diff options
| -rw-r--r-- | usr.sbin/ldapd/ssl.c | 147 | ||||
| -rw-r--r-- | usr.sbin/ldapd/ssl_privsep.c | 23 | ||||
| -rw-r--r-- | usr.sbin/ldapd/uuid.c | 88 | ||||
| -rw-r--r-- | usr.sbin/ldapd/uuid.h | 9 |
4 files changed, 8 insertions, 259 deletions
diff --git a/usr.sbin/ldapd/ssl.c b/usr.sbin/ldapd/ssl.c index 71744c203a0..f5be529fe73 100644 --- a/usr.sbin/ldapd/ssl.c +++ b/usr.sbin/ldapd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.2 2010/05/31 18:29:04 martinh Exp $ */ +/* $OpenBSD: ssl.c,v 1.3 2010/06/27 18:19:36 martinh Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -49,12 +49,6 @@ void ssl_session_accept(int, short, void *); void ssl_read(int, short, void *); void ssl_write(int, short, void *); int ssl_bufferevent_add(struct event *, int); -void ssl_connect(int, short, void *); - -SSL *ssl_client_init(int, char *, size_t, char *, size_t); - -int ssl_buf_read(SSL *, struct ibuf_read *); -int ssl_buf_write(SSL *, struct msgbuf *); DH *get_dh512(void); void ssl_set_ephemeral_key_exchange(SSL_CTX *); @@ -87,64 +81,6 @@ unsigned char dh512_g[] = { 0x02, }; -#if 0 -void -ssl_connect(int fd, short event, void *p) -{ - struct conn *s = p; - int ret; - int retry_flag; - int ssl_err; - - if (event == EV_TIMEOUT) { - log_debug("ssl_connect: session timed out"); - conn_close(s); - return; - } - - ret = SSL_connect(s->s_ssl); - if (ret <= 0) { - ssl_err = SSL_get_error(s->s_ssl, ret); - - switch (ssl_err) { - case SSL_ERROR_WANT_READ: - retry_flag = EV_READ; - goto retry; - case SSL_ERROR_WANT_WRITE: - retry_flag = EV_WRITE; - goto retry; - case SSL_ERROR_ZERO_RETURN: - case SSL_ERROR_SYSCALL: - if (ret == 0) { - log_debug("session destroy in MTA #1"); - conn_close(s); - return; - } - /* FALLTHROUGH */ - default: - ssl_error("ssl_session_connect"); - conn_close(s); - return; - } - } - - event_set(&s->bev->ev_read, s->fd, EV_READ, ssl_read, s->bev); - event_set(&s->bev->ev_write, s->fd, EV_WRITE, ssl_write, s->bev); - - log_info("ssl_connect: connected to remote ssl server"); - bufferevent_enable(s->bev, EV_READ|EV_WRITE); - s->s_flags |= F_SECURE; - - if (s->s_flags & F_PEERHASTLS) { - session_respond(s, "EHLO %s", s->s_env->sc_hostname); - } - - return; -retry: - event_add(&s->s_ev, &s->s_tv); -} -#endif - void ssl_read(int fd, short event, void *p) { @@ -485,7 +421,6 @@ err: SSL_CTX_free(l->ssl_ctx); ssl_error("ssl_setup"); fatal("ssl_setup: cannot set SSL up"); - return; } void @@ -508,7 +443,6 @@ ssl_session_accept(int fd, short event, void *p) { struct conn *s = p; int ret; - int retry_flag; int ssl_err; if (event == EV_TIMEOUT) { @@ -517,7 +451,7 @@ ssl_session_accept(int fd, short event, void *p) return; } - retry_flag = ssl_err = 0; + ssl_err = 0; log_debug("ssl_session_accept: accepting client"); ret = SSL_accept(s->s_ssl); @@ -526,10 +460,8 @@ ssl_session_accept(int fd, short event, void *p) switch (ssl_err) { case SSL_ERROR_WANT_READ: - retry_flag = EV_READ; goto retry; case SSL_ERROR_WANT_WRITE: - retry_flag = EV_WRITE; goto retry; case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_SYSCALL: @@ -601,87 +533,12 @@ ssl_session_init(struct conn *s) ssl_error("ssl_session_init"); } -SSL * -ssl_client_init(int fd, char *cert, size_t certsz, char *key, size_t keysz) -{ - SSL_CTX *ctx; - SSL *ssl = NULL; - int rv = -1; - - ctx = ssl_ctx_create(); - - if (cert && key) { - if (!ssl_ctx_use_certificate_chain(ctx, cert, certsz)) - goto done; - else if (!ssl_ctx_use_private_key(ctx, key, keysz)) - goto done; - else if (!SSL_CTX_check_private_key(ctx)) - goto done; - } - - if ((ssl = SSL_new(ctx)) == NULL) - goto done; - - if (!SSL_set_ssl_method(ssl, SSLv23_client_method())) - goto done; - if (!SSL_set_fd(ssl, fd)) - goto done; - SSL_set_connect_state(ssl); - - rv = 0; -done: - if (rv) { - if (ssl) - SSL_free(ssl); - else if (ctx) - SSL_CTX_free(ctx); - ssl = NULL; - } - return (ssl); -} - void ssl_session_destroy(struct conn *s) { SSL_free(s->s_ssl); } -int -ssl_buf_read(SSL *s, struct ibuf_read *r) -{ - char *buf = r->buf + r->wpos; - ssize_t bufsz = sizeof(r->buf) - r->wpos; - int ret; - - if (bufsz == 0) { - errno = EMSGSIZE; - return (SSL_ERROR_SYSCALL); - } - - if ((ret = SSL_read(s, buf, bufsz)) > 0) - r->wpos += ret; - - return SSL_get_error(s, ret); -} - -int -ssl_buf_write(SSL *s, struct msgbuf *msgbuf) -{ - struct ibuf *buf; - int ret; - - buf = TAILQ_FIRST(&msgbuf->bufs); - if (buf == NULL) - return (SSL_ERROR_NONE); - - ret = SSL_write(s, buf->buf + buf->rpos, buf->wpos - buf->rpos); - - if (ret > 0) - msgbuf_drain(msgbuf, ret); - - return SSL_get_error(s, ret); -} - DH * get_dh512(void) { diff --git a/usr.sbin/ldapd/ssl_privsep.c b/usr.sbin/ldapd/ssl_privsep.c index d3508915d4d..25181595dd6 100644 --- a/usr.sbin/ldapd/ssl_privsep.c +++ b/usr.sbin/ldapd/ssl_privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_privsep.c,v 1.2 2010/05/31 18:29:04 martinh Exp $ */ +/* $OpenBSD: ssl_privsep.c,v 1.3 2010/06/27 18:19:36 martinh Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. @@ -78,7 +78,6 @@ int ssl_ctx_use_private_key(SSL_CTX *, char *, off_t); int ssl_ctx_use_certificate_chain(SSL_CTX *, char *, off_t); -int ssl_ctx_load_verify_memory(SSL_CTX *, char *, off_t); int ssl_by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **); X509_LOOKUP_METHOD x509_mem_lookup = { @@ -127,26 +126,6 @@ end: } int -ssl_ctx_load_verify_memory(SSL_CTX *ctx, char *buf, off_t len) -{ - X509_LOOKUP *lu; - struct iovec iov; - - if ((lu = X509_STORE_add_lookup(ctx->cert_store, - &x509_mem_lookup)) == NULL) - return (0); - - iov.iov_base = buf; - iov.iov_len = len; - - if (!ssl_by_mem_ctrl(lu, X509_L_ADD_MEM, - (const char *)&iov, X509_FILETYPE_PEM, NULL)) - return (0); - - return (1); -} - -int ssl_by_mem_ctrl(X509_LOOKUP *lu, int cmd, const char *buf, long type, char **ret) { diff --git a/usr.sbin/ldapd/uuid.c b/usr.sbin/ldapd/uuid.c index 1bb38ac049d..051f27e9ede 100644 --- a/usr.sbin/ldapd/uuid.c +++ b/usr.sbin/ldapd/uuid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuid.c,v 1.3 2010/06/15 15:14:57 martinh Exp $ */ +/* $OpenBSD: uuid.c,v 1.4 2010/06/27 18:19:36 martinh Exp $ */ /* * Copyright (c) 2002, Stockholms Universitet * (Stockholm University, Stockholm Sweden) @@ -63,7 +63,6 @@ #include "uuid.h" -static afsUUID niluuid; static uint32_t seq_num; static struct timeval last_time; static int32_t counter; @@ -139,18 +138,6 @@ get_node_addr(char *addr) } /* - * Compares two UUIDs - */ - -int -uuid_compare(const afsUUID *uuid1, const afsUUID *uuid2) -{ - if (memcmp(uuid1, uuid2, sizeof(*uuid1)) == 0) - return 0; - return 1; -} - -/* * Creates a new UUID. */ @@ -222,77 +209,10 @@ uuid_create(afsUUID *uuid) } /* - * Creates a nil UUID. - * A nil UUID has all all fields set to zero - */ - -int -uuid_create_nil(afsUUID *uuid) -{ - memcpy(uuid, &niluuid, sizeof(niluuid)); - return 0; -} - -/* - * Determines if two UUIDs are equal. - * return non zero if true. - */ - -int -uuid_equal(const afsUUID *uuid1, const afsUUID *uuid2) -{ - return uuid_compare(uuid1, uuid2) == 0; -} - -/* - * Converts a string UUID to binary representation. - */ - -int -uuid_from_string(const char *str, afsUUID *uuid) -{ - unsigned int time_low, time_mid, time_hi_and_version; - unsigned int clock_seq_hi_and_reserved, clock_seq_low; - unsigned int node[6]; - int i; - - i = sscanf(str, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", - &time_low, - &time_mid, - &time_hi_and_version, - &clock_seq_hi_and_reserved, - &clock_seq_low, - &node[0], &node[1], &node[2], &node[3], &node[4], &node[5]); - if (i != 11) - return -1; - - uuid->time_low = time_low; - uuid->time_mid = time_mid; - uuid->time_hi_and_version = time_hi_and_version; - uuid->clock_seq_hi_and_reserved = clock_seq_hi_and_reserved; - uuid->clock_seq_low = clock_seq_low; - - for (i = 0; i < 6; i++) - uuid->node[i] = node[i]; - - return 0; -} - -/* - * Determines if a UUID is nil. - */ - -int -uuid_is_nil(const afsUUID *uuid) -{ - return uuid_compare(uuid, &niluuid); -} - -/* * Converts a UUID from binary representation to a string representation. */ -int +void uuid_to_string(const afsUUID *uuid, char *str, size_t strsz) { snprintf(str, strsz, @@ -308,8 +228,6 @@ uuid_to_string(const afsUUID *uuid, char *str, size_t strsz) (unsigned char)uuid->node[3], (unsigned char)uuid->node[4], (unsigned char)uuid->node[5]); - - return 0; } @@ -331,7 +249,7 @@ main(int argc, char **argv) return 0; } - if (uuid_compare(&u1, &u2) != 0) + if (bcmp(&u1, &u2, sizeof(u1)) != 0) printf("u1 != u2\n"); return 0; diff --git a/usr.sbin/ldapd/uuid.h b/usr.sbin/ldapd/uuid.h index 65b8d77ea1d..0bcea221531 100644 --- a/usr.sbin/ldapd/uuid.h +++ b/usr.sbin/ldapd/uuid.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uuid.h,v 1.2 2010/06/15 15:14:57 martinh Exp $ */ +/* $OpenBSD: uuid.h,v 1.3 2010/06/27 18:19:36 martinh Exp $ */ /* * Copyright (c) 2002, Stockholms Universitet * (Stockholm University, Stockholm Sweden) @@ -48,13 +48,8 @@ struct uuid { typedef struct uuid afsUUID; -int uuid_compare(const afsUUID *, const afsUUID *); void uuid_create(afsUUID *); -int uuid_create_nil(afsUUID *); -int uuid_equal(const afsUUID *, const afsUUID *); -int uuid_from_string(const char *, afsUUID *); -int uuid_is_nil(const afsUUID *); -int uuid_to_string(const afsUUID *, char *, size_t); +void uuid_to_string(const afsUUID *, char *, size_t); #endif /* __ARLA_UUID_H__ */ |