sblim-commit

[Dave H. <hel...@us...>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "sfcb - Small Footprint CIM Broker".

The branch, master has been updated
       via  33b9a571c616f26772d0037fc43f9a789b8cb803 (commit)
      from  4bf9669dae5b3e0e6a047afc93e0cdfd20a33ffd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 33b9a571c616f26772d0037fc43f9a789b8cb803
Author: Dave Heller <hel...@us...>
Date:   Mon Sep 16 01:30:00 2013 -0400

    [sfcb-tix:#70] Reload SSL context-without restarting httpd

-----------------------------------------------------------------------

Summary of changes:
 control.c     |   52 +++++++++++++++++++++++++++++-----------------------
 httpAdapter.c |   41 ++++++++++++++++++++++++++++++++++++++---
 sfcBroker.c   |   22 ++++++++++++++++++++--
 trace.c       |    2 ++
 4 files changed, 89 insertions(+), 28 deletions(-)

diff --git a/control.c b/control.c
index eb6c8f9..f1dc7de 100644
--- a/control.c
+++ b/control.c
@@ -73,7 +73,7 @@ char           *ip6List= NULL;
 
 /* Control initial values
  { property, type, string value, numeric value} */
-Control         init[] = {
+static Control init[] = {
   {"ip4AddrList", CTL_STRING, NULL, {0}},
   {"ip6AddrList", CTL_STRING, NULL, {0}},
   {"httpPort", CTL_LONG, NULL, {.slong=5988}},
@@ -149,22 +149,25 @@ Control         init[] = {
   {"indicationCurlTimeout", CTL_LONG, NULL, {.slong=10}},
 };
 
+static Control *cache;
+
 void
 sunsetControl()
 {
   int             i,
                   m;
   for (i = 0, m = sizeof(init) / sizeof(Control); i < m; i++) {
-    if (init[i].dupped)
-      if(init[i].dupped) {
-        free(init[i].strValue);
-        init[i].dupped = 0;
-      }
+    if(cache[i].dupped) {
+      free(cache[i].strValue);
+      cache[i].dupped = 0;
+    }
   }
   if (ct) {
     ct->ft->release(ct);
     ct=NULL;
   }
+  if (cache)
+    free(cache);
 }
 
 static int 
@@ -225,8 +228,11 @@ setupControl(char *fn)
   ct = UtilFactory->newHashTable(61, UtilHashTable_charKey |
                                  UtilHashTable_ignoreKeyCase);
 
+  cache = malloc(sizeof(init));
+  memcpy(cache, init, sizeof(init));
+
   for (i = 0, m = sizeof(init) / sizeof(Control); i < m; i++) {
-    ct->ft->put(ct, init[i].id, &init[i]);
+    ct->ft->put(ct, cache[i].id, &cache[i]);
   }
 
   /* run through the config file lines */
@@ -244,18 +250,18 @@ setupControl(char *fn)
       break;
     case 2:
       for (i = 0; i < sizeof(init) / sizeof(Control); i++) {
-        if (strcmp(rv.id, init[i].id) == 0) {
+        if (strcmp(rv.id, cache[i].id) == 0) {
           /* unstripped character string */
-          if (init[i].type == CTL_USTRING) {
-            init[i].strValue = strdup(rv.val);
-            if (strchr(init[i].strValue, '\n'))
-              *(strchr(init[i].strValue, '\n')) = 0;
-            init[i].dupped = 1;
+          if (cache[i].type == CTL_USTRING) {
+            cache[i].strValue = strdup(rv.val);
+            if (strchr(cache[i].strValue, '\n'))
+              *(strchr(cache[i].strValue, '\n')) = 0;
+            cache[i].dupped = 1;
           }
           /* string */
-          else if (init[i].type == CTL_STRING) {
-            init[i].strValue = strdup(cntlGetVal(&rv));
-            init[i].dupped = 1;
+          else if (cache[i].type == CTL_STRING) {
+            cache[i].strValue = strdup(cntlGetVal(&rv));
+            cache[i].dupped = 1;
           }
           /* numeric */
           else {
@@ -264,14 +270,14 @@ setupControl(char *fn)
             long slval;
             unsigned long ulval;
 
