1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
/* Copyright (C) 2021 Gentoo-libre Install
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
Additional permission under GNU GPL version 3 section 7
If you modify this program, or any covered work, by linking or combining it with the OpenSSL project's OpenSSL library (or a
modified version of that library), containing parts covered by the terms of the OpenSSL or SSLeay licenses, you are
granted additional permission to convey the resulting work.
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "server.h"
#include <pthread.h>
#define MAX 512
#define NICK_CHARS 32
int bind_socket(int port)
{
int sock;
struct sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = htonl(INADDR_ANY);
/* create the socket */
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0){fprintf(stderr,"Unable to create socket!\n"); exit(1);}//unable to create socket
/* bind to socket */
if (bind(sock, (struct sockaddr*)&addr, sizeof(addr)) < 0){fprintf(stderr, "Unable to bind to socket!\n"); exit(1);}//unable to bind
/* listen on socket */
if (listen(sock, 1) < 0){fprintf(stderr, "Unable to listen on socket!\n"); exit(1);}//unable to listen
return sock;
}
void init_openssl(){SSL_load_error_strings(); OpenSSL_add_ssl_algorithms();}
void cleanup_openssl(){EVP_cleanup();}
void *session(SSL *tls)
{
char buffer[MAX+1];
char nick[NICK_CHARS+1];
/* Get nick */
while (1)
{
int num = SSL_read(tls,buffer,MAX);
if (num <= 0){fprintf(stdout, "SSL_read() 0 or error, giving up on client\n"); break;}
char *newlinePos = strchr(buffer,'\n');
if (!newlinePos){SSL_write(tls,"Missing newline\n",16); fprintf(stderr, "Missing newline\n"); continue;}
*newlinePos = '\0';
int length = newlinePos-buffer-5;
fprintf(stderr, "Length: %d\n", length);
if ((length > 0 && length <= NICK_CHARS) && !strncmp(buffer,"nick ", 5))
{
memcpy(nick,buffer+5,length+1);
fprintf(stderr, "Nick: %s\n", nick);
SSL_write(tls, "Goodbye\n",8);
break;
}
SSL_write(tls,"That's not a nick or nick too long\n",35);
}
int client = SSL_get_fd(tls);
SSL_shutdown(tls);
SSL_free(tls);
close(client);
}
void server()
{
int sock;
init_openssl();
SSL_CTX *ctx;
if (!(ctx = SSL_CTX_new(TLS_server_method()))){fprintf(stderr,"Unable to create TLS context\n"); ERR_print_errors_fp(stderr); exit(1);}
SSL_CTX_set_ecdh_auto(ctx, 1);
SSL_CTX_set_min_proto_version(ctx,TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(ctx,TLS1_3_VERSION);
if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) <= 0){ERR_print_errors_fp(stderr); exit(1);}
if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) <= 0){ERR_print_errors_fp(stderr); exit(1);}
/* bind to socket */
sock = bind_socket(6697);
/* Handle connections */
while(1)
{
struct sockaddr_in addr;
uint len = sizeof(addr);
fprintf(stderr, "Listening for clients\n");
int client = accept(sock, (struct sockaddr*)&addr, &len);
if (client < 0){perror("Unable to accept"); exit(1);}
SSL *tls = SSL_new(ctx);
if (!tls){fprintf(stderr, "Could not make TLS session"); exit(1);}
SSL_set_min_proto_version(tls,TLS1_3_VERSION);
SSL_set_max_proto_version(tls,TLS1_3_VERSION);
SSL_set_fd(tls, client);
if (SSL_accept(tls) <= 0){ERR_print_errors_fp(stderr);}
else
{
/* We don't care about re-joining the threads */
pthread_t thread;
pthread_create(&thread, NULL, (void *)session, tls);
}
}
close(sock);
SSL_CTX_free(ctx);
cleanup_openssl();
}
|
