Browse code

- more tls config. vars added (tls_method, tls_log, tls_port_no)

Andrei Pelinescu-Onciul authored on 06/07/2003 14:13:05
Showing 4 changed files
... ...
@@ -40,7 +40,7 @@ export makefile_defs
40 40
 VERSION = 0
41 41
 PATCHLEVEL = 8
42 42
 SUBLEVEL =   12
43
-EXTRAVERSION = dev-t05
43
+EXTRAVERSION = dev-t06
44 44
 
45 45
 RELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)
46 46
 OS = $(shell uname -s | sed -e s/SunOS/solaris/ | tr "[A-Z]" "[a-z]")
... ...
@@ -686,7 +686,7 @@ endif
686 686
 
687 687
 #add libssl if needed
688 688
 ifneq ($(TLS),)
689
-LIBS+= -lssl
689
+LIBS+= -lssl 
690 690
 endif
691 691
 
692 692
 ifneq ($(found_lock_method), yes)
... ...
@@ -37,6 +37,7 @@
37 37
  *  2003-04-22  strip_tail added (jiri)
38 38
  *  2003-07-03  tls* (disable, certificate, private_key, ca_list, verify, 
39 39
  *               require_certificate added (andrei)
40
+ *  2003-07-06  more tls config. vars added: tls_method, tls_port_no (andrei)
40 41
  */
41 42
 
42 43
 
... ...
@@ -149,7 +150,7 @@ MAXBUFFER maxbuffer
149 150
 CHILDREN children
150 151
 CHECK_VIA	check_via
151 152
 SYN_BRANCH syn_branch
152
-MEMLOG	memlog
153
+MEMLOG		"memlog"|"mem_log"
153 154
 SIP_WARNING sip_warning
154 155
 FIFO fifo
155 156
 FIFO_MODE fifo_mode
... ...
@@ -163,6 +164,9 @@ MHOMED		mhomed
163 164
 DISABLE_TCP		"disable_tcp"
164 165
 TCP_CHILDREN	"tcp_children"
165 166
 DISABLE_TLS		"disable_tls"
167
+TLSLOG			"tlslog"|"tls_log"
168
+TLS_PORT_NO		"tls_port_no"
169
+TLS_METHOD		"tls_method"
166 170
 TLS_VERIFY		"tls_verify"
167 171
 TLS_REQUIRE_CERTIFICATE "tls_require_certificate"
168 172
 TLS_CERTIFICATE	"tls_certificate"
... ...
@@ -175,11 +179,15 @@ MODPARAM        modparam
175 179
 /* values */
176 180
 YES			"yes"|"true"|"on"|"enable"
177 181
 NO			"no"|"false"|"off"|"disable"
178
-UDP			"udp"
179
-TCP			"tcp"
180
-TLS			"tls"
181
-INET		"inet"
182
-INET6		"inet6"
182
+UDP			"udp"|"UDP"
183
+TCP			"tcp"|"TCP"
184
+TLS			"tls"|"TLS"
185
+INET		"inet"|"INET"
186
+INET6		"inet6"|"INET6"
187
+SSLv23			"sslv23"|"SSLv23"|"SSLV23"
188
+SSLv2			"sslv2"|"SSLv2"|"SSLV2"
189
+SSLv3			"sslv3"|"SSLv3"|"SSLV3"
190
+TLSv1			"tlsv1"|"TLSv1"|"TLSV1"
183 191
 
