HTTPInfoStruct *HTTPInfoCreate(char *Host, int Port, char *Logon, char *Password, char *Method, char *Doc, char *ContentType, int ContentLength) { HTTPInfoStruct *Info; char *ptr; Info=(HTTPInfoStruct *) calloc(1,sizeof(HTTPInfoStruct)); HTTPInfoSetValues(Info, Host, Port, Logon, Password, Method, Doc, ContentType, ContentLength); Info->ServerHeaders=ListCreate(); Info->CustomSendHeaders=ListCreate(); //SetVar(Info->CustomSendHeaders,"Accept","*/*"); if (g_Flags) Info->Flags=g_Flags; ptr=LibUsefulGetValue("HTTP:Proxy"); if (StrLen(ptr)) { Info->Proxy=CopyStr(Info->Proxy,ptr); strlwr(Info->Proxy); if (strncmp(Info->Proxy,"http:",5)==0) Info->Flags |= HTTP_PROXY; else if (strncmp(Info->Proxy,"https:",6)==0) Info->Flags |= HTTP_PROXY; else Info->Flags=HTTP_TUNNEL; } return(Info); }
void OpenSSLSetupDH(SSL_CTX *ctx) { char *Tempstr=NULL, *ptr; DH *dh=NULL; FILE *paramfile; if (CachedDH) dh=CachedDH; else { ptr=LibUsefulGetValue("SSL-DHParams-File"); if (StrLen(ptr)) Tempstr=CopyStr(Tempstr,ptr); paramfile = fopen(Tempstr, "r"); if (paramfile) { CachedDH = PEM_read_DHparams(paramfile, NULL, NULL, NULL); dh=CachedDH; fclose(paramfile); } if (! dh) { //OpenSSLGenerateDHParams(); dh=CachedDH; } } if (dh) SSL_CTX_set_tmp_dh(ctx, dh); //Don't free these parameters, as they are cached //DH_KEY_free(dh); DestroyString(Tempstr); }
void PrintVersion() { fprintf(stdout,"ParanoidTelnetD: version %s\n",VERSION); fprintf(stdout,"\nBuilt: %s %s\n",__DATE__,__TIME__); fprintf(stdout,"libUseful: Version %s BuildTime: %s\n",LibUsefulGetValue("LibUsefulVersion"), LibUsefulGetValue("LibUsefulBuildTime")); /* if (SSLAvailable()) fprintf(stdout,"SSL Library: %s\n",LibUsefulGetValue("SSL-Library")); else fprintf(stdout,"%s\n","SSL Library: None, not compiled with --enable-ssl"); */ exit(0); }
int SMTPHelo(STREAM *S) { int RetVal=0; char *Tempstr=NULL, *Token=NULL; const char *ptr; ptr=LibUsefulGetValue("SMTP:HELO"); if (! StrValid(ptr)) ptr=STREAMGetValue(S,"SMTP:HELO"); if (! StrValid(ptr)) { Token=GetExternalIP(Token); ptr=Token; } Tempstr=MCopyStr(Tempstr, "EHLO ", ptr, "\r\n", NULL); STREAMWriteLine(Tempstr,S); Tempstr=SMTPRead(Tempstr, S); if (*Tempstr == '2') { RetVal |= CAP_EHLO; ptr=GetToken(Tempstr,"\n",&Token,0); while (ptr) { StripTrailingWhitespace(Token); RetVal |= SMTPParseCapabilities(Token); ptr=GetToken(ptr,"\n",&Token,0); } } //Some old server that doesn't support EHLO, switch to HELO else { Tempstr=MCopyStr(Tempstr, "HELO ", ptr, "\r\n", NULL); STREAMWriteLine(Tempstr,S); if (SMTPInteract(Tempstr, S)) RetVal |= CAP_HELO; } DestroyString(Tempstr); DestroyString(Token); return(RetVal); }
