diff options
| author | Ed Tanous <ed@tanous.net> | 2024-04-13 19:11:15 +0300 |
|---|---|---|
| committer | Ed Tanous <ed@tanous.net> | 2024-04-18 18:40:17 +0300 |
| commit | 8db83747b6ea72de30ac83f19578ecc37489b13d (patch) | |
| tree | 86bd287fc7fa1a93df5761af93554ef45f9bdc18 /http | |
| parent | 3e7374243ff53125f3a55c2d0b1927e89261b1f9 (diff) | |
| download | bmcweb-8db83747b6ea72de30ac83f19578ecc37489b13d.tar.xz | |
Clean up BMCWEB_ENABLE_SSL
This macro came originally from CROW_ENABLE_SSL, and was used as a macro
to optionally compile without openssl being required.
OpenSSL has been pulled into many other dependencies, and has been
functionally required to be included for a long time, so there's no
reason to hold onto this macro.
Remove most uses of the macro, and for the couple functional places the
macro is used, transition to a constexpr if to enable the TLS paths.
This allows a large simplification of code in some places.
Tested: Redfish service validator passes.
Change-Id: Iebd46a68e5e417b6031479e24be3c21bef782f4c
Signed-off-by: Ed Tanous <ed@tanous.net>
Diffstat (limited to 'http')
| -rw-r--r-- | http/app.hpp | 88 | ||||
| -rw-r--r-- | http/http_server.hpp | 52 | ||||
| -rw-r--r-- | http/routing/baserule.hpp | 4 | ||||
| -rw-r--r-- | http/routing/sserule.hpp | 3 | ||||
| -rw-r--r-- | http/routing/websocketrule.hpp | 4 | ||||
| -rw-r--r-- | http/websocket.hpp | 5 |
6 files changed, 66 insertions, 90 deletions
diff --git a/http/app.hpp b/http/app.hpp index eeb331ea96..d7863f6b17 100644 --- a/http/app.hpp +++ b/http/app.hpp @@ -8,6 +8,8 @@ #include "routing.hpp" #include "utility.hpp" +#include <systemd/sd-daemon.h> + #include <boost/asio/io_context.hpp> #include <boost/asio/ip/tcp.hpp> #include <boost/asio/ssl/context.hpp> @@ -31,9 +33,11 @@ class App { public: using ssl_socket_t = boost::beast::ssl_stream<boost::asio::ip::tcp::socket>; - using ssl_server_t = Server<App, ssl_socket_t>; - using socket_t = boost::asio::ip::tcp::socket; - using server_t = Server<App, socket_t>; + using raw_socket_t = boost::asio::ip::tcp::socket; + + using socket_type = + std::conditional_t<bmcwebEnableTLS, ssl_socket_t, raw_socket_t>; + using server_type = Server<App, socket_type>; explicit App(std::shared_ptr<boost::asio::io_context> ioIn = std::make_shared<boost::asio::io_context>()) : @@ -74,52 +78,53 @@ class App return router.newRuleTagged<Tag>(std::move(rule)); } - App& socket(int existingSocket) - { - socketFd = existingSocket; - return *this; - } - - App& port(std::uint16_t port) - { - portUint = port; - return *this; - } - void validate() { router.validate(); } - void run() + std::optional<boost::asio::ip::tcp::acceptor> setupSocket() { - validate(); -#ifdef BMCWEB_ENABLE_SSL - if (-1 == socketFd) + if (io == nullptr) { - sslServer = std::make_unique<ssl_server_t>(this, portUint, - sslContext, io); + BMCWEB_LOG_CRITICAL("IO was nullptr?"); + return std::nullopt; } - else + constexpr int defaultPort = 18080; + int listenFd = sd_listen_fds(0); + if (listenFd == 1) { - sslServer = std::make_unique<ssl_server_t>(this, socketFd, - sslContext, io); + BMCWEB_LOG_INFO("attempting systemd socket activation"); + if (sd_is_socket_inet(SD_LISTEN_FDS_START, AF_UNSPEC, SOCK_STREAM, + 1, 0) != 0) + { + BMCWEB_LOG_INFO("Starting webserver on socket handle {}", + SD_LISTEN_FDS_START); + return boost::asio::ip::tcp::acceptor( + *io, boost::asio::ip::tcp::v6(), SD_LISTEN_FDS_START); + } + BMCWEB_LOG_ERROR( + "bad incoming socket, starting webserver on port {}", + defaultPort); } - sslServer->run(); + BMCWEB_LOG_INFO("Starting webserver on port {}", defaultPort); + return boost::asio::ip::tcp::acceptor( + *io, boost::asio::ip::tcp::endpoint( + boost::asio::ip::make_address("0.0.0.0"), defaultPort)); + } -#else + void run() + { + validate(); - if (-1 == socketFd) + std::optional<boost::asio::ip::tcp::acceptor> acceptor = setupSocket(); + if (!acceptor) { - server = std::make_unique<server_t>(this, portUint, nullptr, io); - } - else - { - server = std::make_unique<server_t>(this, socketFd, nullptr, io); + BMCWEB_LOG_CRITICAL("Couldn't start server"); + return; } + server.emplace(this, std::move(*acceptor), sslContext, io); server->run(); - -#endif } void stop() @@ -160,19 +165,10 @@ class App private: std::shared_ptr<boost::asio::io_context> io; -#ifdef BMCWEB_ENABLE_SSL - uint16_t portUint = 443; -#else - uint16_t portUint = 80; -#endif - int socketFd = -1; - Router router; -#ifdef BMCWEB_ENABLE_SSL - std::unique_ptr<ssl_server_t> sslServer; -#else - std::unique_ptr<server_t> server; -#endif + std::optional<server_type> server; + + Router router; }; } // namespace crow using App = crow::App; diff --git a/http/http_server.hpp b/http/http_server.hpp index 2a6bd9f4aa..da73b107db 100644 --- a/http/http_server.hpp +++ b/http/http_server.hpp @@ -27,38 +27,15 @@ template <typename Handler, typename Adaptor = boost::asio::ip::tcp::socket> class Server { public: - Server(Handler* handlerIn, - std::unique_ptr<boost::asio::ip::tcp::acceptor>&& acceptorIn, + Server(Handler* handlerIn, boost::asio::ip::tcp::acceptor&& acceptorIn, std::shared_ptr<boost::asio::ssl::context> adaptorCtxIn, - std::shared_ptr<boost::asio::io_context> io = - std::make_shared<boost::asio::io_context>()) : + std::shared_ptr<boost::asio::io_context> io) : ioService(std::move(io)), acceptor(std::move(acceptorIn)), signals(*ioService, SIGINT, SIGTERM, SIGHUP), handler(handlerIn), adaptorCtx(std::move(adaptorCtxIn)) {} - Server(Handler* handlerIn, uint16_t port, - const std::shared_ptr<boost::asio::ssl::context>& adaptorCtxIn, - const std::shared_ptr<boost::asio::io_context>& io = - std::make_shared<boost::asio::io_context>()) : - Server(handlerIn, - std::make_unique<boost::asio::ip::tcp::acceptor>( - *io, boost::asio::ip::tcp::endpoint( - boost::asio::ip::make_address("0.0.0.0"), port)), - adaptorCtxIn, io) - {} - - Server(Handler* handlerIn, int existingSocket, - const std::shared_ptr<boost::asio::ssl::context>& adaptorCtxIn, - const std::shared_ptr<boost::asio::io_context>& io = - std::make_shared<boost::asio::io_context>()) : - Server(handlerIn, - std::make_unique<boost::asio::ip::tcp::acceptor>( - *io, boost::asio::ip::tcp::v6(), existingSocket), - adaptorCtxIn, io) - {} - void updateDateStr() { time_t lastTimeT = time(nullptr); @@ -90,14 +67,17 @@ class Server }; BMCWEB_LOG_INFO("bmcweb server is running, local endpoint {}", - acceptor->local_endpoint().address().to_string()); + acceptor.local_endpoint().address().to_string()); startAsyncWaitForSignal(); doAccept(); } void loadCertificate() { -#ifdef BMCWEB_ENABLE_SSL + if constexpr (!bmcwebEnableTLS) + { + return; + } namespace fs = std::filesystem; // Cleanup older certificate file existing in the system fs::path oldCert = "/home/root/server.pem"; @@ -121,7 +101,6 @@ class Server ensuressl::getSslContext(sslPemFile); adaptorCtx = sslContext; handler->ssl(std::move(sslContext)); -#endif } void startAsyncWaitForSignal() @@ -139,7 +118,7 @@ class Server BMCWEB_LOG_INFO("Receivied reload signal"); loadCertificate(); boost::system::error_code ec2; - acceptor->cancel(ec2); + acceptor.cancel(ec2); if (ec2) { BMCWEB_LOG_ERROR( @@ -163,12 +142,23 @@ class Server void doAccept() { + if (ioService == nullptr) + { + BMCWEB_LOG_CRITICAL("IoService was null"); + return; + } boost::asio::steady_timer timer(*ioService); std::shared_ptr<Connection<Adaptor, Handler>> connection; if constexpr (std::is_same<Adaptor, boost::beast::ssl_stream< boost::asio::ip::tcp::socket>>::value) { + if (adaptorCtx == nullptr) + { + BMCWEB_LOG_CRITICAL( + "Asked to lauch TLS socket but no context available"); + return; + } connection = std::make_shared<Connection<Adaptor, Handler>>( handler, std::move(timer), getCachedDateStr, Adaptor(*ioService, *adaptorCtx)); @@ -179,7 +169,7 @@ class Server handler, std::move(timer), getCachedDateStr, Adaptor(*ioService)); } - acceptor->async_accept( + acceptor.async_accept( boost::beast::get_lowest_layer(connection->socket()), [this, connection](const boost::system::error_code& ec) { if (!ec) @@ -194,7 +184,7 @@ class Server private: std::shared_ptr<boost::asio::io_context> ioService; std::function<std::string()> getCachedDateStr; - std::unique_ptr<boost::asio::ip::tcp::acceptor> acceptor; + boost::asio::ip::tcp::acceptor acceptor; boost::asio::signal_set signals; std::string dateStr; diff --git a/http/routing/baserule.hpp b/http/routing/baserule.hpp index 0913020935..f99e16ecf3 100644 --- a/http/routing/baserule.hpp +++ b/http/routing/baserule.hpp @@ -37,7 +37,6 @@ class BaseRule virtual void handle(const Request& /*req*/, const std::shared_ptr<bmcweb::AsyncResp>&, const std::vector<std::string>&) = 0; -#ifndef BMCWEB_ENABLE_SSL virtual void handleUpgrade(const Request& /*req*/, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, @@ -45,7 +44,7 @@ class BaseRule { asyncResp->res.result(boost::beast::http::status::not_found); } -#else + virtual void handleUpgrade( const Request& /*req*/, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, @@ -53,7 +52,6 @@ class BaseRule { asyncResp->res.result(boost::beast::http::status::not_found); } -#endif size_t getMethods() const { diff --git a/http/routing/sserule.hpp b/http/routing/sserule.hpp index c0a4e504b3..ad05bafbe2 100644 --- a/http/routing/sserule.hpp +++ b/http/routing/sserule.hpp @@ -30,7 +30,6 @@ class SseSocketRule : public BaseRule asyncResp->res.result(boost::beast::http::status::not_found); } -#ifndef BMCWEB_ENABLE_SSL void handleUpgrade(const Request& /*req*/, const std::shared_ptr<bmcweb::AsyncResp>& /*asyncResp*/, boost::asio::ip::tcp::socket&& adaptor) override @@ -42,7 +41,6 @@ class SseSocketRule : public BaseRule std::move(adaptor), openHandler, closeHandler); myConnection->start(); } -#else void handleUpgrade(const Request& /*req*/, const std::shared_ptr<bmcweb::AsyncResp>& /*asyncResp*/, boost::beast::ssl_stream<boost::asio::ip::tcp::socket>&& @@ -55,7 +53,6 @@ class SseSocketRule : public BaseRule std::move(adaptor), openHandler, closeHandler); myConnection->start(); } -#endif template <typename Func> self_t& onopen(Func f) diff --git a/http/routing/websocketrule.hpp b/http/routing/websocketrule.hpp index bf6daad6d0..b52d9ec9a7 100644 --- a/http/routing/websocketrule.hpp +++ b/http/routing/websocketrule.hpp @@ -27,7 +27,6 @@ class WebSocketRule : public BaseRule asyncResp->res.result(boost::beast::http::status::not_found); } -#ifndef BMCWEB_ENABLE_SSL void handleUpgrade(const Request& req, const std::shared_ptr<bmcweb::AsyncResp>& /*asyncResp*/, boost::asio::ip::tcp::socket&& adaptor) override @@ -41,7 +40,7 @@ class WebSocketRule : public BaseRule messageHandler, messageExHandler, closeHandler, errorHandler); myConnection->start(req); } -#else + void handleUpgrade(const Request& req, const std::shared_ptr<bmcweb::AsyncResp>& /*asyncResp*/, boost::beast::ssl_stream<boost::asio::ip::tcp::socket>&& @@ -56,7 +55,6 @@ class WebSocketRule : public BaseRule messageHandler, messageExHandler, closeHandler, errorHandler); myConnection->start(req); } -#endif template <typename Func> self_t& onopen(Func f) diff --git a/http/websocket.hpp b/http/websocket.hpp index 4262c70a5c..e669ffa611 100644 --- a/http/websocket.hpp +++ b/http/websocket.hpp @@ -6,14 +6,11 @@ #include <boost/asio/buffer.hpp> #include <boost/beast/core/multi_buffer.hpp> #include <boost/beast/websocket.hpp> +#include <boost/beast/websocket/ssl.hpp> #include <array> #include <functional> -#ifdef BMCWEB_ENABLE_SSL -#include <boost/beast/websocket/ssl.hpp> -#endif - namespace crow { namespace websocket |