Browse code

- tls hooks support: special tls hooks added in core that allow a module or core part to provide a tls implementation. Support for the old in-core tls compile options is preserved (but one can compile with either tls hooks support or tls-in-core support, not with both in the same time). Changes were kept to a minimum. - Makefiles: make TLS=1 deprecated, use instead make TLS_HOOKS=1 or make CORE_TLS=1 (if in-core tls support is needed). Added TLS_EXTRA_LIBS (e.g. make CORE_TLS=1 TLS_EXTRA_LIBS="-lz -lkrb5").

Andrei Pelinescu-Onciul authored on 10/02/2007 18:52:48
Showing 12 changed files
... ...
@@ -232,7 +232,7 @@ tar_name=$(NAME)-$(RELEASE)_src
232 232
 
233 233
 tar_extra_args+=$(addprefix --exclude=$(notdir $(CURDIR))/, \
234 234
 					$(auto_gen) $(auto_gen_others))
235
-ifneq ($(TLS),)
235
+ifeq ($(CORE_TLS), 1)
236 236
 	tar_extra_args+=
237 237
 else
238 238
 	tar_extra_args+=--exclude=$(notdir $(CURDIR))/tls* 
... ...
@@ -242,6 +242,12 @@ ifneq ($(nodeb),)
242 242
 	tar_extra_args+=--exclude=$(notdir $(CURDIR))/debian 
243 243
 	tar_name:=$(tar_name)_nodeb
244 244
 endif
245
+
246
+# sanity checks
247
+ifneq ($(TLS),)
248
+	$(warning "make TLS option is obsoleted, try TLS_HOOKS or CORE_TLS")
249
+endif
250
+
245 251
 # include the common rules
246 252
 include Makefile.rules
247 253
 
... ...
@@ -51,6 +51,8 @@
51 51
 #  2006-03-31  armv6 & mips64 support added
52 52
 #              mips and arm set to NOSMP by default (andrei)
53 53
 #  2006-07-10  added -DPROFILING (hscholz)
54
+#  2007-02-09  added TLS_HOOKS and CORE_TLS support, obsoleted TLS=1
55
+#              added TLS_EXTRA_LIBS (andrei)
54 56
 
55 57
 
56 58
 # check if already included/exported
... ...
@@ -67,7 +69,7 @@ MAIN_NAME=ser
67 69
 VERSION = 0
68 70
 PATCHLEVEL = 10
69 71
 SUBLEVEL =   99
70
-EXTRAVERSION = -dev66
72
+EXTRAVERSION = -dev67
71 73
 
72 74
 SER_VER = $(shell expr $(VERSION) \* 1000000 + $(PATCHLEVEL) \* 1000 + \
73 75
 			$(SUBLEVEL) )
... ...
@@ -102,10 +104,16 @@ OSREL_N= $(shell echo $(OSREL) | sed -e 's/^[^0-9]*//' \
102 104
 		[ -n "$$C" ] && R=`expr $$R \* 1000 + $$C`; echo $$R ) )
103 105
 
104 106
 # TLS support
105
-TLS ?= 
106
-ifneq ($(TLS),)
107
+CORE_TLS ?= 
108
+TLS_HOOKS ?= 
109
+ifeq ($(CORE_TLS), 1)
107 110
 	RELEASE:=$(RELEASE)-tls
111
+	TLS_HOOKS:=0
108 112
 endif
113
+ifeq ($(TLS_HOOKS), 1)
114
+	RELEASE:=$(RELEASE)-tls
115
+endif
116
+
109 117
 # extra CC command line options (e.g  -march=athlon-mp)
110 118
 CC_EXTRA_OPTS ?=
111 119
 
