security-and-privacy/uts-server
security-and-privacy/uts-server
1
0
Fork 0
mirror of https://github.com/kakwa/uts-server synced 2024-11-12 04:28:54 +01:00
Code Issues Releases Wiki Activity

code cleaning an reorganization

Browse Source
This commit is contained in:
kakwa 2016-09-12 08:39:03 +02:00
parent 064f0f8161
commit eb2b6ae66e
6 changed files with 47 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
inc/http.h
View File

@ -1,4 +1,8 @@
#include <stdbool.h> #include <stdbool.h>
#include "utils.h" #include "utils.h"
struct tuser_data {
char *first_message;
};
int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg); int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);

11
inc/rfc3161.h
View File

@ -13,7 +13,10 @@
#include "context.h" #include "context.h"
/* Name of config entry that defines the OID file. */ /* Name of config entry that defines the OID file. */
#define ENV_OID_FILE "oid_file" #define OID_SECTION "oids"
// number of char we get to log for the serial
#define SERIAL_ID_SIZE 8
#define B_FORMAT_TEXT 0x8000 #define B_FORMAT_TEXT 0x8000
#define FORMAT_UNDEF 0 #define FORMAT_UNDEF 0
@ -23,11 +26,7 @@
static ASN1_OBJECT *txt2obj(const char *oid); static ASN1_OBJECT *txt2obj(const char *oid);
/* Reply related functions. */ /* Reply related functions. */
static int reply_command(CONF *conf, char *section, char *engine, char *query, static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
char *passin, char *inkey, const EVP_MD *md,
char *signer, char *chain, const char *policy,
char *in, int token_in, char *out, int token_out,
int text);
static TS_RESP *read_PKCS7(BIO *in_bio); static TS_RESP *read_PKCS7(BIO *in_bio);
int create_response(rfc3161_context *ct, char *query, int query_len, int create_response(rfc3161_context *ct, char *query, int query_len,
TS_RESP_CTX *resp_ctx, size_t *resp_size, TS_RESP_CTX *resp_ctx, size_t *resp_size,

9
inc/utils.h
View File

@ -1,5 +1,12 @@
#include "rfc3161.h" #include "rfc3161.h"
typedef struct _code {
char *c_name;
int c_val;
} CODE;
static void signal_handler_general(int sig_num);
static void signal_handler_up(int sig_num);
void skeleton_daemon(); void skeleton_daemon();
int init_pid(char *pidfile_path); int init_pid(char *pidfile_path);
int write_pid(char *pidfile_path); int write_pid(char *pidfile_path);
@ -9,5 +16,7 @@ void log_hex(rfc3161_context *ct, int priority, char *id,
int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd); int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd);
static char *rand_string(char *str, size_t size); static char *rand_string(char *str, size_t size);
void free_uts_context(rfc3161_context *ct); void free_uts_context(rfc3161_context *ct);
// some global variable to handle signals
int g_uts_sig_up; int g_uts_sig_up;
int g_uts_sig; int g_uts_sig;

15
src/lib/http.c
View File

@ -1,8 +1,3 @@
/*
* "This product includes software developed by the OpenSSL Project
* * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*/
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@ -16,10 +11,6 @@
#include <time.h> #include <time.h>
#include "http.h" #include "http.h"
struct tuser_data {
char *first_message;
};
static char *rand_string(char *str, size_t size) { static char *rand_string(char *str, size_t size) {
const char charset[] = "1234567890ABCDEF"; const char charset[] = "1234567890ABCDEF";
if (size) { if (size) {
@ -83,12 +74,6 @@ void log_request_debug(const struct mg_request_info *request_info,
request_id, request_info->content_length); request_id, request_info->content_length);
uts_logger(context, LOG_DEBUG, "Request[%s], remote_port: %d", request_id, uts_logger(context, LOG_DEBUG, "Request[%s], remote_port: %d", request_id,
request_info->remote_port); request_info->remote_port);
// uts_logger(context, LOG_DEBUG, "Request[%d], user_data: %s",
// request_id,
// request_info->user_data);
// uts_logger(context, LOG_DEBUG, "Request[%d], conn_data: %s",
// request_id,
// request_info->conn_data);
} }
void log_request(const struct mg_request_info *request_info, char *request_id, void log_request(const struct mg_request_info *request_info, char *request_id,

