int server_create(prelude_client_profile_t *cp, const char *addr, unsigned int port,
prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt)
{
int sock;
size_t size;
struct pollfd pfd[128];
gnutls_dh_params_t dh_params;
#ifdef GNUTLS_SRP_ENABLED
int ret;
ret = gnutls_srp_allocate_server_credentials(&srpcred);
if ( ret < 0 ) {
fprintf(stderr, "error creating SRP credentials: %s.\n", gnutls_strerror(ret));
return -1;
}
gnutls_srp_set_server_credentials_function(srpcred, srp_callback);
#endif
one_shot_passwd = pass;
gnutls_anon_allocate_server_credentials(&anoncred);
fprintf(stderr, "Generating %d bits Diffie-Hellman key for anonymous authentication...", ANON_DH_BITS);
gnutls_dh_params_init(&dh_params);
gnutls_dh_params_generate2(dh_params, ANON_DH_BITS);
gnutls_anon_set_server_dh_params(anoncred, dh_params);
fprintf(stderr, "\n");
size = sizeof(pfd) / sizeof(*pfd);
sock = setup_server(addr, port, pfd, &size);
if ( sock < 0 )
return -1;
wait_connection(cp, sock, pfd, size, keepalive, key, cacrt, crt);
#ifdef GNUTLS_SRP_ENABLED
gnutls_srp_free_server_credentials(srpcred);
#endif
gnutls_anon_free_server_credentials(anoncred);
return 0;
}
bool mrutils::TLSServer::init(const char * tpasswd, const char * tpasswdconf) {
mrutils::mutexAcquire(connectionMutex);
#ifndef MR_TLS_NO_THREADS
std::cout << "gcry_control" << std::endl;
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif
std::cout << "gnutls_global_init" << std::endl;
gnutls_global_init();
std::cout << "gnutls_global_init_extra" << std::endl;
gnutls_global_init_extra(); // for srp
std::cout << "gnutls_srp_allocate_server_credentials" << std::endl;
gnutls_srp_allocate_server_credentials (&srp_cred);
std::cout << "gnutls_srp_set_server_credentials_file" << std::endl;
gnutls_srp_set_server_credentials_file (srp_cred, tpasswd, tpasswdconf);
mrutils::mutexRelease(connectionMutex);
return (init_ = true);
}
int
main (void)
{
int err, listen_sd;
int sd, ret;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
int client_len;
char topbuf[512];
gnutls_session_t session;
char buffer[MAX_BUF + 1];
int optval = 1;
char name[256];
strcpy (name, "Echo Server");
/* these must be called once in the program
*/
gnutls_global_init ();
gnutls_global_init_extra (); /* for SRP */
/* SRP_PASSWD a password file (created with the included srptool utility)
*/
gnutls_srp_allocate_server_credentials (&srp_cred);
gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD,
SRP_PASSWD_CONF);
gnutls_certificate_allocate_credentials (&cert_cred);
gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE,
GNUTLS_X509_FMT_PEM);
/* TCP socket operations
*/
listen_sd = socket (AF_INET, SOCK_STREAM, 0);
SOCKET_ERR (listen_sd, "socket");
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
SOCKET_ERR (err, "bind");
err = listen (listen_sd, 1024);
SOCKET_ERR (err, "listen");
printf ("%s ready. Listening to port '%d'.\n\n", name, PORT);
client_len = sizeof (sa_cli);
for (;;)
{
session = initialize_tls_session ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
printf ("- connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
{
close (sd);
gnutls_deinit (session);
fprintf (stderr, "*** Handshake has failed (%s)\n\n",
gnutls_strerror (ret));
continue;
}
printf ("- Handshake was completed\n");
/* print_info(session); */
for (;;)
{
memset (buffer, 0, MAX_BUF + 1);
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
printf ("\n- Peer has closed the GNUTLS connection\n");
break;
}
else if (ret < 0)
{
fprintf (stderr, "\n*** Received corrupted "
"data(%d). Closing the connection.\n\n", ret);
break;
}
else if (ret > 0)
{
/* echo data back to the client
*/
gnutls_record_send (session, buffer, strlen (buffer));
}
}
printf ("\n");
/* do not wait for the peer to close the connection. */
gnutls_bye (session, GNUTLS_SHUT_WR);
close (sd);
gnutls_deinit (session);
}
close (listen_sd);
gnutls_srp_free_server_credentials (srp_cred);
gnutls_certificate_free_credentials (cert_cred);
gnutls_global_deinit ();
return 0;
}
srp_server_credentials::srp_server_credentials ():credentials
(GNUTLS_CRD_SRP)
{
RETWRAP (gnutls_srp_allocate_server_credentials (&cred));
set_ptr (cred);
}
const struct remote_security_filter *load_security_filter(int tType, const char **dData, load_reference lLoad)
{
if (initialized) return NULL;
#ifdef HAVE_GCRYPT_H
if (!gcry_control(GCRYCTL_ANY_INITIALIZATION_P))
{
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
gcry_check_version(NULL); //no need to check as of now
gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
}
#endif
gnutls_global_set_log_function(&gnutls_logging);
gnutls_global_set_log_level(PARAM_RSVX_TLS_LOGGING);
gnutls_global_init();
forwarder_type = tType;
const char **initializers = dData, **current = initializers;
int argument_count = 0;
if (current) while (*current++) argument_count++;
if (argument_count > 0 && (current = initializers))
//srp initialization
{
use_srp_auth = true;
const char *passwd = (*current)? *current++ : NULL;
const char *srp_passwd = (*current)? *current++ : NULL;
const char *srp_passwd_conf = (*current)? *current++ : NULL;
if (passwd && strlen(passwd))
{
srp_file = passwd;
if (!parse_passwd())
{
gnutls_global_deinit();
return NULL;
}
}
gnutls_global_init_extra();
if (srp_passwd && strlen(srp_passwd) && srp_passwd_conf &&
strlen(srp_passwd_conf))
{
gnutls_srp_allocate_server_credentials(&srp_server);
gnutls_srp_set_server_credentials_file(srp_server, srp_passwd,
srp_passwd_conf);
}
}
else
//anonymouns initialization
{
gnutls_anon_allocate_server_credentials(&credentials);
gnutls_dh_params_init(&dh_params);
gnutls_dh_params_generate2(dh_params, 1024);
gnutls_anon_set_server_dh_params(credentials, dh_params);
}
return &internal_filter;
}