[IRC-Dev CVS] [CVS] Module ircd-ircdev: Change committed
Brought to you by:
zolty
Menu
▾
▴
[IRC-Dev CVS] [CVS] Module ircd-ircdev: Change committed
|
From: Toni G. <zo...@us...> - 2007-11-11 21:53:25
|
Committer : zolty
CVSROOT : /cvsroot/irc-dev
Module : ircd-ircdev
Commit time: 2007-11-11 21:53:19 UTC
Modified files:
ChangeLog ChangeLog.es Makefile.in TODO.es config.h.in configure
configure.ac include/client.h include/ircd_events.h
include/ircd_features.h include/listener.h include/numeric.h
include/patchlevel.h include/s_bsd.h ircd/Makefile.am
ircd/Makefile.in ircd/ircd.c ircd/ircd_features.c
ircd/ircd_lexer.l ircd/ircd_parser.y ircd/listener.c
ircd/m_rehash.c ircd/m_whois.c ircd/s_auth.c ircd/s_bsd.c
ircd/s_debug.c ircd/s_err.c ircd/s_user.c ircd/test/Makefile.in
Added files:
include/ssl.h ircd/ssl.c tools/ssl/makepem
Log message:
Author: zoltan <zo...@ir...>
Log message:
2007-11-11 Toni Garc�a <zo...@ir...> 1.0.beta9
* Soporte SSL
---------------------- diff included ----------------------
Index: ircd-ircdev/ChangeLog
diff -u ircd-ircdev/ChangeLog:1.57 ircd-ircdev/ChangeLog:1.58
--- ircd-ircdev/ChangeLog:1.57 Thu Sep 20 14:00:31 2007
+++ ircd-ircdev/ChangeLog Sun Nov 11 13:53:01 2007
@@ -1,10 +1,12 @@
#
# ChangeLog for ircd-ircdev
#
-# $Id: ChangeLog,v 1.57 2007/09/20 21:00:31 zolty Exp $
+# $Id: ChangeLog,v 1.58 2007/11/11 21:53:01 zolty Exp $
#
# Insert new changes at beginning of the change list.
#
+2007-11-11 Toni Garc�a <zo...@ir...> 1.0.beta9
+ * SSL Support
2007-09-20 Toni Garc�a <zo...@ir...> 1.0.beta8
* Cleanup
Index: ircd-ircdev/ChangeLog.es
diff -u ircd-ircdev/ChangeLog.es:1.57 ircd-ircdev/ChangeLog.es:1.58
--- ircd-ircdev/ChangeLog.es:1.57 Thu Sep 20 14:00:31 2007
+++ ircd-ircdev/ChangeLog.es Sun Nov 11 13:53:02 2007
@@ -1,10 +1,13 @@
#
# Log de Cambios para ircd-ircdev
#
-# $Id: ChangeLog.es,v 1.57 2007/09/20 21:00:31 zolty Exp $
+# $Id: ChangeLog.es,v 1.58 2007/11/11 21:53:02 zolty Exp $
#
# Insertar los nuevos cambios al principio de esta lista de cambios.
#
+2007-11-11 Toni Garc�a <zo...@ir...> 1.0.beta9
+ * Soporte SSL
+
2007-09-20 Toni Garc�a <zo...@ir...> 1.0.beta8
* Cleanup
Index: ircd-ircdev/Makefile.in
diff -u ircd-ircdev/Makefile.in:1.13 ircd-ircdev/Makefile.in:1.14
--- ircd-ircdev/Makefile.in:1.13 Fri Sep 21 01:03:09 2007
+++ ircd-ircdev/Makefile.in Sun Nov 11 13:53:02 2007
@@ -129,6 +129,7 @@
PATH_SEPARATOR = @PATH_SEPARATOR@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SSL_C = @SSL_C@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
Index: ircd-ircdev/TODO.es
diff -u ircd-ircdev/TODO.es:1.31 ircd-ircdev/TODO.es:1.32
--- ircd-ircdev/TODO.es:1.31 Tue Oct 25 02:47:29 2005
+++ ircd-ircdev/TODO.es Sun Nov 11 13:53:02 2007
@@ -1,14 +1,10 @@
#
# TODO para ircd-ircdev
#
-# $Id: TODO.es,v 1.31 2005/10/25 09:47:29 zolty Exp $
+# $Id: TODO.es,v 1.32 2007/11/11 21:53:02 zolty Exp $
#
# Insertar las nuevas entradas al principio de la lista TODO.
#
-URGENTISIMO
- - Pasar el codigo de alpha a BETA. Hay que revisar codigo por .c por
-.c. Esto es debido a que la base del ircd ya se utiliza en producción.
-
URGENTE
--------------------------------------------------------------------------------------
@@ -54,7 +50,6 @@
- [G] Soporte Zlib para server<->server y client<->server (requiere
negociado).
- [G] Soporte RC4 para server<->server.
- - [G] Soporte SSL para client<->server.
- [G] Mirar si el aviso de invites lo haga con wallchops o con raw.
- [G] Soporte de +e (exceptions) de canales
- [G] Modo de canal +u de esconder mensajes de quit y part (evitar
Index: ircd-ircdev/config.h.in
diff -u ircd-ircdev/config.h.in:1.13 ircd-ircdev/config.h.in:1.14
--- ircd-ircdev/config.h.in:1.13 Fri Sep 21 01:03:09 2007
+++ ircd-ircdev/config.h.in Sun Nov 11 13:53:02 2007
@@ -19,7 +19,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
- * $Id: config.h.in,v 1.13 2007/09/21 08:03:09 zolty Exp $
+ * $Id: config.h.in,v 1.14 2007/11/11 21:53:02 zolty Exp $
*
*/
#ifndef INCLUDED_config_h
@@ -240,6 +240,12 @@
/* The size of `void *', as computed by sizeof. */
#undef SIZEOF_VOID_P
+/* Path name used as a base for the ssl include files. */
+#undef SSL_INCLUDES_PATH
+
+/* Path name used as a base for the ssl lib files. */
+#undef SSL_LIBS_PATH
+
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
@@ -264,6 +270,9 @@
/* Specify whether or not to use poll() */
#undef USE_POLL
+/* Enable SSL support */
+#undef USE_SSL
+
/* Version number of package */
#undef VERSION
Index: ircd-ircdev/configure
diff -u ircd-ircdev/configure:1.23 ircd-ircdev/configure:1.24
--- ircd-ircdev/configure:1.23 Thu Sep 20 23:59:26 2007
+++ ircd-ircdev/configure Sun Nov 11 13:53:02 2007
@@ -730,6 +730,7 @@
ENGINE_KQUEUE_FALSE
ENGINE_EPOLL_TRUE
ENGINE_EPOLL_FALSE
+SSL_C
ENVIRONMENT_DDB_TRUE
ENVIRONMENT_DDB_FALSE
LIBOBJS
@@ -1335,11 +1336,15 @@
--enable-debug Enable debugging mode
--disable-asserts Disable assertion checking
--disable-ipv6 Disable IPv6 support
+ --disable-ssl Disable SSL support
--disable-inlines Disable inlining for a few critical functions
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-openssl-includes Specify location of OpenSSL header files (default /usr/include)
+ --with-openssl-libs Specify location of OpenSSL libs (default /usr/lib)
+ --with-kerb-includes Specify location of Kerberos includes (default /usr/kerberos/include)
--with-domain Domain name to use for local statistics
--with-maxcon Maximum number of connections server will accept
--with-ddb-environment Use the DDB Environment (Distributed DataBase)
@@ -9171,6 +9176,66 @@
unet_have_sockaddr_in6=no
fi
+{ echo "$as_me:$LINENO: checking for struct ssl_st" >&5
+echo $ECHO_N "checking for struct ssl_st... $ECHO_C" >&6; }
+if test "${ac_cv_type_struct_ssl_st+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <openssl/ssl.h>
+
+typedef struct ssl_st ac__type_new_;
+int
+main ()
+{
+if ((ac__type_new_ *) 0)
+ return 0;
+if (sizeof (ac__type_new_))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_type_struct_ssl_st=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_type_struct_ssl_st=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_ssl_st" >&5
+echo "${ECHO_T}$ac_cv_type_struct_ssl_st" >&6; }
+if test $ac_cv_type_struct_ssl_st = yes; then
+ unet_have_ssl=yes
+else
+ unet_have_ssl=no
+fi
+
{ echo "$as_me:$LINENO: checking for socklen_t" >&5
echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; }
@@ -10074,6 +10139,382 @@
fi
+{ echo "$as_me:$LINENO: checking whether to enable SSL" >&5
+echo $ECHO_N "checking whether to enable SSL... $ECHO_C" >&6; }
+# Check whether --enable-ssl was given.
