sys_status.c

ssl vpn系统.web服务器不支持ssl的情况下,browser可以使用ssl建立连接.

/* Virtual terminal interface shell.
 * Copyright (C) 2000 Kunihiro Ishiguro
 *
 * This file is part of GNU Zebra.
 *
 * GNU Zebra is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2, or (at your option) any
 * later version.
 *
 * GNU Zebra is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with GNU Zebra; see the file COPYING.  If not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.  
 */

#include <string.h>
#include "../../kernel-20/include/linux/sysctl.h"
#include <zebra.h>

#include <sys/un.h>
#include <setjmp.h>
#include <sys/wait.h>
#include <sys/resource.h>
#include <sys/stat.h>

#include <readline/readline.h>
#include <readline/history.h>
#include <sys/sysinfo.h>
//#include <errno.h>
#include "command.h"
#include "memory.h"
#include "more.h"
//#include "log.h"
#include "buffer.h"
#include "localauth.h"
#include "vtysh/vtysh.h"
#include "vtysh/vtysh_config.h"
#include "vtysh/vtysh_user.h"
#include "thread.h"
#include "zclient.h"
#include "../../common/module_log.h"
#include "sys_status.h"

#include <openssl/rsa.h>       /* SSLeay stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define  SSL_SERV_PORT 1114
enum event {SSL_SERV, SSL_READ };
extern struct thread_master *master;
int ssl_listen_fd=-1;
int Debug=0;
list ssl_client_list;
struct ssl_client{
	int fd;
	SSL * ssl;
};// ssl_client;



struct status_client
{
  int fd;
} status_client[VTYSH_INDEX_MAX];

struct interface_status{
	int action;
	unsigned int ifindex;
	char name[20 + 1];
	unsigned int  flags;
	unsigned int fd;
	unsigned int speed;
} * ifp_status;

void sendto_sslclient(char  * buf, int len);
void status_serv_event (enum event event, int sock, struct ssl_client*client);
void
dprintf (char *fmt, ...)
{
  va_list ap;

  if (!(Debug ))
    return;

  va_start (ap, fmt);
  vfprintf (stdout, fmt, ap);
  va_end (ap);

  fflush (stdout);
  return;
}

void
vclient_close (struct status_client *vclient)
{
  if (vclient->fd > 0)
    close (vclient->fd);
  vclient->fd = -1;
}

int
status_read (struct thread *thread)
{
  int sock;
  struct status_client *client;
  int nbyte;
  u_short length;
  u_char command;
  char mesg[500]={0};
  /* Get thread data.  Reset reading thread because I'm running. */
  sock = THREAD_FD (thread);
  client = THREAD_ARG (thread);
  
  nbyte = recv(sock, mesg, 500, 0);
  if (nbyte <= 0) {
 //     zebra_stateclient_close (client);
      return -1;
    }
  ifp_status=(struct interface_status *) mesg;
  dprintf("name = %s  speed = %d \n",ifp_status->name,ifp_status->speed);
  sendto_sslclient(mesg,nbyte);
  thread_add_read(master ,status_read, client, sock);
}


int
status_connect (struct status_client *vclient, char *path)
{
  int ret;
  int val;
  int sock, len;
  struct sockaddr_un addr;
  struct stat s_stat;
  uid_t euid;
  gid_t egid;

  memset (vclient, 0, sizeof (struct status_client));
  vclient->fd = -1;

  /* Stat socket to see if we have permission to access it. */
  euid = geteuid ();
  egid = getegid ();
  ret = stat (path, &s_stat);
  if (ret < 0 && errno != ENOENT)
    {
      fprintf (stderr, "status_connect(%s): stat = %s\n",
	       path, strerror (errno));
      exit (1);
    }

  if (ret >= 0)
    {
      if (!S_ISSOCK (s_stat.st_mode))
	{
	  fprintf (stderr, "status_connect(%s): Not a socket\n", path);
	  exit (1);
	}

      if (euid != s_stat.st_uid
	  || !(s_stat.st_mode & S_IWUSR) || !(s_stat.st_mode & S_IRUSR))
	{
	  fprintf (stderr,
		   "status_connect(%s): No permission to access socket\n",
		   path);
	  exit (1);
	}
    }

  sock = socket (AF_UNIX, SOCK_STREAM, 0);
  if (sock < 0)
    {
#ifdef DEBUG
      fprintf (stderr, "status_connect(%s): socket = %s\n", path,
	       strerror (errno));
#endif /* DEBUG */
      return -1;
    }