int DoSSLClientNegotiation(STREAM *S, int Flags) { int result=FALSE; #ifdef HAVE_LIBSSL const SSL_METHOD *Method; SSL_CTX *ctx; SSL *ssl; //struct x509 *cert=NULL; char *ptr; if (S) { INTERNAL_SSL_INIT(); // SSL_load_ciphers(); Method=SSLv23_client_method(); ctx=SSL_CTX_new(Method); if (! ctx) HandleSSLError(); else { STREAM_INTERNAL_SSL_ADD_SECURE_KEYS(S,ctx); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, OpenSSLVerifyCallback); ssl=SSL_new(ctx); SSL_set_fd(ssl,S->in_fd); STREAMSetItem(S,"LIBUSEFUL-SSL-CTX",ssl); SSL_set_options(ssl, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2); //SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 ptr=LibUsefulGetValue("SSL-Permitted-Ciphers"); if (ptr) SSL_set_cipher_list(ssl, ptr); result=SSL_connect(ssl); S->Flags|=SF_SSL; OpenSSLQueryCipher(S); OpenSSLVerifyCertificate(S); } } #endif return(result); }
STREAM *SMTPConnect(const char *Sender, const char *Recipients, int Flags) { char *MailFrom=NULL, *Recip=NULL, *Tempstr=NULL; char *Proto=NULL, *User=NULL, *Pass=NULL, *Host=NULL, *PortStr=NULL; const char *p_MailServer, *ptr; int result=FALSE, Caps=0, RecipientAccepted=FALSE; STREAM *S; p_MailServer=LibUsefulGetValue("SMTP:Server"); if (! StrValid(p_MailServer)) { RaiseError(0, "SendMail", "No Mailserver set"); return(NULL); } if (strncmp(p_MailServer,"smtp:",5) !=0) Tempstr=MCopyStr(Tempstr,"smtp:",p_MailServer,NULL); else Tempstr=CopyStr(Tempstr, p_MailServer); ParseURL(Tempstr, &Proto, &Host, &PortStr, &User, &Pass, NULL, NULL); if (! StrValid(PortStr)) PortStr=CopyStr(PortStr, "25"); Tempstr=MCopyStr(Tempstr,"tcp:",Host,":",PortStr,NULL); //syslog(LOG_DEBUG, "mailto: %s [%s] [%s] [%s]",Tempstr,Proto,Host,PortStr); S=STREAMOpen(Tempstr, ""); if (S) { if (SMTPInteract("", S)) { Caps=SMTPHelo(S); if (Caps > 0) { //try STARTTLS, the worst that will happen is the server will say no if ((! (Flags & SMTP_NOSSL)) && SSLAvailable() && SMTPInteract("STARTTLS\r\n", S)) DoSSLClientNegotiation(S, 0); if ( (Caps & (CAP_AUTH_LOGIN | CAP_AUTH_PLAIN)) && (StrValid(User) && StrValid(Pass)) ) SMTPLogin(S, Caps, User, Pass); //Whether login was needed or not, worked or not, let's try to send a mail Tempstr=MCopyStr(Tempstr, "MAIL FROM: ", Sender, "\r\n", NULL); if (! SMTPInteract(Tempstr, S)) RaiseError(0,"SendMail","mailserver refused sender"); else if (! SmtpSendRecipients(Recipients, S)) RaiseError(0,"SendMail","No recipients accepted by mailserver"); else if (! SMTPInteract("DATA\r\n", S)) RaiseError(0,"SendMail","mailserver refused mail"); else { //we got this far, rest of the process is handled by the calling function result=TRUE; } } else RaiseError(0,"SendMail","Initial mailserver handshake failed"); } else RaiseError(0,"SendMail","Initial mailserver handshake failed"); } else RaiseError(0,"SendMail","mailserver connection failed"); DestroyString(Tempstr); DestroyString(Recip); DestroyString(Proto); DestroyString(User); DestroyString(Pass); DestroyString(Host); DestroyString(PortStr); if (! result) { STREAMClose(S); return(NULL); } return(S); }
