Holger Hans Peter Freyther | 13619dd | 2011-05-31 22:09:08 +0200 | [diff] [blame] | 1 | /* |
| 2 | * osmo-pcap-server code |
| 3 | * |
Holger Hans Peter Freyther | 2899428 | 2016-08-04 16:14:38 +0200 | [diff] [blame] | 4 | * (C) 2011-2016 by Holger Hans Peter Freyther <zecke@selfish.org> |
Holger Hans Peter Freyther | 13619dd | 2011-05-31 22:09:08 +0200 | [diff] [blame] | 5 | * (C) 2011 by On-Waves |
| 6 | * All Rights Reserved |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or modify |
| 9 | * it under the terms of the GNU Affero General Public License as published by |
| 10 | * the Free Software Foundation; either version 3 of the License, or |
| 11 | * (at your option) any later version. |
| 12 | * |
| 13 | * This program is distributed in the hope that it will be useful, |
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 16 | * GNU Affero General Public License for more details. |
| 17 | * |
| 18 | * You should have received a copy of the GNU Affero General Public License |
| 19 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 20 | * |
| 21 | */ |
| 22 | |
| 23 | #include <osmo-pcap/osmo_pcap_server.h> |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 24 | #include <osmo-pcap/common.h> |
Holger Hans Peter Freyther | 13619dd | 2011-05-31 22:09:08 +0200 | [diff] [blame] | 25 | |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 26 | #include <osmocom/core/talloc.h> |
| 27 | |
Holger Hans Peter Freyther | ad29ce6 | 2016-08-04 18:02:57 +0200 | [diff] [blame] | 28 | #include <zmq.h> |
| 29 | |
Holger Hans Peter Freyther | 2899428 | 2016-08-04 16:14:38 +0200 | [diff] [blame] | 30 | #include <unistd.h> |
Holger Hans Peter Freyther | ad29ce6 | 2016-08-04 18:02:57 +0200 | [diff] [blame] | 31 | #include <errno.h> |
| 32 | #include <string.h> |
Holger Hans Peter Freyther | 2899428 | 2016-08-04 16:14:38 +0200 | [diff] [blame] | 33 | |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 34 | |
| 35 | #define SERVER_STR "Server settings\n" |
| 36 | #define CLIENT_STR "Client\n" |
| 37 | |
| 38 | static struct cmd_node server_node = { |
| 39 | SERVER_NODE, |
| 40 | "%s(server)#", |
| 41 | 1, |
| 42 | }; |
| 43 | |
Holger Hans Peter Freyther | cf29fd7 | 2016-09-06 20:27:32 +0200 | [diff] [blame] | 44 | static void write_tls(struct vty *vty, struct osmo_pcap_server *pcap_server) |
| 45 | { |
| 46 | if (!pcap_server->tls_on) |
| 47 | return; |
| 48 | |
| 49 | vty_out(vty, " enable tls%s", VTY_NEWLINE); |
| 50 | vty_out(vty, " tls log-level %d%s", |
| 51 | pcap_server->tls_log_level, VTY_NEWLINE); |
| 52 | |
| 53 | if (pcap_server->tls_allow_anon) |
| 54 | vty_out(vty, " tls allow-auth anonymous%s", VTY_NEWLINE); |
| 55 | |
| 56 | if (pcap_server->tls_allow_x509) |
| 57 | vty_out(vty, " tls allow-auth x509%s", VTY_NEWLINE); |
| 58 | |
| 59 | if (pcap_server->tls_priority) |
| 60 | vty_out(vty, " tls priority %s%s", |
