Download as
Browse Code »

Commit eec0774e662fb67f25179070a86db5a236274269

Authored by Perry Werneck
1 parent 1311e80f
Exists in master and in 3 other branches develop, macos, network_module

Updating windows code.

Showing 5 changed files with 152 additions and 208 deletions   Show diff stats
@@ -219,7 +219,7 @@ @@ -219,7 +219,7 @@
219 <Unit filename="src/lib3270/ssl/state.c"> 219 <Unit filename="src/lib3270/ssl/state.c">
220 <Option compilerVar="CC" /> 220 <Option compilerVar="CC" />
221 </Unit> 221 </Unit>
222 - <Unit filename="src/lib3270/ssl/windows/ctx_init.c"> 222 + <Unit filename="src/lib3270/ssl/windows/getcrl.c">
223 <Option compilerVar="CC" /> 223 <Option compilerVar="CC" />
224 </Unit> 224 </Unit>
225 <Unit filename="src/lib3270/state.c"> 225 <Unit filename="src/lib3270/state.c">
src/include/config.h.in
  Diff comments   View file @eec0774
@@ -61,11 +61,6 @@ @@ -61,11 +61,6 @@
61 #undef SSL_ENABLE_CRL_EXPIRATION_CHECK 61 #undef SSL_ENABLE_CRL_EXPIRATION_CHECK
62 #undef SSL_DEFAULT_CRL_URL 62 #undef SSL_DEFAULT_CRL_URL
63 63
64 - /* Windows Options */  
65 -#ifdef WIN32  
66 - #undef HAVE_WIN_REGISTRY  
67 -#endif // WIN32  
68 -  
69 /* Optional parts. */ 64 /* Optional parts. */
70 #undef X3270_DBCS 65 #undef X3270_DBCS
71 #undef X3270_SCRIPT 66 #undef X3270_SCRIPT
src/lib3270/session.c
  Diff comments   View file @eec0774
@@ -254,6 +254,11 @@ static void set_peer_certificate)(const void *cert unused) @@ -254,6 +254,11 @@ static void set_peer_certificate)(const void *cert unused)
254 } 254 }
255 #endif // HAVE_LIBSSL 255 #endif // HAVE_LIBSSL
256 256
  257 +static void default_update_luname(H3270 *session unused, const char *name unused)
  258 +{
  259 +
  260 +}
  261 +
257 void lib3270_reset_callbacks(H3270 *hSession) 262 void lib3270_reset_callbacks(H3270 *hSession)
258 { 263 {
259 // Default calls 264 // Default calls
@@ -283,7 +288,7 @@ void lib3270_reset_callbacks(H3270 *hSession) @@ -283,7 +288,7 @@ void lib3270_reset_callbacks(H3270 *hSession)
283 hSession->cbk.set_timer = set_timer; 288 hSession->cbk.set_timer = set_timer;
284 hSession->cbk.print = print; 289 hSession->cbk.print = print;
285 hSession->cbk.set_peer_certificate = set_peer_certificate; 290 hSession->cbk.set_peer_certificate = set_peer_certificate;
286 - hSession->cbk.update_luname = (void (*)(H3270 *, const char *)) nop_int; 291 + hSession->cbk.update_luname = default_update_luname;
287 292
288 } 293 }
289 294
@@ -298,7 +303,7 @@ static void lib3270_session_init(H3270 *hSession, const char *model, const char @@ -298,7 +303,7 @@ static void lib3270_session_init(H3270 *hSession, const char *model, const char
298 lib3270_reset_callbacks(hSession); 303 lib3270_reset_callbacks(hSession);
299 304
300 // Trace management. 305 // Trace management.
301 - hSession->trace.handler = def_trace; 306 + hSession->trace.handler = def_trace;
302 307
303 // Set the defaults. 308 // Set the defaults.
