Create SSLIOHook interface that provides GetCertificate()

author: attilamolnar <attilamolnar@hush.com> 2013-05-24 19:34:25 +0200
committer: attilamolnar <attilamolnar@hush.com> 2013-06-07 01:00:10 +0200
commit: 3d6d9cda32d72ff25cf6e624bb271b629898e018 (patch)
tree: 78f47c8f6f74b273beb40e0a37578f5324e02785 /src/modules
parent: 79db1cf848c64ba50bebadef4c683ae4237080b7 (diff)
5 files changed, 28 insertions, 48 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index e051b34e7..3c82a5beb 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -100,7 +100,7 @@ public:
 	issl_session() : socket(NULL), sess(NULL) {}
 };
 
-class GnuTLSIOHook : public IOHook
+class GnuTLSIOHook : public SSLIOHook
 {
  private:
 	void InitSession(StreamSocket* user, bool me_server)
@@ -359,7 +359,7 @@ info_done_dealloc:
 	int dh_bits;
 
 	GnuTLSIOHook(Module* parent)
-		: IOHook(parent, "ssl/gnutls")
+		: SSLIOHook(parent, "ssl/gnutls")
 	{
 		sessions = new issl_session[ServerInstance->SE->GetMaxFds()];
 	}
@@ -501,6 +501,13 @@ info_done_dealloc:
 		return 0;
 	}
 
+	ssl_cert* GetCertificate(StreamSocket* sock) CXX11_OVERRIDE
+	{
+		int fd = sock->GetFd();
+		issl_session* session = &sessions[fd];
+		return session->cert;
+	}
+
 	void TellCiphersAndFingerprint(LocalUser* user)
 	{
 		const gnutls_session_t& sess = sessions[user->eh.GetFd()].sess;
@@ -895,18 +902,6 @@ class ModuleSSLGnuTLS : public Module
 		}
 	}
 
-	void OnRequest(Request& request) CXX11_OVERRIDE
-	{
-		if (strcmp("GET_SSL_CERT", request.id) == 0)
-		{
-			SocketCertificateRequest& req = static_cast<SocketCertificateRequest&>(request);
-			int fd = req.sock->GetFd();
-			issl_session* session = &iohook.sessions[fd];
-
-			req.cert = session->cert;
-		}
-	}
-
 	void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
 	{
 		if (user->eh.GetIOHook() == &iohook)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 0c7362e6e..53c0ab875 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -101,7 +101,7 @@ static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx)
 	return 1;
 }
 
-class OpenSSLIOHook : public IOHook
+class OpenSSLIOHook : public SSLIOHook
 {
  private:
 	bool Handshake(StreamSocket* user, issl_session* session)
@@ -229,7 +229,7 @@ class OpenSSLIOHook : public IOHook
 	bool use_sha;
 
 	OpenSSLIOHook(Module* mod)
-		: IOHook(mod, "ssl/openssl")
+		: SSLIOHook(mod, "ssl/openssl")
 	{
 		sessions = new issl_session[ServerInstance->SE->GetMaxFds()];
 	}
@@ -440,6 +440,13 @@ class OpenSSLIOHook : public IOHook
 		return 0;
 	}
 
+	ssl_cert* GetCertificate(StreamSocket* sock) CXX11_OVERRIDE
+	{
+		int fd = sock->GetFd();
+		issl_session* session = &sessions[fd];
+		return session->cert;
+	}
+
 	void TellCiphersAndFingerprint(LocalUser* user)
 	{
 		issl_session& s = sessions[user->eh.GetFd()];
@@ -653,18 +660,6 @@ class ModuleSSLOpenSSL : public Module
 	{
 		return Version("Provides SSL support for clients", VF_VENDOR);
 	}
-
-	void OnRequest(Request& request) CXX11_OVERRIDE
-	{
-		if (strcmp("GET_SSL_CERT", request.id) == 0)
-		{
-			SocketCertificateRequest& req = static_cast<SocketCertificateRequest&>(request);
-			int fd = req.sock->GetFd();
-			issl_session* session = &iohook.sessions[fd];
-
-			req.cert = session->cert;
-		}
-	}
 };
 
 static int error_callback(const char *str, size_t len, void *u)
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 322a726ce..45915ab4d 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -63,10 +63,10 @@ class SaslAuthenticator
 		params.push_back("S");
 		params.push_back(method);
 
-		if (method == "EXTERNAL" && IS_LOCAL(user_))
+		LocalUser* localuser = IS_LOCAL(user);
+		if (method == "EXTERNAL" && localuser)
 		{
-			SocketCertificateRequest req(&((LocalUser*)user_)->eh, ServerInstance->Modules->Find("m_sasl.so"));
-			std::string fp = req.GetFingerprint();
+			std::string fp = SSLClientCert::GetFingerprint(&localuser->eh);
 
 			if (fp.size())
 				params.push_back(fp);
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index ad632dbc7..0b96f9b26 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -69,16 +69,6 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 	capab->auth_fingerprint = !link.Fingerprint.empty();
 	capab->auth_challenge = !capab->ourchallenge.empty() && !capab->theirchallenge.empty();
 
-	std::string fp;
-	if (GetIOHook())
-	{
-		SocketCertificateRequest req(this, Utils->Creator);
-		if (req.cert)
-		{
-			fp = req.cert->GetFingerprint();
-		}
-	}
-
 	if (capab->auth_challenge)
 	{
 		std::string our_hmac = MakePass(link.RecvPass, capab->ourchallenge);
@@ -94,6 +84,7 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 			return false;
 	}
 
+	std::string fp = SSLClientCert::GetFingerprint(this);
 	if (capab->auth_fingerprint)
 	{
 		/* Require fingerprint to exist and match */
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 8cdaa1cde..5516af7ef 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -191,10 +191,9 @@ class ModuleSSLInfo : public Module
 
 	void OnUserConnect(LocalUser* user) CXX11_OVERRIDE
 	{
-		SocketCertificateRequest req(&user->eh, this);
-		if (!req.cert)
-			return;
-		cmd.CertExt.set(user, req.cert);
+		ssl_cert* cert = SSLClientCert::GetCertificate(&user->eh);
+		if (cert)
+			cmd.CertExt.set(user, cert);
 	}
 
 	void OnPostConnect(User* user) CXX11_OVERRIDE
@@ -214,15 +213,15 @@ class ModuleSSLInfo : public Module
 
 	ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE
 	{
-		SocketCertificateRequest req(&user->eh, this);
+		ssl_cert* cert = SSLClientCert::GetCertificate(&user->eh);
 		bool ok = true;
 		if (myclass->config->getString("requiressl") == "trusted")
 		{
-			ok = (req.cert && req.cert->IsCAVerified());
+			ok = (cert && cert->IsCAVerified());
 		}
 		else if (myclass->config->getBool("requiressl"))
 		{
-			ok = (req.cert != NULL);
+			ok = (cert != NULL);
 		}
 
 		if (!ok)
author	attilamolnar <attilamolnar@hush.com>	2013-05-24 19:34:25 +0200
committer	attilamolnar <attilamolnar@hush.com>	2013-06-07 01:00:10 +0200
commit	3d6d9cda32d72ff25cf6e624bb271b629898e018 (patch)
tree	78f47c8f6f74b273beb40e0a37578f5324e02785 /src/modules
parent	79db1cf848c64ba50bebadef4c683ae4237080b7 (diff)