| [b7d3cc34] | 1 | /********************************************************************\ |
|---|
| 2 | * BitlBee -- An IRC to other IM-networks gateway * |
|---|
| 3 | * * |
|---|
| 4 | * Copyright 2002-2004 Wilmer van der Gaast and others * |
|---|
| 5 | \********************************************************************/ |
|---|
| 6 | |
|---|
| 7 | /* SSL module - GnuTLS version */ |
|---|
| 8 | |
|---|
| 9 | /* |
|---|
| 10 | This program is free software; you can redistribute it and/or modify |
|---|
| 11 | it under the terms of the GNU General Public License as published by |
|---|
| 12 | the Free Software Foundation; either version 2 of the License, or |
|---|
| 13 | (at your option) any later version. |
|---|
| 14 | |
|---|
| 15 | This program is distributed in the hope that it will be useful, |
|---|
| 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| 18 | GNU General Public License for more details. |
|---|
| 19 | |
|---|
| 20 | You should have received a copy of the GNU General Public License with |
|---|
| 21 | the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL; |
|---|
| 22 | if not, write to the Free Software Foundation, Inc., 59 Temple Place, |
|---|
| 23 | Suite 330, Boston, MA 02111-1307 USA |
|---|
| 24 | */ |
|---|
| 25 | |
|---|
| 26 | #include <gnutls/gnutls.h> |
|---|
| [701acdd4] | 27 | #include <fcntl.h> |
|---|
| 28 | #include <unistd.h> |
|---|
| [b7d3cc34] | 29 | #include "proxy.h" |
|---|
| 30 | #include "ssl_client.h" |
|---|
| 31 | #include "sock.h" |
|---|
| 32 | #include "stdlib.h" |
|---|
| 33 | |
|---|
| [701acdd4] | 34 | int ssl_errno = 0; |
|---|
| 35 | |
|---|
| [b7d3cc34] | 36 | static gboolean initialized = FALSE; |
|---|
| 37 | |
|---|
| 38 | struct scd |
|---|
| 39 | { |
|---|
| [3d64e5b] | 40 | ssl_input_function func; |
|---|
| [b7d3cc34] | 41 | gpointer data; |
|---|
| 42 | int fd; |
|---|
| 43 | gboolean established; |
|---|
| [701acdd4] | 44 | int inpa; |
|---|
| [b7d3cc34] | 45 | |
|---|
| 46 | gnutls_session session; |
|---|
| 47 | gnutls_certificate_credentials xcred; |
|---|
| 48 | }; |
|---|
| 49 | |
|---|
| 50 | static void ssl_connected( gpointer data, gint source, GaimInputCondition cond ); |
|---|
| 51 | |
|---|
| 52 | |
|---|
| [3d64e5b] | 53 | void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data ) |
|---|
| [b7d3cc34] | 54 | { |
|---|
| 55 | struct scd *conn = g_new0( struct scd, 1 ); |
|---|
| 56 | |
|---|
| 57 | conn->fd = proxy_connect( host, port, ssl_connected, conn ); |
|---|
| 58 | conn->func = func; |
|---|
| 59 | conn->data = data; |
|---|
| [701acdd4] | 60 | conn->inpa = -1; |
|---|
| [b7d3cc34] | 61 | |
|---|
| 62 | if( conn->fd < 0 ) |
|---|
| 63 | { |
|---|
| 64 | g_free( conn ); |
|---|
| 65 | return( NULL ); |
|---|
| 66 | } |
|---|
| 67 | |
|---|
| 68 | if( !initialized ) |
|---|
| 69 | { |
|---|
| 70 | gnutls_global_init(); |
|---|
| 71 | initialized = TRUE; |
|---|
| 72 | atexit( gnutls_global_deinit ); |
|---|
| 73 | } |
|---|
| 74 | |
|---|
| 75 | gnutls_certificate_allocate_credentials( &conn->xcred ); |
|---|
| 76 | gnutls_init( &conn->session, GNUTLS_CLIENT ); |
|---|
| 77 | gnutls_set_default_priority( conn->session ); |
|---|
| 78 | gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred ); |
|---|
| 79 | |
|---|
| 80 | return( conn ); |
|---|
| 81 | } |
|---|
| 82 | |
|---|
| [701acdd4] | 83 | static void ssl_handshake( gpointer data, gint source, GaimInputCondition cond ); |
|---|
| 84 | |
|---|
| [b7d3cc34] | 85 | static void ssl_connected( gpointer data, gint source, GaimInputCondition cond ) |
|---|
| 86 | { |
|---|
| 87 | struct scd *conn = data; |
|---|
| 88 | |
|---|
| 89 | if( source == -1 ) |
|---|
| [701acdd4] | 90 | { |
|---|
| 91 | conn->func( conn->data, NULL, cond ); |
|---|
| 92 | |
|---|
| 93 | gnutls_deinit( conn->session ); |
|---|
| 94 | gnutls_certificate_free_credentials( conn->xcred ); |
|---|
| 95 | |
|---|
| 96 | g_free( conn ); |
|---|
| 97 | |
|---|
| 98 | return; |
|---|
| 99 | } |
|---|
| [b7d3cc34] | 100 | |
