++GITWEB_SITE_HTML_HEAD_STRING++

Jan 28, 2014 Warning: This GIT server is deprecated, we have moved to http://github.com/monkey

Liana_SSL: deprecate plugin based on MatrixSSL
authorEduardo Silva <edsiper@gmail.com>
Sat, 16 Feb 2013 19:50:47 +0000 (13:50 -0600)
committerEduardo Silva <edsiper@gmail.com>
Sat, 16 Feb 2013 19:50:47 +0000 (13:50 -0600)
According to:

  http://lists.monkey-project.com/pipermail/monkey/2013-February/001785.html

Liana provides the networking layer to Monkey and its _SSL version the
networking layer with SSL encryption capabilities. The first version of
this plugin was built on top of MatrixSSL library but this last one is not
well maintained and there is no community involved on that product, what
that means ? that nobody cares about it and integrate in a Linux
distribution is a pain so we cannot be stuck on that anymore. Jonathan
(zeus) from our community was doing a good job packaging the latest version
in our repository, but MatrixSSL continue be a problem.

After review some open sourced SSL options, I found that PolarSSL is the
best one that fit our needs. Because of:

   - open source
   - well maintained in Linux distributions
   - lightweight so it fill well in embedded Linux environments
   - years of work supported by a community

Besides that, there is a concern about how that library can impact Duda I/O
(web services framework that runs on top of Monkey). Because the web
services created by people can be closed...  what happen if the service
links to PolarSSL through Duda LGPL code ? answer: nothing. As PolarSSL
works under Monkey and Monkey under Duda, there is no problem in linking
or licensing issues, this have been confirmed by PolarSSL team after talk
to their lawyer, so we are pretty good.

Sonny Karlsson have provided yesterday a new plugin named PolarSSL (good
job!), so everything is ok for the next step.

Signed-off-by: Eduardo Silva <edsiper@gmail.com>
plugins/liana_ssl/ABOUT [deleted file]
plugins/liana_ssl/DISABLED [deleted file]
plugins/liana_ssl/Makefile.in [deleted file]
plugins/liana_ssl/README [deleted file]
plugins/liana_ssl/conf/liana_ssl.conf [deleted file]
plugins/liana_ssl/liana_ssl.c [deleted file]
plugins/liana_ssl/liana_ssl.h [deleted file]

