bip/bip
bip
/
bip
3
0
Fork 1
Code Issues Pull Requests 2 Releases Activity

a few deleted whitespaces + Trou's patch: allows to trust when not connected / allow self-signed certs when in basic ssl mode / permit connection to serveurs w/o a motd

This commit is contained in:
nohar 2005-12-12 19:03:02 +00:00
parent 6a1ec2724b
commit 5574a6d335
6 changed files with 45 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/bip.c
View File

@ -59,7 +59,7 @@ int conf_blreset_on_talk = 0;
list_t *parse_conf(FILE *file); list_t *parse_conf(FILE *file);
static void conf_die(char *fmt, ...); static void conf_die(char *fmt, ...);
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
static int adm_trust(struct link_client *ic, struct line *line); int adm_trust(struct link_client *ic, struct line *line);
#endif #endif
static void hash_binary(char *hex, unsigned char **password, unsigned int *seed) static void hash_binary(char *hex, unsigned char **password, unsigned int *seed)
@ -1078,7 +1078,7 @@ static int ssl_discard_next_cert(struct link_client *ic)
#endif #endif
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
static int adm_trust(struct link_client *ic, struct line *line) int adm_trust(struct link_client *ic, struct line *line)
{ {
if (ic->allow_trust != 1) { if (ic->allow_trust != 1) {
mylog(LOG_ERROR, "User attempted TRUST command without " mylog(LOG_ERROR, "User attempted TRUST command without "

3
src/bip.h
View File

@ -62,6 +62,9 @@ struct c_channel
char *key; char *key;
}; };
#ifdef HAVE_LIBSSL
int adm_trust(struct link_client *ic, struct line *line);
#endif
int adm_bip(struct link_client *ic, struct line *line); int adm_bip(struct link_client *ic, struct line *line);
int ssl_check_trust(struct link_client *ic); int ssl_check_trust(struct link_client *ic);
void adm_blreset(struct link_client *ic); void adm_blreset(struct link_client *ic);

3
src/connection.c
View File

@ -1177,7 +1177,8 @@ static int bip_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
if (c->ssl_check_mode == SSL_CHECK_BASIC && depth == 0 && result == 0 && if (c->ssl_check_mode == SSL_CHECK_BASIC && depth == 0 && result == 0 &&
(err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
err == X509_V_ERR_CERT_UNTRUSTED || err == X509_V_ERR_CERT_UNTRUSTED ||
err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) { err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)) {
if (X509_STORE_get_by_subject(ctx, X509_LU_X509, if (X509_STORE_get_by_subject(ctx, X509_LU_X509,
X509_get_subject_name(err_cert), &xobj) > 0 && X509_get_subject_name(err_cert), &xobj) > 0 &&

30
src/irc.c
View File

@ -420,10 +420,17 @@ int irc_dispatch_server(struct link_server *server, struct line *line)
ret = OK_FORGET; ret = OK_FORGET;
if (strcmp(line->elemv[0], "376") == 0) /* end of motd */ if (strcmp(line->elemv[0], "376") == 0) /* end of motd */
irc_server_connected(server); irc_server_connected(server);
else if (strcmp(line->elemv[0], "422") == 0) /* no motd */
irc_server_connected(server);
} else if (LINK(server)->s_state == IRCS_CONNECTING) { } else if (LINK(server)->s_state == IRCS_CONNECTING) {
ret = OK_FORGET; ret = OK_FORGET;
if (strcmp(line->elemv[0], "NOTICE") == 0) { if (strcmp(line->elemv[0], "NOTICE") == 0) {
} else if (strcmp(line->elemv[0], "376") == 0) { } else if (strcmp(line->elemv[0], "376") == 0) { /* end of motd */
irc_server_connected(server);
list_add_last(&LINK(server)->init_strings,
irc_line_dup(line));
} else if (strcmp(line->elemv[0], "422") == 0) { /* no motd */
irc_server_connected(server); irc_server_connected(server);
list_add_last(&LINK(server)->init_strings, list_add_last(&LINK(server)->init_strings,
irc_line_dup(line)); irc_line_dup(line));
@ -702,6 +709,7 @@ static int irc_cli_startup(struct link_client *ic, struct line *line,
if (LINK(ic)->s_state != IRCS_CONNECTED) { if (LINK(ic)->s_state != IRCS_CONNECTED) {
/* Check if we have an untrusted certificate from the server */ /* Check if we have an untrusted certificate from the server */
if (ssl_check_trust(ic)) { if (ssl_check_trust(ic)) {
TYPE(ic) = IRC_TYPE_TRUST_CLIENT;
ic->allow_trust = 1; ic->allow_trust = 1;
free(init_nick); free(init_nick);
return OK_FORGET; return OK_FORGET;
@ -985,6 +993,21 @@ static int irc_cli_part(struct link_client *irc, struct line *line)
return OK_COPY; return OK_COPY;
} }
#ifdef HAVE_LIBSSL
static int irc_dispatch_trust_client(struct link_client *ic, struct line *line)
{
int r = OK_COPY;
if (line->elemc < 2)
return ERR_PROTOCOL;
if (strcmp(line->elemv[0], "BIP") == 0 &&
strcmp(line->elemv[1], "TRUST") == 0)
r = adm_trust(ic, line);
return r;
}
#endif
int irc_cli_bip(struct link_client *ic, struct line *line); int irc_cli_bip(struct link_client *ic, struct line *line);
static int irc_dispatch_client(struct link_client *ic, struct line *line) static int irc_dispatch_client(struct link_client *ic, struct line *line)
{ {
@ -1120,6 +1143,11 @@ int irc_dispatch(struct link_any *l, struct line *line, list_t *linkl)
return irc_dispatch_loging_client((struct link_client*)l, return irc_dispatch_loging_client((struct link_client*)l,
line, linkl); line, linkl);
break; break;
#ifdef HAVE_LIBSSL
case IRC_TYPE_TRUST_CLIENT:
return irc_dispatch_trust_client((struct link_client*)l, line);
break;
#endif
default: default:
fatal("gnéééééé"); fatal("gnéééééé");
} }

1
src/irc.h
View File

@ -59,6 +59,7 @@ struct channel {
#define IRC_TYPE_CLIENT (0) #define IRC_TYPE_CLIENT (0)
#define IRC_TYPE_SERVER (1) #define IRC_TYPE_SERVER (1)
#define IRC_TYPE_LOGING_CLIENT (2) #define IRC_TYPE_LOGING_CLIENT (2)
#define IRC_TYPE_TRUST_CLIENT (3)
struct link { struct link {
char *name; /* id */ char *name; /* id */