Kyoshiro
/
bip
forked from bip/bip
1
0
Fork 0
Code Pull Requests Activity

YS' SSL certification check patch merged

This commit is contained in:
nohar 2005-06-04 11:05:54 +00:00
parent 6135a13810
commit 3a51245c14
11 changed files with 464 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
samples/bip.conf
View File

@ -74,6 +74,19 @@ user {
# this user's password (md5(md5("tata"))) plus seed # this user's password (md5(md5("tata"))) plus seed
password = "3880f2b39b3b9cb507b052b695d2680859bfc327"; password = "3880f2b39b3b9cb507b052b695d2680859bfc327";
# SSL certificates checking mode for user:
# "none" to accept anything;
# "basic" to accept if the certificate is contained in the store below;
# "ca" to do a complete certificate chain checking with the objects
# in the store below (you have to put in it every cert, CRL, up to the
# root CA).
ssl_check_mode = "none";
# Location of the user's store for SSL certificate check
# Standard openssl store, you must put PEM objects with .pem extension
# and run `c_rehash .' in it
ssl_check_store = "/home/nohar/.bip/certstore";
# A user can have mutiple connections to irc networks. # A user can have mutiple connections to irc networks.
# define a connection: # define a connection:
connection { connection {

17
src/bip.c
View File

@ -556,6 +556,9 @@ void c_user_free(struct c_user *cu)
{ {
free(cu->name); free(cu->name);
free(cu->password); free(cu->password);
#ifdef HAVE_LIBSSL
free(cu->ssl_check_store);
#endif
struct c_connection *con; struct c_connection *con;
while ((con = list_remove_first(&cu->connectionl))) while ((con = list_remove_first(&cu->connectionl)))
c_connection_free(con); c_connection_free(con);
@ -596,6 +599,18 @@ static int add_user(list_t *data)
if (!r) if (!r)
return 0; return 0;
break; break;
#ifdef HAVE_LIBSSL
case LEX_SSL_CHECK_MODE:
if (!strncmp(t->pdata, "basic", 5))
u->ssl_check_mode = SSL_CHECK_BASIC;
if (!strncmp(t->pdata, "ca", 2))
u->ssl_check_mode = SSL_CHECK_CA;
free(t->pdata);
break;
case LEX_SSL_CHECK_STORE:
u->ssl_check_store = t->pdata;
break;
#endif
default: default:
conf_die("Uknown keyword in user statement"); conf_die("Uknown keyword in user statement");
if (t->type == TUPLE_STR) if (t->type == TUPLE_STR)
@ -921,6 +936,8 @@ void ircize(list_t *ll)
link->bind_port = c->source_port; link->bind_port = c->source_port;
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
link->s_ssl = c->network->ssl; link->s_ssl = c->network->ssl;
link->ssl_check_mode = u->ssl_check_mode;
link->ssl_check_store = strmaydup(u->ssl_check_store);
#endif #endif
if (!link->user) if (!link->user)

4
src/bip.h
View File

@ -28,6 +28,10 @@ struct c_user
char *name; char *name;
unsigned char *password; unsigned char *password;
unsigned int seed; unsigned int seed;
#ifdef HAVE_LIBSSL
int ssl_check_mode;
char *ssl_check_store;
#endif
list_t connectionl; list_t connectionl;
}; };

86
src/conf.h
View File

@ -53,26 +53,28 @@
LEX_BUNCH = 279, LEX_BUNCH = 279,
LEX_REALNAME = 280, LEX_REALNAME = 280,
LEX_SSL = 281, LEX_SSL = 281,
LEX_CHANNEL = 282, LEX_SSL_CHECK_MODE = 282,
LEX_KEY = 283, LEX_SSL_CHECK_STORE = 283,
LEX_LOG_ROOT = 284, LEX_CHANNEL = 284,
LEX_LOG_FORMAT = 285, LEX_KEY = 285,
LEX_LOG_LEVEL = 286, LEX_LOG_ROOT = 286,
LEX_BACKLOG_LINES = 287, LEX_LOG_FORMAT = 287,
LEX_BACKLOG = 288, LEX_LOG_LEVEL = 288,
LEX_LOG = 289, LEX_BACKLOG_LINES = 289,
LEX_LOG_SYNC_INTERVAL = 290, LEX_BACKLOG = 290,
LEX_FOLLOW_NICK = 291, LEX_LOG = 291,
LEX_ON_CONNECT_SEND = 292, LEX_LOG_SYNC_INTERVAL = 292,
LEX_AWAY_NICK = 293, LEX_FOLLOW_NICK = 293,
LEX_PID_FILE = 294, LEX_ON_CONNECT_SEND = 294,
LEX_IGN_FIRST_NICK = 295, LEX_AWAY_NICK = 295,
LEX_ALWAYS_BACKLOG = 296, LEX_PID_FILE = 296,
LEX_LOGIN = 297, LEX_IGN_FIRST_NICK = 297,
LEX_BLRESET_ON_TALK = 298, LEX_ALWAYS_BACKLOG = 298,
LEX_BOOL = 299, LEX_LOGIN = 299,
LEX_INT = 300, LEX_BLRESET_ON_TALK = 300,
LEX_STRING = 301 LEX_BOOL = 301,
LEX_INT = 302,
LEX_STRING = 303
}; };
#endif #endif
#define LEX_IP 258 #define LEX_IP 258
@ -99,26 +101,28 @@
#define LEX_BUNCH 279 #define LEX_BUNCH 279
#define LEX_REALNAME 280 #define LEX_REALNAME 280
#define LEX_SSL 281 #define LEX_SSL 281
#define LEX_CHANNEL 282 #define LEX_SSL_CHECK_MODE 282
#define LEX_KEY 283 #define LEX_SSL_CHECK_STORE 283
#define LEX_LOG_ROOT 284 #define LEX_CHANNEL 284
#define LEX_LOG_FORMAT 285 #define LEX_KEY 285
#define LEX_LOG_LEVEL 286 #define LEX_LOG_ROOT 286
#define LEX_BACKLOG_LINES 287 #define LEX_LOG_FORMAT 287
#define LEX_BACKLOG 288 #define LEX_LOG_LEVEL 288
#define LEX_LOG 289 #define LEX_BACKLOG_LINES 289
#define LEX_LOG_SYNC_INTERVAL 290 #define LEX_BACKLOG 290
#define LEX_FOLLOW_NICK 291 #define LEX_LOG 291
#define LEX_ON_CONNECT_SEND 292 #define LEX_LOG_SYNC_INTERVAL 292
#define LEX_AWAY_NICK 293 #define LEX_FOLLOW_NICK 293
#define LEX_PID_FILE 294 #define LEX_ON_CONNECT_SEND 294
#define LEX_IGN_FIRST_NICK 295 #define LEX_AWAY_NICK 295
#define LEX_ALWAYS_BACKLOG 296 #define LEX_PID_FILE 296
#define LEX_LOGIN 297 #define LEX_IGN_FIRST_NICK 297
#define LEX_BLRESET_ON_TALK 298 #define LEX_ALWAYS_BACKLOG 298
#define LEX_BOOL 299 #define LEX_LOGIN 299
#define LEX_INT 300 #define LEX_BLRESET_ON_TALK 300
#define LEX_STRING 301 #define LEX_BOOL 301
#define LEX_INT 302
#define LEX_STRING 303
@ -132,7 +136,7 @@ typedef union YYSTYPE {
struct tuple *tuple; struct tuple *tuple;
} YYSTYPE; } YYSTYPE;
/* Line 1285 of yacc.c. */ /* Line 1285 of yacc.c. */
#line 136 "y.tab.h" #line 140 "y.tab.h"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_TRIVIAL 1