184 192
 LETTER		[a-zA-Z]
185 193
 DIGIT		[0-9]
... ...
@@ -290,6 +298,9 @@ EAT_ABLE	[\ \t\b\r]
290 298
 <INITIAL>{DISABLE_TCP}	{ count(); yylval.strval=yytext; return DISABLE_TCP; }
291 299
 <INITIAL>{TCP_CHILDREN}	{ count(); yylval.strval=yytext; return TCP_CHILDREN; }
292 300
 <INITIAL>{DISABLE_TLS}	{ count(); yylval.strval=yytext; return DISABLE_TLS; }
301
+<INITIAL>{TLSLOG}		{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
302
+<INITIAL>{TLS_PORT_NO}	{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
303
+<INITIAL>{TLS_METHOD}	{ count(); yylval.strval=yytext; return TLS_METHOD; }
293 304
 <INITIAL>{TLS_VERIFY}	{ count(); yylval.strval=yytext; return TLS_VERIFY; }
294 305
 <INITIAL>{TLS_REQUIRE_CERTIFICATE}	{ count(); yylval.strval=yytext;
295 306
 										return TLS_REQUIRE_CERTIFICATE; }
... ...
@@ -330,6 +341,10 @@ EAT_ABLE	[\ \t\b\r]
330 341
 						  yylval.intval=-1; /* no match*/
331 342
 						#endif
332 343
 						  return NUMBER; }
344
+<INITIAL>{SSLv23}		{ count(); yylval.strval=yytext; return SSLv23; }
345
+<INITIAL>{SSLv2}		{ count(); yylval.strval=yytext; return SSLv2; }
346
+<INITIAL>{SSLv3}		{ count(); yylval.strval=yytext; return SSLv3; }
347
+<INITIAL>{TLSv1}		{ count(); yylval.strval=yytext; return TLSv1; }
333 348
 
334 349
 <INITIAL>{COMMA}		{ count(); return COMMA; }
335 350
 <INITIAL>{SEMICOLON}	{ count(); return SEMICOLON; }
... ...
@@ -41,6 +41,7 @@
41 41
  * 2003-04-22  strip_tail added (jiri)
42 42
  * 2003-07-03  tls* (disable, certificate, private_key, ca_list, verify, 
43 43
  *              require_certificate added (andrei)
44
+ * 2003-07-06  more tls config. vars added: tls_method, tls_port_no (andrei)
44 45
  */
45 46
 
46 47
 
... ...
@@ -64,6 +65,9 @@
64 65
 #include "name_alias.h"
65 66
 
66 67
 #include "config.h"
68
+#ifdef USE_TLS
69
+#include "tls/tls_config.h"
70
+#endif
67 71
 
68 72
 #ifdef DEBUG_DMALLOC
69 73
 #include <dmalloc.h>
... ...
@@ -84,6 +88,8 @@ char* tmp;
84 88
 void* f_tmp;
85 89
 struct id_list* lst_tmp;
86 90
 int rt;  /* Type of route block for find_export */
91
+
92
+void warn(char* s);
87 93
  