+if test "${enable_ssl+set}" = set; then
+ enableval=$enable_ssl; unet_cv_enable_ssl=$enableval
+else
+ if test "${unet_cv_enable_ssl+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ unet_cv_enable_ssl=$unet_have_ssl
+fi
+
+fi
+
+
+# Prohibit SSL support if ssl doesn't exist
+if test x"$unet_have_ssl" = xno; then
+ unet_cv_enable_ssl=no
+fi
+{ echo "$as_me:$LINENO: result: $unet_cv_enable_ssl" >&5
+echo "${ECHO_T}$unet_cv_enable_ssl" >&6; }
+
+# Set the preprocessor symbol
+if test x"$unet_cv_enable_ssl" = xyes; then
+ { echo "$as_me:$LINENO: checking for OpenSSL includes" >&5
+echo $ECHO_N "checking for OpenSSL includes... $ECHO_C" >&6; }
+
+# Check whether --with-openssl-includes was given.
+if test "${with_openssl_includes+set}" = set; then
+ withval=$with_openssl_includes; base_ssl_inc=$withval
+else
+ base_ssl_inc=/usr/include
+fi
+
+ unet_cv_with_openssl_inc_prefix=$base_ssl_inc
+ { echo "$as_me:$LINENO: result: $unet_cv_with_openssl_inc_prefix" >&5
+echo "${ECHO_T}$unet_cv_with_openssl_inc_prefix" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define SSL_INCLUDES_PATH "$base_ssl_inc"
+_ACEOF
+
+
+ { echo "$as_me:$LINENO: checking for OpenSSL libraries" >&5
+echo $ECHO_N "checking for OpenSSL libraries... $ECHO_C" >&6; }
+
+# Check whether --with-openssl-libs was given.
+if test "${with_openssl_libs+set}" = set; then
+ withval=$with_openssl_libs; unet_cv_with_openssl_prefix=$withval
+else
+ unet_cv_with_openssl_prefix=/usr/lib
+fi
+
+ { echo "$as_me:$LINENO: result: $unet_cv_with_openssl_prefix" >&5
+echo "${ECHO_T}$unet_cv_with_openssl_prefix" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define SSL_LIBS_PATH "$unet_cv_with_openssl_prefix"
+_ACEOF
+
+
+ { echo "$as_me:$LINENO: checking for Kerberos includes" >&5
+echo $ECHO_N "checking for Kerberos includes... $ECHO_C" >&6; }
+
+# Check whether --with-kerberos-includes was given.
+if test "${with_kerberos_includes+set}" = set; then
+ withval=$with_kerberos_includes; unet_cv_with_kerberos_prefix=$withval
+else
+ unet_cv_with_kerberos_prefix=/usr/kerberos/include
+fi
+
+ { echo "$as_me:$LINENO: result: $unet_cv_with_kerberos_prefix" >&5
+echo "${ECHO_T}$unet_cv_with_kerberos_prefix" >&6; }
+
+ save_CFLAGS=$CFLAGS;
+ CFLAGS="-lcrypto";
+
+ unet_cv_enable_ssl="no";
+ OPENSSL_LDFLAGS="";
+ { echo "$as_me:$LINENO: checking for SSL_read in -lssl" >&5
+echo $ECHO_N "checking for SSL_read in -lssl... $ECHO_C" >&6; }
+if test "${ac_cv_lib_ssl_SSL_read+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lssl $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char SSL_read ();
+int
+main ()
+{
+return SSL_read ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_ssl_SSL_read=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_ssl_SSL_read=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_SSL_read" >&5
+echo "${ECHO_T}$ac_cv_lib_ssl_SSL_read" >&6; }
+if test $ac_cv_lib_ssl_SSL_read = yes; then
+
+ { echo "$as_me:$LINENO: checking for X509_new in -lcrypto" >&5
+echo $ECHO_N "checking for X509_new in -lcrypto... $ECHO_C" >&6; }
+if test "${ac_cv_lib_crypto_X509_new+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char X509_new ();
+int
+main ()
+{
+return X509_new ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_crypto_X509_new=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_crypto_X509_new=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_X509_new" >&5
+echo "${ECHO_T}$ac_cv_lib_crypto_X509_new" >&6; }
+if test $ac_cv_lib_crypto_X509_new = yes; then
+
+
+
+for ac_header in $base_ssl_inc/openssl/ssl.h $base_ssl_inc/openssl/err.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## -------------------------------- ##
+## Report this to de...@ir... ##
+## -------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+ unet_cv_enable_ssl="yes";
+ OPENSSL_LDFLAGS="-lcrypto -lssl"
+ SSL_C=ssl.c
+
+
+fi
+
+done
+
+
+fi
+
+
+fi
+
+ CFLAGS=$save_CFLAGS
+
+ if test "x$unet_cv_enable_ssl" = xyes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_SSL 1
+_ACEOF
+
+
+ LIBS="$LIBS -L$unet_cv_with_openssl_prefix $OPENSSL_LDFLAGS"
+ CFLAGS="$CFLAGS -I$unet_cv_with_openssl_inc_prefix -I$unet_cv_with_kerberos_prefix"
+ fi
+fi
+
{ echo "$as_me:$LINENO: checking whether to enable inlining for a few critical functions" >&5
echo $ECHO_N "checking whether to enable inlining for a few critical functions... $ECHO_C" >&6; }
# Check whether --enable-inlines was given.
@@ -11192,13 +11633,14 @@
cat >conf$$subs.sed <<_ACEOF
ENGINE_EPOLL_TRUE!$ENGINE_EPOLL_TRUE$ac_delim
ENGINE_EPOLL_FALSE!$ENGINE_EPOLL_FALSE$ac_delim
+SSL_C!$SSL_C$ac_delim
ENVIRONMENT_DDB_TRUE!$ENVIRONMENT_DDB_TRUE$ac_delim
ENVIRONMENT_DDB_FALSE!$ENVIRONMENT_DDB_FALSE$ac_delim
LIBOBJS!$LIBOBJS$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 6; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 7; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
@@ -11817,6 +12259,7 @@
echo " Asserts: $unet_cv_enable_asserts"
echo " Debug: $unet_cv_enable_debug"
echo " IPv6: $unet_cv_enable_ipv6"
+echo " SSL: $unet_cv_enable_ssl"
echo " Inlines: $unet_cv_enable_inlines"
echo ""
echo " Prefix: $prefix"
Index: ircd-ircdev/configure.ac
diff -u ircd-ircdev/configure.ac:1.2 ircd-ircdev/configure.ac:1.3
--- ircd-ircdev/configure.ac:1.2 Thu Sep 20 14:00:31 2007
+++ ircd-ircdev/configure.ac Sun Nov 11 13:53:03 2007
@@ -23,7 +23,7 @@
dnl along with this program; if not, write to the Free Software
dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
dnl
-dnl @(#)$Id: configure.ac,v 1.2 2007/09/20 21:00:31 zolty Exp $
+dnl @(#)$Id: configure.ac,v 1.3 2007/11/11 21:53:03 zolty Exp $
dnl
AC_INIT([IRC-Dev IRC Daemon],[1.0.beta],[de...@ir...],[ircd-ircdev])
@@ -44,7 +44,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA])
-AC_REVISION($Revision: 1.2 $)
+AC_REVISION($Revision: 1.3 $)
AC_CONFIG_SRCDIR([ircd/ircd.c])
AM_INIT_AUTOMAKE([foreign])
@@ -104,6 +104,10 @@
[unet_have_sockaddr_in6=no],
[#include <sys/types.h>
#include <netinet/in.h>])
+AC_CHECK_TYPE([struct ssl_st],
+ [unet_have_ssl=yes],
+ [unet_have_ssl=no],
+[#include <openssl/ssl.h>])
dnl Check for socklen_t. In traditional BSD this is an int, but some
dnl OSes use a different type. Test until we find something that will
@@ -290,6 +294,67 @@
AC_DEFINE([IPV6], 1, [Enable IPv6 support])
fi
+dnl how about SSL support?
