Branch merge

This commit is contained in:
Jilles Tjoelker 2008-06-13 00:32:49 +02:00
commit ba3ca70952
12 changed files with 1008 additions and 35 deletions

2
TODO
View file

@ -19,6 +19,7 @@
[x] ssl channelmode (done by extban and chm_compat) [x] ssl channelmode (done by extban and chm_compat)
[ ] acknowledgement message for SSL users like '* *** You are connected using SSL cipher "DHE RSA-AES 128 CBC-SHA"' [ ] acknowledgement message for SSL users like '* *** You are connected using SSL cipher "DHE RSA-AES 128 CBC-SHA"'
[x] tool for generating ssl certificates and other stuff [x] tool for generating ssl certificates and other stuff
[ ] gnutls backend for at least SSL connections (replacing libcrypto use in m_challenge would be nice too)
[x] merge some stuff from ircd-seven directly (to be determined what) [x] merge some stuff from ircd-seven directly (to be determined what)
[x] remote d:lines support [x] remote d:lines support
[F] kline/xline/resv sync [F] kline/xline/resv sync
@ -41,4 +42,3 @@
[x] merge m_join.c and m_sjoin.c in one module (same functions, done in ratbox3) [x] merge m_join.c and m_sjoin.c in one module (same functions, done in ratbox3)
[x] create chmode.h and put there all declarations of chm_* - this will make some modules clean [x] create chmode.h and put there all declarations of chm_* - this will make some modules clean
[?] Move oper override server WALLOPS to global server notices? [?] Move oper override server WALLOPS to global server notices?

View file

@ -1,3 +1,6 @@
AUTOMAKE_OPTIONS = foreign AUTOMAKE_OPTIONS = foreign
SUBDIRS = src SUBDIRS = src
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libratbox.pc

View file

@ -104,6 +104,8 @@ EGREP = @EGREP@
EXEEXT = @EXEEXT@ EXEEXT = @EXEEXT@
F77 = @F77@ F77 = @F77@
FFLAGS = @FFLAGS@ FFLAGS = @FFLAGS@
GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
GNUTLS_LIBS = @GNUTLS_LIBS@
GREP = @GREP@ GREP = @GREP@
INSTALL = @INSTALL@ INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@ INSTALL_DATA = @INSTALL_DATA@
@ -132,6 +134,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@ PATH_SEPARATOR = @PATH_SEPARATOR@
PICFLAGS = @PICFLAGS@ PICFLAGS = @PICFLAGS@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@ RANLIB = @RANLIB@
RB_PREFIX = @RB_PREFIX@ RB_PREFIX = @RB_PREFIX@
RM = @RM@ RM = @RM@

160
libratbox/aclocal.m4 vendored
View file

@ -21,7 +21,7 @@ To do so, use the procedure documented by the package, typically `autoreconf'.])
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
# serial 52 Debian 1.5.26-1 AC_PROG_LIBTOOL # serial 52 Debian 1.5.26-4 AC_PROG_LIBTOOL
# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED) # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
@ -6781,6 +6781,164 @@ AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET],
| (ullmax / ull) | (ullmax % ull));]]) | (ullmax / ull) | (ullmax % ull));]])
]) ])
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
#
# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# PKG_PROG_PKG_CONFIG([MIN-VERSION])
# ----------------------------------
AC_DEFUN([PKG_PROG_PKG_CONFIG],
[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
m4_pattern_allow([^PKG_CONFIG(_PATH)?$])
AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=m4_default([$1], [0.9.0])
AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
PKG_CONFIG=""
fi
fi[]dnl
])# PKG_PROG_PKG_CONFIG
# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
#
# Check to see whether a particular set of modules exists. Similar
# to PKG_CHECK_MODULES(), but does not set variables or print errors.
#
#
# Similar to PKG_CHECK_MODULES, make sure that the first instance of
# this or PKG_CHECK_MODULES is called, or make sure to call
# PKG_CHECK_EXISTS manually
# --------------------------------------------------------------
AC_DEFUN([PKG_CHECK_EXISTS],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
if test -n "$PKG_CONFIG" && \
AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
m4_ifval([$2], [$2], [:])
m4_ifvaln([$3], [else
$3])dnl
fi])
# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
# ---------------------------------------------
m4_define([_PKG_CONFIG],
[if test -n "$PKG_CONFIG"; then
if test -n "$$1"; then
pkg_cv_[]$1="$$1"
else
PKG_CHECK_EXISTS([$3],
[pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
[pkg_failed=yes])
fi
else
pkg_failed=untried
fi[]dnl
])# _PKG_CONFIG
# _PKG_SHORT_ERRORS_SUPPORTED
# -----------------------------
AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
else
_pkg_short_errors_supported=no
fi[]dnl
])# _PKG_SHORT_ERRORS_SUPPORTED
# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
# [ACTION-IF-NOT-FOUND])
#
#
# Note that if there is a possibility the first call to
# PKG_CHECK_MODULES might not happen, you should be sure to include an
# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
#
#
# --------------------------------------------------------------
AC_DEFUN([PKG_CHECK_MODULES],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
pkg_failed=no
AC_MSG_CHECKING([for $1])
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
and $1[]_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"`
else
$1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"`
fi
# Put the nasty error message in config.log where it belongs
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
ifelse([$4], , [AC_MSG_ERROR(dnl
[Package requirements ($2) were not met:
$$1_PKG_ERRORS
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
_PKG_TEXT
])],
[AC_MSG_RESULT([no])
$4])
elif test $pkg_failed = untried; then
ifelse([$4], , [AC_MSG_FAILURE(dnl
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
_PKG_TEXT
To get pkg-config, see <http://pkg-config.freedesktop.org/>.])],
[$4])
else
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
AC_MSG_RESULT([yes])
ifelse([$3], , :, [$3])
fi[]dnl
])# PKG_CHECK_MODULES
# Copyright (C) 2002, 2003, 2005, 2006, 2007 Free Software Foundation, Inc. # Copyright (C) 2002, 2003, 2005, 2006, 2007 Free Software Foundation, Inc.
# #
# This file is free software; the Free Software Foundation # This file is free software; the Free Software Foundation

