mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-05 15:53:13 +02:00
SSL support for UnrealIRCD!
This commit is contained in:
+2
-3
@@ -15,9 +15,8 @@ Unreal3.1-Silverheart Release Notes
|
||||
Where 20 is the numeric. Numerics are 1-255, 0 means no numeric (bad),
|
||||
and no server must have same numeric
|
||||
|
||||
* We have introduced encrypted irc connections, and we will soon have a
|
||||
client out for it (this is not SSL). Stay tuned in #UnrealIRCd for more
|
||||
information
|
||||
* We have introduced encrypted irc connections, using SSL
|
||||
|
||||
|
||||
* NOTE, in #UnrealIRCD we don't help with Services etc.
|
||||
|
||||
|
||||
@@ -504,8 +504,8 @@ else
|
||||
echo 'not found (good!)'
|
||||
fi
|
||||
|
||||
echo $n "...Looking for /usr/include/openssl/blowfish.h...$c"
|
||||
if [ -r /usr/include/openssl/blowfish.h ] ; then
|
||||
echo $n "...Looking for /usr/include/openssl/ssl.h...$c"
|
||||
if [ -r /usr/include/openssl/ssl.h ] ; then
|
||||
OPENSSL=define
|
||||
echo 'found!'
|
||||
else
|
||||
@@ -793,28 +793,6 @@ else
|
||||
fi
|
||||
fi
|
||||
$RM -f $EXEC $TMP
|
||||
|
||||
echo $n "Do we have an broken /usr/include/string.h ... $c"
|
||||
cat > $TMP <<__EOF__
|
||||
#include <string.h>
|
||||
main()
|
||||
{
|
||||
char *s = "moocows";
|
||||
char *p = "moocows";
|
||||
|
||||
if (strcasecmp(s, p))
|
||||
exit(0);
|
||||
exit(0);
|
||||
}
|
||||
__EOF__
|
||||
$COMP >/dev/null 2>&1
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo " no$c"
|
||||
STRCASECMP=undef
|
||||
else
|
||||
echo "yes"
|
||||
STRCASECMP=define
|
||||
fi
|
||||
#
|
||||
# what do we need that isn't here already ?
|
||||
#
|
||||
@@ -1015,8 +993,25 @@ if [ $? -ne 0 ] ; then
|
||||
echo $n " inet_netof$c"
|
||||
NINETNETOF=define
|
||||
fi
|
||||
$RM -f $EXEC $TMP
|
||||
echo " "
|
||||
$RM -f $EXEC $TMP
|
||||
cat > $TMP << __EOF__
|
||||
#include <string.h>
|
||||
main()
|
||||
{
|
||||
strcasecmp("moo", "moo");
|
||||
}
|
||||
__EOF__
|
||||
$COMP
|
||||
# >/dev/null 2>&1
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo $n " strcasecmp $c "
|
||||
STRCASECMP=undef
|
||||
else
|
||||
STRCASECMP=define
|
||||
fi
|
||||
$RM -f $EXEC $TMP
|
||||
|
||||
#
|
||||
#
|
||||
#
|
||||
@@ -1096,7 +1091,7 @@ cat > $SETUP <<__EOF__
|
||||
#$NINETNETOF NEED_INET_NETOF
|
||||
#$GETTIMEOFDAY GETTIMEOFDAY
|
||||
#$LRAND48 LRAND48
|
||||
#$STRCASECMP GOT_STRCASECMP
|
||||
#$STRCASECMP GOT_STRCASECMP
|
||||
__EOF__
|
||||
if [ "$MALLOCH" = "undef" ] ; then
|
||||
echo "#undef MALLOCH" >> $SETUP
|
||||
@@ -1304,7 +1299,7 @@ while [ -z "$FOO" ] ; do
|
||||
FOO="No"
|
||||
fi
|
||||
echo ""
|
||||
echo "Do you want to support encrypted connections"
|
||||
echo "Do you want to support SSL (Secure Sockets Layer) connections"
|
||||
echo $n "[$FOO] -> $c"
|
||||
if [ -z "$AUTO_CONFIG" -o -n "$runonce" ] ; then
|
||||
read cc
|
||||
@@ -1318,7 +1313,7 @@ while [ -z "$FOO" ] ; do
|
||||
case "$cc" in
|
||||
[Yy]*)
|
||||
CRYPTOIRCD="1"
|
||||
CRYPTOLIB="-lcrypto"
|
||||
CRYPTOLIB="-lssl -lcrypto"
|
||||
;;
|
||||
[Nn]*)
|
||||
CRYPTOIRCD=""
|
||||
@@ -1779,9 +1774,9 @@ else
|
||||
echo "#undef CRYPT_OPER_PASSWORD" >> $OPTIONS_H
|
||||
fi
|
||||
if [ -n "$CRYPTOIRCD" ] ; then
|
||||
echo "#define CRYPTOIRCD 1" >> $OPTIONS_H
|
||||
echo "#define USE_SSL 1" >> $OPTIONS_H
|
||||
else
|
||||
echo "#undef CRYPTOIRCD" >> $OPTIONS_H
|
||||
echo "#undef USE_SSL" >> $OPTIONS_H
|
||||
fi
|
||||
if [ -n "$CRYPT_LINK_PASSWORD" ] ; then
|
||||
echo "#define CRYPT_LINK_PASSWORD 1" >> $OPTIONS_H
|
||||
@@ -1857,6 +1852,10 @@ if [ "$OSNAME" = "Linux (with GLIBC 2.x or greater)" ]; then
|
||||
echo ""
|
||||
fi
|
||||
|
||||
if [ -n "$CRYPTOIRCD" ] ; then
|
||||
make pem
|
||||
fi
|
||||
|
||||
cat << __EOF__
|
||||
|
||||
_____________________________________________________________________
|
||||
|
||||
@@ -210,3 +210,8 @@ depend:
|
||||
install: all
|
||||
@echo "Now install by hand; make install is broken."