| 61 | pcap_server->tls_priority, VTY_NEWLINE); |
| 62 | if (pcap_server->tls_capath) |
| 63 | vty_out(vty, " tls capath %s%s", pcap_server->tls_capath, VTY_NEWLINE); |
| 64 | |
| 65 | if (pcap_server->tls_crlfile) |
| 66 | vty_out(vty, " tls crlfile %s%s", pcap_server->tls_crlfile, VTY_NEWLINE); |
| 67 | |
| 68 | if (pcap_server->tls_server_cert) |
| 69 | vty_out(vty, " tls server-cert %s%s", |
| 70 | pcap_server->tls_server_cert, VTY_NEWLINE); |
| 71 | |
| 72 | if (pcap_server->tls_server_key) |
| 73 | vty_out(vty, " tls server-key %s%s", |
| 74 | pcap_server->tls_server_key, VTY_NEWLINE); |
| 75 | |
| 76 | if (pcap_server->tls_dh_pkcs3) |
| 77 | vty_out(vty, " tls dh pkcs3 %s%s", |
| 78 | pcap_server->tls_dh_pkcs3, VTY_NEWLINE); |
| 79 | else |
| 80 | vty_out(vty, " tls dh generate%s", VTY_NEWLINE); |
| 81 | } |
| 82 | |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 83 | static int config_write_server(struct vty *vty) |
| 84 | { |
| 85 | struct osmo_pcap_conn *conn; |
| 86 | |
| 87 | vty_out(vty, "server%s", VTY_NEWLINE); |
| 88 | |
| 89 | if (pcap_server->base_path) |
| 90 | vty_out(vty, " base-path %s%s", pcap_server->base_path, VTY_NEWLINE); |
| 91 | if (pcap_server->addr) |
| 92 | vty_out(vty, " server ip %s%s", pcap_server->addr, VTY_NEWLINE); |
| 93 | if (pcap_server->port > 0) |
Holger Hans Peter Freyther | afcc2ae | 2011-06-01 16:33:55 +0200 | [diff] [blame] | 94 | vty_out(vty, " server port %d%s", pcap_server->port, VTY_NEWLINE); |
Holger Hans Peter Freyther | dea9e8b | 2011-06-10 15:23:04 +0200 | [diff] [blame] | 95 | vty_out(vty, " max-file-size %llu%s", |
| 96 | (unsigned long long) pcap_server->max_size, VTY_NEWLINE); |
Holger Hans Peter Freyther | ad29ce6 | 2016-08-04 18:02:57 +0200 | [diff] [blame] | 97 | if (pcap_server->zmq_port > 0) |
| 98 | vty_out(vty, " zeromq-publisher %s %d%s", |
| 99 | pcap_server->zmq_ip, pcap_server->zmq_port, VTY_NEWLINE); |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 100 | |
Holger Hans Peter Freyther | cf29fd7 | 2016-09-06 20:27:32 +0200 | [diff] [blame] | 101 | write_tls(vty, pcap_server); |
| 102 | |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 103 | llist_for_each_entry(conn, &pcap_server->conn, entry) { |
Holger Hans Peter Freyther | ff3314e | 2016-09-06 14:26:17 +0200 | [diff] [blame] | 104 | vty_out(vty, " client %s %s%s%s%s", |
Holger Hans Peter Freyther | 2899428 | 2016-08-04 16:14:38 +0200 | [diff] [blame] | 105 | conn->name, conn->remote_host, |
Holger Hans Peter Freyther | ff3314e | 2016-09-06 14:26:17 +0200 | [diff] [blame] | 106 | conn->no_store ? " no-store" : " store", |
| 107 | conn->tls_use ? " tls" : "", |
Holger Hans Peter Freyther | 2899428 | 2016-08-04 16:14:38 +0200 | [diff] [blame] | 108 | VTY_NEWLINE); |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 109 | } |
| 110 | |
