I am needing to implement email notifications for a C++ project. Basically a user provides all the relevant information for their email account and on certain events this component would fire off an email. Ideally I would like to find a small cross platform open source command line project that I can exec from within my project and parse the output. Something like blat but it would also support SSL connections and can be used in both Windows(XP and 2003) and Linux (Ubuntu 6.06 and 8.04)
I could also use a library if it were simple enough and licensed under a commercial friendly license, but would be open to hearing all suggestions.
Thank you very much in advance for any recommendations
(A) One option is to use XMail:
http://www.xmailserver.org/
The readme file has instructions of how to build it in Linux and Windows:
http://www.xmailserver.org/Readme.html
If you look at the forums:
http://xmailforum.homelinux.net/
or do some Google searches you should be able to find more information on how to use it.
(B) Another, possibly easier option, would be to just make your application connect to and use an external SMTP server to send your notifications.
To compose the email libmime (http://www.mozilla.org/mailnews/arch/libmime-description.html) can be helpful.
To send the mail libsmtp (http://libsmtp.berlios.de/) can be used.
All the protocol and SSL code for my email client is available in Lgi:
http://www.memecode.com/lgi.php
It's LGPL, so you could use it as a DLL/SO. However it's not packaged ready to use binaries, you'd have to build it yourself and write some glue using the SMTP and MIME code. The SSL sockets stuff uses OpenSSL and works on both Linux and Windows.
I ended up using the Perl script sendEmail. A windows binary was available and building a new binary after modifying the Perl script was not too hard to do at all. The script also had no issues running in the LTE Ubuntu environments after the required Debian packages were installed.
Related
I have a C++ program which I want to use on my clients machines. However, some of my clients are behind proxies. Therefore, I want my program to automatically detect these proxies.
I have tried many solutions, such as reading the registry for the proxy settings, trying the Windows API's, etc.
However none of them have worked out well. E.g. the registry sometimes holds the url for the PAC-file and sometimes the actual proxy-address itself. Besides that, I haven't been able to find any username and password related to the proxy if it is set on the client machine (which some users say they have).
So, basically my question is:
How can I automatically determine the proxy settings of my clients in C++ so I can use the proxy-settings in my LibCurl requests later on regarding:
Proxy-address
Proxy-port
Proxy-User
Proxy-Password
I can't get it to work and I have been trying it for two weeks now without any improvement...
You can not read proxy setting in a generic way, since every application is free to store it in any way it wants. You should be able to read Internet Explorer proxy by using WinHttpGetIEProxyConfigForCurrentUser function, and it would also work for users browsers which use this setting, like Google Chrome.
How can I automatically determine the proxy settings of my clients in C++ so I can use the proxy-settings in my LibCurl requests?
libproxy is the answer!
Libproxy home page on GitHub
Libproxy repo on GitHub
It has these features according to the home page:
support for all major platforms: Windows, Mac and Linux/UNIX (see upcoming 0.4 release)
extremely small core footprint
no external dependencies within libproxy core (libproxy plugins may have dependencies)
only 3 functions in the stable-ish external API (1.0 will offer full stability)
dynamic adjustment to changing network topology
a standard way of dealing with proxy settings across all scenarios
a sublime sense of joy and accomplishment
I'm developing application in C++ (cross-platform; Windows, Mac and Linux) that needs to communicate securely with servers using https protocol with libcurl (built with winssl/darwinssl/openssl on Windows/Mac/Linux respectively). I've changed a curl option, CURLOPT_SSL_VERIFYPEER from 0 to 1 which should help prevent MitM issues.
