Fix extras compilation under Windows

[user/henk/code/inspircd.git] / src / modules / extra / m_ssl_gnutls.cpp

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 07e11aaa7de8ab100d7c87db2ba226d1e12c4c0b..95638417bc9aa6cfc0c1c1c0bd8f5d6991737403 100644 (file)
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -18,24 +18,20 @@
 #include "ssl.h"
 #include "m_cap.h"
 
-#ifdef WINDOWS
-#pragma comment(lib, "libgnutls-13.lib")
-#endif
-
 /* $ModDesc: Provides SSL support for clients */
 /* $CompileFlags: pkgconfincludes("gnutls","/gnutls/gnutls.h","") */
 /* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") */
 
 enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED };
 
-static gnutls_x509_crt_t x509_cert;
+static std::vector<gnutls_x509_crt_t> x509_certs;
 static gnutls_x509_privkey_t x509_key;
 static int cert_callback (gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs,
        const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st) {
 
        st->type = GNUTLS_CRT_X509;
-       st->ncerts = 1;
-       st->cert.x509 = &x509_cert;
+       st->ncerts = x509_certs.size();
+       st->cert.x509 = &x509_certs[0];
        st->key.x509 = x509_key;
        st->deinit_all = 0;
 
@@ -50,7 +46,7 @@ static ssize_t gnutls_pull_wrapper(gnutls_transport_ptr_t user_wrap, void* buffe
                errno = EAGAIN;
                return -1;
        }
-       int rv = recv(user->GetFd(), buffer, size, 0);
+       int rv = recv(user->GetFd(), reinterpret_cast<char *>(buffer), size, 0);
        if (rv < (int)size)
                ServerInstance->SE->ChangeEventMask(user, FD_READ_WILL_BLOCK);
        return rv;
@@ -64,7 +60,7 @@ static ssize_t gnutls_push_wrapper(gnutls_transport_ptr_t user_wrap, const void*
                errno = EAGAIN;
                return -1;
        }
-       int rv = send(user->GetFd(), buffer, size, 0);
+       int rv = send(user->GetFd(), reinterpret_cast<const char *>(buffer), size, 0);
        if (rv < (int)size)
                ServerInstance->SE->ChangeEventMask(user, FD_WRITE_WILL_BLOCK);
        return rv;
@@ -94,13 +90,21 @@ public:
 class CommandStartTLS : public SplitCommand
 {
  public:
+       bool enabled;
        CommandStartTLS (Module* mod) : SplitCommand(mod, "STARTTLS")
        {
+               enabled = true;
                works_before_reg = true;
        }
 
        CmdResult HandleLocal(const std::vector<std::string> &parameters, LocalUser *user)
        {
+               if (!enabled)
+               {
+                       user->WriteNumeric(691, "%s :STARTTLS is not enabled", user->nick.c_str());
+                       return CMD_FAILURE;
+               }
+
                if (user->registered == REG_ALL)
                {
                        user->WriteNumeric(691, "%s :STARTTLS is not permitted after client registration is complete", user->nick.c_str());
@@ -156,7 +160,6 @@ class ModuleSSLGnuTLS : public Module
                sessions = new issl_session[ServerInstance->SE->GetMaxFds()];
 
                gnutls_global_init(); // This must be called once in the program
-               gnutls_x509_crt_init(&x509_cert);
                gnutls_x509_privkey_init(&x509_key);
 
                cred_alloc = false;
@@ -184,6 +187,7 @@ class ModuleSSLGnuTLS : public Module
                sslports.clear();
 
                ConfigTag* Conf = ServerInstance->Config->ConfValue("gnutls");
+               starttls.enabled = Conf->getBool("starttls", true);
 
                if (Conf->getBool("showports", true))
                {
@@ -243,6 +247,10 @@ class ModuleSSLGnuTLS : public Module
                        // Deallocate the old credentials
                        gnutls_dh_params_deinit(dh_params);
                        gnutls_certificate_free_credentials(x509_cred);
+
+                       for(unsigned int i=0; i < x509_certs.size(); i++)
+                               gnutls_x509_crt_deinit(x509_certs[i]);
+                       x509_certs.clear();
                }
                else
                        cred_alloc = true;
@@ -267,13 +275,17 @@ class ModuleSSLGnuTLS : public Module
                gnutls_datum_t key_datum = { (unsigned char*)key_string.data(), key_string.length() };
 
                // If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException
-               if((ret = gnutls_x509_crt_import(x509_cert, &cert_datum, GNUTLS_X509_FMT_PEM)) < 0)
+               unsigned int certcount = Conf->getInt("certcount", 3);
+               x509_certs.resize(certcount);
+               ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+               if (ret < 0)
                        throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + std::string(gnutls_strerror(ret)));
+               x509_certs.resize(certcount);
 
                if((ret = gnutls_x509_privkey_import(x509_key, &key_datum, GNUTLS_X509_FMT_PEM)) < 0)
                        throw ModuleException("Unable to load GnuTLS server private key (" + keyfile + "): " + std::string(gnutls_strerror(ret)));
 
-               if((ret = gnutls_certificate_set_x509_key(x509_cred, &x509_cert, 1, x509_key)) < 0)
+               if((ret = gnutls_certificate_set_x509_key(x509_cred, &x509_certs[0], certcount, x509_key)) < 0)
                        throw ModuleException("Unable to set GnuTLS cert/key pair: " + std::string(gnutls_strerror(ret)));
 
                gnutls_certificate_client_set_retrieve_function (x509_cred, cert_callback);
@@ -300,7 +312,9 @@ class ModuleSSLGnuTLS : public Module
 
        ~ModuleSSLGnuTLS()
        {
-               gnutls_x509_crt_deinit(x509_cert);
+               for(unsigned int i=0; i < x509_certs.size(); i++)
+                       gnutls_x509_crt_deinit(x509_certs[i]);
+               x509_certs.clear();
                gnutls_x509_privkey_deinit(x509_key);
                if (cred_alloc)
                {
@@ -337,7 +351,8 @@ class ModuleSSLGnuTLS : public Module
        {
                if (!sslports.empty())
                        output.append(" SSL=" + sslports);
-               output.append(" STARTTLS");
+               if (starttls.enabled)
+                       output.append(" STARTTLS");
        }
 
        void OnHookIO(StreamSocket* user, ListenSocket* lsb)
@@ -501,17 +516,11 @@ class ModuleSSLGnuTLS : public Module
                                ServerInstance->SE->ChangeEventMask(user, FD_WANT_SINGLE_WRITE);
                                return 0;
                        }
-                       else if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
+                       else if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret == 0)
                        {
                                ServerInstance->SE->ChangeEventMask(user, FD_WANT_SINGLE_WRITE);
                                return 0;
                        }
-                       else if (ret == 0)
-                       {
-                               CloseSession(session);
-                               user->SetError("SSL Connection closed");
-                               return -1;
-                       }
                        else // (ret < 0)
                        {
                                user->SetError(gnutls_strerror(ret));
@@ -697,7 +706,8 @@ info_done_dealloc:
 
        void OnEvent(Event& ev)
        {
-               capHandler.HandleEvent(ev);
+               if (starttls.enabled)
+                       capHandler.HandleEvent(ev);
        }
 };