285
libratbox/configure vendored
View file

@ -890,6 +890,9 @@ NEED_CRYPT_TRUE
NEED_CRYPT_FALSE NEED_CRYPT_FALSE
CRYPT_LIB CRYPT_LIB
ALLOCA ALLOCA
PKG_CONFIG
GNUTLS_CFLAGS
GNUTLS_LIBS
PICFLAGS PICFLAGS
SEDOBJ SEDOBJ
SSL_INCLUDES SSL_INCLUDES
@ -912,7 +915,10 @@ CXXFLAGS
CCC CCC
CXXCPP CXXCPP
F77 F77
FFLAGS' FFLAGS
PKG_CONFIG
GNUTLS_CFLAGS
GNUTLS_LIBS'
ac_subdirs_all='libltdl' ac_subdirs_all='libltdl'
# Initialize some variables set by options. # Initialize some variables set by options.
@ -1502,6 +1508,8 @@ Optional Features:
optimize for fast installation [default=yes] optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds) --disable-libtool-lock avoid locking (might break parallel builds)
--disable-ipv6 Disable IPv6 support --disable-ipv6 Disable IPv6 support
--enable-gnutls Enable GnuTLS support.
--disable-gnutls Disable GnuTLS support.
--enable-openssl=DIR Enable OpenSSL support (DIR optional). --enable-openssl=DIR Enable OpenSSL support (DIR optional).
--disable-openssl Disable OpenSSL support. --disable-openssl Disable OpenSSL support.
--enable-assert Enable assert(). Choose between soft(warnings) and --enable-assert Enable assert(). Choose between soft(warnings) and
@ -1532,6 +1540,10 @@ Some influential environment variables:
CXXCPP C++ preprocessor CXXCPP C++ preprocessor
F77 Fortran 77 compiler command F77 Fortran 77 compiler command
FFLAGS Fortran 77 compiler flags FFLAGS Fortran 77 compiler flags
PKG_CONFIG path to pkg-config utility
GNUTLS_CFLAGS
C compiler flags for GNUTLS, overriding pkg-config
GNUTLS_LIBS linker flags for GNUTLS, overriding pkg-config
Use these variables to override the choices made by `configure' or to help Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations. it to find libraries and programs with nonstandard names/locations.
@ -5605,7 +5617,7 @@ ia64-*-hpux*)
;; ;;
*-*-irix6*) *-*-irix6*)
# Find out which ABI we are using. # Find out which ABI we are using.
echo '#line 5608 "configure"' > conftest.$ac_ext echo '#line 5620 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5 (eval $ac_compile) 2>&5
ac_status=$? ac_status=$?
@ -8657,11 +8669,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8660: $lt_compile\"" >&5) (eval echo "\"\$as_me:8672: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:8664: \$? = $ac_status" >&5 echo "$as_me:8676: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -8947,11 +8959,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:8950: $lt_compile\"" >&5) (eval echo "\"\$as_me:8962: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:8954: \$? = $ac_status" >&5 echo "$as_me:8966: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -9051,11 +9063,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:9054: $lt_compile\"" >&5) (eval echo "\"\$as_me:9066: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err) (eval "$lt_compile" 2>out/conftest.err)
ac_status=$? ac_status=$?
cat out/conftest.err >&5 cat out/conftest.err >&5
echo "$as_me:9058: \$? = $ac_status" >&5 echo "$as_me:9070: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext if (exit $ac_status) && test -s out/conftest2.$ac_objext
then then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
@ -11428,7 +11440,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF cat > conftest.$ac_ext <<EOF
#line 11431 "configure" #line 11443 "configure"
#include "confdefs.h" #include "confdefs.h"
#if HAVE_DLFCN_H #if HAVE_DLFCN_H
@ -11528,7 +11540,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF cat > conftest.$ac_ext <<EOF
#line 11531 "configure" #line 11543 "configure"
#include "confdefs.h" #include "confdefs.h"
#if HAVE_DLFCN_H #if HAVE_DLFCN_H
@ -13929,11 +13941,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:13932: $lt_compile\"" >&5) (eval echo "\"\$as_me:13944: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:13936: \$? = $ac_status" >&5 echo "$as_me:13948: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -14033,11 +14045,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:14036: $lt_compile\"" >&5) (eval echo "\"\$as_me:14048: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err) (eval "$lt_compile" 2>out/conftest.err)
ac_status=$? ac_status=$?
cat out/conftest.err >&5 cat out/conftest.err >&5
echo "$as_me:14040: \$? = $ac_status" >&5 echo "$as_me:14052: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext if (exit $ac_status) && test -s out/conftest2.$ac_objext
