/mandos/trunk : contents of server.cpp at revision 2

: (revision 2)

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

extern "C" {
#include <sys/types.h> //socket, setsockopt, bind, listen, accept,
  // inet_ntop,
#include <sys/socket.h> //socket, setsockopt, bind, listen, accept,
  // inet_ntop
#include <sys/ioctl.h> //ioctl, sockaddr_ll, ifreq
#include <unistd.h> //write, close
#include <netinet/ip.h> 	// sockaddr_in
#include <gnutls/gnutls.h>
#include <gnutls/x509.h> 	// gnutls_x509_crt_init, gnutls_x509_crt_import, gnutls_x509_crt_get_dn
#include <arpa/inet.h> 		// inet_ntop, htons
#include <net/if.h> //ifreq
}

#include <cstdio>
#include <cstring>
#include <cerrno>
#include <algorithm> 		// std::max
#include <cstdlib> 		// exit()
#include <fstream> 		// std::ifstream
#include <string> 		// std::string
#include <map> 			// std::map
#include <iostream> 		// cout
#include <ostream> 		// <<

#define SOCKET_ERR(err,s) if(err<0) {perror(s);exit(1);}

#define PORT 49001
#define KEYFILE "key.pem"
#define CERTFILE "cert.pem"
#define CAFILE "ca.pem"
#define CRLFILE "crl.pem"
#define DH_BITS 1024

using std::string;
using std::ifstream;
using std::map;
using std::cout;

/* These are global */
gnutls_certificate_credentials_t x509_cred;
map<string,string> table;

static gnutls_dh_params_t dh_params;

static int
generate_dh_params ()
{

  /* Generate Diffie Hellman parameters - for use with DHE
   * kx algorithms. These should be discarded and regenerated
   * once a day, once a week or once a month. Depending on the
   * security requirements.
   */
  gnutls_dh_params_init (&dh_params);
  gnutls_dh_params_generate2 (dh_params, DH_BITS);

  return 0;
}

gnutls_session_t
initialize_tls_session ()
{
  gnutls_session_t session;

  gnutls_global_init ();

  gnutls_certificate_allocate_credentials (&x509_cred);
  gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
					  GNUTLS_X509_FMT_PEM);
  gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
					GNUTLS_X509_FMT_PEM);
  gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
					GNUTLS_X509_FMT_PEM);

  generate_dh_params ();
  gnutls_certificate_set_dh_params (x509_cred, dh_params);

  gnutls_init (&session, GNUTLS_SERVER);
  gnutls_set_default_priority (session);
  gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);

  // request client certificate if any.

  gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
  gnutls_dh_set_prime_bits (session, DH_BITS);

  return session;
}


void udpreply(int &sd){
  struct sockaddr_in6 sa_cli;
  int ret;
  char buffer[512];

  {
    socklen_t sa_cli_len = sizeof(sa_cli);
    ret = recvfrom(sd, buffer, 512,0,
		   reinterpret_cast<sockaddr *>(& sa_cli), & sa_cli_len);
    SOCKET_ERR (ret, "recvfrom");
  }

  if (strncmp(buffer,"Marco", 5) == 0){
    ret = sendto(sd, "Polo", 4, 0, reinterpret_cast<sockaddr *>(& sa_cli),
		 sizeof(sa_cli));
    SOCKET_ERR (ret, "sendto");
  }

}

void tcpreply(int sd, struct sockaddr_in6 *sa_cli, gnutls_session_t session){

  int ret;
  unsigned int status;
  char buffer[512];
  int exit_status = 0;
  char dn[128];

#define DIE(s){ exit_status = s; goto tcpreply_die; }

  printf ("- TCP connection from %s, port %d\n",
	  inet_ntop (AF_INET6, &(sa_cli->sin6_addr), buffer,
		     sizeof (buffer)), ntohs (sa_cli->sin6_port));

  
  gnutls_transport_set_ptr (session, reinterpret_cast<gnutls_transport_ptr_t> (sd));
  

  ret = gnutls_handshake (session);
  if (ret < 0)
    {
      close (sd);
      gnutls_deinit (session);
      fprintf (stderr, "*** Handshake has failed (%s)\n\n",
	       gnutls_strerror (ret));
      DIE(1);
    }
  printf ("- Handshake was completed\n");

