Download as
Browse Code »

Commit eec0774e662fb67f25179070a86db5a236274269

Authored by Perry Werneck
1 parent 1311e80f
Exists in master and in 3 other branches develop, macos, network_module

Updating windows code.

Showing 5 changed files with 152 additions and 208 deletions   Show diff stats
lib3270.cbp
  Diff comments   View file @eec0774
... ... @@ -219,7 +219,7 @@
219 219 <Unit filename="src/lib3270/ssl/state.c">
220 220 <Option compilerVar="CC" />
221 221 </Unit>
222   - <Unit filename="src/lib3270/ssl/windows/ctx_init.c">
  222 + <Unit filename="src/lib3270/ssl/windows/getcrl.c">
223 223 <Option compilerVar="CC" />
224 224 </Unit>
225 225 <Unit filename="src/lib3270/state.c">
... ...
src/include/config.h.in
  Diff comments   View file @eec0774
... ... @@ -61,11 +61,6 @@
61 61 #undef SSL_ENABLE_CRL_EXPIRATION_CHECK
62 62 #undef SSL_DEFAULT_CRL_URL
63 63  
64   - /* Windows Options */
65   -#ifdef WIN32
66   - #undef HAVE_WIN_REGISTRY
67   -#endif // WIN32
68   -
69 64 /* Optional parts. */
70 65 #undef X3270_DBCS
71 66 #undef X3270_SCRIPT
... ...
src/lib3270/session.c
  Diff comments   View file @eec0774
... ... @@ -254,6 +254,11 @@ static void set_peer_certificate)(const void *cert unused)
254 254 }
255 255 #endif // HAVE_LIBSSL
256 256  
  257 +static void default_update_luname(H3270 *session unused, const char *name unused)
  258 +{
  259 +
  260 +}
  261 +
257 262 void lib3270_reset_callbacks(H3270 *hSession)
258 263 {
259 264 // Default calls
... ... @@ -283,7 +288,7 @@ void lib3270_reset_callbacks(H3270 *hSession)
283 288 hSession->cbk.set_timer = set_timer;
284 289 hSession->cbk.print = print;
285 290 hSession->cbk.set_peer_certificate = set_peer_certificate;
286   - hSession->cbk.update_luname = (void (*)(H3270 *, const char *)) nop_int;
  291 + hSession->cbk.update_luname = default_update_luname;
287 292  
288 293 }
289 294  
... ... @@ -298,7 +303,7 @@ static void lib3270_session_init(H3270 *hSession, const char *model, const char
298 303 lib3270_reset_callbacks(hSession);
299 304  
300 305 // Trace management.
301   - hSession->trace.handler = def_trace;
  306 + hSession->trace.handler = def_trace;
302 307  
303 308 // Set the defaults.
304 309 hSession->extended = 1;
... ...
src/lib3270/ssl/linux/getcrl.c
  Diff comments   View file @eec0774
... ... @@ -150,23 +150,6 @@ static size_t internal_curl_write_callback(void *contents, size_t size, size_t n
150 150 memcpy(&(data->contents[data->length]),contents,realsize);
151 151 data->length += realsize;
152 152  
153   - /*
154   - struct MemoryStruct *mem = (struct MemoryStruct *)userp;
155   -
156   - char *ptr = realloc(mem->memory, mem->size + realsize + 1);
157   - if(ptr == NULL) {
158   - printf("not enough memory (realloc returned NULL)\n");
159   - return 0;
160   - }
161   -
162   - mem->memory = ptr;
163   - memcpy(&(mem->memory[mem->size]), contents, realsize);
164   - mem->size += realsize;
165   - mem->memory[mem->size] = 0;
166   -
167   - */
168   -
169   -
170 153 return realsize;
171 154 }
172 155  
... ...
