diff options
-rw-r--r-- | src/inspsocket.cpp | 1 | ||||
-rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 14 | ||||
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 14 | ||||
-rw-r--r-- | src/modules/m_spanningtree.cpp | 62 | ||||
-rw-r--r-- | src/modules/ssl.h | 20 |
5 files changed, 106 insertions, 5 deletions
diff --git a/src/inspsocket.cpp b/src/inspsocket.cpp index 1096162db..fc0f7537a 100644 --- a/src/inspsocket.cpp +++ b/src/inspsocket.cpp @@ -367,7 +367,6 @@ bool InspSocket::FlushWriteBuffer() { try { - Instance->Log(DEBUG,"To write: %s", outbuffer[0].c_str()); int result = Instance->Config->GetIOHook(this)->OnRawSocketWrite(this->fd, outbuffer[0].c_str(), outbuffer[0].length()); if (result > 0) { diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 0006c9de9..6ad14561d 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -273,6 +273,20 @@ class ModuleSSLGnuTLS : public Module { return ServerInstance->Config->DelIOHook((InspSocket*)ISR->Sock) ? (char*)"OK" : NULL; } + else if (strcmp("IS_HSDONE", request->GetId()) == 0) + { + issl_session* session = &sessions[ISR->Sock->GetFd()]; + return (session->status == ISSL_HANDSHAKING_READ || session->status == ISSL_HANDSHAKING_WRITE || session->status == ISSL_HANDSHAKEN) ? NULL : (char*)"OK"; + } + else if (strcmp("IS_ATTACH", request->GetId()) == 0) + { + issl_session* session = &sessions[ISR->Sock->GetFd()]; + if (session) + { + VerifyCertificate(session, (InspSocket*)ISR->Sock); + return "OK"; + } + } return NULL; } diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 06708ff54..2f393f718 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -311,6 +311,20 @@ class ModuleSSLOpenSSL : public Module ServerInstance->Log(DEBUG, "Unhooking socket %08x", ISR->Sock); return ServerInstance->Config->DelIOHook((InspSocket*)ISR->Sock) ? (char*)"OK" : NULL; } + else if (strcmp("IS_HSDONE", request->GetId()) == 0) + { + issl_session* session = &sessions[ISR->Sock->GetFd()]; + return (session->status == ISSL_HANDSHAKING) ? NULL : (char*)"OK"; + } + else if (strcmp("IS_ATTACH", request->GetId()) == 0) + { + issl_session* session = &sessions[ISR->Sock->GetFd()]; + if (session) + { + VerifyCertificate(session, (InspSocket*)ISR->Sock); + return "OK"; + } + } return NULL; } diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp index e96656910..b770631f5 100644 --- a/src/modules/m_spanningtree.cpp +++ b/src/modules/m_spanningtree.cpp @@ -81,6 +81,7 @@ class TreeServer; class TreeSocket; class Link; class ModuleSpanningTree; +class SpanningTreeUtilities; /* This hash_map holds the hash equivalent of the server * tree, used for rapid linear lookups. @@ -117,6 +118,20 @@ class Link : public classbase int Timeout; }; +class HandshakeTimer : public InspTimer +{ + private: + InspIRCd* Instance; + TreeSocket* sock; + Link* lnk; + SpanningTreeUtilities* Utils; + int thefd; + public: + HandshakeTimer(InspIRCd* Inst, TreeSocket* s, Link* l, SpanningTreeUtilities* u); + virtual void Tick(time_t TIME); +}; + + /** Contains helper functions and variables for this module, * and keeps them out of the global namespace */ @@ -709,9 +724,20 @@ class TreeSocket : public InspSocket Instance->Log(DEBUG, "HOOK = %08x", Hook); if (Hook) + { InspSocketHookRequest(this, (Module*)Utils->Creator, Hook).Send(); + Instance->Timers->AddTimer(new HandshakeTimer(Instance, this, &(Utils->LinkBlocks[0]), this->Utils)); + } + } + + ServerState GetLinkState() + { + return this->LinkState; + } - //this->SendCapabilities(); + Module* GetHook() + { + return this->Hook; } ~TreeSocket() @@ -772,8 +798,9 @@ class TreeSocket : public InspSocket if (Hook) InspSocketHookRequest(this, (Module*)Utils->Creator, Hook).Send(); + else + this->SendCapabilities(); - //this->SendCapabilities(); if (x->EncryptionKey != "") { if (!(x->EncryptionKey.length() == 16 || x->EncryptionKey.length() == 24 || x->EncryptionKey.length() == 32)) @@ -787,7 +814,11 @@ class TreeSocket : public InspSocket } } /* found who we're supposed to be connecting to, send the neccessary gubbins. */ - this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+x->SendPass+" 0 :"+this->Instance->Config->ServerDesc); + if (Hook) + Instance->Timers->AddTimer(new HandshakeTimer(Instance, this, &(*x), this->Utils)); + else + this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+x->SendPass+" 0 :"+this->Instance->Config->ServerDesc); + return true; } } @@ -4225,6 +4256,31 @@ class TimeSyncTimer : public InspTimer virtual void Tick(time_t TIME); }; +HandshakeTimer::HandshakeTimer(InspIRCd* Inst, TreeSocket* s, Link* l, SpanningTreeUtilities* u) : InspTimer(1, time(NULL)), Instance(Inst), sock(s), lnk(l), Utils(u) +{ + thefd = sock->GetFd(); +} + +void HandshakeTimer::Tick(time_t TIME) +{ + if (Instance->SE->GetRef(thefd) == sock) + { + if (sock->GetHook() && InspSocketHSCompleteRequest(sock, (Module*)Utils->Creator, sock->GetHook()).Send()) + { + InspSocketAttachCertRequest(sock, (Module*)Utils->Creator, sock->GetHook()).Send(); + sock->SendCapabilities(); + if (sock->GetLinkState() == CONNECTING) + { + sock->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+lnk->SendPass+" 0 :"+this->Instance->Config->ServerDesc); + } + } + else + { + Instance->Timers->AddTimer(new HandshakeTimer(Instance, sock, lnk, Utils)); + } + } +} + class ModuleSpanningTree : public Module { int line; diff --git a/src/modules/ssl.h b/src/modules/ssl.h index e636aad46..4d303502e 100644 --- a/src/modules/ssl.h +++ b/src/modules/ssl.h @@ -152,13 +152,31 @@ class ssl_cert class ISHRequest : public Request { public: - const InspSocket* Sock; + InspSocket* Sock; ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock) { } }; +class InspSocketAttachCertRequest : public ISHRequest +{ + public: + /** Initialize the request as an attach cert message */ + InspSocketAttachCertRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_ATTACH", is) + { + } +}; + +class InspSocketHSCompleteRequest : public ISHRequest +{ + public: + /** Initialize the request as a 'handshake complete?' message */ + InspSocketHSCompleteRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HSDONE", is) + { + } +}; + class InspSocketHookRequest : public ISHRequest { public: |