GVfsFtpConnection *
g_vfs_ftp_connection_new (GSocketConnectable *addr,
GCancellable * cancellable,
GError ** error)
{
GVfsFtpConnection *conn;
g_return_val_if_fail (G_IS_SOCKET_CONNECTABLE (addr), NULL);
conn = g_slice_new0 (GVfsFtpConnection);
conn->client = g_socket_client_new ();
conn->debug_id = g_atomic_int_add (&debug_id, 1);
conn->commands = G_IO_STREAM (g_socket_client_connect (conn->client,
addr,
cancellable,
error));
if (conn->commands == NULL)
{
g_object_unref (conn->client);
g_slice_free (GVfsFtpConnection, conn);
return NULL;
}
conn->connection = G_SOCKET_CONNECTION (conn->commands);
enable_nodelay (conn->connection);
enable_keepalive (conn->connection);
create_input_stream (conn);
/* The first thing that needs to happen is receiving the welcome message */
conn->waiting_for_reply = TRUE;
return conn;
}
GVfsFtpConnection *
g_vfs_ftp_connection_new (GSocketConnectable *addr,
GCancellable * cancellable,
GError ** error)
{
GVfsFtpConnection *conn;
g_return_val_if_fail (G_IS_SOCKET_CONNECTABLE (addr), NULL);
conn = g_slice_new0 (GVfsFtpConnection);
conn->client = g_socket_client_new ();
conn->debug_id = g_atomic_int_exchange_and_add (&debug_id, 1);
conn->commands = G_IO_STREAM (g_socket_client_connect (conn->client,
addr,
cancellable,
error));
if (conn->commands == NULL)
{
g_object_unref (conn->client);
g_slice_free (GVfsFtpConnection, conn);
return NULL;
}
enable_keepalive (G_SOCKET_CONNECTION (conn->commands));
conn->commands_in = G_DATA_INPUT_STREAM (g_data_input_stream_new (g_io_stream_get_input_stream (conn->commands)));
g_data_input_stream_set_newline_type (conn->commands_in, G_DATA_STREAM_NEWLINE_TYPE_CR_LF);
/* The first thing that needs to happen is receiving the welcome message */
conn->waiting_for_reply = TRUE;
return conn;
}
/**
* g_tls_database_verify_chain_async:
* @self: a #GTlsDatabase
* @chain: a #GTlsCertificate chain
* @purpose: the purpose that this certificate chain will be used for.
* @identity: (allow-none): the expected peer identity
* @interaction: (allow-none): used to interact with the user if necessary
* @flags: additional verify flags
* @cancellable: (allow-none): a #GCancellable, or %NULL
* @callback: callback to call when the operation completes
* @user_data: the data to pass to the callback function
*
* Asynchronously verify's a certificate chain after looking up and adding
* any missing certificates to the chain. See g_tls_database_verify_chain()
* for more information.
*
* Since: 2.30
*/
void
g_tls_database_verify_chain_async (GTlsDatabase *self,
GTlsCertificate *chain,
const gchar *purpose,
GSocketConnectable *identity,
GTlsInteraction *interaction,
GTlsDatabaseVerifyFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
g_return_if_fail (G_IS_TLS_DATABASE (self));
g_return_if_fail (G_IS_TLS_CERTIFICATE (chain));
g_return_if_fail (purpose != NULL);
g_return_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
g_return_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity));
g_return_if_fail (callback != NULL);
g_return_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async);
G_TLS_DATABASE_GET_CLASS (self)->verify_chain_async (self,
chain,
purpose,
identity,
interaction,
flags,
cancellable,
callback,
user_data);
}
/**
* g_tls_database_verify_chain:
* @self: a #GTlsDatabase
* @chain: a #GTlsCertificate chain
* @purpose: the purpose that this certificate chain will be used for.
* @identity: (allow-none): the expected peer identity
* @interaction: (allow-none): used to interact with the user if necessary
* @flags: additional verify flags
* @cancellable: (allow-none): a #GCancellable, or %NULL
* @error: (allow-none): a #GError, or %NULL
*
* Verify's a certificate chain after looking up and adding any missing
* certificates to the chain.
*
* @chain is a chain of #GTlsCertificate objects each pointing to the next
* certificate in the chain by its %issuer property. The chain may initially
* consist of one or more certificates. After the verification process is
* complete, @chain may be modified by adding missing certificates, or removing
* extra certificates. If a certificate anchor was found, then it is added to
* the @chain.
*
* @purpose describes the purpose (or usage) for which the certificate
* is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER
* which means that the certificate is being used to authenticate a server
* (and we are acting as the client).
*
* The @identity is used to check for pinned certificates (trust exceptions)
* in the database. These will override the normal verification process on a
* host by host basis.
*
* Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be
* used.
*
* This function can block, use g_tls_database_verify_chain_async() to perform
* the verification operation asynchronously.
*
* Return value: the appropriate #GTlsCertificateFlags which represents the
* result of verification.
*
* Since: 2.30
*/
GTlsCertificateFlags
g_tls_database_verify_chain (GTlsDatabase *self,
GTlsCertificate *chain,
const gchar *purpose,
GSocketConnectable *identity,
GTlsInteraction *interaction,
GTlsDatabaseVerifyFlags flags,
GCancellable *cancellable,
GError **error)
{
g_return_val_if_fail (G_IS_TLS_DATABASE (self), G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (G_IS_TLS_DATABASE (self),
G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (G_IS_TLS_CERTIFICATE (chain),
G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (purpose, G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (interaction == NULL || G_IS_TLS_INTERACTION (interaction),
G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (identity == NULL || G_IS_SOCKET_CONNECTABLE (identity),
G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (error == NULL || *error == NULL, G_TLS_CERTIFICATE_GENERIC_ERROR);
g_return_val_if_fail (G_TLS_DATABASE_GET_CLASS (self)->verify_chain,
G_TLS_CERTIFICATE_GENERIC_ERROR);
return G_TLS_DATABASE_GET_CLASS (self)->verify_chain (self,
chain,
purpose,
identity,
interaction,
flags,
cancellable,
error);
}
/* Called when a GTlsConnection (which this handler has been connected to)
* has an error validating its certificate.
* Returns TRUE if the certificate is already trusted, so the connection
* can continue.
* Returns FALSE if the certificate is not trusted, causing the
* connection's handshake to fail, and then prompts the user to accept
* the certificate.
*/
static gboolean
accept_certificate_cb(GTlsConnection *conn, GTlsCertificate *peer_cert,
GTlsCertificateFlags errors, gpointer user_data)
{
GTlsCertificate *trusted_cert;
GSocketConnectable *connectable;
const gchar *identity;
g_return_val_if_fail(G_IS_TLS_CLIENT_CONNECTION(conn), FALSE);
g_return_val_if_fail(G_IS_TLS_CERTIFICATE(peer_cert), FALSE);
/* Get the certificate identity from the GTlsClientConnection */
connectable = g_tls_client_connection_get_server_identity(
G_TLS_CLIENT_CONNECTION(conn));
g_return_val_if_fail(G_IS_SOCKET_CONNECTABLE(connectable), FALSE);
/* identity is owned by the connectable */
if (G_IS_NETWORK_ADDRESS(connectable)) {
identity = g_network_address_get_hostname(
G_NETWORK_ADDRESS(connectable));
} else if (G_IS_NETWORK_SERVICE(connectable)) {
identity = g_network_service_get_domain(
G_NETWORK_SERVICE(connectable));
} else {
g_return_val_if_reached(FALSE);
}
/* See if a trusted certificate matching the peer certificate exists */
trusted_cert = purple_tls_certificate_new_from_id(identity, NULL);
if (trusted_cert != NULL &&
g_tls_certificate_is_same(peer_cert, trusted_cert)) {
/* It's manually trusted. Accept certificate */
g_object_unref(trusted_cert);
return TRUE;
}
g_clear_object(&trusted_cert);
/* Certificate failed and isn't trusted.
* Fail certificate and prompt user.
*/
request_accept_certificate(identity, peer_cert, errors);
return FALSE;
}
/**
* cockpit_stream_connect:
* @name: name for pipe, for debugging
* @address: socket address to connect to
*
* Create a new pipe connected as a client to the given socket
* address, which can be a unix or inet address. Will connect
* in stream mode.
*
* If the connection fails, a pipe is still returned. It will
* close once the main loop is run with an appropriate problem.
*
* Returns: (transfer full): newly allocated CockpitStream.
*/
CockpitStream *
cockpit_stream_connect (const gchar *name,
GSocketConnectable *connectable,
CockpitStreamOptions *options)
{
CockpitStream *stream;
g_return_val_if_fail (G_IS_SOCKET_CONNECTABLE (connectable), NULL);
stream = g_object_new (COCKPIT_TYPE_STREAM,
"io-stream", NULL,
"name", name,
NULL);
if (options)
stream->priv->options = cockpit_stream_options_ref (options);
stream->priv->connecting = g_socket_connectable_enumerate (connectable);
g_socket_address_enumerator_next_async (stream->priv->connecting, NULL,
on_address_next, g_object_ref (stream));
return stream;
}
