diff options
author | Olivier Goffart <ogoffart@woboq.com> | 2015-01-28 16:11:29 +0300 |
---|---|---|
committer | Olivier Goffart <ogoffart@woboq.com> | 2015-01-28 16:13:40 +0300 |
commit | d70e146c1fbeee8416fd7311ef2e1a0bb08afb83 (patch) | |
tree | cd3051de0353fae3a7f60befb82e20517a9c0ec3 /csync | |
parent | 3888a461f3c2f2c99b39725881ec37661ab06644 (diff) | |
parent | 989005d616bba9293835dbdd358c8781256d44d2 (diff) |
Merge remote-tracking branch 'origin/ssl_client_cert'
Conflicts:
CMakeLists.txt
csync/src/CMakeLists.txt
csync/src/csync_owncloud.c
Diffstat (limited to 'csync')
-rw-r--r-- | csync/src/CMakeLists.txt | 3 | ||||
-rw-r--r-- | csync/src/csync.h | 5 | ||||
-rw-r--r-- | csync/src/csync_owncloud.c | 51 | ||||
-rw-r--r-- | csync/src/csync_owncloud_private.h | 1 | ||||
-rw-r--r-- | csync/src/csync_private.h | 4 |
5 files changed, 62 insertions, 2 deletions
diff --git a/csync/src/CMakeLists.txt b/csync/src/CMakeLists.txt index 77b8e8726..91f23070f 100644 --- a/csync/src/CMakeLists.txt +++ b/csync/src/CMakeLists.txt @@ -68,6 +68,7 @@ if(USE_NEON) ) list(APPEND CSYNC_LINK_LIBRARIES ${NEON_LIBRARIES} + ${CRYPTO_LIBRARY} ) add_definitions(-DUSE_NEON) endif(USE_NEON) @@ -93,6 +94,8 @@ include_directories( ${CSYNC_PRIVATE_INCLUDE_DIRS} ) +FIND_LIBRARY(CRYPTO_LIBRARY NAMES crypto) + add_library(${CSYNC_LIBRARY} SHARED ${csync_SRCS}) #add_library(${CSYNC_LIBRARY}_static STATIC ${csync_SRCS}) diff --git a/csync/src/csync.h b/csync/src/csync.h index e16fd39e0..f8c58b4b2 100644 --- a/csync/src/csync.h +++ b/csync/src/csync.h @@ -46,6 +46,11 @@ extern "C" { #endif +struct csync_client_certs_s { + char *certificatePath; + char *certificatePasswd; +}; + /** * Instruction enum. In the file traversal structure, it describes * the csync state of a file. diff --git a/csync/src/csync_owncloud.c b/csync/src/csync_owncloud.c index 14b6d8822..834cec078 100644 --- a/csync/src/csync_owncloud.c +++ b/csync/src/csync_owncloud.c @@ -385,6 +385,7 @@ int dav_connect(CSYNC *csyncCtx, const char *base_url) { unsigned int port = 0; int proxystate = -1; csync_owncloud_ctx_t *ctx = csyncCtx->owncloud_context; + struct csync_client_certs_s* clientCerts = csyncCtx->clientCerts; if (ctx->_connected) { return 0; @@ -448,6 +449,29 @@ int dav_connect(CSYNC *csyncCtx, const char *base_url) { goto out; } + if(clientCerts != NULL) { + ne_ssl_client_cert *clicert; + + DEBUG_WEBDAV("dav_connect: certificatePath and certificatePasswd are set, so we use it" ); + DEBUG_WEBDAV(" with certificatePath: %s", clientCerts->certificatePath ); + DEBUG_WEBDAV(" with certificatePasswd: %s", clientCerts->certificatePasswd ); + clicert = ne_ssl_clicert_read ( clientCerts->certificatePath ); + if ( clicert == NULL ) { + DEBUG_WEBDAV ( "Error read certificate : %s", ne_get_error ( ctx->dav_session.ctx ) ); + } else { + if ( ne_ssl_clicert_encrypted ( clicert ) ) { + int rtn = ne_ssl_clicert_decrypt ( clicert, clientCerts->certificatePasswd ); + if ( !rtn ) { + DEBUG_WEBDAV ( "Certificate was deciphered successfully." ); + ne_ssl_set_clicert ( ctx->dav_session.ctx, clicert ); + } else { + DEBUG_WEBDAV ( "Errors