diff --git a/confparser.c b/confparser.c index f88644b..092e191 100644 --- a/confparser.c +++ b/confparser.c @@ -8,8 +8,8 @@ #include "confparser.h" #include "enum_functions.h" -static int test_conf_perms(); -static int test_conf_syntax(); +static int test_conf_perms(void); +static int test_conf_syntax(void); struct conf_table conf = { 0, /* isvalid initial state */ @@ -39,7 +39,7 @@ struct conf_table conf = { }, { 0 /* nfs -> TODO */ - } + } }; const char* conf_db_pass(void) @@ -54,7 +54,7 @@ const char* conf_db_hostname(void) void confexport(void) { - printf( "db.type=%s\n" + printf("db.type=%s\n" "db.hostname=%s\n" "db.port=%s\n" "db.pass=%s\n" @@ -75,17 +75,17 @@ void confexport(void) "rmps.client_tls_key=%s\n" "rmps.client_poolsize=%d\n", conf.db.type, - conf.db.hostname, - conf.db.port, + conf.db.hostname, + conf.db.port, conf.db.pass, - conf.rmps.agent_ip, - conf.rmps.agent_port, - conf.rmps.client_ip, - conf.rmps.client_port, - conf.rmps.logfile, - conf.rmps.errlog, - conf.rmps.loglevel, - conf.rmps.pidfile, + conf.rmps.agent_ip, + conf.rmps.agent_port, + conf.rmps.client_ip, + conf.rmps.client_port, + conf.rmps.logfile, + conf.rmps.errlog, + conf.rmps.loglevel, + conf.rmps.pidfile, conf.rmps.agent_tls_crt, conf.rmps.agent_tls_key, conf.rmps.cafile, @@ -97,33 +97,34 @@ void confexport(void) ); } -static int fopen_and_mkdir(const char *dir) { +static int fopen_and_mkdir(const char *dir) +{ char tmp[256]; char *p = NULL; size_t len; FILE *fp; - snprintf(tmp, sizeof(tmp),"%s",dir); + snprintf(tmp, sizeof(tmp), "%s", dir); len = strlen(tmp); - if(tmp[len - 1] == '/') + if (tmp[len - 1] == '/') tmp[len - 1] = 0; for (p = tmp + 1; *p; p++) - if(*p == '/') { + if (*p == '/') { *p = 0; if (mkdir(tmp, S_IRWXU) == -1 && errno != EEXIST) { - log( ERROR, + log(ERROR, "Permission denied to create directory: %s", - tmp ); + tmp); return 1; } *p = '/'; - } - fp = fopen(dir, "a"); - if (!fp) { - log(ERROR, "Permission denied to write into: %s", dir); + } + fp = fopen(dir, "a"); + if (!fp) { + log(ERROR, "Permission denied to write into: %s", dir); return 1; } - fclose(fp); + fclose(fp); return 0; } @@ -146,8 +147,8 @@ static int test_conf_perms(void) log(ERROR, confresult); return 1; } - if ( !(S_IRUSR & s.st_mode) || - !(S_IXUSR & s.st_mode) ) { + if (!(S_IRUSR & s.st_mode) || + !(S_IXUSR & s.st_mode)) { enumtostr(confresult, CONF_DIR_PERM); log(ERROR, confresult); return 1; @@ -155,13 +156,11 @@ static int test_conf_perms(void) if (s.st_uid != 0) { enumtostr(confresult, CONF_DIR_UID_INSECURE); log(WARNING, confresult); - } - else if (s.st_gid != 0) { + } else if (s.st_gid != 0) { enumtostr(confresult, CONF_DIR_GID_INSECURE); log(WARNING, confresult); - } - else if ( (S_IROTH & s.st_mode) || - (S_IWOTH & s.st_mode) ) { + } else if ((S_IROTH & s.st_mode) || + (S_IWOTH & s.st_mode)) { enumtostr(confresult, CONF_DIR_PERM_INSECURE); log(WARNING, confresult); } @@ -189,16 +188,14 @@ static int test_conf_perms(void) if (s.st_uid != 