To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to server.cpp
- browse files at revision 2
- compare with another revision
- compare with revision 836
- download diff
- download tarball
- view history from revision 2
- Committer: Björn Påhlsson
- Date: 2007-10-28 17:59:38 UTC
- Revision ID: belorn@tower-20071028175938-26b85eaa85b84771
Working client and server and password system
- files added:
- clients.conf
- files modified:
- Makefile
added
removed
server.cpp
17
17
#include <cerrno>
18
18
#include <algorithm> // std::max
19
19
#include <cstdlib> // exit()
20
#include <fstream> // std::ifstream
21
#include <string> // std::string
22
#include <map> // std::map
23
#include <iostream> // cout
24
#include <ostream> // <<
20
25
21
26
#define SOCKET_ERR(err,s) if(err<0) {perror(s);exit(1);}
22
27
27
32
#define CRLFILE "crl.pem"
28
33
#define DH_BITS 1024
29
34
35
using std::string;
36
using std::ifstream;
37
using std::map;
38
using std::cout;
39
30
40
/* These are global */
31
41
gnutls_certificate_credentials_t x509_cred;
42
map<string,string> table;
32
43
33
44
static gnutls_dh_params_t dh_params;
34
45
98
109
99
110
}
100
111
101
void tcpreply(int sd, struct sockaddr_in6 sa_cli, gnutls_session_t session){
112
void tcpreply(int sd, struct sockaddr_in6 *sa_cli, gnutls_session_t session){
113
102
114
int ret;
103
115
unsigned int status;
104
116
char buffer[512];
105
106
printf ("- connection from %s, port %d\n",
107
inet_ntop (AF_INET6, &sa_cli.sin6_addr, buffer,
108
sizeof (buffer)), ntohs (sa_cli.sin6_port));
117
int exit_status = 0;
118
char dn[128];
119
120
#define DIE(s){ exit_status = s; goto tcpreply_die; }
121
122
printf ("- TCP connection from %s, port %d\n",
123
inet_ntop (AF_INET6, &(sa_cli->sin6_addr), buffer,
124
sizeof (buffer)), ntohs (sa_cli->sin6_port));
109
125
110
126
111
127
gnutls_transport_set_ptr (session, reinterpret_cast<gnutls_transport_ptr_t> (sd));
118
134
gnutls_deinit (session);
119
135
fprintf (stderr, "*** Handshake has failed (%s)\n\n",
120
136
gnutls_strerror (ret));
121
exit(1);
137
DIE(1);
122
138
}
123
139
printf ("- Handshake was completed\n");
124
140
125
141
//time to validate
126
142
127
ret = gnutls_certificate_verify_peers2 (session, &status);
128
129
if (ret < 0)
130
{
131
printf ("Verify failed\n");
132
exit(1);
133
}
134
135
if (status & GNUTLS_CERT_INVALID)
136
printf ("The certificate is not trusted.\n");
137
138
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
139
printf ("The certificate hasn't got a known issuer.\n");
140
141
if (status & GNUTLS_CERT_REVOKED)
142
printf ("The certificate has been revoked.\n");
143
144
143
if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509){
145
144
printf("Recived certificate not X.509\n");
146
exit(1);
145
DIE(1);
147
146
}
148
147
{
149
148
const gnutls_datum_t *cert_list;
150
149
unsigned int cert_list_size = 0;
151
150
gnutls_x509_crt_t cert;
152
151
size_t size;
153
char dn[128];
154
152
155
153
cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
156
154
157
155
printf ("Peer provided %d certificates.\n", cert_list_size);
158
156
159
157
if (cert_list_size == 0){
160
printf("No certificates recived\n"); //should never happen because verify_peers2 should fail if so
161
exit(1);
158
printf("No certificates recived\n");
159
DIE(1);
162
160
}
163
161
164
162
gnutls_x509_crt_init (&cert);
171
169
172
170
printf ("DN: %s\n", dn);
173
171
}
172
173
ret = gnutls_certificate_verify_peers2 (session, &status);
174
175
if (ret < 0){
176
printf ("Verify failed\n");
177
DIE(1);
178
}
174
179
175
ret = gnutls_record_recv (session, buffer, sizeof(buffer));
180
if (status & (GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_REVOKED)) {
181
if (status & GNUTLS_CERT_INVALID) {
182
printf ("The certificate is not trusted.\n");
183
}
184
185
if (status & GNUTLS_CERT_SIGNER_NOT_FOUND){