then then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
@ -15631,11 +15643,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:15634: $lt_compile\"" >&5) (eval echo "\"\$as_me:15646: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:15638: \$? = $ac_status" >&5 echo "$as_me:15650: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -15735,11 +15747,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:15738: $lt_compile\"" >&5) (eval echo "\"\$as_me:15750: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err) (eval "$lt_compile" 2>out/conftest.err)
ac_status=$? ac_status=$?
cat out/conftest.err >&5 cat out/conftest.err >&5
echo "$as_me:15742: \$? = $ac_status" >&5 echo "$as_me:15754: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext if (exit $ac_status) && test -s out/conftest2.$ac_objext
then then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
@ -17955,11 +17967,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:17958: $lt_compile\"" >&5) (eval echo "\"\$as_me:17970: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:17962: \$? = $ac_status" >&5 echo "$as_me:17974: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -18245,11 +18257,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:18248: $lt_compile\"" >&5) (eval echo "\"\$as_me:18260: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err) (eval "$lt_compile" 2>conftest.err)
ac_status=$? ac_status=$?
cat conftest.err >&5 cat conftest.err >&5
echo "$as_me:18252: \$? = $ac_status" >&5 echo "$as_me:18264: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output. # So say no if there are warnings other than the usual output.
@ -18349,11 +18361,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'` -e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:18352: $lt_compile\"" >&5) (eval echo "\"\$as_me:18364: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err) (eval "$lt_compile" 2>out/conftest.err)
ac_status=$? ac_status=$?
cat out/conftest.err >&5 cat out/conftest.err >&5
echo "$as_me:18356: \$? = $ac_status" >&5 echo "$as_me:18368: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext if (exit $ac_status) && test -s out/conftest2.$ac_objext
then then
# The compiler can only warn and ignore the option if not recognized # The compiler can only warn and ignore the option if not recognized
@ -25874,6 +25886,221 @@ _ACEOF
fi fi
{ echo "$as_me:$LINENO: checking for GnuTLS" >&5
echo $ECHO_N "checking for GnuTLS... $ECHO_C" >&6; }
# Check whether --enable-gnutls was given.
if test "${enable_gnutls+set}" = set; then
enableval=$enable_gnutls; cf_enable_gnutls=$enableval
else
cf_enable_gnutls="auto"
fi
if test "$cf_enable_gnutls" != no; then
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
{ echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
if test "${ac_cv_path_PKG_CONFIG+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
case $PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
IFS=$as_save_IFS
;;
esac
fi
PKG_CONFIG=$ac_cv_path_PKG_CONFIG
if test -n "$PKG_CONFIG"; then
{ echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5
echo "${ECHO_T}$PKG_CONFIG" >&6; }
else
{ echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6; }
fi
fi
if test -z "$ac_cv_path_PKG_CONFIG"; then
ac_pt_PKG_CONFIG=$PKG_CONFIG
# Extract the first word of "pkg-config", so it can be a program name with args.
set dummy pkg-config; ac_word=$2
{ echo "$as_me:$LINENO: checking for $ac_word" >&5
echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
case $ac_pt_PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
IFS=$as_save_IFS
;;
esac
fi
ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
if test -n "$ac_pt_PKG_CONFIG"; then
{ echo "$as_me:$LINENO: result: $ac_pt_PKG_CONFIG" >&5
echo "${ECHO_T}$ac_pt_PKG_CONFIG" >&6; }
else
{ echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6; }
fi
if test "x$ac_pt_PKG_CONFIG" = x; then
PKG_CONFIG=""
else
case $cross_compiling:$ac_tool_warned in
yes:)
{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
whose name does not start with the host triplet. If you think this
configuration is useful to you, please write to autoconf@gnu.org." >&5
echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
whose name does not start with the host triplet. If you think this
