Actually use SSL for I/O.
This commit is contained in:
parent
cdbb345d28
commit
3140dbb20b
@ -57,6 +57,7 @@
|
|||||||
|
|
||||||
#ifdef ENABLE_SSL
|
#ifdef ENABLE_SSL
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
|
#include "socket-ssl.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <guacamole/client.h>
|
#include <guacamole/client.h>
|
||||||
@ -605,8 +606,8 @@ int main(int argc, char* argv[]) {
|
|||||||
|
|
||||||
/* If SSL chosen, use it */
|
/* If SSL chosen, use it */
|
||||||
if (ssl_context != NULL)
|
if (ssl_context != NULL)
|
||||||
guacd_log_info("STUB: SSL ENABLED - would have used SSL here.");
|
socket = guac_socket_open_secure(ssl_context, connected_socket_fd);
|
||||||
|
else
|
||||||
socket = guac_socket_open(connected_socket_fd);
|
socket = guac_socket_open(connected_socket_fd);
|
||||||
#else
|
#else
|
||||||
/* Open guac_socket */
|
/* Open guac_socket */
|
||||||
|
@ -38,6 +38,8 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <sys/select.h>
|
#include <sys/select.h>
|
||||||
|
|
||||||
|
#include <openssl/ssl.h>
|
||||||
|
|
||||||
#include <guacamole/socket.h>
|
#include <guacamole/socket.h>
|
||||||
#include <guacamole/error.h>
|
#include <guacamole/error.h>
|
||||||
|
|
||||||
@ -47,46 +49,38 @@
|
|||||||
static ssize_t __guac_socket_ssl_read_handler(guac_socket* socket,
|
static ssize_t __guac_socket_ssl_read_handler(guac_socket* socket,
|
||||||
void* buf, size_t count) {
|
void* buf, size_t count) {
|
||||||
|
|
||||||
#if 0
|
|
||||||
/* Read from socket */
|
/* Read from socket */
|
||||||
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
||||||
int retval;
|
int retval;
|
||||||
|
|
||||||
/* STUB */
|
retval = SSL_read(data->ssl, buf, count);
|
||||||
|
|
||||||
/* Record errors in guac_error */
|
/* Record errors in guac_error */
|
||||||
if (retval < 0) {
|
if (retval <= 0) {
|
||||||
guac_error = GUAC_STATUS_SEE_ERRNO;
|
guac_error = GUAC_STATUS_SEE_ERRNO;
|
||||||
guac_error_message = "Error reading data from secure socket";
|
guac_error_message = "Error reading data from secure socket";
|
||||||
}
|
}
|
||||||
|
|
||||||
return retval;
|
return retval;
|
||||||
#endif
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static ssize_t __guac_socket_ssl_write_handler(guac_socket* socket,
|
static ssize_t __guac_socket_ssl_write_handler(guac_socket* socket,
|
||||||
const void* buf, size_t count) {
|
const void* buf, size_t count) {
|
||||||
|
|
||||||
#if 0
|
|
||||||
/* Write data to socket */
|
/* Write data to socket */
|
||||||
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
||||||
int retval;
|
int retval;
|
||||||
|
|
||||||
/* STUB */
|
retval = SSL_write(data->ssl, buf, count);
|
||||||
|
|
||||||
/* Record errors in guac_error */
|
/* Record errors in guac_error */
|
||||||
if (retval < 0) {
|
if (retval <= 0) {
|
||||||
guac_error = GUAC_STATUS_SEE_ERRNO;
|
guac_error = GUAC_STATUS_SEE_ERRNO;
|
||||||
guac_error_message = "Error writing data to secure socket";
|
guac_error_message = "Error writing data to secure socket";
|
||||||
}
|
}
|
||||||
|
|
||||||
return retval;
|
return retval;
|
||||||
#endif
|
|
||||||
|
|
||||||
return count;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -129,16 +123,37 @@ static int __guac_socket_ssl_select_handler(guac_socket* socket, int usec_timeou
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int __guac_socket_ssl_free_handler(guac_socket* socket) {
|
static int __guac_socket_ssl_free_handler(guac_socket* socket) {
|
||||||
free(socket->data);
|
|
||||||
|
/* Shutdown SSL */
|
||||||
|
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
||||||
|
SSL_shutdown(data->ssl);
|
||||||
|
|
||||||
|
free(data);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
guac_socket* guac_socket_open_secure(int fd) {
|
guac_socket* guac_socket_open_secure(SSL_CTX* context, int fd) {
|
||||||
|
|
||||||
/* Allocate socket and associated data */
|
/* Allocate socket and associated data */
|
||||||
guac_socket* socket = guac_socket_alloc();
|
guac_socket* socket = guac_socket_alloc();
|
||||||
guac_socket_ssl_data* data = malloc(sizeof(guac_socket_ssl_data));
|
guac_socket_ssl_data* data = malloc(sizeof(guac_socket_ssl_data));
|
||||||
|
|
||||||
|
/* Init SSL */
|
||||||
|
data->context = context;
|
||||||
|
data->ssl = SSL_new(context);
|
||||||
|
SSL_set_fd(data->ssl, fd);
|
||||||
|
|
||||||
|
/* Accept SSL connection, handle errors */
|
||||||
|
if (SSL_accept(data->ssl) <= 0) {
|
||||||
|
|
||||||
|
guac_error = GUAC_STATUS_BAD_STATE;
|
||||||
|
guac_error_message = "SSL accept failed";
|
||||||
|
|
||||||
|
free(data);
|
||||||
|
guac_socket_free(socket);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
/* Store file descriptor as socket data */
|
/* Store file descriptor as socket data */
|
||||||
data->fd = fd;
|
data->fd = fd;
|
||||||
socket->data = data;
|
socket->data = data;
|
||||||
|
@ -38,6 +38,9 @@
|
|||||||
#ifndef __GUACD_SOCKET_SSL_H
|
#ifndef __GUACD_SOCKET_SSL_H
|
||||||
#define __GUACD_SOCKET_SSL_H
|
#define __GUACD_SOCKET_SSL_H
|
||||||
|
|
||||||
|
#include <openssl/ssl.h>
|
||||||
|
#include <guacamole/socket.h>
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* SSL socket-specific data.
|
* SSL socket-specific data.
|
||||||
*/
|
*/
|
||||||
@ -49,12 +52,23 @@ typedef struct guac_socket_ssl_data {
|
|||||||
*/
|
*/
|
||||||
int fd;
|
int fd;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The current SSL context.
|
||||||
|
*/
|
||||||
|
SSL_CTX* context;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The SSL connection, created automatically via
|
||||||
|
* guac_socket_open_secure().
|
||||||
|
*/
|
||||||
|
SSL* ssl;
|
||||||
|
|
||||||
} guac_socket_ssl_data;
|
} guac_socket_ssl_data;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new guac_socket which will use SSL for all communication.
|
* Creates a new guac_socket which will use SSL for all communication.
|
||||||
*/
|
*/
|
||||||
guac_socket* guac_socket_open_secure(int fd);
|
guac_socket* guac_socket_open_secure(SSL_CTX* context, int fd);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user