| version 1.188, 2017/10/24 17:49:35 |
version 1.189, 2017/11/28 16:59:10 |
|
|
| #define BUFSIZE 16384 |
#define BUFSIZE 16384 |
| #define DEFAULT_CA_FILE "/etc/ssl/cert.pem" |
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem" |
| |
|
| #define TLS_ALL (1 << 1) |
#define TLS_NOVERIFY (1 << 1) |
| #define TLS_NOVERIFY (1 << 2) |
#define TLS_NONAME (1 << 2) |
| #define TLS_NONAME (1 << 3) |
#define TLS_CCERT (1 << 3) |
| #define TLS_CCERT (1 << 4) |
#define TLS_MUSTSTAPLE (1 << 4) |
| #define TLS_MUSTSTAPLE (1 << 5) |
|
| #define TLS_COMPAT (1 << 6) |
|
| |
|
| /* Command Line Options */ |
/* Command Line Options */ |
| int dflag; /* detached, no stdin */ |
int dflag; /* detached, no stdin */ |
|
|
| int TLSopt; /* TLS options */ |
int TLSopt; /* TLS options */ |
| char *tls_expectname; /* required name in peer cert */ |
char *tls_expectname; /* required name in peer cert */ |
| char *tls_expecthash; /* required hash of peer cert */ |
char *tls_expecthash; /* required hash of peer cert */ |
| |
char *tls_ciphers; /* TLS ciphers */ |
| |
char *tls_protocols; /* TLS protocols */ |
| FILE *Zflag; /* file to save peer cert */ |
FILE *Zflag; /* file to save peer cert */ |
| |
|
| int recvcount, recvlimit; |
int recvcount, recvlimit; |
|
|
| int unix_connect(char *); |
int unix_connect(char *); |
| int unix_listen(char *); |
int unix_listen(char *); |
| void set_common_sockopts(int, int); |
void set_common_sockopts(int, int); |
| int map_tos(char *, int *); |
int process_tos_opt(char *, int *); |
| int map_tls(char *, int *); |
int process_tls_opt(char *, int *); |
| void save_peer_cert(struct tls *_tls_ctx, FILE *_fp); |
void save_peer_cert(struct tls *_tls_ctx, FILE *_fp); |
| void report_connect(const struct sockaddr *, socklen_t, char *); |
void report_connect(const struct sockaddr *, socklen_t, char *); |
| void report_tls(struct tls *tls_ctx, char * host); |
void report_tls(struct tls *tls_ctx, char * host); |
|
|
| char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; |
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; |
| struct tls_config *tls_cfg = NULL; |
struct tls_config *tls_cfg = NULL; |
| struct tls *tls_ctx = NULL; |
struct tls *tls_ctx = NULL; |
| |
uint32_t protocols; |
| |
|
| ret = 1; |
ret = 1; |
| socksv = 5; |
socksv = 5; |
|
|
| case 'T': |
case 'T': |
| errstr = NULL; |
errstr = NULL; |
| errno = 0; |
errno = 0; |
| if (map_tos(optarg, &Tflag)) |
if (process_tls_opt(optarg, &TLSopt)) |
| break; |
break; |
| if (map_tls(optarg, &TLSopt)) |
if (process_tos_opt(optarg, &Tflag)) |
| break; |
break; |
| if (strlen(optarg) > 1 && optarg[0] == '0' && |
if (strlen(optarg) > 1 && optarg[0] == '0' && |
| optarg[1] == 'x') |
optarg[1] == 'x') |
|
|
| errx(1, "cannot use -c and -F"); |
errx(1, "cannot use -c and -F"); |
| if (TLSopt && !usetls) |
if (TLSopt && !usetls) |
| errx(1, "you must specify -c to use TLS options"); |
errx(1, "you must specify -c to use TLS options"); |
| if ((TLSopt & (TLS_ALL|TLS_COMPAT)) == (TLS_ALL|TLS_COMPAT)) |
|
| errx(1, "cannot use -T tlsall and -T tlscompat"); |
|
| if (Cflag && !usetls) |
if (Cflag && !usetls) |
