From e1eb3b72f672401b31da8faa229dfacd50b38583 Mon Sep 17 00:00:00 2001 From: danieldg Date: Thu, 2 Jul 2009 18:17:19 +0000 Subject: Migrate SSL metadata and visible information (/whois line) to single module git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11427 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/extra/m_ssl_gnutls.cpp | 51 ++------------- src/modules/extra/m_ssl_openssl.cpp | 49 +------------- src/modules/m_ssl_data.cpp | 123 ++++++++++++++++++++++++++++++++++++ src/modules/m_ssl_dummy.cpp | 80 ----------------------- 4 files changed, 131 insertions(+), 172 deletions(-) create mode 100644 src/modules/m_ssl_data.cpp delete mode 100644 src/modules/m_ssl_dummy.cpp diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 90005648a..8b865c559 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -129,10 +129,11 @@ class ModuleSSLGnuTLS : public Module // Void return, guess we assume success gnutls_certificate_set_dh_params(x509_cred, dh_params); - Implementation eventlist[] = { I_On005Numeric, I_OnRawSocketConnect, I_OnRawSocketAccept, I_OnRawSocketClose, I_OnRawSocketRead, I_OnRawSocketWrite, I_OnCleanup, - I_OnBufferFlushed, I_OnRequest, I_OnSyncUserMetaData, I_OnDecodeMetaData, - I_OnUnloadModule, I_OnRehash, I_OnModuleRehash, I_OnWhois, I_OnPostConnect, I_OnEvent, I_OnHookUserIO }; - ServerInstance->Modules->Attach(eventlist, this, 18); + Implementation eventlist[] = { I_On005Numeric, I_OnRawSocketConnect, I_OnRawSocketAccept, + I_OnRawSocketClose, I_OnRawSocketRead, I_OnRawSocketWrite, I_OnCleanup, + I_OnBufferFlushed, I_OnRequest, I_OnUnloadModule, I_OnRehash, I_OnModuleRehash, + I_OnPostConnect, I_OnEvent, I_OnHookUserIO }; + ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); starttls = new CommandStartTLS(ServerInstance, this); ServerInstance->AddCommand(starttls); @@ -617,48 +618,6 @@ class ModuleSSLGnuTLS : public Module return ret < 1 ? 0 : ret; } - // :kenny.chatspike.net 320 Om Epy|AFK :is a Secure Connection - virtual void OnWhois(User* source, User* dest) - { - if (!clientactive) - return; - - // Bugfix, only send this numeric for *our* SSL users - if (dest->GetExt("ssl")) - { - ServerInstance->SendWhoisLine(source, dest, 320, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str()); - } - } - - virtual void OnSyncUserMetaData(User* user, Module* proto, void* opaque, const std::string &extname, bool displayable) - { - // check if the linking module wants to know about OUR metadata - if(extname == "ssl") - { - // check if this user has an swhois field to send - if(user->GetExt(extname)) - { - // call this function in the linking module, let it format the data how it - // sees fit, and send it on its way. We dont need or want to know how. - proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, displayable ? "Enabled" : "ON"); - } - } - } - - virtual void OnDecodeMetaData(int target_type, void* target, const std::string &extname, const std::string &extdata) - { - // check if its our metadata key, and its associated with a user - if ((target_type == TYPE_USER) && (extname == "ssl")) - { - User* dest = (User*)target; - // if they dont already have an ssl flag, accept the remote server's - if (!dest->GetExt(extname)) - { - dest->Extend(extname, "ON"); - } - } - } - bool Handshake(issl_session* session, int fd) { int ret = gnutls_handshake(session->sess); diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 20803e082..f2f2801b4 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -152,10 +152,9 @@ class ModuleSSLOpenSSL : public Module OnModuleRehash(NULL,"ssl"); Implementation eventlist[] = { I_OnRawSocketConnect, I_OnRawSocketAccept, I_OnRawSocketClose, I_OnRawSocketRead, I_OnRawSocketWrite, I_OnCleanup, I_On005Numeric, - I_OnBufferFlushed, I_OnRequest, I_OnSyncUserMetaData, I_OnDecodeMetaData, - I_OnUnloadModule, I_OnRehash, I_OnModuleRehash, I_OnWhois, I_OnPostConnect, - I_OnHookUserIO }; - ServerInstance->Modules->Attach(eventlist, this, 17); + I_OnBufferFlushed, I_OnRequest, I_OnUnloadModule, I_OnRehash, I_OnModuleRehash, + I_OnPostConnect, I_OnHookUserIO }; + ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); } virtual void OnHookUserIO(User* user, const std::string &targetip) @@ -709,48 +708,6 @@ class ModuleSSLOpenSSL : public Module } } - // :kenny.chatspike.net 320 Om Epy|AFK :is a Secure Connection - virtual void OnWhois(User* source, User* dest) - { - if (!clientactive) - return; - - // Bugfix, only send this numeric for *our* SSL users - if (dest->GetExt("ssl", dummy)) - { - ServerInstance->SendWhoisLine(source, dest, 320, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str()); - } - } - - virtual void OnSyncUserMetaData(User* user, Module* proto, void* opaque, const std::string &extname, bool displayable) - { - // check if the linking module wants to know about OUR metadata - if (extname == "ssl") - { - // check if this user has an swhois field to send - if(user->GetExt(extname, dummy)) - { - // call this function in the linking module, let it format the data how it - // sees fit, and send it on its way. We dont need or want to know how. - proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, displayable ? "Enabled" : "ON"); - } - } - } - - virtual void OnDecodeMetaData(int target_type, void* target, const std::string &extname, const std::string &extdata) - { - // check if its our metadata key, and its associated with a user - if ((target_type == TYPE_USER) && (extname == "ssl")) - { - User* dest = (User*)target; - // if they dont already have an ssl flag, accept the remote server's - if (!dest->GetExt(extname, dummy)) - { - dest->Extend(extname, "ON"); - } - } - } - bool Handshake(issl_session* session) { int ret; diff --git a/src/modules/m_ssl_data.cpp b/src/modules/m_ssl_data.cpp new file mode 100644 index 000000000..0ce760971 --- /dev/null +++ b/src/modules/m_ssl_data.cpp @@ -0,0 +1,123 @@ +/* +------------------------------------+ + * | Inspire Internet Relay Chat Daemon | + * +------------------------------------+ + * + * InspIRCd: (C) 2002-2009 InspIRCd Development Team + * See: http://wiki.inspircd.org/Credits + * + * This program is free but copyrighted software; see + * the file COPYING for details. + * + * --------------------------------------------------- + */ + +#include "inspircd.h" +#include "transport.h" + +/* $ModDesc: Provides SSL metadata and /WHOIS information */ +class ModuleSSLData : public Module +{ + public: + ModuleSSLData(InspIRCd* Me) : Module(Me) + { + Implementation eventlist[] = { I_OnSyncUserMetaData, I_OnDecodeMetaData, I_OnWhois }; + ServerInstance->Modules->Attach(eventlist, this, 3); + } + + virtual Version GetVersion() + { + return Version("$Id$", VF_VENDOR|VF_COMMON, API_VERSION); + } + + + // :kenny.chatspike.net 320 Om Epy|AFK :is a Secure Connection + virtual void OnWhois(User* source, User* dest) + { + if(dest->GetExt("ssl")) + { + ServerInstance->SendWhoisLine(source, dest, 320, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str()); + } + } + + virtual void OnSyncUserMetaData(User* user, Module* proto, void* opaque, const std::string &extname, bool displayable) + { + // check if the linking module wants to know about OUR metadata + if (extname == "ssl") + { + // check if this user has an ssl field to send + if (!user->GetExt(extname)) + return; + + // call this function in the linking module, let it format the data how it + // sees fit, and send it on its way. We dont need or want to know how. + proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, displayable ? "Enabled" : "ON"); + } + else if (extname == "ssl_cert") + { + ssl_cert* cert; + if (!user->GetExt("ssl_cert", cert)) + return; + + std::stringstream value; + bool hasError = cert->GetError().length(); + value << (cert->IsInvalid() ? "v" : "V") << (cert->IsTrusted() ? "T" : "t") << (cert->IsRevoked() ? "R" : "r") + << (cert->IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " "; + if (hasError) + value << cert->GetError(); + else + value << cert->GetFingerprint() << " " << cert->GetDN() << " " << cert->GetIssuer(); + + proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, value.str().c_str()); + } + } + + virtual void OnDecodeMetaData(int target_type, void* target, const std::string &extname, const std::string &extdata) + { + // check if its our metadata key, and its associated with a user + if ((target_type == TYPE_USER) && (extname == "ssl")) + { + User* dest = static_cast(target); + // if they dont already have an ssl flag, accept the remote server's + if (!dest->GetExt(extname)) + { + dest->Extend(extname); + } + } + else if ((target_type == TYPE_USER) && (extname == "ssl_cert")) + { + User* dest = static_cast(target); + if (dest->GetExt(extname)) + return; + + ssl_cert* cert = new ssl_cert; + dest->Extend(extname, cert); + + std::stringstream s(extdata); + std::string v; + getline(s,v,' '); + + cert->data.insert(std::make_pair("invalid", ConvToStr(v.find('v') != std::string::npos))); + cert->data.insert(std::make_pair("trusted", ConvToStr(v.find('T') != std::string::npos))); + cert->data.insert(std::make_pair("revoked", ConvToStr(v.find('R') != std::string::npos))); + cert->data.insert(std::make_pair("unknownsigner", ConvToStr(v.find('s') != std::string::npos))); + if (v.find('E') != std::string::npos) + { + getline(s,v,'\n'); + cert->data.insert(std::make_pair("error", v)); + } + else + { + getline(s,v,' '); + cert->data.insert(std::make_pair("fingerprint", v)); + + getline(s,v,' '); + cert->data.insert(std::make_pair("dn", v)); + + getline(s,v,'\n'); + cert->data.insert(std::make_pair("issuer", v)); + } + } + } +}; + +MODULE_INIT(ModuleSSLData) diff --git a/src/modules/m_ssl_dummy.cpp b/src/modules/m_ssl_dummy.cpp deleted file mode 100644 index dd61e747e..000000000 --- a/src/modules/m_ssl_dummy.cpp +++ /dev/null @@ -1,80 +0,0 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ - * - * InspIRCd: (C) 2002-2009 InspIRCd Development Team - * See: http://wiki.inspircd.org/Credits - * - * This program is free but copyrighted software; see - * the file COPYING for details. - * - * --------------------------------------------------- - */ - -#include "inspircd.h" - -/* $ModDesc: Makes remote /whoises to SSL servers work on a non-ssl server */ - -class ModuleSSLDummy : public Module -{ - - char* dummy; - public: - - ModuleSSLDummy(InspIRCd* Me) : Module(Me) - { - - Implementation eventlist[] = { I_OnSyncUserMetaData, I_OnDecodeMetaData, I_OnWhois }; - ServerInstance->Modules->Attach(eventlist, this, 3); - } - - virtual ~ModuleSSLDummy() - { - } - - virtual Version GetVersion() - { - return Version("$Id$", VF_VENDOR, API_VERSION); - } - - - // :kenny.chatspike.net 320 Om Epy|AFK :is a Secure Connection - virtual void OnWhois(User* source, User* dest) - { - if(dest->GetExt("ssl", dummy)) - { - ServerInstance->SendWhoisLine(source, dest, 320, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str()); - } - } - - virtual void OnSyncUserMetaData(User* user, Module* proto, void* opaque, const std::string &extname, bool displayable) - { - // check if the linking module wants to know about OUR metadata - if(extname == "ssl") - { - // check if this user has an ssl field to send - if(user->GetExt(extname, dummy)) - { - // call this function in the linking module, let it format the data how it - // sees fit, and send it on its way. We dont need or want to know how. - proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, displayable ? "Enabled" : "ON"); - } - } - } - - virtual void OnDecodeMetaData(int target_type, void* target, const std::string &extname, const std::string &extdata) - { - // check if its our metadata key, and its associated with a user - if ((target_type == TYPE_USER) && (extname == "ssl")) - { - User* dest = (User*)target; - // if they dont already have an ssl flag, accept the remote server's - if (!dest->GetExt(extname, dummy)) - { - dest->Extend(extname, "ON"); - } - } - } -}; - -MODULE_INIT(ModuleSSLDummy) -- cgit v1.2.3