Dave M. hip-0.6-hipcfgFiles.patch added support for files-based configuration library. Added autoconf support for --enable-sma-crawler=(config) including use of libtool.

git-svn-id: svn://svn.code.sf.net/p/openhip/code/hip/trunk@6 4c5cb64f-9889-4596-9799-84b02dc3effa

bootstrap.sh

@@ -11,8 +11,10 @@ if [ `uname` = Darwin ]; then
 fi;
 
 echo "Running aclocal..." && aclocal $EXTRA_INC \
+    && echo "Running libtoolize..." && libtoolize --force --copy --automake \
     && echo "Running automake..." && automake --add-missing --copy --foreign \
     && echo "Running autoconf..." && autoconf
 
 echo ""
 echo "You are now ready to run \"./configure\"."
+

config.h.in

@@ -6,6 +6,9 @@
 /* Define to 1 if you have the `bzero' function. */
 #undef HAVE_BZERO
 
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
 /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
 #undef HAVE_DOPRNT
 
@@ -39,6 +42,12 @@
 /* Define to 1 if you have the `ipsec' library (-lipsec). */
 #undef HAVE_LIBIPSEC
 
+/* Define to 1 if you have the `ldap' library (-lldap). */
+#undef HAVE_LIBLDAP
+
+/* Define to 1 if you have the `ldapcpp' library (-lldapcpp). */
+#undef HAVE_LIBLDAPCPP
+
 /* Define to 1 if you have the `pthread' library (-lpthread). */
 #undef HAVE_LIBPTHREAD
 
@@ -142,6 +151,10 @@
 /* Define to 1 if `vfork' works. */
 #undef HAVE_WORKING_VFORK
 
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+   */
+#undef LT_OBJDIR
+
 /* Define to 1 if your C compiler doesn't accept -c and -o together. */
 #undef NO_MINUS_C_MINUS_O
 

configure.ac

@@ -26,6 +26,7 @@ AC_PREREQ(2.59)
 AC_INIT(OpenHIP, 0.6, [openhip-developers@lists.sourceforge.net], openhip)
 AC_CONFIG_SRCDIR([src/protocol/hip_main.c])
 AC_CONFIG_AUX_DIR(config)
+AC_CONFIG_MACRO_DIR(config)
 AM_CONFIG_HEADER([config.h])
 AM_INIT_AUTOMAKE
 
@@ -37,8 +38,11 @@ CFLAGS="$CFLAGS -O3 -Werror -D_GNU_SOURCE"
 sysconfdir=$sysconfdir/hip
 
 # Checks for programs.
+AC_PROG_CXX
 AC_PROG_AWK
 AC_PROG_CC
+AC_PROG_CPP
+AC_PROG_LIBTOOL
 AM_PROG_CC_C_O
 
 # Checks for libraries.
@@ -85,7 +89,6 @@ AC_FUNC_VPRINTF
 AC_CHECK_FUNCS([bzero gethostbyname gethostname gettimeofday inet_ntoa memmove memset pow select socket strchr strerror strncasecmp strrchr strstr uname])
 
 CFLAGS="$CFLAGS -Wall -DCONFIG_HIP -DSYSCONFDIR=\"\\\"\$(sysconfdir)\\\"\" -DLOCALSTATEDIR=\"\\\"\$(localstatedir)\\\"\"  "
-# -Wno-unused
 
 AC_MSG_CHECKING(if --enable-kernel-support option is specified)
 AC_ARG_ENABLE(kernel-support,
@@ -97,7 +100,7 @@ AC_ARG_ENABLE(kernel-support,
 
 AC_MSG_CHECKING(if --enable-sma-crawler option is specified)
 AC_ARG_ENABLE(sma-crawler,
-	[  --enable-sma-crawler      enable SMA crawler extensions],
+	[  --enable-sma-crawler=config  enable SMA crawler with configuration via {files, LDAP, IFMAP}],
 	[enable_sma_crawler=$enable_sma_crawler
 	 AC_MSG_RESULT(yes)],
 	[enable_sma_crawler=default
@@ -195,14 +198,35 @@ fi
 # configure option to define SMA_CRAWLER
 ################################################################################
 if test "$enable_sma_crawler" = "yes"; then
+	enable_sma_crawler="files" ;# default value
+fi
+if test "$enable_sma_crawler" = "files" -o "$enable_sma_crawler" = "LDAP" -o "$enable_sma_crawler" = "IFMAP"; then
 	want_sma_crawler=true
+	want_sma_crawler_files_cfg=false
+	want_sma_crawler_LDAP_cfg=false
+	want_sma_crawler_IFMAP_cfg=false
 	CFLAGS=" -DSMA_CRAWLER $CFLAGS"
 
