smirky/rmps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lots and lots of whitespace and code style fixes

Browse Source
This commit is contained in:
Bogomil Vasilev
2017-05-17 17:54:37 +03:00
parent 2442ceaee2
commit ff8546bf66
7 changed files with 191 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
confparser.c
View File

@@ -8,8 +8,8 @@
#include "confparser.h"
#include "enum_functions.h"
static int test_conf_perms();
static int test_conf_syntax();
static int test_conf_perms(void);
static int test_conf_syntax(void);
struct conf_table conf = {
0, /* isvalid initial state */
@@ -39,7 +39,7 @@ struct conf_table conf = {
},
{
0 /* nfs -> TODO */
}
}
};
const char* conf_db_pass(void)
@@ -54,7 +54,7 @@ const char* conf_db_hostname(void)
void confexport(void)
{
printf( "db.type=%s\n"
printf("db.type=%s\n"
"db.hostname=%s\n"
"db.port=%s\n"
"db.pass=%s\n"
@@ -75,17 +75,17 @@ void confexport(void)
"rmps.client_tls_key=%s\n"
"rmps.client_poolsize=%d\n",
conf.db.type,
conf.db.hostname,
conf.db.port,
conf.db.hostname,
conf.db.port,
conf.db.pass,
conf.rmps.agent_ip,
conf.rmps.agent_port,
conf.rmps.client_ip,
conf.rmps.client_port,
conf.rmps.logfile,
conf.rmps.errlog,
conf.rmps.loglevel,
conf.rmps.pidfile,
conf.rmps.agent_ip,
conf.rmps.agent_port,
conf.rmps.client_ip,
conf.rmps.client_port,
conf.rmps.logfile,
conf.rmps.errlog,
conf.rmps.loglevel,
conf.rmps.pidfile,
conf.rmps.agent_tls_crt,
conf.rmps.agent_tls_key,
conf.rmps.cafile,
@@ -97,33 +97,34 @@ void confexport(void)
);
}
static int fopen_and_mkdir(const char *dir) {
static int fopen_and_mkdir(const char *dir)
{
char tmp[256];
char *p = NULL;
size_t len;
FILE *fp;
snprintf(tmp, sizeof(tmp),"%s",dir);
snprintf(tmp, sizeof(tmp), "%s", dir);
len = strlen(tmp);
if(tmp[len - 1] == '/')
if (tmp[len - 1] == '/')
tmp[len - 1] = 0;
for (p = tmp + 1; *p; p++)
if(*p == '/') {
if (*p == '/') {
*p = 0;
if (mkdir(tmp, S_IRWXU) == -1 && errno != EEXIST) {
log( ERROR,
log(ERROR,
"Permission denied to create directory: %s",
tmp );
tmp);
return 1;
}
*p = '/';
}
fp = fopen(dir, "a");
if (!fp) {
log(ERROR, "Permission denied to write into: %s", dir);
}
fp = fopen(dir, "a");
if (!fp) {
log(ERROR, "Permission denied to write into: %s", dir);
return 1;
}
fclose(fp);
fclose(fp);
return 0;
}
@@ -146,8 +147,8 @@ static int test_conf_perms(void)
log(ERROR, confresult);
return 1;
}
if ( !(S_IRUSR & s.st_mode) ||
!(S_IXUSR & s.st_mode) ) {
if (!(S_IRUSR & s.st_mode) ||
!(S_IXUSR & s.st_mode)) {
enumtostr(confresult, CONF_DIR_PERM);
log(ERROR, confresult);
return 1;
@@ -155,13 +156,11 @@ static int test_conf_perms(void)
if (s.st_uid != 0) {
enumtostr(confresult, CONF_DIR_UID_INSECURE);
log(WARNING, confresult);
}
else if (s.st_gid != 0) {
