]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/extra/m_ssl_gnutls.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Thanks dz, forgot uppercase equivalent of AEIOU in the strchr
[user/henk/code/inspircd.git] / src / modules / extra / m_ssl_gnutls.cpp
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index a6fd64fa76687fe55d4fce9f1ede4d8349958e8e..de1f6d55f90b16623f5b8dd64ed835b3831546b6 100644 (file)
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -90,7 +90,7 @@ class ModuleSSLGnuTLS : public Module
        ModuleSSLGnuTLS(InspIRCd* Me)
                : Module(Me)
        {
-               ServerInstance->PublishInterface("InspSocketHook", this);
+               ServerInstance->Modules->PublishInterface("InspSocketHook", this);
 
                // Not rehashable...because I cba to reduce all the sizes of existing buffers.
                inbufsize = ServerInstance->Config->NetBufferSize;
@@ -211,9 +211,11 @@ class ModuleSSLGnuTLS : public Module
                if((ret = gnutls_certificate_set_x509_crl_file (x509_cred, crlfile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
                        ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 CRL file '%s': %s", crlfile.c_str(), gnutls_strerror(ret));
 
-               // Guessing on the return value of this, manual doesn't say :|
                if((ret = gnutls_certificate_set_x509_key_file (x509_cred, certfile.c_str(), keyfile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
-                       ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 certificate and key files '%s' and '%s': %s", certfile.c_str(), keyfile.c_str(), gnutls_strerror(ret));
+               {
+                       // If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException
+                       throw ModuleException("Unable to load GnuTLS server certificate: " + std::string(gnutls_strerror(ret)));
+               }
 
                // This may be on a large (once a day or week) timer eventually.
                GenerateDHParams();
@@ -251,7 +253,7 @@ class ModuleSSLGnuTLS : public Module
                        {
                                // User is using SSL, they're a local user, and they're using one of *our* SSL ports.
                                // Potentially there could be multiple SSL modules loaded at once on different ports.
-                               ServerInstance->GlobalCulls.AddItem(user, "SSL module unloading");
+                               userrec::QuitUser(ServerInstance, user, "SSL module unloading");
                        }
                        if (user->GetExt("ssl_cert", dummy) && isin(user->GetPort(), listenports))
                        {
@@ -285,7 +287,7 @@ class ModuleSSLGnuTLS : public Module
        void Implements(char* List)
        {
                List[I_On005Numeric] = List[I_OnRawSocketConnect] = List[I_OnRawSocketAccept] = List[I_OnRawSocketClose] = List[I_OnRawSocketRead] = List[I_OnRawSocketWrite] = List[I_OnCleanup] = 1;
-               List[I_OnRequest] = List[I_OnSyncUserMetaData] = List[I_OnDecodeMetaData] = List[I_OnUnloadModule] = List[I_OnRehash] = List[I_OnWhois] = List[I_OnPostConnect] = 1;
+               List[I_OnBufferFlushed] = List[I_OnRequest] = List[I_OnSyncUserMetaData] = List[I_OnDecodeMetaData] = List[I_OnUnloadModule] = List[I_OnRehash] = List[I_OnWhois] = List[I_OnPostConnect] = 1;
        }
 
        virtual void On005Numeric(std::string &output)
@@ -430,6 +432,7 @@ class ModuleSSLGnuTLS : public Module
                else if (session->status == ISSL_HANDSHAKING_WRITE)
                {
                        errno = EAGAIN;
+                       MakePollWrite(session);
                        return -1;
                }
 
@@ -498,14 +501,12 @@ class ModuleSSLGnuTLS : public Module
 
        virtual int OnRawSocketWrite(int fd, const char* buffer, int count)
        {
-               if (!count)
-                       return 0;
-
                issl_session* session = &sessions[fd];
                const char* sendbuffer = buffer;
 
                if (!session->sess)
                {
+                       ServerInstance->Log(DEBUG,"No session");
                        CloseSession(session);
                        return 1;
                }
@@ -514,9 +515,10 @@ class ModuleSSLGnuTLS : public Module
                sendbuffer = session->outbuf.c_str();
                count = session->outbuf.size();
 
-               if(session->status == ISSL_HANDSHAKING_WRITE)
+               if (session->status == ISSL_HANDSHAKING_WRITE)
                {
                        // The handshake isn't finished, try to finish it.
+                       ServerInstance->Log(DEBUG,"Finishing handshake");
                        Handshake(session);
                        errno = EAGAIN;
                        return -1;
@@ -524,11 +526,13 @@ class ModuleSSLGnuTLS : public Module
 
                int ret = 0;
 
-               if(session->status == ISSL_HANDSHAKEN)
+               if (session->status == ISSL_HANDSHAKEN)
                {
+                       ServerInstance->Log(DEBUG,"Send record");
                        ret = gnutls_record_send(session->sess, sendbuffer, count);
+                       ServerInstance->Log(DEBUG,"Return: %d", ret);
 
-                       if(ret == 0)
+                       if (ret == 0)
                        {
                                CloseSession(session);
                        }
@@ -536,20 +540,24 @@ class ModuleSSLGnuTLS : public Module
                        {
                                if(ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED)
                                {
+                                       ServerInstance->Log(DEBUG,"Not egain or interrupt, close session");
                                        CloseSession(session);
                                }
                                else
                                {
+                                       ServerInstance->Log(DEBUG,"Again please");
                                        errno = EAGAIN;
-                                       return -1;
                                }
                        }
                        else
                        {
+                               ServerInstance->Log(DEBUG,"Trim buffer");
                                session->outbuf = session->outbuf.substr(ret);
                        }
                }
 
+               MakePollWrite(session);
+
                /* Who's smart idea was it to return 1 when we havent written anything?
                 * This fucks the buffer up in InspSocket :p
                 */
@@ -679,7 +687,22 @@ class ModuleSSLGnuTLS : public Module
 
        void MakePollWrite(issl_session* session)
        {
-               OnRawSocketWrite(session->fd, NULL, 0);
+               //OnRawSocketWrite(session->fd, NULL, 0);
+               EventHandler* eh = ServerInstance->FindDescriptor(session->fd);
+               if (eh)
+                       ServerInstance->SE->WantWrite(eh);
+               ServerInstance->Log(DEBUG, "Want write set");
+       }
+
+       virtual void OnBufferFlushed(userrec* user)
+       {
+               if (user->GetExt("ssl"))
+               {
+                       ServerInstance->Log(DEBUG,"OnBufferFlushed for ssl user");
+                       issl_session* session = &sessions[user->GetFd()];
+                       if (session && session->outbuf.size())
+                               OnRawSocketWrite(user->GetFd(), NULL, 0);
+               }
        }
 
        void CloseSession(issl_session* session)
@@ -831,4 +854,3 @@ class ModuleSSLGnuTLS : public Module
 };
 
 MODULE_INIT(ModuleSSLGnuTLS);
-