int main(int argc, char **argv) { BIO *acc, *client; SSL *ssl; SSL_CTX *ctx; pthread_t tid; init_openssl(); seed_prng(64); ctx = setup_server_ctx(); acc = BIO_new_accept(PORT); if(!acc) log_err("Error creating server socket."); /* first call BIO_do_accept() setup accept BIO */ if(BIO_do_accept(acc) <= 0) log_err("Error binding server socket."); for(;;) { if(BIO_do_accept(acc) <= 0) log_err("Error accepting connection."); client = BIO_pop(acc); if(!(ssl = SSL_new(ctx))) log_err("Error creating SSL context."); SSL_set_bio(ssl, client, client); pthread_create(&tid, NULL, server_thread, ssl); } SSL_CTX_free(ctx); BIO_free(acc); return 0; }
int main(int argc, char * argv[]) { BIO * acc, * client; THREAD_TYPE tid; SSL * ssl; SSL_CTX * ctx; init_OpenSSL(); seed_prng(); ctx = setup_server_ctx(); acc = BIO_new_accept(PORT); if (!acc) int_error("Error creating server socket"); if (BIO_do_accept(acc) <= 0) int_error("Error binding server socket"); // BIO_do_accept() will block and wait for a remote connection. while (1) { if (BIO_do_accept(acc) <= 0) int_error("Error accepting connection"); // get the client BIO client = BIO_pop(acc); if (!(ssl = SSL_new(ctx))) int_error("Error creating SSL context"); SSL_set_accept_state(ssl); SSL_set_bio(ssl, client, client); // create a new thread to handle the new connection, // The thread will call do_server_loop with the client BIO. // THREAD_CREATE(tid, entry, arg); // tid is the id of the new thread. // server_thread is the function defined above, which will call // do_server_loop() with the client BIO. THREAD_CREATE(tid, server_thread, ssl); } SSL_CTX_free(ctx); BIO_free(acc); return 0; }
int main(int argc, char *argv[]) { BIO *acc, *client; SSL *ssl; SSL_CTX *ctx; THREAD_TYPE tid; init_OpenSSL( ); seed_prng(); ctx = setup_server_ctx( ); acc = BIO_new_accept(PORT); if (!acc) int_error("Error creating server socket"); if (BIO_do_accept(acc) <= 0) int_error("Error binding server socket"); while(1) { if (BIO_do_accept(acc) <= 0) int_error("Error accepting connection"); client = BIO_pop(acc); if (!(ssl = SSL_new(ctx))) int_error("Error creating SSL context"); SSL_set_accept_state(ssl); SSL_set_bio(ssl, client, client); THREAD_CREATE(tid, (void *)server_thread, ssl); } SSL_CTX_free(ctx); BIO_free(acc); return 0; }
int main(int argc, char *argv[]) { BIO *acc, *client; SSL *ssl; SSL_CTX *ctx; THREAD_TYPE tid; void* (*func)(void*) = &server_thread; std::cout << "before init\n"; init_OpenSSL(); //seed_prng(); std::cout << "after init\n"; ctx = setup_server_ctx(); acc = BIO_new_accept(PORT); if(!acc) int_error("Error creating socket"); if(BIO_do_accept(acc) <= 0) int_error("Error binding socket"); for(;;) { if(BIO_do_accept(acc) <= 0) int_error("Error accepting connection"); client = BIO_pop(acc); if(!(ssl = SSL_new(ctx))) int_error("Error creating ssl object"); SSL_set_bio(ssl,client,client); THREAD_CREATE(tid,func,ssl); } BIO_free(acc); SSL_CTX_free(ctx); return 0; }
void *emergency_delegation_list_loading_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; int err; char *host[1]; ctx = setup_server_ctx(EMS_CERTFILE_PATH, EMS_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(EMS_EMERGENCY_DELEGATION_LIST_LOADING_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } host[0] = USER_CN; if((err = post_connection_check(ssl_client, host, 1, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Process types of request if(!process_request(ssl_client)) goto ERROR_AT_SSL_LAYER; ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }
void *phr_authority_list_loading_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; int err; char *hosts[2]; ctx = setup_server_ctx(ESA_CERTFILE_PATH, ESA_CERTFILE_PASSWD, EMU_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(ESA_PHR_AUTHORITY_LIST_LOADING_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } hosts[0] = ADMIN_CN; hosts[1] = USER_CN; if((err = post_connection_check(ssl_client, hosts, 2, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Serve the PHR authority list if(!load_phr_authority_list(ssl_client)) goto ERROR_AT_SSL_LAYER; ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }
void *access_permission_management_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; int err; char *hosts[1]; ctx = setup_server_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(UA_ACCESS_PERMISSION_MANAGEMENT_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } hosts[0] = USER_CN; if((err = post_connection_check(ssl_client, hosts, 1, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Process request if(!process_request(ssl_client)) goto ERROR_AT_SSL_LAYER; ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }
/* * The main TCP accpet loop */ void server_accept_loop() { fd_set *fdset; int maxfd, i, ret, err; int newsock; struct sockaddr_in from; socklen_t fromlen; int handcheck = -1; int sock; char **addr = NULL; int pfd[2]; fdset = NULL; maxfd = 0; signal(SIGPIPE, SIG_IGN); signal(SIGTERM, ctr_c); signal(SIGQUIT, ctr_c); signal(SIGINT, ctr_c); /* SSL preliminaries */ SSL_CTX* ctx; SSL* ssl; init_OpenSSL (); seed_prng (); /* We keep the certificate and key with the context. */ ctx = setup_server_ctx (); addr = crv_cut(options.listen_addrs, " "); for (i = 0; addr[i]; i++) { /* Prepare TCP socket for receiving connections (change user for ROOT if port < 1024 )*/ sock = crv_server_listen(options.num_ports, 5, addr[i], options.address_family, 1); if (sock == -1) { fprintf( stderr, "%s\n", "main(): server_listent() failed"); exit (EXIT_FAILURE); } /* Add comment (listening on several adress )*/ listen_socks[num_listen_socks] = sock; num_listen_socks++; } for( i = 0; addr[i]; i++) crv_free(addr[i]); crv_free(addr); for (i = 0; i < num_listen_socks; i++) if (listen_socks[i] > maxfd) maxfd = listen_socks[i]; /* loop */ for(;;) { newsock = -1; int pid; handcheck = -1; if (fdset != NULL) free(fdset); fdset = (fd_set *) calloc(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); for ( i = 0; i < num_listen_socks; i++) FD_SET(listen_socks[i], fdset); /* wait in select until there is a connection. */ ret = select(maxfd+1, fdset, NULL, NULL, NULL); if (ret < 0 && errno != EINTR) Log ( "WARNING", 0, "select: %.100s", strerror(errno)); for ( i = 0; i < num_listen_socks; i++) if ( FD_ISSET(listen_socks[i], fdset)) { fromlen = sizeof(from); newsock = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen); if (newsock < 0) { if (errno != EINTR && errno != EWOULDBLOCK ) Log ( "WARNING", 0, "accept: %.100s", strerror(errno)); continue; } if (received_sigterm) { fprintf( stderr, "Received signal %d; terminating.\n", (int) received_sigterm); close_listen_socks(); unlink(options.pid); return; } if (crv_unset_nonblock(newsock) == -1) { Log ( "CRASH", 0, "Unset nonblock failed"); continue; } /* TCP connection is ready. Do server side SSL. */ ssl = SSL_new (ctx); if ((ssl)==NULL) { Log ( "CRASH", 0, "Create new ssl failed"); continue; } /* connect the SSL object with a file descriptor */ err = SSL_set_fd (ssl, newsock); if ((err)==0) { Log ( "CRASH", 0, "Put SSL on socket failed \n"); close(newsock); continue; } /* TCP connection is ready. Do server side SSL. */ err = SSL_accept (ssl); if ((err) <= 0) { Log ("HACK", 0, "%s handcheck failed", inet_ntoa(from.sin_addr)); /* Free the allocated SSL structure */ SSL_free (ssl); continue; } else { handcheck = 0; } if ( handcheck != -1 ) { /* Pipe creation */ if (pipe(pfd) == -1) { fprintf( stderr, "%s\n", "server_accept_loop(): pipe() failed"); return; } switch((pid = fork())) { /* fork() Error */ case -1: Log ("CRASH", 0, "%s%s\n", "Error on fork() -> ", strerror(errno)); exit (EXIT_FAILURE); /* First child process */ case 0: /* Close socket that has been created in create_tcp_socket() */ close_listen_socks(); int result = 0; /* Chroot process */ if (result != -1) result = crv_drop_priv_perm_and_chroot (options.user , options.chroot_directory ); initialize_command_opt(&command); command.addr = crv_strdup((const char *)inet_ntoa (from.sin_addr)); if (options.sec == 1) { result = post_connection_check (ssl, command.addr); if (result != X509_V_OK) { Log ( "HACK", 0, "-Error: peer certificate: %s\n", X509_verify_cert_error_string (result)); result = -1; } } /* Time initialisation */ gettimeofday (&tv1, NULL); /* Get client name*/ char buff[SIZE]; command.user = recup_pseudo (ssl); command.mail = recup_email (ssl); /* Send client pseudo to father */ write(pfd[1], command.user, strlen(command.user)+1); close(pfd[1]); /* close write side */ sleep(1); memset(buff, 0, sizeof(buff)); /* Read repond from father */ (void)read(pfd[0], buff, SIZE); close(pfd[0]); /* Get father