1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-03 14:33:13 +02:00

+- Added ssl-pubkey auth method (parameter = pem file for public key)

This commit is contained in:
stskeeps
2001-12-02 14:39:59 +00:00
parent 6d9cef9f03
commit 528d82b219
3 changed files with 55 additions and 6 deletions
+1
View File
@@ -959,3 +959,4 @@ seen. gmtime warning still there
makefile.win32?. If SSL is enabled, we can use MD5, SHA1, and crypt()
even on win32
- Added ssl.c and cidr.c to the win32 makefile
- Added ssl-pubkey auth method (parameter = pem file for public key)
+6 -5
View File
@@ -24,15 +24,16 @@ typedef struct {
short type;
} anAuthStruct;
#define AUTHTYPE_PLAINTEXT 0
#define AUTHTYPE_UNIXCRYPT 1
#define AUTHTYPE_MD5 2
#define AUTHTYPE_SHA1 3
#define AUTHTYPE_PLAINTEXT 0
#define AUTHTYPE_UNIXCRYPT 1
#define AUTHTYPE_MD5 2
#define AUTHTYPE_SHA1 3
#define AUTHTYPE_SSL_PUBKEY 4
#ifdef USE_SSL
#define AUTHENABLE_MD5
#define AUTHENABLE_SHA1
#define AUTHENABLE_SSL_PUBKEY
/* OpenSSL provides a crypt() */
#ifndef AUTHENABLE_UNIXCRYPT
#define AUTHENABLE_UNIXCRYPT
+48 -1
View File
@@ -51,6 +51,9 @@ anAuthStruct AuthTypes[] = {
#endif
#ifdef AUTHENABLE_SHA1
{"sha1", AUTHTYPE_SHA1},
#endif
#ifdef AUTHENABLE_SSL_PUBKEY
{"sslpubkey", AUTHTYPE_SSL_PUBKEY},
#endif
{NULL, 0}
};
@@ -144,6 +147,12 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para)
#endif
#ifdef AUTHENABLE_SHA1
SHA_CTX sha1_ctx;
#endif
#ifdef AUTHENABLE_SSL_PUBKEY
EVP_PKEY *evp_pkey = NULL;
EVP_PKEY *evp_pkeyfile = NULL;
X509 *x509_client = NULL;
FILE *key_file = NULL;
#endif
int i = 0; /* We can always use this .. */
@@ -211,7 +220,45 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para)
return -1;
break;
#endif
#ifdef AUTHENABLE_SSL_PUBKEY
case AUTHTYPE_SSL_PUBKEY:
if (!para)
return -1;
if (!cptr->ssl)
return -1;
x509_client = SSL_get_peer_certificate(cptr->ssl);
if (!x509_client)
return -1;
evp_pkey = X509_get_pubkey(x509_client);
if (!(key_file = fopen(para, "r")))
{
EVP_PKEY_free(evp_pkey);
X509_free(x509_client);
return -1;
}
evp_pkeyfile = PEM_read_PUBKEY(key_file, NULL,
NULL, NULL);
if (!evp_pkeyfile)
{
fclose(key_file);
EVP_PKEY_free(evp_pkey);
X509_free(x509_client);
return -1;
}
if (!(EVP_PKEY_cmp_parameters(evp_pkeyfile, evp_pkey))
{
fclose(key_file);
EVP_PKEY_free(evp_pkey);
EVP_PKEY_free(evp_pkeyfile);
X509_free(x509_client);
return -1;
}
fclose(key_file);
EVP_PKEY_free(evp_pkey);
EVP_PKEY_free(evp_pkeyfile);
X509_free(x509_client);
return 2;
#endif
}
}