line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
# |
2
|
|
|
|
|
|
|
# Copyright (C) 2009, 2010 NZ Registry Services |
3
|
|
|
|
|
|
|
# |
4
|
|
|
|
|
|
|
# This program is free software: you can redistribute it and/or modify |
5
|
|
|
|
|
|
|
# it under the terms of the Artistic License 2.0 or later. You should |
6
|
|
|
|
|
|
|
# have received a copy of the Artistic License the file COPYING.txt. |
7
|
|
|
|
|
|
|
# If not, see <http://www.perlfoundation.org/artistic_license_2_0> |
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
package SRS::EPP::Proxy; |
10
|
|
|
|
|
|
|
|
11
|
1
|
|
|
1
|
|
1511
|
use MooseX::Singleton; |
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
use MooseX::Method::Signatures; |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
use SRS::EPP::Session; |
15
|
|
|
|
|
|
|
use Event; |
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
use Log::Log4perl qw(:easy); |
18
|
|
|
|
|
|
|
|
19
|
|
|
|
|
|
|
use POSIX ":sys_wait_h"; |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
with 'SRS::EPP::Proxy::SimpleConfig'; |
22
|
|
|
|
|
|
|
with 'MooseX::Getopt'; |
23
|
|
|
|
|
|
|
with 'MooseX::Log::Log4perl::Easy'; |
24
|
|
|
|
|
|
|
with 'MooseX::Daemonize'; |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
has '+configfile' => ( |
27
|
|
|
|
|
|
|
default => sub { [ |
28
|
|
|
|
|
|
|
"$ENV{HOME}/.srs_epp_proxy.yaml", |
29
|
|
|
|
|
|
|
'/etc/srs-epp-proxy.yaml' |
30
|
|
|
|
|
|
|
] }); |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
sub BUILD { |
33
|
|
|
|
|
|
|
my $self = shift; |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
# should have already done SimpleConfig; with a bit of luck, |
36
|
|
|
|
|
|
|
# all properties in this master object may be specified there. |
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
# pass configuration via this method to log4perl |
39
|
|
|
|
|
|
|
my $logging = $self->logging; |
40
|
|
|
|
|
|
|
|
41
|
|
|
|
|
|
|
if ( !defined $logging ) { |
42
|
|
|
|
|
|
|
$logging = "INFO"; |
43
|
|
|
|
|
|
|
} |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
if ( !ref $logging and ! -f $logging ) { |
46
|
|
|
|
|
|
|
# 'default' |
47
|
|
|
|
|
|
|
if ( $self->is_daemon ) { |
48
|
|
|
|
|
|
|
$logging = { |
49
|
|
|
|
|
|
|
rootLogger => "$logging, Syslog", |
50
|
|
|
|
|
|
|
"appender.Syslog" => "Log::Log4perl::JavaMap::SyslogAppender", |
51
|
|
|
|
|
|
|
"appender.Syslog.logopt" => "pid", |
52
|
|
|
|
|
|
|
"appender.Syslog.Facility" => "daemon", |
53
|
|
|
|
|
|
|
"appender.Syslog.layout" => |
54
|
|
|
|
|
|
|
"Log::Log4perl::Layout::SimpleLayout", |
55
|
|
|
|
|
|
|
}; |
56
|
|
|
|
|
|
|
} |
57
|
|
|
|
|
|
|
else { |
58
|
|
|
|
|
|
|
$logging = { |
59
|
|
|
|
|
|
|
rootLogger => "$logging, Screen", |
60
|
|
|
|
|
|
|
"appender.Screen" => "Log::Log4perl::Appender::Screen", |
61
|
|
|
|
|
|
|
"appender.Screen.stderr" => 1, |
62
|
|
|
|
|
|
|
"appender.Screen.layout" => |
63
|
|
|
|
|
|
|
"Log::Log4perl::Layout::SimpleLayout", |
64
|
|
|
|
|
|
|
}; |
65
|
|
|
|
|
|
|
} |
66
|
|
|
|
|
|
|
} |
67
|
|
|
|
|
|
|
|
68
|
|
|
|
|
|
|
# prepend "log4perl." to config hashes |
69
|
|
|
|
|
|
|
if ( ref $logging and ref $logging eq "HASH" ) { |
70
|
|
|
|
|
|
|
for my $key ( keys %$logging ) { |
71
|
|
|
|
|
|
|
if ( $key !~ /^log4perl\./ and |
72
|
|
|
|
|
|
|
!exists $logging->{"log4perl.$key"} |
73
|
|
|
|
|
|
|
) { |
74
|
|
|
|
|
|
|
$logging->{"log4perl.$key"} = |
75
|
|
|
|
|
|
|
delete $logging->{$key}; |
76
|
|
|
|
|
|
|
} |
77
|
|
|
|
|
|
|
} |
78
|
|
|
|
|
|
|
} |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
Log::Log4perl->init( $logging ); |
81
|
|
|
|
|
|
|
# pass configuration options to the session class? |
82
|
|
|
|
|
|
|
} |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
our $VERSION = "0.20_01"; |
85
|
|
|
|
|
|
|
|
86
|
|
|
|
|
|
|
has 'logging' => |
87
|
|
|
|
|
|
|
is => "ro", |
88
|
|
|
|
|
|
|
isa => "HashRef[Str]", |
89
|
|
|
|
|
|
|
; |
90
|
|
|
|
|
|
|
|
91
|
|
|
|
|
|
|
has 'listen' => |
92
|
|
|
|
|
|
|
is => "ro", |
93
|
|
|
|
|
|
|
isa => "ArrayRef[Str]", |
94
|
|
|
|
|
|
|
metaclass => "Getopt", |
95
|
|
|
|
|
|
|
; |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
has 'listener' => |
98
|
|
|
|
|
|
|
is => "rw", |
99
|
|
|
|
|
|
|
isa => "SRS::EPP::Proxy::Listener", |
100
|
|
|
|
|
|
|
default => sub { |
101
|
|
|
|
|
|
|
require SRS::EPP::Proxy::Listener; |
102
|
|
|
|
|
|
|
my $self = shift; |
103
|
|
|
|
|
|
|
SRS::EPP::Proxy::Listener->new( |
104
|
|
|
|
|
|
|
($self->listen ? (listen => $self->listen) : () ), |
105
|
|
|
|
|
|
|
); |
106
|
|
|
|
|
|
|
}, |
107
|
|
|
|
|
|
|
lazy => 1, |
108
|
|
|
|
|
|
|
handles => { |
109
|
|
|
|
|
|
|
'init_listener' => 'init', |
110
|
|
|
|
|
|
|
}, |
111
|
|
|
|
|
|
|
; |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
has 'ssl_key_file' => |
114
|
|
|
|
|
|
|
metaclass => "Getopt", |
115
|
|
|
|
|
|
|
is => "ro", |
116
|
|
|
|
|
|
|
isa => "Str", |
117
|
|
|
|
|
|
|
required => 1, |
118
|
|
|
|
|
|
|
; |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
has 'ssl_cert_file' => |
121
|
|
|
|
|
|
|
metaclass => "Getopt", |
122
|
|
|
|
|
|
|
is => "ro", |
123
|
|
|
|
|
|
|
isa => "Str", |
124
|
|
|
|
|
|
|
required => 1, |
125
|
|
|
|
|
|
|
; |
126
|
|
|
|
|
|
|
|
127
|
|
|
|
|
|
|
has 'ssl_cert_dir' => |
128
|
|
|
|
|
|
|
is => "ro", |
129
|
|
|
|
|
|
|
isa => "Str", |
130
|
|
|
|
|
|
|
default => "", |
131
|
|
|
|
|
|
|
; |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
use Sys::Hostname qw(hostname); |
134
|
|
|
|
|
|
|
has 'server_name' => |
135
|
|
|
|
|
|
|
is => "ro", |
136
|
|
|
|
|
|
|
isa => "Str", |
137
|
|
|
|
|
|
|
lazy => 1, |
138
|
|
|
|
|
|
|
default => sub { |
139
|
|
|
|
|
|
|
my $self = shift; |
140
|
|
|
|
|
|
|
my @listen = @{ $self->listen }; |
141
|
|
|
|
|
|
|
if ( @listen == 1 and $listen[0] !~ /^(?:\d+\.|\[)/ ) { |
142
|
|
|
|
|
|
|
# listen address seems a reasonable default... |
143
|
|
|
|
|
|
|
$listen[0]; |
144
|
|
|
|
|
|
|
} |
145
|
|
|
|
|
|
|
else { |
146
|
|
|
|
|
|
|
hostname; |
147
|
|
|
|
|
|
|
} |
148
|
|
|
|
|
|
|
}; |
149
|
|
|
|
|
|
|
|
150
|
|
|
|
|
|
|
has 'ssl_engine' => |
151
|
|
|
|
|
|
|
is => "rw", |
152
|
|
|
|
|
|
|
isa => "Net::SSLeay::OO::Context", |
153
|
|
|
|
|
|
|
; |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
has 'rfc_compliant_ssl' => |
156
|
|
|
|
|
|
|
is => "rw", |
157
|
|
|
|
|
|
|
traits => [qw[Getopt]], |
158
|
|
|
|
|
|
|
isa => "Bool", |
159
|
|
|
|
|
|
|
; |
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
use Net::SSLeay::OO; |
162
|
|
|
|
|
|
|
use Net::SSLeay::OO::Error qw(die_if_ssl_error); |
163
|
|
|
|
|
|
|
use Net::SSLeay::OO::Constants |
164
|
|
|
|
|
|
|
qw(MODE_ENABLE_PARTIAL_WRITE MODE_ACCEPT_MOVING_WRITE_BUFFER |
165
|
|
|
|
|
|
|
OP_ALL OP_NO_SSLv2 VERIFY_PEER VERIFY_FAIL_IF_NO_PEER_CERT |
166
|
|
|
|
|
|
|
FILETYPE_PEM); |
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
method init_ssl() { |
169
|
|
|
|
|
|
|
my $ctx = Net::SSLeay::OO::Context->new; |
170
|
|
|
|
|
|
|
$ctx->set_options(&OP_ALL | OP_NO_SSLv2); |
171
|
|
|
|
|
|
|
my $options = VERIFY_PEER; |
172
|
|
|
|
|
|
|
if ( $self->rfc_compliant_ssl) { |
173
|
|
|
|
|
|
|
$self->log_info( |
174
|
|
|
|
|
|
|
"Strict RFC5734-compliant SSL enabled (client certificates required)" |
175
|
|
|
|
|
|
|
); |
176
|
|
|
|
|
|
|
$options |= VERIFY_FAIL_IF_NO_PEER_CERT; |
177
|
|
|
|
|
|
|
} |
178
|
|
|
|
|
|
|
$ctx->set_verify($options); |
179
|
|
|
|
|
|
|
$self->log_info("SSL Certificates from ".$self->ssl_cert_dir); |
180
|
|
|
|
|
|
|
$ctx->load_verify_locations("", $self->ssl_cert_dir); |
181
|
|
|
|
|
|
|
$self->log_info( |
182
|
|
|
|
|
|
|
"SSL private key: ".$self->ssl_key_file |
183
|
|
|
|
|
|
|
.", public certificate chain: ".$self->ssl_cert_file |
184
|
|
|
|
|
|
|
); |
185
|
|
|
|
|
|
|
$ctx->use_PrivateKey_file($self->ssl_key_file, FILETYPE_PEM); |
186
|
|
|
|
|
|
|
$ctx->use_certificate_chain_file($self->ssl_cert_file); |
187
|
|
|
|
|
|
|
die_if_ssl_error; # one last check... |
188
|
|
|
|
|
|
|
$self->ssl_engine($ctx); |
189
|
|
|
|
|
|
|
} |
190
|
|
|
|
|
|
|
|
191
|
|
|
|
|
|
|
method init() { |
192
|
|
|
|
|
|
|
$self->log_info("Initializing PGP"); |
193
|
|
|
|
|
|
|
$self->init_pgp; |
194
|
|
|
|
|
|
|
$self->log_info("Initializing SSL"); |
195
|
|
|
|
|
|
|
$self->init_ssl; |
196
|
|
|
|
|
|
|
$self->log_info("Initializing Listener"); |
197
|
|
|
|
|
|
|
$self->init_listener; |
198
|
|
|
|
|
|
|
} |
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
has 'openpgp' => |
201
|
|
|
|
|
|
|
is => "ro", |
202
|
|
|
|
|
|
|
isa => "SRS::EPP::OpenPGP", |
203
|
|
|
|
|
|
|
lazy => 1, |
204
|
|
|
|
|
|
|
default => sub { |
205
|
|
|
|
|
|
|
my $self = shift; |
206
|
|
|
|
|
|
|
require SRS::EPP::OpenPGP; |
207
|
|
|
|
|
|
|
my $pgp_dir = $self->pgp_dir; |
208
|
|
|
|
|
|
|
my $secring_file = "$pgp_dir/secring.gpg"; |
209
|
|
|
|
|
|
|
my $pubring_file = "$pgp_dir/pubring.gpg"; |
210
|
|
|
|
|
|
|
my $pgp = SRS::EPP::OpenPGP->new( |
211
|
|
|
|
|
|
|
public_keyring => $pubring_file, |
212
|
|
|
|
|
|
|
secret_keyring => $secring_file, |
213
|
|
|
|
|
|
|
); |
214
|
|
|
|
|
|
|
$pgp->uid($self->pgp_keyid); |
215
|
|
|
|
|
|
|
$pgp; |
216
|
|
|
|
|
|
|
}, |
217
|
|
|
|
|
|
|
handles => ["pgp"], |
218
|
|
|
|
|
|
|
; |
219
|
|
|
|
|
|
|
|
220
|
|
|
|
|
|
|
has 'pgp_keyid' => |
221
|
|
|
|
|
|
|
metaclass => "Getopt", |
222
|
|
|
|
|
|
|
is => "ro", |
223
|
|
|
|
|
|
|
isa => "Str", |
224
|
|
|
|
|
|
|
required => 1, |
225
|
|
|
|
|
|
|
; |
226
|
|
|
|
|
|
|
|
227
|
|
|
|
|
|
|
has 'pgp_dir' => |
228
|
|
|
|
|
|
|
is => "ro", |
229
|
|
|
|
|
|
|
isa => "Str", |
230
|
|
|
|
|
|
|
default => sub { |
231
|
|
|
|
|
|
|
$ENV{GNUPGHOME} || "$ENV{HOME}/.gnupg"; |
232
|
|
|
|
|
|
|
}, |
233
|
|
|
|
|
|
|
; |
234
|
|
|
|
|
|
|
|
235
|
|
|
|
|
|
|
method init_pgp() { |
236
|
|
|
|
|
|
|
$self->pgp; |
237
|
|
|
|
|
|
|
} |
238
|
|
|
|
|
|
|
|
239
|
|
|
|
|
|
|
has 'running' => |
240
|
|
|
|
|
|
|
is => "rw", |
241
|
|
|
|
|
|
|
isa => "Bool", |
242
|
|
|
|
|
|
|
default => 1, |
243
|
|
|
|
|
|
|
; |
244
|
|
|
|
|
|
|
|
245
|
|
|
|
|
|
|
has 'child_pids' => |
246
|
|
|
|
|
|
|
is => "ro", |
247
|
|
|
|
|
|
|
isa => "ArrayRef[Int]", |
248
|
|
|
|
|
|
|
default => sub { [] }, |
249
|
|
|
|
|
|
|
; |
250
|
|
|
|
|
|
|
|
251
|
|
|
|
|
|
|
has 'backend' => |
252
|
|
|
|
|
|
|
is => "ro", |
253
|
|
|
|
|
|
|
isa => "Str", |
254
|
|
|
|
|
|
|
default => "https://srstest.srs.net.nz/srs/registrar", |
255
|
|
|
|
|
|
|
; |
256
|
|
|
|
|
|
|
|
257
|
|
|
|
|
|
|
method accept_one() { |
258
|
|
|
|
|
|
|
$self->log_trace("accepting connections"); |
259
|
|
|
|
|
|
|
my $socket = $self->listener->accept |
260
|
|
|
|
|
|
|
or return; |
261
|
|
|
|
|
|
|
|
262
|
|
|
|
|
|
|
if ( !$self->foreground and (my $pid = fork) ) { |
263
|
|
|
|
|
|
|
push @{ $self->child_pids }, $pid; |
264
|
|
|
|
|
|
|
$self->log_debug("forked $pid for connection"); |
265
|
|
|
|
|
|
|
return (); |
266
|
|
|
|
|
|
|
} |
267
|
|
|
|
|
|
|
else { |
268
|
|
|
|
|
|
|
# We'll also want to know the address of the other end |
269
|
|
|
|
|
|
|
# of the socket, for checking it against the back-end |
270
|
|
|
|
|
|
|
# ACL |
271
|
|
|
|
|
|
|
my $peerhost = $socket->peerhost; |
272
|
|
|
|
|
|
|
$self->log_info("connection from $peerhost, starting SSL"); |
273
|
|
|
|
|
|
|
$0 = "srs-epp-proxy [$peerhost] - SSL init"; |
274
|
|
|
|
|
|
|
|
275
|
|
|
|
|
|
|
my $ssl = $self->ssl_engine->accept($socket); |
276
|
|
|
|
|
|
|
$0 = "srs-epp-proxy [$peerhost] - setup"; |
277
|
|
|
|
|
|
|
|
278
|
|
|
|
|
|
|
# RFC3734 and updates specify the use of client |
279
|
|
|
|
|
|
|
# certificates. So, fetch it and get its subject. |
280
|
|
|
|
|
|
|
my $client_cert = $ssl->get_peer_certificate; |
281
|
|
|
|
|
|
|
my $peer_cn; |
282
|
|
|
|
|
|
|
if ( $client_cert ) { |
283
|
|
|
|
|
|
|
# should use subjectAltName if present.. |
284
|
|
|
|
|
|
|
$peer_cn = $client_cert->get_subject_name->cn; |
285
|
|
|
|
|
|
|
$self->log_info("have a valid peer certificate, cn=$peer_cn"); |
286
|
|
|
|
|
|
|
} |
287
|
|
|
|
|
|
|
else { |
288
|
|
|
|
|
|
|
$self->log_info("no peer certificate presented"); |
289
|
|
|
|
|
|
|
} |
290
|
|
|
|
|
|
|
|
291
|
|
|
|
|
|
|
# set the socket to non-blocking for event-driven fun. |
292
|
|
|
|
|
|
|
my $mode = ( MODE_ENABLE_PARTIAL_WRITE | |
293
|
|
|
|
|
|
|
MODE_ACCEPT_MOVING_WRITE_BUFFER ); |
294
|
|
|
|
|
|
|
$ssl->set_mode($mode); |
295
|
|
|
|
|
|
|
$socket->blocking(0); |
296
|
|
|
|
|
|
|
|
297
|
|
|
|
|
|
|
# create a new session... |
298
|
|
|
|
|
|
|
my $session = SRS::EPP::Session->new( |
299
|
|
|
|
|
|
|
io => $ssl, |
300
|
|
|
|
|
|
|
proxy => $self, |
301
|
|
|
|
|
|
|
socket => $socket, |
302
|
|
|
|
|
|
|
backend_url => $self->backend, |
303
|
|
|
|
|
|
|
event => "Event", |
304
|
|
|
|
|
|
|
peerhost => $peerhost, |
305
|
|
|
|
|
|
|
($self->rfc_compliant_ssl ? (peer_cn => $peer_cn) : ()), |
306
|
|
|
|
|
|
|
); |
307
|
|
|
|
|
|
|
# let it know it's connected. |
308
|
|
|
|
|
|
|
$session->connected; |
309
|
|
|
|
|
|
|
|
310
|
|
|
|
|
|
|
return $session; |
311
|
|
|
|
|
|
|
} |
312
|
|
|
|
|
|
|
} |
313
|
|
|
|
|
|
|
|
314
|
|
|
|
|
|
|
method show_state( Str $state, SRS::EPP::Session $session? ) { |
315
|
|
|
|
|
|
|
my ($regid, $peer_host_or_cn); |
316
|
|
|
|
|
|
|
if ( $session ) { |
317
|
|
|
|
|
|
|
$regid = $session->user; |
318
|
|
|
|
|
|
|
$peer_host_or_cn = $session->peer_cn |
319
|
|
|
|
|
|
|
|| $session->peerhost; |
320
|
|
|
|
|
|
|
} |
321
|
|
|
|
|
|
|
$0 = "srs-epp-proxy [$peer_host_or_cn] - ". |
322
|
|
|
|
|
|
|
($regid?"registrar $regid - ":"").$state; |
323
|
|
|
|
|
|
|
} |
324
|
|
|
|
|
|
|
|
325
|
|
|
|
|
|
|
has signals => |
326
|
|
|
|
|
|
|
is => "rw", |
327
|
|
|
|
|
|
|
isa => "HashRef[Int]", |
328
|
|
|
|
|
|
|
default => sub { {} }, |
329
|
|
|
|
|
|
|
; |
330
|
|
|
|
|
|
|
|
331
|
|
|
|
|
|
|
has handlers => |
332
|
|
|
|
|
|
|
is => "rw", |
333
|
|
|
|
|
|
|
isa => "HashRef[CodeRef]", |
334
|
|
|
|
|
|
|
default => sub { {} }, |
335
|
|
|
|
|
|
|
; |
336
|
|
|
|
|
|
|
|
337
|
|
|
|
|
|
|
method signal_handler( Str $signal ) { |
338
|
|
|
|
|
|
|
$self->log_debug("caught SIG$signal"); |
339
|
|
|
|
|
|
|
$self->signals->{$signal}++; |
340
|
|
|
|
|
|
|
} |
341
|
|
|
|
|
|
|
|
342
|
|
|
|
|
|
|
method process_signals() { |
343
|
|
|
|
|
|
|
my $sig_h = $self->signals; |
344
|
|
|
|
|
|
|
while (my ($signal,$handler) = each %{ $self->handlers }) { |
345
|
|
|
|
|
|
|
if ($sig_h->{$signal}) { |
346
|
|
|
|
|
|
|
$sig_h->{$signal} = 0; |
347
|
|
|
|
|
|
|
$self->log_debug("processing SIG$signal"); |
348
|
|
|
|
|
|
|
$handler->(); |
349
|
|
|
|
|
|
|
} |
350
|
|
|
|
|
|
|
} |
351
|
|
|
|
|
|
|
} |
352
|
|
|
|
|
|
|
|
353
|
|
|
|
|
|
|
method catch_signal(Str $sig, CodeRef $sub) { |
354
|
|
|
|
|
|
|
$self->handlers->{$sig} = $sub; |
355
|
|
|
|
|
|
|
$SIG{$sig} = sub { $self->signal_handler($sig) }; |
356
|
|
|
|
|
|
|
} |
357
|
|
|
|
|
|
|
|
358
|
|
|
|
|
|
|
method accept_loop() { |
359
|
|
|
|
|
|
|
$self->catch_signal(TERM => sub { |
360
|
|
|
|
|
|
|
$self->log_info("Shutting down."); |
361
|
|
|
|
|
|
|
for my $kid ( @{ $self->child_pids } ) { |
362
|
|
|
|
|
|
|
kill "TERM", $kid; |
363
|
|
|
|
|
|
|
} |
364
|
|
|
|
|
|
|
$self->running(0); |
365
|
|
|
|
|
|
|
}); |
366
|
|
|
|
|
|
|
if ( !$self->foreground ) { |
367
|
|
|
|
|
|
|
$self->catch_signal(CHLD => sub { $self->reap_children }); |
368
|
|
|
|
|
|
|
} |
369
|
|
|
|
|
|
|
$0 = "srs-epp-proxy - listener"; |
370
|
|
|
|
|
|
|
while ( $self->running ) { |
371
|
|
|
|
|
|
|
my $session = $self->accept_one; |
372
|
|
|
|
|
|
|
if ( $session ) { |
373
|
|
|
|
|
|
|
unless ( $self->foreground ) { |
374
|
|
|
|
|
|
|
$self->catch_signal(TERM => sub { |
375
|
|
|
|
|
|
|
$session->shutdown; |
376
|
|
|
|
|
|
|
}); |
377
|
|
|
|
|
|
|
} |
378
|
|
|
|
|
|
|
$self->log_trace("accepted a new session, entering event loop"); |
379
|
|
|
|
|
|
|
local($Event::DIED) = sub { |
380
|
|
|
|
|
|
|
my $event = shift; |
381
|
|
|
|
|
|
|
my $exception = shift; |
382
|
|
|
|
|
|
|
$self->log_error("Exception during ".$event->w->desc."; $exception"); |
383
|
|
|
|
|
|
|
Event::unloop_all; |
384
|
|
|
|
|
|
|
}; |
385
|
|
|
|
|
|
|
Event::loop(120); |
386
|
|
|
|
|
|
|
$self->log_info("Session ends"); |
387
|
|
|
|
|
|
|
exit unless $self->foreground; |
388
|
|
|
|
|
|
|
} |
389
|
|
|
|
|
|
|
else { |
390
|
|
|
|
|
|
|
$self->log_trace("no new session, processing signals"); |
391
|
|
|
|
|
|
|
$self->process_signals; |
392
|
|
|
|
|
|
|
} |
393
|
|
|
|
|
|
|
} |
394
|
|
|
|
|
|
|
} |
395
|
|
|
|
|
|
|
|
396
|
|
|
|
|
|
|
method reap_children() { |
397
|
|
|
|
|
|
|
my $kid; |
398
|
|
|
|
|
|
|
my %reaped; |
399
|
|
|
|
|
|
|
do { |
400
|
|
|
|
|
|
|
$kid = waitpid(-1, WNOHANG); |
401
|
|
|
|
|
|
|
if ($kid > 0) { |
402
|
|
|
|
|
|
|
$reaped{$kid} = $?; |
403
|
|
|
|
|
|
|
$self->log_debug( |
404
|
|
|
|
|
|
|
"child $kid, ".($?&255 ?" killed by signal ".($?&127) |
405
|
|
|
|
|
|
|
.($?&128?" (core dumped)":"") |
406
|
|
|
|
|
|
|
:"exited with error code ".($?>>8)) |
407
|
|
|
|
|
|
|
); |
408
|
|
|
|
|
|
|
} |
409
|
|
|
|
|
|
|
} while ($kid > 0); |
410
|
|
|
|
|
|
|
my $child_pids = $self->child_pids; |
411
|
|
|
|
|
|
|
@$child_pids = grep { exists $reaped{$_} } @$child_pids; |
412
|
|
|
|
|
|
|
} |
413
|
|
|
|
|
|
|
|
414
|
|
|
|
|
|
|
{ |
415
|
|
|
|
|
|
|
no warnings 'redefine'; |
416
|
|
|
|
|
|
|
my $daemonize = \&daemonize; |
417
|
|
|
|
|
|
|
*daemonize = sub { |
418
|
|
|
|
|
|
|
my $self = shift; |
419
|
|
|
|
|
|
|
my %args = @_; |
420
|
|
|
|
|
|
|
$args{dont_close_all_files} = 1; |
421
|
|
|
|
|
|
|
$SIG{__DIE__} = sub { |
422
|
|
|
|
|
|
|
# be sure to re-throw exceptions whilst inside |
423
|
|
|
|
|
|
|
# eval { } |
424
|
|
|
|
|
|
|
if ( $^S ) { |
425
|
|
|
|
|
|
|
die @_; |
426
|
|
|
|
|
|
|
} else { |
427
|
|
|
|
|
|
|
$self->log_error("Uncaught exception, exiting: @_"); |
428
|
|
|
|
|
|
|
$self->log_error("stack trace: ".Carp::longmess); |