+unet_TOGGLE([ssl], $unet_have_ssl, [Disable SSL support],
+ [whether to enable SSL],
+[# Prohibit SSL support if ssl doesn't exist
+if test x"$unet_have_ssl" = xno; then
+ unet_cv_enable_ssl=no
+fi])
+
+# Set the preprocessor symbol
+if test x"$unet_cv_enable_ssl" = xyes; then
+ AC_MSG_CHECKING([for OpenSSL includes])
+ AC_ARG_WITH(openssl-includes,
+ [ --with-openssl-includes Specify location of OpenSSL header files (default /usr/include)],
+ [base_ssl_inc=$withval],
+ [base_ssl_inc=/usr/include])
+ [unet_cv_with_openssl_inc_prefix=$base_ssl_inc]
+ AC_MSG_RESULT([$unet_cv_with_openssl_inc_prefix])
+ AC_DEFINE_UNQUOTED(SSL_INCLUDES_PATH, "$base_ssl_inc",
+ [Path name used as a base for the ssl include files.])
+
+ AC_MSG_CHECKING([for OpenSSL libraries])
+ AC_ARG_WITH(openssl-libs,
+ [ --with-openssl-libs Specify location of OpenSSL libs (default /usr/lib)],
+ [unet_cv_with_openssl_prefix=$withval],
+ [unet_cv_with_openssl_prefix=/usr/lib])
+ AC_MSG_RESULT([$unet_cv_with_openssl_prefix])
+ AC_DEFINE_UNQUOTED(SSL_LIBS_PATH, "$unet_cv_with_openssl_prefix",
+ [Path name used as a base for the ssl lib files.])
+
+ AC_MSG_CHECKING([for Kerberos includes])
+ AC_ARG_WITH(kerberos-includes,
+ [ --with-kerb-includes Specify location of Kerberos includes (default /usr/kerberos/include)],
+ [unet_cv_with_kerberos_prefix=$withval],
+ [unet_cv_with_kerberos_prefix=/usr/kerberos/include])
+ AC_MSG_RESULT([$unet_cv_with_kerberos_prefix])
+
+ save_CFLAGS=$CFLAGS;
+ CFLAGS="-lcrypto";
+
+ unet_cv_enable_ssl="no";
+ OPENSSL_LDFLAGS="";
+ AC_CHECK_LIB(ssl, SSL_read, [
+ AC_CHECK_LIB(crypto, X509_new, [
+ AC_CHECK_HEADERS($base_ssl_inc/openssl/ssl.h $base_ssl_inc/openssl/err.h, [
+ unet_cv_enable_ssl="yes";
+ OPENSSL_LDFLAGS="-lcrypto -lssl"
+ SSL_C=ssl.c
+ AC_SUBST(SSL_C)
+ ])
+ ])
+ ])
+ CFLAGS=$save_CFLAGS
+
+ if test "x$unet_cv_enable_ssl" = xyes; then
+ AC_DEFINE([USE_SSL], 1, [Enable SSL support])
+
+ LIBS="$LIBS -L$unet_cv_with_openssl_prefix $OPENSSL_LDFLAGS"
+ CFLAGS="$CFLAGS -I$unet_cv_with_openssl_inc_prefix -I$unet_cv_with_kerberos_prefix"
+ fi
+fi
+
dnl Should we force inlines?
unet_TOGGLE([inlines], yes, [Disable inlining for a few critical functions],
[whether to enable inlining for a few critical functions])
@@ -448,6 +513,7 @@
echo " Debug: $unet_cv_enable_debug"
dnl echo " Leak Detect: $unet_cv_with_leak_detect"
echo " IPv6: $unet_cv_enable_ipv6"
+echo " SSL: $unet_cv_enable_ssl"
dnl echo " Profile: $unet_cv_enable_profile"
dnl echo " Pedantic: $unet_cv_enable_pedantic"
echo " Inlines: $unet_cv_enable_inlines"
Index: ircd-ircdev/include/client.h
diff -u ircd-ircdev/include/client.h:1.22 ircd-ircdev/include/client.h:1.23
--- ircd-ircdev/include/client.h:1.22 Thu Sep 20 14:00:31 2007
+++ ircd-ircdev/include/client.h Sun Nov 11 13:53:04 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Structures and functions for handling local clients.
- * @version $Id: client.h,v 1.22 2007/09/20 21:00:31 zolty Exp $
+ * @version $Id: client.h,v 1.23 2007/11/11 21:53:04 zolty Exp $
*/
#ifndef INCLUDED_client_h
#define INCLUDED_client_h
@@ -73,9 +73,9 @@
/** String containing valid user modes, in no particular order. */
#if defined(DDB) || defined(SERVICES)
-#define infousermodes "dioswkgxrS"
+#define infousermodes "dioswkgxrSZ"
#else
-#define infousermodes "dioswkgx"
+#define infousermodes "dioswkgxZ"
#endif
/** Operator privileges. */
@@ -159,6 +159,9 @@
FLAG_NICKSUSPEND, /**< nick suspended */
#endif
FLAG_HIDDENHOST, /**< user's host is hidden */
+#ifdef USE_SSL
+ FLAG_SSL, /**< is a user with secure connection */
+#endif
FLAG_LAST_FLAG, /**< number of flags */
FLAG_LOCAL_UMODES = FLAG_LOCOP, /**< First local mode flag */
FLAG_GLOBAL_UMODES = FLAG_OPER /**< First global mode flag */
@@ -590,6 +593,10 @@
#define IsHiddenHost(x) HasFlag(x, FLAG_HIDDENHOST)
/** Return non-zero if the client has an active PING request. */
#define IsPingSent(x) HasFlag(x, FLAG_PINGSENT)
+#ifdef USE_SSL
+/** Return non-zero if the client has a secure connection. */
+#define IsSSL(x) HasFlag(x, FLAG_SSL)
+#endif
#if defined(DDB) || defined(SERVICES)
/** Return non-zero if the client has set mode +r (nick registered) */
#define IsNickRegistered(x) HasFlag(x, FLAG_NICKREG)
@@ -648,6 +655,10 @@
#define SetHiddenHost(x) SetFlag(x, FLAG_HIDDENHOST)
/** Mark a client as having a pending PING. */
#define SetPingSent(x) SetFlag(x, FLAG_PINGSENT)
+#ifdef USE_SSL
+/** Mark a client as secure connection .*/
+#define SetSSL(x) SetFlag(x, FLAG_SSL)
+#endif
#if defined(DDB) || defined(SERVICES)
/** Mark a client as having mode +r (nick registered) */
#define SetNickRegistered(x) SetFlag(x, FLAG_NICKREG)
@@ -687,6 +698,10 @@
#define ClearHiddenHost(x) ClrFlag(x, FLAG_HIDDENHOST)
/** Clear the client's pending PING flag. */
#define ClearPingSent(x) ClrFlag(x, FLAG_PINGSENT)
+#ifdef USE_SSL
+/** Clear the client's secure connection. */
+#define ClearSSL(x) ClrFlag(x, FLAG_SSL)
+#endif
#if defined(DDB) || defined(SERVICES)
/** Remove mode +r (nick registered) from the client */
#define ClearNickRegistered(x) ClrFlag(x, FLAG_NICKREG)
Index: ircd-ircdev/include/ircd_events.h
diff -u ircd-ircdev/include/ircd_events.h:1.5 ircd-ircdev/include/ircd_events.h:1.6
--- ircd-ircdev/include/ircd_events.h:1.5 Thu Apr 19 15:53:46 2007
+++ ircd-ircdev/include/ircd_events.h Sun Nov 11 13:53:05 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Interface and public definitions for event loop.
