add db support for tls

OpenSIPS · Sep 25, 2015 · 6826357 · 6826357
1 parent 70c4701
commit 6826357
Show file tree

Hide file tree

Showing 12 changed files with 889 additions and 53 deletions.
diff --git a/modules/proto_tls/proto_tls.c b/modules/proto_tls/proto_tls.c
@@ -227,10 +227,12 @@ static int tls_conn_init(struct tcp_connection* c)
 		LM_DBG("looking up socket based TLS server "
 			"domain [%s:%d]\n", ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port);
 		dom = tls_mgm_api.find_server_domain(&c->rcv.dst_ip, c->rcv.dst_port);
+		tls_mgm_api.acquire_domain(dom);
 		if (dom) {
 			LM_DBG("found socket based TLS server domain "
 				"[%s:%d]\n", ip_addr2a(&dom->addr), dom->port);
 				c->extra_data = SSL_new(dom->ctx);
+				tls_mgm_api.release_domain(dom);
 		} else {
 			LM_ERR("no TLS server domain found\n");
 			return -1;
@@ -240,9 +242,10 @@ static int tls_conn_init(struct tcp_connection* c)
 		c->proto_flags = F_TLS_DO_CONNECT;
 
 		dom = tls_mgm_api.find_client_domain(&c->rcv.src_ip, c->rcv.src_port);
-
+		tls_mgm_api.acquire_domain(dom);
 		if (dom) {
 			c->extra_data = SSL_new(dom->ctx);
+			tls_mgm_api.release_domain(dom);
 		} else {
 			LM_ERR("no TLS client domain found\n");
 			return -1;

diff --git a/modules/proto_tls/tls_server.c b/modules/proto_tls/tls_server.c
@@ -751,4 +751,4 @@ int tls_fix_read_conn(struct tcp_connection *c)
 	lock_release(&c->write_lock);
 
 	return ret;
-}
+}
diff --git a/modules/proto_tls/tls_server.h b/modules/proto_tls/tls_server.h
@@ -42,7 +42,7 @@
 #define F_TLS_DO_ACCEPT  (1<<0)
 #define F_TLS_DO_CONNECT (1<<1)
 
-static struct tls_mgm_binds tls_mgm_api; 
+struct tls_mgm_binds tls_mgm_api; 
 
 size_t tls_blocking_write(struct tcp_connection *c, int fd,
 		const char *buf, size_t len);
@@ -55,4 +55,4 @@ int tls_conn_shutdown(struct tcp_connection *c);
 
 int tls_update_fd(struct tcp_connection *c, int fd);
 
-#endif
+#endif
diff --git a/modules/tls_mgm/api.h b/modules/tls_mgm/api.h
@@ -11,12 +11,18 @@ typedef struct tls_domain * (*tls_find_server_domain_f) (struct ip_addr *, unsig
 typedef struct tls_domain * (*tls_find_client_domain_f) (struct ip_addr *, unsigned short);
 typedef int (*get_send_timeout_f) (void);
 typedef int (*get_handshake_timeout_f) (void);
+typedef int (*tls_mod_init_f) (void);
+typedef void (*tls_acquire_domain_f) (struct tls_domain *);
+typedef void (*tls_release_domain_f) (struct tls_domain *);
 
 struct tls_mgm_binds {
     get_send_timeout_f get_send_timeout;
     get_handshake_timeout_f get_handshake_timeout;
     tls_find_server_domain_f find_server_domain;
     tls_find_client_domain_f find_client_domain;
+    tls_mod_init_f mod_init;
+    tls_acquire_domain_f acquire_domain;
+    tls_release_domain_f release_domain;
 };
 
 

diff --git a/modules/tls_mgm/tls_config.c b/modules/tls_mgm/tls_config.c
@@ -36,8 +36,9 @@
 
 #include "tls_config.h"
 #include "../../config.h"
+#include "../../ut.h"
 
-int             tls_method = TLS_USE_SSLv23;
+int             tls_default_method = TLS_USE_SSLv23;
 
 /*
  * These are the default values which will be used
@@ -63,4 +64,21 @@ int             tls_handshake_timeout = 100;
 int             tls_send_timeout      = 100;
 /* per default, the TLS domains do not have a name */
 int             tls_client_domain_avp = -1;
-
+
+str    id_col = str_init("id");
+str    type_col = str_init("type");
+str    address_col = str_init("address");
+str    method_col = str_init("method");
+str    verify_cert_col = str_init("verify_cert");
+str    require_cert_col = str_init("require_cert");
+str    certificate_col = str_init("certificate");
+str    pk_col = str_init("private_key");
+str    crl_check_col = str_init("crl_check_all");
+str    crl_dir_col = str_init("crl_dir");
+str    calist_col = str_init("ca_list");
+str    cadir_col = str_init("ca_dir");
+str    cplist_col = str_init("cipher_list");
+str    dhparams_col = str_init("dh_params");
+str    eccurve_col = str_init("ec_curve");
+str    tls_db_table = str_init("tls_mgm");
+str    tls_db_url = {NULL, 0};
diff --git a/modules/tls_mgm/tls_config.h b/modules/tls_mgm/tls_config.h
@@ -36,8 +36,9 @@
 #define tls_config_h
 
 #include "tls_config_helper.h"
+#include "../../str.h"
 
-extern int      tls_method;
+extern int      tls_default_method;
 
 extern int      tls_verify_client_cert;
 extern int      tls_verify_server_cert;
@@ -49,6 +50,25 @@ extern char    *tls_ca_file;
 extern char    *tls_ca_dir;
 extern char    *tls_tmp_dh_file;
 extern char    *tls_ciphers_list;
+
+extern str     tls_db_url; 
+extern str     tls_db_table;
+extern str     id_col;
+extern str     type_col;
+extern str     address_col;
+extern str     method_col;
+extern str     verify_cert_col;
+extern str     require_cert_col;
+extern str     certificate_col;
+extern str     pk_col;
+extern str     crl_check_col;
+extern str     crl_dir_col;
+extern str     calist_col;
+extern str     cadir_col;
+extern str     cplist_col;
+extern str     dhparams_col;
+extern str     eccurve_col;
+
 extern int      tls_handshake_timeout;
 extern int      tls_send_timeout;
 extern int      tls_client_domain_avp;