HTTPInfoStruct *HTTPInfoCreate(char *Host, int Port, char *Logon, char *Password, char *Method, char *Doc, char *ContentType, int ContentLength)
{
HTTPInfoStruct *Info;
char *ptr;
Info=(HTTPInfoStruct *) calloc(1,sizeof(HTTPInfoStruct));
HTTPInfoSetValues(Info, Host, Port, Logon, Password, Method, Doc, ContentType, ContentLength);
Info->ServerHeaders=ListCreate();
Info->CustomSendHeaders=ListCreate();
//SetVar(Info->CustomSendHeaders,"Accept","*/*");
if (g_Flags) Info->Flags=g_Flags;
ptr=LibUsefulGetValue("HTTP:Proxy");
if (StrLen(ptr))
{
Info->Proxy=CopyStr(Info->Proxy,ptr);
strlwr(Info->Proxy);
if (strncmp(Info->Proxy,"http:",5)==0) Info->Flags |= HTTP_PROXY;
else if (strncmp(Info->Proxy,"https:",6)==0) Info->Flags |= HTTP_PROXY;
else Info->Flags=HTTP_TUNNEL;
}
return(Info);
}
void OpenSSLSetupDH(SSL_CTX *ctx)
{
char *Tempstr=NULL, *ptr;
DH *dh=NULL;
FILE *paramfile;
if (CachedDH) dh=CachedDH;
else
{
ptr=LibUsefulGetValue("SSL-DHParams-File");
if (StrLen(ptr)) Tempstr=CopyStr(Tempstr,ptr);
paramfile = fopen(Tempstr, "r");
if (paramfile)
{
CachedDH = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
dh=CachedDH;
fclose(paramfile);
}
if (! dh)
{
//OpenSSLGenerateDHParams();
dh=CachedDH;
}
}
if (dh) SSL_CTX_set_tmp_dh(ctx, dh);
//Don't free these parameters, as they are cached
//DH_KEY_free(dh);
DestroyString(Tempstr);
}
void PrintVersion()
{
fprintf(stdout,"ParanoidTelnetD: version %s\n",VERSION);
fprintf(stdout,"\nBuilt: %s %s\n",__DATE__,__TIME__);
fprintf(stdout,"libUseful: Version %s BuildTime: %s\n",LibUsefulGetValue("LibUsefulVersion"), LibUsefulGetValue("LibUsefulBuildTime"));
/*
if (SSLAvailable()) fprintf(stdout,"SSL Library: %s\n",LibUsefulGetValue("SSL-Library"));
else fprintf(stdout,"%s\n","SSL Library: None, not compiled with --enable-ssl");
*/
exit(0);
}
int SMTPHelo(STREAM *S)
{
int RetVal=0;
char *Tempstr=NULL, *Token=NULL;
const char *ptr;
ptr=LibUsefulGetValue("SMTP:HELO");
if (! StrValid(ptr)) ptr=STREAMGetValue(S,"SMTP:HELO");
if (! StrValid(ptr))
{
Token=GetExternalIP(Token);
ptr=Token;
}
Tempstr=MCopyStr(Tempstr, "EHLO ", ptr, "\r\n", NULL);
STREAMWriteLine(Tempstr,S);
Tempstr=SMTPRead(Tempstr, S);
if (*Tempstr == '2')
{
RetVal |= CAP_EHLO;
ptr=GetToken(Tempstr,"\n",&Token,0);
while (ptr)
{
StripTrailingWhitespace(Token);
RetVal |= SMTPParseCapabilities(Token);
ptr=GetToken(ptr,"\n",&Token,0);
}
}
//Some old server that doesn't support EHLO, switch to HELO
else
{
Tempstr=MCopyStr(Tempstr, "HELO ", ptr, "\r\n", NULL);
STREAMWriteLine(Tempstr,S);
if (SMTPInteract(Tempstr, S)) RetVal |= CAP_HELO;
}
DestroyString(Tempstr);
DestroyString(Token);
return(RetVal);
}
int DoSSLClientNegotiation(STREAM *S, int Flags)
{
int result=FALSE;
#ifdef HAVE_LIBSSL
const SSL_METHOD *Method;
SSL_CTX *ctx;
SSL *ssl;
//struct x509 *cert=NULL;
char *ptr;
if (S)
{
INTERNAL_SSL_INIT();
// SSL_load_ciphers();
Method=SSLv23_client_method();
ctx=SSL_CTX_new(Method);
if (! ctx) HandleSSLError();
else
{