diff --git a/plugins/liana_ssl/ABOUT b/plugins/liana_ssl/ABOUT
deleted file mode 100644 (file)
index a18d018..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-Liana SSL Networking Plugin
-===========================
-
-Liana SSL is the base network plugin for Monkey, as it's brother
-provides some basic socket calls to work over SSL
diff --git a/plugins/liana_ssl/DISABLED b/plugins/liana_ssl/DISABLED
deleted file mode 100644 (file)
index e69de29..0000000
diff --git a/plugins/liana_ssl/Makefile.in b/plugins/liana_ssl/Makefile.in
deleted file mode 100644 (file)
index a50ab6e..0000000
+++ /dev/null
@@ -1,15 +0,0 @@
-all: monkey-liana_ssl.so
-include ../Make.common
-
-CC     = @echo "  CC   $(_PATH)/$@"; $CC
-CC_QUIET= @echo -n; $CC
-CFLAGS = $CFLAGS
-LDFLAGS = $LDFLAGS
-DEFS    = $DEFS -DPOSIX
-OBJECTS = liana_ssl.o
-INC_EXTRA = /usr/include/matrixssl/
-
--include $(OBJECTS:.o=.d)
-
-monkey-liana_ssl.so: $(OBJECTS)
-       $(CC) $(CFLAGS) $(LDFLAGS) $(DEFS) -shared -o $@ $^ -lmatrixssl
diff --git a/plugins/liana_ssl/README b/plugins/liana_ssl/README
deleted file mode 100644 (file)
index 145837c..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-Liana SSL Networking Plugin
-===========================
-
-Liana SSL is the base network plugin for Monkey, as it's brother
-provides some basic socket calls to work over SSL
-
-To enable the this plugin you must enable it using the configure script
-and disabling the liana plugin:
-
-  ./configure --enable-plugins="liana_ssl"
-
-in the plugins/liana_ssl directory then edit plugins.load and comment the
-the line where it enables monkey-liana.so.
-
-Your keys must go on conf/plugins/liana_ssl/liana_ssl.conf with the
-proper format.
-
-If you want to test the ssl support you can generate a certificate and
-key files using these commands:
-
-openssl genrsa -out privkey.pem 1024
-openssl req -new -x509 -key privkey.pem -out cert.pem -days 1095
diff --git a/plugins/liana_ssl/conf/liana_ssl.conf b/plugins/liana_ssl/conf/liana_ssl.conf
deleted file mode 100644 (file)
index d9c5a18..0000000
+++ /dev/null
@@ -1,3 +0,0 @@
-[LIANA_SSL]
-#    CertFile #SYSCONFDIR#/certs/cert.pem
-#    KeyFile  #SYSCONFDIR#/certs/privkey.pem
diff --git a/plugins/liana_ssl/liana_ssl.c b/plugins/liana_ssl/liana_ssl.c
deleted file mode 100644 (file)
index d1e1e92..0000000
+++ /dev/null
@@ -1,1022 +0,0 @@
-/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-
-/*  Monkey HTTP Daemon
- *  ------------------
- *  Copyright (C) 2010-2011, Jonathan Gonzalez V. <zeus@gnu.org>
- *  Copyright (C)      2011, Eduardo Silva P. <edsiper@gmail.com>
- *
- *  This library is free software; you can redistribute it and/or
- *  modify it under the terms of the GNU Lesser General Public
- *  License as published by the Free Software Foundation; either
- *  version 2.1 of the License, or (at your option) any later version.
- *
- *  This library is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- *  Lesser General Public License for more details.
- *
- *  You should have received a copy of the GNU Lesser General Public
- *  License along with this library; if not, write to the Free Software
- *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
- *  MA 02110-1301  USA.
- */
-
-#define _GNU_SOURCE
-
-#include <arpa/inet.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/sendfile.h>
-#include <sys/ioctl.h>
-#include <string.h>
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <netdb.h>
-
-#include "MKPlugin.h"
-
-#include "liana_ssl.h"
-
-/* Plugin data for register */
-MONKEY_PLUGIN("liana_ssl", "Liana SSL Network", "0.2",
-              MK_PLUGIN_CORE_PRCTX | MK_PLUGIN_CORE_THCTX | MK_PLUGIN_NETWORK_IO);
-
-struct plugin_api *mk_api;
-
-#define MK_LIANA_SSL_BUFFER_PLAIN SSL_MAX_PLAINTEXT_LEN
-#define MK_LIANA_SSL_FATAL -2
-#define MK_LIANA_SSL_WARNING -1
-#define MK_LIANA_SSL_NO_ERROR 0
-
-sslKeys_t *matrixssl_keys;
-char *cert_file;
-char *key_file;
-
-pthread_key_t _data;
-pthread_key_t _mkp_buffer_send_file;
-
-int liana_conf(char *confdir)
-{
-    int ret = 0;
-    unsigned long len;
-    char *conf_path = NULL;
-    struct mk_config_section *section;
-    struct mk_config *conf;
-    struct mk_list *head;
-
-    /* Read palm configuration file */
-    mk_api->str_build(&conf_path, &len, "%s/liana_ssl.conf", confdir);
-    conf = mk_api->config_create(conf_path);
-
-    mk_list_foreach(head, &conf->sections) {
-        section = mk_list_entry(head, struct mk_config_section, _head);
-        /*
-         * Just read PALM sections... yes it's a joke for edsiper XD
-         *
