ircu client-side ssl tunnel =========================== This is the Nefarious patch for ircu to support client-side ssl tunnel. Hopefully I didn't miss anything. Unfortunately I do not possess the power to write Makefile so you'll probably want to #define USE_SSL and add -lssl -lcrypto to the linker. You'll be missing the ssl.[ch] - get them from Nefarious. The ircd.pem file goes to DPATH. Note that this patch will add a _fake security_. Only the connection from the user to the server is encrypted, server <-> server links are still unencrypted. Btw: EPOLL broke it for me, you might want to give that a try if yours isn't stable. Nefarious IRCu: http://evilnet.sf.net/ Undernet IRCu: http://coder-com.undernet.org/ Nei diff -urp asuka.runnning/include/channel.h asuka/include/channel.h --- asuka.runnning/include/channel.h 2005-01-17 06:55:54.000000000 +0100 +++ asuka/include/channel.h 2005-01-16 20:03:46.000000000 +0100 @@ -92,6 +92,8 @@ struct Client; #define MODE_DELJOINS 0x4000 #define MODE_NONOTICE 0x8000 +#define MODE_SSLONLY 0x400000 + #define MODE_LISTED 0x10000 #define MODE_SAVE 0x20000 /* save this mode-with-arg 'til later */ #define MODE_FREE 0x40000 /* string needs to be passed to MyFree() */ diff -urp asuka.runnning/include/client.h asuka/include/client.h --- asuka.runnning/include/client.h 2005-01-17 06:55:54.000000000 +0100 +++ asuka/include/client.h 2005-01-16 21:00:09.000000000 +0100 @@ -152,6 +152,7 @@ enum Flag { FLAG_XTRAOP, /* ASUKA_X: oper special powers */ FLAG_ACCOUNTONLY, /* ASUKA_R: hide privmsgs/notices if user is not authed or opered */ + FLAG_SSL, /* Nefarious: SSL user */ _FLAG_COUNT, FLAG_LOCAL_UMODES = FLAG_LOCOP, /* First local mode flag */ @@ -439,9 +445,11 @@ struct Client { #define IsNoChan(x) HasFlag(x, FLAG_NOCHAN) #define IsNoIdle(x) HasFlag(x, FLAG_NOIDLE) #define IsAccountOnly(x) HasFlag(x, FLAG_ACCOUNTONLY) +#define IsSSL(x) HasFlag(x, FLAG_SSL) #define HasHiddenHost(x) (IsAccount(x) && IsHiddenHost(x)) #define IsSetHost(x) HasFlag(x, FLAG_SETHOST) #define HasSetHost(x) (IsSetHost(x)) +/* ^^ Nefarious */ #define IsPrivileged(x) (IsAnOper(x) || IsServer(x)) @@ -469,6 +477,8 @@ struct Client { #define SetNoChan(x) SetFlag(x, FLAG_NOCHAN) #define SetNoIdle(x) SetFlag(x, FLAG_NOIDLE) #define SetAccountOnly(x) SetFlag(x, FLAG_ACCOUNTONLY) +#define SetSSL(x) SetFlag(x, FLAG_SSL) +/* ^^ Nefarious */ #define ClearAccess(x) ClrFlag(x, FLAG_CHKACCESS) #define ClearBurst(x) ClrFlag(x, FLAG_BURST) @@ -489,6 +499,8 @@ struct Client { #define ClearNoChan(x) ClrFlag(x, FLAG_NOCHAN) #define ClearNoIdle(x) ClrFlag(x, FLAG_NOIDLE) #define ClearAccountOnly(x) ClrFlag(x, FLAG_ACCOUNTONLY) +#define ClearSSL(x) ClrFlag(x, FLAG_SSL) +/* ^^ Nefarious */ /* free flags */ #define FREEFLAG_SOCKET 0x0001 /* socket needs to be freed */ diff -urp asuka.runnning/include/ircd_events.h asuka/include/ircd_events.h --- asuka.runnning/include/ircd_events.h 2005-01-17 06:55:54.000000000 +0100 +++ asuka/include/ircd_events.h 2005-01-16 21:03:44.000000000 +0100 @@ -28,6 +28,13 @@ #include /* time_t */ #define INCLUDED_sys_types_h #endif +/* vv Nefarious: */ +#ifdef USE_SSL +#ifndef INCLUDED_ssl_h +#include "ssl.h" +#endif +#endif /* USE_SSL */ +/* ^^ Nefarious */ struct Event; @@ -90,6 +97,11 @@ struct Socket { enum SocketState s_state; /* state socket's in */ unsigned int s_events; /* events socket is interested in */ int s_fd; /* file descriptor for socket */ +/* vv Nefarious: */ +#ifdef USE_SSL + SSL* ssl; /* if not NULL, use SSL routines on socket */ +#endif /* USE_SSL */ +/* ^^ Nefarious */ }; #define SOCK_EVENT_READABLE 0x0001 /* interested in readable */ diff -urp asuka.runnning/include/listener.h asuka/include/listener.h --- asuka.runnning/include/listener.h 2005-01-17 06:55:54.000000000 +0100 +++ asuka/include/listener.h 2005-01-16 21:31:09.000000000 +0100 @@ -46,6 +46,11 @@ struct Listener { unsigned char active; /* current state of listener */ unsigned char hidden; /* hidden in stats output for clients */ unsigned char server; /* 1 if port is a server listener */ +/* vv Nefarious: */ +#ifdef USE_SSL + unsigned char ssl; /* 1 if we're using SSL */ +#endif /* USE_SSL */ +/* ^^ Nefarious */ int index; /* index into poll array */ time_t last_accept; /* last time listener accepted */ struct in_addr addr; /* virtual address or INADDR_ANY */ @@ -55,9 +60,17 @@ struct Listener { extern struct Listener* ListenerPollList; /* GLOBAL - listener list */ +/* vv Nefarious: */ +#ifdef USE_SSL +extern void add_listener(int port, const char* vaddr_ip, + const char* mask, int is_server, + int is_hidden, int is_ssl); +#else +/* ^^ Nefarious */ extern void add_listener(int port, const char* vaddr_ip, const char* mask, int is_server, int is_hidden); +#endif /* USE_SSL */ extern void close_listener(struct Listener* listener); extern void close_listeners(void); extern void count_listener_memory(int* count_out, size_t* size_out); diff -urp asuka.runnning/include/numeric.h asuka/include/numeric.h --- asuka.runnning/include/numeric.h 2005-01-17 06:55:54.000000000 +0100 +++ asuka/include/numeric.h 2005-01-17 11:53:41.000000000 +0100 @@ -249,6 +249,7 @@ extern const struct Numeric* get_error_n #define RPL_LISTUSAGE 334 /* Undernet extension */ /* RPL_COMMANDSYNTAX 334 Dalnet */ /* RPL_LISTSYNTAX 334 unreal */ +#define RPL_WHOISSSL 337 /* Nefarious extension */ /* RPL_CHANPASSOK 338 IRCnet extension (?)*/ #define RPL_WHOISACTUALLY 338 /* Undernet extension, dalnet */ /* RPL_BADCHANPASS 339 IRCnet extension (?)*/ @@ -383,6 +384,7 @@ extern const struct Numeric* get_error_n #define ERR_INVALIDUSERNAME 468 /* Undernet extension */ /* ERR_ONLYSERVERSCANCHANGE 468 Dalnet,unreal */ /* ERR_LINKSET 469 unreal */ +#define ERR_SSLONLYCHAN 469 /* Nefarious extension */ /* ERR_LINKCHANNEL 470 unreal */ /* ERR_KICKEDFROMCHAN 470 aircd */ #define ERR_CHANNELISFULL 471 diff -urp asuka.runnning/include/patchlevel.h asuka/include/patchlevel.h --- asuka.runnning/include/patchlevel.h 2005-01-17 06:55:54.000000000 +0100 +++ asuka/include/patchlevel.h 2005-01-16 21:54:26.000000000 +0100 @@ -18,7 +18,7 @@ * $Id: patchlevel.h,v 1.22 2004/09/02 12:35:06 pils Exp $ * */ -#define PATCHLEVEL "06" +#define PATCHLEVEL "06+NefariousSSL(0.3.0)" #define RELEASE ".11." diff -urp asuka.runnning/include/s_bsd.h asuka/include/s_bsd.h --- asuka.runnning/include/s_bsd.h 2005-01-17 06:55:54.000000000 +0100 +++ asuka/include/s_bsd.h 2005-01-16 21:56:55.000000000 +0100 @@ -84,7 +84,13 @@ extern int