src/lib3270/ssl/windows/getcrl.c
  Diff comments   View file @eec0774
... ... @@ -33,7 +33,10 @@
33 33 *
34 34 */
35 35  
  36 +#define CRL_DATA_LENGTH 4096
  37 +
36 38 #include <config.h>
  39 +
37 40 #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK)
38 41  
39 42 #include <openssl/ssl.h>
... ... @@ -41,10 +44,9 @@
41 44 #include <openssl/x509_vfy.h>
42 45 #include <openssl/x509.h>
43 46  
44   -#ifdef HAVE_LDAP
45   - #define LDAP_DEPRECATED 1
46   - #include <ldap.h>
47   -#endif // HAVE_LDAP
  47 +#ifdef HAVE_LIBCURL
  48 + #include <curl/curl.h>
  49 +#endif // HAVE_LIBCURL
48 50  
49 51 #include "../../private.h"
50 52 #include <trace_dsc.h>
... ... @@ -59,66 +61,80 @@ static inline void lib3270_autoptr_cleanup_FILE(FILE **file)
59 61 fclose(*file);
60 62 }
61 63  
62   -#ifdef HAVE_LDAP
63   -static inline void lib3270_autoptr_cleanup_LDAPMessage(LDAPMessage **message)
  64 +#ifdef HAVE_LIBCURL
  65 +static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
64 66 {
65   - debug("%s(%p)",__FUNCTION__,*message);
66   - if(message)
67   - ldap_msgfree(*message);
68   - *message = NULL;
  67 + debug("%s(%p)",__FUNCTION__,*ptr);
  68 + if(*ptr)
  69 + curl_easy_cleanup(*ptr);
  70 + *ptr = NULL;
69 71 }
70 72  
71   -static inline void lib3270_autoptr_cleanup_LDAP(LDAP **ld)
  73 +typedef struct _curldata
72 74 {
73   - debug("%s(%p)",__FUNCTION__,*ld);
74   - if(*ld)
75   - ldap_unbind_ext(*ld, NULL, NULL);
76   - *ld = NULL;
77   -}
  75 + size_t length;
  76 + SSL_ERROR_MESSAGE * message;
  77 + unsigned char contents[CRL_DATA_LENGTH];
  78 +} CURLDATA;
78 79  
79   -static inline void lib3270_autoptr_cleanup_BerElement(BerElement **ber)
  80 +static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
80 81 {
81   - debug("%s(%p)",__FUNCTION__,*ber);
82   - if(*ber)
83   - ber_free(*ber, 0);
84   - *ber = NULL;
  82 + debug("%s(%p)",__FUNCTION__,*ptr);
  83 + if(*ptr)
  84 + lib3270_free(*ptr);
  85 + *ptr = NULL;
85 86 }
86 87  
87   -static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr)
  88 +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
88 89 {
89 90 debug("%s(%p)",__FUNCTION__,*ptr);
90 91 if(*ptr)
91   - ldap_memfree(*ptr);
  92 + BIO_free_all(*ptr);
92 93 *ptr = NULL;
93 94 }
94 95  
95   -#endif // HAVE_LDAP
96   -
97   -X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
  96 +static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
98 97 {
99   - X509_CRL * crl = NULL;
  98 + CURLDATA * data = (CURLDATA *) userp;
  99 +
  100 + size_t realsize = size * nmemb;
100 101  
101   - if(!hSession->ssl.crl)
  102 + if((size + data->length) > CRL_DATA_LENGTH)
102 103 {
103   -#ifdef LIB3270_DEFAULT_CRL
104   - hSession->ssl.crl = strdup(LIB3270_DEFAULT_CRL);
105   -#else
106   - char *env = getenv("LIB3270_DEFAULT_CRL");
107   - if(env)
108   - hSession->ssl.crl = strdup(env);
109   -#endif // LIB3270_DEFAULT_CRL
  104 + debug("CRL Data block is bigger than allocated block (%u bytes)",(unsigned int) size);
  105 + return 0;
110 106 }
111 107  
112   - if(!hSession->ssl.crl)
  108 + debug("Received %u bytes", (unsigned int) realsize);
  109 +
  110 + memcpy(&(data->contents[data->length]),contents,realsize);
  111 + data->length += realsize;
  112 +
  113 + return realsize;
  114 +}
  115 +
  116 +#endif // HAVE_LIBCURL
  117 +
  118 +
  119 +X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
  120 +{
  121 + X509_CRL * crl = NULL;
  122 + const char * consturl = lib3270_get_crl_url(hSession);
  123 +
  124 + if(!(consturl && *consturl))
113 125 {
  126 + message->error = hSession->ssl.error = 0;