-         * edsiper says "i will start counting the number of Bazingas"
-         *
-         *  - Feb 13, 2012: +1
-         */
-        if (strcasecmp(section->name, "LIANA_SSL") != 0) {
-            continue;
-        }
-
-        cert_file =
-            mk_api->config_section_getval(section, "CertFile",
-                                          MK_CONFIG_VAL_STR);
-
-        PLUGIN_TRACE("Register Certificate File '%s'", cert_file);
-
-        key_file =
-            mk_api->config_section_getval(section, "KeyFile",
-                                          MK_CONFIG_VAL_STR);
-
-        PLUGIN_TRACE("Register Key File '%s'", key_file);
-    }
-
-    mk_api->mem_free(conf_path);
-
-    return ret;
-}
-
-struct mk_liana_ssl *liana_ssl_get_connection(int socket_fd)
-{
-    struct mk_list *list_head = pthread_getspecific(_mkp_data);
-    struct mk_list *curr;
-    struct mk_liana_ssl *conn;
-
-    mk_list_foreach(curr, list_head) {
-           conn = mk_list_entry(curr, struct mk_liana_ssl, cons);
-           if (socket_fd == conn->socket_fd) {
-                   return conn;
-           }
-    }
-    return NULL;
-}
-
-int liana_ssl_close(struct mk_liana_ssl *conn)
-{
-    int len;
-    int ret;
-    unsigned char *buf_close;
-
-    ret = matrixSslEncodeClosureAlert (conn->ssl);
-
-    if( ret == MATRIXSSL_ERROR || ret == PS_ARG_FAIL || ret == PS_MEM_FAIL) return -1;
-
-    len = matrixSslGetOutdata (conn->ssl, &buf_close);
-
-    ret = write (conn->socket_fd, (void *)buf_close, len);
-
-    if(ret != len) return -1;
-
-
-    return 0;
-}
-
-static void liana_ssl_version_error()
-{
-    mk_err("Liana_SSL requires MatrixSSL >= %i.%i.%i",
-           MATRIXSSL_VERSION_MAJOR,
-           MATRIXSSL_VERSION_MINOR,
-           MATRIXSSL_VERSION_PATCH);
-}
-
-int _mkp_network_io_close(int socket_fd)
-{
-    struct mk_liana_ssl *conn = NULL;
-
-    conn = liana_ssl_get_connection(socket_fd);
-
-    if (conn == NULL) {
-        return -1;
-    }
-    else {
-        close(conn->socket_fd);
-        return 0;
-    }
-}
-
-int _mkp_init(struct plugin_api **api, char *confdir)
-{
-    mk_api = *api;
-    config_dir = mk_api->str_dup(confdir);
-
-    /* Just load the plugin if is being used as transport layer */
-    if (strcmp(mk_api->config->transport_layer, "liana_ssl") != 0) {
-        mk_warn("Liana_SSL loaded but not used. Unloading.");
-        return -1;
-    }
-
-    /* Validate MatrixSSL linked version */
-    if (MK_MATRIX_REQUIRE_MAJOR > MATRIXSSL_VERSION_MAJOR) {
-        liana_ssl_version_error();
-        return -1;
-    }
-    if (MK_MATRIX_REQUIRE_MINOR > MATRIXSSL_VERSION_MINOR) {
-        liana_ssl_version_error();
-        return -1;
-    }
-    if (MK_MATRIX_REQUIRE_PATCH > MATRIXSSL_VERSION_PATCH) {
-        liana_ssl_version_error();
-        return -1;
-    }
-
-    return 0;
-}
-
-void _mkp_exit()
-{
-       matrixSslClose();
-}
-
-int _mkp_network_io_accept(int server_fd)
-{
-    int remote_fd;
-    struct sockaddr sock_addr;
-    socklen_t socket_size = sizeof(struct sockaddr);
-
-#ifdef ACCEPT_GENERIC
-    remote_fd = accept(server_fd, &sock_addr, &socket_size);
-    mk_api->socket_set_nonblocking(remote_fd);
-#else
-    remote_fd = accept4(server_fd, &sock_addr, &socket_size, SOCK_NONBLOCK);
-#endif
-
-    return remote_fd;
-}
-
-int liana_ssl_handle_alert(struct mk_liana_ssl *conn)
-{
-       char alert_b0 = *(conn->buf_ssl + 0);
-       char alert_b1 = *(conn->buf_ssl + 1);
-
-       conn->buf_used += 2;
-
-       switch (alert_b0) {
-       case SSL_ALERT_LEVEL_WARNING:
-               switch (alert_b1) {
-               case 0:
-                       PLUGIN_TRACE("[FD %d] Warning, client close.",
-                                       conn->socket_fd);
-                       return 0;
-               default:
-                       mk_warn("[liana_ssl] Warning %d on fd %d.",
-                                       alert_b1, conn->socket_fd);
-                       return 0;
-               }
-       case SSL_ALERT_LEVEL_FATAL:
-               mk_err("[liana_ssl] Fatal error %d on fd %d.",
-                               alert_b1, conn->socket_fd);
-               _mkp_network_io_close(conn->socket_fd);
-               return -1;
-       case SSL_ALERT_CLOSE_NOTIFY:
-               PLUGIN_TRACE("Received close notify.");
-               _mkp_network_io_close(conn->socket_fd);
-               return -1;
-       default:
-               mk_info("[liana_ssl] Unknown alert received: %d, %d on fd %d",
-                               alert_b0, alert_b1, conn->socket_fd);
