DeforaOS/libSystem
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSL support is now optional with the compilation flag "WITH_SSL"

Browse Source
This commit is contained in:
Pierre Pronchery 2007-10-12 01:31:44 +00:00
parent d6e364e01b
commit b0f5e136f7
5 changed files with 121 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Makefile
View File

@ -32,7 +32,7 @@ appclient.o: appclient.c appinterface.h
appinterface.o: appinterface.c
$(CC) $(libSystem_CFLAGS) -c appinterface.c
appserver.o: appserver.c appinterface.h
appserver.o: appserver.c appinterface.h ../config.h
$(CC) $(libSystem_CFLAGS) -c appserver.c
array.o: array.c

81
src/appclient.c
View File

@ -26,7 +26,9 @@
#include <errno.h>
#include <netinet/in.h>
#include <netdb.h>
#include <openssl/ssl.h>
#ifdef WITH_SSL
# include <openssl/ssl.h>
#endif
#include "System.h"
#include "appinterface.h"
@ -48,8 +50,10 @@ struct _AppClient
char const * lastfunc;
void ** lastargs;
int32_t * lastret;
#ifdef WITH_SSL
SSL_CTX * ssl_ctx;
SSL * ssl;
#endif
};
@ -66,20 +70,22 @@ static int _appclient_timeout(AppClient * appclient)
}
/* appclient_read */
#ifdef WITH_SSL
# define READ(fd, ac, len) SSL_read(ac->ssl, &ac->buf_read[ac->buf_read_cnt], \
len)
#else
# define READ(fd, ac, len) read(fd, &ac->buf_read[ac->buf_read_cnt], len)
#endif
static int _read_error();
static int _appclient_read(int fd, AppClient * ac)
{
ssize_t len;
if((len = (sizeof(ac->buf_read) - ac->buf_read_cnt)) < 0
|| (len = SSL_read(ac->ssl,
&ac->buf_read[ac->buf_read_cnt],
len)) <= 0)
{
/* FIXME */
SSL_shutdown(ac->ssl);
close(fd);
return 1;
}
|| (len = READ(fd, ac, len)) <= 0)
return _read_error(fd, ac);
ac->buf_read_cnt += len;
#ifdef DEBUG
fprintf(stderr, "%s%d%s%zd%s", "appclient_read(", fd, ") ", len,
@ -89,13 +95,8 @@ static int _appclient_read(int fd, AppClient * ac)
ac->buf_read, ac->buf_read_cnt, ac->lastfunc,
ac->lastargs);
if(len < 0 || len > ac->buf_read_cnt)
{
/* FIXME report error */
SSL_shutdown(ac->ssl);
close(fd);
return 1;
}
if(len == 0) /* EAGAIN */
return _read_error(fd, ac);
if(len == 0) /* try again */
return 0;
ac->buf_read_cnt -= len;
event_unregister_timeout(ac->event,
@ -103,7 +104,23 @@ static int _appclient_read(int fd, AppClient * ac)
return 1;
}
static int _read_error(int fd, AppClient * ac)
{
/* FIXME catch error */
#ifdef WITH_SSL
SSL_shutdown(ac->ssl);
#endif
close(fd);
return 1;
}
/* appclient_write */
#ifdef WITH_SSL
# define WRITE(fd, ac, len) SSL_write(ac->ssl, ac->buf_write, len)
#else
# define WRITE(fd, ac, len) write(fd, ac->buf_write, len)
#endif
static int _appclient_write(int fd, AppClient * ac)
{
ssize_t len;
@ -113,16 +130,18 @@ static int _appclient_write(int fd, AppClient * ac)
fprintf(stderr, "%s%d%s%zd%s", "appclient_write(", fd, ") ", len,
" bytes\n");
#endif
if((len = SSL_write(ac->ssl, ac->buf_write, len)) <= 0)
if((len = WRITE(fd, ac, len)) <= 0)
{
#ifdef WITH_SSL
SSL_shutdown(ac->ssl);
#endif
return 1;
}
memmove(ac->buf_write, &ac->buf_write[len], len);
ac->buf_write_cnt-=len;
if(ac->buf_write_cnt > 0)
return 0;
event_register_io_read(ac->event, fd,
return 0; /* there is more to write */
event_register_io_read(ac->event, fd, /* read the answer */
(EventIOFunc)_appclient_read, ac);
return 1;
}
@ -167,11 +186,15 @@ AppClient * appclient_new_event(char * app, Event * event)
appclient->event = event;
appclient->buf_read_cnt = 0;
appclient->buf_write_cnt = 0;
#ifdef WITH_SSL
appclient->ssl = NULL;
if((appclient->ssl_ctx = SSL_CTX_new(SSLv3_client_method())) == NULL
|| SSL_CTX_set_cipher_list(appclient->ssl_ctx,
SSL_DEFAULT_CIPHER_LIST) != 1
|| _new_connect(appclient, app) != 0)
#else
if(_new_connect(appclient, app) != 0)
#endif
{
appclient_delete(appclient);
return NULL;
@ -192,19 +215,26 @@ static int _new_connect(AppClient * appclient, char * app)
if(_connect_addr("Session", &sa.sin_addr.s_addr) != 0)
return 1;
if(connect(appclient->fd, (struct sockaddr *)&sa, sizeof(sa)) != 0
#ifdef WITH_SSL
|| (appclient->ssl = SSL_new(appclient->ssl_ctx))
== NULL
|| SSL_set_fd(appclient->ssl, appclient->fd) != 1)
|| SSL_set_fd(appclient->ssl, appclient->fd) != 1
#endif
)
return 1;
#ifdef WITH_SSL
SSL_set_connect_state(appclient->ssl);
#endif
if(appclient_call(appclient, &port, "port", app) != 0
|| port < 0)
return 1;
if(port == 0)
return 0;
#ifdef WITH_SSL
SSL_shutdown(appclient->ssl);
SSL_free(appclient->ssl);
appclient->ssl = NULL;
#endif
close(appclient->fd);
appclient->fd = -1;
#ifdef DEBUG
@ -219,11 +249,16 @@ static int _new_connect(AppClient * appclient, char * app)
return 1;
sa.sin_port = htons(port);
if(connect(appclient->fd, (struct sockaddr *)&sa, sizeof(sa)) != 0
#ifdef WITH_SSL
|| (appclient->ssl = SSL_new(appclient->ssl_ctx))
== NULL
|| SSL_set_fd(appclient->ssl, appclient->fd) != 1)
|| SSL_set_fd(appclient->ssl, appclient->fd) != 1
#endif
)
return 1;
#ifdef WITH_SSL
SSL_set_connect_state(appclient->ssl);
#endif
return 0;
}
@ -258,10 +293,12 @@ void appclient_delete(AppClient * appclient)
appinterface_delete(appclient->interface);
if(appclient->fd != -1)
close(appclient->fd);
#ifdef WITH_SSL
if(appclient->ssl != NULL)
SSL_free(appclient->ssl);
if(appclient->ssl_ctx != NULL)
SSL_CTX_free(appclient->ssl_ctx);
#endif
free(appclient);
}

