]>
Commit | Line | Data |
---|---|---|
21f715a9 | 1 | /* |
3fc0499e | 2 | * Copyright (c) 2012 Ariadne Conill <ariadne@dereferenced.org>. |
21f715a9 AC |
3 | * |
4 | * Permission to use, copy, modify, and/or distribute this software for any | |
5 | * purpose with or without fee is hereby granted, provided that the above | |
6 | * copyright notice and this permission notice is present in all copies. | |
7 | * | |
8 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
9 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
10 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
11 | * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, | |
12 | * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
13 | * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
14 | * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
15 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
16 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING | |
17 | * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
18 | * POSSIBILITY OF SUCH DAMAGE. | |
19 | */ | |
20 | ||
21 | #include "stdinc.h" | |
22 | #include "client.h" | |
21f715a9 AC |
23 | #include "match.h" |
24 | #include "hash.h" | |
25 | #include "ircd.h" | |
26 | #include "numeric.h" | |
27 | #include "send.h" | |
28 | #include "msg.h" | |
29 | #include "modules.h" | |
30 | #include "sslproc.h" | |
77d3d2db | 31 | #include "s_assert.h" |
ed385364 | 32 | #include "s_serv.h" |
77d3d2db | 33 | #include "logger.h" |
21f715a9 | 34 | |
3abc337f | 35 | static const char starttls_desc[] = "Provides the tls CAP and STARTTLS command"; |
21f715a9 | 36 | |
3c7d6fcc | 37 | static void mr_starttls(struct MsgBuf *, struct Client *, struct Client *, int, const char **); |
eeabf33a | 38 | |
21f715a9 | 39 | struct Message starttls_msgtab = { |
7baa37a9 | 40 | "STARTTLS", 0, 0, 0, 0, |
21f715a9 AC |
41 | {{mr_starttls, 0}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore} |
42 | }; | |
43 | ||
44 | mapi_clist_av1 starttls_clist[] = { &starttls_msgtab, NULL }; | |
45 | ||
0416a2cc AC |
46 | unsigned int CLICAP_TLS = 0; |
47 | ||
dd335573 DF |
48 | static bool |
49 | tls_visible(struct Client *ignored) | |
50 | { | |
51 | return ircd_ssl_ok && get_ssld_count(); | |
52 | } | |
53 | ||
738b5d29 | 54 | static struct ClientCapability capdata_tls = { |
dd335573 | 55 | .visible = tls_visible, |
738b5d29 EK |
56 | .flags = CLICAP_FLAGS_PRIORITY, |
57 | }; | |
58 | ||
684725ed | 59 | mapi_cap_list_av2 starttls_cap_list[] = { |
738b5d29 | 60 | { MAPI_CAP_CLIENT, "tls", &capdata_tls, &CLICAP_TLS }, |
684725ed EM |
61 | { 0, NULL, NULL, NULL } |
62 | }; | |
0416a2cc | 63 | |
f45f4143 | 64 | DECLARE_MODULE_AV2(starttls, NULL, NULL, starttls_clist, NULL, NULL, starttls_cap_list, NULL, starttls_desc); |
21f715a9 | 65 | |
3c7d6fcc | 66 | static void |
428ca87b | 67 | mr_starttls(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) |
21f715a9 | 68 | { |
21f715a9 AC |
69 | ssl_ctl_t *ctl; |
70 | rb_fde_t *F[2]; | |
71 | ||
72 | if (!MyConnect(client_p)) | |
3c7d6fcc | 73 | return; |
21f715a9 | 74 | |
2b177879 MM |
75 | if (IsSSL(client_p)) |
76 | { | |
77 | sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "Nested TLS handshake not allowed"); | |
3c7d6fcc | 78 | return; |
2b177879 MM |
79 | } |
80 | ||
bfc44622 | 81 | if (!ircd_ssl_ok || !get_ssld_count()) |
8ff07125 JT |
82 | { |
83 | sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured"); | |
3c7d6fcc | 84 | return; |
8ff07125 JT |
85 | } |
86 | ||
21f715a9 AC |
87 | if (rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &F[0], &F[1], "STARTTLS ssld session") == -1) |
88 | { | |
89 | ilog_error("error creating SSL/TLS socketpair for ssld slave"); | |
c4e81ae9 | 90 | sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "Unable to create SSL/TLS socketpair for ssld offload slave"); |
3c7d6fcc | 91 | return; |
21f715a9 AC |
92 | } |
93 | ||
94 | s_assert(client_p->localClient != NULL); | |
95 | ||
96 | /* clear out any remaining plaintext lines */ | |
97 | rb_linebuf_donebuf(&client_p->localClient->buf_recvq); | |
98 | ||
99 | sendto_one_numeric(client_p, RPL_STARTTLS, form_str(RPL_STARTTLS)); | |
100 | send_queued(client_p); | |
101 | ||
4fbb7362 SA |
102 | /* TODO: set localClient->ssl_callback and handle success/failure */ |
103 | ||
de7cf7e0 | 104 | ctl = start_ssld_accept(client_p->localClient->F, F[1], connid_get(client_p)); |
21f715a9 AC |
105 | if (ctl != NULL) |
106 | { | |
107 | client_p->localClient->F = F[0]; | |
108 | client_p->localClient->ssl_ctl = ctl; | |
109 | SetSSL(client_p); | |
bbdc439a | 110 | SetSecure(client_p); |
21f715a9 | 111 | } |
21f715a9 | 112 | } |