TLS work. Not done.
This commit is contained in:
parent
e6c1e9db0d
commit
43a24b900a
@ -5,15 +5,15 @@
|
||||
|
||||
namespace core {
|
||||
|
||||
ConsoleServer::ConsoleServer(EPoll &ePoll, IPAddress address) : TCPServer(ePoll, address) {
|
||||
coreutils::Log(this);
|
||||
}
|
||||
|
||||
ConsoleServer::ConsoleServer(EPoll &ePoll, IPAddress address) : TLSServer(ePoll, address) {
|
||||
coreutils::Log(this);
|
||||
}
|
||||
|
||||
void ConsoleServer::logSend(std::string out) {
|
||||
for(auto *session : sessions)
|
||||
((ConsoleSession *)session)->writeLog(out);
|
||||
}
|
||||
|
||||
|
||||
TCPSession * ConsoleServer::getSocketAccept(EPoll &ePoll) {
|
||||
return new ConsoleSession(ePoll, *this);
|
||||
}
|
||||
|
||||
@ -2,9 +2,10 @@
|
||||
#define __ConsoleServer_h__
|
||||
|
||||
#include "includes"
|
||||
#include "TCPServer.h"
|
||||
#include "TLSServer.h"
|
||||
#include "Command.h"
|
||||
#include "EPoll.h"
|
||||
#include "LogListener.h"
|
||||
|
||||
namespace core {
|
||||
|
||||
@ -15,7 +16,7 @@ namespace core {
|
||||
///
|
||||
///
|
||||
|
||||
class ConsoleServer : public TCPServer, coreutils::LogListener {
|
||||
class ConsoleServer : public TLSServer, public coreutils::LogListener {
|
||||
|
||||
public:
|
||||
|
||||
|
||||
@ -7,7 +7,6 @@ namespace core {
|
||||
|
||||
Socket::Socket(EPoll &ePoll) : ePoll(ePoll) {
|
||||
coreutils::Log(coreutils::LOG_DEBUG_2) << "BMASocket object created.";
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "Buffer size set to default (4096).";
|
||||
buffer = (char *)malloc(4096);
|
||||
length = 4096;
|
||||
}
|
||||
@ -23,15 +22,12 @@ namespace core {
|
||||
if(descriptor < 3)
|
||||
throw coreutils::Exception("Descriptor out of range", __FILE__, __LINE__);
|
||||
this->descriptor = descriptor;
|
||||
onTLSInit();
|
||||
}
|
||||
|
||||
int Socket::getDescriptor() {
|
||||
return descriptor;
|
||||
}
|
||||
|
||||
void Socket::onTLSInit() {}
|
||||
|
||||
void Socket::setBufferSize(int length) {
|
||||
buffer = (char *)realloc(buffer, length);
|
||||
this->length = length;
|
||||
@ -42,7 +38,7 @@ namespace core {
|
||||
}
|
||||
|
||||
void Socket::onUnregistered() {
|
||||
// onDisconnected();
|
||||
|
||||
}
|
||||
|
||||
void Socket::eventReceived(struct epoll_event event) {
|
||||
|
||||
2
Socket.h
2
Socket.h
@ -109,8 +109,6 @@ namespace core {
|
||||
|
||||
virtual void onConnected(); ///< Called when socket is open and ready to communicate.
