Browse code

- tls hooks support: special tls hooks added in core that allow a module or core part to provide a tls implementation. Support for the old in-core tls compile options is preserved (but one can compile with either tls hooks support or tls-in-core support, not with both in the same time). Changes were kept to a minimum. - Makefiles: make TLS=1 deprecated, use instead make TLS_HOOKS=1 or make CORE_TLS=1 (if in-core tls support is needed). Added TLS_EXTRA_LIBS (e.g. make CORE_TLS=1 TLS_EXTRA_LIBS="-lz -lkrb5").

Andrei Pelinescu-Onciul authored on 10/02/2007 18:52:48
Showing 12 changed files
... ...
@@ -232,7 +232,7 @@ tar_name=$(NAME)-$(RELEASE)_src
232 232
 
233 233
 tar_extra_args+=$(addprefix --exclude=$(notdir $(CURDIR))/, \
234 234
 					$(auto_gen) $(auto_gen_others))
235
-ifneq ($(TLS),)
235
+ifeq ($(CORE_TLS), 1)
236 236
 	tar_extra_args+=
237 237
 else
238 238
 	tar_extra_args+=--exclude=$(notdir $(CURDIR))/tls* 
... ...
@@ -242,6 +242,12 @@ ifneq ($(nodeb),)
242 242
 	tar_extra_args+=--exclude=$(notdir $(CURDIR))/debian 
243 243
 	tar_name:=$(tar_name)_nodeb
244 244
 endif
245
+
246
+# sanity checks
247
+ifneq ($(TLS),)
248
+	$(warning "make TLS option is obsoleted, try TLS_HOOKS or CORE_TLS")
249
+endif
250
+
245 251
 # include the common rules
246 252
 include Makefile.rules
247 253
 
... ...
@@ -51,6 +51,8 @@
51 51
 #  2006-03-31  armv6 & mips64 support added
52 52
 #              mips and arm set to NOSMP by default (andrei)
53 53
 #  2006-07-10  added -DPROFILING (hscholz)
54
+#  2007-02-09  added TLS_HOOKS and CORE_TLS support, obsoleted TLS=1
55
+#              added TLS_EXTRA_LIBS (andrei)
54 56
 
55 57
 
56 58
 # check if already included/exported
... ...
@@ -67,7 +69,7 @@ MAIN_NAME=ser
67 67
 VERSION = 0
68 68
 PATCHLEVEL = 10
69 69
 SUBLEVEL =   99
70
-EXTRAVERSION = -dev66
70
+EXTRAVERSION = -dev67
71 71
 
72 72
 SER_VER = $(shell expr $(VERSION) \* 1000000 + $(PATCHLEVEL) \* 1000 + \
73 73
 			$(SUBLEVEL) )
... ...
@@ -102,10 +104,16 @@ OSREL_N= $(shell echo $(OSREL) | sed -e 's/^[^0-9]*//' \
102 102
 		[ -n "$$C" ] && R=`expr $$R \* 1000 + $$C`; echo $$R ) )
103 103
 
104 104
 # TLS support
105
-TLS ?= 
106
-ifneq ($(TLS),)
105
+CORE_TLS ?= 
106
+TLS_HOOKS ?= 
107
+ifeq ($(CORE_TLS), 1)
107 108
 	RELEASE:=$(RELEASE)-tls
109
+	TLS_HOOKS:=0
108 110
 endif
111
+ifeq ($(TLS_HOOKS), 1)
112
+	RELEASE:=$(RELEASE)-tls
113
+endif
114
+
109 115
 # extra CC command line options (e.g  -march=athlon-mp)
110 116
 CC_EXTRA_OPTS ?=
111 117
 