... ...
@@ -327,8 +335,21 @@ endif
327 335
 # -DDISABLE_NAGLE
328 336
 #		disable the tcp Nagle algorithm (lower delay)
329 337
 # -DUSE_TLS
330
-#		compiles in tls support, requires -DUSE_TCP. Please use
331
-#		make TLS=1 instead. (tls support is highly experimental for now)
338
+#		compiles in tls support, requires -DUSE_TCP. Note: this is only 
339
+#		generic support (parsing a.s.o.), it does not include the actual
340
+#		"tls engine". If you really want tls you need also either
341
+#		-DCORE_TLS and a tls/ subdir with the tls code or -DTLS_HOOKS and
342
+#		the tls module loaded.
343
+# -DCORE_TLS
344
+#		compiles tls in-core support. Requires -DUSE_TLS, conflicts 
345
+#		-DTLS_HOOKS. Please use make CORE_TLS=1 instead  (it will set all the
346
+#		needed defines automatically and extra libraries needed for linking).
347
+# -DTLS_HOOKS
348
+#		compile tls module support (support for having the "tls engine" in a
349
+#		module). Requires -DUSE_TLS, conflicts -DCORE_TLS.
350
+#		Please use make TLS_HOOKS=1 (or TLS_HOOKS=0 to for disabling) instead
351
+#		of setting -DTLS_HOOKS (it will set all the needed defines 
352
+#		automatically)
332 353
 # -DHAVE_RESOLV_RES
333 354
 #		support for changing some of the resolver parameters present
334 355
 #		 (_res structure in <resolv.h>)
... ...
@@ -395,8 +416,11 @@ DEFS+= $(extra_defs) \
395 416
 # use make mode=debug all instead. Anyway no by default ser is  compiled w/ 
396 417
 # debugging symbols in all cases (-g). --andrei
397 418
 
398
-ifneq ($(TLS),)
399
-	DEFS+= -DUSE_TLS
419
+ifeq ($(CORE_TLS), 1)
420
+	DEFS+= -DUSE_TLS -DCORE_TLS
421
+endif
422
+ifeq ($(TLS_HOOKS), 1)
423
+	DEFS+= -DUSE_TLS -DTLS_HOOKS
400 424
 endif
401 425
 
402 426
 ifneq ($(STUN),)
... ...
@@ -1405,9 +1429,13 @@ ifneq (,$(findstring CYGWIN, $(OS)))
1405 1429
 endif
1406 1430
 
1407 1431
 #add libssl if needed
1408
-ifneq ($(TLS),)
1432
+ifeq ($(CORE_TLS), 1)
1409 1433
 DEFS+= -I$(LOCALBASE)/ssl/include
1410
-LIBS+= -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib -lssl  -lcrypto
1434
+LIBS+= -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib -lssl -lcrypto \
1435
+		$(TLS_EXTRA_LIBS)
1436
+# NOTE: depending on the way in which libssl was compiled you might
1437
+#       have to add -lz -lkrb5   (zlib and kerberos5).
1438
+#       E.g.: make CORE_TLS=1 EXTRA_TLS_LIBS="-lz -lkrb5"
1411 1439
 endif
1412 1440
 
1413 1441
 ifneq ($(STUN),)
... ...
@@ -14,7 +14,7 @@
14 14
 sources=$(filter-out $(auto_gen), $(wildcard *.c) $(wildcard mem/*.c) \
15 15
 		$(wildcard parser/*.c) $(wildcard parser/digest/*.c) \
16 16
 		$(wildcard parser/contact/*.c) $(wildcard db/*.c) ) $(auto_gen)
17
-ifneq ($(TLS),)
17
+ifeq ($(CORE_TLS), 1)
18 18
 	sources+= $(wildcard tls/*.c)
19 19
 endif
20 20
 objs=$(sources:.c=.o)
... ...
@@ -272,7 +272,8 @@ TCP_CONNECT_TIMEOUT	"tcp_connect_timeout"
272 272
 TCP_CON_LIFETIME	"tcp_connection_lifetime"
273 273
 TCP_POLL_METHOD		"tcp_poll_method"
274 274
 TCP_MAX_CONNECTIONS	"tcp_max_connections"
275
-DISABLE_TLS		"disable_tls"
275
+DISABLE_TLS		"disable_tls"|"tls_disable"
276
+ENABLE_TLS		"enable_tls"|"tls_enable"
276 277
 TLSLOG			"tlslog"|"tls_log"
277 278
 TLS_PORT_NO		"tls_port_no"
278 279
 TLS_METHOD		"tls_method"
... ...
@@ -501,6 +502,7 @@ EAT_ABLE	[\ \t\b\r]
501 502
 <INITIAL>{TCP_MAX_CONNECTIONS}	{ count(); yylval.strval=yytext;
502 503
 									return TCP_MAX_CONNECTIONS; }
503 504
 <INITIAL>{DISABLE_TLS}	{ count(); yylval.strval=yytext; return DISABLE_TLS; }
505
+<INITIAL>{ENABLE_TLS}	{ count(); yylval.strval=yytext; return ENABLE_TLS; }
504 506
 <INITIAL>{TLSLOG}		{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
505 507
 <INITIAL>{TLS_PORT_NO}	{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
506 508
 <INITIAL>{TLS_METHOD}	{ count(); yylval.strval=yytext; return TLS_METHOD; }
... ...
@@ -76,6 +76,8 @@
76 76
  *              options (andrei)
77 77
  * 2006-10-13  added STUN_ALLOW_STUN, STUN_ALLOW_FP, STUN_REFRESH_INTERVAL
78 78
  *              (vlada)
79
+ * 2007-02-09  separated command needed for tls-in-core and for tls in general
80
+ *              (andrei)
79 81
  */
80 82
 
