restart ircd development. IRCD ssl conf file fixes
This commit is contained in:
parent
13d98daab5
commit
69acba7822
9 changed files with 128 additions and 30 deletions
|
@ -10,7 +10,8 @@ Symbols are:
|
|||
(F) - Initial Support for SSL connections started (and now it works!)
|
||||
(F) - Added Z umode to identify SSL clients, and added whois reply for SSL clients
|
||||
(F) - Can invite non-Z clients into +S channels
|
||||
|
||||
(F) - SSL conf file support and restart of neoircd coding :)
|
||||
|
||||
* NeoIRCd Version 0.9.5 - 12th Oct, 2002 - Fish
|
||||
(S) - Fixed up event.c for a possible serious bug reported by Dianora from hybrid team
|
||||
Also thanks for the reference and event code in question.
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA
|
||||
*
|
||||
* $Id: s_conf.h,v 1.7 2002/10/31 13:01:54 fishwaldo Exp $
|
||||
* $Id: s_conf.h,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
|
||||
*/
|
||||
|
||||
#ifndef INCLUDED_s_conf_h
|
||||
|
@ -277,6 +277,10 @@ struct server_info
|
|||
#ifdef HAVE_LIBCRYPTO
|
||||
char * rsa_private_key_file;
|
||||
RSA * rsa_private_key;
|
||||
#endif
|
||||
#ifdef USE_SSL
|
||||
char * public_cert_file;
|
||||
char * private_cert_file;
|
||||
#endif
|
||||
int hub;
|
||||
struct irc_inaddr ip;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA
|
||||
*
|
||||
* $Id: ssl.h,v 1.1 2002/11/04 08:14:00 fishwaldo Exp $
|
||||
* $Id: ssl.h,v 1.2 2003/01/27 04:20:36 fishwaldo Exp $
|
||||
*/
|
||||
|
||||
#ifndef SSL_H
|
||||
|
@ -38,6 +38,8 @@
|
|||
#include <openssl/err.h>
|
||||
#include "client.h"
|
||||
|
||||
extern char ssl_cpath[BUFSIZE+1];
|
||||
extern char ssl_kpath[BUFSIZE+1];
|
||||
|
||||
int safe_SSL_read(struct Client *, void *, int);
|
||||
int safe_SSL_write(struct Client *, const void *, int);
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA
|
||||
*
|
||||
* $Id: m_userhost.c,v 1.4 2002/09/21 06:26:12 fishwaldo Exp $
|
||||
* $Id: m_userhost.c,v 1.5 2003/01/27 04:20:36 fishwaldo Exp $
|
||||
*/
|
||||
|
||||
#include "stdinc.h"
|
||||
|
@ -57,7 +57,7 @@ _moddeinit(void)
|
|||
mod_del_cmd(&userhost_msgtab);
|
||||
}
|
||||
|
||||
const char *_version = "$Revision: 1.4 $";
|
||||
const char *_version = "$Revision: 1.5 $";
|
||||
#endif
|
||||
/*
|
||||
* m_userhost added by Darren Reed 13/8/91 to aid clients and reduce
|
||||
|
@ -106,7 +106,7 @@ static void m_userhost(struct Client *client_p,
|
|||
IsOper(target_p) ? "*" : "",
|
||||
(target_p->user->away) ? '-' : '+',
|
||||
target_p->username,
|
||||
target_p->vhost);
|
||||
target_p->host);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA
|
||||
*
|
||||
* $Id: ircd.c,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
|
||||
* $Id: ircd.c,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
|
||||
*/
|
||||
|
||||
#include "stdinc.h"
|
||||
|
@ -623,7 +623,6 @@ int main(int argc, char *argv[])
|
|||
/* Init the event subsystem */
|
||||
eventInit();
|
||||
init_sys();
|
||||
initssl();
|
||||
|
||||
if (!server_state.foreground)
|
||||
{
|
||||
|
@ -655,6 +654,10 @@ int main(int argc, char *argv[])
|
|||
init_auth(); /* Initialise the auth code */
|
||||
init_resolver(); /* Needs to be setup before the io loop */
|
||||
read_conf_files(YES); /* cold start init conf files */
|
||||
#ifdef USE_SSL
|
||||
initssl();
|
||||
#endif
|
||||
|
||||
#ifndef STATIC_MODULES
|
||||
|
||||
mod_add_path(IRCD_PREFIX "/modules");
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA
|
||||
*
|
||||
* $Id: ircd_lexer.l,v 1.8 2002/11/04 08:14:00 fishwaldo Exp $
|
||||
* $Id: ircd_lexer.l,v 1.9 2003/01/27 04:20:36 fishwaldo Exp $
|
||||
*/
|
||||
|
||||
%option case-insensitive
|
||||
|
@ -235,6 +235,8 @@ password { return PASSWORD; }
|
|||
persist_time { return PERSIST_TIME; }
|
||||
ping_cookie { return PING_COOKIE; }
|
||||
ping_time { return PING_TIME; }
|
||||
