From a2ffbdfd1c7948d341a316d153896cfc772955ce Mon Sep 17 00:00:00 2001 From: Vincent Sanders Date: Sun, 4 Nov 2018 10:35:49 +0000 Subject: [PATCH] add certificate window handling --- docs/using-monkey.md | 22 +++++++- frontends/monkey/cert.c | 114 +++++++++++++++++++++++++++++++++++----- frontends/monkey/cert.h | 7 ++- frontends/monkey/main.c | 6 +++ 4 files changed, 133 insertions(+), 16 deletions(-) diff --git a/docs/using-monkey.md b/docs/using-monkey.md index b9155746a..045bc2ccc 100644 --- a/docs/using-monkey.md +++ b/docs/using-monkey.md @@ -147,6 +147,21 @@ Commands This will send a `DESTROY` message back. +### SSL certificate commands + +* `SSLCERT GO` _%id%_ + + Cause a ssl certificate to be accepted and fetch to proceed. + + This will send a `DESTROY` message back. + +* `SSLCERT DESTROY` _%id%_ + + Cause a ssl certificate to be rejected and fetch to fail + + This will send a `DESTROY` message back. + + Responses --------- @@ -353,11 +368,14 @@ Responses The core asked Monkey to say whether or not a given SSL certificate is OK. -> TODO: Implement the rest of the SSL certificat verification behaviour +* `LOGIN DESTROY CWIN` _%id%_ + + The given certificate window has been destroyed and should no longer be sent + commands otherwise undefined behaviour may ensue. ### 401 Login messages -* `LOGIN OPEN LWIN` _%id%_ `URL` _%url%_ USER _%str%_ PASSWD _%str%_ `REALM` _%str%_ +* `LOGIN OPEN LWIN` _%id%_ `URL` _%url%_ The core asked Monkey to ask for identification for the given URL. diff --git a/frontends/monkey/cert.c b/frontends/monkey/cert.c index 0827ff064..ddcd1137c 100644 --- a/frontends/monkey/cert.c +++ b/frontends/monkey/cert.c @@ -18,22 +18,24 @@ #include #include +#include #include "utils/ring.h" #include "utils/nsurl.h" +#include "content/urldb.h" #include "monkey/output.h" #include "monkey/cert.h" -typedef struct monkey_cert { +struct monkey_cert { struct monkey_cert *r_next, *r_prev; uint32_t num; - char *host; /* Ignore */ nserror (*cb)(bool,void*); - void *pw; -} monkey_cert_t; + void *cbpw; + nsurl *url; +}; -static monkey_cert_t *cert_ring = NULL; +static struct monkey_cert *cert_ring = NULL; static uint32_t cert_ctr = 0; nserror @@ -42,18 +44,106 @@ gui_cert_verify(nsurl *url, unsigned long num, nserror (*cb)(bool proceed, void *pw), void *cbpw) { - monkey_cert_t *m4t = calloc(sizeof(*m4t), 1); - if (m4t == NULL) { + struct monkey_cert *mcrt_ctx; + + mcrt_ctx = calloc(sizeof(*mcrt_ctx), 1); + if (mcrt_ctx == NULL) { return NSERROR_NOMEM; } - m4t->cb = cb; - m4t->pw = cbpw; - m4t->num = cert_ctr++; - RING_INSERT(cert_ring, m4t); + mcrt_ctx->cb = cb; + mcrt_ctx->cbpw = cbpw; + mcrt_ctx->num = cert_ctr++; + mcrt_ctx->url = nsurl_ref(url); + + RING_INSERT(cert_ring, mcrt_ctx); moutf(MOUT_SSLCERT, "VERIFY CWIN %u URL %s", - m4t->num, nsurl_access(url)); + mcrt_ctx->num, nsurl_access(url)); return