Browse code

- more tls config. vars added (tls_method, tls_log, tls_port_no)

Andrei Pelinescu-Onciul authored on 06/07/2003 14:13:05
Showing 4 changed files
... ...
@@ -40,7 +40,7 @@ export makefile_defs
40 40
 VERSION = 0
41 41
 PATCHLEVEL = 8
42 42
 SUBLEVEL =   12
43
-EXTRAVERSION = dev-t05
43
+EXTRAVERSION = dev-t06
44 44
 
45 45
 RELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
46 46
 OS = $(shell uname -s | sed -e s/SunOS/solaris/ | tr "[A-Z]" "[a-z]")
... ...
@@ -686,7 +686,7 @@ endif
686 686
 
687 687
 #add libssl if needed
688 688
 ifneq ($(TLS),)
689
-LIBS+= -lssl
689
+LIBS+= -lssl 
690 690
 endif
691 691
 
692 692
 ifneq ($(found_lock_method), yes)
... ...
@@ -37,6 +37,7 @@
37 37
  *  2003-04-22  strip_tail added (jiri)
38 38
  *  2003-07-03  tls* (disable, certificate, private_key, ca_list, verify, 
39 39
  *               require_certificate added (andrei)
40
+ *  2003-07-06  more tls config. vars added: tls_method, tls_port_no (andrei)
40 41
  */
41 42
 
42 43
 
... ...
@@ -149,7 +150,7 @@ MAXBUFFER maxbuffer
149 149
 CHILDREN children
150 150
 CHECK_VIA	check_via
151 151
 SYN_BRANCH syn_branch
152
-MEMLOG	memlog
152
+MEMLOG		"memlog"|"mem_log"
153 153
 SIP_WARNING sip_warning
154 154
 FIFO fifo
155 155
 FIFO_MODE fifo_mode
... ...
@@ -163,6 +164,9 @@ MHOMED		mhomed
163 163
 DISABLE_TCP		"disable_tcp"
164 164
 TCP_CHILDREN	"tcp_children"
165 165
 DISABLE_TLS		"disable_tls"
166
+TLSLOG			"tlslog"|"tls_log"
167
+TLS_PORT_NO		"tls_port_no"
168
+TLS_METHOD		"tls_method"
166 169
 TLS_VERIFY		"tls_verify"
167 170
 TLS_REQUIRE_CERTIFICATE "tls_require_certificate"
168 171
 TLS_CERTIFICATE	"tls_certificate"
... ...
@@ -175,11 +179,15 @@ MODPARAM        modparam
175 175
 /* values */
176 176
 YES			"yes"|"true"|"on"|"enable"
177 177
 NO			"no"|"false"|"off"|"disable"
178
-UDP			"udp"
179
-TCP			"tcp"
180
-TLS			"tls"
181
-INET		"inet"
182
-INET6		"inet6"
178
+UDP			"udp"|"UDP"
179
+TCP			"tcp"|"TCP"
180
+TLS			"tls"|"TLS"
181
+INET		"inet"|"INET"
182
+INET6		"inet6"|"INET6"
183
+SSLv23			"sslv23"|"SSLv23"|"SSLV23"
184
+SSLv2			"sslv2"|"SSLv2"|"SSLV2"
185
+SSLv3			"sslv3"|"SSLv3"|"SSLV3"
186
+TLSv1			"tlsv1"|"TLSv1"|"TLSV1"
183 187
 