} else if (s.st_gid != 0) {
enumtostr(confresult, CONF_DIR_GID_INSECURE);
log(WARNING, confresult);
}
else if ( (S_IROTH & s.st_mode) ||
(S_IWOTH & s.st_mode) ) {
} else if ((S_IROTH & s.st_mode) ||
(S_IWOTH & s.st_mode)) {
enumtostr(confresult, CONF_DIR_PERM_INSECURE);
log(WARNING, confresult);
}
@@ -189,16 +188,14 @@ static int test_conf_perms(void)
if (s.st_uid != 0) {
enumtostr(confresult, CONF_FILE_UID_INSECURE);
log(WARNING, confresult);
}
else if (s.st_gid != 0) {
} else if (s.st_gid != 0) {
enumtostr(confresult, CONF_FILE_GID_INSECURE);
log(WARNING, confresult);
}
else if ( (S_IROTH & s.st_mode) ||
(S_IWOTH & s.st_mode) ) {
} else if ((S_IROTH & s.st_mode) ||
(S_IWOTH & s.st_mode)) {
enumtostr(confresult, CONF_FILE_PERM_INSECURE);
log(WARNING, confresult);
}
}
}
return 0; /* conf is readable */
}
@@ -226,9 +223,9 @@ static int test_conf_syntax(void)
if ((tmp = strstr(buf, "=")))
*tmp = '\0';
else {
log( ERROR,
"Bad entry in /etc/rmps/rmps.conf, line %d: %s",
j, buf );
log(ERROR,
"Bad entry in /etc/rmps/rmps.conf, line %d: %s",
j, buf);
ok = 0;
failed = 1;
continue;
@@ -238,9 +235,9 @@ static int test_conf_syntax(void)
if (tmp[i] == '\n')
tmp[i] = '\0';
if (tmp[strspn(tmp + 1, " \t\v\r\n") + 1] == '\0') {
log( ERROR,
"Specified entry without value, line %d: %s",
j, buf );
log(ERROR,
"Specified entry without value, line %d: %s",
j, buf);
failed = 1;
continue;
}
@@ -278,28 +275,30 @@ static int test_conf_syntax(void)
/* TODO */
} else if (!strcmp(buf, "rmps.agent_port")) {
if ((i = strlen(tmp + 1)) < 6) {
if ((signed int)strspn(tmp + 1, "1234567890") == i) {
i = atoi(tmp + 1);
if (i > 0 && i < 65536) {
strcpy(conf.rmps.agent_port, tmp + 1);
if ((signed int)strspn(tmp + 1, "1234567890") == i) {
i = atoi(tmp + 1);
if (i > 0 && i < 65536) {
strcpy(conf.rmps.agent_port,
tmp + 1);
continue;
}
}
}
}
}
ok = 0;
failed = 1;
} else if (!strcmp(buf, "rmps.client_ip")) {
/* TODO */
} else if (!strcmp(buf, "rmps.client_port")) {
if ((i = strlen(tmp + 1)) < 6) {
if ((signed int)strspn(tmp + 1, "1234567890") == i) {
i = atoi(tmp + 1);
if (i > 0 && i < 65536) {
strcpy(conf.rmps.client_port, tmp + 1);
if ((signed int)strspn(tmp + 1, "1234567890") == i) {
i = atoi(tmp + 1);
if (i > 0 && i < 65536) {
strcpy(conf.rmps.client_port,
tmp + 1);
continue;
}
}
}
}
}
ok = 0;
failed = 1;
} else if (!strcmp(buf, "rmps.logfile")) {
@@ -309,13 +308,15 @@ static int test_conf_syntax(void)
} else if (!strcmp(buf, "rmps.errlog")) {
strcpy(conf.rmps.errlog, tmp + 1);
if (fopen_and_mkdir(conf.rmps.errlog) != 0)
failed = 1;
failed = 1;
} else if (!strcmp(buf, "rmps.pidfile")) {
strcpy(conf.rmps.pidfile, tmp + 1);
/*if (fopen_and_mkdir(conf.rmps.pidfile) != 0)
failed = 1;*/
* failed = 1;
*/
} else if (!strcmp(buf, "rmps.loglevel")) {