| 111 | return CMD_SUCCESS; |
| 112 | } |
| 113 | |
| 114 | DEFUN(cfg_server, |
| 115 | cfg_server_cmd, |
| 116 | "server", |
| 117 | "Enter the server configuration\n") |
| 118 | { |
| 119 | vty->node = SERVER_NODE; |
| 120 | return CMD_SUCCESS; |
| 121 | } |
| 122 | |
| 123 | DEFUN(cfg_server_base, |
| 124 | cfg_server_base_cmd, |
| 125 | "base-path PATH", |
| 126 | "Base path for log files\n" "Path\n") |
| 127 | { |
| 128 | talloc_free(pcap_server->base_path); |
| 129 | pcap_server->base_path = talloc_strdup(pcap_server, argv[0]); |
| 130 | return CMD_SUCCESS; |
| 131 | } |
| 132 | |
| 133 | DEFUN(cfg_server_ip, |
| 134 | cfg_server_ip_cmd, |
| 135 | "server ip A.B.C.D", |
| 136 | SERVER_STR "Listen\n" "IP Address\n") |
| 137 | { |
| 138 | talloc_free(pcap_server->addr); |
| 139 | pcap_server->addr = talloc_strdup(pcap_server, argv[0]); |
| 140 | return CMD_SUCCESS; |
| 141 | } |
| 142 | |
| 143 | DEFUN(cfg_server_port, |
| 144 | cfg_server_port_cmd, |
| 145 | "server port <1-65535>", |
| 146 | SERVER_STR "Port\n" "Port Number\n") |
| 147 | { |
| 148 | pcap_server->port = atoi(argv[0]); |
| 149 | return CMD_SUCCESS; |
| 150 | } |
| 151 | |
Holger Hans Peter Freyther | dea9e8b | 2011-06-10 15:23:04 +0200 | [diff] [blame] | 152 | DEFUN(cfg_server_max_size, |
| 153 | cfg_server_max_size_cmd, |
| 154 | "max-file-size NR", |
| 155 | "Maximum file size for a trace\n" "Filesize in bytes\n") |
| 156 | { |
| 157 | pcap_server->max_size = strtoull(argv[0], NULL, 10); |
| 158 | return CMD_SUCCESS; |
| 159 | } |
| 160 | |
Holger Hans Peter Freyther | ff3314e | 2016-09-06 14:26:17 +0200 | [diff] [blame] | 161 | static int manage_client(struct osmo_pcap_server *pcap_server, |
| 162 | struct vty *vty, |
| 163 | const char *name, const char *remote_host, |
| 164 | bool no_store, bool use_tls) |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 165 | { |
| 166 | struct osmo_pcap_conn *conn; |
Holger Hans Peter Freyther | ff3314e | 2016-09-06 14:26:17 +0200 | [diff] [blame] | 167 | conn = osmo_pcap_server_find(pcap_server, name); |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 168 | if (!conn) { |
| 169 | vty_out(vty, "Failed to create a pcap server.\n"); |
| 170 | return CMD_WARNING; |
| 171 | } |
| 172 | |
| 173 | talloc_free(conn->remote_host); |
Holger Hans Peter Freyther | ff3314e | 2016-09-06 14:26:17 +0200 | [diff] [blame] | 174 | conn->remote_host = talloc_strdup(pcap_server, remote_host); |
| 175 | inet_aton(remote_host, &conn->remote_addr); |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 176 | |
Holger Hans Peter Freyther | 2899428 | 2016-08-04 16:14:38 +0200 | [diff] [blame] | 177 | /* Checking no-store and maybe closing a pcap file */ |
Holger Hans Peter Freyther | ff3314e | 2016-09-06 14:26:17 +0200 | [diff] [blame] | 178 | if (no_store) { |
Holger Hans Peter Freyther | e024869 | 2016-08-05 15:47:08 +0200 | [diff] [blame] | 179 | osmo_pcap_server_close_trace(conn); |
