/* Return 1 for everything OK, signed and returned, -1 for error, 0 for nothing done. */ int ca_server_maybe_sign_client_cert(struct asfd *asfd, struct conf *conf, struct conf *cconf) { long min_ver=0; long cli_ver=0; if((min_ver=version_to_long("1.3.2"))<0 || (cli_ver=version_to_long(cconf->peer_version))<0) return -1; // Clients before 1.3.2 did not know how to send cert signing requests. if(cli_ver<min_ver) return 0; if(asfd->simple_loop(asfd, conf, &cconf->cname, __func__, csr_server_func)) return -1; return csr_done; }
/* Return 1 for everything OK, signed and returned, -1 for error, 0 for nothing done. */ int ca_server_maybe_sign_client_cert(struct asfd *asfd, struct conf **confs, struct conf **cconfs) { long min_ver=0; long cli_ver=0; const char *cname=get_string(cconfs[OPT_CNAME]); if((min_ver=version_to_long("1.3.2"))<0 || (cli_ver=version_to_long(get_string(cconfs[OPT_PEER_VERSION])))<0) return -1; // Clients before 1.3.2 did not know how to send cert signing requests. if(cli_ver<min_ver) return 0; if(asfd->simple_loop(asfd, confs, &cname, __func__, csr_server_func)) return -1; return csr_done; }
static int vers_init(struct vers *vers, struct conf **cconfs) { memset(vers, 0, sizeof(struct vers)); return ((vers->min=version_to_long("1.2.7"))<0 || (vers->cli=version_to_long(get_string(cconfs[OPT_PEER_VERSION])))<0 || (vers->ser=version_to_long(VERSION))<0 || (vers->feat_list=version_to_long("1.3.0"))<0 || (vers->directory_tree=version_to_long("1.3.6"))<0 || (vers->burp2=version_to_long("2.0.0"))<0); }
int authorise_server(struct asfd *asfd, struct conf **globalcs, struct conf **cconfs) { int ret=-1; char *cp=NULL; char *password=NULL; char *cname=NULL; char whoareyou[256]=""; struct iobuf *rbuf=asfd->rbuf; const char *peer_version=NULL; if(asfd->read(asfd)) { logp("unable to read initial message\n"); goto end; } if(rbuf->cmd!=CMD_GEN || strncmp_w(rbuf->buf, "hello")) { iobuf_log_unexpected(rbuf, __func__); goto end; } // String may look like... // "hello" // "hello:(version)" // (version) is a version number if((cp=strchr(rbuf->buf, ':'))) { cp++; if(cp && set_string(cconfs[OPT_PEER_VERSION], cp)) goto end; } iobuf_free_content(rbuf); snprintf(whoareyou, sizeof(whoareyou), "whoareyou"); peer_version=get_string(cconfs[OPT_PEER_VERSION]); if(peer_version) { long min_ver=0; long cli_ver=0; if((min_ver=version_to_long("1.3.2"))<0 || (cli_ver=version_to_long(peer_version))<0) return -1; // Stick the server version on the end of the whoareyou string. // if the client version is recent enough. if(min_ver<=cli_ver) snprintf(whoareyou, sizeof(whoareyou), "whoareyou:%s", VERSION); } if(asfd->write_str(asfd, CMD_GEN, whoareyou) || asfd->read(asfd)) { logp("unable to get client name\n"); goto end; } if(!(cname=strdup_w(rbuf->buf, __func__))) goto end; if(!get_int(globalcs[OPT_CNAME_FQDN])) strip_fqdn(&cname); if(get_int(globalcs[OPT_CNAME_LOWERCASE])) strlwr(cname); if(set_string(cconfs[OPT_CNAME], cname)) goto end; iobuf_free_content(rbuf); if(asfd->write_str(asfd, CMD_GEN, "okpassword") || asfd->read(asfd)) { logp("unable to get password for client %s\n", get_string(cconfs[OPT_CNAME])); goto end; } password=rbuf->buf; iobuf_init(rbuf); if(check_client_and_password(globalcs, password, cconfs)) goto end; if(get_int(cconfs[OPT_VERSION_WARN])) version_warn(asfd, globalcs, cconfs); logp("auth ok for: %s%s\n", get_string(cconfs[OPT_CNAME]), get_int(cconfs[OPT_PASSWORD_CHECK])? "":" (no password needed)"); if(asfd->write_str(asfd, CMD_GEN, "ok")) goto end; ret=0; end: iobuf_free_content(rbuf); free_w(&password); free_w(&cname); return ret; }
/* Return 1 for everything OK, signed and returned, -1 for error, 0 for nothing done. */ int ca_server_maybe_sign_client_cert(const char *client, const char *cversion, struct config *conf, struct cntr *p1cntr) { int ret=0; char *buf=NULL; long min_ver=0; long cli_ver=0; if((min_ver=version_to_long("1.3.2"))<0 || (cli_ver=version_to_long(cversion))<0) return -1; // Clients before 1.3.2 did not know how to send cert signing requests. if(cli_ver<min_ver) return 0; while(1) { char cmd; size_t len=0; if(async_read(&cmd, &buf, &len)) { ret=-1; break; } if(cmd==CMD_GEN) { if(!strcmp(buf, "csr")) { // Client wants to sign a certificate. logp("Client %s wants a certificate signed\n", client); if(!conf->ca_conf || !gca_dir) { logp("But server is not configured to sign client certificate requests.