... ...
@@ -327,8 +335,21 @@ endif
327 327
 # -DDISABLE_NAGLE
328 328
 #		disable the tcp Nagle algorithm (lower delay)
329 329
 # -DUSE_TLS
330
-#		compiles in tls support, requires -DUSE_TCP. Please use
331
-#		make TLS=1 instead. (tls support is highly experimental for now)
330
+#		compiles in tls support, requires -DUSE_TCP. Note: this is only 
331
+#		generic support (parsing a.s.o.), it does not include the actual
332
+#		"tls engine". If you really want tls you need also either
333
+#		-DCORE_TLS and a tls/ subdir with the tls code or -DTLS_HOOKS and
334
+#		the tls module loaded.
335
+# -DCORE_TLS
336
+#		compiles tls in-core support. Requires -DUSE_TLS, conflicts 
337
+#		-DTLS_HOOKS. Please use make CORE_TLS=1 instead  (it will set all the
338
+#		needed defines automatically and extra libraries needed for linking).
339
+# -DTLS_HOOKS
340
+#		compile tls module support (support for having the "tls engine" in a
341
+#		module). Requires -DUSE_TLS, conflicts -DCORE_TLS.
342
+#		Please use make TLS_HOOKS=1 (or TLS_HOOKS=0 to for disabling) instead
343
+#		of setting -DTLS_HOOKS (it will set all the needed defines 
344
+#		automatically)
332 345
 # -DHAVE_RESOLV_RES
333 346
 #		support for changing some of the resolver parameters present
334 347
 #		 (_res structure in <resolv.h>)
... ...
@@ -395,8 +416,11 @@ DEFS+= $(extra_defs) \
395 395
 # use make mode=debug all instead. Anyway no by default ser is  compiled w/ 
396 396
 # debugging symbols in all cases (-g). --andrei
397 397
 
398
-ifneq ($(TLS),)
399
-	DEFS+= -DUSE_TLS
398
+ifeq ($(CORE_TLS), 1)
399
+	DEFS+= -DUSE_TLS -DCORE_TLS
400
+endif
401
+ifeq ($(TLS_HOOKS), 1)
402
+	DEFS+= -DUSE_TLS -DTLS_HOOKS
400 403
 endif
401 404
 
402 405
 ifneq ($(STUN),)
... ...
@@ -1405,9 +1429,13 @@ ifneq (,$(findstring CYGWIN, $(OS)))
1405 1405
 endif
1406 1406
 
1407 1407
 #add libssl if needed
1408
-ifneq ($(TLS),)
1408
+ifeq ($(CORE_TLS), 1)
1409 1409
 DEFS+= -I$(LOCALBASE)/ssl/include
1410
-LIBS+= -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib -lssl  -lcrypto
1410
+LIBS+= -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib -lssl -lcrypto \
1411
+		$(TLS_EXTRA_LIBS)
1412
+# NOTE: depending on the way in which libssl was compiled you might
1413
+#       have to add -lz -lkrb5   (zlib and kerberos5).
1414
+#       E.g.: make CORE_TLS=1 EXTRA_TLS_LIBS="-lz -lkrb5"
1411 1415
 endif
1412 1416
 
1413 1417
 ifneq ($(STUN),)
... ...
@@ -14,7 +14,7 @@
14 14
 sources=$(filter-out $(auto_gen), $(wildcard *.c) $(wildcard mem/*.c) \
15 15
 		$(wildcard parser/*.c) $(wildcard parser/digest/*.c) \
16 16
 		$(wildcard parser/contact/*.c) $(wildcard db/*.c) ) $(auto_gen)
17
-ifneq ($(TLS),)
17
+ifeq ($(CORE_TLS), 1)
18 18
 	sources+= $(wildcard tls/*.c)
19 19
 endif
20 20
 objs=$(sources:.c=.o)
... ...
@@ -272,7 +272,8 @@ TCP_CONNECT_TIMEOUT	"tcp_connect_timeout"
272 272
 TCP_CON_LIFETIME	"tcp_connection_lifetime"
273 273
 TCP_POLL_METHOD		"tcp_poll_method"
274 274
 TCP_MAX_CONNECTIONS	"tcp_max_connections"
275
-DISABLE_TLS		"disable_tls"
275
+DISABLE_TLS		"disable_tls"|"tls_disable"
276
+ENABLE_TLS		"enable_tls"|"tls_enable"
276 277
 TLSLOG			"tlslog"|"tls_log"
277 278
 TLS_PORT_NO		"tls_port_no"
278 279
 TLS_METHOD		"tls_method"
... ...
@@ -501,6 +502,7 @@ EAT_ABLE	[\ \t\b\r]
501 501
 <INITIAL>{TCP_MAX_CONNECTIONS}	{ count(); yylval.strval=yytext;
502 502
 									return TCP_MAX_CONNECTIONS; }
503 503
 <INITIAL>{DISABLE_TLS}	{ count(); yylval.strval=yytext; return DISABLE_TLS; }
504
+<INITIAL>{ENABLE_TLS}	{ count(); yylval.strval=yytext; return ENABLE_TLS; }
504 505
 <INITIAL>{TLSLOG}		{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
505 506
 <INITIAL>{TLS_PORT_NO}	{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
506 507
 <INITIAL>{TLS_METHOD}	{ count(); yylval.strval=yytext; return TLS_METHOD; }
... ...
@@ -76,6 +76,8 @@
76 76
  *              options (andrei)
77 77
  * 2006-10-13  added STUN_ALLOW_STUN, STUN_ALLOW_FP, STUN_REFRESH_INTERVAL
78 78
  *              (vlada)
79
+ * 2007-02-09  separated command needed for tls-in-core and for tls in general
80
+ *              (andrei)
79 81
  */
80 82
 