  127 + message->title = N_( "Security error" );
  128 + message->text = N_( "Can't open CRL File" );
  129 + message->description = N_("The URL for the CRL is undefined or empty");
114 130 return NULL;
115 131 }
116 132  
117   - trace_ssl(hSession, "crl=%s",hSession->ssl.crl);
  133 + trace_ssl(hSession, "crl=%s",consturl);
118 134  
119   - if(strncasecmp(hSession->ssl.crl,"file://",7) == 0)
  135 + if(strncasecmp(consturl,"file://",7) == 0)
120 136 {
121   - lib3270_autoptr(FILE) hCRL = fopen(hSession->ssl.crl+7,"r");
  137 + lib3270_autoptr(FILE) hCRL = fopen(consturl+7,"r");
122 138  
123 139 if(!hCRL)
124 140 {
... ... @@ -127,188 +143,133 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
127 143 message->title = N_( "Security error" );
128 144 message->text = N_( "Can't open CRL File" );
129 145 message->description = strerror(errno);
130   - lib3270_write_log(hSession,"ssl","Can't open %s: %s",hSession->ssl.crl,message->description);
  146 + lib3270_write_log(hSession,"ssl","Can't open %s: %s",consturl,message->description);
131 147 return NULL;
132 148  
133 149 }
134 150  
135   - lib3270_write_log(hSession,"ssl","Loading CRL from %s",hSession->ssl.crl+7);
  151 + lib3270_write_log(hSession,"ssl","Loading CRL from %s",consturl+7);
136 152 d2i_X509_CRL_fp(hCRL, &crl);
137 153  
138 154 }
139   -#ifdef HAVE_LDAP
140   - else if(strncasecmp(hSession->ssl.crl,"ldap",4) == 0)
  155 + else
141 156 {
142   - int rc;
143   - lib3270_autoptr(char) url = strdup(hSession->ssl.crl);
  157 +#ifdef HAVE_LIBCURL
144 158  
145   - char * attrs[] = { NULL, NULL };
146   - char * base = NULL;
  159 + // Use CURL to download the CRL
  160 + lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
  161 + lib3270_autoptr(CURL) hCurl = curl_easy_init();
147 162  
148   - const struct _args
149   - {
150   - const char * name;
151   - char ** value;
152   - }
153   - args[] =
154   - {
155   - { "attr", &attrs[0] },
156   - { "base", &base }
157   - };
158   -
159   - // Get arguments
160   - size_t arg;
161   - char * ptr = strchr(url,'?');
162   - while(ptr)
  163 + memset(crl_data,0,sizeof(CURLDATA));
  164 + crl_data->message = message;
  165 +
  166 + if(hCurl)
163 167 {
164   - *(ptr++) = 0;
165   - char *value = strchr(ptr,'=');
166   - if(!value)
167   - {
168   - message->error = hSession->ssl.error = 0;
169   - message->title = N_( "Security error" );
170   - message->text = N_( "Invalid argument format" );
171   - message->description = "The URL argument should be in the format name=value";
172   - return NULL;
173   - }
  168 + CURLcode res;
  169 +
  170 + curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
  171 + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
174 172  
175   - *(value++) = 0;
  173 + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
  174 + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
176 175  
177   - debug("%s=%s",ptr,value);
  176 + res = curl_easy_perform(hCurl);
178 177  
179   - for(arg = 0; arg < (sizeof(args)/sizeof(args[0])); arg++)
  178 + if(res != CURLE_OK)
180 179 {
181   - if(!strcasecmp(ptr,args[arg].name))
182   - {
183   - *args[arg].value = value;
184   - debug("%s=\"%s\"",args[arg].name,*args[arg].value);
185   - }
  180 + message->error = hSession->ssl.error = 0;
  181 + message->title = N_( "Security error" );
  182 + message->text = N_( "Error loading CRL" );
  183 + message->description = curl_easy_strerror(res);
  184 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  185 + return NULL;
186 186 }
187 187  
188   - ptr = strchr(value,'&');
189   - }
190   -
191   - // Do we get all the required arguments?
192   - for(arg = 0; arg < (sizeof(args)/sizeof(args[0])); arg++)
193   - {
194   - if(!*args[arg].value)
  188 + char *ct = NULL;
  189 + res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
  190 + if(res != CURLE_OK)
195 191 {
196 192 message->error = hSession->ssl.error = 0;
197 193 message->title = N_( "Security error" );
198   - message->text = N_( "Can't set LDAP query" );
199   - message->description = N_("Insuficient arguments");
200   - lib3270_write_log(hSession,"ssl","%s: Required argument \"%s\" is missing",url, args[arg].name);
  194 + message->text = N_( "Error loading CRL" );
  195 + message->description = curl_easy_strerror(res);
  196 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
201 197 return NULL;
202 198 }
203   - }
204 199  
205   - // Do LDAP Query
206   - LDAP __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAP))) *ld = NULL;
207   - BerElement __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_BerElement))) * ber = NULL;
  200 + debug("content-type: %s",ct);
208 201  
209   - rc = ldap_initialize(&ld, url);
210   - if(rc != LDAP_SUCCESS)
211   - {
212   - message->error = hSession->ssl.error = 0;
213   - message->title = N_( "Security error" );
214   - message->text = N_( "Can't initialize LDAP" );
215   - message->description = ldap_err2string(rc);
216   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
217   - return NULL;
218   - }
  202 + if(ct)
  203 + {
  204 + const unsigned char * data = crl_data->contents;
219 205  
220   - unsigned long version = LDAP_VERSION3;
221   - rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,(void *) &version);
222   - if(rc != LDAP_SUCCESS) {
223   - message->error = hSession->ssl.error = 0;
224   - message->title = N_( "Security error" );
225   - message->text = N_( "Can't set LDAP version" );
226   - message->description = ldap_err2string(rc);
227   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
228   - return NULL;
229   - }
  206 + if(strcasecmp(ct,"application/pkix-crl") == 0)
  207 + {
  208 + // CRL File, convert it
  209 + if(!d2i_X509_CRL(&crl, &data, crl_data->length))
  210 + {
  211 + message->error = hSession->ssl.error = ERR_get_error();
  212 + message->title = N_( "Security error" );
  213 + message->text = N_( "Got an invalid CRL from server" );
  214 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  215 + return NULL;
  216 + }
  217 + }
  218 + else
  219 + {
  220 + message->error = hSession->ssl.error = ERR_get_error();
  221 + message->title = N_( "Security error" );
  222 + message->text = N_( "Got an invalid CRL from server" );
  223 + lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  224 + return NULL;
  225 + }
  226 + }
  227 + else if(strncasecmp(consturl,"ldap://",7) == 0)
  228 + {
  229 + // It's an LDAP query, assumes a base64 data.
  230 + char * data = strstr((char *) crl_data->contents,":: ");
  231 + if(!data)
  232 + {
  233 + message->error = hSession->ssl.error = ERR_get_error();
  234 + message->title = N_( "Security error" );
  235 + message->text = N_( "Got an invalid CRL from LDAP server" );
  236 + lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->contents);
  237 + return NULL;
  238 + }
  239 + data += 3;
230 240  
231   - rc = ldap_simple_bind_s(ld, "", "");
232   - if(rc != LDAP_SUCCESS)
233   - {
234   - message->error = hSession->ssl.error = 0;
235   - message->title = N_( "Security error" );
236   - message->text = N_( "Can't bind to LDAP server" );
237   - message->description = ldap_err2string(rc);
238   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
239   - return NULL;
240   - }
  241 + debug("\n%s\nlength=%u",data,(unsigned int) strlen(data));
241 242  
242   - lib3270_autoptr(LDAPMessage) results = NULL;
243   - rc = ldap_search_ext_s(
244   - ld, // Specifies the LDAP pointer returned by a previous call to ldap_init(), ldap_ssl_init(), or ldap_open().
