|
| 1 | +/* |
| 2 | + * IRC - Internet Relay Chat, src/modules/m_starttls.c |
| 3 | + * (C) 2009 Syzop & The UnrealIRCd Team |
| 4 | + * |
| 5 | + * See file AUTHORS in IRC package for additional names of |
| 6 | + * the programmers. |
| 7 | + * |
| 8 | + * This program is free software; you can redistribute it and/or modify |
| 9 | + * it under the terms of the GNU General Public License as published by |
| 10 | + * the Free Software Foundation; either version 1, or (at your option) |
| 11 | + * any later version. |
| 12 | + * |
| 13 | + * This program is distributed in the hope that it will be useful, |
| 14 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 16 | + * GNU General Public License for more details. |
| 17 | + * |
| 18 | + * You should have received a copy of the GNU General Public License |
| 19 | + * along with this program; if not, write to the Free Software |
| 20 | + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 21 | + */ |
| 22 | +#include "config.h" |
| 23 | +#include "struct.h" |
| 24 | +#include "common.h" |
| 25 | +#include "sys.h" |
| 26 | +#include "numeric.h" |
| 27 | +#include "msg.h" |
| 28 | +#include "proto.h" |
| 29 | +#include "channel.h" |
| 30 | +#include <time.h> |
| 31 | +#include <sys/stat.h> |
| 32 | +#include <stdio.h> |
| 33 | +#include <stdlib.h> |
| 34 | +#include <string.h> |
| 35 | +#ifdef _WIN32 |
| 36 | +#include <io.h> |
| 37 | +#endif |
| 38 | +#include <fcntl.h> |
| 39 | +#include "h.h" |
| 40 | +#ifdef STRIPBADWORDS |
| 41 | +#include "badwords.h" |
| 42 | +#endif |
| 43 | +#ifdef _WIN32 |
| 44 | +#include "version.h" |
| 45 | +#endif |
| 46 | + |
| 47 | +DLLFUNC CMD_FUNC(m_starttls); |
| 48 | + |
| 49 | +#define MSG_STARTTLS "STARTTLS" |
| 50 | + |
| 51 | +ModuleHeader MOD_HEADER(m_starttls) |
| 52 | + = { |
| 53 | + "m_starttls", |
| 54 | + "$Id$", |
| 55 | + "command /starttls", |
| 56 | + "3.2-b8-1", |
| 57 | + NULL |
| 58 | + }; |
| 59 | + |
| 60 | +DLLFUNC int MOD_INIT(m_starttls)(ModuleInfo *modinfo) |
| 61 | +{ |
| 62 | + CommandAdd(modinfo->handle, MSG_STARTTLS, NULL, m_starttls, MAXPARA, M_UNREGISTERED); |
| 63 | + MARK_AS_OFFICIAL_MODULE(modinfo); |
| 64 | + return MOD_SUCCESS; |
| 65 | +} |
| 66 | + |
| 67 | +DLLFUNC int MOD_LOAD(m_starttls)(int module_load) |
| 68 | +{ |
| 69 | + return MOD_SUCCESS; |
| 70 | +} |
| 71 | + |
| 72 | +DLLFUNC int MOD_UNLOAD(m_starttls)(int module_unload) |
| 73 | +{ |
| 74 | + return MOD_SUCCESS; |
| 75 | +} |
| 76 | + |
| 77 | +DLLFUNC CMD_FUNC(m_starttls) |
| 78 | +{ |
| 79 | + if (!MyConnect(sptr) || !IsUnknown(sptr)) |
| 80 | + return 0; |
| 81 | +#ifndef USE_SSL |
| 82 | + /* sendnotice(sptr, "This server does not support SSL"); */ |
| 83 | + /* or numeric 691? */ |
| 84 | + /* actually... it's probably best to just act like we don't know this command...? */ |
| 85 | + sendto_one(sptr, err_str(ERR_NOTREGISTERED), me.name, "STARTTLS"); |
| 86 | + return 0; |
| 87 | +#else |
| 88 | + if (iConf.ssl_options & SSLFLAG_NOSTARTTLS) |
| 89 | + { |
| 90 | + sendto_one(sptr, err_str(ERR_NOTREGISTERED), me.name, "STARTTLS"); |
| 91 | + return 0; |
| 92 | + } |
| 93 | + if (IsSecure(sptr)) |
| 94 | + { |
| 95 | + sendto_one(sptr, ":%s 691 %s :STARTTLS failed. Already using TLS.", me.name, sptr->name); |
| 96 | + return 0; |
| 97 | + } |
| 98 | + dbuf_delete(&sptr->recvQ, 1000000); /* Clear up any remaining plaintext commands */ |
| 99 | + sendto_one(sptr, ":%s 670 %s :STARTTLS successful, go ahead with TLS handshake", me.name, sptr->name); |
| 100 | + // ^^ FIXME, use: RPL_STARTTLS |
| 101 | + send_queued(sptr); |
| 102 | + |
| 103 | + SetSSLStartTLSHandshake(sptr); |
| 104 | + Debug((DEBUG_DEBUG, "Starting SSL handshake (due to STARTTLS) for %s", sptr->sockhost)); |
| 105 | + if ((sptr->ssl = SSL_new(ctx_server)) == NULL) |
| 106 | + goto fail; |
| 107 | + sptr->flags |= FLAGS_SSL; |
| 108 | + SSL_set_fd(sptr->ssl, sptr->fd); |
| 109 | + SSL_set_nonblocking(sptr->ssl); |
| 110 | + if (!ircd_SSL_accept(sptr, sptr->fd)) { |
| 111 | + Debug((DEBUG_DEBUG, "Failed SSL accept handshake in instance 1: %s", sptr->sockhost)); |
| 112 | + SSL_set_shutdown(sptr->ssl, SSL_RECEIVED_SHUTDOWN); |
| 113 | + SSL_smart_shutdown(sptr->ssl); |
| 114 | + SSL_free(sptr->ssl); |
| 115 | + goto fail; |
| 116 | + } |
| 117 | + |
| 118 | + /* HANDSHAKE IN PROGRESS */ |
| 119 | + return 0; |
| 120 | +fail: |
| 121 | + /* Failure */ |
| 122 | + sendto_one(sptr, ":%s 691 %s :STARTTLS failed", me.name, sptr->name); // FIXME, use: ERR_STARTTLS |
| 123 | + sptr->ssl = NULL; |
| 124 | + sptr->flags &= ~FLAGS_SSL; |
| 125 | + SetUnknown(sptr); |
| 126 | + return 0; |
| 127 | +#endif |
| 128 | +} |
0 commit comments