81 83
 %{
... ...
@@ -104,7 +106,7 @@
104 104
 #include "flags.h"
105 105
 
106 106
 #include "config.h"
107
-#ifdef USE_TLS
107
+#ifdef CORE_TLS
108 108
 #include "tls/tls_config.h"
109 109
 #endif
110 110
 
... ...
@@ -305,6 +307,7 @@ static struct socket_id* mk_listen_id(char*, int, int);
305 305
 %token TCP_POLL_METHOD
306 306
 %token TCP_MAX_CONNECTIONS
307 307
 %token DISABLE_TLS
308
+%token ENABLE_TLS
308 309
 %token TLSLOG
309 310
 %token TLS_PORT_NO
310 311
 %token TLS_METHOD
... ...
@@ -713,13 +716,21 @@ assign_stm:
713 713
 		#endif
714 714
 	}
715 715
 	| DISABLE_TLS EQUAL error { yyerror("boolean value expected"); }
716
-	| TLSLOG EQUAL NUMBER {
716
+	| ENABLE_TLS EQUAL NUMBER {
717 717
 		#ifdef USE_TLS
718
-			tls_log=$3;
718
+			tls_disable=!($3);
719 719
 		#else
720 720
 			warn("tls support not compiled in");
721 721
 		#endif
722 722
 	}
723
+	| ENABLE_TLS EQUAL error { yyerror("boolean value expected"); }
724
+	| TLSLOG EQUAL NUMBER {
725
+		#ifdef CORE_TLS
726
+			tls_log=$3;
727
+		#else
728
+			warn("tls-in-core support not compiled in");
729
+		#endif
730
+	}
723 731
 	| TLSLOG EQUAL error { yyerror("int value expected"); }
724 732
 	| TLS_PORT_NO EQUAL NUMBER {
725 733
 		#ifdef USE_TLS
... ...
@@ -730,93 +741,93 @@ assign_stm:
730 730
 	}
731 731
 	| TLS_PORT_NO EQUAL error { yyerror("number expected"); }
732 732
 	| TLS_METHOD EQUAL SSLv23 {
733
-		#ifdef USE_TLS
733
+		#ifdef CORE_TLS
734 734
 			tls_method=TLS_USE_SSLv23;
735 735
 		#else
736
-			warn("tls support not compiled in");
736
+			warn("tls-in-core support not compiled in");
737 737
 		#endif
738 738
 	}
739 739
 	| TLS_METHOD EQUAL SSLv2 {
740
-		#ifdef USE_TLS
740
+		#ifdef CORE_TLS
741 741
 			tls_method=TLS_USE_SSLv2;
742 742
 		#else
743
-			warn("tls support not compiled in");
743
+			warn("tls-in-core support not compiled in");
744 744
 		#endif
745 745
 	}
746 746
 	| TLS_METHOD EQUAL SSLv3 {
747
-		#ifdef USE_TLS
747
+		#ifdef CORE_TLS
748 748
 			tls_method=TLS_USE_SSLv3;
749 749
 		#else
750
-			warn("tls support not compiled in");
750
+			warn("tls-in-core support not compiled in");
751 751
 		#endif
752 752
 	}
753 753
 	| TLS_METHOD EQUAL TLSv1 {
754
-		#ifdef USE_TLS
754
+		#ifdef CORE_TLS
755 755
 			tls_method=TLS_USE_TLSv1;
756 756
 		#else
757
-			warn("tls support not compiled in");
757
+			warn("tls-in-core support not compiled in");
758 758
 		#endif
759 759
 	}
760 760
 	| TLS_METHOD EQUAL error {
761
-		#ifdef USE_TLS
761
+		#ifdef CORE_TLS
762 762
 			yyerror("SSLv23, SSLv2, SSLv3 or TLSv1 expected");
763 763
 		#else
764
-			warn("tls support not compiled in");
764
+			warn("tls-in-core support not compiled in");
765 765
 		#endif
766 766
 	}
767 767
 	| TLS_VERIFY EQUAL NUMBER {
768
-		#ifdef USE_TLS
768
+		#ifdef CORE_TLS
769 769
 			tls_verify_cert=$3;
770 770
 		#else
771
-			warn("tls support not compiled in");
771
+			warn("tls-in-core support not compiled in");
772 772
 		#endif
773 773
 	}
774 774
 	| TLS_VERIFY EQUAL error { yyerror("boolean value expected"); }
775 775
 	| TLS_REQUIRE_CERTIFICATE EQUAL NUMBER {
776
-		#ifdef USE_TLS
776
+		#ifdef CORE_TLS
777 777
 			tls_require_cert=$3;
778 778
 		#else
779
-			warn( "tls support not compiled in");
779
+			warn( "tls-in-core support not compiled in");
780 780
 		#endif
781 781
 	}
782 782
 	| TLS_REQUIRE_CERTIFICATE EQUAL error { yyerror("boolean value expected"); }
783 783
 	| TLS_CERTIFICATE EQUAL STRING {
784
-		#ifdef USE_TLS
784
+		#ifdef CORE_TLS
785 785
 			tls_cert_file=$3;
786 786
 		#else
787
-			warn("tls support not compiled in");
787
+			warn("tls-in-core support not compiled in");
788 788
 		#endif
789 789
 	}
790 790
 	| TLS_CERTIFICATE EQUAL error { yyerror("string value expected"); }
791 791
 	| TLS_PRIVATE_KEY EQUAL STRING {
792
-		#ifdef USE_TLS
792
+		#ifdef CORE_TLS
793 793
 			tls_pkey_file=$3;
794 794
 		#else
795
-			warn("tls support not compiled in");
795
+			warn("tls-in-core support not compiled in");
796 796
 		#endif
797 797
 	}
798 798
 	| TLS_PRIVATE_KEY EQUAL error { yyerror("string value expected"); }
799 799
 	| TLS_CA_LIST EQUAL STRING {
800
-		#ifdef USE_TLS
800
+		#ifdef CORE_TLS
801 801
 			tls_ca_file=$3;
802 802
 		#else
803
-			warn("tls support not compiled in");
803
+			warn("tls-in-core support not compiled in");
804 804
 		#endif
805 805
 	}
806 806
 	| TLS_CA_LIST EQUAL error { yyerror("string value expected"); }
807 807
 	| TLS_HANDSHAKE_TIMEOUT EQUAL NUMBER {
808
-		#ifdef USE_TLS
808
+		#ifdef CORE_TLS
809 809
 			tls_handshake_timeout=$3;
810 810
 		#else
811
-			warn("tls support not compiled in");
811
+			warn("tls-in-core support not compiled in");
812 812
 		#endif
813 813
 	}
814 814
 	| TLS_HANDSHAKE_TIMEOUT EQUAL error { yyerror("number expected"); }
815 815
 	| TLS_SEND_TIMEOUT EQUAL NUMBER {
816
-		#ifdef USE_TLS
816
+		#ifdef CORE_TLS
817 817
 			tls_send_timeout=$3;
818 818
 		#else
819
-			warn("tls support not compiled in");
819
+			warn("tls-in-core support not compiled in");
820 820
 		#endif
821 821
 	}
822 822
 	| TLS_SEND_TIMEOUT EQUAL error { yyerror("number expected"); }
... ...
@@ -69,7 +69,9 @@
69 69
  *              init_childs(PROC_MAIN) before starting tcp_main, to allow
70 70
  *               tcp usage for module started processes (andrei)
71 71
  * 2007-01-18  children shutdown procedure moved into shutdown_children;
72
-*               safer shutdown on start-up error (andrei)
72
+ *               safer shutdown on start-up error (andrei)
73
+ * 2007-02-09  TLS support split into tls-in-core (CORE_TLS) and generic TLS 
74
+ *             (USE_TLS)  (andrei)
73 75
  */
74 76
 