 	AC_CHECK_LIB([ssl], [SSL_library_init])
 	if test "x$ac_cv_lib_ssl_SSL_library_init" = "xyes"; then
-		AC_MSG_RESULT([OpenSSL library found for SMA crawler extensions])
+		AC_MSG_RESULT(
+			[OpenSSL library found for SMA crawler extensions])
 	else
-		AC_MSG_ERROR([SMA crawler extensions requested but OpenSSL library not found.])
+		AC_MSG_ERROR(
+			[SMA crawler extensions requested but OpenSSL library not found.])
+	fi
+
+	if test "$enable_sma_crawler" = "files"; then
+		AC_MSG_RESULT([Will use file-based configuration library libhipcfgfiles.so])
+		want_sma_crawler_files_cfg=true
+	elif test "$enable_sma_crawler" = "LDAP"; then
+		AC_CHECK_LIB([ldap],ldap_add_ext,,AC_MSG_ERROR([LDAP-based configuration library requested but OpenLDAP development libraries not found. Aborting.]))
+		AC_CHECK_LIB([ldapcpp],main,,AC_MSG_ERROR([LDAP-based configuration library requested but LDAP C++ library not found. Aborting]))
+		AC_MSG_RESULT([Will use LDAP-based configuration library libhipcfgldap.so])
+		want_sma_crawler_LDAP_cfg=true
+	elif test "$enable_sma_crawler" = "IFMAP"; then
+		AC_MSG_RESULT([Will use IFMAP-based configuration library libhipcfgmap.so])
+		want_sma_crawler_IFMAP_cfg=true
 	fi
 
 else
@@ -238,13 +262,19 @@ esac
 # Automake conditionals
 ################################################################################
 AM_CONDITIONAL(WANT_KERNEL, test x$want_kernel = xtrue)
-AM_CONDITIONAL(WANT_SMA_CRAWLER, test x$want_sma_crawler = xtrue)
 AM_CONDITIONAL(WANT_MOBILE_ROUTER, test x$want_mobile_router = xtrue)
 AM_CONDITIONAL(WANT_OSX, test x$want_osx = xtrue)
+AM_CONDITIONAL(WANT_SMA_CRAWLER, test x$want_sma_crawler = xtrue)
+AM_CONDITIONAL(WANT_SMA_CRAWLER_FILES_CFG, 
+	test x$want_sma_crawler_files_cfg = xtrue)
+AM_CONDITIONAL(WANT_SMA_CRAWLER_LDAP_CFG,
+	test x$want_sma_crawler_LDAP_cfg = xtrue)
+AM_CONDITIONAL(WANT_SMA_CRAWLER_IFMAP_CFG,
+	test x$want_sma_crawler_IFMAP_cfg = xtrue)
 
 #AC_SUBST(WANT_KERNEL, $want_kernel)
 
-PKG_CHECK_MODULES(HIP, libxml-2.0)
+PKG_CHECK_MODULES(libxml2, libxml-2.0)
 
 AC_CONFIG_FILES([src/include/hip/hip_version.h
 		 src/linux/openhip.spec
@@ -253,6 +283,7 @@ AC_CONFIG_FILES([src/include/hip/hip_version.h
 		 docs/Doxyfile
 		 Makefile
                  src/Makefile
+		 src/util/Makefile
 		 docs/Makefile])
 AC_OUTPUT
 