81 83
 %{
... ...
@@ -104,7 +106,7 @@
104 106
 #include "flags.h"
105 107
 
106 108
 #include "config.h"
107
-#ifdef USE_TLS
109
+#ifdef CORE_TLS
108 110
 #include "tls/tls_config.h"
109 111
 #endif
110 112
 
... ...
@@ -305,6 +307,7 @@ static struct socket_id* mk_listen_id(char*, int, int);
305 307
 %token TCP_POLL_METHOD
306 308
 %token TCP_MAX_CONNECTIONS
307 309
 %token DISABLE_TLS
310
+%token ENABLE_TLS
308 311
 %token TLSLOG
309 312
 %token TLS_PORT_NO
310 313
 %token TLS_METHOD
... ...
@@ -713,13 +716,21 @@ assign_stm:
713 716
 		#endif
714 717
 	}
715 718
 	| DISABLE_TLS EQUAL error { yyerror("boolean value expected"); }
716
-	| TLSLOG EQUAL NUMBER {
719
+	| ENABLE_TLS EQUAL NUMBER {
717 720
 		#ifdef USE_TLS
718
-			tls_log=$3;
721
+			tls_disable=!($3);
719 722
 		#else
720 723
 			warn("tls support not compiled in");
721 724
 		#endif
722 725
 	}
726
+	| ENABLE_TLS EQUAL error { yyerror("boolean value expected"); }
727
+	| TLSLOG EQUAL NUMBER {
728
+		#ifdef CORE_TLS
729
+			tls_log=$3;
730
+		#else
731
+			warn("tls-in-core support not compiled in");
732
+		#endif
733
+	}
723 734
 	| TLSLOG EQUAL error { yyerror("int value expected"); }
724 735
 	| TLS_PORT_NO EQUAL NUMBER {
725 736
 		#ifdef USE_TLS
... ...
@@ -730,93 +741,93 @@ assign_stm:
730 741
 	}
731 742
 	| TLS_PORT_NO EQUAL error { yyerror("number expected"); }
732 743
 	| TLS_METHOD EQUAL SSLv23 {
733
-		#ifdef USE_TLS
744
+		#ifdef CORE_TLS
734 745
 			tls_method=TLS_USE_SSLv23;
735 746
 		#else
736
-			warn("tls support not compiled in");
747
+			warn("tls-in-core support not compiled in");
737 748
 		#endif
738 749
 	}
739 750
 	| TLS_METHOD EQUAL SSLv2 {
740
-		#ifdef USE_TLS
751
+		#ifdef CORE_TLS
741 752
 			tls_method=TLS_USE_SSLv2;
742 753
 		#else
743
-			warn("tls support not compiled in");
754
+			warn("tls-in-core support not compiled in");
744 755
 		#endif
745 756
 	}
746 757
 	| TLS_METHOD EQUAL SSLv3 {
747
-		#ifdef USE_TLS
758
+		#ifdef CORE_TLS
748 759
 			tls_method=TLS_USE_SSLv3;
749 760
 		#else
750
-			warn("tls support not compiled in");
761
+			warn("tls-in-core support not compiled in");
751 762
 		#endif
752 763
 	}
753 764
 	| TLS_METHOD EQUAL TLSv1 {
754
-		#ifdef USE_TLS
765
+		#ifdef CORE_TLS
755 766
 			tls_method=TLS_USE_TLSv1;
756 767
 		#else
757
-			warn("tls support not compiled in");
768
+			warn("tls-in-core support not compiled in");
758 769
 		#endif
759 770
 	}
760 771
 	| TLS_METHOD EQUAL error {
761
-		#ifdef USE_TLS
772
+		#ifdef CORE_TLS
762 773
 			yyerror("SSLv23, SSLv2, SSLv3 or TLSv1 expected");
763 774
 		#else
764
-			warn("tls support not compiled in");
775
+			warn("tls-in-core support not compiled in");
765 776
 		#endif
766 777
 	}
767 778
 	| TLS_VERIFY EQUAL NUMBER {
768
-		#ifdef USE_TLS
779
+		#ifdef CORE_TLS
769 780
 			tls_verify_cert=$3;
770 781
 		#else
771
-			warn("tls support not compiled in");
782
+			warn("tls-in-core support not compiled in");
772 783
 		#endif
773 784
 	}
774 785
 	| TLS_VERIFY EQUAL error { yyerror("boolean value expected"); }
775 786
 	| TLS_REQUIRE_CERTIFICATE EQUAL NUMBER {
776
-		#ifdef USE_TLS
787
+		#ifdef CORE_TLS
777 788
 			tls_require_cert=$3;
778 789
 		#else
779
-			warn( "tls support not compiled in");
790
+			warn( "tls-in-core support not compiled in");
780 791
 		#endif
781 792
 	}
782 793
 	| TLS_REQUIRE_CERTIFICATE EQUAL error { yyerror("boolean value expected"); }
783 794
 	| TLS_CERTIFICATE EQUAL STRING {
784
-		#ifdef USE_TLS
795
+		#ifdef CORE_TLS
785 796
 			tls_cert_file=$3;
786 797
 		#else
787
-			warn("tls support not compiled in");
798
+			warn("tls-in-core support not compiled in");
788 799
 		#endif
789 800
 	}
790 801
 	| TLS_CERTIFICATE EQUAL error { yyerror("string value expected"); }
791 802
 	| TLS_PRIVATE_KEY EQUAL STRING {
792
-		#ifdef USE_TLS
803
+		#ifdef CORE_TLS
793 804
 			tls_pkey_file=$3;
794 805
 		#else
795
-			warn("tls support not compiled in");
806
+			warn("tls-in-core support not compiled in");
796 807
 		#endif
797 808
 	}
798 809
 	| TLS_PRIVATE_KEY EQUAL error { yyerror("string value expected"); }
799 810
 	| TLS_CA_LIST EQUAL STRING {
800
-		#ifdef USE_TLS
811
+		#ifdef CORE_TLS
801 812
 			tls_ca_file=$3;
802 813
 		#else
803
-			warn("tls support not compiled in");
814
+			warn("tls-in-core support not compiled in");
804 815
 		#endif
805 816
 	}
806 817
 	| TLS_CA_LIST EQUAL error { yyerror("string value expected"); }
807 818
 	| TLS_HANDSHAKE_TIMEOUT EQUAL NUMBER {
808
-		#ifdef USE_TLS
819
+		#ifdef CORE_TLS
809 820
 			tls_handshake_timeout=$3;
810 821
 		#else
811
-			warn("tls support not compiled in");
822
+			warn("tls-in-core support not compiled in");
812 823
 		#endif
813 824
 	}
814 825
 	| TLS_HANDSHAKE_TIMEOUT EQUAL error { yyerror("number expected"); }
815 826
 	| TLS_SEND_TIMEOUT EQUAL NUMBER {
816
-		#ifdef USE_TLS
827
+		#ifdef CORE_TLS
817 828
 			tls_send_timeout=$3;
818 829
 		#else
819
-			warn("tls support not compiled in");
830
+			warn("tls-in-core support not compiled in");
820 831
 		#endif
821 832
 	}
822 833
 	| TLS_SEND_TIMEOUT EQUAL error { yyerror("number expected"); }
... ...
@@ -69,7 +69,9 @@
69 69
  *              init_childs(PROC_MAIN) before starting tcp_main, to allow
70 70
  *               tcp usage for module started processes (andrei)
71 71
  * 2007-01-18  children shutdown procedure moved into shutdown_children;
72
-*               safer shutdown on start-up error (andrei)
72
+ *               safer shutdown on start-up error (andrei)
73
+ * 2007-02-09  TLS support split into tls-in-core (CORE_TLS) and generic TLS 
74
+ *             (USE_TLS)  (andrei)
73 75
  */
74 76
 
