summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/inspsocket.cpp1
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp14
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp14
-rw-r--r--src/modules/m_spanningtree.cpp62
-rw-r--r--src/modules/ssl.h20
5 files changed, 106 insertions, 5 deletions
diff --git a/src/inspsocket.cpp b/src/inspsocket.cpp
index 1096162db..fc0f7537a 100644
--- a/src/inspsocket.cpp
+++ b/src/inspsocket.cpp
@@ -367,7 +367,6 @@ bool InspSocket::FlushWriteBuffer()
{
try
{
- Instance->Log(DEBUG,"To write: %s", outbuffer[0].c_str());
int result = Instance->Config->GetIOHook(this)->OnRawSocketWrite(this->fd, outbuffer[0].c_str(), outbuffer[0].length());
if (result > 0)
{
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 0006c9de9..6ad14561d 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -273,6 +273,20 @@ class ModuleSSLGnuTLS : public Module
{
return ServerInstance->Config->DelIOHook((InspSocket*)ISR->Sock) ? (char*)"OK" : NULL;
}
+ else if (strcmp("IS_HSDONE", request->GetId()) == 0)
+ {
+ issl_session* session = &sessions[ISR->Sock->GetFd()];
+ return (session->status == ISSL_HANDSHAKING_READ || session->status == ISSL_HANDSHAKING_WRITE || session->status == ISSL_HANDSHAKEN) ? NULL : (char*)"OK";
+ }
+ else if (strcmp("IS_ATTACH", request->GetId()) == 0)
+ {
+ issl_session* session = &sessions[ISR->Sock->GetFd()];
+ if (session)
+ {
+ VerifyCertificate(session, (InspSocket*)ISR->Sock);
+ return "OK";
+ }
+ }
return NULL;
}
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 06708ff54..2f393f718 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -311,6 +311,20 @@ class ModuleSSLOpenSSL : public Module
ServerInstance->Log(DEBUG, "Unhooking socket %08x", ISR->Sock);
return ServerInstance->Config->DelIOHook((InspSocket*)ISR->Sock) ? (char*)"OK" : NULL;
}
+ else if (strcmp("IS_HSDONE", request->GetId()) == 0)
+ {
+ issl_session* session = &sessions[ISR->Sock->GetFd()];
+ return (session->status == ISSL_HANDSHAKING) ? NULL : (char*)"OK";
+ }
+ else if (strcmp("IS_ATTACH", request->GetId()) == 0)
+ {
+ issl_session* session = &sessions[ISR->Sock->GetFd()];
+ if (session)
+ {
+ VerifyCertificate(session, (InspSocket*)ISR->Sock);
+ return "OK";
+ }
+ }
return NULL;
}
diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp
index e96656910..b770631f5 100644
--- a/src/modules/m_spanningtree.cpp
+++ b/src/modules/m_spanningtree.cpp
@@ -81,6 +81,7 @@ class TreeServer;
class TreeSocket;
class Link;
class ModuleSpanningTree;
+class SpanningTreeUtilities;
/* This hash_map holds the hash equivalent of the server
* tree, used for rapid linear lookups.
@@ -117,6 +118,20 @@ class Link : public classbase
int Timeout;
};
+class HandshakeTimer : public InspTimer
+{
+ private:
+ InspIRCd* Instance;
+ TreeSocket* sock;
+ Link* lnk;
+ SpanningTreeUtilities* Utils;
+ int thefd;
+ public:
+ HandshakeTimer(InspIRCd* Inst, TreeSocket* s, Link* l, SpanningTreeUtilities* u);
+ virtual void Tick(time_t TIME);
+};
+
+
/** Contains helper functions and variables for this module,
* and keeps them out of the global namespace
*/
@@ -709,9 +724,20 @@ class TreeSocket : public InspSocket
Instance->Log(DEBUG, "HOOK = %08x", Hook);
if (Hook)
+ {
InspSocketHookRequest(this, (Module*)Utils->Creator, Hook).Send();
+ Instance->Timers->AddTimer(new HandshakeTimer(Instance, this, &(Utils->LinkBlocks[0]), this->Utils));
+ }
+ }
+
+ ServerState GetLinkState()
+ {
+ return this->LinkState;
+ }
- //this->SendCapabilities();
+ Module* GetHook()
+ {
+ return this->Hook;
}
~TreeSocket()
@@ -772,8 +798,9 @@ class TreeSocket : public InspSocket
if (Hook)
InspSocketHookRequest(this, (Module*)Utils->Creator, Hook).Send();
+ else
+ this->SendCapabilities();
- //this->SendCapabilities();
if (x->EncryptionKey != "")
{
if (!(x->EncryptionKey.length() == 16 || x->EncryptionKey.length() == 24 || x->EncryptionKey.length() == 32))
@@ -787,7 +814,11 @@ class TreeSocket : public InspSocket
}
}
/* found who we're supposed to be connecting to, send the neccessary gubbins. */
- this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+x->SendPass+" 0 :"+this->Instance->Config->ServerDesc);
+ if (Hook)
+ Instance->Timers->AddTimer(new HandshakeTimer(Instance, this, &(*x), this->Utils));
+ else
+ this->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+x->SendPass+" 0 :"+this->Instance->Config->ServerDesc);
+
return true;
}
}
@@ -4225,6 +4256,31 @@ class TimeSyncTimer : public InspTimer
virtual void Tick(time_t TIME);
};
+HandshakeTimer::HandshakeTimer(InspIRCd* Inst, TreeSocket* s, Link* l, SpanningTreeUtilities* u) : InspTimer(1, time(NULL)), Instance(Inst), sock(s), lnk(l), Utils(u)
+{
+ thefd = sock->GetFd();
+}
+
+void HandshakeTimer::Tick(time_t TIME)
+{
+ if (Instance->SE->GetRef(thefd) == sock)
+ {
+ if (sock->GetHook() && InspSocketHSCompleteRequest(sock, (Module*)Utils->Creator, sock->GetHook()).Send())
+ {
+ InspSocketAttachCertRequest(sock, (Module*)Utils->Creator, sock->GetHook()).Send();
+ sock->SendCapabilities();
+ if (sock->GetLinkState() == CONNECTING)
+ {
+ sock->WriteLine(std::string("SERVER ")+this->Instance->Config->ServerName+" "+lnk->SendPass+" 0 :"+this->Instance->Config->ServerDesc);
+ }
+ }
+ else
+ {
+ Instance->Timers->AddTimer(new HandshakeTimer(Instance, sock, lnk, Utils));
+ }
+ }
+}
+
class ModuleSpanningTree : public Module
{
int line;
diff --git a/src/modules/ssl.h b/src/modules/ssl.h
index e636aad46..4d303502e 100644
--- a/src/modules/ssl.h
+++ b/src/modules/ssl.h
@@ -152,13 +152,31 @@ class ssl_cert
class ISHRequest : public Request
{
public:
- const InspSocket* Sock;
+ InspSocket* Sock;
ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock)
{
}
};
+class InspSocketAttachCertRequest : public ISHRequest
+{
+ public:
+ /** Initialize the request as an attach cert message */
+ InspSocketAttachCertRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_ATTACH", is)
+ {
+ }
+};
+
+class InspSocketHSCompleteRequest : public ISHRequest
+{
+ public:
+ /** Initialize the request as a 'handshake complete?' message */
+ InspSocketHSCompleteRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HSDONE", is)
+ {
+ }
+};
+
class InspSocketHookRequest : public ISHRequest
{
public: