Link Here
|
9 |
#include <string.h> |
9 |
#include <string.h> |
10 |
#include <unistd.h> |
10 |
#include <unistd.h> |
11 |
|
11 |
|
|
|
12 |
#include <openssl/ssl.h> |
13 |
|
12 |
#include <Xm/Form.h> |
14 |
#include <Xm/Form.h> |
13 |
#include <Xm/Label.h> |
15 |
#include <Xm/Label.h> |
14 |
#include <Xm/PushB.h> |
16 |
#include <Xm/PushB.h> |
Link Here
|
70 |
|
72 |
|
71 |
static char netcategory[] = "Network"; /* Save category */ |
73 |
static char netcategory[] = "Network"; /* Save category */ |
72 |
|
74 |
|
|
|
75 |
static SSL_METHOD *ssl_method; /* global ssl dispatch structure for creating a ssl context */ |
76 |
static SSL_CTX *ssl_ctx; /* global ssl context structure for creating ssl connections */ |
77 |
|
73 |
/* call to set up without actually bringing up the menus. |
78 |
/* call to set up without actually bringing up the menus. |
74 |
*/ |
79 |
*/ |
75 |
void |
80 |
void |
76 |
net_create() |
81 |
net_create() |
77 |
{ |
82 |
{ |
78 |
if (!netshell_w) { |
83 |
if (!netshell_w) { |
|
|
84 |
if (SSL_library_init() < 0) { |
85 |
fprintf (stderr, "Could not initialize the OpenSSL library !\n"); |
86 |
} else { |
87 |
ssl_method = SSLv23_client_method(); /* deprecated since openssl 1.1.x */ |
88 |
// ssl_method = TLS_client_method(); /* since openssl 1.1.x */ |
89 |
ssl_ctx = SSL_CTX_new (ssl_method); |
90 |
SSL_CTX_set_options (ssl_ctx, SSL_OP_NO_SSLv2); |
91 |
}; |
92 |
|
79 |
net_create_form(); |
93 |
net_create_form(); |
80 |
(void) net_save(); /* confirming here is just annoying */ |
94 |
(void) net_save(); /* confirming here is just annoying */ |
81 |
} |
95 |
} |
Link Here
|
251 |
struct { |
265 |
struct { |
252 |
unsigned char VN; /* version number */ |
266 |
unsigned char VN; /* version number */ |
253 |
unsigned char CD; /* command code */ |
267 |
unsigned char CD; /* command code */ |
254 |
unsigned short DSTPORT; /* destination port */ |
268 |
uint16_t DSTPORT; /* destination port */ |
255 |
unsigned long DSTIP; /* destination IP addres */ |
269 |
uint32_t DSTIP; /* destination IP address */ |
256 |
} SocksPacket; |
270 |
} SocksPacket; |
257 |
|
271 |
|
258 |
struct hostent *hs = gethostbyname (socks_host); |
272 |
struct hostent *hs = gethostbyname (socks_host); |
Link Here
|
390 |
|
404 |
|
391 |
/* read up to and including the next '\n' from socket fd into buf[max]. |
405 |
/* read up to and including the next '\n' from socket fd into buf[max]. |
392 |
* we silently ignore all '\r'. we add a trailing '\0'. |
406 |
* we silently ignore all '\r'. we add a trailing '\0'. |
393 |
* return line lenth (not counting \0) if all ok, else -1. |
407 |
* return line length (not counting \0) if all ok, else -1. |
394 |
* N.B. this never reads ahead -- if that's ok, recvlineb() is better |
408 |
* N.B. this never reads ahead -- if that's ok, recvlineb() is better |
395 |
*/ |
409 |
*/ |
396 |
int |
410 |
int |
Link Here
|
445 |
if (nr <= 0) { |
459 |
if (nr <= 0) { |
446 |
ok = nr; |
460 |
ok = nr; |
447 |
rb_next = 0; |
461 |
rb_next = 0; |
|
|
462 |
rb_unk = 0; |
463 |
break; |
464 |
} |
465 |
rb_next = 0; |
466 |
rb_unk = nr; |
467 |
} |
468 |
|
469 |
if ((c = rb_linebuf[rb_next++]) != '\r') |
