diff --git a/ChangeLog b/ChangeLog index 86f07be..ef8ee07 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,7 +10,8 @@ Symbols are: (F) - Initial Support for SSL connections started (and now it works!) (F) - Added Z umode to identify SSL clients, and added whois reply for SSL clients (F) - Can invite non-Z clients into +S channels - +(F) - SSL conf file support and restart of neoircd coding :) + * NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish (S) - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team Also thanks for the reference and event code in question. diff --git a/include/s_conf.h b/include/s_conf.h index 27f271a..3c07622 100644 --- a/include/s_conf.h +++ b/include/s_conf.h @@ -19,7 +19,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * - * $Id: s_conf.h,v 1.7 2002/10/31 13:01:54 fishwaldo Exp $ + * $Id: s_conf.h,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $ */ #ifndef INCLUDED_s_conf_h @@ -277,6 +277,10 @@ struct server_info #ifdef HAVE_LIBCRYPTO char * rsa_private_key_file; RSA * rsa_private_key; +#endif +#ifdef USE_SSL + char * public_cert_file; + char * private_cert_file; #endif int hub; struct irc_inaddr ip; diff --git a/include/ssl.h b/include/ssl.h index 6f15f49..cfcdc5f 100644 --- a/include/ssl.h +++ b/include/ssl.h @@ -20,7 +20,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * - * $Id: ssl.h,v 1.1 2002/11/04 08:14:00 fishwaldo Exp $ + * $Id: ssl.h,v 1.2 2003/01/27 04:20:36 fishwaldo Exp $ */ #ifndef SSL_H @@ -38,6 +38,8 @@ #include #include "client.h" +extern char ssl_cpath[BUFSIZE+1]; +extern char ssl_kpath[BUFSIZE+1]; int safe_SSL_read(struct Client *, void *, int); int safe_SSL_write(struct Client *, const void *, int); diff --git a/modules/m_userhost.c b/modules/m_userhost.c index f8235ec..46ff872 100644 --- a/modules/m_userhost.c +++ b/modules/m_userhost.c @@ -19,7 +19,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * - * $Id: m_userhost.c,v 1.4 2002/09/21 06:26:12 fishwaldo Exp $ + * $Id: m_userhost.c,v 1.5 2003/01/27 04:20:36 fishwaldo Exp $ */ #include "stdinc.h" @@ -57,7 +57,7 @@ _moddeinit(void) mod_del_cmd(&userhost_msgtab); } -const char *_version = "$Revision: 1.4 $"; +const char *_version = "$Revision: 1.5 $"; #endif /* * m_userhost added by Darren Reed 13/8/91 to aid clients and reduce @@ -106,7 +106,7 @@ static void m_userhost(struct Client *client_p, IsOper(target_p) ? "*" : "", (target_p->user->away) ? '-' : '+', target_p->username, - target_p->vhost); + target_p->host); } else { diff --git a/src/ircd.c b/src/ircd.c index cf63d60..b34eaea 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -19,7 +19,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * - * $Id: ircd.c,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $ + * $Id: ircd.c,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $ */ #include "stdinc.h" @@ -623,7 +623,6 @@ int main(int argc, char *argv[]) /* Init the event subsystem */ eventInit(); init_sys(); - initssl(); if (!server_state.foreground) { @@ -655,6 +654,10 @@ int main(int argc, char *argv[]) init_auth(); /* Initialise the auth code */ init_resolver(); /* Needs to be setup before the io loop */ read_conf_files(YES); /* cold start init conf files */ +#ifdef USE_SSL + initssl(); +#endif + #ifndef STATIC_MODULES mod_add_path(IRCD_PREFIX "/modules"); diff --git a/src/ircd_lexer.l b/src/ircd_lexer.l index 61187ae..d9bdebd 100644 --- a/src/ircd_lexer.l +++ b/src/ircd_lexer.l @@ -19,7 +19,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * - * $Id: ircd_lexer.l,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $ + * $Id: ircd_lexer.l,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $ */ %option case-insensitive @@ -235,6 +235,8 @@ password { return PASSWORD; } persist_time { return PERSIST_TIME; } ping_cookie { return PING_COOKIE; } ping_time { return PING_TIME; } +public_cert_file { return PUBLIC_CERT_FILE; } +private_cert_file { return PRIVATE_CERT_FILE; } port { return PORT; } quiet_on_ban { return QUIET_ON_BAN; } reason { return REASON; } diff --git a/src/ircd_parser.y b/src/ircd_parser.y index 3fc8bf3..3e64630 100644 --- a/src/ircd_parser.y +++ b/src/ircd_parser.y @@ -19,7 +19,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * - * $Id: ircd_parser.y,v 1.13 2002/11/04 08:14:00 fishwaldo Exp $ + * $Id: ircd_parser.y,v 1.14 2003/01/27 04:20:36 fishwaldo Exp $ */ %{ @@ -206,6 +206,8 @@ int class_redirport_var; %token PERSIST_TIME %token PING_COOKIE %token PING_TIME +%token PRIVATE_CERT_FILE +%token PUBLIC_CERT_FILE %token PORT %token QSTRING %token QUIET_ON_BAN @@ -404,7 +406,8 @@ serverinfo_item: serverinfo_name | serverinfo_vhost | serverinfo_network_name | serverinfo_network_desc | serverinfo_max_clients | serverinfo_rsa_private_key_file | serverinfo_vhost6 | - serverinfo_max_buffer | + serverinfo_max_buffer | serverinfo_public_cert_file | + serverinfo_private_cert_file | error; serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';' @@ -465,6 +468,100 @@ serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';' #endif }; +serverinfo_public_cert_file: PUBLIC_CERT_FILE '=' QSTRING ';' + { +#ifdef USE_SSL + int filen; + + if (ServerInfo.public_cert_file) + { + MyFree(ServerInfo.public_cert_file); + ServerInfo.public_cert_file = NULL; + } + if ((filen = open(yylval.string, O_RDONLY)) < 0) + { + switch(errno) { + case ENOENT: + case ENOTDIR: + sendto_realops_flags(FLAGS_ALL, L_ALL, + "Ignoring config file entry public_cert_file -- file open failed" + " (%s) (%d)", yylval.string, errno); + ilog(L_ERROR, + "Ignoring config file entry public_cert_file -- file open failed" + " (%s) (%d)", yylval.string, errno); + break; + case EACCES: + sendto_realops_flags(FLAGS_ALL, L_ALL, + "Ignoring config file entry public_cert_file -- Permission Denied" + " (%s) (%d)", yylval.string, errno); + ilog(L_ERROR, + "Ignoring config file entry public_cert_file -- Permission Denied" + " (%s) (%d)", yylval.string, errno); + break; + default: + sendto_realops_flags(FLAGS_ALL, L_ALL, + "Ignoring config file entry public_cert_file -- Unknown Error" + " (%s) (%d)", yylval.string, errno); + ilog(L_ERROR, + "Ignoring config file entry public_cert_file -- Unknown Error" + " (%s) (%d)", yylval.string, errno); + + break; + } + } else { + DupString(ServerInfo.public_cert_file, yylval.string); + close(filen); + } +#endif +}; +serverinfo_private_cert_file: PRIVATE_CERT_FILE '=' QSTRING ';' + { +#ifdef USE_SSL + int filen; + if (ServerInfo.private_cert_file) + { + MyFree(ServerInfo.private_cert_file); + ServerInfo.private_cert_file = NULL; + } + + + + if ((filen = open(yylval.string, O_RDONLY)) < 0) + { + switch(errno) { + case ENOENT: + case ENOTDIR: + sendto_realops_flags(FLAGS_ALL, L_ALL, + "Ignoring config file entry private_cert_file -- file open failed" + " (%s) (%d)", yylval.string, errno); + ilog(L_ERROR, + "Ignoring config file entry private_cert_file -- File open failed" + " (%s) (%d)", yylval.string, errno); + break; + case EACCES: + sendto_realops_flags(FLAGS_ALL, L_ALL, + "Ignoring config file entry