[solanum.git] / modules / m_starttls.c

/*
 * Copyright (c) 2012 Ariadne Conill <ariadne@dereferenced.org>.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include "stdinc.h"
#include "client.h"
#include "match.h"
#include "hash.h"
#include "ircd.h"
#include "numeric.h"
#include "send.h"
#include "msg.h"
#include "modules.h"
#include "sslproc.h"
#include "s_assert.h"
#include "s_serv.h"
#include "logger.h"

static const char starttls_desc[] = "Provides the tls CAP and STARTTLS command";

static void mr_starttls(struct MsgBuf *, struct Client *, struct Client *, int, const char **);

struct Message starttls_msgtab = {
	"STARTTLS", 0, 0, 0, 0,
	{{mr_starttls, 0}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore}
};

mapi_clist_av1 starttls_clist[] = { &starttls_msgtab, NULL };

unsigned int CLICAP_TLS = 0;

static bool
tls_visible(struct Client *ignored)
{
	return ircd_ssl_ok && get_ssld_count();
}

static struct ClientCapability capdata_tls = {
	.visible = tls_visible,
	.flags = CLICAP_FLAGS_PRIORITY,
};

mapi_cap_list_av2 starttls_cap_list[] = {
	{ MAPI_CAP_CLIENT, "tls", &capdata_tls, &CLICAP_TLS },
	{ 0, NULL, NULL, NULL }
};

DECLARE_MODULE_AV2(starttls, NULL, NULL, starttls_clist, NULL, NULL, starttls_cap_list, NULL, starttls_desc);

static void
mr_starttls(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
	ssl_ctl_t *ctl;
	rb_fde_t *F[2];

	if (!MyConnect(client_p))
		return;

	if (IsSSL(client_p))
	{
		sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "Nested TLS handshake not allowed");
		return;
	}

	if (!ircd_ssl_ok || !get_ssld_count())
	{
		sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured");
		return;
	}

	if (rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &F[0], &F[1], "STARTTLS ssld session") == -1)
	{
		ilog_error("error creating SSL/TLS socketpair for ssld slave");
		sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "Unable to create SSL/TLS socketpair for ssld offload slave");
		return;
	}

	s_assert(client_p->localClient != NULL);

	/* clear out any remaining plaintext lines */
	rb_linebuf_donebuf(&client_p->localClient->buf_recvq);

	sendto_one_numeric(client_p, RPL_STARTTLS, form_str(RPL_STARTTLS));
	send_queued(client_p);

	/* TODO: set localClient->ssl_callback and handle success/failure */

	ctl = start_ssld_accept(client_p->localClient->F, F[1], connid_get(client_p));
	if (ctl != NULL)
	{
		client_p->localClient->F = F[0];
		client_p->localClient->ssl_ctl = ctl;
		SetSSL(client_p);
		SetSecure(client_p);
	}
}
Commit	Line	Data
21f715a9	1	/*
3fc0499e	2	* Copyright (c) 2012 Ariadne Conill <ariadne@dereferenced.org>.
21f715a9 AC	3	*
	4	* Permission to use, copy, modify, and/or distribute this software for any
	5	* purpose with or without fee is hereby granted, provided that the above
	6	* copyright notice and this permission notice is present in all copies.
	7	*
	8	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	9	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	10	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	11	* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
	12	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	13	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	14	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	15	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	16	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
	17	* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	18	* POSSIBILITY OF SUCH DAMAGE.
	19	*/
	20
	21	#include "stdinc.h"
	22	#include "client.h"
21f715a9 AC	23	#include "match.h"
	24	#include "hash.h"
	25	#include "ircd.h"
	26	#include "numeric.h"
	27	#include "send.h"
	28	#include "msg.h"
	29	#include "modules.h"
	30	#include "sslproc.h"
77d3d2db	31	#include "s_assert.h"
ed385364	32	#include "s_serv.h"
77d3d2db	33	#include "logger.h"
21f715a9	34
3abc337f	35	static const char starttls_desc[] = "Provides the tls CAP and STARTTLS command";
21f715a9	36
3c7d6fcc	37	static void mr_starttls(struct MsgBuf , struct Client , struct Client , int, const char *);
eeabf33a	38
21f715a9	39	struct Message starttls_msgtab = {
7baa37a9	40	"STARTTLS", 0, 0, 0, 0,
21f715a9 AC	41	{{mr_starttls, 0}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore}
	42	};
	43
	44	mapi_clist_av1 starttls_clist[] = { &starttls_msgtab, NULL };
	45
0416a2cc AC	46	unsigned int CLICAP_TLS = 0;
0416a2cc AC	47
dd335573 DF	48	static bool
	49	tls_visible(struct Client *ignored)
	50	{
	51	return ircd_ssl_ok && get_ssld_count();
	52	}
	53
738b5d29	54	static struct ClientCapability capdata_tls = {
dd335573	55	.visible = tls_visible,
738b5d29 EK	56	.flags = CLICAP_FLAGS_PRIORITY,
	57	};
	58
684725ed	59	mapi_cap_list_av2 starttls_cap_list[] = {
738b5d29	60	{ MAPI_CAP_CLIENT, "tls", &capdata_tls, &CLICAP_TLS },
684725ed EM	61	{ 0, NULL, NULL, NULL }
684725ed EM	62	};
0416a2cc	63
f45f4143	64	DECLARE_MODULE_AV2(starttls, NULL, NULL, starttls_clist, NULL, NULL, starttls_cap_list, NULL, starttls_desc);
21f715a9	65
3c7d6fcc	66	static void
428ca87b	67	mr_starttls(struct MsgBuf msgbuf_p, struct Client client_p, struct Client source_p, int parc, const char parv[])
21f715a9	68	{
21f715a9 AC	69	ssl_ctl_t *ctl;
	70	rb_fde_t *F[2];
	71
	72	if (!MyConnect(client_p))
3c7d6fcc	73	return;
21f715a9	74
2b177879 MM	75	if (IsSSL(client_p))
	76	{
	77	sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "Nested TLS handshake not allowed");
3c7d6fcc	78	return;
2b177879 MM	79	}
2b177879 MM	80
bfc44622	81	if (!ircd_ssl_ok \|\| !get_ssld_count())
8ff07125 JT	82	{
8ff07125 JT	83	sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured");
3c7d6fcc	84	return;
8ff07125 JT	85	}
8ff07125 JT	86
21f715a9 AC	87	if (rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &F[0], &F[1], "STARTTLS ssld session") == -1)
	88	{
	89	ilog_error("error creating SSL/TLS socketpair for ssld slave");
c4e81ae9	90	sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "Unable to create SSL/TLS socketpair for ssld offload slave");
3c7d6fcc	91	return;
21f715a9 AC	92	}
	93
	94	s_assert(client_p->localClient != NULL);
	95
	96	/* clear out any remaining plaintext lines */
	97	rb_linebuf_donebuf(&client_p->localClient->buf_recvq);
	98
	99	sendto_one_numeric(client_p, RPL_STARTTLS, form_str(RPL_STARTTLS));
	100	send_queued(client_p);
	101
4fbb7362 SA	102	/* TODO: set localClient->ssl_callback and handle success/failure */
4fbb7362 SA	103
de7cf7e0	104	ctl = start_ssld_accept(client_p->localClient->F, F[1], connid_get(client_p));
21f715a9 AC	105	if (ctl != NULL)
	106	{
	107	client_p->localClient->F = F[0];
	108	client_p->localClient->ssl_ctl = ctl;
	109	SetSSL(client_p);
bbdc439a	110	SetSecure(client_p);
21f715a9	111	}
21f715a9	112	}