Permalink
Browse files

SSL support for UnrealIRCD!

  • Loading branch information...
stskeeps
stskeeps committed Oct 7, 2000
1 parent 5b3b137 commit e94bf803280da023239c0945d297d109232ce5d5
Showing with 345 additions and 66 deletions.
  1. +2 −3 .RELEASE.NOTES
  2. +29 −30 Config
  3. +5 −0 Makefile.dist
  4. +4 −0 TODO
  5. +1 −1 include/config.h
  6. +10 −0 include/ssl.h
  7. +29 −5 include/struct.h
  8. +3 −1 include/sys.h
  9. +1 −1 networks/unrealircd.conf
  10. +6 −2 src/Makefile
  11. +8 −0 src/bsd.c
  12. +8 −1 src/channel.c
  13. +3 −1 src/ircd.c
  14. +30 −2 src/s_bsd.c
  15. +1 −1 src/s_conf.c
  16. +3 −2 src/s_unreal.c
  17. +13 −12 src/s_user.c
  18. +1 −1 src/send.c
  19. +150 −0 src/ssl.c
  20. +35 −0 src/ssl.cnf
  21. BIN src/ssl.rnd
  22. +3 −3 src/webtv.c
@@ -15,9 +15,8 @@ Unreal3.1-Silverheart Release Notes
Where 20 is the numeric. Numerics are 1-255, 0 means no numeric (bad),
and no server must have same numeric
* We have introduced encrypted irc connections, and we will soon have a
client out for it (this is not SSL). Stay tuned in #UnrealIRCd for more
information
* We have introduced encrypted irc connections, using SSL
* NOTE, in #UnrealIRCD we don't help with Services etc.
59 Config
@@ -504,8 +504,8 @@ else
echo 'not found (good!)'
fi
echo $n "...Looking for /usr/include/openssl/blowfish.h...$c"
if [ -r /usr/include/openssl/blowfish.h ] ; then
echo $n "...Looking for /usr/include/openssl/ssl.h...$c"
if [ -r /usr/include/openssl/ssl.h ] ; then
OPENSSL=define
echo 'found!'
else
@@ -793,28 +793,6 @@ else
fi
fi
$RM -f $EXEC $TMP
echo $n "Do we have an broken /usr/include/string.h ... $c"
cat > $TMP <<__EOF__
#include <string.h>
main()
{
char *s = "moocows";
char *p = "moocows";
if (strcasecmp(s, p))
exit(0);
exit(0);
}
__EOF__
$COMP >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo " no$c"
STRCASECMP=undef
else
echo "yes"
STRCASECMP=define
fi
#
# what do we need that isn't here already ?
#
@@ -1015,8 +993,25 @@ if [ $? -ne 0 ] ; then
echo $n " inet_netof$c"
NINETNETOF=define
fi
$RM -f $EXEC $TMP
echo " "
$RM -f $EXEC $TMP
cat > $TMP << __EOF__
#include <string.h>
main()
{
strcasecmp("moo", "moo");
}
__EOF__
$COMP
# >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo $n " strcasecmp $c "
STRCASECMP=undef
else
STRCASECMP=define
fi
$RM -f $EXEC $TMP
#
#
#
@@ -1096,7 +1091,7 @@ cat > $SETUP <<__EOF__
#$NINETNETOF NEED_INET_NETOF
#$GETTIMEOFDAY GETTIMEOFDAY
#$LRAND48 LRAND48
#$STRCASECMP GOT_STRCASECMP
#$STRCASECMP GOT_STRCASECMP
__EOF__
if [ "$MALLOCH" = "undef" ] ; then
echo "#undef MALLOCH" >> $SETUP
@@ -1304,7 +1299,7 @@ while [ -z "$FOO" ] ; do
FOO="No"
fi
echo ""
echo "Do you want to support encrypted connections"
echo "Do you want to support SSL (Secure Sockets Layer) connections"
echo $n "[$FOO] -> $c"
if [ -z "$AUTO_CONFIG" -o -n "$runonce" ] ; then
read cc
@@ -1318,7 +1313,7 @@ while [ -z "$FOO" ] ; do
case "$cc" in
[Yy]*)
CRYPTOIRCD="1"
CRYPTOLIB="-lcrypto"
CRYPTOLIB="-lssl -lcrypto"
;;
[Nn]*)
CRYPTOIRCD=""
@@ -1779,9 +1774,9 @@ else
echo "#undef CRYPT_OPER_PASSWORD" >> $OPTIONS_H
fi
if [ -n "$CRYPTOIRCD" ] ; then
echo "#define CRYPTOIRCD 1" >> $OPTIONS_H
echo "#define USE_SSL 1" >> $OPTIONS_H
else
echo "#undef CRYPTOIRCD" >> $OPTIONS_H
echo "#undef USE_SSL" >> $OPTIONS_H
fi
if [ -n "$CRYPT_LINK_PASSWORD" ] ; then
echo "#define CRYPT_LINK_PASSWORD 1" >> $OPTIONS_H
@@ -1857,6 +1852,10 @@ if [ "$OSNAME" = "Linux (with GLIBC 2.x or greater)" ]; then
echo ""
fi
if [ -n "$CRYPTOIRCD" ] ; then
make pem
fi
cat << __EOF__
_____________________________________________________________________
@@ -210,3 +210,8 @@ depend:
install: all
@echo "Now install by hand; make install is broken."
