int open_connection( SSL **ssl, SSL_CTX **ctx, char *server_addr, char *server_port) { BIO *conn; long err; char addr_buf[100] = ""; sprintf(addr_buf, "%s:%s", server_addr, server_port); printf("[%s]\n",addr_buf); *ctx = setup_client_ctx( ); conn = BIO_new_connect(addr_buf); if (!conn) handle_error("Error creating connection BIO"); if (BIO_do_connect(conn) <= 0) handle_error("Error connecting to remote machine"); *ssl = SSL_new(*ctx); SSL_set_bio(*ssl, conn, conn); if (SSL_connect(*ssl) <= 0) handle_error("Error connecting SSL object"); if ((err = post_connection_check(*ssl, SERVER)) != X509_V_OK) { fprintf(stderr, "-Error: peer certificate: %s\n", X509_verify_cert_error_string(err)); handle_error("Error checking SSL object after connection"); } fprintf(stderr, "SSL Connection opened\n"); return 0; }
void THREAD_CC server_thread(void *arg) { SSL *ssl = (SSL *)arg; long err; #ifndef WIN32 pthread_detach(pthread_self( )); #endif if (SSL_accept(ssl) <= 0) int_error("Error accepting SSL connection"); if ((err = post_connection_check(ssl, CLIENT)) != X509_V_OK) { fprintf(stderr, "-Error: peer certificate: %s\n", X509_verify_cert_error_string(err)); int_error("Error checking SSL object after connection"); } fprintf(stderr, "SSL Connection opened\n"); if (do_server_loop(ssl)) SSL_shutdown(ssl); else SSL_clear(ssl); fprintf(stderr, "SSL Connection closed\n"); SSL_free(ssl); ERR_remove_state(0); #ifdef WIN32 _endthread( ); #endif return 0; }
static boolean connect_to_emergency_phr_list_loading_service(SSL **ssl_conn_ret) { BIO *bio_conn = NULL; SSL_CTX *ctx = NULL; int err; char *hosts[1]; char phr_server_addr[IP_ADDRESS_LENGTH + PORT_NUMBER_LENGTH + 2]; // Connect to PHR Server sprintf(phr_server_addr, "%s:%s", GLOBAL_phr_server_ip_addr, PHRSV_EMERGENCY_PHR_LIST_LOADING_PORT); bio_conn = BIO_new_connect(phr_server_addr); if(!bio_conn) int_error("Creating BIO connection failed"); if(BIO_do_connect(bio_conn) <= 0) { fprintf(stderr, "Connecting to PHR server failed\n"); goto ERROR_AT_BIO_LAYER; } ctx = setup_client_ctx(EMS_CERTFILE_PATH, EMS_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); if(!(*ssl_conn_ret = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(*ssl_conn_ret, bio_conn, bio_conn); if(SSL_connect(*ssl_conn_ret) <= 0) { fprintf(stderr, "Connecting SSL object failed\n"); goto ERROR_AT_SSL_LAYER; } hosts[0] = PHR_SERVER_CN; if((err = post_connection_check(*ssl_conn_ret, hosts, 1, false, NULL)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Return value of *ssl_conn_ret SSL_CTX_free(ctx); ERR_remove_state(0); return true; ERROR_AT_BIO_LAYER: BIO_free(bio_conn); bio_conn = NULL; ERR_remove_state(0); return false; ERROR_AT_SSL_LAYER: SSL_cleanup(*ssl_conn_ret); *ssl_conn_ret = NULL; SSL_CTX_free(ctx); ERR_remove_state(0); return false; }
static boolean connect_to_phr_transaction_log_synchronization_service(SSL **ssl_conn_ret) { BIO *bio_conn = NULL; SSL_CTX *ctx = NULL; int err; char *hosts[1]; char audit_server_addr[IP_ADDRESS_LENGTH + PORT_NUMBER_LENGTH + 2]; // Connect to Audit Server sprintf(audit_server_addr, "%s:%s", GLOBAL_audit_server_ip_addr, AS_PHR_TRANSACTION_LOG_SYNCHRONIZATION_PORT); bio_conn = BIO_new_connect(audit_server_addr); if(!bio_conn) int_error("Creating BIO connection failed"); if(BIO_do_connect(bio_conn) <= 0) { fprintf(stderr, "Connecting to audit server failed\n"); goto ERROR_AT_BIO_LAYER; } ctx = setup_client_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); if(!(*ssl_conn_ret = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(*ssl_conn_ret, bio_conn, bio_conn); if(SSL_connect(*ssl_conn_ret) <= 0) { fprintf(stderr, "Connecting SSL object failed\n"); goto ERROR_AT_SSL_LAYER; } hosts[0] = AUDIT_SERVER_CN; if((err = post_connection_check(*ssl_conn_ret, hosts, 1, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Return value of *ssl_conn_ret SSL_CTX_free(ctx); ERR_remove_state(0); return true; ERROR_AT_BIO_LAYER: BIO_free(bio_conn); bio_conn = NULL; ERR_remove_state(0); return false; ERROR_AT_SSL_LAYER: SSL_cleanup(*ssl_conn_ret); *ssl_conn_ret = NULL; SSL_CTX_free(ctx); ERR_remove_state(0); return false; }
