From 89bd546c02d39662dedcc4845b5440d9c1442b6d Mon Sep 17 00:00:00 2001 From: Sebastian Harl Date: Wed, 28 Jan 2015 16:19:24 +0100 Subject: [PATCH] client, sysdb: Let TCP connection use SSL. --- src/Makefile.am | 5 ++-- src/client/sock.c | 53 ++++++++++++++++++++++++++++++++++++++++++ src/tools/sysdb/main.c | 8 +++++++ 3 files changed, 64 insertions(+), 2 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 6521e84..4c920ec 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -57,12 +57,13 @@ libsysdbclient_la_SOURCES = \ client/sock.c include/client/sock.h \ utils/error.c include/utils/error.h \ utils/proto.c include/utils/proto.h \ + utils/ssl.c include/utils/ssl.h \ utils/strbuf.c include/utils/strbuf.h -libsysdbclient_la_CFLAGS = $(AM_CFLAGS) +libsysdbclient_la_CFLAGS = $(AM_CFLAGS) @OPENSSL_CFLAGS@ libsysdbclient_la_CPPFLAGS = $(AM_CPPFLAGS) $(LTDLINCL) libsysdbclient_la_LDFLAGS = $(AM_LDFLAGS) -version-info 0:0:0 \ -pthread -lm -lrt -libsysdbclient_la_LIBADD = $(LIBLTDL) +libsysdbclient_la_LIBADD = $(LIBLTDL) @OPENSSL_LIBS@ # don't use strict CFLAGS for flex code noinst_LTLIBRARIES += libsysdb_fe_parser.la diff --git a/src/client/sock.c b/src/client/sock.c index f9929da..330d656 100644 --- a/src/client/sock.c +++ b/src/client/sock.c @@ -34,6 +34,7 @@ #include "utils/strbuf.h" #include "utils/proto.h" #include "utils/os.h" +#include "utils/ssl.h" #include @@ -62,6 +63,10 @@ struct sdb_client { int fd; bool eof; + /* optional SSL settings */ + sdb_ssl_client_t *ssl; + sdb_ssl_session_t *ssl_session; + ssize_t (*read)(sdb_client_t *, sdb_strbuf_t *, size_t); ssize_t (*write)(sdb_client_t *, const void *, size_t); }; @@ -70,6 +75,26 @@ struct sdb_client { * private helper functions */ +static ssize_t +ssl_read(sdb_client_t *client, sdb_strbuf_t *buf, size_t n) +{ + char tmp[n]; + ssize_t ret; + + ret = sdb_ssl_session_read(client->ssl_session, tmp, n); + if (ret <= 0) + return ret; + + sdb_strbuf_memappend(buf, tmp, ret); + return ret; +} /* ssl_read */ + +static ssize_t +ssl_write(sdb_client_t *client, const void *buf, size_t n) +{ + return sdb_ssl_session_write(client->ssl_session, buf, n); +} /* ssl_write */ + static ssize_t client_read(sdb_client_t *client, sdb_strbuf_t *buf, size_t n) { @@ -142,6 +167,24 @@ connect_tcp(sdb_client_t *client, const char *address) break; } freeaddrinfo(ai_list); + + if (client->fd < 0) + return -1; + + /* TODO: make options configurable */ + client->ssl = sdb_ssl_client_create(NULL); + if (! client->ssl) { + sdb_client_close(client); + return -1; + } + client->ssl_session = sdb_ssl_client_connect(client->ssl, client->fd); + if (! client->ssl_session) { + sdb_client_close(client); + return -1; + } + + client->read = ssl_read; + client->write = ssl_write; return client->fd; } /* connect_tcp */ @@ -166,6 +209,7 @@ sdb_client_create(const char *address) client->fd = -1; client->eof = 1; + client->ssl = NULL; client->read = client_read; client->write = client_write; @@ -289,6 +333,15 @@ sdb_client_close(sdb_client_t *client) if (! client) return; + if (client->ssl_session) { + sdb_ssl_session_destroy(client->ssl_session); + client->ssl_session = NULL; + } + if (client->ssl) { + sdb_ssl_client_destroy(client->ssl); + client->ssl = NULL; + } + close(client->fd); client->fd = -1; client->eof = 1; diff --git a/src/tools/sysdb/main.c b/src/tools/sysdb/main.c index e5f20ea..20f37ae 100644 --- a/src/tools/sysdb/main.c +++ b/src/tools/sysdb/main.c @@ -77,6 +77,9 @@ # endif #endif /* READLINEs */ +#include +#include + #ifndef DEFAULT_SOCKET # define DEFAULT_SOCKET "unix:"LOCALSTATEDIR"/run/sysdbd.sock" #endif @@ -278,6 +281,9 @@ main(int argc, char **argv) if (! input.user) exit(1); + SSL_load_error_strings(); + OpenSSL_add_ssl_algorithms(); + input.client = sdb_client_create(host); if (! input.client) { sdb_log(SDB_LOG_ERR, "Failed to create client object"); @@ -342,6 +348,8 @@ main(int argc, char **argv) sdb_client_destroy(input.client); sdb_strbuf_destroy(input.input); + + ERR_free_strings(); return 0; } /* main */ -- 2.30.2