diff options
| author | 2022-01-24 21:49:28 +0000 | |
|---|---|---|
| committer | 2022-01-24 21:49:28 +0000 | |
| commit | dc87f6ec299826cd5c3eaf759c8a6c280e486f4b (patch) | |
| tree | a3e8c3a94699e5514cc2e6c0c5b563192daac618 | |
| parent | Add the new coremods target as a dependency for the all target. (diff) | |
| parent | Work around the deprecation of manual DH params in OpenSSL 3.0.0. (diff) | |
Merge branch 'insp3' into master.
| -rw-r--r-- | .github/workflows/ci-macos.yml | 2 | ||||
| -rw-r--r-- | src/coremods/core_list.cpp | 92 | ||||
| -rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 16 | ||||
| -rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 14 |
4 files changed, 74 insertions, 50 deletions
diff --git a/.github/workflows/ci-macos.yml b/.github/workflows/ci-macos.yml index 43abd35b4..b08b1475c 100644 --- a/.github/workflows/ci-macos.yml +++ b/.github/workflows/ci-macos.yml @@ -18,7 +18,7 @@ jobs: - name: Install dependencies run: | brew update || true - for PACKAGE in pkg-config argon2 gnutls libmaxminddb libpq mbedtls mysql-client openssl@1.1 pcre2 re2 sqlite; + for PACKAGE in pkg-config argon2 gnutls libmaxminddb libpq mbedtls mysql-client openssl@3 pcre2 re2 sqlite; do brew install $PACKAGE || brew upgrade $PACKAGE diff --git a/src/coremods/core_list.cpp b/src/coremods/core_list.cpp index bbe9effbc..c68132abd 100644 --- a/src/coremods/core_list.cpp +++ b/src/coremods/core_list.cpp @@ -71,10 +71,10 @@ CmdResult CommandList::Handle(User* user, const Params& parameters) time_t maxcreationtime = 0; // M: Searching based on mask. + std::string match; + // N: Searching based on !mask. - bool match_name_topic = false; - bool match_inverted = false; - const char* match = NULL; + std::string notmatch; // T: Searching based on topic time, via the "T<val" and "T>val" modifiers to // search for a topic time that is lower or higher than val respectively. @@ -87,45 +87,45 @@ CmdResult CommandList::Handle(User* user, const Params& parameters) size_t minusers = 0; size_t maxusers = 0; - for (const auto& constraint : parameters) + if (!parameters.empty()) { - if (constraint[0] == '<') - { - maxusers = ConvToNum<size_t>(constraint.c_str() + 1); - } - else if (constraint[0] == '>') - { - minusers = ConvToNum<size_t>(constraint.c_str() + 1); - } - else if (!constraint.compare(0, 2, "C<", 2) || !constraint.compare(0, 2, "c<", 2)) - { - mincreationtime = ParseMinutes(constraint); - } - else if (!constraint.compare(0, 2, "C>", 2) || !constraint.compare(0, 2, "c>", 2)) - { - maxcreationtime = ParseMinutes(constraint); - } - else if (!constraint.compare(0, 2, "T<", 2) || !constraint.compare(0, 2, "t<", 2)) + irc::commasepstream constraints(parameters[0]); + for (std::string constraint; constraints.GetToken(constraint); ) { - mintopictime = ParseMinutes(constraint); - } - else if (!constraint.compare(0, 2, "T>", 2) || !constraint.compare(0, 2, "t>", 2)) - { - maxtopictime = ParseMinutes(constraint); - } - else - { - // If the glob is prefixed with ! it is inverted. - match = constraint.c_str(); - if (match[0] == '!') + if (constraint[0] == '<') { - match_inverted = true; - match += 1; + maxusers = ConvToNum<size_t>(constraint.c_str() + 1); + } + else if (constraint[0] == '>') + { + minusers = ConvToNum<size_t>(constraint.c_str() + 1); + } + else if (!constraint.compare(0, 2, "C<", 2) || !constraint.compare(0, 2, "c<", 2)) + { + mincreationtime = ParseMinutes(constraint); + } + else if (!constraint.compare(0, 2, "C>", 2) || !constraint.compare(0, 2, "c>", 2)) + { + maxcreationtime = ParseMinutes(constraint); + } + else if (!constraint.compare(0, 2, "T<", 2) || !constraint.compare(0, 2, "t<", 2)) + { + mintopictime = ParseMinutes(constraint); + } + else if (!constraint.compare(0, 2, "T>", 2) || !constraint.compare(0, 2, "t>", 2)) + { + maxtopictime = ParseMinutes(constraint); + } + else if (constraint[0] == '!') + { + // Ensure that the user didn't just run "LIST !". + if (constraint.length() > 2) + notmatch = constraint.substr(1); + } + else + { + match = constraint; } - - // Ensure that the user didn't just run "LIST !". - if (match[0]) - match_name_topic = true; } } @@ -151,18 +151,12 @@ CmdResult CommandList::Handle(User* user, const Params& parameters) continue; // Attempt to match a glob pattern. - if (match_name_topic) - { - bool matches = InspIRCd::Match(chan->name, match) || InspIRCd::Match(chan->topic, match); - - // The user specified an match that we did not match. - if (!matches && !match_inverted) - continue; + if (!match.empty() && !InspIRCd::Match(chan->name, match) && !InspIRCd::Match(chan->topic, match)) + continue; - // The user specified an inverted match that we did match. - if (matches && match_inverted) - continue; - } + // Attempt to match an inverted glob pattern. + if (!notmatch.empty() && (InspIRCd::Match(chan->name, notmatch) || InspIRCd::Match(chan->topic, notmatch))) + continue; // if the channel is not private/secret, OR the user is on the channel anyway bool n = (has_privs || chan->HasUser(user)); diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 95927ee20..c6237c574 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -49,6 +49,10 @@ // Check if the GnuTLS library is at least version major.minor.patch #define INSPIRCD_GNUTLS_HAS_VERSION(major, minor, patch) (GNUTLS_VERSION_NUMBER >= ((major << 16) | (minor << 8) | patch)) +#if INSPIRCD_GNUTLS_HAS_VERSION(3, 5, 6) +# define GNUTLS_AUTO_DH +#endif + #ifdef _WIN32 # pragma comment(lib, "libgnutls-30.lib") #endif @@ -137,6 +141,7 @@ namespace GnuTLS gnutls_digest_algorithm_t get() const { return hash; } }; +#ifndef GNUTLS_AUTO_DH class DHParams final { gnutls_dh_params_t dh_params; @@ -163,6 +168,7 @@ namespace GnuTLS const gnutls_dh_params_t& get() const { return dh_params; } }; +#endif class X509Key final { @@ -329,9 +335,11 @@ namespace GnuTLS class CertCredentials { +#ifndef GNUTLS_AUTO_DH /** DH parameters associated with these credentials */ std::shared_ptr<DHParams> dh; +#endif protected: gnutls_certificate_credentials_t cred; @@ -354,6 +362,7 @@ namespace GnuTLS gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, cred); } +#ifndef GNUTLS_AUTO_DH /** Set the given DH parameters to be used with these credentials */ void SetDH(std::shared_ptr<DHParams>& DH) @@ -361,6 +370,7 @@ namespace GnuTLS dh = DH; gnutls_certificate_set_dh_params(cred, dh->get()); } +#endif }; class X509Credentials final @@ -538,7 +548,9 @@ namespace GnuTLS std::string certstr; std::string keystr; +#ifndef GNUTLS_AUTO_DH std::shared_ptr<DHParams> dh; +#endif std::string priostr; unsigned int mindh; @@ -551,7 +563,9 @@ namespace GnuTLS : name(profilename) , certstr(ReadFile(tag->getString("certfile", "cert.pem", 1))) , keystr(ReadFile(tag->getString("keyfile", "key.pem", 1))) +#ifndef GNUTLS_AUTO_DH , dh(DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem", 1)))) +#endif , priostr(GetPrioStr(profilename, tag)) , mindh(static_cast<unsigned int>(tag->getUInt("mindhbits", 1024, 0, UINT32_MAX))) , hashstr(tag->getString("hash", "sha256", 1)) @@ -586,7 +600,9 @@ namespace GnuTLS , outrecsize(config.outrecsize) , requestclientcert(config.requestclientcert) { +#ifndef GNUTLS_AUTO_DH x509cred.SetDH(config.dh); +#endif x509cred.SetCA(config.ca, config.crl); } /** Set up the given session with the settings in this profile diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 35dc0d4f6..9ee81877f 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -52,6 +52,10 @@ # pragma comment(lib, "libeay32.lib") #endif +#if OPENSSL_VERSION_NUMBER > 0x30000000L +# define INSPIRCD_OPENSSL_AUTO_DH +#endif + static bool SelfSigned = false; static int exdataindex; static Module* thismod; @@ -76,6 +80,7 @@ namespace OpenSSL } }; +#ifndef INSPIRCD_OPENSSL_AUTO_DH class DHParams final { DH* dh; @@ -104,6 +109,7 @@ namespace OpenSSL return dh; } }; +#endif class Context final { @@ -142,11 +148,13 @@ namespace OpenSSL SSL_CTX_free(ctx); } +#ifndef INSPIRCD_OPENSSL_AUTO_DH bool SetDH(DHParams& dh) { ERR_clear_error(); return (SSL_CTX_set_tmp_dh(ctx, dh.get()) >= 0); } +#endif #ifndef OPENSSL_NO_ECDH void SetECDH(const std::string& curvename) @@ -280,9 +288,11 @@ namespace OpenSSL */ const std::string name; +#ifndef INSPIRCD_OPENSSL_AUTO_DH /** DH parameters in use */ DHParams dh; +#endif /** OpenSSL makes us have two contexts, one for servers and one for clients */ @@ -351,14 +361,18 @@ namespace OpenSSL public: Profile(const std::string& profilename, std::shared_ptr<ConfigTag> tag) : name(profilename) +#ifndef INSPIRCD_OPENSSL_AUTO_DH , dh(ServerInstance->Config->Paths.PrependConfig(tag->getString("dhfile", "dhparams.pem", 1))) +#endif , ctx(SSL_CTX_new(TLS_server_method())) , clientctx(SSL_CTX_new(TLS_client_method())) , allowrenego(tag->getBool("renegotiation")) // Disallow by default , outrecsize(static_cast<unsigned int>(tag->getUInt("outrecsize", 2048, 512, 16384))) { +#ifndef INSPIRCD_OPENSSL_AUTO_DH if ((!ctx.SetDH(dh)) || (!clientctx.SetDH(dh))) throw Exception("Couldn't set DH parameters"); +#endif const std::string hash = tag->getString("hash", "sha256", 1); digest = EVP_get_digestbyname(hash.c_str()); |