pem: src/ssl.cnf
/usr/local/ssl/bin/openssl req -new -x509 -days 365 -nodes \
-config src/ssl.cnf -out server.pem -keyout server.pem
/usr/local/ssl/bin/openssl x509 -subject -dates -fingerprint -noout \
-in server.pem
4 TODO
@@ -52,3 +52,7 @@ Assigned to DrBin:
* Make a is_chan_op, is_chanprot, is_chanowner all-in-one function
* Split up Link (SLink)
* Add Dlink (DSLink)
-----------------------------------------------------
@@ -422,7 +422,7 @@
* Would you like all clients to see the progress of their connections?
*/
#define SHOWCONNECTINFO
#undef SHOWCONNECTINFO
/*
* SOCKS proxy checker
@@ -0,0 +1,10 @@
/* Make these what you want for cert & key files */
#define CERTF "server.pem"
#define KEYF "server.pem"
extern SSL_CTX * ctx;
extern SSL_METHOD *meth;
extern void init_ssl();
extern int ssl_handshake(aClient *); /* Handshake the accpeted con.*/
extern int ssl_client_handshake(aClient *); /* and the initiated con.*/
@@ -49,7 +49,14 @@
#ifdef CRYPTOIRCD
#include <openssl/blowfish.h>
#endif
#ifdef USE_SSL
#include <openssl/rsa.h> /* SSL stuff */
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif
typedef struct t_fline aFline;
typedef struct t_crline aCRline;
typedef struct t_vhline aVHline;
@@ -217,9 +224,12 @@ typedef unsigned int u_int32_t; /* XXX Hope this works! */
#ifdef CRYPTOIRCD
#define FLAGS_SECURE 0x8000000
#endif
#ifdef USE_SSL
#define FLAGS_SSL 0x10000000
#define FLAGS_SSL_HSHAKE 0x20000000
#endif
#define FLAGS_MAP 0x80000000 /* Show this entry in /map */
/* Dec 26th, 1997 - added flags2 when I ran out of room in flags -DuffJ */
/* Dec 26th, 1997 - having a go at
@@ -250,7 +260,7 @@ typedef unsigned int u_int32_t; /* XXX Hope this works! */
#define UMODE_WHOIS 0x100000 /* gets notice on /whois */
#define UMODE_KIX 0x200000 /* usermode +q */
#define UMODE_BOT 0x400000 /* User is a bot */
#define UMODE_CODER 0x800000 /* User is a network coder */
#define UMODE_SECURE 0x800000 /* User is a secure connect */
#define UMODE_FCLIENT 0x1000000 /* recieve client on far connects.. */
#define UMODE_HIDING 0x2000000 /* Totally invisible .. */
#define UMODE_VICTIM 0x8000000 /* Intentional Victim */
@@ -259,7 +269,7 @@ typedef unsigned int u_int32_t; /* XXX Hope this works! */
#define UMODE_SETHOST 0x40000000 /* used sethost */
#define UMODE_STRIPBADWORDS 0x80000000 /* */
#define SEND_UMODES (UMODE_INVISIBLE|UMODE_OPER|UMODE_WALLOP|UMODE_FAILOP|UMODE_HELPOP|UMODE_REGNICK|UMODE_SADMIN|UMODE_NETADMIN|UMODE_TECHADMIN|UMODE_COADMIN|UMODE_ADMIN|UMODE_SERVICES|UMODE_HIDE|UMODE_EYES|UMODE_WHOIS|UMODE_KIX|UMODE_BOT|UMODE_CODER|UMODE_FCLIENT|UMODE_HIDING|UMODE_DEAF|UMODE_VICTIM|UMODE_HIDEOPER|UMODE_SETHOST|UMODE_STRIPBADWORDS)
#define SEND_UMODES (UMODE_INVISIBLE|UMODE_OPER|UMODE_WALLOP|UMODE_FAILOP|UMODE_HELPOP|UMODE_REGNICK|UMODE_SADMIN|UMODE_NETADMIN|UMODE_TECHADMIN|UMODE_COADMIN|UMODE_ADMIN|UMODE_SERVICES|UMODE_HIDE|UMODE_EYES|UMODE_WHOIS|UMODE_KIX|UMODE_BOT|UMODE_SECURE|UMODE_FCLIENT|UMODE_HIDING|UMODE_DEAF|UMODE_VICTIM|UMODE_HIDEOPER|UMODE_SETHOST|UMODE_STRIPBADWORDS)
#define ALL_UMODES (SEND_UMODES|UMODE_SERVNOTICE|UMODE_LOCOP|UMODE_KILLS|UMODE_CLIENT|UMODE_FLOOD|UMODE_CHATOP|UMODE_SERVICES|UMODE_EYES)
#define FLAGS_ID (FLAGS_DOID|FLAGS_GOTID)
@@ -329,8 +339,13 @@ typedef unsigned int u_int32_t; /* XXX Hope this works! */
#define IsSecure(x) ((x)->flags & FLAGS_SECURE)
#define SetSecure(x) ((x)->flags |= FLAGS_SECURE)
#define ClearSecure(x) ((x)->flags &= ~FLAGS_SECURE)
#else
#ifdef USE_SSL
#define IsSecure(x) ((x)->flags & FLAGS_SSL)
#else
#define IsSecure(x) (0)
#endif
#endif
#define IsHybNotice(x) ((x)->flags & FLAGS_HYBNOTICE)
#define SetHybNotice(x) ((x)->flags |= FLAGS_HYBNOTICE)
@@ -792,6 +807,7 @@ struct t_vhline {
#define LISTENER_REMOTEADMIN 0x000008
#define LISTENER_JAVACLIENT 0x000010
#define LISTENER_MASK 0x000020
#define LISTENER_SSL 0x000040
struct Client {
struct Client *next, *prev, *hnext;
@@ -842,6 +858,10 @@ struct Client {
#ifdef CRYPTOIRCD
aCryptInfo *cryptinfo; /* crypt */
#endif
#ifdef USE_SSL
struct SSL *ssl;
struct X509 *client_cert;
#endif
#ifndef NO_FDLIST
long lastrecvM; /* to check for activity --Mika */
int priority;
@@ -1073,6 +1093,7 @@ struct Channel {
#endif
#define MODE_NOCTCP 0x10000000
#define MODE_AUDITORIUM 0x20000000
#define MODE_ONLYSECURE 0x40000000
#define is_halfop is_half_op
/*
@@ -1164,5 +1185,8 @@ extern char *gnulicense[];
#define FLUSH_BUFFER -2
#define COMMA ","
#ifdef USE_SSL
#include "ssl.h"
