From: Wilfried Göesgens Date: Tue, 16 Jan 2007 23:02:02 +0000 (+0000) Subject: * make the crypto functions use precalculated files instead of relative ones X-Git-Tag: v7.86~3667 X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=86b8c2044cdc25dff1711458185e514c350ddc69 * make the crypto functions use precalculated files instead of relative ones * removed old pid functionality * change our dir to our data directory --- diff --git a/citadel/citadel_dirs.c b/citadel/citadel_dirs.c index 1d72fd70d..f12e49bfc 100644 --- a/citadel/citadel_dirs.c +++ b/citadel/citadel_dirs.c @@ -46,6 +46,7 @@ char ctdl_netin_dir[PATH_MAX]="network/spoolin"; char ctdl_netcfg_dir[PATH_MAX]="netconfigs"; char ctdl_sbin_dir[PATH_MAX]; char ctdl_bin_dir[PATH_MAX]; +char ctdl_ssl_dir[PATH_MAX]; /* some of our files, that are needed in several places */ char file_citadel_control[PATH_MAX]=""; @@ -57,6 +58,9 @@ char file_arcq[PATH_MAX]=""; char file_citadel_socket[PATH_MAX]=""; char file_mail_aliases[PATH_MAX]=""; char file_pid_file[PATH_MAX]=""; +char file_crpt_file_key[PATH_MAX]=""; +char file_crpt_file_csr[PATH_MAX]=""; +char file_crpt_file_cer[PATH_MAX]=""; int home_specified = 0; @@ -115,6 +119,9 @@ void calc_dirs_n_files(int relh, int home, const char *relhome,const char *ctdl #endif COMPUTE_DIRECTORY(ctdl_run_dir); + basedir=SSL_DIR; + COMPUTE_DIRECTORY(ctdl_ssl_dir); + #ifndef HAVE_DATA_DIR basedir=ctdldir; #else @@ -179,6 +186,18 @@ void calc_dirs_n_files(int relh, int home, const char *relhome,const char *ctdl "%srefcount_adjustments.dat", ctdl_run_dir); + snprintf(file_crpt_file_key, + sizeof file_crpt_file_key, + "%scitadel.key", + ctdl_ssl_dir); + snprintf(file_crpt_file_csr, + sizeof file_crpt_file_csr, + "%scitadel.csr", + ctdl_ssl_dir); + snprintf(file_crpt_file_cer, + sizeof file_crpt_file_cer, + "%scitadel.cer", + ctdl_ssl_dir); /* * DIRTY HACK FOLLOWS! due to configs in the network dir in the * legacy installations, we need to calculate ifdeffed here. diff --git a/citadel/citadel_dirs.h b/citadel/citadel_dirs.h index 2d12c6f97..960a1e8c8 100644 --- a/citadel/citadel_dirs.h +++ b/citadel/citadel_dirs.h @@ -28,6 +28,7 @@ extern char ctdl_netcfg_dir[PATH_MAX]; extern char ctdl_bbsbase_dir[PATH_MAX]; extern char ctdl_sbin_dir[PATH_MAX]; extern char ctdl_bin_dir[PATH_MAX]; +extern char ctdl_ssl_dir[PATH_MAX]; /* some of the frequently used files */ @@ -40,6 +41,9 @@ extern char file_arcq[PATH_MAX]; extern char file_citadel_socket[PATH_MAX]; extern char file_mail_aliases[PATH_MAX]; extern char file_pid_file[PATH_MAX]; +extern char file_crpt_file_key[PATH_MAX]; +extern char file_crpt_file_csr[PATH_MAX]; +extern char file_crpt_file_cer[PATH_MAX]; extern void calc_dirs_n_files(int relh, int home, const char *relhome,const char *ctdldir); diff --git a/citadel/citserver.c b/citadel/citserver.c index df8599791..4a3dc8194 100644 --- a/citadel/citserver.c +++ b/citadel/citserver.c @@ -65,7 +65,6 @@ char *unique_session_numbers; int ScheduledShutdown = 0; int do_defrag = 0; time_t server_startup_time; -char pid_file_name[PATH_MAX]; /* * Various things that need to be initialized at startup @@ -75,19 +74,10 @@ void master_startup(void) { unsigned int seed; FILE *urandom; struct ctdlroom qrbuf; - FILE *pidfile_fp; lprintf(CTDL_DEBUG, "master_startup() started\n"); time(&server_startup_time); - /* pid file. If we go FSSTND this should end up in 'localstatedir' */ - snprintf(pid_file_name, sizeof