@@ -276,6 +307,7 @@ AC_MSG_NOTICE([ ])
 
 if test $want_sma_crawler = true; then
 	AC_MSG_NOTICE([    - building HIP SMA crawler extensions])
+	AC_MSG_NOTICE([    	- will use $enable_sma_crawler-based configuration library])
 else
 	AC_MSG_NOTICE([    - NOT building HIP SMA crawler extensions])
 fi

src/Makefile.am

@@ -62,14 +62,14 @@ hitgen_CFLAGS += -D__MACOSX__
 SRC_USERMODE += mac/hip_mac.c
 endif
 
-INCLUDES = -I./include @HIP_CFLAGS@
-LDADD = @HIP_LIBS@ 
+INCLUDES = -I./include @libxml2_CFLAGS@
+LDADD = @libxml2_LIBS@ 
 
 # SMA craweler support
 if WANT_SMA_CRAWLER
 SRC_UTIL +=	util/cfg-api/hip_cfg_api.c
 SRC_HITGEN +=   util/sc_utils.c
-# SUBDIRS = util/cfg-ldap
+SUBDIRS = util
 endif
 
 # i3 support

src/include/hip/hip_cfg_files.h

@@ -0,0 +1,23 @@
+#ifndef _HIPSPD_FILES_H
+#define _HIPSPD_FILES_H
+#include <openssl/ssl.h>
+#include <openssl/engine.h>
+#include <hip/hip_cfg.h>
+
+class hipCfgFiles : public hipCfg
+{
+public:
+  int loadCfg(struct hip_conf *hc);
+  int closeCfg();
+  int postLocalCert(const char *hit);
+  int verifyCert(const char *url, const hip_hit hit);
+  static hipCfgFiles *getInstance();
+
+private:
+  hipCfgFiles();
+
+private:
+  static hipCfgFiles *_instance;
+};
+
+#endif

src/include/hip/hip_types.h

@@ -881,11 +881,14 @@ struct hip_conf {
 	char *smartcard_openssl_engine;	/* the smartcard openssl engine interface */
 	char *smartcard_openssl_module;	/* the smartcard openssl engine module */
 	__u8 use_local_known_identities; /* use local known_identities file or get it from a server such as Ldap */
-	char *cfg_serv_host;		/* e.g. ldaphost if using ldap for config server*/
+#ifdef SMA_CRAWLER
+	char *cfg_library;		/* filename of configuration library */
+	char *cfg_serv_host;		/* e.g. ldap or ifmap server */
 	__u32 cfg_serv_port;		/* e.g. ldap server port */
 	char *cfg_serv_basedn;          /* e.g. ldap base dn */
 	char *cfg_serv_login_id;        /* e.g. ldap binddn */
 	char *cfg_serv_login_pwd;	/* e.g. ldap bindpw */
+#endif
 	char conf_filename[255];
 	char my_hi_filename[255];
 	char known_hi_filename[255];

src/protocol/hip_main.c

@@ -446,8 +446,13 @@ int main_loop(int argc, char **argv)
 	my_hi_head = NULL;
 #ifdef SMA_CRAWLER
 	hi_node *my_hi;
-	if (hipcfg_init("libhipcfg.so", &HCNF)) {
-		log_(WARN, "Error loading libhipcfg.so\n");
+	if (!HCNF.cfg_library) {
+		log_(ERR, "Must specify <cfg_library> in hip.conf\n");
+		goto hip_main_error_exit;
+	}
+	if (hipcfg_init(HCNF.cfg_library, &HCNF)) {
+		log_(ERR, "Error loading configuration library: %s\n",
+			HCNF.cfg_library);
 		goto hip_main_error_exit;
 	}
 	if (HCNF.use_smartcard) {
@@ -533,7 +538,8 @@ int main_loop(int argc, char **argv)
 	addr_to_str(SA(lsi), lsi_s, INET_ADDRSTRLEN);
 	char cmd[64];
 	sprintf(cmd, "/usr/local/etc/hip/bridge_up.sh %s", lsi_s);
-	system(cmd);
+	ret = system(cmd);
+	log_(NORM, "bridge_up.sh returns %d\n", ret);
 	last_time = time(NULL);
 	ret = getrlimit(RLIMIT_CORE, &limits);
 	log_(NORM, "getrlimit returns %d\n", ret);

