summaryrefslogtreecommitdiff
path: root/src/modules/extra
diff options
context:
space:
mode:
authordanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2009-11-06 22:37:52 +0000
committerdanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2009-11-06 22:37:52 +0000
commiteaace5ed7cef3a02f905689a1b44a092ca99a6e1 (patch)
treeeb1340e768f23e3ab121ad185e8e61bedb23a32a /src/modules/extra
parenta26502ff51141c3cd74c078876d3322b49a3833c (diff)
Remove Extensible parent from EventHandler
This also fixes SSL certificate support when m_sslinfo is not loaded git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12048 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/extra')
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp43
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp40
2 files changed, 45 insertions, 38 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index bd22404b3..8ec787465 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -77,13 +77,10 @@ static ssize_t gnutls_push_wrapper(gnutls_transport_ptr_t user_wrap, const void*
class issl_session
{
public:
- issl_session()
- {
- sess = NULL;
- }
-
gnutls_session_t sess;
issl_status status;
+ reference<ssl_cert> cert;
+ issl_session() : sess(NULL) {}
};
class CommandStartTLS : public SplitCommand
@@ -332,11 +329,15 @@ class ModuleSSLGnuTLS : public Module
void OnRequest(Request& request)
{
- Module* sslinfo = ServerInstance->Modules->Find("m_sslinfo.so");
- if (sslinfo)
- sslinfo->OnRequest(request);
- }
+ if (strcmp("GET_SSL_CERT", request.id) == 0)
+ {
+ SocketCertificateRequest& req = static_cast<SocketCertificateRequest&>(request);
+ int fd = req.sock->GetFd();
+ issl_session* session = &sessions[fd];
+ req.cert = session->cert;
+ }
+ }
void OnStreamSocketAccept(StreamSocket* user, irc::sockets::sockaddrs* client, irc::sockets::sockaddrs* server)
{
@@ -548,10 +549,11 @@ class ModuleSSLGnuTLS : public Module
void OnUserConnect(LocalUser* user)
{
- if (user->GetIOHook() == this)
+ if (user->eh.GetIOHook() == this)
{
if (sessions[user->GetFd()].sess)
{
+ SSLCertSubmission(user, this, ServerInstance->Modules->Find("m_sslinfo.so"), sessions[user->GetFd()].cert);
std::string cipher = gnutls_kx_get_name(gnutls_kx_get(sessions[user->GetFd()].sess));
cipher.append("-").append(gnutls_cipher_get_name(gnutls_cipher_get(sessions[user->GetFd()].sess))).append("-");
cipher.append(gnutls_mac_get_name(gnutls_mac_get(sessions[user->GetFd()].sess)));
@@ -562,23 +564,19 @@ class ModuleSSLGnuTLS : public Module
void CloseSession(issl_session* session)
{
- if(session->sess)
+ if (session->sess)
{
gnutls_bye(session->sess, GNUTLS_SHUT_WR);
gnutls_deinit(session->sess);
}
-
session->sess = NULL;
+ session->cert = NULL;
session->status = ISSL_NONE;
}
- void VerifyCertificate(issl_session* session, Extensible* user)
+ void VerifyCertificate(issl_session* session, StreamSocket* user)
{
- if (!session->sess || !user)
- return;
-
- Module* sslinfo = ServerInstance->Modules->Find("m_sslinfo.so");
- if (!sslinfo)
+ if (!session->sess || !user || session->cert)
return;
unsigned int status;
@@ -591,6 +589,7 @@ class ModuleSSLGnuTLS : public Module
size_t digest_size = sizeof(digest);
size_t name_size = sizeof(name);
ssl_cert* certinfo = new ssl_cert;
+ session->cert = certinfo;
/* This verification function uses the trusted CAs in the credentials
* structure. So you must have installed one or more CA certificates.
@@ -600,7 +599,7 @@ class ModuleSSLGnuTLS : public Module
if (ret < 0)
{
certinfo->error = std::string(gnutls_strerror(ret));
- goto info_done;
+ return;
}
certinfo->invalid = (status & GNUTLS_CERT_INVALID);
@@ -615,14 +614,14 @@ class ModuleSSLGnuTLS : public Module
if (gnutls_certificate_type_get(session->sess) != GNUTLS_CRT_X509)
{
certinfo->error = "No X509 keys sent";
- goto info_done;
+ return;
}
ret = gnutls_x509_crt_init(&cert);
if (ret < 0)
{
certinfo->error = gnutls_strerror(ret);
- goto info_done;
+ return;
}
cert_list_size = 0;
@@ -668,8 +667,6 @@ class ModuleSSLGnuTLS : public Module
info_done_dealloc:
gnutls_x509_crt_deinit(cert);
-info_done:
- SSLCertSubmission(user, this, sslinfo, certinfo);
}
void OnEvent(Event& ev)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 5eac93af6..03c460be2 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -53,6 +53,7 @@ class issl_session
public:
SSL* sess;
issl_status status;
+ reference<ssl_cert> cert;
int fd;
bool outbound;
@@ -125,7 +126,7 @@ class ModuleSSLOpenSSL : public Module
// Needs the flag as it ignores a plain /rehash
OnModuleRehash(NULL,"ssl");
- Implementation eventlist[] = { I_On005Numeric, I_OnRehash, I_OnModuleRehash, I_OnHookIO };
+ Implementation eventlist[] = { I_On005Numeric, I_OnRehash, I_OnModuleRehash, I_OnHookIO, I_OnUserConnect };
ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
}
@@ -244,6 +245,17 @@ class ModuleSSLOpenSSL : public Module
delete[] sessions;
}
+ void OnUserConnect(LocalUser* user)
+ {
+ if (user->eh.GetIOHook() == this)
+ {
+ if (sessions[user->GetFd()].sess)
+ {
+ SSLCertSubmission(user, this, ServerInstance->Modules->Find("m_sslinfo.so"), sessions[user->GetFd()].cert);
+ }
+ }
+ }
+
void OnCleanup(int target_type, void* item)
{
if (target_type == TYPE_USER)
@@ -264,14 +276,17 @@ class ModuleSSLOpenSSL : public Module
return Version("Provides SSL support for clients", VF_VENDOR);
}
-
void OnRequest(Request& request)
{
- Module* sslinfo = ServerInstance->Modules->Find("m_sslinfo.so");
- if (sslinfo)
- sslinfo->OnRequest(request);
- }
+ if (strcmp("GET_SSL_CERT", request.id) == 0)
+ {
+ SocketCertificateRequest& req = static_cast<SocketCertificateRequest&>(request);
+ int fd = req.sock->GetFd();
+ issl_session* session = &sessions[fd];
+ req.cert = session->cert;
+ }
+ }
void OnStreamSocketAccept(StreamSocket* user, irc::sockets::sockaddrs* client, irc::sockets::sockaddrs* server)
{
@@ -472,7 +487,7 @@ class ModuleSSLOpenSSL : public Module
return 0;
}
- bool Handshake(EventHandler* user, issl_session* session)
+ bool Handshake(StreamSocket* user, issl_session* session)
{
int ret;
@@ -537,17 +552,14 @@ class ModuleSSLOpenSSL : public Module
errno = EIO;
}
- void VerifyCertificate(issl_session* session, Extensible* user)
+ void VerifyCertificate(issl_session* session, StreamSocket* user)
{
- if (!session->sess || !user)
- return;
-
- Module* sslinfo = ServerInstance->Modules->Find("m_sslinfo.so");
- if (!sslinfo)
+ if (!session->sess || !user || session->cert)
return;
X509* cert;
ssl_cert* certinfo = new ssl_cert;
+ session->cert = certinfo;
unsigned int n;
unsigned char md[EVP_MAX_MD_SIZE];
const EVP_MD *digest = EVP_md5();
@@ -557,7 +569,6 @@ class ModuleSSLOpenSSL : public Module
if (!cert)
{
certinfo->error = "Could not get peer certificate: "+std::string(get_error());
- SSLCertSubmission(user, this, sslinfo, certinfo);
return;
}
@@ -592,7 +603,6 @@ class ModuleSSLOpenSSL : public Module
}
X509_free(cert);
- SSLCertSubmission(user, this, sslinfo, certinfo);
}
};
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 15:37:14 +0000