186
printf ("The certificate hasn't got a known issuer.\n");
187
}
188
189
if (status & GNUTLS_CERT_REVOKED){
190
printf ("The certificate has been revoked.\n");
191
}
192
DIE(1);
193
}
176
194
177
if (ret > 0)
178
{
179
write(1, buffer, ret);
180
}
195
if (table.find(dn) != table.end()){
196
gnutls_record_send (session, table[dn].c_str(), table[dn].size());
197
printf("Password sent to client\n");
198
}
181
199
else {
182
fprintf (stderr, "\n*** Received corrupted "
183
"data(%d). Closing the connection.\n\n", ret);
200
printf("dn not in list of allowed clients\n");
184
201
}
202
185
203
204
tcpreply_die:
186
205
gnutls_bye (session, GNUTLS_SHUT_WR);
187
206
close(sd);
188
207
gnutls_deinit (session);
189
208
gnutls_certificate_free_credentials (x509_cred);
190
209
gnutls_global_deinit ();
191
}
210
exit(exit_status);
211
}
212
213
214
void badconfigparser(string file){
215
216
string dn;
217
string pw;
218
string pwfile;
219
ifstream infile (file.c_str());
220
221
while(infile){
222
getline(infile, dn, '\n');
223
if(not infile){
224
break;
225
}
226
getline(infile, pw, '\n');
227
if(not infile){
228
break;
229
}
230
getline(infile, pwfile, '\n');
231
if(not infile){
232
break;
233
}
234
if(pw.empty()){
235
ifstream pwf(pwfile.c_str());
236
std::string tmp;
237
238
while(true){
239
getline(pwf,tmp);
240
if (not pwf){
241
break;
242
}
243
pw = pw + tmp + '\n';
244
}
245
246
}
247
table[dn]=pw;
248
}
249
infile.close();
250
}
251
192
252
193
253
194
254
int main (){
203
263
204
264
fd_set rfds_orig;
205
265
266
badconfigparser(string("clients.conf"));
267
206
268
session = initialize_tls_session ();
207
269
208
//UDP socket creation
270
//UDP IPv6 socket creation
209
271
udp_listen_sd = socket (PF_INET6, SOCK_DGRAM, 0);
210
272
SOCKET_ERR (udp_listen_sd, "socket");
211
273
214
276
sa_serv.sin6_addr = in6addr_any; //XXX only listen to link local?
215
277
sa_serv.sin6_port = htons (PORT); /* Server Port number */
216
278
217
ret = setsockopt (udp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (int));
279
ret = setsockopt (udp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (optval));
218
280
SOCKET_ERR(ret,"setsockopt reuseaddr");
219
281
220
282
ret = setsockopt(udp_listen_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
233
295
//UDP socket creation done
234
296
235
297
236
//TCP socket creation
298
//TCP IPv6 socket creation
237
299
238
300
tcp_listen_sd = socket(PF_INET6, SOCK_STREAM, 0);
239
301
SOCKET_ERR(tcp_listen_sd,"socket");
241
303
setsockopt(tcp_listen_sd, SOL_SOCKET, SO_BINDTODEVICE, "eth0", 5);
242
304
SOCKET_ERR(ret,"setsockopt bindtodevice");
243
305
244
ret = setsockopt (tcp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (int));
306
ret = setsockopt (tcp_listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (optval));
245
307
SOCKET_ERR(ret,"setsockopt reuseaddr");
246
308
247
309
err = bind (tcp_listen_sd, reinterpret_cast<const sockaddr *> (& sa_serv),
251
313
err = listen (tcp_listen_sd, 1024);
252
314
SOCKET_ERR (err, "listen");
253
315
254
//TCP sockets creation done
316
//TCP IPv6 sockets creation done
255
317
256
318
FD_ZERO(&rfds_orig);
257
319
FD_SET(udp_listen_sd, &rfds_orig);
270
332
}
271
333
272
334
if (FD_ISSET(tcp_listen_sd, &rfds)){
273
274
335
client_len = sizeof(sa_cli);
275
276
336
int sd = accept (tcp_listen_sd,
277
337
reinterpret_cast<struct sockaddr *> (& sa_cli),
278
338
&client_len);
279
339
SOCKET_ERR(sd,"accept"); //xxx not dieing when just connection abort
280
340
switch(fork()){
281
341
case 0:
282
tcpreply(sd, sa_cli, session);
342
tcpreply(sd, &sa_cli, session);
283
343
return 0;
284
344
break;
285
345
case -1:
293
353
}
294
354
}
295
355
}
296
356
297
357
close(tcp_listen_sd);
298
358
close(udp_listen_sd);
299
359
return 0;
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0