GitHub-Mirror/NeoStats-NeoIRCd
Archived
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

restart ircd development. IRCD ssl conf file fixes

Browse source
This commit is contained in:
fishwaldo 2003-01-27 04:20:36 +00:00
parent 13d98daab5
commit 69acba7822
9 changed files with 128 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog
View file

@ -10,7 +10,8 @@ Symbols are:
(F) - Initial Support for SSL connections started (and now it works!) (F) - Initial Support for SSL connections started (and now it works!)
(F) - Added Z umode to identify SSL clients, and added whois reply for SSL clients (F) - Added Z umode to identify SSL clients, and added whois reply for SSL clients
(F) - Can invite non-Z clients into +S channels (F) - Can invite non-Z clients into +S channels
(F) - SSL conf file support and restart of neoircd coding :)
* NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish * NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish
(S) - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team (S) - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team
Also thanks for the reference and event code in question. Also thanks for the reference and event code in question.

6
include/s_conf.h
View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: s_conf.h,v 1.7 2002/10/31 13:01:54 fishwaldo Exp $ * $Id: s_conf.h,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#ifndef INCLUDED_s_conf_h #ifndef INCLUDED_s_conf_h
@ -277,6 +277,10 @@ struct server_info
#ifdef HAVE_LIBCRYPTO #ifdef HAVE_LIBCRYPTO
char * rsa_private_key_file; char * rsa_private_key_file;
RSA * rsa_private_key; RSA * rsa_private_key;
#endif
#ifdef USE_SSL
char * public_cert_file;
char * private_cert_file;
#endif #endif
int hub; int hub;
struct irc_inaddr ip; struct irc_inaddr ip;

4
include/ssl.h
View file

@ -20,7 +20,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ssl.h,v 1.1 2002/11/04 08:14:00 fishwaldo Exp $ * $Id: ssl.h,v 1.2 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#ifndef SSL_H #ifndef SSL_H
@ -38,6 +38,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include "client.h" #include "client.h"
extern char ssl_cpath[BUFSIZE+1];
extern char ssl_kpath[BUFSIZE+1];
int safe_SSL_read(struct Client *, void *, int); int safe_SSL_read(struct Client *, void *, int);
int safe_SSL_write(struct Client *, const void *, int); int safe_SSL_write(struct Client *, const void *, int);

6
modules/m_userhost.c
View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: m_userhost.c,v 1.4 2002/09/21 06:26:12 fishwaldo Exp $ * $Id: m_userhost.c,v 1.5 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#include "stdinc.h" #include "stdinc.h"
@ -57,7 +57,7 @@ _moddeinit(void)
mod_del_cmd(&userhost_msgtab); mod_del_cmd(&userhost_msgtab);
} }
const char *_version = "$Revision: 1.4 $"; const char *_version = "$Revision: 1.5 $";
#endif #endif
/* /*
* m_userhost added by Darren Reed 13/8/91 to aid clients and reduce * m_userhost added by Darren Reed 13/8/91 to aid clients and reduce
@ -106,7 +106,7 @@ static void m_userhost(struct Client *client_p,
IsOper(target_p) ? "*" : "", IsOper(target_p) ? "*" : "",
(target_p->user->away) ? '-' : '+', (target_p->user->away) ? '-' : '+',
target_p->username, target_p->username,
target_p->vhost); target_p->host);
} }
else else
{ {

7
src/ircd.c
View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ircd.c,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $ * $Id: ircd.c,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#include "stdinc.h" #include "stdinc.h"
@ -623,7 +623,6 @@ int main(int argc, char *argv[])
/* Init the event subsystem */ /* Init the event subsystem */
eventInit(); eventInit();
init_sys(); init_sys();
initssl();
if (!server_state.foreground) if (!server_state.foreground)
{ {
@ -655,6 +654,10 @@ int main(int argc, char *argv[])
init_auth(); /* Initialise the auth code */ init_auth(); /* Initialise the auth code */
init_resolver(); /* Needs to be setup before the io loop */ init_resolver(); /* Needs to be setup before the io loop */
read_conf_files(YES); /* cold start init conf files */ read_conf_files(YES); /* cold start init conf files */
#ifdef USE_SSL
initssl();
#endif
#ifndef STATIC_MODULES #ifndef STATIC_MODULES
mod_add_path(IRCD_PREFIX "/modules"); mod_add_path(IRCD_PREFIX "/modules");