304 hSession->extended = 1; 309 hSession->extended = 1;
src/lib3270/ssl/linux/getcrl.c
  Diff comments   View file @eec0774
@@ -150,23 +150,6 @@ static size_t internal_curl_write_callback(void *contents, size_t size, size_t n @@ -150,23 +150,6 @@ static size_t internal_curl_write_callback(void *contents, size_t size, size_t n
150 memcpy(&(data->contents[data->length]),contents,realsize); 150 memcpy(&(data->contents[data->length]),contents,realsize);
151 data->length += realsize; 151 data->length += realsize;
152 152
153 - /*  
154 - struct MemoryStruct *mem = (struct MemoryStruct *)userp;  
155 -  
156 - char *ptr = realloc(mem->memory, mem->size + realsize + 1);  
157 - if(ptr == NULL) {  
158 - printf("not enough memory (realloc returned NULL)\n");  
159 - return 0;  
160 - }  
161 -  
162 - mem->memory = ptr;  
163 - memcpy(&(mem->memory[mem->size]), contents, realsize);  
164 - mem->size += realsize;  
165 - mem->memory[mem->size] = 0;  
166 -  
167 - */  
168 -  
169 -  
170 return realsize; 153 return realsize;
171 } 154 }
172 155
src/lib3270/ssl/windows/getcrl.c
  Diff comments   View file @eec0774
@@ -33,7 +33,10 @@ @@ -33,7 +33,10 @@
33 * 33 *
34 */ 34 */
35 35
  36 +#define CRL_DATA_LENGTH 4096
  37 +
36 #include <config.h> 38 #include <config.h>
  39 +
37 #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK) 40 #if defined(HAVE_LIBSSL) && defined(SSL_ENABLE_CRL_CHECK)
38 41
39 #include <openssl/ssl.h> 42 #include <openssl/ssl.h>
@@ -41,10 +44,9 @@ @@ -41,10 +44,9 @@
41 #include <openssl/x509_vfy.h> 44 #include <openssl/x509_vfy.h>
42 #include <openssl/x509.h> 45 #include <openssl/x509.h>
43 46
44 -#ifdef HAVE_LDAP  
45 - #define LDAP_DEPRECATED 1  
46 - #include <ldap.h>  
47 -#endif // HAVE_LDAP 47 +#ifdef HAVE_LIBCURL
  48 + #include <curl/curl.h>
  49 +#endif // HAVE_LIBCURL
48 50
49 #include "../../private.h" 51 #include "../../private.h"
50 #include <trace_dsc.h> 52 #include <trace_dsc.h>
@@ -59,66 +61,80 @@ static inline void lib3270_autoptr_cleanup_FILE(FILE **file) @@ -59,66 +61,80 @@ static inline void lib3270_autoptr_cleanup_FILE(FILE **file)
59 fclose(*file); 61 fclose(*file);
60 } 62 }
61 63
62 -#ifdef HAVE_LDAP  
63 -static inline void lib3270_autoptr_cleanup_LDAPMessage(LDAPMessage **message) 64 +#ifdef HAVE_LIBCURL
  65 +static inline void lib3270_autoptr_cleanup_CURL(CURL **ptr)
64 { 66 {
65 - debug("%s(%p)",__FUNCTION__,*message);  
66 - if(message)  
67 - ldap_msgfree(*message);  
68 - *message = NULL; 67 + debug("%s(%p)",__FUNCTION__,*ptr);
  68 + if(*ptr)
  69 + curl_easy_cleanup(*ptr);
  70 + *ptr = NULL;
69 } 71 }
70 72
71 -static inline void lib3270_autoptr_cleanup_LDAP(LDAP **ld) 73 +typedef struct _curldata
72 { 74 {
73 - debug("%s(%p)",__FUNCTION__,*ld);  
74 - if(*ld)  
75 - ldap_unbind_ext(*ld, NULL, NULL);  
76 - *ld = NULL;  
77 -} 75 + size_t length;
  76 + SSL_ERROR_MESSAGE * message;
  77 + unsigned char contents[CRL_DATA_LENGTH];
  78 +} CURLDATA;
78 79
79 -static inline void lib3270_autoptr_cleanup_BerElement(BerElement **ber) 80 +static inline void lib3270_autoptr_cleanup_CURLDATA(CURLDATA **ptr)
80 { 81 {
81 - debug("%s(%p)",__FUNCTION__,*ber);  
82 - if(*ber)  
83 - ber_free(*ber, 0);  
84 - *ber = NULL; 82 + debug("%s(%p)",__FUNCTION__,*ptr);
  83 + if(*ptr)
  84 + lib3270_free(*ptr);
  85 + *ptr = NULL;
85 } 86 }
86 87
87 -static inline void lib3270_autoptr_cleanup_LDAPPTR(char **ptr) 88 +static inline void lib3270_autoptr_cleanup_BIO(BIO **ptr)
88 { 89 {
89 debug("%s(%p)",__FUNCTION__,*ptr); 90 debug("%s(%p)",__FUNCTION__,*ptr);
90 if(*ptr) 91 if(*ptr)
91 - ldap_memfree(*ptr); 92 + BIO_free_all(*ptr);
92 *ptr = NULL; 93 *ptr = NULL;
93 } 94 }
94 95
95 -#endif // HAVE_LDAP  
96 -  
97 -X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) 96 +static size_t internal_curl_write_callback(void *contents, size_t size, size_t nmemb, void *userp)
98 { 97 {
99 - X509_CRL * crl = NULL; 98 + CURLDATA * data = (CURLDATA *) userp;
  99 +
  100 + size_t realsize = size * nmemb;
100 101
101 - if(!hSession->ssl.crl) 102 + if((size + data->length) > CRL_DATA_LENGTH)
102 { 103 {
103 -#ifdef LIB3270_DEFAULT_CRL  
104 - hSession->ssl.crl = strdup(LIB3270_DEFAULT_CRL);  
105 -#else  
106 - char *env = getenv("LIB3270_DEFAULT_CRL");  
107 - if(env)  
108 - hSession->ssl.crl = strdup(env);  
109 -#endif // LIB3270_DEFAULT_CRL 104 + debug("CRL Data block is bigger than allocated block (%u bytes)",(unsigned int) size);
  105 + return 0;
110 } 106 }
111 107
112 - if(!hSession->ssl.crl) 108 + debug("Received %u bytes", (unsigned int) realsize);
  109 +
  110 + memcpy(&(data->contents[data->length]),contents,realsize);
  111 + data->length += realsize;
  112 +
  113 + return realsize;
  114 +}
  115 +
  116 +#endif // HAVE_LIBCURL
  117 +
  118 +
  119 +X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
  120 +{
  121 + X509_CRL * crl = NULL;
  122 + const char * consturl = lib3270_get_crl_url(hSession);
  123 +
  124 + if(!(consturl && *consturl))
113 { 125 {
  126 + message->error = hSession->ssl.error = 0;
  127 + message->title = N_( "Security error" );
  128 + message->text = N_( "Can't open CRL File" );
  129 + message->description = N_("The URL for the CRL is undefined or empty");
114 return NULL; 130 return NULL;
115 } 131 }
116 132
117 - trace_ssl(hSession, "crl=%s",hSession->ssl.crl); 133 + trace_ssl(hSession, "crl=%s",consturl);
118 134
119 - if(strncasecmp(hSession->ssl.crl,"file://",7) == 0) 135 + if(strncasecmp(consturl,"file://",7) == 0)
120 { 136 {
121 - lib3270_autoptr(FILE) hCRL = fopen(hSession->ssl.crl+7,"r"); 137 + lib3270_autoptr(FILE) hCRL = fopen(consturl+7,"r");
122 138
123 if(!hCRL) 139 if(!hCRL)
124 { 140 {
@@ -127,188 +143,133 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message) @@ -127,188 +143,133 @@ X509_CRL * lib3270_get_X509_CRL(H3270 *hSession, SSL_ERROR_MESSAGE * message)
127 message->title = N_( "Security error" ); 143 message->title = N_( "Security error" );
