feature(adapt maat): PXY_PROFILE_DECRYPTION adapt uuid
This commit is contained in:
luwenpeng
@@ -65,7 +65,7 @@
|
||||
|
||||
extern struct tcp_policy_enforcer *tcp_policy_enforcer_create(void *logger);
|
||||
extern struct chaining_policy_enforcer *chaining_policy_enforcer_create(void *logger);
|
||||
extern struct ssl_policy_enforcer *ssl_policy_enforcer_create(void *logger);
|
||||
extern struct ssl_policy_enforcer *ssl_policy_enforcer_create();
|
||||
extern enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_para);
|
||||
|
||||
static int signals[] = {SIGHUP, SIGPIPE, SIGUSR1, SIGUSR2};
|
||||
|
||||
@@ -199,8 +199,8 @@ struct ssl_upstream_parts
|
||||
struct ssl_service_status svc_status;
|
||||
enum ssl_stream_action action;
|
||||
int apln_enabled;
|
||||
int keyring_for_trusted;
|
||||
int keyring_for_untrusted;
|
||||
uuid_t keyring_for_trusted;
|
||||
uuid_t keyring_for_untrusted;
|
||||
struct ssl_chello * client_hello;
|
||||
uint8_t is_server_cert_verify_passed;
|
||||
};
|
||||
@@ -2162,12 +2162,6 @@ int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT
|
||||
case SSL_STREAM_OPT_ENABLE_ALPN:
|
||||
upstream->up_parts.apln_enabled=opt_val;
|
||||
break;
|
||||
case SSL_STREAM_OPT_KEYRING_FOR_TRUSTED:
|
||||
upstream->up_parts.keyring_for_trusted=opt_val;
|
||||
break;
|
||||
case SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED:
|
||||
upstream->up_parts.keyring_for_untrusted=opt_val;
|
||||
break;
|
||||
default:
|
||||
assert(0);
|
||||
return 0;
|
||||
@@ -2206,52 +2200,65 @@ int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT
|
||||
|
||||
}
|
||||
|
||||
uint64_t ssl_stream_get_policy_id(struct ssl_stream *upstream)
|
||||
void ssl_stream_get_policy_id(struct ssl_stream *upstream, uuid_t *policy_id)
|
||||
{
|
||||
uuid_clear(*policy_id);
|
||||
uint16_t out_size;
|
||||
uint64_t policy_id = 0;
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&policy_id, sizeof(policy_id), &out_size);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)policy_id, sizeof(uuid_t), &out_size);
|
||||
assert(ret == 0);
|
||||
assert(out_size == sizeof(uuid_t));
|
||||
(void)ret;
|
||||
|
||||
return policy_id;
|
||||
}
|
||||
|
||||
int ssl_stream_get_decrypted_profile_id(struct ssl_stream *upstream)
|
||||
void ssl_stream_get_decrypted_profile_id(struct ssl_stream *upstream, uuid_t *profile_id)
|
||||
{
|
||||
uuid_clear(*profile_id);
|
||||
uint16_t out_size;
|
||||
int profile_id = 0;
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)&profile_id, sizeof(profile_id), &out_size);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)profile_id, sizeof(uuid_t), &out_size);
|
||||
assert(ret == 0);
|
||||
assert(out_size == sizeof(uuid_t));
|
||||
(void)ret;
|
||||
|
||||
return profile_id;
|
||||
}
|
||||
|
||||
int ssl_stream_get_trusted_keyring_profile_id(struct ssl_stream *upstream)
|
||||
void ssl_stream_get_trusted_keyring_profile_id(struct ssl_stream *upstream, uuid_t *profile_id)
|
||||
{
|
||||
uuid_clear(*profile_id);
|
||||
uint16_t out_size;
|
||||
int keyring_id = 0;
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)profile_id, sizeof(uuid_t), &out_size);
|
||||
assert(ret == 0);
|
||||
assert(out_size == sizeof(uuid_t));
|
||||
(void)ret;
|
||||
|
||||
return keyring_id;
|
||||
}
|
||||
|
||||
int ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream)
|
||||
void ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream, uuid_t *profile_id)
|
||||
{
|
||||
uuid_clear(*profile_id);
|
||||
uint16_t out_size;
|
||||
int keyring_id = 0;
|
||||
struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size);
|
||||
int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)profile_id, sizeof(profile_id), &out_size);
|
||||
assert(ret == 0);
|
||||
assert(out_size == sizeof(uuid_t));
|
||||
(void)ret;
|
||||
}
|
||||
|
||||
return keyring_id;
|
||||
int ssl_stream_set_uuid_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, uuid_t *uuid)
|
||||
{
|
||||
switch (opt_type)
|
||||
{
|
||||
case SSL_STREAM_OPT_KEYRING_FOR_TRUSTED:
|
||||
uuid_copy(upstream->up_parts.keyring_for_trusted, *uuid);
|
||||
break;
|
||||
case SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED:
|
||||
uuid_copy(upstream->up_parts.keyring_for_untrusted, *uuid);
|
||||
break;
|
||||
default:
|
||||
assert(0);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, char* in_buff, size_t sz)
|
||||
|
||||
Reference in New Issue
Block a user