STREAM_INTERNAL_SSL_ADD_SECURE_KEYS(S,ctx);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, OpenSSLVerifyCallback);
ssl=SSL_new(ctx);
SSL_set_fd(ssl,S->in_fd);
STREAMSetItem(S,"LIBUSEFUL-SSL-CTX",ssl);
SSL_set_options(ssl, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2); //SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1
ptr=LibUsefulGetValue("SSL-Permitted-Ciphers");
if (ptr) SSL_set_cipher_list(ssl, ptr);
result=SSL_connect(ssl);
S->Flags|=SF_SSL;
OpenSSLQueryCipher(S);
OpenSSLVerifyCertificate(S);
}
}
#endif
return(result);
}
STREAM *SMTPConnect(const char *Sender, const char *Recipients, int Flags)
{
char *MailFrom=NULL, *Recip=NULL, *Tempstr=NULL;
char *Proto=NULL, *User=NULL, *Pass=NULL, *Host=NULL, *PortStr=NULL;
const char *p_MailServer, *ptr;
int result=FALSE, Caps=0, RecipientAccepted=FALSE;
STREAM *S;
p_MailServer=LibUsefulGetValue("SMTP:Server");
if (! StrValid(p_MailServer))
{
RaiseError(0, "SendMail", "No Mailserver set");
return(NULL);
}
if (strncmp(p_MailServer,"smtp:",5) !=0) Tempstr=MCopyStr(Tempstr,"smtp:",p_MailServer,NULL);
else Tempstr=CopyStr(Tempstr, p_MailServer);
ParseURL(Tempstr, &Proto, &Host, &PortStr, &User, &Pass, NULL, NULL);
if (! StrValid(PortStr)) PortStr=CopyStr(PortStr, "25");
Tempstr=MCopyStr(Tempstr,"tcp:",Host,":",PortStr,NULL);
//syslog(LOG_DEBUG, "mailto: %s [%s] [%s] [%s]",Tempstr,Proto,Host,PortStr);
S=STREAMOpen(Tempstr, "");
if (S)
{
if (SMTPInteract("", S))
{
Caps=SMTPHelo(S);
if (Caps > 0)
{
//try STARTTLS, the worst that will happen is the server will say no
if ((! (Flags & SMTP_NOSSL)) && SSLAvailable() && SMTPInteract("STARTTLS\r\n", S)) DoSSLClientNegotiation(S, 0);
if (
(Caps & (CAP_AUTH_LOGIN | CAP_AUTH_PLAIN)) &&
(StrValid(User) && StrValid(Pass))
) SMTPLogin(S, Caps, User, Pass);
//Whether login was needed or not, worked or not, let's try to send a mail
Tempstr=MCopyStr(Tempstr, "MAIL FROM: ", Sender, "\r\n", NULL);
if (! SMTPInteract(Tempstr, S)) RaiseError(0,"SendMail","mailserver refused sender");
else if (! SmtpSendRecipients(Recipients, S)) RaiseError(0,"SendMail","No recipients accepted by mailserver");
else if (! SMTPInteract("DATA\r\n", S)) RaiseError(0,"SendMail","mailserver refused mail");
else
{
//we got this far, rest of the process is handled by the calling function
result=TRUE;
}
}
else RaiseError(0,"SendMail","Initial mailserver handshake failed");
}
else RaiseError(0,"SendMail","Initial mailserver handshake failed");
}
else RaiseError(0,"SendMail","mailserver connection failed");
DestroyString(Tempstr);
DestroyString(Recip);
DestroyString(Proto);
DestroyString(User);
DestroyString(Pass);
DestroyString(Host);
DestroyString(PortStr);
if (! result)
{
STREAMClose(S);
return(NULL);
}
return(S);
}
void HTTPSendHeaders(STREAM *S, HTTPInfoStruct *Info)
{
char *SendStr=NULL, *Tempstr=NULL, *ptr;
ListNode *Curr;
int count;
int i;
static int AuthCounter=0;
STREAMClearDataProcessors(S);
SendStr=CopyStr(SendStr,Info->Method);
SendStr=CatStr(SendStr," ");