|
||||
|
||||
pem: src/ssl.cnf
|
||||
/usr/local/ssl/bin/openssl req -new -x509 -days 365 -nodes \
|
||||
-config src/ssl.cnf -out server.pem -keyout server.pem
|
||||
/usr/local/ssl/bin/openssl x509 -subject -dates -fingerprint -noout \
|
||||
-in server.pem
|
||||
|
||||
@@ -52,3 +52,7 @@ Assigned to DrBin:
|
||||
* Make a is_chan_op, is_chanprot, is_chanowner all-in-one function
|
||||
* Split up Link (SLink)
|
||||
* Add Dlink (DSLink)
|
||||
|
||||
|
||||
|
||||
-----------------------------------------------------
|
||||
|
||||
+1
-1
@@ -422,7 +422,7 @@
|
||||
* Would you like all clients to see the progress of their connections?
|
||||
*/
|
||||
|
||||
#define SHOWCONNECTINFO
|
||||
#undef SHOWCONNECTINFO
|
||||
|
||||
/*
|
||||
* SOCKS proxy checker
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
/* Make these what you want for cert & key files */
|
||||
#define CERTF "server.pem"
|
||||
#define KEYF "server.pem"
|
||||
|
||||
|
||||
extern SSL_CTX * ctx;
|
||||
extern SSL_METHOD *meth;
|
||||
extern void init_ssl();
|
||||
extern int ssl_handshake(aClient *); /* Handshake the accpeted con.*/
|
||||
extern int ssl_client_handshake(aClient *); /* and the initiated con.*/
|
||||
+29
-5
@@ -49,7 +49,14 @@
|
||||
#ifdef CRYPTOIRCD
|
||||
#include <openssl/blowfish.h>
|
||||
#endif
|
||||
|
||||
#ifdef USE_SSL
|
||||
#include <openssl/rsa.h> /* SSL stuff */
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
typedef struct t_fline aFline;
|
||||
typedef struct t_crline aCRline;
|
||||
typedef struct t_vhline aVHline;
|
||||
@@ -217,9 +224,12 @@ typedef unsigned int u_int32_t; /* XXX Hope this works! */
|
||||
#ifdef CRYPTOIRCD
|
||||
#define FLAGS_SECURE 0x8000000
|
||||
#endif
|
||||
#ifdef USE_SSL
|
||||
#define FLAGS_SSL 0x10000000
|
||||
#define FLAGS_SSL_HSHAKE 0x20000000
|
||||
#endif
|
||||
|
||||
#define FLAGS_MAP 0x80000000 /* Show this entry in /map */
|
||||
|
||||
/* Dec 26th, 1997 - added flags2 when I ran out of room in flags -DuffJ */
|
||||
|
||||
/* Dec 26th, 1997 - having a go at
|
||||
@@ -250,7 +260,7 @@ typedef unsigned int u_int32_t; /* XXX Hope this works! */
|
||||
#define UMODE_WHOIS 0x100000 /* gets notice on /whois */
|
||||
#define UMODE_KIX 0x200000 /* usermode +q */
|
||||
#define UMODE_BOT 0x400000 /* User is a bot */
|
||||
#define UMODE_CODER 0x800000 /* User is a network coder */
|
||||
#define UMODE_SECURE 0x800000 /* User is a secure connect */
|
||||
#define UMODE_FCLIENT 0x1000000 /* recieve client on far connects.. */
|
||||
#define UMODE_HIDING 0x2000000 /* Totally invisible .. */
|
||||
#define UMODE_VICTIM 0x8000000 /* Intentional Victim */
|
||||