429
|
|
|
|
|
|
|
exit(1); |
430
|
|
|
|
|
|
|
} |
431
|
|
|
|
|
|
|
}; |
432
|
|
|
|
|
|
|
my $no_recurse; |
433
|
|
|
|
|
|
|
$SIG{__WARN__} = sub { |
434
|
|
|
|
|
|
|
return if $no_recurse; |
435
|
|
|
|
|
|
|
$no_recurse = 1; |
436
|
|
|
|
|
|
|
eval { $self->log_warn("caught warning: @_") }; |
437
|
|
|
|
|
|
|
$no_recurse = 0; |
438
|
|
|
|
|
|
|
}; |
439
|
|
|
|
|
|
|
$daemonize->($self, %args); |
440
|
|
|
|
|
|
|
}; |
441
|
|
|
|
|
|
|
} |
442
|
|
|
|
|
|
|
|
443
|
|
|
|
|
|
|
before 'start' => sub { |
444
|
|
|
|
|
|
|
my $self = shift; |
445
|
|
|
|
|
|
|
$self->init; |
446
|
|
|
|
|
|
|
}; |
447
|
|
|
|
|
|
|
|
448
|
|
|
|
|
|
|
after 'start' => sub { |
449
|
|
|
|
|
|
|
my $self = shift; |
450
|
|
|
|
|
|
|
$self->accept_loop |
451
|
|
|
|
|
|
|
if $self->is_daemon; |
452
|
|
|
|
|
|
|
}; |
453
|
|
|
|
|
|
|
|
454
|
|
|
|
|
|
|
1; |
455
|
|
|
|
|
|
|
|
456
|
|
|
|
|
|
|
__END__ |
457
|
|
|
|
|
|
|
|
458
|
|
|
|
|
|
|
=head1 NAME |
459
|
|
|
|
|
|
|
|
460
|
|
|
|
|
|
|
SRS::EPP::Proxy - IETF EPP <=> SRS XML proxy software |
461
|
|
|
|
|
|
|
|
462
|
|
|
|
|
|
|
=head1 SYNOPSIS |
463
|
|
|
|
|
|
|
|
464
|
|
|
|
|
|
|
my $proxy = SRS::EPP::Proxy->new( |
465
|
|
|
|
|
|
|
|
466
|
|
|
|
|
|
|
# where to listen for inbound connections |
467
|
|
|
|
|
|
|
listen => [ "$addr:$port", "[$addr6]:$port" ], |
468
|
|
|
|
|
|
|
|
469
|
|
|
|
|
|
|
# SSL engine: certificate for presentation |
470
|
|
|
|
|
|
|
ssl_key_file => $ssl_key_filename, |
471
|
|
|
|
|
|
|
ssl_cert_file => $ssl_key_filename, |
472
|
|
|
|
|
|
|
|
473
|
|
|
|
|
|
|
# path for verifying client certificates |
474
|
|
|
|
|
|
|
ssl_cert_dir => $ssl_cert_path, |
475
|
|
|
|
|
|
|
# and of course, revocations |
476
|
|
|
|
|
|
|
ssl_crl_file => $ssl_crl_file, |
477
|
|
|
|
|
|
|
|
478
|
|
|
|
|
|
|
# PGP home for dealing with the SRS |
479
|
|
|
|
|
|
|
pgp_dir => $path, |
480
|
|
|
|
|
|
|
|
481
|
|
|
|
|
|
|
); |
482
|
|
|
|
|
|
|
|
483
|
|
|
|
|
|
|
# initialises everything - listens on sockets, checks SSL |
484
|
|
|
|
|
|
|
# keys and PGP home dir valid |
485
|
|
|
|
|
|
|
$proxy->init(); |
486
|
|
|
|
|
|
|
|
487
|
|
|
|
|
|
|
# main entry mechanism |
488
|
|
|
|
|
|
|
$proxy->accept_loop(); |
489
|
|
|
|
|
|
|
|
490
|
|
|
|
|
|
|
# alternate piecemeal interfaces, mostly for testing |
491
|
|
|
|
|
|
|
$proxy->init_listener; |
492
|
|
|
|
|
|
|
$proxy->init_ssl; |
493
|
|
|
|
|
|
|
$proxy->init_pgp; |
494
|
|
|
|
|
|
|
my $session = $proxy->accept_one; # doesn't fork |
495
|
|
|
|
|
|
|
|
496
|
|
|
|
|
|
|
=head1 DESCRIPTION |
497
|
|
|
|
|
|
|
|
498
|
|
|
|
|
|
|
SRS::EPP::Proxy implements an XML to XML gateway between two |
499
|
|
|
|
|
|
|
contemporary protocols for domain name management; EPP as defined by |
500
|
|
|
|
|
|
|
RFC 3730 and later, and the SRS protocol used by the .nz registry. |
501
|
|
|
|
|
|
|
|
502
|
|
|
|
|
|
|
This module implements the SSL listener; it accepts connections, forks |
503
|
|
|
|
|
|
|