pid_file_name, "./citadel.pid"); - pidfile_fp = fopen(pid_file_name, "w"); - if (pidfile_fp != NULL) { - fprintf(pidfile_fp, "%d\n", (int)getpid()); - fclose(pidfile_fp); - } - lprintf(CTDL_INFO, "Opening databases\n"); open_databases(); @@ -180,7 +170,6 @@ void master_cleanup(int exitcode) { lprintf(CTDL_NOTICE, "citserver: Exiting with status %d\n", exitcode); fflush(stdout); fflush(stderr); - unlink(pid_file_name); exit(exitcode); } diff --git a/citadel/config.c b/citadel/config.c index 22073dd7b..412f1a717 100644 --- a/citadel/config.c +++ b/citadel/config.c @@ -30,12 +30,12 @@ void get_config(void) { FILE *cfp; struct stat st; - if (chdir(home_specified ? ctdl_home_directory : CTDLDIR) != 0) { + if (chdir(ctdl_bbsbase_dir) != 0) { fprintf(stderr, "This program could not be started.\n" "Unable to change directory to %s\n" "Error: %s\n", - (home_specified ? ctdl_home_directory : CTDLDIR), + ctdl_bbsbase_dir, strerror(errno)); exit(CTDLEXIT_HOME); } diff --git a/citadel/configure.ac b/citadel/configure.ac index c9ebd67cc..fa8e70a8a 100644 --- a/citadel/configure.ac +++ b/citadel/configure.ac @@ -7,8 +7,10 @@ AC_CONFIG_SRCDIR([citserver.c]) AC_PREFIX_DEFAULT(/usr/local/citadel) if test "$prefix" = NONE; then AC_DEFINE_UNQUOTED(CTDLDIR, "$ac_default_prefix") + ssl_dir="$ac_default_prefix/keys" else AC_DEFINE_UNQUOTED(CTDLDIR, "$prefix") + ssl_dir="$prefix/keys" fi @@ -28,6 +30,22 @@ AC_ARG_WITH(datadir, ] ) + +dnl Checks for the SSLdir +dnl this is a bit different than the rest, +dnl because of the citadel used to have a keys/ subdir. +AC_ARG_WITH(ssldir, + [ --with-ssldir directory to store the ssl certificates under], + [ if test "x$withval" != "xno" ; then + + ssl_dir="$withval" + fi + AC_SUBST(MAKE_SSL_DIR) + ] +) +AC_DEFINE_UNQUOTED(SSL_DIR, "$ssl_dir", [were should we put our keys?]) + + dnl Checks for the spooldir AC_ARG_WITH(spooldir, [ --with-spooldir directory to keep queues under], diff --git a/citadel/debian/citadel.init b/citadel/debian/citadel.init index 08f183a3e..d821f1f4a 100644 --- a/citadel/debian/citadel.init +++ b/citadel/debian/citadel.init @@ -16,8 +16,8 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="Citadel Groupware " NAME=citserver DAEMON=/usr/sbin/$NAME -DAEMON_ARGS=" -d -x3 -lmail -t/dev/null" PIDFILE=$RUNDIR/$NAME.pid +DAEMON_ARGS=" -D${PIDFILE} -x3 -lmail -t/dev/null" SCRIPTNAME=/etc/init.d/citadel SENDCOMMAND=/usr/sbin/sendcommand diff --git a/citadel/debian/rules b/citadel/debian/rules index a6cacca13..c27e07336 100755 --- a/citadel/debian/rules +++ b/citadel/debian/rules @@ -21,11 +21,13 @@ configure-stamp: dh_testdir CFLAGS="$(CFLAGS)" ./configure \ + --with-prefix=/var/lib/citadel \ --with-datadir=/var/lib/citadel \ --with-spooldir=/var/spool/citadel \ --with-sysconfdir=/etc/citadel \ --with-rundir=/var/run/citadel \ --with-docdir=/usr/share/doc/citadel-doc/ \ + --with-ssldir=/etc/ssl/citadel/ \ --with-pam \ --with-db \ --with-zlib \ diff --git a/citadel/serv_crypto.c b/citadel/serv_crypto.c index 8b9c423f3..38e828bb9 100644 --- a/citadel/serv_crypto.c +++ b/citadel/serv_crypto.c @@ -147,12 +147,12 @@ void init_ssl(void) /* Get our certificates in order. * First, create the key/cert directory if it's not there already... */ - mkdir(CTDL_CRYPTO_DIR, 0700); + mkdir(ctdl_ssl_dir, 0700); /* * Generate a key pair if we don't have one. */ - if (access(CTDL_KEY_PATH, R_OK) != 0) { + if (access(file_crpt_file_key, R_OK) != 0) { lprintf(CTDL_INFO, "Generating RSA key pair.