8
src/appinterface.c
View File

@ -24,7 +24,9 @@
#include <string.h>
#include <dlfcn.h>
#include <netinet/in.h>
#include <openssl/ssl.h>
#ifdef WITH_SSL
# include <openssl/ssl.h>
#endif
#include "System.h"
#include "appinterface.h"
@ -115,7 +117,9 @@ static int _new_vfs(AppInterface * appinterface);
AppInterface * appinterface_new(char const * app)
{
#ifdef WITH_SSL
static int ssl_init = 0;
#endif
AppInterface * appinterface;
/* FIXME read this from available Servers configuration, or imagine a
* solution to negociate it directly */
@ -132,12 +136,14 @@ AppInterface * appinterface_new(char const * app)
};
size_t i;
#ifdef WITH_SSL
if(ssl_init == 0)
{
SSL_library_init();
SSL_load_error_strings();
ssl_init = 1;
}
#endif
#ifdef DEBUG
fprintf(stderr, "%s%s%s", "appinterface_new(", app, ");\n");
#endif

68
src/appserver.c
View File

@ -25,10 +25,12 @@
#endif
#include <string.h>
#include <netinet/in.h>
#include <openssl/ssl.h>
#ifdef WITH_SSL
# include <openssl/ssl.h>
#endif
#include "System.h"
#include "appinterface.h"
#include "../config.h"
@ -52,7 +54,9 @@ typedef struct _AppServerClient
size_t buf_read_cnt;
char buf_write[ASC_BUFSIZE];
size_t buf_write_cnt;
#ifdef WITH_SSL
SSL * ssl;
#endif
} AppServerClient;
@ -61,7 +65,11 @@ typedef struct _AppServerClient
static void _appserverclient_delete(AppServerClient * appserverclient);
static AppServerClient * _appserverclient_new(int fd, uint32_t addr,
uint16_t port, SSL_CTX * ssl_ctx)
uint16_t port
#ifdef WITH_SSL
, SSL_CTX * ssl_ctx
#endif
)
{
AppServerClient * asc;
@ -73,6 +81,7 @@ static AppServerClient * _appserverclient_new(int fd, uint32_t addr,
asc->port = port;
asc->buf_read_cnt = 0;
asc->buf_write_cnt = 0;
#ifdef WITH_SSL
if((asc->ssl = SSL_new(ssl_ctx)) == NULL
|| SSL_set_fd(asc->ssl, fd) != 1)
{
@ -80,6 +89,7 @@ static AppServerClient * _appserverclient_new(int fd, uint32_t addr,
return NULL;
}
SSL_set_accept_state(asc->ssl);
#endif
asc->fd = fd;
return asc;
}
@ -89,8 +99,10 @@ static AppServerClient * _appserverclient_new(int fd, uint32_t addr,
static void _appserverclient_delete(AppServerClient * appserverclient)
{
/* FIXME find a way to properly report error */
#ifdef WITH_SSL
if(appserverclient->ssl != NULL)
SSL_free(appserverclient->ssl);
#endif
if(appserverclient->fd != -1)
close(appserverclient->fd);
free(appserverclient);
@ -106,7 +118,9 @@ struct _AppServer
AppInterface * interface;
Event * event;
int event_free;
#ifdef WITH_SSL
SSL_CTX * ssl_ctx;
#endif
AppServerClientArray * clients;
};
@ -116,7 +130,7 @@ static int _appserver_accept(int fd, AppServer * appserver);
static int _appserver_read(int fd, AppServer * appserver);
static int _appserver_write(int fd, AppServer * appserver);
/* _appserver_accept */
/* appserver_accept */
static int _appserver_accept(int fd, AppServer * appserver)
{
struct sockaddr_in sa;
@ -130,8 +144,11 @@ static int _appserver_accept(int fd, AppServer * appserver)
#endif
if((newfd = accept(fd, (struct sockaddr *)&sa, &sa_size)) == -1)
return 1;
if((asc = _appserverclient_new(newfd, sa.sin_addr.s_addr, sa.sin_port,
appserver->ssl_ctx)) == NULL)
if((asc = _appserverclient_new(newfd, sa.sin_addr.s_addr, sa.sin_port
#ifdef WITH_SSL
, appserver->ssl_ctx
#endif
)) == NULL)
{
/* FIXME report error */
close(newfd);
@ -144,8 +161,15 @@ static int _appserver_accept(int fd, AppServer * appserver)
}
/* _appserver_read */
/* appserver_read */
#ifdef WITH_SSL
# define READ(fd, asc, len) SSL_read(asc->ssl, \
&asc->buf_read[asc->buf_read_cnt], len)
