restart ircd development. IRCD ssl conf file fixes

This commit is contained in:
fishwaldo 2003-01-27 04:20:36 +00:00
parent 13d98daab5
commit 69acba7822
9 changed files with 128 additions and 30 deletions

View file

@ -10,7 +10,8 @@ Symbols are:
(F) - Initial Support for SSL connections started (and now it works!) (F) - Initial Support for SSL connections started (and now it works!)
(F) - Added Z umode to identify SSL clients, and added whois reply for SSL clients (F) - Added Z umode to identify SSL clients, and added whois reply for SSL clients
(F) - Can invite non-Z clients into +S channels (F) - Can invite non-Z clients into +S channels
(F) - SSL conf file support and restart of neoircd coding :)
* NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish * NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish
(S) - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team (S) - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team
Also thanks for the reference and event code in question. Also thanks for the reference and event code in question.

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: s_conf.h,v 1.7 2002/10/31 13:01:54 fishwaldo Exp $ * $Id: s_conf.h,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#ifndef INCLUDED_s_conf_h #ifndef INCLUDED_s_conf_h
@ -277,6 +277,10 @@ struct server_info
#ifdef HAVE_LIBCRYPTO #ifdef HAVE_LIBCRYPTO
char * rsa_private_key_file; char * rsa_private_key_file;
RSA * rsa_private_key; RSA * rsa_private_key;
#endif
#ifdef USE_SSL
char * public_cert_file;
char * private_cert_file;
#endif #endif
int hub; int hub;
struct irc_inaddr ip; struct irc_inaddr ip;

View file

@ -20,7 +20,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ssl.h,v 1.1 2002/11/04 08:14:00 fishwaldo Exp $ * $Id: ssl.h,v 1.2 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#ifndef SSL_H #ifndef SSL_H
@ -38,6 +38,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include "client.h" #include "client.h"
extern char ssl_cpath[BUFSIZE+1];
extern char ssl_kpath[BUFSIZE+1];
int safe_SSL_read(struct Client *, void *, int); int safe_SSL_read(struct Client *, void *, int);
int safe_SSL_write(struct Client *, const void *, int); int safe_SSL_write(struct Client *, const void *, int);

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: m_userhost.c,v 1.4 2002/09/21 06:26:12 fishwaldo Exp $ * $Id: m_userhost.c,v 1.5 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#include "stdinc.h" #include "stdinc.h"
@ -57,7 +57,7 @@ _moddeinit(void)
mod_del_cmd(&userhost_msgtab); mod_del_cmd(&userhost_msgtab);
} }
const char *_version = "$Revision: 1.4 $"; const char *_version = "$Revision: 1.5 $";
#endif #endif
/* /*
* m_userhost added by Darren Reed 13/8/91 to aid clients and reduce * m_userhost added by Darren Reed 13/8/91 to aid clients and reduce
@ -106,7 +106,7 @@ static void m_userhost(struct Client *client_p,
IsOper(target_p) ? "*" : "", IsOper(target_p) ? "*" : "",
(target_p->user->away) ? '-' : '+', (target_p->user->away) ? '-' : '+',
target_p->username, target_p->username,
target_p->vhost); target_p->host);
} }
else else
{ {

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ircd.c,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $ * $Id: ircd.c,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#include "stdinc.h" #include "stdinc.h"
@ -623,7 +623,6 @@ int main(int argc, char *argv[])
/* Init the event subsystem */ /* Init the event subsystem */
eventInit(); eventInit();
init_sys(); init_sys();
initssl();
if (!server_state.foreground) if (!server_state.foreground)
{ {
@ -655,6 +654,10 @@ int main(int argc, char *argv[])
init_auth(); /* Initialise the auth code */ init_auth(); /* Initialise the auth code */
init_resolver(); /* Needs to be setup before the io loop */ init_resolver(); /* Needs to be setup before the io loop */
read_conf_files(YES); /* cold start init conf files */ read_conf_files(YES); /* cold start init conf files */
#ifdef USE_SSL
initssl();
#endif
#ifndef STATIC_MODULES #ifndef STATIC_MODULES
mod_add_path(IRCD_PREFIX "/modules"); mod_add_path(IRCD_PREFIX "/modules");

