From fc6e95c57f8f7f0acc083daf15dbac828e627e20 Mon Sep 17 00:00:00 2001 From: deva Date: Mon, 4 Jan 2010 11:01:30 +0000 Subject: Added config, cli and compiletime check for ssl usage. Still needs to check is microhttpd has ssl support. --- server/configure.in | 17 +++++ server/src/configuration.cc | 7 ++ server/src/configuration.h | 7 ++ server/src/configurationparser.cc | 30 +++++++++ server/src/pracrod.cc | 48 ++++++++++++- server/src/server.cc | 137 ++++++-------------------------------- server/src/transactionhandler.cc | 2 +- 7 files changed, 131 insertions(+), 117 deletions(-) diff --git a/server/configure.in b/server/configure.in index 7449594..cd5b937 100644 --- a/server/configure.in +++ b/server/configure.in @@ -57,6 +57,23 @@ else PKG_CHECK_MODULES(PQXX, libpqxx >= 2.6.8) fi +dnl ====================== +dnl Compile with ssl support? +dnl ====================== +AC_ARG_WITH(ssl, + [ --with-ssl build with ssl support, requires microhttpd to be build with ssl support (default=yes)], + [], + [with_ssl=yes]) +if test x$with_ssl == xno; then + AC_MSG_WARN([*** Building without ssl support!]) + AC_DEFINE_UNQUOTED(WITHOUT_SSL, , [The project is configured not to use ssl]) +else + AC_MSG_WARN([*** Building with ssl support!]) + dnl ====================== + dnl TODO: Check for ssl support in microhttpd + dnl ====================== +fi + AC_PROG_CXX AC_PROG_LIBTOOL diff --git a/server/src/configuration.cc b/server/src/configuration.cc index c1dcab1..34729c4 100644 --- a/server/src/configuration.cc +++ b/server/src/configuration.cc @@ -47,3 +47,10 @@ std::string Conf::database_user = "pracro"; std::string Conf::database_passwd = "pracro"; std::string Conf::xml_basedir = XML; + +bool Conf::use_ssl = false; +std::string Conf::ssl_key = ""; +std::string Conf::ssl_cert = ""; + +int Conf::connection_limit = 42; +int Conf::connection_timeout = 0; diff --git a/server/src/configuration.h b/server/src/configuration.h index 3d9f7f1..c12bf19 100644 --- a/server/src/configuration.h +++ b/server/src/configuration.h @@ -54,6 +54,13 @@ namespace Conf { extern std::string database_passwd; extern std::string xml_basedir; + + extern bool use_ssl; + extern std::string ssl_key; + extern std::string ssl_cert; + + extern int connection_limit; + extern int connection_timeout; }; #endif/*__ARTEFACT_CONFIGURATION_H__*/ diff --git a/server/src/configurationparser.cc b/server/src/configurationparser.cc index 8247a45..551e8da 100644 --- a/server/src/configurationparser.cc +++ b/server/src/configurationparser.cc @@ -133,6 +133,36 @@ void ConfigurationParser::reload() Conf::xml_basedir = p; } catch( ... ) { } + + try { + bool b = lookup("use_ssl"); + Conf::use_ssl = b; + } catch( ... ) { + } + + try { + std::string s = lookup("ssl_key"); + Conf::ssl_key = s; + } catch( ... ) { + } + + try { + std::string s = lookup("ssl_cert"); + Conf::ssl_cert = s; + } catch( ... ) { + } + + try { + int i = lookup("connection_limit"); + Conf::connection_limit = i; + } catch( ... ) { + } + + try { + int i = lookup("connection_timeout"); + Conf::connection_timeout = i; + } catch( ... ) { + } } #ifdef TEST_CONFIGURATIONPARSER diff --git a/server/src/pracrod.cc b/server/src/pracrod.cc index d17001c..6154f06 100644 --- a/server/src/pracrod.cc +++ b/server/src/pracrod.cc @@ -89,6 +89,7 @@ static const char usage_str[] = " -h, --help Print this message and exit.