6
src/conf.y
View File

@ -80,7 +80,7 @@ struct tuple *tuple_l_new(int type, void *p)
%} %}
%token LEX_IP LEX_EQ LEX_PORT LEX_CSS LEX_SEMICOLON LEX_CONNECTION LEX_NETWORK LEX_LBRA LEX_RBRA LEX_USER LEX_NAME LEX_USERNAME LEX_NICK LEX_SERVER LEX_PASSWORD LEX_SRCIP LEX_HOST LEX_VHOST LEX_SOURCE_PORT LEX_NONE LEX_COMMENT LEX_BUNCH LEX_REALNAME LEX_SSL LEX_CHANNEL LEX_KEY LEX_LOG_ROOT LEX_LOG_FORMAT LEX_LOG_LEVEL LEX_BACKLOG_LINES LEX_BACKLOG LEX_LOG LEX_LOG_SYNC_INTERVAL LEX_FOLLOW_NICK LEX_ON_CONNECT_SEND LEX_AWAY_NICK LEX_PID_FILE LEX_IGN_FIRST_NICK LEX_ALWAYS_BACKLOG LEX_LOGIN LEX_BLRESET_ON_TALK %token LEX_IP LEX_EQ LEX_PORT LEX_CSS LEX_SEMICOLON LEX_CONNECTION LEX_NETWORK LEX_LBRA LEX_RBRA LEX_USER LEX_NAME LEX_USERNAME LEX_NICK LEX_SERVER LEX_PASSWORD LEX_SRCIP LEX_HOST LEX_VHOST LEX_SOURCE_PORT LEX_NONE LEX_COMMENT LEX_BUNCH LEX_REALNAME LEX_SSL LEX_SSL_CHECK_MODE LEX_SSL_CHECK_STORE LEX_CHANNEL LEX_KEY LEX_LOG_ROOT LEX_LOG_FORMAT LEX_LOG_LEVEL LEX_BACKLOG_LINES LEX_BACKLOG LEX_LOG LEX_LOG_SYNC_INTERVAL LEX_FOLLOW_NICK LEX_ON_CONNECT_SEND LEX_AWAY_NICK LEX_PID_FILE LEX_IGN_FIRST_NICK LEX_ALWAYS_BACKLOG LEX_LOGIN LEX_BLRESET_ON_TALK
%union { %union {
int number; int number;
@ -145,6 +145,10 @@ usr_command:
$$ = tuple_s_new(LEX_NAME, $3); } $$ = tuple_s_new(LEX_NAME, $3); }
| LEX_PASSWORD LEX_EQ LEX_STRING { $$ = tuple_s_new(LEX_PASSWORD, | LEX_PASSWORD LEX_EQ LEX_STRING { $$ = tuple_s_new(LEX_PASSWORD,
$3); } $3); }
| LEX_SSL_CHECK_MODE LEX_EQ LEX_STRING { $$ = tuple_s_new(
LEX_SSL_CHECK_MODE, $3); }
| LEX_SSL_CHECK_STORE LEX_EQ LEX_STRING { $$ = tuple_s_new(
LEX_SSL_CHECK_STORE, $3); }
| LEX_CONNECTION LEX_LBRA connection LEX_RBRA { | LEX_CONNECTION LEX_LBRA connection LEX_RBRA {
$$ = tuple_l_new(LEX_CONNECTION, $3); } $$ = tuple_l_new(LEX_CONNECTION, $3); }

