2005-07-09 21:18:49 +00:00
|
|
|
require 'rex/socket'
|
2005-06-03 22:51:09 +00:00
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
2005-09-27 05:31:48 +00:00
|
|
|
# This class provides methods for interacting with an SSL TCP client
|
|
|
|
|
# connection.
|
2005-06-03 22:51:09 +00:00
|
|
|
#
|
|
|
|
|
###
|
2005-09-27 05:31:48 +00:00
|
|
|
module Rex::Socket::SslTcp
|
|
|
|
|
|
2005-11-03 04:43:19 +00:00
|
|
|
begin
|
2008-11-12 22:47:21 +00:00
|
|
|
@@loaded_openssl = false
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
require 'openssl'
|
|
|
|
|
@@loaded_openssl = true
|
|
|
|
|
rescue ::Exception
|
|
|
|
|
end
|
|
|
|
|
|
2005-11-03 04:43:19 +00:00
|
|
|
|
2005-09-27 05:31:48 +00:00
|
|
|
include Rex::Socket::Tcp
|
2005-06-03 22:51:09 +00:00
|
|
|
|
|
|
|
|
##
|
|
|
|
|
#
|
|
|
|
|
# Factory
|
|
|
|
|
#
|
|
|
|
|
##
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# Creates an SSL TCP instance.
|
|
|
|
|
#
|
2005-09-27 05:31:48 +00:00
|
|
|
def self.create(hash)
|
2008-11-12 22:47:21 +00:00
|
|
|
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
|
2005-09-27 05:31:48 +00:00
|
|
|
self.create_param(Rex::Socket::Parameters.from_hash(hash))
|
|
|
|
|
end
|
|
|
|
|
|
2005-06-03 22:51:09 +00:00
|
|
|
#
|
|
|
|
|
# Set the SSL flag to true and call the base class's create_param routine.
|
|
|
|
|
#
|
|
|
|
|
def self.create_param(param)
|
2005-09-27 05:31:48 +00:00
|
|
|
param.ssl = true
|
2005-06-03 22:51:09 +00:00
|
|
|
|
2005-09-27 05:31:48 +00:00
|
|
|
Rex::Socket::Tcp.create_param(param)
|
2005-06-03 22:51:09 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
#
|
|
|
|
|
# Class initialization
|
|
|
|
|
#
|
|
|
|
|
##
|
2005-11-15 05:22:13 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Initializes the SSL socket.
|
|
|
|
|
#
|
2005-09-27 05:31:48 +00:00
|
|
|
def initsock(params = nil)
|
2005-06-03 22:51:09 +00:00
|
|
|
super
|
|
|
|
|
|
|
|
|
|
# Build the SSL connection
|
|
|
|
|
self.sslctx = OpenSSL::SSL::SSLContext.new
|
2007-05-03 20:01:29 +00:00
|
|
|
|
|
|
|
|
# Configure the SSL context
|
|
|
|
|
# TODO: Allow the user to specify the verify mode and callback
|
|
|
|
|
# Valid modes:
|
|
|
|
|
# VERIFY_CLIENT_ONCE
|
|
|
|
|
# VERIFY_FAIL_IF_NO_PEER_CERT
|
|
|
|
|
# VERIFY_NONE
|
|
|
|
|
# VERIFY_PEER
|
|
|
|
|
self.sslctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
|
|
|
self.sslctx.options = OpenSSL::SSL::OP_ALL
|
|
|
|
|
|
|
|
|
|
# Set the verification callback
|
|
|
|
|
self.sslctx.verify_callback = Proc.new do |valid, store|
|
|
|
|
|
self.peer_verified = valid
|
|
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Tie the context to a socket
|
2005-09-27 05:31:48 +00:00
|
|
|
self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx)
|
2007-05-03 20:01:29 +00:00
|
|
|
|
2006-01-20 19:04:17 +00:00
|
|
|
# XXX - enabling this causes infinite recursion, so disable for now
|
|
|
|
|
# self.sslsock.sync_close = true
|
2007-05-03 20:01:29 +00:00
|
|
|
|
|
|
|
|
# Negotiate the connection
|
2005-06-03 22:51:09 +00:00
|
|
|
self.sslsock.connect
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
#
|
|
|
|
|
# Stream mixin implementations
|
|
|
|
|
#
|
|
|
|
|
##
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# Writes data over the SSL socket.
|
|
|
|
|
#
|
2005-06-03 22:51:09 +00:00
|
|
|
def write(buf, opts = {})
|
|
|
|
|
return sslsock.write(buf)
|
|
|
|
|
end
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# Reads data from the SSL socket.
|
|
|
|
|
#
|
2005-06-03 22:51:09 +00:00
|
|
|
def read(length = nil, opts = {})
|
|
|
|
|
length = 16384 unless length
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
return sslsock.read(length)
|
2008-11-11 05:11:40 +00:00
|
|
|
rescue EOFError, ::Errno::EPIPE
|
2005-06-03 22:51:09 +00:00
|
|
|
return nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# Closes the SSL socket.
|
|
|
|
|
#
|
2005-06-03 22:51:09 +00:00
|
|
|
def close
|
|
|
|
|
sslsock.close
|
2005-09-27 05:31:48 +00:00
|
|
|
super
|
2005-06-03 22:51:09 +00:00
|
|
|
end
|
|
|
|
|
|
2007-05-03 20:01:29 +00:00
|
|
|
#
|
|
|
|
|
# Ignore shutdown requests
|
|
|
|
|
#
|
|
|
|
|
def shutdown(how=0)
|
|
|
|
|
# Calling shutdown() on an SSL socket can lead to bad things
|
|
|
|
|
# Cause of http://metasploit.com/dev/trac/ticket/102
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Access to peer cert
|
|
|
|
|
#
|
|
|
|
|
def peer_cert
|
|
|
|
|
sslsock.peer_cert if sslsock
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Access to peer cert chain
|
|
|
|
|
#
|
|
|
|
|
def peer_cert_chain
|
|
|
|
|
sslsock.peer_cert_chain if sslsock
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Access to the current cipher
|
|
|
|
|
#
|
|
|
|
|
def cipher
|
|
|
|
|
sslsock.cipher if sslsock
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
attr_reader :peer_verified # :nodoc:
|
2008-08-23 05:12:43 +00:00
|
|
|
attr_accessor :sslsock, :sslctx # :nodoc:
|
2005-06-03 22:51:09 +00:00
|
|
|
protected
|
|
|
|
|
|
2007-05-03 20:01:29 +00:00
|
|
|
attr_writer :peer_verified # :nodoc:
|
2005-06-03 22:51:09 +00:00
|
|
|
|
2005-11-03 04:43:19 +00:00
|
|
|
rescue LoadError
|
|
|
|
|
end
|
|
|
|
|
|
2006-01-27 05:33:08 +00:00
|
|
|
def type?
|
|
|
|
|
return 'tcp-ssl'
|
|
|
|
|
end
|
2005-12-13 06:08:40 +00:00
|
|
|
|
2008-11-11 05:11:40 +00:00
|
|
|
end
|