void HTTPSendHeaders(STREAM *S, HTTPInfoStruct *Info) { char *SendStr=NULL, *Tempstr=NULL, *ptr; ListNode *Curr; int count; int i; static int AuthCounter=0; STREAMClearDataProcessors(S); SendStr=CopyStr(SendStr,Info->Method); SendStr=CatStr(SendStr," "); if (Info->Flags & HTTP_PROXY) Tempstr=HTTPInfoToURL(Tempstr, Info); else Tempstr=HTTPQuoteChars(Tempstr,Info->Doc," "); SendStr=CatStr(SendStr,Tempstr); if (Info->Flags & HTTP_VER1_0) SendStr=CatStr(SendStr," HTTP/1.0\r\n"); else SendStr=MCatStr(SendStr," HTTP/1.1\r\n","Host: ",Info->Host,"\r\n",NULL); if (StrLen(Info->PostContentType) >0) { Tempstr=FormatStr(Tempstr,"Content-type: %s\r\n",Info->PostContentType); SendStr=CatStr(SendStr,Tempstr); } if (Info->PostContentLength > 0) { Tempstr=FormatStr(Tempstr,"Content-Length: %d\r\n",Info->PostContentLength); SendStr=CatStr(SendStr,Tempstr); } if (StrLen(Info->Destination)) { Tempstr=FormatStr(Tempstr,"Destination: %s\r\n",Info->Destination); SendStr=CatStr(SendStr,Tempstr); } /* If we have authorisation details then send them */ if (Info->Authorization) SendStr=HTTPHeadersAppendAuth(SendStr, "Authorization", Info, Info->Authorization); if (Info->ProxyAuthorization) SendStr=HTTPHeadersAppendAuth(SendStr, "Proxy-Authorization", Info, Info->ProxyAuthorization); if (Info->Flags & HTTP_NOCACHE) SendStr=CatStr(SendStr,"Pragma: no-cache\r\nCache-control: no-cache\r\n"); if (Info->Depth > 0) { Tempstr=FormatStr(Tempstr,"Depth: %d\r\n",Info->Depth); SendStr=CatStr(SendStr,Tempstr); } /* if ((PathData->Options.Restart) && (PathData->offset >0)) { snprintf(Buffer,sizeof(Buffer),"Range: bytes=%d-\r\n",PathData->offset); SendStr=CatStr(SendStr,Buffer); } */ if (Info->IfModifiedSince > 0) { Tempstr=CopyStr(Tempstr,GetDateStrFromSecs("%a, %d %b %Y %H:%M:%S GMT",Info->IfModifiedSince,NULL)); SendStr=MCatStr(SendStr,"If-Modified-Since: ",Tempstr, "\r\n",NULL); } if ( (strcasecmp(Info->Method,"DELETE") !=0) && (strcasecmp(Info->Method,"HEAD") !=0) && (strcasecmp(Info->Method,"PUT") !=0) ) { Tempstr=CopyStr(Tempstr,""); if (! (Info->Flags & HTTP_NOCOMPRESS)) { if (DataProcessorAvailable("Compression","gzip")) Tempstr=CatStr(Tempstr,"gzip"); if (DataProcessorAvailable("Compression","zlib")) { if (StrLen(Tempstr)) Tempstr=CatStr(Tempstr,", deflate"); else Tempstr=CatStr(Tempstr,"deflate"); } } if (StrLen(Tempstr)) SendStr=MCatStr(SendStr,"Accept-Encoding: ",Tempstr,"\r\n",NULL); else SendStr=CatStr(SendStr,"Accept-Encoding:\r\n"); } if (Info->Flags & HTTP_KEEPALIVE) { //if (Info->Flags & HTTP_VER1_0) SendStr=CatStr(SendStr,"Connection: Keep-Alive\r\n"); //SendStr=CatStr(SendStr,"Content-Length: 0\r\n"); } else { SendStr=CatStr(SendStr,"Connection: Close\r\n"); } ptr=LibUsefulGetValue("HTTP:User-Agent"); if (StrLen(ptr)) SendStr=MCatStr(SendStr,"User-Agent: ",ptr, "\r\n",NULL); Curr=ListGetNext(Info->CustomSendHeaders); while (Curr) { SendStr=MCatStr(SendStr,Curr->Tag, ": ", (char *) Curr->Item, "\r\n",NULL); Curr=ListGetNext(Curr); } if (! (Info->Flags & HTTP_NOCOOKIES)) { SendStr=AppendCookies(SendStr,Cookies); } SendStr=CatStr(SendStr,"\r\n"); Info->State |= HTTP_HEADERS_SENT; if (Info->Flags & HTTP_DEBUG) fprintf(stderr,"HTTPSEND: ------\n%s------\n\n",SendStr); STREAMWriteLine(SendStr,S); STREAMFlush(S); DestroyString(Tempstr); DestroyString(SendStr); }