NSERROR_OK; } + + +static struct monkey_cert * +monkey_find_sslcert_by_num(uint32_t sslcert_num) +{ + struct monkey_cert *ret = NULL; + + RING_ITERATE_START(struct monkey_cert, cert_ring, c_ring) { + if (c_ring->num == sslcert_num) { + ret = c_ring; + RING_ITERATE_STOP(cert_ring, c_ring); + } + } RING_ITERATE_END(cert_ring, c_ring); + + return ret; +} + +static void free_sslcert_context(struct monkey_cert *mcrt_ctx) { + moutf(MOUT_SSLCERT, "DESTROY CWIN %u", mcrt_ctx->num); + RING_REMOVE(cert_ring, mcrt_ctx); + if (mcrt_ctx->url) { + nsurl_unref(mcrt_ctx->url); + } + free(mcrt_ctx); +} + +static void +monkey_sslcert_handle_go(int argc, char **argv) +{ + struct monkey_cert *mcrt_ctx; + + if (argc != 3) { + moutf(MOUT_ERROR, "SSLCERT GO ARGS BAD"); + return; + } + + mcrt_ctx = monkey_find_sslcert_by_num(atoi(argv[2])); + if (mcrt_ctx == NULL) { + moutf(MOUT_ERROR, "SSLCERT NUM BAD"); + return; + } + + urldb_set_cert_permissions(mcrt_ctx->url, true); + + mcrt_ctx->cb(true, mcrt_ctx->cbpw); + + free_sslcert_context(mcrt_ctx); +} + +static void +monkey_sslcert_handle_destroy(int argc, char **argv) +{ + struct monkey_cert *mcrt_ctx; + + if (argc != 3) { + moutf(MOUT_ERROR, "SSLCERT DESTROY ARGS BAD"); + return; + } + + mcrt_ctx = monkey_find_sslcert_by_num(atoi(argv[2])); + if (mcrt_ctx == NULL) { + moutf(MOUT_ERROR, "SSLCERT NUM BAD"); + return; + } + + mcrt_ctx->cb(false, mcrt_ctx->cbpw); + + free_sslcert_context(mcrt_ctx); +} + +void +monkey_sslcert_handle_command(int argc, char **argv) +{ + if (argc == 1) + return; + + if (strcmp(argv[1], "DESTROY") == 0) { + monkey_sslcert_handle_destroy(argc, argv); + } else if (strcmp(argv[1], "GO") == 0) { + monkey_sslcert_handle_go(argc, argv); + } else { + moutf(MOUT_ERROR, "SSLCERT COMMAND UNKNOWN %s", argv[1]); + } +} diff --git a/frontends/monkey/cert.h b/frontends/monkey/cert.h index 4470e2e72..56feea782 100644 --- a/frontends/monkey/cert.h +++ b/frontends/monkey/cert.h @@ -16,8 +16,8 @@ * along with this program. If not, see . */ -#ifndef _NETSURF_MONKEY_CERT_H_ -#define _NETSURF_MONKEY_CERT_H_ +#ifndef NETSURF_MONKEY_CERT_H +#define NETSURF_MONKEY_CERT_H struct ssl_cert_info; @@ -25,4 +25,7 @@ nserror gui_cert_verify(nsurl *url, const struct ssl_cert_info *certs, unsigned long num, nserror (*cb)(bool proceed, void *pw), void *cbpw); + +void monkey_sslcert_handle_command(int argc, char **argv); + #endif diff --git a/frontends/monkey/main.c b/frontends/monkey/main.c index 4fdc5ebc2..87a486d33 100644 --- a/frontends/monkey/main.c +++ b/frontends/monkey/main.c @@ -398,6 +398,12 @@ main(int argc, char **argv) die("login handler failed to register"); } + ret = monkey_register_handler("SSLCERT", monkey_sslcert_handle_command); + if (ret != NSERROR_OK) { + die("sslcert handler failed to register"); + } + + moutf(MOUT_GENERIC, "STARTED"); monkey_run();