245   - base, // Specifies the DN of the entry at which to start the search.
246   - LDAP_SCOPE_BASE, // Specifies the scope of the search.
247   - NULL, // Specifies a string representation of the filter to apply in the search.
248   - (char **) &attrs, // Specifies a null-terminated array of character string attribute types to return from entries that match filter.
249   - 0, // Should be set to 1 to request attribute types only. Set to 0 to request both attributes types and attribute values.
250   - NULL,
251   - NULL,
252   - NULL,
253   - 0,
254   - &results
255   - );
256   -
257   - if(rc != LDAP_SUCCESS)
258   - {
259   - message->error = hSession->ssl.error = 0;
260   - message->title = N_( "Security error" );
261   - message->text = N_( "Can't search LDAP server" );
262   - message->description = ldap_err2string(rc);
263   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
264   - return NULL;
265   - }
  243 + lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
266 244  
267   - char __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAPPTR))) *attr = ldap_first_attribute(ld, results, &ber);
268   - if(!attr)
269   - {
270   - message->error = hSession->ssl.error = 0;
271   - message->title = N_( "Security error" );
272   - message->text = N_( "Can't get LDAP attribute" );
273   - message->description = N_("Search did not produce any attributes.");
274   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
275   - return NULL;
276   - }
  245 + BIO * b64 = BIO_new(BIO_f_base64());
  246 + bio = BIO_push(b64, bio);
277 247  
278   - struct berval ** value = ldap_get_values_len(ld, results, attr);
279   - if(!value)
280   - {
281   - message->error = hSession->ssl.error = 0;
282   - message->title = N_( "Security error" );
283   - message->text = N_( "Can't get LDAP attribute" );
284   - message->description = N_("Search did not produce any values.");
285   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);
286   - return NULL;
287   - }
  248 + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
288 249  
289   - // Precisa salvar uma cópia porque d2i_X509_CRL modifica o ponteiro.
290   - const unsigned char *crl_data = (const unsigned char *) value[0]->bv_val;
  250 + if(!d2i_X509_CRL_bio(bio, &crl))
  251 + {
  252 + message->error = hSession->ssl.error = ERR_get_error();
  253 + message->title = N_( "Security error" );
  254 + message->text = N_( "Got an invalid CRL from server" );
  255 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  256 + return NULL;
  257 + }
291 258  
292   - if(!d2i_X509_CRL(&crl, &crl_data, value[0]->bv_len))
293   - {
294   - message->error = hSession->ssl.error = ERR_get_error();
295   - message->title = N_( "Security error" );
296   - message->text = N_( "Can't get CRL from LDAP Search" );
297   - lib3270_write_log(hSession,"ssl","%s: %s",url, message->text);
298   - }
  259 + }
299 260  
300   - ldap_value_free_len(value);
  261 + }
  262 +#else
  263 + // Can't get CRL.
301 264  
302   - }
303   -#endif // HAVE_LDAP
304   - else
305   - {
306 265 message->error = hSession->ssl.error = 0;
307 266 message->title = N_( "Security error" );
308 267 message->text = N_( "Unexpected or invalid CRL URL" );
309 268 message->description = N_("The URL scheme is unknown");
310   - lib3270_write_log(hSession,"ssl","%s: %s",hSession->ssl.crl, message->description);
  269 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
311 270 return NULL;
  271 +#endif // HAVE_LIBCURL
  272 +
312 273 }
313 274  
314 275 return crl;
... ...