diff -p -up partimage-0.6.7/src/server/netserver.cpp.nossl partimage-0.6.7/src/server/netserver.cpp --- partimage-0.6.7/src/server/netserver.cpp.nossl 2008-02-03 22:57:53.000000000 +0100 +++ partimage-0.6.7/src/server/netserver.cpp 2008-06-10 21:00:05.000000000 +0200 @@ -23,6 +23,7 @@ #include "exceptions.h" extern bool g_bMustLogin; +extern bool g_bUseSSL; // ================================================ CNetServer::CNetServer(unsigned short int port):CNet() @@ -34,33 +35,36 @@ CNetServer::CNetServer(unsigned short in #ifdef HAVE_SSL ctx = NULL; - SSL_load_error_strings(); - SSLeay_add_ssl_algorithms(); - meth = SSLv23_server_method(); - ctx = SSL_CTX_new(meth); - if (!ctx) + if (g_bUseSSL) { - ERR_print_errors_fp(stderr); - THROW(ERR_SSL_CTX); - } - - if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) - { - ERR_print_errors_fp(stderr); - THROW(ERR_SSL_LOADCERT); - } - - if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) - { - ERR_print_errors_fp(stderr); - THROW(ERR_SSL_LOADKEY); - } - - if (!SSL_CTX_check_private_key(ctx)) - { - fprintf(stderr, - "private key does not match the certificate public key\n"); - THROW(ERR_SSL_PRIVKEY); + SSL_load_error_strings(); + SSLeay_add_ssl_algorithms(); + meth = SSLv23_server_method(); + ctx = SSL_CTX_new(meth); + if (!ctx) + { + ERR_print_errors_fp(stderr); + THROW(ERR_SSL_CTX); + } + + if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) + { + ERR_print_errors_fp(stderr); + THROW(ERR_SSL_LOADCERT); + } + + if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) + { + ERR_print_errors_fp(stderr); + THROW(ERR_SSL_LOADKEY); + } + + if (!SSL_CTX_check_private_key(ctx)) + { + fprintf(stderr, + "private key does not match the certificate public key\n"); + THROW(ERR_SSL_PRIVKEY); + } } #endif @@ -118,6 +122,8 @@ unsigned int CNetServer::AcceptClient() char * szClientBanner = (char *) malloc(BANNER_SIZE+1); char * pos; int n; + bool bMustLogin; + bool bUseSSL; BEGIN; @@ -133,13 +139,16 @@ unsigned int CNetServer::AcceptClient() Clients->Set(client, sock); #ifdef MUST_LOGIN - if (g_bMustLogin) - szBanner = Banner(true, true); - else - szBanner = Banner(true, false); + bMustLogin = g_bMustLogin; #else - szBanner = Banner(true, false); + bMustLogin = false; #endif +#ifdef HAVE_SSL + bUseSSL = g_bUseSSL; +#else + bUseSSL = false; +#endif + szBanner = Banner(bUseSSL, bMustLogin); showDebug(1, "Banner: %s\n", szBanner); Send(client, szBanner, BANNER_SIZE+1); // preserve endding \0 @@ -186,17 +195,25 @@ unsigned int CNetServer::AcceptClient() #ifdef HAVE_SSL SSL * ssl; - showDebug(3, "switching to SSL\n"); - - ssl = SSL_new (ctx); - - SSL_set_fd(ssl, sock); - err = SSL_accept(ssl); - if (err == -1) + if (g_bUseSSL) + { + showDebug(3, "switching to SSL\n"); + + ssl = SSL_new (ctx); + + SSL_set_fd(ssl, sock); + err = SSL_accept(ssl); + if (err == -1) + { + showDebug(2, "error for client %d: %s\n", client, + ERR_error_string(ERR_peek_error(), NULL)); + SSL_free(ssl); + ssl = NULL; + } + } + else { - showDebug(2, "error for client %d: %s\n", client, - ERR_error_string(ERR_peek_error(), NULL)); - SSL_free(ssl); + showDebug(3, "SSL not used\n"); ssl = NULL; } #else diff -p -up partimage-0.6.7/src/server/partimaged-gui_newt.cpp.nossl partimage-0.6.7/src/server/partimaged-gui_newt.cpp --- partimage-0.6.7/src/server/partimaged-gui_newt.cpp.nossl 2008-06-10 20:59:56.000000000 +0200 +++ partimage-0.6.7/src/server/partimaged-gui_newt.cpp 2008-06-10 20:59:56.000000000 +0200 @@ -31,6 +31,7 @@ #include <slang/slang.h> extern bool g_bMustLogin; +extern bool g_bUseSSL; // ============================================================================= CPartimagedInterfaceNewt::CPartimagedInterfaceNewt() @@ -53,23 +54,19 @@ CPartimagedInterfaceNewt::CPartimagedInt #ifdef MUST_LOGIN if (g_bMustLogin) #ifdef HAVE_SSL - snprintf(szAux, 255, "%s %s LOGIN+SSL", i18n("Partimaged"), PACKAGE_VERSION); - #else - snprintf(szAux, 255, "%s %s LOGIN+NOSSL", i18n("Partimaged"), PACKAGE_VERSION); + if (g_bUseSSL) + snprintf(szAux, 255, "%s %s LOGIN+SSL", i18n("Partimaged"), PACKAGE_VERSION); + else #endif + snprintf(szAux, 255, "%s %s LOGIN+NOSSL", i18n("Partimaged"), PACKAGE_VERSION); else +#endif #ifdef HAVE_SSL - snprintf(szAux, 255, "%s %s NOLOGIN+SSL", i18n("Partimaged"), PACKAGE_VERSION); - #else - snprintf(szAux, 255, "%s %s NOLOGIN+NOSSL", i18n("Partimaged"), PACKAGE_VERSION); - #endif -#else - #ifdef HAVE_SSL - snprintf(szAux, 255, "%s %s NOLOGIN+SSL", i18n("Partimaged"), PACKAGE_VERSION); - #else - snprintf(szAux, 255, "%s %s NOLOGIN+NOSSL", i18n("Partimaged"), PACKAGE_VERSION); + if (g_bUseSSL) + snprintf(szAux, 255, "%s %s NOLOGIN+SSL", i18n("Partimaged"), PACKAGE_VERSION); + else #endif -#endif + snprintf(szAux, 255, "%s %s NOLOGIN+NOSSL", i18n("Partimaged"), PACKAGE_VERSION); *(szAux+255) = '\0'; newtCenteredWindow(73, 20, szAux); diff -p -up partimage-0.6.7/src/server/partimaged-main.cpp.nossl partimage-0.6.7/src/server/partimaged-main.cpp --- partimage-0.6.7/src/server/partimaged-main.cpp.nossl 2008-06-10 20:59:56.000000000 +0200 +++ partimage-0.6.7/src/server/partimaged-main.cpp 2008-06-10 20:59:56.000000000 +0200 @@ -58,6 +58,7 @@ bool g_bBeDaemon; CNetServer * g_Server; CPartimagedInterface * g_Window; bool g_bMustLogin; +bool g_bUseSSL; extern char * optarg; extern int optind; @@ -76,11 +77,12 @@ static struct option const long_options[ {"chroot", required_argument, NULL, 'r'}, {"debug", required_argument, NULL, 'g'}, {"nologin", no_argument, NULL, 'L'}, + {"nossl", no_argument, NULL, 'n'}, {NULL, 0, NULL, 0} }; #endif //HAVE_GETOPT_H -static char optstring[]="ip:hvDd:r:g:L"; +static char optstring[]="ip:hvDd:r:g:Ln"; bool g_bSigKill = false; bool g_bSigInt = false; @@ -135,7 +137,8 @@ void Usage() "* -i, --compilinfo show compilation options used\n" "* -r dir, --chroot dir use chroot to improve security\n" "* -g, --debug=X set the debug level to X (default: 1)\n" - "* -L, --nologin disable login from clients\n"), + "* -L, --nologin disable login from clients\n" + "* -n, --nossl disable SSL\n"), PACKAGE_VERSION, SERVER_LISTEN_PORT); printf ("=======================================================" "========================\n"); @@ -211,6 +214,7 @@ int main(int argc, char *argv[]) g_nDebugThreadMain = getpid(); g_bBeDaemon = false; g_bMustLogin = true; + g_bUseSSL = true; pthread_t threads[MAX_CLIENTS]; @@ -263,6 +267,12 @@ int main(int argc, char *argv[]) case 'L': // no login g_bMustLogin = false; + break; + + case 'n': // no SSL + g_bUseSSL = false; + break; + default: break; } @@ -313,9 +323,12 @@ int main(int argc, char *argv[]) } #endif #ifdef HAVE_SSL - if ( CheckAccessFile(KEYF) || CheckAccessFile(CERTF) ) - { - exit(1); + if (g_bUseSSL) + { + if ( CheckAccessFile(KEYF) || CheckAccessFile(CERTF) ) + { + exit(1); + } } #endif