0) { enumtostr(confresult, CONF_FILE_UID_INSECURE); log(WARNING, confresult); - } - else if (s.st_gid != 0) { + } else if (s.st_gid != 0) { enumtostr(confresult, CONF_FILE_GID_INSECURE); log(WARNING, confresult); - } - else if ( (S_IROTH & s.st_mode) || - (S_IWOTH & s.st_mode) ) { + } else if ((S_IROTH & s.st_mode) || + (S_IWOTH & s.st_mode)) { enumtostr(confresult, CONF_FILE_PERM_INSECURE); log(WARNING, confresult); - } + } } return 0; /* conf is readable */ } @@ -226,9 +223,9 @@ static int test_conf_syntax(void) if ((tmp = strstr(buf, "="))) *tmp = '\0'; else { - log( ERROR, - "Bad entry in /etc/rmps/rmps.conf, line %d: %s", - j, buf ); + log(ERROR, + "Bad entry in /etc/rmps/rmps.conf, line %d: %s", + j, buf); ok = 0; failed = 1; continue; @@ -238,9 +235,9 @@ static int test_conf_syntax(void) if (tmp[i] == '\n') tmp[i] = '\0'; if (tmp[strspn(tmp + 1, " \t\v\r\n") + 1] == '\0') { - log( ERROR, - "Specified entry without value, line %d: %s", - j, buf ); + log(ERROR, + "Specified entry without value, line %d: %s", + j, buf); failed = 1; continue; } @@ -278,28 +275,30 @@ static int test_conf_syntax(void) /* TODO */ } else if (!strcmp(buf, "rmps.agent_port")) { if ((i = strlen(tmp + 1)) < 6) { - if ((signed int)strspn(tmp + 1, "1234567890") == i) { - i = atoi(tmp + 1); - if (i > 0 && i < 65536) { - strcpy(conf.rmps.agent_port, tmp + 1); + if ((signed int)strspn(tmp + 1, "1234567890") == i) { + i = atoi(tmp + 1); + if (i > 0 && i < 65536) { + strcpy(conf.rmps.agent_port, + tmp + 1); continue; } - } - } + } + } ok = 0; failed = 1; } else if (!strcmp(buf, "rmps.client_ip")) { /* TODO */ } else if (!strcmp(buf, "rmps.client_port")) { if ((i = strlen(tmp + 1)) < 6) { - if ((signed int)strspn(tmp + 1, "1234567890") == i) { - i = atoi(tmp + 1); - if (i > 0 && i < 65536) { - strcpy(conf.rmps.client_port, tmp + 1); + if ((signed int)strspn(tmp + 1, "1234567890") == i) { + i = atoi(tmp + 1); + if (i > 0 && i < 65536) { + strcpy(conf.rmps.client_port, + tmp + 1); continue; } - } - } + } + } ok = 0; failed = 1; } else if (!strcmp(buf, "rmps.logfile")) { @@ -309,13 +308,15 @@ static int test_conf_syntax(void) } else if (!strcmp(buf, "rmps.errlog")) { strcpy(conf.rmps.errlog, tmp + 1); if (fopen_and_mkdir(conf.rmps.errlog) != 0) - failed = 1; + failed = 1; } else if (!strcmp(buf, "rmps.pidfile")) { strcpy(conf.rmps.pidfile, tmp + 1); /*if (fopen_and_mkdir(conf.rmps.pidfile) != 0) - failed = 1;*/ + * failed = 1; + */ } else if (!strcmp(buf, "rmps.loglevel")) { - if (strlen(tmp + 1) == 1 && (tmp[1] > '0' && tmp[1] < '5')) + if (strlen(tmp + 1) == 1 && + (tmp[1] > '0' && tmp[1] < '5')) conf.rmps.loglevel = tmp[1] - '0'; else failed = 1; @@ -323,21 +324,18 @@ static int test_conf_syntax(void) if (access(tmp + 1, F_OK) == -1) { log(ERROR, "%s is missing", tmp + 1); failed = 1; - } - else if (access(tmp + 1, R_OK) == -1) { + } else if (access(tmp + 1, R_OK) == -1) { log(ERROR, "%s is not readable", tmp + 1); failed = 1; } else strncpy(conf.rmps.agent_tls_crt, tmp + 1, sizeof(conf.rmps.agent_tls_crt)); - } - else