diff options
author | 2019-05-29 11:48:28 +0000 | |
---|---|---|
committer | 2019-05-29 11:48:28 +0000 | |
commit | e938bb13cfd4f710105a3421b470522efab307ca (patch) | |
tree | 8f713d0ce32da7a622ef0ac86c6eccceaac445ad | |
parent | Document the few neighbor options that need a reset (bgpctl nei X clear) (diff) | |
download | wireguard-openbsd-e938bb13cfd4f710105a3421b470522efab307ca.tar.xz wireguard-openbsd-e938bb13cfd4f710105a3421b470522efab307ca.zip |
Move relay_load_*() functions into relayd.c
Pass the *env as an explicit argument instead of using the global
pointer: The relay_load_certfiles() function is called early before
the *env is set up. This does not change anything in the current code
as *env is not used by anything in the function (not even
ssl_load_key() that is taking it as an argument) but it will be needed
by upcoming changes for SNI.
Ok rob@
-rw-r--r-- | usr.sbin/relayd/parse.y | 6 | ||||
-rw-r--r-- | usr.sbin/relayd/relay.c | 102 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.c | 102 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.h | 6 |
4 files changed, 108 insertions, 108 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index 809c82cee3f..6bee758fcf2 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.234 2019/05/10 09:15:00 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.235 2019/05/29 11:48:28 reyk Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org> @@ -1755,7 +1755,7 @@ relay : RELAY STRING { rlay->rl_proto = &conf->sc_proto_default; rlay->rl_conf.proto = conf->sc_proto_default.id; } - if (relay_load_certfiles(rlay) == -1) { + if (relay_load_certfiles(conf, rlay) == -1) { yyerror("cannot load certificates for relay %s", rlay->rl_conf.name); YYERROR; @@ -3293,7 +3293,7 @@ relay_inherit(struct relay *ra, struct relay *rb) yyerror("relay %s defined twice", rb->rl_conf.name); goto err; } - if (relay_load_certfiles(rb) == -1) { + if (relay_load_certfiles(conf, rb) == -1) { yyerror("cannot load certificates for relay %s", rb->rl_conf.name); goto err; diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index 8661f1c4964..44d4ef9e737 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.245 2019/05/13 09:54:07 reyk Exp $ */ +/* $OpenBSD: relay.c,v 1.246 2019/05/29 11:48:28 reyk Exp $ */ /* * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org> @@ -19,7 +19,6 @@ #include <sys/types.h> #include <sys/queue.h> #include <sys/time.h> -#include <sys/stat.h> #include <sys/socket.h> #include <sys/tree.h> @@ -2665,105 +2664,6 @@ relay_cmp_af(struct sockaddr_storage *a, struct sockaddr_storage *b) return (ret); } -char * -relay_load_fd(int fd, off_t *len) -{ - char *buf = NULL; - struct stat st; - off_t size; - ssize_t rv; - int err; - - if (fstat(fd, &st) != 0) - goto fail; - size = st.st_size; - if ((buf = calloc(1, size + 1)) == NULL) - goto fail; - if ((rv = pread(fd, buf, size, 0)) != size) - goto fail; - - close(fd); - - *len = size; - return (buf); - - fail: - err = errno; - free(buf); - close(fd); - errno = err; - return (NULL); -} - -int -relay_load_certfiles(struct relay *rlay) -{ - char certfile[PATH_MAX]; - char hbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")]; - struct protocol *proto = rlay->rl_proto; - int useport = htons(rlay->rl_conf.port); - - if (rlay->rl_conf.flags & F_TLSCLIENT) { - if (strlen(proto->tlsca)) { - if ((rlay->rl_tls_ca_fd = - open(proto->tlsca, O_RDONLY)) == -1) - return (-1); - log_debug("%s: using ca %s", __func__, proto->tlsca); - } - if (strlen(proto->tlscacert)) { - if ((rlay->rl_tls_cacert_fd = - open(proto->tlscacert, O_RDONLY)) == -1) - return (-1); - log_debug("%s: using ca certificate %s", __func__, - proto->tlscacert); - } - if (strlen(proto->tlscakey) && proto->tlscapass != NULL) { - if ((rlay->rl_tls_cakey = - ssl_load_key(env, proto->tlscakey, - &rlay->rl_conf.tls_cakey_len, - proto->tlscapass)) == NULL) - return (-1); - log_debug("%s: using ca key %s", __func__, - proto->tlscakey); - } - } - - if ((rlay->rl_conf.flags & F_TLS) == 0) - return (0); - - if (print_host(&rlay->rl_conf.ss, hbuf, sizeof(hbuf)) == NULL) - return (-1); - - if (snprintf(certfile, sizeof(certfile), - "/etc/ssl/%s:%u.crt", hbuf, useport) == -1) - return (-1); - if ((rlay->rl_tls_cert_fd = open(certfile, O_RDONLY)) == -1) { - if (snprintf(certfile, sizeof(certfile), - "/etc/ssl/%s.crt", hbuf) == -1) - return (-1); - if ((rlay->rl_tls_cert_fd = open(certfile, O_RDONLY)) == -1) - return (-1); - useport = 0; - } - log_debug("%s: using certificate %s", __func__, certfile); - - if (useport) { - if (snprintf(certfile, sizeof(certfile), - "/etc/ssl/private/%s:%u.key", hbuf, useport) == -1) - return -1; - } else { - if (snprintf(certfile, sizeof(certfile), - "/etc/ssl/private/%s.key", hbuf) == -1) - return -1; - } - if ((rlay->rl_tls_key = ssl_load_key(env, certfile, - &rlay->rl_conf.tls_key_len, NULL)) == NULL) - return (-1); - log_debug("%s: using private key %s", __func__, certfile); - - return (0); -} - int relay_session_cmp(struct rsession *a, struct rsession *b) { diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c index 6cbb734757f..c884588c773 100644 --- a/usr.sbin/relayd/relayd.c +++ b/usr.sbin/relayd/relayd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.c,v 1.176 2019/05/08 23:22:19 reyk Exp $ */ +/* $OpenBSD: relayd.c,v 1.177 2019/05/29 11:48:29 reyk Exp $ */ /* * Copyright (c) 2007 - 2016 Reyk Floeter <reyk@openbsd.org> @@ -20,6 +20,7 @@ #include <sys/types.h> #include <sys/queue.h> #include <sys/socket.h> +#include <sys/stat.h> #include <sys/wait.h> #include <sys/resource.h> @@ -1236,6 +1237,105 @@ pkey_add(struct relayd *env, EVP_PKEY *pkey, char *hash) return (ca_pkey); } +char * +relay_load_fd(int fd, off_t *len) +{ + char *buf = NULL; + struct stat st; + off_t size; + ssize_t rv; + int err; + + if (fstat(fd, &st) != 0) + goto fail; + size = st.st_size; + if ((buf = calloc(1, size + 1)) == NULL) + goto fail; + if ((rv = pread(fd, buf, size, 0)) != size) + goto fail; + + close(fd); + + *len = size; + return (buf); + + fail: + err = errno; + free(buf); + close(fd); + errno = err; + return (NULL); +} + +int +relay_load_certfiles(struct relayd *env, struct relay *rlay) +{ + char certfile[PATH_MAX]; + char hbuf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")]; + struct protocol *proto = rlay->rl_proto; + int useport = htons(rlay->rl_conf.port); + + if (rlay->rl_conf.flags & F_TLSCLIENT) { + if (strlen(proto->tlsca)) { + if ((rlay->rl_tls_ca_fd = + open(proto->tlsca, O_RDONLY)) == -1) + return (-1); + log_debug("%s: using ca %s", __func__, proto->tlsca); + } + if (strlen(proto->tlscacert)) { + if ((rlay->rl_tls_cacert_fd = + open(proto->tlscacert, O_RDONLY)) == -1) + return (-1); + log_debug("%s: using ca certificate %s", __func__, + proto->tlscacert); + } + if (strlen(proto->tlscakey) && proto->tlscapass != NULL) { + if ((rlay->rl_tls_cakey = + ssl_load_key(env, proto->tlscakey, + &rlay->rl_conf.tls_cakey_len, + proto->tlscapass)) == NULL) + return (-1); + log_debug("%s: using ca key %s", __func__, + proto->tlscakey); + } + } + + if ((rlay->rl_conf.flags & F_TLS) == 0) + return (0); + + if (print_host(&rlay->rl_conf.ss, hbuf, sizeof(hbuf)) == NULL) + return (-1); + + if (snprintf(certfile, sizeof(certfile), + "/etc/ssl/%s:%u.crt", hbuf, useport) == -1) + return (-1); + if ((rlay->rl_tls_cert_fd = open(certfile, O_RDONLY)) == -1) { + if (snprintf(certfile, sizeof(certfile), + "/etc/ssl/%s.crt", hbuf) == -1) + return (-1); + if ((rlay->rl_tls_cert_fd = open(certfile, O_RDONLY)) == -1) + return (-1); + useport = 0; + } + log_debug("%s: using certificate %s", __func__, certfile); + + if (useport) { + if (snprintf(certfile, sizeof(certfile), + "/etc/ssl/private/%s:%u.key", hbuf, useport) == -1) + return -1; + } else { + if (snprintf(certfile, sizeof(certfile), + "/etc/ssl/private/%s.key", hbuf) == -1) + return -1; + } + if ((rlay->rl_tls_key = ssl_load_key(env, certfile, + &rlay->rl_conf.tls_key_len, NULL)) == NULL) + return (-1); + log_debug("%s: using private key %s", __func__, certfile); + + return (0); +} + void event_again(struct event *ev, int fd, short event, void (*fn)(int, short, void *), diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index 552332b9056..d3c03da9f38 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.255 2019/05/13 09:54:07 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.256 2019/05/29 11:48:29 reyk Exp $ */ /* * Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org> @@ -1183,8 +1183,6 @@ void relay(struct privsep *, struct privsep_proc *); int relay_privinit(struct relay *); void relay_notify_done(struct host *, const char *); int relay_session_cmp(struct rsession *, struct rsession *); -char *relay_load_fd(int, off_t *); -int relay_load_certfiles(struct relay *); void relay_close(struct rsession *, const char *, int); int relay_reset_event(struct rsession *, struct ctl_relay_event *); void relay_natlook(int, short, void *); @@ -1298,6 +1296,8 @@ struct relay *relay_findbyname(struct relayd *, const char *); struct relay *relay_findbyaddr(struct relayd *, struct relay_config *); EVP_PKEY *pkey_find(struct relayd *, char *hash); struct ca_pkey *pkey_add(struct relayd *, EVP_PKEY *, char *hash); +char *relay_load_fd(int, off_t *); +int relay_load_certfiles(struct relayd *, struct relay *); int expand_string(char *, size_t, const char *, const char *); void translate_string(char *); void purge_key(char **, off_t); |