void clear_cert(){
if(_cred){
ne_ssl_clicert_free(_cred);
_cred = NULL;
}
pemLoaded = false;
x509_ucert.clear();
x509_ukey.clear();
x509_passwd.clear();
}
void ne_session_destroy(ne_session *sess)
{
NE_DEBUG_WINSCP_CONTEXT(sess);
struct hook *hk;
NE_DEBUG(NE_DBG_HTTP, "sess: Destroying session.\n");
/* Run the destroy hooks. */
for (hk = sess->destroy_sess_hooks; hk != NULL; hk = hk->next) {
ne_destroy_sess_fn fn = (ne_destroy_sess_fn)hk->fn;
fn(hk->userdata);
}
/* Close the connection; note that the notifier callback could
* still be invoked here. */
if (sess->connected) {
ne_close_connection(sess);
}
destroy_hooks(sess->create_req_hooks);
destroy_hooks(sess->pre_send_hooks);
destroy_hooks(sess->post_headers_hooks);
destroy_hooks(sess->post_send_hooks);
destroy_hooks(sess->destroy_req_hooks);
destroy_hooks(sess->destroy_sess_hooks);
destroy_hooks(sess->close_conn_hooks);
destroy_hooks(sess->private);
ne_free(sess->scheme);
free_hostinfo(&sess->server);
free_proxies(sess);
if (sess->user_agent) ne_free(sess->user_agent);
if (sess->socks_user) ne_free(sess->socks_user);
if (sess->socks_password) ne_free(sess->socks_password);
#ifdef NE_HAVE_SSL
if (sess->ssl_context)
ne_ssl_context_destroy(sess->ssl_context);
if (sess->server_cert)
ne_ssl_cert_free(sess->server_cert);
if (sess->client_cert)
ne_ssl_clicert_free(sess->client_cert);
#endif
ne_free(sess);
}
void ne_session_destroy(ne_session *sess)
{
struct hook *hk;
NE_DEBUG(NE_DBG_HTTP, "ne_session_destroy called.\n");
/* Run the destroy hooks. */
for (hk = sess->destroy_sess_hooks; hk != NULL; hk = hk->next) {
ne_destroy_sess_fn fn = (ne_destroy_sess_fn)hk->fn;
fn(hk->userdata);
}
destroy_hooks(sess->create_req_hooks);
destroy_hooks(sess->pre_send_hooks);
destroy_hooks(sess->post_send_hooks);
destroy_hooks(sess->destroy_req_hooks);
destroy_hooks(sess->destroy_sess_hooks);
destroy_hooks(sess->private);
ne_free(sess->scheme);
ne_free(sess->server.hostname);
ne_free(sess->server.hostport);
if (sess->server.address) ne_addr_destroy(sess->server.address);
if (sess->proxy.address) ne_addr_destroy(sess->proxy.address);
if (sess->proxy.hostname) ne_free(sess->proxy.hostname);
if (sess->user_agent) ne_free(sess->user_agent);
if (sess->connected) {
ne_close_connection(sess);
}
#ifdef NE_HAVE_SSL
if (sess->ssl_context)
ne_ssl_context_destroy(sess->ssl_context);
if (sess->server_cert)
ne_ssl_cert_free(sess->server_cert);
if (sess->client_cert)
ne_ssl_clicert_free(sess->client_cert);
#endif
ne_free(sess);
}
int dav_startsessx(char *server, char *comment, int enable_ssl)
{
FILE *p12 = NULL;
const char *p12cert = "/tmp/usercert.p12";
const char *userkey, *usercert, *userproxy;
char buffer[128];
/* Function to be executed once per thread, used to create the connection structure and set the server name */
if(mutex == 0)
{
/* If no host specified, use the DPNS default one */
if (!server)
server = getenv("DPNS_HOST");
/* Finish the function if the host is still NULL*/
if (!server)
{
dav_error = SENOSHOST;
return -1;
}
/* Trigger an error if the comment is too long */
if(comment && (strlen(comment) > CA_MAXCOMMENTLEN))
{
dav_error = EINVAL;
return -1;
}
pthread_once(&init_once, thread_init_once);
connection = (struct dav_connection *)calloc(sizeof(struct dav_connection), 1);
strcpy(connection->server, server);
mutex = 1;
}
/* exit function if a session already exists */
if(connection->session)
return 0;
/* Retrieve userkey and usercert from environement variable */
userkey = getenv("X509_USER_KEY");
usercert = getenv("X509_USER_CERT");
userproxy = getenv("X509_USER_PROXY");
/* Use a proxy */
if (enable_ssl) {
if (userproxy) {
userkey = usercert = userproxy;
}
/* Try default proxy location */
else if (!userkey && !usercert) {
struct stat stat_buf;
snprintf(buffer, sizeof(buffer), "/tmp/x509up_u%d", getuid());
/* No luck, try with host cert and key */
if (stat(buffer, &stat_buf) != 0) {
usercert = "/etc/grid-security/hostcert.pem";
userkey = "/etc/grid-security/hostkey.pem";
}
}
debug_msg("User certificate: %s", usercert);
debug_msg("User key: %s", userkey);
/* Try to open the certificate, create one if file does not exist yet */
if ((p12 = fopen(p12cert, "r")) == NULL){
if(convert_x509_to_p12(userkey, usercert, p12cert) == -1){
fprintf(stderr, "An error occur in the certificate conversion\n");
return -1;
}
}else {
fclose(p12);
}
/* Try to open a session, return -1 and set the correct errno if it failed */
if ((connection->session = ne_session_create("https", server, 443)) == NULL)
{
dav_error = ENSNACT;
return -1;
}
}
else {
if ((connection->session = ne_session_create("http", server, 80)) == NULL)
{
dav_error = ENSNACT;
return -1;
}
}
/* manual checking for ssl credentials */
ne_ssl_set_verify(connection->session, no_ssl_verification, NULL);
/* Read the pkcs12 certificate */
if (enable_ssl) {
ne_ssl_client_cert *cert = ne_ssl_clicert_read(p12cert);
if (cert == NULL) {
ne_session_destroy(connection->session);
dav_error = SECOMERR;
return -1;
}
ne_ssl_set_clicert(connection->session, cert);
ne_ssl_clicert_free(cert);
}
return 0;
}