if (!strcmp(buf, "rmps.agent_tls_key")) { + } else if (!strcmp(buf, "rmps.agent_tls_key")) { if (access(tmp + 1, F_OK) == -1) { log(ERROR, "%s is missing", tmp + 1); failed = 1; - } - else if (access(tmp + 1, R_OK) == -1) { + } else if (access(tmp + 1, R_OK) == -1) { log(ERROR, "%s is not readable", tmp + 1); failed = 1; } else @@ -345,23 +343,23 @@ static int test_conf_syntax(void) tmp + 1, sizeof(conf.rmps.agent_tls_key)); } else if (!strcmp(buf, "rmps.cipherlist")) { - strncpy(conf.rmps.cipherlist, tmp + 1, sizeof(conf.rmps.cipherlist)); + strncpy(conf.rmps.cipherlist, + tmp + 1, sizeof(conf.rmps.cipherlist)); } else if (!strcmp(buf, "rmps.cafile")) { if (access(tmp + 1, F_OK) == -1) { log(ERROR, "%s is missing", tmp + 1); failed = 1; - } - else if (access(tmp + 1, R_OK) == -1) { + } else if (access(tmp + 1, R_OK) == -1) { log(ERROR, "%s is not readable\n", tmp + 1); failed = 1; } else - strncpy(conf.rmps.cafile, tmp + 1, sizeof(conf.rmps.cafile)); + strncpy(conf.rmps.cafile, + tmp + 1, sizeof(conf.rmps.cafile)); } else if (!strcmp(buf, "rmps.client_tls_crt")) { if (access(tmp + 1, F_OK) == -1) { log(ERROR, "%s is missing", tmp + 1); failed = 1; - } - else if (access(tmp + 1, R_OK) == -1) { + } else if (access(tmp + 1, R_OK) == -1) { log(ERROR, "%s is not readable", tmp + 1); failed = 1; } else @@ -372,8 +370,7 @@ static int test_conf_syntax(void) if (access(tmp + 1, F_OK) == -1) { log(ERROR, "%s is missing", tmp + 1); failed = 1; - } - else if (access(tmp + 1, R_OK) == -1) { + } else if (access(tmp + 1, R_OK) == -1) { log(ERROR, "%s is not readable", tmp + 1); failed = 1; } else @@ -381,11 +378,12 @@ static int test_conf_syntax(void) tmp + 1, sizeof(conf.rmps.client_tls_key)); } else - log(ERROR, "Unknown config entry on line %d: %s", j, buf); + log(ERROR, "Unknown config entry on line %d: %s", + j, buf); if (!ok) { - log( ERROR, - "Invalid value for \"%s\", line %d: \"%s\"", - buf, j, tmp + 1 ); + log(ERROR, + "Invalid value for \"%s\", line %d: \"%s\"", + buf, j, tmp + 1); ok = !ok; } } @@ -404,7 +402,7 @@ int confparse(void) result = test_conf_perms(); if (result) return 1; /* Bad conf perms */ - + result = test_conf_syntax(); if (result != 0) return 1; /* Bad conf syntax */ diff --git a/confparser.h b/confparser.h index d670af0..b731727 100644 --- a/confparser.h +++ b/confparser.h @@ -21,7 +21,7 @@ struct conf_rmps { char client_port[6]; char logfile[MAXPATHSIZE]; char errlog[MAXPATHSIZE]; - LOG_LEVEL loglevel; + enum LOG_LEVEL loglevel; char pidfile[MAXPATHSIZE]; char agent_tls_crt[MAXPATHSIZE]; char agent_tls_key[MAXPATHSIZE]; diff --git a/log.c b/log.c index 0fe985f..a0d5d7e 100644 --- a/log.c +++ b/log.c @@ -35,8 +35,8 @@ static void set_fpts(void) fdout = stdout; } -void log(LOG_LEVEL lvl, char *fmt, ... ) -{ +void log(enum LOG_LEVEL lvl, char *fmt, ...) +{ char fmt_with_pfx[1024]; pthread_once(&init_once, set_fpts); @@ -45,31 +45,33 @@ void log(LOG_LEVEL lvl, char *fmt, ... ) if (lvl <= conf.rmps.loglevel) { va_list