- * @version $Id: ircd_events.h,v 1.5 2007/04/19 22:53:46 zolty Exp $
+ * @version $Id: ircd_events.h,v 1.6 2007/11/11 21:53:05 zolty Exp $
*/
#ifndef INCLUDED_ircd_events_h
#define INCLUDED_ircd_events_h
@@ -33,6 +33,11 @@
#include <sys/types.h> /* time_t */
#define INCLUDED_sys_types_h
#endif
+#ifdef USE_SSL
+#ifndef INCLUDED_ssl_h
+#include "ssl.h"
+#endif
+#endif
struct Event;
@@ -107,6 +112,9 @@
enum SocketState s_state; /**< state socket's in */
unsigned int s_events; /**< events socket is interested in */
int s_fd; /**< file descriptor for socket */
+#ifdef USE_SSL
+ SSL* ssl; /* if not NULL, use SSL routines on socket */
+#endif
};
#define SOCK_EVENT_READABLE 0x0001 /**< interested in readable */
Index: ircd-ircdev/include/ircd_features.h
diff -u ircd-ircdev/include/ircd_features.h:1.20 ircd-ircdev/include/ircd_features.h:1.21
--- ircd-ircdev/include/ircd_features.h:1.20 Sat Jul 21 16:51:39 2007
+++ ircd-ircdev/include/ircd_features.h Sun Nov 11 13:53:05 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Public interfaces and declarations for dealing with configurable features.
- * @version $Id: ircd_features.h,v 1.20 2007/07/21 23:51:39 zolty Exp $
+ * @version $Id: ircd_features.h,v 1.21 2007/11/11 21:53:05 zolty Exp $
*/
#ifndef INCLUDED_features_h
#define INCLUDED_features_h
@@ -92,6 +92,9 @@
FEAT_MPATH,
FEAT_RPATH,
FEAT_PPATH,
+#ifdef USE_SSL
+ FEAT_SSL_PEM_PATH,
+#endif
#if defined(DDB)
FEAT_DDBPATH,
#endif
Index: ircd-ircdev/include/listener.h
diff -u ircd-ircdev/include/listener.h:1.6 ircd-ircdev/include/listener.h:1.7
--- ircd-ircdev/include/listener.h:1.6 Sun Apr 22 06:56:19 2007
+++ ircd-ircdev/include/listener.h Sun Nov 11 13:53:05 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Interface and declarations for handling listening sockets.
- * @version $Id: listener.h,v 1.6 2007/04/22 13:56:19 zolty Exp $
+ * @version $Id: listener.h,v 1.7 2007/11/11 21:53:05 zolty Exp $
*/
#ifndef INCLUDED_listener_h
#define INCLUDED_listener_h
@@ -57,6 +57,10 @@
LISTEN_IPV4,
/** Port listens for IPv6 connections. */
LISTEN_IPV6,
+#ifdef USE_SSL
+ /** Port listens for SSL connections. */
+ LISTEN_SSL,
+#endif
/** Sentinel for counting listener flags. */
LISTEN_LAST_FLAG
};
@@ -81,6 +85,9 @@
#define listener_server(LISTENER) FlagHas(&(LISTENER)->flags, LISTEN_SERVER)
#define listener_active(LISTENER) FlagHas(&(LISTENER)->flags, LISTEN_ACTIVE)
+#ifdef USE_SSL
+#define listener_ssl(LISTENER) FlagHas(&(LISTENER)->flags, LISTEN_SSL)
+#endif
extern void add_listener(int port, const char* vaddr_ip,
const char* mask,
Index: ircd-ircdev/include/numeric.h
diff -u ircd-ircdev/include/numeric.h:1.17 ircd-ircdev/include/numeric.h:1.18
--- ircd-ircdev/include/numeric.h:1.17 Thu Apr 19 15:53:46 2007
+++ ircd-ircdev/include/numeric.h Sun Nov 11 13:53:05 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Declarations of numeric replies and supporting functions.
- * @version $Id: numeric.h,v 1.17 2007/04/19 22:53:46 zolty Exp $
+ * @version $Id: numeric.h,v 1.18 2007/11/11 21:53:05 zolty Exp $
*/
#ifndef INCLUDED_numeric_h
#define INCLUDED_numeric_h
@@ -256,6 +256,7 @@
#define RPL_LISTUSAGE 334 /* Undernet extension */
/* RPL_COMMANDSYNTAX 334 Dalnet */
/* RPL_LISTSYNTAX 334 unreal */
+#define RPL_WHOISSSL 337 /* SSL */
/* RPL_CHANPASSOK 338 IRCnet extension (?)*/
#define RPL_WHOISACTUALLY 338 /* Undernet extension, dalnet */
/* RPL_BADCHANPASS 339 IRCnet extension (?) */
Index: ircd-ircdev/include/patchlevel.h
diff -u ircd-ircdev/include/patchlevel.h:1.56 ircd-ircdev/include/patchlevel.h:1.57
--- ircd-ircdev/include/patchlevel.h:1.56 Thu Sep 20 14:00:31 2007
+++ ircd-ircdev/include/patchlevel.h Sun Nov 11 13:53:05 2007
@@ -17,10 +17,10 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
- * $Id: patchlevel.h,v 1.56 2007/09/20 21:00:31 zolty Exp $
+ * $Id: patchlevel.h,v 1.57 2007/11/11 21:53:05 zolty Exp $
*
*/
-#define PATCHLEVEL "8"
+#define PATCHLEVEL "9"
#define RELEASE "1.0.beta"
Index: ircd-ircdev/include/s_bsd.h
diff -u ircd-ircdev/include/s_bsd.h:1.11 ircd-ircdev/include/s_bsd.h:1.12
--- ircd-ircdev/include/s_bsd.h:1.11 Thu Apr 26 14:17:11 2007
+++ ircd-ircdev/include/s_bsd.h Sun Nov 11 13:53:06 2007
@@ -21,7 +21,7 @@
*/
/** @file s_bsd.h
* @brief Wrapper functions to avoid direct use of BSD APIs.
