/[cvs]/eggdrop1.8/src/dcc.c
ViewVC logotype

Diff of /eggdrop1.8/src/dcc.c

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.6 by pseudo, Sun Oct 31 14:40:38 2010 UTC revision 1.7 by pseudo, Tue Nov 23 16:36:23 2010 UTC
# Line 43  extern int egg_numver, connect_timeout, Line 43  extern int egg_numver, connect_timeout,
43             make_userfile, default_flags, raw_log, ignore_time,             make_userfile, default_flags, raw_log, ignore_time,
44             par_telnet_flood;             par_telnet_flood;
45    
 struct dcc_t *dcc = NULL;       /* DCC list                                   */  
46  #ifdef TLS  #ifdef TLS
47    extern int tls_vfybots;
48    
49  int tls_vfyclients = 0;     /* Certificate validation mode for clients    */  int tls_vfyclients = 0;     /* Certificate validation mode for clients    */
50  int tls_vfydcc = 0;             /* Verify DCC chat/send user certificates     */  int tls_vfydcc = 0;             /* Verify DCC chat/send user certificates     */
51  int tls_auth = 0;               /* Allow certificate authentication           */  int tls_auth = 0;               /* Allow certificate authentication           */
52  #endif  #endif
53    
54    struct dcc_t *dcc = NULL;       /* DCC list                                   */
55  int dcc_total = 0;              /* Total dcc's                                */  int dcc_total = 0;              /* Total dcc's                                */
56  int require_p = 0;              /* Require 'p' access to get on the  int require_p = 0;              /* Require 'p' access to get on the
57                                   * party line?                                */                                   * party line?                                */
# Line 249  static void bot_version(int idx, char *p Line 252  static void bot_version(int idx, char *p
252    egg_snprintf(x, sizeof x, "v %d", dcc[idx].u.bot->numver);    egg_snprintf(x, sizeof x, "v %d", dcc[idx].u.bot->numver);
253    bot_share(idx, x);    bot_share(idx, x);
254    dprintf(idx, "el\n");    dprintf(idx, "el\n");
 #ifdef TLS  
   /* Ask the peer to switch to ssl communication. We'll continue  
    * using plain text, until it replies with stls itself. Bots which don't  
    * support it will simply ignore the request and everything goes on as usual.  
    */  
   if (dcc[idx].status & STAT_STARTTLS) {  
     dprintf(idx, "starttls\n");  
     putlog(LOG_BOTS, "*", "Sent STARTTLS to %s...", dcc[idx].nick);  
   }  
 #endif  
   
255  }  }
256    
257  void failed_link(int idx)  void failed_link(int idx)
# Line 322  static void cont_link(int idx, char *buf Line 314  static void cont_link(int idx, char *buf
314        }        }
315      }      }
316    }    }
   /* Indicate that we'd like to switch to tls later */  
 #ifdef TLS  
   if (!dcc[idx].ssl)  
     dcc[idx].status |= STAT_STARTTLS;  
 #endif  
317    dcc[idx].type = &DCC_BOT_NEW;    dcc[idx].type = &DCC_BOT_NEW;
318    dcc[idx].u.bot->numver = 0;    dcc[idx].u.bot->numver = 0;
319    
# Line 376  static void dcc_bot_new(int idx, char *b Line 363  static void dcc_bot_new(int idx, char *b
363    else if (!egg_strcasecmp(code, "passreq")) {    else if (!egg_strcasecmp(code, "passreq")) {
364      char *pass = get_user(&USERENTRY_PASS, u);      char *pass = get_user(&USERENTRY_PASS, u);
365    
366    #ifdef TLS
367        /* We got a STARTTLS request earlier. Switch to ssl NOW. Doing this
368         * in two steps is necessary in order to synchronize the handshake.
369         */
370        if (dcc[idx].status & STAT_STARTTLS) {
371          dcc[idx].ssl = 1;
372          if (ssl_handshake(dcc[idx].sock, TLS_CONNECT, tls_vfybots, LOG_BOTS,
373                        dcc[idx].host, NULL))
374            putlog(LOG_BOTS, "*", "STARTTLS failed while linking to %s",
375                   dcc[idx].nick);
376          dcc[idx].status &= ~STAT_STARTTLS;
377        }
378    #endif
379      if (!pass || !strcmp(pass, "-")) {      if (!pass || !strcmp(pass, "-")) {
380        putlog(LOG_BOTS, "*", DCC_PASSREQ, dcc[idx].nick);        putlog(LOG_BOTS, "*", DCC_PASSREQ, dcc[idx].nick);
381        dprintf(idx, "-\n");        dprintf(idx, "-\n");
# Line 388  static void dcc_bot_new(int idx, char *b Line 388  static void dcc_bot_new(int idx, char *b
388        else        else
389          dprintf(idx, "%s\n", pass);          dprintf(idx, "%s\n", pass);
390      }      }
391    #ifdef TLS
392      } else if (!egg_strcasecmp(code, "starttls") && !dcc[idx].ssl) {
393        /* Mark the connection for secure communication, but don't switch yet.
394         * The hub has to send a plaintext passreq right after the starttls command
395         * and if we switch now, we'll break the handshake. Instead, we'll only
396         * send a confirmation to the peer and wait for the passreq.
397         */
398        putlog(LOG_BOTS, "*", "Got STARTTLS from %s. Replying...", dcc[idx].nick);
399        dcc[idx].status |= STAT_STARTTLS;
400        /* needs to have space to be distinguished from a plaintext password */
401        dprintf(idx, "starttls -\n");
402    #endif
403    } else if (!egg_strcasecmp(code, "error"))    } else if (!egg_strcasecmp(code, "error"))
404      putlog(LOG_BOTS, "*", DCC_LINKERROR, dcc[idx].nick, buf);      putlog(LOG_BOTS, "*", DCC_LINKERROR, dcc[idx].nick, buf);
405    /* Ignore otherwise */    /* Ignore otherwise */
# Line 593  static void dcc_chat_pass(int idx, char Line 605  static void dcc_chat_pass(int idx, char
605    atr = dcc[idx].user ? dcc[idx].user->flags : 0;    atr = dcc[idx].user ? dcc[idx].user->flags : 0;
606    
607    /* Check for MD5 digest from remote _bot_. <cybah> */    /* Check for MD5 digest from remote _bot_. <cybah> */
608    #ifdef TLS
609      if ((atr & USER_BOT) && !egg_strncasecmp(buf, "starttls ", 9)) {
610        dcc[idx].ssl = 1;
611        if (ssl_handshake(dcc[idx].sock, TLS_LISTEN, tls_vfybots, LOG_BOTS,
612                          dcc[idx].host, NULL)) {
613          killsock(dcc[idx].sock);
614          lostdcc(idx);
615        }
616        return;
617      }
618    #endif
619    if ((atr & USER_BOT) && !egg_strncasecmp(buf, "digest ", 7)) {    if ((atr & USER_BOT) && !egg_strncasecmp(buf, "digest ", 7)) {
620      if (dcc_bot_check_digest(idx, buf + 7)) {      if (dcc_bot_check_digest(idx, buf + 7)) {
621        nfree(dcc[idx].u.chat);        nfree(dcc[idx].u.chat);
# Line 1617  static void dcc_telnet_pass(int idx, int Line 1640  static void dcc_telnet_pass(int idx, int
1640    }    }
1641    
1642    if (glob_bot(fr)) {    if (glob_bot(fr)) {
1643    #ifdef TLS
1644      /* Ask the peer to switch to ssl communication. We'll continue using plain
1645       * text, until it replies with starttls itself. Bots which don't support ssl
1646       * will simply ignore the request and everything will go on as usual.
1647       */
1648        if (!dcc[idx].ssl) {
1649          dprintf(idx, "starttls\n");
1650          putlog(LOG_BOTS, "*", "Sent STARTTLS to %s...", dcc[idx].nick);
1651        }
1652    #endif
1653      /* Must generate a string consisting of our process ID and the current      /* Must generate a string consisting of our process ID and the current
1654       * time. The bot will add it's password to the end and use it to generate       * time. The bot will add it's password to the end and use it to generate
1655       * an MD5 checksum (always 128bit). The checksum is sent back and this       * an MD5 checksum (always 128bit). The checksum is sent back and this

Legend:
Removed from v.1.6  
changed lines
  Added in v.1.7

webmaster@eggheads.org
ViewVC Help
Powered by ViewVC 1.1.23