list; FILE *fp; - static const char *prefixes[] = { + + static const char * const prefixes[] = { "ERROR", "WARNING", "INFO", "VERBOSE" }; time_t t = time(NULL); struct tm tm; + localtime_r(&t, &tm); if (lvl == ERROR || lvl == WARNING) fp = fderr; else fp = fdout; - snprintf( fmt_with_pfx, - sizeof(fmt_with_pfx), - "[%d-%02d-%02d %02d:%02d:%02d] %s: %s\n", - tm.tm_year + 1900, - tm.tm_mon + 1, - tm.tm_mday, - tm.tm_hour, - tm.tm_min, - tm.tm_sec, - prefixes[lvl-1], - fmt ); + snprintf(fmt_with_pfx, + sizeof(fmt_with_pfx), + "[%d-%02d-%02d %02d:%02d:%02d] %s: %s\n", + tm.tm_year + 1900, + tm.tm_mon + 1, + tm.tm_mday, + tm.tm_hour, + tm.tm_min, + tm.tm_sec, + prefixes[lvl-1], + fmt); va_start(list, fmt); vfprintf(fp, fmt_with_pfx, list); - va_end(list); + va_end(list); } } diff --git a/log.h b/log.h index 9f0522d..ac29ec5 100644 --- a/log.h +++ b/log.h @@ -4,14 +4,15 @@ #undef log #define log log_trace -typedef enum { - ERROR = 1, /* Errors only */ +enum LOG_LEVEL { + ERROR = 1, /* Errors only */ WARNING, /* Errors & warnings */ INFO, /* Errors, warnings & events */ VERBOSE, /* Errors, warnings, events & more? */ -} LOG_LEVEL; +}; void log_ssl(void); -void log(LOG_LEVEL lvl, char *fmt, ... ); +void log(enum LOG_LEVEL lvl, char *fmt, ...); #endif /* LOG_TRACE_H */ + diff --git a/main.c b/main.c index 86d775f..da5132c 100644 --- a/main.c +++ b/main.c @@ -10,9 +10,8 @@ static void usage(char *argv) { - log( ERROR, - "Usage:\n%s start|stop|restart [--daemonize=yes|no]\n", - argv ); + log(ERROR, + "Usage:\n%s start|stop|restart [--daemonize=yes|no]\n", argv); } int main(int argc, char *argv[]) @@ -36,7 +35,8 @@ int main(int argc, char *argv[]) } if (argc == 3) { - if (!strcmp("--daemonize=yes", argv[2])); + if (!strcmp("--daemonize=yes", argv[2])) + fork_flag = 1; else if (!strcmp("--daemonize=no", argv[2])) fork_flag = 0; else { @@ -45,16 +45,17 @@ int main(int argc, char *argv[]) } } if (confparse() != 0) { - log(ERROR, "Failed to parse the conf!"); - exit(EXIT_FAILURE); + log(ERROR, "Failed to parse the conf!"); + exit(EXIT_FAILURE); } log(VERBOSE, "Conf parser finished successfully"); //confexport(); - + if (task == 2 || task == 3) { char buf[10]; int pid; FILE *fp; + if (task == 2) log(VERBOSE, "We got a stop signal!"); else if (task == 3) @@ -65,7 +66,8 @@ int main(int argc, char *argv[]) switch (errno) { case EEXIST: if (!fgets(buf, 10, fp)) { - log(ERROR, "Failed to read %s!", conf.rmps.pidfile); + log(ERROR, "Failed to read %s!", + conf.rmps.pidfile); exit(EXIT_FAILURE); } pid = strtol(buf, NULL, 10); @@ -80,16 +82,14 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); break; default: - log( ERROR, - "Unhandled errno while opening PID: %d. Exiting!", - errno - ); + log(ERROR, + "Failed to open PID file (errno: %d. Exiting!", + errno); exit(EXIT_FAILURE); } } - if (task == 1 || task == 3) { + if (task == 1 || task == 3) launch_rmps(&conf, fork_flag); - } - + return 0; } diff --git a/rmps.c b/rmps.c index 97d8cec..bb6ec41 100644 --- a/rmps.c +++ b/rmps.c @@ -23,7 +23,7 @@ static int open_listener(int port); static void cleanup(void); static void signal_handler(int sig); static void load_certificates(SSL_CTX *ctx, const char *certfile, - const char *keyfile, const char *cafile); + const char *keyfile, const char *cafile); static SSL_CTX* init_server_ctx(const char *cipherlist, int mode); static int pid_file_handle; @@ -32,9 +32,9 @@ static void cleanup(void) { log(VERBOSE, "Deleting pidfile %s", conf.rmps.pidfile); if (unlink(conf.rmps.pidfile) != 0) - log( WARNING, - "Failed to delete pidfile %s. Reason code: %d", - conf.rmps.pidfile, errno ); + log(WARNING, + "Failed to delete pidfile %s. Reason code: %d", + conf.rmps.pidfile, errno); } static void signal_handler(int sig) @@ -66,25 +66,25 @@ static void rmps_shutdown(void) static void set_env(void) { struct sigaction new_sigaction; - sigset_t new_sigset; - + sigset_t new_sigset; + /* Set signal mask - signals we want to block */ - sigemptyset(&new_sigset); - sigaddset(&new_sigset, SIGCHLD); /* ignore child - i.e. we don't need to wait for it */ - sigaddset(&new_sigset, SIGTSTP); /* ignore Tty stop signals */ - sigaddset(&new_sigset, SIGTTOU); /* ignore Tty background writes */ - sigaddset(&new_sigset, SIGTTIN); /* ignore Tty background reads */ - sigprocmask(SIG_BLOCK, &new_sigset, NULL); /* Block the above specified signals */ - - /* Set up a signal handler */ - new_sigaction.sa_handler = signal_handler; - sigemptyset(&new_sigaction.sa_mask); - new_sigaction.sa_flags = 0; - - /* Signals to handle */ - sigaction(SIGHUP, &new_sigaction, NULL); /* catch hangup signal */ - sigaction(SIGTERM, &new_sigaction, NULL); /* catch term signal */ - sigaction(SIGINT, &new_sigaction, NULL); /* catch interrupt signal */ + sigemptyset(&new_sigset); + sigaddset(&new_sigset, SIGCHLD); /* ignore child */ + sigaddset(&new_sigset, SIGTSTP); /* ignore Tty stop signals */ + sigaddset(&new_sigset, SIGTTOU); /* ignore Tty background writes */ + sigaddset(&new_sigset, SIGTTIN); /* ignore Tty background reads */ + sigprocmask(SIG_BLOCK, &new_sigset, NULL); /* Block above signals */ + + /* Set up a signal handler */ + new_sigaction.sa_handler = signal_handler; + sigemptyset(&new_sigaction.sa_mask); + new_sigaction.sa_flags = 0; + + /* Signals to handle */ + sigaction(SIGHUP, &new_sigaction, NULL); /* catch hangup signal */ + sigaction(SIGTERM, &new_sigaction, NULL); /* catch term signal */ + sigaction(SIGINT, &new_sigaction, NULL); /* catch interrupt signal */ signal(SIGPIPE, SIG_IGN); /* prevent crashing from bad writes */ } @@ -121,13 +121,13 @@ static void daemonize(const char *rundir) close(1); /* stdout */ close(2); /* stderr */ /* Route I/O connections */ - /* Open STDIN */ - i = open("/dev/null", O_RDWR); - /* STDOUT */ - dup(i); - /* STDERR */ - dup(i); - chdir(rundir); /* change running directory */ + /* Open STDIN */ + i = open("/dev/null", O_RDWR); + /* STDOUT */ + dup(i); + /* STDERR */ + dup(i); + chdir(rundir); /* change running directory */ } static