Changes in / [1353:23db8abdccda:1359:09f94b1bedc3] in freeDiameter

Files:

• doc/acl_wl.conf.sample (modified) (1 diff)
• extensions/acl_wl/acl_wl.c (modified) (5 diffs)
• extensions/acl_wl/acl_wl.h (modified) (1 diff)
• extensions/acl_wl/aw_conf.l (modified) (1 diff)
• extensions/acl_wl/aw_conf.y (modified) (5 diffs)
• extensions/acl_wl/aw_tree.c (modified) (1 diff)
• extensions/dict_json/CMakeLists.txt (modified) (3 diffs)
• extensions/dict_json/dict_json_dict_schema.cc (deleted)
• extensions/dict_json/json-schema-to-c.cc (added)
• libfdcore/cnxctx.c (modified) (1 diff)
• tests/tests.h (modified) (2 diffs)

doc/acl_wl.conf.sample

@@ -4 +4 @@
 # maintaining this connection ourselves (as it would be the case by declaring the 
 # peer in a ConnectPeer directive).
+#
+# This extension supports configuration reload at runtime. Send
+# signal SIGUSR1 to the process to cause the process to reload its
+# config.
+#
 # The format of this file is very simple. It contains a list of peer names
 # separated by spaces or newlines. 

extensions/acl_wl/acl_wl.c

@@ -38 +38 @@
  */
 
+#include <pthread.h>
+#include <signal.h>
+
 #include "acl_wl.h"
+
+static pthread_rwlock_t acl_wl_lock;
+
+#define MODULE_NAME "acl_wl"
+
+static char *acl_wl_config_file;
 
 /* The validator function */
@@ -54 +63 @@
         /* Default to unknown result */
         *auth = 0;
-        
+
+        if (pthread_rwlock_rdlock(&acl_wl_lock) != 0) {
+                fd_log_notice("%s: read-lock failed, skipping handler", MODULE_NAME);
+                return 0;
+        }
+
         /* Now search the peer in our tree */
         CHECK_FCT( aw_tree_lookup(info->pi_diamid, &res) );
+
+        if (pthread_rwlock_unlock(&acl_wl_lock) != 0) {
+                fd_log_notice("%s: read-unlock failed after aw_tree_lookup, exiting", MODULE_NAME);
+                exit(1);
+        }
+
         if (res < 0) {
                 /* The peer is not whitelisted */
@@ -88 +108 @@
 }
 
+static volatile int in_signal_handler = 0;
+
+/* signal handler */
+static void sig_hdlr(void)
+{
+        struct fd_list old_tree;
+
+        if (in_signal_handler) {
+                fd_log_error("%s: already handling a signal, ignoring new one", MODULE_NAME);
+                return;
+        }
+        in_signal_handler = 1;
+
+        if (pthread_rwlock_wrlock(&acl_wl_lock) != 0) {
+                fd_log_error("%s: locking failed, aborting config reload", MODULE_NAME);
+                return;
+        }
+
+        /* save old config in case reload goes wrong */
+        old_tree = tree_root;
+        fd_list_init(&tree_root, NULL);
+
+        if (aw_conf_handle(acl_wl_config_file) != 0) {
+                fd_log_error("%s: error reloading configuration, restoring previous configuration", MODULE_NAME);
+                aw_tree_destroy();
+                tree_root = old_tree;
+        } else {
+                struct fd_list new_tree;
+                new_tree = tree_root;
+                tree_root = old_tree;
+                aw_tree_destroy();
+                tree_root = new_tree;
+        }
+
+        if (pthread_rwlock_unlock(&acl_wl_lock) != 0) {
+                fd_log_error("%s: unlocking failed after config reload, exiting", MODULE_NAME);
+                exit(1);
+        }
+
+        fd_log_notice("%s: reloaded configuration", MODULE_NAME);
+
+        in_signal_handler = 0;
+}
+
+
 /* entry point */
 static int aw_entry(char * conffile)
@@ -93 +158 @@
         TRACE_ENTRY("%p", conffile);
         CHECK_PARAMS(conffile);
-        
+
+        acl_wl_config_file = conffile;
+
+        pthread_rwlock_init(&acl_wl_lock, NULL);
+
+        if (pthread_rwlock_wrlock(&acl_wl_lock) != 0) {
+                fd_log_notice("%s: write-lock failed, aborting", MODULE_NAME);
+                return EDEADLK;
+        }
+
         /* Parse configuration file */
         CHECK_FCT( aw_conf_handle(conffile) );
-        
+
         TRACE_DEBUG(INFO, "Extension ACL_wl initialized with configuration: '%s'", conffile);
         if (TRACE_BOOL(ANNOYING)) {
                 aw_tree_dump();
         }
-        
+
+        if (pthread_rwlock_unlock(&acl_wl_lock) != 0) {
+                fd_log_notice("%s: write-unlock failed, aborting", MODULE_NAME);
+                return EDEADLK;
+        }
+
+        /* Register reload callback */
+        CHECK_FCT(fd_event_trig_regcb(SIGUSR1, MODULE_NAME, sig_hdlr));
+
         /* Register the validator function */
         CHECK_FCT( fd_peer_validate_register ( aw_validate ) );
@@ -115 +197 @@
 }
 
-EXTENSION_ENTRY("acl_wl", aw_entry);
+EXTENSION_ENTRY(MODULE_NAME, aw_entry);

extensions/acl_wl/acl_wl.h

@@ -44 +44 @@
 #include <freeDiameter/extension.h>
 
+extern struct fd_list tree_root;
+
 /* Parse the configuration file */
 int aw_conf_handle(char * conffile);

extensions/acl_wl/aw_conf.l

@@ -36 +36 @@
 /* Lex extension's configuration parser.
  *
- * The configuration file contains a default priority, and a list of peers with optional overwite priority.
+ * The configuration file contains a default priority, and a list of peers with optional overwrite priority.
  * -- see the app_test.conf.sample file for more detail.
  */

extensions/acl_wl/aw_conf.y

@@ -58 +58 @@
 /* Forward declaration */
 int yyparse(char * conffile);
+void aw_confrestart(FILE *input_file);
 
 static int fqdn_added = 0;
@@ -75 +76 @@
                 ret = errno;
                 fd_log_debug("Unable to open extension configuration file %s for reading: %s", conffile, strerror(ret));
-                TRACE_DEBUG (INFO, "Error occurred, message logged -- configuration file.");
+                TRACE_DEBUG (INFO, "acl_wl: Error occurred, message logged -- configuration file.");
                 return ret;
         }
 
+        aw_confrestart(aw_confin);
         ret = yyparse(conffile);
 
@@ -84 +86 @@
 
         if (ret != 0) {
-                TRACE_DEBUG (INFO, "Unable to parse the configuration file.");
+                TRACE_DEBUG (INFO, "acl_wl: Unable to parse the configuration file.");
                 return EINVAL;
         } else {
-                TRACE_DEBUG(FULL, "Read %d FQDN entries successfully.", fqdn_added);
+                TRACE_DEBUG(FULL, "acl_wl: Read %d FQDN entries successfully.", fqdn_added);
         }
         
@@ -99 +101 @@
 void yyerror (YYLTYPE *ploc, char * conffile, char const *s)
 {
-        TRACE_DEBUG(INFO, "Error in configuration parsing");
+        TRACE_DEBUG(INFO, "acl_wl: Error in configuration parsing");
         
         if (ploc->first_line != ploc->last_line)
@@ -131 +133 @@
                         {
                                 fqdn_added++;
-                                TRACE_DEBUG(FULL, "Added FQDN: %s", $2);
+                                TRACE_DEBUG(FULL, "acl_wl: Added FQDN: %s", $2);
                         }
                         | conffile LEX_ERROR
                         {
-                                yyerror(&yylloc, conffile, "An error occurred while parsing the configuration file");
+                                yyerror(&yylloc, conffile, "acl_wl: An error occurred while parsing the configuration file");
                                 return EINVAL;
                         }

extensions/acl_wl/aw_tree.c

@@ -70 +70 @@
 
 /* The root of the tree */
-static struct fd_list tree_root = FD_LIST_INITIALIZER(tree_root);
-
-/* Note: we don't need to lock, since we add only when parsing the conf, and then read only */
+struct fd_list tree_root = FD_LIST_INITIALIZER(tree_root);
+
+/* Note: we lock accesses to the tree with acl_wl_lock because of config reload */
 
 

extensions/dict_json/CMakeLists.txt

@@ -7 +7 @@
 PKG_CHECK_MODULES(JSONCPP REQUIRED jsoncpp)
 PKG_CHECK_MODULES(JSON_SCHEMA REQUIRED json-schema)
+PKG_CHECK_MODULES(PCRECPP REQUIRED libpcrecpp)
 
 # List of source files
 SET(DICT_JSON_SRC
         dict_json.cc
-        dict_json_dict_schema.cc
+        ${CMAKE_CURRENT_BINARY_DIR}/dict_json_dict_schema.cc
 )
 
@@ -29 +30 @@
 TARGET_LINK_LIBRARIES(dict-json-diff ${JSONCPP_LIBRARIES} ${JSON_SCHEMA_STATIC_LIBRARIES})
 
+ADD_EXECUTABLE(json-schema-to-c json-schema-to-c.cc)
+TARGET_LINK_LIBRARIES(json-schema-to-c ${JSONCPP_LIBRARIES} ${JSON_SCHEMA_STATIC_LIBRARIES} ${PCRECPP_LIBRARIES})
+
+ADD_CUSTOM_COMMAND(
+        OUTPUT dict_json_dict_schema.cc
+        COMMAND json-schema-to-c ${CMAKE_CURRENT_SOURCE_DIR}/dict_json_dict_schema.json ${CMAKE_CURRENT_BINARY_DIR}/dict_json_dict_schema.cc
+        DEPENDS dict_json_dict_schema.json
+)
 
 ####
@@ -39 +48 @@
         RUNTIME DESTINATION ${INSTALL_DAEMON_SUFFIX}
         COMPONENT freeDiameter-dictionary-json)
-
-# dict_json_dict_schema.cc is created from dict_json_dict_schema.json
-# the tool for that is not yet open source, but the conversion is straightforward

libfdcore/cnxctx.c

@@ -1546 +1546 @@
                 tmp = gnutls_certificate_type_get_name (gnutls_certificate_type_get (session));
                 LOG_D("\t - Certificate Type: %s", tmp);
-
-                /* print the compression algorithm (if any)
-                */
-                tmp = gnutls_compression_get_name (gnutls_compression_get (session));
-                LOG_D("\t - Compression: %s", tmp);
 
                 /* print the name of the cipher used.

tests/tests.h

@@ -132 +132 @@
         
 
+#ifndef GNUTLS_VERSION_210
 GCRY_THREAD_OPTION_PTHREAD_IMPL;
+#endif /* GNUTLS_VERSION_210 */
 
 /* gnutls debug. */
@@ -214 +216 @@
         
         /* Initialize gcrypt and gnutls */
+#ifndef GNUTLS_VERSION_210
         (void) gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
         (void) gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+#endif /* GNUTLS_VERSION_210 */
         CHECK( 0, gnutls_global_init());
         /* Set gnutls debug level ? */