|
||||
|
||||
virtual void onTLSInit();
|
||||
|
||||
///
|
||||
///
|
||||
///
|
||||
|
||||
@ -11,16 +11,16 @@ namespace core {
|
||||
int yes = 1;
|
||||
setsockopt(getDescriptor(), SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int));
|
||||
if(bind(getDescriptor(), address.getPointer(), address.addressLength) < 0)
|
||||
throw coreutils::Exception("Error on bind to socket: " + std::to_string(errno));
|
||||
throw coreutils::Exception("Error on bind to socket: " + std::to_string(errno));
|
||||
if(listen(getDescriptor(), 10) < 0)
|
||||
throw coreutils::Exception("Error on listen to socket");
|
||||
throw coreutils::Exception("Error on listen to socket");
|
||||
ePoll.registerSocket(this);
|
||||
}
|
||||
|
||||
|
||||
TCPServer::~TCPServer() {
|
||||
close(getDescriptor());
|
||||
}
|
||||
|
||||
|
||||
void TCPServer::onDataReceived(std::string data) {
|
||||
TCPSession *session = accept();
|
||||
if(session) sessions.push_back(session);
|
||||
@ -29,24 +29,24 @@ namespace core {
|
||||
TCPSession * TCPServer::accept() {
|
||||
TCPSession *session = getSocketAccept(ePoll);
|
||||
session->setDescriptor(::accept(getDescriptor(), (struct sockaddr *)&session->ipAddress.addr, &session->ipAddress.addressLength));
|
||||
|
||||
// if(blackList && blackList->contains(session->ipAddress.getClientAddress())) {
|
||||
// session->shutdown();
|
||||
// Log(LOG_WARN) << "Client at IP address " << session->ipAddress.getClientAddress() << " is blacklisted and was denied a connection.";
|
||||
// return NULL;
|
||||
// }
|
||||
//
|
||||
// if(whiteList && !whiteList->contains(session->ipAddress.getClientAddress())) {
|
||||
// session->shutdown();
|
||||
// Log(LOG_WARN) << "Client at IP address " << session->ipAddress.getClientAddress() << " is not authorized and was denied a connection.";
|
||||
// return NULL;
|
||||
// }
|
||||
|
||||
// if(blackList && blackList->contains(session->ipAddress.getClientAddress())) {
|
||||
// session->shutdown();
|
||||
// Log(LOG_WARN) << "Client at IP address " << session->ipAddress.getClientAddress() << " is blacklisted and was denied a connection.";
|
||||
// return NULL;
|
||||
// }
|
||||
//
|
||||
// if(whiteList && !whiteList->contains(session->ipAddress.getClientAddress())) {
|
||||
// session->shutdown();
|
||||
// Log(LOG_WARN) << "Client at IP address " << session->ipAddress.getClientAddress() << " is not authorized and was denied a connection.";
|
||||
// return NULL;
|
||||
// }
|
||||
//
|
||||
ePoll.registerSocket(session);
|
||||
coreutils::Log(coreutils::LOG_DEBUG_2) << "Session started on socket " << session->getDescriptor() << ".";
|
||||
return session;
|
||||
}
|
||||
|
||||
|
||||
void TCPServer::removeFromSessionList(TCPSession *session) {
|
||||
std::vector<TCPSession *>::iterator cursor;
|
||||
for(cursor = sessions.begin(); cursor < sessions.end(); ++cursor)
|
||||
|
||||
@ -7,13 +7,17 @@
|
||||
namespace core {
|
||||
|
||||
static pthread_mutex_t *lockarray;
|
||||
|
||||
static unsigned long thread_id(void) {
|
||||
return ((unsigned long) pthread_self());
|
||||
}
|
||||
|
||||
//static void lock_callback(int mode, int type, const char *file, int line) {
|
||||
// if(mode & CRYPTO_LOCK)
|
||||
// pthread_mutex_lock(&(lockarray[type]));
|
||||
// else
|
||||
// pthread_mutex_unlock(&(lockarray[type]));