231
src/connection.c
View File

@ -18,11 +18,13 @@
extern int errno; extern int errno;
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
static int ssl_initialized = 0;
static SSL_CTX *sslctx = NULL; static SSL_CTX *sslctx = NULL;
static int ssl_cx_idx;
static BIO *errbio = NULL; static BIO *errbio = NULL;
extern char *conf_ssl_certfile; extern char *conf_ssl_certfile;
static int SSLize(connection_t *cn, int *nc); static int SSLize(connection_t *cn, int *nc);
static int SSL_init_context(void); static SSL_CTX *SSL_init_context(void);
#endif #endif
static int connection_timedout(connection_t *cn); static int connection_timedout(connection_t *cn);
@ -82,6 +84,10 @@ void connection_free(connection_t *cn)
SSL_free(cn->ssl_h); SSL_free(cn->ssl_h);
cn->ssl_h = NULL; cn->ssl_h = NULL;
} }
if (cn->ssl_ctx_h) {
SSL_CTX_free(cn->ssl_ctx_h);
cn->ssl_ctx_h = NULL;
}
} }
#endif #endif
free(cn); free(cn);
@ -967,8 +973,11 @@ static connection_t *connection_init(int anti_flood, int ssl, int timeout,
conn->ip_list = NULL; conn->ip_list = NULL;
conn->connecting_data = NULL; conn->connecting_data = NULL;
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
conn->ssl_ctx_h = NULL;
conn->ssl_h = NULL; conn->ssl_h = NULL;
conn->cert = NULL; conn->cert = NULL;
conn->ssl_check_store = NULL;
conn->ssl_check_mode = SSL_CHECK_NONE;
#endif #endif
conn->connected = CONN_NEW; conn->connected = CONN_NEW;
@ -996,9 +1005,10 @@ connection_t *accept_new(connection_t *cn)
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
if (cn->ssl) { if (cn->ssl) {
if (!sslctx) { if (!sslctx) {
mylog(LOG_DEBUG, "No SSL context availaible. " mylog(LOG_DEBUG, "No SSL context available for "
"accepted connections. "
"Initializing..."); "Initializing...");
if (SSL_init_context()) { if (!(sslctx = SSL_init_context())) {
mylog(LOG_DEBUG, "SSL context initialization " mylog(LOG_DEBUG, "SSL context initialization "
"failed"); "failed");
connection_free(conn); connection_free(conn);
@ -1051,66 +1061,138 @@ static connection_t *_connection_new(char *dsthostname, char *dstport,
} }
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
static int SSL_init_context(void) static SSL_CTX *SSL_init_context(void)
{ {
int fd, flags, ret, rng; int fd, flags, ret, rng;
char buf[1025]; char buf[1025];
SSL_CTX *ctx;
if (sslctx) { if (sslctx) {
mylog(LOG_DEBUG, "SSL already initialized"); mylog(LOG_DEBUG, "SSL already initialized");
return 0; return 0;
} }
SSL_library_init(); if (!ssl_initialized) {
SSL_load_error_strings(); SSL_library_init();
errbio = BIO_new_fp(stderr,BIO_NOCLOSE); SSL_load_error_strings();
errbio = BIO_new_fp(stderr,BIO_NOCLOSE);
ssl_cx_idx = SSL_get_ex_new_index(0, "bip connection_t",
NULL, NULL,NULL);
flags = O_RDONLY;
flags |= O_NONBLOCK;
fd = open("/dev/random", flags);
if (fd < 0) {
mylog(LOG_DEBUG, "SSL: /dev/random not ready, unable "
"to manually seed PRNG.");
goto prng_end;
}
do {
ret = read(fd, buf, 1024);
if (ret <= 0) {
mylog(LOG_DEBUG,"/dev/random: %s",
strerror(errno));
goto prng_end;
}
mylog(LOG_DEBUG, "PRNG seeded with %d /dev/random "
"bytes", ret);
RAND_seed(buf, ret);
} while (!(rng = RAND_status()));
prng_end:
do {
ret = close(fd);
} while (ret != 0 && errno == EINTR);
if (RAND_status()) {
mylog(LOG_DEBUG, "SSL: PRNG is seeded !");
} else {
mylog(LOG_WARN, "SSL: PRNG is not seeded enough");
mylog(LOG_WARN, " OpenSSL will use /dev/urandom if "
"available.");
}
ssl_initialized = 1;
}
/* allocated by function */ /* allocated by function */
sslctx = SSL_CTX_new(SSLv23_method()); ctx = SSL_CTX_new(SSLv23_method());
if (!sslctx) if (!SSL_CTX_use_certificate_chain_file(ctx,conf_ssl_certfile)) {
return 1;
if (!SSL_CTX_use_certificate_chain_file(sslctx,conf_ssl_certfile)) {
mylog(LOG_DEBUG, "SSL: Unable to load certificate file"); mylog(LOG_DEBUG, "SSL: Unable to load certificate file");
} }
if (!SSL_CTX_use_PrivateKey_file(sslctx, conf_ssl_certfile, if (!SSL_CTX_use_PrivateKey_file(ctx, conf_ssl_certfile,
SSL_FILETYPE_PEM)) { SSL_FILETYPE_PEM)) {
mylog(LOG_DEBUG, "SSL: Unable to load key file"); mylog(LOG_DEBUG, "SSL: Unable to load key file");
} }
SSL_CTX_set_session_cache_mode(sslctx, SSL_SESS_CACHE_BOTH); SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_set_timeout(sslctx,(long)60); SSL_CTX_set_timeout(ctx,(long)60);
SSL_CTX_set_options(sslctx, SSL_OP_ALL); SSL_CTX_set_options(ctx, SSL_OP_ALL);
flags = O_RDONLY;
flags |= O_NONBLOCK;
fd = open("/dev/random", flags);
if (fd < 0) {
mylog(LOG_DEBUG, "SSL: /dev/random not ready, unable to "
"manually seed PRNG.");
goto prng_end;
}
do { return ctx;
ret = read(fd, buf, 1024); }
if (ret <= 0) {
mylog(LOG_DEBUG,"/dev/random: %s",strerror(errno)); static int bip_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
goto prng_end; {
char subject[256];
char issuer[256];
X509 *err_cert;
int err, depth;
SSL *ssl;
connection_t *c;
X509_OBJECT xobj;
int is_in_store;
int result;
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
/* Retrieve the SSL and connection_t objects from the store */
ssl = X509_STORE_CTX_get_ex_data(ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
c = SSL_get_ex_data(ssl, ssl_cx_idx);
mylog(LOG_INFO, "SSL cert check: now at depth=%d", depth);
X509_NAME_oneline(X509_get_subject_name(err_cert), subject, 256);
X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256);
mylog(LOG_INFO, "Subject: %s", subject);
mylog(LOG_INFO, "Issuer: %s", issuer);
result = preverify_ok;
/* in basic mode (mode 1), accept a leaf certificate if we can find it
* in the store */
if (c->ssl_check_mode == SSL_CHECK_BASIC && depth == 0 && result == 0 &&
(err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
err == X509_V_ERR_CERT_UNTRUSTED ||
err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) {