- * @version $Id: s_bsd.h,v 1.11 2007/04/26 21:17:11 zolty Exp $
+ * @version $Id: s_bsd.h,v 1.12 2007/11/11 21:53:06 zolty Exp $
*/
#ifndef INCLUDED_s_bsd_h
#define INCLUDED_s_bsd_h
@@ -79,7 +79,11 @@
extern int connect_server(struct ConfItem* aconf, struct Client* by);
extern int net_close_unregistered_connections(struct Client* source);
extern void close_connection(struct Client *cptr);
+#ifdef USE_SSL
+extern void add_connection(struct Listener* listener, int fd, void *ssl);
+#else
extern void add_connection(struct Listener* listener, int fd);
+#endif
extern int read_message(time_t delay);
extern void init_server_identity(void);
extern void close_connections(int close_stderr);
Index: ircd-ircdev/include/ssl.h
diff -u /dev/null ircd-ircdev/include/ssl.h:1.1
--- /dev/null Sun Nov 11 13:53:21 2007
+++ ircd-ircdev/include/ssl.h Sun Nov 11 13:53:06 2007
@@ -0,0 +1,55 @@
+/*
+ * IRC - Internet Relay Chat (SSL), include/ssl.h
+ * Copyright (C) 2002 Alex Badea <va...@go...>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * $Id: ssl.h,v 1.1 2007/11/11 21:53:06 zolty Exp $
+ */
+#ifndef INCLUDED_ssl_h
+#define INCLUDED_ssl_h
+
+#include "config.h"
+#include "ircd_osdep.h"
+
+#ifdef USE_SSL
+
+#include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#ifndef IOV_MAX
+#define IOV_MAX 1024
+#endif /* IOV_MAX */
+
+struct Socket;
+struct Listener;
+char *my_itoa(int i);
+extern IOResult ssl_recv(struct Socket *socket, char* buf, unsigned int length, unsigned int* count_out);
+extern IOResult ssl_sendv(struct Socket *socket, struct MsgQ* buf, unsigned int* count_in, unsigned int* count_out);
+
+extern char *ssl_get_cipher(SSL *ssl);
+
+extern int ssl_send(struct Client *cptr, const char *buf, unsigned int len);
+extern int ssl_murder(void *ssl, int fd, const char *buf);
+extern int ssl_count(void);
+
+extern void ssl_add_connection(struct Listener *listener, int fd);
+extern void ssl_free(struct Socket *socket);
+extern void ssl_init(void);
+
+#endif /* USE_SSL */
+#endif /* INCLUDED_ssl_h */
Index: ircd-ircdev/ircd/Makefile.am
diff -u ircd-ircdev/ircd/Makefile.am:1.1 ircd-ircdev/ircd/Makefile.am:1.2
--- ircd-ircdev/ircd/Makefile.am:1.1 Sun Apr 22 06:56:20 2007
+++ ircd-ircdev/ircd/Makefile.am Sun Nov 11 13:53:06 2007
@@ -17,7 +17,7 @@
## along with this program; if not, write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
##
-## @(#)$Id: Makefile.am,v 1.1 2007/04/22 13:56:20 zolty Exp $
+## @(#)$Id: Makefile.am,v 1.2 2007/11/11 21:53:06 zolty Exp $
SUBDIRS = test
noinst_PROGRAMS = table_gen
@@ -174,6 +174,7 @@
s_stats.c \
s_user.c \
send.c \
+ ssl.c \
uping.c \
userload.c \
watch.c \
Index: ircd-ircdev/ircd/Makefile.in
diff -u ircd-ircdev/ircd/Makefile.in:1.35 ircd-ircdev/ircd/Makefile.in:1.36
--- ircd-ircdev/ircd/Makefile.in:1.35 Fri Sep 21 01:03:09 2007
+++ ircd-ircdev/ircd/Makefile.in Sun Nov 11 13:53:06 2007
@@ -100,8 +100,8 @@
motd.c msgq.c numnicks.c opercmds.c os_generic.c packet.c \
parse.c querycmds.c random.c s_auth.c s_bsd.c s_conf.c \
s_debug.c s_err.c s_misc.c s_numeric.c s_serv.c s_stats.c \
- s_user.c send.c uping.c userload.c watch.c whowas.c ddb.c \
- ddb_db_native.c ddb_events.c ircd_tea.c m_bmode.c m_db.c \
+ s_user.c send.c ssl.c uping.c userload.c watch.c whowas.c \
+ ddb.c ddb_db_native.c ddb_events.c ircd_tea.c m_bmode.c m_db.c \
m_dbq.c m_ghost.c m_svsnick.c engine_poll.c engine_select.c \
engine_devpoll.c engine_epoll.c engine_kqueue.c
@ENVIRONMENT_DDB_TRUE@am__objects_1 = ddb.$(OBJEXT) \
@@ -159,10 +159,10 @@
s_bsd.$(OBJEXT) s_conf.$(OBJEXT) s_debug.$(OBJEXT) \
s_err.$(OBJEXT) s_misc.$(OBJEXT) s_numeric.$(OBJEXT) \
s_serv.$(OBJEXT) s_stats.$(OBJEXT) s_user.$(OBJEXT) \
- send.$(OBJEXT) uping.$(OBJEXT) userload.$(OBJEXT) \
- watch.$(OBJEXT) whowas.$(OBJEXT) $(am__objects_1) \
- $(am__objects_2) $(am__objects_3) $(am__objects_4) \
- $(am__objects_5) $(am__objects_6)
+ send.$(OBJEXT) ssl.$(OBJEXT) uping.$(OBJEXT) \
+ userload.$(OBJEXT) watch.$(OBJEXT) whowas.$(OBJEXT) \
+ $(am__objects_1) $(am__objects_2) $(am__objects_3) \
+ $(am__objects_4) $(am__objects_5) $(am__objects_6)
nodist_ircd_OBJECTS = version.$(OBJEXT)
ircd_OBJECTS = $(am_ircd_OBJECTS) $(nodist_ircd_OBJECTS)
am__DEPENDENCIES_1 =
@@ -247,6 +247,7 @@
PATH_SEPARATOR = @PATH_SEPARATOR@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+SSL_C = @SSL_C@
STRIP = @STRIP@
VERSION = @VERSION@
YACC = @YACC@
@@ -343,7 +344,7 @@
motd.c msgq.c numnicks.c opercmds.c os_generic.c packet.c \
parse.c querycmds.c random.c s_auth.c s_bsd.c s_conf.c \
s_debug.c s_err.c s_misc.c s_numeric.c s_serv.c s_stats.c \
- s_user.c send.c uping.c userload.c watch.c whowas.c \
+ s_user.c send.c ssl.c uping.c userload.c watch.c whowas.c \
$(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_4) $(am__append_5) $(am__append_6)
ircd_LDADD = $(LEXLIB)
@@ -574,6 +575,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s_stats.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s_user.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/table_gen.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/umkpasswd.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uping.Po@am__quote@
Index: ircd-ircdev/ircd/ircd.c
diff -u ircd-ircdev/ircd/ircd.c:1.29 ircd-ircdev/ircd/ircd.c:1.30
--- ircd-ircdev/ircd/ircd.c:1.29 Thu Sep 20 14:00:31 2007
+++ ircd-ircdev/ircd/ircd.c Sun Nov 11 13:53:07 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Entry point and other initialization functions for the daemon.
- * @version $Id: ircd.c,v 1.29 2007/09/20 21:00:31 zolty Exp $
+ * @version $Id: ircd.c,v 1.30 2007/11/11 21:53:07 zolty Exp $
*/
#include "config.h"
@@ -57,6 +57,7 @@
#include "s_misc.h"
#include "s_stats.h"
#include "send.h"
+#include "ssl.h"
#include "uping.h"
#include "userload.h"
#include "version.h"
@@ -755,6 +756,10 @@
uping_init();
+#ifdef USE_SSL
+ ssl_init();
+#endif
+
stats_init();
IPcheck_init();
Index: ircd-ircdev/ircd/ircd_features.c
diff -u ircd-ircdev/ircd/ircd_features.c:1.21 ircd-ircdev/ircd/ircd_features.c:1.22
--- ircd-ircdev/ircd/ircd_features.c:1.21 Thu Sep 20 14:00:31 2007
+++ ircd-ircdev/ircd/ircd_features.c Sun Nov 11 13:53:07 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Implementation of configurable feature support.
- * @version $Id: ircd_features.c,v 1.21 2007/09/20 21:00:31 zolty Exp $
+ * @version $Id: ircd_features.c,v 1.22 2007/11/11 21:53:07 zolty Exp $
*/
#include "config.h"
@@ -416,6 +416,9 @@
F_S(MPATH, FEAT_CASE | FEAT_MYOPER, "ircd.motd", motd_init_local),
F_S(RPATH, FEAT_CASE | FEAT_MYOPER, "remote.motd", motd_init_remote),
F_S(PPATH, FEAT_CASE | FEAT_MYOPER | FEAT_READ, "ircd.pid", 0),
+#ifdef USE_SSL
+ F_S(SSL_PEM_PATH, FEAT_CASE | FEAT_MYOPER | FEAT_READ, "ircd.pem", 0),
+#endif
#if defined(DDB)
F_S(DDBPATH, FEAT_CASE | FEAT_MYOPER, "database", 0),
#endif
Index: ircd-ircdev/ircd/ircd_lexer.l
diff -u ircd-ircdev/ircd/ircd_lexer.l:1.15 ircd-ircdev/ircd/ircd_lexer.l:1.16
--- ircd-ircdev/ircd/ircd_lexer.l:1.15 Sun Apr 22 06:56:20 2007
+++ ircd-ircdev/ircd/ircd_lexer.l Sun Nov 11 13:53:07 2007
@@ -19,7 +19,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
- * $Id: ircd_lexer.l,v 1.15 2007/04/22 13:56:20 zolty Exp $
+ * $Id: ircd_lexer.l,v 1.16 2007/11/11 21:53:07 zolty Exp $
*
*/
@@ -177,6 +177,7 @@
SET return TPRIV_SET;
SHOW_ALL_INVIS return TPRIV_SHOW_ALL_INVIS;
SHOW_INVIS return TPRIV_SHOW_INVIS;
+SSL return SSLPORT;
TB return TBYTES;
TBYTES return TBYTES;
TERABYTES return TBYTES;
Index: ircd-ircdev/ircd/ircd_parser.y
diff -u ircd-ircdev/ircd/ircd_parser.y:1.28 ircd-ircdev/ircd/ircd_parser.y:1.29
--- ircd-ircdev/ircd/ircd_parser.y:1.28 Thu Sep 20 14:00:31 2007
+++ ircd-ircdev/ircd/ircd_parser.y Sun Nov 11 13:53:07 2007
@@ -18,7 +18,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
- * $Id: ircd_parser.y,v 1.28 2007/09/20 21:00:31 zolty Exp $
+ * $Id: ircd_parser.y,v 1.29 2007/11/11 21:53:07 zolty Exp $
*
*/
%{
@@ -199,6 +199,7 @@
%token OPER
%token VHOST
%token HIDDEN
+%token SSLPORT
%token MOTD
%token JUPE
%token NICK
@@ -833,7 +834,7 @@
port = 0;
};
portitems: portitem portitems | portitem;
-portitem: portnumber | portvhost | portvhostnumber | portmask | portserver | porthidden;
+portitem: portnumber | portvhost | portvhostnumber | portmask | portserver | porthidden | portssl;
portnumber: PORT '=' address_family NUMBER ';'
{
if ($4 < 1 || $4 > 65535) {
@@ -891,6 +892,16 @@
FlagClr(&listen_flags, LISTEN_HIDDEN);
};
+portssl: SSLPORT '=' YES ';'
+{
+#ifdef USE_SSL
+ FlagSet(&listen_flags, LISTEN_SSL);
+} | SSLPORT '=' NO ';'
+{
+ FlagClr(&listen_flags, LISTEN_SSL);
+#endif
+};
+
clientblock: CLIENT
{
maxlinks = 65535;
Index: ircd-ircdev/ircd/listener.c
diff -u ircd-ircdev/ircd/listener.c:1.13 ircd-ircdev/ircd/listener.c:1.14
--- ircd-ircdev/ircd/listener.c:1.13 Thu Sep 20 14:00:31 2007
+++ ircd-ircdev/ircd/listener.c Sun Nov 11 13:53:07 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Implementation for handling listening sockets.
