[Sblim-commit] Git: sfcb - Small Footprint CIM Broker branch, master_1.3, updated. cce7e6179a3de5db3ed4c70d57e1bd6ceea9ea78

[Dave H. <hel...@us...>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "sfcb - Small Footprint CIM Broker".

The branch, master_1.3 has been updated
       via  cce7e6179a3de5db3ed4c70d57e1bd6ceea9ea78 (commit)
      from  eb187a794985689cc1c84adbe6192697c30e6dec (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cce7e6179a3de5db3ed4c70d57e1bd6ceea9ea78
Author: Dave Heller <hel...@us...>
Date:   Mon Sep 16 01:29:20 2013 -0400

    [sfcb-tix:#70] Reload SSL context-without restarting httpd

-----------------------------------------------------------------------

Summary of changes:
 control.c     |   41 ++++++++++++++++++++++++-----------------
 httpAdapter.c |   37 ++++++++++++++++++++++++++++++++++++-
 sfcBroker.c   |   21 +++++++++++++++++++--
 trace.c       |    2 ++
 4 files changed, 81 insertions(+), 20 deletions(-)

diff --git a/control.c b/control.c
index 60a4eaa..bc40e5c 100644
--- a/control.c
+++ b/control.c
@@ -60,7 +60,7 @@ char * configfile = NULL;
 // Control initial values
 // { property, type, value}
 // Type: 0=string, 1=num, 2=bool, 3=unstripped string
-Control init[] = {
+static Control init[] = {
    {"httpPort",         1, "5988"},
    {"enableHttp",       2, "true"},
    {"enableUds",        2, "true"},
@@ -139,19 +139,23 @@ Control init[] = {
    {"indicationCurlTimeout",1,"10"},
 };
 
+static Control *cache;
+
 void sunsetControl()
 {
    int i,m;
    for (i = 0, m = sizeof(init) / sizeof(Control); i < m; i++) {
-      if(init[i].dupped) {
-	 free(init[i].strValue);
-	 init[i].dupped = 0;
+      if(cache[i].dupped) {
+         free(cache[i].strValue);
+         cache[i].dupped = 0;
       }
    }
    if (ct) {
       ct->ft->release(ct);
       ct=NULL;
    }
+   if (cache)
+     free(cache);
 }
 
 int setupControl(char *fn)
@@ -168,8 +172,11 @@ int setupControl(char *fn)
    ct = UtilFactory->newHashTable(61, UtilHashTable_charKey |
                 UtilHashTable_ignoreKeyCase);
 
+   cache = malloc(sizeof(init));
+   memcpy(cache, init, sizeof(init));
+
    for (i = 0, m = sizeof(init) / sizeof(Control); i < m; i++) {
-      ct->ft->put(ct, init[i].id, &init[i]);
+      ct->ft->put(ct, cache[i].id, &cache[i]);
    }
 
    if (fn) {
@@ -207,19 +214,19 @@ int setupControl(char *fn)
          break;
       case 2:
          for (i=0; i<sizeof(init)/sizeof(Control); i++) {
-            if (strcmp(rv.id, init[i].id) == 0) {
-	      if (init[i].type == 3) {
-		/* unstripped character string */
-		init[i].strValue=strdup(rv.val);
-		if (strchr(init[i].strValue,'\n'))
-		  *(strchr(init[i].strValue,'\n')) = 0;
-                init[i].dupped=1; 
-	      } 
+            if (strcmp(rv.id, cache[i].id) == 0) {
+              if (cache[i].type == 3) {
+                /* unstripped character string */
+                cache[i].strValue=strdup(rv.val);
+                if (strchr(cache[i].strValue,'\n'))
+                  *(strchr(cache[i].strValue,'\n')) = 0;
+                cache[i].dupped=1; 
+              } 
               else {
-		init[i].strValue=strdup(cntlGetVal(&rv));
-                init[i].dupped=1; 
-	      }
-	      goto ok;
+                cache[i].strValue=strdup(cntlGetVal(&rv));
+                cache[i].dupped=1; 
+              }
+              goto ok;
             }
          }
          mlogf(M_ERROR,M_SHOW,"--- invalid control statement: \n\t%d: %s\n", n, stmt);
diff --git a/httpAdapter.c b/httpAdapter.c
index 98b6757..01397dc 100644
--- a/httpAdapter.c
+++ b/httpAdapter.c
@@ -105,6 +105,8 @@ static X509    *x509 = NULL;
 int ccVerifyMode = CC_VERIFY_IGNORE;
 static int get_cert(int,X509_STORE_CTX*);
 static int ccValidate(X509*, char**, int);
+static int sslReloadRequested = 0;
+static void initSSL();
 #endif
 
 /* return codes used by baValidate */
@@ -337,6 +339,24 @@ static void handleSigUsr1(int sig)
    }
 }
 