connect_server(struct ConfIte extern void release_dns_reply(struct Client* cptr); extern int net_close_unregistered_connections(struct Client* source); extern void close_connection(struct Client *cptr); +/* vv Nefarious: */ +#ifdef USE_SSL +extern void add_connection(struct Listener* listener, int fd, void *ssl); +#else +/* ^^ Nefarious */ extern void add_connection(struct Listener* listener, int fd); +#endif /* USE_SSL */ extern int read_message(time_t delay); extern void init_server_identity(void); extern void close_connections(int close_stderr); diff -urp asuka.runnning/include/s_conf.h asuka/include/s_conf.h --- asuka.runnning/include/s_conf.h 2005-01-17 06:55:54.000000000 +0100 +++ asuka/include/s_conf.h 2005-01-16 22:06:49.000000000 +0100 @@ -55,6 +55,7 @@ struct ConfItem { unsigned int status; /* If CONF_ILLEGAL, delete when no clients */ unsigned int clients; /* Number of *LOCAL* clients using this */ struct ConnectionClass* conn_class; /* Class of connection */ + struct in_addr origin; /* Nefarious: ip number of connect origin XXX NNN needed? */ struct in_addr ipnum; /* ip number of host field */ char* host; char* passwd; Only in asuka/include: ssl.h diff -urp asuka.runnning/ircd/IPcheck.c asuka/ircd/IPcheck.c --- asuka.runnning/ircd/IPcheck.c 2005-01-17 06:56:00.000000000 +0100 +++ asuka/ircd/IPcheck.c 2005-01-16 22:09:32.000000000 +0100 @@ -36,6 +36,9 @@ #include "send.h" #include "ircd_features.h" +#include "ssl.h" +/* ^^ Nefarious */ + #include #include diff -urp asuka.runnning/ircd/channel.c asuka/ircd/channel.c --- asuka.runnning/ircd/channel.c 2005-01-17 06:56:01.000000000 +0100 +++ asuka/ircd/channel.c 2005-01-16 22:50:50.000000000 +0100 @@ -741,6 +741,8 @@ void channel_modes(struct Client *cptr, *mbuf++ = 'N'; if (chptr->mode.mode & MODE_NOQUITPARTS) *mbuf++ = 'u'; + if (chptr->mode.mode & MODE_SSLONLY) + *mbuf++ = 'z'; if (chptr->mode.mode & MODE_DELJOINS) *mbuf++ = 'D'; /* +d is a local mode only */ @@ -1077,6 +1079,9 @@ int can_join(struct Client *sptr, struct if ((chptr->mode.mode & MODE_REGONLY) && !IsAccount(sptr)) return overrideJoin + ERR_NEEDREGGEDNICK; + + if ((chptr->mode.mode & MODE_SSLONLY) && !IsSSL(sptr)) + return overrideJoin + ERR_SSLONLYCHAN; if (is_banned(sptr, chptr, NULL)) return overrideJoin + ERR_BANNEDFROMCHAN; @@ -1402,6 +1407,7 @@ modebuf_flush_int(struct ModeBuf *mbuf, MODE_NOCTCP, 'C', MODE_NONOTICE, 'N', MODE_NOQUITPARTS, 'u', + MODE_SSLONLY, 'z', /* Nefarious */ 0x0, 0x0 }; int i; @@ -1763,7 +1769,7 @@ modebuf_mode(struct ModeBuf *mbuf, unsig mode &= (MODE_ADD | MODE_DEL | MODE_PRIVATE | MODE_SECRET | MODE_MODERATED | MODE_TOPICLIMIT | MODE_INVITEONLY | MODE_NOPRIVMSGS | MODE_REGONLY | MODE_DELJOINS | MODE_WASDELJOIN | MODE_NOCOLOUR | MODE_NOCTCP | - MODE_NONOTICE | MODE_NOQUITPARTS); + MODE_NONOTICE | MODE_NOQUITPARTS | MODE_SSLONLY); /* Nefarious */ if (!