1 /**************************************************
2 OpengateM - MAC address authentication system
3 module for Authentication by FTPS
4 (Explicit and Implicit FTP modes)
6 Copyright (C) 2006 Opengate Project Team
7 Written by Yoshiaki Watanabe
9 This program is free software; you can redistribute it and/or
10 modify it under the terms of the GNU General Public License
11 as published by the Free Software Foundation; either version 2
12 of the License, or (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 Email: watanaby@is.saga-u.ac.jp
24 **************************************************/
26 Thanks to programs and documentations refered.
27 Sample client application cli.cpp found in the OpenSSL site
28 (developed by Sampo Kellomaki and simplified by Wade Scholine)
29 Apache module mod_auth_pam.c by Ingo Luetkebohle
32 #include "opengatemmng.h"
34 /*****************************************/
35 /* Auth by FTP on SSL - Explicit Mode */
36 /*****************************************/
37 int authFtpse(char *userid, char *passwd)
40 char recvline[BUFFMAXLN];
42 char* serverAddr; /* auth server address */
43 char* port; /* auth server port */
46 const SSL_METHOD *meth;
48 /* get auth server address */
49 serverAddr=GetConfValue("AuthServer/Address");
51 if(isNull(serverAddr)){
52 err_msg("ERR at %s#%d: Missing address for FTP server in config",
57 /* get auth server port */
58 port=GetConfValue("AuthServer/Port");
60 /* FTP server connect */
62 sockfd = Tcp_connect(serverAddr, "ftp"); /* use ftp port in explicit */
64 sockfd = Tcp_connect(serverAddr, port);
67 err_msg("ERR at %s#%d: Ftpse server is not normal 0",__FILE__,__LINE__);
71 /* get [220 <host> FTP server ..]*/
72 if((n = readln(sockfd, recvline, BUFFMAXLN)) < 0) {
73 err_msg("ERR at %s#%d: Ftpse server is not normal 1",__FILE__,__LINE__);
77 if(strstr(recvline,"220")!=recvline){
78 err_msg("ERR at %s#%d: Ftpse server is not normal 2",__FILE__,__LINE__);
84 Writefmt(sockfd, "AUTH TLS\r\n");
86 /* get [234 AUTH TLS successful] */
87 if((n = readln(sockfd, recvline, BUFFMAXLN)) < 0) {
88 err_msg("ERR at %s#%d: Ftpse server is not normal 3",__FILE__,__LINE__);
92 if(strstr(recvline,"234")!=recvline){
93 err_msg("ERR at %s#%d: Ftpse server is not normal 4",__FILE__,__LINE__);
98 /* ----------------------------------------------- */
100 SSLeay_add_ssl_algorithms();
101 meth = SSLv23_client_method();
102 SSL_load_error_strings();
103 ctx = SSL_CTX_new (meth);
105 err_msg("ERR at %s#%d: SSL_CTX_new returns NULL",__FILE__,__LINE__);
109 /* ----------------------------------------------- */
110 /* start SSL negotiation. */
114 err_msg("ERR at %s#%d: SSL_new returns NULL",__FILE__,__LINE__);
118 SSL_set_fd (ssl, sockfd);
119 if( SSL_connect (ssl) == -1 ){
120 err_msg("ERR at %s#%d: SSL_connect returns error",__FILE__,__LINE__);
124 /* --------------------------------------------------- */
125 /* DATA EXCHANGE - Send a message and receive a reply. */
127 /* put [USER <userid>] */
128 WritefmtSSL(ssl, "USER %s\r\n", userid);
130 /* get [331 Password required ..] */
131 if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) < 0) {
132 err_msg("ERR at %s#%d: Ftpse server is not normal 5",__FILE__,__LINE__);
137 /* if multi-line greeting [220 ...] exist, skip them. */
138 while(strstr(recvline,"220")==recvline){
139 if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) < 0) {
140 err_msg("ERR at %s#%d: Ftpse server is not normal 6",__FILE__,__LINE__);
146 /* check [331 Password required ..] */
147 if(strstr(recvline,"331")!=recvline){
148 err_msg("ERR at %s#%d: Ftpse server is not normal 7",__FILE__,__LINE__);
