5587580523

Committed 18 Jul 2023 12:45PM UTC coverage: 91.72% (+0.03%) from 91.691%

Build # 5587580523

Build Type

Pull #3618

github

Committed by

web-flow

Commit Message

Merge b6d23d19e into 65b754862

Pull Request Pull Request #3618: [TLS 1.3] PSK Support

Run Details

78438 of 85519 relevant lines covered (91.72%)

12184016.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

69.75

/src/cli/tls_server.cpp

/*
* TLS echo server using BSD sockets
* (C) 2014 Jack Lloyd
*     2017 René Korthaus, Rohde & Schwarz Cybersecurity
*     2023 René Meusel, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "cli.h"
#include "sandbox.h"

#if defined(BOTAN_TARGET_OS_HAS_SOCKETS)
   #include <sys/socket.h>
#endif

#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) && defined(BOTAN_TARGET_OS_HAS_SOCKETS)

   #if defined(SO_MARK) || defined(SO_USER_COOKIE) || defined(SO_RTABLE)
      #if defined(SO_MARK)
         #define BOTAN_SO_SOCKETID SO_MARK
      #elif defined(SO_USER_COOKIE)
         #define BOTAN_SO_SOCKETID SO_USER_COOKIE
      #else
         #define BOTAN_SO_SOCKETID SO_RTABLE
      #endif
   #endif

   #include <botan/hex.h>
   #include <botan/mem_ops.h>
   #include <botan/tls_callbacks.h>
   #include <botan/tls_policy.h>
   #include <botan/tls_server.h>
   #include <botan/tls_session_manager_memory.h>
   #include <botan/internal/os_utils.h>

   #include <fstream>
   #include <list>
   #include <memory>

   #include "socket_utils.h"
   #include "tls_helpers.h"

namespace Botan_CLI {

class TLS_Server;

namespace {

class Callbacks : public Botan::TLS::Callbacks {
   public:
      Callbacks(TLS_Server& server_command) : m_server_command(server_command) {}

      std::ostream& output();
      void send(std::span<const uint8_t> buffer);
      void push_pending_output(std::string line);

      void tls_session_established(const Botan::TLS::Session_Summary& session) override {
         output() << "Handshake complete, " << session.version().to_string() << " using "
                  << session.ciphersuite().to_string();

         if(const auto& psk = session.external_psk_identity()) {
            output() << " (utilized PSK identity: " << maybe_hex_encode(psk.value()) << ")";
         }

         output() << std::endl;

         if(const auto& session_id = session.session_id(); !session_id.empty()) {
            output() << "Session ID " << Botan::hex_encode(session_id.get()) << std::endl;
         }

         if(const auto& session_ticket = session.session_ticket()) {
            output() << "Session ticket " << Botan::hex_encode(session_ticket->get()) << std::endl;
         }
      }

      void tls_record_received(uint64_t /*seq_no*/, std::span<const uint8_t> input) override {
         for(size_t i = 0; i != input.size(); ++i) {
            const char c = static_cast<char>(input[i]);
            m_line_buf += c;
            if(c == '\n') {
               push_pending_output(std::exchange(m_line_buf, {}));
            }
         }
      }

      void tls_emit_data(std::span<const uint8_t> buf) override { send(buf); }

      void tls_alert(Botan::TLS::Alert alert) override { output() << "Alert: " << alert.type_string() << std::endl; }

      std::string tls_server_choose_app_protocol(const std::vector<std::string>& /*client_protos*/) override {
         // we ignore whatever the client sends here
         return "echo/0.1";
      }

   private:
      TLS_Server& m_server_command;
      std::string m_line_buf;
};

}  // namespace

class TLS_Server final : public Command {
   public:
   #if defined(BOTAN_SO_SOCKETID)
      TLS_Server() :
            Command(
               "tls_server cert key --port=443 --psk= --psk-identity= --psk-prf=SHA-256 --type=tcp --policy=default --dump-traces= --max-clients=0 --socket-id=0")
   #else
      TLS_Server() :
            Command(
               "tls_server cert key --port=443 --psk= --psk-identity= --psk-prf=SHA-256 --type=tcp --policy=default --dump-traces= --max-clients=0")
   #endif
      {
         init_sockets();
      }