Holger Hans Peter Freyther | 2899428 | 2016-08-04 16:14:38 +0200 | [diff] [blame] | 180 | conn->no_store = 1; |
| 181 | } else |
| 182 | conn->no_store = 0; |
| 183 | |
Holger Hans Peter Freyther | ff3314e | 2016-09-06 14:26:17 +0200 | [diff] [blame] | 184 | if (use_tls) { |
| 185 | /* force moving to TLS */ |
| 186 | if (!conn->tls_use) |
| 187 | osmo_pcap_server_close_conn(conn); |
| 188 | conn->tls_use = true; |
| 189 | } else { |
| 190 | conn->tls_use = false; |
| 191 | } |
| 192 | |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 193 | return CMD_SUCCESS; |
| 194 | } |
| 195 | |
Holger Hans Peter Freyther | ff3314e | 2016-09-06 14:26:17 +0200 | [diff] [blame] | 196 | |
| 197 | DEFUN(cfg_server_client, |
| 198 | cfg_server_client_cmd, |
| 199 | "client NAME A.B.C.D [no-store] [tls]", |
| 200 | CLIENT_STR "Remote name used in filenames\n" |
| 201 | "IP of the remote\n" "Do not store traffic\n" |
| 202 | "Use Transport Level Security\n") |
| 203 | { |
| 204 | return manage_client(pcap_server, vty, argv[0], argv[1], argc >= 3, argc >= 4); |
| 205 | } |
| 206 | |
| 207 | DEFUN(cfg_server_client_store_tls, |
| 208 | cfg_server_client_store_tls_cmd, |
| 209 | "client NAME A.B.C.D store [tls]", |
| 210 | CLIENT_STR "Remote name used in filenames\n" |
| 211 | "IP of the remote\n" "Do not store traffic\n" |
| 212 | "Use Transport Level Security\n") |
| 213 | { |
| 214 | return manage_client(pcap_server, vty, argv[0], argv[1], false, argc >= 3); |
| 215 | } |
| 216 | |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 217 | DEFUN(cfg_server_no_client, |
| 218 | cfg_server_no_client_cmd, |
| 219 | "no client NAME", |
| 220 | NO_STR CLIENT_STR "The name\n") |
| 221 | { |
| 222 | struct osmo_pcap_conn *conn; |
| 223 | conn = osmo_pcap_server_find(pcap_server, argv[0]); |
| 224 | if (!conn) { |
| 225 | vty_out(vty, "Failed to create a pcap server.\n"); |
| 226 | return CMD_WARNING; |
| 227 | } |
| 228 | |
| 229 | osmo_pcap_server_delete(conn); |
| 230 | return CMD_SUCCESS; |
| 231 | } |
Holger Hans Peter Freyther | 13619dd | 2011-05-31 22:09:08 +0200 | [diff] [blame] | 232 | |
Holger Hans Peter Freyther | ad29ce6 | 2016-08-04 18:02:57 +0200 | [diff] [blame] | 233 | void destroy_zmq(struct vty *vty) |
| 234 | { |
| 235 | if (pcap_server->zmq_publ) { |
| 236 | int rc = zmq_close(pcap_server->zmq_publ); |
| 237 | pcap_server->zmq_publ = NULL; |
| 238 | if (rc != 0) |
| 239 | vty_out(vty, "%%Failed to close publisher rc=%d errno=%d/%s%s", |
| 240 | rc, errno, strerror(errno), VTY_NEWLINE); |
| 241 | } |
| 242 | if (pcap_server->zmq_ctx) { |
| 243 | int rc = zmq_ctx_destroy(pcap_server->zmq_ctx); |
| 244 | pcap_server->zmq_ctx = NULL; |
| 245 | if (rc != 0) |
| 246 | vty_out(vty, "%%Failed to destroy ctx rc=%d errno=%d/%s%s", |