  //time to validate

  if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509){
    printf("Recived certificate not X.509\n");
    DIE(1);
  }
  {
    const gnutls_datum_t *cert_list;
    unsigned int cert_list_size = 0;
    gnutls_x509_crt_t cert;
    size_t size;
    
    cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
    
    printf ("Peer provided %d certificates.\n", cert_list_size);
    
    if (cert_list_size == 0){
      printf("No certificates recived\n");
      DIE(1);
    }
    
    gnutls_x509_crt_init (&cert);
    
    // XXX -Checking only first cert, might want to check them all
    gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER);
    
    size = sizeof (dn);
    gnutls_x509_crt_get_dn (cert, dn, &size);
    
    printf ("DN: %s\n", dn);
  }

  ret = gnutls_certificate_verify_peers2 (session, &status);

  if (ret < 0){
      printf ("Verify failed\n");
      DIE(1);
  }
  
  if (status & (GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_REVOKED)) {
    if (status & GNUTLS_CERT_INVALID) {
      printf ("The certificate is not trusted.\n");
    }
    
    if (status & GNUTLS_CERT_SIGNER_NOT_FOUND){
      printf ("The certificate hasn't got a known issuer.\n");
    }
    
    if (status & GNUTLS_CERT_REVOKED){
      printf ("The certificate has been revoked.\n");
    }
    DIE(1);
  }  

  if (table.find(dn) != table.end()){
    gnutls_record_send (session, table[dn].c_str(), table[dn].size());
    printf("Password sent to client\n");
  }
  else {
    printf("dn not in list of allowed clients\n");
  }

  
 tcpreply_die:
  gnutls_bye (session, GNUTLS_SHUT_WR);
  close(sd);
  gnutls_deinit (session);
  gnutls_certificate_free_credentials (x509_cred);
  gnutls_global_deinit ();
  exit(exit_status);
}


void badconfigparser(string file){

  string dn;
  string pw;
  string pwfile;
  ifstream infile (file.c_str());

  while(infile){
    getline(infile, dn, '\n');
    if(not infile){
      break;
    }
    getline(infile, pw, '\n');
    if(not infile){
      break;
    }
    getline(infile, pwfile, '\n');
    if(not infile){
      break;
    }
    if(pw.empty()){
      ifstream pwf(pwfile.c_str());
      std::string tmp;

      while(true){
	getline(pwf,tmp);
	if (not pwf){
	  break;
	}
	pw = pw + tmp + '\n';
      }
      
    }
    table[dn]=pw;
  }
  infile.close();
}
      


int main (){
  int ret, err, udp_listen_sd, tcp_listen_sd;
  struct sockaddr_in6 sa_serv;
  struct sockaddr_in6 sa_cli;

  int optval = 1;
  socklen_t client_len;

  gnutls_session_t session;

  fd_set rfds_orig;

  badconfigparser(string("clients.conf"));

  session = initialize_tls_session ();

  //UDP IPv6 socket creation
  udp_listen_sd = socket (PF_INET6, SOCK_DGRAM, 0);
  SOCKET_ERR (udp_listen_sd, "socket");

  memset (&sa_serv, '\0', sizeof (sa_serv));
  sa_serv.sin6_family = AF_INET6;
  sa_serv.sin6_addr = in6addr_any; //XXX only listen to link local?
  sa_serv.sin6_port = htons (PORT);	/* Server Port number */

  ret = setsockopt (udp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (optval));
  SOCKET_ERR(ret,"setsockopt reuseaddr");

  ret = setsockopt(udp_listen_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
  SOCKET_ERR(ret,"setsockopt bindtodevice");