      ~TLS_Server() override { stop_sockets(); }

      TLS_Server(const TLS_Server& other) = delete;
      TLS_Server(TLS_Server&& other) = delete;
      TLS_Server& operator=(const TLS_Server& other) = delete;
      TLS_Server& operator=(TLS_Server&& other) = delete;

      std::string group() const override { return "tls"; }

      std::string description() const override { return "Accept TLS/DTLS connections from TLS/DTLS clients"; }

      void go() override {
         const std::string server_crt = get_arg("cert");
         const std::string server_key = get_arg("key");
         const uint16_t port = get_arg_u16("port");
         const size_t max_clients = get_arg_sz("max-clients");
         const std::string transport = get_arg("type");
         const std::string dump_traces_to = get_arg("dump-traces");
         auto psk = [this]() -> std::optional<Botan::secure_vector<uint8_t>> {
            auto psk_hex = get_arg_maybe("psk");
            if(psk_hex) {
               return Botan::hex_decode_locked(psk_hex.value());
            } else {
               return {};
            }
         }();
         const std::optional<std::string> psk_identity = get_arg_maybe("psk-identity");
         const std::optional<std::string> psk_prf = get_arg_maybe("psk-prf");

   #if defined(BOTAN_SO_SOCKETID)
         m_socket_id = static_cast<uint32_t>(get_arg_sz("socket-id"));
   #endif

         if(transport != "tcp" && transport != "udp") {
            throw CLI_Usage_Error("Invalid transport type '" + transport + "' for TLS");
         }

         m_is_tcp = (transport == "tcp");

         auto policy = load_tls_policy(get_arg("policy"));
         auto session_manager =
            std::make_shared<Botan::TLS::Session_Manager_In_Memory>(rng_as_shared());  // TODO sqlite3
         auto creds =
            std::make_shared<Basic_Credentials_Manager>(server_crt, server_key, std::move(psk), psk_identity, psk_prf);
         auto callbacks = std::make_shared<Callbacks>(*this);

         output() << "Listening for new connections on " << transport << " port " << port << std::endl;

         if(!m_sandbox.init()) {
            error_output() << "Failed sandboxing\n";
            return;
         }

         socket_type server_fd = make_server_socket(port);
         size_t clients_served = 0;

         while(true) {
            if(max_clients > 0 && clients_served >= max_clients) {
               break;
            }

            if(m_is_tcp) {
               m_socket = ::accept(server_fd, nullptr, nullptr);
            } else {
               struct sockaddr_in from;
               socklen_t from_len = sizeof(sockaddr_in);

               void* peek_buf = nullptr;
               size_t peek_len = 0;

   #if defined(BOTAN_TARGET_OS_IS_MACOS)
               // macOS handles zero size buffers differently - it will return 0 even if there's no incoming data,
               // and after that connect() will fail as sockaddr_in from is not initialized
               int dummy;
               peek_buf = &dummy;
               peek_len = sizeof(dummy);
   #endif

               if(::recvfrom(server_fd,
                             static_cast<char*>(peek_buf),
                             static_cast<sendrecv_len_type>(peek_len),
                             MSG_PEEK,
                             reinterpret_cast<struct sockaddr*>(&from),
                             &from_len) != 0) {
                  throw CLI_Error("Could not peek next packet");
               }

               if(::connect(server_fd, reinterpret_cast<struct sockaddr*>(&from), from_len) != 0) {
                  throw CLI_Error("Could not connect UDP socket");
               }
               m_socket = server_fd;
            }

            clients_served++;