| 247 | rc, errno, strerror(errno), VTY_NEWLINE); |
| 248 | } |
| 249 | } |
| 250 | |
| 251 | DEFUN(cfg_server_zmq_ip_port, |
| 252 | cfg_server_zmq_ip_port_cmd, |
| 253 | "zeromq-publisher (A.B.C.D|*) <1-65535>", |
| 254 | "Enable publishing data to ZeroMQ\n" |
| 255 | "Bind to IPv4 address\n" "Bind to wildcard\n" |
| 256 | "Bind to port\n") |
| 257 | { |
| 258 | int linger, rc; |
| 259 | char *bind_str; |
| 260 | |
| 261 | destroy_zmq(vty); |
| 262 | talloc_free(pcap_server->zmq_ip); |
| 263 | pcap_server->zmq_ip = talloc_strdup(pcap_server, argv[0]); |
| 264 | if (!pcap_server->zmq_ip) { |
| 265 | vty_out(vty, "%%Failed to allocate ip string%s", VTY_NEWLINE); |
| 266 | return CMD_WARNING; |
| 267 | } |
| 268 | pcap_server->zmq_port = atoi(argv[1]); |
| 269 | |
| 270 | pcap_server->zmq_ctx = zmq_ctx_new(); |
| 271 | if (!pcap_server->zmq_ctx) { |
| 272 | vty_out(vty, "%%Failed to create zmq ctx%s", VTY_NEWLINE); |
| 273 | return CMD_WARNING; |
| 274 | } |
| 275 | pcap_server->zmq_publ = zmq_socket(pcap_server->zmq_ctx, ZMQ_PUB); |
| 276 | if (!pcap_server->zmq_publ) { |
| 277 | vty_out(vty, "%%Failed to create zmq publisher%s", VTY_NEWLINE); |
| 278 | destroy_zmq(vty); |
| 279 | return CMD_WARNING; |
| 280 | } |
| 281 | |
| 282 | linger = 0; |
| 283 | rc = zmq_setsockopt(pcap_server->zmq_publ, ZMQ_LINGER, &linger, sizeof(linger)); |
| 284 | if (rc != 0) { |
| 285 | vty_out(vty, "%%Failed to set linger option rc=%d errno=%d/%s%s", |
| 286 | rc, errno, strerror(errno), VTY_NEWLINE); |
| 287 | destroy_zmq(vty); |
| 288 | return CMD_WARNING; |
| 289 | } |
| 290 | |
| 291 | bind_str = talloc_asprintf(pcap_server->zmq_ip, "tcp://%s:%d", |
| 292 | pcap_server->zmq_ip, pcap_server->zmq_port); |
| 293 | rc = zmq_bind(pcap_server->zmq_publ, bind_str); |
| 294 | if (rc != 0) { |
| 295 | vty_out(vty, "%%Failed to bind zmq publ rc=%d errno=%d/%s%s", |
| 296 | rc, errno, strerror(errno), VTY_NEWLINE); |
| 297 | destroy_zmq(vty); |
| 298 | talloc_free(bind_str); |
| 299 | return CMD_WARNING; |
| 300 | } |
| 301 | return CMD_SUCCESS; |
| 302 | } |
| 303 | |
| 304 | DEFUN(cfg_no_server_zmq_ip_port, |
| 305 | cfg_no_server_zmq_ip_port_cmd, |
| 306 | "no zeromq-publisher", |
| 307 | NO_STR "Disable zeromq-publishing\n") |
| 308 | { |
| 309 | destroy_zmq(vty); |
| 310 | talloc_free(pcap_server->zmq_ip); |
| 311 | pcap_server->zmq_ip = NULL; |
| 312 | pcap_server->zmq_port = 0; |
| 313 | return CMD_SUCCESS; |
| 314 | } |
| 315 | |
Holger Hans Peter Freyther | cf29fd7 | 2016-09-06 20:27:32 +0200 | [diff] [blame] | 316 | #define TLS_STR "Transport Layer Security\n" |
| 317 | |
| 318 | DEFUN(cfg_enable_tls, |
| 319 | cfg_enable_tls_cmd, |
| 320 | "enable tls", |
| 321 | "Enable\n" "Transport Layer Security\n") |
| 322 | { |
| 323 | pcap_server->tls_on = true; |
| 324 | return CMD_SUCCESS; |
| 325 | } |
| 326 | |
| 327 | DEFUN(cfg_disable_tls, |
