restart ircd development. IRCD ssl conf file fixes
This commit is contained in:
parent
13d98daab5
commit
69acba7822
9 changed files with 128 additions and 30 deletions
|
@ -10,7 +10,8 @@ Symbols are:
|
||||||
(F) - Initial Support for SSL connections started (and now it works!)
|
(F) - Initial Support for SSL connections started (and now it works!)
|
||||||
(F) - Added Z umode to identify SSL clients, and added whois reply for SSL clients
|
(F) - Added Z umode to identify SSL clients, and added whois reply for SSL clients
|
||||||
(F) - Can invite non-Z clients into +S channels
|
(F) - Can invite non-Z clients into +S channels
|
||||||
|
(F) - SSL conf file support and restart of neoircd coding :)
|
||||||
|
|
||||||
* NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish
|
* NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish
|
||||||
(S) - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team
|
(S) - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team
|
||||||
Also thanks for the reference and event code in question.
|
Also thanks for the reference and event code in question.
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||||
* USA
|
* USA
|
||||||
*
|
*
|
||||||
* $Id: s_conf.h,v 1.7 2002/10/31 13:01:54 fishwaldo Exp $
|
* $Id: s_conf.h,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef INCLUDED_s_conf_h
|
#ifndef INCLUDED_s_conf_h
|
||||||
|
@ -277,6 +277,10 @@ struct server_info
|
||||||
#ifdef HAVE_LIBCRYPTO
|
#ifdef HAVE_LIBCRYPTO
|
||||||
char * rsa_private_key_file;
|
char * rsa_private_key_file;
|
||||||
RSA * rsa_private_key;
|
RSA * rsa_private_key;
|
||||||
|
#endif
|
||||||
|
#ifdef USE_SSL
|
||||||
|
char * public_cert_file;
|
||||||
|
char * private_cert_file;
|
||||||
#endif
|
#endif
|
||||||
int hub;
|
int hub;
|
||||||
struct irc_inaddr ip;
|
struct irc_inaddr ip;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||||
* USA
|
* USA
|
||||||
*
|
*
|
||||||
* $Id: ssl.h,v 1.1 2002/11/04 08:14:00 fishwaldo Exp $
|
* $Id: ssl.h,v 1.2 2003/01/27 04:20:36 fishwaldo Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifndef SSL_H
|
#ifndef SSL_H
|
||||||
|
@ -38,6 +38,8 @@
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include "client.h"
|
#include "client.h"
|
||||||
|
|
||||||
|
extern char ssl_cpath[BUFSIZE+1];
|
||||||
|
extern char ssl_kpath[BUFSIZE+1];
|
||||||
|
|
||||||
int safe_SSL_read(struct Client *, void *, int);
|
int safe_SSL_read(struct Client *, void *, int);
|
||||||
int safe_SSL_write(struct Client *, const void *, int);
|
int safe_SSL_write(struct Client *, const void *, int);
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||||
* USA
|
* USA
|
||||||
*
|
*
|
||||||
* $Id: m_userhost.c,v 1.4 2002/09/21 06:26:12 fishwaldo Exp $
|
* $Id: m_userhost.c,v 1.5 2003/01/27 04:20:36 fishwaldo Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "stdinc.h"
|
#include "stdinc.h"
|
||||||
|
@ -57,7 +57,7 @@ _moddeinit(void)
|
||||||
mod_del_cmd(&userhost_msgtab);
|
mod_del_cmd(&userhost_msgtab);
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *_version = "$Revision: 1.4 $";
|
const char *_version = "$Revision: 1.5 $";
|
||||||
#endif
|
#endif
|
||||||
/*
|
/*
|
||||||
* m_userhost added by Darren Reed 13/8/91 to aid clients and reduce
|
* m_userhost added by Darren Reed 13/8/91 to aid clients and reduce
|
||||||
|
@ -106,7 +106,7 @@ static void m_userhost(struct Client *client_p,
|
||||||
IsOper(target_p) ? "*" : "",
|
IsOper(target_p) ? "*" : "",
|
||||||
(target_p->user->away) ? '-' : '+',
|
(target_p->user->away) ? '-' : '+',
|
||||||
target_p->username,
|
target_p->username,
|
||||||
target_p->vhost);
|
target_p->host);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||||
* USA
|
* USA
|
||||||
*
|
*
|
||||||
* $Id: ircd.c,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
|