75 77
 
... ...
@@ -131,10 +133,14 @@
131 131
 #ifdef USE_TCP
132 132
 #include "poll_types.h"
133 133
 #include "tcp_init.h"
134
-#ifdef USE_TLS
134
+#ifdef CORE_TLS
135 135
 #include "tls/tls_init.h"
136
-#endif
137
-#endif
136
+#define tls_has_init_si() 1
137
+#define tls_loaded() 1
138
+#else
139
+#include "tls_hooks_init.h"
140
+#endif /* CORE_TLS */
141
+#endif /* USE_TCP */
138 142
 #include "usr_avp.h"
139 143
 #include "core_cmd.h"
140 144
 #include "flags.h"
... ...
@@ -260,8 +266,12 @@ int tcp_children_no = 0;
260 260
 int tcp_disable = 0; /* 1 if tcp is disabled */
261 261
 #endif
262 262
 #ifdef USE_TLS
263
-int tls_disable = 0; /* 1 if tls is disabled */
264
-#endif
263
+#ifdef	CORE_TLS
264
+int tls_disable = 0;  /* tls enabled by default */
265
+#else
266
+int tls_disable = 1;  /* tls disabled by default */
267
+#endif /* CORE_TLS */
268
+#endif /* USE_TLS */
265 269
 
266 270
 struct process_table *pt=0;		/*array with children pids, 0= main proc,
267 271
 									alloc'ed in shared mem if possible*/
... ...
@@ -959,7 +969,7 @@ int main_loop()
959 959
 			}
960 960
 		}
961 961
 #ifdef USE_TLS
962
-		if (!tls_disable){
962
+		if (!tls_disable && tls_has_init_si()){
963 963
 			for(si=tls_listen; si; si=si->next){
964 964
 				/* same as for tcp*/
965 965
 				if (tls_init(si)==-1)  goto error;
... ...
@@ -1553,6 +1563,12 @@ try_again:
1553 1553
 #ifdef USE_TCP
1554 1554
 #ifdef USE_TLS
1555 1555
 	if (!tls_disable){
1556
+		if (!tls_loaded()){
1557
+			LOG(L_WARN, "WARNING: tls support enabled, but no tls engine "
1558
+						" available (forgot to load the tls module?)\n");
1559
+			LOG(L_WARN, "WARNING: disabling tls...\n");
1560
+			tls_disable=1;
1561
+		}
1556 1562
 		/* init tls*/
1557 1563
 		if (init_tls()<0){
1558 1564
 			LOG(L_CRIT, "could not initialize tls, exiting...\n");
... ...
@@ -120,9 +120,14 @@
120 120
 #include "tcp_init.h"
121 121
 #include "tsend.h"
122 122
 #include "timer_ticks.h"
123
-#ifdef USE_TLS
123
+#ifdef CORE_TLS
124 124
 #include "tls/tls_server.h"
125
-#endif 
125
+#define tls_loaded() 1
126
+#else
127
+#include "tls_hooks_init.h"
128
+#include "tls_hooks.h"
129
+#endif
130
+
126 131
 #include "tcp_info.h"
127 132
 
128 133
 #define local_malloc pkg_malloc
... ...
@@ -1676,7 +1681,7 @@ void tcp_main_loop()
1676 1676
 		}
1677 1677
 	}
1678 1678
 #ifdef USE_TLS
1679
-	if (!tls_disable){
1679
+	if (!tls_disable && tls_loaded()){
1680 1680
 		for (si=tls_listen; si; si=si->next){
1681 1681
 			if ((si->proto==PROTO_TLS) && (si->socket!=-1)){
1682 1682
 				if (io_watch_add(&io_h, si->socket, F_SOCKINFO, si)<0){
... ...
@@ -61,8 +61,10 @@
61 61
 #include "receive.h"
62 62
 #include "timer.h"
63 63
 #include "ut.h"
64
-#ifdef USE_TLS
64
+#ifdef CORE_TLS
65 65
 #include "tls/tls_server.h"
66
+#else
67
+#include "tls_hooks.h"
66 68
 #endif
67 69
 