(mode & ~(MODE_ADD | MODE_DEL))) /* don't add empty modes... */ return; @@ -1888,6 +1894,7 @@ modebuf_extract(struct ModeBuf *mbuf, ch MODE_NONOTICE, 'N', MODE_DELJOINS, 'D', MODE_NOQUITPARTS, 'u', + MODE_SSLONLY, 'z', /* Nefarious */ 0x0, 0x0 }; unsigned int add; @@ -2579,6 +2586,7 @@ mode_parse(struct ModeBuf *mbuf, struct MODE_NONOTICE, 'N', MODE_DELJOINS, 'D', MODE_NOQUITPARTS, 'u', + MODE_SSLONLY, 'z', /* Nefarious */ MODE_ADD, '+', MODE_DEL, '-', 0x0, 0x0 @@ -2658,6 +2666,18 @@ mode_parse(struct ModeBuf *mbuf, struct mode_parse_client(&state, flag_p); break; +/* vv Nefarious: */ + case 'z': /* deal with SSL only */ + /* If they're not a SSL user, they can't +/- MODE_SSLONLY. */ + if (((MyConnect(sptr) && IsSSL(sptr)) || !MyConnect(sptr)) + || IsServer(sptr) || IsChannelService(sptr)) { + mode_parse_mode(&state, flag_p); + } else { + send_reply(sptr, ERR_NOPRIVILEGES); /* XXX NNN fix me */ + } + break; +/* ^^ Nefarious */ + default: /* deal with other modes */ mode_parse_mode(&state, flag_p); break; diff -urp asuka.runnning/ircd/ircd.c asuka/ircd/ircd.c --- asuka.runnning/ircd/ircd.c 2005-01-17 06:56:07.000000000 +0100 +++ asuka/ircd/ircd.c 2005-01-16 22:57:41.000000000 +0100 @@ -51,6 +51,11 @@ #include "s_misc.h" #include "s_stats.h" #include "send.h" +/* vv Nefarious: */ +#ifdef USE_SSL +#include "ssl.h" +#endif /* USE_SSL */ +/* ^^ Nefarious */ #include "sys.h" #include "uping.h" #include "userload.h" @@ -667,6 +672,12 @@ int main(int argc, char **argv) { uping_init(); +/* vv Nefarious: */ +#ifdef USE_SSL + ssl_init(); +#endif /* USE_SSL */ +/* ^^ Nefarious */ + stats_init(); IPcheck_init(); diff -urp asuka.runnning/ircd/listener.c asuka/ircd/listener.c --- asuka.runnning/ircd/listener.c 2005-01-17 06:56:02.000000000 +0100 +++ asuka/ircd/listener.c 2005-01-16 23:12:41.000000000 +0100 @@ -134,7 +134,13 @@ void show_ports(struct Client* sptr, str for (listener = ListenerPollList; listener; listener = listener->next) { if (port && port != listener->port) continue; +/* vv Nefarious: */ +#ifdef USE_SSL + flags[0] = (listener->server) ? 'S' : ((listener->ssl) ? 'E' : 'C'); +#else +/* ^^ Nefarious */ flags[0] = (listener->server) ? 'S' : 'C'; +#endif /* USE_SSL */ if (listener->hidden) { if (!show_hidden) continue; @@ -313,8 +319,15 @@ static int connection_allowed(const char * vhost_ip - if non-null must contain a valid IP address string in * the format "255.255.255.255" */ +/* vv Nefarious: */ +#ifdef USE_SSL +void add_listener(int port, const char* vhost_ip, const char* mask, + int is_server, int is_hidden, int is_ssl) +#else +/* ^^ Nefarious */ void add_listener(int port, const char* vhost_ip, const char* mask, int is_server, int is_hidden) +#endif /* USE_SSL */ { struct Listener* listener; struct in_addr vaddr; @@ -342,6 +355,11 @@ void add_listener(int port, const char* set_listener_mask(listener, mask); listener->hidden = is_hidden; listener->server = is_server; +/* vv Nefarious: */ +#ifdef USE_SSL + listener->ssl = is_ssl; +#endif /* USE_SSL */ +/* ^^ Nefarious */ return; } @@ -353,6 +371,11 @@ void add_listener(int port, const char* listener->hidden = is_hidden; listener->server = is_server; listener->next = ListenerPollList; +/* vv Nefarious: */ +#ifdef USE_SSL + listener->ssl = is_ssl; +#endif /* USE_SSL */ +/* ^^ Nefarious XXX NNN Do we need to move this outside like in the patch? */ ListenerPollList = listener; } else @@ -515,7 +538,16 @@ static void accept_connection(struct Eve ++ServerStats->is_ac; /* nextping = CurrentTime; */ +/* vv Nefarious: */ +#ifdef USE_SSL + if (listener->ssl) + ssl_add_connection(listener, fd); + else + add_connection(listener, fd, NULL); +#else +/* ^^ Nefarious */ add_connection(listener, fd); +#endif /* USE_SSL */ } } } diff -urp asuka.runnning/ircd/m_burst.c asuka/ircd/m_burst.c --- asuka.runnning/ircd/m_burst.c 2005-01-17 06:56:04.000000000 +0100 +++ asuka/ircd/m_burst.c 2005-01-16 23:28:47.000000000 +0100 @@ -166,13 +166,17 @@ int ms_burst(struct Client *cptr, struct for (param = 3; param < parc; param++) { if (parv[param][0] != '+') continue; - if (strchr(parv[param], 'i') || strchr(parv[param], 'k')) { + if (strchr(parv[param], 'i') || strchr(parv[param], 'k') || strchr(parv[param], 'z')) { /* SSL -- Nei */ /* Clear any outstanding rogue invites */ mode_invite_clear(chptr); for (member = chptr->members; member; member = nmember) { nmember=member->next_member; if (!MyUser(member->user) || IsZombie(member) || IsAnOper(member->user)) continue; + /* SSL -- Nei */ + if (!strchr(parv[param], 'i') && !strchr(parv[param], 'k') && IsSSL(member->user)) + continue; + /* ^^ SSL */ sendcmdto_serv_butone(&me, CMD_KICK, NULL, "%H %C :Net Rider", chptr, member->user); sendcmdto_channel_butserv_butone(&me, CMD_KICK, chptr, NULL, "%H %C :Net Rider", chptr, member->user); make_zombie(member, member->user, &me, &me, chptr); @@ -203,7 +207,7 @@ int ms_burst(struct Client *cptr, struct chptr->mode.mode &= ~(MODE_ADD | MODE_DEL | MODE_PRIVATE | MODE_SECRET | MODE_MODERATED | MODE_TOPICLIMIT | MODE_INVITEONLY | MODE_NOPRIVMSGS | MODE_NOCTCP | MODE_NOCOLOUR | - MODE_DELJOINS | MODE_NONOTICE | MODE_NOQUITPARTS); + MODE_DELJOINS | MODE_NONOTICE | MODE_NOQUITPARTS | MODE_SSLONLY); /* SSL -- Nei XXX NNN ??? -> MODE_REGONLY? */ parse_flags |= (MODE_PARSE_SET | MODE_PARSE_WIPEOUT); /* wipeout keys */ diff -urp asuka.runnning/ircd/m_clearmode.c asuka/ircd/m_clearmode.c --- asuka.runnning/ircd/m_clearmode.c 2005-01-17 06:56:05.000000000 +0100 +++ asuka/ircd/m_clearmode.c 2005-01-16 23:51:15.000000000 +0100 @@ -129,6 +129,7 @@ do_clearmode(struct Client *cptr, struct MODE_NONOTICE, 'N', MODE_DELJOINS, 'D', MODE_NOQUITPARTS, 'u', + MODE_SSLONLY, 'z', /* Nefarious */ 0x0, 0x0 }; int *flag_p; @@ -280,7 +281,7 @@ int mo_clearmode(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct Channel *chptr; - char *control = "ovpsmikbl"; /* default control string */ + char *control = "ovpsmikblz"; /* default control string */ /* SSL -- Nei XXX NNN */ char *chname, *qreason; int force = 0; diff -urp asuka.runnning/ircd/m_join.c asuka/ircd/m_join.c --- asuka.runnning/ircd/m_join.c 2005-01-17 06:56:01.000000000 +0100 +++ asuka/ircd/m_join.c 2005-01-17 00:02:50.000000000 +0100 @@ -260,6 +260,10 @@ int m_join(struct Client *cptr, struct C i = 'r'; break; + case ERR_SSLONLYCHAN: + i = 'z'; + break; + default: i = '?'; break; diff -urp asuka.runnning/ircd/m_rehash.c asuka/ircd/m_rehash.c --- asuka.runnning/ircd/m_rehash.c 2005-01-17 06:56:02.000000000 +0100 +++ asuka/ircd/m_rehash.c 2005-01-17 00:03:23.000000000 +0100 @@ -116,6 +116,14 @@ int mo_rehash(struct Client* cptr, struc send_reply(sptr, SND_EXPLICIT | RPL_REHASHING, ":Reopening log files"); log_reopen(); /* reopen log files */ return 0; +/* vv Nefarious: */ +#ifdef USE_SSL + } else if (*parv[1] == 's') { + send_reply(sptr, SND_EXPLICIT | RPL_REHASHING, ":Reopening SSL