| errx(1, "you must specify -c to use -C"); |
errx(1, "you must specify -c to use -C"); |
| if (Kflag && !usetls) |
if (Kflag && !usetls) |
|
|
| errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "%s", tls_config_error(tls_cfg)); |
| if (oflag && tls_config_set_ocsp_staple_file(tls_cfg, oflag) == -1) |
if (oflag && tls_config_set_ocsp_staple_file(tls_cfg, oflag) == -1) |
| errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "%s", tls_config_error(tls_cfg)); |
| if (TLSopt & (TLS_ALL|TLS_COMPAT)) { |
if (tls_config_parse_protocols(&protocols, tls_protocols) == -1) |
| if (tls_config_set_protocols(tls_cfg, |
errx(1, "invalid TLS protocols `%s'", tls_protocols); |
| TLS_PROTOCOLS_ALL) != 0) |
if (tls_config_set_protocols(tls_cfg, protocols) == -1) |
| errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "%s", tls_config_error(tls_cfg)); |
| if (tls_config_set_ciphers(tls_cfg, |
if (tls_config_set_ciphers(tls_cfg, tls_ciphers) == -1) |
| (TLSopt & TLS_ALL) ? "all" : "compat") != 0) |
errx(1, "%s", tls_config_error(tls_cfg)); |
| errx(1, "%s", tls_config_error(tls_cfg)); |
|
| } |
|
| if (!lflag && (TLSopt & TLS_CCERT)) |
if (!lflag && (TLSopt & TLS_CCERT)) |
| errx(1, "clientcert is only valid with -l"); |
errx(1, "clientcert is only valid with -l"); |
| if (TLSopt & TLS_NONAME) |
if (TLSopt & TLS_NONAME) |
|
|
| } |
} |
| |
|
| int |
int |
| map_tos(char *s, int *val) |
process_tos_opt(char *s, int *val) |
| { |
{ |
| /* DiffServ Codepoints and other TOS mappings */ |
/* DiffServ Codepoints and other TOS mappings */ |
| const struct toskeywords { |
const struct toskeywords { |
|
|
| } |
} |
| |
|
| int |
int |
| map_tls(char *s, int *val) |
process_tls_opt(char *s, int *flags) |
| { |
{ |
| |
size_t len; |
| |
char *v; |
| |
|
| const struct tlskeywords { |
const struct tlskeywords { |
| const char *keyword; |
const char *keyword; |
| int val; |
int flag; |
| |
char **value; |
| } *t, tlskeywords[] = { |
} *t, tlskeywords[] = { |
| { "tlsall", TLS_ALL }, |
{ "ciphers", -1, &tls_ciphers }, |
| { "noverify", TLS_NOVERIFY }, |
{ "clientcert", TLS_CCERT, NULL }, |
| { "noname", TLS_NONAME }, |
{ "muststaple", TLS_MUSTSTAPLE, NULL }, |
| { "clientcert", TLS_CCERT}, |
{ "noverify", TLS_NOVERIFY, NULL }, |
| { "muststaple", TLS_MUSTSTAPLE}, |
{ "noname", TLS_NONAME, NULL }, |
| { "tlscompat", TLS_COMPAT }, |
{ "protocols", -1, &tls_protocols }, |
| { NULL, -1 }, |
{ NULL, -1, NULL }, |
| }; |
}; |
| |
|
| |
len = strlen(s); |
| |
if ((v = strchr(s, '=')) != NULL) { |
| |
len = v - s; |
| |
v++; |
| |
} |
| |
|
| for (t = tlskeywords; t->keyword != NULL; t++) { |
for (t = tlskeywords; t->keyword != NULL; t++) { |
| if (strcmp(s, t->keyword) == 0) { |
if (strlen(t->keyword) == len && |
| *val |= t->val; |
strncmp(s, t->keyword, len) == 0) { |
| |
if (t->value != NULL) { |
| |
if (v == NULL) |
| |
errx(1, "invalid tls value `%s'", s); |
| |
*t->value = v; |
| |
} else { |
| |
*flags |= t->flag; |
| |
} |
| return 1; |
return 1; |
| } |
} |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to netcat.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / nc