void* conn_handler(void *arg) { long err; SSL *ssl; struct conn_ctx *ctx = (struct conn_ctx *)arg; struct freeq_ctx *freeqctx = ctx->srvctx->freeqctx; struct freeqd_state *fst = ctx->srvctx->fst; BIO *client = ctx->client; pthread_detach(pthread_self()); ssl = freeq_ssl_new(freeqctx); SSL_set_bio(ssl, client, client); if (SSL_accept(ssl) <= 0) { int_error("Error accepting SSL connection"); return NULL; } if ((err = post_connection_check(freeqctx, ssl, "localhost")) != X509_V_OK) { err(freeqctx, "error: peer certificate: %s\n", X509_verify_cert_error_string(err)); int_error("Error checking SSL object after connection"); } BIO *buf_io, *ssl_bio; buf_io = BIO_new(BIO_f_buffer()); ssl_bio = BIO_new(BIO_f_ssl()); BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); BIO_push(buf_io, ssl_bio); dbg(freeqctx, "ssl client connection opened\n"); if (generation_table_merge(freeqctx, fst, buf_io)) { err(freeqctx, "table merge failed\n"); SSL_shutdown(ssl); } else { dbg(freeqctx, "table merged ok\n"); SSL_clear(ssl); } dbg(freeqctx, "ssl client connection closed\n"); SSL_free(ssl); ERR_remove_state(0); return 0; }
static void do_ssl_accept(connections_head_t *head, connection_t *conn) { long err; int ret, ssl_err; if (conn->accept == 0) { /* first invoke do_ssl_accept */ conn->ssl = SSL_new(head->ctx); if (NULL == conn->ssl) { perror("SSL_new"); goto error; } if (SSL_set_fd(conn->ssl, conn->fd) != 1) { perror("SSL_set_fd"); goto error; } conn->accept = 1; } ret = SSL_accept(conn->ssl); if (ret != 1) { ssl_err = SSL_get_error(conn->ssl, ret); if (ssl_err != SSL_ERROR_WANT_READ && ssl_err != SSL_ERROR_WANT_WRITE) { ERROR_MSG("ssl_err is: %d\n", ssl_err); ERROR_MSG("ssl_accept"); goto error; } /* called next epoll_wait loop */ return; } err = post_connection_check(conn->ssl, "192.168.1.10"); if (err != X509_V_OK) { ERROR_MSG("post_connection_check error\n"); ERROR_MSG("-Error: peer certificate: %s\n", X509_verify_cert_error_string(err)); } conn->handler = ssl_rdwr_handler; error: return; }
int main_ssl(int argc, char **argv) { BIO *conn; SSL *ssl; SSL_CTX *ctx; long err; init_OpenSSL(); seed_prng(); ctx = setup_client_ctx(); fprintf(stderr, "SERVER= %s:%s\n", SERVER, PORT); conn = BIO_new_connect(SERVER ":" PORT); if (!conn) int_error("Error creating connection BIO"); if (BIO_do_connect(conn) <= 0) int_error("Error connecting to remote machine"); ssl = SSL_new(ctx); SSL_set_bio(ssl, conn, conn); if (SSL_connect(ssl) <= 0) int_error("Error connecting SSL object"); if ((err = post_connection_check(ssl, SERVER)) != X509_V_OK) { fprintf(stderr, "-Error: peer certificate: %s\n", X509_verify_cert_error_string(err)); int_error("Error checking SSL object after connection"); } fprintf(stderr, "SSL Connection opened\n"); if (do_client_loop(ssl)) SSL_shutdown(ssl); else SSL_clear(ssl); fprintf(stderr, "SSL Connection closed\n"); SSL_free(ssl); SSL_CTX_free(ctx); return 0; }
static boolean connect_to_restricted_level_phr_access_request_responding_service(SSL **ssl_conn_ret) { BIO *bio_conn = NULL; SSL_CTX *ctx = NULL; int err; char *hosts[1]; char emergency_server_addr[IP_ADDRESS_LENGTH + PORT_NUMBER_LENGTH + 2]; // Connect to Emergency Server sprintf(emergency_server_addr, "%s:%s", GLOBAL_emergency_server_ip_addr, EMS_RESTRICTED_LEVEL_PHR_ACCESS_REQUEST_RESPONDING_PORT); bio_conn = BIO_new_connect(emergency_server_addr); if(!bio_conn) int_error("Creating BIO connection failed"); if(BIO_do_connect(bio_conn) <= 0) { backend_alert_msg_callback_handler("Connecting to emergency server failed"); goto ERROR_AT_BIO_LAYER; } /* Hash value is used for verifying an SSL certificate to make sure that certificate is a latest update version, preventing a user uses a revoked certificate to feign to be a revoked one */ if(!verify_file_integrity(SSL_CERT_PATH, GLOBAL_ssl_cert_hash, CALCULATING_SSL_CERT_HASH_PATH)) { // Notify alert message to user and then terminate the application backend_fatal_alert_msg_handler_callback("Your SSL certificate is not verified.