64
src/lib/rfc3161.c
View File

@ -23,28 +23,6 @@
#include <syslog.h> #include <syslog.h>
#include "utils.h" #include "utils.h"
#define OID_SECTION "oids"
// number of char we get to log for the serial
#define SERIAL_ID_SIZE 8
/* Reply related functions. */
static int reply_command(CONF *conf, char *section, char *engine, char *query,
char *passin, char *inkey, const EVP_MD *md,
char *signer, char *chain, const char *policy,
char *in, int token_in, char *out, int token_out,
int text);
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
#define B_FORMAT_TEXT 0x8000
#define FORMAT_UNDEF 0
#define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
#define FORMAT_ASN1 4 /* ASN.1/DER */
/*
* Reply-related method definitions.
*/
int add_oid_section(rfc3161_context *ct, CONF *conf) { int add_oid_section(rfc3161_context *ct, CONF *conf) {
char *p; char *p;
STACK_OF(CONF_VALUE) * sktmp; STACK_OF(CONF_VALUE) * sktmp;
@ -113,6 +91,27 @@ ts_resp_ctx_wrapper *get_ctxw(rfc3161_context *ct) {
return ret; return ret;
} }
// Build a random serial for each request.
// It's less painful to manage than an incremental serial stored in a file
// and a 150 bits size is more than enough to prevent collision.
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data42) {
unsigned char data[20] = {0};
RAND_bytes(data, sizeof(data));
// data[0] &= 0x7F;
// build big number from our bytes
BIGNUM *bn = BN_new();
BN_bin2bn(data, sizeof(data), bn);
// build the ASN1_INTEGER from our BIGNUM
ASN1_INTEGER *asnInt = ASN1_INTEGER_new();
BN_to_ASN1_INTEGER(bn, asnInt);
// cleanup
BN_free(bn);
return asnInt;
}
// create a TS_RESP_CTX (OpenSSL Time-Stamp Response Context) // create a TS_RESP_CTX (OpenSSL Time-Stamp Response Context)
TS_RESP_CTX *create_tsctx(rfc3161_context *ct, CONF *conf, const char *section, TS_RESP_CTX *create_tsctx(rfc3161_context *ct, CONF *conf, const char *section,
const char *policy) { const char *policy) {
@ -353,24 +352,3 @@ end:
TS_RESP_free(ts_response); TS_RESP_free(ts_response);
return ret; return ret;
} }
// Build a random serial for each request.
// It's less painful to manage than an incremental serial stored in a file
// and a 150 bits size is more than enough to prevent collision.
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data42) {
unsigned char data[20] = {0};
RAND_bytes(data, sizeof(data));
// data[0] &= 0x7F;
// build big number from our bytes
BIGNUM *bn = BN_new();
BN_bin2bn(data, sizeof(data), bn);
// build the ASN1_INTEGER from our BIGNUM
ASN1_INTEGER *asnInt = ASN1_INTEGER_new();
BN_to_ASN1_INTEGER(bn, asnInt);
// cleanup
BN_free(bn);
return asnInt;
}

20
src/lib/utils.c
View File

@ -14,10 +14,13 @@
#include <fcntl.h> #include <fcntl.h>
#include "utils.h" #include "utils.h"
typedef struct _code { static void signal_handler_general(int sig_num) {
char *c_name; g_uts_sig = sig_num;
int c_val; }
} CODE;
static void signal_handler_up(int sig_num) {
g_uts_sig_up = sig_num;
}
CODE prioritynames[] = {{"alert", LOG_ALERT}, CODE prioritynames[] = {{"alert", LOG_ALERT},
{"crit", LOG_CRIT}, {"crit", LOG_CRIT},
@ -32,14 +35,6 @@ CODE prioritynames[] = {{"alert", LOG_ALERT},
{"warning", LOG_WARNING}, {"warning", LOG_WARNING},
{NULL, -1}}; {NULL, -1}};
static void signal_handler_general(int sig_num) {
g_uts_sig = sig_num;
}
static void signal_handler_up(int sig_num) {
g_uts_sig_up = sig_num;
}
int init_pid(char *pidfile_path) { int init_pid(char *pidfile_path) {
// if pidfile_path is null, the user did not request one // if pidfile_path is null, the user did not request one
// exit success // exit success
@ -381,6 +376,7 @@ end:
return 0; return 0;
} }
// free the rfc3161_context structure
void free_uts_context(rfc3161_context *ct) { void free_uts_context(rfc3161_context *ct) {
for (int i = 0; i < ct->numthreads; i++) { for (int i = 0; i < ct->numthreads; i++) {
TS_RESP_CTX_free(ct->ts_ctx_pool[i].ts_ctx); TS_RESP_CTX_free(ct->ts_ctx_pool[i].ts_ctx);