88 94
 
89 95
 %}
... ...
@@ -177,6 +183,13 @@ int rt;  /* Type of route block for find_export */
177 183
 %token DISABLE_TCP
178 184
 %token TCP_CHILDREN
179 185
 %token DISABLE_TLS
186
+%token TLSLOG
187
+%token TLS_PORT_NO
188
+%token TLS_METHOD
189
+%token SSLv23
190
+%token SSLv2
191
+%token SSLv3
192
+%token TLSv1
180 193
 %token TLS_VERIFY
181 194
 %token TLS_REQUIRE_CERTIFICATE
182 195
 %token TLS_CERTIFICATE
... ...
@@ -363,8 +376,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
363 376
 									#ifdef USE_TCP
364 377
 										tcp_disable=$3;
365 378
 									#else
366
-										fprintf(stderr, "WARNING: tcp support"
367
-												"not compiled in\n");
379
+										warn("tcp support not compiled in");
368 380
 									#endif
369 381
 									}
370 382
 		| DISABLE_TCP EQUAL error { yyerror("boolean value expected"); }
... ...
@@ -372,8 +384,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
372 384
 									#ifdef USE_TCP
373 385
 										tcp_children_no=$3;
374 386
 									#else
375
-										fprintf(stderr, "WARNING: tcp support"
376
-												"not compiled in\n");
387
+										warn("tcp support not compiled in");
377 388
 									#endif
378 389
 									}
379 390
 		| TCP_CHILDREN EQUAL error { yyerror("number expected"); }
... ...
@@ -381,17 +392,68 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
381 392
 									#ifdef USE_TLS
382 393
 										tls_disable=$3;
383 394
 									#else
384
-										fprintf(stderr, "WARNING: tls support"
385
-												"not compiled in\n");
395
+										warn("tls support not compiled in");
386 396
 									#endif
387 397
 									}
388 398
 		| DISABLE_TLS EQUAL error { yyerror("boolean value expected"); }
399
+		| TLSLOG EQUAL NUMBER 		{ 
400
+									#ifdef USE_TLS
401
+										tls_log=$3;
402
+									#else
403
+										warn("tls support not compiled in");
404
+									#endif
405
+									}
406
+		| TLSLOG EQUAL error { yyerror("int value expected"); }
407
+		| TLS_PORT_NO EQUAL NUMBER {
408
+									#ifdef USE_TLS
409
+										tls_port_no=$3;
410
+									#else
411
+										warn("tls support not compiled in");
412
+									#endif
413
+									}
414
+		| TLS_PORT_NO EQUAL error { yyerror("number expected"); }
415
+		| TLS_METHOD EQUAL SSLv23 {
416
+									#ifdef USE_TLS
417
+										tls_method=TLS_USE_SSLv23;
418
+									#else
419
+										warn("tls support not compiled in");
420
+									#endif
421
+									}
422
+		| TLS_METHOD EQUAL SSLv2 {
423
+									#ifdef USE_TLS
424
+										tls_method=TLS_USE_SSLv2;
425
+									#else
426
+										warn("tls support not compiled in");
427
+									#endif
428
+									}
429
+		| TLS_METHOD EQUAL SSLv3 {
430
+									#ifdef USE_TLS
431
+										tls_method=TLS_USE_SSLv3;
432
+									#else
433
+										warn("tls support not compiled in");
434
+									#endif
435
+									}
436
+		| TLS_METHOD EQUAL TLSv1 {
437
+									#ifdef USE_TLS
438
+										tls_method=TLS_USE_TLSv1;
439
+									#else
440
+										warn("tls support not compiled in");
441
+									#endif
442
+									}
443
+		| TLS_METHOD EQUAL error {
444
+									#ifdef USE_TLS
445
+										yyerror("SSLv23, SSLv2, SSLv3 or TLSv1"
446
+													" expected");
447
+									#else
448
+										warn("tls support not compiled in");
449
+									#endif
450
+									}
451
+										
389 452
 		| TLS_VERIFY EQUAL NUMBER {
390 453
 									#ifdef USE_TLS
391 454
 										tls_verify_cert=$3;
392 455
 									#else
393
-										fprintf(stderr, "WARNING: tcp support"
394
-												"not compiled in\n");
456
+										warn("tls support not compiled in");
395 457
 									#endif
396 458
 									}
397 459
 		| TLS_VERIFY EQUAL error { yyerror("boolean value expected"); }
... ...
@@ -399,8 +461,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
399 461
 									#ifdef USE_TLS
400 462
 										tls_require_cert=$3;
401 463
 									#else
402
-										fprintf(stderr, "WARNING: tcp support"
403
-												"not compiled in\n");
464
+										warn( "tls support not compiled in");
404 465
 									#endif
405 466
 									}
406 467
 		| TLS_REQUIRE_CERTIFICATE EQUAL error { yyerror("boolean value"
... ...
@@ -409,8 +470,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
409 470
 									#ifdef USE_TLS
410 471
 											tls_cert_file=$3;
411 472
 									#else
412
-										fprintf(stderr, "WARNING: tls support"
413
-												"not compiled in\n");
473
+										warn("tls support not compiled in");
414 474
 									#endif
415 475
 									}
416 476
 		| TLS_CERTIFICATE EQUAL error { yyerror("string value expected"); }
... ...
@@ -418,8 +478,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
418 478
 									#ifdef USE_TLS
419 479
 											tls_pkey_file=$3;
420 480
 									#else
421
-										fprintf(stderr, "WARNING: tls support"
422
-												"not compiled in\n");
481
+										warn("tls support not compiled in");