|---|
| [701acdd4] | 101 | sock_make_nonblocking( conn->fd ); |
|---|
| [b7d3cc34] | 102 | gnutls_transport_set_ptr( conn->session, (gnutls_transport_ptr) conn->fd ); |
|---|
| 103 | |
|---|
| [701acdd4] | 104 | ssl_handshake( data, source, cond ); |
|---|
| 105 | } |
|---|
| 106 | |
|---|
| 107 | static void ssl_handshake( gpointer data, gint source, GaimInputCondition cond ) |
|---|
| 108 | { |
|---|
| 109 | struct scd *conn = data; |
|---|
| 110 | int st; |
|---|
| [b7d3cc34] | 111 | |
|---|
| [701acdd4] | 112 | if( conn->inpa != -1 ) |
|---|
| 113 | gaim_input_remove( conn->inpa ); |
|---|
| [b7d3cc34] | 114 | |
|---|
| [701acdd4] | 115 | if( ( st = gnutls_handshake( conn->session ) ) < 0 ) |
|---|
| 116 | { |
|---|
| 117 | if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED ) |
|---|
| 118 | { |
|---|
| [8a9afe4] | 119 | conn->inpa = gaim_input_add( conn->fd, ssl_getdirection( conn ), |
|---|
| [701acdd4] | 120 | ssl_handshake, data ); |
|---|
| 121 | } |
|---|
| 122 | else |
|---|
| 123 | { |
|---|
| 124 | conn->func( conn->data, NULL, cond ); |
|---|
| 125 | |
|---|
| 126 | gnutls_deinit( conn->session ); |
|---|
| 127 | gnutls_certificate_free_credentials( conn->xcred ); |
|---|
| 128 | closesocket( conn->fd ); |
|---|
| 129 | |
|---|
| 130 | g_free( conn ); |
|---|
| 131 | } |
|---|
| 132 | } |
|---|
| 133 | else |
|---|
| 134 | { |
|---|
| 135 | /* For now we can't handle non-blocking perfectly everywhere... */ |
|---|
| 136 | sock_make_blocking( conn->fd ); |
|---|
| 137 | |
|---|
| 138 | conn->established = TRUE; |
|---|
| 139 | conn->func( conn->data, conn, cond ); |
|---|
| 140 | } |
|---|
| [b7d3cc34] | 141 | } |
|---|
| 142 | |
|---|
| 143 | int ssl_read( void *conn, char *buf, int len ) |
|---|
| 144 | { |
|---|
| [8a9afe4] | 145 | int st; |
|---|
| 146 | |
|---|
| [b7d3cc34] | 147 | if( !((struct scd*)conn)->established ) |
|---|
| [701acdd4] | 148 | { |
|---|
| 149 | ssl_errno = SSL_NOHANDSHAKE; |
|---|
| 150 | return( -1 ); |
|---|
| 151 | } |
|---|
| [b7d3cc34] | 152 | |
|---|
| [8a9afe4] | 153 | st = gnutls_record_recv( ((struct scd*)conn)->session, buf, len ); |
|---|
| 154 | |
|---|
| 155 | ssl_errno = SSL_OK; |
|---|
| 156 | if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED ) |
|---|
| 157 | ssl_errno = SSL_AGAIN; |
|---|
| [701acdd4] | 158 | |
|---|
| [8a9afe4] | 159 | return st; |
|---|
| [b7d3cc34] | 160 | } |
|---|
| 161 | |
|---|
| 162 | int ssl_write( void *conn, const char *buf, int len ) |
|---|
| 163 | { |
|---|
| [8a9afe4] | 164 | int st; |
|---|
| 165 | |
|---|
| [b7d3cc34] | 166 | if( !((struct scd*)conn)->established ) |
|---|
| [701acdd4] | 167 | { |
|---|
| 168 | ssl_errno = SSL_NOHANDSHAKE; |
|---|
| 169 | return( -1 ); |
|---|
| 170 | } |
|---|
| [b7d3cc34] | 171 | |
|---|
| [8a9afe4] | 172 | st = gnutls_record_send( ((struct scd*)conn)->session, buf, len ); |
|---|
| 173 | |
|---|
| 174 | ssl_errno = SSL_OK; |
|---|
| 175 | if( st == GNUTLS_E_AGAIN || st == GNUTLS_E_INTERRUPTED ) |
|---|
| 176 | ssl_errno = SSL_AGAIN; |
|---|
| 177 | |
|---|
| 178 | return st; |
|---|
| [b7d3cc34] | 179 | } |
|---|
| 180 | |
|---|
| 181 | void ssl_disconnect( void *conn_ ) |
|---|
| 182 | { |
|---|
| 183 | struct scd *conn = conn_; |
|---|
| 184 | |
|---|
| 185 | if( conn->established ) |
|---|
| 186 | gnutls_bye( conn->session, GNUTLS_SHUT_WR ); |
|---|
| 187 | |
|---|
| 188 | closesocket( conn->fd ); |
|---|
| 189 | |
|---|
| 190 | gnutls_deinit( conn->session ); |
|---|
| 191 | gnutls_certificate_free_credentials( conn->xcred ); |
|---|
| 192 | g_free( conn ); |
|---|
| 193 | } |
|---|
| 194 | |
|---|
| 195 | int ssl_getfd( void *conn ) |
|---|
| 196 | { |
|---|
| 197 | return( ((struct scd*)conn)->fd ); |
|---|
| 198 | } |
|---|
| [8a9afe4] | 199 | |
|---|
| 200 | GaimInputCondition ssl_getdirection( void *conn ) |
|---|
| 201 | { |
|---|
| 202 | return( gnutls_record_get_direction( ((struct scd*)conn)->session ) ? |
|---|
| 203 | GAIM_INPUT_WRITE : GAIM_INPUT_READ ); |
|---|
| 204 | } |
|---|
