summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-03 18:57:16 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2006-09-03 18:57:16 +0000
commitd4af574074d05cb5705cd261c8fb97f52290e56a (patch)
treee8ac3a0aa8f85c6b2538a836d7d142e32ed29817
parent5ec6f8616938a7e2bdf906b43a5bf3f976ace016 (diff)
We now have a test module that can dump someones certificate information: /sslinfo <nick>
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5125 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r--include/hashcomp.h2
-rw-r--r--src/hashcomp.cpp18
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp11
-rw-r--r--src/modules/extra/m_sslinfo.cpp116
-rw-r--r--src/modules/extra/ssl_cert.h10
5 files changed, 157 insertions, 0 deletions
diff --git a/include/hashcomp.h b/include/hashcomp.h
index 53139270c..056bba6e5 100644
--- a/include/hashcomp.h
+++ b/include/hashcomp.h
@@ -207,6 +207,8 @@ namespace irc
static const char* find(const char* s1, int n, char c);
};
+ std::string hex(const unsigned char *raw, size_t rawsz);
+
/** This typedef declares irc::string based upon irc_char_traits
*/
typedef basic_string<char, irc_char_traits, allocator<char> > string;
diff --git a/src/hashcomp.cpp b/src/hashcomp.cpp
index 88b9b582c..d3db02da4 100644
--- a/src/hashcomp.cpp
+++ b/src/hashcomp.cpp
@@ -275,3 +275,21 @@ const std::string irc::commasepstream::GetToken()
irc::commasepstream::~commasepstream()
{
}
+
+std::string irc::hex(const unsigned char *raw, size_t rawsz)
+{
+ if (!rawsz)
+ return "";
+
+ char buf[rawsz*2+1];
+ size_t i;
+
+ for (i = 0; i < rawsz; i++)
+ {
+ sprintf (&(buf[i*2]), "%02x", raw[i]);
+ }
+ buf[i*2] = 0;
+
+ return buf;
+}
+
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index df14bbed1..0e70082e3 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -619,6 +619,8 @@ class ModuleSSLGnuTLS : public Module
unsigned int cert_list_size, name_size;
gnutls_x509_crt_t cert;
char name[MAXBUF];
+ unsigned char digest[MAXBUF];
+ size_t digest_size = sizeof(digest);
ssl_cert* certinfo = new ssl_cert;
user->Extend("ssl_cert",certinfo);
@@ -713,6 +715,15 @@ class ModuleSSLGnuTLS : public Module
certinfo->data.insert(std::make_pair("issuer",name));
+ if ((ret = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_MD5, digest, &digest_size)) < 0)
+ {
+ certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret)));
+ }
+ else
+ {
+ certinfo->data.insert(std::make_pair("fingerprint",irc::hex(digest, digest_size)));
+ }
+
/* Beware here we do not check for errors.
*/
if ((gnutls_x509_crt_get_expiration_time(cert) < time(0)) || (gnutls_x509_crt_get_activation_time(cert) > time(0)))
diff --git a/src/modules/extra/m_sslinfo.cpp b/src/modules/extra/m_sslinfo.cpp
new file mode 100644
index 000000000..5a001ce9e
--- /dev/null
+++ b/src/modules/extra/m_sslinfo.cpp
@@ -0,0 +1,116 @@
+/* +------------------------------------+
+ * | Inspire Internet Relay Chat Daemon |
+ * +------------------------------------+
+ *
+ * InspIRCd is copyright (C) 2002-2006 ChatSpike-Dev.
+ * E-mail:
+ * <brain@chatspike.net>
+ * <Craig@chatspike.net>
+ *
+ * Written by Craig Edwards, Craig McLure, and others.
+ * This program is free but copyrighted software; see
+ * the file COPYING for details.
+ *
+ * ---------------------------------------------------
+ */
+
+using namespace std;
+
+#include <stdio.h>
+#include "users.h"
+#include "channels.h"
+#include "modules.h"
+#include "ssl_cert.h"
+#include "wildcard.h"
+#include "inspircd.h"
+#include "dns.h"
+
+/* $ModDesc: Provides /sslinfo command used to test who a mask matches */
+
+class cmd_sslinfo : public command_t
+{
+ public:
+ cmd_sslinfo (InspIRCd* Instance) : command_t(Instance,"SSLINFO", 0, 1)
+ {
+ this->source = "m_sslinfo.so";
+ this->syntax = "<nick>";
+ }
+
+ void Handle (const char** parameters, int pcnt, userrec *user)
+ {
+ userrec* target = ServerInstance->FindNick(parameters[0]);
+ ssl_cert* cert;
+
+ if (target)
+ {
+ if (target->GetExt("ssl_cert", cert))
+ {
+ if (cert->GetError().length())
+ {
+ user->WriteServ("NOTICE %s :*** Error: %s", user->nick, cert->GetError().c_str());
+ }
+ user->WriteServ("NOTICE %s :*** Distinguised Name: %s", user->nick, cert->GetDN().c_str());
+ user->WriteServ("NOTICE %s :*** Issuer: %s", user->nick, cert->GetIssuer().c_str());
+ user->WriteServ("NOTICE %s :*** Key Fingerprint: %s", user->nick, cert->GetFingerprint().c_str());
+ }
+ else
+ {
+ user->WriteServ("NOTICE %s :*** No SSL certificate information for this user.", user->nick);
+ }
+ }
+ else
+ user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]);
+ }
+};
+
+class ModuleSSLInfo : public Module
+{
+ cmd_sslinfo* newcommand;
+ public:
+ ModuleSSLInfo(InspIRCd* Me)
+ : Module::Module(Me)
+ {
+
+ newcommand = new cmd_sslinfo(ServerInstance);
+ ServerInstance->AddCommand(newcommand);
+ }
+
+ void Implements(char* List)
+ {
+ }
+
+ virtual ~ModuleSSLInfo()
+ {
+ }
+
+ virtual Version GetVersion()
+ {
+ return Version(1, 0, 0, 0, VF_VENDOR);
+ }
+};
+
+
+class ModuleSSLInfoFactory : public ModuleFactory
+{
+ public:
+ ModuleSSLInfoFactory()
+ {
+ }
+
+ ~ModuleSSLInfoFactory()
+ {
+ }
+
+ virtual Module * CreateModule(InspIRCd* Me)
+ {
+ return new ModuleSSLInfo(Me);
+ }
+
+};
+
+
+extern "C" void * init_module( void )
+{
+ return new ModuleSSLInfoFactory;
+}
+
diff --git a/src/modules/extra/ssl_cert.h b/src/modules/extra/ssl_cert.h
index fbbd821ac..d7ef70dca 100644
--- a/src/modules/extra/ssl_cert.h
+++ b/src/modules/extra/ssl_cert.h
@@ -48,6 +48,16 @@ class ssl_cert
return empty;
}
+ const std::string& GetFingerprint()
+ {
+ ssl_data_iter ssldi = data.find("fingerprint");
+
+ if (ssldi != data.end())
+ return ssldi->second;
+ else
+ return empty;
+ }
+
bool IsTrusted()
{
ssl_data_iter ssldi = data.find("trusted");