| 328 | cfg_disable_tls_cmd, |
| 329 | "disable tls", |
| 330 | "Disable\n" "Transport Layer Security\n") |
| 331 | { |
| 332 | pcap_server->tls_on = false; |
| 333 | return CMD_SUCCESS; |
| 334 | } |
| 335 | |
| 336 | DEFUN(cfg_tls_log_level, |
| 337 | cfg_tls_log_level_cmd, |
| 338 | "tls log-level <0-255>", |
| 339 | TLS_STR "Log-level\n" "GNUtls debug level\n") |
| 340 | { |
| 341 | pcap_server->tls_log_level = atoi(argv[0]); |
| 342 | return CMD_SUCCESS; |
| 343 | } |
| 344 | |
| 345 | DEFUN(cfg_tls_allow_anon, |
| 346 | cfg_tls_allow_anon_cmd, |
| 347 | "tls allow-auth anonymous", |
| 348 | TLS_STR "allow authentication\n" "for anonymous\n") |
| 349 | { |
| 350 | pcap_server->tls_allow_anon = true; |
| 351 | return CMD_SUCCESS; |
| 352 | } |
| 353 | |
| 354 | DEFUN(cfg_no_tls_allow_anon, |
| 355 | cfg_no_tls_allow_anon_cmd, |
| 356 | "no tls allow-auth anonymous", |
| 357 | NO_STR TLS_STR "allow authentication\n" "for anonymous\n") |
| 358 | { |
| 359 | pcap_server->tls_allow_anon = false; |
| 360 | return CMD_SUCCESS; |
| 361 | } |
| 362 | |
| 363 | DEFUN(cfg_tls_allow_x509, |
| 364 | cfg_tls_allow_x509_cmd, |
| 365 | "tls allow-auth x509", |
| 366 | TLS_STR "allow authentication\n" "for certificates\n") |
| 367 | { |
| 368 | pcap_server->tls_allow_x509 = true; |
| 369 | return CMD_SUCCESS; |
| 370 | } |
| 371 | |
| 372 | DEFUN(cfg_no_tls_allow_x509, |
| 373 | cfg_no_tls_allow_x509_cmd, |
| 374 | "no tls allow-auth x509", |
| 375 | NO_STR TLS_STR "allow authentication\n" "for certificates\n") |
| 376 | { |
| 377 | pcap_server->tls_allow_x509 = false; |
| 378 | return CMD_SUCCESS; |
| 379 | } |
| 380 | |
| 381 | DEFUN(cfg_tls_priority, |
| 382 | cfg_tls_priority_cmd, |
| 383 | "tls priority STR", |
| 384 | TLS_STR "Priority string for GNUtls\n" "Priority string\n") |
| 385 | { |
| 386 | talloc_free(pcap_server->tls_priority); |
| 387 | pcap_server->tls_priority = talloc_strdup(pcap_server, argv[0]); |
| 388 | return CMD_SUCCESS; |
| 389 | } |
| 390 | |
| 391 | DEFUN(cfg_no_tls_priority, |
| 392 | cfg_no_tls_priority_cmd, |
| 393 | "no tls priority", |
| 394 | NO_STR TLS_STR "Priority string for GNUtls\n") |
| 395 | { |
| 396 | talloc_free(pcap_server->tls_priority); |
| 397 | pcap_server->tls_priority = NULL; |
| 398 | return CMD_SUCCESS; |
| 399 | } |
| 400 | |
| 401 | DEFUN(cfg_tls_capath, |
| 402 | cfg_tls_capath_cmd, |
| 403 | "tls capath .PATH", |
| 404 | TLS_STR "Trusted root certificates\n" "Filename\n") |
| 405 | { |
| 406 | talloc_free(pcap_server->tls_capath); |
| 407 | pcap_server->tls_capath = talloc_strdup(pcap_server, argv[0]); |
| 408 | return CMD_SUCCESS; |
| 409 | } |
| 410 | |
| 411 | DEFUN(cfg_no_tls_capath, |
| 412 | cfg_no_tls_capath_cmd, |
| 413 | "no tls capath", |
| 414 | NO_STR TLS_STR "Trusted root certificates\n") |
| 415 | { |
| 416 | talloc_free(pcap_server->tls_capath); |