75 77
 
... ...
@@ -131,10 +133,14 @@
131 133
 #ifdef USE_TCP
132 134
 #include "poll_types.h"
133 135
 #include "tcp_init.h"
134
-#ifdef USE_TLS
136
+#ifdef CORE_TLS
135 137
 #include "tls/tls_init.h"
136
-#endif
137
-#endif
138
+#define tls_has_init_si() 1
139
+#define tls_loaded() 1
140
+#else
141
+#include "tls_hooks_init.h"
142
+#endif /* CORE_TLS */
143
+#endif /* USE_TCP */
138 144
 #include "usr_avp.h"
139 145
 #include "core_cmd.h"
140 146
 #include "flags.h"
... ...
@@ -260,8 +266,12 @@ int tcp_children_no = 0;
260 266
 int tcp_disable = 0; /* 1 if tcp is disabled */
261 267
 #endif
262 268
 #ifdef USE_TLS
263
-int tls_disable = 0; /* 1 if tls is disabled */
264
-#endif
269
+#ifdef	CORE_TLS
270
+int tls_disable = 0;  /* tls enabled by default */
271
+#else
272
+int tls_disable = 1;  /* tls disabled by default */
273
+#endif /* CORE_TLS */
274
+#endif /* USE_TLS */
265 275
 
266 276
 struct process_table *pt=0;		/*array with children pids, 0= main proc,
267 277
 									alloc'ed in shared mem if possible*/
... ...
@@ -959,7 +969,7 @@ int main_loop()
959 969
 			}
960 970
 		}
961 971
 #ifdef USE_TLS
962
-		if (!tls_disable){
972
+		if (!tls_disable && tls_has_init_si()){
963 973
 			for(si=tls_listen; si; si=si->next){
964 974
 				/* same as for tcp*/
965 975
 				if (tls_init(si)==-1)  goto error;
... ...
@@ -1553,6 +1563,12 @@ try_again:
1553 1563
 #ifdef USE_TCP
1554 1564
 #ifdef USE_TLS
1555 1565
 	if (!tls_disable){
1566
+		if (!tls_loaded()){
1567
+			LOG(L_WARN, "WARNING: tls support enabled, but no tls engine "
1568
+						" available (forgot to load the tls module?)\n");
1569
+			LOG(L_WARN, "WARNING: disabling tls...\n");
1570
+			tls_disable=1;
1571
+		}
1556 1572
 		/* init tls*/
1557 1573
 		if (init_tls()<0){
1558 1574
 			LOG(L_CRIT, "could not initialize tls, exiting...\n");
... ...
@@ -120,9 +120,14 @@
120 120
 #include "tcp_init.h"
121 121
 #include "tsend.h"
122 122
 #include "timer_ticks.h"
123
-#ifdef USE_TLS
123
+#ifdef CORE_TLS
124 124
 #include "tls/tls_server.h"
125
-#endif 
125
+#define tls_loaded() 1
126
+#else
127
+#include "tls_hooks_init.h"
128
+#include "tls_hooks.h"
129
+#endif
130
+
126 131
 #include "tcp_info.h"
127 132
 
128 133
 #define local_malloc pkg_malloc
... ...
@@ -1676,7 +1681,7 @@ void tcp_main_loop()
1676 1681
 		}
1677 1682
 	}
1678 1683
 #ifdef USE_TLS
1679
-	if (!tls_disable){
1684
+	if (!tls_disable && tls_loaded()){
1680 1685
 		for (si=tls_listen; si; si=si->next){
1681 1686
 			if ((si->proto==PROTO_TLS) && (si->socket!=-1)){
1682 1687
 				if (io_watch_add(&io_h, si->socket, F_SOCKINFO, si)<0){
... ...
@@ -61,8 +61,10 @@
61 61
 #include "receive.h"
62 62
 #include "timer.h"
63 63
 #include "ut.h"
64
-#ifdef USE_TLS
64
+#ifdef CORE_TLS
65 65
 #include "tls/tls_server.h"
66
+#else
67
+#include "tls_hooks.h"
66 68
 #endif
67 69
 