configuration is useful to you, please write to autoconf@gnu.org." >&2;}
ac_tool_warned=yes ;;
esac
PKG_CONFIG=$ac_pt_PKG_CONFIG
fi
else
PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
fi
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=0.9.0
{ echo "$as_me:$LINENO: checking pkg-config is at least version $_pkg_min_version" >&5
echo $ECHO_N "checking pkg-config is at least version $_pkg_min_version... $ECHO_C" >&6; }
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
{ echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6; }
else
{ echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6; }
PKG_CONFIG=""
fi
fi
pkg_failed=no
{ echo "$as_me:$LINENO: checking for GNUTLS" >&5
echo $ECHO_N "checking for GNUTLS... $ECHO_C" >&6; }
if test -n "$PKG_CONFIG"; then
if test -n "$GNUTLS_CFLAGS"; then
pkg_cv_GNUTLS_CFLAGS="$GNUTLS_CFLAGS"
else
if test -n "$PKG_CONFIG" && \
{ (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gnutls\"") >&5
($PKG_CONFIG --exists --print-errors "gnutls") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; then
pkg_cv_GNUTLS_CFLAGS=`$PKG_CONFIG --cflags "gnutls" 2>/dev/null`
else
pkg_failed=yes
fi
fi
else
pkg_failed=untried
fi
if test -n "$PKG_CONFIG"; then
if test -n "$GNUTLS_LIBS"; then
pkg_cv_GNUTLS_LIBS="$GNUTLS_LIBS"
else
if test -n "$PKG_CONFIG" && \
{ (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gnutls\"") >&5
($PKG_CONFIG --exists --print-errors "gnutls") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; then
pkg_cv_GNUTLS_LIBS=`$PKG_CONFIG --libs "gnutls" 2>/dev/null`
else
pkg_failed=yes
fi
fi
else
pkg_failed=untried
fi
if test $pkg_failed = yes; then
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
else
_pkg_short_errors_supported=no
fi
if test $_pkg_short_errors_supported = yes; then
GNUTLS_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "gnutls"`
else
GNUTLS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "gnutls"`
fi
# Put the nasty error message in config.log where it belongs
echo "$GNUTLS_PKG_ERRORS" >&5
{ echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6; }
cf_enable_gnutls="no"
elif test $pkg_failed = untried; then
cf_enable_gnutls="no"
else
GNUTLS_CFLAGS=$pkg_cv_GNUTLS_CFLAGS
GNUTLS_LIBS=$pkg_cv_GNUTLS_LIBS
{ echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6; }
CPPFLAGS="$CPPFLAGS $GNUTLS_CFLAGS"
LIBS="$LIBS $GNUTLS_LIBS"
cf_enable_gnutls="yes"
fi
fi
if test "$cf_enable_gnutls" != no; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_GNUTLS 1
_ACEOF
fi
{ echo "$as_me:$LINENO: checking for OpenSSL" >&5 { echo "$as_me:$LINENO: checking for OpenSSL" >&5
echo $ECHO_N "checking for OpenSSL... $ECHO_C" >&6; } echo $ECHO_N "checking for OpenSSL... $ECHO_C" >&6; }
@ -25885,6 +26112,10 @@ else
fi fi
if test "$cf_enable_gnutls" = "yes" -a "$cf_enable_openssl" = "auto"; then
cf_enable_openssl="no"
fi
if test "$cf_enable_openssl" != "no" ; then if test "$cf_enable_openssl" != "no" ; then
cf_openssl_basedir="" cf_openssl_basedir=""
if test "$cf_enable_openssl" != "auto" && if test "$cf_enable_openssl" != "auto" &&
@ -27215,6 +27446,9 @@ NEED_CRYPT_TRUE!$NEED_CRYPT_TRUE$ac_delim
NEED_CRYPT_FALSE!$NEED_CRYPT_FALSE$ac_delim NEED_CRYPT_FALSE!$NEED_CRYPT_FALSE$ac_delim
CRYPT_LIB!$CRYPT_LIB$ac_delim CRYPT_LIB!$CRYPT_LIB$ac_delim
ALLOCA!$ALLOCA$ac_delim ALLOCA!$ALLOCA$ac_delim
PKG_CONFIG!$PKG_CONFIG$ac_delim
GNUTLS_CFLAGS!$GNUTLS_CFLAGS$ac_delim
GNUTLS_LIBS!$GNUTLS_LIBS$ac_delim
PICFLAGS!$PICFLAGS$ac_delim PICFLAGS!$PICFLAGS$ac_delim
SEDOBJ!$SEDOBJ$ac_delim SEDOBJ!$SEDOBJ$ac_delim
SSL_INCLUDES!$SSL_INCLUDES$ac_delim SSL_INCLUDES!$SSL_INCLUDES$ac_delim
@ -27224,7 +27458,7 @@ LIBOBJS!$LIBOBJS$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF _ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 31; then if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 34; then
break break
elif $ac_last_try; then elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
@ -28135,5 +28369,6 @@ echo "IPv6 support ................... $have_v6"
echo "Assert debugging ............... $assert" echo "Assert debugging ............... $assert"
echo "Block allocator ................ $balloc" echo "Block allocator ................ $balloc"
echo "OpenSSL ........................ $cf_enable_openssl" echo "OpenSSL ........................ $cf_enable_openssl"
echo "GnuTLS ......................... $cf_enable_gnutls"
echo echo