* $Id: ircd.c,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "stdinc.h"
|
#include "stdinc.h"
|
||||||
|
@ -623,7 +623,6 @@ int main(int argc, char *argv[])
|
||||||
/* Init the event subsystem */
|
/* Init the event subsystem */
|
||||||
eventInit();
|
eventInit();
|
||||||
init_sys();
|
init_sys();
|
||||||
initssl();
|
|
||||||
|
|
||||||
if (!server_state.foreground)
|
if (!server_state.foreground)
|
||||||
{
|
{
|
||||||
|
@ -655,6 +654,10 @@ int main(int argc, char *argv[])
|
||||||
init_auth(); /* Initialise the auth code */
|
init_auth(); /* Initialise the auth code */
|
||||||
init_resolver(); /* Needs to be setup before the io loop */
|
init_resolver(); /* Needs to be setup before the io loop */
|
||||||
read_conf_files(YES); /* cold start init conf files */
|
read_conf_files(YES); /* cold start init conf files */
|
||||||
|
#ifdef USE_SSL
|
||||||
|
initssl();
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifndef STATIC_MODULES
|
#ifndef STATIC_MODULES
|
||||||
|
|
||||||
mod_add_path(IRCD_PREFIX "/modules");
|
mod_add_path(IRCD_PREFIX "/modules");
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||||
* USA
|
* USA
|
||||||
*
|
*
|
||||||
* $Id: ircd_lexer.l,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
|
* $Id: ircd_lexer.l,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
%option case-insensitive
|
%option case-insensitive
|
||||||
|
@ -235,6 +235,8 @@ password { return PASSWORD; }
|
||||||
persist_time { return PERSIST_TIME; }
|
persist_time { return PERSIST_TIME; }
|
||||||
ping_cookie { return PING_COOKIE; }
|
ping_cookie { return PING_COOKIE; }
|
||||||
ping_time { return PING_TIME; }
|
ping_time { return PING_TIME; }
|
||||||
|
public_cert_file { return PUBLIC_CERT_FILE; }
|
||||||
|
private_cert_file { return PRIVATE_CERT_FILE; }
|
||||||
port { return PORT; }
|
port { return PORT; }
|
||||||
quiet_on_ban { return QUIET_ON_BAN; }
|
quiet_on_ban { return QUIET_ON_BAN; }
|
||||||
reason { return REASON; }
|
reason { return REASON; }
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||||
* USA
|
* USA
|
||||||
*
|
*
|
||||||
* $Id: ircd_parser.y,v 1.13 2002/11/04 08:14:00 fishwaldo Exp $
|
* $Id: ircd_parser.y,v 1.14 2003/01/27 04:20:36 fishwaldo Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
%{
|
%{
|
||||||
|
@ -206,6 +206,8 @@ int class_redirport_var;
|
||||||
%token PERSIST_TIME
|
%token PERSIST_TIME
|
||||||
%token PING_COOKIE
|
%token PING_COOKIE
|
||||||
%token PING_TIME
|
%token PING_TIME
|
||||||
|
%token PRIVATE_CERT_FILE
|
||||||
|
%token PUBLIC_CERT_FILE
|
||||||
%token PORT
|
%token PORT
|
||||||
%token QSTRING
|
%token QSTRING
|
||||||
%token QUIET_ON_BAN
|
%token QUIET_ON_BAN
|
||||||
|
@ -404,7 +406,8 @@ serverinfo_item: serverinfo_name | serverinfo_vhost |
|
||||||
serverinfo_network_name | serverinfo_network_desc |
|
serverinfo_network_name | serverinfo_network_desc |
|
||||||
serverinfo_max_clients |
|
serverinfo_max_clients |
|
||||||
serverinfo_rsa_private_key_file | serverinfo_vhost6 |
|
serverinfo_rsa_private_key_file | serverinfo_vhost6 |
|
||||||
serverinfo_max_buffer |
|
serverinfo_max_buffer | serverinfo_public_cert_file |
|
||||||
|
serverinfo_private_cert_file |
|
||||||
error;
|
error;
|
||||||
|
|
||||||
serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
|
serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
|
||||||
|
@ -465,6 +468,100 @@ serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
serverinfo_public_cert_file: PUBLIC_CERT_FILE '=' QSTRING ';'
|
||||||
|
{
|
||||||
|
#ifdef USE_SSL
|
||||||
|
int filen;
|
||||||
|
|
||||||
|
if (ServerInfo.public_cert_file)
|
||||||
|
{
|
||||||
|
MyFree(ServerInfo.public_cert_file);
|
||||||
|
ServerInfo.public_cert_file = NULL;
|
||||||
|
}
|
||||||
|
if ((filen = open(yylval.string, O_RDONLY)) < 0)
|
||||||
|
{
|
||||||
|
switch(errno) {