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ircd_lexer.l,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $ * $Id: ircd_lexer.l,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
%option case-insensitive %option case-insensitive
@ -235,6 +235,8 @@ password { return PASSWORD; }
persist_time { return PERSIST_TIME; } persist_time { return PERSIST_TIME; }
ping_cookie { return PING_COOKIE; } ping_cookie { return PING_COOKIE; }
ping_time { return PING_TIME; } ping_time { return PING_TIME; }
public_cert_file { return PUBLIC_CERT_FILE; }
private_cert_file { return PRIVATE_CERT_FILE; }
port { return PORT; } port { return PORT; }
quiet_on_ban { return QUIET_ON_BAN; } quiet_on_ban { return QUIET_ON_BAN; }
reason { return REASON; } reason { return REASON; }

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ircd_parser.y,v 1.13 2002/11/04 08:14:00 fishwaldo Exp $ * $Id: ircd_parser.y,v 1.14 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
%{ %{
@ -206,6 +206,8 @@ int class_redirport_var;
%token PERSIST_TIME %token PERSIST_TIME
%token PING_COOKIE %token PING_COOKIE
%token PING_TIME %token PING_TIME
%token PRIVATE_CERT_FILE
%token PUBLIC_CERT_FILE
%token PORT %token PORT
%token QSTRING %token QSTRING
%token QUIET_ON_BAN %token QUIET_ON_BAN
@ -404,7 +406,8 @@ serverinfo_item: serverinfo_name | serverinfo_vhost |
serverinfo_network_name | serverinfo_network_desc | serverinfo_network_name | serverinfo_network_desc |
serverinfo_max_clients | serverinfo_max_clients |
serverinfo_rsa_private_key_file | serverinfo_vhost6 | serverinfo_rsa_private_key_file | serverinfo_vhost6 |
serverinfo_max_buffer | serverinfo_max_buffer | serverinfo_public_cert_file |
serverinfo_private_cert_file |
error; error;
serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';' serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
@ -465,6 +468,100 @@ serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
#endif #endif
}; };
serverinfo_public_cert_file: PUBLIC_CERT_FILE '=' QSTRING ';'
{
#ifdef USE_SSL
int filen;
if (ServerInfo.public_cert_file)
{
MyFree(ServerInfo.public_cert_file);
ServerInfo.public_cert_file = NULL;
}
if ((filen = open(yylval.string, O_RDONLY)) < 0)
{
switch(errno) {
case ENOENT:
case ENOTDIR:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry public_cert_file -- file open failed"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry public_cert_file -- file open failed"
" (%s) (%d)", yylval.string, errno);
break;
case EACCES:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry public_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry public_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
break;
default:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry public_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry public_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
break;
}
} else {
DupString(ServerInfo.public_cert_file, yylval.string);
close(filen);
}
#endif
};
serverinfo_private_cert_file: PRIVATE_CERT_FILE '=' QSTRING ';'
{
#ifdef USE_SSL
int filen;
if (ServerInfo.private_cert_file)
{
MyFree(ServerInfo.private_cert_file);
ServerInfo.private_cert_file = NULL;
}
if ((filen = open(yylval.string, O_RDONLY)) < 0)
{
switch(errno) {
case ENOENT:
case ENOTDIR:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry private_cert_file -- file open failed"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry private_cert_file -- File open failed"
" (%s) (%d)", yylval.string, errno);
break;
case EACCES:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry private_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry private_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
break;
default:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry private_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry private_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
break;
}
} else {
DupString(ServerInfo.private_cert_file, yylval.string);
close(filen);
}
#endif
};
serverinfo_name: NAME '=' QSTRING ';' serverinfo_name: NAME '=' QSTRING ';'
{ {
/* this isn't rehashable */ /* this isn't rehashable */