View file

@ -241,6 +241,25 @@ if test "$is_mingw" = "yes"; then
AC_DEFINE(HAVE_WIN32, [1], [Define to 1 if you are on windows]) AC_DEFINE(HAVE_WIN32, [1], [Define to 1 if you are on windows])
fi fi
dnl GnuTLS support
AC_MSG_CHECKING(for GnuTLS)
AC_ARG_ENABLE(gnutls,
[AC_HELP_STRING([--enable-gnutls],[Enable GnuTLS support.])
AC_HELP_STRING([--disable-gnutls],[Disable GnuTLS support.])],
[cf_enable_gnutls=$enableval],
[cf_enable_gnutls="auto"])
if test "$cf_enable_gnutls" != no; then
PKG_CHECK_MODULES(GNUTLS, [gnutls], [
CPPFLAGS="$CPPFLAGS $GNUTLS_CFLAGS"
LIBS="$LIBS $GNUTLS_LIBS"
cf_enable_gnutls="yes"
], [cf_enable_gnutls="no"])
fi
if test "$cf_enable_gnutls" != no; then
AC_DEFINE(HAVE_GNUTLS, 1, [Has GNUTLS])
fi
dnl OpenSSL support dnl OpenSSL support
AC_MSG_CHECKING(for OpenSSL) AC_MSG_CHECKING(for OpenSSL)
@ -250,6 +269,11 @@ AC_HELP_STRING([--disable-openssl],[Disable OpenSSL support.])],
[cf_enable_openssl=$enableval], [cf_enable_openssl=$enableval],
[cf_enable_openssl="auto"]) [cf_enable_openssl="auto"])
dnl Prefer GnuTLS over OpenSSL due to licensing issues, this could use improvement
if test "$cf_enable_gnutls" = "yes" -a "$cf_enable_openssl" = "auto"; then
cf_enable_openssl="no"
fi
if test "$cf_enable_openssl" != "no" ; then if test "$cf_enable_openssl" != "no" ; then
cf_openssl_basedir="" cf_openssl_basedir=""
if test "$cf_enable_openssl" != "auto" && if test "$cf_enable_openssl" != "auto" &&
@ -651,11 +675,11 @@ fi
) )
AC_CONFIG_FILES([
AC_CONFIG_FILES( \ src/Makefile
src/Makefile \ Makefile
Makefile \ libratbox.pc
) ])
AC_OUTPUT AC_OUTPUT
@ -671,5 +695,6 @@ echo "IPv6 support ................... $have_v6"
echo "Assert debugging ............... $assert" echo "Assert debugging ............... $assert"
echo "Block allocator ................ $balloc" echo "Block allocator ................ $balloc"
echo "OpenSSL ........................ $cf_enable_openssl" echo "OpenSSL ........................ $cf_enable_openssl"
echo "GnuTLS ......................... $cf_enable_gnutls"
echo echo

View file

@ -51,6 +51,9 @@
/* Define to 1 if you have the `gmtime_r' function. */ /* Define to 1 if you have the `gmtime_r' function. */
#undef HAVE_GMTIME_R #undef HAVE_GMTIME_R
/* Has GNUTLS */
#undef HAVE_GNUTLS
/* Define to 1 if the system has the type `intmax_t'. */ /* Define to 1 if the system has the type `intmax_t'. */
#undef HAVE_INTMAX_T #undef HAVE_INTMAX_T

14
libratbox/libratbox.pc.in Normal file
View file

@ -0,0 +1,14 @@
prefix=@prefix@
exec_prefix=@exec_prefix@
datarootdir=@datarootdir@
data_dir=@datadir@/@PACKAGE_NAME@
version=@PACKAGE_VERSION@
include_dir=@includedir@/libratbox
lib_dir=@libdir@
Name: libratbox
Description: Portable runtime for ircd-ratbox and other things
Version: @PACKAGE_VERSION@
Libs: -L${lib_dir} -lratbox
Cflags: -I${include_dir}

View file

@ -11,6 +11,7 @@ libratbox_la_SOURCES = \
balloc.c \ balloc.c \
commio.c \ commio.c \
openssl.c \ openssl.c \
gnutls.c \
nossl.c \ nossl.c \
event.c \ event.c \
ratbox_lib.c \ ratbox_lib.c \
@ -30,7 +31,7 @@ libratbox_la_SOURCES = \
patricia.c patricia.c
libratbox_la_LDFLAGS = -avoid-version -no-undefined -export-symbols export-syms.txt libratbox_la_LDFLAGS = -version-info 3:0:0 -no-undefined -export-symbols export-syms.txt
libratbox_la_LIBADD = @CRYPT_LIB@ @SSL_LIBS@ libratbox_la_LIBADD = @CRYPT_LIB@ @SSL_LIBS@
lib_LTLIBRARIES = libratbox.la lib_LTLIBRARIES = libratbox.la

View file

@ -55,7 +55,7 @@ libLTLIBRARIES_INSTALL = $(INSTALL)
LTLIBRARIES = $(lib_LTLIBRARIES) LTLIBRARIES = $(lib_LTLIBRARIES)
libratbox_la_DEPENDENCIES = libratbox_la_DEPENDENCIES =
am_libratbox_la_OBJECTS = unix.lo win32.lo crypt.lo balloc.lo \ am_libratbox_la_OBJECTS = unix.lo win32.lo crypt.lo balloc.lo \
commio.lo openssl.lo nossl.lo event.lo ratbox_lib.lo \ commio.lo openssl.lo gnutls.lo nossl.lo event.lo ratbox_lib.lo \
rb_memory.lo linebuf.lo snprintf.lo tools.lo helper.lo \ rb_memory.lo linebuf.lo snprintf.lo tools.lo helper.lo \
devpoll.lo epoll.lo poll.lo ports.lo sigio.lo select.lo \ devpoll.lo epoll.lo poll.lo ports.lo sigio.lo select.lo \
kqueue.lo rawbuf.lo patricia.lo kqueue.lo rawbuf.lo patricia.lo
@ -112,6 +112,8 @@ EGREP = @EGREP@
EXEEXT = @EXEEXT@ EXEEXT = @EXEEXT@
F77 = @F77@ F77 = @F77@
FFLAGS = @FFLAGS@ FFLAGS = @FFLAGS@
GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
GNUTLS_LIBS = @GNUTLS_LIBS@
GREP = @GREP@ GREP = @GREP@
INSTALL = @INSTALL@ INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@ INSTALL_DATA = @INSTALL_DATA@
@ -140,6 +142,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_VERSION = @PACKAGE_VERSION@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@ PATH_SEPARATOR = @PATH_SEPARATOR@
PICFLAGS = @PICFLAGS@ PICFLAGS = @PICFLAGS@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@ RANLIB = @RANLIB@
RB_PREFIX = @RB_PREFIX@ RB_PREFIX = @RB_PREFIX@
RM = @RM@ RM = @RM@
@ -213,6 +216,7 @@ libratbox_la_SOURCES = \
balloc.c \ balloc.c \
commio.c \ commio.c \
openssl.c \ openssl.c \
gnutls.c \
nossl.c \ nossl.c \
event.c \ event.c \
ratbox_lib.c \ ratbox_lib.c \
@ -309,6 +313,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/devpoll.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/devpoll.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/epoll.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/epoll.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/event.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/event.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helper.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kqueue.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kqueue.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/linebuf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/linebuf.Plo@am__quote@

