From c015aa4c0e1cfc031109c18af497cca9a72c844c Mon Sep 17 00:00:00 2001 From: brain Date: Sun, 10 Dec 2006 14:31:47 +0000 Subject: Rename ssl.h -> transport.h, as its now used for ziplinks Document the data format used by our ziplinks (its not just deflated data, there has to be a length header on the start) git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5912 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/extra/m_ssl_gnutls.cpp | 4 +- src/modules/extra/m_ssl_openssl.cpp | 7 +- src/modules/extra/m_ssl_oper_cert.cpp | 4 +- src/modules/extra/m_sslinfo.cpp | 4 +- src/modules/extra/m_ziplink.cpp | 25 +++- src/modules/m_spanningtree.cpp | 2 +- src/modules/ssl.h | 208 ---------------------------------- src/modules/transport.h | 208 ++++++++++++++++++++++++++++++++++ 8 files changed, 241 insertions(+), 221 deletions(-) delete mode 100644 src/modules/ssl.h create mode 100644 src/modules/transport.h (limited to 'src') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 52a47b062..4a604ba9a 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -14,12 +14,12 @@ #include "hashcomp.h" #include "inspircd.h" -#include "ssl.h" +#include "transport.h" /* $ModDesc: Provides SSL support for clients */ /* $CompileFlags: `libgnutls-config --cflags` */ /* $LinkerFlags: `perl extra/gnutls_rpath.pl` */ -/* $ModDep: ssl.h */ +/* $ModDep: transport.h */ enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED }; diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 2f393f718..49c2ecfc8 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -1,7 +1,7 @@ #include #include -#include +#include #include #include "inspircd_config.h" @@ -14,13 +14,12 @@ #include "hashcomp.h" #include "inspircd.h" -#include "ssl.h" +#include "transport.h" /* $ModDesc: Provides SSL support for clients */ /* $CompileFlags: `perl extra/openssl_config.pl compile` */ /* $LinkerFlags: `perl extra/openssl_config.pl link` */ -/* $ModDep: ssl.h */ - +/* $ModDep: transport.h */ enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN }; enum issl_io_status { ISSL_WRITE, ISSL_READ }; diff --git a/src/modules/extra/m_ssl_oper_cert.cpp b/src/modules/extra/m_ssl_oper_cert.cpp index 41103abd6..27d0b1bc1 100644 --- a/src/modules/extra/m_ssl_oper_cert.cpp +++ b/src/modules/extra/m_ssl_oper_cert.cpp @@ -15,7 +15,7 @@ */ /* $ModDesc: Allows for MD5 encrypted oper passwords */ -/* $ModDep: ssl.h */ +/* $ModDep: transport.h */ using namespace std; @@ -25,7 +25,7 @@ using namespace std; #include "channels.h" #include "modules.h" #include "inspircd.h" -#include "ssl.h" +#include "transport.h" #include "wildcard.h" /** Handle /FINGERPRINT diff --git a/src/modules/extra/m_sslinfo.cpp b/src/modules/extra/m_sslinfo.cpp index ea5764d2d..77005522c 100644 --- a/src/modules/extra/m_sslinfo.cpp +++ b/src/modules/extra/m_sslinfo.cpp @@ -20,13 +20,13 @@ using namespace std; #include "users.h" #include "channels.h" #include "modules.h" -#include "ssl.h" +#include "transport.h" #include "wildcard.h" #include "inspircd.h" #include "dns.h" /* $ModDesc: Provides /sslinfo command used to test who a mask matches */ -/* $ModDep: ssl.h */ +/* $ModDep: transport.h */ /** Handle /SSLINFO */ diff --git a/src/modules/extra/m_ziplink.cpp b/src/modules/extra/m_ziplink.cpp index b5249681e..48d9bb18f 100644 --- a/src/modules/extra/m_ziplink.cpp +++ b/src/modules/extra/m_ziplink.cpp @@ -13,11 +13,32 @@ #include "hashcomp.h" #include "inspircd.h" -#include "ssl.h" +#include "transport.h" /* $ModDesc: Provides zlib link support for servers */ /* $LinkerFlags: -lz */ -/* $ModDep: ssl.h */ +/* $ModDep: transport.h */ + +/* + * Compressed data is transmitted across the link in the following format: + * + * 0 1 2 3 4 ... n + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * | n | n | n | n | Z0 -> Zn | + * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ + * + * Where: n is the size of a frame, in network byte order, 4 bytes. + * Z0 through Zn are Zlib compressed data, n bytes in length. + * + * If the module fails to read the entire frame, then it will buffer + * the portion of the last frame it received, then attempt to read + * the next part of the frame next time a write notification arrives. + * + * ZLIB_BEST_COMPRESSION (9) is used for all sending of data with + * a flush after each frame. A frame may contain multiple lines + * and should be treated as raw binary data. + * + */ enum izip_status { IZIP_WAITFIRST, IZIP_OPEN, IZIP_CLOSED }; diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp index 7da4dab30..c0d2d7428 100644 --- a/src/modules/m_spanningtree.cpp +++ b/src/modules/m_spanningtree.cpp @@ -26,7 +26,7 @@ #include "inspircd.h" #include "wildcard.h" #include "xline.h" -#include "ssl.h" +#include "transport.h" /** If you make a change which breaks the protocol, increment this. * If you completely change the protocol, completely change the number. diff --git a/src/modules/ssl.h b/src/modules/ssl.h deleted file mode 100644 index 4d303502e..000000000 --- a/src/modules/ssl.h +++ /dev/null @@ -1,208 +0,0 @@ -#ifndef __SSL_CERT_H__ -#define __SSL_CERT_H__ - -#include -#include - -/** A generic container for certificate data - */ -typedef std::map ssl_data; - -/** A shorthand way of representing an iterator into ssl_data - */ -typedef ssl_data::iterator ssl_data_iter; - -/** ssl_cert is a class which abstracts SSL certificate - * and key information. - * - * Because gnutls and openssl represent key information in - * wildly different ways, this class allows it to be accessed - * in a unified manner. These classes are attached to ssl- - * connected local users using Extensible::Extend() and the - * key 'ssl_cert'. - */ -class ssl_cert -{ - /** Always contains an empty string - */ - const std::string empty; - - public: - /** The data for this certificate - */ - ssl_data data; - - /** Default constructor, initializes 'empty' - */ - ssl_cert() : empty("") - { - } - - /** Get certificate distinguished name - * @return Certificate DN - */ - const std::string& GetDN() - { - ssl_data_iter ssldi = data.find("dn"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; - } - - /** Get Certificate issuer - * @return Certificate issuer - */ - const std::string& GetIssuer() - { - ssl_data_iter ssldi = data.find("issuer"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; - } - - /** Get error string if an error has occured - * @return The error associated with this users certificate, - * or an empty string if there is no error. - */ - const std::string& GetError() - { - ssl_data_iter ssldi = data.find("error"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; - } - - /** Get key fingerprint. - * @return The key fingerprint as a hex string. - */ - const std::string& GetFingerprint() - { - ssl_data_iter ssldi = data.find("fingerprint"); - - if (ssldi != data.end()) - return ssldi->second; - else - return empty; - } - - /** Get trust status - * @return True if this is a trusted certificate - * (the certificate chain validates) - */ - bool IsTrusted() - { - ssl_data_iter ssldi = data.find("trusted"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; - } - - /** Get validity status - * @return True if the certificate itself is - * correctly formed. - */ - bool IsInvalid() - { - ssl_data_iter ssldi = data.find("invalid"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; - } - - /** Get signer status - * @return True if the certificate appears to be - * self-signed. - */ - bool IsUnknownSigner() - { - ssl_data_iter ssldi = data.find("unknownsigner"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; - } - - /** Get revokation status. - * @return True if the certificate is revoked. - * Note that this only works properly for GnuTLS - * right now. - */ - bool IsRevoked() - { - ssl_data_iter ssldi = data.find("revoked"); - - if (ssldi != data.end()) - return (ssldi->second == "1"); - else - return false; - } -}; - -class ISHRequest : public Request -{ - public: - InspSocket* Sock; - - ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock) - { - } -}; - -class InspSocketAttachCertRequest : public ISHRequest -{ - public: - /** Initialize the request as an attach cert message */ - InspSocketAttachCertRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_ATTACH", is) - { - } -}; - -class InspSocketHSCompleteRequest : public ISHRequest -{ - public: - /** Initialize the request as a 'handshake complete?' message */ - InspSocketHSCompleteRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HSDONE", is) - { - } -}; - -class InspSocketHookRequest : public ISHRequest -{ - public: - /** Initialize request as a hook message */ - InspSocketHookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is) - { - } -}; - -class InspSocketUnhookRequest : public ISHRequest -{ - public: - /** Initialize request as an unhook message */ - InspSocketUnhookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is) - { - } -}; - -class InspSocketNameRequest : public ISHRequest -{ - public: - /** Initialize request as a get name message */ - InspSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL) - { - } -}; - -#endif - diff --git a/src/modules/transport.h b/src/modules/transport.h new file mode 100644 index 000000000..4d303502e --- /dev/null +++ b/src/modules/transport.h @@ -0,0 +1,208 @@ +#ifndef __SSL_CERT_H__ +#define __SSL_CERT_H__ + +#include +#include + +/** A generic container for certificate data + */ +typedef std::map ssl_data; + +/** A shorthand way of representing an iterator into ssl_data + */ +typedef ssl_data::iterator ssl_data_iter; + +/** ssl_cert is a class which abstracts SSL certificate + * and key information. + * + * Because gnutls and openssl represent key information in + * wildly different ways, this class allows it to be accessed + * in a unified manner. These classes are attached to ssl- + * connected local users using Extensible::Extend() and the + * key 'ssl_cert'. + */ +class ssl_cert +{ + /** Always contains an empty string + */ + const std::string empty; + + public: + /** The data for this certificate + */ + ssl_data data; + + /** Default constructor, initializes 'empty' + */ + ssl_cert() : empty("") + { + } + + /** Get certificate distinguished name + * @return Certificate DN + */ + const std::string& GetDN() + { + ssl_data_iter ssldi = data.find("dn"); + + if (ssldi != data.end()) + return ssldi->second; + else + return empty; + } + + /** Get Certificate issuer + * @return Certificate issuer + */ + const std::string& GetIssuer() + { + ssl_data_iter ssldi = data.find("issuer"); + + if (ssldi != data.end()) + return ssldi->second; + else + return empty; + } + + /** Get error string if an error has occured + * @return The error associated with this users certificate, + * or an empty string if there is no error. + */ + const std::string& GetError() + { + ssl_data_iter ssldi = data.find("error"); + + if (ssldi != data.end()) + return ssldi->second; + else + return empty; + } + + /** Get key fingerprint. + * @return The key fingerprint as a hex string. + */ + const std::string& GetFingerprint() + { + ssl_data_iter ssldi = data.find("fingerprint"); + + if (ssldi != data.end()) + return ssldi->second; + else + return empty; + } + + /** Get trust status + * @return True if this is a trusted certificate + * (the certificate chain validates) + */ + bool IsTrusted() + { + ssl_data_iter ssldi = data.find("trusted"); + + if (ssldi != data.end()) + return (ssldi->second == "1"); + else + return false; + } + + /** Get validity status + * @return True if the certificate itself is + * correctly formed. + */ + bool IsInvalid() + { + ssl_data_iter ssldi = data.find("invalid"); + + if (ssldi != data.end()) + return (ssldi->second == "1"); + else + return false; + } + + /** Get signer status + * @return True if the certificate appears to be + * self-signed. + */ + bool IsUnknownSigner() + { + ssl_data_iter ssldi = data.find("unknownsigner"); + + if (ssldi != data.end()) + return (ssldi->second == "1"); + else + return false; + } + + /** Get revokation status. + * @return True if the certificate is revoked. + * Note that this only works properly for GnuTLS + * right now. + */ + bool IsRevoked() + { + ssl_data_iter ssldi = data.find("revoked"); + + if (ssldi != data.end()) + return (ssldi->second == "1"); + else + return false; + } +}; + +class ISHRequest : public Request +{ + public: + InspSocket* Sock; + + ISHRequest(Module* Me, Module* Target, const char* rtype, InspSocket* sock) : Request(Me, Target, rtype), Sock(sock) + { + } +}; + +class InspSocketAttachCertRequest : public ISHRequest +{ + public: + /** Initialize the request as an attach cert message */ + InspSocketAttachCertRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_ATTACH", is) + { + } +}; + +class InspSocketHSCompleteRequest : public ISHRequest +{ + public: + /** Initialize the request as a 'handshake complete?' message */ + InspSocketHSCompleteRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HSDONE", is) + { + } +}; + +class InspSocketHookRequest : public ISHRequest +{ + public: + /** Initialize request as a hook message */ + InspSocketHookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_HOOK", is) + { + } +}; + +class InspSocketUnhookRequest : public ISHRequest +{ + public: + /** Initialize request as an unhook message */ + InspSocketUnhookRequest(InspSocket* is, Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_UNHOOK", is) + { + } +}; + +class InspSocketNameRequest : public ISHRequest +{ + public: + /** Initialize request as a get name message */ + InspSocketNameRequest(Module* Me, Module* Target) : ISHRequest(Me, Target, "IS_NAME", NULL) + { + } +}; + +#endif + -- cgit v1.2.3