  {
    int flag = 1;
    ret = setsockopt(udp_listen_sd, SOL_SOCKET, SO_BROADCAST, & flag, sizeof(flag));
    SOCKET_ERR(ret,"setsockopt broadcast");
  }

  err = bind (udp_listen_sd, reinterpret_cast<const sockaddr *> (& sa_serv),
	      sizeof (sa_serv));
  SOCKET_ERR (err, "bind");

  //UDP socket creation done


  //TCP IPv6 socket creation

  tcp_listen_sd = socket(PF_INET6, SOCK_STREAM, 0);
  SOCKET_ERR(tcp_listen_sd,"socket");

  setsockopt(tcp_listen_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
  SOCKET_ERR(ret,"setsockopt bindtodevice");
  
  ret = setsockopt (tcp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (optval));
  SOCKET_ERR(ret,"setsockopt reuseaddr");

  err = bind (tcp_listen_sd, reinterpret_cast<const sockaddr *> (& sa_serv),
	      sizeof (sa_serv));
  SOCKET_ERR (err, "bind");

  err = listen (tcp_listen_sd, 1024);
  SOCKET_ERR (err, "listen");

  //TCP IPv6 sockets creation done

  FD_ZERO(&rfds_orig);
  FD_SET(udp_listen_sd, &rfds_orig);
  FD_SET(tcp_listen_sd, &rfds_orig);

  printf ("Server ready. Listening to port '%d' on UDP and TCP.\n\n", PORT);

  for(;;){
    fd_set rfds = rfds_orig;

    ret = select(std::max(udp_listen_sd, tcp_listen_sd)+1, &rfds, 0, 0, 0);
    SOCKET_ERR(ret,"select");

    if (FD_ISSET(udp_listen_sd, &rfds)){
      udpreply(udp_listen_sd);
    }

    if (FD_ISSET(tcp_listen_sd, &rfds)){
      client_len = sizeof(sa_cli);
      int sd = accept (tcp_listen_sd,
	       reinterpret_cast<struct sockaddr *> (& sa_cli),
	       &client_len);
      SOCKET_ERR(sd,"accept"); //xxx not dieing when just connection abort      
      switch(fork()){
	case 0:
	  tcpreply(sd, &sa_cli, session);
	  return 0;
	  break;
      case -1:
	perror("fork");
	close(tcp_listen_sd);
	close(udp_listen_sd);
	return 1;
	break;
      default:
	break;
      }
    }
  }
  
  close(tcp_listen_sd);
  close(udp_listen_sd);
  return 0;