src/usermode/hip_esp.c

@@ -193,7 +193,8 @@ int read_private_hosts() {
   }
   while(!feof(fp)) {
           str[0] = 0;
-          fgets(&str[0],255,fp);
+          if (fgets(&str[0],255,fp) == NULL)
+		  break;
           if(isalnum(str[0])) {
                   if(str[strlen(str)-1] == '\n')
                           str[strlen(str)-1] = '\0';

src/util/Makefile.am

@@ -0,0 +1,46 @@
+#
+#
+# Host Identity Protocol
+# Copyright (c) 2006 the Boeing Comapny
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# utils/Makefile.am
+#
+# Author: Jeff Ahrenholz <jeffrey.m.ahrenholz@boeing.com>
+# 
+# This Makefile builds one of three possible configuration libraries,
+# controlled by the ./configure --enable-sma-crawler={file,LDAP,IFMAP} option
+#
+
+if WANT_SMA_CRAWLER_FILES_CFG
+lib_LTLIBRARIES = libhipcfgfiles.la
+SRC_HIPCFGLDAP = cfg-common/hip_cfg.cpp cfg-files/hip_cfg_files.cpp
+libhipcfgfiles_la_CPPFLAGS = -DSMA_CRAWLER -Wall -Woverloaded-virtual -Wcast-qual
+libhipcfgfiles_la_LDFLAGS = -version_info $(VERSION) -release $(VERSION)
+libhipcfgfiles_la_SOURCES = $(SRC_HIPCFGLDAP)
+endif
+
+if WANT_SMA_CRAWLER_LDAP_CFG
+lib_LTLIBRARIES = libhipcfgldap.la
+SRC_HIPCFGLDAP = cfg-common/hip_cfg.cpp cfg-ldap/hip_cfg_ldap.cpp
+libhipcfgldap_la_CPPFLAGS = -DSMA_CRAWLER -Wall -Woverloaded-virtual -Wcast-qual
+libhipcfgldap_la_LDFLAGS = -version_info $(VERSION) -release $(VERSION)
+libhipcfgldap_la_SOURCES = $(SRC_HIPCFGLDAP)
+endif
+
+if WANT_SMA_CRAWLER_IFMAP_CFG
+# TODO
+endif
+
+INCLUDES = -I$(top_srcdir)/src/include @libxml2_CFLAGS@
+LDADD = @libxml2_LIBS@
+