68 70
 #define HANDLE_IO_INLINE
69 71
new file mode 100644
... ...
@@ -0,0 +1,77 @@
1
+/*
2
+ * $Id$
3
+ *
4
+ * Copyright (C) 2007 iptelorg GmbH 
5
+ *
6
+ * Permission to use, copy, modify, and distribute this software for any
7
+ * purpose with or without fee is hereby granted, provided that the above
8
+ * copyright notice and this permission notice appear in all copies.
9
+ *
10
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
+ */
18
+/*
19
+ * tls hooks for modules
20
+ *
21
+ * History:
22
+ * --------
23
+ *  2007-02-09  created by andrei
24
+ */
25
+
26
+#include "tls_hooks.h"
27
+#include "tls_hooks_init.h"
28
+#include "globals.h"
29
+
30
+#ifdef TLS_HOOKS
31
+
32
+struct tls_hooks tls_hook= {0, 0, 0, 0, 0 ,0 ,0 ,0 ,0 };
33
+
34
+static int tls_hooks_loaded=0;
35
+
36
+int register_tls_hooks(struct tls_hooks* h)
37
+{
38
+	if (!tls_disable){
39
+		tls_hook=*h;
40
+		tls_hooks_loaded++;
41
+		return 0;
42
+	}
43
+	return -1;
44
+}
45
+
46
+
47
+int tls_init(struct socket_info* si)
48
+{
49
+	if (tls_hook.init_si)
50
+		return tls_hook.init_si(si);
51
+		return -1;
52
+}
53
+
54
+int tls_has_init_si()
55
+{
56
+	return (tls_hook.init_si!=0);
57
+}
58
+
59
+int init_tls()
60
+{
61
+	if (tls_hook.init)
62
+		return tls_hook.init();
63
+	return 0;
64
+}
65
+
66
+void destroy_tls()
67
+{
68
+	if (tls_hook.destroy)
69
+		tls_hook.destroy();
70
+}
71
+
72
+int tls_loaded()
73
+{
74
+	return tls_hooks_loaded;
75
+}
76
+
77
+#endif /* TLS_HOOKS */
0 78
new file mode 100644
... ...
@@ -0,0 +1,100 @@
1
+/*
2
+ * $Id$
3
+ *
4
+ * Copyright (C) 2007 iptelorg GmbH 
5
+ *
6
+ * Permission to use, copy, modify, and distribute this software for any
7
+ * purpose with or without fee is hereby granted, provided that the above
8
+ * copyright notice and this permission notice appear in all copies.
9
+ *
10
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
+ */
18
+/*
19
+ * tls hooks for modules
20
+ *
21
+ * History:
22
+ * --------
23
+ *  2007-02-09  created by andrei
24
+ */
25
+
26
+#ifndef _tls_hooks_h
27
+#define _tls_hooks_h
28
+
29
+#ifdef TLS_HOOKS
30
+
31
+#ifndef USE_TLS
32
+#error "USE_TLS required and not defined (please compile with make \
33
+	TLS_HOOKS=1)"
34
+#endif
35
+
36
+#ifdef CORE_TLS
37
+#error "Conflict: CORE_TLS and TLS_HOOKS cannot be defined in the same time"
38
+#endif
39
+
40
+#include "tcp_conn.h"
41
+
42
+
43
+
44
+struct tls_hooks{
45
+	int  (*read)(struct tcp_connection* c);
46
+	int (*blocking_write)(struct tcp_connection* c, int fd, const char* buf,
47
+							unsigned int len);
48
+	int  (*on_tcpconn_init)(struct tcp_connection *c, int sock);
49
+	void (*tcpconn_clean)(struct tcp_connection* c);
50
+	void (*tcpconn_close)(struct tcp_connection*c , int fd);
51
+	/* checks if a tls connection is fully established before a read, and if 
52
+	 * not it runs tls_accept() or tls_connect() as needed
53
+	 * (tls_accept and tls_connect are deferred to the "reader" process for