if (Info->Flags & HTTP_PROXY) Tempstr=HTTPInfoToURL(Tempstr, Info);
else Tempstr=HTTPQuoteChars(Tempstr,Info->Doc," ");
SendStr=CatStr(SendStr,Tempstr);
if (Info->Flags & HTTP_VER1_0) SendStr=CatStr(SendStr," HTTP/1.0\r\n");
else SendStr=MCatStr(SendStr," HTTP/1.1\r\n","Host: ",Info->Host,"\r\n",NULL);
if (StrLen(Info->PostContentType) >0)
{
Tempstr=FormatStr(Tempstr,"Content-type: %s\r\n",Info->PostContentType);
SendStr=CatStr(SendStr,Tempstr);
}
if (Info->PostContentLength > 0)
{
Tempstr=FormatStr(Tempstr,"Content-Length: %d\r\n",Info->PostContentLength);
SendStr=CatStr(SendStr,Tempstr);
}
if (StrLen(Info->Destination))
{
Tempstr=FormatStr(Tempstr,"Destination: %s\r\n",Info->Destination);
SendStr=CatStr(SendStr,Tempstr);
}
/* If we have authorisation details then send them */
if (Info->Authorization) SendStr=HTTPHeadersAppendAuth(SendStr, "Authorization", Info, Info->Authorization);
if (Info->ProxyAuthorization) SendStr=HTTPHeadersAppendAuth(SendStr, "Proxy-Authorization", Info, Info->ProxyAuthorization);
if (Info->Flags & HTTP_NOCACHE) SendStr=CatStr(SendStr,"Pragma: no-cache\r\nCache-control: no-cache\r\n");
if (Info->Depth > 0)
{
Tempstr=FormatStr(Tempstr,"Depth: %d\r\n",Info->Depth);
SendStr=CatStr(SendStr,Tempstr);
}
/*
if ((PathData->Options.Restart) && (PathData->offset >0))
{
snprintf(Buffer,sizeof(Buffer),"Range: bytes=%d-\r\n",PathData->offset);
SendStr=CatStr(SendStr,Buffer);
}
*/
if (Info->IfModifiedSince > 0)
{
Tempstr=CopyStr(Tempstr,GetDateStrFromSecs("%a, %d %b %Y %H:%M:%S GMT",Info->IfModifiedSince,NULL));
SendStr=MCatStr(SendStr,"If-Modified-Since: ",Tempstr, "\r\n",NULL);
}
if (
(strcasecmp(Info->Method,"DELETE") !=0) &&
(strcasecmp(Info->Method,"HEAD") !=0) &&
(strcasecmp(Info->Method,"PUT") !=0)
)
{
Tempstr=CopyStr(Tempstr,"");
if (! (Info->Flags & HTTP_NOCOMPRESS))
{
if (DataProcessorAvailable("Compression","gzip")) Tempstr=CatStr(Tempstr,"gzip");
if (DataProcessorAvailable("Compression","zlib"))
{
if (StrLen(Tempstr)) Tempstr=CatStr(Tempstr,", deflate");
else Tempstr=CatStr(Tempstr,"deflate");
}
}
if (StrLen(Tempstr)) SendStr=MCatStr(SendStr,"Accept-Encoding: ",Tempstr,"\r\n",NULL);
else SendStr=CatStr(SendStr,"Accept-Encoding:\r\n");
}
if (Info->Flags & HTTP_KEEPALIVE)
{
//if (Info->Flags & HTTP_VER1_0)
SendStr=CatStr(SendStr,"Connection: Keep-Alive\r\n");
//SendStr=CatStr(SendStr,"Content-Length: 0\r\n");
}
else
{
SendStr=CatStr(SendStr,"Connection: Close\r\n");
}
ptr=LibUsefulGetValue("HTTP:User-Agent");
if (StrLen(ptr)) SendStr=MCatStr(SendStr,"User-Agent: ",ptr, "\r\n",NULL);
Curr=ListGetNext(Info->CustomSendHeaders);
while (Curr)
{
SendStr=MCatStr(SendStr,Curr->Tag, ": ", (char *) Curr->Item, "\r\n",NULL);
Curr=ListGetNext(Curr);
}
if (! (Info->Flags & HTTP_NOCOOKIES))
{
SendStr=AppendCookies(SendStr,Cookies);
}
SendStr=CatStr(SendStr,"\r\n");
Info->State |= HTTP_HEADERS_SENT;
if (Info->Flags & HTTP_DEBUG) fprintf(stderr,"HTTPSEND: ------\n%s------\n\n",SendStr);
STREAMWriteLine(SendStr,S);
STREAMFlush(S);
DestroyString(Tempstr);
DestroyString(SendStr);
}
void ParseSettings(int argc, char *argv[], TSettings *Settings)
{
int i;
char *Token=NULL;
if (argc < 2) return;
if (strcmp(argv[1],"-user")==0)
{
if (strcmp(argv[2],"list")==0) HandleUserSetup("list",argc, argv);
else if (strcmp(argv[2],"add")==0) HandleUserSetup("add",argc, argv);
else if (strcmp(argv[2],"del")==0) HandleUserSetup("del",argc, argv);
else printf("-user must be followed by one of \"add\", \"del\" or \"list\"\n");
exit(1);
}
for (i=1; i < argc; i++)
{
if (strcmp(argv[i],"-nodemon")==0) Settings->Flags |= FLAG_NODEMON;
else if (strcmp(argv[i],"-d")==0) Settings->Flags |= FLAG_NODEMON;
else if (strcmp(argv[i],"-i")==0) Settings->BindAddress=CopyStr(Settings->BindAddress,argv[++i]);
else if (strcmp(argv[i],"-a")==0) Settings->AuthPath=CopyStr(Settings->AuthPath,argv[++i]);
else if (strcmp(argv[i],"-A")==0) Settings->AuthMethods=CopyStr(Settings->AuthMethods,argv[++i]);
else if (strcmp(argv[i],"-v")==0)
{
if (Settings->Flags & FLAG_LOG_VERBOSE) Settings->Flags |= FLAG_LOG_MORE_VERBOSE;
Settings->Flags |= FLAG_LOG_VERBOSE;
}
else if (strcmp(argv[i],"-f")==0) Settings->ConfigPath=CopyStr(Settings->ConfigPath,argv[++i]);
else if (strcmp(argv[i],"-l")==0) Settings->LogPath=CopyStr(Settings->LogPath,argv[++i]);
else if (strcmp(argv[i],"-m")==0) Settings->HttpMethods=CopyStr(Settings->HttpMethods,argv[++i]);
else if (strcmp(argv[i],"-t")==0) Settings->ActivityTimeout=atoi(argv[++i]);
else if (strcmp(argv[i],"-p")==0) Settings->Port=atoi(argv[++i]);
else if (strcmp(argv[i],"-O")==0) Settings->AuthFlags &= ~FLAG_AUTH_REQUIRED;
else if (strcmp(argv[i],"-compress")==0)
{
Token=MCopyStr(Token,"Compression=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-u")==0)
{
Token=MCopyStr(Token,"DefaultUser="******"-g")==0)
{
Token=MCopyStr(Token,"DefaultGroup=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-r")==0)
{
Token=MCopyStr(Token,"ChRoot=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-chroot")==0)
{
Token=MCopyStr(Token,"ChRoot=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-h")==0) ParseConfigItem("ChHome");
else if (strcmp(argv[i],"-chhome")==0) ParseConfigItem("ChHome");
else if (strcmp(argv[i],"-sslv")==0)
{
Token=MCopyStr(Token,"SSLVersion=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-key")==0)
{
Token=MCopyStr(Token,"SSLKey=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-cert")==0)
{
Token=MCopyStr(Token,"SSLCert=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-dhparams")==0)
{
Token=MCopyStr(Token,"SSLDHParams=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-ciphers")==0)
{
Token=MCopyStr(Token,"SSLCiphers=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-cgi")==0)
{
Token=MCopyStr(Token,"Path=cgi,/cgi-bin/,",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-ep")==0)
{
Token=MCopyStr(Token,"Path=files,,",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-denied")==0)
{
