TLS preliminary tests ok

2025-07-24 20:56:09 +03:00 · 2018-12-09 13:20:02 +01:00
parent 340e641456
commit 29a5e60de7
17 changed files with 81 additions and 45 deletions
--- a/build/modules/configRead.o
+++ b/build/modules/configRead.o
--- a/build/modules/connection.o
+++ b/build/modules/connection.o
--- a/build/modules/daemon.o
+++ b/build/modules/daemon.o
--- a/build/modules/dynamicVectors.o
+++ b/build/modules/dynamicVectors.o
--- a/build/modules/fileManagement.o
+++ b/build/modules/fileManagement.o
--- a/build/modules/ftpCommandElaborate.o
+++ b/build/modules/ftpCommandElaborate.o
--- a/build/modules/ftpData.o
+++ b/build/modules/ftpData.o
--- a/build/modules/ftpServer.o
+++ b/build/modules/ftpServer.o
--- a/build/modules/logFunctions.o
+++ b/build/modules/logFunctions.o
--- a/build/modules/openSsl.o
+++ b/build/modules/openSsl.o
--- a/build/modules/signals.o
+++ b/build/modules/signals.o
--- a/build/uFTP
+++ b/build/uFTP
--- a/ftpCommandElaborate.c
+++ b/ftpCommandElaborate.c
@ -572,8 +572,10 @@ int parseCommandList(ftpDataType * data, int socketId)
    theNameToList = getFtpCommandArg("LIST", data->clients[socketId].theCommandReceived, 1);
    getFtpCommandArgWithOptions("LIST", data->clients[socketId].theCommandReceived, &data->clients[socketId].workerData.ftpCommand);
 
-    printf("\nLIST COMMAND ARG: %s", data->clients[socketId].workerData.ftpCommand.commandArgs.text);
-    printf("\nLIST COMMAND OPS: %s", data->clients[socketId].workerData.ftpCommand.commandOps.text);
+    if (data->clients[socketId].workerData.ftpCommand.commandArgs.text != NULL)
+    	printf("\nLIST COMMAND ARG: %s", data->clients[socketId].workerData.ftpCommand.commandArgs.text);
+    if (data->clients[socketId].workerData.ftpCommand.commandOps.text != NULL)
+    	printf("\nLIST COMMAND OPS: %s", data->clients[socketId].workerData.ftpCommand.commandOps.text);
    printf("\ntheNameToList: %s", theNameToList);
    
    cleanDynamicStringDataType(&data->clients[socketId].workerData.ftpCommand.commandArgs, 0);
--- a/ftpServer.c
+++ b/ftpServer.c
@ -78,6 +78,27 @@ void workerCleanup(void *socketId)
 				}
 			}
 		}
+
+		if(ftpData.clients[theSocketId].workerData.activeModeOn == 1)
+		{
+			printf("\nSSL worker Shutdown 1");
+			returnCode = SSL_shutdown(ftpData.clients[theSocketId].workerData.clientSsl);
+			printf(" return code : %d", returnCode);
+
+			if (returnCode < 0)
+			{
+				printf("SSL_shutdown failed return code %d", returnCode);
+			}
+			else if (returnCode == 0)
+			{
+				returnCode = SSL_shutdown(ftpData.clients[theSocketId].workerData.clientSsl);
+
+				if (returnCode <= 0)
+				{
+					printf("SSL_shutdown (2nd time) failed");
+				}
+			}
+		}
 	}
 	#endif

@ -95,6 +116,8 @@ void *connectionWorkerHandle(void * socketId)
  ftpData.clients[theSocketId].workerData.threadIsAlive = 1;
  int returnCode;

+  printf("\nWORKER CREATED!");
+
  //Passive data connection mode
  if (ftpData.clients[theSocketId].workerData.passiveModeOn == 1)
  {
@ -215,6 +238,9 @@ void *connectionWorkerHandle(void * socketId)
    ftpData.clients[theSocketId].workerData.socketIsConnected = 1;
  }

