aniani/irssi
1
0
Fork 0
mirror of https://github.com/irssi/irssi.git synced 2024-10-27 05:20:20 -04:00
Code

Add -ssl_pass to /connect and /server

Browse Source 
Fixes: Bug #305

git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5231 dbcabf3a-b0e7-0310-adc4-f8d773084564
This commit is contained in:
Alexander Færøy 2014-01-11 19:53:17 +00:00 committed by ahf
parent 952698dc3a
commit 68f8229373
11 changed files with 48 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -13,6 +13,7 @@ v0.8.16-rc1 2013-06-26 The Irssi team <staff@irssi.org>
configuration file. configuration file.
+ Disabled support for the insecure SSLv2 protocol. + Disabled support for the insecure SSLv2 protocol.
+ Various documentation enhancements. + Various documentation enhancements.
+ Add -ssl_pass to /connect and /server (see bug #305).
- Fix crashing bug that can happen if the terminal height decreases before - Fix crashing bug that can happen if the terminal height decreases before
the first window is created. the first window is created.
- Fixed minor compiler warnings. - Fixed minor compiler warnings.
@ -21,7 +22,7 @@ v0.8.16-rc1 2013-06-26 The Irssi team <staff@irssi.org>
- Fixed signal handling for /exec'd commands. Irssi now sends the signal to - Fixed signal handling for /exec'd commands. Irssi now sends the signal to
the process group id instead of the process id. the process group id instead of the process id.
- Fixed segfault generated by SSL disconnections (see bug #752). - Fixed segfault generated by SSL disconnections (see bug #752).
- Fix compilation when built with -Werror=format-security. Patch by - Fix compilation when build with -Werror=format-security. Patch by
Jaroslav Skarvada. Jaroslav Skarvada.
v0.8.15 2010-04-03 The Irssi team <staff@irssi.org> v0.8.15 2010-04-03 The Irssi team <staff@irssi.org>

1
docs/help/in/connect.in
View File

@ -5,6 +5,7 @@
-ssl: use SSL when connecting -ssl: use SSL when connecting
-ssl_cert: The SSL client certificate file (implies -ssl) -ssl_cert: The SSL client certificate file (implies -ssl)
-ssl_pkey: The SSL client private key (if not included in the certificate file) -ssl_pkey: The SSL client private key (if not included in the certificate file)
-ssl_pass: The password for the SSL client private key or certificate.
-ssl_verify: Verify servers SSL certificate -ssl_verify: Verify servers SSL certificate
-ssl_cafile: File with list of CA certificates (implies -ssl_verify) -ssl_cafile: File with list of CA certificates (implies -ssl_verify)
-ssl_capath: Directory with CA certificates (implies -ssl_verify) -ssl_capath: Directory with CA certificates (implies -ssl_verify)

1
docs/help/in/server.in
View File

@ -5,6 +5,7 @@
-ssl: use SSL when connecting -ssl: use SSL when connecting
-ssl_cert: The SSL client certificate file (implies -ssl) -ssl_cert: The SSL client certificate file (implies -ssl)
-ssl_pkey: The SSL client private key (if not included in the certificate file) -ssl_pkey: The SSL client private key (if not included in the certificate file)
-ssl_pass: The password for the SSL client private key or certificate.
-ssl_verify: Verify servers SSL certificate -ssl_verify: Verify servers SSL certificate
-ssl_cafile: File with list of CA certificates (implies -ssl_verify) -ssl_cafile: File with list of CA certificates (implies -ssl_verify)
-ssl_capath: Directory with CA certificates (implies -ssl_verify) -ssl_capath: Directory with CA certificates (implies -ssl_verify)

