Added option to redirect from adc:// to adcs:// if tls is required.

2010-08-18 23:32:53 +02:00 · 2010-08-18 23:32:53 +02:00 · f65a81a2aa
parent 6daa5ecf95
commit f65a81a2aa
5 changed files with 42 additions and 4 deletions
--- a/2
+++ b/2
@ -10,7 +10,7 @@ LD            := $(CC)
 MV            := mv
 RANLIB        := ranlib
 CFLAGS        += -pipe -Wall
-USE_SSL       ?= NO
+USE_SSL       ?= YES
 USE_BIGENDIAN ?= AUTO
 BITS          ?= AUTO
 SILENT        ?= YES
--- a/src/core/config.xml
+++ b/src/core/config.xml
@ -417,6 +417,17 @@
 		<since>0.3.0</since>
 	</option>

+	<option name="tls_require_redirect_addr" type="string" default="">
+		<check regexp="(adc|adcs|dchub)://.*" />
+		<short>A redirect address in case a client connects using "adc://" when "adcs://" is required.</short>
+		<description><![CDATA[
+		This is the redirect address used when the hub wants to redirect a client for not using ADCS.
+		For instance a hub at adc://adc.example.com might redirect to adcs://adc.example.com
+		]]></description>
+		<since>0.3.3</since>
+	</option>
+
+
 	<option name="tls_certificate" type="file" default="">
 		<short>Certificate file</short>
 		<description><![CDATA[
--- a/src/core/gen_config.c
+++ b/src/core/gen_config.c
@ -42,6 +42,7 @@ void config_defaults(struct hub_config* config)
 	config->flood_ctl_extras = 0;
 	config->tls_enable = 0;
 	config->tls_require = 0;
+	config->tls_require_redirect_addr = hub_strdup("");
 	config->tls_certificate = hub_strdup("");
 	config->tls_private_key = hub_strdup("");
 	config->file_motd = hub_strdup("");
@ -535,6 +536,17 @@ static int apply_config(struct hub_config* config, char* key, char* data, int li
 		return 0;
 	}

+	if (!strcmp(key, "tls_require_redirect_addr"))
+	{
+		if (!apply_string(key, data, &config->tls_require_redirect_addr, (char*) ""))
+		{
+			LOG_ERROR("Configuration parse error on line %d", line_count);
+			LOG_ERROR("\"tls_require_redirect_addr\" (string), default=\"\"");
+			return -1;
+		}
+		return 0;
+	}
+
 	if (!strcmp(key, "tls_certificate"))
 	{
 		if (!apply_string(key, data, &config->tls_certificate, (char*) ""))
@ -1003,6 +1015,8 @@ void free_config(struct hub_config* config)

 	hub_free(config->redirect_addr);

+	hub_free(config->tls_require_redirect_addr);
+
 	hub_free(config->tls_certificate);

 	hub_free(config->tls_private_key);
@ -1209,6 +1223,9 @@ void dump_config(struct hub_config* config, int ignore_defaults)
 	if (!ignore_defaults || config->tls_require != 0)
 		fprintf(stdout, "tls_require = %s\n", config->tls_require ? "yes" : "no");

+	if (!ignore_defaults || strcmp(config->tls_require_redirect_addr, "") != 0)
+		fprintf(stdout, "tls_require_redirect_addr = \"%s\"\n", config->tls_require_redirect_addr);
+
 	if (!ignore_defaults || strcmp(config->tls_certificate, "") != 0)
 		fprintf(stdout, "tls_certificate = \"%s\"\n", config->tls_certificate);

--- a/src/core/gen_config.h
+++ b/src/core/gen_config.h
@ -42,6 +42,7 @@ struct hub_config
 	int   flood_ctl_extras;                /*<<< Max extra messages allowed in time interval (default: 0) */
 	int   tls_enable;                      /*<<< Enable SSL/TLS support (default: 0) */
 	int   tls_require;                     /*<<< If SSL/TLS enabled, should it be required (default: 0) (default: 0) */
+	char* tls_require_redirect_addr;       /*<<< A redirect address in case a client connects using "adc://" when "adcs://" is required. (default: ) */
 	char* tls_certificate;                 /*<<< Certificate file (default: ) */
 	char* tls_private_key;                 /*<<< Private key file (default: ) */
 	char* file_motd;                       /*<<< File containing the 'message of the day (default: ) */
--- a/src/core/probe.c
+++ b/src/core/probe.c
@ -48,9 +48,19 @@ static void probe_net_event(struct net_connection* con, int events, void *arg)
 				LOG_TRACE("Probed ADC");
 #ifdef SSL_SUPPORT
 				if (probe->hub->config->tls_enable && probe->hub->config->tls_require)
+				{
+					if (*probe->hub->config->tls_require_redirect_addr)
+					{
+						char buf[512];
+						ssize_t len = snprintf(buf, sizeof(buf), "ISUP " ADC_PROTO_SUPPORT "\nISID AAAB\nIINF NIRedirecting...\nIQUI AAAB RD%s\n", probe->hub->config->tls_require_redirect_addr);
+						net_con_send(con, buf, (size_t) len);
+						LOG_TRACE("Not TLS connection - Redirecting to %s.", probe->hub->config->tls_require_redirect_addr);
+					}
+					else
 					{
 						LOG_TRACE("Not TLS connection - closing connection.");
 					}
+				}
 				else
 #endif
 				if (user_create(probe->hub, probe->connection, &probe->addr))
@ -60,9 +70,8 @@ static void probe_net_event(struct net_connection* con, int events, void *arg)
 				probe_destroy(probe);
 				return;
 			}
-
 #ifdef SSL_SUPPORT
-			if (bytes >= 11 &&
+			else if (bytes >= 11 &&
 				probe_recvbuf[0] == 22 && 
 				probe_recvbuf[1] == 3 && /* protocol major version */
 				probe_recvbuf[5] == 1 && /* message type */