aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Sadie Powell2022-01-24 21:49:28 +0000
committerGravatar Sadie Powell2022-01-24 21:49:28 +0000
commitdc87f6ec299826cd5c3eaf759c8a6c280e486f4b (patch)
treea3e8c3a94699e5514cc2e6c0c5b563192daac618
parentAdd the new coremods target as a dependency for the all target. (diff)
parentWork around the deprecation of manual DH params in OpenSSL 3.0.0. (diff)
Merge branch 'insp3' into master.
-rw-r--r--.github/workflows/ci-macos.yml2
-rw-r--r--src/coremods/core_list.cpp92
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp16
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp14
4 files changed, 74 insertions, 50 deletions
diff --git a/.github/workflows/ci-macos.yml b/.github/workflows/ci-macos.yml
index 43abd35b4..b08b1475c 100644
--- a/.github/workflows/ci-macos.yml
+++ b/.github/workflows/ci-macos.yml
@@ -18,7 +18,7 @@ jobs:
- name: Install dependencies
run: |
brew update || true
- for PACKAGE in pkg-config argon2 gnutls libmaxminddb libpq mbedtls mysql-client openssl@1.1 pcre2 re2 sqlite;
+ for PACKAGE in pkg-config argon2 gnutls libmaxminddb libpq mbedtls mysql-client openssl@3 pcre2 re2 sqlite;
do
brew install $PACKAGE || brew upgrade $PACKAGE
diff --git a/src/coremods/core_list.cpp b/src/coremods/core_list.cpp
index bbe9effbc..c68132abd 100644
--- a/src/coremods/core_list.cpp
+++ b/src/coremods/core_list.cpp
@@ -71,10 +71,10 @@ CmdResult CommandList::Handle(User* user, const Params& parameters)
time_t maxcreationtime = 0;
// M: Searching based on mask.
+ std::string match;
+
// N: Searching based on !mask.
- bool match_name_topic = false;
- bool match_inverted = false;
- const char* match = NULL;
+ std::string notmatch;
// T: Searching based on topic time, via the "T<val" and "T>val" modifiers to
// search for a topic time that is lower or higher than val respectively.
@@ -87,45 +87,45 @@ CmdResult CommandList::Handle(User* user, const Params& parameters)
size_t minusers = 0;
size_t maxusers = 0;
- for (const auto& constraint : parameters)
+ if (!parameters.empty())
{
- if (constraint[0] == '<')
- {
- maxusers = ConvToNum<size_t>(constraint.c_str() + 1);
- }
- else if (constraint[0] == '>')
- {
- minusers = ConvToNum<size_t>(constraint.c_str() + 1);
- }
- else if (!constraint.compare(0, 2, "C<", 2) || !constraint.compare(0, 2, "c<", 2))
- {
- mincreationtime = ParseMinutes(constraint);
- }
- else if (!constraint.compare(0, 2, "C>", 2) || !constraint.compare(0, 2, "c>", 2))
- {
- maxcreationtime = ParseMinutes(constraint);
- }
- else if (!constraint.compare(0, 2, "T<", 2) || !constraint.compare(0, 2, "t<", 2))
+ irc::commasepstream constraints(parameters[0]);
+ for (std::string constraint; constraints.GetToken(constraint); )
{
- mintopictime = ParseMinutes(constraint);
- }
- else if (!constraint.compare(0, 2, "T>", 2) || !constraint.compare(0, 2, "t>", 2))
- {
- maxtopictime = ParseMinutes(constraint);
- }
- else
- {
- // If the glob is prefixed with ! it is inverted.
- match = constraint.c_str();
- if (match[0] == '!')
+ if (constraint[0] == '<')
{
- match_inverted = true;
- match += 1;
+ maxusers = ConvToNum<size_t>(constraint.c_str() + 1);
+ }
+ else if (constraint[0] == '>')
+ {
+ minusers = ConvToNum<size_t>(constraint.c_str() + 1);
+ }
+ else if (!constraint.compare(0, 2, "C<", 2) || !constraint.compare(0, 2, "c<", 2))
+ {
+ mincreationtime = ParseMinutes(constraint);
+ }
+ else if (!constraint.compare(0, 2, "C>", 2) || !constraint.compare(0, 2, "c>", 2))
+ {
+ maxcreationtime = ParseMinutes(constraint);
+ }
+ else if (!constraint.compare(0, 2, "T<", 2) || !constraint.compare(0, 2, "t<", 2))
+ {
+ mintopictime = ParseMinutes(constraint);
+ }
+ else if (!constraint.compare(0, 2, "T>", 2) || !constraint.compare(0, 2, "t>", 2))
+ {
+ maxtopictime = ParseMinutes(constraint);
+ }
+ else if (constraint[0] == '!')
+ {
+ // Ensure that the user didn't just run "LIST !".
+ if (constraint.length() > 2)
+ notmatch = constraint.substr(1);
+ }
+ else
+ {
+ match = constraint;
}
-
- // Ensure that the user didn't just run "LIST !".
- if (match[0])
- match_name_topic = true;
}
}
@@ -151,18 +151,12 @@ CmdResult CommandList::Handle(User* user, const Params& parameters)
continue;
// Attempt to match a glob pattern.
- if (match_name_topic)
- {
- bool matches = InspIRCd::Match(chan->name, match) || InspIRCd::Match(chan->topic, match);
-
- // The user specified an match that we did not match.
- if (!matches && !match_inverted)
- continue;
+ if (!match.empty() && !InspIRCd::Match(chan->name, match) && !InspIRCd::Match(chan->topic, match))
+ continue;
- // The user specified an inverted match that we did match.