\nTo solve this, please contact an administrator."); } ctx = setup_client_ctx(SSL_CERT_PATH, GLOBAL_passwd, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); if(!(*ssl_conn_ret = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(*ssl_conn_ret, bio_conn, bio_conn); if(SSL_connect(*ssl_conn_ret) <= 0) { backend_alert_msg_handler_callback("Connecting SSL object failed"); goto ERROR_AT_SSL_LAYER; } hosts[0] = EMERGENCY_SERVER_CN; if((err = post_connection_check(*ssl_conn_ret, hosts, 1, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); backend_alert_msg_handler_callback("Checking SSL information failed"); goto ERROR_AT_SSL_LAYER; } // Return value of *ssl_conn_ret SSL_CTX_free(ctx); ERR_remove_state(0); return true; ERROR_AT_BIO_LAYER: BIO_free(bio_conn); bio_conn = NULL; ERR_remove_state(0); return false; ERROR_AT_SSL_LAYER: SSL_cleanup(*ssl_conn_ret); *ssl_conn_ret = NULL; SSL_CTX_free(ctx); ERR_remove_state(0); return false; }
void *emergency_delegation_list_loading_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; int err; char *host[1]; ctx = setup_server_ctx(EMS_CERTFILE_PATH, EMS_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(EMS_EMERGENCY_DELEGATION_LIST_LOADING_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } host[0] = USER_CN; if((err = post_connection_check(ssl_client, host, 1, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Process types of request if(!process_request(ssl_client)) goto ERROR_AT_SSL_LAYER; ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }
void* sqlhandler(void *arg) { char sql[MAX_MSG]; int ret, err; SSL *ssl; sqlite4_stmt *pStmt; struct conn_ctx *conn = (struct conn_ctx *)arg; struct freeq_ctx *freeqctx = conn->srvctx->freeqctx; BIO *client = conn->client; if (!(ssl = freeq_ssl_new(freeqctx))) { err(freeqctx, "couldn't allocate new ssl instance"); BIO_free_all(client); free(conn); pthread_exit(NULL); } SSL_set_bio(ssl, client, client); if (SSL_accept(ssl) <= 0) { int_error("Error accepting SSL connection"); BIO_free_all(client); free(conn); pthread_exit(NULL); } if ((err = post_connection_check(freeqctx, ssl, "localhost")) != X509_V_OK) { err(freeqctx, "error: peer certificate: %s\n", X509_verify_cert_error_string(err)); BIO_free_all(client); free(conn); pthread_exit(NULL); } BIO *b, *ssl_bio; b = BIO_new(BIO_f_buffer()); ssl_bio = BIO_new(BIO_f_ssl()); BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); BIO_push(b, ssl_bio); memset(sql, 0, MAX_MSG); ret = BIO_gets(b, sql, MAX_MSG); ret = sqlite4_prepare(pDb, sql, strlen(sql), &pStmt, 0); if (ret != SQLITE4_OK) { dbg(freeqctx, "prepare failed for %s sending error, ret was %d\n", sql, ret); //freeq_error_write_sock(freeqctx, sqlite4_errmsg(pDb), b); dbg(freeqctx, sqlite4_errmsg(pDb)); //BIO_printf(b, "error: %s\n", sqlite4_errmsg(pDb)); sqlite4_finalize(pStmt); //pthread_exit(FREEQ_ERR); } freeq_sqlite_to_bio(freeqctx, b, pStmt); SSL_shutdown(ssl); SSL_free(ssl); BIO_free_all(client); free(conn); pthread_exit(FREEQ_OK); }
void *phr_authority_list_loading_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; int err; char *hosts[2]; ctx = setup_server_ctx(ESA_CERTFILE_PATH, ESA_CERTFILE_PASSWD, EMU_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(ESA_PHR_AUTHORITY_LIST_LOADING_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } hosts[0] = ADMIN_CN; hosts[1] = USER_CN; if((err = post_connection_check(ssl_client, hosts, 2, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Serve the PHR authority list if(!load_phr_authority_list(ssl_client)) goto ERROR_AT_SSL_LAYER; ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }
void *access_permission_management_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; int err; char *hosts[1]; ctx = setup_server_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(UA_ACCESS_PERMISSION_MANAGEMENT_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } hosts[0] = USER_CN; if((err = post_connection_check(ssl_client, hosts, 1, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Process request if(!process_request(ssl_client)) goto ERROR_AT_SSL_LAYER; ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }
/* * The main TCP accpet loop */ void server_accept_loop() { fd_set *fdset; int maxfd, i, ret, err; int newsock; struct sockaddr_in from; socklen_t fromlen; int handcheck = -1; int sock; char **addr = NULL; int pfd[2]; fdset = NULL; maxfd = 0; signal(SIGPIPE, SIG_IGN); signal(SIGTERM, ctr_c); signal(SIGQUIT, ctr_c); signal(SIGINT, ctr_c); /* SSL preliminaries */ SSL_CTX* ctx; SSL* ssl; init_OpenSSL (); seed_prng (); /* We keep the certificate and key with the context. */ ctx = setup_server_ctx (); addr = crv_cut(options.listen_addrs, " "); for (i = 0; addr[i]; i++) { /* Prepare TCP socket for receiving connections (change user for ROOT if port < 1024 )*/ sock = crv_server_listen(options.num_ports, 5, addr[i], options.address_family, 1); if (sock == -1) { fprintf( stderr, "%s\n", "main(): server_listent() failed"); exit (EXIT_FAILURE); } /* Add comment (listening on several adress )*/ listen_socks[num_listen_socks] = sock; num_listen_socks++; } for( i = 0; addr[i]; i++) crv_free(addr[i]); crv_free(addr); for (i = 0; i < num_listen_socks; i++) if (listen_socks[i] > maxfd) maxfd = listen_socks[i]; /* loop */ for(;;) { newsock = -1; int pid; handcheck = -1; if (fdset != NULL) free(fdset); fdset = (fd_set *) calloc(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); for ( i = 0; i < num_listen_socks; i++) FD_SET(listen_socks[i], fdset); /* wait in select until there is a connection. */ ret = select(maxfd+1, fdset, NULL, NULL, NULL); if (ret < 0 && errno != EINTR) Log ( "WARNING", 0, "select: %.100s", strerror(errno)); for ( i = 0; i < num_listen_socks; i++) if ( FD_ISSET(listen_socks[i], fdset)) { fromlen = sizeof(from); newsock = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen); if (newsock < 0) { if (errno != EINTR && errno != EWOULDBLOCK ) Log ( "WARNING", 0, "accept: %.100s", strerror(errno)); continue; } if (received_sigterm) { fprintf( stderr, "Received signal %d; terminating.\n", (int) received_sigterm); close_listen_socks(); unlink(options.pid); return; } if (crv_unset_nonblock(newsock) == -1) { Log ( "CRASH", 0, "Unset nonblock failed"); continue; } /* TCP connection is ready. Do server side SSL. */ ssl = SSL_new (ctx); if ((ssl)==NULL) { Log ( "CRASH", 0, "Create new ssl failed"); continue; } /* connect the SSL object with a file descriptor */ err = SSL_set_fd (ssl, newsock); if ((err)==0) { Log ( "CRASH", 0, "Put SSL on socket failed \n"); close(newsock); continue; } /* TCP connection is ready. Do server side SSL. */ err = SSL_accept (ssl); if ((err) <= 0) { Log ("HACK", 0, "%s handcheck failed", inet_ntoa(from.sin_addr)); /* Free the allocated SSL structure */ SSL_free (ssl); continue; } else { handcheck = 0; } if ( handcheck != -1 ) { /* Pipe creation */ if (pipe(pfd) == -1) { fprintf( stderr, "%s\n", "server_accept_loop(): pipe() failed"); return; } switch((pid = fork())) { /* fork() Error */ case -1: Log ("CRASH", 0, "%s%s\n", "Error on fork() -> ", strerror(errno)); exit (EXIT_FAILURE); /* First child process */ case 0: /* Close socket that has been created in create_tcp_socket() */ close_listen_socks(); int result = 0; /* Chroot process */ if (result != -1) result = crv_drop_priv_perm_and_chroot (options.user , options.chroot_directory ); initialize_command_opt(&command); command.addr = crv_strdup((const char *)inet_ntoa (from.sin_addr)); if (options.sec == 1) { result = post_connection_check (ssl, command.addr); if (result != X509_V_OK) { Log ( "HACK", 0, "-Error: peer certificate: %s\n", X509_verify_cert_error_string (result)); result = -1; } } /* Time initialisation */ gettimeofday (&tv1, NULL); /* Get