← Back to branch summary

~ubuntu-branches/ubuntu/intrepid/apf/intrepid

« back to all changes in this revision

Viewing changes to src/afserver.c

  • Committer: Bazaar Package Importer
  • Author(s): Juan A. Diaz
  • Date: 2007-10-15 20:50:41 UTC
  • mfrom: (1.1.2 upstream) (2.1.1 lenny)
  • Revision ID: james.westby@ubuntu.com-20071015205041-y1oga3e13nb9016n
Tags: 0.8.4-1
http://bugs.debian.org/440985
* New upstream release.
* Added suport for certificate-based authentication (Closes: #440985).
  Thanks to Joshua Judson Rosen for making his whishes come true.
* Added dpatch in the build-depends to solve a minor bug in the afclient's
  manpages (lintian error: hyphen-used-as-minus-sign).

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/afserver.c
1
1
/*
2
2
 * active port forwarder - software for secure forwarding
3
 
 * Copyright (C) 2003-2006 jeremian <jeremian [at] poczta.fm>
 
3
 * Copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm>
4
4
 *
5
5
 * This program is free software; you can redistribute it and/or modify
6
6
 * it under the terms of the GNU General Public License as published by
37
37
        {"usrpcli", 1, 0, 'U'},
38
38
        {"climode", 1, 0, 'M'},
39
39
        {"cerfile", 1, 0, 'c'},
 
40
        {"cacerfile", 1, 0, 'A'},
 
41
        {"cerdepth", 1, 0, 'd'},
40
42
        {"keyfile", 1, 0, 'k'},
41
43
        {"cfgfile", 1, 0, 'f'},
42
44
        {"proto", 1, 0, 'p'},
110
112
  ConnectClient** srRaClientsTable;
111
113
 
112
114
  char* certif = NULL;
 
115
  char* cacertif = NULL;
 
116
  char* cerdepth = NULL;
113
117
  char* keys = NULL;
114
118
  char* dateformat = NULL;
115
119
  static char* stemp = NULL;
150
154
#endif
151
155
  
152
156
  while ((n = getopt_long(argc, argv,
153
 
          GETOPT_LONG_LIBPTHREAD(GETOPT_LONG_AF_INET6("hn:l:m:vu:c:k:f:p:o:t:C:U:M:abD:R:r:V"))
 
157
          GETOPT_LONG_LIBPTHREAD(GETOPT_LONG_AF_INET6("hn:l:m:vu:c:A:d:k:f:p:o:t:C:U:M:abD:R:r:V"))
154
158
          , long_options, 0)) != -1) {
155
159
    switch (n) {
156
160
      case 'h': {
213
217
                  certif = optarg;
214
218
                  break;
215
219
                }
 
220
      case 'A': {
 
221
                  cacertif = optarg;
 
222
                  break;
 
223
                }
 
224
      case 'd': {
 
225
                  cerdepth = optarg;
 
226
                  break;
 
227
                }
216
228
      case 'k': {
217
229
                  keys = optarg;
218
230
                  break;
331
343
                else {
332
344
      if (certif == NULL) {
333
345
        if (ServerConfiguration_get_certificateFile(config) == NULL) {
334
 
          ServerConfiguration_set_certificateFile(config, "cacert.pem");
 
346
          ServerConfiguration_set_certificateFile(config, "server-cert.pem");
335
347
        }
336
348
      }
337
349
      else {
338
350
        ServerConfiguration_set_certificateFile(config, certif);
339
351
      }
 
352
      if (cacertif != NULL) {
 
353
        ServerConfiguration_set_cacertificateFile(config, cacertif);
 
354
      }
 
355
      if (cerdepth != NULL) {
 
356
          ServerConfiguration_set_sCertificateDepth(config, cerdepth);
 
357
      }
340
358
      if (keys == NULL) {
341
359
        if (ServerConfiguration_get_keysFile(config) == NULL) {
342
360
          ServerConfiguration_set_keysFile(config, "server.rsa");
377
395
      exit(1);
378
396
    }
379
397
    ServerConfiguration_set_certificateFile(config, certif);
 
398
    ServerConfiguration_set_cacertificateFile(config, cacertif);
 
399
    ServerConfiguration_set_sCertificateDepth(config, cerdepth);
380
400
    ServerConfiguration_set_keysFile(config, keys);
381
401
    ServerConfiguration_set_dateFormat(config, dateformat);
382
402
 
398
418
      exit(1);
399
419
    }
400
420
    if (ServerConfiguration_get_certificateFile(config) == NULL) {
401
 
      ServerConfiguration_set_certificateFile(config, "cacert.pem");
 
421
      ServerConfiguration_set_certificateFile(config, "server-cert.pem");
402
422
    }
403
423
    if (ServerConfiguration_get_keysFile(config) == NULL) {
404
424
      ServerConfiguration_set_keysFile(config, "server.rsa");
533
553
        "Setting certificate failed (%s)... exiting", ServerConfiguration_get_certificateFile(config));
534
554
                exit(1);
535
555
        }
 
556
 
 
557
        cacertif = ServerConfiguration_get_cacertificateFile(config);
 
558
        if (cacertif) {
 
559
          if (SSL_CTX_load_verify_locations(ctx,
 
560
                                            cacertif,
 
561
                                            NULL)
 
562
              != 1)
 
563
          {
 
564
            aflog(LOG_T_INIT, LOG_I_CRIT,
 
565
                  "Setting CA certificate failed (%s)... exiting", cacertif);
 
566
            exit(1);
 
567
          }
 
568
 
 
569
          SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
 
570
                              NULL);
 
571
 
 
572
          cerdepth = ServerConfiguration_get_sCertificateDepth (config);
 
573
          if (cerdepth == NULL) {
 
574
              cerdepth = "9";
 
575
          }
 
576
          SSL_CTX_set_verify_depth(ctx, check_value_liberal (cerdepth, "Invalid max certificate-depth"));
 
577
        }
 
578
 
536
579
        if (ServerConfiguration_get_realmsNumber(config) == 0) {
537
580
                aflog(LOG_T_INIT, LOG_I_CRIT,
538
581
        "Working without sense is really without sense...");
1393
1436
              case 2: {
1394
1437
                        close(SslFd_get_fd(ConnectClient_get_sslFd(srClientsTable[k])));
1395
1438
                        FD_CLR(SslFd_get_fd(ConnectClient_get_sslFd(srClientsTable[k])), &allset);
1396
 
                        SSL_clear(SslFd_get_ssl(ConnectClient_get_sslFd(srClientsTable[k])));
 
1439
 
 
1440
                        /* This SSL-object is busted; don't reuse it
 
1441
                           (SSL_clear isn't sufficient because ssl->new_session is set): */
 
1442
                        SslFd_set_ssl(ConnectClient_get_sslFd(srClientsTable[k]),
 
1443
                                      SSL_new (ctx));
 
1444
 
1397
1445
                        ConnectClient_set_state(srClientsTable[k], CONNECTCLIENT_STATE_FREE);
1398
1446
                        if ((task = ConnectClient_get_task(srClientsTable[k]))) {
1399
1447
                          TaskScheduler_removeTask(scheduler, task);