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: packet.c,v 1.7 2002/11/04 08:50:46 fishwaldo Exp $ * $Id: packet.c,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#include "stdinc.h" #include "stdinc.h"
#include "tools.h" #include "tools.h"
@ -393,7 +393,6 @@ read_packet(int fd, void *data)
#endif #endif
length = recv(fd_r, readBuf, READBUF_SIZE, 0); length = recv(fd_r, readBuf, READBUF_SIZE, 0);
printf("leng %d\n", length);
/* THIS WAS <= 0, should it stay? */ /* THIS WAS <= 0, should it stay? */
if (length <= 0) if (length <= 0)
{ {

View file

@ -20,7 +20,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ssl.c,v 1.2 2002/11/04 08:50:46 fishwaldo Exp $ * $Id: ssl.c,v 1.3 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#include "stdinc.h" #include "stdinc.h"
@ -31,6 +31,7 @@
#include "ssl.h" #include "ssl.h"
#include "client.h" #include "client.h"
#include "send.h" #include "send.h"
#include "s_conf.h"
#ifdef USE_SSL #ifdef USE_SSL
#define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt" #define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt"
@ -58,14 +59,14 @@ initssl (void)
return 0; return 0;
} }
if (SSL_CTX_use_certificate_file (ircdssl_ctx, if (SSL_CTX_use_certificate_file (ircdssl_ctx,
IRCDSSL_CPATH, SSL_FILETYPE_PEM) <= 0) ServerInfo.public_cert_file, SSL_FILETYPE_PEM) <= 0)
{ {
ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File"); ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File");
SSL_CTX_free (ircdssl_ctx); SSL_CTX_free (ircdssl_ctx);
return 0; return 0;
} }
if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx, if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx,
IRCDSSL_KPATH, SSL_FILETYPE_PEM) <= 0) ServerInfo.private_cert_file, SSL_FILETYPE_PEM) <= 0)
{ {
ilog(L_ERROR, "initssl(): Failed to use Private Certificate"); ilog(L_ERROR, "initssl(): Failed to use Private Certificate");
SSL_CTX_free (ircdssl_ctx); SSL_CTX_free (ircdssl_ctx);
@ -90,34 +91,25 @@ safe_SSL_read (struct Client * client_p, void *buf, int sz)
bzero(buf, sz); bzero(buf, sz);
len = SSL_read(client_p->localClient->ssl, buf, sz); len = SSL_read(client_p->localClient->ssl, buf, sz);
printf("ssl read %s\n\nlen %d (%d)", buf, len, sz);
if (len <= 0) if (len <= 0)
{ {
printf("len is less than 0 (%d)\n", len);
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len)) switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
{ {
case SSL_ERROR_SYSCALL: case SSL_ERROR_SYSCALL:
printf("SSL_ERROR_SYSCALL\n");
if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR) if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
{ {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
errno = EWOULDBLOCK; errno = EWOULDBLOCK;
#ifdef DEBUG return -1;
printf("SSL_ERROR_WANT_READ\n");
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
#endif
return -1;
} }
case SSL_ERROR_SSL: case SSL_ERROR_SSL:
#ifdef DEBUG #ifdef DEBUG
printf("SSL_ERROR_SSL\n");
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p); fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
#endif #endif
if (errno == EAGAIN) if (errno == EAGAIN)
return -1; return -1;
default: default:
printf("fatal error\n");
return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p); return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p);
} }
} }
@ -129,9 +121,7 @@ safe_SSL_write (struct Client *client_p, const void *buf, int sz)
{ {
int len, ssl_err; int len, ssl_err;
printf("ssl write %s %d(%d)\n", buf, strlen(buf), sz);
len = SSL_write (client_p->localClient->ssl, buf, sz); len = SSL_write (client_p->localClient->ssl, buf, sz);
printf("len %d\n", len);
if (len <= 0) if (len <= 0)
{ {
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len)) switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))