X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_gnutls.cpp;h=1e6208b660e96ab38977a8d624c5ec9bcf761071;hb=59bd18f2a0b43b71ee32124add9d40d1d3a54919;hp=ad14da7558bad98656851b2e4500718d5ceb8ec6;hpb=fa9eea07bbde561237e6761d613fcbad73dc4b43;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index ad14da755..1e6208b66 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -1,3 +1,16 @@
+/*       +------------------------------------+
+ *       | Inspire Internet Relay Chat Daemon |
+ *       +------------------------------------+
+ *
+ *  InspIRCd: (C) 2002-2007 InspIRCd Development Team
+ * See: http://www.inspircd.org/wiki/index.php/Credits
+ *
+ * This program is free but copyrighted software; see
+ *            the file COPYING for details.
+ *
+ * ---------------------------------------------------
+ */
+
 #include <string>
 #include <vector>
 
@@ -14,12 +27,12 @@
 #include "hashcomp.h"
 #include "inspircd.h"
 
-#include "ssl_cert.h"
+#include "transport.h"
 
 /* $ModDesc: Provides SSL support for clients */
 /* $CompileFlags: `libgnutls-config --cflags` */
-/* $LinkerFlags: `libgnutls-config --libs` `perl ../gnutls_rpath.pl` */
-
+/* $LinkerFlags: `perl extra/gnutls_rpath.pl` */
+/* $ModDep: transport.h */
 
 
 enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED };
@@ -77,6 +90,8 @@ class ModuleSSLGnuTLS : public Module
 		
 
 		culllist = new CullList(ServerInstance);
+
+		ServerInstance->PublishInterface("InspSocketHook", this);
 		
 		// Not rehashable...because I cba to reduce all the sizes of existing buffers.
 		inbufsize = ServerInstance->Config->NetBufferSize;
@@ -252,10 +267,52 @@ class ModuleSSLGnuTLS : public Module
 
 	void Implements(char* List)
 	{
-		List[I_OnRawSocketAccept] = List[I_OnRawSocketClose] = List[I_OnRawSocketRead] = List[I_OnRawSocketWrite] = List[I_OnCleanup] = 1;
-		List[I_OnSyncUserMetaData] = List[I_OnDecodeMetaData] = List[I_OnUnloadModule] = List[I_OnRehash] = List[I_OnWhois] = List[I_OnPostConnect] = 1;
+		List[I_OnRawSocketConnect] = List[I_OnRawSocketAccept] = List[I_OnRawSocketClose] = List[I_OnRawSocketRead] = List[I_OnRawSocketWrite] = List[I_OnCleanup] = 1;
+		List[I_OnRequest] = List[I_OnSyncUserMetaData] = List[I_OnDecodeMetaData] = List[I_OnUnloadModule] = List[I_OnRehash] = List[I_OnWhois] = List[I_OnPostConnect] = 1;
+	}
+
+        virtual char* OnRequest(Request* request)
+	{
+		ISHRequest* ISR = (ISHRequest*)request;
+		if (strcmp("IS_NAME", request->GetId()) == 0)
+		{
+			return "gnutls";
+		}
+		else if (strcmp("IS_HOOK", request->GetId()) == 0)
+		{
+			char* ret = "OK";
+			try
+			{
+				ret = ServerInstance->Config->AddIOHook((Module*)this, (InspSocket*)ISR->Sock) ? (char*)"OK" : NULL;
+			}
+			catch (ModuleException &e)
+			{
+				return NULL;
+			}
+			return ret;
+		}
+		else if (strcmp("IS_UNHOOK", request->GetId()) == 0)
+		{
+			return ServerInstance->Config->DelIOHook((InspSocket*)ISR->Sock) ? (char*)"OK" : NULL;
+		}
+		else if (strcmp("IS_HSDONE", request->GetId()) == 0)
+		{
+			issl_session* session = &sessions[ISR->Sock->GetFd()];
+			return (session->status == ISSL_HANDSHAKING_READ || session->status == ISSL_HANDSHAKING_WRITE) ? NULL : (char*)"OK";
+		}
+		else if (strcmp("IS_ATTACH", request->GetId()) == 0)
+		{
+			issl_session* session = &sessions[ISR->Sock->GetFd()];
+			if (session)
+			{
+				VerifyCertificate(session, (InspSocket*)ISR->Sock);
+				return "OK";
+			}
+		}
+		return NULL;
 	}
 
+
 	virtual void OnRawSocketAccept(int fd, const std::string &ip, int localport)
 	{
 		issl_session* session = &sessions[fd];
@@ -284,6 +341,25 @@ class ModuleSSLGnuTLS : public Module
 		Handshake(session);
 	}
 
+	virtual void OnRawSocketConnect(int fd)
+	{
+		issl_session* session = &sessions[fd];
+
+		session->fd = fd;
+		session->inbuf = new char[inbufsize];
+		session->inbufoffset = 0;
+
+		gnutls_init(&session->sess, GNUTLS_SERVER);
+
+		gnutls_set_default_priority(session->sess); // Avoid calling all the priority functions, defaults are adequate.
+		gnutls_credentials_set(session->sess, GNUTLS_CRD_CERTIFICATE, x509_cred);
+		gnutls_dh_set_prime_bits(session->sess, dh_bits);
+
+		gnutls_transport_set_ptr(session->sess, (gnutls_transport_ptr_t) fd); // Give gnutls the fd for the socket.
+
+		Handshake(session);
+	}
+
 	virtual void OnRawSocketClose(int fd)
 	{
 		ServerInstance->Log(DEBUG, "OnRawSocketClose: %d", fd);
@@ -405,7 +481,10 @@ class ModuleSSLGnuTLS : public Module
 	}
 	
 	virtual int OnRawSocketWrite(int fd, const char* buffer, int count)
-	{		
+	{
+		if (!count)
+			return 0;
+
 		issl_session* session = &sessions[fd];
 		const char* sendbuffer = buffer;
 
@@ -614,7 +693,7 @@ class ModuleSSLGnuTLS : public Module
 		session->status = ISSL_NONE;
 	}
 
-	void VerifyCertificate(issl_session* session, userrec* user)
+	void VerifyCertificate(issl_session* session, Extensible* user)
 	{
 		unsigned int status;
 		const gnutls_datum_t* cert_list;
@@ -724,7 +803,6 @@ class ModuleSSLGnuTLS : public Module
 		else
 		{
 			certinfo->data.insert(std::make_pair("fingerprint",irc::hex(digest, digest_size)));
-			user->WriteServ("NOTICE %s :*** Your SSL Certificate fingerprint is: %s", user->nick, irc::hex(digest, digest_size).c_str());
 		}
 
 		/* Beware here we do not check for errors.