- if (matches && match_inverted)
- continue;
- }
+ // Attempt to match an inverted glob pattern.
+ if (!notmatch.empty() && (InspIRCd::Match(chan->name, notmatch) || InspIRCd::Match(chan->topic, notmatch)))
+ continue;
// if the channel is not private/secret, OR the user is on the channel anyway
bool n = (has_privs || chan->HasUser(user));
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 95927ee20..c6237c574 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -49,6 +49,10 @@
// Check if the GnuTLS library is at least version major.minor.patch
#define INSPIRCD_GNUTLS_HAS_VERSION(major, minor, patch) (GNUTLS_VERSION_NUMBER >= ((major << 16) | (minor << 8) | patch))
+#if INSPIRCD_GNUTLS_HAS_VERSION(3, 5, 6)
+# define GNUTLS_AUTO_DH
+#endif
+
#ifdef _WIN32
# pragma comment(lib, "libgnutls-30.lib")
#endif
@@ -137,6 +141,7 @@ namespace GnuTLS
gnutls_digest_algorithm_t get() const { return hash; }
};
+#ifndef GNUTLS_AUTO_DH
class DHParams final
{
gnutls_dh_params_t dh_params;
@@ -163,6 +168,7 @@ namespace GnuTLS
const gnutls_dh_params_t& get() const { return dh_params; }
};
+#endif
class X509Key final
{
@@ -329,9 +335,11 @@ namespace GnuTLS
class CertCredentials
{
+#ifndef GNUTLS_AUTO_DH
/** DH parameters associated with these credentials
*/
std::shared_ptr<DHParams> dh;
+#endif
protected:
gnutls_certificate_credentials_t cred;
@@ -354,6 +362,7 @@ namespace GnuTLS
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, cred);
}
+#ifndef GNUTLS_AUTO_DH
/** Set the given DH parameters to be used with these credentials
*/
void SetDH(std::shared_ptr<DHParams>& DH)
@@ -361,6 +370,7 @@ namespace GnuTLS
dh = DH;
gnutls_certificate_set_dh_params(cred, dh->get());
}
+#endif
};
class X509Credentials final
@@ -538,7 +548,9 @@ namespace GnuTLS
std::string certstr;
std::string keystr;
+#ifndef GNUTLS_AUTO_DH
std::shared_ptr<DHParams> dh;
+#endif
std::string priostr;
unsigned int mindh;
@@ -551,7 +563,9 @@ namespace GnuTLS
: name(profilename)
, certstr(ReadFile(tag->getString("certfile", "cert.pem", 1)))
, keystr(ReadFile(tag->getString("keyfile", "key.pem", 1)))
+#ifndef GNUTLS_AUTO_DH
, dh(DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem", 1))))
+#endif
, priostr(GetPrioStr(profilename, tag))
, mindh(static_cast<unsigned int>(tag->getUInt("mindhbits", 1024, 0, UINT32_MAX)))
, hashstr(tag->getString("hash", "sha256", 1))
@@ -586,7 +600,9 @@ namespace GnuTLS
, outrecsize(config.outrecsize)
, requestclientcert(config.requestclientcert)
{
+#ifndef GNUTLS_AUTO_DH
x509cred.SetDH(config.dh);
+#endif
x509cred.SetCA(config.ca, config.crl);
}
/** Set up the given session with the settings in this profile
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 35dc0d4f6..9ee81877f 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -52,6 +52,10 @@
# pragma comment(lib, "libeay32.lib")
#endif
+#if OPENSSL_VERSION_NUMBER > 0x30000000L
+# define INSPIRCD_OPENSSL_AUTO_DH
+#endif
+
static bool SelfSigned = false;
static int exdataindex;
static Module* thismod;
@@ -76,6 +80,7 @@ namespace OpenSSL
}
};
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
class DHParams final
{
DH* dh;
@@ -104,6 +109,7 @@ namespace OpenSSL
return dh;
}
};
+#endif
class Context final
{
@@ -142,11 +148,13 @@ namespace OpenSSL
SSL_CTX_free(ctx);
}
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
bool SetDH(DHParams& dh)
{
ERR_clear_error();
return (SSL_CTX_set_tmp_dh(ctx, dh.get()) >= 0);
}
+#endif
#ifndef OPENSSL_NO_ECDH
void SetECDH(const std::string& curvename)
@@ -280,9 +288,11 @@ namespace OpenSSL
*/
const std::string name;
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
/** DH parameters in use
*/
DHParams dh;
+#endif
/** OpenSSL makes us have two contexts, one for servers and one for clients
*/
@@ -351,14 +361,18 @@ namespace OpenSSL
public:
Profile(const std::string& profilename, std::shared_ptr<ConfigTag> tag)
: name(profilename)
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
, dh(ServerInstance->Config->Paths.PrependConfig(tag->getString("dhfile", "dhparams.pem", 1)))
+#endif
, ctx(SSL_CTX_new(TLS_server_method()))
, clientctx(SSL_CTX_new(TLS_client_method()))
, allowrenego(tag->getBool("renegotiation")) // Disallow by default
, outrecsize(static_cast<unsigned int>(tag->getUInt("outrecsize", 2048, 512, 16384)))
{
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
if ((!ctx.SetDH(dh)) || (!clientctx.SetDH(dh)))
throw Exception("Couldn't set DH parameters");
+#endif
const std::string hash = tag->getString("hash", "sha256", 1);
digest = EVP_get_digestbyname(hash.c_str());