void spawn_pidfile(const char *pidfile) @@ -140,14 +140,14 @@ static void spawn_pidfile(const char *pidfile) log(ERROR, "Could not create PID file %s - Exiting!", pidfile); exit(EXIT_FAILURE); } - + /* Try to lock file */ if (lockf(pid_file_handle, F_TLOCK, 0) == -1) { /* Couldn't get lock on lock file */ log(ERROR, "Could not lock PID file %s - Exiting!", pidfile); exit(EXIT_FAILURE); } - + /* Get and format PID */ sprintf(str, "%d\n", getpid()); /* write pid to lockfile */ @@ -157,37 +157,41 @@ static void spawn_pidfile(const char *pidfile) static inline int set_reuse_addr(int sockfd) { int yes = 1; + return setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, - &yes, sizeof(yes)); + &yes, sizeof(yes)); } static int open_listener(int port) -{ - int sd; - struct sockaddr_in addr; +{ + int sd; + struct sockaddr_in addr; - bzero(&addr, sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_port = htons(port); - addr.sin_addr.s_addr = INADDR_ANY; - sd = socket(addr.sin_family, SOCK_STREAM, 0); + bzero(&addr, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(port); + addr.sin_addr.s_addr = INADDR_ANY; + sd = socket(addr.sin_family, SOCK_STREAM, 0); if (sd < 0) { log(ERROR, "Failed to create socket"); goto exit; } if (set_reuse_addr(sd) < 0) { - log(ERROR, "Failed to set reuse on address - Aborting...", port); + log(ERROR, + "Failed to set reuse on address - Aborting...", port); goto exit; } - if (bind(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) { + if (bind(sd, (struct sockaddr *)&addr, sizeof(addr)) != 0) { log(ERROR, "Failed to bind on port: %d - Aborting...", port); goto exit; } - if (listen(sd, 10) != 0) { - log(ERROR, "Failed to start listener on port %d - Aborting...", port); + if (listen(sd, 10) != 0) { + log(ERROR, + "Failed to start listener on port %d - Aborting...", + port); goto exit; - } - return sd; + } + return sd; exit: log(INFO, "RMPS failed to start, shutting down..."); atexit(cleanup); @@ -198,20 +202,21 @@ static SSL_CTX* init_server_ctx(const char *cipherlist, int mode) { SSL_CTX *ctx; char ciphers[1024]; - + // OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */ // OpenSSL_add_all_ciphers(); /* load & register all cryptos, etc. */ SSL_load_error_strings(); /* load all error messages */ SSL_library_init(); - - ctx = SSL_CTX_new(TLSv1_2_method()); /* create new context from method */ + + /* create new context from method */ + ctx = SSL_CTX_new(TLSv1_2_method()); if (ctx == NULL) { log(ERROR, "SSL_CTX_new() returned NULL - Aborting..."); log(ERROR, "RMPS failed to start, shutting down..."); exit(EXIT_FAILURE); } SSL_CTX_set_verify(ctx, mode, NULL); - + ciphers[0] = 0; strcat(ciphers, "-ALL"); /* Disable any ciphers we have by default */ strcat(ciphers, cipherlist); @@ -244,16 +249,17 @@ void load_certificates(SSL_CTX* ctx, const char *certfile, } /* verify private key */ if (!SSL_CTX_check_private_key(ctx)) { - log(ERROR, "Private key does not match the public certificate."); + log(ERROR, + "Private key does