if (X509_STORE_get_by_subject(ctx, X509_LU_X509,
X509_get_subject_name(err_cert), &xobj) > 0 &&
!X509_cmp(xobj.data.x509, err_cert)) {
mylog(LOG_INFO, "Basic mode; peer certificate found "
"in store, accepting it!");
result = 1;
err = X509_V_OK;
X509_STORE_CTX_set_error(ctx, err);
} else {
mylog(LOG_INFO, "Basic mode; peer certificate NOT "
"in store, rejecting it!");
err = X509_V_ERR_CERT_REJECTED;
X509_STORE_CTX_set_error(ctx, err);
} }
mylog(LOG_DEBUG, "PRNG seeded with %d /dev/random bytes",
ret);
RAND_seed(buf, ret);
} while (!(rng = RAND_status()));
prng_end:
do {
ret = close(fd);
} while (ret != 0 && errno == EINTR);
if (RAND_status()) {
mylog(LOG_DEBUG, "SSL: PRNG is seeded !");
} else {
mylog(LOG_WARN, "SSL: PRNG is not seeded enough");
mylog(LOG_WARN, " OpenSSL will use /dev/urandom if "
"available.");
} }
return 0;
if (!result) {
/* We have a verify error! Log it */
mylog(LOG_ERROR, "SSL cert check failed at depth=%d: %s (%d)",
depth, X509_verify_cert_error_string(err), err);
}
return result;
} }
static int SSLize(connection_t *cn, int *nc) static int SSLize(connection_t *cn, int *nc)
@ -1143,6 +1225,7 @@ static int SSLize(connection_t *cn, int *nc)
SSL_CIPHER *cipher; SSL_CIPHER *cipher;
char buf[128]; char buf[128];
int len; int len;
int err;
cipher = SSL_get_current_cipher(cn->ssl_h); cipher = SSL_get_current_cipher(cn->ssl_h);
SSL_CIPHER_description(cipher, buf, 128); SSL_CIPHER_description(cipher, buf, 128);
@ -1150,13 +1233,15 @@ static int SSLize(connection_t *cn, int *nc)
if (len > 0) if (len > 0)
buf[len-1] = '\0'; buf[len-1] = '\0';
mylog(LOG_DEBUG, "Negociated cyphers: %s",buf); mylog(LOG_DEBUG, "Negociated cyphers: %s",buf);
/*
if (SSL_get_verify_result(cn->ssl_h) != X509_V_OK) { if ((err = SSL_get_verify_result(cn->ssl_h)) != X509_V_OK) {
mylog(LOG_ERROR, "Invalid certificate !"); mylog(LOG_ERROR, "Certificate check failed: %s (%d)!",
X509_verify_cert_error_string(err),
err);
cn->connected = CONN_ERROR; cn->connected = CONN_ERROR;
return 1; return 1;
} }
*/
cn->connected = CONN_OK; cn->connected = CONN_OK;
*nc = 1; *nc = 1;
return 0; return 0;
@ -1179,31 +1264,58 @@ static int SSLize(connection_t *cn, int *nc)
} }
static connection_t *_connection_new_SSL(char *dsthostname, char *dstport, static connection_t *_connection_new_SSL(char *dsthostname, char *dstport,
char *srchostname, char *srcport, int timeout) char *srchostname, char *srcport, int check_mode,
char *check_store, int timeout)
{ {
connection_t *conn; connection_t *conn;
conn = connection_init(1, 1, timeout, 0); conn = connection_init(1, 1, timeout, 0);
if (!sslctx) { if (!(conn->ssl_ctx_h = SSL_init_context())) {
mylog(LOG_DEBUG, "No SSL context availaible. Initializing..."); mylog(LOG_DEBUG, "SSL context initialization failed");
if (SSL_init_context()) { return conn;
mylog(LOG_DEBUG, "SSL context initialization failed");
return conn;
}
} }
conn->cert = NULL; conn->cert = NULL;
conn->ssl_h = SSL_new(sslctx); conn->ssl_check_mode = check_mode;
conn->ssl_check_store = check_store;
if (!SSL_CTX_load_verify_locations(conn->ssl_ctx_h, NULL,
check_store)) {
mylog(LOG_DEBUG, "Can't assign check store to SSL connection!");
return conn;
}
switch (conn->ssl_check_mode) {
case SSL_CHECK_NONE:
SSL_CTX_set_verify(conn->ssl_ctx_h, SSL_VERIFY_NONE, NULL);
break;
case SSL_CHECK_BASIC:
SSL_CTX_set_verify(conn->ssl_ctx_h, SSL_VERIFY_PEER,
bip_ssl_verify_callback);
SSL_CTX_set_verify_depth(conn->ssl_ctx_h, 0);
break;
case SSL_CHECK_CA:
SSL_CTX_set_verify(conn->ssl_ctx_h, SSL_VERIFY_PEER,
bip_ssl_verify_callback);
break;
default:
fatal("Unknown SSL cert check mode.");
}
conn->ssl_h = SSL_new(conn->ssl_ctx_h);
if (conn->ssl_h == NULL) { if (conn->ssl_h == NULL) {
mylog(LOG_DEBUG, "Unable to allocate SSL structures"); mylog(LOG_DEBUG, "Unable to allocate SSL structures");
return conn; return conn;
} }
/* ys: useless as long as we have a context by connection
if (sslctx->session_cache_head) if (sslctx->session_cache_head)
if (!SSL_set_session(conn->ssl_h, sslctx->session_cache_head)) if (!SSL_set_session(conn->ssl_h, sslctx->session_cache_head))
mylog(LOG_DEBUG, "unable to set SSL session id to" mylog(LOG_DEBUG, "unable to set SSL session id to"
" most recent used"); " most recent used");
*/
SSL_set_connect_state(conn->ssl_h); SSL_set_connect_state(conn->ssl_h);
/* Put our connection_t in the SSL object for the verify callback */
SSL_set_ex_data(conn->ssl_h, ssl_cx_idx, conn);
create_socket(dsthostname, dstport, srchostname, srcport, conn); create_socket(dsthostname, dstport, srchostname, srcport, conn);
return conn; return conn;
@ -1211,7 +1323,8 @@ static connection_t *_connection_new_SSL(char *dsthostname, char *dstport,
#endif #endif
connection_t *connection_new(char *dsthostname, int dstport, char *srchostname, connection_t *connection_new(char *dsthostname, int dstport, char *srchostname,
int srcport, int ssl, int timeout) int srcport, int ssl, int ssl_check_mode, char *ssl_check_store,
int timeout)
{ {
char dstportbuf[20], srcportbuf[20], *tmp; char dstportbuf[20], srcportbuf[20], *tmp;
/* TODO: allow litteral service name in the function interface */ /* TODO: allow litteral service name in the function interface */
@ -1227,7 +1340,7 @@ connection_t *connection_new(char *dsthostname, int dstport, char *srchostname,
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
if (ssl) if (ssl)
return _connection_new_SSL(dsthostname, dstportbuf, srchostname, return _connection_new_SSL(dsthostname, dstportbuf, srchostname,
tmp, timeout); tmp, ssl_check_mode, ssl_check_store, timeout);
else else
#endif #endif
return _connection_new(dsthostname, dstportbuf, srchostname, return _connection_new(dsthostname, dstportbuf, srchostname,