if (strlen(tmp + 1) == 1 && (tmp[1] > '0' && tmp[1] < '5'))
if (strlen(tmp + 1) == 1 &&
(tmp[1] > '0' && tmp[1] < '5'))
conf.rmps.loglevel = tmp[1] - '0';
else
failed = 1;
@@ -323,21 +324,18 @@ static int test_conf_syntax(void)
if (access(tmp + 1, F_OK) == -1) {
log(ERROR, "%s is missing", tmp + 1);
failed = 1;
}
else if (access(tmp + 1, R_OK) == -1) {
} else if (access(tmp + 1, R_OK) == -1) {
log(ERROR, "%s is not readable", tmp + 1);
failed = 1;
} else
strncpy(conf.rmps.agent_tls_crt,
tmp + 1,
sizeof(conf.rmps.agent_tls_crt));
}
else if (!strcmp(buf, "rmps.agent_tls_key")) {
} else if (!strcmp(buf, "rmps.agent_tls_key")) {
if (access(tmp + 1, F_OK) == -1) {
log(ERROR, "%s is missing", tmp + 1);
failed = 1;
}
else if (access(tmp + 1, R_OK) == -1) {
} else if (access(tmp + 1, R_OK) == -1) {
log(ERROR, "%s is not readable", tmp + 1);
failed = 1;
} else
@@ -345,23 +343,23 @@ static int test_conf_syntax(void)
tmp + 1,
sizeof(conf.rmps.agent_tls_key));
} else if (!strcmp(buf, "rmps.cipherlist")) {
strncpy(conf.rmps.cipherlist, tmp + 1, sizeof(conf.rmps.cipherlist));
strncpy(conf.rmps.cipherlist,
tmp + 1, sizeof(conf.rmps.cipherlist));
} else if (!strcmp(buf, "rmps.cafile")) {
if (access(tmp + 1, F_OK) == -1) {
log(ERROR, "%s is missing", tmp + 1);
failed = 1;
}
else if (access(tmp + 1, R_OK) == -1) {
} else if (access(tmp + 1, R_OK) == -1) {
log(ERROR, "%s is not readable\n", tmp + 1);
failed = 1;
} else
strncpy(conf.rmps.cafile, tmp + 1, sizeof(conf.rmps.cafile));
strncpy(conf.rmps.cafile,
tmp + 1, sizeof(conf.rmps.cafile));
} else if (!strcmp(buf, "rmps.client_tls_crt")) {
if (access(tmp + 1, F_OK) == -1) {
log(ERROR, "%s is missing", tmp + 1);
failed = 1;
}
else if (access(tmp + 1, R_OK) == -1) {
} else if (access(tmp + 1, R_OK) == -1) {
log(ERROR, "%s is not readable", tmp + 1);
failed = 1;
} else
@@ -372,8 +370,7 @@ static int test_conf_syntax(void)
if (access(tmp + 1, F_OK) == -1) {
log(ERROR, "%s is missing", tmp + 1);
failed = 1;
}
else if (access(tmp + 1, R_OK) == -1) {
} else if (access(tmp + 1, R_OK) == -1) {
log(ERROR, "%s is not readable", tmp + 1);
failed = 1;
} else
@@ -381,11 +378,12 @@ static int test_conf_syntax(void)
tmp + 1,
sizeof(conf.rmps.client_tls_key));
} else
log(ERROR, "Unknown config entry on line %d: %s", j, buf);
log(ERROR, "Unknown config entry on line %d: %s",
j, buf);
if (!ok) {
log( ERROR,
"Invalid value for \"%s\", line %d: \"%s\"",
buf, j, tmp + 1 );
log(ERROR,
"Invalid value for \"%s\", line %d: \"%s\"",
buf, j, tmp + 1);
ok = !ok;
}
}
@@ -404,7 +402,7 @@ int confparse(void)
result = test_conf_perms();
if (result)
return 1; /* Bad conf perms */
result = test_conf_syntax();
if (result != 0)
return 1; /* Bad conf syntax */

2
confparser.h
View File

@@ -21,7 +21,7 @@ struct conf_rmps {
char client_port[6];
char logfile[MAXPATHSIZE];
char errlog[MAXPATHSIZE];
LOG_LEVEL loglevel;
enum LOG_LEVEL loglevel;
char pidfile[MAXPATHSIZE];
char agent_tls_crt[MAXPATHSIZE];
char agent_tls_key[MAXPATHSIZE];

32
log.c
View File

@@ -35,8 +35,8 @@ static void set_fpts(void)
fdout = stdout;
}
void log(LOG_LEVEL lvl, char *fmt, ... )
{
void log(enum LOG_LEVEL lvl, char *fmt, ...)
{
char fmt_with_pfx[1024];
pthread_once(&init_once, set_fpts);
@@ -45,31 +45,33 @@ void log(LOG_LEVEL lvl, char *fmt, ... )
if (lvl <= conf.rmps.loglevel) {
va_list list;
FILE *fp;
static const char *prefixes[] = {
static const char * const prefixes[] = {
"ERROR", "WARNING", "INFO", "VERBOSE"
};
time_t t = time(NULL);
struct tm tm;
localtime_r(&t, &tm);
if (lvl == ERROR || lvl == WARNING)
fp = fderr;
else
fp = fdout;
snprintf( fmt_with_pfx,
sizeof(fmt_with_pfx),
"[%d-%02d-%02d %02d:%02d:%02d] %s: %s\n",
tm.tm_year + 1900,
tm.tm_mon + 1,
tm.tm_mday,
tm.tm_hour,
tm.tm_min,
tm.tm_sec,
prefixes[lvl-1],
fmt );
snprintf(fmt_with_pfx,
sizeof(fmt_with_pfx),
"[%d-%02d-%02d %02d:%02d:%02d] %s: %s\n",
tm.tm_year + 1900,
tm.tm_mon + 1,
tm.tm_mday,
tm.tm_hour,
tm.tm_min,
tm.tm_sec,
prefixes[lvl-1],
fmt);
va_start(list, fmt);
vfprintf(fp, fmt_with_pfx, list);
va_end(list);
va_end(list);
}
}

9
log.h
View File

@@ -4,14 +4,15 @@
#undef log
#define log log_trace
typedef enum {
ERROR = 1, /* Errors only */
enum LOG_LEVEL {
ERROR = 1, /* Errors only */
WARNING, /* Errors & warnings */
INFO, /* Errors, warnings & events */
VERBOSE, /* Errors, warnings, events & more? */
} LOG_LEVEL;
};
void log_ssl(void);
void log(LOG_LEVEL lvl, char *fmt, ... );
void log(enum LOG_LEVEL lvl, char *fmt, ...);
#endif /* LOG_TRACE_H */