@@ -259,7 +269,7 @@ typedef unsigned int u_int32_t; /* XXX Hope this works! */
|
||||
#define UMODE_SETHOST 0x40000000 /* used sethost */
|
||||
#define UMODE_STRIPBADWORDS 0x80000000 /* */
|
||||
|
||||
#define SEND_UMODES (UMODE_INVISIBLE|UMODE_OPER|UMODE_WALLOP|UMODE_FAILOP|UMODE_HELPOP|UMODE_REGNICK|UMODE_SADMIN|UMODE_NETADMIN|UMODE_TECHADMIN|UMODE_COADMIN|UMODE_ADMIN|UMODE_SERVICES|UMODE_HIDE|UMODE_EYES|UMODE_WHOIS|UMODE_KIX|UMODE_BOT|UMODE_CODER|UMODE_FCLIENT|UMODE_HIDING|UMODE_DEAF|UMODE_VICTIM|UMODE_HIDEOPER|UMODE_SETHOST|UMODE_STRIPBADWORDS)
|
||||
#define SEND_UMODES (UMODE_INVISIBLE|UMODE_OPER|UMODE_WALLOP|UMODE_FAILOP|UMODE_HELPOP|UMODE_REGNICK|UMODE_SADMIN|UMODE_NETADMIN|UMODE_TECHADMIN|UMODE_COADMIN|UMODE_ADMIN|UMODE_SERVICES|UMODE_HIDE|UMODE_EYES|UMODE_WHOIS|UMODE_KIX|UMODE_BOT|UMODE_SECURE|UMODE_FCLIENT|UMODE_HIDING|UMODE_DEAF|UMODE_VICTIM|UMODE_HIDEOPER|UMODE_SETHOST|UMODE_STRIPBADWORDS)
|
||||
#define ALL_UMODES (SEND_UMODES|UMODE_SERVNOTICE|UMODE_LOCOP|UMODE_KILLS|UMODE_CLIENT|UMODE_FLOOD|UMODE_CHATOP|UMODE_SERVICES|UMODE_EYES)
|
||||
#define FLAGS_ID (FLAGS_DOID|FLAGS_GOTID)
|
||||
|
||||
@@ -329,8 +339,13 @@ typedef unsigned int u_int32_t; /* XXX Hope this works! */
|
||||
#define IsSecure(x) ((x)->flags & FLAGS_SECURE)
|
||||
#define SetSecure(x) ((x)->flags |= FLAGS_SECURE)
|
||||
#define ClearSecure(x) ((x)->flags &= ~FLAGS_SECURE)
|
||||
#else
|
||||
#ifdef USE_SSL
|
||||
#define IsSecure(x) ((x)->flags & FLAGS_SSL)
|
||||
#else
|
||||
#define IsSecure(x) (0)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
#define IsHybNotice(x) ((x)->flags & FLAGS_HYBNOTICE)
|
||||
#define SetHybNotice(x) ((x)->flags |= FLAGS_HYBNOTICE)
|
||||
@@ -792,6 +807,7 @@ struct t_vhline {
|
||||
#define LISTENER_REMOTEADMIN 0x000008
|
||||
#define LISTENER_JAVACLIENT 0x000010
|
||||
#define LISTENER_MASK 0x000020
|
||||
#define LISTENER_SSL 0x000040
|
||||
|
||||
struct Client {
|
||||
struct Client *next, *prev, *hnext;
|
||||
@@ -842,6 +858,10 @@ struct Client {
|
||||
#ifdef CRYPTOIRCD
|
||||
aCryptInfo *cryptinfo; /* crypt */
|
||||
#endif
|
||||
#ifdef USE_SSL
|
||||
struct SSL *ssl;
|
||||
struct X509 *client_cert;
|
||||
#endif
|
||||
#ifndef NO_FDLIST
|
||||
long lastrecvM; /* to check for activity --Mika */
|
||||
int priority;
|
||||
@@ -1073,6 +1093,7 @@ struct Channel {
|
||||
#endif
|
||||
#define MODE_NOCTCP 0x10000000
|
||||
#define MODE_AUDITORIUM 0x20000000
|
||||
#define MODE_ONLYSECURE 0x40000000
|
||||
|
||||
#define is_halfop is_half_op
|
||||
/*
|
||||
@@ -1164,5 +1185,8 @@ extern char *gnulicense[];
|
||||
|
||||
#define FLUSH_BUFFER -2
|
||||
#define COMMA ","
|
||||
#ifdef USE_SSL
|
||||
#include "ssl.h"
