Added option to redirect from adc:// to adcs:// if tls is required.
This commit is contained in:
parent
6daa5ecf95
commit
f65a81a2aa
|
@ -10,7 +10,7 @@ LD := $(CC)
|
||||||
MV := mv
|
MV := mv
|
||||||
RANLIB := ranlib
|
RANLIB := ranlib
|
||||||
CFLAGS += -pipe -Wall
|
CFLAGS += -pipe -Wall
|
||||||
USE_SSL ?= NO
|
USE_SSL ?= YES
|
||||||
USE_BIGENDIAN ?= AUTO
|
USE_BIGENDIAN ?= AUTO
|
||||||
BITS ?= AUTO
|
BITS ?= AUTO
|
||||||
SILENT ?= YES
|
SILENT ?= YES
|
||||||
|
|
|
@ -417,6 +417,17 @@
|
||||||
<since>0.3.0</since>
|
<since>0.3.0</since>
|
||||||
</option>
|
</option>
|
||||||
|
|
||||||
|
<option name="tls_require_redirect_addr" type="string" default="">
|
||||||
|
<check regexp="(adc|adcs|dchub)://.*" />
|
||||||
|
<short>A redirect address in case a client connects using "adc://" when "adcs://" is required.</short>
|
||||||
|
<description><![CDATA[
|
||||||
|
This is the redirect address used when the hub wants to redirect a client for not using ADCS.
|
||||||
|
For instance a hub at adc://adc.example.com might redirect to adcs://adc.example.com
|
||||||
|
]]></description>
|
||||||
|
<since>0.3.3</since>
|
||||||
|
</option>
|
||||||
|
|
||||||
|
|
||||||
<option name="tls_certificate" type="file" default="">
|
<option name="tls_certificate" type="file" default="">
|
||||||
<short>Certificate file</short>
|
<short>Certificate file</short>
|
||||||
<description><![CDATA[
|
<description><![CDATA[
|
||||||
|
|
|
@ -42,6 +42,7 @@ void config_defaults(struct hub_config* config)
|
||||||
config->flood_ctl_extras = 0;
|
config->flood_ctl_extras = 0;
|
||||||
config->tls_enable = 0;
|
config->tls_enable = 0;
|
||||||
config->tls_require = 0;
|
config->tls_require = 0;
|
||||||
|
config->tls_require_redirect_addr = hub_strdup("");
|
||||||
config->tls_certificate = hub_strdup("");
|
config->tls_certificate = hub_strdup("");
|
||||||
config->tls_private_key = hub_strdup("");
|
config->tls_private_key = hub_strdup("");
|
||||||
config->file_motd = hub_strdup("");
|
config->file_motd = hub_strdup("");
|
||||||
|
@ -535,6 +536,17 @@ static int apply_config(struct hub_config* config, char* key, char* data, int li
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!strcmp(key, "tls_require_redirect_addr"))
|
||||||
|
{
|
||||||
|
if (!apply_string(key, data, &config->tls_require_redirect_addr, (char*) ""))
|
||||||
|
{
|
||||||
|
LOG_ERROR("Configuration parse error on line %d", line_count);
|
||||||
|
LOG_ERROR("\"tls_require_redirect_addr\" (string), default=\"\"");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (!strcmp(key, "tls_certificate"))
|
if (!strcmp(key, "tls_certificate"))
|
||||||
{
|
{
|
||||||
if (!apply_string(key, data, &config->tls_certificate, (char*) ""))
|
if (!apply_string(key, data, &config->tls_certificate, (char*) ""))
|
||||||
|
@ -1003,6 +1015,8 @@ void free_config(struct hub_config* config)
|
||||||
|
|
||||||
hub_free(config->redirect_addr);
|
hub_free(config->redirect_addr);
|
||||||
|
|
||||||
|
hub_free(config->tls_require_redirect_addr);
|
||||||
|
|
||||||
hub_free(config->tls_certificate);
|
hub_free(config->tls_certificate);
|
||||||
|
|
||||||
hub_free(config->tls_private_key);
|
hub_free(config->tls_private_key);
|
||||||
|
@ -1209,6 +1223,9 @@ void dump_config(struct hub_config* config, int ignore_defaults)
|
||||||
if (!ignore_defaults || config->tls_require != 0)
|
if (!ignore_defaults || config->tls_require != 0)
|
||||||
fprintf(stdout, "tls_require = %s\n", config->tls_require ? "yes" : "no");
|
