X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_gnutls.cpp;h=e02c4a697d62407c9c20bbddacc7dede404d5002;hb=b4a174ee9c32d62ea6bf010e837e8c5b1c3d36a3;hp=2d278c967b8b03d3cf605567a424c5c112706125;hpb=91e0af0fc4889f20d2f63426f8fe379674fc0393;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 2d278c967..e02c4a697 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -1,11 +1,21 @@ /* * InspIRCd -- Internet Relay Chat Daemon * + * Copyright (C) 2020 Matt Schatz + * Copyright (C) 2019 linuxdaemon + * Copyright (C) 2013-2014, 2016-2021 Sadie Powell + * Copyright (C) 2013 Daniel Vassdal + * Copyright (C) 2012-2017 Attila Molnar + * Copyright (C) 2012-2013, 2016 Adam + * Copyright (C) 2012 Robby + * Copyright (C) 2012 ChrisTX * Copyright (C) 2009-2010 Daniel De Graaf - * Copyright (C) 2008 John Brooks - * Copyright (C) 2006-2008 Craig Edwards + * Copyright (C) 2009 Uli Schlachter + * Copyright (C) 2008 Robin Burchell + * Copyright (C) 2008 John Brooks + * Copyright (C) 2007-2008, 2010 Craig Edwards * Copyright (C) 2007 Dennis Friis - * Copyright (C) 2006 Oliver Lupton + * Copyright (C) 2006 Oliver Lupton * * This file is part of InspIRCd. InspIRCd is free software: you can * redistribute it and/or modify it under the terms of the GNU General Public @@ -26,31 +36,41 @@ /// $LinkerFlags: find_linker_flags("gnutls" "-lgnutls") /// $LinkerFlags: require_version("gnutls" "1.0" "2.12") execute("libgcrypt-config --libs" "LIBGCRYPT_LDFLAGS") +/// $PackageInfo: require_system("arch") gnutls pkgconf /// $PackageInfo: require_system("centos") gnutls-devel pkgconfig /// $PackageInfo: require_system("darwin") gnutls pkg-config -/// $PackageInfo: require_system("debian" "1.0" "7.99") libgcrypt11-dev /// $PackageInfo: require_system("debian") gnutls-bin libgnutls28-dev pkg-config -/// $PackageInfo: require_system("ubuntu" "1.0" "13.10") libgcrypt11-dev /// $PackageInfo: require_system("ubuntu") gnutls-bin libgnutls-dev pkg-config #include "inspircd.h" #include "modules/ssl.h" #include +#ifdef __GNUC__ +# pragma GCC diagnostic push +#endif + // Fix warnings about the use of commas at end of enumerator lists on C++03. #if defined __clang__ # pragma clang diagnostic ignored "-Wc++11-extensions" #elif defined __GNUC__ -# if __GNUC__ < 6 -# pragma GCC diagnostic ignored "-pedantic" +# if (__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ >= 8)) +# pragma GCC diagnostic ignored "-Wpedantic" # else -# pragma GCC diagnostic ignored "-Wdeprecated-declarations" +# pragma GCC diagnostic ignored "-pedantic" # endif #endif #include #include +#ifdef __GNUC__ +# pragma GCC diagnostic pop +#endif + +// Fix warnings about using std::auto_ptr on C++11 or newer. +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + #ifndef GNUTLS_VERSION_NUMBER #define GNUTLS_VERSION_NUMBER LIBGNUTLS_VERSION_NUMBER #define GNUTLS_VERSION LIBGNUTLS_VERSION @@ -79,11 +99,6 @@ #define GNUTLS_NEW_PRIO_API #endif -#if (!INSPIRCD_GNUTLS_HAS_VERSION(2, 0, 0)) -typedef gnutls_certificate_credentials_t gnutls_certificate_credentials; -typedef gnutls_dh_params_t gnutls_dh_params; -#endif - enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_HANDSHAKEN }; #if INSPIRCD_GNUTLS_HAS_VERSION(2, 12, 0) @@ -112,10 +127,10 @@ typedef gnutls_connection_end_t inspircd_gnutls_session_init_flags_t; static Module* thismod; -class RandGen : public HandlerBase2 +class RandGen { public: - void Call(char* buffer, size_t len) CXX11_OVERRIDE + static void Call(char* buffer, size_t len) { #ifdef GNUTLS_HAS_RND gnutls_rnd(GNUTLS_RND_RANDOM, buffer, len); @@ -189,14 +204,12 @@ namespace GnuTLS throw Exception("Unknown hash type " + hashname); gnutls_hash_deinit(is_digest, NULL); #else - if (hashname == "md5") + if (stdalgo::string::equalsci(hashname, "md5")) hash = GNUTLS_DIG_MD5; - else if (hashname == "sha1") + else if (stdalgo::string::equalsci(hashname, "sha1")) hash = GNUTLS_DIG_SHA1; -#ifdef INSPIRCD_GNUTLS_ENABLE_SHA256_FINGERPRINT - else if (hashname == "sha256") + else if (stdalgo::string::equalsci(hashname, "sha256")) hash = GNUTLS_DIG_SHA256; -#endif else throw Exception("Unknown hash type " + hashname); #endif @@ -651,12 +664,12 @@ namespace GnuTLS Config(const std::string& profilename, ConfigTag* tag) : name(profilename) - , certstr(ReadFile(tag->getString("certfile", "cert.pem"))) - , keystr(ReadFile(tag->getString("keyfile", "key.pem"))) - , dh(DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem")))) + , certstr(ReadFile(tag->getString("certfile", "cert.pem", 1))) + , keystr(ReadFile(tag->getString("keyfile", "key.pem", 1))) + , dh(DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem", 1)))) , priostr(GetPrioStr(profilename, tag)) - , mindh(tag->getInt("mindhbits", 1024)) - , hashstr(tag->getString("hash", "md5")) + , mindh(tag->getUInt("mindhbits", 1024)) + , hashstr(tag->getString("hash", "md5", 1)) , requestclientcert(tag->getBool("requestclientcert", true)) { // Load trusted CA and revocation list, if set @@ -672,9 +685,9 @@ namespace GnuTLS #ifdef INSPIRCD_GNUTLS_HAS_CORK // If cork support is available outrecsize represents the (rough) max amount of data we give GnuTLS while corked - outrecsize = tag->getInt("outrecsize", 2048, 512); + outrecsize = tag->getUInt("outrecsize", 2048, 512); #else - outrecsize = tag->getInt("outrecsize", 2048, 512, 16384); + outrecsize = tag->getUInt("outrecsize", 2048, 512, 16384); #endif } }; @@ -894,7 +907,7 @@ info_done_dealloc: } CloseSession(); - sock->SetError("No SSL session"); + sock->SetError("No TLS (SSL) session"); return -1; } @@ -1230,13 +1243,13 @@ int GnuTLS::X509Credentials::cert_callback(gnutls_session_t sess, const gnutls_d return 0; } -class GnuTLSIOHookProvider : public IOHookProvider +class GnuTLSIOHookProvider : public SSLIOHookProvider { GnuTLS::Profile profile; public: - GnuTLSIOHookProvider(Module* mod, GnuTLS::Profile::Config& config) - : IOHookProvider(mod, "ssl/" + config.name, IOHookProvider::IOH_SSL) + GnuTLSIOHookProvider(Module* mod, GnuTLS::Profile::Config& config) + : SSLIOHookProvider(mod, config.name) , profile(config) { ServerInstance->Modules->AddService(*this); @@ -1272,14 +1285,13 @@ class ModuleSSLGnuTLS : public Module // First member of the class, gets constructed first and destructed last GnuTLS::Init libinit; - RandGen randhandler; ProfileList profiles; void ReadProfiles() { // First, store all profiles in a new, temporary container. If no problems occur, swap the two // containers; this way if something goes wrong we can go back and continue using the current profiles, - // avoiding unpleasant situations where no new SSL connections are possible. + // avoiding unpleasant situations where no new TLS (SSL) connections are possible. ProfileList newprofiles; ConfigTagList tags = ServerInstance->Config->ConfTags("sslprofile"); @@ -1288,7 +1300,7 @@ class ModuleSSLGnuTLS : public Module // No tags found, create a profile named "gnutls" from settings in the block const std::string defname = "gnutls"; ConfigTag* tag = ServerInstance->Config->ConfValue(defname); - ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "No tags found; using settings from the tag"); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "No tags found; using settings from the deprecated tag"); try { @@ -1297,35 +1309,41 @@ class ModuleSSLGnuTLS : public Module } catch (CoreException& ex) { - throw ModuleException("Error while