470 |
*buf++ = c; |
471 |
|
472 |
} while (buf-origbuf < size && c != '\n'); |
473 |
|
474 |
/* always give back a real line regardless, else status */ |
475 |
if (ok > 0) { |
476 |
*buf = '\0'; |
477 |
ok = buf - origbuf; |
478 |
} |
479 |
|
480 |
return (ok); |
481 |
} |
482 |
|
483 |
/* open the host, do the given GET cmd, and return a socket fd for the result. |
484 |
* on success it fills the XE_SSL_FD structure for later use by SSL_read() and necessary cleanup. |
485 |
* return -1 and with excuse in msg[], else 0 if ok. |
486 |
* N.B. can be called before we are created if net set in app defaults. |
487 |
*/ |
488 |
int |
489 |
httpsGET (char *host, char *GETcmd, char msg[], XE_SSL_FD *ssl_fd) |
490 |
{ |
491 |
char buf[2048]; |
492 |
int fd; |
493 |
int connected; |
494 |
SSL *ssl; |
495 |
int n; |
496 |
int ret; |
497 |
int httpsport = 443; |
498 |
|
499 |
/* open connection */ |
500 |
if (proxy_on) { |
501 |
fd = mkconnection (proxy_host, proxy_port, msg); |
502 |
if (fd < 0) |
503 |
return (-1); |
504 |
|
505 |
/* fill buf with CONNECT */ |
506 |
(void) sprintf (buf, "CONNECT %1$s:%2$d HTTP/1.0\r\nUser-Agent: xephem/%3$s\r\nHost: %1$s:%2$d\r\n\r\n", host, httpsport, PATCHLEVEL); |
507 |
|
508 |
/* add proxy auth if enabled */ |
509 |
if (!auth_w) |
510 |
net_create_form(); |
511 |
if (XmToggleButtonGetState (auth_w)) |
512 |
addAuth(buf); |
513 |
|
514 |
/* log it */ |
515 |
xe_msg (0, "https proxy connect: %s", buf); |
516 |
|
517 |
/* send it */ |
518 |
n = strlen (buf); |
519 |
if (sendbytes(fd, (unsigned char *)buf, n) < 0) { |
520 |
(void) sprintf (msg, "%s: send error: %s", proxy_host, syserrstr()); |
521 |
(void) close (fd); |
522 |
return (-1); |
523 |
} |
524 |
|
525 |
connected = 0; |
526 |
while (recvline (fd, buf, sizeof(buf)) > 1) { |
527 |
xe_msg (0, "Rcv: %s", buf); |
528 |
if (strstr (buf, "200 ")) |
529 |
connected = 1; |
530 |
} |
531 |
if (!connected) { |
532 |
(void) sprintf (msg, "%s: connect error: %s", proxy_host, syserrstr()); |
533 |
(void) close (fd); |
534 |
return (-1); |
535 |
} |
536 |
} else { |
537 |
/* SOCKS or direct are both handled by mkconnection() */ |
538 |
fd = mkconnection (host, httpsport, msg); |
539 |
if (fd < 0) |
540 |
return (-1); |
541 |
} |
542 |
|
543 |
/* fill buf with GETcmd */ |
544 |
(void) sprintf (buf, "%s", GETcmd); |
545 |
|
546 |
/* start ssl connection */ |
547 |
ssl = SSL_new (ssl_ctx); |
548 |
SSL_set_fd (ssl, fd); |
549 |
SSL_connect (ssl); |
550 |
|
551 |
/* log it */ |
552 |
xe_msg (0, "https: %s", buf); |
553 |
|
554 |
/* send it */ |
555 |
n = strlen (buf); |
556 |
ret = SSL_write (ssl, (unsigned char *)buf, n); |
557 |
if (ret <= 0) { |
558 |
(void) sprintf (msg, "%s: ssl send error code: %d", host, SSL_get_error (ssl, ret)); |
559 |
(void) SSL_free (ssl); |
560 |
(void) close (fd); |
561 |
return (-1); |
562 |
} |
563 |
|
564 |
/* caller can read response */ |
565 |
ssl_fd->fd = fd; |
566 |
ssl_fd->ssl = ssl; |
567 |
return (fd); |
568 |
} |
569 |
|
570 |
/* receive exactly n bytes from ssl connection ssl_fd into buf. |
571 |
* return -1, 0 or n. |
572 |
* N.B. with fallback to ordinary read from socket if ssl_fd->ssl is NULL |
573 |
*/ |
574 |
int |
575 |
ssl_recvbytes (XE_SSL_FD *ssl_fd, unsigned char buf[], int n) |
576 |
{ |
577 |
int ns, tot; |
578 |
|
579 |
for (tot = 0; tot < n; tot += ns) { |
580 |
if (tout (TOUT, ssl_fd->fd, 0) < 0) |
581 |
return (-1); |
582 |
if (ssl_fd->ssl) |
583 |
ns = SSL_read (ssl_fd->ssl, (void *)(buf+tot), n-tot); |
584 |
else |
585 |
ns = read (ssl_fd->fd, (void *)(buf+tot), n-tot); |
586 |
if (ns <= 0) |
587 |
return (ns); |
588 |
} |
589 |
return (n); |
590 |
} |
591 |
|
592 |
/* like read(2) except we time out and allow user to cancel. |
593 |
* receive up to n bytes from ssl connection ssl_fd into buf. |
594 |
* return count, or 0 on eof or -1 on error. |
595 |
* N.B. with fallback to ordinary read from socket if ssl_fd->ssl is NULL |
596 |
*/ |
597 |
int |
598 |
ssl_readbytes (XE_SSL_FD *ssl_fd, unsigned char buf[], int n) |
599 |
{ |
600 |
int ns; |
601 |
|
602 |
if (tout (TOUT, ssl_fd->fd, 0) < 0) |
603 |
return (-1); |
604 |
if (ssl_fd->ssl) |
605 |
ns = SSL_read (ssl_fd->ssl, (void *)buf, n); |
606 |
else |
607 |
ns = read (ssl_fd->fd, (void *)buf, n); |
608 |
return (ns); |
609 |
} |
610 |
|
611 |
/* read up to and including the next '\n' from ssl into buf[max]. |
612 |
* we silently ignore all '\r'. we add a trailing '\0'. |
613 |
* return line length (not counting \0) if all ok, else -1. |
614 |
* N.B. with fallback to ordinary read from socket if ssl_fd->ssl is NULL |
615 |
*/ |
616 |
int |
617 |
ssl_recvline (XE_SSL_FD *ssl_fd, char buf[], int max) |
618 |
{ |
619 |
unsigned char c; |
620 |
int n; |
621 |
|
622 |
max--; /* leave room for trailing \0 */ |
623 |
|
624 |
for (n = 0; n < max && ssl_recvbytes (ssl_fd, &c, 1) == 1; ) { |
625 |
if (c != '\r') { |
626 |
buf[n++] = c; |
627 |
if (c == '\n') { |
628 |
buf[n] = '\0'; |
629 |
return (n); |
630 |
} |
631 |
} |
632 |
} |
633 |
|
634 |
return (-1); |
635 |
} |
636 |
|
637 |
/* rather like ssl_recvline but reads ahead in big chunk for efficiency. |
638 |
* return length if read a line ok, 0 if hit eof, -1 if error. |
639 |
* N.B. we silently swallow all '\r'. |
640 |
* N.B. we read ahead and can hide bytes after each call. |
641 |
* N.B. with fallback to ordinary read from socket if ssl_fd->ssl is NULL |
642 |
*/ |
643 |
int |
644 |
ssl_recvlineb (XE_SSL_FD *ssl_fd, char *buf, int size) |
645 |
{ |
646 |
char *origbuf = buf; /* save to prevent overfilling buf */ |
647 |
char c = '\0'; |
648 |
int ok = 1; |
649 |
|
650 |
/* always leave room for trailing \n */ |
651 |
size -= 1; |
652 |
|
653 |
/* read and copy linebuf[next] to buf until buf fills or copied a \n */ |
654 |
do { |
655 |
|
656 |
if (rb_next >= rb_unk) { |
657 |
/* linebuf is empty -- refill */ |
658 |
|
659 |
int nr; |
660 |
|
661 |
if (tout (TOUT, ssl_fd->fd, 0) < 0) { |
662 |
nr = -1; |
663 |
break; |
664 |
} |
665 |
if (ssl_fd->ssl) |
666 |
nr = SSL_read (ssl_fd->ssl, rb_linebuf, sizeof(rb_linebuf)); |
667 |
else |
668 |
nr = read (ssl_fd->fd, rb_linebuf, sizeof(rb_linebuf)); |
669 |
if (nr <= 0) { |
670 |
ok = nr; |
671 |
rb_next = 0; |
448 |
rb_unk = 0; |
672 |
rb_unk = 0; |
449 |
break; |
673 |
break; |
450 |
} |
674 |
} |