\n" " -D, --debug ddd Enable debug messages on 'ddd'; see documentation for details\n" " -d --database db Use db as the database backend. Can be one of pgsql or testdb (default pgsql).\n" +" -s, --ssl keyfile Enable ssl encryption with the key stored in keyfile.\n" ; ConfigurationParser *configparser = NULL; @@ -137,6 +138,39 @@ int PracroDaemon::daemon_main() return 0; } +#define CERT "\ +-----BEGIN CERTIFICATE-----\n\ +MIICFTCCAX6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMRswGQYDVQQKExJBcGFj\n\ +aGUgSFRUUCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciB0ZXN0aW5nIHB1cnBvc2VzIG9u\n\ +bHkxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wNzA2MjEwODE4MzZaFw0wODA2MjAw\n\ +ODE4MzZaMEwxGzAZBgNVBAoTEkFwYWNoZSBIVFRQIFNlcnZlcjEZMBcGA1UECxMQ\n\ +VGVzdCBDZXJ0aWZpY2F0ZTESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3\n\ +DQEBAQUAA4GNADCBiQKBgQDWTACKSoxd5cL06w7RtPIhFqY1l3UE/aRGmPmh8gEo\n\ +w3zNf+gWxco2yjQgBTQhGww1ybOsAUtXPIsUOSFAGvPUKJZf8ibZMiJEzl2919uz\n\ +IcV9+cUm7k3jFPQx4ALQEalbV++o/lfT5lhgsSiH1t1eln2omVrGCjI/1HeYrw7X\n\ +owIDAQABMA0GCSqGSIb3DQEBBQUAA4GBALVFzprK6rYkWVZZZwq85w2lCYJpEl9a\n\ +66IMzIwNNRfyZMoc9D9PSwsXKYfYOg1RpMt7RhWT/bpggGlsFqctsAgJSv8Ol5Cz\n\ +DqTXhpV+8WOG6l4xDYZz3U3ajiu2jth2+aaMuWKy9Wkr8bzHGDufltToLalucne2\n\ +npM7yCJ83Ana\n\ +-----END CERTIFICATE-----" + +#define KEY "\ +-----BEGIN RSA PRIVATE KEY-----\n\ +MIICXAIBAAKBgQDWTACKSoxd5cL06w7RtPIhFqY1l3UE/aRGmPmh8gEow3zNf+gW\n\ +xco2yjQgBTQhGww1ybOsAUtXPIsUOSFAGvPUKJZf8ibZMiJEzl2919uzIcV9+cUm\n\ +7k3jFPQx4ALQEalbV++o/lfT5lhgsSiH1t1eln2omVrGCjI/1HeYrw7XowIDAQAB\n\ +AoGANUXHjJljs6P+hyw4DuHQn3El+ISiTo9PW02EIUIsD5opWFzHsYGR93Tk6GDi\n\ +yKgUrPprdAMOW61tVaWuImWQ32R2xyrJogjGYo9XE2xAej9N37jM0AGBtn/vd4Dr\n\ +LsYfpjNaM3gqIChD73iYfO+CrNbdLqTxIdG53g/u05GJ4cECQQD0vMm5+a8N82Jb\n\ +oHJgE2jb83WqaYBHe0O03ujtiq3+hPZHoVV3iJWmA/aMlgdtunkJT3PdEsVfQNkH\n\ +fvzR9JhbAkEA4CiZRk5Gcz7cEqyogDTMQYtmrE8hbgofISLuz1rpTEzd8hFAcerU\n\ +nuwFIT3go3hO7oIHMlKU1H5iT1BsFvegWQJBAOSa6A+5A+STIKAX+l52Iu+5tYKN\n\ +885RfMgZpBgm/yoMxwPX1r7GLYsajpV5mszLbz3cIo0xeH3mVBOlccEoqZsCQECP\n\ +8PWq/eebp09Jo46pplsKh5wBfqNvDuBAa4AVszRiv1pFVcZ52JudZyzX4aezsyhH\n\ +E0OPPYamkDI/+6Hx2KECQHF9xV1XatyXuFmfRAInK2BtfGY5UIvJaLxVD3Z1+i6q\n\ +/enz7/wUwvC6G4FSWNMYgAYJOfwZ3BerdkqcRNxyR/Q=\n\ +-----END RSA PRIVATE KEY-----" + int main(int argc, char *argv[]) { int c; @@ -163,10 +197,11 @@ int main(int argc, char *argv[]) {"xml-basedir", required_argument, 0, 'x'}, {"debug", required_argument, 0, 'D'}, {"database", required_argument, 0, 'd'}, + {"ssl", required_argument, 0, 's'}, {0, 0, 0, 0} }; - c = getopt_long (argc, argv, "D:hvfc:u:g:x:d:", long_options, &option_index); + c = getopt_long (argc, argv, "D:hvfc:u:g:x:d:s:", long_options, &option_index); if (c == -1) break; @@ -200,6 +235,17 @@ int main(int argc, char *argv[]) debugstr = strdup(optarg); break; + case 's': +#ifdef WITHOUT_SSL + PRACRO_ERR(server, "Pracro was not compiled with SSL support!