From d4af574074d05cb5705cd261c8fb97f52290e56a Mon Sep 17 00:00:00 2001 From: brain Date: Sun, 3 Sep 2006 18:57:16 +0000 Subject: We now have a test module that can dump someones certificate information: /sslinfo git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5125 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/extra/m_ssl_gnutls.cpp | 11 ++++ src/modules/extra/m_sslinfo.cpp | 116 +++++++++++++++++++++++++++++++++++++ src/modules/extra/ssl_cert.h | 10 ++++ 3 files changed, 137 insertions(+) create mode 100644 src/modules/extra/m_sslinfo.cpp (limited to 'src/modules/extra') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index df14bbed1..0e70082e3 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -619,6 +619,8 @@ class ModuleSSLGnuTLS : public Module unsigned int cert_list_size, name_size; gnutls_x509_crt_t cert; char name[MAXBUF]; + unsigned char digest[MAXBUF]; + size_t digest_size = sizeof(digest); ssl_cert* certinfo = new ssl_cert; user->Extend("ssl_cert",certinfo); @@ -713,6 +715,15 @@ class ModuleSSLGnuTLS : public Module certinfo->data.insert(std::make_pair("issuer",name)); + if ((ret = gnutls_x509_crt_get_fingerprint(cert, GNUTLS_DIG_MD5, digest, &digest_size)) < 0) + { + certinfo->data.insert(std::make_pair("error",gnutls_strerror(ret))); + } + else + { + certinfo->data.insert(std::make_pair("fingerprint",irc::hex(digest, digest_size))); + } + /* Beware here we do not check for errors. */ if ((gnutls_x509_crt_get_expiration_time(cert) < time(0)) || (gnutls_x509_crt_get_activation_time(cert) > time(0))) diff --git a/src/modules/extra/m_sslinfo.cpp b/src/modules/extra/m_sslinfo.cpp new file mode 100644 index 000000000..5a001ce9e --- /dev/null +++ b/src/modules/extra/m_sslinfo.cpp @@ -0,0 +1,116 @@ +/* +------------------------------------+ + * | Inspire Internet Relay Chat Daemon | + * +------------------------------------+ + * + * InspIRCd is copyright (C) 2002-2006 ChatSpike-Dev. + * E-mail: + * + * + * + * Written by Craig Edwards, Craig McLure, and others. + * This program is free but copyrighted software; see + * the file COPYING for details. + * + * --------------------------------------------------- + */ + +using namespace std; + +#include +#include "users.h" +#include "channels.h" +#include "modules.h" +#include "ssl_cert.h" +#include "wildcard.h" +#include "inspircd.h" +#include "dns.h" + +/* $ModDesc: Provides /sslinfo command used to test who a mask matches */ + +class cmd_sslinfo : public command_t +{ + public: + cmd_sslinfo (InspIRCd* Instance) : command_t(Instance,"SSLINFO", 0, 1) + { + this->source = "m_sslinfo.so"; + this->syntax = ""; + } + + void Handle (const char** parameters, int pcnt, userrec *user) + { + userrec* target = ServerInstance->FindNick(parameters[0]); + ssl_cert* cert; + + if (target) + { + if (target->GetExt("ssl_cert", cert)) + { + if (cert->GetError().length()) + { + user->WriteServ("NOTICE %s :*** Error: %s", user->nick, cert->GetError().c_str()); + } + user->WriteServ("NOTICE %s :*** Distinguised Name: %s", user->nick, cert->GetDN().c_str()); + user->WriteServ("NOTICE %s :*** Issuer: %s", user->nick, cert->GetIssuer().c_str()); + user->WriteServ("NOTICE %s :*** Key Fingerprint: %s", user->nick, cert->GetFingerprint().c_str()); + } + else + { + user->WriteServ("NOTICE %s :*** No SSL certificate information for this user.", user->nick); + } + } + else + user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]); + } +}; + +class ModuleSSLInfo : public Module +{ + cmd_sslinfo* newcommand; + public: + ModuleSSLInfo(InspIRCd* Me) + : Module::Module(Me) + { + + newcommand = new cmd_sslinfo(ServerInstance); + ServerInstance->AddCommand(newcommand); + } + + void Implements(char* List) + { + } + + virtual ~ModuleSSLInfo() + { + } + + virtual Version GetVersion() + { + return Version(1, 0, 0, 0, VF_VENDOR); + } +}; + + +class ModuleSSLInfoFactory : public ModuleFactory +{ + public: + ModuleSSLInfoFactory() + { + } + + ~ModuleSSLInfoFactory() + { + } + + virtual Module * CreateModule(InspIRCd* Me) + { + return new ModuleSSLInfo(Me); + } + +}; + + +extern "C" void * init_module( void ) +{ + return new ModuleSSLInfoFactory; +} + diff --git a/src/modules/extra/ssl_cert.h b/src/modules/extra/ssl_cert.h index fbbd821ac..d7ef70dca 100644 --- a/src/modules/extra/ssl_cert.h +++ b/src/modules/extra/ssl_cert.h @@ -48,6 +48,16 @@ class ssl_cert return empty; } + const std::string& GetFingerprint() + { + ssl_data_iter ssldi = data.find("fingerprint"); + + if (ssldi != data.end()) + return ssldi->second; + else + return empty; + } + bool IsTrusted() { ssl_data_iter ssldi = data.find("trusted"); -- cgit v1.2.3