summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2007-11-21 13:04:43 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2007-11-21 13:04:43 +0000
commit5d26d48cabb053e50519583e074292f3c86aecac (patch)
tree4b23ce6256f2f600c9aaa411981bb1b1373e7cc2 /usr.sbin
parent58a45bd3fc8545f2f426bf7208337a15505fabdb (diff)
allow the http digest type to be either SHA1 or MD5 determined by the
digest string length; it is compatible to any existing SHA1-only configurations. ok pyr@ gilles@
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/hoststated/check_tcp.c15
-rw-r--r--usr.sbin/hoststated/hoststated.conf.58
-rw-r--r--usr.sbin/hoststated/hoststated.h8
-rw-r--r--usr.sbin/hoststated/parse.y20
-rw-r--r--usr.sbin/relayd/check_tcp.c15
-rw-r--r--usr.sbin/relayd/parse.y20
-rw-r--r--usr.sbin/relayd/relayd.conf.58
-rw-r--r--usr.sbin/relayd/relayd.h8
8 files changed, 78 insertions, 24 deletions
diff --git a/usr.sbin/hoststated/check_tcp.c b/usr.sbin/hoststated/check_tcp.c
index 6b054bf2d6f..fe9299d446e 100644
--- a/usr.sbin/hoststated/check_tcp.c
+++ b/usr.sbin/hoststated/check_tcp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: check_tcp.c,v 1.27 2007/11/19 15:20:18 reyk Exp $ */
+/* $OpenBSD: check_tcp.c,v 1.28 2007/11/21 13:04:42 reyk Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -33,6 +33,7 @@
#include <errno.h>
#include <fnmatch.h>
#include <sha1.h>
+#include <md5.h>
#include <openssl/ssl.h>
@@ -353,7 +354,7 @@ check_http_digest(struct ctl_tcp_event *cte)
{
char *head;
u_char *b;
- char digest[(SHA1_DIGEST_LENGTH*2)+1];
+ char digest[SHA1_DIGEST_STRING_LENGTH];
struct host *host;
/*
@@ -373,7 +374,15 @@ check_http_digest(struct ctl_tcp_event *cte)
return (1);
}
head += strlen("\r\n\r\n");
- SHA1Data(head, strlen(head), digest);
+
+ switch (cte->table->conf.digest_type) {
+ case DIGEST_SHA1:
+ SHA1Data(head, strlen(head), digest);
+ break;
+ case DIGEST_MD5:
+ MD5Data(head, strlen(head), digest);
+ break;
+ }
if (strcmp(cte->table->conf.digest, digest)) {
log_warnx("check_http_digest: %s failed "
diff --git a/usr.sbin/hoststated/hoststated.conf.5 b/usr.sbin/hoststated/hoststated.conf.5
index 18c7c9d5ed8..8ebf4f306e5 100644
--- a/usr.sbin/hoststated/hoststated.conf.5
+++ b/usr.sbin/hoststated/hoststated.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: hoststated.conf.5,v 1.58 2007/11/21 10:19:34 pyr Exp $
+.\" $OpenBSD: hoststated.conf.5,v 1.59 2007/11/21 13:04:42 reyk Exp $
.\"
.\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -188,8 +188,10 @@ This has the same effect as above but wraps the HTTP request in SSL.
.Xc
For each host in the table, verify that retrieving the URL
.Ar path
-produces a content whose SHA1 digest is
-.Ar digest .
+produces a content whose message digest matches the defined string.
+The used algorithm is determined by the string length of the
+.Ar digest
+argument, it is either SHA1 (40 characters) or MD5 (32 characters).
If
.Ar hostname
is specified, it is used as the
diff --git a/usr.sbin/hoststated/hoststated.h b/usr.sbin/hoststated/hoststated.h
index f895a401175..9f092475756 100644
--- a/usr.sbin/hoststated/hoststated.h
+++ b/usr.sbin/hoststated/hoststated.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: hoststated.h,v 1.76 2007/11/20 15:54:55 reyk Exp $ */
+/* $OpenBSD: hoststated.h,v 1.77 2007/11/21 13:04:42 reyk Exp $ */
/*
* Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -337,6 +337,11 @@ enum host_status {
};
#define HOST_ISUP(x) (x == HOST_UP)
+enum digest_type {
+ DIGEST_SHA1 = 0,
+ DIGEST_MD5 = 1
+};
+
struct table_config {
objid_t id;
objid_t serviceid;
@@ -351,6 +356,7 @@ struct table_config {
char path[MAXPATHLEN];
char exbuf[64];
char digest[41]; /* length of sha1 digest * 2 */
+ enum digest_type digest_type;
};
struct table {
diff --git a/usr.sbin/hoststated/parse.y b/usr.sbin/hoststated/parse.y
index ab4c572e476..e5ddea110a2 100644
--- a/usr.sbin/hoststated/parse.y
+++ b/usr.sbin/hoststated/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.87 2007/11/20 17:08:44 reyk Exp $ */
+/* $OpenBSD: parse.y,v 1.88 2007/11/21 13:04:42 reyk Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -523,6 +523,8 @@ tableoptsl : host {
table->sendbuf_len = strlen(table->sendbuf);
}
| CHECK http_type STRING hostname DIGEST STRING {
+ size_t digest_len;
+