8
src/core/chat-commands.c
View File

@ -98,6 +98,8 @@ static SERVER_CONNECT_REC *get_server_connect(const char *data, int *plus_addr,
conn->ssl_cert = g_strdup(tmp); conn->ssl_cert = g_strdup(tmp);
if ((tmp = g_hash_table_lookup(optlist, "ssl_pkey")) != NULL) if ((tmp = g_hash_table_lookup(optlist, "ssl_pkey")) != NULL)
conn->ssl_pkey = g_strdup(tmp); conn->ssl_pkey = g_strdup(tmp);
if ((tmp = g_hash_table_lookup(optlist, "ssl_pass")) != NULL)
conn->ssl_pass = g_strdup(tmp);
if (g_hash_table_lookup(optlist, "ssl_verify") != NULL) if (g_hash_table_lookup(optlist, "ssl_verify") != NULL)
conn->ssl_verify = TRUE; conn->ssl_verify = TRUE;
if ((tmp = g_hash_table_lookup(optlist, "ssl_cafile")) != NULL) if ((tmp = g_hash_table_lookup(optlist, "ssl_cafile")) != NULL)
@ -134,7 +136,7 @@ static SERVER_CONNECT_REC *get_server_connect(const char *data, int *plus_addr,
return conn; return conn;
} }
/* SYNTAX: CONNECT [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] /* SYNTAX: CONNECT [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] [-ssl_pass <password>]
[-ssl_verify] [-ssl_cafile <cafile>] [-ssl_capath <capath>] [-ssl_verify] [-ssl_cafile <cafile>] [-ssl_capath <capath>]
[-!] [-noautosendcmd] [-!] [-noautosendcmd]
[-noproxy] [-network <network>] [-host <hostname>] [-noproxy] [-network <network>] [-host <hostname>]
@ -240,7 +242,7 @@ static void sig_default_command_server(const char *data, SERVER_REC *server,
signal_emit("command server connect", 3, data, server, item); signal_emit("command server connect", 3, data, server, item);
} }
/* SYNTAX: SERVER [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] /* SYNTAX: SERVER [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] [-ssl_pass <password>]
[-ssl_verify] [-ssl_cafile <cafile>] [-ssl_capath <capath>] [-ssl_verify] [-ssl_cafile <cafile>] [-ssl_capath <capath>]
[-!] [-noautosendcmd] [-!] [-noautosendcmd]
[-noproxy] [-network <network>] [-host <hostname>] [-noproxy] [-network <network>] [-host <hostname>]
@ -458,7 +460,7 @@ void chat_commands_init(void)
signal_add("default command server", (SIGNAL_FUNC) sig_default_command_server); signal_add("default command server", (SIGNAL_FUNC) sig_default_command_server);
signal_add("server sendmsg", (SIGNAL_FUNC) sig_server_sendmsg); signal_add("server sendmsg", (SIGNAL_FUNC) sig_server_sendmsg);
command_set_options("connect", "4 6 !! -network ssl +ssl_cert +ssl_pkey ssl_verify +ssl_cafile +ssl_capath +host noproxy -rawlog noautosendcmd"); command_set_options("connect", "4 6 !! -network ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath +host noproxy -rawlog noautosendcmd");
command_set_options("msg", "channel nick"); command_set_options("msg", "channel nick");
} }

25
src/core/network-openssl.c
View File

@ -429,6 +429,24 @@ static gboolean irssi_ssl_init(void)
} }
static int get_pem_password_callback(char *buffer, int max_length, int rwflag, void *pass)
{
char *password;
size_t length;
if (pass == NULL)
return 0;
password = (char *)pass;
length = strlen(pass);
if (length > max_length)
return 0;
memcpy(buffer, password, length + 1);
return length;
}
static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_REC *server) static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_REC *server)
{ {
GIOSSLChannel *chan; GIOSSLChannel *chan;
@ -439,6 +457,7 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_
const char *mycert = server->connrec->ssl_cert; const char *mycert = server->connrec->ssl_cert;
const char *mypkey = server->connrec->ssl_pkey; const char *mypkey = server->connrec->ssl_pkey;
const char *mypass = server->connrec->ssl_pass;
const char *cafile = server->connrec->ssl_cafile; const char *cafile = server->connrec->ssl_cafile;
const char *capath = server->connrec->ssl_capath; const char *capath = server->connrec->ssl_capath;
gboolean verify = server->connrec->ssl_verify; gboolean verify = server->connrec->ssl_verify;
@ -457,6 +476,8 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_
return NULL; return NULL;
} }
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_default_passwd_cb(ctx, get_pem_password_callback);
SSL_CTX_set_default_passwd_cb_userdata(ctx, mypass);
if (mycert && *mycert) { if (mycert && *mycert) {
char *scert = NULL, *spkey = NULL; char *scert = NULL, *spkey = NULL;
@ -464,9 +485,9 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_
if (mypkey && *mypkey) if (mypkey && *mypkey)
spkey = convert_home(mypkey); spkey = convert_home(mypkey);
if (! SSL_CTX_use_certificate_file(ctx, scert, SSL_FILETYPE_PEM)) if (! SSL_CTX_use_certificate_file(ctx, scert, SSL_FILETYPE_PEM))
g_warning("Loading of client certificate '%s' failed", mycert); g_warning("Loading of client certificate '%s' failed: %s", mycert, ERR_reason_error_string(ERR_get_error()));
else if (! SSL_CTX_use_PrivateKey_file(ctx, spkey ? spkey : scert, SSL_FILETYPE_PEM)) else if (! SSL_CTX_use_PrivateKey_file(ctx, spkey ? spkey : scert, SSL_FILETYPE_PEM))
g_warning("Loading of private key '%s' failed", mypkey ? mypkey : mycert); g_warning("Loading of private key '%s' failed: %s", mypkey ? mypkey : mycert, ERR_reason_error_string(ERR_get_error()));
else if (! SSL_CTX_check_private_key(ctx)) else if (! SSL_CTX_check_private_key(ctx))
g_warning("Private key does not match the certificate"); g_warning("Private key does not match the certificate");
g_free(scert); g_free(scert);