            Botan::TLS::Server server(callbacks, session_manager, creds, policy, rng_as_shared(), m_is_tcp == false);

            std::unique_ptr<std::ostream> dump_stream;

            if(!dump_traces_to.empty()) {
               uint64_t timestamp = Botan::OS::get_high_resolution_clock();
               const std::string dump_file = dump_traces_to + "/tls_" + std::to_string(timestamp) + ".bin";
               dump_stream = std::make_unique<std::ofstream>(dump_file.c_str());
            }

            try {
               while(!server.is_closed()) {
                  try {
                     uint8_t buf[4 * 1024] = {0};
                     ssize_t got = ::recv(m_socket, Botan::cast_uint8_ptr_to_char(buf), sizeof(buf), 0);

                     if(got == -1) {
                        error_output() << "Error in socket read - " << err_to_string(errno) << std::endl;
                        break;
                     }

                     if(got == 0) {
                        error_output() << "EOF on socket" << std::endl;
                        break;
                     }

                     if(dump_stream) {
                        dump_stream->write(reinterpret_cast<const char*>(buf), got);
                     }

                     server.received_data(buf, got);

                     while(server.is_active() && !m_pending_output.empty()) {
                        std::string output = m_pending_output.front();
                        m_pending_output.pop_front();
                        server.send(output);

                        if(output == "quit\n") {
                           server.close();
                        }
                     }
                  } catch(std::exception& e) {
                     error_output() << "Connection problem: " << e.what() << std::endl;
                     if(m_is_tcp) {
                        close_socket(m_socket);
                        m_socket = invalid_socket();
                     }
                  }
               }
            } catch(Botan::Exception& e) {
               error_output() << "Connection failed: " << e.what() << "\n";
            }

            if(m_is_tcp) {
               close_socket(m_socket);
               m_socket = invalid_socket();
            }
         }

         close_socket(server_fd);
      }

   public:
      using Command::flag_set;
      using Command::output;

      void send(std::span<const uint8_t> buf) {
         if(m_is_tcp) {
            ssize_t sent = ::send(m_socket, buf.data(), static_cast<sendrecv_len_type>(buf.size()), MSG_NOSIGNAL);

            if(sent == -1) {
               error_output() << "Error writing to socket - " << err_to_string(errno) << std::endl;
            } else if(sent != static_cast<ssize_t>(buf.size())) {
               error_output() << "Packet of length " << buf.size() << " truncated to " << sent << std::endl;
            }
         } else {
            while(!buf.empty()) {
               ssize_t sent = ::send(m_socket, buf.data(), static_cast<sendrecv_len_type>(buf.size()), MSG_NOSIGNAL);

               if(sent == -1) {
                  if(errno == EINTR) {
                     sent = 0;
                  } else {
                     throw CLI_Error("Socket write failed");
                  }
               }

               buf = buf.subspan(sent);
            }
         }
      }

      void push_pending_output(std::string line) { m_pending_output.emplace_back(std::move(line)); }

   private:
      socket_type make_server_socket(uint16_t port) {
         const int type = m_is_tcp ? SOCK_STREAM : SOCK_DGRAM;

         socket_type fd = ::socket(PF_INET, type, 0);
         if(fd == invalid_socket()) {
            throw CLI_Error("Unable to acquire socket");
         }

         sockaddr_in socket_info;
         Botan::clear_mem(&socket_info, 1);
         socket_info.sin_family = AF_INET;
         socket_info.sin_port = htons(port);

         // FIXME: support limiting listeners
         socket_info.sin_addr.s_addr = INADDR_ANY;

         if(::bind(fd, reinterpret_cast<struct sockaddr*>(&socket_info), sizeof(struct sockaddr)) != 0) {
            close_socket(fd);
            throw CLI_Error("server bind failed");
         }

         if(m_is_tcp) {
            constexpr int backlog = std::min(100, SOMAXCONN);
            if(::listen(fd, backlog) != 0) {
               close_socket(fd);
               throw CLI_Error("listen failed");
            }
         }
         if(m_socket_id > 0) {
   #if defined(BOTAN_SO_SOCKETID)
            if(::setsockopt(fd,
                            SOL_SOCKET,
                            BOTAN_SO_SOCKETID,
                            reinterpret_cast<const void*>(&m_socket_id),
                            sizeof(m_socket_id)) != 0) {
               // Failed but not world-ending issue
               output() << "set socket identifier setting failed" << std::endl;
            }
   #endif
         }
         return fd;
      }