128 message->text = N_( "Can't open CRL File" ); 144 message->text = N_( "Can't open CRL File" );
129 message->description = strerror(errno); 145 message->description = strerror(errno);
130 - lib3270_write_log(hSession,"ssl","Can't open %s: %s",hSession->ssl.crl,message->description); 146 + lib3270_write_log(hSession,"ssl","Can't open %s: %s",consturl,message->description);
131 return NULL; 147 return NULL;
132 148
133 } 149 }
134 150
135 - lib3270_write_log(hSession,"ssl","Loading CRL from %s",hSession->ssl.crl+7); 151 + lib3270_write_log(hSession,"ssl","Loading CRL from %s",consturl+7);
136 d2i_X509_CRL_fp(hCRL, &crl); 152 d2i_X509_CRL_fp(hCRL, &crl);
137 153
138 } 154 }
139 -#ifdef HAVE_LDAP  
140 - else if(strncasecmp(hSession->ssl.crl,"ldap",4) == 0) 155 + else
141 { 156 {
142 - int rc;  
143 - lib3270_autoptr(char) url = strdup(hSession->ssl.crl); 157 +#ifdef HAVE_LIBCURL
144 158
145 - char * attrs[] = { NULL, NULL };  
146 - char * base = NULL; 159 + // Use CURL to download the CRL
  160 + lib3270_autoptr(CURLDATA) crl_data = lib3270_malloc(sizeof(CURLDATA));
  161 + lib3270_autoptr(CURL) hCurl = curl_easy_init();
147 162
148 - const struct _args  
149 - {  
150 - const char * name;  
151 - char ** value;  
152 - }  
153 - args[] =  
154 - {  
155 - { "attr", &attrs[0] },  
156 - { "base", &base }  
157 - };  
158 -  
159 - // Get arguments  
160 - size_t arg;  
161 - char * ptr = strchr(url,'?');  
162 - while(ptr) 163 + memset(crl_data,0,sizeof(CURLDATA));
  164 + crl_data->message = message;
  165 +
  166 + if(hCurl)
163 { 167 {
164 - *(ptr++) = 0;  
165 - char *value = strchr(ptr,'=');  
166 - if(!value)  
167 - {  
168 - message->error = hSession->ssl.error = 0;  
169 - message->title = N_( "Security error" );  
170 - message->text = N_( "Invalid argument format" );  
171 - message->description = "The URL argument should be in the format name=value";  
172 - return NULL;  
173 - } 168 + CURLcode res;
  169 +
  170 + curl_easy_setopt(hCurl, CURLOPT_URL, consturl);
  171 + curl_easy_setopt(hCurl, CURLOPT_FOLLOWLOCATION, 1L);
174 172
175 - *(value++) = 0; 173 + curl_easy_setopt(hCurl, CURLOPT_WRITEFUNCTION, internal_curl_write_callback);
  174 + curl_easy_setopt(hCurl, CURLOPT_WRITEDATA, (void *) crl_data);
176 175
177 - debug("%s=%s",ptr,value); 176 + res = curl_easy_perform(hCurl);
178 177
179 - for(arg = 0; arg < (sizeof(args)/sizeof(args[0])); arg++) 178 + if(res != CURLE_OK)
180 { 179 {
181 - if(!strcasecmp(ptr,args[arg].name))  
182 - {  
183 - *args[arg].value = value;  
184 - debug("%s=\"%s\"",args[arg].name,*args[arg].value);  
185 - } 180 + message->error = hSession->ssl.error = 0;
  181 + message->title = N_( "Security error" );
  182 + message->text = N_( "Error loading CRL" );
  183 + message->description = curl_easy_strerror(res);
  184 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
  185 + return NULL;
186 } 186 }
187 187
188 - ptr = strchr(value,'&');  
189 - }  
190 -  
191 - // Do we get all the required arguments?  