initializing the default SSL profile - " + ex.GetReason()); + throw ModuleException("Error while initializing the default TLS (SSL) profile - " + ex.GetReason()); } } - - for (ConfigIter i = tags.first; i != tags.second; ++i) + else { - ConfigTag* tag = i->second; - if (tag->getString("provider") != "gnutls") - continue; - - std::string name = tag->getString("name"); - if (name.empty()) + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "You have defined an tag; you should use this in place of \"gnutls\" when configuring TLS (SSL) connections in or "); + for (ConfigIter i = tags.first; i != tags.second; ++i) { - ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Ignoring tag without name at " + tag->getTagLocation()); - continue; - } + ConfigTag* tag = i->second; + if (!stdalgo::string::equalsci(tag->getString("provider"), "gnutls")) + { + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Ignoring non-GnuTLS tag at " + tag->getTagLocation()); + continue; + } - reference prov; - try - { - GnuTLS::Profile::Config profileconfig(name, tag); - prov = new GnuTLSIOHookProvider(this, profileconfig); - } - catch (CoreException& ex) - { - throw ModuleException("Error while initializing SSL profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason()); - } + std::string name = tag->getString("name"); + if (name.empty()) + { + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Ignoring tag without name at " + tag->getTagLocation()); + continue; + } - newprofiles.push_back(prov); + reference prov; + try + { + GnuTLS::Profile::Config profileconfig(name, tag); + prov = new GnuTLSIOHookProvider(this, profileconfig); + } + catch (CoreException& ex) + { + throw ModuleException("Error while initializing TLS (SSL) profile \"" + name + "\" at " + tag->getTagLocation() + " - " + ex.GetReason()); + } + + newprofiles.push_back(prov); + } } // New profiles are ok, begin using them @@ -1352,17 +1370,18 @@ class ModuleSSLGnuTLS : public Module { ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "GnuTLS lib version %s module was compiled for " GNUTLS_VERSION, gnutls_check_version(NULL)); ReadProfiles(); - ServerInstance->GenRandom = &randhandler; + ServerInstance->GenRandom = RandGen::Call; } void OnModuleRehash(User* user, const std::string ¶m) CXX11_OVERRIDE { - if(param != "ssl") + if (!irc::equals(param, "tls") && !irc::equals(param, "ssl")) return; try { ReadProfiles(); + ServerInstance->SNO->WriteToSnoMask('a', "GnuTLS TLS (SSL) profiles have been reloaded."); } catch (ModuleException& ex) { @@ -1372,7 +1391,7 @@ class ModuleSSLGnuTLS : public Module ~ModuleSSLGnuTLS() { - ServerInstance->GenRandom = &ServerInstance->HandleGenRandom; + ServerInstance->GenRandom = &InspIRCd::DefaultGenRandom; } void OnCleanup(ExtensionItem::ExtensibleType type, Extensible* item) CXX11_OVERRIDE @@ -1383,16 +1402,16 @@ class ModuleSSLGnuTLS : public Module if ((user) && (user->eh.GetModHook(this))) { - // User is using SSL, they're a local user, and they're using one of *our* SSL ports. - // Potentially there could be multiple SSL modules loaded at once on different ports. - ServerInstance->Users->QuitUser(user, "SSL module unloading"); + // User is using TLS (SSL), they're a local user, and they're using one of *our* TLS (SSL) ports. + // Potentially there could be multiple TLS (SSL) modules loaded at once on different ports. + ServerInstance->Users->QuitUser(user, "GnuTLS module unloading"); } } } Version GetVersion() CXX11_OVERRIDE { - return Version("Provides SSL support for clients", VF_VENDOR); + return Version("Allows TLS (SSL) encrypted connections using the GnuTLS library.", VF_VENDOR); } ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE