int main(int argc, char *argv[]) { int n; static const char dots[] = "......................"; /* get basename(argv[0]) */ test_suite = strrchr(argv[0], '/'); if (test_suite == NULL) { test_suite = argv[0]; } else { test_suite++; } #ifdef HAVE_SETLOCALE setlocale(LC_MESSAGES, ""); #endif ne_i18n_init(NULL); #if defined(HAVE_ISATTY) && defined(STDOUT_FILENO) if (isatty(STDOUT_FILENO)) { use_colour = 1; } #endif test_argc = argc; test_argv = argv; debug = fopen("debug.log", "a"); if (debug == NULL) { fprintf(stderr, "%s: Could not open debug.log: %s\n", test_suite, strerror(errno)); return -1; } child_debug = fopen("child.log", "a"); if (child_debug == NULL) { fprintf(stderr, "%s: Could not open child.log: %s\n", test_suite, strerror(errno)); fclose(debug); return -1; } if (tests[0].fn == NULL) { printf("-> no tests found in `%s'\n", test_suite); return -1; } /* install special SEGV handler. */ signal(SIGSEGV, parent_segv); signal(SIGABRT, parent_segv); /* test the "no-debugging" mode of ne_debug. */ ne_debug_init(NULL, 0); NE_DEBUG(TEST_DEBUG, "This message should go to /dev/null"); /* enable debugging for real. */ ne_debug_init(debug, TEST_DEBUG); NE_DEBUG(TEST_DEBUG | NE_DBG_FLUSH, "Version string: %s\n", ne_version_string()); /* another silly test. */ NE_DEBUG(0, "This message should also go to /dev/null"); if (ne_sock_init()) { COL("43;01"); printf("WARNING:"); NOCOL; printf(" Socket library initalization failed.\n"); } printf("-> running `%s':\n", test_suite); for (n = 0; !aborted && tests[n].fn != NULL; n++) { int result, is_xfail = 0; #ifdef NEON_MEMLEAK size_t allocated = ne_alloc_used; int is_xleaky = 0; #endif test_name = tests[n].name; printf("%2d. %s%.*s ", n, test_name, (int) (strlen(dots) - strlen(test_name)), dots); have_context = 0; test_num = n; warned = 0; fflush(stdout); NE_DEBUG(TEST_DEBUG, "******* Running test %d: %s ********\n", n, test_name); /* run the test. */ result = tests[n].fn(); #ifdef NEON_MEMLEAK /* issue warnings for memory leaks, if requested */ if ((tests[n].flags & T_CHECK_LEAKS) && result == OK && ne_alloc_used > allocated) { t_context("memory leak of %" NE_FMT_SIZE_T " bytes", ne_alloc_used - allocated); fprintf(debug, "Blocks leaked: "); ne_alloc_dump(debug); result = FAIL; } else if (tests[n].flags & T_EXPECT_LEAKS && result == OK && ne_alloc_used == allocated) { t_context("expected memory leak not detected"); result = FAIL; } else if (tests[n].flags & T_EXPECT_LEAKS && result == OK) { fprintf(debug, "Blocks leaked (expected): "); ne_alloc_dump(debug); is_xleaky = 1; } #endif if (tests[n].flags & T_EXPECT_FAIL) { if (result == OK) { t_context("test passed but expected failure"); result = FAIL; } else if (result == FAIL) { result = OK; is_xfail = 1; } } /* align the result column if we've had warnings. */ if (warned) { printf(" %s ", dots); } switch (result) { case OK: if (is_xfail) { COL("32;07"); printf("xfail"); } else { COL("32"); printf("pass"); } NOCOL; if (warned) { printf(" (with %d warning%s)", warned, (warned > 1)?"s":""); } #ifdef NEON_MEMLEAK if (is_xleaky) { printf(" (with expected leak, %" NE_FMT_SIZE_T " bytes)", ne_alloc_used - allocated); } #endif putchar('\n'); passes++; break; case FAILHARD: aborted = 1; /* fall-through */ case FAIL: COL("41;37;01"); printf("FAIL"); NOCOL; if (have_context) { printf(" (%s)", test_context); } putchar('\n'); fails++; break; case SKIPREST: aborted = 1; /* fall-through */ case SKIP: COL("44;37;01"); printf("SKIPPED"); NOCOL; if (have_context) { printf(" (%s)", test_context); } putchar('\n'); skipped++; break; default: COL("41;37;01"); printf("OOPS"); NOCOL; printf(" unexpected test result `%d'\n", result); break; } reap_server(); } /* discount skipped tests */ if (skipped) { printf("-> %d %s.\n", skipped, skipped==1?"test was skipped":"tests were skipped"); n -= skipped; if (passes + fails != n) { printf("-> ARGH! Number of test results does not match " "number of tests.\n" "-> ARGH! Test Results are INRELIABLE.\n"); } } /* print the summary. */ if (skipped && n == 0) { printf("<- all tests skipped for `%s'.\n", test_suite); } else { printf("<- summary for `%s': " "of %d tests run: %d passed, %d failed. %.1f%%\n", test_suite, n, passes, fails, 100*(float)passes/n); if (warnings) { printf("-> %d warning%s issued.\n", warnings, warnings==1?" was":"s were"); } } if (fclose(debug)) { fprintf(stderr, "Error closing debug.log: %s\n", strerror(errno)); fails = 1; } if (fclose(child_debug)) { fprintf(stderr, "Error closing child.log: %s\n", strerror(errno)); fails = 1; } ne_sock_exit(); return fails; }