68 70
 #define HANDLE_IO_INLINE
69 71
new file mode 100644
... ...
@@ -0,0 +1,77 @@
0
+/*
1
+ * $Id$
2
+ *
3
+ * Copyright (C) 2007 iptelorg GmbH 
4
+ *
5
+ * Permission to use, copy, modify, and distribute this software for any
6
+ * purpose with or without fee is hereby granted, provided that the above
7
+ * copyright notice and this permission notice appear in all copies.
8
+ *
9
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
+ */
17
+/*
18
+ * tls hooks for modules
19
+ *
20
+ * History:
21
+ * --------
22
+ *  2007-02-09  created by andrei
23
+ */
24
+
25
+#include "tls_hooks.h"
26
+#include "tls_hooks_init.h"
27
+#include "globals.h"
28
+
29
+#ifdef TLS_HOOKS
30
+
31
+struct tls_hooks tls_hook= {0, 0, 0, 0, 0 ,0 ,0 ,0 ,0 };
32
+
33
+static int tls_hooks_loaded=0;
34
+
35
+int register_tls_hooks(struct tls_hooks* h)
36
+{
37
+	if (!tls_disable){
38
+		tls_hook=*h;
39
+		tls_hooks_loaded++;
40
+		return 0;
41
+	}
42
+	return -1;
43
+}
44
+
45
+
46
+int tls_init(struct socket_info* si)
47
+{
48
+	if (tls_hook.init_si)
49
+		return tls_hook.init_si(si);
50
+		return -1;
51
+}
52
+
53
+int tls_has_init_si()
54
+{
55
+	return (tls_hook.init_si!=0);
56
+}
57
+
58
+int init_tls()
59
+{
60
+	if (tls_hook.init)
61
+		return tls_hook.init();
62
+	return 0;
63
+}
64
+
65
+void destroy_tls()
66
+{
67
+	if (tls_hook.destroy)
68
+		tls_hook.destroy();
69
+}
70
+
71
+int tls_loaded()
72
+{
73
+	return tls_hooks_loaded;
74
+}
75
+
76
+#endif /* TLS_HOOKS */
0 77
new file mode 100644
... ...
@@ -0,0 +1,100 @@
0
+/*
1
+ * $Id$
2
+ *
3
+ * Copyright (C) 2007 iptelorg GmbH 
4
+ *
5
+ * Permission to use, copy, modify, and distribute this software for any
6
+ * purpose with or without fee is hereby granted, provided that the above
7
+ * copyright notice and this permission notice appear in all copies.
8
+ *
9
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
+ */
17
+/*
18
+ * tls hooks for modules
19
+ *
20
+ * History:
21
+ * --------
22
+ *  2007-02-09  created by andrei
23
+ */
24
+
25
+#ifndef _tls_hooks_h
26
+#define _tls_hooks_h
27
+
28
+#ifdef TLS_HOOKS
29
+
30
+#ifndef USE_TLS
31
+#error "USE_TLS required and not defined (please compile with make \
32
+	TLS_HOOKS=1)"
33
+#endif
34
+
35
+#ifdef CORE_TLS
36
+#error "Conflict: CORE_TLS and TLS_HOOKS cannot be defined in the same time"
37
+#endif
38
+
39
+#include "tcp_conn.h"
40
+
41
+
42
+
43
+struct tls_hooks{
44
+	int  (*read)(struct tcp_connection* c);
45
+	int (*blocking_write)(struct tcp_connection* c, int fd, const char* buf,
46
+							unsigned int len);
47
+	int  (*on_tcpconn_init)(struct tcp_connection *c, int sock);
48
+	void (*tcpconn_clean)(struct tcp_connection* c);
49
+	void (*tcpconn_close)(struct tcp_connection*c , int fd);
50
+	/* checks if a tls connection is fully established before a read, and if 
51
+	 * not it runs tls_accept() or tls_connect() as needed
52
+	 * (tls_accept and tls_connect are deferred to the "reader" process for