fprintf(stdout, "tls_require = %s\n", config->tls_require ? "yes" : "no");
|
||||||
|
|
||||||
|
if (!ignore_defaults || strcmp(config->tls_require_redirect_addr, "") != 0)
|
||||||
|
fprintf(stdout, "tls_require_redirect_addr = \"%s\"\n", config->tls_require_redirect_addr);
|
||||||
|
|
||||||
if (!ignore_defaults || strcmp(config->tls_certificate, "") != 0)
|
if (!ignore_defaults || strcmp(config->tls_certificate, "") != 0)
|
||||||
fprintf(stdout, "tls_certificate = \"%s\"\n", config->tls_certificate);
|
fprintf(stdout, "tls_certificate = \"%s\"\n", config->tls_certificate);
|
||||||
|
|
||||||
|
|
|
@ -42,6 +42,7 @@ struct hub_config
|
||||||
int flood_ctl_extras; /*<<< Max extra messages allowed in time interval (default: 0) */
|
int flood_ctl_extras; /*<<< Max extra messages allowed in time interval (default: 0) */
|
||||||
int tls_enable; /*<<< Enable SSL/TLS support (default: 0) */
|
int tls_enable; /*<<< Enable SSL/TLS support (default: 0) */
|
||||||
int tls_require; /*<<< If SSL/TLS enabled, should it be required (default: 0) (default: 0) */
|
int tls_require; /*<<< If SSL/TLS enabled, should it be required (default: 0) (default: 0) */
|
||||||
|
char* tls_require_redirect_addr; /*<<< A redirect address in case a client connects using "adc://" when "adcs://" is required. (default: ) */
|
||||||
char* tls_certificate; /*<<< Certificate file (default: ) */
|
char* tls_certificate; /*<<< Certificate file (default: ) */
|
||||||
char* tls_private_key; /*<<< Private key file (default: ) */
|
char* tls_private_key; /*<<< Private key file (default: ) */
|
||||||
char* file_motd; /*<<< File containing the 'message of the day (default: ) */
|
char* file_motd; /*<<< File containing the 'message of the day (default: ) */
|
||||||
|
|
|
@ -48,9 +48,19 @@ static void probe_net_event(struct net_connection* con, int events, void *arg)
|
||||||
LOG_TRACE("Probed ADC");
|
LOG_TRACE("Probed ADC");
|
||||||
#ifdef SSL_SUPPORT
|
#ifdef SSL_SUPPORT
|
||||||
if (probe->hub->config->tls_enable && probe->hub->config->tls_require)
|
if (probe->hub->config->tls_enable && probe->hub->config->tls_require)
|
||||||
|
{
|
||||||
|
if (*probe->hub->config->tls_require_redirect_addr)
|
||||||
|
{
|
||||||
|
char buf[512];
|
||||||
|
ssize_t len = snprintf(buf, sizeof(buf), "ISUP " ADC_PROTO_SUPPORT "\nISID AAAB\nIINF NIRedirecting...\nIQUI AAAB RD%s\n", probe->hub->config->tls_require_redirect_addr);
|
||||||
|
net_con_send(con, buf, (size_t) len);
|
||||||
|
LOG_TRACE("Not TLS connection - Redirecting to %s.", probe->hub->config->tls_require_redirect_addr);
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
LOG_TRACE("Not TLS connection - closing connection.");
|
LOG_TRACE("Not TLS connection - closing connection.");
|
||||||
}
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
if (user_create(probe->hub, probe->connection, &probe->addr))
|
if (user_create(probe->hub, probe->connection, &probe->addr))
|
||||||
|
@ -60,9 +70,8 @@ static void probe_net_event(struct net_connection* con, int events, void *arg)
|
||||||
probe_destroy(probe);
|
probe_destroy(probe);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef SSL_SUPPORT
|
#ifdef SSL_SUPPORT
|
||||||
if (bytes >= 11 &&
|
else if (bytes >= 11 &&
|
||||||
probe_recvbuf[0] == 22 &&
|
probe_recvbuf[0] == 22 &&
|
||||||
probe_recvbuf[1] == 3 && /* protocol major version */
|
probe_recvbuf[1] == 3 && /* protocol major version */
|
||||||
probe_recvbuf[5] == 1 && /* message type */
|
probe_recvbuf[5] == 1 && /* message type */
|
||||||
|
|
Loading…
Reference in New Issue