int serve_file(ne_socket *sock, void *ud) { char buffer[BUFSIZ]; struct stat st; struct serve_file_args *args = ud; ssize_t ret; int fd; CALL(discard_request(sock)); ne_sock_fullread(sock, buffer, clength); fd = open(args->fname, O_RDONLY); if (fd < 0) { SEND_STRING(sock, "HTTP/1.0 404 File Not Found\r\n" "Content-Length: 0\r\n\r\n"); return 0; } ONN("fstat fd", fstat(fd, &st)); SEND_STRING(sock, "HTTP/1.0 200 OK\r\n"); if (args->chunks) { sprintf(buffer, "Transfer-Encoding: chunked\r\n"); } else { sprintf(buffer, "Content-Length: %" NE_FMT_OFF_T "\r\n", st.st_size); } if (args->headers) { strcat(buffer, args->headers); } strcat(buffer, "\r\n"); SEND_STRING(sock, buffer); NE_DEBUG(NE_DBG_HTTP, "Serving %s (%" NE_FMT_OFF_T " bytes).\n", args->fname, st.st_size); if (args->chunks) { char buf[1024]; while ((ret = read(fd, &buf, args->chunks)) > 0) { /* this is a small integer, cast it explicitly to avoid * warnings with printing an ssize_t. */ sprintf(buffer, "%x\r\n", (unsigned int)ret); SEND_STRING(sock, buffer); ONN("writing body", ne_sock_fullwrite(sock, buf, ret)); SEND_STRING(sock, "\r\n"); } SEND_STRING(sock, "0\r\n\r\n"); } else { while ((ret = read(fd, buffer, BUFSIZ)) > 0) { ONN("writing body", ne_sock_fullwrite(sock, buffer, ret)); } } ONN("error reading from file", ret < 0); (void) close(fd); return OK; }
/* Callback which is passed blocks of the response body. */ static int gz_reader(void *ud, const char *buf, size_t len) { ne_decompress *ctx = ud; NE_DEBUG_WINSCP_CONTEXT(ctx->session); const char *zbuf; size_t count; const char *hdr; if (len == 0) { /* End of response: */ switch (ctx->state) { case NE_Z_BEFORE_DATA: hdr = ne_get_response_header(ctx->request, "Content-Encoding"); if (hdr && ne_strcasecmp(hdr, "gzip") == 0) { /* response was truncated: return error. */ break; } /* else, fall through */ case NE_Z_FINISHED: /* complete gzip response */ case NE_Z_PASSTHROUGH: /* complete uncompressed response */ return ctx->reader(ctx->userdata, buf, 0); default: /* invalid state: truncated response. */ break; } /* else: truncated response, fail. */ ne_set_error(ctx->session, "Compressed response was truncated"); return NE_ERROR; } switch (ctx->state) { case NE_Z_PASSTHROUGH: /* move along there. */ return ctx->reader(ctx->userdata, buf, len); case NE_Z_FINISHED: /* Could argue for tolerance, and ignoring trailing content; * but it could mean something more serious. */ if (len > 0) { ne_set_error(ctx->session, "Unexpected content received after compressed stream"); return NE_ERROR; } break; case NE_Z_BEFORE_DATA: /* work out whether this is a compressed response or not. */ hdr = ne_get_response_header(ctx->request, "Content-Encoding"); if (hdr && ne_strcasecmp(hdr, "gzip") == 0) { int ret; NE_DEBUG(NE_DBG_HTTP, "compress: got gzipped stream.\n"); /* inflateInit2() works here where inflateInit() doesn't. */ ret = inflateInit2(&ctx->zstr, -MAX_WBITS); if (ret != Z_OK) { set_zlib_error(ctx, _("Could not initialize zlib"), ret); return -1; } ctx->zstrinit = 1; } else { /* No Content-Encoding header: pass it on. TODO: we could * hack it and register the real callback now. But that * would require add_resp_body_rdr to have defined * ordering semantics etc etc */ ctx->state = NE_Z_PASSTHROUGH; return ctx->reader(ctx->userdata, buf, len); } ctx->state = NE_Z_IN_HEADER; /* FALLTHROUGH */ case NE_Z_IN_HEADER: /* copy as many bytes as possible into the buffer. */ if (len + ctx->hdrcount > 10) { count = 10 - ctx->hdrcount; } else { count = len; } memcpy(ctx->header + ctx->hdrcount, buf, count); ctx->hdrcount += count; /* have we got the full header yet? */ if (ctx->hdrcount != 10) { return 0; } buf += count; len -= count; switch (parse_header(ctx)) { case HDR_EXTENDED: if (len == 0) return 0; break; case HDR_ERROR: return NE_ERROR; case HDR_DONE: if (len > 0) { return do_inflate(ctx, buf, len); } break; } /* FALLTHROUGH */ case NE_Z_POST_HEADER: /* eating the filename string. */ zbuf = memchr(buf, '\0', len); if (zbuf == NULL) { /* not found it yet. */ return 0; } NE_DEBUG(NE_DBG_HTTP, "compresss: skipped %" NE_FMT_SIZE_T " header bytes.\n", zbuf - buf); /* found end of string. */ len -= (1 + zbuf - buf); buf = zbuf + 1; ctx->state = NE_Z_INFLATING; if (len == 0) { /* end of string was at end of buffer. */ return 0; } /* FALLTHROUGH */ case NE_Z_INFLATING: return do_inflate(ctx, buf, len); case NE_Z_AFTER_DATA: return process_footer(ctx, (unsigned char *)buf, len); } return 0; }