|
||||||
|
case ENOENT:
|
||||||
|
case ENOTDIR:
|
||||||
|
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||||
|
"Ignoring config file entry public_cert_file -- file open failed"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
ilog(L_ERROR,
|
||||||
|
"Ignoring config file entry public_cert_file -- file open failed"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
break;
|
||||||
|
case EACCES:
|
||||||
|
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||||
|
"Ignoring config file entry public_cert_file -- Permission Denied"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
ilog(L_ERROR,
|
||||||
|
"Ignoring config file entry public_cert_file -- Permission Denied"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||||
|
"Ignoring config file entry public_cert_file -- Unknown Error"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
ilog(L_ERROR,
|
||||||
|
"Ignoring config file entry public_cert_file -- Unknown Error"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
DupString(ServerInfo.public_cert_file, yylval.string);
|
||||||
|
close(filen);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
};
|
||||||
|
serverinfo_private_cert_file: PRIVATE_CERT_FILE '=' QSTRING ';'
|
||||||
|
{
|
||||||
|
#ifdef USE_SSL
|
||||||
|
int filen;
|
||||||
|
if (ServerInfo.private_cert_file)
|
||||||
|
{
|
||||||
|
MyFree(ServerInfo.private_cert_file);
|
||||||
|
ServerInfo.private_cert_file = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
if ((filen = open(yylval.string, O_RDONLY)) < 0)
|
||||||
|
{
|
||||||
|
switch(errno) {
|
||||||
|
case ENOENT:
|
||||||
|
case ENOTDIR:
|
||||||
|
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||||
|
"Ignoring config file entry private_cert_file -- file open failed"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
ilog(L_ERROR,
|
||||||
|
"Ignoring config file entry private_cert_file -- File open failed"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
break;
|
||||||
|
case EACCES:
|
||||||
|
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||||
|
"Ignoring config file entry private_cert_file -- Permission Denied"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
ilog(L_ERROR,
|
||||||
|
"Ignoring config file entry private_cert_file -- Permission Denied"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||||
|
"Ignoring config file entry private_cert_file -- Unknown Error"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
ilog(L_ERROR,
|
||||||
|
"Ignoring config file entry private_cert_file -- Unknown Error"
|
||||||
|
" (%s) (%d)", yylval.string, errno);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
DupString(ServerInfo.private_cert_file, yylval.string);
|
||||||
|
close(filen);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
};
|
||||||
|
|
||||||
serverinfo_name: NAME '=' QSTRING ';'
|
serverinfo_name: NAME '=' QSTRING ';'
|
||||||
{
|
{
|
||||||
/* this isn't rehashable */
|
/* this isn't rehashable */
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||||
* USA
|
* USA
|
||||||
*
|
*
|
||||||
* $Id: packet.c,v 1.7 2002/11/04 08:50:46 fishwaldo Exp $
|
* $Id: packet.c,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
|
||||||
*/
|
*/
|
||||||
#include "stdinc.h"
|
#include "stdinc.h"
|
||||||
#include "tools.h"
|
#include "tools.h"
|
||||||
|
@ -393,7 +393,6 @@ read_packet(int fd, void *data)
|
||||||
#endif
|
#endif
|
||||||
length = recv(fd_r, readBuf, READBUF_SIZE, 0);
|
length = recv(fd_r, readBuf, READBUF_SIZE, 0);
|
||||||
|
|
||||||
printf("leng %d\n", length);
|
|
||||||
/* THIS WAS <= 0, should it stay? */
|
/* THIS WAS <= 0, should it stay? */
|
||||||
if (length <= 0)
|
if (length <= 0)
|
||||||
{
|
{
|
||||||
|
|
24
src/ssl.c
24
src/ssl.c
|
@ -20,7 +20,7 @@
|
||||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||||
* USA
|
* USA
|
||||||
*
|
*
|
||||||
* $Id: ssl.c,v 1.2 2002/11/04 08:50:46 fishwaldo Exp $
|
* $Id: ssl.c,v 1.3 2003/01/27 04:20:36 fishwaldo Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "stdinc.h"
|
#include "stdinc.h"
|
||||||
|
@ -31,6 +31,7 @@
|
||||||
#include "ssl.h"
|
#include "ssl.h"
|
||||||
#include "client.h"
|
#include "client.h"
|
||||||
#include "send.h"
|
#include "send.h"
|
||||||
|
#include "s_conf.h"
|
||||||
|
|
||||||
#ifdef USE_SSL
|
#ifdef USE_SSL
|
||||||
#define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt"
|
#define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt"
|
||||||
|
@ -58,14 +59,14 @@ initssl (void)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (SSL_CTX_use_certificate_file (ircdssl_ctx,
|
if (SSL_CTX_use_certificate_file (ircdssl_ctx,
|
||||||
IRCDSSL_CPATH, SSL_FILETYPE_PEM) <= 0)
|
ServerInfo.public_cert_file, SSL_FILETYPE_PEM) <= 0)
|
||||||
{
|
{
|
||||||
ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File");
|
ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File");
|
||||||
SSL_CTX_free (ircdssl_ctx);
|
SSL_CTX_free (ircdssl_ctx);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx,
|
if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx,
|
||||||
IRCDSSL_KPATH, SSL_FILETYPE_PEM) <= 0)
|
ServerInfo.private_cert_file, SSL_FILETYPE_PEM) <= 0)
|
||||||
{
|
{
|
||||||
ilog(L_ERROR, "initssl(): Failed to use Private Certificate");
|
ilog(L_ERROR, "initssl(): Failed to use Private Certificate");
|
||||||
SSL_CTX_free (ircdssl_ctx);
|
SSL_CTX_free (ircdssl_ctx);
|
||||||
|
@ -90,34 +91,25 @@ safe_SSL_read (struct Client * client_p, void *buf, int sz)
|
||||||
|
|
||||||
bzero(buf, sz);
|
bzero(buf, sz);
|
||||||
len = SSL_read(client_p->localClient->ssl, buf, sz);
|
len = SSL_read(client_p->localClient->ssl, buf, sz);
|
||||||
printf("ssl read %s\n\nlen %d (%d)", buf, len, sz);
|
|
||||||
|
|
||||||
if (len <= 0)
|
if (len <= 0)
|
||||||
{
|
{
|
||||||
printf("len is less than 0 (%d)\n", len);
|
|
||||||
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
|
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
|
||||||
{
|
{
|
||||||
case SSL_ERROR_SYSCALL:
|
case SSL_ERROR_SYSCALL:
|
||||||
printf("SSL_ERROR_SYSCALL\n");
|
|
||||||
if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
|
if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
|
||||||
{
|
{
|
||||||
case SSL_ERROR_WANT_READ:
|
case SSL_ERROR_WANT_READ:
|
||||||
errno = EWOULDBLOCK;
|
errno = EWOULDBLOCK;
|
||||||
#ifdef DEBUG
|
return -1;
|
||||||
printf("SSL_ERROR_WANT_READ\n");
|
|
||||||
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
|
|
||||||
#endif
|
|
||||||
return -1;
|
|
||||||
}
|
}
|
||||||
case SSL_ERROR_SSL:
|
case SSL_ERROR_SSL:
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
printf("SSL_ERROR_SSL\n");
|
|
||||||
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
|
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
|
||||||
#endif
|
#endif
|
||||||
if (errno == EAGAIN)
|
if (errno == EAGAIN)
|
||||||
return -1;
|
return -1;
|
||||||
default:
|
default:
|
||||||
printf("fatal error\n");
|
|
||||||
return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p);
|
return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -129,9 +121,7 @@ safe_SSL_write (struct Client *client_p, const void *buf, int sz)
|
||||||
{
|
{
|
||||||
int len, ssl_err;
|
int len, ssl_err;
|
||||||
|
|
||||||
printf("ssl write %s %d(%d)\n", buf, strlen(buf), sz);
|
|
||||||
len = SSL_write (client_p->localClient->ssl, buf, sz);
|
len = SSL_write (client_p->localClient->ssl, buf, sz);
|
||||||
printf("len %d\n", len);
|
|
||||||
if (len <= 0)
|
if (len <= 0)
|
||||||
{
|
{
|
||||||
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
|
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
|
||||||
|
|
Reference in a new issue