summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorreyk <reyk@openbsd.org>2019-05-29 11:48:28 +0000
committerreyk <reyk@openbsd.org>2019-05-29 11:48:28 +0000
commite938bb13cfd4f710105a3421b470522efab307ca (patch)
tree8f713d0ce32da7a622ef0ac86c6eccceaac445ad
parentDocument the few neighbor options that need a reset (bgpctl nei X clear) (diff)
downloadwireguard-openbsd-e938bb13cfd4f710105a3421b470522efab307ca.tar.xz
wireguard-openbsd-e938bb13cfd4f710105a3421b470522efab307ca.zip
Move relay_load_*() functions into relayd.c
Pass the *env as an explicit argument instead of using the global pointer: The relay_load_certfiles() function is called early before the *env is set up. This does not change anything in the current code as *env is not used by anything in the function (not even ssl_load_key() that is taking it as an argument) but it will be needed by upcoming changes for SNI. Ok rob@
-rw-r--r--usr.sbin/relayd/parse.y6
-rw-r--r--usr.sbin/relayd/relay.c102
-rw-r--r--usr.sbin/relayd/relayd.c102
-rw-r--r--usr.sbin/relayd/relayd.h6
4 files changed, 108 insertions, 108 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 809c82cee3f..6bee758fcf2 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.234 2019/05/10 09:15:00 reyk Exp $ */
+/* $OpenBSD: parse.y,v 1.235 2019/05/29 11:48:28 reyk Exp $ */
/*
* Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -1755,7 +1755,7 @@ relay : RELAY STRING {
rlay->rl_proto = &conf->sc_proto_default;
rlay->rl_conf.proto = conf->sc_proto_default.id;
}
- if (relay_load_certfiles(rlay) == -1) {
+ if (relay_load_certfiles(conf, rlay) == -1) {
yyerror("cannot load certificates for relay %s",
rlay->rl_conf.name);
YYERROR;
@@ -3293,7 +3293,7 @@ relay_inherit(struct relay *ra, struct relay *rb)
yyerror("relay %s defined twice", rb->rl_conf.name);
goto err;
}
- if (relay_load_certfiles(rb) == -1) {
+ if (relay_load_certfiles(conf, rb) == -1) {
yyerror("cannot load certificates for relay %s",
rb->rl_conf.name);
goto err;
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c
index 8661f1c4964..44d4ef9e737 100644
--- a/usr.sbin/relayd/relay.c
+++ b/usr.sbin/relayd/relay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relay.c,v 1.245 2019/05/13 09:54:07 reyk Exp $ */
+/* $OpenBSD: relay.c,v 1.246 2019/05/29 11:48:28 reyk Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -19,7 +19,6 @@
#include <sys/types.h>
#include <sys/queue.h>
#include <sys/time.h>
-#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/tree.h>
@@ -2665,105 +2664,6 @@ relay_cmp_af(struct sockaddr_storage *a, struct sockaddr_storage *b)
return (ret);
}
-char *
-relay_load_fd(int fd, off_t *len)
-{
- char *buf = NULL;
- struct stat st;
- off_t size;
- ssize_t rv;
- int err;
-
- if (fstat(fd, &st) != 0)
- goto fail;
- size = st.st_size;
- if ((buf = calloc(1, size + 1)) == NULL)
- goto fail;
- if ((rv = pread(fd, buf, size, 0)) != size)
- goto fail;
-
- close(fd);
-
- *len = size;
- return (buf);
-
- fail:
- err = errno;
- free(buf);
- close(fd);
- errno = err;
- return (NULL);
-}
-
-int
-relay_load_certfiles(struct relay *rlay)
-{
- char certfile[PATH_MAX];