This has caused issues that an initial search points to turning that option off, but after digging deeper I found:
Get a CA certificate that can verify the remote server and use the proper option to point out this CA cert for verification when connecting. For libcurl hackers: curl_easy_setopt(curl, CURLOPT_CAPATH, capath); from curl docs
and
Get a better/different/newer CA cert bundle! One option is to extract the one a recent Firefox browser uses by running 'make ca-bundle' in the curl build tree root, or possibly download a version that was generated this way for you.
from curl docs
I actually use CURLOPT_CAINFO to the bundle as I had seen some word of issues using CURLOPT_CAPATH on Windows; curl docs. I have downloaded and installed this bundle along with the application on Windows and Mac and I'd like to know if this is the correct way to do it or if there is a better practice.
Initially this caused issues for users of the application running behind some corporate networks or proxy which seemed to get fixed by building libcurl against winssl instead of openssl on Windows; though potentially disguising itself as a firewall issue, still unclear although it seems likely.
Sorry for the length.
Is anything silly about installing the ca-cert-bundle.crt along with the application, and is there anything that should be done differently to communicate securely with the server from this installed application?
A slightly separate, but still very related, issue I have is CURLOPT_CAINFO on Linux giving the error:
error setting certificate verify locations:
CAfile: ../share/my_application/curl-ca-bundle.crt
CApath: none
Though attempting to open the file for reading from within the application does work successfully. Edit: This issue I solved by NOT setting the CURLOPT_CAINFO field on Linux (leaving it blank) and adding the dependency package ca-certificates to the application package. The default path is correctly /etc/ssl/certs/ca-certificates.crt and seems to be working. To me this feels a bit better than installing the bundle with the application.
Edit2: Although solved it appears the ca-certificates package sometimes doesn't install ca-certificates.crt and instead ca-bundle.crt and the locations vary on different distros as this source, happyassassin.net shows that different Linux systems store the CA bundles in different locations. It did not seem to have a clear answer as to HOW to handle this. Should I be using a value in the configuration file that the user can then modify, or any other thoughts on the subject?
Edit3: Some users have pointed out that my name exists in one of the paths curl looks for, I'm not entirely sure how that is possible as the only thing I've specified for curl is where I built openssl/cares libraries...
I realize this is a loaded/multipart question but it is all on the same subject as the title states, I'd appreciate any help.
Thanks.
In my opinion, it is better to use system certificate then package certificates with application (if you are not using some special certs). For the linux it should be easy according to https://serverfault.com/questions/394815/how-to-update-curl-ca-bundle-on-redhat And for windows you can either use winssl or create the file from system https://superuser.com/questions/442793/why-cant-curl-properly-verify-a-certificate-on-windows Configure cURL to use default system cert store
A default libcurl build is setup to attempt to use the "right" CA bundle.
Linux
A libcurl built on Linux will scan and check where the CA store is located on your system and use that. If you install libcurl on a regular Linux distro, it should've been built to use the distro's "typical" CA store.
macOS
If you build libcurl for mac and tell it to use the Secure Transport backend, it will automatically use the macOS CA store. So will the default-installed curl and libcurls that come shipped bundled with macOS from Apple.
Windows
If you build libcurl for Windows to use Schannel (the windows TLS system) it will by default use the Windows CA store.
Other setups
If you deviate from these setups, you basically opt to not use the CA store that comes bundled in the operating system you're using. Then you need to handle and update the CA store yourself.
I want to run Linux command remotely from Window based Qt C++ application programmatically. What is the simpliest way to do it?
You need some sort of server on the Linux machine and your Windows machine will be a client. I'd say the easiest way would be just make a php script to run your command and drop it in your www root and have your Windows machine fetch that URL.
At the end of the day, without knowing what your requirements are with regard to security and with regard to what kind of commands you'll be running is, it's very difficult to give a definitive answer to this question.
Simply connect to telnet server on the linux using sockets, and send the commands.
This actually requires very little code. Check the Java version here:
Sending telnet commands and reading the response with Java
You can do similarly with Qt/C++ as well.
Simple server-side program witch will handle the requests and then using ex system() function will be this "remotely" part of solution.
And on client-side simple text field handled by function witch will be able to connect to server to send command run request.
