mirror of
				https://github.com/pandorafms/pandorafms.git
				synced 2025-10-25 09:34:17 +02:00 
			
		
		
		
	Merge pull request #11 from hkosaka/pandora_agent_proxy_mode_with_SSL
Pandora agent proxy mode with ssl
This commit is contained in:
		
						commit
						e8e59f3e3e
					
				| @ -171,6 +171,9 @@ my $t_proxy_socket; | |||||||
| # Proxy selected handler | # Proxy selected handler | ||||||
| my $t_proxy_select; | my $t_proxy_select; | ||||||
| 
 | 
 | ||||||
|  | # Use SSL for proxy, 1 true, 0 false | ||||||
|  | my $t_proxy_ssl = 0; | ||||||
|  | 
 | ||||||
| # Use libwrap, 1 true, 0 false | # Use libwrap, 1 true, 0 false | ||||||
| my $t_use_libwrap = 0; | my $t_use_libwrap = 0; | ||||||
| 
 | 
 | ||||||
| @ -206,11 +209,12 @@ sub print_help { | |||||||
| 	print ("\t-t time\t\tTime-out for network operations in seconds (default ${t_timeout}s).\n"); | 	print ("\t-t time\t\tTime-out for network operations in seconds (default ${t_timeout}s).\n"); | ||||||
| 	print ("\t-v\t\tBe verbose.\n"); | 	print ("\t-v\t\tBe verbose.\n"); | ||||||
| 	print ("\t-w\t\tPrompt for OpenSSL private key password.\n"); | 	print ("\t-w\t\tPrompt for OpenSSL private key password.\n"); | ||||||
| 	print ("\t-x pwd\t\tServer password.\n\n"); | 	print ("\t-x pwd\t\tServer password.\n"); | ||||||
| 	print ("\t-b proxy_ip_address\t\tProxied server address.\n\n");	 | 	print ("\t-b proxy_ip_address\tProxied server address.\n");	 | ||||||
| 	print ("\t-g proxy_port\t\tPort of proxied server.\n\n"); | 	print ("\t-g proxy_port\t\tPort of proxied server.\n"); | ||||||
|  | 	print ("\t-C\t\tEnable SSL for proxy connection without a client certificate.\n"); | ||||||
| 	print ("\t-T\t\tEnable tcpwrappers support.\n"); | 	print ("\t-T\t\tEnable tcpwrappers support.\n"); | ||||||
| 	print ("\t\t(To use this option, 'Authen::Libwrap' should be installed.)\n\n"); | 	print ("\t\t\t(To use this option, 'Authen::Libwrap' should be installed.)\n\n"); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| ################################################################################ | ################################################################################ | ||||||
| @ -256,7 +260,7 @@ sub parse_options { | |||||||
| 	my @t_addresses_tmp; | 	my @t_addresses_tmp; | ||||||
| 
 | 
 | ||||||
| 	# Get options | 	# Get options | ||||||
| 	if (getopts ('a:b:c:de:f:g:hi:k:m:op:qr:s:S:t:Tvwx:', \%opts) == 0 || defined ($opts{'h'})) { | 	if (getopts ('a:b:c:Cde:f:g:hi:k:m:op:qr:s:S:t:Tvwx:', \%opts) == 0 || defined ($opts{'h'})) { | ||||||
| 		print_help (); | 		print_help (); | ||||||
| 		exit 1; | 		exit 1; | ||||||
| 	} | 	} | ||||||
| @ -444,6 +448,15 @@ sub parse_options { | |||||||
| 		} | 		} | ||||||
| 	}	 | 	}	 | ||||||
| 
 | 
 | ||||||
|  | 	# Enable SSL without a client certificate | ||||||
|  | 	if (defined ($opts{'C'})) { | ||||||
|  | 
 | ||||||
|  | 		require IO::Socket::SSL; | ||||||
|  | 
 | ||||||
|  | 		$t_proxy_ssl = 1; | ||||||
|  | 	}  | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
| 	# TCP wrappers support | 	# TCP wrappers support | ||||||
| 	if (defined ($opts{'T'})) { | 	if (defined ($opts{'T'})) { | ||||||
| 		if ($t_libwrap_installed) { | 		if ($t_libwrap_installed) { | ||||||
| @ -658,6 +671,30 @@ sub start_ssl { | |||||||
| 	print_log ("SSL started for " . $t_client_socket->sockhost ()); | 	print_log ("SSL started for " . $t_client_socket->sockhost ()); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | ################################################################################ | ||||||
|  | ## SUB start_proxy_ssl | ||||||
|  | ## Convert the proxy socket to an IO::Socket::SSL socket. | ||||||
|  | ################################################################################ | ||||||
|  | sub start_proxy_ssl { | ||||||
|  | 	my $err; | ||||||
|  | 
 | ||||||
|  | 	if ($t_proxy_ssl != 1) { | ||||||
|  | 		return; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	IO::Socket::SSL->start_SSL ( | ||||||