int spawn_server_repeat(int port, server_fn fn, void *userdata, int n) { int fds[2]; #ifdef USE_PIPE if (pipe(fds)) { perror("spawn_server: pipe"); return FAIL; } #else /* avoid using uninitialized variable. */ fds[0] = fds[1] = 0; #endif child = fork(); if (child == 0) { /* this is the child. */ int listener, count = 0; in_child(); listener = do_listen(lh_addr, port); #ifdef USE_PIPE if (write(fds[1], "Z", 1) != 1) abort(); #endif close(fds[1]); close(fds[0]); /* Loop serving requests. */ while (++count < n) { ne_socket *sock = ne_sock_create(); int ret; NE_DEBUG(NE_DBG_HTTP, "child awaiting connection #%d.\n", count); ONN("accept failed", ne_sock_accept(sock, listener)); ret = fn(sock, userdata); close_socket(sock); NE_DEBUG(NE_DBG_HTTP, "child served request, %d.\n", ret); if (ret) { printf("server child failed: %s\n", test_context); exit(-1); } /* don't send back notification to parent more than * once. */ } NE_DEBUG(NE_DBG_HTTP, "child aborted.\n"); close(listener); exit(-1); } else { char ch; /* this is the parent. wait for the child to get ready */ #ifdef USE_PIPE if (read(fds[0], &ch, 1) < 0) perror("parent read"); close(fds[0]); close(fds[1]); #else minisleep(); #endif } return OK; }
ssize_t server_send(ne_socket *sock, const char *str, size_t len) { NE_DEBUG(NE_DBG_HTTP, "Sending: %.*s\n", (int)len, str); return ne_sock_fullwrite(sock, str, len); }
/* Return the certificate chain sent by the peer, or NULL on error. */ static ne_ssl_certificate *make_peers_chain(gnutls_session sock, gnutls_certificate_credentials crd) { ne_ssl_certificate *current = NULL, *top = NULL; const gnutls_datum *certs; unsigned int n, count; ne_ssl_certificate *cert; certs = gnutls_certificate_get_peers(sock, &count); if (!certs) { return NULL; } NE_DEBUG(NE_DBG_SSL, "ssl: Got %u certs in peer chain.\n", count); for (n = 0; n < count; n++) { gnutls_x509_crt x5; if (gnutls_x509_crt_init(&x5) || gnutls_x509_crt_import(x5, &certs[n], GNUTLS_X509_FMT_DER)) { if (top) { ne_ssl_cert_free(top); } return NULL; } cert = populate_cert(ne_calloc(sizeof *cert), x5); if (top == NULL) { current = top = cert; } else { current->issuer = cert; current = cert; } } #ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS /* GnuTLS only returns the peers which were *sent* by the server * in the Certificate list during the handshake. Fill in the * complete chain manually against the certs we trust: */ if (current->issuer == NULL) { gnutls_x509_crt issuer; gnutls_x509_crt *ca_list; unsigned int num_cas; gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); do { /* Look up the issuer. */ issuer = find_issuer(ca_list, num_cas, current->subject); if (issuer) { issuer = x509_crt_copy(issuer); cert = populate_cert(ne_calloc(sizeof *cert), issuer); /* Check that the issuer does not match the current * cert. */ if (ne_ssl_cert_cmp(current, cert)) { current = current->issuer = cert; } else { ne_ssl_cert_free(cert); issuer = NULL; } } } while (issuer); } #endif return top; }
/* Check certificate identity. Returns zero if identity matches; 1 if * identity does not match, or <0 if the certificate had no identity. * If 'identity' is non-NULL, store the malloc-allocated identity in * *identity. Logic specified by RFC 2818 and RFC 3280. */ static int check_identity(const ne_uri *server, X509 *cert, char **identity) { STACK_OF(GENERAL_NAME) *names; int match = 0, found = 0; const char *hostname; hostname = server ? server->host : ""; names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); if (names) { int n; /* subjectAltName contains a sequence of GeneralNames */ for (n = 0; n < sk_GENERAL_NAME_num(names) && !match; n++) { GENERAL_NAME *nm = sk_GENERAL_NAME_value(names, n); /* handle dNSName and iPAddress name extensions only. */ if (nm->type == GEN_DNS) { char *name = dup_ia5string(nm->d.ia5); if (identity && !found) *identity = ne_strdup(name); match = ne__ssl_match_hostname(name, strlen(name), hostname); free(name); found = 1; } else if (nm->type == GEN_IPADD) { /* compare IP address with server IP address. */ ne_inet_addr *ia; if (nm->d.ip->length == 4) ia = ne_iaddr_make(ne_iaddr_ipv4, nm->d.ip->data); else if (nm->d.ip->length == 16) ia = ne_iaddr_make(ne_iaddr_ipv6, nm->d.ip->data); else ia = NULL; /* ne_iaddr_make returns NULL if address type is unsupported */ if (ia != NULL) { /* address type was supported. */ char buf[128]; match = strcmp(hostname, ne_iaddr_print(ia, buf, sizeof buf)) == 0; found = 1; ne_iaddr_free(ia); } else { NE_DEBUG(NE_DBG_SSL, "iPAddress name with unsupported " "address type (length %d), skipped.