet</line_protocol></config>
	56	<sslconfig>
	57	<certificate_file>test.crt</certificate_file>
	58	<key_file>test.key</key_file>
	59	</sslconfig>
	60	</listener>
	61	</consoles>
61	62	</listeners>
62	63	<checks>

src/utils/noit_hash.c

r64e4b06	rb7ec807
273	273	}
274	274
	275	void noit_hash_merge_as_dict(noit_hash_table dst, noit_hash_table src) {
	276	noit_hash_iter iter = NOIT_HASH_ITER_ZERO;
	277	const char *k;
	278	int klen;
	279	void *data;
	280	if(src == NULL \|\| dst == NULL) return;
	281	while(noit_hash_next(src, &iter, &k, &klen, &data))
	282	noit_hash_store(dst, strdup(k), klen, strdup((char *)data));
	283	}
	284
275	285	int noit_hash_next(noit_hash_table h, noit_hash_iter iter,
276	286	const char *k, int klen, void **data) {

src/utils/noit_hash.h

r01751d3	rb7ec807
83	83	NoitHashFreeFunc datafree);
84	84
	85	/* This is a convenience function only. It assumes that all keys and values
	86	* in the destination hash are strings and allocated with malloc() and
	87	* assumes that the source contains only keys and values that can be
	88	* suitably duplicated by strdup().
	89	*/
	90	void noit_hash_merge_as_dict(noit_hash_table dst, noit_hash_table src);
	91
85	92	/* This is an iterator and requires the hash to not be written to during the
86	93	iteration process.

r3b3b432	rb7ec807
50	50	int i;
51	51	eventer_t e;
	52	eventer_ssl_init();
52	53	eventer_jobq_init(&__global_backq);
53	54	e = eventer_alloc();

Navigation

Changeset b7ec8071a69b07dca745fa521b287c9f4ffec06e

Legend:

Download in other formats: