forked from h2o/neverbleed
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathneverbleed.h
61 lines (54 loc) · 2.08 KB
/
neverbleed.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/*
* Copyright (c) 2015 Kazuho Oku, DeNA Co., Ltd.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to
* deal in the Software without restriction, including without limitation the
* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
* sell copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
* IN THE SOFTWARE.
*/
#ifndef NEVERBLEED_H
#define NEVERBLEED_H
#include <pthread.h>
#include <sys/un.h>
#include <openssl/engine.h>
#ifdef __cplusplus
extern "C" {
#endif
#define NEVERBLEED_ERRBUF_SIZE (256)
#define NEVERBLEED_AUTH_TOKEN_SIZE 32
typedef struct st_neverbleed_t {
ENGINE *engine;
pid_t daemon_pid;
struct sockaddr_un sun_;
pthread_key_t thread_key;
unsigned char auth_token[NEVERBLEED_AUTH_TOKEN_SIZE];
} neverbleed_t;
/**
* initializes the privilege separation engine (returns 0 if successful)
*/
int neverbleed_init(neverbleed_t *nb, char *errbuf);
/**
* loads a private key file (returns 1 if successful)
*/
int neverbleed_load_private_key_file(neverbleed_t *nb, SSL_CTX *ctx, const char *fn, char *errbuf);
/**
* setuidgid (also changes the file permissions so that `user` can connect to the daemon, if change_socket_ownership is non-zero)
*/
int neverbleed_setuidgid(neverbleed_t *nb, const char *user, int change_socket_ownership);
#ifdef __cplusplus
}
#endif
#endif