+
+  printf("\nftpData.clients[theSocketId].workerData.socketIsConnected = %d", ftpData.clients[theSocketId].workerData.socketIsConnected);
+
 //Endless loop ftp process
  while (1)
  {
@ -222,6 +248,7 @@ void *connectionWorkerHandle(void * socketId)

    if (ftpData.clients[theSocketId].workerData.socketIsConnected > 0)
    {
+    	printf("\nWorker is waiting for commands!");
        //Conditional lock on thread actions
        pthread_mutex_lock(&ftpData.clients[theSocketId].workerData.conditionMutex);
        while (ftpData.clients[theSocketId].workerData.commandReceived == 0)
@ -497,7 +524,7 @@ void runFtpServer(void)
 						if ( ((int)time(NULL) - ftpData.clients[processingSock].tlsNegotiatingTimeStart) > TLS_NEGOTIATING_TIMEOUT )
 						{
 							ftpData.clients[processingSock].closeTheClient = 1;
-							printf("\nTLS timeout closing the client time:%lld, start time: %lls..", (int)time(NULL), ftpData.clients[processingSock].tlsNegotiatingTimeStart);
+							printf("\nTLS timeout closing the client time:%lld, start time: %lld..", (int)time(NULL), ftpData.clients[processingSock].tlsNegotiatingTimeStart);
 						}

 					}
@ -625,6 +652,9 @@ static int processCommand(int processingElement)
        (compareStringCaseInsensitive(ftpData.clients[processingElement].theCommandReceived, "USER", strlen("USER")) != 1 &&
         compareStringCaseInsensitive(ftpData.clients[processingElement].theCommandReceived, "PASS", strlen("PASS")) != 1 &&
         compareStringCaseInsensitive(ftpData.clients[processingElement].theCommandReceived, "QUIT", strlen("QUIT")) != 1 &&
+		 compareStringCaseInsensitive(ftpData.clients[processingElement].theCommandReceived, "PBSZ", strlen("PBSZ")) != 1 &&
+		 compareStringCaseInsensitive(ftpData.clients[processingElement].theCommandReceived, "PROT", strlen("PROT")) != 1 &&
+		 compareStringCaseInsensitive(ftpData.clients[processingElement].theCommandReceived, "CCC", strlen("CCC")) != 1 &&
         compareStringCaseInsensitive(ftpData.clients[processingElement].theCommandReceived, "AUTH", strlen("AUTH")) != 1))
        {
            toReturn = notLoggedInMessage(&ftpData, processingElement);
--- a/library/connection.c
+++ b/library/connection.c
@ -44,20 +44,23 @@

 int socketPrintf(ftpDataType * ftpData, int clientId, const char *__restrict __fmt, ...)
 {
+	#define COMMAND_BUFFER								9600
 	#define SOCKET_PRINTF_BUFFER						2048
-
 	int bytesWritten = 0;
 	char theBuffer[SOCKET_PRINTF_BUFFER];
-	int theStringSize = 0;
+	char commandBuffer[COMMAND_BUFFER];
+	int theStringSize = 0, theCommandSize = 0;
 	memset(&theBuffer, 0, SOCKET_PRINTF_BUFFER);
+	memset(&commandBuffer, 0, COMMAND_BUFFER);
 	printf("\nWriting to socket id %d, TLS %d: ", clientId, ftpData->clients[clientId].tlsIsEnabled);

+	pthread_mutex_lock(&ftpData->clients[clientId].writeMutex);
+
 	va_list args;
 	va_start(args, __fmt);
-	pthread_mutex_lock(&ftpData->clients[clientId].writeMutex);
-
 	while (*__fmt != '\0')
 	{
+		int i = 0;
 		theStringSize = 0;
 		switch(*__fmt)
 		{
@ -113,47 +116,34 @@ int socketPrintf(ftpDataType * ftpData, int clientId, const char *__restrict __f
 			break;
 		}

-		if (theStringSize >= SOCKET_PRINTF_BUFFER) {
-			printf("\n String buffer is full!");
-		}
-		else if (theStringSize < SOCKET_PRINTF_BUFFER &&
-				theStringSize > 0)
+		for (i = 0; i <theStringSize; i++)
 		{
-			int theReturnCode = 0;
-
-			if (ftpData->clients[clientId].tlsIsEnabled != 1)
+			if (theCommandSize < COMMAND_BUFFER)
 			{
-				theReturnCode = write(ftpData->clients[clientId].socketDescriptor, theBuffer, theStringSize);
+				commandBuffer[theCommandSize++] = theBuffer[i];
 			}
-			else if (ftpData->clients[clientId].tlsIsEnabled == 1)
-			{
-				#ifdef OPENSSL_ENABLED
-				theReturnCode = SSL_write(ftpData->clients[clientId].ssl, theBuffer, theStringSize);
-				#endif
-			}
-
-			printf("%s", theBuffer);
-
-			if (theReturnCode > 0)
-			{
-				bytesWritten += theReturnCode;
-			}
-			else
-			{
-				bytesWritten = theReturnCode;
-				break;
-			}
-		}
-		else if(theStringSize == 0)
-		{
-			printf("\n Nothing to write.. ");
 		}

 		++__fmt;
 	}
+	va_end(args);
+
+
+	if (ftpData->clients[clientId].tlsIsEnabled != 1)
+	{
+		bytesWritten = write(ftpData->clients[clientId].socketDescriptor, commandBuffer, theCommandSize);
+	}
+	else if (ftpData->clients[clientId].tlsIsEnabled == 1)
+	{
+		#ifdef OPENSSL_ENABLED
+		bytesWritten = SSL_write(ftpData->clients[clientId].ssl, commandBuffer, theCommandSize);
+		#endif
+	}
+
+	printf("\n%s", commandBuffer);

 	pthread_mutex_unlock(&ftpData->clients[clientId].writeMutex);
-	va_end(args);
+
 	return bytesWritten;
 }

@ -241,14 +231,18 @@ int socketWorkerPrintf(ftpDataType * ftpData, int clientId, const char *__restri
 			{

 				#ifdef OPENSSL_ENABLED
-				if (ftpData->clients[clientId].workerData.passiveModeOn == 1)
+				if (ftpData->clients[clientId].workerData.passiveModeOn == 1){
 					theReturnCode = SSL_write(ftpData->clients[clientId].workerData.serverSsl, theBuffer, theStringSize);
-				else if (ftpData->clients[clientId].workerData.activeModeOn == 1)
+					printf("passive: %s", theBuffer);
+				}
+				else if (ftpData->clients[clientId].workerData.activeModeOn == 1){
 					theReturnCode = SSL_write(ftpData->clients[clientId].workerData.clientSsl, theBuffer, theStringSize);
+					printf("Active: %s", theBuffer);
+				}
 				#endif
 			}

-			printf("%s", theBuffer);
+

 			if (theReturnCode > 0)
 			{
--- a/library/openSsl.c
+++ b/library/openSsl.c
@ -87,7 +87,7 @@ SSL_CTX *createClientContext(void)


 void configureClientContext(SSL_CTX *ctx, char *certificatePath, char* privateCertificatePath)
-{
+{/*
 	if (FILE_IsFile(certificatePath) != 1)
 	{
 		printf("\ncertificate file: %s not found!", certificatePath);
@ -100,7 +100,7 @@ void configureClientContext(SSL_CTX *ctx, char *certificatePath, char* privateCe
 		exit(0);
 	}

-    /* Set the key and cert */
+     Set the key and cert
    if (SSL_CTX_use_certificate_file(ctx, certificatePath, SSL_FILETYPE_PEM) <= 0) {
        ERR_print_errors_fp(stderr);
        exit(EXIT_FAILURE);
@ -109,7 +109,7 @@ void configureClientContext(SSL_CTX *ctx, char *certificatePath, char* privateCe
    if (SSL_CTX_use_PrivateKey_file(ctx, privateCertificatePath, SSL_FILETYPE_PEM) <= 0 ) {
        ERR_print_errors_fp(stderr);
        exit(EXIT_FAILURE);
-    }
+    } */
 }

 void configureContext(SSL_CTX *ctx, char *certificatePath, char* privateCertificatePath)
--- a/testNotes.txt
+++ b/testNotes.txt
@ -0,0 +1,10 @@
+#NOTES ONLY FOR DEVELOPERS
+#OPENSSL TEST COMMANDS
+openssl s_client -starttls ftp -connect 192.168.1.237:21
+sudo openssl s_server -key key.pem -cert cert.pem -accept 123
+
+USER username
+PASS password
+PROT P
+PORT 192,168,1,237,0,123
+LIST