client name*/ char buff[SIZE]; command.user = recup_pseudo (ssl); command.mail = recup_email (ssl); /* Send client pseudo to father */ write(pfd[1], command.user, strlen(command.user)+1); close(pfd[1]); /* close write side */ sleep(1); memset(buff, 0, sizeof(buff)); /* Read repond from father */ (void)read(pfd[0], buff, SIZE); close(pfd[0]); /* Get father respond about client pseudo */ /* Les pipes sont à enlever car, la liste des utilisateurs autorisés * sont contenue sur la base de données distante if (!crv_strncmp(buff, "no_register")) { Log ("WARNING", 0, "Username '%s' is not registered", command.user); result = -1; } */ printf("buff:%s\n", buff); /* Get CMD info (comd name, sha1 file, begin, end) */ if (result != -1) result = pre_authcon( ssl, (const char *)buff); if ( result == -1) Log ("WARNING", 0, "Can't set command options"); /* exec command give by client */ if (result != -1) traitement_conec ( ssl); /* Free command structure */ Free_cmd_struct(); /* Close Socket , tube */ shutdown (newsock, 2); close (newsock); /* Free the allocated SSL structure */ SSL_free (ssl); /* Free the allocated SSL CONTEXT object */ SSL_CTX_free (ctx); /* EXIT */ exit (EXIT_SUCCESS); /* Father process */ default: { char *xpath = NULL; char Buffer[SIZE]; /* Read client pseudo from son */ (void)read(pfd[0], Buffer, SIZE); //xpath = get_grp_list(Buffer); close(pfd[0]); /* close read side */ if (xpath == NULL) xpath = crv_strdup("no_register"); (void)crv_strncpy(Buffer, xpath, sizeof(Buffer)); (void)write(pfd[1], Buffer, strlen(Buffer)+1); close(pfd[1]); if (xpath != NULL) crv_free(xpath); SSL_free (ssl); close(newsock); } } /* End of fork() */ } /* if handcheck is 0 */ } /* FD_ISSET */ } /* End of for() loop */ }
void *synchronization_responding_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; int err; char *host[1]; ctx = setup_server_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(UA_SYNCHRONIZATION_RESPONDING_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } host[0] = USER_AUTH_CN; if((err = post_connection_check(ssl_client, host, 1, false, NULL)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Process the request if(!process_request(ssl_client)) goto ERROR_AT_SSL_LAYER; ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }
void *user_authentication_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; char username[USER_NAME_LENGTH + 1]; char key_exchange_passwd[PASSWD_LENGTH + 1]; boolean is_admin_flag; ctx = setup_server_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(UA_USER_AUTHENTICATION_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); // Verify the user if(verify_authentication_request(bio_client, username, &is_admin_flag, key_exchange_passwd)) { int err; char *hosts[1]; // SSL certificate response if(!ssl_cert_response(bio_client, username, is_admin_flag, key_exchange_passwd)) goto ERROR_AT_BIO_LAYER; if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } hosts[0] = is_admin_flag ? ADMIN_CN : USER_CN; if((err = post_connection_check(ssl_client, hosts, 1, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Verify the certificate owner if(!verify_cert_owner(ssl_client, username, is_admin_flag)) goto ERROR_AT_SSL_LAYER; // Record transaction login log record_transaction_complete_login_log(ssl_client, username, is_admin_flag); // Basic information response if(!basic_info_response(ssl_client, username, is_admin_flag)) goto ERROR_AT_SSL_LAYER; if(!is_admin_flag) { // CP-ABE private key response if(!cpabe_private_key_response(ssl_client, username)) goto ERROR_AT_SSL_LAYER; } ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); continue; ERROR_AT_BIO_LAYER: BIO_free(bio_client); bio_client = NULL; ERR_remove_state(0); } else { fprintf(stderr, "Incorrect the verification information\n"); // Record transaction login log record_transaction_incomplete_login_log(bio_client); BIO_free(bio_client); bio_client = NULL; } } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }