int main(int argc, char **argv)
{
BIO *acc, *client;
SSL *ssl;
SSL_CTX *ctx;
pthread_t tid;
init_openssl();
seed_prng(64);
ctx = setup_server_ctx();
acc = BIO_new_accept(PORT);
if(!acc)
log_err("Error creating server socket.");
/* first call BIO_do_accept() setup accept BIO */
if(BIO_do_accept(acc) <= 0)
log_err("Error binding server socket.");
for(;;) {
if(BIO_do_accept(acc) <= 0)
log_err("Error accepting connection.");
client = BIO_pop(acc);
if(!(ssl = SSL_new(ctx)))
log_err("Error creating SSL context.");
SSL_set_bio(ssl, client, client);
pthread_create(&tid, NULL, server_thread, ssl);
}
SSL_CTX_free(ctx);
BIO_free(acc);
return 0;
}
int main(int argc, char * argv[]) {
BIO * acc, * client;
THREAD_TYPE tid;
SSL * ssl;
SSL_CTX * ctx;
init_OpenSSL();
seed_prng();
ctx = setup_server_ctx();
acc = BIO_new_accept(PORT);
if (!acc)
int_error("Error creating server socket");
if (BIO_do_accept(acc) <= 0)
int_error("Error binding server socket");
// BIO_do_accept() will block and wait for a remote connection.
while (1) {
if (BIO_do_accept(acc) <= 0)
int_error("Error accepting connection");
// get the client BIO
client = BIO_pop(acc);
if (!(ssl = SSL_new(ctx)))
int_error("Error creating SSL context");
SSL_set_accept_state(ssl);
SSL_set_bio(ssl, client, client);
// create a new thread to handle the new connection,
// The thread will call do_server_loop with the client BIO.
// THREAD_CREATE(tid, entry, arg);
// tid is the id of the new thread.
// server_thread is the function defined above, which will call
// do_server_loop() with the client BIO.
THREAD_CREATE(tid, server_thread, ssl);
}
SSL_CTX_free(ctx);
BIO_free(acc);
return 0;
}
int main(int argc, char *argv[])
{
BIO *acc, *client;
SSL *ssl;
SSL_CTX *ctx;
THREAD_TYPE tid;
init_OpenSSL( );
seed_prng();
ctx = setup_server_ctx( );
acc = BIO_new_accept(PORT);
if (!acc)
int_error("Error creating server socket");
if (BIO_do_accept(acc) <= 0)
int_error("Error binding server socket");
while(1)
{
if (BIO_do_accept(acc) <= 0)
int_error("Error accepting connection");
client = BIO_pop(acc);
if (!(ssl = SSL_new(ctx)))
int_error("Error creating SSL context");
SSL_set_accept_state(ssl);
SSL_set_bio(ssl, client, client);
THREAD_CREATE(tid, (void *)server_thread, ssl);
}
SSL_CTX_free(ctx);
BIO_free(acc);
return 0;
}
int main(int argc, char *argv[])
{
BIO *acc, *client;
SSL *ssl;
SSL_CTX *ctx;
THREAD_TYPE tid;
void* (*func)(void*) = &server_thread;
std::cout << "before init\n";
init_OpenSSL();
//seed_prng();
std::cout << "after init\n";
ctx = setup_server_ctx();
acc = BIO_new_accept(PORT);
if(!acc)
int_error("Error creating socket");
if(BIO_do_accept(acc) <= 0)
int_error("Error binding socket");
for(;;)
{
if(BIO_do_accept(acc) <= 0)
int_error("Error accepting connection");
client = BIO_pop(acc);
if(!(ssl = SSL_new(ctx)))
int_error("Error creating ssl object");
SSL_set_bio(ssl,client,client);
THREAD_CREATE(tid,func,ssl);
}
BIO_free(acc);
SSL_CTX_free(ctx);
return 0;
}
void *emergency_delegation_list_loading_main(void *arg)
{
BIO *bio_acc = NULL;
BIO *bio_client = NULL;
SSL *ssl_client = NULL;
SSL_CTX *ctx = NULL;
int err;
char *host[1];
