tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/jni/native/src sslcontext.c sslutils.c
Date Tue, 07 Jun 2005 08:15:32 GMT
mturk       2005/06/07 01:15:32

  Modified:    jni/native/include ssl_private.h
               jni/native/src sslcontext.c sslutils.c
  Log:
  Implement password handling.
  The supplied password can be "pass:real_password" or
  "exec:path_to_the executable"
  
  Revision  Changes    Path
  1.16      +4 -12     jakarta-tomcat-connectors/jni/native/include/ssl_private.h
  
  Index: ssl_private.h
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- ssl_private.h	7 Jun 2005 07:22:06 -0000	1.15
  +++ ssl_private.h	7 Jun 2005 08:15:32 -0000	1.16
  @@ -118,16 +118,6 @@
   #define SSL_CVERIFY_OPTIONAL_NO_CA  (3)
   #define SSL_VERIFY_PEER_STRICT      (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
   
  -#define SSL_PASSWORD_PROMPT         (0)
  -#define SSL_PASSWORD_FILE           (1)
  -#define SSL_PASSWORD_EXEC           (2)
  -#define SSL_PASSWORD_ENGINE         (3)
  -
  -#define STR_PASSWORD_PROMPT         ("pass:")
  -#define STR_PASSWORD_FILE           ("file:")
  -#define STR_PASSWORD_EXEC           ("exec:")
  -#define STR_PASSWORD_ENGINE         ("engine:")
  -
   extern void *SSL_temp_keys[SSL_TMP_KEY_MAX];
   
   typedef struct {
  @@ -141,9 +131,11 @@
   
   typedef struct {
       char            password[SSL_MAX_PASSWORD_LEN];
  +    const char     *pass;
       const char     *prompt;
  -    int             mode;
       tcn_ssl_ctxt_t *ctx;
  +    apr_file_t     *wrtty;
  +    apr_file_t     *rdtty;
   } tcn_pass_cb_t;
   
   struct tcn_ssl_ctxt_t {
  
  
  
  1.22      +3 -7      jakarta-tomcat-connectors/jni/native/src/sslcontext.c
  
  Index: sslcontext.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- sslcontext.c	6 Jun 2005 15:13:26 -0000	1.21
  +++ sslcontext.c	7 Jun 2005 08:15:32 -0000	1.22
  @@ -467,7 +467,6 @@
       jboolean rv = JNI_TRUE;
       TCN_ALLOC_CSTRING(cert);
       TCN_ALLOC_CSTRING(key);
  -    TCN_ALLOC_CSTRING(password);
       const char *key_file, *cert_file;
       char err[256];
   
  @@ -479,10 +478,8 @@
           rv = JNI_FALSE;
           goto cleanup;
       }
  -    if (J2S(password)) {
  -        strncpy(c->password.password, J2S(password), SSL_MAX_PASSWORD_LEN);
  -        c->password.password[SSL_MAX_PASSWORD_LEN - 1] = '\0';
  -    }
  +    if (password)
  +        c->password.pass = tcn_pstrdup(e, password, c->pool);
       key_file  = J2S(key);
       cert_file = J2S(cert);
       if (!key_file)
  @@ -523,7 +520,6 @@
   cleanup:
       TCN_FREE_CSTRING(cert);
       TCN_FREE_CSTRING(key);
  -    TCN_FREE_CSTRING(password);
       return rv;
   }
   
  
  
  
  1.17      +88 -11    jakarta-tomcat-connectors/jni/native/src/sslutils.c
  
  Index: sslutils.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslutils.c,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- sslutils.c	7 Jun 2005 07:22:06 -0000	1.16
  +++ sslutils.c	7 Jun 2005 08:15:32 -0000	1.17
  @@ -100,14 +100,71 @@
       return APR_SUCCESS;
   }
   
