restart ircd development. IRCD ssl conf file fixes

This commit is contained in:
fishwaldo 2003-01-27 04:20:36 +00:00
parent 13d98daab5
commit 69acba7822
9 changed files with 128 additions and 30 deletions

View file

@ -10,6 +10,7 @@ Symbols are:
(F) - Initial Support for SSL connections started (and now it works!)
(F) - Added Z umode to identify SSL clients, and added whois reply for SSL clients
(F) - Can invite non-Z clients into +S channels
(F) - SSL conf file support and restart of neoircd coding :)
* NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish
(S) - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
* $Id: s_conf.h,v 1.7 2002/10/31 13:01:54 fishwaldo Exp $
* $Id: s_conf.h,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
*/
#ifndef INCLUDED_s_conf_h
@ -277,6 +277,10 @@ struct server_info
#ifdef HAVE_LIBCRYPTO
char * rsa_private_key_file;
RSA * rsa_private_key;
#endif
#ifdef USE_SSL
char * public_cert_file;
char * private_cert_file;
#endif
int hub;
struct irc_inaddr ip;

View file

@ -20,7 +20,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
* $Id: ssl.h,v 1.1 2002/11/04 08:14:00 fishwaldo Exp $
* $Id: ssl.h,v 1.2 2003/01/27 04:20:36 fishwaldo Exp $
*/
#ifndef SSL_H
@ -38,6 +38,8 @@
#include <openssl/err.h>
#include "client.h"
extern char ssl_cpath[BUFSIZE+1];
extern char ssl_kpath[BUFSIZE+1];
int safe_SSL_read(struct Client *, void *, int);
int safe_SSL_write(struct Client *, const void *, int);

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
* $Id: m_userhost.c,v 1.4 2002/09/21 06:26:12 fishwaldo Exp $
* $Id: m_userhost.c,v 1.5 2003/01/27 04:20:36 fishwaldo Exp $
*/
#include "stdinc.h"
@ -57,7 +57,7 @@ _moddeinit(void)
mod_del_cmd(&userhost_msgtab);
}
const char *_version = "$Revision: 1.4 $";
const char *_version = "$Revision: 1.5 $";
#endif
/*
* m_userhost added by Darren Reed 13/8/91 to aid clients and reduce
@ -106,7 +106,7 @@ static void m_userhost(struct Client *client_p,
IsOper(target_p) ? "*" : "",
(target_p->user->away) ? '-' : '+',
target_p->username,
target_p->vhost);
target_p->host);
}
else
{

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
* $Id: ircd.c,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
* $Id: ircd.c,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
*/
#include "stdinc.h"
@ -623,7 +623,6 @@ int main(int argc, char *argv[])
/* Init the event subsystem */
eventInit();
init_sys();
initssl();
if (!server_state.foreground)
{
@ -655,6 +654,10 @@ int main(int argc, char *argv[])
init_auth(); /* Initialise the auth code */
init_resolver(); /* Needs to be setup before the io loop */
read_conf_files(YES); /* cold start init conf files */
#ifdef USE_SSL
initssl();
#endif
#ifndef STATIC_MODULES
mod_add_path(IRCD_PREFIX "/modules");

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
* $Id: ircd_lexer.l,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
* $Id: ircd_lexer.l,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
*/
%option case-insensitive
@ -235,6 +235,8 @@ password { return PASSWORD; }
persist_time { return PERSIST_TIME; }
ping_cookie { return PING_COOKIE; }
ping_time { return PING_TIME; }
public_cert_file { return PUBLIC_CERT_FILE; }
private_cert_file { return PRIVATE_CERT_FILE; }
port { return PORT; }
quiet_on_ban { return QUIET_ON_BAN; }
reason { return REASON; }