public_cert_file { return PUBLIC_CERT_FILE; }
|
||||
private_cert_file { return PRIVATE_CERT_FILE; }
|
||||
port { return PORT; }
|
||||
quiet_on_ban { return QUIET_ON_BAN; }
|
||||
reason { return REASON; }
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA
|
||||
*
|
||||
* $Id: ircd_parser.y,v 1.13 2002/11/04 08:14:00 fishwaldo Exp $
|
||||
* $Id: ircd_parser.y,v 1.14 2003/01/27 04:20:36 fishwaldo Exp $
|
||||
*/
|
||||
|
||||
%{
|
||||
|
@ -206,6 +206,8 @@ int class_redirport_var;
|
|||
%token PERSIST_TIME
|
||||
%token PING_COOKIE
|
||||
%token PING_TIME
|
||||
%token PRIVATE_CERT_FILE
|
||||
%token PUBLIC_CERT_FILE
|
||||
%token PORT
|
||||
%token QSTRING
|
||||
%token QUIET_ON_BAN
|
||||
|
@ -404,7 +406,8 @@ serverinfo_item: serverinfo_name | serverinfo_vhost |
|
|||
serverinfo_network_name | serverinfo_network_desc |
|
||||
serverinfo_max_clients |
|
||||
serverinfo_rsa_private_key_file | serverinfo_vhost6 |
|
||||
serverinfo_max_buffer |
|
||||
serverinfo_max_buffer | serverinfo_public_cert_file |
|
||||
serverinfo_private_cert_file |
|
||||
error;
|
||||
|
||||
serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
|
||||
|
@ -465,6 +468,100 @@ serverinfo_rsa_private_key_file: RSA_PRIVATE_KEY_FILE '=' QSTRING ';'
|
|||
#endif
|
||||
};
|
||||
|
||||
serverinfo_public_cert_file: PUBLIC_CERT_FILE '=' QSTRING ';'
|
||||
{
|
||||
#ifdef USE_SSL
|
||||
int filen;
|
||||
|
||||
if (ServerInfo.public_cert_file)
|
||||
{
|
||||
MyFree(ServerInfo.public_cert_file);
|
||||
ServerInfo.public_cert_file = NULL;
|
||||
}
|
||||
if ((filen = open(yylval.string, O_RDONLY)) < 0)
|
||||
{
|
||||
switch(errno) {
|
||||
case ENOENT:
|
||||
case ENOTDIR:
|
||||
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||
"Ignoring config file entry public_cert_file -- file open failed"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
ilog(L_ERROR,
|
||||
"Ignoring config file entry public_cert_file -- file open failed"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
break;
|
||||
case EACCES:
|
||||
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||
"Ignoring config file entry public_cert_file -- Permission Denied"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
ilog(L_ERROR,
|
||||
"Ignoring config file entry public_cert_file -- Permission Denied"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
break;
|
||||
default:
|
||||
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||
"Ignoring config file entry public_cert_file -- Unknown Error"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
ilog(L_ERROR,
|
||||
"Ignoring config file entry public_cert_file -- Unknown Error"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
DupString(ServerInfo.public_cert_file, yylval.string);
|
||||
close(filen);
|
||||
}
|
||||
#endif
|
||||
};
|
||||
serverinfo_private_cert_file: PRIVATE_CERT_FILE '=' QSTRING ';'
|
||||
{
|
||||
#ifdef USE_SSL
|
||||
int filen;
|
||||
if (ServerInfo.private_cert_file)
|
||||
{
|
||||
MyFree(ServerInfo.private_cert_file);
|
||||
ServerInfo.private_cert_file = NULL;
|
||||
}
|
||||
|
||||
|
||||
|
||||
if ((filen = open(yylval.string, O_RDONLY)) < 0)
|
||||
{
|
||||
switch(errno) {
|
||||
case ENOENT:
|
||||
case ENOTDIR:
|
||||
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||
"Ignoring config file entry private_cert_file -- file open failed"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
ilog(L_ERROR,
|
||||
"Ignoring config file entry private_cert_file -- File open failed"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
break;
|
||||
case EACCES:
|
||||
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||
"Ignoring config file entry private_cert_file -- Permission Denied"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
ilog(L_ERROR,
|
||||
"Ignoring config file entry private_cert_file -- Permission Denied"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
