server session CHANGE some refactoring and bugfixes
diff --git a/src/session_p.h b/src/session_p.h
index 87429cc..ce8aef5 100644
--- a/src/session_p.h
+++ b/src/session_p.h
@@ -41,7 +41,7 @@
/* seconds */
# define NC_SSH_TIMEOUT 10
-
+/* number of all supported authentication methods */
# define NC_SSH_AUTH_COUNT 3
struct nc_ssh_client_opts {
@@ -103,9 +103,6 @@
struct nc_ctn *next;
} *ctn;
pthread_mutex_t ctn_lock;
-
- pthread_key_t verify_key;
- pthread_once_t verify_once;
};
#endif /* ENABLE_TLS */
@@ -145,7 +142,7 @@
#define NC_REVERSE_QUEUE 1
/**
- * @brief type of the session
+ * @brief Type of the session
*/
typedef enum {
NC_CLIENT, /**< client side */
@@ -156,7 +153,7 @@
* @brief Enumeration of the supported NETCONF protocol versions
*/
typedef enum {
- NC_VERSION_10 = 0, /**< NETCONV 1.0 - RFC 4741, 4742 */
+ NC_VERSION_10 = 0, /**< NETCONF 1.0 - RFC 4741, 4742 */
NC_VERSION_11 = 1 /**< NETCONF 1.1 - RFC 6241, 6242 */
} NC_VERSION;
@@ -222,7 +219,7 @@
struct nc_msg_cont *notifs; /**< queue for notifications received instead of RPC reply */
/* server side only data */
- time_t last_rpc;
+ time_t last_rpc; /**< time the last RPC was received on this session */
#ifdef ENABLE_SSH
/* SSH session authenticated */
# define NC_SESSION_SSH_AUTHENTICATED 0x02
@@ -233,10 +230,10 @@
/* this session is passed to nc_sshcb_msg() */
# define NC_SESSION_SSH_MSG_CB 0x10
- uint16_t ssh_auth_attempts;
+ uint16_t ssh_auth_attempts; /**< number of failed SSH authentication attempts */
#endif
#ifdef ENABLE_TLS
- X509 *tls_cert;
+ X509 *tls_cert; /**< TLS client certificate it used for authentication */
#endif
};
diff --git a/src/session_server.c b/src/session_server.c
index 64b44bd..9d174ce 100644
--- a/src/session_server.c
+++ b/src/session_server.c
@@ -859,7 +859,7 @@
{
NC_TRANSPORT_IMPL ti;
int sock, ret;
- char *host;
+ char *host = NULL;
uint16_t port;
if (!server_opts.ctx || !server_opts.binds || !session) {
@@ -884,6 +884,7 @@
if (!(*session)) {
ERRMEM;
close(sock);
+ free(host);
return -1;
}
(*session)->status = NC_STATUS_STARTING;
diff --git a/src/session_server.h b/src/session_server.h
index a1bfb2a..aa72311 100644
--- a/src/session_server.h
+++ b/src/session_server.h
@@ -260,7 +260,7 @@
/**
* @brief Set SSH host keys the server will identify itself with. Each of RSA, DSA, and
- * ECDSA key can be set. If the particular type was already set, it is replaced.
+ * ECDSA keys can be set. If the particular type was already set, it is replaced.
*
* @param[in] privkey_path Path to a private key.
* @return 0 on success, -1 on error.
diff --git a/src/session_server_tls.c b/src/session_server_tls.c
index 93f134e..e9a99b7 100644
--- a/src/session_server_tls.c
+++ b/src/session_server_tls.c
@@ -37,10 +37,12 @@
struct nc_tls_server_opts tls_opts = {
.tls_ctx_lock = PTHREAD_MUTEX_INITIALIZER,
.crl_lock = PTHREAD_MUTEX_INITIALIZER,
- .ctn_lock = PTHREAD_MUTEX_INITIALIZER,
- .verify_once = PTHREAD_ONCE_INIT
+ .ctn_lock = PTHREAD_MUTEX_INITIALIZER
};
+static pthread_key_t verify_key;
+static pthread_once_t verify_once = PTHREAD_ONCE_INIT;
+
static char *
asn1time_to_str(ASN1_TIME *t)
{
@@ -471,7 +473,7 @@
ASN1_TIME *last_update = NULL, *next_update = NULL;
/* get the thread session */
- session = pthread_getspecific(tls_opts.verify_key);
+ session = pthread_getspecific(verify_key);
/* get the last certificate, that is the peer (client) certificate */
if (!session->tls_cert) {
@@ -1185,7 +1187,7 @@
static void
nc_tls_make_verify_key(void)
{
- pthread_key_create(&tls_opts.verify_key, NULL);
+ pthread_key_create(&verify_key, NULL);
}
int
@@ -1248,8 +1250,8 @@
SSL_set_mode(session->ti.tls, SSL_MODE_AUTO_RETRY);
/* store session on per-thread basis */
- pthread_once(&tls_opts.verify_once, nc_tls_make_verify_key);
- pthread_setspecific(tls_opts.verify_key, session);
+ pthread_once(&verify_once, nc_tls_make_verify_key);
+ pthread_setspecific(verify_key, session);
ret = SSL_accept(session->ti.tls);