12
src/connection.h
View File

@ -55,6 +55,12 @@
#define WRITE_ERROR -1 #define WRITE_ERROR -1
#define WRITE_KEEP -2 #define WRITE_KEEP -2
#ifdef HAVE_LIBSSL
#define SSL_CHECK_NONE (0)
#define SSL_CHECK_BASIC (1)
#define SSL_CHECK_CA (2)
#endif
struct connecting_data; struct connecting_data;
typedef struct connection { typedef struct connection {
int anti_flood; int anti_flood;
@ -75,13 +81,17 @@ typedef struct connection {
list_t *ip_list; list_t *ip_list;
struct connecting_data *connecting_data; struct connecting_data *connecting_data;
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
SSL_CTX *ssl_ctx_h;
SSL *ssl_h; SSL *ssl_h;
int ssl_check_mode;
char *ssl_check_store;
X509 *cert; X509 *cert;
#endif #endif
} connection_t; } connection_t;
connection_t *connection_new(char *dsthostname, int dstport, char *srchostname, connection_t *connection_new(char *dsthostname, int dstport, char *srchostname,
int srcport, int ssl, int timeout); int srcport, int ssl, int ssl_check_mode,
char *ssl_check_store,int timeout);
connection_t *listen_new(char *hostname, int port, int ssl); connection_t *listen_new(char *hostname, int port, int ssl);
connection_t *accept_new(connection_t *cn); connection_t *accept_new(connection_t *cn);
void connection_free(connection_t *cn); void connection_free(connection_t *cn);

3
src/irc.c
View File

@ -1848,7 +1848,8 @@ connection_t *irc_server_connect(struct link *link)
conn = connection_new(link->serverv[link->cur_server]->host, conn = connection_new(link->serverv[link->cur_server]->host,
link->serverv[link->cur_server]->port, link->serverv[link->cur_server]->port,
link->vhost, link->bind_port, link->vhost, link->bind_port,
link->s_ssl, CONNECT_TIMEOUT); link->s_ssl, link->ssl_check_mode,
link->ssl_check_store, CONNECT_TIMEOUT);
if (!conn) if (!conn)
fatal("connection_new"); fatal("connection_new");