54
+	 *  performance reasons) */
55
+	int (*fix_read_con)(struct tcp_connection* c);
56
+	
57
+	/* per listening socket init, called on ser startup (after modules,
58
+	 *  process table, init() and udp socket initialization)*/
59
+	int (*init_si)(struct socket_info* si);
60
+	/* generic init function (called at ser init, after module initialization
61
+	 *  and process table creation)*/
62
+	int (*init)();
63
+	/* destroy function, called after the modules are destroyed, and 
64
+	 * after  destroy_tcp() */
65
+	void (*destroy)();
66
+};
67
+
68
+
69
+struct tls_hooks tls_hook;
70
+
71
+#ifdef __SUNPRO_C
72
+	#define tls_hook_call(name, ret_not_set, ...) \
73
+		((tls_hook.name)?(tls_hook.name(__VA_ARGS__)): (ret_not_set))
74
+	#define tls_hook_call_v(name, __VA_ARGS__) \
75
+		do{ \
76
+			if (tls_hook.name) tls_hook.name(__VA_ARGS__); \
77
+		}while(0)
78
+#else
79
+	#define tls_hook_call(name, ret_not_set, args...) \
80
+		((tls_hook.name)?(tls_hook.name(args)): (ret_not_set))
81
+	#define tls_hook_call_v(name, args...) \
82
+		do{ \
83
+			if (tls_hook.name) tls_hook.name(args); \
84
+		}while(0)
85
+#endif
86
+
87
+/* hooks */
88
+
89
+#define tls_tcpconn_init(c, s)	tls_hook_call(on_tcpconn_init, 0, (c), (s))
90
+#define tls_tcpconn_clean(c)	tls_hook_call_v(tcpconn_clean, (c))
91
+#define tls_blocking_write(c, fd, buf, len) \
92
+	tls_hook_call(blocking_write, -1, (c), (fd), (buf), (len))
93
+#define tls_close(conn, fd)		tls_hook_call_v(tcpconn_close, (conn), (fd))
94
+#define tls_read(c)				tls_hook_call(read, -1, (c))
95
+#define tls_fix_read_conn(c)	tls_hook_call(fix_read_con, -1, (c))
96
+
97
+int register_tls_hooks(struct tls_hooks* h);
98
+
99
+#endif /* TLS_HOOKS */
100
+#endif
0 101
new file mode 100644
... ...
@@ -0,0 +1,50 @@
1
+/*
2
+ * $Id$
3
+ *
4
+ * Copyright (C) 2007 iptelorg GmbH 
5
+ *
6
+ * Permission to use, copy, modify, and distribute this software for any
7
+ * purpose with or without fee is hereby granted, provided that the above
8
+ * copyright notice and this permission notice appear in all copies.
9
+ *
10
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
+ */
18
+/*
19
+ * tls hooks init
20
+ *
21
+ * History:
22
+ * --------
23
+ *  2007-02-09  created by andrei
24
+ */
25
+
26
+#ifndef _tls_hooks_init_h
27
+#define _tls_hooks_init_h
28
+
29
+#ifdef TLS_HOOKS
30
+
31
+#include "ip_addr.h" /* socket_info */
32
+
33
+#ifndef USE_TLS
34
+#error "USE_TLS required and not defined (please compile with make \
35
+	TLS_HOOKS=1)"
36
+#endif
37
+
38
+#ifdef CORE_TLS
39
+#error "Conflict: CORE_TLS and TLS_HOOKS cannot be defined in the same time"
40
+#endif
41
+
42
+
43
+int tls_loaded();
44
+int tls_has_init_si(); /*returns true if a handle for tls_init is registered*/
45
+int tls_init(struct socket_info* si);
46
+int init_tls();
47
+void destroy_tls();
48
+
49
+#endif /* TLS_HOOKS */
50
+#endif
... ...
@@ -57,6 +57,18 @@
57 57
 #define USE_TLS_STR ""
58 58
 #endif
59 59
 