      socket_type m_socket = invalid_socket();
      bool m_is_tcp = false;
      uint32_t m_socket_id = 0;
      std::list<std::string> m_pending_output;
      Sandbox m_sandbox;
};

namespace {

std::ostream& Callbacks::output() {
   return m_server_command.output();
}

void Callbacks::send(std::span<const uint8_t> buffer) {
   m_server_command.send(buffer);
}

void Callbacks::push_pending_output(std::string line) {
   m_server_command.push_pending_output(std::move(line));
}

}  // namespace

BOTAN_REGISTER_COMMAND("tls_server", TLS_Server);

}  // namespace Botan_CLI

#endif

1	/*
2	* TLS echo server using BSD sockets
3	* (C) 2014 Jack Lloyd
4	* 2017 René Korthaus, Rohde & Schwarz Cybersecurity
5	* 2023 René Meusel, Rohde & Schwarz Cybersecurity
6	*
7	* Botan is released under the Simplified BSD License (see license.txt)
8	*/
9
10	#include "cli.h"
11	#include "sandbox.h"
12
13	#if defined(BOTAN_TARGET_OS_HAS_SOCKETS)
14	#include <sys/socket.h>
15	#endif
16
17	#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) && defined(BOTAN_TARGET_OS_HAS_SOCKETS)
18
19	#if defined(SO_MARK) \|\| defined(SO_USER_COOKIE) \|\| defined(SO_RTABLE)
20	#if defined(SO_MARK)
21	#define BOTAN_SO_SOCKETID SO_MARK
22	#elif defined(SO_USER_COOKIE)
23	#define BOTAN_SO_SOCKETID SO_USER_COOKIE
24	#else
25	#define BOTAN_SO_SOCKETID SO_RTABLE
26	#endif
27	#endif
28
29	#include <botan/hex.h>
30	#include <botan/mem_ops.h>
31	#include <botan/tls_callbacks.h>
32	#include <botan/tls_policy.h>
33	#include <botan/tls_server.h>
34	#include <botan/tls_session_manager_memory.h>
35	#include <botan/internal/os_utils.h>
36
37	#include <fstream>
38	#include <list>
39	#include <memory>
40
41	#include "socket_utils.h"
42	#include "tls_helpers.h"
43
44	namespace Botan_CLI {
45
46	class TLS_Server;
47
48	namespace {
49
50	class Callbacks : public Botan::TLS::Callbacks {	1✔
51	public:
52	Callbacks(TLS_Server& server_command) : m_server_command(server_command) {}	1✔
53
54	std::ostream& output();
55	void send(std::span<const uint8_t> buffer);
56	void push_pending_output(std::string line);
57
58	void tls_session_established(const Botan::TLS::Session_Summary& session) override {	5✔
59	output() << "Handshake complete, " << session.version().to_string() << " using "	5✔
60	<< session.ciphersuite().to_string();	20✔
61
62	if(const auto& psk = session.external_psk_identity()) {	5✔
63	output() << " (utilized PSK identity: " << maybe_hex_encode(psk.value()) << ")";	4✔
64	}
65
66	output() << std::endl;	5✔
67
68	if(const auto& session_id = session.session_id(); !session_id.empty()) {	5✔
69	output() << "Session ID " << Botan::hex_encode(session_id.get()) << std::endl;	10✔
70	}
71
72	if(const auto& session_ticket = session.session_ticket()) {	5✔
73	output() << "Session ticket " << Botan::hex_encode(session_ticket->get()) << std::endl;	×
74	}
75	}	5✔
76
77	void tls_record_received(uint64_t /seq_no/, std::span<const uint8_t> input) override {	5✔
78	for(size_t i = 0; i != input.size(); ++i) {	1,140✔
79	const char c = static_cast<char>(input[i]);	1,135✔
80	m_line_buf += c;	1,135✔
81	if(c == '\n') {	1,135✔