- char hbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
- struct protocol *proto = rlay->rl_proto;
- int useport = htons(rlay->rl_conf.port);
-
- if (rlay->rl_conf.flags & F_TLSCLIENT) {
- if (strlen(proto->tlsca)) {
- if ((rlay->rl_tls_ca_fd =
- open(proto->tlsca, O_RDONLY)) == -1)
- return (-1);
- log_debug("%s: using ca %s", __func__, proto->tlsca);
- }
- if (strlen(proto->tlscacert)) {
- if ((rlay->rl_tls_cacert_fd =
- open(proto->tlscacert, O_RDONLY)) == -1)
- return (-1);
- log_debug("%s: using ca certificate %s", __func__,
- proto->tlscacert);
- }
- if (strlen(proto->tlscakey) && proto->tlscapass != NULL) {
- if ((rlay->rl_tls_cakey =
- ssl_load_key(env, proto->tlscakey,
- &rlay->rl_conf.tls_cakey_len,
- proto->tlscapass)) == NULL)
- return (-1);
- log_debug("%s: using ca key %s", __func__,
- proto->tlscakey);
- }
- }
-
- if ((rlay->rl_conf.flags & F_TLS) == 0)
- return (0);
-
- if (print_host(&rlay->rl_conf.ss, hbuf, sizeof(hbuf)) == NULL)
- return (-1);
-
- if (snprintf(certfile, sizeof(certfile),
- "/etc/ssl/%s:%u.crt", hbuf, useport) == -1)
- return (-1);
- if ((rlay->rl_tls_cert_fd = open(certfile, O_RDONLY)) == -1) {
- if (snprintf(certfile, sizeof(certfile),
- "/etc/ssl/%s.crt", hbuf) == -1)
- return (-1);
- if ((rlay->rl_tls_cert_fd = open(certfile, O_RDONLY)) == -1)
- return (-1);
- useport = 0;
- }
- log_debug("%s: using certificate %s", __func__, certfile);
-
- if (useport) {
- if (snprintf(certfile, sizeof(certfile),
- "/etc/ssl/private/%s:%u.key", hbuf, useport) == -1)
- return -1;
- } else {
- if (snprintf(certfile, sizeof(certfile),
- "/etc/ssl/private/%s.key", hbuf) == -1)
- return -1;
- }
- if ((rlay->rl_tls_key = ssl_load_key(env, certfile,
- &rlay->rl_conf.tls_key_len, NULL)) == NULL)
- return (-1);
- log_debug("%s: using private key %s", __func__, certfile);
-
- return (0);
-}
-
int
relay_session_cmp(struct rsession *a, struct rsession *b)
{
diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c
index 6cbb734757f..c884588c773 100644
--- a/usr.sbin/relayd/relayd.c
+++ b/usr.sbin/relayd/relayd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.c,v 1.176 2019/05/08 23:22:19 reyk Exp $ */
+/* $OpenBSD: relayd.c,v 1.177 2019/05/29 11:48:29 reyk Exp $ */
/*
* Copyright (c) 2007 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -20,6 +20,7 @@
#include <sys/types.h>
#include <sys/queue.h>
#include <sys/socket.h>
+#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/resource.h>
@@ -1236,6 +1237,105 @@ pkey_add(struct relayd *env, EVP_PKEY *pkey, char *hash)
return (ca_pkey);
}
+char *
+relay_load_fd(int fd, off_t *len)
+{
+ char *buf = NULL;
+ struct stat st;
+ off_t size;
+ ssize_t rv;
+ int err;
+
+ if (fstat(fd, &st) != 0)
+ goto fail;
+ size = st.st_size;
+ if ((buf = calloc(1, size + 1)) == NULL)
+ goto fail;
+ if ((rv = pread(fd, buf, size, 0)) != size)
+ goto fail;
+
+ close(fd);
+
+ *len = size;
+ return (buf);
+
+ fail:
+ err = errno;
+ free(buf);
+ close(fd);
+ errno = err;
+ return (NULL);
+}
+
+int
+relay_load_certfiles(struct relayd *env, struct relay *rlay)
+{
+ char certfile[PATH_MAX];
+ char hbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+ struct protocol *proto = rlay->rl_proto;
