* See: http://www.inspircd.org/wiki/index.php/Credits
*
* This program is free but copyrighted software; see
- * the file COPYING for details.
+ * the file COPYING for details.
*
* ---------------------------------------------------
*/
#include "socket.h"
#include "hashcomp.h"
#include "transport.h"
+#include "m_cap.h"
#ifdef WINDOWS
#pragma comment(lib, "libgnutls-13.lib")
int fd;
};
+class CommandStartTLS : public Command
+{
+ Module* Caller;
+ public:
+ /* Command 'dalinfo', takes no parameters and needs no special modes */
+ CommandStartTLS (InspIRCd* Instance, Module* mod) : Command(Instance,"STARTTLS", 0, 0, true), Caller(mod)
+ {
+ this->source = "m_ssl_gnutls.so";
+ }
+
+ CmdResult Handle (const char* const* parameters, int pcnt, User *user)
+ {
+ if (!user->GetExt("tls"))
+ return CMD_FAILURE;
+
+ user->io = Caller;
+ Caller->OnRawSocketAccept(user->GetFd(), user->GetIPString(), ServerInstance->Config->ports[i]->GetPort());
+
+ return CMD_FAILURE;
+ }
+};
+
class ModuleSSLGnuTLS : public Module
{
int clientactive;
+ CommandStartTLS* starttls;
+
public:
ModuleSSLGnuTLS(InspIRCd* Me)
gnutls_global_init(); // This must be called once in the program
if(gnutls_certificate_allocate_credentials(&x509_cred) != 0)
- ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to allocate certificate credentials");
+ ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to allocate certificate credentials");
// Guessing return meaning
if(gnutls_dh_params_init(&dh_params) < 0)
- ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters");
+ ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters");
// Needs the flag as it ignores a plain /rehash
OnRehash(NULL,"ssl");
// Void return, guess we assume success
gnutls_certificate_set_dh_params(x509_cred, dh_params);
Implementation eventlist[] = { I_On005Numeric, I_OnRawSocketConnect, I_OnRawSocketAccept, I_OnRawSocketClose, I_OnRawSocketRead, I_OnRawSocketWrite, I_OnCleanup,
- I_OnBufferFlushed, I_OnRequest, I_OnSyncUserMetaData, I_OnDecodeMetaData, I_OnUnloadModule, I_OnRehash, I_OnWhois, I_OnPostConnect };
- ServerInstance->Modules->Attach(eventlist, this, 15);
+ I_OnBufferFlushed, I_OnRequest, I_OnSyncUserMetaData, I_OnDecodeMetaData, I_OnUnloadModule, I_OnRehash, I_OnWhois, I_OnPostConnect, I_OnEvent, I_OnHookUserIO };
+ ServerInstance->Modules->Attach(eventlist, this, 17);
+
+ starttls = new CommandStartTLS(ServerInstance, this);
+ ServerInstance->AddCommand(starttls);
}
virtual void OnRehash(User* user, const std::string ¶m)
clientactive = 0;
sslports.clear();
- for(int i = 0; i < Conf->Enumerate("bind"); i++)
+ for(int index = 0; index < Conf->Enumerate("bind"); index++)
{
// For each <bind> tag
- std::string x = Conf->ReadValue("bind", "type", i);
- if(((x.empty()) || (x == "clients")) && (Conf->ReadValue("bind", "ssl", i) == "gnutls"))
+ std::string x = Conf->ReadValue("bind", "type", index);
+ if(((x.empty()) || (x == "clients")) && (Conf->ReadValue("bind", "ssl", index) == "gnutls"))
{
// Get the port we're meant to be listening on with SSL
- std::string port = Conf->ReadValue("bind", "port", i);
+ std::string port = Conf->ReadValue("bind", "port", index);
irc::portparser portrange(port, false);
long portno = -1;
while ((portno = portrange.GetToken()))
for (size_t i = 0; i < ServerInstance->Config->ports.size(); i++)
if (ServerInstance->Config->ports[i]->GetPort() == portno)
ServerInstance->Config->ports[i]->SetDescription("ssl");
- ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Enabling SSL for port %d", portno);
+ ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Enabling SSL for port %d", portno);
sslports.append("*:").append(ConvToStr(portno)).append(";");
}
else
{
- ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: FAILED to enable SSL on port %d, maybe you have another ssl or similar module loaded?", portno);
+ ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: FAILED to enable SSL on port %d, maybe you have another ssl or similar module loaded?", portno);
}
}
catch (ModuleException &e)
{
- ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: FAILED to enable SSL on port %d: %s. Maybe it's already hooked by the same port on a different IP, or you have an other SSL or similar module loaded?", portno, e.GetReason());
+ ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: FAILED to enable SSL on port %d: %s. Maybe it's already hooked by the same port on a different IP, or you have an other SSL or similar module loaded?", portno, e.GetReason());
}
}
}
int ret;
if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
- ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 trust file '%s': %s", cafile.c_str(), gnutls_strerror(ret));
+ ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 trust file '%s': %s", cafile.c_str(), gnutls_strerror(ret));
if((ret = gnutls_certificate_set_x509_crl_file (x509_cred, crlfile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
- ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 CRL file '%s': %s", crlfile.c_str(), gnutls_strerror(ret));
+ ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 CRL file '%s': %s", crlfile.c_str(), gnutls_strerror(ret));
if((ret = gnutls_certificate_set_x509_key_file (x509_cred, certfile.c_str(), keyfile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
{
int ret;
if((ret = gnutls_dh_params_generate2(dh_params, dh_bits)) < 0)
- ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to generate DH parameters (%d bits): %s", dh_bits, gnutls_strerror(ret));
+ ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to generate DH parameters (%d bits): %s", dh_bits, gnutls_strerror(ret));
}
virtual ~ModuleSSLGnuTLS()
delete tofree;
user->Shrink("ssl_cert");
}
+
+ user->io = NULL;
}
}
virtual Version GetVersion()
{
- return Version(1, 1, 0, 0, VF_VENDOR, API_VERSION);
+ return Version(1, 2, 0, 0, VF_VENDOR, API_VERSION);
}
output.append(" SSL=" + sslports);
}
- virtual char* OnRequest(Request* request)
+ virtual void OnHookUserIO(User* user)
+ {
+ if (!user->io && isin(user->GetPort(), listenports))
+ {
+ /* Hook the user with our module */
+ user->io = this;
+ }
+ }
+
+ virtual const char* OnRequest(Request* request)
{
ISHRequest* ISR = (ISHRequest*)request;
if (strcmp("IS_NAME", request->GetId()) == 0)
}
else if (strcmp("IS_HOOK", request->GetId()) == 0)
{
- char* ret = "OK";
+ const char* ret = "OK";
try
{
- ret = ServerInstance->Config->AddIOHook((Module*)this, (BufferedSocket*)ISR->Sock) ? (char*)"OK" : NULL;
+ ret = ServerInstance->Config->AddIOHook((Module*)this, (BufferedSocket*)ISR->Sock) ? "OK" : NULL;
}
catch (ModuleException &e)
{
}
else if (strcmp("IS_UNHOOK", request->GetId()) == 0)
{
- return ServerInstance->Config->DelIOHook((BufferedSocket*)ISR->Sock) ? (char*)"OK" : NULL;
+ return ServerInstance->Config->DelIOHook((BufferedSocket*)ISR->Sock) ? "OK" : NULL;
}
else if (strcmp("IS_HSDONE", request->GetId()) == 0)
{
if (ISR->Sock->GetFd() < 0)
- return (char*)"OK";
+ return "OK";
issl_session* session = &sessions[ISR->Sock->GetFd()];
- return (session->status == ISSL_HANDSHAKING_READ || session->status == ISSL_HANDSHAKING_WRITE) ? NULL : (char*)"OK";
+ return (session->status == ISSL_HANDSHAKING_READ || session->status == ISSL_HANDSHAKING_WRITE) ? NULL : "OK";
}
else if (strcmp("IS_ATTACH", request->GetId()) == 0)
{
return;
}
+ void OnEvent(Event* ev)
+ {
+ GenericCapHandler(ev, "tls", "tls");
+ }
+
};
MODULE_INIT(ModuleSSLGnuTLS)