\n", nm->d.ip->length); } } else if (nm->type == GEN_URI) { char *name = dup_ia5string(nm->d.ia5); ne_uri uri; if (ne_uri_parse(name, &uri) == 0 && uri.host && uri.scheme) { ne_uri tmp; if (identity && !found) *identity = ne_strdup(name); found = 1; if (server) { /* For comparison purposes, all that matters is * host, scheme and port; ignore the rest. */ memset(&tmp, 0, sizeof tmp); tmp.host = uri.host; tmp.scheme = uri.scheme; tmp.port = uri.port; match = ne_uri_cmp(server, &tmp) == 0; } } ne_uri_free(&uri); free(name); } } /* free the whole stack. */ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); } /* Check against the commonName if no DNS alt. names were found, * as per RFC3280. */ if (!found) { X509_NAME *subj = X509_get_subject_name(cert); X509_NAME_ENTRY *entry; ne_buffer *cname = ne_buffer_ncreate(30); int idx = -1, lastidx; /* find the most specific commonName attribute. */ do { lastidx = idx; idx = X509_NAME_get_index_by_NID(subj, NID_commonName, lastidx); } while (idx >= 0); if (lastidx < 0) { /* no commonName attributes at all. */ ne_buffer_destroy(cname); return -1; } /* extract the string from the entry */ entry = X509_NAME_get_entry(subj, lastidx); if (append_dirstring(cname, X509_NAME_ENTRY_get_data(entry))) { ne_buffer_destroy(cname); return -1; } if (identity) *identity = ne_strdup(cname->data); match = ne__ssl_match_hostname(cname->data, cname->used - 1, hostname); ne_buffer_destroy(cname); } NE_DEBUG(NE_DBG_SSL, "Identity match for '%s': %s\n", hostname, match ? "good" : "bad"); return match ? 0 : 1; }
/* Check certificate identity. Returns zero if identity matches; 1 if * identity does not match, or <0 if the certificate had no identity. * If 'identity' is non-NULL, store the malloc-allocated identity in * *identity. If 'server' is non-NULL, it must be the network address * of the server in use, and identity must be NULL. */ static int check_identity(const ne_uri *server, gnutls_x509_crt cert, char **identity) { char name[255]; unsigned int critical; int ret, seq = 0; int match = 0, found = 0; size_t len; const char *hostname; hostname = server ? server->host : ""; do { len = sizeof name - 1; ret = gnutls_x509_crt_get_subject_alt_name(cert, seq, name, &len, &critical); switch (ret) { case GNUTLS_SAN_DNSNAME: name[len] = '\0'; if (identity && !found) *identity = ne_strdup(name); match = ne__ssl_match_hostname(name, len, hostname); found = 1; break; case GNUTLS_SAN_IPADDRESS: { ne_inet_addr *ia; if (len == 4) ia = ne_iaddr_make(ne_iaddr_ipv4, (unsigned char *)name); else if (len == 16) ia = ne_iaddr_make(ne_iaddr_ipv6, (unsigned char *)name); else ia = NULL; if (ia) { char buf[128]; match = strcmp(hostname, ne_iaddr_print(ia, buf, sizeof buf)) == 0; if (identity) *identity = ne_strdup(buf); found = 1; ne_iaddr_free(ia); } else { NE_DEBUG(NE_DBG_SSL, "iPAddress name with unsupported " "address type (length %" NE_FMT_SIZE_T "), skipped.\n", len); } } break; case GNUTLS_SAN_URI: { ne_uri uri; name[len] = '\0'; if (ne_uri_parse(name, &uri) == 0 && uri.host && uri.scheme) { ne_uri tmp; if (identity && !found) *identity = ne_strdup(name); found = 1; if (server) { /* For comparison purposes, all that matters is * host, scheme and port; ignore the rest. */ memset(&tmp, 0, sizeof tmp); tmp.host = uri.host; tmp.scheme = uri.scheme; tmp.port = uri.port; match = ne_uri_cmp(server, &tmp) == 0; } } ne_uri_free(&uri); } break; default: break; } seq++; } while (!match && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); /* Check against the commonName if no DNS alt. names were found, * as per RFC3280. */ if (!found) { seq = oid_find_highest_index(cert, 1, GNUTLS_OID_X520_COMMON_NAME); if (seq >= 0) { len = sizeof name; name[0] = '\0'; ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, seq, 0, name, &len); if (ret == 0) { if (identity) *identity = ne_strdup(name); match = ne__ssl_match_hostname(name, len, hostname); } } else { return -1; } } if (*hostname) NE_DEBUG(NE_DBG_SSL, "ssl: Identity match for '%s': %s\n", hostname, match ? "good" : "bad"); return match ? 0 : 1; }