while deciphering certificate: %s", ne_get_error ( ctx->dav_session.ctx ) ); + } + } + } + } else { + DEBUG_WEBDAV("dav_connect: error with csync_client_certs_s* clientCerts"); + } ne_ssl_trust_default_ca( ctx->dav_session.ctx ); ne_ssl_set_verify( ctx->dav_session.ctx, ssl_callback_by_neon, ctx); } @@ -478,6 +502,7 @@ out: return rc; } + char *owncloud_error_string(CSYNC* ctx) { return ctx->owncloud_context->dav_session.error_string; @@ -505,7 +530,6 @@ int owncloud_commit(CSYNC* ctx) { SAFE_FREE( ctx->owncloud_context->dav_session.pwd ); SAFE_FREE( ctx->owncloud_context->dav_session.session_key); SAFE_FREE( ctx->owncloud_context->dav_session.error_string ); - return 0; } @@ -513,6 +537,12 @@ void owncloud_destroy(CSYNC* ctx) { owncloud_commit(ctx); SAFE_FREE(ctx->owncloud_context); + + SAFE_FREE(ctx->clientCerts->certificatePasswd); + SAFE_FREE(ctx->clientCerts->certificatePath); + SAFE_FREE(ctx->clientCerts); + ctx->clientCerts = NULL; + ctx->owncloud_context = 0; ne_sock_exit(); } @@ -547,12 +577,28 @@ int owncloud_set_property(CSYNC* ctx, const char *key, void *data) { if( c_streq(key, "redirect_callback")) { if (data) { csync_owncloud_redirect_callback_t* cb_wrapper = data; - ctx->owncloud_context->dav_session.redir_callback = *cb_wrapper; } else { ctx->owncloud_context->dav_session.redir_callback = NULL; } } + if( c_streq(key, "SSLClientCerts")) { + if(ctx->clientCerts != NULL) { + SAFE_FREE(ctx->clientCerts->certificatePasswd); + SAFE_FREE(ctx->clientCerts->certificatePath); + SAFE_FREE(ctx->clientCerts); + ctx->clientCerts = NULL; + } + if (data) { + struct csync_client_certs_s* clientCerts = (struct csync_client_certs_s*) data; + struct csync_client_certs_s* newCerts = c_malloc(sizeof(struct csync_client_certs_s)); + newCerts->certificatePath = c_strdup(clientCerts->certificatePath); + newCerts->certificatePasswd = c_strdup(clientCerts->certificatePasswd); + ctx->clientCerts = newCerts; + } else { + DEBUG_WEBDAV("error: in owncloud_set_property for 'SSLClientCerts'" ); + } + } return -1; } @@ -567,3 +613,4 @@ void owncloud_init(CSYNC* ctx) { } /* vim: set ts=4 sw=4 et cindent: */ + diff --git a/csync/src/csync_owncloud_private.h b/csync/src/csync_owncloud_private.h index c74ee4e0c..03cd73a8e 100644 --- a/csync/src/csync_owncloud_private.h +++ b/csync/src/csync_owncloud_private.h @@ -96,6 +96,7 @@ struct csync_owncloud_ctx_s { int _connected; /* flag to indicate if a connection exists, ie. the dav_session is valid */ }; + typedef struct csync_owncloud_ctx_s csync_owncloud_ctx_t; //typedef csync_owncloud_ctx_t* csync_owncloud_ctx_p; diff --git a/csync/src/csync_private.h b/csync/src/csync_private.h index 6e9d42b8f..7a4e2a5eb 100644 --- a/csync/src/csync_private.h +++ b/csync/src/csync_private.h @@ -79,6 +79,7 @@ typedef struct csync_file_stat_s csync_file_stat_t; struct csync_owncloud_ctx_s; // csync_owncloud.c + /** * @brief csync public structure */ @@ -96,6 +97,9 @@ struct csync_s { } callbacks; c_strlist_t *excludes; + // needed for SSL client certificate support + struct csync_client_certs_s *clientCerts; + struct { char *file; sqlite3 *db; |