summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2016-04-30 16:54:37 +0200
committerAttila Molnar <attilamolnar@hush.com>2016-04-30 16:54:37 +0200
commitfb66fb5ce3410d7e32813aed85e8ad3050584740 (patch)
treea36d649156325dbd76f314eaac6c14f724d56b04
parent6cfe4011ec0e90718d7d5a449a5330b8e9a18ec3 (diff)
parent1e4b53a286e428e78bd5650815048970d345f7e3 (diff)
Merge branch 'master+sslconnmsg'
-rw-r--r--include/modules/ssl.h19
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp25
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp26
-rw-r--r--src/modules/m_jumpserver.cpp2
-rw-r--r--src/modules/m_spanningtree/server.cpp10
-rw-r--r--src/modules/m_sslinfo.cpp22
6 files changed, 53 insertions, 51 deletions
diff --git a/include/modules/ssl.h b/include/modules/ssl.h
index 67bfc7b2e..9cc504128 100644
--- a/include/modules/ssl.h
+++ b/include/modules/ssl.h
@@ -164,6 +164,14 @@ class SSLIOHook : public IOHook
}
public:
+ static SSLIOHook* IsSSL(StreamSocket* sock)
+ {
+ IOHook* const iohook = sock->GetIOHook();
+ if ((iohook) && ((iohook->prov->type == IOHookProvider::IOH_SSL)))
+ return static_cast<SSLIOHook*>(iohook);
+ return NULL;
+ }
+
SSLIOHook(IOHookProvider* hookprov)
: IOHook(hookprov)
{
@@ -190,6 +198,12 @@ class SSLIOHook : public IOHook
return cert->GetFingerprint();
return "";
}
+
+ /**
+ * Get the ciphersuite negotiated with the peer
+ * @param out String where the ciphersuite string will be appended to
+ */
+ virtual void GetCiphersuite(std::string& out) const = 0;
};
/** Helper functions for obtaining SSL client certificates and key fingerprints
@@ -205,11 +219,10 @@ class SSLClientCert
*/
static ssl_cert* GetCertificate(StreamSocket* sock)
{
- IOHook* iohook = sock->GetIOHook();
- if ((!iohook) || (iohook->prov->type != IOHookProvider::IOH_SSL))
+ SSLIOHook* ssliohook = SSLIOHook::IsSSL(sock);
+ if (!ssliohook)
return NULL;
- SSLIOHook* ssliohook = static_cast<SSLIOHook*>(iohook);
return ssliohook->GetCertificate();
}
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 6a653dded..a1c989163 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -1150,22 +1150,10 @@ info_done_dealloc:
return 1;
}
- void TellCiphersAndFingerprint(LocalUser* user)
- {
- if (sess)
- {
- std::string text = "*** You are connected using SSL cipher '";
- GetCiphersuite(text);
- text += '\'';
- if (!certificate->fingerprint.empty())
- text += " and your SSL certificate fingerprint is " + certificate->fingerprint;
-
- user->WriteNotice(text);
- }
- }
-
- void GetCiphersuite(std::string& out) const
+ void GetCiphersuite(std::string& out) const CXX11_OVERRIDE
{
+ if (!IsHandshakeDone())
+ return;
out.append(UnknownIfNULL(gnutls_protocol_get_name(gnutls_protocol_get_version(sess)))).push_back('-');
out.append(UnknownIfNULL(gnutls_kx_get_name(gnutls_kx_get(sess)))).push_back('-');
out.append(UnknownIfNULL(gnutls_cipher_get_name(gnutls_cipher_get(sess)))).push_back('-');
@@ -1344,13 +1332,6 @@ class ModuleSSLGnuTLS : public Module
return Version("Provides SSL support for clients", VF_VENDOR);
}
- void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
- {
- IOHook* hook = user->eh.GetIOHook();
- if (hook && hook->prov->creator == this)
- static_cast<GnuTLSIOHook*>(hook)->TellCiphersAndFingerprint(user);
- }
-
ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE
{
if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this))