ctx = setup_server_ctx(EMS_CERTFILE_PATH, EMS_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH);
bio_acc = BIO_new_accept(EMS_EMERGENCY_DELEGATION_LIST_LOADING_PORT);
if(!bio_acc)
int_error("Creating server socket failed");
if(BIO_do_accept(bio_acc) <= 0)
int_error("Binding server socket failed");
for(;;)
{
if(BIO_do_accept(bio_acc) <= 0)
int_error("Accepting connection failed");
bio_client = BIO_pop(bio_acc);
if(!(ssl_client = SSL_new(ctx)))
int_error("Creating SSL context failed");
SSL_set_bio(ssl_client, bio_client, bio_client);
if(SSL_accept(ssl_client) <= 0)
{
fprintf(stderr, "Accepting SSL connection failed\n");
goto ERROR_AT_SSL_LAYER;
}
host[0] = USER_CN;
if((err = post_connection_check(ssl_client, host, 1, true, GLOBAL_authority_name)) != X509_V_OK)
{
fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err));
goto ERROR_AT_SSL_LAYER;
}
// Process types of request
if(!process_request(ssl_client))
goto ERROR_AT_SSL_LAYER;
ERROR_AT_SSL_LAYER:
SSL_cleanup(ssl_client);
ssl_client = NULL;
ERR_remove_state(0);
}
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio_acc);
bio_acc = NULL;
pthread_exit(NULL);
return NULL;
}
void *phr_authority_list_loading_main(void *arg)
{
BIO *bio_acc = NULL;
BIO *bio_client = NULL;
SSL *ssl_client = NULL;
SSL_CTX *ctx = NULL;
int err;
char *hosts[2];
ctx = setup_server_ctx(ESA_CERTFILE_PATH, ESA_CERTFILE_PASSWD, EMU_ROOT_CA_ONLY_CERT_CERTFILE_PATH);
bio_acc = BIO_new_accept(ESA_PHR_AUTHORITY_LIST_LOADING_PORT);
if(!bio_acc)
int_error("Creating server socket failed");
if(BIO_do_accept(bio_acc) <= 0)
int_error("Binding server socket failed");
for(;;)
{
if(BIO_do_accept(bio_acc) <= 0)
int_error("Accepting connection failed");
bio_client = BIO_pop(bio_acc);
if(!(ssl_client = SSL_new(ctx)))
int_error("Creating SSL context failed");
SSL_set_bio(ssl_client, bio_client, bio_client);
if(SSL_accept(ssl_client) <= 0)
{
fprintf(stderr, "Accepting SSL connection failed\n");
goto ERROR_AT_SSL_LAYER;
}
hosts[0] = ADMIN_CN;
hosts[1] = USER_CN;
if((err = post_connection_check(ssl_client, hosts, 2, true, GLOBAL_authority_name)) != X509_V_OK)
{
fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err));
goto ERROR_AT_SSL_LAYER;
}
// Serve the PHR authority list
if(!load_phr_authority_list(ssl_client))
goto ERROR_AT_SSL_LAYER;
ERROR_AT_SSL_LAYER:
SSL_cleanup(ssl_client);
ssl_client = NULL;
ERR_remove_state(0);
}
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio_acc);
bio_acc = NULL;
pthread_exit(NULL);
return NULL;
}
void *access_permission_management_main(void *arg)
{
BIO *bio_acc = NULL;
BIO *bio_client = NULL;
SSL *ssl_client = NULL;
SSL_CTX *ctx = NULL;
int err;
char *hosts[1];
ctx = setup_server_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH);
bio_acc = BIO_new_accept(UA_ACCESS_PERMISSION_MANAGEMENT_PORT);
if(!bio_acc)
int_error("Creating server socket failed");
if(BIO_do_accept(bio_acc) <= 0)
int_error("Binding server socket failed");
for(;;)
{
if(BIO_do_accept(bio_acc) <= 0)
int_error("Accepting connection failed");
bio_client = BIO_pop(bio_acc);
if(!(ssl_client = SSL_new(ctx)))
int_error("Creating SSL context failed");
SSL_set_bio(ssl_client, bio_client, bio_client);
if(SSL_accept(ssl_client) <= 0)