30
main.c
View File

@@ -10,9 +10,8 @@
static void usage(char *argv)
{
log( ERROR,
"Usage:\n%s start|stop|restart [--daemonize=yes|no]\n",
argv );
log(ERROR,
"Usage:\n%s start|stop|restart [--daemonize=yes|no]\n", argv);
}
int main(int argc, char *argv[])
@@ -36,7 +35,8 @@ int main(int argc, char *argv[])
}
if (argc == 3) {
if (!strcmp("--daemonize=yes", argv[2]));
if (!strcmp("--daemonize=yes", argv[2]))
fork_flag = 1;
else if (!strcmp("--daemonize=no", argv[2]))
fork_flag = 0;
else {
@@ -45,16 +45,17 @@ int main(int argc, char *argv[])
}
}
if (confparse() != 0) {
log(ERROR, "Failed to parse the conf!");
exit(EXIT_FAILURE);
log(ERROR, "Failed to parse the conf!");
exit(EXIT_FAILURE);
}
log(VERBOSE, "Conf parser finished successfully");
//confexport();
if (task == 2 || task == 3) {
char buf[10];
int pid;
FILE *fp;
if (task == 2)
log(VERBOSE, "We got a stop signal!");
else if (task == 3)
@@ -65,7 +66,8 @@ int main(int argc, char *argv[])
switch (errno) {
case EEXIST:
if (!fgets(buf, 10, fp)) {
log(ERROR, "Failed to read %s!", conf.rmps.pidfile);
log(ERROR, "Failed to read %s!",
conf.rmps.pidfile);
exit(EXIT_FAILURE);
}
pid = strtol(buf, NULL, 10);
@@ -80,16 +82,14 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE);
break;
default:
log( ERROR,
"Unhandled errno while opening PID: %d. Exiting!",
errno
);
log(ERROR,
"Failed to open PID file (errno: %d. Exiting!",
errno);
exit(EXIT_FAILURE);
}
}
if (task == 1 || task == 3) {
if (task == 1 || task == 3)
launch_rmps(&conf, fork_flag);
}
return 0;
}