423 482
 									#endif
424 483
 									}
425 484
 		| TLS_PRIVATE_KEY EQUAL error { yyerror("string value expected"); }
... ...
@@ -427,8 +486,7 @@ assign_stm:	DEBUG EQUAL NUMBER { debug=$3; }
427 486
 									#ifdef USE_TLS
428 487
 											tls_ca_file=$3;
429 488
 									#else
430
-										fprintf(stderr, "WARNING: tls support"
431
-												"not compiled in\n");
489
+										warn("tls support not compiled in");
432 490
 									#endif
433 491
 									}
434 492
 		| TLS_CA_LIST EQUAL error { yyerror("string value expected"); }
... ...
@@ -985,69 +1043,118 @@ cmd:		FORWARD LPAREN host RPAREN	{ $$=mk_action(	FORWARD_T,
985 1043
 		| FORWARD_TCP error { $$=0; yyerror("missing '(' or ')' ?"); }
986 1044
 		| FORWARD_TCP LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"
987 1045
 										"argument"); }
988
-		| FORWARD_TLS LPAREN host RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
1046
+		| FORWARD_TLS LPAREN host RPAREN	{
1047
+										#ifdef USE_TLS
1048
+											$$=mk_action(	FORWARD_TLS_T,
989 1049
 														STRING_ST,
990 1050
 														NUMBER_ST,
991 1051
 														$3,
992 1052
 														0);
1053
+										#else
1054
+											yyerror("tls support not "
1055
+													"compiled in");
1056
+										#endif
993 1057
 										}
994
-		| FORWARD_TLS LPAREN STRING RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
995
-														STRING_ST,
996
-														NUMBER_ST,
997
-														$3,
998
-														0);
1058
+		| FORWARD_TLS LPAREN STRING RPAREN	{
1059
+										#ifdef USE_TLS
1060
+											$$=mk_action(	FORWARD_TLS_T,
1061
+															STRING_ST,
1062
+															NUMBER_ST,
1063
+															$3,
1064
+															0);
1065
+										#else
1066
+											yyerror("tls support not "
1067
+													"compiled in");
1068
+										#endif
999 1069
 										}
1000
-		| FORWARD_TLS LPAREN ip RPAREN	{ $$=mk_action(	FORWARD_TLS_T,
1001
-														IP_ST,
1002
-														NUMBER_ST,
1003
-														(void*)$3,
1004
-														0);
1070
+		| FORWARD_TLS LPAREN ip RPAREN	{ 
1071
+										#ifdef USE_TLS
1072
+											$$=mk_action(	FORWARD_TLS_T,
1073
+															IP_ST,
1074
+															NUMBER_ST,
1075
+															(void*)$3,
1076
+															0);
1077
+										#else
1078
+											yyerror("tls support not "
1079
+													"compiled in");
1080
+										#endif
1005 1081
 										}
1006
-		| FORWARD_TLS LPAREN host COMMA NUMBER RPAREN { $$=mk_action(
1007
-																FORWARD_TLS_T,
1008
-																 STRING_ST,
1009
-																 NUMBER_ST,
1010
-																$3,
1011
-																(void*)$5);
1082
+		| FORWARD_TLS LPAREN host COMMA NUMBER RPAREN { 
1083
+										#ifdef USE_TLS
1084
+											$$=mk_action(	FORWARD_TLS_T,
1085
+															 STRING_ST,
1086
+															 NUMBER_ST,
1087
+															$3,
1088
+															(void*)$5);
1089
+										#else
1090
+											yyerror("tls support not "
1091
+													"compiled in");
1092
+										#endif
1012 1093
 												 }
1013
-		| FORWARD_TLS LPAREN STRING COMMA NUMBER RPAREN {$$=mk_action(
1014
-																FORWARD_TLS_T,
1015
-																 STRING_ST,
1016
-																 NUMBER_ST,
1017
-																$3,
1018
-																(void*)$5);
1094
+		| FORWARD_TLS LPAREN STRING COMMA NUMBER RPAREN {
1095
+										#ifdef USE_TLS
1096
+											$$=mk_action(	FORWARD_TLS_T,
1097
+															 STRING_ST,
1098
+															 NUMBER_ST,
1099
+															$3,
1100
+															(void*)$5);
1101
+										#else
1102
+											yyerror("tls support not "
1103
+													"compiled in");
1104
+										#endif
1019 1105
 													}
1020
-		| FORWARD_TLS LPAREN ip COMMA NUMBER RPAREN { $$=mk_action(FORWARD_TLS_T,
1021
-																 IP_ST,
1022
-																 NUMBER_ST,
1023
-																 (void*)$3,
1024
-																(void*)$5);
1106
+		| FORWARD_TLS LPAREN ip COMMA NUMBER RPAREN {
1107
+										#ifdef USE_TLS
1108
+											$$=mk_action(	FORWARD_TLS_T,
1109
+															 IP_ST,
1110
+															 NUMBER_ST,
1111
+															 (void*)$3,
1112
+															(void*)$5);
1113
+										#else
1114
+											yyerror("tls support not "
1115
+													"compiled in");
1116
+										#endif
1025 1117
 												  }
1026 1118
 		| FORWARD_TLS LPAREN URIHOST COMMA URIPORT RPAREN {
1027
-													$$=mk_action(FORWARD_TLS_T,
1028
-																 URIHOST_ST,
1029
-																 URIPORT_ST,
1030
-																0,
1031
-																0);
1119
+										#ifdef USE_TLS
1120
+											$$=mk_action(	FORWARD_TLS_T,
1121
+															 URIHOST_ST,
1122
+															 URIPORT_ST,
1123
+															0,
1124
+															0);
1125
+										#else
1126
+											yyerror("tls support not "
1127
+													"compiled in");
1128
+										#endif
1032 1129
 													}
1033 1130
 													