|  | 		$t_proxy_socket, | ||||||
|  | 		SSL_verify_mode => 0x00, | ||||||
|  | 	); | ||||||
|  | 
 | ||||||
|  | 	$err = IO::Socket::SSL::errstr (); | ||||||
|  | 	if ($err ne '') { | ||||||
|  | 		error ($err); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	print_log ("proxy SSL started for " . $t_proxy_socket->sockhost ()); | ||||||
|  | } | ||||||
|  | 
 | ||||||
| ################################################################################ | ################################################################################ | ||||||
| ## SUB accept_connections | ## SUB accept_connections | ||||||
| ## Manage incoming connections. | ## Manage incoming connections. | ||||||
| @ -750,6 +787,11 @@ sub serve_proxy_connection { | |||||||
| 	# Start a connection with the other Tentacle Server | 	# Start a connection with the other Tentacle Server | ||||||
| 	open_proxy();		 | 	open_proxy();		 | ||||||
| 
 | 
 | ||||||
|  | 	# Start SSL for proxy | ||||||
|  | 	if ($t_proxy_ssl == 1) { | ||||||
|  | 		start_proxy_ssl(); | ||||||
|  | 	} | ||||||
|  | 	 | ||||||
| 	my $command; | 	my $command; | ||||||
| 
 | 
 | ||||||
| 	# Read commands | 	# Read commands | ||||||
| @ -1582,6 +1624,14 @@ __END__ | |||||||
| 
 | 
 | ||||||
| =item	I<-x> pwd		B<Server password>. | =item	I<-x> pwd		B<Server password>. | ||||||
| 
 | 
 | ||||||
|  | =item	I<-b proxy_ip_address>	B<Proxied server> address. | ||||||
|  | 
 | ||||||
|  | =item	I<-g proxy_port>	B<Port> of proxied server. | ||||||
|  | 
 | ||||||
|  | =item	I<-C>			Enable SSL for proxy without a client certificate. | ||||||
|  | 
 | ||||||
|  | =item	I<-T>			Enable tcpwrappers support ('Authen::Libwrap' required). | ||||||
|  | 
 | ||||||
| =back | =back | ||||||
| 
 | 
 | ||||||
| =head1 EXIT STATUS | =head1 EXIT STATUS | ||||||
|  | |||||||
| @ -322,7 +322,7 @@ Pandora_Windows_Service::killTentacleProxy() { | |||||||
| 
 | 
 | ||||||
| int  | int  | ||||||
| Pandora_Windows_Service::launchTentacleProxy() { | Pandora_Windows_Service::launchTentacleProxy() { | ||||||
| 	string server_ip, server_port, proxy_max_connections, proxy_timeout; | 	string server_ip, server_port, proxy_max_connections, proxy_timeout, server_ssl; | ||||||
| 	string proxy_cmd; | 	string proxy_cmd; | ||||||
| 	PROCESS_INFORMATION pi; | 	PROCESS_INFORMATION pi; | ||||||
| 	STARTUPINFO         si;	 | 	STARTUPINFO         si;	 | ||||||
| @ -331,6 +331,7 @@ Pandora_Windows_Service::launchTentacleProxy() { | |||||||
| 	server_ip = conf->getValue("server_ip"); | 	server_ip = conf->getValue("server_ip"); | ||||||
| 	 | 	 | ||||||
| 	if (server_ip != "localhost") { | 	if (server_ip != "localhost") { | ||||||
|  | 
 | ||||||
| 		proxy_max_connections = conf->getValue("proxy_max_connection"); | 		proxy_max_connections = conf->getValue("proxy_max_connection"); | ||||||
| 
 | 
 | ||||||
| 		if (proxy_max_connections == "") { | 		if (proxy_max_connections == "") { | ||||||
| @ -349,7 +350,16 @@ Pandora_Windows_Service::launchTentacleProxy() { | |||||||
| 			server_port = "41121"; | 			server_port = "41121"; | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		proxy_cmd = "tentacle_server.exe -b " + server_ip + " -g " + server_port + " -c " + proxy_max_connections + " -t " + proxy_timeout;		 | 		server_ssl = conf->getValue("server_ssl"); | ||||||
|  | 
 | ||||||
|  | 		if (server_ssl == "1") { | ||||||
|  | 			proxy_cmd = "tentacle_server.exe -C"; | ||||||
|  | 		} | ||||||
|  | 		else { | ||||||
|  | 			proxy_cmd = "tentacle_server.exe"; | ||||||
|  | 		} | ||||||
|  | 
 | ||||||
|  | 		proxy_cmd += " -b " + server_ip + " -g " + server_port + " -c " + proxy_max_connections + " -t " + proxy_timeout; | ||||||
| 
 | 
 | ||||||
| 		ZeroMemory (&si, sizeof (si)); | 		ZeroMemory (&si, sizeof (si)); | ||||||
| 		ZeroMemory (&pi, sizeof (pi)); | 		ZeroMemory (&pi, sizeof (pi)); | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user