53
+	 *  performance reasons) */
54
+	int (*fix_read_con)(struct tcp_connection* c);
55
+	
56
+	/* per listening socket init, called on ser startup (after modules,
57
+	 *  process table, init() and udp socket initialization)*/
58
+	int (*init_si)(struct socket_info* si);
59
+	/* generic init function (called at ser init, after module initialization
60
+	 *  and process table creation)*/
61
+	int (*init)();
62
+	/* destroy function, called after the modules are destroyed, and 
63
+	 * after  destroy_tcp() */
64
+	void (*destroy)();
65
+};
66
+
67
+
68
+struct tls_hooks tls_hook;
69
+
70
+#ifdef __SUNPRO_C
71
+	#define tls_hook_call(name, ret_not_set, ...) \
72
+		((tls_hook.name)?(tls_hook.name(__VA_ARGS__)): (ret_not_set))
73
+	#define tls_hook_call_v(name, __VA_ARGS__) \
74
+		do{ \
75
+			if (tls_hook.name) tls_hook.name(__VA_ARGS__); \
76
+		}while(0)
77
+#else
78
+	#define tls_hook_call(name, ret_not_set, args...) \
79
+		((tls_hook.name)?(tls_hook.name(args)): (ret_not_set))
80
+	#define tls_hook_call_v(name, args...) \
81
+		do{ \
82
+			if (tls_hook.name) tls_hook.name(args); \
83
+		}while(0)
84
+#endif
85
+
86
+/* hooks */
87
+
88
+#define tls_tcpconn_init(c, s)	tls_hook_call(on_tcpconn_init, 0, (c), (s))
89
+#define tls_tcpconn_clean(c)	tls_hook_call_v(tcpconn_clean, (c))
90
+#define tls_blocking_write(c, fd, buf, len) \
91
+	tls_hook_call(blocking_write, -1, (c), (fd), (buf), (len))
92
+#define tls_close(conn, fd)		tls_hook_call_v(tcpconn_close, (conn), (fd))
93
+#define tls_read(c)				tls_hook_call(read, -1, (c))
94
+#define tls_fix_read_conn(c)	tls_hook_call(fix_read_con, -1, (c))
95
+
96
+int register_tls_hooks(struct tls_hooks* h);
97
+
98
+#endif /* TLS_HOOKS */
99
+#endif
0 100
new file mode 100644
... ...
@@ -0,0 +1,50 @@
0
+/*
1
+ * $Id$
2
+ *
3
+ * Copyright (C) 2007 iptelorg GmbH 
4
+ *
5
+ * Permission to use, copy, modify, and distribute this software for any
6
+ * purpose with or without fee is hereby granted, provided that the above
7
+ * copyright notice and this permission notice appear in all copies.
8
+ *
9
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
+ */
17
+/*
18
+ * tls hooks init
19
+ *
20
+ * History:
21
+ * --------
22
+ *  2007-02-09  created by andrei
23
+ */
24
+
25
+#ifndef _tls_hooks_init_h
26
+#define _tls_hooks_init_h
27
+
28
+#ifdef TLS_HOOKS
29
+
30
+#include "ip_addr.h" /* socket_info */
31
+
32
+#ifndef USE_TLS
33
+#error "USE_TLS required and not defined (please compile with make \
34
+	TLS_HOOKS=1)"
35
+#endif
36
+
37
+#ifdef CORE_TLS
38
+#error "Conflict: CORE_TLS and TLS_HOOKS cannot be defined in the same time"
39
+#endif
40
+
41
+
42
+int tls_loaded();
43
+int tls_has_init_si(); /*returns true if a handle for tls_init is registered*/
44
+int tls_init(struct socket_info* si);
45
+int init_tls();
46
+void destroy_tls();
47
+
48
+#endif /* TLS_HOOKS */
49
+#endif
... ...
@@ -57,6 +57,18 @@
57 57
 #define USE_TLS_STR ""
58 58
 #endif
59 59
 
