Send ssl_cert metadata on signon

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11429 e03df62e-2008-0410-955e-edbf42e46eb7
author: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-07-02 18:17:33 +0000
committer: danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> 2009-07-02 18:17:33 +0000
commit: 7885a7e6cabe396e2c54eb3192fdbb6afd75c066 (patch)
tree: 9eeb5141adcf90e8398004722a98c2d3d73fe030 /src
parent: 2db8cb45f87b0406e88f6ecf6a46eb15f5238684 (diff)
4 files changed, 35 insertions, 26 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 4ff5a9062..f76148843 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -679,10 +679,7 @@ class ModuleSSLGnuTLS : public Module
 		// protocol module has propagated the NICK message.
 		if (user->GetIOHook() == this && (IS_LOCAL(user)))
 		{
-			// Tell whatever protocol module we're using that we need to inform other servers of this metadata NOW.
-			ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "on");
-
-			VerifyCertificate(&sessions[user->GetFd()],user);
+			ssl_cert* certdata = VerifyCertificate(&sessions[user->GetFd()],user);
 			if (sessions[user->GetFd()].sess)
 			{
 				std::string cipher = gnutls_kx_get_name(gnutls_kx_get(sessions[user->GetFd()].sess));
@@ -690,6 +687,9 @@ class ModuleSSLGnuTLS : public Module
 				cipher.append(gnutls_mac_get_name(gnutls_mac_get(sessions[user->GetFd()].sess)));
 				user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), cipher.c_str());
 			}
+
+			ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "ON");
+			ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl_cert", certdata->GetMetaLine().c_str());
 		}
 	}
 
@@ -724,10 +724,10 @@ class ModuleSSLGnuTLS : public Module
 		session->status = ISSL_NONE;
 	}
 
-	void VerifyCertificate(issl_session* session, Extensible* user)
+	ssl_cert* VerifyCertificate(issl_session* session, Extensible* user)
 	{
 		if (!session->sess || !user)
-			return;
+			return NULL;
 
 		unsigned int status;
 		const gnutls_datum_t* cert_list;
@@ -750,7 +750,7 @@ class ModuleSSLGnuTLS : public Module
 		if (ret < 0)
 		{
 			certinfo->error = std::string(gnutls_strerror(ret));
-			return;
+			return certinfo;
 		}
 
 		certinfo->invalid = (status & GNUTLS_CERT_INVALID);
@@ -765,14 +765,14 @@ class ModuleSSLGnuTLS : public Module
 		if (gnutls_certificate_type_get(session->sess) != GNUTLS_CRT_X509)
 		{
 			certinfo->error = "No X509 keys sent";
-			return;
+			return certinfo;
 		}
 
 		ret = gnutls_x509_crt_init(&cert);
 		if (ret < 0)
 		{
 			certinfo->error = gnutls_strerror(ret);
-			return;
+			return certinfo;
 		}
 
 		cert_list_size = 0;
@@ -780,7 +780,7 @@ class ModuleSSLGnuTLS : public Module
 		if (cert_list == NULL)
 		{
 			certinfo->error = "No certificate was found";
-			return;
+			return certinfo;
 		}
 
 		/* This is not a real world example, since we only check the first
@@ -791,7 +791,7 @@ class ModuleSSLGnuTLS : public Module
 		if (ret < 0)
 		{
 			certinfo->error = gnutls_strerror(ret);
-			return;
+			return certinfo;
 		}
 
 		gnutls_x509_crt_get_dn(cert, name, &name_size);
@@ -818,7 +818,7 @@ class ModuleSSLGnuTLS : public Module
 
 		gnutls_x509_crt_deinit(cert);
 
-		return;
+		return certinfo;
 	}
 
 	void OnEvent(Event* ev)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 6aaf8ab1f..8c35d5d0f 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -776,9 +776,13 @@ class ModuleSSLOpenSSL : public Module
 			// Tell whatever protocol module we're using that we need to inform other servers of this metadata NOW.
 			ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "on");
 
-			VerifyCertificate(&sessions[user->GetFd()], user);
+			ssl_cert* certdata = VerifyCertificate(&sessions[user->GetFd()], user);
 			if (sessions[user->GetFd()].sess)
 				user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), SSL_get_cipher(sessions[user->GetFd()].sess));
+
+			ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "ON");
+			if (certdata)
+				ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl_cert", certdata->GetMetaLine().c_str());
 		}
 	}
 
@@ -822,10 +826,10 @@ class ModuleSSLOpenSSL : public Module
 		errno = EIO;
 	}
 
-	void VerifyCertificate(issl_session* session, Extensible* user)
+	ssl_cert* VerifyCertificate(issl_session* session, Extensible* user)
 	{
 		if (!session->sess || !user)
-			return;
+			return NULL;
 
 		X509* cert;
 		ssl_cert* certinfo = new ssl_cert;
@@ -840,7 +844,7 @@ class ModuleSSLOpenSSL : public Module
 		if (!cert)
 		{
 			certinfo->error = "Could not get peer certificate: "+std::string(get_error());
-			return;
+			return certinfo;
 		}
 
 		certinfo->invalid = (SSL_get_verify_result(session->sess) != X509_V_OK);
@@ -874,6 +878,7 @@ class ModuleSSLOpenSSL : public Module
 		}
 
 		X509_free(cert);
+		return certinfo;
 	}
 
 	void Prioritize()
diff --git a/src/modules/m_ssl_data.cpp b/src/modules/m_ssl_data.cpp
index 2cc712c65..efc99d3f2 100644
--- a/src/modules/m_ssl_data.cpp
+++ b/src/modules/m_ssl_data.cpp
@@ -58,16 +58,7 @@ class ModuleSSLData : public Module
 			if (!user->GetExt("ssl_cert", cert))
 				return;
 
-			std::stringstream value;
-			bool hasError = cert->GetError().length();
-			value << (cert->IsInvalid() ? "v" : "V") << (cert->IsTrusted() ? "T" : "t") << (cert->IsRevoked() ? "R" : "r")
-				<< (cert->IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
-			if (hasError)
-				value << cert->GetError();
-			else
-				value << cert->GetFingerprint() << " " << cert->GetDN() << " " << cert->GetIssuer();
-
-			proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, value.str().c_str());
+			proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, cert->GetMetaLine().c_str());
 		}
 	}
 
diff --git a/src/modules/transport.h b/src/modules/transport.h
index f4cf3f4a5..9f29ab3d8 100644
--- a/src/modules/transport.h
+++ b/src/modules/transport.h
@@ -104,6 +104,19 @@ class ssl_cert
 	{
 		return revoked;
 	}
+
+	std::string GetMetaLine()
+	{
+		std::stringstream value;
+		bool hasError = error.length();
+		value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r")
+			<< (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " ";
+		if (hasError)
+			value << GetError();
+		else
+			value << GetFingerprint() << " " << GetDN() << " " << GetIssuer();
+		return value.str();
+	}
 };
 
 /** Used to represent a request to a transport provider module
author	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-07-02 18:17:33 +0000
committer	danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>	2009-07-02 18:17:33 +0000
commit	7885a7e6cabe396e2c54eb3192fdbb6afd75c066 (patch)
tree	9eeb5141adcf90e8398004722a98c2d3d73fe030 /src
parent	2db8cb45f87b0406e88f6ecf6a46eb15f5238684 (diff)