pem file"); + ssl_init(); + return 0; +#endif +/* ^^ Nefarious */ } else if (*parv[1] == 'q') flag = 2; } diff -urp asuka.runnning/ircd/m_stats.c asuka/ircd/m_stats.c --- asuka.runnning/ircd/m_stats.c 2005-01-17 06:56:03.000000000 +0100 +++ asuka/ircd/m_stats.c 2005-01-17 00:11:56.000000000 +0100 @@ -91,6 +91,11 @@ #include "numeric.h" #include "s_user.h" #include "send.h" +/* vv Nefarious: */ +#ifdef USE_SSL +#include "ssl.h" +#endif /* USE_SSL */ +/* ^^ Nefarious */ #include "struct.h" #include diff -urp asuka.runnning/ircd/m_whois.c asuka/ircd/m_whois.c --- asuka.runnning/ircd/m_whois.c 2005-01-17 06:56:08.000000000 +0100 +++ asuka/ircd/m_whois.c 2005-01-17 00:14:01.000000000 +0100 @@ -220,6 +220,12 @@ static void do_whois(struct Client* sptr /* Hint: if your looking to add more flags to a user, eg +h, here's * probably a good place to add them :) */ + +/* vv Nefarious: */ + if (IsSSL(acptr) && ((parc >= 3) || (acptr == sptr) || + IsAnOper(sptr))) + send_reply(sptr, RPL_WHOISSSL, name); +/* ^^ Nefarious */ if (MyConnect(acptr) && (IsAnOper(sptr) || diff -urp asuka.runnning/ircd/s_auth.c asuka/ircd/s_auth.c --- asuka.runnning/ircd/s_auth.c 2005-01-17 06:56:03.000000000 +0100 +++ asuka/ircd/s_auth.c 2005-01-17 00:21:35.000000000 +0100 @@ -50,6 +50,11 @@ #include "s_debug.h" #include "s_misc.h" #include "send.h" +/* vv Nefarious: */ +#ifdef USE_SSL +#include "ssl.h" +#endif /* USE_SSL */ +/* ^^ Nefarious */ #include "struct.h" #include "sys.h" /* TRUE bleah */ @@ -98,8 +103,15 @@ typedef enum { REPORT_INVAL_DNS } ReportType; +/* vv Nefarious: */ +#ifdef USE_SSL +#define sendheader(c, r) \ + ssl_send(c, HeaderMessages[(r)].message, HeaderMessages[(r)].length) +#else +/* ^^ Nefarious */ #define sendheader(c, r) \ send(cli_fd(c), HeaderMessages[(r)].message, HeaderMessages[(r)].length, 0) +#endif /* USE_SSL */ struct AuthRequest* AuthPollList = 0; /* GLOBAL - auth queries pending io */ static struct AuthRequest* AuthIncompleteList = 0; diff -urp asuka.runnning/ircd/s_bsd.c asuka/ircd/s_bsd.c --- asuka.runnning/ircd/s_bsd.c 2005-01-17 06:56:05.000000000 +0100 +++ asuka/ircd/s_bsd.c 2005-01-17 00:29:36.000000000 +0100 @@ -125,6 +125,27 @@ static void client_timer_callback(struct #endif #endif +/* vv Nefarious: */ +#ifdef USE_SSL +/* Helper routines */ +static IOResult client_recv(struct Client *cptr, char *buf, unsigned int length, unsigned int* count_out) +{ + if (cli_socket(cptr).ssl) + return ssl_recv(&cli_socket(cptr), buf, length, count_out); + else + return os_recv_nonb(cli_fd(cptr), buf, length, count_out); +} + +static IOResult client_sendv(struct Client *cptr, struct MsgQ *buf, unsigned int *count_in, unsigned int *count_out) +{ + if (cli_socket(cptr).ssl) + return ssl_sendv(&cli_socket(cptr), buf, count_in, count_out); + else + return os_sendv_nonb(cli_fd(cptr), buf, count_in, count_out); +} +#endif /* USE_SSL */ +/* ^^ Nefarious */ + /* * Cannot use perror() within daemon. stderr is closed in @@ -354,7 +375,11 @@ unsigned int deliver_it(struct Client *c unsigned int bytes_count = 0; assert(0 != cptr); +#ifdef USE_SSL + switch (client_sendv(cptr, buf, &bytes_count, &bytes_written)) { +#else switch (os_sendv_nonb(cli_fd(cptr), buf, &bytes_count, &bytes_written)) { +#endif /* USE_SSL */ case IO_SUCCESS: ClrFlag(cptr, FLAG_BLOCKED); @@ -584,7 +609,11 @@ int net_close_unregistered_connections(s * The client is not added to the linked list of clients, it is * passed off to the auth handler for dns and ident queries. *--------------------------------------------------------------------------*/ +#ifdef USE_SSL +void add_connection(struct Listener* listener, int fd, void *ssl) { +#else void add_connection(struct Listener* listener, int fd) { +#endif /* USE_SSL */ struct sockaddr_in addr; struct Client *new_client; time_t next_target = 0; @@ -605,7 +634,11 @@ void add_connection(struct Listener* lis */ if (!os_get_peername(fd, &addr) || !os_set_nonblocking(fd)) { ++ServerStats->is_ref; +#ifdef USE_SSL + ssl_murder(ssl, fd, ""); +#else close(fd); +#endif /* USE_SSL */ return; } /* @@ -626,8 +659,12 @@ void add_connection(struct Listener* lis */ if (!IPcheck_local_connect(addr.sin_addr, &next_target) && !listener->server) { ++ServerStats->is_ref; +#ifdef USE_SSL + ssl_murder(ssl, fd, throttle_message); +#else write(fd, throttle_message, strlen(throttle_message)); close(fd); +#endif /* USE_SSL */ return; } @@ -651,11 +688,19 @@ void add_connection(struct Listener* lis if (!socket_add(&(cli_socket(new_client)), client_sock_callback, (void*) cli_connect(new_client), SS_CONNECTED, 0, fd)) { ++ServerStats->is_ref; +#ifdef USE_SSL + ssl_murder(ssl, fd, register_message); +#else write(fd, register_message, strlen(register_message)); close(fd); +#endif /* USE_SSL */ cli_fd(new_client) = -1; return; } +#ifdef USE_SSL + if (ssl) + cli_socket(new_client).ssl = ssl; +#endif /* USE_SSL */ cli_freeflag(new_client) |= FREEFLAG_SOCKET; cli_listener(new_client) = listener; ++listener->ref_count; @@ -700,7 +745,11 @@ read_packet(struct Client *cptr, int soc if (socket_ready && !(IsUser(cptr) && !IsOper(cptr) && DBufLength(&(cli_recvQ(cptr))) > feature_int(FEAT_CLIENT_FLOOD))) { +#ifdef USE_SSL + switch (client_recv(cptr, readbuf, sizeof(readbuf), &length)) { +#else switch (os_recv_nonb(cli_fd(cptr), readbuf, sizeof(readbuf), &length)) { +#endif /* USE_SSL */ case IO_SUCCESS: if (length) { if (!IsServer(cptr)) @@ -1006,6 +1055,9 @@ static void client_sock_callback(struct if (!con_freeflag(con) && !cptr) free_connection(con); +#ifdef USE_SSL + ssl_free(ev_socket(ev)); +#endif /* USE_SSL */ break; case ET_CONNECT: /* socket connection completed */ diff -urp asuka.runnning/ircd/s_conf.c asuka/ircd/s_conf.c --- asuka.runnning/ircd/s_conf.c 2005-01-17 06:56:02.000000000 +0100 +++ asuka/ircd/s_conf.c 2005-01-17 00:37:20.000000000 +0100 @@ -50,6 +50,11 @@ #include "s_debug.h" #include "s_misc.h" #include "send.h" +/* vv Nefarious: */ +#ifdef USE_SSL +#include "ssl.h" +#endif /* USE_SSL */ +/* ^^ Nefarious */ #include "struct.h" #include "support.h" #include "sys.h" @@ -683,6 +688,9 @@ void conf_add_listener(const char* const { int is_server = 0; int is_hidden = 0; +#ifdef USE_SSL + int is_ssl = 0; +#endif /* USE_SSL */ /* * need a port @@ -696,10 +704,20 @@ void conf_add_listener(const char* const is_server = 1; ++x; if ('H' == ToUpper(*x)) +#ifdef USE_SSL + is_hidden = 1, ++x; + if ('E' == ToUpper(*x)) + is_ssl = 1, ++x; +#else is_hidden = 1; +#endif /* USE_SSL */ } /* port vhost mask */ +#ifdef USE_SSL + add_listener(atoi(fields[4]), fields[2], fields[1], is_server, is_hidden, is_ssl); +#else add_listener(atoi(fields[4]), fields[2], fields[1], is_server, is_hidden); +#endif /* USE_SSL */ } void conf_add_quarantine(const char* const* fields, int count) @@ -1413,6 +1431,10 @@ int rehash(struct Client *cptr, int sig) log_reopen(); /* reopen log files */ +#ifdef USE_SSL + ssl_init(); +#endif /* USE_SSL */ + close_listeners(); class_delete_marked(); /* unless it fails */ diff -urp asuka.runnning/ircd/s_debug.c asuka/ircd/s_debug.c --- asuka.runnning/ircd/s_debug.c 2005-01-17 06:56:04.000000000 +0100 +++ asuka/ircd/s_debug.c 2005-01-17 00:41:09.000000000 +0100 @@ -45,6 +45,11 @@ #include "s_conf.h" #include "s_stats.h" #include "send.h" +/* vv Nefarious: */ +#ifdef USE_SSL +#include "ssl.h" +#endif /* USE_SSL */ +/* ^^ Nefarious */ #include "struct.h" #include "sys.h" #include "whowas.h" @@ -148,6 +153,10 @@ const char* debug_serveropts(void) if (feature_bool(FEAT_VIRTUAL_HOST)) AddC('v'); +#ifdef USE_SSL + AddC('z'); +#endif /* USE_SSL */ + serveropts[i] = '\0'; return serveropts; @@ -322,8 +331,13 @@ void count_memory(struct Client *cptr, s for (cltmp = get_class_list(); cltmp; cltmp = cltmp->next) cl++; +#ifdef USE_SSL + send_reply(cptr, SND_EXPLICIT | RPL_STATSDEBUG, + ":Clients %d(%zu) Connections %d(%zu) SSL %d", c, cm, cn, cnm, ssl_count()); +#else send_reply(cptr, SND_EXPLICIT | RPL_STATSDEBUG, ":Clients %d(%zu) Connections %d(%zu)", c, cm, cn, cnm); +#endif /* USE_SSL */ send_reply(cptr, SND_EXPLICIT | RPL_STATSDEBUG, ":Users %d(%zu) Accounts %d(%zu) Invites %d(%zu)", us, us * sizeof(struct User), acc, acc * (ACCOUNTLEN + 1), diff -urp asuka.runnning/ircd/s_err.c asuka/ircd/s_err.c --- asuka.runnning/ircd/s_err.c 2005-01-17 06:55:56.000000000 +0100 +++ asuka/ircd/s_err.c 2005-01-17 11:58:12.000000000 +0100 @@ -706,7 +706,7 @@ static Numeric replyTable[] = { /* 336 */ { 0 }, /* 337 */ - { 0 }, + { RPL_WHOISSSL, "%s :is using a secure connection", "337" }, /* 338 */ { RPL_WHOISACTUALLY, "%s %s@%s %s :Actual user@host, Actual IP", "338" }, /* 339 */ @@ -970,7 +970,7 @@ static Numeric replyTable[] = { /* 468 */ { ERR_INVALIDUSERNAME, 0, "468" }, /* 469 */ - { 0 }, + { ERR_SSLONLYCHAN, "%s :Cannot join channel (+z)", "469" }, /* 470 */ { 0 }, /* 471 */ diff -urp asuka.runnning/ircd/s_user.c asuka/ircd/s_user.c --- asuka.runnning/ircd/s_user.c 2005-01-17 06:56:00.000000000 +0100 +++ asuka/ircd/s_user.c 2005-01-17 01:17:52.000000000 +0100 @@ -541,6 +541,10 @@ int register_user(struct Client *cptr, s SetSetHost(sptr); } } +#ifdef USE_SSL + if (MyConnect(sptr) && cli_socket(sptr).ssl) + SetSSL(sptr); +#endif /* USE_SSL */ if (MyConnect(sptr) && feature_bool(FEAT_AUTOINVISIBLE)) SetInvisible(sptr); @@ -572,6 +576,11 @@ int register_user(struct Client *cptr, s send_reply(sptr, RPL_CREATED, creation); send_reply(sptr, RPL_MYINFO, cli_name(&me), version); send_supported(sptr); +#ifdef USE_SSL + if (IsSSL(sptr)) + sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :You are connected to %s with %s", sptr, + cli_name(&me), ssl_get_cipher(cli_socket(sptr).ssl)); +#endif m_lusers(sptr, sptr, 1, parv); update_load(); motd_signon(sptr); Only in asuka/ircd: ssl.c