4
src/ircd_lexer.l
View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ircd_lexer.l,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $ * $Id: ircd_lexer.l,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
%option case-insensitive %option case-insensitive
@ -235,6 +235,8 @@ password { return PASSWORD; }
persist_time { return PERSIST_TIME; } persist_time { return PERSIST_TIME; }
ping_cookie { return PING_COOKIE; } ping_cookie { return PING_COOKIE; }
ping_time { return PING_TIME; } ping_time { return PING_TIME; }
public_cert_file { return PUBLIC_CERT_FILE; }
private_cert_file { return PRIVATE_CERT_FILE; }
port { return PORT; } port { return PORT; }
quiet_on_ban { return QUIET_ON_BAN; } quiet_on_ban { return QUIET_ON_BAN; }
reason { return REASON; } reason { return REASON; }

101
src/ircd_parser.y
View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ircd_parser.y,v 1.13 2002/11/04 08:14:00 fishwaldo Exp $ * $Id: ircd_parser.y,v 1.14 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
%{ %{
@ -206,6 +206,8 @@ int class_redirport_var;
%token PERSIST_TIME %token PERSIST_TIME
%token PING_COOKIE %token PING_COOKIE
%token PING_TIME %token PING_TIME
%token PRIVATE_CERT_FILE
%token PUBLIC_CERT_FILE
%token PORT %token PORT
%token QSTRING %token QSTRING
%token QUIET_ON_BAN %token QUIET_ON_BAN
@ -404,7 +406,8 @@ serverinfo_item: serverinfo_name | serverinfo_vhost |
serverinfo_network_name | serverinfo_network_desc | serverinfo_network_name | serverinfo_network_desc |
serverinfo_max_clients | serverinfo_max_clients |
serverinfo_rsa_private_key_file | serverinfo_vhost6 | serverinfo_rsa_private_key_file | serverinfo_vhost6 |
serverinfo_max_buffer | serverinfo_max_buffer | serverinfo_public_cert_file |
serverinfo_private_cert_file |
error; error;
serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';' serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
@ -465,6 +468,100 @@ serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
#endif #endif
}; };
serverinfo_public_cert_file: PUBLIC_CERT_FILE '=' QSTRING ';'
{
#ifdef USE_SSL
int filen;
if (ServerInfo.public_cert_file)
{
MyFree(ServerInfo.public_cert_file);
ServerInfo.public_cert_file = NULL;
}
if ((filen = open(yylval.string, O_RDONLY)) < 0)
{
switch(errno) {
case ENOENT:
case ENOTDIR:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry public_cert_file -- file open failed"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry public_cert_file -- file open failed"
" (%s) (%d)", yylval.string, errno);
break;
case EACCES:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry public_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry public_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
break;
default:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry public_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry public_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
break;
}
} else {
DupString(ServerInfo.public_cert_file, yylval.string);
close(filen);
}
#endif
};
serverinfo_private_cert_file: PRIVATE_CERT_FILE '=' QSTRING ';'
{
#ifdef USE_SSL
int filen;
if (ServerInfo.private_cert_file)
{
MyFree(ServerInfo.private_cert_file);
ServerInfo.private_cert_file = NULL;
}
if ((filen = open(yylval.string, O_RDONLY)) < 0)
{
switch(errno) {
case ENOENT:
case ENOTDIR:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry private_cert_file -- file open failed"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry private_cert_file -- File open failed"
" (%s) (%d)", yylval.string, errno);
break;
case EACCES:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry private_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry private_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
break;
default:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry private_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry private_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
break;
}
} else {
DupString(ServerInfo.private_cert_file, yylval.string);
close(filen);
}
#endif
};
serverinfo_name: NAME '=' QSTRING ';' serverinfo_name: NAME '=' QSTRING ';'
{ {
/* this isn't rehashable */ /* this isn't rehashable */