  +static apr_status_t ssl_pipe_child_create(tcn_pass_cb_t *data, apr_pool_t *p, const char
*progname)
  +{
  +    /* Child process code for 'ErrorLog "|..."';
  +     * may want a common framework for this, since I expect it will
  +     * be common for other foo-loggers to want this sort of thing...
  +     */
  +    apr_status_t rc;
  +    apr_procattr_t *procattr;
  +    apr_proc_t *procnew;
  +
  +    if (((rc = apr_procattr_create(&procattr, p)) == APR_SUCCESS) &&
  +        ((rc = apr_procattr_io_set(procattr,
  +                                   APR_FULL_BLOCK,
  +                                   APR_FULL_BLOCK,
  +                                   APR_NO_PIPE)) == APR_SUCCESS)) {
  +        char **args;
  +        const char *pname;
  +
  +        apr_tokenize_to_argv(progname, &args, p);
  +        pname = apr_pstrdup(p, args[0]);
  +        procnew = (apr_proc_t *)apr_pcalloc(p, sizeof(*procnew));
  +        rc = apr_proc_create(procnew, pname, (const char * const *)args,
  +                             NULL, procattr, p);
  +        if (rc == APR_SUCCESS) {
  +            /* XXX: not sure if we aught to...
  +             * apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT);
  +             */
  +            data->wrtty = procnew->in;
  +            data->rdtty = procnew->out;
  +        }
  +    }
  +    return rc;
  +}
  +
  +static int pipe_get_passwd_cb(tcn_pass_cb_t *data, char *buf, int length,
  +                              const char *prompt)
  +{
  +    apr_status_t rc;
  +    char *p;
  +
  +    apr_file_puts(prompt, data->wrtty);
  +
  +    buf[0]='\0';
  +    rc = apr_file_gets(buf, length, data->rdtty);
  +    apr_file_puts(APR_EOL_STR, data->wrtty);
  +
  +    if (rc != APR_SUCCESS || apr_file_eof(data->rdtty)) {
  +        memset(buf, 0, length);
  +        return 1;  /* failure */
  +    }
  +    if ((p = strchr(buf, '\n')) != NULL)
  +        *p = '\0';
  +#ifdef WIN32
  +    if ((p = strchr(buf, '\r')) != NULL)
  +        *p = '\0';
  +#endif
  +    return 0;
  +}
  +
   #define PROMPT_STRING "Enter password: "
   /* Simple echo password prompting */
   int SSL_password_prompt(tcn_pass_cb_t *data)
   {
       int rv = 0;
       data->password[0] = '\0';
  -    if (!data->prompt)
  -        data->prompt = PROMPT_STRING;
       if (data->ctx && data->ctx->bio_is) {
           if (data->ctx->bio_is->flags & SSL_BIO_FLAG_RDONLY) {
               /* Use error BIO in case of stdin */
  @@ -162,19 +219,39 @@
   
       if (buf == NULL)
           return 0;
  +    *buf = '\0';
       if (cb_data == NULL) {
           memset(&c, 0, sizeof(tcn_pass_cb_t));
           cb_data = &c;
       }
  -    else {
  -        /* TODO: Implement password prompt checking.
  -         * and decide what mechanism to use for obtaining
  -         * the password.
  -         */
  -    }
  -    if (cb_data->password[0] ||
  -        (SSL_password_prompt(cb_data) > 0)) {
  +    if (cb_data->password[0]) {
  +        /* Return already obtained password */
           strncpy(buf, cb_data->password, bufsiz);
  +        buf[bufsiz - 1] = '\0';
  +        return strlen(buf);
  +    }
  +    if (!cb_data->prompt)
  +        cb_data->prompt = PROMPT_STRING;
  +    if (cb_data->pass) {
  +        if (strncmp(cb_data->pass, "pass:", 5) == 0)
  +            strncpy(buf, cb_data->pass + 5, bufsiz);
  +        else if (strncmp(cb_data->pass, "exec:", 5) == 0) {
  +            apr_pool_t *p;
  +            apr_pool_create(&p, cb_data->ctx->pool);
  +            if (ssl_pipe_child_create(cb_data, p,
  +                        cb_data->pass + 5) == APR_SUCCESS) {
  +                pipe_get_passwd_cb(cb_data, buf, bufsiz, cb_data->prompt);
  +            }
  +            apr_pool_destroy(p);
  +        }
  +        buf[bufsiz-1] = '\0';
  +        strncpy(cb_data->password, buf, SSL_MAX_PASSWORD_LEN);
  +        cb_data->password[SSL_MAX_PASSWORD_LEN - 1] = '\0';
  +        return strlen(buf);
  +    }
  +    else {
  +        if (SSL_password_prompt(cb_data) > 0)
  +            strncpy(buf, cb_data->password, bufsiz);
       }
       buf[bufsiz - 1] = '\0';
       return strlen(buf);
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message