diff --git a/conf/table_info.conf b/conf/table_info.conf index ebaf30c..2b202ff 100644 --- a/conf/table_info.conf +++ b/conf/table_info.conf @@ -17,4 +17,4 @@ #id name type src_charset dst_charset do_merge cross_cache quick_mode 1 COMPILE compile 2 GROUP group -3 PXY_OBJ_KEYRING plugin {"key":1,"valid":11,"foreign":"11,12"} +3 PXY_PROFILE_KEYRING plugin {"key":1,"valid":11,"foreign":"11,12"} diff --git a/src/cert_conf.h b/src/cert_conf.h index 8fbe8a9..ba88a04 100644 --- a/src/cert_conf.h +++ b/src/cert_conf.h @@ -36,6 +36,7 @@ struct request_t{ struct pxy_obj_keyring{ int keyring_id; + int ref_cnt; char keyring_type[CT_ARRARY_LEN]; uint64_t expire_after; char public_algo[CT_STRING_MAX]; diff --git a/src/cert_session.c b/src/cert_session.c index 88b1fe7..be75207 100644 --- a/src/cert_session.c +++ b/src/cert_session.c @@ -820,6 +820,25 @@ redis_reget_callback(redisAsyncContext __attribute__((__unused__))*cl_ctx, return; } +void keyring_table_free_cb(int __attribute__((__unused__))table_id, MAAT_PLUGIN_EX_DATA* ad, +long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp) +{ + struct pxy_obj_keyring* pxy_obj=(struct pxy_obj_keyring*)(*ad); + pxy_obj->ref_cnt--; + if (pxy_obj->ref_cnt == 0) + { + X509_free(pxy_obj->root); + EVP_PKEY_free(pxy_obj->key); + kfree(&pxy_obj); + *ad=NULL; + } +} + +void keyring_table_free(struct pxy_obj_keyring* pxy_obj) +{ + keyring_table_free_cb(0, (void **)&pxy_obj, 0, NULL); +} + int add_cert_ctx(X509_NAME* name, char* ctx[], int num) { int i = 0; @@ -1009,21 +1028,15 @@ end: static struct pxy_obj_keyring* get_obj_for_id(int keyring_id) { -#define KEY_LEN 16 struct pxy_obj_keyring *pxy_obj=NULL; struct config_bucket_t *rte = cert_default_config(); - char cfg_id_str[KEY_LEN] = {0}; - snprintf(cfg_id_str, KEY_LEN, "%d", keyring_id); + char cfg_id_str[16] = {0}; + snprintf(cfg_id_str, sizeof(cfg_id_str), "%d", keyring_id); int tables_id = rte->table_id; pxy_obj = (struct pxy_obj_keyring*)maat_plugin_get_EX_data(rte->feather, tables_id, (const char*)cfg_id_str); - if(pxy_obj==NULL) - { - goto finish; - } -finish: return pxy_obj; } @@ -1056,6 +1069,7 @@ static int x509_online_append(struct x509_object_ctx *def, struct request_t *req { pxy_obj = get_obj_for_id(0); } + assert(pxy_obj!=NULL); mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Certificate issued by table id %d", keyring_id); } else @@ -1109,6 +1123,8 @@ modify: X509_free(request->origin); X509_free(x509); finish: + if (pxy_obj) + keyring_table_free(pxy_obj); return _expire; } @@ -2018,6 +2034,8 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__) } memset(pxy_obj, 0, sizeof(struct pxy_obj_keyring)); + pxy_obj->ref_cnt = 1; + ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%s\t%s", &pxy_obj->keyring_id, &service, profile_name, pxy_obj->keyring_type, _priv_file, _publi_file, &pxy_obj->expire_after, pxy_obj->public_algo, pxy_obj->v3_ctl, &pxy_obj->is_valid, private_file, public_file); @@ -2047,19 +2065,10 @@ void keyring_table_dup_cb(int __attribute__((__unused__))table_id, MAAT_PLUGIN_E long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp) { struct pxy_obj_keyring* pxy_obj=(struct pxy_obj_keyring*)(*from); + pxy_obj->ref_cnt++; *to=pxy_obj; } -void keyring_table_free_cb(int __attribute__((__unused__))table_id, MAAT_PLUGIN_EX_DATA* ad, -long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp) -{ - struct pxy_obj_keyring* pxy_obj=(struct pxy_obj_keyring*)(*ad); - X509_free(pxy_obj->root); - EVP_PKEY_free(pxy_obj->key); - kfree(&pxy_obj); - *ad=NULL; -} - int maat_table_ex_init(const char* table_name, Maat_plugin_EX_new_func_t* new_func, Maat_plugin_EX_free_func_t* free_func, @@ -2128,7 +2137,7 @@ int maat_feather_init() keyring_table_dup_cb); if(table_id<0) { - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore register table PXY_OBJ_KEYRING failed"); + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore register table PXY_PROFILE_KEYRING failed"); } return 0;