-            switch (init[i].type) {
+            switch (cache[i].type) {
 
             case CTL_BOOL:
               if (strcasecmp(val, "true") == 0) {
-                init[i].intValue.b = 1;
+                cache[i].intValue.b = 1;
               }
               else if (strcasecmp(val, "false") == 0) {
-                init[i].intValue.b = 0;
+                cache[i].intValue.b = 0;
               }
               else {
                 err = 1;
@@ -280,12 +286,12 @@ setupControl(char *fn)
 
             case CTL_LONG:
               slval = strtol(val, NULL, 0);
-              init[i].intValue.slong = slval;
+              cache[i].intValue.slong = slval;
               break;
 
             case CTL_ULONG:
               if (getUNum(val, &ulval, ULONG_MAX) == 0) {
-                init[i].intValue.ulong = ulval;
+                cache[i].intValue.ulong = ulval;
               }
               else {
                 err = 1;
@@ -294,7 +300,7 @@ setupControl(char *fn)
 
             case CTL_UINT:
               if (getUNum(val, &ulval, UINT_MAX) == 0) {
-                init[i].intValue.uint = (unsigned int)ulval;
+                cache[i].intValue.uint = (unsigned int)ulval;
               }
               else {
                 err = 1;
@@ -303,7 +309,7 @@ setupControl(char *fn)
             }
 
             if (!err) {
-              ct->ft->put(ct, init[i].id, &init[i]);
+              ct->ft->put(ct, cache[i].id, &cache[i]);
             }
 
           }
diff --git a/httpAdapter.c b/httpAdapter.c
index 66b84d7..6aee6f4 100644
--- a/httpAdapter.c
+++ b/httpAdapter.c
@@ -112,8 +112,10 @@ static X509    *x509 = NULL;
 int             ccVerifyMode = CC_VERIFY_IGNORE;
 static int      get_cert(int, X509_STORE_CTX *);
 static int      ccValidate(X509 *, char **, int);
-static int	load_cert(const char *);
-static void	print_cert(const char *cert_file, const STACK_OF(X509_NAME) *);
+static int      load_cert(const char *);
+static void     print_cert(const char *cert_file, const STACK_OF(X509_NAME) *);
+static int      sslReloadRequested = 0;
+static void     initSSL();
 #endif
 
 /* return codes used by baValidate */
@@ -401,6 +403,24 @@ handleSigUsr1(int __attribute__ ((unused)) sig)
   }
 }
 
+static void handleSigUsr2(int __attribute__ ((unused)) sig)
+{
+#ifndef LOCAL_CONNECT_ONLY_ENABLE
+#if defined USE_SSL
+  if (sfcbSSLMode) {
+    if (sslReloadRequested) {
+      mlogf(M_ERROR,M_SHOW,"--- %s (%d): SSL context reload already in progress\n",
+          processName,getpid());
+    } else {
+      mlogf(M_ERROR,M_SHOW,"--- %s (%d): SSL context reload requested\n",
+          processName,getpid());
+      sslReloadRequested = 1;
+    }
+  }
+#endif // USE_SSL
+#endif // LOCAL_CONNECT_ONLY_ENABLE
+}
+
 static void handleSigPipe(int __attribute__ ((unused)) sig)
 {
   exit(1);
@@ -1997,6 +2017,10 @@ initSSL()
                  *fcert,
                  *sslCiphers;
   int             rc;
+
+  if (ctx)
+    SSL_CTX_free(ctx);
+
   ctx = SSL_CTX_new(SSLv23_method());
   getControlChars("sslCertificateFilePath", &fnc);
   _SFCB_TRACE(1, ("---  sslCertificateFilePath = %s", fnc));
@@ -2050,6 +2074,7 @@ initSSL()
   if (SSL_CTX_set_cipher_list(ctx, sslCiphers) != 1)
     intSSLerror("Error setting cipher list (no valid ciphers)");
 
