Module: Rex::Socket::SslTcpServer

Includes:

TcpServer

Defined in:

lib/rex/socket/ssl_tcp_server.rb

Overview

This class provides methods for interacting with an SSL wrapped TCP server. It implements the StreamServer IO interface.

Constant Summary

@@loaded_openssl =

false

Constants included from Rex::Socket

MATCH_IPV4, MATCH_IPV4_PRIVATE, MATCH_IPV6

Instance Attribute Summary

• #sslctx ⇒ Object

  Returns the value of attribute sslctx.

Attributes included from IO::StreamServer

#client_waiter, #clients, #clients_thread, #listener_thread, #on_client_close_proc, #on_client_connect_proc, #on_client_data_proc

Attributes included from Rex::Socket

#context, #ipv, #localhost, #localport, #peerhost, #peerport

Class Method Summary

• .create(hash = {}) ⇒ Object

  Factory.

• .create_param(param) ⇒ Object

  Wrapper around the base class’ creation method that automatically sets the parameter’s protocol to TCP and sets the server flag to true.

Instance Method Summary

• #accept(opts = {}) ⇒ Object

  Accepts a child connection.

• #allow_nonblock?(sock = self.sock) ⇒ Boolean

  This flag determines whether to use the non-blocking openssl API calls when they are available.

• #initsock(params = nil) ⇒ Object
• #makessl(params) ⇒ ::OpenSSL::SSL::SSLContext

  Create a new ssl context.

Methods included from IO::StreamServer

#close_client, #on_client_close, #on_client_connect, #on_client_data, #start, #stop, #wait

Methods included from Rex::Socket

addr_atoc, addr_atoi, addr_atoi_list, addr_aton, addr_ctoa, addr_itoa, addr_iton, addr_ntoa, addr_ntoi, bit2netmask, cidr_crack, compress_address, create_ip, create_tcp, create_tcp_server, create_udp, dotted_ip?, eth_aton, eth_ntoa, #fd, from_sockaddr, getaddress, getaddresses, gethostbyname, #getlocalname, #getpeername, #getsockname, ipv6_link_address, ipv6_mac, is_internal?, is_ipv4?, is_ipv6?, net2bitmask, portlist_to_portspec, portspec_crack, portspec_to_portlist, resolv_nbo, resolv_nbo_i, resolv_nbo_i_list, resolv_nbo_list, resolv_to_dotted, source_address, support_ipv6?, tcp_socket_pair, to_sockaddr, #type?, udp_socket_pair

Instance Attribute Details

#sslctx ⇒ Object

Returns the value of attribute sslctx.

# File 'lib/rex/socket/ssl_tcp_server.rb', line 186

def sslctx
  @sslctx
end

Class Method Details

.create(hash = {}) ⇒ Object

Factory

# File 'lib/rex/socket/ssl_tcp_server.rb', line 31

def self.create(hash = {})
  hash['Proto']  = 'tcp'
  hash['Server'] = true
  hash['SSL']    = true
  self.create_param(Rex::Socket::Parameters.from_hash(hash))
end

.create_param(param) ⇒ Object

Wrapper around the base class’ creation method that automatically sets the parameter’s protocol to TCP and sets the server flag to true.

# File 'lib/rex/socket/ssl_tcp_server.rb', line 42

def self.create_param(param)
  param.proto  = 'tcp'
  param.server = true
  param.ssl    = true
  Rex::Socket.create_param(param)
end

Instance Method Details

#accept(opts = {}) ⇒ Object

Accepts a child connection.