- * @version $Id: listener.c,v 1.13 2007/09/20 21:00:31 zolty Exp $
+ * @version $Id: listener.c,v 1.14 2007/11/11 21:53:07 zolty Exp $
*/
#include "config.h"
@@ -43,6 +43,7 @@
#include "s_misc.h"
#include "s_stats.h"
#include "send.h"
+#include "ssl.h"
/* #include <assert.h> -- Now using assert in ircd_log.h */
#include <stdio.h>
@@ -149,7 +150,11 @@
if (port && port != listener->addr.port)
continue;
len = 0;
+#ifdef USE_SSL
+ flags[len++] = listener_server(listener) ? 'S' : (listener_ssl(listener) ? 'E' : 'C');
+#else
flags[len++] = listener_server(listener) ? 'S' : 'C';
+#endif
if (show_hidden && FlagHas(&listener->flags, LISTEN_HIDDEN))
flags[len++] = 'H';
if (FlagHas(&listener->flags, LISTEN_IPV4))
@@ -520,7 +525,14 @@
}
++ServerStats->is_ac;
/* nextping = CurrentTime; */
+#ifdef USE_SSL
+ if (listener_ssl(listener))
+ ssl_add_connection(listener, fd);
+ else
+ add_connection(listener, fd, NULL);
+#else
add_connection(listener, fd);
+#endif
}
}
}
Index: ircd-ircdev/ircd/m_rehash.c
diff -u ircd-ircdev/ircd/m_rehash.c:1.7 ircd-ircdev/ircd/m_rehash.c:1.8
--- ircd-ircdev/ircd/m_rehash.c:1.7 Thu Sep 20 14:00:32 2007
+++ ircd-ircdev/ircd/m_rehash.c Sun Nov 11 13:53:08 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Handlers for REHASH command.
- * @version $Id: m_rehash.c,v 1.7 2007/09/20 21:00:32 zolty Exp $
+ * @version $Id: m_rehash.c,v 1.8 2007/11/11 21:53:08 zolty Exp $
*/
#include "config.h"
@@ -34,6 +34,7 @@
#include "numeric.h"
#include "s_conf.h"
#include "send.h"
+#include "ssl.h"
/* #include <assert.h> -- Now using assert in ircd_log.h */
@@ -45,6 +46,7 @@
* The following flags are recognized:
* \li 'm' flushes the MOTD cache
* \li 'l' reopens the log files
+ * \li 's' reopens SSL pem file
* \li 'q' reloads the configuration file but does not rehash the DNS
* resolver
* \li the default is to reload the configuration file and restart the
@@ -72,6 +74,12 @@
send_reply(sptr, SND_EXPLICIT | RPL_REHASHING, ":Reopening log files");
log_reopen(); /* reopen log files */
return 0;
+#ifdef USE_SSL
+ } else if (*parv[1] == 's') {
+ send_reply(sptr, SND_EXPLICIT | RPL_REHASHING, ":Reopening SSL pem file");
+ ssl_init();
+ return 0;
+#endif
} else if (*parv[1] == 'q')
flag = 2;
}
Index: ircd-ircdev/ircd/m_whois.c
diff -u ircd-ircdev/ircd/m_whois.c:1.19 ircd-ircdev/ircd/m_whois.c:1.20
--- ircd-ircdev/ircd/m_whois.c:1.19 Thu Sep 20 14:00:32 2007
+++ ircd-ircdev/ircd/m_whois.c Sun Nov 11 13:53:08 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Handlers for WHOIS command.
- * @version $Id: m_whois.c,v 1.19 2007/09/20 21:00:32 zolty Exp $
+ * @version $Id: m_whois.c,v 1.20 2007/11/11 21:53:08 zolty Exp $
*/
#include "config.h"
@@ -182,6 +182,12 @@
send_reply(sptr, RPL_WHOISMODES, name, *modes ? modes : "");
}
+#ifdef USE_SSL
+ if (MyConnect(acptr) && IsSSL(acptr) && ((parc >= 3) ||
+ (acptr == sptr) || IsAnOper(sptr)))
+ send_reply(sptr, RPL_WHOISSSL, name);
+#endif
+
/* Hint: if your looking to add more flags to a user, eg +h, here's
* probably a good place to add them :)
*/
Index: ircd-ircdev/ircd/s_auth.c
diff -u ircd-ircdev/ircd/s_auth.c:1.18 ircd-ircdev/ircd/s_auth.c:1.19
--- ircd-ircdev/ircd/s_auth.c:1.18 Thu Sep 20 14:00:32 2007
+++ ircd-ircdev/ircd/s_auth.c Sun Nov 11 13:53:08 2007
@@ -36,7 +36,7 @@
*/
/** @file
* @brief Implementation of DNS and ident lookups.
- * @version $Id: s_auth.c,v 1.18 2007/09/20 21:00:32 zolty Exp $
+ * @version $Id: s_auth.c,v 1.19 2007/11/11 21:53:08 zolty Exp $
*/
#include "config.h"
@@ -66,6 +66,7 @@
#include "s_misc.h"
#include "s_user.h"
#include "send.h"
+#include "ssl.h"
#include <errno.h>
#include <string.h>
@@ -143,8 +144,13 @@
} ReportType;
/** Sends response \a r (from #ReportType) to client \a c. */
+#ifdef USE_SSL
+#define sendheader(c, r) \
+ ssl_send(c, HeaderMessages[(r)].message, HeaderMessages[(r)].length)
+#else
#define sendheader(c, r) \
send(cli_fd(c), HeaderMessages[(r)].message, HeaderMessages[(r)].length, 0)
+#endif
/** Enumeration of IAuth connection flags. */
enum IAuthFlag
Index: ircd-ircdev/ircd/s_bsd.c
diff -u ircd-ircdev/ircd/s_bsd.c:1.23 ircd-ircdev/ircd/s_bsd.c:1.24
--- ircd-ircdev/ircd/s_bsd.c:1.23 Thu Sep 20 14:00:32 2007
+++ ircd-ircdev/ircd/s_bsd.c Sun Nov 11 13:53:08 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Functions that now (or in the past) relied on BSD APIs.
