# HG changeset patch # User jbe # Date 1471786294 -7200 # Node ID 1dbc5c27b279708e92ee8bec4ffe1baf4c5d2a4a # Parent 63466f65af5682c242f30cbc69ae517fb88fe8eb Re-added experimental work on libtls integration diff -r 63466f65af56 -r 1dbc5c27b279 Makefile --- a/Makefile Sun Aug 21 01:42:18 2016 +0200 +++ b/Makefile Sun Aug 21 15:31:34 2016 +0200 @@ -61,6 +61,10 @@ moonbridge_io.so: moonbridge_io.o ld -shared -o moonbridge_io.so moonbridge_io.o $(UTIL_FLAGS) +freebsd_with_tls:: + #TODO + cc -D MOONBR_IO_USE_TLS -c -Wall -O2 -fPIC -I /usr/local/include/lua52 -I /usr/local/include -o moonbridge_io.o moonbridge_io.c && ld -L/usr/local/lib -shared -o moonbridge_io.so moonbridge_io.o -lutil -ltls + clean:: rm -f moonbridge moonbridge_io.o moonbridge_io.so diff -r 63466f65af56 -r 1dbc5c27b279 moonbridge_io.c --- a/moonbridge_io.c Sun Aug 21 01:42:18 2016 +0200 +++ b/moonbridge_io.c Sun Aug 21 15:31:34 2016 +0200 @@ -25,6 +25,10 @@ #include #endif +#ifdef MOONBR_IO_USE_TLS +#include +#endif + #include #include #include @@ -48,6 +52,10 @@ #define MOONBR_IO_CHILD_MT_REGKEY "moonbridge_io_child" #define MOONBR_IO_CHILD_PT_REGKEY "moonbridge_io_child_pt" +#ifdef MOONBR_IO_USE_TLS +#define MOONBR_IO_TLSCONF_MT_REGKEY "moonbridge_io_tlsconf" +#endif + typedef struct { int fd; int issock; @@ -1627,6 +1635,96 @@ return 1; } +#ifdef MOONBR_IO_USE_TLS + +#define moonbr_io_tlsconf_string(name, field, func) \ + /* NOTE: use valuetype = lua_getfield(...) for LUA_VERSION_NUM >= 503 */ \ + lua_getfield(L, 1, (field)); \ + valuetype = lua_type(L, -1); \ + if (valuetype != LUA_TNIL) { \ + luaL_argcheck(L, valuetype == LUA_TSTRING, 1, "field \"" field "\" is not a string"); \ + value = lua_tostring(L, -1); \ + if (func(tlsconf, value)) { \ + lua_pushnil(L); \ + lua_pushfstring(L, "Could not set " name " \"%s\"", value); \ + return 2; \ + } \ + } \ + lua_pop(L, 1); + +#define moonbr_io_tlsconf_binary(name, field, func) \ + /* NOTE: use valuetype = lua_getfield(...) for LUA_VERSION_NUM >= 503 */ \ + lua_getfield(L, 1, (field)); \ + valuetype = lua_type(L, -1); \ + if (valuetype != LUA_TNIL) { \ + luaL_argcheck(L, valuetype == LUA_TSTRING, 1, "field \"" field "\" is not a string"); \ + value = lua_tolstring(L, -1, &valuelen); \ + if (func(tlsconf, (void *)value, valuelen)) { \ + lua_pushnil(L); \ + lua_pushliteral(L, "Could not set " name); \ + return 2; \ + } \ + } \ + lua_pop(L, 1); + +static int moonbr_io_tlsconf(lua_State *L) { + struct tls_config *tlsconf; + int valuetype; + const char *value; + size_t valuelen; + luaL_checktype(L, 1, LUA_TTABLE); + tlsconf = tls_config_new(); + if (!tlsconf) { + return luaL_error(L, "Could not allocate memory for TLS configuration"); + } + lua_pushlightuserdata(L, tlsconf); + luaL_setmetatable(L, MOONBR_IO_TLSCONF_MT_REGKEY); + lua_pushvalue(L, 1); + lua_setuservalue(L, -2); + moonbr_io_tlsconf_string("CA file", "ca_file", tls_config_set_ca_file); + moonbr_io_tlsconf_string("CA path", "ca_path", tls_config_set_ca_path); + moonbr_io_tlsconf_binary("CA", "ca_mem", tls_config_set_ca_mem); + moonbr_io_tlsconf_string("certificate file", "cert_file", tls_config_set_cert_file); + moonbr_io_tlsconf_binary("certificate", "cert_mem", tls_config_set_cert_mem); + moonbr_io_tlsconf_string("key file", "key_file", tls_config_set_key_file); + moonbr_io_tlsconf_binary("key", "key_mem", tls_config_set_key_mem); + return 1; +} + +static int moonbr_io_tlsconfindex(lua_State *L) { + struct tls_config *tlsconf; + tlsconf = luaL_checkudata(L, 1, MOONBR_IO_TLSCONF_MT_REGKEY); + luaL_checkany(L, 2); +#if LUA_VERSION_NUM >= 503 + if (lua_getuservalue(L, 1) == LUA_TNIL) { +#else + lua_getuservalue(L, 1); + if (lua_isnil(L, -1)) { +#endif + return luaL_error(L, "Attempt to use a destroyed TLS configuration"); + } + lua_pushvalue(L, 2); + lua_gettable(L, -2); + return 1; +} + +static int moonbr_io_tlsconfgc(lua_State *L) { + struct tls_config *tlsconf; + tlsconf = luaL_checkudata(L, 1, MOONBR_IO_TLSCONF_MT_REGKEY); +#if LUA_VERSION_NUM >= 503 + if (lua_getuservalue(L, 1) == LUA_TNIL) return 0; +#else + lua_getuservalue(L, 1); + if (lua_isnil(L, -1)) return 0; +#endif + tls_config_free(tlsconf); + lua_pushnil(L); + lua_setuservalue(L, 1); + return 0; +} + +#endif + static const struct luaL_Reg moonbr_io_handle_methods[] = { {"read", moonbr_io_read}, {"read_nb", moonbr_io_read_nb}, @@ -1695,9 +1793,20 @@ {"exec", moonbr_io_exec}, {"poll", moonbr_io_poll}, {"timeref", moonbr_io_timeref}, +#ifdef MOONBR_IO_USE_TLS + {"tlsconf", moonbr_io_tlsconf}, +#endif {NULL, NULL} }; +#ifdef MOONBR_IO_USE_TLS +static const struct luaL_Reg moonbr_io_tlsconf_metamethods[] = { + {"__index", moonbr_io_tlsconfindex}, + {"__gc", moonbr_io_tlsconfgc}, + {NULL, NULL} +}; +#endif + int luaopen_moonbridge_io(lua_State *L) { signal(SIGPIPE, SIG_IGN); /* generate I/O errors instead of signal 13 */ @@ -1740,6 +1849,17 @@ lua_setfield(L, -3, "child_mt"); lua_setfield(L, LUA_REGISTRYINDEX, MOONBR_IO_CHILD_MT_REGKEY); +#ifdef MOONBR_IO_USE_TLS + if(tls_init()) { + return luaL_error(L, "Could not initialize TLS library"); + } + lua_newtable(L); // tlsconf metatable + luaL_setfuncs(L, moonbr_io_tlsconf_metamethods, 0); + lua_pushvalue(L, -1); + lua_setfield(L, -3, "tlsconf_mt"); + lua_setfield(L, LUA_REGISTRYINDEX, MOONBR_IO_TLSCONF_MT_REGKEY); +#endif + moonbr_io_pushhandle(L, 0); lua_setfield(L, -2, "stdin"); moonbr_io_pushhandle(L, 1);