153 /* put [PASS <password>] */
154 WritefmtSSL(ssl, "PASS %s\r\n", passwd);
156 /* get [230 User <userid> logged in] */
157 if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) < 0) {
158 err_msg("ERR at %s#%d: Ftpse server is not normal 8",__FILE__,__LINE__);
162 if(strstr(recvline,"230")==recvline){
169 WritefmtSSL(ssl,"quit\r\n");
172 SSL_shutdown (ssl); /* send SSL/TLS close_notify */
183 /*****************************************/
184 /* Auth by FTP on SSL - Implicit Mode */
185 /*****************************************/
186 int authFtpsi(char *userid, char *passwd)
189 char recvline[BUFFMAXLN];
191 char* serverAddr; /* auth server address */
192 char* port; /* auth server port */
195 const SSL_METHOD *meth;
197 /* get auth server address */
198 serverAddr=GetConfValue("AuthServer/Address");
200 if(isNull(serverAddr)){
201 err_msg("ERR at %s#%d: Missing address for FTP server in config",
206 /* get auth server port */
207 port=GetConfValue("AuthServer/Port");
209 /* FTP server connect */
211 sockfd = Tcp_connect(serverAddr, "ftps");
213 sockfd = Tcp_connect(serverAddr, port);
216 err_msg("ERR at %s#%d: Ftpsi server is not normal 0",__FILE__,__LINE__);
220 /* ----------------------------------------------- */
222 SSLeay_add_ssl_algorithms();
223 meth = SSLv2_client_method();
224 SSL_load_error_strings();
225 ctx = SSL_CTX_new (meth);
227 err_msg("ERR at %s#%d: SSL_CTX_new returns NULL",__FILE__,__LINE__);
231 /* ----------------------------------------------- */
232 /* start SSL negotiation. */
236 err_msg("ERR at %s#%d: SSL_new returns NULL",__FILE__,__LINE__);
240 SSL_set_fd (ssl, sockfd);
241 if( SSL_connect (ssl) == -1 ){
242 err_msg("ERR at %s#%d: SSL_connect returns error",__FILE__,__LINE__);
246 /* --------------------------------------------------- */
247 /* DATA EXCHANGE - Send a message and receive a reply. */
249 /* get [220 <host> FTP server ..]*/
250 if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) < 0) {
251 err_msg("ERR at %s#%d: Ftpsi server is not normal 1",__FILE__,__LINE__);
255 if(strstr(recvline,"220")!=recvline){
256 err_msg("ERR at %s#%d: Ftpsi server is not normal 2",__FILE__,__LINE__);
261 /* put [USER <userid>] */
262 WritefmtSSL(ssl, "USER %s\r\n", userid);
264 /* get [331 Password required ..] */
265 if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) < 0) {
266 err_msg("ERR at %s#%d: Ftpi server is not normal 3",__FILE__,__LINE__);
271 /* if multi-line greeting [220 ...] exist, skip them. */
272 while(strstr(recvline,"220")==recvline){
273 if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) < 0) {
274 err_msg("ERR at %s#%d: Ftpsi server is not normal 4",__FILE__,__LINE__);
280 /* check [331 Password required ..] */
281 if(strstr(recvline,"331")!=recvline){
282 err_msg("ERR at %s#%d: Ftpsi server is not normal 5",__FILE__,__LINE__);
287 /* put [PASS <password>] */
288 WritefmtSSL(ssl, "PASS %s\r\n", passwd);
290 /* get [230 User <userid> logged in] */
291 if((n = readlnSSL(ssl, recvline, BUFFMAXLN)) < 0) {
292 err_msg("ERR at %s#%d: Ftpsi server is not normal 6",__FILE__,__LINE__);
296 if(strstr(recvline,"230")==recvline){
303 WritefmtSSL(ssl,"quit\r\n");
306 SSL_shutdown (ssl); /* send SSL/TLS close_notify */
316 /***************************/
318 int AuthFtpse(char *userid, char *passwd)
322 if(debug>1) err_msg("DEBUG:=>authFtpse(%s,passwd)",userid);
323 ret=authFtpse(userid,passwd);
324 if(debug>1) err_msg("DEBUG:(%d)<=authFtpse( )",ret);
329 int AuthFtpsi(char *userid, char *passwd)
333 if(debug>1) err_msg("DEBUG:=>authFtpsi(%s,passwd)",userid);
334 ret=authFtpsi(userid,passwd);
335 if(debug>1) err_msg("DEBUG:(%d)<=authFtpsi( )",ret);