The most important thing in this solution will be to take care about security.
One way to do it is, to have a client-server model, the server resides in linux and client can be your computer. That way you can send commands to the server and have its output thrown at you. That's one way I think of this problem.
Use UPnP to get past the firewall(or use NAT traversal or UDP/TCP hole punching). Otherwise (without forwarding the port) it would be impossible to reach the server.
The second is to write your own RSH and SSH utility. (or use putty or other pre-existing software)
You could use Plink if you are on Windows whatever version. If you can run PuTTY, then you can run PLink. PuTTY Plink Documentation. Using that you could use the executable, and automate things. Otherwise, if you're looking for a specific programming language, they'd still be dependent upon some SSH Library. If you're writing your own installer, you could include the PLink.exe in your installer, and distribute it with your application.
From the documentation page:
Z:\sysosd>plink login.example.com 'echo "Hello World"'
I'm in the process of creating a utility to backup user's media files. The media isn't being shared etc its only a backup utility.
I'm trying to think of the best way to protect users from ISPs accusing them of downloading illegal media files by using some sort of secure connection.
The utility is written in C++ using the Qt lib and so far I've only been able to find the QtSslSocket component for secure connections. The domain already has a valid SSL certificate for the next few years.
Can anyone suggest the best way to go about implementing this from both the server and client side. i.e what does the server need to have in place and is there anything in particular the backup utility needs to implement from the client side to ensure secure transactions?
Are there any known, stable sftp or ftps servers available etc?
As far as I know, Qt doesn't have support for secure FTP transfers.
Not sure what other info. would be useful to make the question any clearer but any advice or help pointing me in the right direction will be most welcomed.
EDIT I'm also Java competent so a Java solution will work just as well...
As Martin wrote, you can wrap client. But if you don't want to do that, you can use libssh.
I searched for some sort of solution to this for a couple days and then forgot about the problem. Then today I stumbled across this little gem in the Qt-Creator source Utils::ssh, includes support for SFTP, plain-old SSH, and all sorts of goodies.
Disentangling stuff from Qt-Creator can be a pain, but having gone through this process it amounts to grabbing Botan (one of the other libs in QT-Creator) + Utils.
When it rains, it pours, I find two solutions to this problem in an hour - http://nullget.sourceforge.net/ (Requires Chinese translation), but from their summary:
NullGet is written with Qt, runs on
multiple platforms, the GUI interface
of the multi-threaded multi-protocol
HTTP download software. Use NullGet
can easily download a variety of
network protocol data stream, faster
download speeds, support for HTTP, the
protocol currently supported are:
HTTP, HTTPS, FTP, MMS, RTSP. And it
can run on most current popular
operating systems including Windows,
Linux, FreeBSD and so on.
Easiest way would be to just wrap a commandline sftp client with a Qt front end.
On the server any ftp server should do sftp pretty much out of the box.
As Synthesizerpatel says Qt Creator implements SFTP. So I have isolated the library that contains SSH and SFTP and I have created a new project named QSsh in Github (https://github.com/lvklabs/QSsh). The aim of the project is to provide SSH and SFTP support for any Qt Application.
I have written an example on how to upload a file using SFTP in examples/SecureUploader/
I hope it might be helpful
Note: If you dont have time to read this long journey, the solution (with sourcecode) is here: http://www.coastrd.com/smtps.
For a long time sending email uing SMTP (port 25) via a remote mail server (usually at the website hosting company) was easy to do with an application. Open a TCP port 25, send "HELO ..." etc
To do this using googles email service is giving me a problem because they insist on using port 465 SMTPS ie SMTP with TLS encryption:
http://en.wikipedia.org/wiki/Transport_Layer_Security#How_it_works
In researching a way to do this with a language like C++ or a flavor of basic, i came across:
http://forums.realsoftware.com/viewtopic.php?f=2&t=29542
http://forums.realsoftware.com/viewtopic.php?f=2&t=26959&p=162671#p162671
and a Python question:
python smtp gmail authentication error (sending email through gmail smtp server)
If I am understanding this correctly, I am going to need to implement the TLS encryption in my C++ code, complete with all the hand shaking and negotiation?
