struct sockaddr s_addr, int flags, canl_principal *peer,
struct timeval *timeout)
{
- int err = 0;
+ int err = 0;
io_handler *io_cc = (io_handler*) io;
glb_ctx *glb_cc = (glb_ctx*) cc;
+ struct canl_mech *mech = find_mech(GSS_C_NO_OID);
+ void *conn_ctx = NULL;
if (!glb_cc)
return EINVAL; /* XXX Should rather be a CANL error */
io_cc->sock = new_fd;
- err = ssl_server_init(glb_cc, glb_cc->ssl_ctx, (void **) &io_cc->s_ctx->ssl_io);
+ err = ssl_server_init(glb_cc, mech->global_context, &conn_ctx);
if (err)
goto end;
- err = ssl_accept(glb_cc, io_cc, timeout);
+ err = ssl_accept(glb_cc, io_cc, timeout, conn_ctx);
if (err)
goto end;
+ io_cc->authn_mech.ctx = conn_ctx;
+ io_cc->authn_mech.type = mech->mech;
+
err = 0;
end:
- if (err)
+ if (err) {
(io_cc)->sock = -1;
+ mech->free_ctx(glb_cc, conn_ctx);
+ }
return err;
}
unsigned long err_code;
CANL_ERROR_ORIGIN err_orig;
cert_key_store *cert_key;
- SSL_CTX *ssl_ctx;
} glb_ctx;
typedef struct _ossl_ctx
int ssl_client_init(glb_ctx *cc, void *mech_ctx, void **ctx);
int ssl_server_init(glb_ctx *cc, void *mech_ctx, void **ctx);
int ssl_free(glb_ctx *cc, void *ctx);
-int ssl_connect(glb_ctx *cc, io_handler *io, struct timeval *timeout, const char * host);
-int ssl_accept(glb_ctx *cc, io_handler *io,
+int ssl_connect(glb_ctx *cc, io_handler *io, void *conn_ctx, struct timeval *timeout, const char * host);
+int ssl_accept(glb_ctx *cc, io_handler *io, void *conn_ctx,
struct timeval *timeout);
int ssl_read(glb_ctx *cc, io_handler *io, void *buffer, size_t size,
struct timeval *tout);
"Failed to create SSL connection context");
/* XXX: should be only defined on the SSL level: */
- SSL_CTX_set_verify(ssl, SSL_VERIFY_NONE, proxy_verify_callback);
- SSL_CTX_set_cert_verify_callback(ssl, proxy_app_verify_callback, 0);
+ SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, proxy_verify_callback);
+ SSL_CTX_set_cert_verify_callback(ssl_ctx, proxy_app_verify_callback, 0);
SSL_set_accept_state(ssl);
return 0;
}
-int ssl_connect(glb_ctx *cc, io_handler *io, void *mech_ctx, void *auth_ctx,
+int ssl_connect(glb_ctx *cc, io_handler *io, void *conn_ctx,
struct timeval *timeout, const char * host)
{
- SSL_ctx *ctx = (SSL_ctx *) mech_ctx;
- SSL *ssl = (SSL *) auth_ctx;
+ SSL_CTX *ctx;
+ SSL *ssl = (SSL *) conn_ctx;
int err = 0, flags;
if (!cc) {
err = EINVAL;
goto end;
}
+ if (conn_ctx == NULL)
+ return set_error(cc, EINVAL, posix_error, "SSL not initialized");
+
+ ctx = SSL_get_SSL_CTX(ssl);
flags = fcntl(io->sock, F_GETFL, 0);
(void)fcntl(io->sock, F_SETFL, flags | O_NONBLOCK);
}
}
-int ssl_accept(glb_ctx *cc, io_handler *io, void *mech_ctx, void *auth_ctx,
+int ssl_accept(glb_ctx *cc, io_handler *io, void *auth_ctx,
struct timeval *timeout)
{
- SSL_ctx *ctx = (SSL_ctx *) mech_ctx;
+ SSL_CTX *ctx = NULL;
SSL *ssl = (SSL *) auth_ctx;
int err = 0, flags;
err = EINVAL;
goto end;
}
+ if (auth_ctx == NULL)
+ return set_error(cc, EINVAL, posix_error, "SSL not initialized");
+
+ ctx = SSL_get_SSL_CTX(ssl);
flags = fcntl(io->sock, F_GETFL, 0);
(void)fcntl(io->sock, F_SETFL, flags | O_NONBLOCK);
* ret = 0 connection closed successfully (one direction)
* ret = 1 connection closed successfully (both directions)
* ret < 0 error occured (e.g. timeout reached) */
-int ssl_close(glb_ctx *cc, io_handler *io, void *auth_ctx)
+int ssl_close(glb_ctx *cc, io_handler *io)
{
- SSL_ctx *ctx = (SSL_ctx *) mech_ctx;
- SSL *ssl = (SSL *) auth_ctx;
+ SSL_CTX *ctx;
+ SSL *ssl = NULL;
int timeout = DESTROY_TIMEOUT;
time_t starttime, curtime;
int expected = 0, error = 0, ret = 0, ret2 = 0;
int fd;
unsigned long ssl_err = 0;
- if (!io->s_ctx->ssl_io) {
- return 2;
- }
+ if (!cc)
+ return EINVAL;
+ if (!io)
+ return set_error(cc, EINVAL, posix_error,
+ "Connection not initialized");
+
+ ssl = io->s_ctx->ssl_io;
+ if (!ssl)
+ return set_error(cc, EINVAL, posix_error, "SSL not initialized");
+
+ ctx = SSL_get_SSL_CTX(ssl);
fd = BIO_get_fd(SSL_get_rbio(io->s_ctx->ssl_io), NULL);
curtime = starttime = time(NULL);
git://scientific.zcu.cz / jra1mw.git / commitdiff