+ int useport = htons(rlay->rl_conf.port);
+
+ if (rlay->rl_conf.flags & F_TLSCLIENT) {
+ if (strlen(proto->tlsca)) {
+ if ((rlay->rl_tls_ca_fd =
+ open(proto->tlsca, O_RDONLY)) == -1)
+ return (-1);
+ log_debug("%s: using ca %s", __func__, proto->tlsca);
+ }
+ if (strlen(proto->tlscacert)) {
+ if ((rlay->rl_tls_cacert_fd =
+ open(proto->tlscacert, O_RDONLY)) == -1)
+ return (-1);
+ log_debug("%s: using ca certificate %s", __func__,
+ proto->tlscacert);
+ }
+ if (strlen(proto->tlscakey) && proto->tlscapass != NULL) {
+ if ((rlay->rl_tls_cakey =
+ ssl_load_key(env, proto->tlscakey,
+ &rlay->rl_conf.tls_cakey_len,
+ proto->tlscapass)) == NULL)
+ return (-1);
+ log_debug("%s: using ca key %s", __func__,
+ proto->tlscakey);
+ }
+ }
+
+ if ((rlay->rl_conf.flags & F_TLS) == 0)
+ return (0);
+
+ if (print_host(&rlay->rl_conf.ss, hbuf, sizeof(hbuf)) == NULL)
+ return (-1);
+
+ if (snprintf(certfile, sizeof(certfile),
+ "/etc/ssl/%s:%u.crt", hbuf, useport) == -1)
+ return (-1);
+ if ((rlay->rl_tls_cert_fd = open(certfile, O_RDONLY)) == -1) {
+ if (snprintf(certfile, sizeof(certfile),
+ "/etc/ssl/%s.crt", hbuf) == -1)
+ return (-1);
+ if ((rlay->rl_tls_cert_fd = open(certfile, O_RDONLY)) == -1)
+ return (-1);
+ useport = 0;
+ }
+ log_debug("%s: using certificate %s", __func__, certfile);
+
+ if (useport) {
+ if (snprintf(certfile, sizeof(certfile),
+ "/etc/ssl/private/%s:%u.key", hbuf, useport) == -1)
+ return -1;
+ } else {
+ if (snprintf(certfile, sizeof(certfile),
+ "/etc/ssl/private/%s.key", hbuf) == -1)
+ return -1;
+ }
+ if ((rlay->rl_tls_key = ssl_load_key(env, certfile,
+ &rlay->rl_conf.tls_key_len, NULL)) == NULL)
+ return (-1);
+ log_debug("%s: using private key %s", __func__, certfile);
+
+ return (0);
+}
+
void
event_again(struct event *ev, int fd, short event,
void (*fn)(int, short, void *),
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index 552332b9056..d3c03da9f38 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.255 2019/05/13 09:54:07 reyk Exp $ */
+/* $OpenBSD: relayd.h,v 1.256 2019/05/29 11:48:29 reyk Exp $ */
/*
* Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -1183,8 +1183,6 @@ void relay(struct privsep *, struct privsep_proc *);
int relay_privinit(struct relay *);
void relay_notify_done(struct host *, const char *);
int relay_session_cmp(struct rsession *, struct rsession *);
-char *relay_load_fd(int, off_t *);
-int relay_load_certfiles(struct relay *);
void relay_close(struct rsession *, const char *, int);
int relay_reset_event(struct rsession *, struct ctl_relay_event *);
void relay_natlook(int, short, void *);
@@ -1298,6 +1296,8 @@ struct relay *relay_findbyname(struct relayd *, const char *);
struct relay *relay_findbyaddr(struct relayd *, struct relay_config *);
EVP_PKEY *pkey_find(struct relayd *, char *hash);
struct ca_pkey *pkey_add(struct relayd *, EVP_PKEY *, char *hash);
+char *relay_load_fd(int, off_t *);
+int relay_load_certfiles(struct relayd *, struct relay *);
int expand_string(char *, size_t, const char *, const char *);
void translate_string(char *);
void purge_key(char **, off_t);