Actually use SSL for I/O.

This commit is contained in:
Michael Jumper 2013-07-22 14:24:37 -07:00
parent cdbb345d28
commit 3140dbb20b
3 changed files with 48 additions and 18 deletions

View File

@ -57,6 +57,7 @@
#ifdef ENABLE_SSL #ifdef ENABLE_SSL
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include "socket-ssl.h"
#endif #endif
#include <guacamole/client.h> #include <guacamole/client.h>
@ -605,8 +606,8 @@ int main(int argc, char* argv[]) {
/* If SSL chosen, use it */ /* If SSL chosen, use it */
if (ssl_context != NULL) if (ssl_context != NULL)
guacd_log_info("STUB: SSL ENABLED - would have used SSL here."); socket = guac_socket_open_secure(ssl_context, connected_socket_fd);
else
socket = guac_socket_open(connected_socket_fd); socket = guac_socket_open(connected_socket_fd);
#else #else
/* Open guac_socket */ /* Open guac_socket */

View File

@ -38,6 +38,8 @@
#include <stdlib.h> #include <stdlib.h>
#include <sys/select.h> #include <sys/select.h>
#include <openssl/ssl.h>
#include <guacamole/socket.h> #include <guacamole/socket.h>
#include <guacamole/error.h> #include <guacamole/error.h>
@ -47,46 +49,38 @@
static ssize_t __guac_socket_ssl_read_handler(guac_socket* socket, static ssize_t __guac_socket_ssl_read_handler(guac_socket* socket,
void* buf, size_t count) { void* buf, size_t count) {
#if 0
/* Read from socket */ /* Read from socket */
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data; guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
int retval; int retval;
/* STUB */ retval = SSL_read(data->ssl, buf, count);
/* Record errors in guac_error */ /* Record errors in guac_error */
if (retval < 0) { if (retval <= 0) {
guac_error = GUAC_STATUS_SEE_ERRNO; guac_error = GUAC_STATUS_SEE_ERRNO;
guac_error_message = "Error reading data from secure socket"; guac_error_message = "Error reading data from secure socket";
} }
return retval; return retval;
#endif
return 0;
} }
static ssize_t __guac_socket_ssl_write_handler(guac_socket* socket, static ssize_t __guac_socket_ssl_write_handler(guac_socket* socket,
const void* buf, size_t count) { const void* buf, size_t count) {
#if 0
/* Write data to socket */ /* Write data to socket */
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data; guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
int retval; int retval;
/* STUB */ retval = SSL_write(data->ssl, buf, count);
/* Record errors in guac_error */ /* Record errors in guac_error */
if (retval < 0) { if (retval <= 0) {
guac_error = GUAC_STATUS_SEE_ERRNO; guac_error = GUAC_STATUS_SEE_ERRNO;
guac_error_message = "Error writing data to secure socket"; guac_error_message = "Error writing data to secure socket";
} }
return retval; return retval;
#endif
return count;
} }
@ -129,16 +123,37 @@ static int __guac_socket_ssl_select_handler(guac_socket* socket, int usec_timeou
} }
static int __guac_socket_ssl_free_handler(guac_socket* socket) { static int __guac_socket_ssl_free_handler(guac_socket* socket) {
free(socket->data);
/* Shutdown SSL */
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
SSL_shutdown(data->ssl);
free(data);
return 0; return 0;
} }
guac_socket* guac_socket_open_secure(int fd) { guac_socket* guac_socket_open_secure(SSL_CTX* context, int fd) {
/* Allocate socket and associated data */ /* Allocate socket and associated data */
guac_socket* socket = guac_socket_alloc(); guac_socket* socket = guac_socket_alloc();
guac_socket_ssl_data* data = malloc(sizeof(guac_socket_ssl_data)); guac_socket_ssl_data* data = malloc(sizeof(guac_socket_ssl_data));
/* Init SSL */
data->context = context;
data->ssl = SSL_new(context);
SSL_set_fd(data->ssl, fd);
/* Accept SSL connection, handle errors */
if (SSL_accept(data->ssl) <= 0) {
guac_error = GUAC_STATUS_BAD_STATE;
guac_error_message = "SSL accept failed";
free(data);
guac_socket_free(socket);
return NULL;
}
/* Store file descriptor as socket data */ /* Store file descriptor as socket data */
data->fd = fd; data->fd = fd;
socket->data = data; socket->data = data;

View File

@ -38,6 +38,9 @@
#ifndef __GUACD_SOCKET_SSL_H #ifndef __GUACD_SOCKET_SSL_H
#define __GUACD_SOCKET_SSL_H #define __GUACD_SOCKET_SSL_H
#include <openssl/ssl.h>
#include <guacamole/socket.h>
/** /**
* SSL socket-specific data. * SSL socket-specific data.
*/ */
@ -49,12 +52,23 @@ typedef struct guac_socket_ssl_data {
*/ */
int fd; int fd;
/**
* The current SSL context.
*/
SSL_CTX* context;
/**
* The SSL connection, created automatically via
* guac_socket_open_secure().
*/
SSL* ssl;
} guac_socket_ssl_data; } guac_socket_ssl_data;
/** /**
* Creates a new guac_socket which will use SSL for all communication. * Creates a new guac_socket which will use SSL for all communication.
*/ */
guac_socket* guac_socket_open_secure(int fd); guac_socket* guac_socket_open_secure(SSL_CTX* context, int fd);
#endif #endif