src/util/cfg-files/hip_cfg_files.cpp

@@ -0,0 +1,210 @@
+#include <iostream>
+#include <openssl/engine.h>
+#include <hip/hip_cfg_files.h>
+
+hipCfgFiles *hipCfgFiles::_instance = NULL;
+
+extern "C" {
+int hipcfg_init(struct hip_conf *hc)
+{
+  //printf("cfg-local hipcfg_init called\n");
+  hipCfg *hs=hipCfgFiles::getInstance();
+  return hs->loadCfg(hc);
+}
+
+int hipcfg_close()
+{
+  //printf("cfg-local hipcfg_init called\n");
+  hipCfg *hs=hipCfgFiles::getInstance();
+  return hs->closeCfg();
+}
+
+int hipcfg_allowed_peers(const hip_hit hit1, const hip_hit hit2)
+{
+  //printf("cfg-local hit_peer_allowed\n");
+  hipCfg *hs=hipCfgFiles::getInstance();
+  return hs->hit_peer_allowed(hit1, hit2);
+}
+
+int hipcfg_peers_allowed(hip_hit *hits1, hip_hit *hits2, int max_cnt)
+{
+  //printf("cfg-local hit_peer_allowed\n");
+  hipCfg *hs=hipCfgFiles::getInstance();
+  return hs->peers_allowed(hits1, hits2, max_cnt);
+}
+
+int hipcfg_getEndboxByLegacyNode(const struct sockaddr *host, struct sockaddr *eb)
+{
+  int rc=0;
+  
+  hipCfg *hs=hipCfgFiles::getInstance();
+  rc = hs->legacyNodeToEndbox(host, eb);
+  return rc;
+}
+
+int hipcfg_getLlipByEndbox(const struct sockaddr *eb, struct sockaddr *llip)
+{
+  int rc=0;
+  //printf("entering hipcfg_getLlipByEndbox...\n");
+  hipCfg *hs=hipCfgFiles::getInstance();
+  rc = hs->endbox2Llip(eb, llip);
+  return rc;
+}
+
+int hipcfg_getLegacyNodesByEndbox(const struct sockaddr *eb,
+   struct sockaddr_storage *hosts, int size)
+{
+  int rc=0;
+  //printf("entering hipcfg_getLegacyNodesByEndbox...\n");
+  hipCfg *hs=hipCfgFiles::getInstance();
+  rc = hs->getLegacyNodesByEndbox(eb, hosts, size);
+  return rc;
+}
+
+int hipcfg_verifyCert(const char *url, const hip_hit hit)
+{
+  int rc = 0;
+  hipCfg *hs=hipCfgFiles::getInstance();
+  rc = hs->verifyCert(url, hit);
+  return rc;
+}
+
+
+int hipcfg_getLocalCertUrl(char *url, unsigned int size)
+{
+  int rc=0;
+  hipCfg *hs=hipCfgFiles::getInstance();
+  rc = hs->getLocalCertUrl(url, size);
+  return rc;
+}
+
+int hipcfg_postLocalCert(const char *hit)
+{
+  int rc = 0;
+  hipCfg *hs=hipCfgFiles::getInstance();
+  rc = hs->postLocalCert(hit);
+  return rc;
+}
+
+hi_node *hipcfg_getMyHostId()
+{
+  hipCfgFiles *hs=hipCfgFiles::getInstance();
+  return hs->getMyHostId();
+}
+
+int hipcfg_getPeerNodes(struct peer_node *peerNodes, int max_count)
+{
+  hipCfgFiles *hs=hipCfgFiles::getInstance();
+  return hs->getPeerNodes(peerNodes, max_count);
+}
+
+} /* extern "C" */
+
+hipCfgFiles::hipCfgFiles()
+{
+}
+
+hipCfgFiles *hipCfgFiles::getInstance()
+{
+  if(_instance==NULL){
+    _instance = new hipCfgFiles();
+  }
+  return _instance;
+}
+
+int hipCfgFiles::closeCfg()
+{
+    return 0;
+}
+
+int hipCfgFiles::loadCfg(struct hip_conf *hc)
+{
+    const char *fnName = "hipCfgFiles::loadCfg: ";
+    SSL_CTX *ctx = NULL;
+
+    if(hc==NULL){
+	cout<<"loadCfg: ERROR: HCNF not set"<<endl;
+	return -1;
+    }
+
+    _hcfg = hc;
+
+    if(_hcfg->use_smartcard){
+
+	if(init_ssl_context() != 0)
+	    return -1;
+
+	if(mkHIfromSc() !=0 )
+	    return -1;
+
+	char hit_s[128];
+	if(hit2hitstr(hit_s, _hostid->hit)!=0){
+	    cerr << fnName << "invalid hit in local host identify (_hostid)" << endl;
+	    return -1;
+	}
+
+	if(postLocalCert(hit_s)!=0)
+	    return -1;
+    } else {
+	//SSL context without smartcard engine.
+	SSL_library_init();
+	SSL_load_error_strings();
+	ctx = SSL_CTX_new(SSLv3_client_method());
+	if (ctx == NULL) {
+	    cerr << fnName << "Error creating SSL context" << endl;
+	    return -1;
+	}
+	_ssl = SSL_new(ctx);
+	if (_ssl == NULL) {
+	    cerr << fnName << "Error open SSL connect" << endl;
+	    return -1;
+	}
+    }
+
+    /* Don't need x509 store since not handling certs
+    _store = X509_STORE_new();
+    if(!_store){
+	cerr << fnName << "error calling X509_STORE_new" << endl;
+	return -1;
+    }
+
+    X509_STORE_set_verify_cb_func(_store, hipCfgFiles::callb);
+    X509_STORE_set_default_paths(_store);
+    */
+
+    if(!_hcfg->use_local_known_identities){
+	cerr << fnName << "Overriding <use_local_known_identities> setting in hip.conf" << endl;
+    }
+
+    if(getEndboxMapsFromLocalFile()<0)
+	return -1;
+
+    return 0;
+}
+
+int hipCfgFiles::postLocalCert(const char *hit)
+{
+    const char *fnName = "hipCfgFiles::postLocalCert: ";
+
+    if( _hcfg->peer_certificate_required ) {
+        cerr << fnName << "ERROR: <peer_certificate_required> is set to YES, "
+		       << "but OpenHIP only supports certificate URLs" << endl;
+	return -1;
+    }
+    return 0;
+}
+
+/* return the size of the certificate if succeed
+ *        or 0 if the cert attribute doesn't exist
+ *        or -1 if other error.
+ */
+int hipCfgFiles::verifyCert(const char *url, const hip_hit hit)
+{
+    const char *fnName = "hipCfgFiles::verifyCert: ";
+
+    if( _hcfg->peer_certificate_required ) {
+        cerr << fnName << "ERROR: <peer_certificate_required> is set to YES, "
+		       << "but OpenHIP only supports certificate URLs" << endl;
+    }
+    return 1; 
+}