- * @version $Id: s_bsd.c,v 1.23 2007/09/20 21:00:32 zolty Exp $
+ * @version $Id: s_bsd.c,v 1.24 2007/11/11 21:53:08 zolty Exp $
*/
#include "config.h"
@@ -57,6 +57,7 @@
#include "s_user.h"
#include "send.h"
#include "struct.h"
+#include "ssl.h"
#include "uping.h"
#include "version.h"
@@ -121,6 +122,26 @@
static void client_timer_callback(struct Event* ev);
+#ifdef USE_SSL
+/* Helper routines */
+static IOResult client_recv(struct Client *cptr, char *buf, unsigned int length, unsigned int* count_out)
+{
+ if (cli_socket(cptr).ssl)
+ return ssl_recv(&cli_socket(cptr), buf, length, count_out);
+ else
+ return os_recv_nonb(cli_fd(cptr), buf, length, count_out);
+}
+
+static IOResult client_sendv(struct Client *cptr, struct MsgQ *buf, unsigned int *count_in, unsigned int *count_out)
+{
+ if (cli_socket(cptr).ssl)
+ return ssl_sendv(&cli_socket(cptr), buf, count_in, count_out);
+ else
+ return os_sendv_nonb(cli_fd(cptr), buf, count_in, count_out);
+}
+#endif
+
+
/*
* Cannot use perror() within daemon. stderr is closed in
* ircd and cannot be used. And, worse yet, it might have
@@ -490,7 +511,11 @@
* @param listener Listening socket that received the connection.
* @param fd File descriptor of new connection.
*/
+#ifdef USE_SSL
+void add_connection(struct Listener* listener, int fd, void *ssl) {
+#else
void add_connection(struct Listener* listener, int fd) {
+#endif
struct irc_sockaddr addr;
struct Client *new_client;
time_t next_target = 0;
@@ -510,7 +535,11 @@
*/
if (!os_get_peername(fd, &addr) || !os_set_nonblocking(fd)) {
++ServerStats->is_ref;
+#ifdef USE_SSL
+ ssl_murder(ssl, fd, NULL);
+#else
close(fd);
+#endif
return;
}
/*
@@ -538,8 +567,12 @@
if (!IPcheck_local_connect(&addr.addr, &next_target))
{
++ServerStats->is_ref;
+#ifdef USE_SSL
+ ssl_murder(ssl, fd, throttle_message);
+#else
write(fd, throttle_message, strlen(throttle_message));
close(fd);
+#endif
return;
}
new_client = make_client(0, STAT_UNKNOWN_USER);
@@ -561,11 +594,19 @@
if (!socket_add(&(cli_socket(new_client)), client_sock_callback,
(void*) cli_connect(new_client), SS_CONNECTED, 0, fd)) {
++ServerStats->is_ref;
+#ifdef USE_SSL
+ ssl_murder(ssl, fd, register_message);
+#else
write(fd, register_message, strlen(register_message));
close(fd);
+#endif
cli_fd(new_client) = -1;
return;
}
+#ifdef USE_SSL
+ if (ssl)
+ cli_socket(new_client).ssl = ssl;
+#endif
cli_freeflag(new_client) |= FREEFLAG_SOCKET;
cli_listener(new_client) = listener;
++listener->ref_count;
Index: ircd-ircdev/ircd/s_debug.c
diff -u ircd-ircdev/ircd/s_debug.c:1.14 ircd-ircdev/ircd/s_debug.c:1.15
--- ircd-ircdev/ircd/s_debug.c:1.14 Thu Sep 20 14:00:32 2007
+++ ircd-ircdev/ircd/s_debug.c Sun Nov 11 13:53:08 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Debug support for the ircd.
- * @version $Id: s_debug.c,v 1.14 2007/09/20 21:00:32 zolty Exp $
+ * @version $Id: s_debug.c,v 1.15 2007/11/11 21:53:08 zolty Exp $
*/
#include "config.h"
@@ -52,6 +52,7 @@
#include "s_user.h"
#include "send.h"
#include "struct.h"
+#include "ssl.h"
#include "watch.h"
#include "whowas.h"
@@ -118,6 +119,13 @@
AddC('6');
#endif
+#ifdef USE_SSL
+ AddC('+');
+ AddC('S');
+ AddC('S');
+ AddC('L');
+#endif
+
#if defined(UNDERNET)
AddC('+'); AddC('U'); AddC('N'); AddC('E'); AddC('T');
#endif
@@ -326,8 +334,13 @@
for (cltmp = get_class_list(); cltmp; cltmp = cltmp->next)
cl++;
+#ifdef USE_SSL
+ send_reply(cptr, SND_EXPLICIT | RPL_STATSDEBUG,
+ ":Clients %d(%zu) Connections %d(%zu) SSL %d", c, cm, cn, cnm, ssl_count());
+#else
send_reply(cptr, SND_EXPLICIT | RPL_STATSDEBUG,
":Clients %d(%zu) Connections %d(%zu)", c, cm, cn, cnm);
+#endif
send_reply(cptr, SND_EXPLICIT | RPL_STATSDEBUG,
":Users %zu(%zu) Accounts %d(%zu) Invites %d(%zu)",
us, usm, acc, acc * (ACCOUNTLEN + 1),
Index: ircd-ircdev/ircd/s_err.c
diff -u ircd-ircdev/ircd/s_err.c:1.25 ircd-ircdev/ircd/s_err.c:1.26
--- ircd-ircdev/ircd/s_err.c:1.25 Thu Sep 20 14:00:32 2007
+++ ircd-ircdev/ircd/s_err.c Sun Nov 11 13:53:08 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Error handling support.
- * @version $Id: s_err.c,v 1.25 2007/09/20 21:00:32 zolty Exp $
+ * @version $Id: s_err.c,v 1.26 2007/11/11 21:53:08 zolty Exp $
*/
#include "config.h"
@@ -724,7 +724,7 @@
/* 336 */
{ 0 },
/* 337 */
- { 0 },
+ { RPL_WHOISSSL, "%s :is connected via SSL", "337" },
/* 338 */
{ RPL_WHOISACTUALLY, "%s %s@%s %s :Actual user@host, Actual IP", "338" },
/* 339 */
Index: ircd-ircdev/ircd/s_user.c
diff -u ircd-ircdev/ircd/s_user.c:1.32 ircd-ircdev/ircd/s_user.c:1.33
--- ircd-ircdev/ircd/s_user.c:1.32 Thu Sep 20 14:00:32 2007
+++ ircd-ircdev/ircd/s_user.c Sun Nov 11 13:53:08 2007
@@ -21,7 +21,7 @@
*/
/** @file
* @brief Miscellaneous user-related helper functions.
- * @version $Id: s_user.c,v 1.32 2007/09/20 21:00:32 zolty Exp $
+ * @version $Id: s_user.c,v 1.33 2007/11/11 21:53:08 zolty Exp $
*/
#include "config.h"
@@ -59,6 +59,7 @@
#include "s_serv.h" /* max_client_count */
#include "send.h"
#include "struct.h"
+#include "ssl.h"
#include "userload.h"
#include "version.h"
#include "watch.h"
@@ -360,6 +361,10 @@
Count_unknownbecomesclient(sptr, UserStats);
+#ifdef USE_SSL
+ SetSSL(sptr);
+#endif
+
SetUser(sptr);
cli_handler(sptr) = CLIENT_HANDLER;
SetLocalNumNick(sptr);
@@ -376,6 +381,13 @@
send_reply(sptr, RPL_CREATED, creation);
send_reply(sptr, RPL_MYINFO, cli_name(&me), version, infousermodes,
infochanmodes, infochanmodeswithparams);
+
+#ifdef USE_SSL
+ if (IsSSL(sptr))
+ sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :You are connected to %s with %s", sptr,
+ cli_name(&me), ssl_get_cipher(cli_socket(sptr).ssl));
+#endif
+
send_supported(sptr);
m_lusers(sptr, sptr, 1, parv);
update_load();
@@ -520,6 +532,9 @@
{ FLAG_DEAF, 'd' },
{ FLAG_CHSERV, 'k' },
{ FLAG_DEBUG, 'g' },
+#ifdef USE_SSL
+ { FLAG_SSL, 'Z' },
+#endif
#if defined(UNDERNET)
{ FLAG_ACCOUNT, 'r' },
#elif defined(DDB) || defined(SERVICES)
@@ -1515,6 +1530,14 @@
if (what == MODE_ADD)
do_host_hiding = 1;
break;
+#ifdef USE_SSL
+ case 'Z':
+ if (what == MODE_ADD)
+ SetSSL(sptr);
+ else
+ ClearSSL(sptr);
+ break;
+#endif
#if defined(DDB) || defined(SERVICES)
case 'r':
if (what == MODE_ADD)
@@ -1570,6 +1593,10 @@
if (feature_bool(FEAT_HIS_DEBUG_OPER_ONLY) &&
!IsAnOper(sptr) && !FlagHas(&setflags, FLAG_DEBUG))
ClearDebug(sptr);
+#ifdef USE_SSL
+ if (!FlagHas(&setflags, FLAG_SSL) && IsSSL(sptr))
+ ClearSSL(sptr);
+#endif
#if defined(DDB) || defined(SERVICES)
if (!FlagHas(&setflags, FLAG_NICKREG) && IsNickRegistered(sptr))
ClearNickRegistered(sptr);
Index: ircd-ircdev/ircd/ssl.c
diff -u /dev/null ircd-ircdev/ircd/ssl.c:1.1
--- /dev/null Sun Nov 11 13:53:26 2007
+++ ircd-ircdev/ircd/ssl.c Sun Nov 11 13:53:08 2007
@@ -0,0 +1,375 @@
+/*
+ * IRC-Dev IRCD - An advanced and innovative IRC Daemon, ircd/watch.c
+ *
+ * Copyright (C) 2002-2007 IRC-Dev Development Team <de...@ir...>
+ * Copyright (C) 2007 Toni Garcia (zoltan) <zo...@ir...>
+ * Copyright (C) 2002 Alex Badea <va...@go...>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * $Id: ssl.c,v 1.1 2007/11/11 21:53:08 zolty Exp $
+ *
+ */
+/** @file
+ * @brief Implementation of SSL.