/* Callback invoked when the SSL server requests a client certificate. */ static int provide_client_cert(gnutls_session session, const gnutls_datum *req_ca_rdn, int nreqs, const gnutls_pk_algorithm *sign_algos, int sign_algos_length, gnutls_retr_st *st) { ne_session *sess = gnutls_session_get_ptr(session); if (!sess) { return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } NE_DEBUG(NE_DBG_SSL, "ssl: Client cert provider callback; %d CA names.\n", nreqs); if (!sess->client_cert && sess->ssl_provide_fn) { #ifdef HAVE_NEW_DN_API const ne_ssl_dname **dns; ne_ssl_dname *dnarray; unsigned dncount = 0; int n; dns = ne_malloc(nreqs * sizeof(ne_ssl_dname *)); dnarray = ne_calloc(nreqs * sizeof(ne_ssl_dname)); for (n = 0; n < nreqs; n++) { gnutls_x509_dn_t dn; if (gnutls_x509_dn_init(&dn) == 0) { dnarray[n].dn = dn; if (gnutls_x509_dn_import(dn, &req_ca_rdn[n]) == 0) { dns[dncount++] = &dnarray[n]; } else { gnutls_x509_dn_deinit(dn); } } } NE_DEBUG(NE_DBG_SSL, "ssl: Mapped %d CA names to %u DN objects.\n", nreqs, dncount); sess->ssl_provide_fn(sess->ssl_provide_ud, sess, dns, dncount); for (n = 0; n < nreqs; n++) { if (dnarray[n].dn) { gnutls_x509_dn_deinit(dnarray[n].dn); } } ne_free(dns); ne_free(dnarray); #else /* HAVE_NEW_DN_API */ /* Nothing to do here other than pretend no CA names were * given, and hope the caller can cope. */ sess->ssl_provide_fn(sess->ssl_provide_ud, sess, NULL, 0); #endif } if (sess->client_cert) { gnutls_certificate_type type = gnutls_certificate_type_get(session); if (type == GNUTLS_CRT_X509) { NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n"); st->type = type; st->ncerts = 1; st->cert.x509 = &sess->client_cert->cert.subject; st->key.x509 = sess->client_cert->pkey; /* tell GNU TLS not to deallocate the certs. */ st->deinit_all = 0; } else { return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } } else { NE_DEBUG(NE_DBG_SSL, "No client certificate supplied.\n"); st->ncerts = 0; sess->ssl_cc_requested = 1; return 0; } return 0; }
void select_ctree_cb(GtkCTree * ctree, GtkCTreeNode * node, gpointer data) { GtkCTreeNode *parent; struct site *current_site; struct site_file *current_file; void *data_to_get; struct ctree_attachment *actual_data; extern GtkWidget *main_area_box, *area_data; /* Make sure that any changes have been confirmed on the selected site, * before selected_site gets changed. This seems to get automatically done * by the signal handler. */ if (GTK_CTREE_ROW(node)->parent == NULL) { /* We're at the top level */ if ((data_to_get = gtk_ctree_node_get_row_data(GTK_CTREE(ctree), GTK_CTREE_NODE(node))) == NULL) { NE_DEBUG(DEBUG_GNOME, "\"Data get\" returned NULL. Oh dear.\n"); } actual_data = (struct ctree_attachment *) data_to_get; if (actual_data->file_or_site != IS_A_SITE) NE_DEBUG(DEBUG_GNOME, "Somehow you've clicked on a site, but ended up with file data!\n"); current_site = (struct site *) actual_data->info_struct; /* Make the data shared */ selected_site = current_site; current_site_node = node; NE_DEBUG (DEBUG_GNOME, "Removing widgets from main data area...\n"); gtk_container_remove(GTK_CONTAINER(main_area_box), area_data); NE_DEBUG (DEBUG_GNOME, "Building site info widgets...\n"); area_data = make_site_info_area(current_site); NE_DEBUG (DEBUG_GNOME, "Adding widgets to main data area..."); gtk_container_add(GTK_CONTAINER(main_area_box), area_data); NE_DEBUG (DEBUG_GNOME, "done.\n"); } else if (GTK_CTREE_ROW(node)->parent != NULL) { parent = GTK_CTREE_ROW(node)->parent; /* Grab the file data from that row */ if ((data_to_get = gtk_ctree_node_get_row_data(GTK_CTREE(ctree), GTK_CTREE_NODE(node))) == NULL) { NE_DEBUG(DEBUG_GNOME, "\"Data get\" for the file returned NULL. Oh dear.\n"); } actual_data = (struct ctree_attachment *) data_to_get; if (actual_data->file_or_site != IS_A_FILE) NE_DEBUG(DEBUG_GNOME, "Somehow you've clicked on a file, but ended up with site data!\n"); current_file = (struct site_file *) actual_data->info_struct; /* Grab the site data from the file's parent */ while (GTK_CTREE_ROW(parent)->parent != NULL) { parent = GTK_CTREE_ROW(parent)->parent; NE_DEBUG(DEBUG_GNOME, "Assigned parent to node->parent.\n"); } if ((data_to_get = gtk_ctree_node_get_row_data(GTK_CTREE(ctree), GTK_CTREE_NODE(parent))) == NULL) { NE_DEBUG(DEBUG_GNOME, "\"Data get\" for the file's parent returned NULL. Oh dear.\n"); } actual_data = (struct ctree_attachment *) data_to_get; if (actual_data->file_or_site != IS_A_SITE) NE_DEBUG(DEBUG_GNOME, "Somehow you've clicked on a file, but it's parent was a file too!?\n"); current_site = (struct site *) actual_data->info_struct; selected_site = current_site; current_site_node = parent; if (current_file == NULL) { gfe_status("Unable to access info about the selected file."); } else { /* This line is causing a mutex to deadlock. why....? */ NE_DEBUG (DEBUG_GNOME, "Removing widgets from main data area...\n"); gtk_container_remove(GTK_CONTAINER(main_area_box), area_data); NE_DEBUG (DEBUG_GNOME, "Making file info area...\n"); area_data = make_file_info_area(current_file); NE_DEBUG (DEBUG_GNOME, "Adding file info area to main area..."); gtk_container_add(GTK_CONTAINER(main_area_box), area_data); NE_DEBUG (DEBUG_GNOME, "done.\n"); } } else { g_warning("If you got to here, something is really buggered, quite frankly.\n"); } }
