2015-03-13 16:37:32 +00:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
2015-07-23 20:51:45 +00:00
|
|
|
_ "crypto/sha512"
|
2015-03-13 16:37:32 +00:00
|
|
|
"fmt"
|
2016-06-02 16:40:25 +00:00
|
|
|
"io"
|
2015-03-13 16:37:32 +00:00
|
|
|
"net"
|
2016-07-12 23:32:47 +00:00
|
|
|
|
2021-04-08 16:43:39 +00:00
|
|
|
// We must import sha512 so that it registers with the runtime so that
|
|
|
|
// certificates that use it can be parsed.
|
|
|
|
|
2021-07-16 00:17:31 +00:00
|
|
|
"github.com/hashicorp/go-secure-stdlib/reloadutil"
|
2017-08-23 16:00:09 +00:00
|
|
|
"github.com/hashicorp/vault/helper/proxyutil"
|
2020-10-13 23:38:21 +00:00
|
|
|
"github.com/hashicorp/vault/internalshared/configutil"
|
2017-12-15 22:33:55 +00:00
|
|
|
"github.com/mitchellh/cli"
|
2015-03-13 16:37:32 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// ListenerFactory is the factory function to create a listener.
|
2020-05-14 13:19:27 +00:00
|
|
|
type ListenerFactory func(*configutil.Listener, io.Writer, cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)
|
2015-03-13 16:37:32 +00:00
|
|
|
|
|
|
|
// BuiltinListeners is the list of built-in listener types.
|
|
|
|
var BuiltinListeners = map[string]ListenerFactory{
|
2017-06-22 19:29:53 +00:00
|
|
|
"tcp": tcpListenerFactory,
|
2015-03-13 16:37:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewListener creates a new listener of the given type with the given
|
|
|
|
// configuration. The type is looked up in the BuiltinListeners map.
|
2020-05-14 13:19:27 +00:00
|
|
|
func NewListener(l *configutil.Listener, logger io.Writer, ui cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error) {
|
|
|
|
f, ok := BuiltinListeners[l.Type]
|
2015-03-13 16:37:32 +00:00
|
|
|
if !ok {
|
2020-05-14 13:19:27 +00:00
|
|
|
return nil, nil, nil, fmt.Errorf("unknown listener type: %q", l.Type)
|
2015-03-13 16:37:32 +00:00
|
|
|
}
|
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
return f(l, logger, ui)
|
2015-03-13 16:37:32 +00:00
|
|
|
}
|
2015-03-13 16:56:08 +00:00
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
func listenerWrapProxy(ln net.Listener, l *configutil.Listener) (net.Listener, error) {
|
|
|
|
behavior := l.ProxyProtocolBehavior
|
|
|
|
if behavior == "" {
|
2017-08-23 16:00:09 +00:00
|
|
|
return ln, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
proxyProtoConfig := &proxyutil.ProxyProtoConfig{
|
2020-05-14 13:19:27 +00:00
|
|
|
Behavior: behavior,
|
|
|
|
AuthorizedAddrs: l.ProxyProtocolAuthorizedAddrs,
|
2017-08-23 16:00:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
newLn, err := proxyutil.WrapInProxyProto(ln, proxyProtoConfig)
|
|
|
|
if err != nil {
|
2021-06-02 13:22:31 +00:00
|
|
|
return nil, fmt.Errorf("failed configuring PROXY protocol wrapper: %w", err)
|
2017-08-23 16:00:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return newLn, nil
|
|
|
|
}
|