\n"); rsa = RSA_generate_key(1024, /* modulus size */ 65537, /* exponent */ @@ -163,9 +163,9 @@ void init_ssl(void) ERR_reason_error_string(ERR_get_error())); } if (rsa != NULL) { - fp = fopen(CTDL_KEY_PATH, "w"); + fp = fopen(file_crpt_file_key, "w"); if (fp != NULL) { - chmod(CTDL_KEY_PATH, 0600); + chmod(file_crpt_file_key, 0600); if (PEM_write_RSAPrivateKey(fp, /* the file */ rsa, /* the key */ NULL, /* no enc */ @@ -176,7 +176,7 @@ void init_ssl(void) ) != 1) { lprintf(CTDL_CRIT, "Cannot write key: %s\n", ERR_reason_error_string(ERR_get_error())); - unlink(CTDL_KEY_PATH); + unlink(file_crpt_file_key); } fclose(fp); } @@ -187,7 +187,7 @@ void init_ssl(void) /* * Generate a CSR if we don't have one. */ - if (access(CTDL_CSR_PATH, R_OK) != 0) { + if (access(file_crpt_file_csr, R_OK) != 0) { lprintf(CTDL_INFO, "Generating a certificate signing request.\n"); /* @@ -196,7 +196,7 @@ void init_ssl(void) * there is the possibility that the key was already on disk * and we didn't just generate it now. */ - fp = fopen(CTDL_KEY_PATH, "r"); + fp = fopen(file_crpt_file_csr, "r"); if (fp) { rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); fclose(fp); @@ -249,9 +249,9 @@ void init_ssl(void) } else { /* Write it to disk. */ - fp = fopen(CTDL_CSR_PATH, "w"); + fp = fopen(file_crpt_file_csr, "w"); if (fp != NULL) { - chmod(CTDL_CSR_PATH, 0600); + chmod(file_crpt_file_csr, 0600); PEM_write_X509_REQ(fp, req); fclose(fp); } @@ -274,13 +274,13 @@ void init_ssl(void) /* * Generate a self-signed certificate if we don't have one. */ - if (access(CTDL_CER_PATH, R_OK) != 0) { + if (access(file_crpt_file_cer, R_OK) != 0) { lprintf(CTDL_INFO, "Generating a self-signed certificate.\n"); /* Same deal as before: always read the key from disk because * it may or may not have just been generated. */ - fp = fopen(CTDL_KEY_PATH, "r"); + fp = fopen(file_crpt_file_cer, "r"); if (fp) { rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); fclose(fp); @@ -295,7 +295,7 @@ void init_ssl(void) EVP_PKEY_assign_RSA(pk, rsa); } - fp = fopen(CTDL_CSR_PATH, "r"); + fp = fopen(file_crpt_file_cer, "r"); if (fp) { req = PEM_read_X509_REQ(fp, NULL, NULL, NULL); fclose(fp); @@ -319,9 +319,9 @@ void init_ssl(void) } else { /* Write it to disk. */ - fp = fopen(CTDL_CER_PATH, "w"); + fp = fopen(file_crpt_file_cer, "w"); if (fp != NULL) { - chmod(CTDL_CER_PATH, 0600); + chmod(file_crpt_file_cer, 0600); PEM_write_X509(fp, cer); fclose(fp); } @@ -338,8 +338,8 @@ void init_ssl(void) /* * Now try to bind to the key and certificate. */ - SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH); - SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM); + SSL_CTX_use_certificate_chain_file(ssl_ctx, file_crpt_file_cer); + SSL_CTX_use_PrivateKey_file(ssl_ctx, file_crpt_file_key, SSL_FILETYPE_PEM); if ( !SSL_CTX_check_private_key(ssl_ctx) ) { lprintf(CTDL_CRIT, "Cannot install certificate: %s\n", ERR_reason_error_string(ERR_get_error())); diff --git a/citadel/sysconfig.h b/citadel/sysconfig.h index 2db5f367c..1189c3709 100644 --- a/citadel/sysconfig.h +++ b/citadel/sysconfig.h @@ -129,11 +129,12 @@ /* * Pathnames for cryptographic goodness */ +/* #define CTDL_CRYPTO_DIR "./keys" #define CTDL_KEY_PATH CTDL_CRYPTO_DIR "/citadel.key" #define CTDL_CSR_PATH CTDL_CRYPTO_DIR "/citadel.csr" #define CTDL_CER_PATH CTDL_CRYPTO_DIR "/citadel.cer" - +*/ #define THREADSTACKSIZE 1048576 /*