1
src/core/server-connect-rec.h
View File

@ -25,6 +25,7 @@ char *realname;
char *ssl_cert; char *ssl_cert;
char *ssl_pkey; char *ssl_pkey;
char *ssl_pass;
char *ssl_cafile; char *ssl_cafile;
char *ssl_capath; char *ssl_capath;

1
src/core/server-setup-rec.h
View File

@ -10,6 +10,7 @@ char *password;
char *ssl_cert; char *ssl_cert;
char *ssl_pkey; char *ssl_pkey;
char *ssl_pass;
char *ssl_cafile; char *ssl_cafile;
char *ssl_capath; char *ssl_capath;

5
src/core/servers-setup.c
View File

@ -169,6 +169,8 @@ static void server_setup_fill_server(SERVER_CONNECT_REC *conn,
conn->ssl_cert = g_strdup(sserver->ssl_cert); conn->ssl_cert = g_strdup(sserver->ssl_cert);
if (conn->ssl_pkey == NULL && sserver->ssl_pkey != NULL && sserver->ssl_pkey[0] != '\0') if (conn->ssl_pkey == NULL && sserver->ssl_pkey != NULL && sserver->ssl_pkey[0] != '\0')
conn->ssl_pkey = g_strdup(sserver->ssl_pkey); conn->ssl_pkey = g_strdup(sserver->ssl_pkey);
if (conn->ssl_pass == NULL && sserver->ssl_pass != NULL && sserver->ssl_pass[0] != '\0')
conn->ssl_pass = g_strdup(sserver->ssl_pass);
conn->ssl_verify = sserver->ssl_verify; conn->ssl_verify = sserver->ssl_verify;
if (conn->ssl_cafile == NULL && sserver->ssl_cafile != NULL && sserver->ssl_cafile[0] != '\0') if (conn->ssl_cafile == NULL && sserver->ssl_cafile != NULL && sserver->ssl_cafile[0] != '\0')
conn->ssl_cafile = g_strdup(sserver->ssl_cafile); conn->ssl_cafile = g_strdup(sserver->ssl_cafile);
@ -396,6 +398,7 @@ static SERVER_SETUP_REC *server_setup_read(CONFIG_NODE *node)
rec->use_ssl = config_node_get_bool(node, "use_ssl", FALSE); rec->use_ssl = config_node_get_bool(node, "use_ssl", FALSE);
rec->ssl_cert = g_strdup(config_node_get_str(node, "ssl_cert", NULL)); rec->ssl_cert = g_strdup(config_node_get_str(node, "ssl_cert", NULL));
rec->ssl_pkey = g_strdup(config_node_get_str(node, "ssl_pkey", NULL)); rec->ssl_pkey = g_strdup(config_node_get_str(node, "ssl_pkey", NULL));
rec->ssl_pass = g_strdup(config_node_get_str(node, "ssl_pass", NULL));
rec->ssl_verify = config_node_get_bool(node, "ssl_verify", FALSE); rec->ssl_verify = config_node_get_bool(node, "ssl_verify", FALSE);
rec->ssl_cafile = g_strdup(config_node_get_str(node, "ssl_cafile", NULL)); rec->ssl_cafile = g_strdup(config_node_get_str(node, "ssl_cafile", NULL));
rec->ssl_capath = g_strdup(config_node_get_str(node, "ssl_capath", NULL)); rec->ssl_capath = g_strdup(config_node_get_str(node, "ssl_capath", NULL));
@ -435,6 +438,7 @@ static void server_setup_save(SERVER_SETUP_REC *rec)
iconfig_node_set_bool(node, "use_ssl", rec->use_ssl); iconfig_node_set_bool(node, "use_ssl", rec->use_ssl);
iconfig_node_set_str(node, "ssl_cert", rec->ssl_cert); iconfig_node_set_str(node, "ssl_cert", rec->ssl_cert);
iconfig_node_set_str(node, "ssl_pkey", rec->ssl_pkey); iconfig_node_set_str(node, "ssl_pkey", rec->ssl_pkey);
iconfig_node_set_str(node, "ssl_pass", rec->ssl_pass);
iconfig_node_set_bool(node, "ssl_verify", rec->ssl_verify); iconfig_node_set_bool(node, "ssl_verify", rec->ssl_verify);
iconfig_node_set_str(node, "ssl_cafile", rec->ssl_cafile); iconfig_node_set_str(node, "ssl_cafile", rec->ssl_cafile);
iconfig_node_set_str(node, "ssl_capath", rec->ssl_capath); iconfig_node_set_str(node, "ssl_capath", rec->ssl_capath);
@ -476,6 +480,7 @@ static void server_setup_destroy(SERVER_SETUP_REC *rec)
g_free_not_null(rec->password); g_free_not_null(rec->password);
g_free_not_null(rec->ssl_cert); g_free_not_null(rec->ssl_cert);
g_free_not_null(rec->ssl_pkey); g_free_not_null(rec->ssl_pkey);
g_free_not_null(rec->ssl_pass);
g_free_not_null(rec->ssl_cafile); g_free_not_null(rec->ssl_cafile);
g_free_not_null(rec->ssl_capath); g_free_not_null(rec->ssl_capath);
g_free(rec->address); g_free(rec->address);

