void t05_server_timeout_threaded_ssl(){
INIT_LOCAL();
CURL *curl=prepare_curl("https://localhost:8081");
ONION_DEBUG("%s",__FUNCTION__);
o=onion_new(O_THREADED | O_DETACH_LISTEN);
onion_set_root_handler(o,onion_handler_new((void*)process_request,NULL,NULL));
FAIL_IF_NOT_EQUAL_INT(onion_set_certificate(o, O_SSL_CERTIFICATE_KEY, "mycert.pem", "mycert.pem"),0);
onion_set_port(o,"8081");
onion_set_timeout(o,3000);
onion_listen(o);
sleep(1);
int fd=connect_to("localhost","8081");
sleep(4);
// Should have closed the connection
int w=write(fd,"GET /\n\n",7);
FAIL_IF_NOT_EQUAL_INT(w,7);
char data[256];
FAIL_IF(read(fd, data,sizeof(data))>0);
close(fd);
FAIL_IF_NOT(curl_get(curl, "https://localhost:8081"));
onion_free(o);
curl_easy_cleanup(curl);
END_LOCAL();
}
void t03_server_https(){
INIT_LOCAL();
CURL *curl=prepare_curl("https://localhost:8080");
o=onion_new(O_ONE_LOOP | O_DETACH_LISTEN);
onion_set_root_handler(o,onion_handler_new((void*)process_request,NULL,NULL));
FAIL_IF_NOT_EQUAL_INT(onion_set_certificate(o, O_SSL_CERTIFICATE_KEY, "mycert.pem", "mycert.pem"),0);
FAIL_IF_NOT_EQUAL_INT(onion_listen(o),0);
//do_petition_set(1,1,1,1);
sleep(1);
//FAIL_IF_EQUAL_INT( curl_get_to_fail("http://localhost:8080"), HTTP_OK);
sleep(1);
FAIL_IF_NOT_EQUAL_INT( curl_get(curl, "https://localhost:8080"), HTTP_OK);
sleep(1);
onion_free(o);
curl_easy_cleanup(curl);
END_LOCAL();
}
int main(int argc, char **argv){
char *port="8080";
char *serverip="::";
const char *command="/bin/bash";
const char *certificatefile="/etc/pki/tls/certs/pound.pem";
const char *keyfile="/etc/pki/tls/certs/pound.key";
int error;
int i;
int ssl=1;
#ifdef HAVE_PAM
int use_pam=1;
#endif
for (i=1;i<argc;i++){
if (strcmp(argv[i],"--help")==0){
show_help();
exit(0);
}
else if(strcmp(argv[i],"-p")==0 || strcmp(argv[i],"--port")==0){
if (i+1>argc){
ONION_ERROR("Need to set the port number.");
show_help();
exit(1);
}
port=argv[++i];
fprintf(stderr, "Using port %s\n",port);
}
else if(strcmp(argv[i],"-i")==0 || strcmp(argv[i],"--ip")==0){
if (i+1>argc){
ONION_ERROR("Need to set the ip address or hostname.");
show_help();
exit(1);
}
serverip=argv[++i];
fprintf(stderr, "Using ip %s\n",serverip);
}
else if(strcmp(argv[i],"-c")==0 || strcmp(argv[i],"--cert")==0){
if (i+1>argc){
ONION_ERROR("Need to set the certificate filename");
show_help();
exit(1);
}
certificatefile=argv[++i];
ONION_INFO("Using certificate %s",certificatefile);
}
else if(strcmp(argv[i],"-k")==0 || strcmp(argv[i],"--key")==0){
if (i+1>argc){
ONION_ERROR("Need to set the certificate key filename.");
show_help();
exit(1);
}
keyfile=argv[++i];
ONION_INFO("Using certificate key %s",keyfile);
}
else if(strcmp(argv[i],"-x")==0 || strcmp(argv[i],"--exec")==0){
if (i+1>argc){
ONION_ERROR("Need the command to execute.");
show_help();
exit(1);
}
command=argv[++i];
ONION_INFO("New terminal execute the command %s",command);
}
else if(strcmp(argv[i],"--no-ssl")==0){
ssl=0;
ONION_INFO("Disabling SSL!");
}
#ifdef HAVE_PAM
else if(strcmp(argv[i],"--no-pam")==0){
use_pam=0;
ONION_INFO("Disabling PAM!");
}
#endif
}
o=onion_new(O_POOL|O_SYSTEMD);
// I prepare the url handler, with static, uuid and term. Also added the empty rule that redirects to static/index.html