184 188
 LETTER		[a-zA-Z]
185 189
 DIGIT		[0-9]
... ...
@@ -290,6 +298,9 @@ EAT_ABLE	[\ \t\b\r]
290 290
 <INITIAL>{DISABLE_TCP}	{ count(); yylval.strval=yytext; return DISABLE_TCP; }
291 291
 <INITIAL>{TCP_CHILDREN}	{ count(); yylval.strval=yytext; return TCP_CHILDREN; }
292 292
 <INITIAL>{DISABLE_TLS}	{ count(); yylval.strval=yytext; return DISABLE_TLS; }
293
+<INITIAL>{TLSLOG}		{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
294
+<INITIAL>{TLS_PORT_NO}	{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
295
+<INITIAL>{TLS_METHOD}	{ count(); yylval.strval=yytext; return TLS_METHOD; }
293 296
 <INITIAL>{TLS_VERIFY}	{ count(); yylval.strval=yytext; return TLS_VERIFY; }
294 297
 <INITIAL>{TLS_REQUIRE_CERTIFICATE}	{ count(); yylval.strval=yytext;
295 298
 										return TLS_REQUIRE_CERTIFICATE; }
... ...
@@ -330,6 +341,10 @@ EAT_ABLE	[\ \t\b\r]
330 330
 						  yylval.intval=-1; /* no match*/
331 331
 						#endif
332 332
 						  return NUMBER; }
333
+<INITIAL>{SSLv23}		{ count(); yylval.strval=yytext; return SSLv23; }
334
+<INITIAL>{SSLv2}		{ count(); yylval.strval=yytext; return SSLv2; }
335
+<INITIAL>{SSLv3}		{ count(); yylval.strval=yytext; return SSLv3; }
336
+<INITIAL>{TLSv1}		{ count(); yylval.strval=yytext; return TLSv1; }
333 337
 
334 338
 <INITIAL>{COMMA}		{ count(); return COMMA; }
335 339
 <INITIAL>{SEMICOLON}	{ count(); return SEMICOLON; }
... ...
@@ -41,6 +41,7 @@
41 41
  * 2003-04-22  strip_tail added (jiri)
42 42
  * 2003-07-03  tls* (disable, certificate, private_key, ca_list, verify, 
43 43
  *              require_certificate added (andrei)
44
+ * 2003-07-06  more tls config. vars added: tls_method, tls_port_no (andrei)
44 45
  */
45 46
 
46 47
 
... ...
@@ -64,6 +65,9 @@
64 64
 #include "name_alias.h"
65 65
 
66 66
 #include "config.h"
67
+#ifdef USE_TLS
68
+#include "tls/tls_config.h"
69
+#endif
67 70
 
68 71
 #ifdef DEBUG_DMALLOC
69 72
 #include <dmalloc.h>
... ...
@@ -84,6 +88,8 @@ char* tmp;
84 84
 void* f_tmp;
85 85
 struct id_list* lst_tmp;
86 86
 int rt;  /* Type of route block for find_export */
87
+
88
+void warn(char* s);
87 89
  
88 90
 
89 91
 %}
... ...
@@ -177,6 +183,13 @@ int rt;  /* Type of route block for find_export */
177 177
 %token DISABLE_TCP
178 178
 %token TCP_CHILDREN
179 179
 %token DISABLE_TLS
180
+%token TLSLOG
181
+%token TLS_PORT_NO
182
+%token TLS_METHOD
183
+%token SSLv23
184
+%token SSLv2
185
+%token SSLv3
186
+%token TLSv1
180 187
 %token TLS_VERIFY
181 188
 %token TLS_REQUIRE_CERTIFICATE
182 189
 %token TLS_CERTIFICATE
... ...
@@ -363,8 +376,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
363 363
 									#ifdef USE_TCP
364 364
 										tcp_disable=$3;
365 365
 									#else
366
-										fprintf(stderr, "WARNING: tcp support"
367
-												"not compiled in\n");
366
+										warn("tcp support not compiled in");
368 367
 									#endif
369 368
 									}
370 369
 		| DISABLE_TCP EQUAL error { yyerror("boolean value expected"); }
... ...
@@ -372,8 +384,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
372 372
 									#ifdef USE_TCP
373 373
 										tcp_children_no=$3;
374 374
 									#else
375
-										fprintf(stderr, "WARNING: tcp support"
376
-												"not compiled in\n");
375
+										warn("tcp support not compiled in");
377 376
 									#endif
378 377
 									}
379 378
 		| TCP_CHILDREN EQUAL error { yyerror("number expected"); }
... ...
@@ -381,17 +392,68 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
381 381
 									#ifdef USE_TLS
382 382
 										tls_disable=$3;
383 383
 									#else
384
-										fprintf(stderr, "WARNING: tls support"
385
-												"not compiled in\n");
384
+										warn("tls support not compiled in");
386 385
 									#endif
387 386
 									}
388 387
 		| DISABLE_TLS EQUAL error { yyerror("boolean value expected"); }
388
+		| TLSLOG EQUAL NUMBER 		{ 
389
+									#ifdef USE_TLS
390
+										tls_log=$3;
391
+									#else
392
+										warn("tls support not compiled in");
393
+									#endif
394
+									}
395
+		| TLSLOG EQUAL error { yyerror("int value expected"); }
396
+		| TLS_PORT_NO EQUAL NUMBER {
397
+									#ifdef USE_TLS
398
+										tls_port_no=$3;
399
+									#else
400
+										warn("tls support not compiled in");
401
+									#endif
402
+									}
403
+		| TLS_PORT_NO EQUAL error { yyerror("number expected"); }
404
+		| TLS_METHOD EQUAL SSLv23 {
405
+									#ifdef USE_TLS
406
+										tls_method=TLS_USE_SSLv23;
407
+									#else
408
+										warn("tls support not compiled in");
409
+									#endif
410
+									}
411
+		| TLS_METHOD EQUAL SSLv2 {
412
+									#ifdef USE_TLS
413
+										tls_method=TLS_USE_SSLv2;
414
+									#else
415
+										warn("tls support not compiled in");
416
+									#endif
417
+									}
418
+		| TLS_METHOD EQUAL SSLv3 {
419
+									#ifdef USE_TLS
420
+										tls_method=TLS_USE_SSLv3;
421
+									#else
422
+										warn("tls support not compiled in");
423
+									#endif
424
+									}
425
+		| TLS_METHOD EQUAL TLSv1 {
426
+									#ifdef USE_TLS
427
+										tls_method=TLS_USE_TLSv1;
428
+									#else
429
+										warn("tls support not compiled in");
430
+									#endif
431
+									}
432
+		| TLS_METHOD EQUAL error {
433
+									#ifdef USE_TLS
434
+										yyerror("SSLv23, SSLv2, SSLv3 or TLSv1"
435
+													" expected");
436
+									#else
437
+										warn("tls support not compiled in");
438
+									#endif
439
+									}
440
+										
389 441
 		| TLS_VERIFY EQUAL NUMBER {
390 442
 									#ifdef USE_TLS
391 443
 										tls_verify_cert=$3;
392 444
 									#else
393
-										fprintf(stderr, "WARNING: tcp support"
394
-												"not compiled in\n");
445
+										warn("tls support not compiled in");
395 446
 									#endif
396 447
 									}
397 448
 		| TLS_VERIFY EQUAL error { yyerror("boolean value expected"); }
... ...
@@ -399,8 +461,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
399 399
 									#ifdef USE_TLS
400 400
 										tls_require_cert=$3;
401 401
 									#else
402
-										fprintf(stderr, "WARNING: tcp support"
403
-												"not compiled in\n");
402
+										warn( "tls support not compiled in");
404 403
 									#endif
405 404
 									}
406 405
 		| TLS_REQUIRE_CERTIFICATE EQUAL error { yyerror("boolean value"
... ...
@@ -409,8 +470,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
409 409
 									#ifdef USE_TLS
410 410
 											tls_cert_file=$3;
411 411
 									#else
412
-										fprintf(stderr, "WARNING: tls support"
413
-												"not compiled in\n");
412
+										warn("tls support not compiled in");
414 413
 									#endif
415 414
 									}
416 415
 		| TLS_CERTIFICATE EQUAL error { yyerror("string value expected"); }
... ...
@@ -418,8 +478,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
418 418
 									#ifdef USE_TLS
419 419
 											tls_pkey_file=$3;
420 420
 									#else
421
-										fprintf(stderr, "WARNING: tls support"
422
-												"not compiled in\n");
421
+										warn("tls support not compiled in");