}

1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	1	extern "C" {
	2	#include <sys/types.h> //socket, setsockopt, bind, listen, accept,
	3	// inet_ntop,
	4	#include <sys/socket.h> //socket, setsockopt, bind, listen, accept,
	5	// inet_ntop
	6	#include <sys/ioctl.h> //ioctl, sockaddr_ll, ifreq
	7	#include <unistd.h> //write, close
	8	#include <netinet/ip.h> // sockaddr_in
	9	#include <gnutls/gnutls.h>
	10	#include <gnutls/x509.h> // gnutls_x509_crt_init, gnutls_x509_crt_import, gnutls_x509_crt_get_dn
	11	#include <arpa/inet.h> // inet_ntop, htons
	12	#include <net/if.h> //ifreq
	13	}
	14
	15	#include <cstdio>
	16	#include <cstring>
	17	#include <cerrno>
	18	#include <algorithm> // std::max
	19	#include <cstdlib> // exit()
2 by Björn Påhlsson Working client and server and password system	20	#include <fstream> // std::ifstream
	21	#include <string> // std::string
	22	#include <map> // std::map
	23	#include <iostream> // cout
	24	#include <ostream> // <<
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	25
	26	#define SOCKET_ERR(err,s) if(err<0) {perror(s);exit(1);}
	27
	28	#define PORT 49001
	29	#define KEYFILE "key.pem"
	30	#define CERTFILE "cert.pem"
	31	#define CAFILE "ca.pem"
	32	#define CRLFILE "crl.pem"
	33	#define DH_BITS 1024
	34
2 by Björn Påhlsson Working client and server and password system	35	using std::string;
	36	using std::ifstream;
	37	using std::map;
	38	using std::cout;
	39
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	40	/* These are global */
	41	gnutls_certificate_credentials_t x509_cred;
2 by Björn Påhlsson Working client and server and password system	42	map<string,string> table;
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	43
	44	static gnutls_dh_params_t dh_params;
	45
	46	static int
	47	generate_dh_params ()
	48	{
	49
	50	/* Generate Diffie Hellman parameters - for use with DHE
	51	* kx algorithms. These should be discarded and regenerated
	52	* once a day, once a week or once a month. Depending on the
	53	* security requirements.
	54	*/
	55	gnutls_dh_params_init (&dh_params);
	56	gnutls_dh_params_generate2 (dh_params, DH_BITS);
	57
	58	return 0;
	59	}
	60
	61	gnutls_session_t
	62	initialize_tls_session ()
	63	{
	64	gnutls_session_t session;
	65
	66	gnutls_global_init ();
	67
	68	gnutls_certificate_allocate_credentials (&x509_cred);
	69	gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
	70	GNUTLS_X509_FMT_PEM);
	71	gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
	72	GNUTLS_X509_FMT_PEM);
	73	gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
	74	GNUTLS_X509_FMT_PEM);
	75
	76	generate_dh_params ();
	77	gnutls_certificate_set_dh_params (x509_cred, dh_params);
	78
	79	gnutls_init (&session, GNUTLS_SERVER);
	80	gnutls_set_default_priority (session);
	81	gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
	82
	83	// request client certificate if any.
	84
	85	gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
	86	gnutls_dh_set_prime_bits (session, DH_BITS);
	87
	88	return session;
	89	}
	90
	91
	92	void udpreply(int &sd){
	93	struct sockaddr_in6 sa_cli;
	94	int ret;
	95	char buffer[512];
	96
	97	{
	98	socklen_t sa_cli_len = sizeof(sa_cli);
	99	ret = recvfrom(sd, buffer, 512,0,
	100	reinterpret_cast<sockaddr *>(& sa_cli), & sa_cli_len);
	101	SOCKET_ERR (ret, "recvfrom");
	102	}
	103
	104	if (strncmp(buffer,"Marco", 5) == 0){
	105	ret = sendto(sd, "Polo", 4, 0, reinterpret_cast<sockaddr *>(& sa_cli),
	106	sizeof(sa_cli));
107	SOCKET_ERR (ret, "sendto");
108	}
109
110	}
111
2 by Björn Påhlsson Working client and server and password system	112	void tcpreply(int sd, struct sockaddr_in6 *sa_cli, gnutls_session_t session){
	113
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	114	int ret;
	115	unsigned int status;
	116	char buffer[512];
2 by Björn Påhlsson Working client and server and password system	117	int exit_status = 0;
	118	char dn[128];
	119
	120	#define DIE(s){ exit_status = s; goto tcpreply_die; }
	121
	122	printf ("- TCP connection from %s, port %d\n",
	123	inet_ntop (AF_INET6, &(sa_cli->sin6_addr), buffer,
	124	sizeof (buffer)), ntohs (sa_cli->sin6_port));
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	125
	126
	127	gnutls_transport_set_ptr (session, reinterpret_cast<gnutls_transport_ptr_t> (sd));
	128
	129
	130	ret = gnutls_handshake (session);
	131	if (ret < 0)
	132	{
	133	close (sd);
	134	gnutls_deinit (session);
	135	fprintf (stderr, "*** Handshake has failed (%s)\n\n",
	136	gnutls_strerror (ret));
2 by Björn Påhlsson Working client and server and password system	137	DIE(1);
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	138	}
	139	printf ("- Handshake was completed\n");
	140
	141	//time to validate
	142
	143	if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509){
	144	printf("Recived certificate not X.509\n");
2 by Björn Påhlsson Working client and server and password system	145	DIE(1);
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	146	}
	147	{
	148	const gnutls_datum_t *cert_list;
	149	unsigned int cert_list_size = 0;
	150	gnutls_x509_crt_t cert;
	151	size_t size;
	152
	153	cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
	154
	155	printf ("Peer provided %d certificates.\n", cert_list_size);
	156
	157	if (cert_list_size == 0){
2 by Björn Påhlsson Working client and server and password system	158	printf("No certificates recived\n");
	159	DIE(1);
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	160	}
	161
	162	gnutls_x509_crt_init (&cert);
	163
	164	// XXX -Checking only first cert, might want to check them all
	165	gnutls_x509_crt_import (cert, &cert_list[0], GNUTLS_X509_FMT_DER);
	166
	167	size = sizeof (dn);
	168	gnutls_x509_crt_get_dn (cert, dn, &size);
	169
	170	printf ("DN: %s\n", dn);
	171	}
2 by Björn Påhlsson Working client and server and password system	172
	173	ret = gnutls_certificate_verify_peers2 (session, &status);
	174
	175	if (ret < 0){
	176	printf ("Verify failed\n");
	177	DIE(1);
	178	}
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	179
2 by Björn Påhlsson Working client and server and password system	180	if (status & (GNUTLS_CERT_INVALID \| GNUTLS_CERT_SIGNER_NOT_FOUND \| GNUTLS_CERT_REVOKED)) {
	181	if (status & GNUTLS_CERT_INVALID) {
	182	printf ("The certificate is not trusted.\n");
	183	}
	184
	185	if (status & GNUTLS_CERT_SIGNER_NOT_FOUND){
	186	printf ("The certificate hasn't got a known issuer.\n");
	187	}
	188
	189	if (status & GNUTLS_CERT_REVOKED){
	190	printf ("The certificate has been revoked.\n");
	191	}
	192	DIE(1);
	193	}
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	194
2 by Björn Påhlsson Working client and server and password system	195	if (table.find(dn) != table.end()){
	196	gnutls_record_send (session, table[dn].c_str(), table[dn].size());
	197	printf("Password sent to client\n");
	198	}
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	199	else {
2 by Björn Påhlsson Working client and server and password system	200	printf("dn not in list of allowed clients\n");
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	201	}
2 by Björn Påhlsson Working client and server and password system	202
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	203
2 by Björn Påhlsson Working client and server and password system	204	tcpreply_die:
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	205	gnutls_bye (session, GNUTLS_SHUT_WR);
	206	close(sd);
	207	gnutls_deinit (session);
	208	gnutls_certificate_free_credentials (x509_cred);
	209	gnutls_global_deinit ();
2 by Björn Påhlsson Working client and server and password system	210	exit(exit_status);
	211	}
	212
	213
	214	void badconfigparser(string file){
	215
	216	string dn;
	217	string pw;
	218	string pwfile;
	219	ifstream infile (file.c_str());
	220
	221	while(infile){
	222	getline(infile, dn, '\n');
	223	if(not infile){
	224	break;
	225	}
	226	getline(infile, pw, '\n');
	227	if(not infile){
	228	break;
	229	}
	230	getline(infile, pwfile, '\n');
	231	if(not infile){
	232	break;
	233	}
	234	if(pw.empty()){
	235	ifstream pwf(pwfile.c_str());
	236	std::string tmp;
	237
	238	while(true){
	239	getline(pwf,tmp);
	240	if (not pwf){
	241	break;
	242	}
	243	pw = pw + tmp + '\n';
	244	}
	245
	246	}
	247	table[dn]=pw;
	248	}
	249	infile.close();
	250	}