141
rmps.c
View File

@@ -23,7 +23,7 @@ static int open_listener(int port);
static void cleanup(void);
static void signal_handler(int sig);
static void load_certificates(SSL_CTX *ctx, const char *certfile,
const char *keyfile, const char *cafile);
const char *keyfile, const char *cafile);
static SSL_CTX* init_server_ctx(const char *cipherlist, int mode);
static int pid_file_handle;
@@ -32,9 +32,9 @@ static void cleanup(void)
{
log(VERBOSE, "Deleting pidfile %s", conf.rmps.pidfile);
if (unlink(conf.rmps.pidfile) != 0)
log( WARNING,
"Failed to delete pidfile %s. Reason code: %d",
conf.rmps.pidfile, errno );
log(WARNING,
"Failed to delete pidfile %s. Reason code: %d",
conf.rmps.pidfile, errno);
}
static void signal_handler(int sig)
@@ -66,25 +66,25 @@ static void rmps_shutdown(void)
static void set_env(void)
{
struct sigaction new_sigaction;
sigset_t new_sigset;
sigset_t new_sigset;
/* Set signal mask - signals we want to block */
sigemptyset(&new_sigset);
sigaddset(&new_sigset, SIGCHLD); /* ignore child - i.e. we don't need to wait for it */
sigaddset(&new_sigset, SIGTSTP); /* ignore Tty stop signals */
sigaddset(&new_sigset, SIGTTOU); /* ignore Tty background writes */
sigaddset(&new_sigset, SIGTTIN); /* ignore Tty background reads */
sigprocmask(SIG_BLOCK, &new_sigset, NULL); /* Block the above specified signals */
/* Set up a signal handler */
new_sigaction.sa_handler = signal_handler;
sigemptyset(&new_sigaction.sa_mask);
new_sigaction.sa_flags = 0;
/* Signals to handle */
sigaction(SIGHUP, &new_sigaction, NULL); /* catch hangup signal */
sigaction(SIGTERM, &new_sigaction, NULL); /* catch term signal */
sigaction(SIGINT, &new_sigaction, NULL); /* catch interrupt signal */
sigemptyset(&new_sigset);
sigaddset(&new_sigset, SIGCHLD); /* ignore child */
sigaddset(&new_sigset, SIGTSTP); /* ignore Tty stop signals */
sigaddset(&new_sigset, SIGTTOU); /* ignore Tty background writes */
sigaddset(&new_sigset, SIGTTIN); /* ignore Tty background reads */
sigprocmask(SIG_BLOCK, &new_sigset, NULL); /* Block above signals */
/* Set up a signal handler */
new_sigaction.sa_handler = signal_handler;
sigemptyset(&new_sigaction.sa_mask);
new_sigaction.sa_flags = 0;
/* Signals to handle */
sigaction(SIGHUP, &new_sigaction, NULL); /* catch hangup signal */
sigaction(SIGTERM, &new_sigaction, NULL); /* catch term signal */
sigaction(SIGINT, &new_sigaction, NULL); /* catch interrupt signal */
signal(SIGPIPE, SIG_IGN); /* prevent crashing from bad writes */
}
@@ -121,13 +121,13 @@ static void daemonize(const char *rundir)
close(1); /* stdout */
close(2); /* stderr */
/* Route I/O connections */
/* Open STDIN */
i = open("/dev/null", O_RDWR);
/* STDOUT */
dup(i);
/* STDERR */
dup(i);
chdir(rundir); /* change running directory */
/* Open STDIN */
i = open("/dev/null", O_RDWR);
/* STDOUT */
dup(i);
/* STDERR */
dup(i);
chdir(rundir); /* change running directory */
}
static void spawn_pidfile(const char *pidfile)
@@ -140,14 +140,14 @@ static void spawn_pidfile(const char *pidfile)
log(ERROR, "Could not create PID file %s - Exiting!", pidfile);
exit(EXIT_FAILURE);
}
/* Try to lock file */
if (lockf(pid_file_handle, F_TLOCK, 0) == -1) {
/* Couldn't get lock on lock file */
log(ERROR, "Could not lock PID file %s - Exiting!", pidfile);
exit(EXIT_FAILURE);
}
/* Get and format PID */
sprintf(str, "%d\n", getpid());
/* write pid to lockfile */
@@ -157,37 +157,41 @@ static void spawn_pidfile(const char *pidfile)
static inline int set_reuse_addr(int sockfd)
{
int yes = 1;
return setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR,
&yes, sizeof(yes));
&yes, sizeof(yes));
}
static int open_listener(int port)
{
int sd;
struct sockaddr_in addr;
{
int sd;
struct sockaddr_in addr;
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
sd = socket(addr.sin_family, SOCK_STREAM, 0);
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = INADDR_ANY;
sd = socket(addr.sin_family, SOCK_STREAM, 0);
if (sd < 0) {
log(ERROR, "Failed to create socket");
goto exit;
}
if (set_reuse_addr(sd) < 0) {
log(ERROR, "Failed to set reuse on address - Aborting...", port);
log(ERROR,
"Failed to set reuse on address - Aborting...", port);
goto exit;
}
if (bind(sd, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
if (bind(sd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
