/** Called after the SSL connection and initial handshaking is complete. */
void
ssl_connected(struct conn *c)
{
X509 *peer;
SSL *ssl = bufferevent_openssl_get_ssl(c->remote_bev);
#if SSL_DEBUG_LEVEL > 0
errprintf(stdout,
"ssl_slave: SSL connection attempt completed, using %s. Resolving remote host name.\n", SSL_get_version(ssl));
if (bufferevent_get_openssl_error(c->remote_bev))
errprintf(stdout, "ssl_slave: ssl error code: %ld\n",
bufferevent_get_openssl_error(c->remote_bev));
#endif
bufferevent_set_timeouts(c->remote_bev, NULL, NULL);
/* Successful accept. Log peer certificate, if any. */
if ((peer = SSL_get_peer_certificate(ssl))) {
if (SSL_get_verify_result(ssl) == X509_V_OK) {
char buf[256];
/* The client sent a certificate which verified OK */
X509_NAME_oneline(X509_get_subject_name(peer), buf, 256);
errprintf(stdout, "ssl_slave: SSL client certificate accepted: %s\n", buf);
}
}
c->state = C_HOSTNAME_LOOKUP;
c->resolver_req =
evdns_getnameinfo(resolver, &c->remote_addr.addr, 0, address_resolved, c);
}
static void pending_event(struct bufferevent *bev, short events,
void *pending_ptr) {
struct evwspendingconn* pending = (struct evwspendingconn *)pending_ptr;
if (events & BEV_EVENT_EOF) {
fprintf(stderr, "Connection closed\n");
} else if (events & BEV_EVENT_ERROR) {
fprintf(stderr, "Connection error\n");
if (errno != 0) {
fprintf(stderr, "Got an error on the connection: %s\n", strerror(errno));
}
unsigned long ssl_error = ERR_get_error();
if (ssl_error != 0) {
fprintf(stderr, "SSL error: %s\n", ERR_error_string(ssl_error, NULL));
}
ssl_error = bufferevent_get_openssl_error(bev);
if (ssl_error != 0) {
fprintf(stderr, "Got an SSL error on the connection: %s\n",
ERR_error_string(ssl_error, NULL));
}
} else if (events & BEV_EVENT_CONNECTED) {
return; // SSL connected
} else {
fprintf(stderr, "Unknown event: %x\n", (int)events);
}
remove_pending(pending);
free_pending(pending);
}
zend_object * ion_stream_get_exception(ion_stream * stream, ion_buffer * bev) {
zend_ulong error_ulong = 0;
int error_int = 0;
const char * error_message;
zend_object * exception;
void * exception_ce;
zend_string * desc = ion_stream_describe(stream);
if((error_ulong = bufferevent_get_openssl_error(bev))) { // problem with openssl connection
error_message = ERR_error_string(error_ulong, NULL);
exception_ce = ion_ce_ION_CryptoException;
} else if((error_int = bufferevent_socket_get_dns_error(bev))) { // DNS problem
error_message = evutil_gai_strerror(error_int);
exception_ce = ion_ce_ION_DNSException;
} else if((error_int = EVUTIL_SOCKET_ERROR())) { // socket problem
error_message = evutil_socket_error_to_string(error_int);
exception_ce = ion_ce_ION_StreamException;
} else { // magic problem
error_message = "stream corrupted";
exception_ce = ion_ce_ION_StreamException;
}
exception = pion_exception_new_ex(
exception_ce, 0,
"%s error: %s", desc->val, error_message
);
zend_string_release(desc);
return exception;
}
static void
conn_eventcb(struct bufferevent *bev, short events, void *user_data)
{
if (events & BEV_EVENT_EOF) {
skeeter_log(LOG_INFO, "Connection closed.");
} else if (events & BEV_EVENT_ERROR) {
skeeter_log(LOG_WARNING, "Got an error on the connection: %s",
strerror(errno));
skeeter_log(LOG_WARNING, "OpenSSL error is %lu", bufferevent_get_openssl_error(bev));
} else if (events & BEV_EVENT_TIMEOUT) {
skeeter_log(LOG_NOTICE, "Got a timeout on %s, closing connection.", (events & BEV_EVENT_READING) ? "reading" : "writing");
} else if (events & BEV_EVENT_CONNECTED) {
skeeter_log(LOG_NOTICE, "Looks like ssl handshake completed.");
skeeter_log(LOG_DEBUG, "OpenSSL error %lu", bufferevent_get_openssl_error(bev));
return;
}
skeeter_log(LOG_NOTICE, "Freeing connection data");
bufferevent_free(bev);
free(user_data);
}
static void
event_error_handler(struct bufferevent *bev, short what, void *ctx)
{
struct bufferevent *partner = NULL;
ssh_session_t *session = ctx;
if(session == NULL || session->owner_ptr == NULL) {
trace_err("ERROR: .....................");
} else {
partner= session->owner_ptr;
}
if (what & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) {
if (what & BEV_EVENT_ERROR) {
unsigned long err;
while ((err = (bufferevent_get_openssl_error(bev)))) {
const char *msg = (const char*)ERR_reason_error_string(err);
const char *lib = (const char*)ERR_lib_error_string(err);
const char *func = (const char*)ERR_func_error_string(err);
fprintf(stderr, "%s in %s %s\n", msg, lib, func);
}
if (errno) {
trace_err("connection error");
}
}
if (partner) {
/* Flush all pending data */
data_read_handler(bev, ctx);
if (evbuffer_get_length(bufferevent_get_output(partner))) {
/* We still have to flush data from the other
* side, but when that's done, close the other
* side.