	251
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	252
	253
	254	int main (){
	255	int ret, err, udp_listen_sd, tcp_listen_sd;
	256	struct sockaddr_in6 sa_serv;
	257	struct sockaddr_in6 sa_cli;
	258
	259	int optval = 1;
	260	socklen_t client_len;
	261
	262	gnutls_session_t session;
	263
	264	fd_set rfds_orig;
	265
2 by Björn Påhlsson Working client and server and password system	266	badconfigparser(string("clients.conf"));
	267
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	268	session = initialize_tls_session ();
	269
2 by Björn Påhlsson Working client and server and password system	270	//UDP IPv6 socket creation
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	271	udp_listen_sd = socket (PF_INET6, SOCK_DGRAM, 0);
	272	SOCKET_ERR (udp_listen_sd, "socket");
	273
	274	memset (&sa_serv, '\0', sizeof (sa_serv));
	275	sa_serv.sin6_family = AF_INET6;
	276	sa_serv.sin6_addr = in6addr_any; //XXX only listen to link local?
	277	sa_serv.sin6_port = htons (PORT); /* Server Port number */
	278
2 by Björn Påhlsson Working client and server and password system	279	ret = setsockopt (udp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (optval));
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	280	SOCKET_ERR(ret,"setsockopt reuseaddr");
	281
	282	ret = setsockopt(udp_listen_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
	283	SOCKET_ERR(ret,"setsockopt bindtodevice");
	284
	285	{
	286	int flag = 1;
	287	ret = setsockopt(udp_listen_sd, SOL_SOCKET, SO_BROADCAST, & flag, sizeof(flag));
	288	SOCKET_ERR(ret,"setsockopt broadcast");
	289	}
	290
	291	err = bind (udp_listen_sd, reinterpret_cast<const sockaddr *> (& sa_serv),
	292	sizeof (sa_serv));
	293	SOCKET_ERR (err, "bind");
	294
	295	//UDP socket creation done
	296
	297
2 by Björn Påhlsson Working client and server and password system	298	//TCP IPv6 socket creation
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	299
	300	tcp_listen_sd = socket(PF_INET6, SOCK_STREAM, 0);
	301	SOCKET_ERR(tcp_listen_sd,"socket");
	302
	303	setsockopt(tcp_listen_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
	304	SOCKET_ERR(ret,"setsockopt bindtodevice");
	305
2 by Björn Påhlsson Working client and server and password system	306	ret = setsockopt (tcp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (optval));
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	307	SOCKET_ERR(ret,"setsockopt reuseaddr");
	308
	309	err = bind (tcp_listen_sd, reinterpret_cast<const sockaddr *> (& sa_serv),
	310	sizeof (sa_serv));
	311	SOCKET_ERR (err, "bind");
	312
	313	err = listen (tcp_listen_sd, 1024);
	314	SOCKET_ERR (err, "listen");
	315
2 by Björn Påhlsson Working client and server and password system	316	//TCP IPv6 sockets creation done
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	317
	318	FD_ZERO(&rfds_orig);
	319	FD_SET(udp_listen_sd, &rfds_orig);
	320	FD_SET(tcp_listen_sd, &rfds_orig);
	321
	322	printf ("Server ready. Listening to port '%d' on UDP and TCP.\n\n", PORT);
	323
	324	for(;;){
	325	fd_set rfds = rfds_orig;
	326
	327	ret = select(std::max(udp_listen_sd, tcp_listen_sd)+1, &rfds, 0, 0, 0);
	328	SOCKET_ERR(ret,"select");
	329
	330	if (FD_ISSET(udp_listen_sd, &rfds)){
	331	udpreply(udp_listen_sd);
	332	}
	333
	334	if (FD_ISSET(tcp_listen_sd, &rfds)){
	335	client_len = sizeof(sa_cli);
	336	int sd = accept (tcp_listen_sd,
	337	reinterpret_cast<struct sockaddr *> (& sa_cli),
	338	&client_len);
	339	SOCKET_ERR(sd,"accept"); //xxx not dieing when just connection abort
	340	switch(fork()){
	341	case 0:
2 by Björn Påhlsson Working client and server and password system	342	tcpreply(sd, &sa_cli, session);
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	343	return 0;
	344	break;
	345	case -1:
	346	perror("fork");
	347	close(tcp_listen_sd);
	348	close(udp_listen_sd);
	349	return 1;
	350	break;
	351	default:
	352	break;
	353	}
	354	}
	355	}
2 by Björn Påhlsson Working client and server and password system	356
1 by Björn Påhlsson First working version with: IPv6, GnuTLS, X.509 certificates, DN	357	close(tcp_listen_sd);
	358	close(udp_listen_sd);
	359	return 0;
	360
	361	}