#else
# define READ(fd, asc, len) read(fd, &asc->buf_read[asc->buf_read_cnt], len)
#endif
static int _read_process(AppServer * appserver, AppServerClient * asc);
static int _appserver_read(int fd, AppServer * appserver)
{
AppServerClient * asc = NULL;
@ -163,11 +187,11 @@ static int _appserver_read(int fd, AppServer * appserver)
if(asc == NULL)
return 1;
if((len = sizeof(asc->buf_read) - asc->buf_read_cnt) <= 0
|| (len = SSL_read(asc->ssl,
&asc->buf_read[asc->buf_read_cnt],
len)) <= 0)
|| (len = READ(fd, asc, len)) <= 0)
{
#ifdef WITH_SSL
SSL_shutdown(asc->ssl);
#endif
/* FIXME do all this in appserverclient_delete() or something
* like appserver_remove_client() */
if(asc->buf_write_cnt > 0)
@ -199,6 +223,7 @@ static int _read_process(AppServer * appserver, AppServerClient * asc)
}
static int _appserver_receive(AppServer * appserver, AppServerClient * asc);
static int _read_logged(AppServer * appserver, AppServerClient * asc)
{
if(_appserver_receive(appserver, asc) != 0)
@ -234,7 +259,13 @@ static int _appserver_receive(AppServer * appserver, AppServerClient * asc)
}
/* _appserver_write */
/* appserver_write */
#ifdef WITH_SSL
# define WRITE(fd, asc) SSL_write(asc->ssl, asc->buf_write, asc->buf_write_cnt)
#else
# define WRITE(fd, asc) write(fd, asc->buf_write, asc->buf_write_cnt)
#endif
static int _appserver_write(int fd, AppServer * appserver)
{
AppServerClient * asc;
@ -255,9 +286,7 @@ static int _appserver_write(int fd, AppServer * appserver)
#ifdef DEBUG
fprintf(stderr, "sending result: %zu long\n", asc->buf_write_cnt);
#endif
if(asc->buf_write_cnt == 0
|| (len = SSL_write(asc->ssl, asc->buf_write,
asc->buf_write_cnt)) <= 0)
if(asc->buf_write_cnt == 0 || (len = WRITE(fd, asc)) <= 0)
return 1; /* FIXME what here?!? */
memmove(asc->buf_write, &asc->buf_write[len], len);
asc->buf_write_cnt-=len;
@ -295,21 +324,26 @@ static int _new_server(AppServer * appserver, int options);
AppServer * appserver_new_event(char const * app, int options, Event * event)
{
AppServer * appserver;
#ifdef WITH_SSL
char crt[256];
if(snprintf(crt, sizeof(crt), "%s%s%s", PREFIX "/etc/AppServer/", app,
".crt") >= sizeof(crt))
return NULL;
#endif
if((appserver = malloc(sizeof(AppServer))) == NULL)
return NULL;
appserver->interface = NULL;
appserver->event = event;
appserver->event_free = 0;
#ifdef WITH_SSL
appserver->ssl_ctx = NULL;
#endif
if((appserver->clients = AppServerClientarray_new()) == NULL
|| (appserver->interface = appinterface_new_server(app))
== NULL
|| _new_server(appserver, options) != 0
#ifdef WITH_SSL
|| (appserver->ssl_ctx = SSL_CTX_new(
SSLv3_server_method())) == NULL
|| SSL_CTX_set_cipher_list(appserver->ssl_ctx,
@ -317,7 +351,9 @@ AppServer * appserver_new_event(char const * app, int options, Event * event)
|| SSL_CTX_use_certificate_file(appserver->ssl_ctx, crt,
SSL_FILETYPE_PEM) == 0
|| SSL_CTX_use_PrivateKey_file(appserver->ssl_ctx, crt,
SSL_FILETYPE_PEM) == 0)
SSL_FILETYPE_PEM) == 0
#endif
)
{
appserver_delete(appserver);
return NULL;
@ -356,8 +392,10 @@ void appserver_delete(AppServer * appserver)
if(appserver->event_free)
event_delete(appserver->event);
array_delete(appserver->clients);
#ifdef WITH_SSL
if(appserver->ssl_ctx != NULL)
SSL_CTX_free(appserver->ssl_ctx);
#endif
free(appserver);
}

2
src/project.conf
View File

@ -12,4 +12,4 @@ sources=appclient.c,appinterface.c,appserver.c,array.c,buffer.c,config.c,event.c
depends=appinterface.h
[appserver.c]
depends=appinterface.h
depends=appinterface.h,../config.h