82	push_pending_output(std::exchange(m_line_buf, {}));	15✔
83	}
84	}
85	}	5✔
86
87	void tls_emit_data(std::span<const uint8_t> buf) override { send(buf); }	66✔
88
89	void tls_alert(Botan::TLS::Alert alert) override { output() << "Alert: " << alert.type_string() << std::endl; }	5✔
90
91	std::string tls_server_choose_app_protocol(const std::vector<std::string>& /client_protos/) override {	×
92	// we ignore whatever the client sends here
93	return "echo/0.1";	×
94	}
95
96	private:
97	TLS_Server& m_server_command;
98	std::string m_line_buf;
99	};
100
101	} // namespace
102
103	class TLS_Server final : public Command {
104	public:
105	#if defined(BOTAN_SO_SOCKETID)
106	TLS_Server() :	2✔
107	Command(
108	"tls_server cert key --port=443 --psk= --psk-identity= --psk-prf=SHA-256 --type=tcp --policy=default --dump-traces= --max-clients=0 --socket-id=0")	4✔
109	#else
110	TLS_Server() :
111	Command(
112	"tls_server cert key --port=443 --psk= --psk-identity= --psk-prf=SHA-256 --type=tcp --policy=default --dump-traces= --max-clients=0")
113	#endif
114	{
115	init_sockets();	2✔
116	}	2✔
117
118	~TLS_Server() override { stop_sockets(); }	4✔
119
120	TLS_Server(const TLS_Server& other) = delete;
121	TLS_Server(TLS_Server&& other) = delete;
122	TLS_Server& operator=(const TLS_Server& other) = delete;
123	TLS_Server& operator=(TLS_Server&& other) = delete;
124
125	std::string group() const override { return "tls"; }	1✔
126
127	std::string description() const override { return "Accept TLS/DTLS connections from TLS/DTLS clients"; }	1✔
128
129	void go() override {	1✔
130	const std::string server_crt = get_arg("cert");	1✔
131	const std::string server_key = get_arg("key");	1✔
132	const uint16_t port = get_arg_u16("port");	1✔
133	const size_t max_clients = get_arg_sz("max-clients");	1✔
134	const std::string transport = get_arg("type");	1✔
135	const std::string dump_traces_to = get_arg("dump-traces");	1✔
136	auto psk = [this]() -> std::optional<Botan::secure_vector<uint8_t>> {	2✔
137	auto psk_hex = get_arg_maybe("psk");	1✔
138	if(psk_hex) {	1✔
139	return Botan::hex_decode_locked(psk_hex.value());	1✔
140	} else {
141	return {};	1✔
142	}
143	}();	2✔
144	const std::optional<std::string> psk_identity = get_arg_maybe("psk-identity");	1✔
145	const std::optional<std::string> psk_prf = get_arg_maybe("psk-prf");	1✔
146
147	#if defined(BOTAN_SO_SOCKETID)
148	m_socket_id = static_cast<uint32_t>(get_arg_sz("socket-id"));	1✔
149	#endif
150
151	if(transport != "tcp" && transport != "udp") {	1✔
152	throw CLI_Usage_Error("Invalid transport type '" + transport + "' for TLS");	×
153	}
154
155	m_is_tcp = (transport == "tcp");	1✔
156
157	auto policy = load_tls_policy(get_arg("policy"));	2✔
158	auto session_manager =	1✔
159	std::make_shared<Botan::TLS::Session_Manager_In_Memory>(rng_as_shared()); // TODO sqlite3	2✔
160	auto creds =	1✔
161	std::make_shared<Basic_Credentials_Manager>(server_crt, server_key, std::move(psk), psk_identity, psk_prf);	1✔
162	auto callbacks = std::make_shared<Callbacks>(*this);	1✔
163
164	output() << "Listening for new connections on " << transport << " port " << port << std::endl;	1✔