|
||||
//}
|
||||
static void lock_callback(int mode, int type, const char *file, int line) {
|
||||
if(mode & CRYPTO_LOCK)
|
||||
pthread_mutex_lock(&(lockarray[type]));
|
||||
else
|
||||
pthread_mutex_unlock(&(lockarray[type]));
|
||||
}
|
||||
|
||||
TLSServer::TLSServer(EPoll &ePoll, IPAddress address) : TCPServer(ePoll, address) {
|
||||
|
||||
@ -24,8 +28,8 @@ namespace core {
|
||||
for(int i = 0; i < CRYPTO_num_locks(); ++i)
|
||||
pthread_mutex_init(&(lockarray[i]), NULL);
|
||||
|
||||
// CRYPTO_set_id_callback((unsigned long (*)())thread_id);
|
||||
// CRYPTO_set_locking_callback((void ()(int, int, const char *, int))lock_callback);
|
||||
CRYPTO_set_id_callback((unsigned long (*)())thread_id);
|
||||
CRYPTO_set_locking_callback((void (*)(int, int, const char *, int))lock_callback);
|
||||
|
||||
SSLeay_add_ssl_algorithms();
|
||||
RAND_load_file("/dev/hwrng", 1024);
|
||||
|
||||
@ -42,10 +42,10 @@ namespace core {
|
||||
SSL_CTX *ctx;
|
||||
|
||||
private:
|
||||
|
||||
char *sip_cacert = (char *)"/home/barant/testkeys/certs/pbxca.crt";
|
||||
char *sip_cert = (char *)"/home/barant/testkeys/certs/pbxserver.crt";
|
||||
char *sip_key = (char *)"/home/barant/testkeys/certs/pbxserver.key";
|
||||
|
||||
char *sip_cacert = (char *)"../testkeys/certs/pbxca.crt";
|
||||
char *sip_cert = (char *)"../testkeys/certs/pbxserver.crt";
|
||||
char *sip_key = (char *)"../testkeys/certs/pbxserver.key";
|
||||
|
||||
};
|
||||
|
||||
|
||||
@ -25,54 +25,54 @@ namespace core {
|
||||
X509_free(ssl_client_cert);
|
||||
if(SSL_get_verify_result(ssl) != X509_V_OK)
|
||||
throw std::string("Certificate verification failed.");
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "Certificate verified successfully.";
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "Certificate verified successfully.";
|
||||
}
|
||||
else
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "No client certificate.";
|
||||
}
|
||||
|
||||
TLSSession::TLSSession(EPoll &ePoll, TCPServer &server) : TCPSession(ePoll, server) {}
|
||||
|
||||
// void TLSSession::init() {
|
||||
//
|
||||
// initialized = true;
|
||||
//
|
||||
// int ret;
|
||||
//
|
||||
// coreutils::Log(coreutils::LOG_DEBUG_3) << "TLS socket initializing...";
|
||||
//
|
||||
// fcntl(getDescriptor(), F_SETFL, fcntl(getDescriptor(), F_GETFL, 0) | O_NONBLOCK);
|
||||
//
|
||||
// if(!(ssl = SSL_new(((TLSService &)service).ctx)))
|
||||
// throw std::string("Error creating new TLS socket.");
|
||||
//
|
||||
// SSL_set_info_callback(ssl, handshake_complete);
|
||||
//
|
||||
// if((ret = SSL_set_fd(ssl, getDescriptor())) == 0)
|
||||
// throw std::string("Error setting TLS socket descriptor.");
|
||||
//
|
||||
//// if(!SSL_set_generate_session_id(ssl, generate_session_id))
|
||||
//// throw std::string("Error setting session identifier callback.");
|
||||
//
|
||||
// switch (SSL_get_error(ssl, SSL_accept(ssl))) {
|
||||
// case SSL_ERROR_SSL:
|
||||
// coreutils::Log(coreutils::LOG_DEBUG_3) << "ERROR_SSL on ssl_accept. errno=" << errno;
|
||||
// break;
|
||||
// case SSL_ERROR_WANT_READ:
|
||||
// coreutils::Log(coreutils::LOG_DEBUG_3) << "ERROR_WANT_READ on ssl_accept.";
|
||||
// break;
|
||||
// case SSL_ERROR_WANT_WRITE:
|
||||
// coreutils::Log(coreutils::LOG_DEBUG_3) << "ERROR_WANT_WRITE on ssl_accept.";