| 417 | pcap_server->tls_capath = NULL; |
| 418 | return CMD_SUCCESS; |
| 419 | } |
| 420 | |
| 421 | DEFUN(cfg_tls_crlfile, |
| 422 | cfg_tls_crlfile_cmd, |
| 423 | "tls crlfile .PATH", |
| 424 | TLS_STR "CRL file\n" "Filename\n") |
| 425 | { |
| 426 | talloc_free(pcap_server->tls_crlfile); |
| 427 | pcap_server->tls_crlfile = talloc_strdup(pcap_server, argv[0]); |
| 428 | return CMD_SUCCESS; |
| 429 | } |
| 430 | |
| 431 | DEFUN(cfg_no_tls_crlfile, |
| 432 | cfg_no_tls_crlfile_cmd, |
| 433 | "no tls crlfile", |
| 434 | NO_STR TLS_STR "CRL file\n") |
| 435 | { |
| 436 | talloc_free(pcap_server->tls_crlfile); |
| 437 | pcap_server->tls_crlfile = NULL; |
| 438 | return CMD_SUCCESS; |
| 439 | } |
| 440 | |
| 441 | DEFUN(cfg_tls_server_cert, |
| 442 | cfg_tls_server_cert_cmd, |
| 443 | "tls server-cert .PATH", |
| 444 | TLS_STR "Server certificate\n" "Filename\n") |
| 445 | { |
| 446 | talloc_free(pcap_server->tls_server_cert); |
| 447 | pcap_server->tls_server_cert = talloc_strdup(pcap_server, argv[0]); |
| 448 | return CMD_SUCCESS; |
| 449 | } |
| 450 | |
| 451 | DEFUN(cfg_no_tls_server_cert, |
| 452 | cfg_no_tls_server_cert_cmd, |
| 453 | "no tls server-cert", |
| 454 | NO_STR TLS_STR "Server certificate\n") |
| 455 | { |
| 456 | talloc_free(pcap_server->tls_server_cert); |
| 457 | pcap_server->tls_server_cert = NULL; |
| 458 | return CMD_SUCCESS; |
| 459 | } |
| 460 | |
| 461 | DEFUN(cfg_tls_server_key, |
| 462 | cfg_tls_server_key_cmd, |
| 463 | "tls server-key .PATH", |
| 464 | TLS_STR "Server private key\n" "Filename\n") |
| 465 | { |
| 466 | talloc_free(pcap_server->tls_server_key); |
| 467 | pcap_server->tls_server_key = talloc_strdup(pcap_server, argv[0]); |
| 468 | return CMD_SUCCESS; |
| 469 | } |
| 470 | |
| 471 | DEFUN(cfg_no_tls_server_key, |
| 472 | cfg_no_tls_server_key_cmd, |
| 473 | "no tls server-key", |
| 474 | NO_STR TLS_STR "Server private key\n") |
| 475 | { |
| 476 | talloc_free(pcap_server->tls_server_key); |
| 477 | pcap_server->tls_server_key = NULL; |
| 478 | return CMD_SUCCESS; |
| 479 | } |
| 480 | |
| 481 | DEFUN(cfg_tls_dh_pkcs3, |
| 482 | cfg_tls_dh_pkcs3_cmd, |
| 483 | "tls dh pkcs .FILE", |
| 484 | TLS_STR "Diffie-Hellman Key Exchange\n" "PKCS3\n" "Filename\n") |
| 485 | { |
| 486 | talloc_free(pcap_server->tls_dh_pkcs3); |
| 487 | pcap_server->tls_dh_pkcs3 = talloc_strdup(pcap_server, argv[0]); |
| 488 | |
| 489 | osmo_tls_dh_load(pcap_server); |
| 490 | return CMD_SUCCESS; |
| 491 | } |
| 492 | |
| 493 | DEFUN(cfg_tls_dh_generate, |
| 494 | cfg_tls_dh_generate_cmd, |
| 495 | "tls dh generate", |
| 496 | TLS_STR "Diffie-Hellman Key Exchange\n" "Generate prime\n") |
| 497 | { |
| 498 | talloc_free(pcap_server->tls_dh_pkcs3); |
| 499 | pcap_server->tls_dh_pkcs3 = NULL; |
| 500 | |
| 501 | osmo_tls_dh_generate(pcap_server); |
| 502 | return CMD_SUCCESS; |
| 503 | } |
| 504 | |