{
fprintf(stderr, "Accepting SSL connection failed\n");
goto ERROR_AT_SSL_LAYER;
}
hosts[0] = USER_CN;
if((err = post_connection_check(ssl_client, hosts, 1, true, GLOBAL_authority_name)) != X509_V_OK)
{
fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err));
goto ERROR_AT_SSL_LAYER;
}
// Process request
if(!process_request(ssl_client))
goto ERROR_AT_SSL_LAYER;
ERROR_AT_SSL_LAYER:
SSL_cleanup(ssl_client);
ssl_client = NULL;
ERR_remove_state(0);
}
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio_acc);
bio_acc = NULL;
pthread_exit(NULL);
return NULL;
}
/*
* The main TCP accpet loop
*/
void
server_accept_loop()
{
fd_set *fdset;
int maxfd, i, ret, err;
int newsock;
struct sockaddr_in from;
socklen_t fromlen;
int handcheck = -1;
int sock;
char **addr = NULL;
int pfd[2];
fdset = NULL;
maxfd = 0;
signal(SIGPIPE, SIG_IGN);
signal(SIGTERM, ctr_c);
signal(SIGQUIT, ctr_c);
signal(SIGINT, ctr_c);
/* SSL preliminaries */
SSL_CTX* ctx;
SSL* ssl;
init_OpenSSL ();
seed_prng ();
/* We keep the certificate and key with the context. */
ctx = setup_server_ctx ();
addr = crv_cut(options.listen_addrs, " ");
for (i = 0; addr[i]; i++)
{
/* Prepare TCP socket for receiving connections (change user for ROOT if port < 1024 )*/
sock = crv_server_listen(options.num_ports, 5, addr[i], options.address_family, 1);
if (sock == -1) {
fprintf( stderr, "%s\n", "main(): server_listent() failed");
exit (EXIT_FAILURE);
}
/* Add comment (listening on several adress )*/
listen_socks[num_listen_socks] = sock;
num_listen_socks++;
}
for( i = 0; addr[i]; i++)
crv_free(addr[i]);
crv_free(addr);
for (i = 0; i < num_listen_socks; i++)
if (listen_socks[i] > maxfd)
maxfd = listen_socks[i];
/* loop */
for(;;)
{
newsock = -1;
int pid;
handcheck = -1;
if (fdset != NULL)
free(fdset);
fdset = (fd_set *) calloc(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
for ( i = 0; i < num_listen_socks; i++)
FD_SET(listen_socks[i], fdset);
/* wait in select until there is a connection. */
ret = select(maxfd+1, fdset, NULL, NULL, NULL);
if (ret < 0 && errno != EINTR)
Log ( "WARNING", 0, "select: %.100s", strerror(errno));
for ( i = 0; i < num_listen_socks; i++)
if ( FD_ISSET(listen_socks[i], fdset)) {
fromlen = sizeof(from);
newsock = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen);
if (newsock < 0) {
if (errno != EINTR && errno != EWOULDBLOCK )
Log ( "WARNING", 0, "accept: %.100s", strerror(errno));
continue;
}
if (received_sigterm) {
fprintf( stderr, "Received signal %d; terminating.\n",
(int) received_sigterm);
close_listen_socks();
unlink(options.pid);
return;
}
if (crv_unset_nonblock(newsock) == -1) {
Log ( "CRASH", 0, "Unset nonblock failed");
continue;
}
/* TCP connection is ready. Do server side SSL. */
ssl = SSL_new (ctx);
if ((ssl)==NULL) {
Log ( "CRASH", 0, "Create new ssl failed");
continue;
}
/* connect the SSL object with a file descriptor */
err = SSL_set_fd (ssl, newsock);
if ((err)==0) {
Log ( "CRASH", 0, "Put SSL on socket failed \n");
close(newsock);
continue;
}
/* TCP connection is ready. Do server side SSL. */
err = SSL_accept (ssl);
if ((err) <= 0) {
Log ("HACK", 0, "%s handcheck failed", inet_ntoa(from.sin_addr));
/* Free the allocated SSL structure */
SSL_free (ssl);
continue;
}
else {
handcheck = 0;
}
if ( handcheck != -1 )
{
/* Pipe creation */
if (pipe(pfd) == -1)
{
fprintf( stderr, "%s\n", "server_accept_loop(): pipe() failed");
return;
}
switch((pid = fork()))
{
/* fork() Error */
case -1:
Log ("CRASH", 0, "%s%s\n", "Error on fork() -> ", strerror(errno));
exit (EXIT_FAILURE);
/* First child process */
case 0:
/* Close socket that has been created in create_tcp_socket() */
close_listen_socks();
int result = 0;
/* Chroot process */
if (result != -1)
result = crv_drop_priv_perm_and_chroot (options.user , options.chroot_directory );
initialize_command_opt(&command);
command.addr = crv_strdup((const char *)inet_ntoa (from.sin_addr));
if (options.sec == 1) {
result = post_connection_check (ssl, command.addr);
if (result != X509_V_OK) {
Log ( "HACK", 0,
"-Error: peer certificate: %s\n",
X509_verify_cert_error_string (result));
result = -1;
}
}
/* Time initialisation */
gettimeofday (&tv1, NULL);
/* Get client name*/
char buff[SIZE];
command.user = recup_pseudo (ssl);
command.mail = recup_email (ssl);
/* Send client pseudo to father */
write(pfd[1], command.user, strlen(command.user)+1);
close(pfd[1]); /* close write side */
sleep(1);
memset(buff, 0, sizeof(buff));
/* Read repond from father */
(void)read(pfd[0], buff, SIZE);
close(pfd[0]);
/* Get father respond about client pseudo */
/* Les pipes sont à enlever car, la liste des utilisateurs autorisés
* sont contenue sur la base de données distante
if (!crv_strncmp(buff, "no_register")) {
Log ("WARNING", 0, "Username '%s' is not registered", command.user);
result = -1;
}
*/
printf("buff:%s\n", buff);
/* Get CMD info (comd name, sha1 file, begin, end) */
if (result != -1)
result = pre_authcon( ssl, (const char *)buff);
if ( result == -1)
Log ("WARNING", 0, "Can't set command options");
/* exec command give by client */
if (result != -1)
traitement_conec ( ssl);
/* Free command structure */
Free_cmd_struct();
/* Close Socket , tube */
shutdown (newsock, 2);
close (newsock);
/* Free the allocated SSL structure */
SSL_free (ssl);
/* Free the allocated SSL CONTEXT object */
SSL_CTX_free (ctx);
/* EXIT */
exit (EXIT_SUCCESS);
/* Father process */
default:
{
char *xpath = NULL;
char Buffer[SIZE];
/* Read client pseudo from son */
(void)read(pfd[0], Buffer, SIZE);
//xpath = get_grp_list(Buffer);
close(pfd[0]); /* close read side */
if (xpath == NULL)
xpath = crv_strdup("no_register");
(void)crv_strncpy(Buffer, xpath, sizeof(Buffer));
(void)write(pfd[1], Buffer, strlen(Buffer)+1);
close(pfd[1]);
if (xpath != NULL)
crv_free(xpath);
SSL_free (ssl);
close(newsock);
}
} /* End of fork() */
} /* if handcheck is 0 */
} /* FD_ISSET */
} /* End of for() loop */
}
void *synchronization_responding_main(void *arg)
{
BIO *bio_acc = NULL;
BIO *bio_client = NULL;
SSL *ssl_client = NULL;
SSL_CTX *ctx = NULL;
int err;
char *host[1];
ctx = setup_server_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH);
bio_acc = BIO_new_accept(UA_SYNCHRONIZATION_RESPONDING_PORT);
if(!bio_acc)
int_error("Creating server socket failed");
if(BIO_do_accept(bio_acc) <= 0)
int_error("Binding server socket failed");
