From e939637c995c8730e899dff61cd93cc71decc928 Mon Sep 17 00:00:00 2001 From: Test_User Date: Wed, 6 Dec 2023 22:52:04 -0500 Subject: Revert "No more TLS" This reverts commit 8fb7f0bc0d3300637c2db8499efbf193ffebf28f. --- .gitignore | 3 -- Makefile | 8 ++-- client_network.c | 2 + commands.c | 1 + core | Bin 0 -> 12451840 bytes general_network.c | 1 + main.c | 2 + network.h | 31 -------------- rerun.sh | 4 -- server_network.c | 53 +++--------------------- tls.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ tls.h | 52 +++++++++++++++++++++++ 12 files changed, 189 insertions(+), 88 deletions(-) create mode 100644 core create mode 100644 tls.c create mode 100644 tls.h diff --git a/.gitignore b/.gitignore index 58b6399..c24b685 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,3 @@ config.c *.o .*.swp haxserv -core -s2s -lock diff --git a/Makefile b/Makefile index 6d6d5e0..4ddf248 100644 --- a/Makefile +++ b/Makefile @@ -36,16 +36,16 @@ ifeq ($(COLORIZE), 1) CFLAGS += -DCOLORIZE=1 endif -CFLAGS += $(INCLUDEFLAGS) -D_REENTRANT -ggdb3 -Wall -Wextra -Wsign-conversion -Wno-unused-parameter +CFLAGS += $(INCLUDEFLAGS) -D_REENTRANT -ggdb3 -Wall -Wextra -Wsign-conversion -Wno-unused-parameter $(shell pkg-config gnutls --cflags) -LDFLAGS = -lpthread +LDFLAGS = -lpthread $(shell pkg-config gnutls --libs) DEPS = $(shell $(CC) $(INCLUDEFLAGS) -MM -MT $(1).o $(1).c | sed -z 's/\\\n //g') .PHONY: all clean cleanall release all: haxserv -haxserv: main.o server_network.o client_network.o general_network.o commands.o table.o config.o utils.o +haxserv: main.o server_network.o client_network.o general_network.o commands.o table.o config.o tls.o utils.o $(CC) $^ -o $@ $(LDFLAGS) %.o: %.c @@ -65,6 +65,8 @@ $(call DEPS,table) $(call DEPS,config) +$(call DEPS,tls) + $(call DEPS,utils) clean: diff --git a/client_network.c b/client_network.c index a0c25be..cef4776 100644 --- a/client_network.c +++ b/client_network.c @@ -26,6 +26,7 @@ // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR // OTHER DEALINGS IN THE SOFTWARE. +#include #include #include #include @@ -40,6 +41,7 @@ #include "config.h" #include "types.h" #include "table.h" +#include "tls.h" struct table client_network_commands = {0}; struct string client_nick = {0}; diff --git a/commands.c b/commands.c index f325457..43e2c8d 100644 --- a/commands.c +++ b/commands.c @@ -34,6 +34,7 @@ #include "table.h" #include "commands.h" #include "network.h" +#include "tls.h" #include "config.h" #include "utils.h" diff --git a/core b/core new file mode 100644 index 0000000..ec17f99 Binary files /dev/null and b/core differ diff --git a/general_network.c b/general_network.c index ad04f08..ee8b7c7 100644 --- a/general_network.c +++ b/general_network.c @@ -31,6 +31,7 @@ #include #include "network.h" +#include "tls.h" #include "config.h" char channel_mode_types[UCHAR_MAX] = { diff --git a/main.c b/main.c index a5401b5..647da81 100644 --- a/main.c +++ b/main.c @@ -26,6 +26,7 @@ // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR // OTHER DEALINGS IN THE SOFTWARE. +#include #include #include #include @@ -34,6 +35,7 @@ #include "network.h" #include "config.h" #include "types.h" +#include "tls.h" #include "types.h" void *client_loop(void *ign) { diff --git a/network.h b/network.h index 136de3d..88383bd 100644 --- a/network.h +++ b/network.h @@ -31,9 +31,6 @@ #include #include #include -#include - -#include #include "types.h" #include "table.h" @@ -90,8 +87,6 @@ extern struct table user_list; extern pthread_mutex_t send_lock; -extern int server_fd; - extern int client_fd; extern int client_listen_fd; extern struct string client_nick; @@ -117,32 +112,6 @@ extern ssize_t SENDCLIENT(struct string msg); #define SENDCLIENT(x) write(client_fd, x.data, x.len) #endif -#if LOGALL -extern ssize_t SEND(struct string msg); -#else -#define