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
* $Id: ircd_parser.y,v 1.13 2002/11/04 08:14:00 fishwaldo Exp $
* $Id: ircd_parser.y,v 1.14 2003/01/27 04:20:36 fishwaldo Exp $
*/
%{
@ -206,6 +206,8 @@ int class_redirport_var;
%token PERSIST_TIME
%token PING_COOKIE
%token PING_TIME
%token PRIVATE_CERT_FILE
%token PUBLIC_CERT_FILE
%token PORT
%token QSTRING
%token QUIET_ON_BAN
@ -404,7 +406,8 @@ serverinfo_item: serverinfo_name | serverinfo_vhost |
serverinfo_network_name | serverinfo_network_desc |
serverinfo_max_clients |
serverinfo_rsa_private_key_file | serverinfo_vhost6 |
serverinfo_max_buffer |
serverinfo_max_buffer | serverinfo_public_cert_file |
serverinfo_private_cert_file |
error;
serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
@ -465,6 +468,100 @@ serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
#endif
};
serverinfo_public_cert_file: PUBLIC_CERT_FILE '=' QSTRING ';'
{
#ifdef USE_SSL
int filen;
if (ServerInfo.public_cert_file)
{
MyFree(ServerInfo.public_cert_file);
ServerInfo.public_cert_file = NULL;
}
if ((filen = open(yylval.string, O_RDONLY)) < 0)
{
switch(errno) {
case ENOENT:
case ENOTDIR:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry public_cert_file -- file open failed"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry public_cert_file -- file open failed"
" (%s) (%d)", yylval.string, errno);
break;
case EACCES:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry public_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry public_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
break;
default:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry public_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry public_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
break;
}
} else {
DupString(ServerInfo.public_cert_file, yylval.string);
close(filen);
}
#endif
};
serverinfo_private_cert_file: PRIVATE_CERT_FILE '=' QSTRING ';'
{
#ifdef USE_SSL
int filen;
if (ServerInfo.private_cert_file)
{
MyFree(ServerInfo.private_cert_file);
ServerInfo.private_cert_file = NULL;
}
if ((filen = open(yylval.string, O_RDONLY)) < 0)
{
switch(errno) {
case ENOENT:
case ENOTDIR:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry private_cert_file -- file open failed"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry private_cert_file -- File open failed"
" (%s) (%d)", yylval.string, errno);
break;
case EACCES:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry private_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry private_cert_file -- Permission Denied"
" (%s) (%d)", yylval.string, errno);
break;
default:
sendto_realops_flags(FLAGS_ALL, L_ALL,
"Ignoring config file entry private_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
ilog(L_ERROR,
"Ignoring config file entry private_cert_file -- Unknown Error"
" (%s) (%d)", yylval.string, errno);
break;
}
} else {
DupString(ServerInfo.private_cert_file, yylval.string);
close(filen);
}
#endif
};
serverinfo_name: NAME '=' QSTRING ';'
{
/* this isn't rehashable */

View file

@ -19,7 +19,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
* $Id: packet.c,v 1.7 2002/11/04 08:50:46 fishwaldo Exp $
* $Id: packet.c,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
*/
#include "stdinc.h"
#include "tools.h"
@ -393,7 +393,6 @@ read_packet(int fd, void *data)
#endif
length = recv(fd_r, readBuf, READBUF_SIZE, 0);
printf("leng %d\n", length);
/* THIS WAS <= 0, should it stay? */
if (length <= 0)
{

View file

@ -20,7 +20,7 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
* $Id: ssl.c,v 1.2 2002/11/04 08:50:46 fishwaldo Exp $
* $Id: ssl.c,v 1.3 2003/01/27 04:20:36 fishwaldo Exp $
*/
#include "stdinc.h"
@ -31,6 +31,7 @@
#include "ssl.h"
#include "client.h"
#include "send.h"
#include "s_conf.h"
#ifdef USE_SSL
#define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt"
@ -58,14 +59,14 @@ initssl (void)
return 0;
}
if (SSL_CTX_use_certificate_file (ircdssl_ctx,
IRCDSSL_CPATH, SSL_FILETYPE_PEM) <= 0)
ServerInfo.public_cert_file, SSL_FILETYPE_PEM) <= 0)
{
ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File");
SSL_CTX_free (ircdssl_ctx);
return 0;
}
if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx,
IRCDSSL_KPATH, SSL_FILETYPE_PEM) <= 0)
ServerInfo.private_cert_file, SSL_FILETYPE_PEM) <= 0)
{
ilog(L_ERROR, "initssl(): Failed to use Private Certificate");
SSL_CTX_free (ircdssl_ctx);
@ -90,34 +91,25 @@ safe_SSL_read (struct Client * client_p, void *buf, int sz)
bzero(buf, sz);
len = SSL_read(client_p->localClient->ssl, buf, sz);
printf("ssl read %s\n\nlen %d (%d)", buf, len, sz);
if (len <= 0)
{
printf("len is less than 0 (%d)\n", len);
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
{
case SSL_ERROR_SYSCALL:
printf("SSL_ERROR_SYSCALL\n");
if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
{
case SSL_ERROR_WANT_READ:
errno = EWOULDBLOCK;
#ifdef DEBUG
printf("SSL_ERROR_WANT_READ\n");
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
#endif
return -1;
}
case SSL_ERROR_SSL:
#ifdef DEBUG
printf("SSL_ERROR_SSL\n");
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
#endif
if (errno == EAGAIN)
return -1;
default:
printf("fatal error\n");
return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p);
}
}
@ -129,9 +121,7 @@ safe_SSL_write (struct Client *client_p, const void *buf, int sz)
{
int len, ssl_err;
printf("ssl write %s %d(%d)\n", buf, strlen(buf), sz);
len = SSL_write (client_p->localClient->ssl, buf, sz);
printf("len %d\n", len);
if (len <= 0)
{
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))