|
||||
#endif
|
||||
|
||||
#endif /* __struct_include__ */
|
||||
|
||||
+3
-1
@@ -53,7 +53,9 @@
|
||||
# include <string.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifdef SSL
|
||||
#include <openssl/ssl.h>
|
||||
#endif
|
||||
#ifndef GOT_STRCASECMP
|
||||
#define strcasecmp mycmp
|
||||
#define strncasecmp myncmp
|
||||
|
||||
@@ -8,7 +8,7 @@ Exp $
|
||||
#
|
||||
# change the filename to what network header file you use
|
||||
# relative to DPATH
|
||||
Include .................: networks/unreal-test.network
|
||||
Include .................: networks/roxnet.network
|
||||
|
||||
#
|
||||
# What K:Line address can K:lined users mail at?
|
||||
|
||||
+6
-2
@@ -27,7 +27,7 @@ OBJS=agent.o aln.o badwords.o bsd.o channel.o class.o cloak.o crule.o dbuf.o dyn
|
||||
fdlist.o hash.o help.o ircd.o ircsprintf.o list.o lusers.o \
|
||||
match.o packet.o parse.o $(REGEX) res.o $(RES) s_auth.o \
|
||||
s_bsd.o s_conf.o s_debug.o s_err.o s_extra.o s_kline.o \
|
||||
s_misc.o s_numeric.o s_serv.o s_socks.o $(STRTOUL) s_unreal.o \
|
||||
s_misc.o s_numeric.o s_serv.o s_socks.o $(STRTOUL) ssl.o s_unreal.o \
|
||||
s_user.o scache.o send.o support.o userload.o version.o webtv.o \
|
||||
whowas.o zip.o
|
||||
|
||||
@@ -59,7 +59,8 @@ version.o: version.c ../include/version.h
|
||||
$(CC) $(CFLAGS) -c version.c
|
||||
|
||||
ircd: $(OBJS)
|
||||
$(CC) $(CFLAGS) -o ircd $(OBJS) $(LDFLAGS) $(IRCDLIBS) $(CRYPTOLIB)
|
||||
# $(CC) $(CFLAGS) $(CRYPTOLIB) -o ircd $(OBJS) $(LDFLAGS) $(IRCDLIBS) -lssl
|
||||
$(CC) $(CFLAGS) -o ircd $(CRYPTOLIB) $(OBJS) $(LDFLAGS) $(IRCDLIBS) $(CRYPTOLIB)
|
||||
chmod $(IRCDMODE) ircd
|
||||
|
||||
chkconf: ../include/struct.h ../include/config.h ../include/settings.h ../include/sys.h \
|
||||
@@ -102,6 +103,9 @@ send.o: send.c $(INCLUDES)
|
||||
webtv.o: webtv.c $(INCLUDES)
|
||||
$(CC) $(CFLAGS) -c webtv.c
|
||||
|
||||
ssl.o: ssl.c $(INCLUDES)
|
||||
$(CC) $(CFLAGS) -c ssl.c
|
||||
|
||||
match.o: match.c $(INCLUDES)
|
||||
$(CC) $(CFLAGS) -c match.c
|
||||
|
||||
|
||||
@@ -118,10 +118,18 @@ int deliver_it(cptr, str, len)
|
||||
cptr->name, cptr->status, IsDead(cptr) ? "DEAD" : "", str);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef USE_SSL
|
||||
if (cptr->flags & FLAGS_SSL)
|
||||
retval = SSL_write((SSL *)cptr->ssl, str, len);
|
||||
else
|
||||
retval = send(cptr->fd, str, len, 0);
|
||||
#else
|
||||
#ifndef INET6
|
||||
retval = send(cptr->fd, str, len, 0);
|
||||
#else
|
||||
retval = sendto(cptr->fd, str, len, 0, 0, 0);
|
||||
#endif
|
||||
#endif
|
||||
/*
|
||||
** Convert WOULDBLOCK to a return of "0 bytes moved". This
|
||||
|
||||
+8
-1
@@ -148,6 +148,7 @@ aCtab cFlagTab[] = {
|
||||
#endif
|
||||
{MODE_NOCTCP, 'C', 0, 0}, /* no CTCPs */
|
||||
{MODE_AUDITORIUM, 'u', 0, 0},
|
||||
{MODE_ONLYSECURE, 'z', 0, 0},
|
||||
{0x0, 0x0, 0x0}
|
||||
};
|
||||
#endif
|
||||
@@ -1583,6 +1584,7 @@ int do_mode_char(chptr, modetype, modechar, param, what, cptr, pcount, pvar,
|
||||
case MODE_STRIPBADWORDS:
|
||||
#endif
|
||||
case MODE_NOCTCP:
|
||||
case MODE_ONLYSECURE:
|
||||
case MODE_NOINVITE:
|
||||
setthephuckingmode:
|
||||
/* +sp bugfix.. */
|
||||
@@ -2246,6 +2248,11 @@ static int can_join(cptr, sptr, chptr, key, link, parv)
|
||||