private_cert_file -- Permission Denied" + " (%s) (%d)", yylval.string, errno); + ilog(L_ERROR, + "Ignoring config file entry private_cert_file -- Permission Denied" + " (%s) (%d)", yylval.string, errno); + break; + default: + sendto_realops_flags(FLAGS_ALL, L_ALL, + "Ignoring config file entry private_cert_file -- Unknown Error" + " (%s) (%d)", yylval.string, errno); + ilog(L_ERROR, + "Ignoring config file entry private_cert_file -- Unknown Error" + " (%s) (%d)", yylval.string, errno); + break; + } + } else { + DupString(ServerInfo.private_cert_file, yylval.string); + close(filen); + } +#endif +}; + serverinfo_name: NAME '=' QSTRING ';' { /* this isn't rehashable */ diff --git a/src/packet.c b/src/packet.c index 19dc8ce..0f3ab1d 100644 --- a/src/packet.c +++ b/src/packet.c @@ -19,7 +19,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * - * $Id: packet.c,v 1.7 2002/11/04 08:50:46 fishwaldo Exp $ + * $Id: packet.c,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $ */ #include "stdinc.h" #include "tools.h" @@ -393,7 +393,6 @@ read_packet(int fd, void *data) #endif length = recv(fd_r, readBuf, READBUF_SIZE, 0); -printf("leng %d\n", length); /* THIS WAS <= 0, should it stay? */ if (length <= 0) { diff --git a/src/ssl.c b/src/ssl.c index 060c532..ea467b1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20,7 +20,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * - * $Id: ssl.c,v 1.2 2002/11/04 08:50:46 fishwaldo Exp $ + * $Id: ssl.c,v 1.3 2003/01/27 04:20:36 fishwaldo Exp $ */ #include "stdinc.h" @@ -31,6 +31,7 @@ #include "ssl.h" #include "client.h" #include "send.h" +#include "s_conf.h" #ifdef USE_SSL #define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt" @@ -58,14 +59,14 @@ initssl (void) return 0; } if (SSL_CTX_use_certificate_file (ircdssl_ctx, - IRCDSSL_CPATH, SSL_FILETYPE_PEM) <= 0) + ServerInfo.public_cert_file, SSL_FILETYPE_PEM) <= 0) { ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File"); SSL_CTX_free (ircdssl_ctx); return 0; } if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx, - IRCDSSL_KPATH, SSL_FILETYPE_PEM) <= 0) + ServerInfo.private_cert_file, SSL_FILETYPE_PEM) <= 0) { ilog(L_ERROR, "initssl(): Failed to use Private Certificate"); SSL_CTX_free (ircdssl_ctx); @@ -90,34 +91,25 @@ safe_SSL_read (struct Client * client_p, void *buf, int sz) bzero(buf, sz); len = SSL_read(client_p->localClient->ssl, buf, sz); -printf("ssl read %s\n\nlen %d (%d)", buf, len, sz); if (len <= 0) { - printf("len is less than 0 (%d)\n", len); switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len)) { case SSL_ERROR_SYSCALL: -printf("SSL_ERROR_SYSCALL\n"); if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR) { - case SSL_ERROR_WANT_READ: - errno = EWOULDBLOCK; -#ifdef DEBUG - printf("SSL_ERROR_WANT_READ\n"); - fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p); -#endif - return -1; + case SSL_ERROR_WANT_READ: + errno = EWOULDBLOCK; + return -1; } case SSL_ERROR_SSL: #ifdef DEBUG - printf("SSL_ERROR_SSL\n"); fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p); #endif if (errno == EAGAIN) return -1; default: - printf("fatal error\n"); return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p); } } @@ -129,9 +121,7 @@ safe_SSL_write (struct Client *client_p, const void *buf, int sz) { int len, ssl_err; -printf("ssl write %s %d(%d)\n", buf, strlen(buf), sz); len = SSL_write (client_p->localClient->ssl, buf, sz); -printf("len %d\n", len); if (len <= 0) { switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))