not match the public certificate."); log(INFO, "RMPS failed to start, shutting down..."); atexit(cleanup); } if (cafile != NULL) { - SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(cafile)); + SSL_CTX_set_client_CA_list(ctx, + SSL_load_client_CA_file(cafile)); SSL_CTX_load_verify_locations(ctx, cafile, NULL); //SSL_CTX_set_verify_depth(ctx, 1); } - } void launch_rmps(struct conf_table *conf, int fork_flag) @@ -269,30 +275,33 @@ void launch_rmps(struct conf_table *conf, int fork_flag) daemonize("/tmp/"); /* Spawn & lock pidfile */ spawn_pidfile(conf->rmps.pidfile); - - /* openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX -nodes - * -nodes is for not protecing with a passphrase - * http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl - */ - pool_args[0].ctx = init_server_ctx(conf->rmps.cipherlist, + + /* openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX -nodes + * -nodes is for not protecing with a passphrase + * http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl + */ + pool_args[0].ctx = init_server_ctx(conf->rmps.cipherlist, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_FAIL_IF_NO_PEER_CERT); log(VERBOSE, "Loading agent certs and keys."); - load_certificates(pool_args[0].ctx, conf->rmps.agent_tls_crt, + load_certificates(pool_args[0].ctx, conf->rmps.agent_tls_crt, conf->rmps.agent_tls_key, conf->rmps.cafile); - log(VERBOSE, "Starting agent listener on port: %d", atoi(conf->rmps.agent_port)); - pool_args[0].srv = open_listener(atoi(conf->rmps.agent_port)); + log(VERBOSE, "Starting agent listener on port: %d", + atoi(conf->rmps.agent_port)); + pool_args[0].srv = open_listener(atoi(conf->rmps.agent_port)); pool_args[0].size = conf->rmps.agent_poolsize; log(VERBOSE, "Creating agent thread pool (mutex)."); pthread_create(&pool[0], NULL, agent_pool, &pool_args[0]); - pool_args[1].ctx = init_server_ctx(conf->rmps.cipherlist, SSL_VERIFY_NONE); + pool_args[1].ctx = init_server_ctx(conf->rmps.cipherlist, + SSL_VERIFY_NONE); log(VERBOSE, "Loading client certs and keys."); - load_certificates(pool_args[1].ctx, conf->rmps.client_tls_crt, + load_certificates(pool_args[1].ctx, conf->rmps.client_tls_crt, conf->rmps.client_tls_key, conf->rmps.cafile); - log(VERBOSE, "Starting client listener on port: %d", atoi(conf->rmps.client_port)); - pool_args[1].srv = open_listener(atoi(conf->rmps.client_port)); + log(VERBOSE, "Starting client listener on port: %d", + atoi(conf->rmps.client_port)); + pool_args[1].srv = open_listener(atoi(conf->rmps.client_port)); pool_args[1].size = conf->rmps.client_poolsize; log(VERBOSE, "Creating client thread pool (mutex)."); pthread_create(&pool[1], NULL, client_pool, &pool_args[1]); diff --git a/rmps.h b/rmps.h index 876e489..5a89969 100644 --- a/rmps.h +++ b/rmps.h @@ -5,7 +5,7 @@ #include "confparser.h" struct pool_data { - int srv; + int srv; SSL_CTX *ctx; int size; }; @@ -13,3 +13,4 @@ struct pool_data { extern void launch_rmps(struct conf_table *conf, int fork_flag); #endif /* RMPS_H */ +