/* if ((chptr->mode.mode & MODE_OPERONLY) && IsOper(sptr)) {
|
||||
goto admok;
|
||||
} */
|
||||
if ((chptr->mode.mode & MODE_ONLYSECURE) &&
|
||||
!(sptr->umodes & UMODE_SECURE))
|
||||
{
|
||||
return (ERR_BANNEDFROMCHAN);
|
||||
}
|
||||
if ((chptr->mode.mode & MODE_OPERONLY) && !IsOper(sptr))
|
||||
{
|
||||
return (ERR_OPERONLY);
|
||||
@@ -2259,7 +2266,7 @@ static int can_join(cptr, sptr, chptr, key, link, parv)
|
||||
if ((chptr->mode.mode & MODE_NOHIDING) && IsHiding(sptr))
|
||||
return (ERR_NOHIDING);
|
||||
|
||||
if ((IsOper(sptr) && !(chptr->mode.mode & MODE_ADMONLY)))
|
||||
if ((IsOper(sptr) && !((chptr->mode.mode & MODE_ADMONLY))))
|
||||
{
|
||||
return 0; /* may override */
|
||||
}
|
||||
|
||||
+3
-1
@@ -1125,7 +1125,9 @@ int InitwIRCD(argc, argv)
|
||||
#endif
|
||||
check_class();
|
||||
write_pidfile();
|
||||
|
||||
#ifdef USE_SSL
|
||||
init_ssl();
|
||||
#endif
|
||||
Debug((DEBUG_NOTICE, "Server ready..."));
|
||||
#ifdef USE_SYSLOG
|
||||
syslog(LOG_NOTICE, "Server Ready");
|
||||
|
||||
+30
-2
@@ -390,6 +390,9 @@ int add_listener(aconf)
|
||||
case 'S':
|
||||
cptr->umodes |= LISTENER_SERVERSONLY;
|
||||
break;
|
||||
case 's':
|
||||
cptr->umodes |= LISTENER_SSL;
|
||||
break;
|
||||
case 'R':
|
||||
cptr->umodes |= LISTENER_REMOTEADMIN;
|
||||
break;
|
||||
@@ -1068,7 +1071,10 @@ void close_connection(cptr)
|
||||
#else
|
||||
(void)closesocket(cptr->authfd);
|
||||
#endif
|
||||
|
||||
#ifdef USE_SSL
|
||||
if (cptr->flags & FLAGS_SSL)
|
||||
SSL_shutdown((SSL *)cptr->ssl);
|
||||
#endif
|
||||
#ifdef SOCKSPORT
|
||||
if (cptr->socksfd >= 0)
|
||||
#ifndef _WIN32
|
||||
@@ -1448,6 +1454,13 @@ aClient *add_connection(cptr, fd)
|
||||
highest_fd = fd;
|
||||
local[fd] = acptr;
|
||||
acptr->acpt = cptr;
|
||||
#ifdef USE_SSL
|
||||
if (cptr->umodes & LISTENER_SSL)
|
||||
{
|
||||
ssl_handshake(acptr);
|
||||
acptr->flags |= FLAGS_SSL;
|
||||
}
|
||||
#endif
|
||||
add_client_to_list(acptr);
|
||||
set_non_blocking(acptr->fd, acptr);
|
||||
set_sock_opts(acptr->fd, acptr);
|
||||
@@ -1488,7 +1501,15 @@ static int read_packet(cptr, rfd)
|
||||
#ifdef INET6
|
||||
length = recvfrom(cptr->fd, readbuf, sizeof(readbuf), 0, 0, 0);
|
||||
#else
|
||||
#ifndef USE_SSL
|
||||
length = recv(cptr->fd, readbuf, sizeof(readbuf), 0);
|
||||
#else
|
||||
if (cptr->flags & FLAGS_SSL)
|
||||
length = SSL_read((SSL *)cptr->ssl, readbuf, sizeof(readbuf));
|
||||
else
|
||||
length = recv(cptr->fd, readbuf, sizeof(readbuf), 0);
|
||||
|
||||
#endif
|
||||
#endif
|
||||
|
||||
cptr->lasttime = now;
|
||||
@@ -1665,8 +1686,15 @@ static int read_packet(aClient *cptr)
|
||||
{
|
||||
errno = 0;
|
||||
|
||||
#ifndef USE_SSL
|
||||
length = recv(cptr->fd, readbuf, sizeof(readbuf), 0);
|
||||
|
||||
#else
|
||||
if (cptr->flags & FLAGS_SSL)
|
||||
length = SSL_read((SSL *)cptr->ssl, readbuf, sizeof(readbuf));
|
||||
else
|
||||
length = recv(cptr->fd, readbuf, sizeof(readbuf), 0);
|
||||
|
||||
#endif
|
||||
cptr->lasttime = now;
|
||||
if (cptr->lasttime > cptr->since)
|
||||
cptr->since = cptr->lasttime;
|
||||
|
||||
+1
-1
@@ -873,7 +873,7 @@ int m_svsnoop(cptr, sptr, parc, parv)
|
||||
~(UMODE_NETADMIN | UMODE_TECHADMIN | UMODE_CLIENT |
|
||||
UMODE_FLOOD | UMODE_EYES | UMODE_CHATOP | UMODE_WHOIS);
