From d4af574074d05cb5705cd261c8fb97f52290e56a Mon Sep 17 00:00:00 2001 From: brain Date: Sun, 3 Sep 2006 18:57:16 +0000 Subject: We now have a test module that can dump someones certificate information: /sslinfo git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5125 e03df62e-2008-0410-955e-edbf42e46eb7 --- include/hashcomp.h | 2 + src/hashcomp.cpp | 18 ++++++ src/modules/extra/m_ssl_gnutls.cpp | 11 ++++ src/modules/extra/m_sslinfo.cpp | 116 +++++++++++++++++++++++++++++++++++++ src/modules/extra/ssl_cert.h | 10 ++++ 5 files changed, 157 insertions(+) create mode 100644 src/modules/extra/m_sslinfo.cpp diff --git a/include/hashcomp.h b/include/hashcomp.h index 53139270c..056bba6e5 100644 --- a/include/hashcomp.h +++ b/include/hashcomp.h @@ -207,6 +207,8 @@ namespace irc static const char* find(const char* s1, int n, char c); }; + std::string hex(const unsigned char *raw, size_t rawsz); + /** This typedef declares irc::string based upon irc_char_traits */ typedef basic_string > string; diff --git a/src/hashcomp.cpp b/src/hashcomp.cpp index 88b9b582c..d3db02da4 100644 --- a/src/hashcomp.cpp +++ b/src/hashcomp.cpp @@ -275,3 +275,21 @@ const std::string irc::commasepstream::GetToken() irc::commasepstream::~commasepstream() { } + +std::string irc::hex(const unsigned char *raw, size_t rawsz) +{ + if (!rawsz) + return ""; + + char buf[rawsz*2+1]; + size_t i; + + for (i = 0; i < rawsz; i++) + { + sprintf (&(buf[i*2]), "%02x", raw[i]); + } + buf[i*2] = 0; + + return buf; +} + diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index df14bbed1..0e70082e3 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -619,6 +619,8 @@ class ModuleSSLGnuTLS : public Module unsigned int cert_list_size, name_size; gnutls_x509_crt_t cert; char name[MAXBUF]; + unsigned char digest[MAXBUF]; + size_t digest_size = sizeof(digest); ssl_cert* certinfo = new ssl_cert; user->Extend("ssl_cert",certinfo); @@ -713,6 +715,15 @@ class ModuleSSLGnuTLS : public Module certinfo->data.insert(std::make_pair("issuer",name)); + if ((ret = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_MD5, digest, &digest_size)) < 0) + { + certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret))); + } + else + { + certinfo->data.insert(std::make_pair("fingerprint",irc::hex(digest, digest_size))); + } + /* Beware here we do not check for errors. */ if ((gnutls_x509_crt_get_expiration_time(cert) < time(0)) || (gnutls_x509_crt_get_activation_time(cert) > time(0))) diff --git a/src/modules/extra/m_sslinfo.cpp b/src/modules/extra/m_sslinfo.cpp new file mode 100644 index 000000000..5a001ce9e --- /dev/null +++ b/src/modules/extra/m_sslinfo.cpp @@ -0,0 +1,116 @@ +/* +------------------------------------+ + * | Inspire Internet Relay Chat Daemon | + * +------------------------------------+ + * + * InspIRCd is copyright (C) 2002-2006 ChatSpike-Dev. + * E-mail: + * + * + * + * Written by Craig Edwards, Craig McLure, and others. + * This program is free but copyrighted software; see + * the file COPYING for details. + * + * --------------------------------------------------- + */ + +using namespace std; + +#include +#include "users.h" +#include "channels.h" +#include "modules.h" +#include "ssl_cert.h" +#include "wildcard.h" +#include "inspircd.h" +#include "dns.h" + +/* $ModDesc: Provides /sslinfo command used to test who a mask matches */ + +class cmd_sslinfo : public command_t +{ + public: + cmd_sslinfo (InspIRCd* Instance) : command_t(Instance,"SSLINFO", 0, 1) + { + this->source = "m_sslinfo.so"; + this->syntax = ""; + } + + void Handle (const char** parameters, int pcnt, userrec *user) + { + userrec* target = ServerInstance->FindNick(parameters[0]); + ssl_cert* cert; + + if (target) + { + if (target->GetExt("ssl_cert", cert)) + { + if (cert->GetError().length()) + { + user->WriteServ("NOTICE %s :*** Error: %s", user->nick, cert->GetError().c_str()); + } + user->WriteServ("NOTICE %s :*** Distinguised Name: %s", user->nick, cert->GetDN().c_str()); + user->WriteServ("NOTICE %s :*** Issuer: %s", user->nick, cert->GetIssuer().c_str()); + user->WriteServ("NOTICE %s :*** Key Fingerprint: %s", user->nick, cert->GetFingerprint().c_str()); + } + else + { + user->WriteServ("NOTICE %s :*** No SSL certificate information for this user.", user->nick); + } + } + else + user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]); + } +}; + +class ModuleSSLInfo : public Module +{ + cmd_sslinfo* newcommand; + public: + ModuleSSLInfo(InspIRCd* Me) + : Module::Module(Me) + { + + newcommand = new cmd_sslinfo(ServerInstance); + ServerInstance->AddCommand(newcommand); + } + + void Implements(char* List) + { + } + + virtual ~ModuleSSLInfo() + { + } + + virtual Version GetVersion() + { + return Version(1, 0, 0, 0, VF_VENDOR); + } +}; + + +class ModuleSSLInfoFactory : public ModuleFactory +{ + public: + ModuleSSLInfoFactory() + { + } + + ~ModuleSSLInfoFactory() + { + } + + virtual Module * CreateModule(InspIRCd* Me) + { + return new ModuleSSLInfo(Me); + } + +}; + + +extern "C" void * init_module( void ) +{ + return new ModuleSSLInfoFactory; +} + diff --git a/src/modules/extra/ssl_cert.h b/src/modules/extra/ssl_cert.h index fbbd821ac..d7ef70dca 100644 --- a/src/modules/extra/ssl_cert.h +++ b/src/modules/extra/ssl_cert.h @@ -48,6 +48,16 @@ class ssl_cert return empty; } + const std::string& GetFingerprint() + { + ssl_data_iter ssldi = data.find("fingerprint"); + + if (ssldi != data.end()) + return ssldi->second; + else + return empty; + } + bool IsTrusted() { ssl_data_iter ssldi = data.find("trusted"); -- cgit v1.2.3