void ParseSettings(int argc, char *argv[], TSettings *Settings) { int i; char *Token=NULL; if (argc < 2) return; if (strcmp(argv[1],"-user")==0) { if (strcmp(argv[2],"list")==0) HandleUserSetup("list",argc, argv); else if (strcmp(argv[2],"add")==0) HandleUserSetup("add",argc, argv); else if (strcmp(argv[2],"del")==0) HandleUserSetup("del",argc, argv); else printf("-user must be followed by one of \"add\", \"del\" or \"list\"\n"); exit(1); } for (i=1; i < argc; i++) { if (strcmp(argv[i],"-nodemon")==0) Settings->Flags |= FLAG_NODEMON; else if (strcmp(argv[i],"-d")==0) Settings->Flags |= FLAG_NODEMON; else if (strcmp(argv[i],"-i")==0) Settings->BindAddress=CopyStr(Settings->BindAddress,argv[++i]); else if (strcmp(argv[i],"-a")==0) Settings->AuthPath=CopyStr(Settings->AuthPath,argv[++i]); else if (strcmp(argv[i],"-A")==0) Settings->AuthMethods=CopyStr(Settings->AuthMethods,argv[++i]); else if (strcmp(argv[i],"-v")==0) { if (Settings->Flags & FLAG_LOG_VERBOSE) Settings->Flags |= FLAG_LOG_MORE_VERBOSE; Settings->Flags |= FLAG_LOG_VERBOSE; } else if (strcmp(argv[i],"-f")==0) Settings->ConfigPath=CopyStr(Settings->ConfigPath,argv[++i]); else if (strcmp(argv[i],"-l")==0) Settings->LogPath=CopyStr(Settings->LogPath,argv[++i]); else if (strcmp(argv[i],"-m")==0) Settings->HttpMethods=CopyStr(Settings->HttpMethods,argv[++i]); else if (strcmp(argv[i],"-t")==0) Settings->ActivityTimeout=atoi(argv[++i]); else if (strcmp(argv[i],"-p")==0) Settings->Port=atoi(argv[++i]); else if (strcmp(argv[i],"-O")==0) Settings->AuthFlags &= ~FLAG_AUTH_REQUIRED; else if (strcmp(argv[i],"-compress")==0) { Token=MCopyStr(Token,"Compression=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-u")==0) { Token=MCopyStr(Token,"DefaultUser="******"-g")==0) { Token=MCopyStr(Token,"DefaultGroup=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-r")==0) { Token=MCopyStr(Token,"ChRoot=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-chroot")==0) { Token=MCopyStr(Token,"ChRoot=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-h")==0) ParseConfigItem("ChHome"); else if (strcmp(argv[i],"-chhome")==0) ParseConfigItem("ChHome"); else if (strcmp(argv[i],"-sslv")==0) { Token=MCopyStr(Token,"SSLVersion=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-key")==0) { Token=MCopyStr(Token,"SSLKey=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-cert")==0) { Token=MCopyStr(Token,"SSLCert=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-dhparams")==0) { Token=MCopyStr(Token,"SSLDHParams=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-ciphers")==0) { Token=MCopyStr(Token,"SSLCiphers=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-cgi")==0) { Token=MCopyStr(Token,"Path=cgi,/cgi-bin/,",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-ep")==0) { Token=MCopyStr(Token,"Path=files,,",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-denied")