From the C# question:
sending email with gmail smtp ( secure layer ) in c++
This library does not do it
http://johnwiggins.net/jwsmtp/
ADDED:
A lot of people are just installing the stunnel as a service and then configuring it to manage the an SSL connection
http://www.stunnel.org/about/
Stunnel is an OpenSSL wrapper. OpenSSL has some perfomance issues (http://josefsson.org/gnutls4win/)
"Initializing libgcrypt takes a long time on some systems, there has been reports that it can take around 10 seconds."
and requires: "libeay32.dll" 1.35MB + "libssl32.dll" 310k + "zlib1.dll" 75k
Then thre are a couple of commercial products:
http://www.chilkatsoft.com/downloads.asp
This product is mostly delivered as an Activex (COM) "dll" (requiring an installer on the users machine to 'register' the dll - another bad .net idea).
The installer loads "ChilkatMime.dll" 1.33Mb, "ChilkatCert.dll" 1.26MB, "ChilkatUtil.dll" 720k. The developers were not at all interested in cooperating on a true C .dll library that could be called from any language including C/C++/BASIC/Python etc etc. Given their attitude I am not surprised they have been the victim of code generators made by hackers.
Apart from the cheesy name and artwork, their products are reasonably priced, but the one I tried, connected on port 25 despite being told to use port 465.
By contrast, a commercial option from catalyst:
http://www.catalyst.com/products/sockettools/secure/library/index.html
is now available as component of the main socket tools product for 1/3 the price. These tools are first class! yes, you get what you pay for. The developers are responsive and open to suggestions. They offer ALL flavors of dll including a stand alone .dll that can be shipped with you product that is only 230k! For commecial solutions they win hands down.
An SLL/TLS connection can be made explicitly (as soon as the handshake begins the seesion) or implicitly (after the handshake using STARTTLS etc)
CodeIgniter is implicit for example (as are options in Python, asp, php etc)
http://codeigniter.com/forums/viewthread/84689/
Once the connection has been made, a "tunnel" exists through which a MIME session may proceed:
"EHLO " + sLocalHost + CRLF
"MAIL FROM: " + sMailFrom + CRLF
"RCPT TO: " + "me#mydomain.com" + CRLF
"DATA: Testing, Testing xyz" + CRLF
CRLF + "." + CRLF
"QUIT"
with the usual responses from the server.
Some languages handle the MIME communication for you (socket tools, codeigniter, etc) and you just feed in the email subject, body and address making it very easy to use
CryptLib is an open source solution that facilitates an SSL/TLS tunnel with a C style .dll in only 1MB (full compilation). Since the source is available, it is possible to compile a version of the dll with just the components you need that should come in somewhat less than that.
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/download.html
The author was very responsive even though I got the library to work immediately and was asking about the MIME dialog. There is 330 page manual! Thank you.
THis library is not an MTA (mail transfer agent) so you must write the MIME conversation above, but it is FREE!
source code available here:
http://www.coastrd.com/smtps.
Check out http://sourceforge.net/projects/libquickmail/ .
This library can send mail with optional attachments to multiple recipients.
The SMTP transport relies on libcurl, so it supports things like authentication and TLS.
The C API is very simple to use.
Tested on Linux (GCC) and Windows (MinGW) but should work on any platform where libcurl is available.
You are correct that you'll need to enable TLS in your application. Instead of doing this on your own, I'd suggest looking into OpenSSL.
Additionally, You need to enable SMTP in your account and support SMTP authentication to send traffic through Gmail.
There is also a duplicate question that has some pointers and a C# implementation with code that might be able to help you out.
There is also a library that might be easier to use than rolling your own (although it doesn't currently have TLS support).