Add basic digest authentication (-a option).

[tlsproxy/tlsproxy.git] / src / tlsproxy.c

diff --git a/src/tlsproxy.c b/src/tlsproxy.c
index ba8386b2125c9ddf56efae46848eb772ff484701..be1789a111a8b6356b9200021e211efe443ed7d5 100644 (file)
--- a/src/tlsproxy.c
+++ b/src/tlsproxy.c
@@ -28,6 +28,7 @@
 #include <pthread.h>
 #include <signal.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 
@@ -72,6 +73,7 @@ static void sigint_handler(int signal);
 
 static void parse_arguments(int argc, char **argv);
 static void print_usage(const char *argv);
+static char *slurp_file(const char *path);
 
 static void initialize_gnutls(void);
 static void deinitialize_gnutls(void);
@@ -93,6 +95,10 @@ int main(int argc, char **argv) {
 
     struct sigaction action;
 
+    /* Required in a few places. */
+    ct_assert(sizeof(size_t) >= sizeof(int));
+    ct_assert(sizeof(size_t) >= sizeof(ssize_t));
+
     parse_arguments(argc, argv);
 
     port = atoi(argv[argc - 1]);
@@ -256,8 +262,26 @@ static void parse_arguments(int argc, char **argv) {
 #endif
     global_passthrough_unknown = 0;
 
-    while ((option = getopt(argc, argv, "d:p:t:uh?")) != -1) {
+    while ((option = getopt(argc, argv, "a:d:p:t:uh?")) != -1) {
         switch (option) {
+            case 'a': {
+                http_digest_authorization = slurp_file(optarg);
+                if (http_digest_authorization == NULL) {
+                    fprintf(stderr, "failed to open authorization file '%s': ",
+                                    optarg);
+                    perror("");
+                    exit(EXIT_FAILURE);
+                } else if (strlen(http_digest_authorization) == 0) {
+                    fprintf(stderr, "empty authorization file '%s'\n",
+                                    optarg);
+                    exit(EXIT_FAILURE);
+                }
+
+                /* Just in case the file has a trailing newline. */
+                strtok(http_digest_authorization, "\r\n");
+
+                break;
+            }
             case 'd': {
                 global_log_level = atoi(optarg);
                 if (global_log_level < 0) {
@@ -326,9 +350,10 @@ static void parse_arguments(int argc, char **argv) {
 static void print_usage(const char *argv) {
     fprintf(stderr, "tlsproxy %s, a certificate checking TLS proxy\n",
                     VERSION);
-    fprintf(stderr, "Usage: %s [-d level] [-p host:port] [-t count] [-u] port\n",
+    fprintf(stderr, "Usage: %s [-a file] [-d level] [-p host:port] [-t count] [-u] port\n",
                     argv);
     fprintf(stderr, "\n");
+    fprintf(stderr, "-a digest authentication file [default: none]\n");
     fprintf(stderr, "-d debug level: 0=errors only, 2=debug [default: 1]\n");
     fprintf(stderr, "-p proxy hostname and port\n");
     fprintf(stderr, "-t number of threads [default: 10]\n");
@@ -401,3 +426,45 @@ static void *worker_thread(void *unused) {
 
     return NULL;
 }
+
+static char *slurp_file(const char *path) {
+    struct stat stat;
+    size_t size_read;
+    char *content = NULL;
+
+    FILE *file = fopen(path, "r");
+    if (file == NULL) {
+        return NULL;
+    }
+
+    ct_assert(sizeof(stat.st_size) <= sizeof(size_t));
+
+    if (fstat(fileno(file), &stat) != 0) {
+        goto out;
+    }
+    if (stat.st_size < 0) { /* just in case ... */
+        abort();
+    } else if ((size_t)stat.st_size >= SIZE_MAX - 1) {
+        errno = 0;
+        goto out;
+    }
+
+    content = malloc((size_t)stat.st_size + 1);
+    if (content == NULL) {
+        goto out;
+    }
+
+    errno = 0;
+    size_read = fread(content, 1, (size_t)stat.st_size, file);
+    if (size_read != (size_t)stat.st_size) {
+        free(content);
+        content = NULL;
+        goto out;
+    }
+    content[size_read] = '\0';
+
+out:
+    fclose(file);
+
+    return content;
+}