onion_url *url=onion_url_new();
onion_handler *term_handler=oterm_handler(o,command);
#ifdef HAVE_PAM
if (use_pam){
onion_url_add_handler(url, "^term/", onion_handler_auth_pam("Onion Terminal", "login", term_handler));
}
else
#endif
{
onion_url_add_with_data(url, "^term/", oterm_nopam, term_handler, NULL);
}
onion_url_add_with_data(url, "^uuid/", oterm_uuid, onion_handler_get_private_data(term_handler), NULL);
#ifdef __DEBUG__
if (getenv("OTERM_DEBUG"))
onion_url_add_handler(url, "^static/", onion_handler_export_local_new("static"));
else
#endif
{
onion_url_add(url, "^static/", opack_static);
}
onion_url_add_with_data(url, "", onion_shortcut_internal_redirect, "static/index.html", NULL);
srand(time(NULL));
onion_set_root_handler(o, onion_url_to_handler(url));
if (!(onion_flags(o)&O_SSL_AVAILABLE)){
ONION_WARNING("SSL support is not available. Oterm is in unsecure mode!");
}
else if (ssl){ // Not necesary the else, as onion_use_certificate would just return an error. But then it will exit.
error=onion_set_certificate(o, O_SSL_CERTIFICATE_KEY, certificatefile, keyfile);
if (error){
ONION_ERROR("Cant set certificate and key files (%s, %s)",certificatefile, keyfile);
show_help();
exit(1);
}
}
onion_set_port(o, port);
onion_set_hostname(o, serverip);
onion_set_timeout(o,5000);
signal(SIGINT, free_onion);
signal(SIGPIPE, SIG_IGN);
fprintf(stderr, "Listening at %s\n",port);
error=onion_listen(o);
if (error){
ONION_ERROR("Cant create the server: %s", strerror(errno));
}
onion_free(o);
return 0;
}
int main(int argc, char **argv){
char *port="8080";
char *hostname="::";
const char *dirname=".";
const char *certfile="cert.pem";
const char *pamname="login";
int i;
for (i=1;i<argc;i++){
if ((strcmp(argv[i],"--port")==0) || (strcmp(argv[i],"-p")==0)){
port=argv[++i];
ONION_INFO("Listening at port %s",port);
}
if ((strcmp(argv[i],"--listen")==0) || (strcmp(argv[i],"-l")==0)){
hostname=argv[++i];
ONION_INFO("Listening at hostname %s",hostname);
}
else if (strcmp(argv[i],"--pem")==0){
if (argc<i+1)
return show_help();
certfile=argv[++i];
ONION_INFO("Certificate file set to %s",certfile);
}
else if (strcmp(argv[i],"--pam")==0){
if (argc<i+1)
return show_help();
pamname=argv[++i];
ONION_INFO("Pam name is now %s",pamname);
}
else if (strcmp(argv[i],"--help")==0 || strcmp(argv[i],"-h")==0){
return show_help();
}
else
dirname=argv[i];
}
upload_file_data data={
dirname
};
onion_handler *root=onion_handler_new((void*)upload_file,(void*)&data,NULL);
onion_handler *dir=onion_handler_export_local_new(argc==2 ? argv[1] : ".");
onion_handler_export_local_set_footer(dir, upload_file_footer);
onion_handler_add(dir, onion_handler_static("<h1>404 - File not found.</h1>", 404) );
onion_handler_add(root,dir);
onion_handler *pam=onion_handler_auth_pam("Onion Fileserver", pamname, root);
o=onion_new(O_THREADED);
onion_set_root_handler(o, pam);
onion_set_certificate(o, O_SSL_CERTIFICATE_KEY, certfile, certfile);
onion_set_port(o, port);
onion_set_hostname(o, hostname);
signal(SIGINT, free_onion);
int error=onion_listen(o);
if (error){
perror("Cant create the server");
}
onion_free(o);
return 0;
}