==0) { Token=MCopyStr(Token,"DenyUsers=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-allowed")==0) { Token=MCopyStr(Token,"AllowUsers=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-realm")==0) { Token=MCopyStr(Token,"AuthRealm=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-client-cert")==0) { Token=MCopyStr(Token,"SSLClientCertificate=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-verify-path")==0) { Token=MCopyStr(Token,"SSLVerifyPath=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-dirtype")==0) { Token=MCopyStr(Token,"DirListType=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-hashfile")==0) { Token=MCopyStr(Token,"ScriptHashFile=",argv[++i],NULL); ParseConfigItem(Token); } else if (strcmp(argv[i],"-cache")==0) Settings->DocumentCacheTime=strtol(argv[++i],NULL,10); else if (strcmp(argv[i],"-tz")==0) { Token=MCopyStr(Token,"Timezone=",argv[++i],NULL); ParseConfigItem(Token); } else if ( (strcmp(argv[i],"-version")==0) || (strcmp(argv[i],"--version")==0) ) { fprintf(stdout,"version: %s\n",Version); fprintf(stdout,"\nBuilt: %s %s\n",__DATE__,__TIME__); fprintf(stdout,"libUseful: Version %s BuildTime: %s\n",LibUsefulGetValue("LibUsefulVersion"), LibUsefulGetValue("LibUsefulBuildTime")); if (SSLAvailable()) fprintf(stdout,"SSL Library: %s\n",LibUsefulGetValue("SSL-Library")); else fprintf(stdout,"%s\n","SSL Library: None, not compiled with --enable-ssl"); exit(1); } else if (strcmp(argv[i],"-clientnames")==0) Settings->Flags |= FLAG_LOOKUP_CLIENT; else if ( (strcmp(argv[i], "-?")==0) || (strcmp(argv[i], "-help")==0) || (strcmp(argv[i], "--help")==0) ) { PrintUsage(); exit(0); } else { printf("UNKNOWN ARGUMENT: [%s]\n",argv[i]); exit(1); } } }
int DoSSLServerNegotiation(STREAM *S, int Flags) { int result=FALSE; #ifdef HAVE_LIBSSL const SSL_METHOD *Method; SSL_CTX *ctx; SSL *ssl; char *ptr; if (S) { INTERNAL_SSL_INIT(); Method=SSLv23_server_method(); if (Method) { ctx=SSL_CTX_new(Method); if (ctx) { STREAM_INTERNAL_SSL_ADD_SECURE_KEYS(S,ctx); if (Flags & LU_SSL_PFS) { OpenSSLSetupDH(ctx); OpenSSLSetupECDH(ctx); } if (Flags & LU_SSL_VERIFY_PEER) { SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, OpenSSLVerifyCallback); SSL_CTX_set_verify_depth(ctx,1); } SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); ssl=SSL_new(ctx); SSL_set_options(ssl, SSL_OP_NO_SSLv2|SSL_OP_SINGLE_DH_USE|SSL_OP_CIPHER_SERVER_PREFERENCE); //SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 SSL_set_fd(ssl,S->in_fd); STREAMSetItem(S,"LIBUSEFUL-SSL-CTX",ssl); ptr=LibUsefulGetValue("SSL-Permitted-Ciphers"); if (ptr) SSL_set_cipher_list(ssl, ptr); SSL_set_accept_state(ssl); result=SSL_accept(ssl); if (result == TRUE) { S->Flags|=SF_SSL; OpenSSLQueryCipher(S); if (Flags & SSL_VERIFY_PEER) OpenSSLVerifyCertificate(S); } else { result=SSL_get_error(ssl,result); result=ERR_get_error(); STREAMSetValue(S, "SSL-Error", ERR_error_string(result,NULL)); result=FALSE; } } } } #endif return(result); }