src/util/cfg-ldap/Makefile

@@ -1,13 +0,0 @@
-INC=-I../../include -I/usr/include/libxml2
-# -I/local/pkgs/opensc-0.9.6/include 
-
-all: libhipcfg.so.0
-
-libhipcfg.so.0: ../cfg-common/hip_cfg.cpp hip_cfg_ldap.cpp
-	c++ ${INC} -c -MD -fPIC -g -Wall -Woverloaded-virtual -Wcast-qual ../cfg-common/hip_cfg.cpp hip_cfg_ldap.cpp
-	g++ -g  -shared -Wl,-soname,libhipcfg.so.0 -o libhipcfg.so.0 hip_cfg_ldap.o hip_cfg.o -lc -lxml2 -L/usr/local/lib -lldapcpp -lldap
-	ln -sf libhipcfg.so.0 libhipcfg.so
-
-clean:
-	rm -f libhipcfg.so libhipcfg.so.0 hip_cfg.d hip_cfg_ldap.d
-	rm -f *.o

src/util/cfg-ldap/utils/README

@@ -1,3 +1,11 @@
+Dependencies:
+libldap-2.x
+libldap2-dev
+libldapcpp
+libldapcpp-dev
+libsasl2-dev
+
+
 1. openldap-2.3.43.tar.gz - only contrib/ldapc++ is used for creating C++ libraries and header files.
    and they are used for compiling hip ldap configuration DDL
 2. install rpm packages for ldap server (tested on ebics):

src/util/hip_util.c

@@ -3057,7 +3057,7 @@ void hip_exit(int signal)
 	xmlCleanupParser();
 	deinit_crypto();
 #ifdef SMA_CRAWLER
-        system("/usr/local/etc/hip/bridge_down.sh");
+        err = system("/usr/local/etc/hip/bridge_down.sh");
 	//Allow config library to perform any shutdown ops
 	hipcfg_close();
 #endif

src/util/hip_xml.c

@@ -1028,6 +1028,14 @@ int read_conf_file(char *filename)
 				log_(WARN, "Warning: HCNF.smartcard_openssl_module malloc " "error!\n");
 			else
 				strcpy(HCNF.smartcard_openssl_module, data);
+#ifdef SMA_CRAWLER
+		/* Example: /usr/local/lib/libhipcfgldap.so */
+		} else if (strcmp((char*)node->name, "cfg_library")==0){
+			HCNF.cfg_library = malloc(strlen(data)+1);
+			if (!HCNF.cfg_library)
+				log_(WARN, "Warning: HCNF.cfg_library malloc " "error!\n");
+			else
+				strcpy(HCNF.cfg_library, data);
 		} else if (strcmp((char*)node->name, "cfg_serv_host")==0){
 			HCNF.cfg_serv_host = malloc(strlen(data)+1);
 			if (!HCNF.cfg_serv_host)
@@ -1054,6 +1062,7 @@ int read_conf_file(char *filename)
 				log_(WARN, "Warning: HCNF.cfg_serv_login_pwd malloc " "error!\n");
 			else
 				strcpy(HCNF.cfg_serv_login_pwd, data);
+#endif
                 } else if (strlen((char *)node->name)) {
                         log_(WARN, "Warning: unknown configuration option '%s' "
                                 "was ignored.\n", node->name);