1
src/core/servers.c
View File

@ -635,6 +635,7 @@ void server_connect_unref(SERVER_CONNECT_REC *conn)
g_free_not_null(conn->ssl_cert); g_free_not_null(conn->ssl_cert);
g_free_not_null(conn->ssl_pkey); g_free_not_null(conn->ssl_pkey);
g_free_not_null(conn->ssl_pass);
g_free_not_null(conn->ssl_cafile); g_free_not_null(conn->ssl_cafile);
g_free_not_null(conn->ssl_capath); g_free_not_null(conn->ssl_capath);

6
src/fe-common/core/fe-server.c
View File

@ -158,6 +158,10 @@ static void cmd_server_add(const char *data)
if (value != NULL && *value != '\0') if (value != NULL && *value != '\0')
rec->ssl_pkey = g_strdup(value); rec->ssl_pkey = g_strdup(value);
value = g_hash_table_lookup(optlist, "ssl_pass");
if (value != NULL && *value != '\0')
rec->ssl_pass = g_strdup(value);
if (g_hash_table_lookup(optlist, "ssl_verify")) if (g_hash_table_lookup(optlist, "ssl_verify"))
rec->ssl_verify = TRUE; rec->ssl_verify = TRUE;
@ -383,7 +387,7 @@ void fe_server_init(void)
command_bind("server remove", NULL, (SIGNAL_FUNC) cmd_server_remove); command_bind("server remove", NULL, (SIGNAL_FUNC) cmd_server_remove);
command_bind_first("server", NULL, (SIGNAL_FUNC) server_command); command_bind_first("server", NULL, (SIGNAL_FUNC) server_command);
command_bind_first("disconnect", NULL, (SIGNAL_FUNC) server_command); command_bind_first("disconnect", NULL, (SIGNAL_FUNC) server_command);
command_set_options("server add", "4 6 ssl +ssl_cert +ssl_pkey ssl_verify +ssl_cafile +ssl_capath auto noauto proxy noproxy -host -port"); command_set_options("server add", "4 6 ssl +ssl_cert +ssl_pkey +ssl_pass ssl_verify +ssl_cafile +ssl_capath auto noauto proxy noproxy -host -port");
signal_add("server looking", (SIGNAL_FUNC) sig_server_looking); signal_add("server looking", (SIGNAL_FUNC) sig_server_looking);
signal_add("server connecting", (SIGNAL_FUNC) sig_server_connecting); signal_add("server connecting", (SIGNAL_FUNC) sig_server_connecting);

4
src/fe-common/irc/fe-irc-server.c
View File

@ -50,7 +50,7 @@ const char *get_visible_target(IRC_SERVER_REC *server, const char *target)
return target; return target;
} }
/* SYNTAX: SERVER ADD [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] /* SYNTAX: SERVER ADD [-4 | -6] [-ssl] [-ssl_cert <cert>] [-ssl_pkey <pkey>] [-ssl_pass <password>]
[-ssl_verify] [-ssl_cafile <cafile>] [-ssl_capath <capath>] [-ssl_verify] [-ssl_cafile <cafile>] [-ssl_capath <capath>]
[-auto | -noauto] [-network <network>] [-host <hostname>] [-auto | -noauto] [-network <network>] [-host <hostname>]
[-cmdspeed <ms>] [-cmdmax <count>] [-port <port>] [-cmdspeed <ms>] [-cmdmax <count>] [-port <port>]
@ -112,6 +112,8 @@ static void cmd_server_list(const char *data)
g_string_append_printf(str, "ssl_cert: %s, ", rec->ssl_cert); g_string_append_printf(str, "ssl_cert: %s, ", rec->ssl_cert);
if (rec->ssl_pkey) if (rec->ssl_pkey)
g_string_append_printf(str, "ssl_pkey: %s, ", rec->ssl_pkey); g_string_append_printf(str, "ssl_pkey: %s, ", rec->ssl_pkey);
if (rec->ssl_pass)
g_string_append_printf(str, "(pass), ");
} }
if (rec->ssl_verify) if (rec->ssl_verify)
g_string_append(str, "ssl_verify, "); g_string_append(str, "ssl_verify, ");