|
||||
// break;
|
||||
// case SSL_ERROR_SYSCALL:
|
||||
// coreutils::Log(coreutils::LOG_DEBUG_3) << "ERROR_SYSCALL on ssl_accept. errno=" << errno;
|
||||
// shutdown();
|
||||
// break;
|
||||
// default:
|
||||
// coreutils::Log(coreutils::LOG_DEBUG_3) << "Unknown ERROR on ssl_accept.";
|
||||
// break;
|
||||
// }
|
||||
// }
|
||||
TLSSession::TLSSession(EPoll &ePoll, TCPServer &server) : TCPSession(ePoll, server) {
|
||||
|
||||
initialized = true;
|
||||
|
||||
int ret;
|
||||
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "TLS socket initializing on socket " << getDescriptor() << "...";
|
||||
|
||||
fcntl(getDescriptor(), F_SETFL, fcntl(getDescriptor(), F_GETFL, 0) | O_NONBLOCK);
|
||||
|
||||
ssl = SSL_new(static_cast<TLSServer &>(server).ctx);
|
||||
if(ssl <= 0)
|
||||
throw std::string("Error creating new TLS socket.");
|
||||
|
||||
SSL_set_info_callback(ssl, handshake_complete);
|
||||
|
||||
if((ret = SSL_set_fd(ssl, getDescriptor())) == 0)
|
||||
throw std::string("Error setting TLS socket descriptor.");
|
||||
|
||||
if(!SSL_set_generate_session_id(ssl, generate_session_id))
|
||||
throw std::string("Error setting session identifier callback.");
|
||||
|
||||
switch (SSL_get_error(ssl, SSL_accept(ssl))) {
|
||||
case SSL_ERROR_SSL:
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "ERROR_SSL on ssl_accept. errno=" << errno;
|
||||
break;
|
||||
case SSL_ERROR_WANT_READ:
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "ERROR_WANT_READ on ssl_accept.";
|
||||
break;
|
||||
case SSL_ERROR_WANT_WRITE:
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "ERROR_WANT_WRITE on ssl_accept.";
|
||||
break;
|
||||
case SSL_ERROR_SYSCALL:
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "ERROR_SYSCALL on ssl_accept. errno=" << errno;
|
||||
shutdown();
|
||||
break;
|
||||
default:
|
||||
coreutils::Log(coreutils::LOG_DEBUG_3) << "Unknown ERROR on ssl_accept.";
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
TLSSession::~TLSSession() {
|
||||
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
#include "TerminalSession.h"
|
||||
|
||||
namespace core {
|
||||
|
||||
TerminalSession::TerminalSession(EPoll &ePoll, TCPServer &server) : TCPSession(ePoll, server) {
|
||||
|
||||
TerminalSession::TerminalSession(EPoll &ePoll, TCPServer &server) : TLSSession(ePoll, server) {
|
||||
}
|
||||
|
||||
TerminalSession::~TerminalSession() {
|
||||
@ -10,8 +10,8 @@ namespace core {
|
||||
|
||||
int TerminalSession::getLines() {
|
||||
struct winsize size;
|
||||
ioctl(getDescriptor(), TIOCGWINSZ, &size);
|
||||
return size.ws_row;
|
||||
ioctl(getDescriptor(), TIOCGWINSZ, &size);
|
||||
return size.ws_row;
|
||||
}
|
||||
|
||||
void TerminalSession::clear() {
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
#define __Terminal_h__
|
||||
|
||||
#include "includes"
|
||||
#include "TCPSession.h"
|
||||
#include "TLSSession.h"
|
||||
#include "TCPServer.h"
|
||||
|
||||
namespace core {
|
||||
@ -27,7 +27,7 @@ namespace core {
|
||||
|
||||
static const char esc = 0x1b;
|
||||
|
||||
class TerminalSession : public TCPSession {
|
||||
class TerminalSession : public TLSSession {
|
||||
|
||||
public:
|
||||
TerminalSession(EPoll &ePoll, TCPServer &server);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user