SEND(x) write(server_fd, x.data, x.len) -#endif - -inline size_t RECV(char *buf, size_t buflen, char *timeout) { - ssize_t len; - do { - len = recv(server_fd, buf, buflen, 0); - } while (len == -1 && errno == EINTR); - - if (len == -1) - fprintf(stderr, "errno: %d\n", errno); - - if (len == -1) - *timeout = (errno == EAGAIN || errno == EWOULDBLOCK); - else - *timeout = 0; - - if (len < 0) - return 0; - else - return (size_t)len; -} - extern int privmsg(struct string source, struct string target, size_t num_message_parts, struct string message[num_message_parts]); extern int add_local_client(struct string uid, struct string nick_arg, struct string vhost_arg, struct string ident_arg, struct string realname_arg, time_t timestamp, char fake_cert); extern int remove_user(struct string uid, struct string reason); diff --git a/rerun.sh b/rerun.sh index 7f28b5c..fa4a75d 100755 --- a/rerun.sh +++ b/rerun.sh @@ -1,9 +1,5 @@ #!/usr/bin/env bash { - socat -L'lock' 'UNIX-LISTEN:./s2s,fork' 'OPENSSL:irc.andrewyu.org:7005' & - while ! [ -S ./s2s ]; do - sleep 0.1 - done start=`date -u +%s` ./haxserv uptime=$((`date -u +%s` - $start)) diff --git a/server_network.c b/server_network.c index 27c43a6..32277d2 100644 --- a/server_network.c +++ b/server_network.c @@ -26,11 +26,12 @@ // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR // OTHER DEALINGS IN THE SOFTWARE. +#include #include #include #include +#include #include -#include #include #include #include @@ -38,6 +39,7 @@ #include "network.h" #include "types.h" #include "table.h" +#include "tls.h" #include "config.h" #include "utils.h" #include "commands.h" @@ -63,8 +65,6 @@ int resolve(char *address, char *port, struct sockaddr *sockaddr) { return success; } -int server_fd = -1; - struct table server_network_commands = {0}; struct table server_list = {0}; struct table user_list = {0}; @@ -899,20 +899,9 @@ int initservernetwork(void) { init_user_commands(); - server_fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (server_fd < 0) { - WRITES(2, STRING("Unable to open unix socket!\n")); - return 1; - } - - struct sockaddr_un socket = { - .sun_family = AF_UNIX, - .sun_path = "./s2s", - }; - - int retval = connect(server_fd, (struct sockaddr*)&socket, sizeof(socket)); - if (retval == -1) { - WRITES(2, STRING("Unable to connect unix socket!\n")); + int retval = connect_tls(); + if (retval != 0) { + printf("connect_tls(): %d\n", retval); return 1; } @@ -952,33 +941,3 @@ int initservernetwork(void) { return 0; } - -extern inline size_t RECV(char *buf, size_t buflen, char *timeout); // Should force it to get compiled into here - -#if LOGALL -ssize_t SEND(struct string msg) { - static char printprefix = 1; - if (printprefix) { -#if COLORIZE - WRITES(1, STRING("\x1b[33m[Us->Server] \x1b[34m")); -#else - WRITES(1, STRING("[Us->Server] ")); -#endif - - printprefix = 0; - } - - WRITES(1, msg); - - if (msg.len == 0 || msg.data[msg.len - 1] == '\n') { - printprefix = 1; -#if COLORIZE - WRITES(1, STRING("\x1b[0m\n")); -#else - WRITES(1, STRING("\n")); -#endif - } - - return WRITES(server_fd, msg); -} -#endif diff --git a/tls.c b/tls.c new file mode 100644 index 0000000..167f530 --- /dev/null +++ b/tls.c @@ -0,0 +1,120 @@ +// TLS handler for HaxServ +// +// Written by: Test_User +// +// This is free and unencumbered software released into the public +// domain. +// +// Anyone is free to copy, modify, publish, use, compile, sell, or +// distribute this software, either in source code form or as a compiled +// binary, for any purpose, commercial or non-commercial, and by any +// means. +// +// In jurisdictions that recognize copyright laws, the author or authors +// of this software dedicate any and all copyright interest in the +// software to the public domain. We make this dedication for the benefit +// of the public at large and to the detriment of our heirs and +// successors. We intend this dedication to be an overt act of +// relinquishment in perpetuity of all present and future rights to this +// software under copyright law. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +// IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +// OTHER DEALINGS IN THE SOFTWARE. + +#include +#include +#include +#include + +#include "network.h" +#include "config.h" +#include "types.h" +#include "tls.h" + +gnutls_session_t session; +int fd; + +int connect_tls(void) { + // TODO: free used things on failure + + if (gnutls_global_init() < 0) + return 1; + + gnutls_certificate_credentials_t xcred; // TODO: if we reconnect + if (gnutls_certificate_allocate_credentials(&xcred) < 0) + return 2; + + if (gnutls_certificate_set_x509_system_trust(xcred) < 0) + return 3; + + if (gnutls_init(&session, GNUTLS_CLIENT) < 0) + return 4; + + if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0) + return 5; + + if (gnutls_set_default_priority(session) < 0) + return 6; + + if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0) + return 7; + gnutls_session_set_verify_cert(session, address.data, 0); + + fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (fd == -1) + return 8; + + struct sockaddr sockaddr; + resolve(address.data, port.data, &sockaddr); + int ret = connect(fd, &sockaddr, sizeof(sockaddr)); + if (ret != 0) + return 9; + + gnutls_transport_set_int(session, fd); + gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) + return 10; + + gnutls_record_set_timeout(session, 60000); // 60s + + return 0; +} + +extern inline size_t RECV(char *buf, size_t buflen, char *timeout); // Should force it to get compiled into tls.o + +#if LOGALL +ssize_t SEND(struct string msg) { + static char printprefix = 1; + if (printprefix) { +#if COLORIZE + WRITES(1, STRING("\x1b[33m[Us->Server] \x1b[34m")); +#else + WRITES(1, STRING("[Us->Server] ")); +#endif + + printprefix = 0; + } + + WRITES(1, msg); + + if (msg.len == 0 || msg.data[msg.len - 1] == '\n') { + printprefix = 1; +#if COLORIZE + WRITES(1, STRING("\x1b[0m\n")); +#else + WRITES(1, STRING("\n")); +#endif + } + + return gnutls_record_send(session, msg.data, msg.len); +} +#endif diff --git a/tls.h b/tls.h new file mode 100644 index 0000000..79aedd7 --- /dev/null +++ b/tls.h @@ -0,0 +1,52 @@ +// One of the headers for HaxServ +// +// Written by: Test_User +// +// This is free and unencumbered software released into the public +// domain. +// +// Anyone is free to copy, modify, publish, use, compile, sell, or +// distribute this software, either in source code form or as a compiled +// binary, for any purpose, commercial or non-commercial, and by any +// means. +// +// In jurisdictions that recognize copyright laws, the author or authors +// of this software dedicate any and all copyright interest in the +// software to the public domain. We make this dedication for the benefit +// of the public at large and to the detriment of our heirs and +// successors. We intend this dedication to be an overt act of +// relinquishment in perpetuity of all present and future rights to this +// software under copyright law. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +// IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +// OTHER DEALINGS IN THE SOFTWARE. + +#include + +#if LOGALL +extern ssize_t SEND(struct string msg); +#else +#define SEND(x) gnutls_record_send(session, x.data, x.len) +#endif + +extern gnutls_session_t session; + +extern int connect_tls(void); + +inline size_t RECV(char *buf, size_t buflen, char *timeout) { + int len; + do { + len = gnutls_record_recv(session, buf, buflen); + } while (len == GNUTLS_E_AGAIN || len == GNUTLS_E_INTERRUPTED); + + *timeout = (len == GNUTLS_E_TIMEDOUT); + if (len < 0) + return 0; + else + return (size_t)len; +} -- cgit v1.2.3