diff options
| -rw-r--r-- | include/modules/ssl.h | 19 | ||||
| -rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 25 | ||||
| -rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 26 | ||||
| -rw-r--r-- | src/modules/m_jumpserver.cpp | 2 | ||||
| -rw-r--r-- | src/modules/m_spanningtree/server.cpp | 10 | ||||
| -rw-r--r-- | src/modules/m_sslinfo.cpp | 22 |
6 files changed, 53 insertions, 51 deletions
diff --git a/include/modules/ssl.h b/include/modules/ssl.h index 67bfc7b2e..9cc504128 100644 --- a/include/modules/ssl.h +++ b/include/modules/ssl.h @@ -164,6 +164,14 @@ class SSLIOHook : public IOHook } public: + static SSLIOHook* IsSSL(StreamSocket* sock) + { + IOHook* const iohook = sock->GetIOHook(); + if ((iohook) && ((iohook->prov->type == IOHookProvider::IOH_SSL))) + return static_cast<SSLIOHook*>(iohook); + return NULL; + } + SSLIOHook(IOHookProvider* hookprov) : IOHook(hookprov) { @@ -190,6 +198,12 @@ class SSLIOHook : public IOHook return cert->GetFingerprint(); return ""; } + + /** + * Get the ciphersuite negotiated with the peer + * @param out String where the ciphersuite string will be appended to + */ + virtual void GetCiphersuite(std::string& out) const = 0; }; /** Helper functions for obtaining SSL client certificates and key fingerprints @@ -205,11 +219,10 @@ class SSLClientCert */ static ssl_cert* GetCertificate(StreamSocket* sock) { - IOHook* iohook = sock->GetIOHook(); - if ((!iohook) || (iohook->prov->type != IOHookProvider::IOH_SSL)) + SSLIOHook* ssliohook = SSLIOHook::IsSSL(sock); + if (!ssliohook) return NULL; - SSLIOHook* ssliohook = static_cast<SSLIOHook*>(iohook); return ssliohook->GetCertificate(); } diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 6a653dded..a1c989163 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -1150,22 +1150,10 @@ info_done_dealloc: return 1; } - void TellCiphersAndFingerprint(LocalUser* user) - { - if (sess) - { - std::string text = "*** You are connected using SSL cipher '"; - GetCiphersuite(text); - text += '\''; - if (!certificate->fingerprint.empty()) - text += " and your SSL certificate fingerprint is " + certificate->fingerprint; - - user->WriteNotice(text); - } - } - - void GetCiphersuite(std::string& out) const + void GetCiphersuite(std::string& out) const CXX11_OVERRIDE { + if (!IsHandshakeDone()) + return; out.append(UnknownIfNULL(gnutls_protocol_get_name(gnutls_protocol_get_version(sess)))).push_back('-'); out.append(UnknownIfNULL(gnutls_kx_get_name(gnutls_kx_get(sess)))).push_back('-'); out.append(UnknownIfNULL(gnutls_cipher_get_name(gnutls_cipher_get(sess)))).push_back('-'); @@ -1344,13 +1332,6 @@ class ModuleSSLGnuTLS : public Module return Version("Provides SSL support for clients", VF_VENDOR); } - void OnUserConnect(LocalUser* user) CXX11_OVERRIDE - { - IOHook* hook = user->eh.GetIOHook(); - if (hook && hook->prov->creator == this) - static_cast<GnuTLSIOHook*>(hook)->TellCiphersAndFingerprint(user); - } - ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE { if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this)) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index c9ae14e11..80c9d9395 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -720,23 +720,10 @@ class OpenSSLIOHook : public SSLIOHook return 1; } - void TellCiphersAndFingerprint(LocalUser* user) - { - if (sess) - { - std::string text = "*** You are connected using SSL cipher '"; - GetCiphersuite(text); - text += '\''; - const std::string& fingerprint = certificate->fingerprint; - if (!fingerprint.empty()) - text += " and your SSL certificate fingerprint is " + fingerprint; - - user->WriteNotice(text); - } - } - - void GetCiphersuite(std::string& out) const + void GetCiphersuite(std::string& out) const CXX11_OVERRIDE { + if (!IsHandshakeDone()) + return; out.append(SSL_get_version(sess)).push_back('-'); out.append(SSL_get_cipher(sess)); } @@ -917,13 +904,6 @@ class ModuleSSLOpenSSL : public Module } } - void OnUserConnect(LocalUser* user) CXX11_OVERRIDE - { - IOHook* hook = user->eh.GetIOHook(); - if (hook && hook->prov->creator == this) - static_cast<OpenSSLIOHook*>(hook)->TellCiphersAndFingerprint(user); - } - void OnCleanup(int target_type, void* item) CXX11_OVERRIDE { if (target_type == TYPE_USER) diff --git a/src/modules/m_jumpserver.cpp b/src/modules/m_jumpserver.cpp index 33b9bcd35..f59ef045d 100644 --- a/src/modules/m_jumpserver.cpp +++ b/src/modules/m_jumpserver.cpp @@ -140,7 +140,7 @@ class CommandJumpserver : public Command int GetPort(LocalUser* user) { - int p = (SSLClientCert::GetCertificate(&user->eh) ? sslport : port); + int p = (SSLIOHook::IsSSL(&user->eh) ? sslport : port); if (p == 0) p = user->GetServerPort(); return p; diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp index bc43841c1..3000dd391 100644 --- a/src/modules/m_spanningtree/server.cpp +++ b/src/modules/m_spanningtree/server.cpp @@ -19,6 +19,7 @@ #include "inspircd.h" +#include "modules/ssl.h" #include "main.h" #include "utils.h" @@ -127,6 +128,15 @@ Link* TreeSocket::AuthRemote(const parameterlist& params) return NULL; ServerInstance->SNO->WriteToSnoMask('l',"Verified server connection " + linkID + " ("+description+")"); + + const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(this); + if (ssliohook) + { + std::string ciphersuite; + ssliohook->GetCiphersuite(ciphersuite); + ServerInstance->SNO->WriteToSnoMask('l', "Negotiated ciphersuite %s on link %s", ciphersuite.c_str(), x->Name.c_str()); + } + return x; } diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 6a29d3bde..9682e92cf 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -209,8 +209,26 @@ class ModuleSSLInfo : public Module, public Whois::EventListener void OnPostConnect(User* user) CXX11_OVERRIDE { - ssl_cert *cert = cmd.CertExt.get(user); - if (!cert || cert->fingerprint.empty()) + LocalUser* const localuser = IS_LOCAL(user); + if (!localuser) + return; + + const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(&localuser->eh); + if (!ssliohook) + return; + + ssl_cert* const cert = ssliohook->GetCertificate(); + + { + std::string text = "*** You are connected using SSL cipher '"; + ssliohook->GetCiphersuite(text); + text.push_back('\''); + if ((cert) && (!cert->GetFingerprint().empty())) + text.append(" and your SSL certificate fingerprint is ").append(cert->GetFingerprint()); + user->WriteNotice(text); + } + + if (!cert) return; // find an auto-oper block for this user for (ServerConfig::OperIndex::const_iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); ++i) |