--- /dev/null
+/*
+** Copyright (C) 2006 Thadeu Lima de Souza Cascardo <cascardo@minaslivre.org>
+** Copyright (C) 2009 Thadeu Lima de Souza Cascardo <cascardo@minaslivre.org>
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License as published by
+** the Free Software Foundation; either version 2 of the License, or
+** (at your option) any later version.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software
+** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+**
+*/
+
+#include <glib.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <gnutls/gnutls.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <signal.h>
+#include "log.h"
+
+#include "hcconn.h"
+#include "hcconn_ssl.h"
+#include "tcp_connect.h"
+
+#include "usermap.h"
+
+#define CONFFILE SYSCONFDIR "/rnetproxy.conf"
+
+struct rnet_address
+{
+ char *server;
+ char *port;
+ int ssl;
+ char *priority;
+};
+
+static HCConn *
+server_conn_new (char *server, char *port, int ssl)
+{
+ int fd;
+ HCConn *conn;
+ HCConn *ssl_conn;
+ int r;
+ fd = hc_tcp_connect (server, port);
+ if (fd < 0)
+ {
+ g_warning ("Could not connect to server at %s:%s.", server, port);
+ return NULL;
+ }
+ conn = hc_conn_new (NULL, NULL);
+ r = hc_conn_set_driver_channel (conn, fd);
+ if (r != 0)
+ {
+ hc_conn_close (conn);
+ close (fd);
+ return NULL;
+ }
+ if (!ssl)
+ return conn;
+ ssl_conn = hc_conn_new (NULL, NULL);
+ r = hc_conn_set_driver_ssl_client (ssl_conn, conn);
+ if (r != 0)
+ {
+ hc_conn_close (ssl_conn);
+ hc_conn_close (conn);
+ return NULL;
+ }
+ return ssl_conn;
+}
+
+static HCConn *
+client_conn_new (int fd, struct rnet_address *address)
+{
+ HCConn *conn;
+ HCConn *ssl_conn;
+ HCConn *rnet_conn;
+ int r;
+ conn = hc_conn_new (NULL, NULL);
+ r = hc_conn_set_driver_channel (conn, fd);
+ if (r != 0)
+ {
+ hc_conn_close (conn);
+ close (fd);
+ return NULL;
+ }
+
+ ssl_conn = hc_conn_new (NULL, NULL);
+ hc_conn_set_driver_ssl_server (ssl_conn, conn);
+ if (address && address->priority)
+ hc_conn_ssl_server_set_priority (ssl_conn, address->priority);
+
+ if (r != 0)
+ {
+ hc_conn_close (ssl_conn);
+ hc_conn_close (conn);
+ return NULL;
+ }
+ rnet_conn = hc_conn_new (NULL, NULL);
+ r = hc_conn_set_driver_rnet (rnet_conn, ssl_conn);
+ if (r != 0)
+ {
+ hc_conn_close (rnet_conn);
+ hc_conn_close (ssl_conn);
+ return NULL;
+ }
+ return rnet_conn;
+}
+
+static void
+push_other (HCConn *conn, HCEvent event, gpointer data)
+{
+ char buffer[4096];
+ int r;
+ switch (event)
+ {
+ case HC_EVENT_READ:
+ while ((r = hc_conn_read (conn, buffer, sizeof (buffer))) > 0)
+ hc_conn_write (data, buffer, r);
+ break;
+ case HC_EVENT_CLOSE:
+ hc_conn_close (conn);
+ hc_conn_close (data);
+ break;
+ }
+}
+
+static void
+ssl_connected (HCConn *client_conn, HCEvent event, gpointer data)
+{
+ struct rnet_address *address = data;
+ HCConn *server_conn;
+ if (event != HC_EVENT_CONNECT)
+ {
+ g_debug ("Did not get connect event when trying to handshake:"
+ " got %d", event);
+ hc_conn_close (client_conn);
+ return;
+ }
+ server_conn = server_conn_new (address->server, address->port,
+ address->ssl);
+ if (server_conn == NULL)
+ {
+ g_debug ("Failure to create connection to server.");
+ hc_conn_close (client_conn);
+ return;
+ }
+ hc_conn_set_callback (client_conn, push_other, server_conn);
+ hc_conn_set_callback (server_conn, push_other, client_conn);
+}
+
+static void
+new_client (int fd, struct sockaddr *addr, socklen_t saddr, gpointer data)
+{
+ HCConn *client_conn;
+ struct rnet_address *address = data;
+ if (fd < 0)
+ {
+ g_critical ("Server has received an error event.");
+ return;
+ }
+
+ /* FIXME: Should be independent of address type. */
+ g_message ("Received connection from %s.",
+ inet_ntoa (((struct sockaddr_in *) addr)->sin_addr));
+
+ client_conn = client_conn_new (fd, address);
+ if (client_conn == NULL)
+ {
+ return;
+ }
+
+ hc_conn_set_callback (client_conn, ssl_connected, address);
+
+}
+
+static gchar *configfile;
+static gboolean foreground;
+
+static GOptionEntry opt_entries[] =
+ {
+ { "config-file", 'c', 0, G_OPTION_ARG_FILENAME, &configfile,