3
src/irc.h
View File

@ -101,6 +101,9 @@ struct link {
char *vhost; char *vhost;
int bind_port; int bind_port;
int s_ssl; int s_ssl;
int ssl_check_mode;
char *ssl_check_store;
}; };
struct link_connection { struct link_connection {

361
src/lex.c
View File

@ -351,8 +351,8 @@ static void yy_fatal_error (yyconst char msg[] );
*yy_cp = '\0'; \ *yy_cp = '\0'; \
(yy_c_buf_p) = yy_cp; (yy_c_buf_p) = yy_cp;
#define YY_NUM_RULES 45 #define YY_NUM_RULES 47
#define YY_END_OF_BUFFER 46 #define YY_END_OF_BUFFER 48
/* This struct is not used in this scanner, /* This struct is not used in this scanner,
but its presence is necessary. */ but its presence is necessary. */
struct yy_trans_info struct yy_trans_info
@ -360,37 +360,38 @@ struct yy_trans_info
flex_int32_t yy_verify; flex_int32_t yy_verify;
flex_int32_t yy_nxt; flex_int32_t yy_nxt;
}; };
static yyconst flex_int16_t yy_accept[262] = static yyconst flex_int16_t yy_accept[278] =
{ 0, { 0,
0, 0, 46, 44, 1, 2, 44, 44, 4, 43, 0, 0, 48, 46, 1, 2, 46, 46, 4, 45,
40, 44, 44, 44, 44, 44, 44, 44, 44, 44, 42, 46, 46, 46, 46, 46, 46, 46, 46, 46,
44, 44, 44, 44, 44, 44, 44, 41, 42, 1, 46, 46, 46, 46, 46, 46, 46, 43, 44, 1,
0, 39, 0, 3, 4, 0, 0, 0, 0, 0, 0, 41, 0, 3, 4, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 23, 30, 0, 0, 0, 0, 0, 0, 0, 0, 25, 32, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 11,
0, 0, 0, 12, 0, 17, 0, 0, 0, 7, 0, 0, 0, 12, 0, 17, 0, 0, 0, 7,
0, 0, 0, 5, 14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 14, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 15,
0, 0, 0, 0, 0, 0, 0, 0, 20, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 9, 0, 0, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 29, 0, 24, 0, 0, 0, 0, 0, 20, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 9,
0, 0, 0, 0, 0, 31, 0, 26, 0, 0,
0, 0, 0, 0, 0, 0, 10, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
26, 0, 0, 21, 37, 18, 0, 13, 0, 35, 0, 0, 0, 0, 28, 0, 0, 21, 39, 18,
0, 0, 0, 0, 0, 0, 0, 25, 0, 0, 0, 0, 13, 0, 37, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 16, 0, 0, 27, 0, 0, 0, 27, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 33, 0, 0, 0, 0, 16, 0, 0, 29, 0, 0, 0, 0, 0,
19, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 35, 0, 0, 0, 19, 0, 0,
0, 0, 0, 0, 0, 31, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 38, 8, 0, 0, 36, 0, 0, 34, 32, 30, 0, 0, 0, 0, 0, 0, 0, 33, 0,
0 0, 0, 0, 0, 23, 0, 40, 8, 0, 0,
38, 24, 0, 0, 36, 34, 0
} ; } ;
static yyconst flex_int32_t yy_ec[256] = static yyconst flex_int32_t yy_ec[256] =
@ -433,146 +434,152 @@ static yyconst flex_int32_t yy_meta[35] =
1, 1, 1, 1 1, 1, 1, 1
} ; } ;
static yyconst flex_int16_t yy_base[264] = static yyconst flex_int16_t yy_base[280] =
{ 0, { 0,
0, 0, 273, 274, 33, 274, 267, 268, 263, 274, 0, 0, 289, 290, 33, 290, 283, 284, 279, 290,
274, 15, 27, 21, 29, 245, 24, 253, 243, 32, 290, 15, 27, 21, 29, 261, 24, 269, 259, 32,
243, 33, 250, 35, 238, 236, 244, 274, 274, 52, 259, 33, 266, 35, 254, 252, 260, 290, 290, 52,
256, 274, 257, 274, 252, 227, 246, 243, 229, 243, 272, 290, 273, 290, 268, 243, 262, 259, 245, 259,
234, 229, 230, 229, 222, 225, 274, 215, 229, 223, 250, 245, 246, 245, 238, 241, 290, 231, 245, 239,
216, 230, 232, 214, 226, 213, 227, 211, 207, 214, 232, 246, 248, 230, 242, 229, 243, 227, 223, 230,
205, 218, 208, 220, 198, 209, 213, 204, 211, 202, 221, 234, 224, 236, 214, 225, 229, 220, 227, 218,
197, 202, 194, 197, 274, 45, 205, 188, 198, 204, 213, 218, 210, 213, 290, 45, 221, 204, 214, 220,
189, 205, 186, 192, 182, 185, 274, 195, 183, 181, 205, 221, 202, 208, 198, 201, 216, 210, 198, 196,
175, 196, 184, 177, 180, 179, 186, 185, 175, 274, 190, 211, 199, 192, 195, 194, 201, 200, 190, 290,
172, 42, 174, 274, 172, 274, 171, 163, 177, 274, 187, 42, 189, 290, 187, 290, 186, 178, 192, 290,
169, 176, 177, 274, 166, 160, 160, 163, 161, 169, 184, 191, 192, 191, 290, 180, 174, 174, 177, 175,
168, 154, 168, 149, 164, 154, 162, 152, 143, 274, 183, 182, 168, 182, 163, 178, 168, 176, 166, 157,
148, 150, 148, 152, 159, 143, 153, 156, 274, 156, 290, 162, 164, 162, 166, 173, 157, 167, 163, 169,
146, 147, 135, 141, 151, 132, 149, 148, 131, 126, 290, 169, 159, 160, 148, 154, 164, 145, 162, 161,
131, 131, 133, 129, 125, 129, 127, 274, 138, 125, 144, 139, 144, 144, 146, 142, 138, 142, 140, 290,
134, 132, 134, 133, 274, 115, 122, 117, 123, 116, 151, 145, 137, 146, 144, 146, 145, 290, 127, 134,
122, 108, 122, 274, 119, 119, 117, 116, 105, 114, 129, 135, 128, 134, 120, 134, 290, 131, 131, 129,
117, 107, 105, 101, 105, 99, 103, 102, 109, 98, 128, 117, 128, 125, 128, 118, 116, 112, 116, 110,
274, 108, 104, 274, 274, 274, 92, 274, 102, 274, 114, 113, 120, 109, 290, 119, 115, 290, 290, 290,
95, 90, 98, 88, 97, 83, 80, 274, 88, 78, 103, 106, 290, 112, 290, 105, 100, 108, 98, 107,
79, 84, 80, 92, 86, 274, 80, 72, 274, 75, 93, 90, 290, 98, 88, 89, 104, 93, 89, 101,
87, 68, 74, 79, 65, 82, 274, 63, 62, 62, 95, 290, 89, 81, 290, 84, 96, 77, 38, 83,
274, 64, 60, 75, 58, 74, 68, 67, 64, 274, 88, 74, 91, 290, 72, 71, 71, 290, 73, 68,
59, 52, 55, 51, 53, 274, 55, 53, 54, 42, 71, 67, 82, 65, 81, 75, 74, 74, 63, 69,
57, 274, 274, 57, 56, 274, 46, 44, 274, 274, 290, 64, 57, 60, 56, 58, 65, 53, 290, 58,
274, 60, 59 56, 57, 45, 60, 290, 58, 290, 290, 59, 60,
290, 290, 50, 46, 290, 290, 290, 65, 60
} ; } ;
static yyconst flex_int16_t yy_def[264] = static yyconst flex_int16_t yy_def[280] =
{ 0, { 0,
261, 1, 261, 261, 261, 261, 262, 263, 261, 261, 277, 1, 277, 277, 277, 277, 278, 279, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
262, 261, 263, 261, 261, 261, 261, 261, 261, 261, 278, 277, 279, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
0, 261, 261 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
277, 277, 277, 277, 277, 277, 0, 277, 277
} ; } ;
static yyconst flex_int16_t yy_nxt[309] = static yyconst flex_int16_t yy_nxt[325] =
{ 0, { 0,
4, 5, 6, 5, 7, 8, 9, 10, 11, 4, 4, 5, 6, 5, 7, 8, 9, 10, 11, 4,
12, 13, 14, 4, 4, 15, 4, 16, 17, 18, 12, 13, 14, 4, 4, 15, 4, 16, 17, 18,
19, 4, 20, 21, 22, 23, 24, 25, 26, 27, 19, 4, 20, 21, 22, 23, 24, 25, 26, 27,
4, 4, 28, 29, 30, 36, 30, 38, 40, 43, 4, 4, 28, 29, 30, 36, 30, 38, 40, 43,
46, 41, 50, 54, 42, 37, 51, 39, 47, 58, 46, 41, 50, 54, 42, 37, 51, 39, 47, 58,
52, 55, 44, 30, 102, 30, 56, 126, 59, 33, 52, 55, 44, 30, 102, 30, 56, 127, 59, 239,
31, 60, 127, 103, 260, 259, 258, 128, 129, 257, 33, 60, 128, 103, 240, 31, 276, 129, 130, 275,
256, 255, 254, 253, 252, 251, 250, 249, 248, 247, 274, 273, 272, 271, 270, 269, 268, 267, 266, 265,
246, 245, 244, 243, 242, 241, 240, 239, 238, 237, 264, 263, 262, 261, 260, 259, 258, 257, 256, 255,
236, 235, 234, 233, 232, 231, 230, 229, 228, 227, 254, 253, 252, 251, 250, 249, 248, 247, 246, 245,
226, 225, 224, 223, 222, 221, 220, 219, 218, 217, 244, 243, 242, 241, 238, 237, 236, 235, 234, 233,
216, 215, 214, 213, 212, 211, 210, 209, 208, 207, 232, 231, 230, 229, 228, 227, 226, 225, 224, 223,
206, 205, 204, 203, 202, 201, 200, 199, 198, 197, 222, 221, 220, 219, 218, 217, 216, 215, 214, 213,
196, 195, 194, 193, 192, 191, 190, 189, 188, 187, 212, 211, 210, 209, 208, 207, 206, 205, 204, 203,
186, 185, 184, 183, 182, 181, 180, 179, 178, 177, 202, 201, 200, 199, 198, 197, 196, 195, 194, 193,
176, 175, 174, 173, 172, 171, 170, 169, 168, 167, 192, 191, 190, 189, 188, 187, 186, 185, 184, 183,
166, 165, 164, 163, 162, 161, 160, 159, 158, 157, 182, 181, 180, 179, 178, 177, 176, 175, 174, 173,
156, 155, 154, 153, 152, 151, 150, 149, 148, 147, 172, 171, 170, 169, 168, 167, 166, 165, 164, 163,
146, 145, 144, 143, 142, 141, 140, 139, 138, 137, 162, 161, 160, 159, 158, 157, 156, 155, 154, 153,
136, 135, 134, 133, 132, 131, 130, 125, 124, 114, 152, 151, 150, 149, 148, 147, 146, 145, 144, 143,
123, 122, 121, 120, 119, 118, 117, 116, 115, 114, 142, 141, 140, 139, 138, 137, 136, 135, 134, 133,
113, 112, 111, 110, 109, 108, 107, 106, 105, 104, 132, 131, 126, 125, 115, 124, 123, 122, 121, 120,
101, 100, 99, 98, 97, 96, 95, 94, 93, 92, 119, 118, 117, 116, 115, 114, 113, 112, 111, 110,
91, 90, 89, 88, 87, 86, 85, 84, 83, 82, 109, 108, 107, 106, 105, 104, 101, 100, 99, 98,
81, 80, 79, 78, 77, 76, 75, 74, 73, 72, 97, 96, 95, 94, 93, 92, 91, 90, 89, 88,
71, 70, 69, 68, 67, 66, 65, 64, 35, 34, 87, 86, 85, 84, 83, 82, 81, 80, 79, 78,
32, 63, 62, 61, 57, 53, 49, 48, 45, 35, 77, 76, 75, 74, 73, 72, 71, 70, 69, 68,
34, 32, 261, 3, 261, 261, 261, 261, 261, 261, 67, 66, 65, 64, 35, 34, 32, 63, 62, 61,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 57, 53, 49, 48, 45, 35, 34, 32, 277, 3,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
277, 277, 277, 277
} ; } ;
static yyconst flex_int16_t yy_chk[309] = static yyconst flex_int16_t yy_chk[325] =
{ 0, { 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 5, 12, 5, 13, 14, 15, 1, 1, 1, 1, 5, 12, 5, 13, 14, 15,
17, 14, 20, 22, 14, 12, 20, 13, 17, 24, 17, 14, 20, 22, 14, 12, 20, 13, 17, 24,
20, 22, 15, 30, 76, 30, 22, 102, 24, 263, 20, 22, 15, 30, 76, 30, 22, 102, 24, 229,
262, 24, 102, 76, 258, 257, 255, 102, 102, 254, 279, 24, 102, 76, 229, 278, 274, 102, 102, 273,
251, 250, 249, 248, 247, 245, 244, 243, 242, 241, 270, 269, 266, 264, 263, 262, 261, 260, 258, 257,
239, 238, 237, 236, 235, 234, 233, 232, 230, 229, 256, 255, 254, 253, 252, 250, 249, 248, 247, 246,
228, 226, 225, 224, 223, 222, 221, 220, 218, 217, 245, 244, 243, 242, 241, 240, 239, 237, 236, 235,
215, 214, 213, 212, 211, 210, 209, 207, 206, 205, 233, 232, 231, 230, 228, 227, 226, 224, 223, 221,
204, 203, 202, 201, 199, 197, 193, 192, 190, 189, 220, 219, 218, 217, 216, 215, 214, 212, 211, 210,
188, 187, 186, 185, 184, 183, 182, 181, 180, 179, 209, 208, 207, 206, 204, 202, 201, 197, 196, 194,
178, 177, 176, 175, 173, 172, 171, 170, 169, 168, 193, 192, 191, 190, 189, 188, 187, 186, 185, 184,
167, 166, 164, 163, 162, 161, 160, 159, 157, 156, 183, 182, 181, 180, 179, 178, 176, 175, 174, 173,
155, 154, 153, 152, 151, 150, 149, 148, 147, 146, 172, 171, 170, 169, 167, 166, 165, 164, 163, 162,
145, 144, 143, 142, 141, 140, 138, 137, 136, 135, 161, 159, 158, 157, 156, 155, 154, 153, 152, 151,
134, 133, 132, 131, 129, 128, 127, 126, 125, 124, 150, 149, 148, 147, 146, 145, 144, 143, 142, 140,
123, 122, 121, 120, 119, 118, 117, 116, 115, 113, 139, 138, 137, 136, 135, 134, 133, 132, 130, 129,
112, 111, 109, 108, 107, 105, 103, 101, 99, 98, 128, 127, 126, 125, 124, 123, 122, 121, 120, 119,
97, 96, 95, 94, 93, 92, 91, 90, 89, 88, 118, 117, 116, 114, 113, 112, 111, 109, 108, 107,
86, 85, 84, 83, 82, 81, 80, 79, 78, 77, 105, 103, 101, 99, 98, 97, 96, 95, 94, 93,
74, 73, 72, 71, 70, 69, 68, 67, 66, 65, 92, 91, 90, 89, 88, 87, 86, 85, 84, 83,
64, 63, 62, 61, 60, 59, 58, 57, 56, 55, 82, 81, 80, 79, 78, 77, 74, 73, 72, 71,
54, 53, 52, 51, 50, 49, 48, 46, 45, 44, 70, 69, 68, 67, 66, 65, 64, 63, 62, 61,
43, 42, 41, 40, 39, 38, 37, 36, 35, 33, 60, 59, 58, 57, 56, 55, 54, 53, 52, 51,
31, 27, 26, 25, 23, 21, 19, 18, 16, 9, 50, 49, 48, 46, 45, 44, 43, 42, 41, 40,
8, 7, 3, 261, 261, 261, 261, 261, 261, 261, 39, 38, 37, 36, 35, 33, 31, 27, 26, 25,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 23, 21, 19, 18, 16, 9, 8, 7, 3, 277,
261, 261, 261, 261, 261, 261, 261, 261, 261, 261, 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
261, 261, 261, 261, 261, 261, 261, 261 277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
277, 277, 277, 277, 277, 277, 277, 277, 277, 277,
277, 277, 277, 277
} ; } ;
static yy_state_type yy_last_accepting_state; static yy_state_type yy_last_accepting_state;
@ -624,7 +631,7 @@ list_t *parse_conf(FILE *file)
} }
return root_list; return root_list;
} }
#line 628 "lex.yy.c" #line 635 "lex.yy.c"
#define INITIAL 0 #define INITIAL 0
@ -777,7 +784,7 @@ YY_DECL
#line 36 "lex.l" #line 36 "lex.l"
#line 781 "lex.yy.c" #line 788 "lex.yy.c"
if ( (yy_init) ) if ( (yy_init) )
{ {
@ -830,13 +837,13 @@ yy_match:
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{ {
yy_current_state = (int) yy_def[yy_current_state]; yy_current_state = (int) yy_def[yy_current_state];
if ( yy_current_state >= 262 ) if ( yy_current_state >= 278 )
yy_c = yy_meta[(unsigned int) yy_c]; yy_c = yy_meta[(unsigned int) yy_c];
} }
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
++yy_cp; ++yy_cp;
} }
while ( yy_base[yy_current_state] != 274 ); while ( yy_base[yy_current_state] != 290 );
yy_find_action: yy_find_action:
yy_act = yy_accept[yy_current_state]; yy_act = yy_accept[yy_current_state];
@ -984,87 +991,97 @@ YY_RULE_SETUP
case 23: case 23:
YY_RULE_SETUP YY_RULE_SETUP
#line 66 "lex.l" #line 66 "lex.l"
{ return LEX_KEY; } { return LEX_SSL_CHECK_MODE; }
YY_BREAK YY_BREAK
case 24: case 24:
YY_RULE_SETUP YY_RULE_SETUP
#line 67 "lex.l" #line 67 "lex.l"
{ return LEX_CHANNEL; } { return LEX_SSL_CHECK_STORE; }
YY_BREAK YY_BREAK
case 25: case 25:
YY_RULE_SETUP YY_RULE_SETUP
#line 68 "lex.l" #line 68 "lex.l"
{ return LEX_LOG_LEVEL; } { return LEX_KEY; }
YY_BREAK YY_BREAK
case 26: case 26:
YY_RULE_SETUP YY_RULE_SETUP
#line 69 "lex.l" #line 69 "lex.l"
{ return LEX_LOG_ROOT; } { return LEX_CHANNEL; }
YY_BREAK YY_BREAK
case 27: case 27:
YY_RULE_SETUP YY_RULE_SETUP
#line 70 "lex.l" #line 70 "lex.l"
{ return LEX_LOG_FORMAT; } { return LEX_LOG_LEVEL; }
YY_BREAK YY_BREAK
case 28: case 28:
YY_RULE_SETUP YY_RULE_SETUP
#line 71 "lex.l" #line 71 "lex.l"
{ return LEX_BACKLOG_LINES; } { return LEX_LOG_ROOT; }
YY_BREAK YY_BREAK
case 29: case 29:
YY_RULE_SETUP YY_RULE_SETUP
#line 72 "lex.l" #line 72 "lex.l"
{ return LEX_BACKLOG; } { return LEX_LOG_FORMAT; }
YY_BREAK YY_BREAK
case 30: case 30:
YY_RULE_SETUP YY_RULE_SETUP
#line 73 "lex.l" #line 73 "lex.l"
{ return LEX_LOG; } { return LEX_BACKLOG_LINES; }
YY_BREAK YY_BREAK
case 31: case 31:
YY_RULE_SETUP YY_RULE_SETUP
#line 74 "lex.l" #line 74 "lex.l"
{ return LEX_ALWAYS_BACKLOG; } { return LEX_BACKLOG; }
YY_BREAK YY_BREAK
case 32: case 32:
YY_RULE_SETUP YY_RULE_SETUP
#line 75 "lex.l" #line 75 "lex.l"
{ return LEX_LOG_SYNC_INTERVAL; } { return LEX_LOG; }
YY_BREAK YY_BREAK
case 33: case 33:
YY_RULE_SETUP YY_RULE_SETUP
#line 76 "lex.l" #line 76 "lex.l"
{ return LEX_FOLLOW_NICK; } { return LEX_ALWAYS_BACKLOG; }
YY_BREAK YY_BREAK
case 34: case 34:
YY_RULE_SETUP YY_RULE_SETUP
#line 77 "lex.l" #line 77 "lex.l"
{ return LEX_IGN_FIRST_NICK; } { return LEX_LOG_SYNC_INTERVAL; }
YY_BREAK YY_BREAK
case 35: case 35:
YY_RULE_SETUP YY_RULE_SETUP
#line 78 "lex.l" #line 78 "lex.l"
{ return LEX_AWAY_NICK; } { return LEX_FOLLOW_NICK; }
YY_BREAK YY_BREAK
case 36: case 36:
YY_RULE_SETUP YY_RULE_SETUP
#line 79 "lex.l" #line 79 "lex.l"
{ return LEX_ON_CONNECT_SEND; } { return LEX_IGN_FIRST_NICK; }
YY_BREAK YY_BREAK
case 37: case 37:
YY_RULE_SETUP YY_RULE_SETUP
#line 80 "lex.l" #line 80 "lex.l"
{ return LEX_PID_FILE; } { return LEX_AWAY_NICK; }
YY_BREAK YY_BREAK
case 38: case 38:
YY_RULE_SETUP YY_RULE_SETUP
#line 81 "lex.l" #line 81 "lex.l"
{ return LEX_BLRESET_ON_TALK; } { return LEX_ON_CONNECT_SEND; }
YY_BREAK YY_BREAK
case 39: case 39:
/* rule 39 can match eol */
YY_RULE_SETUP YY_RULE_SETUP
#line 82 "lex.l" #line 82 "lex.l"
{ return LEX_PID_FILE; }
YY_BREAK
case 40:
YY_RULE_SETUP
#line 83 "lex.l"
{ return LEX_BLRESET_ON_TALK; }
YY_BREAK
case 41:
/* rule 41 can match eol */
YY_RULE_SETUP
#line 84 "lex.l"
{ {
size_t len = strlen(yytext) - 2; size_t len = strlen(yytext) - 2;
yylval.string = malloc(len + 1); yylval.string = malloc(len + 1);
@ -1075,38 +1092,38 @@ YY_RULE_SETUP
return LEX_STRING; return LEX_STRING;
} }
YY_BREAK YY_BREAK
case 40:
YY_RULE_SETUP
#line 91 "lex.l"
{ return LEX_EQ; }
YY_BREAK
case 41:
YY_RULE_SETUP
#line 92 "lex.l"
{ return LEX_LBRA; }
YY_BREAK
case 42: case 42:
YY_RULE_SETUP YY_RULE_SETUP
#line 93 "lex.l" #line 93 "lex.l"
{ return LEX_RBRA; } { return LEX_EQ; }
YY_BREAK YY_BREAK
case 43: case 43:
YY_RULE_SETUP YY_RULE_SETUP
#line 94 "lex.l" #line 94 "lex.l"
{ return LEX_SEMICOLON; } { return LEX_LBRA; }
YY_BREAK YY_BREAK
case 44: case 44:
YY_RULE_SETUP YY_RULE_SETUP
#line 95 "lex.l" #line 95 "lex.l"
{ printf("Parse error line %d, unknown character '%s'\n", linec + 1, yytext); { return LEX_RBRA; }
return LEX_BUNCH; }
YY_BREAK YY_BREAK
case 45: case 45:
YY_RULE_SETUP YY_RULE_SETUP
#line 96 "lex.l"
{ return LEX_SEMICOLON; }
YY_BREAK
case 46:
YY_RULE_SETUP
#line 97 "lex.l" #line 97 "lex.l"
{ printf("Parse error line %d, unknown character '%s'\n", linec + 1, yytext);
return LEX_BUNCH; }
YY_BREAK
case 47:
YY_RULE_SETUP
#line 99 "lex.l"
ECHO; ECHO;
YY_BREAK YY_BREAK
#line 1110 "lex.yy.c" #line 1127 "lex.yy.c"
case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(INITIAL):
yyterminate(); yyterminate();
@ -1390,7 +1407,7 @@ static int yy_get_next_buffer (void)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{ {
yy_current_state = (int) yy_def[yy_current_state]; yy_current_state = (int) yy_def[yy_current_state];
if ( yy_current_state >= 262 ) if ( yy_current_state >= 278 )
yy_c = yy_meta[(unsigned int) yy_c]; yy_c = yy_meta[(unsigned int) yy_c];
} }
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
@ -1418,11 +1435,11 @@ static int yy_get_next_buffer (void)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{ {
yy_current_state = (int) yy_def[yy_current_state]; yy_current_state = (int) yy_def[yy_current_state];
if ( yy_current_state >= 262 ) if ( yy_current_state >= 278 )
yy_c = yy_meta[(unsigned int) yy_c]; yy_c = yy_meta[(unsigned int) yy_c];
} }
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
yy_is_jam = (yy_current_state == 261); yy_is_jam = (yy_current_state == 277);
return yy_is_jam ? 0 : yy_current_state; return yy_is_jam ? 0 : yy_current_state;
} }
@ -2072,7 +2089,7 @@ void yyfree (void * ptr )
#undef YY_DECL_IS_OURS #undef YY_DECL_IS_OURS
#undef YY_DECL #undef YY_DECL
#endif #endif
#line 97 "lex.l" #line 99 "lex.l"

2
src/lex.l
View File

@ -63,6 +63,8 @@ list_t *parse_conf(FILE *file)
"vhost" { return LEX_VHOST; } "vhost" { return LEX_VHOST; }
"password" { return LEX_PASSWORD; } "password" { return LEX_PASSWORD; }
"ssl" { return LEX_SSL; } "ssl" { return LEX_SSL; }
"ssl_check_mode" { return LEX_SSL_CHECK_MODE; }
"ssl_check_store" { return LEX_SSL_CHECK_STORE; }
"key" { return LEX_KEY; } "key" { return LEX_KEY; }
"channel" { return LEX_CHANNEL; } "channel" { return LEX_CHANNEL; }
"log_level" { return LEX_LOG_LEVEL; } "log_level" { return LEX_LOG_LEVEL; }