\n"); + return 1; +#else + Conf::use_ssl = true; + Conf::ssl_key = KEY; + Conf::ssl_cert = CERT; +#endif + break; + case '?': case 'h': printf("%s", version_str); diff --git a/server/src/server.cc b/server/src/server.cc index 747e88c..9b8f7f1 100644 --- a/server/src/server.cc +++ b/server/src/server.cc @@ -26,6 +26,8 @@ */ #include "server.h" +#include + #include "tcpsocket.h" #include @@ -204,39 +206,6 @@ static void httpderr(void *arg, const char *fmt, va_list ap) PRACRO_ERR_VA(server, fmt, ap); } -#define CERT "\ ------BEGIN CERTIFICATE-----\n\ -MIICFTCCAX6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMRswGQYDVQQKExJBcGFj\n\ -aGUgSFRUUCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciB0ZXN0aW5nIHB1cnBvc2VzIG9u\n\ -bHkxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wNzA2MjEwODE4MzZaFw0wODA2MjAw\n\ -ODE4MzZaMEwxGzAZBgNVBAoTEkFwYWNoZSBIVFRQIFNlcnZlcjEZMBcGA1UECxMQ\n\ -VGVzdCBDZXJ0aWZpY2F0ZTESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3\n\ -DQEBAQUAA4GNADCBiQKBgQDWTACKSoxd5cL06w7RtPIhFqY1l3UE/aRGmPmh8gEo\n\ -w3zNf+gWxco2yjQgBTQhGww1ybOsAUtXPIsUOSFAGvPUKJZf8ibZMiJEzl2919uz\n\ -IcV9+cUm7k3jFPQx4ALQEalbV++o/lfT5lhgsSiH1t1eln2omVrGCjI/1HeYrw7X\n\ -owIDAQABMA0GCSqGSIb3DQEBBQUAA4GBALVFzprK6rYkWVZZZwq85w2lCYJpEl9a\n\ -66IMzIwNNRfyZMoc9D9PSwsXKYfYOg1RpMt7RhWT/bpggGlsFqctsAgJSv8Ol5Cz\n\ -DqTXhpV+8WOG6l4xDYZz3U3ajiu2jth2+aaMuWKy9Wkr8bzHGDufltToLalucne2\n\ -npM7yCJ83Ana\n\ ------END CERTIFICATE-----" - -#define KEY "\ ------BEGIN RSA PRIVATE KEY-----\n\ -MIICXAIBAAKBgQDWTACKSoxd5cL06w7RtPIhFqY1l3UE/aRGmPmh8gEow3zNf+gW\n\ -xco2yjQgBTQhGww1ybOsAUtXPIsUOSFAGvPUKJZf8ibZMiJEzl2919uzIcV9+cUm\n\ -7k3jFPQx4ALQEalbV++o/lfT5lhgsSiH1t1eln2omVrGCjI/1HeYrw7XowIDAQAB\n\ -AoGANUXHjJljs6P+hyw4DuHQn3El+ISiTo9PW02EIUIsD5opWFzHsYGR93Tk6GDi\n\ -yKgUrPprdAMOW61tVaWuImWQ32R2xyrJogjGYo9XE2xAej9N37jM0AGBtn/vd4Dr\n\ -LsYfpjNaM3gqIChD73iYfO+CrNbdLqTxIdG53g/u05GJ4cECQQD0vMm5+a8N82Jb\n\ -oHJgE2jb83WqaYBHe0O03ujtiq3+hPZHoVV3iJWmA/aMlgdtunkJT3PdEsVfQNkH\n\ -fvzR9JhbAkEA4CiZRk5Gcz7cEqyogDTMQYtmrE8hbgofISLuz1rpTEzd8hFAcerU\n\ -nuwFIT3go3hO7oIHMlKU1H5iT1BsFvegWQJBAOSa6A+5A+STIKAX+l52Iu+5tYKN\n\ -885RfMgZpBgm/yoMxwPX1r7GLYsajpV5mszLbz3cIo0xeH3mVBOlccEoqZsCQECP\n\ -8PWq/eebp09Jo46pplsKh5wBfqNvDuBAa4AVszRiv1pFVcZ52JudZyzX4aezsyhH\n\ -E0OPPYamkDI/+6Hx2KECQHF9xV1XatyXuFmfRAInK2BtfGY5UIvJaLxVD3Z1+i6q\n\ -/enz7/wUwvC6G4FSWNMYgAYJOfwZ3BerdkqcRNxyR/Q=\n\ ------END RSA PRIVATE KEY-----" - extern bool pracro_is_running; void server() { @@ -245,6 +214,11 @@ void server() bool forceshutdown = false; port_t port = Conf::server_port; + int flags = MHD_USE_DEBUG | MHD_USE_SELECT_INTERNALLY; // | MHD_USE_PEDANTIC_CHECKS +#ifndef WITHOUT_SSL + if(Conf::use_ssl) flags |= MHD_USE_SSL; +#endif + PRACRO_DEBUG(server, "Server running on port %d.