summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordeva <deva>2010-01-04 11:01:30 +0000
committerdeva <deva>2010-01-04 11:01:30 +0000
commitfc6e95c57f8f7f0acc083daf15dbac828e627e20 (patch)
tree79132d6c4f5dff5a848c6dbee3f6e1e1d50ec43b
parent99832c46482751486e3348f2e5e18ee46d0a2856 (diff)
Added config, cli and compiletime check for ssl usage. Still needs to check is microhttpd has ssl support.
-rw-r--r--server/configure.in17
-rw-r--r--server/src/configuration.cc7
-rw-r--r--server/src/configuration.h7
-rw-r--r--server/src/configurationparser.cc30
-rw-r--r--server/src/pracrod.cc48
-rw-r--r--server/src/server.cc137
-rw-r--r--server/src/transactionhandler.cc2
7 files changed, 131 insertions, 117 deletions
diff --git a/server/configure.in b/server/configure.in
index 7449594..cd5b937 100644
--- a/server/configure.in
+++ b/server/configure.in
@@ -57,6 +57,23 @@ else
PKG_CHECK_MODULES(PQXX, libpqxx >= 2.6.8)
fi
+dnl ======================
+dnl Compile with ssl support?
+dnl ======================
+AC_ARG_WITH(ssl,
+ [ --with-ssl build with ssl support, requires microhttpd to be build with ssl support (default=yes)],
+ [],
+ [with_ssl=yes])
+if test x$with_ssl == xno; then
+ AC_MSG_WARN([*** Building without ssl support!])
+ AC_DEFINE_UNQUOTED(WITHOUT_SSL, , [The project is configured not to use ssl])
+else
+ AC_MSG_WARN([*** Building with ssl support!])
+ dnl ======================
+ dnl TODO: Check for ssl support in microhttpd
+ dnl ======================
+fi
+
AC_PROG_CXX
AC_PROG_LIBTOOL
diff --git a/server/src/configuration.cc b/server/src/configuration.cc
index c1dcab1..34729c4 100644
--- a/server/src/configuration.cc
+++ b/server/src/configuration.cc
@@ -47,3 +47,10 @@ std::string Conf::database_user = "pracro";
std::string Conf::database_passwd = "pracro";
std::string Conf::xml_basedir = XML;
+
+bool Conf::use_ssl = false;
+std::string Conf::ssl_key = "";
+std::string Conf::ssl_cert = "";
+
+int Conf::connection_limit = 42;
+int Conf::connection_timeout = 0;
diff --git a/server/src/configuration.h b/server/src/configuration.h
index 3d9f7f1..c12bf19 100644
--- a/server/src/configuration.h
+++ b/server/src/configuration.h
@@ -54,6 +54,13 @@ namespace Conf {
extern std::string database_passwd;
extern std::string xml_basedir;
+
+ extern bool use_ssl;
+ extern std::string ssl_key;
+ extern std::string ssl_cert;
+
+ extern int connection_limit;
+ extern int connection_timeout;
};
#endif/*__ARTEFACT_CONFIGURATION_H__*/
diff --git a/server/src/configurationparser.cc b/server/src/configurationparser.cc
index 8247a45..551e8da 100644
--- a/server/src/configurationparser.cc
+++ b/server/src/configurationparser.cc
@@ -133,6 +133,36 @@ void ConfigurationParser::reload()
Conf::xml_basedir = p;
} catch( ... ) {
}
+
+ try {
+ bool b = lookup("use_ssl");
+ Conf::use_ssl = b;
+ } catch( ... ) {
+ }
+
+ try {
+ std::string s = lookup("ssl_key");
+ Conf::ssl_key = s;
+ } catch( ... ) {
+ }
+
+ try {
+ std::string s = lookup("ssl_cert");
+ Conf::ssl_cert = s;
+ } catch( ... ) {
+ }
+
+ try {
+ int i = lookup("connection_limit");
+ Conf::connection_limit = i;
+ } catch( ... ) {
+ }
+
+ try {
+ int i = lookup("connection_timeout");
+ Conf::connection_timeout = i;
+ } catch( ... ) {
+ }
}
#ifdef TEST_CONFIGURATIONPARSER
diff --git a/server/src/pracrod.cc b/server/src/pracrod.cc
index d17001c..6154f06 100644
--- a/server/src/pracrod.cc
+++ b/server/src/pracrod.cc
@@ -89,6 +89,7 @@ static const char usage_str[] =
" -h, --help Print this message and exit.\n"
" -D, --debug ddd Enable debug messages on 'ddd'; see documentation for details\n"
" -d --database db Use db as the database backend. Can be one of pgsql or testdb (default pgsql).\n"
+" -s, --ssl keyfile Enable ssl encryption with the key stored in keyfile.\n"
;
ConfigurationParser *configparser = NULL;
@@ -137,6 +138,39 @@ int PracroDaemon::daemon_main()
return 0;
}
+#define CERT "\
+-----BEGIN CERTIFICATE-----\n\
+MIICFTCCAX6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMRswGQYDVQQKExJBcGFj\n\
+aGUgSFRUUCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciB0ZXN0aW5nIHB1cnBvc2VzIG9u\n\
+bHkxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wNzA2MjEwODE4MzZaFw0wODA2MjAw\n\
+ODE4MzZaMEwxGzAZBgNVBAoTEkFwYWNoZSBIVFRQIFNlcnZlcjEZMBcGA1UECxMQ\n\
+VGVzdCBDZXJ0aWZpY2F0ZTESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3\n\
+DQEBAQUAA4GNADCBiQKBgQDWTACKSoxd5cL06w7RtPIhFqY1l3UE/aRGmPmh8gEo\n\
+w3zNf+gWxco2yjQgBTQhGww1ybOsAUtXPIsUOSFAGvPUKJZf8ibZMiJEzl2919uz\n\
+IcV9+cUm7k3jFPQx4ALQEalbV++o/lfT5lhgsSiH1t1eln2omVrGCjI/1HeYrw7X\n\
+owIDAQABMA0GCSqGSIb3DQEBBQUAA4GBALVFzprK6rYkWVZZZwq85w2lCYJpEl9a\n\
+66IMzIwNNRfyZMoc9D9PSwsXKYfYOg1RpMt7RhWT/bpggGlsFqctsAgJSv8Ol5Cz\n\
+DqTXhpV+8WOG6l4xDYZz3U3ajiu2jth2+aaMuWKy9Wkr8bzHGDufltToLalucne2\n\
+npM7yCJ83Ana\n\
+-----END CERTIFICATE-----"
+
+#define KEY "\
+-----BEGIN RSA PRIVATE KEY-----\n\
+MIICXAIBAAKBgQDWTACKSoxd5cL06w7RtPIhFqY1l3UE/aRGmPmh8gEow3zNf+gW\n\
+xco2yjQgBTQhGww1ybOsAUtXPIsUOSFAGvPUKJZf8ibZMiJEzl2919uzIcV9+cUm\n\
+7k3jFPQx4ALQEalbV++o/lfT5lhgsSiH1t1eln2omVrGCjI/1HeYrw7XowIDAQAB\n\
+AoGANUXHjJljs6P+hyw4DuHQn3El+ISiTo9PW02EIUIsD5opWFzHsYGR93Tk6GDi\n\
+yKgUrPprdAMOW61tVaWuImWQ32R2xyrJogjGYo9XE2xAej9N37jM0AGBtn/vd4Dr\n\
+LsYfpjNaM3gqIChD73iYfO+CrNbdLqTxIdG53g/u05GJ4cECQQD0vMm5+a8N82Jb\n\
+oHJgE2jb83WqaYBHe0O03ujtiq3+hPZHoVV3iJWmA/aMlgdtunkJT3PdEsVfQNkH\n\
+fvzR9JhbAkEA4CiZRk5Gcz7cEqyogDTMQYtmrE8hbgofISLuz1rpTEzd8hFAcerU\n\
+nuwFIT3go3hO7oIHMlKU1H5iT1BsFvegWQJBAOSa6A+5A+STIKAX+l52Iu+5tYKN\n\
+885RfMgZpBgm/yoMxwPX1r7GLYsajpV5mszLbz3cIo0xeH3mVBOlccEoqZsCQECP\n\
+8PWq/eebp09Jo46pplsKh5wBfqNvDuBAa4AVszRiv1pFVcZ52JudZyzX4aezsyhH\n\
+E0OPPYamkDI/+6Hx2KECQHF9xV1XatyXuFmfRAInK2BtfGY5UIvJaLxVD3Z1+i6q\n\
+/enz7/wUwvC6G4FSWNMYgAYJOfwZ3BerdkqcRNxyR/Q=\n\
+-----END RSA PRIVATE KEY-----"
+
int main(int argc, char *argv[])
{
int c;
@@ -163,10 +197,11 @@ int main(int argc, char *argv[])
{"xml-basedir", required_argument, 0, 'x'},
{"debug", required_argument, 0, 'D'},
{"database", required_argument, 0, 'd'},
+ {"ssl", required_argument, 0, 's'},
{0, 0, 0, 0}
};
- c = getopt_long (argc, argv, "D:hvfc:u:g:x:d:", long_options, &option_index);
+ c = getopt_long (argc, argv, "D:hvfc:u:g:x:d:s:", long_options, &option_index);
if (c == -1)
break;
@@ -200,6 +235,17 @@ int main(int argc, char *argv[])
debugstr = strdup(optarg);
break;
+ case 's':
+#ifdef WITHOUT_SSL
+ PRACRO_ERR(server, "Pracro was not compiled with SSL support!\n");
+ return 1;
+#else
+ Conf::use_ssl = true;
+ Conf::ssl_key = KEY;
+ Conf::ssl_cert = CERT;
+#endif
+ break;
+
case '?':
case 'h':
printf("%s", version_str);
diff --git a/server/src/server.cc b/server/src/server.cc
index 747e88c..9b8f7f1 100644
--- a/server/src/server.cc
+++ b/server/src/server.cc
@@ -26,6 +26,8 @@
*/
#include "server.h"
+#include <config.h>
+
#include "tcpsocket.h"
#include <errno.h>
@@ -204,39 +206,6 @@ static void httpderr(void *arg, const char *fmt, va_list ap)
PRACRO_ERR_VA(server, fmt, ap);
}
-#define CERT "\
------BEGIN CERTIFICATE-----\n\
-MIICFTCCAX6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMRswGQYDVQQKExJBcGFj\n\
-aGUgSFRUUCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciB0ZXN0aW5nIHB1cnBvc2VzIG9u\n\
-bHkxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wNzA2MjEwODE4MzZaFw0wODA2MjAw\n\
-ODE4MzZaMEwxGzAZBgNVBAoTEkFwYWNoZSBIVFRQIFNlcnZlcjEZMBcGA1UECxMQ\n\
-VGVzdCBDZXJ0aWZpY2F0ZTESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3\n\
-DQEBAQUAA4GNADCBiQKBgQDWTACKSoxd5cL06w7RtPIhFqY1l3UE/aRGmPmh8gEo\n\
-w3zNf+gWxco2yjQgBTQhGww1ybOsAUtXPIsUOSFAGvPUKJZf8ibZMiJEzl2919uz\n\
-IcV9+cUm7k3jFPQx4ALQEalbV++o/lfT5lhgsSiH1t1eln2omVrGCjI/1HeYrw7X\n\
-owIDAQABMA0GCSqGSIb3DQEBBQUAA4GBALVFzprK6rYkWVZZZwq85w2lCYJpEl9a\n\
-66IMzIwNNRfyZMoc9D9PSwsXKYfYOg1RpMt7RhWT/bpggGlsFqctsAgJSv8Ol5Cz\n\
-DqTXhpV+8WOG6l4xDYZz3U3ajiu2jth2+aaMuWKy9Wkr8bzHGDufltToLalucne2\n\
-npM7yCJ83Ana\n\
------END CERTIFICATE-----"
-
-#define KEY "\
------BEGIN RSA PRIVATE KEY-----\n\
-MIICXAIBAAKBgQDWTACKSoxd5cL06w7RtPIhFqY1l3UE/aRGmPmh8gEow3zNf+gW\n\
-xco2yjQgBTQhGww1ybOsAUtXPIsUOSFAGvPUKJZf8ibZMiJEzl2919uzIcV9+cUm\n\
-7k3jFPQx4ALQEalbV++o/lfT5lhgsSiH1t1eln2omVrGCjI/1HeYrw7XowIDAQAB\n\
-AoGANUXHjJljs6P+hyw4DuHQn3El+ISiTo9PW02EIUIsD5opWFzHsYGR93Tk6GDi\n\
-yKgUrPprdAMOW61tVaWuImWQ32R2xyrJogjGYo9XE2xAej9N37jM0AGBtn/vd4Dr\n\
-LsYfpjNaM3gqIChD73iYfO+CrNbdLqTxIdG53g/u05GJ4cECQQD0vMm5+a8N82Jb\n\
-oHJgE2jb83WqaYBHe0O03ujtiq3+hPZHoVV3iJWmA/aMlgdtunkJT3PdEsVfQNkH\n\
-fvzR9JhbAkEA4CiZRk5Gcz7cEqyogDTMQYtmrE8hbgofISLuz1rpTEzd8hFAcerU\n\
-nuwFIT3go3hO7oIHMlKU1H5iT1BsFvegWQJBAOSa6A+5A+STIKAX+l52Iu+5tYKN\n\
-885RfMgZpBgm/yoMxwPX1r7GLYsajpV5mszLbz3cIo0xeH3mVBOlccEoqZsCQECP\n\
-8PWq/eebp09Jo46pplsKh5wBfqNvDuBAa4AVszRiv1pFVcZ52JudZyzX4aezsyhH\n\
-E0OPPYamkDI/+6Hx2KECQHF9xV1XatyXuFmfRAInK2BtfGY5UIvJaLxVD3Z1+i6q\n\
-/enz7/wUwvC6G4FSWNMYgAYJOfwZ3BerdkqcRNxyR/Q=\n\
------END RSA PRIVATE KEY-----"
-
extern bool pracro_is_running;
void server()
{
@@ -245,6 +214,11 @@ void server()
bool forceshutdown = false;
port_t port = Conf::server_port;
+ int flags = MHD_USE_DEBUG | MHD_USE_SELECT_INTERNALLY; // | MHD_USE_PEDANTIC_CHECKS
+#ifndef WITHOUT_SSL
+ if(Conf::use_ssl) flags |= MHD_USE_SSL;
+#endif
+
PRACRO_DEBUG(server, "Server running on port %d.\n", port);
struct conn_t conn;
@@ -252,19 +226,15 @@ void server()
"", Conf::database_user, Conf::database_passwd, "");
struct MHD_Daemon *d;
- d = MHD_start_daemon(MHD_USE_DEBUG
- | MHD_USE_SELECT_INTERNALLY
- // | MHD_USE_PEDANTIC_CHECKS
- // | MHD_USE_SSL
- ,
- port,
- NULL, NULL,
+ d = MHD_start_daemon(flags, port, NULL, NULL,
handle_request, &conn,
MHD_OPTION_NOTIFY_COMPLETED, NULL, NULL,
- // MHD_OPTION_CONNECTION_LIMIT, 42,
- MHD_OPTION_HTTPS_MEM_KEY, KEY,
- MHD_OPTION_HTTPS_MEM_CERT, CERT,
- //MHD_OPTION_CONNECTION_TIMEOUT, 0,
+ MHD_OPTION_CONNECTION_LIMIT, Conf::connection_limit,
+#ifndef WITHOUT_SSL
+ MHD_OPTION_HTTPS_MEM_KEY, Conf::ssl_key.c_str(),
+ MHD_OPTION_HTTPS_MEM_CERT, Conf::ssl_cert.c_str(),
+#endif
+ MHD_OPTION_CONNECTION_TIMEOUT, Conf::connection_timeout,
MHD_OPTION_EXTERNAL_LOGGER, httpderr, NULL,
MHD_OPTION_END);
@@ -276,11 +246,14 @@ void server()
while(pracro_is_running) sleep(1);
if(!forceshutdown && conn.sessions.size() != 0) {
- char errbuf[128];
- snprintf(errbuf, sizeof(errbuf), "There are %d live sessions."
- " Kill again to force shutdown.\n", conn.sessions.size());
- PRACRO_ERR_LOG(server, "%s", errbuf);
- log(errbuf);
+ char *errbuf;
+ if(asprintf(&errbuf, "There are %d live sessions."
+ " Kill again to force shutdown.\n",
+ conn.sessions.size()) != -1) {
+ PRACRO_ERR_LOG(server, "%s", errbuf);
+ log(errbuf);
+ free(errbuf);
+ }
pracro_is_running = true;
forceshutdown = true;
goto again;
@@ -293,72 +266,6 @@ void server()
}
-#if 0
-//#define NON_FORKING
-#include <sys/socket.h>
-extern bool pracro_is_running;
-void server()
-{
- port_t port = Conf::server_port;
- TCPSocket *socket = NULL;
-
- try {
- socket = new TCPSocket("Listen socket");
- socket->listen(port);
- } catch (Exception &e) {
- PRACRO_ERR_LOG(server, "Error in listen:\n%s\n", e.what());
- delete socket;
- socket = NULL;
- return;
- }
-
- while(pracro_is_running && socket->connected()) {
-
- { // Reload if new port is assigned.
- int old_port = port;
- port = Conf::server_port;
-
- if(port != old_port) {
- // Start listening on the new port
- delete socket;
- socket = new TCPSocket("Listen socket (reloaded)");
- socket->listen(port);
- }
- }
-
- TCPSocket *child = socket->accept();
- if(child) {
-
-#ifndef NON_FORKING
- switch(fork()) {
- case -1: // error
- PRACRO_ERR_LOG(server, "Could not fork: %s\n", strerror(errno));
- break;
-
- case 0: // child
- delete socket;
-#endif/*NON_FORKING*/
- handleConnection(child);
- delete child;
-#ifndef NON_FORKING
- return;
-
- default: // parent
- delete child;
- break;
- }
-#endif/*NON_FORKING*/
-
- }
- }
-
- //socket->shutdown();
- delete socket;
-
- PRACRO_DEBUG(server, "Server gracefully shut down.\n");
-}
-#endif//0
-
#ifdef TEST_SERVER
#include <sys/types.h>
diff --git a/server/src/transactionhandler.cc b/server/src/transactionhandler.cc
index fa7a419..06e5be4 100644
--- a/server/src/transactionhandler.cc
+++ b/server/src/transactionhandler.cc
@@ -262,7 +262,7 @@ std::string handleTransaction(Transaction *transaction,
//Additional dependency files
//deps:
//Required cflags (autoconf vars may be used)
-//cflags:
+//cflags: -I..
//Required link options (autoconf vars may be used)
//libs:
#include "test.h"