192 - for(arg = 0; arg < (sizeof(args)/sizeof(args[0])); arg++)  
193 - {  
194 - if(!*args[arg].value) 188 + char *ct = NULL;
  189 + res = curl_easy_getinfo(hCurl, CURLINFO_CONTENT_TYPE, &ct);
  190 + if(res != CURLE_OK)
195 { 191 {
196 message->error = hSession->ssl.error = 0; 192 message->error = hSession->ssl.error = 0;
197 message->title = N_( "Security error" ); 193 message->title = N_( "Security error" );
198 - message->text = N_( "Can't set LDAP query" );  
199 - message->description = N_("Insuficient arguments");  
200 - lib3270_write_log(hSession,"ssl","%s: Required argument \"%s\" is missing",url, args[arg].name); 194 + message->text = N_( "Error loading CRL" );
  195 + message->description = curl_easy_strerror(res);
  196 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
201 return NULL; 197 return NULL;
202 } 198 }
203 - }  
204 199
205 - // Do LDAP Query  
206 - LDAP __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAP))) *ld = NULL;  
207 - BerElement __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_BerElement))) * ber = NULL; 200 + debug("content-type: %s",ct);
208 201
209 - rc = ldap_initialize(&ld, url);  
210 - if(rc != LDAP_SUCCESS)  
211 - {  
212 - message->error = hSession->ssl.error = 0;  
213 - message->title = N_( "Security error" );  
214 - message->text = N_( "Can't initialize LDAP" );  
215 - message->description = ldap_err2string(rc);  
216 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
217 - return NULL;  
218 - } 202 + if(ct)
  203 + {
  204 + const unsigned char * data = crl_data->contents;
219 205
220 - unsigned long version = LDAP_VERSION3;  
221 - rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,(void *) &version);  
222 - if(rc != LDAP_SUCCESS) {  
223 - message->error = hSession->ssl.error = 0;  
224 - message->title = N_( "Security error" );  
225 - message->text = N_( "Can't set LDAP version" );  
226 - message->description = ldap_err2string(rc);  
227 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
228 - return NULL;  
229 - } 206 + if(strcasecmp(ct,"application/pkix-crl") == 0)
  207 + {
  208 + // CRL File, convert it
  209 + if(!d2i_X509_CRL(&crl, &data, crl_data->length))
  210 + {
  211 + message->error = hSession->ssl.error = ERR_get_error();
  212 + message->title = N_( "Security error" );
  213 + message->text = N_( "Got an invalid CRL from server" );
  214 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  215 + return NULL;
  216 + }
  217 + }
  218 + else
  219 + {
  220 + message->error = hSession->ssl.error = ERR_get_error();
  221 + message->title = N_( "Security error" );
  222 + message->text = N_( "Got an invalid CRL from server" );
  223 + lib3270_write_log(hSession,"ssl","%s: content-type unexpected: \"%s\"",consturl, ct);
  224 + return NULL;
  225 + }
  226 + }
  227 + else if(strncasecmp(consturl,"ldap://",7) == 0)
  228 + {
  229 + // It's an LDAP query, assumes a base64 data.
  230 + char * data = strstr((char *) crl_data->contents,":: ");
  231 + if(!data)
  232 + {
  233 + message->error = hSession->ssl.error = ERR_get_error();
  234 + message->title = N_( "Security error" );
  235 + message->text = N_( "Got an invalid CRL from LDAP server" );
  236 + lib3270_write_log(hSession,"ssl","%s: invalid format:\n%s\n",consturl, crl_data->contents);
  237 + return NULL;
  238 + }
  239 + data += 3;
230 240
231 - rc = ldap_simple_bind_s(ld, "", "");  
232 - if(rc != LDAP_SUCCESS)  
233 - {  
234 - message->error = hSession->ssl.error = 0;  
235 - message->title = N_( "Security error" );  
236 - message->text = N_( "Can't bind to LDAP server" );  
237 - message->description = ldap_err2string(rc);  
238 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
239 - return NULL;  
240 - } 241 + debug("\n%s\nlength=%u",data,(unsigned int) strlen(data));
241 242
242 - lib3270_autoptr(LDAPMessage) results = NULL;  
243 - rc = ldap_search_ext_s(  
244 - ld, // Specifies the LDAP pointer returned by a previous call to ldap_init(), ldap_ssl_init(), or ldap_open().  