Token=MCopyStr(Token,"DenyUsers=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-allowed")==0)
{
Token=MCopyStr(Token,"AllowUsers=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-realm")==0)
{
Token=MCopyStr(Token,"AuthRealm=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-client-cert")==0)
{
Token=MCopyStr(Token,"SSLClientCertificate=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-verify-path")==0)
{
Token=MCopyStr(Token,"SSLVerifyPath=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-dirtype")==0)
{
Token=MCopyStr(Token,"DirListType=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-hashfile")==0)
{
Token=MCopyStr(Token,"ScriptHashFile=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (strcmp(argv[i],"-cache")==0) Settings->DocumentCacheTime=strtol(argv[++i],NULL,10);
else if (strcmp(argv[i],"-tz")==0)
{
Token=MCopyStr(Token,"Timezone=",argv[++i],NULL);
ParseConfigItem(Token);
}
else if (
(strcmp(argv[i],"-version")==0) ||
(strcmp(argv[i],"--version")==0)
)
{
fprintf(stdout,"version: %s\n",Version);
fprintf(stdout,"\nBuilt: %s %s\n",__DATE__,__TIME__);
fprintf(stdout,"libUseful: Version %s BuildTime: %s\n",LibUsefulGetValue("LibUsefulVersion"), LibUsefulGetValue("LibUsefulBuildTime"));
if (SSLAvailable()) fprintf(stdout,"SSL Library: %s\n",LibUsefulGetValue("SSL-Library"));
else fprintf(stdout,"%s\n","SSL Library: None, not compiled with --enable-ssl");
exit(1);
}
else if (strcmp(argv[i],"-clientnames")==0) Settings->Flags |= FLAG_LOOKUP_CLIENT;
else if (
(strcmp(argv[i], "-?")==0) ||
(strcmp(argv[i], "-help")==0) ||
(strcmp(argv[i], "--help")==0)
)
{
PrintUsage();
exit(0);
}
else
{
printf("UNKNOWN ARGUMENT: [%s]\n",argv[i]);
exit(1);
}
}
}
int DoSSLServerNegotiation(STREAM *S, int Flags)
{
int result=FALSE;
#ifdef HAVE_LIBSSL
const SSL_METHOD *Method;
SSL_CTX *ctx;
SSL *ssl;
char *ptr;
if (S)
{
INTERNAL_SSL_INIT();
Method=SSLv23_server_method();
if (Method)
{
ctx=SSL_CTX_new(Method);
if (ctx)
{
STREAM_INTERNAL_SSL_ADD_SECURE_KEYS(S,ctx);
if (Flags & LU_SSL_PFS)
{
OpenSSLSetupDH(ctx);
OpenSSLSetupECDH(ctx);
}
if (Flags & LU_SSL_VERIFY_PEER)
{
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, OpenSSLVerifyCallback);
SSL_CTX_set_verify_depth(ctx,1);
}
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
ssl=SSL_new(ctx);
SSL_set_options(ssl, SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_CIPHER_SERVER_PREFERENCE); //SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1
SSL_set_fd(ssl,S->in_fd);
STREAMSetItem(S,"LIBUSEFUL-SSL-CTX",ssl);
ptr=LibUsefulGetValue("SSL-Permitted-Ciphers");
if (ptr) SSL_set_cipher_list(ssl, ptr);
SSL_set_accept_state(ssl);
result=SSL_accept(ssl);
if (result == TRUE)
{
S->Flags|=SF_SSL;
OpenSSLQueryCipher(S);
if (Flags & SSL_VERIFY_PEER) OpenSSLVerifyCertificate(S);
}
else
{
result=SSL_get_error(ssl,result);
result=ERR_get_error();
STREAMSetValue(S, "SSL-Error", ERR_error_string(result,NULL));
result=FALSE;
}
}
}
}
#endif
return(result);
}