\n"); logp("See option 'ca_conf'.\n"); async_write_str(CMD_ERROR, "server not configured to sign client certificates"); ret=-1; break; } // sign_client_cert() will return 1 for // everything signed and returned, or -1 // for error ret=sign_client_cert(client, conf, p1cntr); break; } else if(!strcmp(buf, "nocsr")) { // Client does not want to sign a certificate. // No problem, just carry on. logp("Client %s does not want a certificate signed\n", client); ret=async_write_str(CMD_GEN, "nocsr ok"); break; } else { logp("unexpected command from client when expecting csr: %c:%s\n", cmd, buf); ret=-1; break; } } else { logp("unexpected command from client when expecting csr: %c:%s\n", cmd, buf); ret=-1; break; } if(buf) free(buf); buf=NULL; } if(buf) free(buf); return ret; }
int authorise_server(struct asfd *asfd, struct conf *conf, struct conf *cconf) { int ret=-1; char *cp=NULL; char *password=NULL; char whoareyou[256]=""; struct iobuf *rbuf=asfd->rbuf; if(asfd->read(asfd)) { logp("unable to read initial message\n"); goto end; } if(rbuf->cmd!=CMD_GEN || strncmp_w(rbuf->buf, "hello")) { iobuf_log_unexpected(rbuf, __func__); goto end; } // String may look like... // "hello" // "hello:(version)" // (version) is a version number if((cp=strchr(rbuf->buf, ':'))) { cp++; if(cp && !(cconf->peer_version=strdup_w(cp, __func__))) goto end; } iobuf_free_content(rbuf); snprintf(whoareyou, sizeof(whoareyou), "whoareyou"); if(cconf->peer_version) { long min_ver=0; long cli_ver=0; if((min_ver=version_to_long("1.3.2"))<0 || (cli_ver=version_to_long(cconf->peer_version))<0) return -1; // Stick the server version on the end of the whoareyou string. // if the client version is recent enough. if(min_ver<=cli_ver) snprintf(whoareyou, sizeof(whoareyou), "whoareyou:%s", VERSION); } asfd->write_str(asfd, CMD_GEN, whoareyou); if(asfd->read(asfd)) { logp("unable to get client name\n"); goto end; } cconf->cname=rbuf->buf; iobuf_init(rbuf); asfd->write_str(asfd, CMD_GEN, "okpassword"); if(asfd->read(asfd)) { logp("unable to get password for client %s\n", cconf->cname); goto end; } password=rbuf->buf; iobuf_init(rbuf); if(check_client_and_password(conf, password, cconf)) goto end; if(cconf->version_warn) version_warn(asfd, conf, cconf); logp("auth ok for: %s%s\n", cconf->cname, cconf->password_check?"":" (no password needed)"); asfd->write_str(asfd, CMD_GEN, "ok"); ret=0; end: iobuf_free_content(rbuf); free_w(&password); return ret; }
int authorise_server(struct config *conf, char **client, char **cversion, struct config *cconf, struct cntr *p1cntr) { char cmd; char *cp=NULL; size_t len=0; char *buf=NULL; char *password=NULL; char whoareyou[256]=""; if(async_read(&cmd, &buf, &len)) { logp("unable to read initial message\n"); return -1; } if(cmd!=CMD_GEN || strncmp(buf, "hello", strlen("hello"))) { logp("unexpected command given: %c %s\n", cmd, buf); free(buf); return -1; } // String may look like... // "hello" // "hello:(version)" // (version) is a version number if((cp=strchr(buf, ':'))) { cp++; if(cp) *cversion=strdup(cp); } free(buf); buf=NULL; snprintf(whoareyou, sizeof(whoareyou), "whoareyou"); if(*cversion) { long min_ver=0; long cli_ver=0; if((min_ver=version_to_long("1.3.2"))<0 || (cli_ver=version_to_long(*cversion))<0) return -1; // Stick the server version on the end of the whoareyou string. // if the client version is recent enough. if(min_ver<=cli_ver) snprintf(whoareyou, sizeof(whoareyou), "whoareyou:%s", VERSION); } async_write_str(CMD_GEN, whoareyou); if(async_read(&cmd, &buf, &len) || !len) { logp("unable to get client name\n"); if(*cversion) free(*cversion); *cversion=NULL; return -1; } *client=buf; buf=NULL; async_write_str(CMD_GEN, "okpassword"); if(async_read(&cmd, &buf, &len) || !len) { logp("unable to get password for client %s\n", *client); if(*client) free(*client); *client=NULL; if(*cversion) free(*cversion); *cversion=NULL; free(buf); buf=NULL; return -1; } password=buf; buf=NULL; if(check_client_and_password(conf, *client, password, cconf)) { if(*client) free(*client); *client=NULL; if(*cversion) free(*cversion); *cversion=NULL; free(password); password=NULL; return -1; } version_warn(p1cntr, *client, *cversion); logp("auth ok for client: %s\n", *client); if(password) free(password); async_write_str(CMD_GEN, "ok"); return 0; }