"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/server/core/cas_validator.cpp" between
netxms-3.8.382.tar.gz and netxms-3.8.405.tar.gz

About: NetXMS is a multi-platform open source network management and monitoring system.

cas_validator.cpp  (netxms-3.8.382):cas_validator.cpp  (netxms-3.8.405)
skipping to change at line 127 skipping to change at line 127
/** /**
* Read certificate from file * Read certificate from file
*/ */
static X509 *ReadCertificateFromFile(const char *filename) static X509 *ReadCertificateFromFile(const char *filename)
{ {
FILE *f = fopen(filename, "r"); FILE *f = fopen(filename, "r");
if (f == nullptr) if (f == nullptr)
return nullptr; return nullptr;
X509 *c = PEM_read_X509(f, NULL, NULL, NULL); X509 *c = PEM_read_X509(f, nullptr, nullptr, nullptr);
fclose(f); fclose(f);
return c; return c;
} }
/* /*
* Fills buf (up to buflen characters) with all characters (including * Fills buf (up to buflen characters) with all characters (including
* those representing other elements) within the nth element in the * those representing other elements) within the nth element in the
* document with the name provided by tagname. * document with the name provided by tagname.
*/ */
static char *element_body(const char *doc, const char *tagname, int n, char *buf , int buflen) static char *element_body(const char *doc, const char *tagname, int n, char *buf , int buflen)
{ {
char *start_tag_pattern = (char *)malloc(strlen(tagname) + strlen("<") + strl const char *body_end;
en(">") + 1); char *ret = nullptr;
char *end_tag_pattern = (char *)malloc(strlen(tagname) + strlen("<") + strlen
("/") + strlen(">") + 1);
const char *body_start, *body_end;
char *ret = NULL;
buf[0] = 0; buf[0] = 0;
if (start_tag_pattern != NULL && end_tag_pattern != NULL) char start_tag_pattern[256];
snprintf(start_tag_pattern, 256, "<%s>", tagname);
char end_tag_pattern[256];
snprintf(end_tag_pattern, 256, "</%s>", tagname);
const char *body_start = doc;
while (n-- > 0)
{ {
sprintf(start_tag_pattern, "<%s>", tagname); body_start = strstr(body_start, start_tag_pattern);
sprintf(end_tag_pattern, "</%s>", tagname); if (!body_start)
body_start = doc;
while (n-- > 0)
{
body_start = strstr(body_start, start_tag_pattern);
if (!body_start)
{
SET_RET_AND_GOTO_END(NULL);
}
body_start += strlen(start_tag_pattern);
}
body_end = strstr(body_start, end_tag_pattern);
if (!body_end)
{
SET_RET_AND_GOTO_END(NULL);
}
if (body_end - body_start < buflen - 1)
{
strncpy(buf, body_start, body_end - body_start);
buf[body_end - body_start] = 0;
}
else
{ {
strlcpy(buf, body_start, buflen); SET_RET_AND_GOTO_END(nullptr);
} }
SET_RET_AND_GOTO_END(buf); body_start += strlen(start_tag_pattern);
}
body_end = strstr(body_start, end_tag_pattern);
if (!body_end)
{
SET_RET_AND_GOTO_END(nullptr);
}
if (body_end - body_start < buflen - 1)
{
strncpy(buf, body_start, body_end - body_start);
buf[body_end - body_start] = 0;
}
else
{
strlcpy(buf, body_start, buflen);
} }
SET_RET_AND_GOTO_END(buf);
end: end:
if (start_tag_pattern) free(start_tag_pattern);
if (end_tag_pattern) free(end_tag_pattern);
return ret; return ret;
} }
/** /**
* Returns status of certification: 0 for invalid, 1 for valid. * Returns status of certification: 0 for invalid, 1 for valid.
*/ */
static int IsValidCertificate(X509 *cert, const char *hostname) static int IsValidCertificate(X509 *cert, const char *hostname)
{ {
char buf[4096]; char buf[4096];
X509_STORE *store = X509_STORE_new(); X509_STORE *store = X509_STORE_new();
skipping to change at line 229 skipping to change at line 226
* is valid and not exceeds NetXMS user name length limitation and returning 0. * is valid and not exceeds NetXMS user name length limitation and returning 0.
* If not, error code is returned. * If not, error code is returned.
*/ */
static int CASValidate(const char *ticket, char *loginName) static int CASValidate(const char *ticket, char *loginName)
{ {
InetAddress a; InetAddress a;
SockAddrBuffer sa; SockAddrBuffer sa;
SOCKET s = INVALID_SOCKET; SOCKET s = INVALID_SOCKET;
int err, b, ret; int err, b, ret;
size_t total; size_t total;
SSL *ssl = NULL; SSL *ssl = nullptr;
X509 *s_cert = NULL; X509 *s_cert = nullptr;
char buf[4096]; char buf[4096];
char *full_request = NULL, *str; char *full_request = nullptr, *str;
char parsebuf[MAX_DNS_NAME]; char parsebuf[MAX_DNS_NAME];
SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method()); SSL_CTX *ctx = SSL_CTX_new(SSLv23_client_method());
if (!ctx) if (!ctx)
{ {
SET_RET_AND_GOTO_END(CAS_SSL_ERROR_CTX); SET_RET_AND_GOTO_END(CAS_SSL_ERROR_CTX);
} }
if ((s = CreateSocket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) if ((s = CreateSocket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET)
{ {
SET_RET_AND_GOTO_END(CAS_ERROR_CONN); SET_RET_AND_GOTO_END(CAS_ERROR_CONN);
skipping to change at line 279 skipping to change at line 276
SET_RET_AND_GOTO_END(CAS_SSL_ERROR_CERT); SET_RET_AND_GOTO_END(CAS_SSL_ERROR_CERT);
} }
if (!IsValidCertificate(s_cert, s_hostname)) if (!IsValidCertificate(s_cert, s_hostname))
{ {
SET_RET_AND_GOTO_END(CAS_SSL_ERROR_CERT); SET_RET_AND_GOTO_END(CAS_SSL_ERROR_CERT);
} }
X509_free(s_cert); X509_free(s_cert);
full_request = MemAllocStringA(4096); full_request = MemAllocStringA(4096);
if (snprintf(full_request, 4096, "GET %s?ticket=%s&service=%s HTTP/1.0\n\n", s_validateURL, ticket, s_service) >= 4096) if (snprintf(full_request, 4096, "GET %s?ticket=%s&service=%s HTTP/1.0\r\n\r\ n", s_validateURL, ticket, s_service) >= 4096)
{ {
SET_RET_AND_GOTO_END(CAS_SSL_ERROR_HTTPS); SET_RET_AND_GOTO_END(CAS_SSL_ERROR_HTTPS);
} }
if (!SSL_write(ssl, full_request, (int)strlen(full_request))) if (!SSL_write(ssl, full_request, (int)strlen(full_request)))
{ {
SET_RET_AND_GOTO_END(CAS_SSL_ERROR_HTTPS); SET_RET_AND_GOTO_END(CAS_SSL_ERROR_HTTPS);
} }
total = 0; total = 0;
do do
 End of changes. 11 change blocks. 
39 lines changed or deleted 34 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)