/* Check certificate identity. Returns zero if identity matches; 1 if * identity does not match, or <0 if the certificate had no identity. * If 'identity' is non-NULL, store the malloc-allocated identity in * *identity. If 'server' is non-NULL, it must be the network address * of the server in use, and identity must be NULL. */ static int check_identity(const char *hostname, gnutls_x509_crt cert, char **identity) { char name[255]; unsigned int critical; int ret, seq = 0; int match = 0, found = 0; size_t len; do { len = sizeof name; ret = gnutls_x509_crt_get_subject_alt_name(cert, seq, name, &len, &critical); switch (ret) { case GNUTLS_SAN_DNSNAME: if (identity && !found) *identity = ne_strdup(name); match = match_hostname(name, hostname); found = 1; break; case GNUTLS_SAN_IPADDRESS: { ne_inet_addr *ia; if (len == 4) ia = ne_iaddr_make(ne_iaddr_ipv4, (unsigned char *)name); else if (len == 16) ia = ne_iaddr_make(ne_iaddr_ipv6, (unsigned char *)name); else ia = NULL; if (ia) { char buf[128]; match = strcmp(hostname, ne_iaddr_print(ia, buf, sizeof buf)) == 0; if (identity) *identity = ne_strdup(buf); found = 1; ne_iaddr_free(ia); } else { NE_DEBUG(NE_DBG_SSL, "iPAddress name with unsupported " "address type (length %" NE_FMT_SIZE_T "), skipped.\n", len); } } break; default: break; } seq++; } while (!match && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); /* Check against the commonName if no DNS alt. names were found, * as per RFC3280. */ if (!found) { seq = oid_find_highest_index(cert, 1, GNUTLS_OID_X520_COMMON_NAME); if (seq >= 0) { len = sizeof name; name[0] = '\0'; ret = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, seq, 0, name, &len); if (ret == 0) { if (identity) *identity = ne_strdup(name); match = match_hostname(name, hostname); } } else { return -1; } } NE_DEBUG(NE_DBG_SSL, "Identity match: %s\n", match ? "good" : "bad"); return match ? 0 : 1; }
GNode *build_tree_from_site(struct site *a_site) { GNode *tree_root; struct site_node_data *tmp; struct site_file *current_dir, *current_file; NE_DEBUG(DEBUG_GNOME, "Called build_tree_from_site for site, %s.\n", a_site->name); /* If this site isn't perfect, then don't try and scan the directory. */ /*{ int ret = rc_verifysite(a_site); if ((ret == SITE_NOLOCALDIR) || (ret == SITE_ACCESSLOCALDIR)) return NULL; }*/ tmp = g_malloc0(sizeof(struct site_node_data)); tmp->name = "ROOT"; /* Create the root node. */ tree_root = g_node_new(tmp); /* For each dir in site->files, blah... */ NE_DEBUG(DEBUG_GNOME, "Created root node, about to enter directory loop...\n"); /* This is not very time efficient, but I'm not the one that dictates the * ordering of files/directories, so don't blame me. * What we do here is create all the directory nodes first (and the * directory nodes _only_), and then add the files once the dirs are known * to be in place. */ for (current_dir = a_site->files_tail; (current_dir) && (current_dir->type == file_dir); current_dir = current_dir->prev) ; /* There! SPLAT! Got you, you little bastard of a bug. */ /* if (!current_dir) return tree_root;*/ if (current_dir) { for (current_dir = current_dir->next; current_dir; current_dir = current_dir->next) { core_tree_building_function(current_dir, tree_root); } } for (current_file = a_site->files; (current_file) && (current_file->type != file_dir); current_file = current_file->next) { core_tree_building_function(current_file, tree_root); } /* FIXME: do files here somehow? */ return tree_root; }
static int good_close(ne_socket *sock) { NE_DEBUG(NE_DBG_SOCKET, "Socket error was %s\n", ne_sock_error(sock)); ONN("close failed", ne_sock_close(sock)); return OK; }