for(;;)
{
if(BIO_do_accept(bio_acc) <= 0)
int_error("Accepting connection failed");
bio_client = BIO_pop(bio_acc);
if(!(ssl_client = SSL_new(ctx)))
int_error("Creating SSL context failed");
SSL_set_bio(ssl_client, bio_client, bio_client);
if(SSL_accept(ssl_client) <= 0)
{
fprintf(stderr, "Accepting SSL connection failed\n");
goto ERROR_AT_SSL_LAYER;
}
host[0] = USER_AUTH_CN;
if((err = post_connection_check(ssl_client, host, 1, false, NULL)) != X509_V_OK)
{
fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err));
goto ERROR_AT_SSL_LAYER;
}
// Process the request
if(!process_request(ssl_client))
goto ERROR_AT_SSL_LAYER;
ERROR_AT_SSL_LAYER:
SSL_cleanup(ssl_client);
ssl_client = NULL;
ERR_remove_state(0);
}
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio_acc);
bio_acc = NULL;
pthread_exit(NULL);
return NULL;
}
void *user_authentication_main(void *arg)
{
BIO *bio_acc = NULL;
BIO *bio_client = NULL;
SSL *ssl_client = NULL;
SSL_CTX *ctx = NULL;
char username[USER_NAME_LENGTH + 1];
char key_exchange_passwd[PASSWD_LENGTH + 1];
boolean is_admin_flag;
ctx = setup_server_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH);
bio_acc = BIO_new_accept(UA_USER_AUTHENTICATION_PORT);
if(!bio_acc)
int_error("Creating server socket failed");
if(BIO_do_accept(bio_acc) <= 0)
int_error("Binding server socket failed");
for(;;)
{
if(BIO_do_accept(bio_acc) <= 0)
int_error("Accepting connection failed");
bio_client = BIO_pop(bio_acc);
// Verify the user
if(verify_authentication_request(bio_client, username, &is_admin_flag, key_exchange_passwd))
{
int err;
char *hosts[1];
// SSL certificate response
if(!ssl_cert_response(bio_client, username, is_admin_flag, key_exchange_passwd))
goto ERROR_AT_BIO_LAYER;
if(!(ssl_client = SSL_new(ctx)))
int_error("Creating SSL context failed");
SSL_set_bio(ssl_client, bio_client, bio_client);
if(SSL_accept(ssl_client) <= 0)
{
fprintf(stderr, "Accepting SSL connection failed\n");
goto ERROR_AT_SSL_LAYER;
}
hosts[0] = is_admin_flag ? ADMIN_CN : USER_CN;
if((err = post_connection_check(ssl_client, hosts, 1, true, GLOBAL_authority_name)) != X509_V_OK)
{
fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err));
goto ERROR_AT_SSL_LAYER;
}
// Verify the certificate owner
if(!verify_cert_owner(ssl_client, username, is_admin_flag))
goto ERROR_AT_SSL_LAYER;
// Record transaction login log
record_transaction_complete_login_log(ssl_client, username, is_admin_flag);
// Basic information response
if(!basic_info_response(ssl_client, username, is_admin_flag))
goto ERROR_AT_SSL_LAYER;
if(!is_admin_flag)
{
// CP-ABE private key response
if(!cpabe_private_key_response(ssl_client, username))
goto ERROR_AT_SSL_LAYER;
}
ERROR_AT_SSL_LAYER:
SSL_cleanup(ssl_client);
ssl_client = NULL;
ERR_remove_state(0);
continue;
ERROR_AT_BIO_LAYER:
BIO_free(bio_client);
bio_client = NULL;
ERR_remove_state(0);
}
else
{
fprintf(stderr, "Incorrect the verification information\n");
// Record transaction login log
record_transaction_incomplete_login_log(bio_client);
BIO_free(bio_client);
bio_client = NULL;
}
}
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio_acc);
bio_acc = NULL;
pthread_exit(NULL);
return NULL;
}