|
||||
acptr->umodes &=
|
||||
~(UMODE_KIX | UMODE_FCLIENT | UMODE_HIDING | UMODE_CODER |
|
||||
~(UMODE_KIX | UMODE_FCLIENT | UMODE_HIDING |
|
||||
UMODE_DEAF | UMODE_HIDEOPER);
|
||||
acptr->oflag = 0;
|
||||
|
||||
|
||||
+3
-2
@@ -1107,9 +1107,10 @@ int m_sendumode(cptr, sptr, parc, parv)
|
||||
case 'A':
|
||||
sendto_umode(UMODE_ADMIN, "%s", parv[2]);
|
||||
break;
|
||||
case '1':
|
||||
/* case '1':
|
||||
sendto_umode(UMODE_CODER, "%s", parv[2]);
|
||||
break;
|
||||
*/
|
||||
case 'I':
|
||||
sendto_umode(UMODE_HIDING, "%s", parv[2]);
|
||||
break;
|
||||
@@ -1296,7 +1297,7 @@ int m_svso(cptr, sptr, parc, parv)
|
||||
~(UMODE_NETADMIN | UMODE_TECHADMIN | UMODE_CLIENT |
|
||||
UMODE_FLOOD | UMODE_EYES | UMODE_CHATOP | UMODE_WHOIS);
|
||||
acptr->umodes &=
|
||||
~(UMODE_KIX | UMODE_FCLIENT | UMODE_HIDING | UMODE_CODER |
|
||||
~(UMODE_KIX | UMODE_FCLIENT | UMODE_HIDING |
|
||||
UMODE_DEAF | UMODE_HIDEOPER);
|
||||
acptr->oflag = 0;
|
||||
send_umode_out(acptr, acptr, fLag);
|
||||
|
||||
+13
-12
@@ -91,8 +91,7 @@ static int user_modes[] = { UMODE_OPER, 'o',
|
||||
UMODE_BOT, 'B',
|
||||
UMODE_FCLIENT, 'F',
|
||||
UMODE_HIDING, 'I',
|
||||
/* UMODE_AGENT, 'Z', */
|
||||
UMODE_CODER, '1',
|
||||
UMODE_SECURE, 'z',
|
||||
UMODE_DEAF, 'd',
|
||||
UMODE_VICTIM, 'v',
|
||||
UMODE_SETHOST, 't',
|
||||
@@ -887,6 +886,8 @@ static int register_user(cptr, sptr, nick, username, umode, virthost)
|
||||
#endif
|
||||
nextping = TStime();
|
||||
sendto_connectnotice(nick, user, sptr);
|
||||
if (IsSecure(sptr))
|
||||
sptr->umodes |= UMODE_SECURE;
|
||||
}
|
||||
else if (IsServer(cptr))
|
||||
{
|
||||
@@ -2786,11 +2787,11 @@ int m_whois(cptr, sptr, parc, parv)
|
||||
sendto_one(sptr, rpl_str(RPL_WHOISBOT),
|
||||
me.name, parv[0], name, ircnetwork);
|
||||
}
|
||||
if (acptr->umodes & UMODE_CODER && (!IsHideOper(acptr) || sptr == acptr || IsAnOper(sptr)))
|
||||
if (acptr->umodes & UMODE_SECURE)
|
||||
{
|
||||
sendto_one(sptr, rpl_str(RPL_WHOISOPERATOR),
|
||||
me.name, parv[0], name, "a Coder",
|
||||
ircnetwork);
|
||||
sendto_one(sptr, ":%s %d %s %s :%s %s",me.name,
|
||||
RPL_WHOISSPECIAL,
|
||||
parv[0], name, "is a \2Secure Connection\2");
|
||||
}
|
||||
if (acptr->user->swhois)
|
||||
{
|
||||
@@ -4331,9 +4332,9 @@ int m_umode(cptr, sptr, parc, parv)
|
||||
if ((sptr->umodes & UMODE_HIDING)
|
||||
&& !(sptr->oflag & OFLAG_INVISIBLE))
|
||||
sptr->umodes &= ~UMODE_HIDING;
|
||||
if (MyClient(sptr) && (sptr->umodes & UMODE_CODER)
|
||||
&& !IsAnOper(sptr))
|
||||
sptr->umodes &= ~UMODE_CODER;
|
||||
if (MyClient(sptr) && (sptr->umodes & UMODE_SECURE)
|
||||
&& !IsSecure(sptr))
|
||||
sptr->umodes &= ~UMODE_SECURE;
|
||||
|
||||
|
||||
}
|
||||
@@ -4381,9 +4382,9 @@ int m_umode(cptr, sptr, parc, parv)
|
||||
if ((sptr->umodes & UMODE_HIDING)
|
||||
&& !(sptr->oflag & OFLAG_INVISIBLE))
|
||||
sptr->umodes &= ~UMODE_HIDING;
|
||||
if (MyClient(sptr) && (sptr->umodes & UMODE_CODER)
|
||||
&& !IsAnOper(sptr))
|
||||
sptr->umodes &= ~UMODE_CODER;
|
||||
if (MyClient(sptr) && (sptr->umodes & UMODE_SECURE)
|
||||
&& !IsSecure(sptr))
|
||||
sptr->umodes &= ~UMODE_SECURE;
|
||||
|
||||
if ((sptr->umodes & (UMODE_HIDING))
|
||||
&& !(setflags & UMODE_HIDING))
|
||||
|