+ "Configuration file location", "file" },
+ { "foreground", 'f', 0, G_OPTION_ARG_NONE, &foreground,
+ "Run in foreground", 0 },
+ { NULL }
+ };
+
+int main (int argc, char **argv)
+{
+
+ GOptionContext *opt_ctx;
+ GKeyFile *keyfile;
+ GError *error;
+ int server_fd;
+ gchar *conf_address;
+ gchar *port;
+ gchar *server_address;
+ gchar *server_port;
+ int server_ssl;
+ gchar *server_priority;
+ gchar *certfile;
+ gchar *ssl_keyfile;
+ gchar *policy;
+ struct rnet_address rnet_address;
+
+ signal (SIGPIPE, SIG_IGN);
+
+ gnutls_global_init ();
+
+ configfile = CONFFILE;
+ opt_ctx = g_option_context_new ("");
+ g_option_context_add_main_entries (opt_ctx, opt_entries, NULL);
+
+ error = NULL;
+ if (!g_option_context_parse (opt_ctx, &argc, &argv, &error))
+ {
+ g_critical ("Could not parse command line options: %s.",
+ error->message);
+ g_error_free (error);
+ exit (1);
+ }
+ g_option_context_free (opt_ctx);
+
+ keyfile = g_key_file_new ();
+
+ error = NULL;
+ if (g_key_file_load_from_file (keyfile, configfile,
+ G_KEY_FILE_NONE, &error) == FALSE)
+ {
+ g_critical ("Could not load configuration file %s: %s.",
+ configfile, error->message);
+ g_error_free (error);
+ exit (1);
+ }
+
+ error = NULL;
+ certfile = g_key_file_get_string (keyfile, "global", "certfile",
+ &error);
+ if (certfile == NULL && error != NULL)
+ {
+ g_critical ("No certification file specified: %s.",
+ error->message);
+ g_error_free (error);
+ exit (1);
+ }
+ error = NULL;
+ ssl_keyfile = g_key_file_get_string (keyfile, "global", "keyfile",
+ &error);
+ if (ssl_keyfile == NULL && error != NULL)
+ {
+ ssl_keyfile = g_strdup (certfile);
+ g_error_free (error);
+ }
+
+
+ error = NULL;
+ conf_address = g_key_file_get_string (keyfile, "global", "address",
+ &error);
+ if (conf_address == NULL && error != NULL)
+ {
+ conf_address = g_strdup ("0.0.0.0");
+ g_error_free (error);
+ }
+ error = NULL;
+ port = g_key_file_get_string (keyfile, "global", "port", &error);
+ if (port == NULL && error != NULL)
+ {
+ port = g_strdup ("110");
+ g_error_free (error);
+ }
+ error = NULL;
+ server_address = g_key_file_get_string (keyfile, "global", "server",
+ &error);
+ if (server_address == NULL && error != NULL)
+ {
+ server_address = g_strdup ("127.0.0.1");
+ g_error_free (error);
+ }
+ error = NULL;
+ server_port = g_key_file_get_string (keyfile, "global", "server_port",
+ &error);
+ if (server_port == NULL && error != NULL)
+ {
+ server_port = g_strdup ("995");
+ g_error_free (error);
+ }
+ error = NULL;
+ server_ssl = g_key_file_get_boolean (keyfile, "global", "server_ssl",
+ &error);
+ if (server_ssl == 0 && error != NULL)
+ {
+ server_ssl = 0;
+ g_error_free (error);
+ }
+ error = NULL;
+ server_priority = g_key_file_get_string (keyfile, "global", "priority",
+ &error);
+ if (server_priority == NULL && error != NULL)
+ {
+ server_priority = g_strdup ("NORMAL");
+ g_error_free (error);
+ }
+
+ error = NULL;
+ policy = g_key_file_get_string (keyfile, "global", "policy",
+ &error);
+ if (policy == NULL && error != NULL)
+ {
+ policy = g_strdup ("deny");
+ g_error_free (error);
+ }
+
+ if (!strcmp (policy, "allow"))
+ ACCESS_DEFAULT = ACCESS_ALLOW;
+ g_free (policy);
+
+
+ rnet_address.server = server_address;
+ rnet_address.port = server_port;
+ rnet_address.ssl = server_ssl;
+ rnet_address.priority = server_priority;
+
+ server_fd = hc_tcp_server (port);
+ if (server_fd < 0)
+ {
+ g_critical ("Could not create server.");
+ exit (1);
+ }
+ hc_server_add_watch (server_fd, new_client, &rnet_address);
+
+ rnet_log_init ();
+
+ g_message ("Listening at %s:%s.", conf_address, port);
+ if (ACCESS_DEFAULT == ACCESS_ALLOW)
+ g_message ("Authorizing users by default.");
+
+ if (!foreground)
+ daemon (0, 0);
+
+ g_free (conf_address);
+ g_free (port);
+
+ hc_conn_ssl_server_init_credentials (certfile, ssl_keyfile);
+
+ g_free (certfile);
+ g_free (ssl_keyfile);
+
+ g_main_loop_run (g_main_loop_new (g_main_context_default (), TRUE));
+
+ gnutls_global_deinit ();
+
+ g_free (server_address);
+ g_free (server_port);
+
+ return 0;
+
+}