void ne_session_system_proxy(ne_session *sess, unsigned int flags) { NE_DEBUG_WINSCP_CONTEXT(sess); #ifdef HAVE_LIBPROXY pxProxyFactory *pxf = px_proxy_factory_new(); struct host_info *hi, **lasthi; char *url, **proxies; ne_uri uri; unsigned n; free_proxies(sess); /* Create URI for session to pass off to libproxy */ memset(&uri, 0, sizeof uri); ne_fill_server_uri(sess, &uri); uri.path = "/"; /* make valid URI structure. */ url = ne_uri_unparse(&uri); uri.path = NULL; /* Get list of pseudo-URIs from libproxy: */ proxies = px_proxy_factory_get_proxies(pxf, url); for (n = 0, lasthi = &sess->proxies; proxies[n]; n++) { enum proxy_type ptype; ne_uri_free(&uri); NE_DEBUG(NE_DBG_HTTP, "sess: libproxy #%u=%s\n", n, proxies[n]); if (ne_uri_parse(proxies[n], &uri)) continue; if (!uri.scheme) continue; if (ne_strcasecmp(uri.scheme, "http") == 0) ptype = PROXY_HTTP; else if (ne_strcasecmp(uri.scheme, "socks") == 0) ptype = PROXY_SOCKS; else if (ne_strcasecmp(uri.scheme, "direct") == 0) ptype = PROXY_NONE; else continue; /* Hostname/port required for http/socks schemes. */ if (ptype != PROXY_NONE && !(uri.host && uri.port)) continue; /* Do nothing if libproxy returned only a single "direct://" * entry -- a single "direct" (noop) proxy is equivalent to * having none. */ if (n == 0 && proxies[1] == NULL && ptype == PROXY_NONE) break; NE_DEBUG(NE_DBG_HTTP, "sess: Got proxy %s://%s:%d\n", uri.scheme, uri.host ? uri.host : "(none)", uri.port); hi = *lasthi = ne_calloc(sizeof *hi); if (ptype == PROXY_NONE) { /* A "direct" URI requires an attempt to connect directly to * the origin server, so dup the server details. */ set_hostinfo(hi, ptype, sess->server.hostname, sess->server.port); } else { /* SOCKS/HTTP proxy. */ set_hostinfo(hi, ptype, uri.host, uri.port); if (ptype == PROXY_HTTP) sess->any_proxy_http = 1; else if (ptype == PROXY_SOCKS) sess->socks_ver = NE_SOCK_SOCKSV5; } lasthi = &hi->next; } /* Free up the proxies array: */ for (n = 0; proxies[n]; n++) free(proxies[n]); free(proxies[n]); ne_free(url); ne_uri_free(&uri); px_proxy_factory_free(pxf); #endif }
void *update_thread(void *no_data) { int ret; extern sem_t *update_semaphore; extern gboolean site_keepgoing; pthread_detach(pthread_self()); NE_DEBUG(DEBUG_GNOME, "update_thread: detached.\n"); for(;;) { NE_DEBUG(DEBUG_GNOME, "update_thread: sleeping...\n"); /* sleep straight away */ sem_wait(update_semaphore); NE_DEBUG(DEBUG_GNOME, "update_thread: Okay, who woke me up!?\n"); gdk_threads_enter(); gtk_widget_set_sensitive(begin_button, FALSE); gtk_widget_set_sensitive(keep_going_button, FALSE); NE_DEBUG(DEBUG_GNOME, "update_thread: Acquired gtk+ lock\n"); if (verifysite_gnome(selected_site)) { close_main_update_window(NULL, NULL); NE_DEBUG(DEBUG_GNOME, "update_thread: The site was wrong, skipping.\n"); continue; } NE_DEBUG(DEBUG_GNOME, "update_thread: Verified site okay, updating..."); /* Perform the actual update */ if (GTK_TOGGLE_BUTTON(keep_going_button)->active) { site_keepgoing = TRUE; } else { site_keepgoing = FALSE; } gdk_threads_leave(); /* site_update blocks until finished */ NE_DEBUG(DEBUG_GNOME, "update_thread: Entering site_update.\n"); /* we might want to give this a 3rd argument sometime to allow * updating of single files at a time */ /* This calls site_update with a wrapper to facilitate good * abort behaviour */ ret = my_abortable_transfer_wrapper(selected_site, site_op_update); NE_DEBUG(DEBUG_GNOME, "update_thread: site_update returned value of %d.\n", ret); gdk_threads_enter(); switch (ret) { case SITE_CONNECT: gtk_label_set(GTK_LABEL(status_label), "Unable to establish connection."); gtk_label_set(GTK_LABEL(op_label), " "); gtk_label_set(GTK_LABEL(file_label), " "); gtk_label_set(GTK_LABEL(dir_label), " "); break; case SITE_AUTH: gtk_label_set(GTK_LABEL(status_label), "Authentication with the remote server failed.."); gtk_label_set(GTK_LABEL(op_label), " "); gtk_label_set(GTK_LABEL(file_label), " "); gtk_label_set(GTK_LABEL(dir_label), " "); break; case SITE_ERRORS: gtk_label_set(GTK_LABEL(status_label), "There was a problem with the file/directory transfer."); gtk_label_set(GTK_LABEL(op_label), " "); gtk_label_set(GTK_LABEL(file_label), " "); gtk_label_set(GTK_LABEL(dir_label), " "); site_write_stored_state(selected_site); rescan_selected(1); gtk_widget_set_sensitive(error_button, TRUE); break; case SITE_LOOKUP: gtk_label_set(GTK_LABEL(status_label), "Unable to connect: Host name look-up failed."); gtk_label_set(GTK_LABEL(op_label), " "); gtk_label_set(GTK_LABEL(file_label), " "); gtk_label_set(GTK_LABEL(dir_label), " "); break; case SITE_OK: gtk_label_set(GTK_LABEL(status_label), "Update complete. (No errors)"); gtk_label_set(GTK_LABEL(op_label), " "); gtk_label_set(GTK_LABEL(file_label), " "); gtk_label_set(GTK_LABEL(dir_label), " "); site_write_stored_state(selected_site); rescan_selected(1); break; case