3
src/packet.c
View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: packet.c,v 1.7 2002/11/04 08:50:46 fishwaldo Exp $ * $Id: packet.c,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#include "stdinc.h" #include "stdinc.h"
#include "tools.h" #include "tools.h"
@ -393,7 +393,6 @@ read_packet(int fd, void *data)
#endif #endif
length = recv(fd_r, readBuf, READBUF_SIZE, 0); length = recv(fd_r, readBuf, READBUF_SIZE, 0);
printf("leng %d\n", length);
/* THIS WAS <= 0, should it stay? */ /* THIS WAS <= 0, should it stay? */
if (length <= 0) if (length <= 0)
{ {

24
src/ssl.c
View file

@ -20,7 +20,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA * USA
* *
* $Id: ssl.c,v 1.2 2002/11/04 08:50:46 fishwaldo Exp $ * $Id: ssl.c,v 1.3 2003/01/27 04:20:36 fishwaldo Exp $
*/ */
#include "stdinc.h" #include "stdinc.h"
@ -31,6 +31,7 @@
#include "ssl.h" #include "ssl.h"
#include "client.h" #include "client.h"
#include "send.h" #include "send.h"
#include "s_conf.h"
#ifdef USE_SSL #ifdef USE_SSL
#define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt" #define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt"
@ -58,14 +59,14 @@ initssl (void)
return 0; return 0;
} }
if (SSL_CTX_use_certificate_file (ircdssl_ctx, if (SSL_CTX_use_certificate_file (ircdssl_ctx,
IRCDSSL_CPATH, SSL_FILETYPE_PEM) <= 0) ServerInfo.public_cert_file, SSL_FILETYPE_PEM) <= 0)
{ {
ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File"); ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File");
SSL_CTX_free (ircdssl_ctx); SSL_CTX_free (ircdssl_ctx);
return 0; return 0;
} }
if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx, if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx,
IRCDSSL_KPATH, SSL_FILETYPE_PEM) <= 0) ServerInfo.private_cert_file, SSL_FILETYPE_PEM) <= 0)
{ {
ilog(L_ERROR, "initssl(): Failed to use Private Certificate"); ilog(L_ERROR, "initssl(): Failed to use Private Certificate");
SSL_CTX_free (ircdssl_ctx); SSL_CTX_free (ircdssl_ctx);
@ -90,34 +91,25 @@ safe_SSL_read (struct Client * client_p, void *buf, int sz)
bzero(buf, sz); bzero(buf, sz);
len = SSL_read(client_p->localClient->ssl, buf, sz); len = SSL_read(client_p->localClient->ssl, buf, sz);
printf("ssl read %s\n\nlen %d (%d)", buf, len, sz);
if (len <= 0) if (len <= 0)
{ {
printf("len is less than 0 (%d)\n", len);
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len)) switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
{ {
case SSL_ERROR_SYSCALL: case SSL_ERROR_SYSCALL:
printf("SSL_ERROR_SYSCALL\n");
if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR) if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
{ {
case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_READ:
errno = EWOULDBLOCK; errno = EWOULDBLOCK;
#ifdef DEBUG return -1;
printf("SSL_ERROR_WANT_READ\n");
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
#endif
return -1;
} }
case SSL_ERROR_SSL: case SSL_ERROR_SSL:
#ifdef DEBUG #ifdef DEBUG
printf("SSL_ERROR_SSL\n");
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p); fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
#endif #endif
if (errno == EAGAIN) if (errno == EAGAIN)
return -1; return -1;
default: default:
printf("fatal error\n");
return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p); return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p);
} }
} }
@ -129,9 +121,7 @@ safe_SSL_write (struct Client *client_p, const void *buf, int sz)
{ {
int len, ssl_err; int len, ssl_err;
printf("ssl write %s %d(%d)\n", buf, strlen(buf), sz);
len = SSL_write (client_p->localClient->ssl, buf, sz); len = SSL_write (client_p->localClient->ssl, buf, sz);
printf("len %d\n", len);
if (len <= 0) if (len <= 0)
{ {
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len)) switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))