423 422
 									#endif
424 423
 									}
425 424
 		| TLS_PRIVATE_KEY EQUAL error { yyerror("string value expected"); }
... ...
@@ -427,8 +486,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
427 427
 									#ifdef USE_TLS
428 428
 											tls_ca_file=$3;
429 429
 									#else
430
-										fprintf(stderr, "WARNING: tls support"
431
-												"not compiled in\n");
430
+										warn("tls support not compiled in");
432 431
 									#endif
433 432
 									}
434 433
 		| TLS_CA_LIST EQUAL error { yyerror("string value expected"); }
... ...
@@ -985,69 +1043,118 @@ cmd:		FORWARD LPAREN host RPAREN	{ $$=mk_action(	FORWARD_T,
985 985
 		| FORWARD_TCP error { $$=0; yyerror("missing '(' or ')' ?"); }
986 986
 		| FORWARD_TCP LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"
987 987
 										"argument"); }
988
-		| FORWARD_TLS LPAREN host RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
988
+		| FORWARD_TLS LPAREN host RPAREN	{
989
+										#ifdef USE_TLS
990
+											$$=mk_action(	FORWARD_TLS_T,
989 991
 														STRING_ST,
990 992
 														NUMBER_ST,
991 993
 														$3,
992 994
 														0);
995
+										#else
996
+											yyerror("tls support not "
997
+													"compiled in");
998
+										#endif
993 999
 										}
994
-		| FORWARD_TLS LPAREN STRING RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
995
-														STRING_ST,
996
-														NUMBER_ST,
997
-														$3,
998
-														0);
1000
+		| FORWARD_TLS LPAREN STRING RPAREN	{
1001
+										#ifdef USE_TLS
1002
+											$$=mk_action(	FORWARD_TLS_T,
1003
+															STRING_ST,
1004
+															NUMBER_ST,
1005
+															$3,
1006
+															0);
1007
+										#else
1008
+											yyerror("tls support not "
1009
+													"compiled in");
1010
+										#endif
999 1011
 										}
1000
-		| FORWARD_TLS LPAREN ip RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
1001
-														IP_ST,
1002
-														NUMBER_ST,
1003
-														(void*)$3,
1004
-														0);
1012
+		| FORWARD_TLS LPAREN ip RPAREN	{ 
1013
+										#ifdef USE_TLS
1014
+											$$=mk_action(	FORWARD_TLS_T,
1015
+															IP_ST,
1016
+															NUMBER_ST,
1017
+															(void*)$3,
1018
+															0);
1019
+										#else
1020
+											yyerror("tls support not "
1021
+													"compiled in");
1022
+										#endif
1005 1023
 										}
1006
-		| FORWARD_TLS LPAREN host COMMA NUMBER RPAREN { $$=mk_action(
1007
-																FORWARD_TLS_T,
1008
-																 STRING_ST,
1009
-																 NUMBER_ST,
1010
-																$3,
1011
-																(void*)$5);
1024
+		| FORWARD_TLS LPAREN host COMMA NUMBER RPAREN { 
1025
+										#ifdef USE_TLS
1026
+											$$=mk_action(	FORWARD_TLS_T,
1027
+															 STRING_ST,
1028
+															 NUMBER_ST,
1029
+															$3,
1030
+															(void*)$5);
1031
+										#else
1032
+											yyerror("tls support not "
1033
+													"compiled in");
1034
+										#endif
1012 1035
 												 }
1013
-		| FORWARD_TLS LPAREN STRING COMMA NUMBER RPAREN {$$=mk_action(
1014
-																FORWARD_TLS_T,
1015
-																 STRING_ST,
1016
-																 NUMBER_ST,
1017
-																$3,
1018
-																(void*)$5);
1036
+		| FORWARD_TLS LPAREN STRING COMMA NUMBER RPAREN {
1037
+										#ifdef USE_TLS
1038
+											$$=mk_action(	FORWARD_TLS_T,
1039
+															 STRING_ST,
1040
+															 NUMBER_ST,
1041
+															$3,
1042
+															(void*)$5);
1043
+										#else
1044
+											yyerror("tls support not "
1045
+													"compiled in");
1046
+										#endif
1019 1047
 													}
1020
-		| FORWARD_TLS LPAREN ip COMMA NUMBER RPAREN { $$=mk_action(FORWARD_TLS_T,
1021
-																 IP_ST,
1022
-																 NUMBER_ST,
1023
-																 (void*)$3,
1024
-																(void*)$5);
1048
+		| FORWARD_TLS LPAREN ip COMMA NUMBER RPAREN {
1049
+										#ifdef USE_TLS
1050
+											$$=mk_action(	FORWARD_TLS_T,
1051
+															 IP_ST,
1052
+															 NUMBER_ST,
1053
+															 (void*)$3,
1054
+															(void*)$5);
1055
+										#else
1056
+											yyerror("tls support not "
1057
+													"compiled in");
1058
+										#endif
1025 1059
 												  }
1026 1060
 		| FORWARD_TLS LPAREN URIHOST COMMA URIPORT RPAREN {
1027
-													$$=mk_action(FORWARD_TLS_T,
1028
-																 URIHOST_ST,
1029
-																 URIPORT_ST,
1030
-																0,
1031
-																0);
1061
+										#ifdef USE_TLS
1062
+											$$=mk_action(	FORWARD_TLS_T,
1063
+															 URIHOST_ST,
1064
+															 URIPORT_ST,
1065
+															0,
1066
+															0);
1067
+										#else
1068
+											yyerror("tls support not "
1069
+													"compiled in");
1070
+										#endif
1032 1071
 													}
1033 1072
 													
1034 1073
 									
1035 1074
 		| FORWARD_TLS LPAREN URIHOST COMMA NUMBER RPAREN {
1036
-													$$=mk_action(FORWARD_TLS_T,
1037
-																 URIHOST_ST,
1038
-																 NUMBER_ST,
1039
-																0,
1040
-																(void*)$5);
1075
+										#ifdef USE_TLS
1076
+											$$=mk_action(	FORWARD_TLS_T,
1077
+															 URIHOST_ST,
1078
+															 NUMBER_ST,
1079
+															0,
1080
+															(void*)$5);
1081
+										#else
1082
+											yyerror("tls support not "
1083
+													"compiled in");
1084
+										#endif
1041 1085
 													}
1042 1086
 		| FORWARD_TLS LPAREN URIHOST RPAREN {
1043
-													$$=mk_action(FORWARD_TLS_T,
1044
-																 URIHOST_ST,
1045
-																 NUMBER_ST,
1046
-																0,
1047
-																0);
1087
+										#ifdef USE_TLS
1088
+											$$=mk_action(	FORWARD_TLS_T,
1089
+															 URIHOST_ST,
1090
+															 NUMBER_ST,
1091
+															0,
1092
+															0);
1093
+										#else
1094
+											yyerror("tls support not "
1095
+													"compiled in");
1096
+										#endif
1048 1097
 										}
1049 1098
 		| FORWARD_TLS error { $$=0; yyerror("missing '(' or ')' ?"); }
1050
-		| FORWARD_TLS LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"
1099
+		| FORWARD_TLS LPAREN error RPAREN { $$=0; yyerror("bad forward_tls"
1051 1100
 										"argument"); }
1052 1101
 		
1053 1102
 		| SEND LPAREN host RPAREN	{ $$=mk_action(	SEND_T,
... ...
@@ -1301,6 +1408,13 @@ cmd:		FORWARD LPAREN host RPAREN	{ $$=mk_action(	FORWARD_T,
1301 1301
 extern int line;
1302 1302
 extern int column;
1303 1303
 extern int startcolumn;
1304
+void warn(char* s)
1305
+{
1306
+	LOG(L_WARN, "cfg. warning: (%d,%d-%d): %s\n", line, startcolumn, 
1307
+			column, s);
1308
+	cfg_errors++;
1309
+}
1310
+
1304 1311
 void yyerror(char* s)
1305 1312
 {
1306 1313
 	LOG(L_CRIT, "parse error (%d,%d-%d): %s\n", line, startcolumn, 
... ...
@@ -81,11 +81,7 @@ extern int tcp_disable;
81 81
 #endif
82 82
 #ifdef USE_TLS
83 83
 extern int tls_disable;
84
-extern int tls_verify_cert;
85
-extern int tls_require_cert;
86
-extern char* tls_cert_file;
87
-extern char* tls_pkey_file;
88
-extern char* tls_ca_file;
84
+extern unsigned short tls_port_no;
89 85
 #endif
90 86
 extern int dont_fork;
91 87
 extern int check_via;