*/
bufferevent_setcb(partner,
NULL, close_on_finished_writecb,
event_error_handler, NULL);
bufferevent_disable(partner, EV_READ);
} else {
/* We have nothing left to say to the other
* side; close it.
*/
bufferevent_free(partner);
ssh_log(session, "\"%s:closed\"", SESSION_TYPE(session));
}
}
bufferevent_free(bev);
}
}
static void
eventcb(struct bufferevent *bev, short what, void *ctx)
{
struct bufferevent *partner = ctx;
if (what & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) {
if (what & BEV_EVENT_ERROR) {
unsigned long err;
while ((err = (bufferevent_get_openssl_error(bev)))) {
const char *msg = (const char*)
ERR_reason_error_string(err);
const char *lib = (const char*)
ERR_lib_error_string(err);
const char *func = (const char*)
ERR_func_error_string(err);
fprintf(stderr,
"%s in %s %s\n", msg, lib, func);
}
if (errno)
perror("connection error");
}
if (partner) {
/* Flush all pending data */
readcb(bev, ctx);
if (evbuffer_get_length(
bufferevent_get_output(partner))) {
/* We still have to flush data from the other
* side, but when that's done, close the other
* side. */
bufferevent_setcb(partner,
NULL, close_on_finished_writecb,
eventcb, NULL);
bufferevent_disable(partner, EV_READ);
} else {
/* We have nothing left to say to the other
* side; close it. */
bufferevent_free(partner);
}
}
bufferevent_free(bev);
}
}
static void
http_request_done(struct evhttp_request *req, void *ctx)
{
char buffer[256];
int nread;
if (req == NULL) {
/* If req is NULL, it means an error occurred, but
* sadly we are mostly left guessing what the error
* might have been. We'll do our best... */
struct bufferevent *bev = (struct bufferevent *) ctx;
unsigned long oslerr;
int printed_err = 0;
int errcode = EVUTIL_SOCKET_ERROR();
fprintf(stderr, "some request failed - no idea which one though!\n");
/* Print out the OpenSSL error queue that libevent
* squirreled away for us, if any. */
while ((oslerr = bufferevent_get_openssl_error(bev))) {
ERR_error_string_n(oslerr, buffer, sizeof(buffer));
fprintf(stderr, "%s\n", buffer);
printed_err = 1;
}
/* If the OpenSSL error queue was empty, maybe it was a
* socket error; let's try printing that. */
if (! printed_err)
fprintf(stderr, "socket error = %s (%d)\n",
evutil_socket_error_to_string(errcode),
errcode);
return;
}
fprintf(stderr, "Response line: %d %s\n",
evhttp_request_get_response_code(req),
evhttp_request_get_response_code_line(req));
while ((nread = evbuffer_remove(evhttp_request_get_input_buffer(req),
buffer, sizeof(buffer)))
> 0) {
/* These are just arbitrary chunks of 256 bytes.
* They are not lines, so we can't treat them as such. */
fwrite(buffer, nread, 1, stdout);
}
}
static void conn_free(ad_conn_t *conn) {
if (conn) {
if (conn->status != AD_CLOSE) {
call_hooks(AD_EVENT_CLOSE | AD_EVENT_SHUTDOWN , conn);
}
conn_reset(conn);
if (conn->buffer) {
if (conn->server->sslctx) {
int sslerr = bufferevent_get_openssl_error(conn->buffer);
if (sslerr) {
char errmsg[256];
ERR_error_string_n(sslerr, errmsg, sizeof(errmsg));
ERROR("SSL %s (err:%d)", errmsg, sslerr);
}
}
bufferevent_free(conn->buffer);
}
free(conn);
}
}
void
on_event_cb(struct bufferevent *bufev_sock, short events, void *arg)
{
unsigned long e = 0;
struct event *ev;
struct timeval tv = {1, 0};
if (events & BEV_EVENT_CONNECTED) {
jlog(L_DEBUG, "connected");
cfg->ctrl_initialized = 0;
query_list_network();
} else if (events & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) {
jlog(L_DEBUG, "event (%x)", events);
while ((e = bufferevent_get_openssl_error(bufev_sock)) > 0) {
jlog(L_ERROR, "%s", ERR_error_string(e, NULL));
}
bufferevent_free(bufev_sock);
ev = event_new(base, -1, EV_TIMEOUT, on_timeout_cb, NULL);
event_add(ev, &tv);
}
}
void
server_mc_event_cb(struct bufferevent *bev, short events, void *ctx)
{
struct server *s = (struct server *)ctx;
dump_flags(events);
if (events & BEV_EVENT_CONNECTED)
{
struct mc *mc;
/*
* If we received the notification that the connection is established,
* then we move the corresponding struct mc from s->pending_peers to
* s->peers.
*/
mc = v_mc_find_if(s->pending_peers, (void *)find_bev, bev);
if (mc != v_mc_end(s->pending_peers))
{
struct mc tmp;
struct endpoint e;
endpoint_init(&e, mc->p.address, mc->p.len);
/* Check for certificate */
if (mc->ssl_flags & TLS_ENABLE)
{
X509 *cert;
SSL *ssl;
EVP_PKEY *pubkey;
char name[512];
ssl = bufferevent_openssl_get_ssl(mc->bev);
cert = SSL_get_peer_certificate(ssl);
if (cert == NULL)
{
log_info("[META] [TLS] %s doesn't share it's certificate.",
mc_presentation(mc, name, sizeof name));
v_mc_erase(s->pending_peers, mc);
mc_close(mc);
return ;
}
pubkey = X509_get_pubkey(cert); //UNUSED ?
}
log_info("[META] [%s] connexion established with %s",
mc->ssl_flags & TLS_ENABLE ? "TLS" : "TCP",
endpoint_presentation(&e));
memcpy(&tmp, mc, sizeof(tmp));
v_mc_erase(s->pending_peers, mc);
mc = v_mc_insert(s->peers, &tmp);
mc_hello(mc, s->udp);
mc_establish_tunnel(mc, s->udp);
}
}
else if (events & BEV_EVENT_EOF)
{
/* Disconnected */
struct mc *mc;
struct udp_peer *up;
mc = v_mc_find_if(s->peers, (void *)find_bev, bev);
if (mc != v_mc_end(s->peers))
{
char name[INET6_ADDRSTRLEN];
struct sockaddr *sock = mc->p.address;
up = v_udp_find_if(s->udp->udp_peers, find_udppeer, sock);
if (up != v_udp_end(s->udp->udp_peers))
{
v_udp_erase(s->udp->udp_peers, up);
log_debug("[%s] stop peering with %s",
(up->ssl_flags & DTLS_ENABLE) ? "DTLS" : "UDP",
endpoint_presentation(&up->peer_addr));
}
log_debug("[META] stop the meta-connexion with %s",
mc_presentation(mc, name, sizeof(name)));
mc_close(mc);
v_mc_erase(s->peers, mc);
}
}
else if (events & BEV_EVENT_ERROR)
{
struct mc *mc;
int everr;
int sslerr;
everr = EVUTIL_SOCKET_ERROR();
if (everr != 0)
{
log_warnx("[META] unexpected shutdown of the meta-connexion: (%d) %s",
everr, evutil_socket_error_to_string(everr));
}
while ((sslerr = bufferevent_get_openssl_error(bev)) != 0)
{
log_warnx("[META] SSL error code (%d): %s in %s %s",
sslerr, ERR_reason_error_string(sslerr),
ERR_lib_error_string(sslerr),
ERR_func_error_string(sslerr));
}
/*
* Find if the exception come from a pending peer or a
* regular peer and close it.
*/
mc = v_mc_find_if(s->pending_peers, (void *)find_bev, bev);
if (mc != v_mc_end(s->pending_peers))
{
char name[128];
log_debug("[META] %s removed from the pending list",
mc_presentation(mc, name, sizeof name));
mc_close(mc);
v_mc_erase(s->pending_peers, mc);
}
else
{
mc = v_mc_find_if(s->peers, (void *)find_bev, bev);
if (mc != v_mc_end(s->peers))
{
mc_close(mc);
v_mc_erase(s->peers, mc);
log_debug("[META] socket removed from the peer list");
}
}
}
}