+ * @version $Id: ssl.c,v 1.1 2007/11/11 21:53:08 zolty Exp $
+ */
+#include "config.h"
+
+#ifdef USE_SSL
+#include "ircd.h"
+#include "ircd_defs.h"
+#include "ircd_events.h"
+#include "ircd_snprintf.h"
+#include "ircd_alloc.h"
+#include "s_debug.h"
+#include "s_bsd.h"
+#include "client.h"
+#include "listener.h"
+#include "send.h"
+#include "ssl.h"
+
+#define _XOPEN_SOURCE
+#include <limits.h>
+#include <sys/uio.h>
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+SSL_CTX *ctx;
+static int ssl_inuse = 0;
+
+struct ssl_data {
+ struct Socket socket;
+ struct Listener *listener;
+ int fd;
+};
+
+static void abort_ssl(struct ssl_data *data)
+{
+ Debug((DEBUG_DEBUG, "SSL: aborted"));
+ SSL_free(data->socket.ssl);
+ --ssl_inuse;
+ close(data->fd);
+ socket_del(&data->socket);
+}
+
+static void accept_ssl(struct ssl_data *data)
+{
+ if (SSL_accept(data->socket.ssl) <= 0) {
+ unsigned long err = ERR_get_error();
+ char string[120];
+
+ if (err) {
+ ERR_error_string(err, string);
+ Debug((DEBUG_ERROR, "SSL_accept: %s", string));
+ abort_ssl(data);
+ }
+ return;
+ }
+ if (SSL_is_init_finished(data->socket.ssl)) {
+ add_connection(data->listener, data->fd, data->socket.ssl);
+ socket_del(&data->socket);
+ }
+}
+
+static void ssl_sock_callback(struct Event* ev)
+{
+ struct ssl_data *data;
+
+ assert(0 != ev_socket(ev));
+ assert(0 != s_data(ev_socket(ev)));
+
+ data = s_data(ev_socket(ev));
+ assert(0 != data);
+
+ switch (ev_type(ev)) {
+ case ET_DESTROY:
+ --data->listener->ref_count;
+ MyFree(data);
+ return;
+ case ET_ERROR:
+ case ET_EOF:
+ abort_ssl(data);
+ break;
+ case ET_READ:
+ case ET_WRITE:
+ accept_ssl(data);
+ break;
+ default:
+ break;
+ }
+}
+
+void ssl_add_connection(struct Listener *listener, int fd)
+{
+ struct ssl_data *data;
+
+ assert(0 != listener);
+
+ if (!os_set_nonblocking(fd)) {
+ close(fd);
+ return;
+ }
+ os_disable_options(fd);
+
+ data = (struct ssl_data *) MyMalloc(sizeof(struct ssl_data));
+ data->listener = listener;
+ data->fd = fd;
+ if (!socket_add(&data->socket, ssl_sock_callback, (void *) data, SS_CONNECTED, SOCK_EVENT_READABLE, fd)) {
+ close(fd);
+ return;
+ }
+ if (!(data->socket.ssl = SSL_new(ctx))) {
+ Debug((DEBUG_DEBUG, "SSL_new failed"));
+ close(fd);
+ return;
+ }
+ SSL_set_fd(data->socket.ssl, fd);
+ ++ssl_inuse;
+ ++listener->ref_count;
+}
+
+/*
+ * ssl_recv - non blocking read of a connection
+ * returns:
+ * 1 if data was read or socket is blocked (recoverable error)
+ * count_out > 0 if data was read
+ *
+ * 0 if socket closed from other end
+ * -1 if an unrecoverable error occurred
+ */
+IOResult ssl_recv(struct Socket *socket, char* buf,
+ unsigned int length, unsigned int* count_out)
+{
+ int res;
+
+ assert(0 != socket);
+ assert(0 != buf);
+ assert(0 != count_out);
+
+ *count_out = 0;
+ errno = 0;
+
+ res = SSL_read(socket->ssl, buf, length);
+ switch (SSL_get_error(socket->ssl, res)) {
+ case SSL_ERROR_NONE:
+ *count_out = (unsigned) res;
+ return IO_SUCCESS;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ Debug((DEBUG_DEBUG, "SSL_read returned WANT_ - retrying"));
+ return IO_BLOCKED;
+ case SSL_ERROR_SYSCALL:
+ if (res < 0 && errno == EINTR)
+ return IO_BLOCKED; /* ??? */
+ break;
+ case SSL_ERROR_ZERO_RETURN: /* close_notify received */
+ SSL_shutdown(socket->ssl); /* Send close_notify back */
+ break;
+ }
+ return IO_FAILURE;
+}
+
+/*
+ * ssl_sendv - non blocking writev to a connection
+ * returns:
+ * 1 if data was written
+ * count_out contains amount written
+ *
+ * 0 if write call blocked, recoverable error
+ * -1 if an unrecoverable error occurred
+ */
+IOResult ssl_sendv(struct Socket *socket, struct MsgQ* buf,
+ unsigned int* count_in, unsigned int* count_out)
+{
+ int res;
+ int count;
+ int k;
+ struct iovec iov[IOV_MAX];
+ IOResult retval = IO_BLOCKED;
+
+ assert(0 != socket);
+ assert(0 != buf);
+ assert(0 != count_in);
+ assert(0 != count_out);
+
+ *count_in = 0;
+ *count_out = 0;
+ errno = 0;
+
+ count = msgq_mapiov(buf, iov, IOV_MAX, count_in);
+ for (k = 0; k < count; k++) {
+ res = SSL_write(socket->ssl, iov[k].iov_base, iov[k].iov_len);
+ switch (SSL_get_error(socket->ssl, res)) {
+ case SSL_ERROR_NONE:
+ *count_out += (unsigned) res;
+ retval = IO_SUCCESS;
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ Debug((DEBUG_DEBUG, "SSL_write returned WANT_ - retrying"));
+ return retval;
+ case SSL_ERROR_SYSCALL:
+ return (res < 0 && errno == EINTR) ? retval : IO_FAILURE;
+ case SSL_ERROR_ZERO_RETURN:
+ SSL_shutdown(socket->ssl);
+ return IO_FAILURE;
+ default:
+ return IO_FAILURE;
+ }
+ }
+ return retval;
+}
+
+int ssl_send(struct Client *cptr, const char *buf, unsigned int len)
+{
+ char fmt[16];
+
+ if (!cli_socket(cptr).ssl)
+ ...
[truncated message content] |