\n", port); struct conn_t conn; @@ -252,19 +226,15 @@ void server() "", Conf::database_user, Conf::database_passwd, ""); struct MHD_Daemon *d; - d = MHD_start_daemon(MHD_USE_DEBUG - | MHD_USE_SELECT_INTERNALLY - // | MHD_USE_PEDANTIC_CHECKS - // | MHD_USE_SSL - , - port, - NULL, NULL, + d = MHD_start_daemon(flags, port, NULL, NULL, handle_request, &conn, MHD_OPTION_NOTIFY_COMPLETED, NULL, NULL, - // MHD_OPTION_CONNECTION_LIMIT, 42, - MHD_OPTION_HTTPS_MEM_KEY, KEY, - MHD_OPTION_HTTPS_MEM_CERT, CERT, - //MHD_OPTION_CONNECTION_TIMEOUT, 0, + MHD_OPTION_CONNECTION_LIMIT, Conf::connection_limit, +#ifndef WITHOUT_SSL + MHD_OPTION_HTTPS_MEM_KEY, Conf::ssl_key.c_str(), + MHD_OPTION_HTTPS_MEM_CERT, Conf::ssl_cert.c_str(), +#endif + MHD_OPTION_CONNECTION_TIMEOUT, Conf::connection_timeout, MHD_OPTION_EXTERNAL_LOGGER, httpderr, NULL, MHD_OPTION_END); @@ -276,11 +246,14 @@ void server() while(pracro_is_running) sleep(1); if(!forceshutdown && conn.sessions.size() != 0) { - char errbuf[128]; - snprintf(errbuf, sizeof(errbuf), "There are %d live sessions." - " Kill again to force shutdown.\n", conn.sessions.size()); - PRACRO_ERR_LOG(server, "%s", errbuf); - log(errbuf); + char *errbuf; + if(asprintf(&errbuf, "There are %d live sessions." + " Kill again to force shutdown.\n", + conn.sessions.size()) != -1) { + PRACRO_ERR_LOG(server, "%s", errbuf); + log(errbuf); + free(errbuf); + } pracro_is_running = true; forceshutdown = true; goto again; @@ -293,72 +266,6 @@ void server() } -#if 0 -//#define NON_FORKING -#include -extern bool pracro_is_running; -void server() -{ - port_t port = Conf::server_port; - TCPSocket *socket = NULL; - - try { - socket = new TCPSocket("Listen socket"); - socket->listen(port); - } catch (Exception &e) { - PRACRO_ERR_LOG(server, "Error in listen:\n%s\n", e.what()); - delete socket; - socket = NULL; - return; - } - - while(pracro_is_running && socket->connected()) { - - { // Reload if new port is assigned. - int old_port = port; - port = Conf::server_port; - - if(port != old_port) { - // Start listening on the new port - delete socket; - socket = new TCPSocket("Listen socket (reloaded)"); - socket->listen(port); - } - } - - TCPSocket *child = socket->accept(); - if(child) { - -#ifndef NON_FORKING - switch(fork()) { - case -1: // error - PRACRO_ERR_LOG(server, "Could not fork: %s\n", strerror(errno)); - break; - - case 0: // child - delete socket; -#endif/*NON_FORKING*/ - handleConnection(child); - delete child; -#ifndef NON_FORKING - return; - - default: // parent - delete child; - break; - } -#endif/*NON_FORKING*/ - - } - } - - //socket->shutdown(); - delete socket; - - PRACRO_DEBUG(server, "Server gracefully shut down.\n"); -} -#endif//0 - #ifdef TEST_SERVER #include diff --git a/server/src/transactionhandler.cc b/server/src/transactionhandler.cc index fa7a419..06e5be4 100644 --- a/server/src/transactionhandler.cc +++ b/server/src/transactionhandler.cc @@ -262,7 +262,7 @@ std::string handleTransaction(Transaction *transaction, //Additional dependency files //deps: //Required cflags (autoconf vars may be used) -//cflags: +//cflags: -I.. //Required link options (autoconf vars may be used) //libs: #include "test.h" -- cgit v1.2.3