#endif
#endif /* __struct_include__ */
@@ -53,7 +53,9 @@
# include <string.h>
# endif
#endif
#ifdef SSL
#include <openssl/ssl.h>
#endif
#ifndef GOT_STRCASECMP
#define strcasecmp mycmp
#define strncasecmp myncmp
@@ -8,7 +8,7 @@ Exp $
#
# change the filename to what network header file you use
# relative to DPATH
Include .................: networks/unreal-test.network
Include .................: networks/roxnet.network
#
# What K:Line address can K:lined users mail at?
@@ -27,7 +27,7 @@ OBJS=agent.o aln.o badwords.o bsd.o channel.o class.o cloak.o crule.o dbuf.o dyn
fdlist.o hash.o help.o ircd.o ircsprintf.o list.o lusers.o \
match.o packet.o parse.o $(REGEX) res.o $(RES) s_auth.o \
s_bsd.o s_conf.o s_debug.o s_err.o s_extra.o s_kline.o \
s_misc.o s_numeric.o s_serv.o s_socks.o $(STRTOUL) s_unreal.o \
s_misc.o s_numeric.o s_serv.o s_socks.o $(STRTOUL) ssl.o s_unreal.o \
s_user.o scache.o send.o support.o userload.o version.o webtv.o \
whowas.o zip.o
@@ -59,7 +59,8 @@ version.o: version.c ../include/version.h
$(CC) $(CFLAGS) -c version.c
ircd: $(OBJS)
$(CC) $(CFLAGS) -o ircd $(OBJS) $(LDFLAGS) $(IRCDLIBS) $(CRYPTOLIB)
# $(CC) $(CFLAGS) $(CRYPTOLIB) -o ircd $(OBJS) $(LDFLAGS) $(IRCDLIBS) -lssl
$(CC) $(CFLAGS) -o ircd $(CRYPTOLIB) $(OBJS) $(LDFLAGS) $(IRCDLIBS) $(CRYPTOLIB)
chmod $(IRCDMODE) ircd
chkconf: ../include/struct.h ../include/config.h ../include/settings.h ../include/sys.h \
@@ -102,6 +103,9 @@ send.o: send.c $(INCLUDES)
webtv.o: webtv.c $(INCLUDES)
$(CC) $(CFLAGS) -c webtv.c
ssl.o: ssl.c $(INCLUDES)
$(CC) $(CFLAGS) -c ssl.c
match.o: match.c $(INCLUDES)
$(CC) $(CFLAGS) -c match.c
@@ -118,10 +118,18 @@ int deliver_it(cptr, str, len)
cptr->name, cptr->status, IsDead(cptr) ? "DEAD" : "", str);
return -1;
}
#ifdef USE_SSL
if (cptr->flags & FLAGS_SSL)
retval = SSL_write((SSL *)cptr->ssl, str, len);
else
retval = send(cptr->fd, str, len, 0);
#else
#ifndef INET6
retval = send(cptr->fd, str, len, 0);
#else
retval = sendto(cptr->fd, str, len, 0, 0, 0);
#endif
#endif
/*
** Convert WOULDBLOCK to a return of "0 bytes moved". This
@@ -148,6 +148,7 @@ aCtab cFlagTab[] = {
#endif
{MODE_NOCTCP, 'C', 0, 0}, /* no CTCPs */
{MODE_AUDITORIUM, 'u', 0, 0},
{MODE_ONLYSECURE, 'z', 0, 0},
{0x0, 0x0, 0x0}
};
#endif
@@ -1583,6 +1584,7 @@ int do_mode_char(chptr, modetype, modechar, param, what, cptr, pcount, pvar,
case MODE_STRIPBADWORDS:
#endif
case MODE_NOCTCP:
case MODE_ONLYSECURE:
case MODE_NOINVITE:
setthephuckingmode:
/* +sp bugfix.. */
@@ -2246,6 +2248,11 @@ static int can_join(cptr, sptr, chptr, key, link, parv)
/* if ((chptr->mode.mode & MODE_OPERONLY) && IsOper(sptr)) {
goto admok;
} */
if ((chptr->mode.mode & MODE_ONLYSECURE) &&
!(sptr->umodes & UMODE_SECURE))
{
return (ERR_BANNEDFROMCHAN);
}
if ((chptr->mode.mode & MODE_OPERONLY) && !IsOper(sptr))
{
return (ERR_OPERONLY);
@@ -2259,7 +2266,7 @@ static int can_join(cptr, sptr, chptr, key, link, parv)
if ((chptr->mode.mode & MODE_NOHIDING) && IsHiding(sptr))
return (ERR_NOHIDING);
if ((IsOper(sptr) && !(chptr->mode.mode & MODE_ADMONLY)))
if ((IsOper(sptr) && !((chptr->mode.mode & MODE_ADMONLY))))
{
return 0; /* may override */
}
@@ -1125,7 +1125,9 @@ int InitwIRCD(argc, argv)
#endif
check_class();
write_pidfile();
#ifdef USE_SSL
init_ssl();
#endif
Debug((DEBUG_NOTICE, "Server ready..."));
#ifdef USE_SYSLOG
syslog(LOG_NOTICE, "Server Ready");
Oops, something went wrong.

0 comments on commit e94bf80

Please sign in to comment.