1034 1131
 									
1035 1132
 		| FORWARD_TLS LPAREN URIHOST COMMA NUMBER RPAREN {
1036
-													$$=mk_action(FORWARD_TLS_T,
1037
-																 URIHOST_ST,
1038
-																 NUMBER_ST,
1039
-																0,
1040
-																(void*)$5);
1133
+										#ifdef USE_TLS
1134
+											$$=mk_action(	FORWARD_TLS_T,
1135
+															 URIHOST_ST,
1136
+															 NUMBER_ST,
1137
+															0,
1138
+															(void*)$5);
1139
+										#else
1140
+											yyerror("tls support not "
1141
+													"compiled in");
1142
+										#endif
1041 1143
 													}
1042 1144
 		| FORWARD_TLS LPAREN URIHOST RPAREN {
1043
-													$$=mk_action(FORWARD_TLS_T,
1044
-																 URIHOST_ST,
1045
-																 NUMBER_ST,
1046
-																0,
1047
-																0);
1145
+										#ifdef USE_TLS
1146
+											$$=mk_action(	FORWARD_TLS_T,
1147
+															 URIHOST_ST,
1148
+															 NUMBER_ST,
1149
+															0,
1150
+															0);
1151
+										#else
1152
+											yyerror("tls support not "
1153
+													"compiled in");
1154
+										#endif
1048 1155
 										}
1049 1156
 		| FORWARD_TLS error { $$=0; yyerror("missing '(' or ')' ?"); }
1050
-		| FORWARD_TLS LPAREN error RPAREN { $$=0; yyerror("bad forward_tcp"
1157
+		| FORWARD_TLS LPAREN error RPAREN { $$=0; yyerror("bad forward_tls"
1051 1158
 										"argument"); }
1052 1159
 		
1053 1160
 		| SEND LPAREN host RPAREN	{ $$=mk_action(	SEND_T,
... ...
@@ -1301,6 +1408,13 @@ cmd:		FORWARD LPAREN host RPAREN	{ $$=mk_action(	FORWARD_T,
1301 1408
 extern int line;
1302 1409
 extern int column;
1303 1410
 extern int startcolumn;
1411
+void warn(char* s)
1412
+{
1413
+	LOG(L_WARN, "cfg. warning: (%d,%d-%d): %s\n", line, startcolumn, 
1414
+			column, s);
1415
+	cfg_errors++;
1416
+}
1417
+
1304 1418
 void yyerror(char* s)
1305 1419
 {
1306 1420
 	LOG(L_CRIT, "parse error (%d,%d-%d): %s\n", line, startcolumn, 
... ...
@@ -81,11 +81,7 @@ extern int tcp_disable;
81 81
 #endif
82 82
 #ifdef USE_TLS
83 83
 extern int tls_disable;
84
-extern int tls_verify_cert;
85
-extern int tls_require_cert;
86
-extern char* tls_cert_file;
87
-extern char* tls_pkey_file;
88
-extern char* tls_ca_file;
84
+extern unsigned short tls_port_no;
89 85
 #endif
90 86
 extern int dont_fork;
91 87
 extern int check_via;