a new child for each one, collects client certificate information |
504
|
|
|
|
|
|
|
about the SSL connection as recommended by RFC 3734, and then starts |
505
|
|
|
|
|
|
|
an Event loop (using L<Event>) and passes control to the |
506
|
|
|
|
|
|
|
L<SRS::EPP::Session> module. |
507
|
|
|
|
|
|
|
|
508
|
|
|
|
|
|
|
Other modules of interest; ie the key modules in this stack are: |
509
|
|
|
|
|
|
|
|
510
|
|
|
|
|
|
|
=over |
511
|
|
|
|
|
|
|
|
512
|
|
|
|
|
|
|
=item L<Moose> |
513
|
|
|
|
|
|
|
|
514
|
|
|
|
|
|
|
Almost every module on this list is written using L<Moose>. |
515
|
|
|
|
|
|
|
|
516
|
|
|
|
|
|
|
=item L<SRS::EPP::Session> |
517
|
|
|
|
|
|
|
|
518
|
|
|
|
|
|
|
Implements the session logic which manages connections, and "oversees" |
519
|
|
|
|
|
|
|
the general flow of converting incoming messages to messages which are |
520
|
|
|
|
|
|
|
sent to the back-end. Has slave classes for managing the various |
521
|
|
|
|
|
|
|
queues which can build up. |
522
|
|
|
|
|
|
|
|
523
|
|
|
|
|
|
|
=item L<Net::SSLeay::OO> |
524
|
|
|
|
|
|
|
|
525
|
|
|
|
|
|
|
This module provides the interface to the OpenSSL library that this |
526
|
|
|
|
|
|
|
stack uses, and in particular is used by SRS::EPP::Session to gather |
527
|
|
|
|
|
|
|
information about the client certificate. |
528
|
|
|
|
|
|
|
|
529
|
|
|
|
|
|
|
=item L<XML::Relax::Generate> |
530
|
|
|
|
|
|
|
|
531
|
|
|
|
|
|
|
Relax NG to Moose class component. The classes this module generates |
532
|
|
|
|
|
|
|
are used as basis for below classes. |
533
|
|
|
|
|
|
|
|
534
|
|
|
|
|
|
|
=item L<XML::Relax::Marshall> |
535
|
|
|
|
|
|
|
|
536
|
|
|
|
|
|
|
XML to and from Moose data structure component. This module can |
537
|
|
|
|
|
|
|
create data structures which match the class structure made by |
538
|
|
|
|
|
|
|
L<XML::Relax::Generate> |
539
|
|
|
|
|
|
|
|
540
|
|
|
|
|
|
|
=item L<SRS::EPP::Message::*> |
541
|
|
|
|
|
|
|
|
542
|
|
|
|
|
|
|
(based on) XML::Relax::Generate conversions of the various XML Schema |
543
|
|
|
|
|
|
|
files in RFCs 3730 - 3733 (actually their later updates, RFC 4930 and |
544
|
|
|
|
|
|
|
above) to Moose classes. These are marshalled to and from XML using |
545
|
|
|
|
|
|
|
XML::Relax::Marshall, above. |
546
|
|
|
|
|
|
|
|
547
|
|
|
|
|
|
|
=item L<SRS::Message::*> |
548
|
|
|
|
|
|
|
|
549
|
|
|
|
|
|
|
These classes are similar conversions, but for the SRS protocol |
550
|
|
|
|
|
|
|
messages. These are based on a conversion of the Relax schema which |
551
|
|
|
|
|
|
|
is used to generate the RFC (not yet assigned an IETF number). |
552
|
|
|
|
|
|
|
|
553
|
|
|
|
|
|
|
=item L<Crypt::OpenPGP> |
554
|
|
|
|
|
|
|
|
555
|
|
|
|
|
|
|
An oldie but a goodie, this module is a nice pure perl implementation |
556
|
|
|
|
|
|
|
of PGP, which is used to sign requests and verify responses to and |
557
|
|
|
|
|
|
|
from the SRS back-end system. |
558
|
|
|
|
|
|
|
|
559
|
|
|
|
|
|
|
=back |
560
|
|
|
|
|
|
|
|
561
|
|
|
|
|
|
|
=cut |
562
|
|
|
|
|
|
|
|