2013-12-29 04:53:12 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2013 Glyptodon LLC
|
2013-07-22 03:10:37 +00:00
|
|
|
*
|
2013-12-29 04:53:12 +00:00
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
2013-07-22 03:10:37 +00:00
|
|
|
*
|
2013-12-29 04:53:12 +00:00
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
2013-07-22 03:10:37 +00:00
|
|
|
*
|
2013-12-29 04:53:12 +00:00
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
2014-01-01 22:44:28 +00:00
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
#include "socket-ssl.h"
|
2013-07-22 03:10:37 +00:00
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <sys/select.h>
|
|
|
|
|
|
|
|
#include <guacamole/error.h>
|
2014-01-01 22:44:28 +00:00
|
|
|
#include <guacamole/socket.h>
|
|
|
|
#include <openssl/ssl.h>
|
2013-07-22 03:10:37 +00:00
|
|
|
|
|
|
|
static ssize_t __guac_socket_ssl_read_handler(guac_socket* socket,
|
|
|
|
void* buf, size_t count) {
|
|
|
|
|
|
|
|
/* Read from socket */
|
|
|
|
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
2013-07-22 20:37:30 +00:00
|
|
|
int retval;
|
|
|
|
|
2013-07-22 21:24:37 +00:00
|
|
|
retval = SSL_read(data->ssl, buf, count);
|
2013-07-22 03:10:37 +00:00
|
|
|
|
|
|
|
/* Record errors in guac_error */
|
2013-07-22 21:24:37 +00:00
|
|
|
if (retval <= 0) {
|
2013-07-22 03:10:37 +00:00
|
|
|
guac_error = GUAC_STATUS_SEE_ERRNO;
|
|
|
|
guac_error_message = "Error reading data from secure socket";
|
|
|
|
}
|
|
|
|
|
|
|
|
return retval;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t __guac_socket_ssl_write_handler(guac_socket* socket,
|
|
|
|
const void* buf, size_t count) {
|
|
|
|
|
|
|
|
/* Write data to socket */
|
|
|
|
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
2013-07-22 20:37:30 +00:00
|
|
|
int retval;
|
|
|
|
|
2013-07-22 21:24:37 +00:00
|
|
|
retval = SSL_write(data->ssl, buf, count);
|
2013-07-22 03:10:37 +00:00
|
|
|
|
|
|
|
/* Record errors in guac_error */
|
2013-07-22 21:24:37 +00:00
|
|
|
if (retval <= 0) {
|
2013-07-22 03:10:37 +00:00
|
|
|
guac_error = GUAC_STATUS_SEE_ERRNO;
|
|
|
|
guac_error_message = "Error writing data to secure socket";
|
|
|
|
}
|
|
|
|
|
|
|
|
return retval;
|
2013-07-22 20:37:30 +00:00
|
|
|
|
2013-07-22 03:10:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int __guac_socket_ssl_select_handler(guac_socket* socket, int usec_timeout) {
|
|
|
|
|
|
|
|
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
|
|
|
|
|
|
|
fd_set fds;
|
|
|
|
struct timeval timeout;
|
|
|
|
int retval;
|
|
|
|
|
|
|
|
/* No timeout if usec_timeout is negative */
|
|
|
|
if (usec_timeout < 0)
|
|
|
|
retval = select(data->fd + 1, &fds, NULL, NULL, NULL);
|
|
|
|
|
|
|
|
/* Handle timeout if specified */
|
|
|
|
else {
|
|
|
|
timeout.tv_sec = usec_timeout/1000000;
|
|
|
|
timeout.tv_usec = usec_timeout%1000000;
|
|
|
|
|
|
|
|
FD_ZERO(&fds);
|
|
|
|
FD_SET(data->fd, &fds);
|
|
|
|
|
|
|
|
retval = select(data->fd + 1, &fds, NULL, NULL, &timeout);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Properly set guac_error */
|
|
|
|
if (retval < 0) {
|
|
|
|
guac_error = GUAC_STATUS_SEE_ERRNO;
|
|
|
|
guac_error_message = "Error while waiting for data on secure socket";
|
|
|
|
}
|
|
|
|
|
|
|
|
if (retval == 0) {
|
2014-11-10 06:59:53 +00:00
|
|
|
guac_error = GUAC_STATUS_TIMEOUT;
|
2013-07-22 03:10:37 +00:00
|
|
|
guac_error_message = "Timeout while waiting for data on secure socket";
|
|
|
|
}
|
|
|
|
|
|
|
|
return retval;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
static int __guac_socket_ssl_free_handler(guac_socket* socket) {
|
2013-07-22 21:24:37 +00:00
|
|
|
|
|
|
|
/* Shutdown SSL */
|
|
|
|
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
|
|
|
SSL_shutdown(data->ssl);
|
|
|
|
|
|
|
|
free(data);
|
2013-07-22 03:10:37 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-07-22 21:24:37 +00:00
|
|
|
guac_socket* guac_socket_open_secure(SSL_CTX* context, int fd) {
|
2013-07-22 03:10:37 +00:00
|
|
|
|
|
|
|
/* Allocate socket and associated data */
|
|
|
|
guac_socket* socket = guac_socket_alloc();
|
|
|
|
guac_socket_ssl_data* data = malloc(sizeof(guac_socket_ssl_data));
|
|
|
|
|
2013-07-22 21:24:37 +00:00
|
|
|
/* Init SSL */
|
|
|
|
data->context = context;
|
|
|
|
data->ssl = SSL_new(context);
|
|
|
|
SSL_set_fd(data->ssl, fd);
|
|
|
|
|
|
|
|
/* Accept SSL connection, handle errors */
|
|
|
|
if (SSL_accept(data->ssl) <= 0) {
|
|
|
|
|
2014-11-10 06:59:53 +00:00
|
|
|
guac_error = GUAC_STATUS_INTERNAL_ERROR;
|
2013-07-22 21:24:37 +00:00
|
|
|
guac_error_message = "SSL accept failed";
|
|
|
|
|
|
|
|
free(data);
|
|
|
|
guac_socket_free(socket);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2013-07-22 03:10:37 +00:00
|
|
|
/* Store file descriptor as socket data */
|
|
|
|
data->fd = fd;
|
|
|
|
socket->data = data;
|
|
|
|
|
|
|
|
/* Set read/write handlers */
|
|
|
|
socket->read_handler = __guac_socket_ssl_read_handler;
|
|
|
|
socket->write_handler = __guac_socket_ssl_write_handler;
|
|
|
|
socket->select_handler = __guac_socket_ssl_select_handler;
|
|
|
|
socket->free_handler = __guac_socket_ssl_free_handler;
|
|
|
|
|
|
|
|
return socket;
|
|
|
|
|
|
|
|
}
|
|
|
|
|