# File 'lib/rex/socket/ssl_tcp_server.rb', line 56

def accept(opts = {})
  sock = super()
  return if not sock

  begin
    ssl = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx)

    if not allow_nonblock?(ssl)
      ssl.accept
    else
      begin
        ssl.accept_nonblock

      # Ruby 1.8.7 and 1.9.0/1.9.1 uses a standard Errno
      rescue ::Errno::EAGAIN, ::Errno::EWOULDBLOCK
          IO::select(nil, nil, nil, 0.10)
          retry

      # Ruby 1.9.2+ uses IO::WaitReadable/IO::WaitWritable
      rescue ::Exception => e
        if ::IO.const_defined?('WaitReadable') and e.kind_of?(::IO::WaitReadable)
          IO::select( [ ssl ], nil, nil, 0.10 )
          retry
        end

        if ::IO.const_defined?('WaitWritable') and e.kind_of?(::IO::WaitWritable)
          IO::select( nil, [ ssl ], nil, 0.10 )
          retry
        end

        raise e
      end
    end

    sock.extend(Rex::Socket::SslTcp)
    sock.sslsock = ssl
    sock.sslctx  = self.sslctx

    return sock

  rescue ::OpenSSL::SSL::SSLError
    sock.close
    nil
  end
end

#allow_nonblock?(sock = self.sock) ⇒ Boolean

This flag determines whether to use the non-blocking openssl API calls when they are available. This is still buggy on Linux/Mac OS X, but is required on Windows

Returns:

• (Boolean)

# File 'lib/rex/socket/ssl_tcp_server.rb', line 178

def allow_nonblock?(sock=self.sock)
  avail = sock.respond_to?(:accept_nonblock)
  if avail and Rex::Compat.is_windows
    return true
  end
  false
end

#initsock(params = nil) ⇒ Object

Raises:

• (RuntimeError)

# File 'lib/rex/socket/ssl_tcp_server.rb', line 49

def initsock(params = nil)
  raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
  self.sslctx  = makessl(params)
  super
end

#makessl(params) ⇒ ::OpenSSL::SSL::SSLContext

Create a new ssl context. If ssl_cert is not given, generates a new key and a leaf certificate with random values.

Parameters:

• params (Rex::Socket::Parameters)

Returns:

• (::OpenSSL::SSL::SSLContext)

# File 'lib/rex/socket/ssl_tcp_server.rb', line 109

def makessl(params)
  ssl_cert = params.ssl_cert
  if ssl_cert
    cert = OpenSSL::X509::Certificate.new(ssl_cert)
    key = OpenSSL::PKey::RSA.new(ssl_cert)
  else
    key = OpenSSL::PKey::RSA.new(1024){ }
    cert = OpenSSL::X509::Certificate.new
    cert.version = 2
    cert.serial = rand(0xFFFFFFFF)
    # name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
    subject = OpenSSL::X509::Name.new([
        ["C","US"],
        ['ST', Rex::Text.rand_state()],
        ["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
        ["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
        ["CN", Rex::Text.rand_hostname],
      ])
    issuer = OpenSSL::X509::Name.new([
        ["C","US"],
        ['ST', Rex::Text.rand_state()],
        ["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
        ["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
        ["CN", Rex::Text.rand_hostname],
      ])

    cert.subject = subject
    cert.issuer = issuer
    cert.not_before = Time.now - (3600 * 365)
    cert.not_after = Time.now + (3600 * 365)
    cert.public_key = key.public_key
    ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
    cert.extensions = [
      ef.create_extension("basicConstraints","CA:FALSE"),
      ef.create_extension("subjectKeyIdentifier","hash"),
      ef.create_extension("extendedKeyUsage","serverAuth"),
      ef.create_extension("keyUsage","keyEncipherment,dataEncipherment,digitalSignature")
    ]
    ef.issuer_certificate = cert
    cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
    cert.sign(key, OpenSSL::Digest::SHA1.new)
  end

  ctx = OpenSSL::SSL::SSLContext.new()
  ctx.key = key
  ctx.cert = cert
  ctx.options = 0


  # Older versions of OpenSSL do not export the OP_NO_COMPRESSION symbol
  if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
    # enable/disable the SSL/TLS-level compression
    if params.ssl_compression
      ctx.options &= ~OpenSSL::SSL::OP_NO_COMPRESSION
    else
      ctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
    end
  end

  ctx.session_id_context = Rex::Text.rand_text(16)

  return ctx
end