dup2 socket descriptor using SSL

Ernesto81 has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks,

Congratulations for your nice Web which I've used as reference several times. This is my first post.

I started to study perl around 3 months ago playing with basic stuff. While studying sockets in Perl, and as part of my "training" I played with dup2 system call to redirect file descritors like this (I used another piece of software as reference):

while (1) {
my $client = $server->accept();
fcntl $client, F_SETFD, 0 or warn "$!";
die "can't fork: $!" unless defined( my $sspid = fork() );
if ( !$sspid ) {
   close($server);
   while ( defined( my $line = <$client> ) ) {
      if ( $line =~ /_exec_/i ) {
         POSIX::close(0);
         if ( defined( my $fd = fileno $client ) ) {
            POSIX::dup2( $fd, 0 );
            POSIX::close($fd);
            POSIX::dup2( 0, 1 );
            POSIX::dup2( 0, 2 );    
            eval {
               exec "/bin/bash" or warn "$!"; 
            }; warn "TRAP : $@\n" if $@;
         }
      } else {
         print $client $line;
      }
   }
   close($client);
   exit 1;
}
}
[download]

Now I would like to do exactly the same but using SSL (Net::SSLeay, I've used CPAN SSLeay documentation as reference)

How can I redirect STDIN, STDOUT and STDERR to a socket using SSL? The idea is to execute commands remotely, just as in the previous example.

Thanks in advance and kind regards,
Ernesto

Comment on dup2 socket descriptor using SSL Download Code

Replies are listed 'Best First'.
Re: dup2 socket descriptor using SSL by salva (Canon) on Jul 29, 2010 at 10:11 UTC
You can't do that as the SSL layer runs inside the Perl process and will not survive the `exec` call. What you need is an SSL proxy that talks SSL in one side and clean data on the other. Fortunately for you I had the same problem some time ago, and the solution is published on CPAN as IO::Socket::Forwarder: `# untested and error checks omitted!!! use IO::Socket::Forwarder; use Socket; use POSIX qw(_exit dup2); my $proxy_pid = fork; unless ($proxy_pid) { socketpair(my $sock_parent, my $sock_child, AF_UNIX, SOCK_STREAM, PF +_UNSPEC); my $sspid = fork; unless ($sspid) { my $fn = fileno $sock_child; $fn < 3 and die "bad fileno"; dup2($sock_child, 0); dup2(0, 1); dup2(0, 2); { exec "/bin/bash"; } _exit(1); } close $sock_child; forward_sockets($fd, $sock_parent); _exit(0); }` [download]	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: dup2 socket descriptor using SSL
by salva (Canon) on Jul 29, 2010 at 10:11 UTC

exec

What you need is an SSL proxy that talks SSL in one side and clean data on the other.

Fortunately for you I had the same problem some time ago, and the solution is published on CPAN as IO::Socket::Forwarder:

# untested and error checks omitted!!!

use IO::Socket::Forwarder;
use Socket;
use POSIX qw(_exit dup2);

my $proxy_pid = fork;
unless ($proxy_pid) {
  socketpair(my $sock_parent, my $sock_child, AF_UNIX, SOCK_STREAM, PF
+_UNSPEC);
  my $sspid = fork;
  unless ($sspid) {
    my $fn = fileno $sock_child;
    $fn < 3 and die "bad fileno";
    dup2($sock_child, 0);
    dup2(0, 1);
    dup2(0, 2);
    { exec "/bin/bash"; }
    _exit(1);
  }
  close $sock_child;
  forward_sockets($fd, $sock_parent);
  _exit(0);
}
[download]

[reply]
[d/l]
[select]