log(ERROR, "Failed to bind on port: %d - Aborting...", port);
goto exit;
}
if (listen(sd, 10) != 0) {
log(ERROR, "Failed to start listener on port %d - Aborting...", port);
if (listen(sd, 10) != 0) {
log(ERROR,
"Failed to start listener on port %d - Aborting...",
port);
goto exit;
}
return sd;
}
return sd;
exit:
log(INFO, "RMPS failed to start, shutting down...");
atexit(cleanup);
@@ -198,20 +202,21 @@ static SSL_CTX* init_server_ctx(const char *cipherlist, int mode)
{
SSL_CTX *ctx;
char ciphers[1024];
// OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */
// OpenSSL_add_all_ciphers(); /* load & register all cryptos, etc. */
SSL_load_error_strings(); /* load all error messages */
SSL_library_init();
ctx = SSL_CTX_new(TLSv1_2_method()); /* create new context from method */
/* create new context from method */
ctx = SSL_CTX_new(TLSv1_2_method());
if (ctx == NULL) {
log(ERROR, "SSL_CTX_new() returned NULL - Aborting...");
log(ERROR, "RMPS failed to start, shutting down...");
exit(EXIT_FAILURE);
}
SSL_CTX_set_verify(ctx, mode, NULL);
ciphers[0] = 0;
strcat(ciphers, "-ALL"); /* Disable any ciphers we have by default */
strcat(ciphers, cipherlist);
@@ -244,16 +249,17 @@ void load_certificates(SSL_CTX* ctx, const char *certfile,
}
/* verify private key */
if (!SSL_CTX_check_private_key(ctx)) {
log(ERROR, "Private key does not match the public certificate.");
log(ERROR,
"Private key does not match the public certificate.");
log(INFO, "RMPS failed to start, shutting down...");
atexit(cleanup);
}
if (cafile != NULL) {
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(cafile));
SSL_CTX_set_client_CA_list(ctx,
SSL_load_client_CA_file(cafile));
SSL_CTX_load_verify_locations(ctx, cafile, NULL);
//SSL_CTX_set_verify_depth(ctx, 1);
}
}
void launch_rmps(struct conf_table *conf, int fork_flag)
@@ -269,30 +275,33 @@ void launch_rmps(struct conf_table *conf, int fork_flag)
daemonize("/tmp/");
/* Spawn & lock pidfile */
spawn_pidfile(conf->rmps.pidfile);
/* openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX -nodes
* -nodes is for not protecing with a passphrase
* http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
*/
pool_args[0].ctx = init_server_ctx(conf->rmps.cipherlist,
/* openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX -nodes
* -nodes is for not protecing with a passphrase
* http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
*/
pool_args[0].ctx = init_server_ctx(conf->rmps.cipherlist,
SSL_VERIFY_PEER |
SSL_VERIFY_CLIENT_ONCE |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
log(VERBOSE, "Loading agent certs and keys.");
load_certificates(pool_args[0].ctx, conf->rmps.agent_tls_crt,
load_certificates(pool_args[0].ctx, conf->rmps.agent_tls_crt,
conf->rmps.agent_tls_key, conf->rmps.cafile);
log(VERBOSE, "Starting agent listener on port: %d", atoi(conf->rmps.agent_port));
pool_args[0].srv = open_listener(atoi(conf->rmps.agent_port));
log(VERBOSE, "Starting agent listener on port: %d",
atoi(conf->rmps.agent_port));
pool_args[0].srv = open_listener(atoi(conf->rmps.agent_port));
pool_args[0].size = conf->rmps.agent_poolsize;
log(VERBOSE, "Creating agent thread pool (mutex).");
pthread_create(&pool[0], NULL, agent_pool, &pool_args[0]);
pool_args[1].ctx = init_server_ctx(conf->rmps.cipherlist, SSL_VERIFY_NONE);
pool_args[1].ctx = init_server_ctx(conf->rmps.cipherlist,
SSL_VERIFY_NONE);
log(VERBOSE, "Loading client certs and keys.");
load_certificates(pool_args[1].ctx, conf->rmps.client_tls_crt,
load_certificates(pool_args[1].ctx, conf->rmps.client_tls_crt,
conf->rmps.client_tls_key, conf->rmps.cafile);
log(VERBOSE, "Starting client listener on port: %d", atoi(conf->rmps.client_port));
pool_args[1].srv = open_listener(atoi(conf->rmps.client_port));
log(VERBOSE, "Starting client listener on port: %d",
atoi(conf->rmps.client_port));
pool_args[1].srv = open_listener(atoi(conf->rmps.client_port));
pool_args[1].size = conf->rmps.client_poolsize;
log(VERBOSE, "Creating client thread pool (mutex).");
pthread_create(&pool[1], NULL, client_pool, &pool_args[1]);

3
rmps.h
View File

@@ -5,7 +5,7 @@
#include "confparser.h"
struct pool_data {
int srv;
int srv;
SSL_CTX *ctx;
int size;
};
@@ -13,3 +13,4 @@ struct pool_data {
extern void launch_rmps(struct conf_table *conf, int fork_flag);
#endif /* RMPS_H */