mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-03 14:33:13 +02:00
+- Added ssl-pubkey auth method (parameter = pem file for public key)
This commit is contained in:
@@ -959,3 +959,4 @@ seen. gmtime warning still there
|
||||
makefile.win32?. If SSL is enabled, we can use MD5, SHA1, and crypt()
|
||||
even on win32
|
||||
- Added ssl.c and cidr.c to the win32 makefile
|
||||
- Added ssl-pubkey auth method (parameter = pem file for public key)
|
||||
|
||||
+6
-5
@@ -24,15 +24,16 @@ typedef struct {
|
||||
short type;
|
||||
} anAuthStruct;
|
||||
|
||||
#define AUTHTYPE_PLAINTEXT 0
|
||||
#define AUTHTYPE_UNIXCRYPT 1
|
||||
#define AUTHTYPE_MD5 2
|
||||
#define AUTHTYPE_SHA1 3
|
||||
|
||||
#define AUTHTYPE_PLAINTEXT 0
|
||||
#define AUTHTYPE_UNIXCRYPT 1
|
||||
#define AUTHTYPE_MD5 2
|
||||
#define AUTHTYPE_SHA1 3
|
||||
#define AUTHTYPE_SSL_PUBKEY 4
|
||||
|
||||
#ifdef USE_SSL
|
||||
#define AUTHENABLE_MD5
|
||||
#define AUTHENABLE_SHA1
|
||||
#define AUTHENABLE_SSL_PUBKEY
|
||||
/* OpenSSL provides a crypt() */
|
||||
#ifndef AUTHENABLE_UNIXCRYPT
|
||||
#define AUTHENABLE_UNIXCRYPT
|
||||
|
||||
+48
-1
@@ -51,6 +51,9 @@ anAuthStruct AuthTypes[] = {
|
||||
#endif
|
||||
#ifdef AUTHENABLE_SHA1
|
||||
{"sha1", AUTHTYPE_SHA1},
|
||||
#endif
|
||||
#ifdef AUTHENABLE_SSL_PUBKEY
|
||||
{"sslpubkey", AUTHTYPE_SSL_PUBKEY},
|
||||
#endif
|
||||
{NULL, 0}
|
||||
};
|
||||
@@ -144,6 +147,12 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para)
|
||||
#endif
|
||||
#ifdef AUTHENABLE_SHA1
|
||||
SHA_CTX sha1_ctx;
|
||||
#endif
|
||||
#ifdef AUTHENABLE_SSL_PUBKEY
|
||||
EVP_PKEY *evp_pkey = NULL;
|
||||
EVP_PKEY *evp_pkeyfile = NULL;
|
||||
X509 *x509_client = NULL;
|
||||
FILE *key_file = NULL;
|
||||
#endif
|
||||
int i = 0; /* We can always use this .. */
|
||||
|
||||
@@ -211,7 +220,45 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para)
|
||||
return -1;
|
||||
break;
|
||||
#endif
|
||||
|
||||
#ifdef AUTHENABLE_SSL_PUBKEY
|
||||
case AUTHTYPE_SSL_PUBKEY:
|
||||
if (!para)
|
||||
return -1;
|
||||
if (!cptr->ssl)
|
||||
return -1;
|
||||
x509_client = SSL_get_peer_certificate(cptr->ssl);
|
||||
if (!x509_client)
|
||||
return -1;
|
||||
evp_pkey = X509_get_pubkey(x509_client);
|
||||
if (!(key_file = fopen(para, "r")))
|
||||
{
|
||||
EVP_PKEY_free(evp_pkey);
|
||||
X509_free(x509_client);
|
||||
return -1;
|
||||
}
|
||||
evp_pkeyfile = PEM_read_PUBKEY(key_file, NULL,
|
||||
NULL, NULL);
|
||||
if (!evp_pkeyfile)
|
||||
{
|
||||
fclose(key_file);
|
||||
EVP_PKEY_free(evp_pkey);
|
||||
X509_free(x509_client);
|
||||
return -1;
|
||||
}
|
||||
if (!(EVP_PKEY_cmp_parameters(evp_pkeyfile, evp_pkey))
|
||||
{
|
||||
fclose(key_file);
|
||||
EVP_PKEY_free(evp_pkey);
|
||||
EVP_PKEY_free(evp_pkeyfile);
|
||||
X509_free(x509_client);
|
||||
return -1;
|
||||
}
|
||||
fclose(key_file);
|
||||
EVP_PKEY_free(evp_pkey);
|
||||
EVP_PKEY_free(evp_pkeyfile);
|
||||
X509_free(x509_client);
|
||||
return 2;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user