  memset (&addr, 0, sizeof (struct sockaddr_un));
  addr.sun_family = AF_UNIX;
  strncpy (addr.sun_path, path, strlen (path));
#ifdef HAVE_SUN_LEN
  len = addr.sun_len = SUN_LEN (&addr);
#else
  len = sizeof (addr.sun_family) + strlen (addr.sun_path);
#endif /* HAVE_SUN_LEN */

 ret = connect (sock, (struct sockaddr *) &addr, len);

 val = fcntl (sock, F_GETFL, 0);
 fcntl ( sock, F_SETFL, (val | O_NONBLOCK));
  if (ret < 0)
  {
#ifdef DEBUG
      fprintf (stderr, "status_connect(%s): connect = %s\n", path,
	       strerror (errno));
#endif /* DEBUG */
      close (sock);
      return -1;
  }
    vclient->fd = sock;
    thread_add_read(master ,status_read, vclient, sock);


  return 0;
}


void
status_connect_all ()
{
  /* Clear each daemons client structure. */
  status_connect (&status_client[STATUS_INDEX_ZEBRA], STATUS_ZEBRA_PATH);
  
}

/**
 *@brief:
 */
void
status_connect_close ()
{
  /* Clear each daemons client structure. */
  vclient_close (&status_client[STATUS_INDEX_ZEBRA]);
  
}

int
ssl_serv_accept (struct thread *thread)
{
  int val;
  SSL*ssl=NULL;
  struct ssl_client * sclient=NULL;
  int accept_sock;
  int fd=-1;
   struct sockaddr_in client;
  socklen_t len;

  accept_sock = THREAD_FD (thread);

  len = sizeof (struct sockaddr_in);
    
  fd= accept (accept_sock, (struct sockaddr *) &client, &len);
  if(fd==-1)
  {
  dprintf("\naccept error\n");
  return -1;
  }
 
  dprintf("\naccept ok\n");
  ssl=create_ssl_con(fd);
  if(ssl==NULL) {dprintf("\n ----------ssl accept error \n");close(fd);}
  else
  {
  	sclient =malloc(sizeof(struct ssl_client));
  	if(sclient ==NULL) close(fd);
	else
	{
		val = fcntl (fd, F_GETFL, 0);
   		fcntl ( fd, F_SETFL, (val | O_NONBLOCK));
 		sclient->fd=fd;
  		sclient->ssl=ssl;
  		listnode_add(ssl_client_list,sclient);
		status_serv_event(SSL_READ,fd, sclient);
	}
  }
  
  
	status_serv_event (SSL_SERV, ssl_listen_fd, NULL);
  	return 0;
}




int
ssl_serv_read (struct thread *thread)
{
  int sock;
  char mesg[500]={0};
  int nbyte;
  u_short length;
  u_char command;
  struct stream * ibuf=NULL;
  /* Get thread data.  Reset reading thread because I'm running. */
   struct ssl_client * client;
  sock = THREAD_FD (thread);
  client =THREAD_ARG(thread);
  nbyte= SSL_read (client->ssl, mesg, 500 - 1);    


 // dprintf (" read from socket %s\n",mesg);

  if (nbyte <=0) 
    {
      dprintf (" read from client error .satate connection closed socket [%d]", sock);
      sslclient_close (client);
      return -1;
    }
//  else
/*  if(nbyte>10){
   dprintf("read mesg :%s\n", mesg);	
   sendto_allsslclient(mesg,nbyte);
  }
*/
  status_serv_event(SSL_READ,sock, client);
}


void
status_serv_event (enum event event, int sock, struct ssl_client*client)
{
  switch (event)
    {
    
    case SSL_SERV:
      thread_add_read (master, ssl_serv_accept, client, sock);
      break;
    case SSL_READ:
    thread_add_read (master, ssl_serv_read, client, sock);
      break;
    
    }
}
void status_serv_inet()
{
	ssl_client_list=list_new();
	ssl_server_init( SSL_SERV_PORT );
	status_serv_event (SSL_SERV, ssl_listen_fd, NULL);
}

sslclient_close (struct ssl_client *client)
{
  /* Close file descriptor. */
  if (client->fd)
    {
      close (client->fd);
      client->fd = -1;
    }
 if(client->ssl)
  SSL_free (client->ssl);

  listnode_delete (ssl_client_list, client);
  free( client);
}

void 
sendto_sslclient(char  * buf, int len)
{
  
  listnode node;

  struct ssl_client * client=NULL;
  int i=0;

  node = listhead (ssl_client_list); 
  while(node)
  {
     dprintf("read node %d \n",i);
      client= getdata (node);

      i++;
      
     
      if(SSL_write(client->ssl,buf,len)<0)
      	{
		;
      		dprintf(" --------------send error\n");
    	}

     nextnode (node);
   }
    


}