60
+#ifdef CORE_TLS
61
+#define CORE_TLS_STR ", CORE_TLS"
62
+#else 
63
+#define CORE_TLS_STR ""
64
+#endif
65
+
66
+#ifdef TLS_HOOKS
67
+#define TLS_HOOKS_STR ", TLS_HOOKS"
68
+#else 
69
+#define TLS_HOOKS_STR ""
70
+#endif
71
+
60 72
 
61 73
 #ifdef DISABLE_NAGLE
62 74
 #define DISABLE_NAGLE_STR ", DISABLE_NAGLE"
... ...
@@ -231,6 +243,7 @@
231 231
 
232 232
 #define SER_COMPILE_FLAGS \
233 233
 	STATS_STR EXTRA_DEBUG_STR USE_IPV6_STR USE_TCP_STR USE_TLS_STR \
234
+	CORE_TLS_STR TLS_HOOKS_STR \
234 235
 	USE_STUN_STR DISABLE_NAGLE_STR USE_MCAST_STR NO_DEBUG_STR NO_LOG_STR \
235 236
 	NO_SIG_DEBUG_STR DNS_IP_HACK_STR  SHM_MEM_STR SHM_MMAP_STR PKG_MALLOC_STR \
236 237
 	VQ_MALLOC_STR F_MALLOC_STR USE_SHM_MEM_STR DBG_QM_MALLOC_STR \