#include "vfer_api.h"
Go to the source code of this file.
Data Structures | |
| struct | vsl_sock |
| VSL socket structure. More... | |
Defines | |
| #define | VSL_AUTH_KEYLEN 32 |
| VSL MAC key length. | |
| #define | VSL_ENC_KEYLEN 16 |
| VSL encryption key length. | |
| #define | VSL_KEYLEN 32 |
| VSL main key length. | |
| #define | VSL_MACLEN 16 |
| VSL MAC length. | |
Enumerations | |
| enum | vsl_auth_t { VSL_AUTH_SSH, VSL_AUTH_DH } |
| VSL authentication types. More... | |
| enum | vsl_errcode_t { VSL_BADPROT = -255, VSL_MAXMSG, VSL_ERRNO, VSL_SSHF, VSL_TOOBIG, VSL_TEMP = 20, VSL_PERM } |
| VSL errorcodes. More... | |
| enum | vsl_sock_mark_t { VSL_READABLE = 1, VSL_WRITABLE = 2, VSL_EXCEPTION = 4, VSL_AUTHABLE = 8 } |
| VSL socket select markers. More... | |
Functions | |
| int | vsl_accept_ssh (vsl_sock *sock) |
| void | vsl_close (vsl_sock *socket) |
| int | vsl_connect_ssh (vsl_sock *sock, const char *host, const char *user, const char *cmd, int argc, const char *const *argv, char *errmsg) |
| void | vsl_debug (FILE *fp, const char *vfer) |
| char * | vsl_errortext (int err) |
| int | vsl_init (void) |
| ssize_t | vsl_max_frame_size (vsl_sock *socket) |
| ssize_t | vsl_recv (vsl_sock *socket, void *buf, size_t len) |
| ssize_t | vsl_recvfile (vsl_sock *socket, int fd, off_t offset, size_t size) |
| int | vsl_select (int len, vsl_sock **socks, struct timeval *timeout) |
| int | vsl_selectmark (vsl_sock *socket, int mark) |
| int | vsl_selectpoll (int len, vsl_sock **socks, struct timeval *stimeout, int usec) |
| int | vsl_selecttest (vsl_sock *socket) |
| ssize_t | vsl_send (vsl_sock *socket, const void *buf, size_t len) |
| ssize_t | vsl_sendfile (vsl_sock *socket, int fd, off_t offset, size_t size) |
| int | vsl_socket (vsl_sock *socket, const vfer_fd vfd) |
| void | vsl_test_mode (vsl_sock *sock) |
| int | vsl_uninit (void) |
| vfer_fd | vsl_vferfd (vsl_sock *socket) |
Variables | |
| FILE * | debug |
Definition in file vsl_api.h.
| enum vsl_auth_t |
| enum vsl_errcode_t |
| enum vsl_sock_mark_t |
| int vsl_accept_ssh | ( | vsl_sock * | socket | ) |
Establishes a secure connection to the specified host using SSL Starting Mode. This function has to be called by the server. It reads the secret from stdin, listens on a free port, prints the port nr. to stdout, accepts a connection and daemonizes. See specification for details.
This call always blocks.
The function requires an initialized VSL socket.
Note that this function creates a new vfer socket when accepting the connection. Therefore, the caller has to make sure that vfer_close() is called both for the listening vfer_fd (that was passed to vsl_socket()) and the new vfer_fd (which is available with vsl_vferfd() after this function returns). The listening vfer fd can be closed as soon as vsl_accept_ssh() returns, the accepted vfer fd must not be closed before vsl_close() is called.
| [out] | socket | VSL socket to use |
| void vsl_close | ( | vsl_sock * | sock | ) |
Destructs the given VSL socket.
This function does nothing at the moment, but it should be called as soon as the VSL connection is no longer used in case clean is neccessary in later versions.
This function will not close the underlying vfer_fd, it has to be closed manually or can be used for normal vfer communication.
| [in] | sock | the socket |
| int vsl_connect_ssh | ( | vsl_sock * | socket, | |
| const char * | host, | |||
| const char * | user, | |||
| const char * | cmd, | |||
| int | argc, | |||
| const char *const * | argv, | |||
| char * | errmsg | |||
| ) |
Establishes a secure connection to the specified host using SSL Starting Mode. This function has to be called by the client. It connects to the remote host via ssh and starts the server. See specification for details.
The function requires an initialized VSL socket.
For non blocking sockets, this function might return VFER_INPROGRESS. That means that the next authentikation step would block. In this case the caller has to call the function repeatedly until it returns 0 or an error. vsl_select() can be used to check whether a socket is ready for the next step.
| [out] | socket | VSL socket to use |
| [in] | host | hostname to connect to |
| [in] | user | username for SSH connection, NULL to use current user |
| [in] | cmd | program name of the server application |
| [in] | argc | number of arguments in argv that are passed to the server application |
| [in] | argv | arguments that is passed to the server application |
| [out] | errmsg | if the server returns an error message it is stored here. Must be achar array holding at least 512 bytes. |
| char* vsl_errortext | ( | int | err | ) |
Returns a text description of the error code err. If the errorcode is not specific to the security api, vfer_errortext() is called automatically instead.
| [in] | err | error code |
| int vsl_init | ( | void | ) |
| ssize_t vsl_max_frame_size | ( | vsl_sock * | socket | ) |
Get the maximum size that can be transmitted in a vsl_send() or vsl_recv() call.
| [in] | socket | the VSL socket |
| ssize_t vsl_recv | ( | vsl_sock * | sock, | |
| void * | buf, | |||
| size_t | len | |||
| ) |
Reads len bytes from buf on a connected socket.
Equivalent to vfer_recv(), but uses the vfer security layer to protect the message against modification and eavesdropping.
Due to the used MAC algorithm, the maximum number of messages that can be transferred with one socket is sizeof(uint64_t).
The maximum number of bytes that can be transmitted in one message can be determined with vsl_max_frame_size().
Note that if the incoming message is larger than len, the message cannot be verified and VSL_BADPROT will be returned.
If the vfer socket is of type SOCK_STREAM, nonblocking IO is not supported and VFER_INVAL returned.
| [in] | sock | the socket to use |
| [out] | buf | a pointer to a buffer into which to receive |
| [in] | len | maximum length of data to receive into buf |
| ssize_t vsl_recvfile | ( | vsl_sock * | sock, | |
| int | fd, | |||
| off_t | offset, | |||
| size_t | len | |||
| ) |
Reads len bytes from buf on a connected socket and writes them into the specified fd, starting at offset.
Equivalent to vfer_recvfile(), but uses the vfer security layer to protect the message against modification and eavesdropping.
Due to the used MAC algorithm, the maximum number of messages that can be transferred with one socket is sizeof(uint64_t). Afterwards, VSL_MAXMSG is returned.
| [in] | sock | the VFS socket to use |
| [out] | fd | file descriptor for writing |
| [in] | offset | offset to start writing |
| [in] | len | number of bytes to read |
| int vsl_select | ( | int | len, | |
| vsl_sock ** | socks, | |||
| struct timeval * | stimeout | |||
| ) |
Returns the number of VSL sockets in an array that satisfy the marked conditions.
timeout is the maximum time to wait before the call returns. If timeout is NULL the call blocks indefinitely. A timeout value of zero can be used to effect a poll operation.
| [in] | len | length of socks array |
| [in] | socks | an array of sockets to check for marked conditions |
| [in] | stimeout | a timeout value to control waiting time |
| int vsl_selectmark | ( | vsl_sock * | socket, | |
| int | mark | |||
| ) |
Marks socket with the conditions to be tested by the select call.
Called prior to using vsl_select(). Mark is a bitwise OR of
| [in] | socket | VSL socket to mark |
| [in] | mark | a mark to associate with the socket |
| int vsl_selectpoll | ( | int | len, | |
| vsl_sock ** | socks, | |||
| struct timeval * | stimeout, | |||
| int | usec | |||
| ) |
Like vsl_select(), but automatically polls every usec microseconds when vsl_select() would return VFER_INPROGRESS.
| [in] | len | length of socks array |
| [in] | socks | an array of sockets to check for marked conditions |
| [in] | stimeout | a timeout value to control waiting time |
| [in] | usec | polling intervall in microseconds |
| int vsl_selecttest | ( | vsl_sock * | sock | ) |
Returns the result of the vsl_select() call for socket.
The return value will be a bitwise OR of the constants described in vsl_selectmark(), depending on how sock was marked and the result of the vsl_select() call.
| [in] | sock | the VSL socket |
| ssize_t vsl_send | ( | vsl_sock * | sock, | |
| const void * | buf, | |||
| size_t | len | |||
| ) |
Sends len bytes from buf over a socket.
Equivalent to vfer_send(), but uses the vfer security layer to protect the message against modification and eavesdropping.
Due to the used MAC algorithm, the maximum number of messages that can be transferred with one socket is sizeof(uint64_t). Afterwards, VSL_MAXMSG is returned.
The maximum number of bytes that can be transmitted in a single message can be determined with vsl_max_frame_size().
If the vfer socket is of type SOCK_STREAM, nonblocking IO is not supported and VFER_INVAL returned.
| [in] | sock | VSL socket to use |
| [in] | buf | buffer to send |
| [in] | len | length of the data to send |
| ssize_t vsl_sendfile | ( | vsl_sock * | sock, | |
| int | fd, | |||
| off_t | offset, | |||
| size_t | len | |||
| ) |
Sends len bytes from file fd starting at offset buf over socket sock.
Equivalent to vfer_sendfile(), but uses the vfer security layer to protect the message against modification and eavesdropping.
Due to the used MAC algorithm, the maximum number of messages that can be transferred with one socket is sizeof(uint64_t). So it may happen that large files cannot be transferred completely. In this case VSL_MAXMSG is returned after the maximum number of bytes has been transferred.
| [in] | sock | the VFS socket to use |
| [out] | fd | file descriptor for reading |
| [in] | offset | offset to start reading |
| [in] | len | number of bytes to write |
Initializes a VSL socket using an existing and connected vfer fd. Before the socket can be used to transfer data, an authentication function has to be called to perform the handshake.
| [in] | fd | the VFER fd. |
| [out] | socket | VSL socket |
| void vsl_test_mode | ( | vsl_sock * | sock | ) |
Activates some behaviour that is only useful for testing VSL internals:
| [in] | sock | socket to mark |
| int vsl_uninit | ( | void | ) |
| FILE* debug |
1.4.7