526
libratbox/src/gnutls.c Normal file
View file

@ -0,0 +1,526 @@
/*
* libratbox: a library used by ircd-ratbox and other things
* gnutls.c: gnutls related code
*
* Copyright (C) 2007-2008 ircd-ratbox development team
* Copyright (C) 2007-2008 Aaron Sethman <androsyn@ratbox.org>
* Copyright (C) 2008 William Pitcock <nenolod@nenolod.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
* $Id: commio.c 24808 2008-01-02 08:17:05Z androsyn $
*/
#include <libratbox_config.h>
#include <ratbox_lib.h>
#ifdef HAVE_GNUTLS
#include <commio-int.h>
#include <commio-ssl.h>
#include <gnutls/gnutls.h>
static gnutls_certificate_credentials_t x509_cred;
static gnutls_dh_params_t dh_params;
void
rb_ssl_shutdown(rb_fde_t * F)
{
if(F == NULL || F->ssl == NULL)
return;
gnutls_bye((gnutls_session_t) F->ssl, GNUTLS_SHUT_RDWR);
gnutls_deinit((gnutls_session_t) F->ssl);
}
static void
rb_ssl_timeout(rb_fde_t * F, void *notused)
{
lrb_assert(F->accept != NULL);
F->accept->callback(F, RB_ERR_TIMEOUT, NULL, 0, F->accept->data);
}
static void
rb_ssl_tryaccept(rb_fde_t * F, void *data)
{
int ssl_err;
lrb_assert(F->accept != NULL);
int flags;
struct acceptdata *ad;
if((ssl_err = gnutls_handshake((gnutls_session_t) F->ssl)) != 0)
{
switch (ssl_err)
{
case GNUTLS_E_INTERRUPTED:
if(rb_ignore_errno(errno))
case GNUTLS_E_AGAIN:
{
if(gnutls_record_get_direction((gnutls_session_t) F->ssl))
flags = RB_SELECT_WRITE;
else
flags = RB_SELECT_READ;
F->ssl_errno = ssl_err;
rb_setselect(F, flags, rb_ssl_tryaccept, NULL);
return;
}
break;
default:
F->ssl_errno = ssl_err;
F->accept->callback(F, RB_ERROR_SSL, NULL, 0, F->accept->data);
break;
}
return;
}
rb_settimeout(F, 0, NULL, NULL);
rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL);
ad = F->accept;
F->accept = NULL;
ad->callback(F, RB_OK, (struct sockaddr *) &ad->S, ad->addrlen,
ad->data);
rb_free(ad);
}
void
rb_ssl_start_accepted(rb_fde_t * new_F, ACCB * cb, void *data, int timeout)
{
gnutls_session_t sess;
int ssl_err;
new_F->type |= RB_FD_SSL;
gnutls_init(&sess, GNUTLS_SERVER);
gnutls_set_default_priority(sess);
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_dh_set_prime_bits(sess, 1024);
gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
new_F->ssl = sess;
new_F->accept = rb_malloc(sizeof(struct acceptdata));
new_F->accept->callback = cb;
new_F->accept->data = data;
rb_settimeout(new_F, timeout, rb_ssl_timeout, NULL);
new_F->accept->addrlen = 0;
gnutls_transport_set_ptr((gnutls_session_t) new_F->ssl, (gnutls_transport_ptr_t) rb_get_fd(new_F));
if((ssl_err = gnutls_handshake((gnutls_session_t) new_F->ssl)) != 0)
{
switch(ssl_err)
{
case GNUTLS_E_INTERRUPTED:
if(rb_ignore_errno(errno))
case GNUTLS_E_AGAIN:
{
int flags;
if(gnutls_record_get_direction((gnutls_session_t) new_F->ssl))
flags = RB_SELECT_WRITE;
else
flags = RB_SELECT_READ;
new_F->ssl_errno = ssl_err;
rb_setselect(new_F, flags, rb_ssl_tryaccept, NULL);
return;
}
break;
default:
new_F->ssl_errno = ssl_err;
new_F->accept->callback(new_F, RB_ERROR_SSL, NULL, 0, new_F->accept->data);
return;
}
}
else
{
struct acceptdata *ad;
rb_settimeout(new_F, 0, NULL, NULL);
rb_setselect(new_F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL);
ad = new_F->accept;
new_F->accept = NULL;
ad->callback(new_F, RB_OK, (struct sockaddr *) &ad->S, ad->addrlen,
ad->data);
rb_free(ad);
}
}
void
rb_ssl_accept_setup(rb_fde_t * F, int new_fd, struct sockaddr *st, int addrlen)
{
gnutls_session_t sess;
rb_fde_t *new_F;
int ssl_err;
new_F = rb_find_fd(new_fd);
gnutls_init(&sess, GNUTLS_SERVER);
gnutls_set_default_priority(sess);