SITE_FAILED: gtk_label_set(GTK_LABEL(status_label), "Update failed. (Authentication problems)"); gtk_label_set(GTK_LABEL(op_label), " "); gtk_label_set(GTK_LABEL(file_label), " "); gtk_label_set(GTK_LABEL(dir_label), " "); break; case SITE_ABORTED: gtk_label_set(GTK_LABEL(status_label), "Update was aborted."); gtk_label_set(GTK_LABEL(op_label), " "); gtk_label_set(GTK_LABEL(file_label), " "); gtk_label_set(GTK_LABEL(dir_label), " "); site_write_stored_state(selected_site); /*rescan_selected(1);*/ break; default: gtk_label_set(GTK_LABEL(status_label), "Unexpected Update Return Value! Contact Maintainer."); NE_DEBUG(DEBUG_GNOME, "ARG! site_update returned %d.\n", ret); break; } NE_DEBUG(DEBUG_GNOME, "Dealt with site_update's return code. Changing sensitivities.\n"); gtk_widget_hide (kill_button); gtk_widget_show (close_button); gtk_widget_set_sensitive(close_button, TRUE); gtk_window_set_modal(GTK_WINDOW(upload_window), FALSE); gdk_threads_leave(); NE_DEBUG(DEBUG_GNOME, "update_thread: Reported update status okay, looping...\n"); } }
/* * Processes received authentication tokens as well as supplies the * response token. */ int ne_sspi_authenticate(void *context, const char *base64Token, char **responseToken) { SecBufferDesc outBufferDesc; SecBuffer outBuffer; int status; SECURITY_STATUS securityStatus; ULONG contextFlags; SSPIContext *sspiContext; if (initialized <= 0) { return -1; } status = getContext(context, &sspiContext); if (status) { return status; } /* TODO: Not sure what flags should be set. joe: this needs to be * driven by the ne_auth interface; the GSSAPI code needs similar * flags. */ contextFlags = ISC_REQ_CONFIDENTIALITY | ISC_REQ_MUTUAL_AUTH; initSingleEmptyBuffer(&outBufferDesc, &outBuffer); status = makeBuffer(&outBufferDesc, sspiContext->maxTokenSize); if (status) { return status; } if (base64Token) { SecBufferDesc inBufferDesc; SecBuffer inBuffer; if (!sspiContext->continueNeeded) { freeBuffer(&outBufferDesc); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Got an unexpected token.\n"); return -1; } initSingleEmptyBuffer(&inBufferDesc, &inBuffer); status = base64ToBuffer(base64Token, &inBufferDesc); if (status) { freeBuffer(&outBufferDesc); return status; } securityStatus = initializeSecurityContext(&sspiContext->credentials, &(sspiContext->context), sspiContext->serverName, contextFlags, &inBufferDesc, &(sspiContext->context), &outBufferDesc); if (securityStatus == SEC_E_OK) { sspiContext->authfinished = 1; } freeBuffer(&inBufferDesc); } else { if (sspiContext->continueNeeded) { freeBuffer(&outBufferDesc); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Expected a token from server.\n"); return -1; } if (sspiContext->authfinished && (sspiContext->credentials.dwLower || sspiContext->credentials.dwUpper)) { if (sspiContext->authfinished) { freeBuffer(&outBufferDesc); sspiContext->authfinished = 0; NE_DEBUG(NE_DBG_HTTPAUTH,"sspi: failing because starting over from failed try.\n"); return -1; } sspiContext->authfinished = 0; } /* Reset any existing context since we are starting over */ resetContext(sspiContext); if (acquireCredentialsHandle (&sspiContext->credentials, sspiContext->mechanism) != SEC_E_OK) { freeBuffer(&outBufferDesc); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: acquireCredentialsHandle failed.\n"); return -1; } securityStatus = initializeSecurityContext(&sspiContext->credentials, NULL, sspiContext->serverName, contextFlags, NULL, &(sspiContext->context), &outBufferDesc); } if (securityStatus == SEC_I_COMPLETE_AND_CONTINUE || securityStatus == SEC_I_COMPLETE_NEEDED) { SECURITY_STATUS compleStatus = pSFT->CompleteAuthToken(&(sspiContext->context), &outBufferDesc); if (compleStatus != SEC_E_OK) { freeBuffer(&outBufferDesc); NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: CompleteAuthToken failed.\n"); return -1; } } if (securityStatus == SEC_I_COMPLETE_AND_CONTINUE || securityStatus == SEC_I_CONTINUE_NEEDED) { sspiContext->continueNeeded = 1; } else { sspiContext->continueNeeded = 0; } if (!(securityStatus == SEC_I_COMPLETE_AND_CONTINUE || securityStatus == SEC_I_COMPLETE_NEEDED || securityStatus == SEC_I_CONTINUE_NEEDED || securityStatus == SEC_E_OK)) { NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: initializeSecurityContext [failed] [%x].\n", securityStatus); freeBuffer(&outBufferDesc); return -1; } *responseToken = ne_base64(outBufferDesc.pBuffers->pvBuffer, outBufferDesc.pBuffers->cbBuffer); freeBuffer(&outBufferDesc); return 0; }