if ($2) {
conf->flags |= F_SSL;
table->conf.flags |= F_SSL;
@@ -536,10 +538,18 @@ tableoptsl : host {
if (table->sendbuf == NULL)
fatal("out of memory");
table->sendbuf_len = strlen(table->sendbuf);
- if (strlcpy(table->conf.digest, $6,
- sizeof(table->conf.digest)) >=
- sizeof(table->conf.digest)) {
- yyerror("http digest truncated");
+
+ digest_len = strlcpy(table->conf.digest, $6,
+ sizeof(table->conf.digest));
+ switch (digest_len) {
+ case 40:
+ table->conf.digest_type = DIGEST_SHA1;
+ break;
+ case 32:
+ table->conf.digest_type = DIGEST_MD5;
+ break;
+ default:
+ yyerror("invalid http digest");
free($6);
YYERROR;
}
diff --git a/usr.sbin/relayd/check_tcp.c b/usr.sbin/relayd/check_tcp.c
index 6b054bf2d6f..fe9299d446e 100644
--- a/usr.sbin/relayd/check_tcp.c
+++ b/usr.sbin/relayd/check_tcp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: check_tcp.c,v 1.27 2007/11/19 15:20:18 reyk Exp $ */
+/* $OpenBSD: check_tcp.c,v 1.28 2007/11/21 13:04:42 reyk Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -33,6 +33,7 @@
#include <errno.h>
#include <fnmatch.h>
#include <sha1.h>
+#include <md5.h>
#include <openssl/ssl.h>
@@ -353,7 +354,7 @@ check_http_digest(struct ctl_tcp_event *cte)
{
char *head;
u_char *b;
- char digest[(SHA1_DIGEST_LENGTH*2)+1];
+ char digest[SHA1_DIGEST_STRING_LENGTH];
struct host *host;
/*
@@ -373,7 +374,15 @@ check_http_digest(struct ctl_tcp_event *cte)
return (1);
}
head += strlen("\r\n\r\n");
- SHA1Data(head, strlen(head), digest);
+
+ switch (cte->table->conf.digest_type) {
+ case DIGEST_SHA1:
+ SHA1Data(head, strlen(head), digest);
+ break;
+ case DIGEST_MD5:
+ MD5Data(head, strlen(head), digest);
+ break;
+ }
if (strcmp(cte->table->conf.digest, digest)) {
log_warnx("check_http_digest: %s failed "
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index ab4c572e476..e5ddea110a2 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.87 2007/11/20 17:08:44 reyk Exp $ */
+/* $OpenBSD: parse.y,v 1.88 2007/11/21 13:04:42 reyk Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -523,6 +523,8 @@ tableoptsl : host {
table->sendbuf_len = strlen(table->sendbuf);
}
| CHECK http_type STRING hostname DIGEST STRING {
+ size_t digest_len;
+
if ($2) {
conf->flags |= F_SSL;
table->conf.flags |= F_SSL;
@@ -536,10 +538,18 @@ tableoptsl : host {
if (table->sendbuf == NULL)
fatal("out of memory");
table->sendbuf_len = strlen(table->sendbuf);
- if (strlcpy(table->conf.digest, $6,
- sizeof(table->conf.digest)) >=
- sizeof(table->conf.digest)) {
- yyerror("http digest truncated");
+
+ digest_len = strlcpy(table->conf.digest, $6,
+ sizeof(table->conf.digest));
+ switch (digest_len) {
+ case 40:
+ table->conf.digest_type = DIGEST_SHA1;
+ break;
+ case 32:
+ table->conf.digest_type = DIGEST_MD5;
+ break;
+ default:
+ yyerror("invalid http digest");
free($6);
YYERROR;
}
diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index 10e6699e20e..77506e1d3da 100644
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: relayd.conf.5,v 1.58 2007/11/21 10:19:34 pyr Exp $
+.\" $OpenBSD: relayd.conf.5,v 1.59 2007/11/21 13:04:42 reyk Exp $
.\"
.\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -188,8 +188,10 @@ This has the same effect as above but wraps the HTTP request in SSL.
.Xc
For each host in the table, verify that retrieving the URL
.Ar path
-produces a content whose SHA1 digest is
-.Ar digest .
+produces a content whose message digest matches the defined string.
+The used algorithm is determined by the string length of the
+.Ar digest
+argument, it is either SHA1 (40 characters) or MD5 (32 characters).
If
.Ar hostname
is specified, it is used as the
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index eddc059a11b..16f8c3ec955 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.76 2007/11/20 15:54:55 reyk Exp $ */
+/* $OpenBSD: relayd.h,v 1.77 2007/11/21 13:04:42 reyk Exp $ */
/*
* Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -337,6 +337,11 @@ enum host_status {
};
#define HOST_ISUP(x) (x == HOST_UP)
+enum digest_type {
+ DIGEST_SHA1 = 0,
+ DIGEST_MD5 = 1
+};
+
struct table_config {
objid_t id;
objid_t serviceid;
@@ -351,6 +356,7 @@ struct table_config {
char path[MAXPATHLEN];
char exbuf[64];
char digest[41]; /* length of sha1 digest * 2 */
+ enum digest_type digest_type;
};
struct table {