||||
+1
-1
@@ -1636,7 +1636,7 @@ void sendto_connectnotice(nick, user, sptr)
|
||||
ircsprintf(connectd,
|
||||
"*** Notice -- Client connecting on port %d: %s (%s@%s) %s",
|
||||
sptr->acpt->port, nick, user->username, user->realhost,
|
||||
#ifdef CRYPTOIRCD
|
||||
#if defined(CRYPTOIRCD) || defined(USE_SSL)
|
||||
IsSecure(sptr) ? "[secure]" : "");
|
||||
#else
|
||||
"");
|
||||
|
||||
@@ -0,0 +1,150 @@
|
||||
/*
|
||||
This was originally done by the hq.alert.sk implementation
|
||||
Modified by Stskeeps
|
||||
*/
|
||||
#include "config.h"
|
||||
#ifdef USE_SSL
|
||||
|
||||
#include "struct.h"
|
||||
|
||||
/* The SSL structures */
|
||||
SSL_CTX* ctx;
|
||||
SSL_METHOD* meth;
|
||||
|
||||
void init_ssl() {
|
||||
/* SSL preliminaries. We keep the certificate and key with the context. */
|
||||
|
||||
SSL_load_error_strings();
|
||||
SSLeay_add_ssl_algorithms();
|
||||
meth = SSLv23_server_method();
|
||||
ctx = SSL_CTX_new (meth);
|
||||
if (!ctx)
|
||||
{
|
||||
ircd_log("Failed to do SSL CTX new");
|
||||
exit (2);
|
||||
}
|
||||
|
||||
if (SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM) <= 0)
|
||||
{
|
||||
ircd_log("Failed to load SSL certificate %s", CERTF);
|
||||
exit (3);
|
||||
}
|
||||
if (SSL_CTX_use_PrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM) <= 0)
|
||||
{
|
||||
ircd_log("Failed to load SSL private key %s", KEYF);
|
||||
exit (4);
|
||||
}
|
||||
|
||||
if (!SSL_CTX_check_private_key (ctx))
|
||||
{
|
||||
ircd_log("Failed to check SSL private key");
|
||||
exit (5);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
#define CHK_NULL(x) if ((x)==NULL) {\
|
||||
ircd_log("Lost connection to %s:Error in SSL", \
|
||||
get_client_name(cptr, TRUE)); \
|
||||
return 0;\
|
||||
}
|
||||
|
||||
int ssl_handshake(aClient *cptr)
|
||||
{
|
||||
char *str;
|
||||
int err;
|
||||
|
||||
cptr->ssl = (struct SSL*) SSL_new (ctx);
|
||||
CHK_NULL (cptr->ssl);
|
||||
SSL_set_fd ((SSL *)cptr->ssl, cptr->fd);
|
||||
err = SSL_accept ((SSL *)cptr->ssl);
|
||||
if ((err)==-1) {
|
||||
ircd_log("Lost connection to %s:Error in SSL_accept()",
|
||||
get_client_name(cptr, TRUE));
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Get the cipher - opt */
|
||||
|
||||
ircd_log("SSL connection using %s\n", SSL_get_cipher ((SSL *)cptr->ssl));
|
||||
|
||||
/* Get client's certificate (note: beware of dynamic
|
||||
* allocation) - opt */
|
||||
|
||||
cptr->client_cert = (struct X509*)SSL_get_peer_certificate ((SSL *)cptr->ssl);
|
||||
|
||||
if (cptr->client_cert != NULL)
|
||||
{
|
||||
// log (L_DEBUG,"Client certificate:\n");
|
||||
|
||||
str = X509_NAME_oneline (X509_get_subject_name ((X509*)cptr->client_cert), 0, 0);
|
||||
CHK_NULL (str);
|
||||
// log (L_DEBUG, "\t subject: %s\n", str);
|
||||
Free (str);
|
||||
|
||||
str = X509_NAME_oneline (X509_get_issuer_name ((X509*)cptr->client_cert), 0, 0);
|
||||
CHK_NULL (str);
|
||||
// log (L_DEBUG, "\t issuer: %s\n", str);
|
||||
Free (str);
|
||||
|
||||
/* We could do all sorts of certificate
|
||||
* verification stuff here before
|
||||
* deallocating the certificate. */
|
||||
|
||||
X509_free ((X509*)cptr->client_cert);
|
||||
}
|
||||
else
|
||||
{
|
||||
// log (L_DEBUG, "Client does not have certificate.\n");