break;
|
||||
default:
|
||||
sendto_realops_flags(FLAGS_ALL, L_ALL,
|
||||
"Ignoring config file entry private_cert_file -- Unknown Error"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
ilog(L_ERROR,
|
||||
"Ignoring config file entry private_cert_file -- Unknown Error"
|
||||
" (%s) (%d)", yylval.string, errno);
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
DupString(ServerInfo.private_cert_file, yylval.string);
|
||||
close(filen);
|
||||
}
|
||||
#endif
|
||||
};
|
||||
|
||||
serverinfo_name: NAME '=' QSTRING ';'
|
||||
{
|
||||
/* this isn't rehashable */
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA
|
||||
*
|
||||
* $Id: packet.c,v 1.7 2002/11/04 08:50:46 fishwaldo Exp $
|
||||
* $Id: packet.c,v 1.8 2003/01/27 04:20:36 fishwaldo Exp $
|
||||
*/
|
||||
#include "stdinc.h"
|
||||
#include "tools.h"
|
||||
|
@ -393,7 +393,6 @@ read_packet(int fd, void *data)
|
|||
#endif
|
||||
length = recv(fd_r, readBuf, READBUF_SIZE, 0);
|
||||
|
||||
printf("leng %d\n", length);
|
||||
/* THIS WAS <= 0, should it stay? */
|
||||
if (length <= 0)
|
||||
{
|
||||
|
|
24
src/ssl.c
24
src/ssl.c
|
@ -20,7 +20,7 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA
|
||||
*
|
||||
* $Id: ssl.c,v 1.2 2002/11/04 08:50:46 fishwaldo Exp $
|
||||
* $Id: ssl.c,v 1.3 2003/01/27 04:20:36 fishwaldo Exp $
|
||||
*/
|
||||
|
||||
#include "stdinc.h"
|
||||
|
@ -31,6 +31,7 @@
|
|||
#include "ssl.h"
|
||||
#include "client.h"
|
||||
#include "send.h"
|
||||
#include "s_conf.h"
|
||||
|
||||
#ifdef USE_SSL
|
||||
#define IRCDSSL_CPATH "/home/fish/ircd/etc/ircd.crt"
|
||||
|
@ -58,14 +59,14 @@ initssl (void)
|
|||
return 0;
|
||||
}
|
||||
if (SSL_CTX_use_certificate_file (ircdssl_ctx,
|
||||
IRCDSSL_CPATH, SSL_FILETYPE_PEM) <= 0)
|
||||
ServerInfo.public_cert_file, SSL_FILETYPE_PEM) <= 0)
|
||||
{
|
||||
ilog(L_ERROR, "initssl(): Failed to initilize SSL Certificate File");
|
||||
SSL_CTX_free (ircdssl_ctx);
|
||||
return 0;
|
||||
}
|
||||
if (SSL_CTX_use_PrivateKey_file (ircdssl_ctx,
|
||||
IRCDSSL_KPATH, SSL_FILETYPE_PEM) <= 0)
|
||||
ServerInfo.private_cert_file, SSL_FILETYPE_PEM) <= 0)
|
||||
{
|
||||
ilog(L_ERROR, "initssl(): Failed to use Private Certificate");
|
||||
SSL_CTX_free (ircdssl_ctx);
|
||||
|
@ -90,34 +91,25 @@ safe_SSL_read (struct Client * client_p, void *buf, int sz)
|
|||
|
||||
bzero(buf, sz);
|
||||
len = SSL_read(client_p->localClient->ssl, buf, sz);
|
||||
printf("ssl read %s\n\nlen %d (%d)", buf, len, sz);
|
||||
|
||||
if (len <= 0)
|
||||
{
|
||||
printf("len is less than 0 (%d)\n", len);
|
||||
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
|
||||
{
|
||||
case SSL_ERROR_SYSCALL:
|
||||
printf("SSL_ERROR_SYSCALL\n");
|
||||
if (errno == EWOULDBLOCK || errno == EAGAIN || errno == EINTR)
|
||||
{
|
||||
case SSL_ERROR_WANT_READ:
|
||||
errno = EWOULDBLOCK;
|
||||
#ifdef DEBUG
|
||||
printf("SSL_ERROR_WANT_READ\n");
|
||||
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
|
||||
#endif
|
||||
return -1;
|
||||
case SSL_ERROR_WANT_READ:
|
||||
errno = EWOULDBLOCK;
|
||||
return -1;
|
||||
}
|
||||
case SSL_ERROR_SSL:
|
||||
#ifdef DEBUG
|
||||
printf("SSL_ERROR_SSL\n");
|
||||
fatal_ssl_error(ssl_err, SAFE_SSL_READ, client_p);
|
||||
#endif
|
||||
if (errno == EAGAIN)
|
||||
return -1;
|
||||
default:
|
||||
printf("fatal error\n");
|
||||
return fatal_ssl_error (ssl_err, SAFE_SSL_READ, client_p);
|
||||
}
|
||||
}
|
||||
|
@ -129,9 +121,7 @@ safe_SSL_write (struct Client *client_p, const void *buf, int sz)
|
|||
{
|
||||
int len, ssl_err;
|
||||
|
||||
printf("ssl write %s %d(%d)\n", buf, strlen(buf), sz);
|
||||
len = SSL_write (client_p->localClient->ssl, buf, sz);
|
||||
printf("len %d\n", len);
|
||||
if (len <= 0)
|
||||
{
|
||||
switch (ssl_err = SSL_get_error (client_p->localClient->ssl, len))
|
||||
|
|
Reference in a new issue