+static void handleSigUsr2(int __attribute__ ((unused)) sig)
+{
+#ifndef LOCAL_CONNECT_ONLY_ENABLE
+#if defined USE_SSL
+  if (sfcbSSLMode) {
+    if (sslReloadRequested) {
+      mlogf(M_ERROR,M_SHOW,"--- %s (%d): SSL context reload already in progress\n",
+          processName,getpid());
+    } else {
+      mlogf(M_ERROR,M_SHOW,"--- %s (%d): SSL context reload requested\n",
+          processName,getpid());
+      sslReloadRequested = 1;
+    }
+  }
+#endif // USE_SSL
+#endif // LOCAL_CONNECT_ONLY_ENABLE
+}
+
 static void freeBuffer(Buffer * b)
 {
    Buffer emptyBuf = { NULL, NULL, 0, 0, 0, 0, 0 , NULL, NULL, NULL, NULL, NULL, NULL, NULL};
@@ -1682,6 +1702,10 @@ initSSL()
                  *fnl,
                  *sslCiphers;
   int             rc;
+
+  if (ctx)
+    SSL_CTX_free(ctx);
+
   ctx = SSL_CTX_new(SSLv23_method());
   getControlChars("sslCertificateFilePath", &fnc);
   _SFCB_TRACE(1, ("---  sslCertificateFilePath = %s", fnc));
@@ -1733,6 +1757,7 @@ initSSL()
   if (SSL_CTX_set_cipher_list(ctx, sslCiphers) != 1)
     intSSLerror("Error setting cipher list (no valid ciphers)");
 
+  sslReloadRequested = 0;
 }
 #endif                          // USE_SSL
 
@@ -1974,7 +1999,7 @@ int httpDaemon(int argc, char *argv[], int sslMode, int sfcbPid)
   setSignal(SIGINT, SIG_IGN, 0);
   setSignal(SIGTERM, SIG_IGN, 0);
   setSignal(SIGHUP, SIG_IGN, 0);
-  setSignal(SIGUSR2, SIG_IGN, 0);
+  setSignal(SIGUSR2, handleSigUsr2, 0);
 
 #if defined USE_SSL
   if (sslMode) {
@@ -2015,6 +2040,16 @@ int httpDaemon(int argc, char *argv[], int sslMode, int sfcbPid)
 
     if (stopAccepting)
       break;
+
+#ifdef USE_SSL
+    if (sslReloadRequested) {
+      sunsetControl();
+      setupControl(configfile);
+      initSSL();
+      sleep(1);
+      continue;
+    }
+#endif                          // USE_SSL
     if (rc < 0) {
       if (errno == EINTR || errno == EAGAIN) {
         continue;
diff --git a/sfcBroker.c b/sfcBroker.c
index 9a04d77..234efa6 100644
--- a/sfcBroker.c
+++ b/sfcBroker.c
@@ -369,13 +369,26 @@ static void handleSigChld(int sig)
    errno = oerrno;
 }
 
+static int reStartHttpd(void)
+{
+   return startHttpd(restartArgc, restartArgv, sslMode);
+}
+
 static void handleSigUsr2(int sig)
 {
 #ifndef LOCAL_CONNECT_ONLY_ENABLE
    struct timespec waitTime;
    int rc, sa=0;
 
-   inaHttpdRestart=1;
+   if (inaHttpdRestart) {
+     mlogf(M_ERROR,M_SHOW,"--- %s (%d): HTTP daemon restart already in progress\n",
+         processName,getpid());
+     return;
+   } else {
+     mlogf(M_ERROR,M_SHOW,"--- %s (%d): HTTP daemon restart requested\n",
+         processName,getpid());
+     inaHttpdRestart = 1;
+   }
    while(!adaptersStopped) {
        pthread_mutex_lock(&sdMtx);
        waitTime.tv_sec=time(NULL)+1; //5
@@ -394,7 +407,11 @@ static void handleSigUsr2(int sig)
    }
 
    fprintf(stderr,"--- Restarting http adapters...\n");
-   startHttpd(restartArgc, restartArgv, sslMode);
+   pthread_t       t;
+   pthread_attr_t  tattr;
+   pthread_attr_init(&tattr);
+   pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED);
+   pthread_create(&t, &tattr, (void *(*)(void *)) reStartHttpd, NULL);
    adaptersStopped=0;
    inaHttpdRestart=0;
 #endif // LOCAL_CONNECT_ONLY_ENABLE
diff --git a/trace.c b/trace.c
index e165e57..98f0070 100644
--- a/trace.c
+++ b/trace.c
@@ -280,6 +280,8 @@ sigHandler *setSignal(int sn, sigHandler * sh, int flags)
 
    if (sn == SIGALRM)
       newh.sa_flags |= SA_INTERRUPT;
+   else if (sn == SIGUSR2)
+      newh.sa_flags |= SA_NODEFER;
 
    if (sigaction(sn, &newh, &oldh) < 0)
       return SIG_ERR;


hooks/post-receive
-- 
sfcb - Small Footprint CIM Broker