60
+#ifdef CORE_TLS
61
+#define CORE_TLS_STR ", CORE_TLS"
62
+#else 
63
+#define CORE_TLS_STR ""
64
+#endif
65
+
66
+#ifdef TLS_HOOKS
67
+#define TLS_HOOKS_STR ", TLS_HOOKS"
68
+#else 
69
+#define TLS_HOOKS_STR ""
70
+#endif
71
+
60 72
 
61 73
 #ifdef DISABLE_NAGLE
62 74
 #define DISABLE_NAGLE_STR ", DISABLE_NAGLE"
... ...
@@ -231,6 +243,7 @@
231 243
 
232 244
 #define SER_COMPILE_FLAGS \
233 245
 	STATS_STR EXTRA_DEBUG_STR USE_IPV6_STR USE_TCP_STR USE_TLS_STR \
246
+	CORE_TLS_STR TLS_HOOKS_STR \
234 247
 	USE_STUN_STR DISABLE_NAGLE_STR USE_MCAST_STR NO_DEBUG_STR NO_LOG_STR \
235 248
 	NO_SIG_DEBUG_STR DNS_IP_HACK_STR  SHM_MEM_STR SHM_MMAP_STR PKG_MALLOC_STR \
236 249
 	VQ_MALLOC_STR F_MALLOC_STR USE_SHM_MEM_STR DBG_QM_MALLOC_STR \