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_dh_set_prime_bits(sess, 1024);
gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
new_F->type |= RB_FD_SSL;
new_F->accept = rb_malloc(sizeof(struct acceptdata));
new_F->accept->callback = F->accept->callback;
new_F->accept->data = F->accept->data;
rb_settimeout(new_F, 10, rb_ssl_timeout, NULL);
memcpy(&new_F->accept->S, st, addrlen);
new_F->accept->addrlen = addrlen;
gnutls_transport_set_ptr((gnutls_session_t) new_F->ssl, (gnutls_transport_ptr_t) rb_get_fd(new_F));
if((ssl_err = gnutls_handshake((gnutls_session_t) new_F->ssl)) != 0)
{
switch(ssl_err)
{
case GNUTLS_E_INTERRUPTED:
if(rb_ignore_errno(errno))
case GNUTLS_E_AGAIN:
{
int flags;
if(gnutls_record_get_direction((gnutls_session_t) new_F->ssl))
flags = RB_SELECT_WRITE;
else
flags = RB_SELECT_READ;
new_F->ssl_errno = ssl_err;
rb_setselect(new_F, flags, rb_ssl_tryaccept, NULL);
return;
}
break;
default:
new_F->ssl_errno = ssl_err;
new_F->accept->callback(new_F, RB_ERROR_SSL, NULL, 0, new_F->accept->data);
return;
}
}
else
{
struct acceptdata *ad;
rb_settimeout(new_F, 0, NULL, NULL);
rb_setselect(new_F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL);
ad = new_F->accept;
new_F->accept = NULL;
ad->callback(new_F, RB_OK, (struct sockaddr *) &ad->S, ad->addrlen,
ad->data);
rb_free(ad);
}
}
static ssize_t
rb_ssl_read_or_write(int r_or_w, rb_fde_t * F, void *rbuf, const void *wbuf, size_t count)
{
ssize_t ret;
unsigned long err;
gnutls_session_t ssl = F->ssl;
if(r_or_w == 0)
ret = gnutls_record_recv(ssl, rbuf, count);
else
ret = gnutls_record_send(ssl, wbuf, count);
if(ret < 0)
{
switch (ret)
{
case GNUTLS_E_AGAIN:
errno = EAGAIN;
if (gnutls_record_get_direction(ssl))
return RB_RW_SSL_NEED_WRITE;
else
return RB_RW_SSL_NEED_READ;
case GNUTLS_E_INTERRUPTED:
err = ret;
if(err == 0)
{
F->ssl_errno = 0;
return RB_RW_IO_ERROR;
}
break;
default:
err = ret;
break;
}
F->ssl_errno = err;
if(err > 0)
{
errno = EIO; /* not great but... */
return RB_RW_SSL_ERROR;
}
return RB_RW_IO_ERROR;
}
return ret;
}
ssize_t
rb_ssl_read(rb_fde_t * F, void *buf, size_t count)
{
return rb_ssl_read_or_write(0, F, buf, NULL, count);
}
ssize_t
rb_ssl_write(rb_fde_t * F, const void *buf, size_t count)
{
return rb_ssl_read_or_write(1, F, NULL, buf, count);
}
int
rb_init_ssl(void)
{
int ret = 1, g_ret;
gnutls_global_init();
gnutls_certificate_allocate_credentials(&x509_cred);
gnutls_dh_params_init(&dh_params);
if((g_ret = gnutls_dh_params_generate2(dh_params, 1024)) < 0)
{
rb_lib_log("rb_init_gnutls: Failed to generate GNUTLS DH params: %s", gnutls_strerror(g_ret));
ret = 0;
}
gnutls_certificate_set_dh_params(x509_cred, dh_params);
return ret;
}
int
rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile)
{
int ret = 0;
if((ret = gnutls_certificate_set_x509_key_file(x509_cred, cert, keyfile, GNUTLS_X509_FMT_PEM)) < 0)
{
rb_lib_log("rb_setup_ssl_server: Setting x509 keys up failed: %s", gnutls_strerror(ret));
return 0;
}
return 1;
}
int
rb_ssl_listen(rb_fde_t * F, int backlog)
{
F->type = RB_FD_SOCKET | RB_FD_LISTEN | RB_FD_SSL;
return listen(F->fd, backlog);
}
struct ssl_connect
{
CNCB *callback;
void *data;
int timeout;
};
static void
rb_ssl_connect_realcb(rb_fde_t * F, int status, struct ssl_connect *sconn)
{
F->connect->callback = sconn->callback;
F->connect->data = sconn->data;
rb_free(sconn);
rb_connect_callback(F, status);
}
static void
rb_ssl_tryconn_timeout_cb(rb_fde_t * F, void *data)
{
rb_ssl_connect_realcb(F, RB_ERR_TIMEOUT, data);
}
static void
rb_ssl_tryconn_cb(rb_fde_t * F, void *data)
{
struct ssl_connect *sconn = data;
int ssl_err;
if((ssl_err = gnutls_handshake((gnutls_session_t) F->ssl)) != 0)
{
switch (ssl_err)
{
case GNUTLS_E_INTERRUPTED:
if(rb_ignore_errno(errno))
case GNUTLS_E_AGAIN:
{
F->ssl_errno = ssl_err;
rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE,
rb_ssl_tryconn_cb, sconn);
return;
}
default:
F->ssl_errno = ssl_err;
rb_ssl_connect_realcb(F, RB_ERROR_SSL, sconn);
return;
}
}
else
{
rb_ssl_connect_realcb(F, RB_OK, sconn);
}
}
static void
rb_ssl_tryconn(rb_fde_t * F, int status, void *data)
{
gnutls_session_t sess;
struct ssl_connect *sconn = data;
int ssl_err;
if(status != RB_OK)
{
rb_ssl_connect_realcb(F, status, sconn);
return;
}
F->type |= RB_FD_SSL;
gnutls_init(&sess, GNUTLS_CLIENT);
gnutls_set_default_priority(sess);
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_dh_set_prime_bits(sess, 1024);
gnutls_transport_set_ptr(sess, (gnutls_transport_ptr_t) F->fd);
F->ssl = sess;
rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
if((ssl_err = gnutls_handshake((gnutls_session_t) F->ssl)) != 0)
{
switch (ssl_err)
{
case GNUTLS_E_INTERRUPTED:
if(rb_ignore_errno(errno))
case GNUTLS_E_AGAIN:
{
F->ssl_errno = ssl_err;
rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE,
rb_ssl_tryconn_cb, sconn);
return;
}
default:
F->ssl_errno = ssl_err;
rb_ssl_connect_realcb(F, RB_ERROR_SSL, sconn);
return;
}
}
else
{
rb_ssl_connect_realcb(F, RB_OK, sconn);
}
}
void
rb_connect_tcp_ssl(rb_fde_t * F, struct sockaddr *dest,
struct sockaddr *clocal, int socklen, CNCB * callback, void *data, int timeout)
{
struct ssl_connect *sconn;
if(F == NULL)
return;
sconn = rb_malloc(sizeof(struct ssl_connect));
sconn->data = data;
sconn->callback = callback;
sconn->timeout = timeout;
rb_connect_tcp(F, dest, clocal, socklen, rb_ssl_tryconn, sconn, timeout);
}
void
rb_ssl_start_connected(rb_fde_t * F, CNCB * callback, void *data, int timeout)
{
gnutls_session_t sess;
struct ssl_connect *sconn;
int ssl_err;
if(F == NULL)
return;
sconn = rb_malloc(sizeof(struct ssl_connect));
sconn->data = data;
sconn->callback = callback;
sconn->timeout = timeout;
F->connect = rb_malloc(sizeof(struct conndata));
F->connect->callback = callback;
F->connect->data = data;
F->type |= RB_FD_SSL;
gnutls_init(&sess, GNUTLS_CLIENT);
gnutls_set_default_priority(sess);
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_dh_set_prime_bits(sess, 1024);
gnutls_transport_set_ptr(sess, (gnutls_transport_ptr_t) F->fd);
F->ssl = sess;
rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn);
if((ssl_err = gnutls_handshake((gnutls_session_t) F->ssl)) != 0)
{
switch (ssl_err)
{
case GNUTLS_E_INTERRUPTED:
if(rb_ignore_errno(errno))
case GNUTLS_E_AGAIN:
{
F->ssl_errno = ssl_err;
rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE,
rb_ssl_tryconn_cb, sconn);
return;
}
default:
F->ssl_errno = ssl_err;
rb_ssl_connect_realcb(F, RB_ERROR_SSL, sconn);
return;
}
}
else
{
rb_ssl_connect_realcb(F, RB_OK, sconn);
}
}
/* XXX: implement me */
int
rb_init_prng(const char *path, prng_seed_t seed_type)
{
return -1;
}
int
rb_get_random(void *buf, size_t length)
{
return -1;
}
const char *
rb_get_ssl_strerror(rb_fde_t * F)
{
return gnutls_strerror(F->ssl_errno);
}
int
rb_supports_ssl(void)
{
return 1;
}
#endif /* HAVE_GNUTLS */

View file

@ -27,7 +27,7 @@
#include <libratbox_config.h> #include <libratbox_config.h>
#include <ratbox_lib.h> #include <ratbox_lib.h>
#ifndef HAVE_OPENSSL #if !defined(HAVE_OPENSSL) && !defined(HAVE_GNUTLS)
#include <commio-int.h> #include <commio-int.h>
#include <commio-ssl.h> #include <commio-ssl.h>