#include <string.h>
#include <net/if.h>
#include <sys/socket.h>
-#include <map>
#include <string>
#include <utility>
+#include <unordered_map>
#include <vector>
+#include "tlse.h"
+
#include "acceptor.h"
#include "config.h"
#include "log.h"
struct ConfigLine {
string keyword;
vector<string> arguments;
- map<string, string> parameters;
+ unordered_map<string, string> parameters;
};
namespace {
bool read_config(const string &filename, vector<ConfigLine> *lines)
{
FILE *fp = fopen(filename.c_str(), "r");
- if (fp == NULL) {
+ if (fp == nullptr) {
log_perror(filename.c_str());
return false;
}
char buf[4096];
while (!feof(fp)) {
- if (fgets(buf, sizeof(buf), fp) == NULL) {
+ if (fgets(buf, sizeof(buf), fp) == nullptr) {
break;
}
bool fetch_config_string(const vector<ConfigLine> &config, const string &keyword, string *value)
{
- for (unsigned i = 0; i < config.size(); ++i) {
- if (config[i].keyword != keyword) {
+ for (const ConfigLine &line : config) {
+ if (line.keyword != keyword) {
continue;
}
- if (config[i].parameters.size() > 0 ||
- config[i].arguments.size() != 1) {
+ if (line.parameters.size() > 0 ||
+ line.arguments.size() != 1) {
log(ERROR, "'%s' takes one argument and no parameters", keyword.c_str());
return false;
}
- *value = config[i].arguments[0];
+ *value = line.arguments[0];
return true;
}
return false;
bool fetch_config_int(const vector<ConfigLine> &config, const string &keyword, int *value)
{
- for (unsigned i = 0; i < config.size(); ++i) {
- if (config[i].keyword != keyword) {
+ for (const ConfigLine &line : config) {
+ if (line.keyword != keyword) {
continue;
}
- if (config[i].parameters.size() > 0 ||
- config[i].arguments.size() != 1) {
+ if (line.parameters.size() > 0 ||
+ line.arguments.size() != 1) {
log(ERROR, "'%s' takes one argument and no parameters", keyword.c_str());
return false;
}
- *value = atoi(config[i].arguments[0].c_str()); // TODO: verify int validity.
+ *value = atoi(line.arguments[0].c_str()); // TODO: verify int validity.
return true;
}
return false;
}
+bool load_file_to_string(const string &filename, size_t max_size, string *contents)
+{
+ contents->clear();
+
+ FILE *fp = fopen(filename.c_str(), "r");
+ if (fp == nullptr) {
+ log_perror(filename.c_str());
+ return false;
+ }
+
+ char buf[4096];
+ while (!feof(fp)) {
+ size_t ret = fread(buf, 1, sizeof(buf), fp);
+ if (ret > 0) {
+ contents->append(buf, buf + ret);
+ } else {
+ if (ferror(fp)) {
+ log_perror(filename.c_str());
+ fclose(fp);
+ return false;
+ }
+ assert(feof(fp));
+ break;
+ }
+
+ if (contents->size() > max_size) {
+ log(ERROR, "%s was longer than the maximum allowed %zu bytes", filename.c_str(), max_size);
+ fclose(fp);
+ return false;
+ }
+ }
+ fclose(fp);
+ return true;
+}
+
+bool parse_tls_parameters(const unordered_map<string, string> ¶meters, AcceptorConfig *acceptor)
+{
+ bool has_cert = false, has_key = false;
+
+ auto tls_cert_it = parameters.find("tls_cert");
+ if (tls_cert_it != parameters.end()) {
+ if (!load_file_to_string(tls_cert_it->second, 1048576, &acceptor->certificate_chain)) {
+ return false;
+ }
+
+ // Verify that the certificate is valid.
+ bool is_server = true;
+ TLSContext *server_context = tls_create_context(is_server, TLS_V12);
+ int num_cert = tls_load_certificates(
+ server_context,
+ reinterpret_cast<const unsigned char *>(acceptor->certificate_chain.data()),
+ acceptor->certificate_chain.size());
+ if (num_cert < 0) {
+ log_tls_error(tls_cert_it->second.c_str(), num_cert);
+ tls_destroy_context(server_context);
+ return false;
+ } else if (num_cert == 0) {
+ log(ERROR, "%s did not contain any certificates", tls_cert_it->second.c_str());
+ return false;
+ }
+ tls_destroy_context(server_context);
+ has_cert = true;
+ }
+
+ auto tls_key_it = parameters.find("tls_key");
+ if (tls_key_it != parameters.end()) {
+ if (!load_file_to_string(tls_key_it->second, 1048576, &acceptor->private_key)) {
+ return false;
+ }
+
+ // Verify that the key is valid.
+ bool is_server = true;
+ TLSContext *server_context = tls_create_context(is_server, TLS_V12);
+ int num_keys = tls_load_private_key(
+ server_context,
+ reinterpret_cast<const unsigned char *>(acceptor->private_key.data()),
+ acceptor->private_key.size());
+ if (num_keys < 0) {
+ log_tls_error(tls_key_it->second.c_str(), num_keys);
+ tls_destroy_context(server_context);
+ return false;
+ } else if (num_keys == 0) {
+ log(ERROR, "%s did not contain any private keys", tls_key_it->second.c_str());
+ return false;
+ }
+ tls_destroy_context(server_context);
+ has_key = true;
+ }
+
+ if (has_cert != has_key) {
+ log(ERROR, "Only one of tls_cert= and tls_key= was given, needs zero or both");
+ return false;
+ }
+
+ return true;
+}
+
+
bool parse_port(const ConfigLine &line, Config *config)
{
if (line.arguments.size() != 1) {
AcceptorConfig acceptor;
acceptor.addr = create_any_address(port);
+ if (!parse_tls_parameters(line.parameters, &acceptor)) {
+ return false;
+ }
config->acceptors.push_back(acceptor);
return true;
}
if (!parse_hostport(line.arguments[0], &acceptor.addr)) {
return false;
}
+ if (!parse_tls_parameters(line.parameters, &acceptor)) {
+ return false;
+ }
config->acceptors.push_back(acceptor);
return true;
}
StreamConfig stream;
stream.url = line.arguments[0];
- map<string, string>::const_iterator src_it = line.parameters.find("src");
+ const auto src_it = line.parameters.find("src");
if (src_it == line.parameters.end()) {
log(WARNING, "stream '%s' has no src= attribute, clients will not get any data.",
stream.url.c_str());
// TODO: Verify that the URL is parseable?
}
- map<string, string>::const_iterator backlog_it = line.parameters.find("backlog_size");
+ const auto backlog_it = line.parameters.find("backlog_size");
if (backlog_it == line.parameters.end()) {
stream.backlog_size = DEFAULT_BACKLOG_SIZE;
} else {
stream.backlog_size = atoi(backlog_it->second.c_str());
}
- map<string, string>::const_iterator prebuffer_it = line.parameters.find("force_prebuffer");
+ const auto prebuffer_it = line.parameters.find("force_prebuffer");
if (prebuffer_it == line.parameters.end()) {
stream.prebuffering_bytes = 0;
} else {
}
// Parse output encoding.
- map<string, string>::const_iterator encoding_parm_it = line.parameters.find("encoding");
+ const auto encoding_parm_it = line.parameters.find("encoding");
if (encoding_parm_it == line.parameters.end() ||
encoding_parm_it->second == "raw") {
stream.encoding = StreamConfig::STREAM_ENCODING_RAW;
}
// Parse input encoding.
- map<string, string>::const_iterator src_encoding_parm_it = line.parameters.find("src_encoding");
+ const auto src_encoding_parm_it = line.parameters.find("src_encoding");
if (src_encoding_parm_it == line.parameters.end() ||
src_encoding_parm_it->second == "metacube") {
stream.src_encoding = StreamConfig::STREAM_ENCODING_METACUBE;
}
// Parse the pacing rate, converting from kilobits to bytes as needed.
- map<string, string>::const_iterator pacing_rate_it = line.parameters.find("pacing_rate_kbit");
+ const auto pacing_rate_it = line.parameters.find("pacing_rate_kbit");
if (pacing_rate_it == line.parameters.end()) {
stream.pacing_rate = ~0U;
} else {
stream.pacing_rate = atoi(pacing_rate_it->second.c_str()) * 1024 / 8;
}
+ // Parse the HLS URL, if any.
+ const auto hls_url_it = line.parameters.find("hls_playlist");
+ if (hls_url_it != line.parameters.end()) {
+ stream.hls_url = hls_url_it->second;
+ if (stream.hls_url.empty()) {
+ log(ERROR, "Parameter 'hls_playlist' was given but empty");
+ return false;
+ }
+ if (stream.encoding == StreamConfig::STREAM_ENCODING_METACUBE) {
+ log(ERROR, "HLS cannot be used with Metacube output");
+ return false;
+ }
+ }
+
+ // Parse the HLS fragment duration, if any.
+ const auto hls_frag_duration_it = line.parameters.find("hls_frag_duration");
+ if (hls_frag_duration_it != line.parameters.end()) {
+ if (stream.hls_url.empty()) {
+ log(ERROR, "Parameter 'hls_frag_duration' given, but no 'hls_playlist' given");
+ return false;
+ }
+ stream.hls_frag_duration = stoi(hls_frag_duration_it->second);
+ if (stream.hls_frag_duration <= 0) {
+ log(ERROR, "'hls_frag_duration' must be a strictly positive integer");
+ return false;
+ }
+ }
+
+ // Parse the HLS backlog margin, if any.
+ const auto hls_backlog_margin_it = line.parameters.find("hls_backlog_margin");
+ if (hls_backlog_margin_it != line.parameters.end()) {
+ if (stream.hls_url.empty()) {
+ log(ERROR, "Parameter 'hls_backlog_margin' given, but no 'hls_playlist' given");
+ return false;
+ }
+ stream.hls_backlog_margin = stoi(hls_backlog_margin_it->second);
+ if (stream.hls_backlog_margin < 0 || stream.hls_backlog_margin >= stream.backlog_size) {
+ log(ERROR, "'hls_backlog_margin' must be nonnegative, but less than the backlog size");
+ return false;
+ }
+ }
+
+ // Parse the CORS origin, if it exists.
+ const auto allow_origin_it = line.parameters.find("allow_origin");
+ if (allow_origin_it != line.parameters.end()) {
+ stream.allow_origin = allow_origin_it->second;
+ }
+
config->streams.push_back(stream);
return true;
}
return false;
}
- map<string, string>::const_iterator src_it = line.parameters.find("src");
+ const auto src_it = line.parameters.find("src");
if (src_it == line.parameters.end()) {
// This is pretty meaningless, but OK, consistency is good.
log(WARNING, "udpstream to %s has no src= attribute, clients will not get any data.",
}
// Parse the pacing rate, converting from kilobits to bytes as needed.
- map<string, string>::const_iterator pacing_rate_it = line.parameters.find("pacing_rate_kbit");
+ const auto pacing_rate_it = line.parameters.find("pacing_rate_kbit");
if (pacing_rate_it == line.parameters.end()) {
udpstream.pacing_rate = ~0U;
} else {
}
// Parse the TTL. The same value is used for unicast and multicast.
- map<string, string>::const_iterator ttl_it = line.parameters.find("ttl");
+ const auto ttl_it = line.parameters.find("ttl");
if (ttl_it == line.parameters.end()) {
udpstream.ttl = -1;
} else {
}
// Parse the multicast interface index.
- map<string, string>::const_iterator multicast_iface_it = line.parameters.find("multicast_output_interface");
+ const auto multicast_iface_it = line.parameters.find("multicast_output_interface");
if (multicast_iface_it == line.parameters.end()) {
udpstream.multicast_iface_index = -1;
} else {
gen204.url = line.arguments[0];
// Parse the CORS origin, if it exists.
- map<string, string>::const_iterator allow_origin_it = line.parameters.find("allow_origin");
+ const auto allow_origin_it = line.parameters.find("allow_origin");
if (allow_origin_it != line.parameters.end()) {
gen204.allow_origin = allow_origin_it->second;
}
}
LogConfig log_config;
- map<string, string>::const_iterator type_it = line.parameters.find("type");
+ const auto type_it = line.parameters.find("type");
if (type_it == line.parameters.end()) {
log(ERROR, "'error_log' has no type= parameter");
return false;
}
if (log_config.type == LogConfig::LOG_TYPE_FILE) {
- map<string, string>::const_iterator filename_it = line.parameters.find("filename");
+ const auto filename_it = line.parameters.find("filename");
if (filename_it == line.parameters.end()) {
log(ERROR, "error_log type 'file' with no filename= parameter");
return false;
fetch_config_string(lines, "access_log", &config->access_log_file);
- for (size_t i = 0; i < lines.size(); ++i) {
- const ConfigLine &line = lines[i];
+ for (const ConfigLine &line : lines) {
if (line.keyword == "num_servers" ||
line.keyword == "stats_file" ||
line.keyword == "stats_interval" ||
projects / cubemap / blobdiff