245 - base, // Specifies the DN of the entry at which to start the search.  
246 - LDAP_SCOPE_BASE, // Specifies the scope of the search.  
247 - NULL, // Specifies a string representation of the filter to apply in the search.  
248 - (char **) &attrs, // Specifies a null-terminated array of character string attribute types to return from entries that match filter.  
249 - 0, // Should be set to 1 to request attribute types only. Set to 0 to request both attributes types and attribute values.  
250 - NULL,  
251 - NULL,  
252 - NULL,  
253 - 0,  
254 - &results  
255 - );  
256 -  
257 - if(rc != LDAP_SUCCESS)  
258 - {  
259 - message->error = hSession->ssl.error = 0;  
260 - message->title = N_( "Security error" );  
261 - message->text = N_( "Can't search LDAP server" );  
262 - message->description = ldap_err2string(rc);  
263 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
264 - return NULL;  
265 - } 243 + lib3270_autoptr(BIO) bio = BIO_new_mem_buf(data,-1);
266 244
267 - char __attribute__ ((__cleanup__(lib3270_autoptr_cleanup_LDAPPTR))) *attr = ldap_first_attribute(ld, results, &ber);  
268 - if(!attr)  
269 - {  
270 - message->error = hSession->ssl.error = 0;  
271 - message->title = N_( "Security error" );  
272 - message->text = N_( "Can't get LDAP attribute" );  
273 - message->description = N_("Search did not produce any attributes.");  
274 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
275 - return NULL;  
276 - } 245 + BIO * b64 = BIO_new(BIO_f_base64());
  246 + bio = BIO_push(b64, bio);
277 247
278 - struct berval ** value = ldap_get_values_len(ld, results, attr);  
279 - if(!value)  
280 - {  
281 - message->error = hSession->ssl.error = 0;  
282 - message->title = N_( "Security error" );  
283 - message->text = N_( "Can't get LDAP attribute" );  
284 - message->description = N_("Search did not produce any values.");  
285 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->description);  
286 - return NULL;  
287 - } 248 + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
288 249
289 - // Precisa salvar uma cópia porque d2i_X509_CRL modifica o ponteiro.  
290 - const unsigned char *crl_data = (const unsigned char *) value[0]->bv_val; 250 + if(!d2i_X509_CRL_bio(bio, &crl))
  251 + {
  252 + message->error = hSession->ssl.error = ERR_get_error();
  253 + message->title = N_( "Security error" );
  254 + message->text = N_( "Got an invalid CRL from server" );
  255 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->text);
  256 + return NULL;
  257 + }
291 258
292 - if(!d2i_X509_CRL(&crl, &crl_data, value[0]->bv_len))  
293 - {  
294 - message->error = hSession->ssl.error = ERR_get_error();  
295 - message->title = N_( "Security error" );  
296 - message->text = N_( "Can't get CRL from LDAP Search" );  
297 - lib3270_write_log(hSession,"ssl","%s: %s",url, message->text);  
298 - } 259 + }
299 260
300 - ldap_value_free_len(value); 261 + }
  262 +#else
  263 + // Can't get CRL.
301 264
302 - }  
303 -#endif // HAVE_LDAP  
304 - else  
305 - {  
306 message->error = hSession->ssl.error = 0; 265 message->error = hSession->ssl.error = 0;
307 message->title = N_( "Security error" ); 266 message->title = N_( "Security error" );
308 message->text = N_( "Unexpected or invalid CRL URL" ); 267 message->text = N_( "Unexpected or invalid CRL URL" );
309 message->description = N_("The URL scheme is unknown"); 268 message->description = N_("The URL scheme is unknown");
310 - lib3270_write_log(hSession,"ssl","%s: %s",hSession->ssl.crl, message->description); 269 + lib3270_write_log(hSession,"ssl","%s: %s",consturl, message->description);
311 return NULL; 270 return NULL;
  271 +#endif // HAVE_LIBCURL
  272 +
312 } 273 }
313 274
314 return crl; 275 return crl;