|
||||
}
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
int ssl_client_handshake(struct Client *cptr) {
|
||||
|
||||
char *str;
|
||||
int err;
|
||||
|
||||
cptr->ssl = (struct SSL*)SSL_new (ctx); CHK_NULL(cptr->ssl);
|
||||
SSL_set_fd ((SSL*)cptr->ssl, cptr->fd);
|
||||
// set_blocking(cptr->fd);
|
||||
err = SSL_connect ((SSL*)cptr->ssl);
|
||||
set_non_blocking(cptr->fd);
|
||||
if ((err)==-1) {
|
||||
ircd_log("Could connect to %s:Error in SSL_connect()",
|
||||
get_client_name(cptr, TRUE));
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Following two steps are optional and not required for
|
||||
data exchange to be successful. */
|
||||
|
||||
/* Get the cipher - opt */
|
||||
// set_blocking(cptr->fd);
|
||||
ircd_log("SSL connection using %s\n", SSL_get_cipher ((SSL*)cptr->ssl));
|
||||
|
||||
/* Get server's certificate (note: beware of dynamic allocation) - opt */
|
||||
|
||||
cptr->client_cert = (struct X509*)SSL_get_peer_certificate ((SSL *)cptr->ssl);
|
||||
set_non_blocking(cptr->fd);
|
||||
CHK_NULL(cptr->client_cert);
|
||||
// log (L_NOTICE,"Server certificate:\n");
|
||||
|
||||
str = X509_NAME_oneline (X509_get_subject_name ((X509*)cptr->client_cert),0,0);
|
||||
CHK_NULL(str);
|
||||
// log (L_NOTICE, "\t subject: %s\n", str);
|
||||
Free (str);
|
||||
|
||||
str = X509_NAME_oneline (X509_get_issuer_name ((X509*)cptr->client_cert),0,0);
|
||||
CHK_NULL(str);
|
||||
// log (L_NOTICE, "\t issuer: %s\n", str);
|
||||
Free (str);
|
||||
|
||||
/* We could do all sorts of certificate verification stuff here before
|
||||
deallocating the certificate. */
|
||||
|
||||
X509_free ((X509*)cptr->client_cert);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
+35
@@ -0,0 +1,35 @@
|
||||
# create RSA certs - Server
|
||||
|
||||
RANDFILE = src/ssl.rnd
|
||||
|
||||
[ req ]
|
||||
default_bits = 1024
|
||||
encrypt_key = yes
|
||||
distinguished_name = req_dn
|
||||
x509_extensions = cert_type
|
||||
|
||||
[ req_dn ]
|
||||
countryName = US
|
||||
countryName_default = US
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = City
|
||||
stateOrProvinceName_default = City
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = Organization Name (eg. company)
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
#organizationalUnitName_default =
|
||||
|
||||
0.commonName = Common Name (FQDN of your server)
|
||||
|
||||
1.commonName = Common Name (default)
|
||||
1.commonName_value = localhost
|
||||
|
||||
[ cert_type ]
|
||||
nsCertType = server
|
||||
|
||||
BIN
Binary file not shown.
+3
-3
@@ -351,10 +351,10 @@ int w_whois(aClient *cptr, aClient *sptr, int parc, char *parv[])
|
||||
sendto_one(sptr, ":IRC PRIVMSG %s :%s is an Bot on %s",
|
||||
sptr->name, name, ircnetwork);
|
||||
}
|
||||
if (acptr->umodes & UMODE_CODER && (!IsHideOper(acptr) || sptr == acptr || IsAnOper(sptr)))
|
||||
if (acptr->umodes & UMODE_SECURE)
|
||||
{
|
||||
sendto_one(sptr, ":IRC PRIVMSG %s :%s is a Coder on %s",
|
||||
sptr->name, acptr->name, ircnetwork);
|
||||
sendto_one(sptr, ":IRC PRIVMSG %s :%s is a Secure Connection",
|
||||
sptr->name, acptr->name);
|
||||
}
|
||||
if (acptr->user->swhois)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user