-               return 0;
-       }
-}
-
-int liana_ssl_handle_remain(struct mk_liana_ssl *conn,
-               unsigned char *buf,
-               uint32_t count)
-{
-       size_t remain = conn->buf_len - conn->buf_used;
-       remain = remain > count ? count : remain;
-
-       if (count == 0 || conn->buf_len <= conn->buf_used || remain == 0) {
-               return 0;
-       }
-       PLUGIN_TRACE("Read from already received buffer.");
-
-       memcpy(buf, conn->buf_ssl + conn->buf_used, remain);
-       conn->buf_used += remain;
-
-       return remain;
-}
-
-static int liana_ssl_handle_socket_read(struct mk_liana_ssl *conn)
-{
-       ssize_t bytes_read;
-       int ret;
-
-       if (conn->try_false_start) {
-               ret = matrixSslReceivedData(conn->ssl,
-                               0,
-                               &conn->buf_ssl,
-                               &conn->buf_len);
-
-               if (ret < 0) {
-                       mk_err("[liana_ssl] Failed to false start.");
-               }
-               else if (ret == PS_SUCCESS) {
-                       PLUGIN_TRACE("[FD %d] No false start.",
-                                       conn->socket_fd);
-                       conn->need_read = 1;
-               }
-               else {
-                       PLUGIN_TRACE("[FD %d] Do false start.",
-                                       conn->socket_fd);
-                       conn->need_read = 0;
-               }
-               conn->try_false_start = 0;
-       }
-
-       if (conn->need_read == 1) {
-               PLUGIN_TRACE("[FD %d] SSL connection needs more data.",
-                               conn->socket_fd);
-
-               ret = matrixSslGetReadbuf(conn->ssl, &conn->buf_ssl);
-
-               if (ret == PS_ARG_FAIL) {
-                       mk_err("[liana_ssl] Error locating SSL buffer.");
-                       return ret;
-               }
-               else if (ret == 0) {
-                       mk_err("[liana_ssl] SSL buffer space exhausted.");
-                       return PS_MEM_FAIL;
-               }
-               else {
-                       conn->buf_len = ret;
-                       conn->buf_used = ret;
-               }
-
-               bytes_read = read(conn->socket_fd, conn->buf_ssl, conn->buf_len);
-
-               if (bytes_read == -1) {
-                       if (errno == EAGAIN || errno == EWOULDBLOCK) {
-                               PLUGIN_TRACE("[FD %d] EAGAIN.", conn->socket_fd);
-                               return -1;
-                       }
-                       else {
-                               mk_err("[liana_ssl] Socket error: %s.", strerror(errno));
-                               return -1;
-                       }
-               }
-               else if (bytes_read == 0) {
-                       PLUGIN_TRACE("[FD %d] Connection done, force close.",
-                                       conn->socket_fd);
-                       return -1;
-               }
-
-               PLUGIN_TRACE("[FD %d] Read %ld bytes.", conn->socket_fd, bytes_read);
-               ret = matrixSslReceivedData(conn->ssl,
-                               bytes_read,
-                               &conn->buf_ssl,
-                               &conn->buf_len);
-
-               if (conn->ssl->flags & SSL_FLAGS_FALSE_START &&
-                               !conn->handshake_complete) {
-                       PLUGIN_TRACE("[FD %d] Just got a false start.",
-                                       conn->socket_fd);
-                       conn->try_false_start = 1;
-               }
-
-               conn->buf_used = 0;
-               conn->need_read = 0;
-       }
-       else {
-               ret = matrixSslProcessedData(conn->ssl,
-                               &conn->buf_ssl,
-                               &conn->buf_len);
-               conn->buf_used = 0;
-       }
-       return ret;
-}
-
-int liana_ssl_handle_read(struct mk_liana_ssl *conn, unsigned char *buf, uint32_t count)
-{
-       ssize_t used = 0, remain;
-       int ret;
-
-       used += liana_ssl_handle_remain(conn, buf, count);
-
-       PLUGIN_TRACE("Remain used: %ld.", used);
-
-       do {
-               ret = liana_ssl_handle_socket_read(conn);
-
-               if (ret == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
-                       if (used > 0) {
-                               goto end_read;
-                       }
-                       else {
-                               return -1;
-                       }
-               }
-               else if (ret == -1) {
-                       return -1;
-               }
-
-               switch (ret) {
-               case PS_MEM_FAIL:
-               case PS_ARG_FAIL:
-                       mk_err("[liana_ssl] MatrixSSL made a bo-bo on fd %d.",
-                                       conn->socket_fd);
-                       return -1;
-
-               case PS_PROTOCOL_FAIL:
-                       mk_err("[liana_ssl] SSL error no fd %d.",
-                                       conn->socket_fd);
-                       _mkp_network_io_close(conn->socket_fd);
-                       return -1;
-
-               case PS_SUCCESS:
-                       PLUGIN_TRACE("[FD %d] SSL records all processed.",
-                                       conn->socket_fd);
-                       conn->need_read = 1;
-                       conn->buf_used = conn->buf_len;
-                       goto end_read;
-
-
-               case MATRIXSSL_REQUEST_RECV:
-                       PLUGIN_TRACE("[FD %d] Should receive next read.",
-                                       conn->socket_fd);
-                       conn->need_read = 1;
-                       break;
-
-               case MATRIXSSL_REQUEST_SEND:
-                       PLUGIN_TRACE("[FD %d] Need to send ssl.",
-                                       conn->socket_fd);
-                       conn->need_write = 1;
-                       // Try to write, need_write will be unset on
-                       // success.
-                       _mkp_event_write(conn->socket_fd);
-                       break;
-
-               case MATRIXSSL_HANDSHAKE_COMPLETE:
-                       PLUGIN_TRACE("[FD %d] SSL normal handshake complete.",
-                                       conn->socket_fd);
-                       conn->handshake_complete = 1;
-                       break;
-
-               case MATRIXSSL_RECEIVED_ALERT:
-                       PLUGIN_TRACE("[FD %d] Handle alert.",
-                                       conn->socket_fd);
-
-                       ret = liana_ssl_handle_alert(conn);
-                       if (ret == -1) {
-                               return -1;
-                       }
-                       break;
-
-               case MATRIXSSL_APP_DATA:
-                       PLUGIN_TRACE("[FD %d] Handle app data %d bytes.",
-                                       conn->socket_fd, conn->buf_len);
-                       if (!conn->handshake_complete) {
-                               PLUGIN_TRACE("[FD %d] Handshake complete.",
-                                               conn->socket_fd);
-                               conn->handshake_complete = 1;
-                       }
-                       if (!buf) {
-                               goto end_read;
-                       }
-
-                       remain = count - used;
-                       remain = remain < conn->buf_len ? remain : conn->buf_len;
-
-                       memcpy(buf + used, conn->buf_ssl, remain);
-                       conn->buf_used += remain;
-
-                       used += remain;
-                       break;
-
-               default:
-                       mk_err("[liana_ssl] Unknown record type on fd %d, ret %d.",
-                                       conn->socket_fd, ret);
-                       return -1;
-               }
-       } while (count > used || !buf);
-
-end_read:
-       PLUGIN_TRACE("[FD %d] %d bytes read.", conn->socket_fd, used);
-       PLUGIN_TRACE("'''\n%.*s\n'''", used, buf);
-       return used;
-}
-
-int _mkp_network_io_read(int socket_fd, void *buf, int count)
-{
-    struct mk_liana_ssl *conn = NULL;
-
-    conn = liana_ssl_get_connection(socket_fd);
-
-    if (conn == NULL) {
-        return -1;
-    }
-    else {
-        return liana_ssl_handle_read(conn, buf, count);
-    }
-}
-
-int _mkp_network_io_write(int socket_fd, const void *buf, size_t count)
-{
-    ssize_t bytes_sent = -1;
-    struct mk_liana_ssl *conn = NULL;
-    char *buf_plain = NULL;
-    int ret;
-    size_t len;
-
-    if (buf == NULL)
-        return 0;
-
-    PLUGIN_TRACE("Write");
-
-    conn = liana_ssl_get_connection(socket_fd);
-
-    if (conn == NULL)
-        return -1;
-
-    ret = matrixSslGetWritebuf(conn->ssl, (unsigned char **) &buf_plain, count);
-
-    if (ret == PS_MEM_FAIL || ret == PS_ARG_FAIL || ret == PS_FAILURE) {
-        PLUGIN_TRACE("Can't allocate memory for plain content");
-        return -1;
-    } else {
-       len = ret;
-    }
-
-    if( len < count ) {