+  sslReloadRequested = 0;
 }
 #endif                          // USE_SSL
 
@@ -2264,7 +2289,7 @@ httpDaemon(int argc, char *argv[], int sslMode, char *ipAddr,
   setSignal(SIGINT, SIG_IGN, 0);
   setSignal(SIGTERM, SIG_IGN, 0);
   setSignal(SIGHUP, SIG_IGN, 0);
-  setSignal(SIGUSR2, SIG_IGN, 0);
+  setSignal(SIGUSR2, handleSigUsr2, 0);
   setSignal(SIGPIPE, handleSigPipe,0);
 
 #if defined USE_SSL
@@ -2312,6 +2337,16 @@ httpDaemon(int argc, char *argv[], int sslMode, char *ipAddr,
 
     if (stopAccepting)
       break;
+
+#ifdef USE_SSL
+    if (sslReloadRequested) {
+      sunsetControl();
+      setupControl(configfile);
+      initSSL();
+      sleep(1);
+      continue;
+    }
+#endif                          // USE_SSL
     if (rc < 0) {
       if (errno == EINTR || errno == EAGAIN) {
         continue;
diff --git a/sfcBroker.c b/sfcBroker.c
index bc07632..8fe6788 100644
--- a/sfcBroker.c
+++ b/sfcBroker.c
@@ -394,6 +394,12 @@ handleSigChld(int __attribute__ ((unused)) sig)
   errno = oerrno;
 }
 
+static int 
+reStartHttpd(void)
+{
+   return startHttpd(restartArgc, restartArgv, sslMode);
+}
+
 static void
 handleSigUsr2(int __attribute__ ((unused)) sig)
 {
@@ -401,7 +407,15 @@ handleSigUsr2(int __attribute__ ((unused)) sig)
    struct timespec waitTime;
    int sa=0;
 
-   inaHttpdRestart=1;
+   if (inaHttpdRestart) {
+     mlogf(M_ERROR,M_SHOW,"--- %s (%d): HTTP daemon restart already in progress\n",
+         processName,getpid());
+     return;
+   } else {
+     mlogf(M_ERROR,M_SHOW,"--- %s (%d): HTTP daemon restart requested\n",
+         processName,getpid());
+     inaHttpdRestart = 1;
+   }
    while(!adaptersStopped) {
        pthread_mutex_lock(&sdMtx);
        waitTime.tv_sec=time(NULL)+1; //5
@@ -420,7 +434,11 @@ handleSigUsr2(int __attribute__ ((unused)) sig)
    }
 
    fprintf(stderr,"--- Restarting http adapters...\n");
-   startHttpd(restartArgc, restartArgv, sslMode);
+   pthread_t       t;
+   pthread_attr_t  tattr;
+   pthread_attr_init(&tattr);
+   pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED);
+   pthread_create(&t, &tattr, (void *(*)(void *)) reStartHttpd, NULL);
    adaptersStopped=0;
    inaHttpdRestart=0;
 #endif // LOCAL_CONNECT_ONLY_ENABLE
diff --git a/trace.c b/trace.c
index 53767b4..d7f30db 100644
--- a/trace.c
+++ b/trace.c
@@ -291,6 +291,8 @@ setSignal(int sn, sigHandler * sh, int flags)
 
   if (sn == SIGALRM)
     newh.sa_flags |= SA_INTERRUPT;
+  else if (sn == SIGUSR2)
+    newh.sa_flags |= SA_NODEFER;
 
   if (sigaction(sn, &newh, &oldh) < 0)
     return SIG_ERR;


hooks/post-receive
-- 
sfcb - Small Footprint CIM Broker