Holger Hans Peter Freyther | 13619dd | 2011-05-31 22:09:08 +0200 | [diff] [blame] | 505 | void vty_server_init(struct osmo_pcap_server *server) |
| 506 | { |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 507 | install_element(CONFIG_NODE, &cfg_server_cmd); |
| 508 | install_node(&server_node, config_write_server); |
| 509 | install_default(SERVER_NODE); |
| 510 | |
| 511 | install_element(SERVER_NODE, &cfg_server_base_cmd); |
| 512 | install_element(SERVER_NODE, &cfg_server_ip_cmd); |
| 513 | install_element(SERVER_NODE, &cfg_server_port_cmd); |
Holger Hans Peter Freyther | dea9e8b | 2011-06-10 15:23:04 +0200 | [diff] [blame] | 514 | install_element(SERVER_NODE, &cfg_server_max_size_cmd); |
Holger Hans Peter Freyther | ad29ce6 | 2016-08-04 18:02:57 +0200 | [diff] [blame] | 515 | install_element(SERVER_NODE, &cfg_server_zmq_ip_port_cmd); |
| 516 | install_element(SERVER_NODE, &cfg_no_server_zmq_ip_port_cmd); |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 517 | |
Holger Hans Peter Freyther | cf29fd7 | 2016-09-06 20:27:32 +0200 | [diff] [blame] | 518 | /* tls for the server */ |
| 519 | install_element(SERVER_NODE, &cfg_enable_tls_cmd); |
| 520 | install_element(SERVER_NODE, &cfg_disable_tls_cmd); |
| 521 | install_element(SERVER_NODE, &cfg_tls_log_level_cmd); |
| 522 | install_element(SERVER_NODE, &cfg_tls_allow_anon_cmd); |
| 523 | install_element(SERVER_NODE, &cfg_no_tls_allow_anon_cmd); |
| 524 | install_element(SERVER_NODE, &cfg_tls_allow_x509_cmd); |
| 525 | install_element(SERVER_NODE, &cfg_no_tls_allow_x509_cmd); |
| 526 | install_element(SERVER_NODE, &cfg_tls_priority_cmd); |
| 527 | install_element(SERVER_NODE, &cfg_no_tls_priority_cmd); |
| 528 | install_element(SERVER_NODE, &cfg_tls_capath_cmd); |
| 529 | install_element(SERVER_NODE, &cfg_no_tls_capath_cmd); |
| 530 | install_element(SERVER_NODE, &cfg_tls_crlfile_cmd); |
| 531 | install_element(SERVER_NODE, &cfg_no_tls_crlfile_cmd); |
| 532 | install_element(SERVER_NODE, &cfg_tls_server_cert_cmd); |
| 533 | install_element(SERVER_NODE, &cfg_no_tls_server_cert_cmd); |
| 534 | install_element(SERVER_NODE, &cfg_tls_server_key_cmd); |
| 535 | install_element(SERVER_NODE, &cfg_no_tls_server_key_cmd); |
| 536 | install_element(SERVER_NODE, &cfg_tls_dh_generate_cmd); |
| 537 | install_element(SERVER_NODE, &cfg_tls_dh_pkcs3_cmd); |
| 538 | |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 539 | install_element(SERVER_NODE, &cfg_server_client_cmd); |
Holger Hans Peter Freyther | ff3314e | 2016-09-06 14:26:17 +0200 | [diff] [blame] | 540 | install_element(SERVER_NODE, &cfg_server_client_store_tls_cmd); |
Holger Hans Peter Freyther | 9f6127f | 2011-05-31 22:52:41 +0200 | [diff] [blame] | 541 | install_element(SERVER_NODE, &cfg_server_no_client_cmd); |
Holger Hans Peter Freyther | 13619dd | 2011-05-31 22:09:08 +0200 | [diff] [blame] | 542 | } |