respond about client pseudo */ /* Les pipes sont à enlever car, la liste des utilisateurs autorisés * sont contenue sur la base de données distante if (!crv_strncmp(buff, "no_register")) { Log ("WARNING", 0, "Username '%s' is not registered", command.user); result = -1; } */ printf("buff:%s\n", buff); /* Get CMD info (comd name, sha1 file, begin, end) */ if (result != -1) result = pre_authcon( ssl, (const char *)buff); if ( result == -1) Log ("WARNING", 0, "Can't set command options"); /* exec command give by client */ if (result != -1) traitement_conec ( ssl); /* Free command structure */ Free_cmd_struct(); /* Close Socket , tube */ shutdown (newsock, 2); close (newsock); /* Free the allocated SSL structure */ SSL_free (ssl); /* Free the allocated SSL CONTEXT object */ SSL_CTX_free (ctx); /* EXIT */ exit (EXIT_SUCCESS); /* Father process */ default: { char *xpath = NULL; char Buffer[SIZE]; /* Read client pseudo from son */ (void)read(pfd[0], Buffer, SIZE); //xpath = get_grp_list(Buffer); close(pfd[0]); /* close read side */ if (xpath == NULL) xpath = crv_strdup("no_register"); (void)crv_strncpy(Buffer, xpath, sizeof(Buffer)); (void)write(pfd[1], Buffer, strlen(Buffer)+1); close(pfd[1]); if (xpath != NULL) crv_free(xpath); SSL_free (ssl); close(newsock); } } /* End of fork() */ } /* if handcheck is 0 */ } /* FD_ISSET */ } /* End of for() loop */ }
void *synchronization_responding_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; int err; char *host[1]; ctx = setup_server_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(UA_SYNCHRONIZATION_RESPONDING_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } host[0] = USER_AUTH_CN; if((err = post_connection_check(ssl_client, host, 1, false, NULL)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Process the request if(!process_request(ssl_client)) goto ERROR_AT_SSL_LAYER; ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }
void *user_authentication_main(void *arg) { BIO *bio_acc = NULL; BIO *bio_client = NULL; SSL *ssl_client = NULL; SSL_CTX *ctx = NULL; char username[USER_NAME_LENGTH + 1]; char key_exchange_passwd[PASSWD_LENGTH + 1]; boolean is_admin_flag; ctx = setup_server_ctx(UA_CERTFILE_PATH, UA_CERTFILE_PASSWD, PHR_ROOT_CA_ONLY_CERT_CERTFILE_PATH); bio_acc = BIO_new_accept(UA_USER_AUTHENTICATION_PORT); if(!bio_acc) int_error("Creating server socket failed"); if(BIO_do_accept(bio_acc) <= 0) int_error("Binding server socket failed"); for(;;) { if(BIO_do_accept(bio_acc) <= 0) int_error("Accepting connection failed"); bio_client = BIO_pop(bio_acc); // Verify the user if(verify_authentication_request(bio_client, username, &is_admin_flag, key_exchange_passwd)) { int err; char *hosts[1]; // SSL certificate response if(!ssl_cert_response(bio_client, username, is_admin_flag, key_exchange_passwd)) goto ERROR_AT_BIO_LAYER; if(!(ssl_client = SSL_new(ctx))) int_error("Creating SSL context failed"); SSL_set_bio(ssl_client, bio_client, bio_client); if(SSL_accept(ssl_client) <= 0) { fprintf(stderr, "Accepting SSL connection failed\n"); goto ERROR_AT_SSL_LAYER; } hosts[0] = is_admin_flag ? ADMIN_CN : USER_CN; if((err = post_connection_check(ssl_client, hosts, 1, true, GLOBAL_authority_name)) != X509_V_OK) { fprintf(stderr, "Checking peer certificate failed\n\"%s\"\n", X509_verify_cert_error_string(err)); goto ERROR_AT_SSL_LAYER; } // Verify the certificate owner if(!verify_cert_owner(ssl_client, username, is_admin_flag)) goto ERROR_AT_SSL_LAYER; // Record transaction login log record_transaction_complete_login_log(ssl_client, username, is_admin_flag); // Basic information response if(!basic_info_response(ssl_client, username, is_admin_flag)) goto ERROR_AT_SSL_LAYER; if(!is_admin_flag) { // CP-ABE private key response if(!cpabe_private_key_response(ssl_client, username)) goto ERROR_AT_SSL_LAYER; } ERROR_AT_SSL_LAYER: SSL_cleanup(ssl_client); ssl_client = NULL; ERR_remove_state(0); continue; ERROR_AT_BIO_LAYER: BIO_free(bio_client); bio_client = NULL; ERR_remove_state(0); } else { fprintf(stderr, "Incorrect the verification information\n"); // Record transaction login log record_transaction_incomplete_login_log(bio_client); BIO_free(bio_client); bio_client = NULL; } } SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio_acc); bio_acc = NULL; pthread_exit(NULL); return NULL; }