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index c9ae14e11..80c9d9395 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -720,23 +720,10 @@ class OpenSSLIOHook : public SSLIOHook
return 1;
}
- void TellCiphersAndFingerprint(LocalUser* user)
- {
- if (sess)
- {
- std::string text = "*** You are connected using SSL cipher '";
- GetCiphersuite(text);
- text += '\'';
- const std::string& fingerprint = certificate->fingerprint;
- if (!fingerprint.empty())
- text += " and your SSL certificate fingerprint is " + fingerprint;
-
- user->WriteNotice(text);
- }
- }
-
- void GetCiphersuite(std::string& out) const
+ void GetCiphersuite(std::string& out) const CXX11_OVERRIDE
{
+ if (!IsHandshakeDone())
+ return;
out.append(SSL_get_version(sess)).push_back('-');
out.append(SSL_get_cipher(sess));
}
@@ -917,13 +904,6 @@ class ModuleSSLOpenSSL : public Module
}
}
- void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
- {
- IOHook* hook = user->eh.GetIOHook();
- if (hook && hook->prov->creator == this)
- static_cast<OpenSSLIOHook*>(hook)->TellCiphersAndFingerprint(user);
- }
-
void OnCleanup(int target_type, void* item) CXX11_OVERRIDE
{
if (target_type == TYPE_USER)
diff --git a/src/modules/m_jumpserver.cpp b/src/modules/m_jumpserver.cpp
index 33b9bcd35..f59ef045d 100644
--- a/src/modules/m_jumpserver.cpp
+++ b/src/modules/m_jumpserver.cpp
@@ -140,7 +140,7 @@ class CommandJumpserver : public Command
int GetPort(LocalUser* user)
{
- int p = (SSLClientCert::GetCertificate(&user->eh) ? sslport : port);
+ int p = (SSLIOHook::IsSSL(&user->eh) ? sslport : port);
if (p == 0)
p = user->GetServerPort();
return p;
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp
index bc43841c1..3000dd391 100644
--- a/src/modules/m_spanningtree/server.cpp
+++ b/src/modules/m_spanningtree/server.cpp
@@ -19,6 +19,7 @@
#include "inspircd.h"
+#include "modules/ssl.h"
#include "main.h"
#include "utils.h"
@@ -127,6 +128,15 @@ Link* TreeSocket::AuthRemote(const parameterlist& params)
return NULL;
ServerInstance->SNO->WriteToSnoMask('l',"Verified server connection " + linkID + " ("+description+")");
+
+ const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(this);
+ if (ssliohook)
+ {
+ std::string ciphersuite;
+ ssliohook->GetCiphersuite(ciphersuite);
+ ServerInstance->SNO->WriteToSnoMask('l', "Negotiated ciphersuite %s on link %s", ciphersuite.c_str(), x->Name.c_str());
+ }
+
return x;
}
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 6a29d3bde..9682e92cf 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -209,8 +209,26 @@ class ModuleSSLInfo : public Module, public Whois::EventListener
void OnPostConnect(User* user) CXX11_OVERRIDE
{
- ssl_cert *cert = cmd.CertExt.get(user);
- if (!cert || cert->fingerprint.empty())
+ LocalUser* const localuser = IS_LOCAL(user);
+ if (!localuser)
+ return;
+
+ const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(&localuser->eh);
+ if (!ssliohook)
+ return;
+
+ ssl_cert* const cert = ssliohook->GetCertificate();
+
+ {
+ std::string text = "*** You are connected using SSL cipher '";
+ ssliohook->GetCiphersuite(text);
+ text.push_back('\'');
+ if ((cert) && (!cert->GetFingerprint().empty()))
+ text.append(" and your SSL certificate fingerprint is ").append(cert->GetFingerprint());
+ user->WriteNotice(text);
+ }
+
+ if (!cert)
return;
// find an auto-oper block for this user
for (ServerConfig::OperIndex::const_iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); ++i)