165
166	if(!m_sandbox.init()) {	1✔
167	error_output() << "Failed sandboxing\n";	×
168	return;	×
169	}
170
171	socket_type server_fd = make_server_socket(port);	1✔
172	size_t clients_served = 0;
173
174	while(true) {	11✔
175	if(max_clients > 0 && clients_served >= max_clients) {	6✔
176	break;
177	}
178
179	if(m_is_tcp) {	5✔
180	m_socket = ::accept(server_fd, nullptr, nullptr);	5✔
181	} else {
182	struct sockaddr_in from;	×
183	socklen_t from_len = sizeof(sockaddr_in);	×
184
185	void* peek_buf = nullptr;	×
186	size_t peek_len = 0;	×
187
188	#if defined(BOTAN_TARGET_OS_IS_MACOS)
189	// macOS handles zero size buffers differently - it will return 0 even if there's no incoming data,
190	// and after that connect() will fail as sockaddr_in from is not initialized
191	int dummy;
192	peek_buf = &dummy;
193	peek_len = sizeof(dummy);
194	#endif
195
196	if(::recvfrom(server_fd,	×
197	static_cast<char*>(peek_buf),
198	static_cast<sendrecv_len_type>(peek_len),
199	MSG_PEEK,
200	reinterpret_cast<struct sockaddr*>(&from),
201	&from_len) != 0) {
202	throw CLI_Error("Could not peek next packet");	×
203	}
204
205	if(::connect(server_fd, reinterpret_cast<struct sockaddr*>(&from), from_len) != 0) {	×
206	throw CLI_Error("Could not connect UDP socket");	×
207	}
208	m_socket = server_fd;	×
209	}
210
211	clients_served++;	5✔
212
213	Botan::TLS::Server server(callbacks, session_manager, creds, policy, rng_as_shared(), m_is_tcp == false);	30✔
214
215	std::unique_ptr<std::ostream> dump_stream;	5✔
216
217	if(!dump_traces_to.empty()) {	5✔
218	uint64_t timestamp = Botan::OS::get_high_resolution_clock();	×
219	const std::string dump_file = dump_traces_to + "/tls_" + std::to_string(timestamp) + ".bin";	×
220	dump_stream = std::make_unique<std::ofstream>(dump_file.c_str());	×
221	}	×
222
223	try {
224	while(!server.is_closed()) {	27✔
225	try {	22✔
226	uint8_t buf[4 * 1024] = {0};	22✔
227	ssize_t got = ::recv(m_socket, Botan::cast_uint8_ptr_to_char(buf), sizeof(buf), 0);	22✔
228
229	if(got == -1) {	22✔
230	error_output() << "Error in socket read - " << err_to_string(errno) << std::endl;	×
231	break;	×
232	}
233
234	if(got == 0) {	22✔
235	error_output() << "EOF on socket" << std::endl;	×
236	break;
237	}
238
239	if(dump_stream) {	22✔
240	dump_stream->write(reinterpret_cast<const char*>(buf), got);	×
241	}
242
243	server.received_data(buf, got);	22✔
244
245	while(server.is_active() && !m_pending_output.empty()) {	27✔
246	std::string output = m_pending_output.front();	5✔
247	m_pending_output.pop_front();	5✔
248	server.send(output);	5✔
249
250	if(output == "quit\n") {	5✔
251	server.close();	×
252	}
253	}	5✔
254	} catch(std::exception& e) {	×
255	error_output() << "Connection problem: " << e.what() << std::endl;	×
256	if(m_is_tcp) {	×
257	close_socket(m_socket);	×
258	m_socket = invalid_socket();	×
259	}
260	}	×
261	}
262	} catch(Botan::Exception& e) {	×
263	error_output() << "Connection failed: " << e.what() << "\n";	×
264	}	×
265
266	if(m_is_tcp) {	5✔
267	close_socket(m_socket);	5✔
268	m_socket = invalid_socket();	5✔
269	}
270	}	5✔
271
272	close_socket(server_fd);	2✔
273	}	6✔
274
275	public:
276	using Command::flag_set;
277	using Command::output;
278
279	void send(std::span<const uint8_t> buf) {	33✔
280	if(m_is_tcp) {	33✔
281	ssize_t sent = ::send(m_socket, buf.data(), static_cast<sendrecv_len_type>(buf.size()), MSG_NOSIGNAL);	33✔
282
283	if(sent == -1) {	33✔
284	error_output() << "Error writing to socket - " << err_to_string(errno) << std::endl;	×
285	} else if(sent != static_cast<ssize_t>(buf.size())) {	33✔
286	error_output() << "Packet of length " << buf.size() << " truncated to " << sent << std::endl;	×
287	}
288	} else {
289	while(!buf.empty()) {	×
290	ssize_t sent = ::send(m_socket, buf.data(), static_cast<sendrecv_len_type>(buf.size()), MSG_NOSIGNAL);	×
291
292	if(sent == -1) {	×
293	if(errno == EINTR) {	×
294	sent = 0;
295	} else {
296	throw CLI_Error("Socket write failed");	×
297	}
298	}
299
300	buf = buf.subspan(sent);	×
301	}
302	}
303	}	33✔
304
305	void push_pending_output(std::string line) { m_pending_output.emplace_back(std::move(line)); }	5✔
306
307	private:
308	socket_type make_server_socket(uint16_t port) {	1✔
309	const int type = m_is_tcp ? SOCK_STREAM : SOCK_DGRAM;	1✔
310
311	socket_type fd = ::socket(PF_INET, type, 0);	1✔
312	if(fd == invalid_socket()) {	1✔
313	throw CLI_Error("Unable to acquire socket");	×
314	}
315
316	sockaddr_in socket_info;	1✔
317	Botan::clear_mem(&socket_info, 1);	1✔
318	socket_info.sin_family = AF_INET;	1✔
319	socket_info.sin_port = htons(port);	1✔
320
321	// FIXME: support limiting listeners
322	socket_info.sin_addr.s_addr = INADDR_ANY;	1✔
323
324	if(::bind(fd, reinterpret_cast<struct sockaddr*>(&socket_info), sizeof(struct sockaddr)) != 0) {	1✔
325	close_socket(fd);	×
326	throw CLI_Error("server bind failed");	×
327	}
328
329	if(m_is_tcp) {	1✔
330	constexpr int backlog = std::min(100, SOMAXCONN);	1✔
331	if(::listen(fd, backlog) != 0) {	1✔
332	close_socket(fd);	×
333	throw CLI_Error("listen failed");	×
334	}
335	}
336	if(m_socket_id > 0) {	1✔
337	#if defined(BOTAN_SO_SOCKETID)
338	if(::setsockopt(fd,	×
339	SOL_SOCKET,
340	BOTAN_SO_SOCKETID,
341	reinterpret_cast<const void*>(&m_socket_id),	×
342	sizeof(m_socket_id)) != 0) {
343	// Failed but not world-ending issue
344	output() << "set socket identifier setting failed" << std::endl;	×
345	}
346	#endif
347	}
348	return fd;	1✔
349	}
350
351	socket_type m_socket = invalid_socket();
352	bool m_is_tcp = false;
353	uint32_t m_socket_id = 0;
354	std::list<std::string> m_pending_output;
355	Sandbox m_sandbox;
356	};
357
358	namespace {
359
360	std::ostream& Callbacks::output() {	22✔
361	return m_server_command.output();	22✔
362	}
363
364	void Callbacks::send(std::span<const uint8_t> buffer) {	33✔
365	m_server_command.send(buffer);	33✔
366	}
367
368	void Callbacks::push_pending_output(std::string line) {	5✔
369	m_server_command.push_pending_output(std::move(line));	15✔
370	}	5✔
371
372	} // namespace
373
374	BOTAN_REGISTER_COMMAND("tls_server", TLS_Server);	2✔
375
376	} // namespace Botan_CLI
377
378	#endif

randombit / botan / 5587580523

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous