From 7885a7e6cabe396e2c54eb3192fdbb6afd75c066 Mon Sep 17 00:00:00 2001 From: danieldg Date: Thu, 2 Jul 2009 18:17:33 +0000 Subject: Send ssl_cert metadata on signon git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11429 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/extra/m_ssl_gnutls.cpp | 24 ++++++++++++------------ src/modules/extra/m_ssl_openssl.cpp | 13 +++++++++---- src/modules/m_ssl_data.cpp | 11 +---------- src/modules/transport.h | 13 +++++++++++++ 4 files changed, 35 insertions(+), 26 deletions(-) (limited to 'src') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 4ff5a9062..f76148843 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -679,10 +679,7 @@ class ModuleSSLGnuTLS : public Module // protocol module has propagated the NICK message. if (user->GetIOHook() == this && (IS_LOCAL(user))) { - // Tell whatever protocol module we're using that we need to inform other servers of this metadata NOW. - ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "on"); - - VerifyCertificate(&sessions[user->GetFd()],user); + ssl_cert* certdata = VerifyCertificate(&sessions[user->GetFd()],user); if (sessions[user->GetFd()].sess) { std::string cipher = gnutls_kx_get_name(gnutls_kx_get(sessions[user->GetFd()].sess)); @@ -690,6 +687,9 @@ class ModuleSSLGnuTLS : public Module cipher.append(gnutls_mac_get_name(gnutls_mac_get(sessions[user->GetFd()].sess))); user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), cipher.c_str()); } + + ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "ON"); + ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl_cert", certdata->GetMetaLine().c_str()); } } @@ -724,10 +724,10 @@ class ModuleSSLGnuTLS : public Module session->status = ISSL_NONE; } - void VerifyCertificate(issl_session* session, Extensible* user) + ssl_cert* VerifyCertificate(issl_session* session, Extensible* user) { if (!session->sess || !user) - return; + return NULL; unsigned int status; const gnutls_datum_t* cert_list; @@ -750,7 +750,7 @@ class ModuleSSLGnuTLS : public Module if (ret < 0) { certinfo->error = std::string(gnutls_strerror(ret)); - return; + return certinfo; } certinfo->invalid = (status & GNUTLS_CERT_INVALID); @@ -765,14 +765,14 @@ class ModuleSSLGnuTLS : public Module if (gnutls_certificate_type_get(session->sess) != GNUTLS_CRT_X509) { certinfo->error = "No X509 keys sent"; - return; + return certinfo; } ret = gnutls_x509_crt_init(&cert); if (ret < 0) { certinfo->error = gnutls_strerror(ret); - return; + return certinfo; } cert_list_size = 0; @@ -780,7 +780,7 @@ class ModuleSSLGnuTLS : public Module if (cert_list == NULL) { certinfo->error = "No certificate was found"; - return; + return certinfo; } /* This is not a real world example, since we only check the first @@ -791,7 +791,7 @@ class ModuleSSLGnuTLS : public Module if (ret < 0) { certinfo->error = gnutls_strerror(ret); - return; + return certinfo; } gnutls_x509_crt_get_dn(cert, name, &name_size); @@ -818,7 +818,7 @@ class ModuleSSLGnuTLS : public Module gnutls_x509_crt_deinit(cert); - return; + return certinfo; } void OnEvent(Event* ev) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 6aaf8ab1f..8c35d5d0f 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -776,9 +776,13 @@ class ModuleSSLOpenSSL : public Module // Tell whatever protocol module we're using that we need to inform other servers of this metadata NOW. ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "on"); - VerifyCertificate(&sessions[user->GetFd()], user); + ssl_cert* certdata = VerifyCertificate(&sessions[user->GetFd()], user); if (sessions[user->GetFd()].sess) user->WriteServ("NOTICE %s :*** You are connected using SSL cipher \"%s\"", user->nick.c_str(), SSL_get_cipher(sessions[user->GetFd()].sess)); + + ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl", "ON"); + if (certdata) + ServerInstance->PI->SendMetaData(user, TYPE_USER, "ssl_cert", certdata->GetMetaLine().c_str()); } } @@ -822,10 +826,10 @@ class ModuleSSLOpenSSL : public Module errno = EIO; } - void VerifyCertificate(issl_session* session, Extensible* user) + ssl_cert* VerifyCertificate(issl_session* session, Extensible* user) { if (!session->sess || !user) - return; + return NULL; X509* cert; ssl_cert* certinfo = new ssl_cert; @@ -840,7 +844,7 @@ class ModuleSSLOpenSSL : public Module if (!cert) { certinfo->error = "Could not get peer certificate: "+std::string(get_error()); - return; + return certinfo; } certinfo->invalid = (SSL_get_verify_result(session->sess) != X509_V_OK); @@ -874,6 +878,7 @@ class ModuleSSLOpenSSL : public Module } X509_free(cert); + return certinfo; } void Prioritize() diff --git a/src/modules/m_ssl_data.cpp b/src/modules/m_ssl_data.cpp index 2cc712c65..efc99d3f2 100644 --- a/src/modules/m_ssl_data.cpp +++ b/src/modules/m_ssl_data.cpp @@ -58,16 +58,7 @@ class ModuleSSLData : public Module if (!user->GetExt("ssl_cert", cert)) return; - std::stringstream value; - bool hasError = cert->GetError().length(); - value << (cert->IsInvalid() ? "v" : "V") << (cert->IsTrusted() ? "T" : "t") << (cert->IsRevoked() ? "R" : "r") - << (cert->IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " "; - if (hasError) - value << cert->GetError(); - else - value << cert->GetFingerprint() << " " << cert->GetDN() << " " << cert->GetIssuer(); - - proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, value.str().c_str()); + proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, cert->GetMetaLine().c_str()); } } diff --git a/src/modules/transport.h b/src/modules/transport.h index f4cf3f4a5..9f29ab3d8 100644 --- a/src/modules/transport.h +++ b/src/modules/transport.h @@ -104,6 +104,19 @@ class ssl_cert { return revoked; } + + std::string GetMetaLine() + { + std::stringstream value; + bool hasError = error.length(); + value << (IsInvalid() ? "v" : "V") << (IsTrusted() ? "T" : "t") << (IsRevoked() ? "R" : "r") + << (IsUnknownSigner() ? "s" : "S") << (hasError ? "E" : "e") << " "; + if (hasError) + value << GetError(); + else + value << GetFingerprint() << " " << GetDN() << " " << GetIssuer(); + return value.str(); + } }; /** Used to represent a request to a transport provider module -- cgit v1.2.3