Revert "No more TLS"

This reverts commit 8fb7f0bc0d.
2023-12-06 22:52:04 -05:00 · 2023-12-06 22:52:04 -05:00 · e939637c99
commit e939637c99
parent b5f5f18ae3
12 changed files with 189 additions and 88 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,6 +2,3 @@ config.c
 *.o
 .*.swp
 haxserv
-core
-s2s
-lock
--- a/8
+++ b/8
@ -36,16 +36,16 @@ ifeq ($(COLORIZE), 1)
 	CFLAGS += -DCOLORIZE=1
 endif

-CFLAGS += $(INCLUDEFLAGS) -D_REENTRANT -ggdb3 -Wall -Wextra -Wsign-conversion -Wno-unused-parameter
+CFLAGS += $(INCLUDEFLAGS) -D_REENTRANT -ggdb3 -Wall -Wextra -Wsign-conversion -Wno-unused-parameter $(shell pkg-config gnutls --cflags)

-LDFLAGS = -lpthread
+LDFLAGS = -lpthread $(shell pkg-config gnutls --libs)

 DEPS = $(shell $(CC) $(INCLUDEFLAGS) -MM -MT $(1).o $(1).c | sed -z 's/\\\n //g')

 .PHONY: all clean cleanall release
 all: haxserv

-haxserv: main.o server_network.o client_network.o general_network.o commands.o table.o config.o utils.o
+haxserv: main.o server_network.o client_network.o general_network.o commands.o table.o config.o tls.o utils.o
 	$(CC) $^ -o $@ $(LDFLAGS)

 %.o: %.c
@ -65,6 +65,8 @@ $(call DEPS,table)

 $(call DEPS,config)

+$(call DEPS,tls)
+
 $(call DEPS,utils)

 clean:
--- a/client_network.c
+++ b/client_network.c
@ -26,6 +26,7 @@
 // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 // OTHER DEALINGS IN THE SOFTWARE.

+#include <gnutls/gnutls.h>
 #include <netdb.h>
 #include <arpa/inet.h>
 #include <sys/types.h>
@ -40,6 +41,7 @@
 #include "config.h"
 #include "types.h"
 #include "table.h"
+#include "tls.h"

 struct table client_network_commands = {0};
 struct string client_nick = {0};
--- a/commands.c
+++ b/commands.c
@ -34,6 +34,7 @@
 #include "table.h"
 #include "commands.h"
 #include "network.h"
+#include "tls.h"
 #include "config.h"
 #include "utils.h"

--- a/BIN
+++ b/BIN
--- a/general_network.c
+++ b/general_network.c
@ -31,6 +31,7 @@
 #include <stdlib.h>

 #include "network.h"
+#include "tls.h"
 #include "config.h"

 char channel_mode_types[UCHAR_MAX] = {
--- a/main.c
+++ b/main.c
@ -26,6 +26,7 @@
 // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 // OTHER DEALINGS IN THE SOFTWARE.

+#include <gnutls/gnutls.h>
 #include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
@ -34,6 +35,7 @@
 #include "network.h"
 #include "config.h"
 #include "types.h"
+#include "tls.h"
 #include "types.h"

 void *client_loop(void *ign) {
--- a/network.h
+++ b/network.h
@ -31,9 +31,6 @@
 #include <netinet/in.h>
 #include <pthread.h>
 #include <limits.h>
-#include <errno.h>
-
-#include <stdio.h>

 #include "types.h"
 #include "table.h"
@ -90,8 +87,6 @@ extern struct table user_list;

 extern pthread_mutex_t send_lock;

-extern int server_fd;
-
 extern int client_fd;
 extern int client_listen_fd;
 extern struct string client_nick;
@ -117,32 +112,6 @@ extern ssize_t SENDCLIENT(struct string msg);
 #define SENDCLIENT(x) write(client_fd, x.data, x.len)
 #endif

-#if LOGALL
-extern ssize_t SEND(struct string msg);
-#else
-#define SEND(x) write(server_fd, x.data, x.len)
-#endif
-
-inline size_t RECV(char *buf, size_t buflen, char *timeout) {
-	ssize_t len;
-	do {
-		len = recv(server_fd, buf, buflen, 0);
-	} while (len == -1 && errno == EINTR);
-
-	if (len == -1)
-		fprintf(stderr, "errno: %d\n", errno);
-
-	if (len == -1)
-		*timeout = (errno == EAGAIN || errno == EWOULDBLOCK);
-	else
-		*timeout = 0;
-
-	if (len < 0)
-		return 0;
-	else
-		return (size_t)len;
-}
-
 extern int privmsg(struct string source, struct string target, size_t num_message_parts, struct string message[num_message_parts]);
 extern int add_local_client(struct string uid, struct string nick_arg, struct string vhost_arg, struct string ident_arg, struct string realname_arg, time_t timestamp, char fake_cert);
 extern int remove_user(struct string uid, struct string reason);
--- a/rerun.sh
+++ b/rerun.sh
@ -1,9 +1,5 @@
 #!/usr/bin/env bash
 {
-	socat -L'lock' 'UNIX-LISTEN:./s2s,fork' 'OPENSSL:irc.andrewyu.org:7005' &
-	while ! [ -S ./s2s ]; do
-		sleep 0.1
-	done
 	start=`date -u +%s`
 	./haxserv
 	uptime=$((`date -u +%s` - $start))
--- a/server_network.c
+++ b/server_network.c
@ -26,11 +26,12 @@
 // ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 // OTHER DEALINGS IN THE SOFTWARE.

+#include <gnutls/gnutls.h>
 #include <netdb.h>
 #include <arpa/inet.h>
 #include <sys/types.h>
+#include <netinet/in.h>
 #include <sys/socket.h>
-#include <sys/un.h>
 #include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
@ -38,6 +39,7 @@
 #include "network.h"
 #include "types.h"
 #include "table.h"
+#include "tls.h"
 #include "config.h"
 #include "utils.h"
 #include "commands.h"
@ -63,8 +65,6 @@ int resolve(char *address, char *port, struct sockaddr *sockaddr) {
 	return success;
 }

-int server_fd = -1;
-
 struct table server_network_commands = {0};
 struct table server_list = {0};
 struct table user_list = {0};
@ -899,20 +899,9 @@ int initservernetwork(void) {

 	init_user_commands();

-	server_fd = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (server_fd < 0) {
-		WRITES(2, STRING("Unable to open unix socket!\n"));
-		return 1;
-	}
-
-	struct sockaddr_un socket = {
-		.sun_family = AF_UNIX,
-		.sun_path = "./s2s",
-	};
-
-	int retval = connect(server_fd, (struct sockaddr*)&socket, sizeof(socket));
-	if (retval == -1) {
-		WRITES(2, STRING("Unable to connect unix socket!\n"));
+	int retval = connect_tls();
+	if (retval != 0) {
+		printf("connect_tls(): %d\n", retval);
 		return 1;
 	}

@ -952,33 +941,3 @@ int initservernetwork(void) {

 	return 0;
 }
-
-extern inline size_t RECV(char *buf, size_t buflen, char *timeout); // Should force it to get compiled into here
-
-#if LOGALL
-ssize_t SEND(struct string msg) {
-	static char printprefix = 1;
-	if (printprefix) {
-#if COLORIZE
-		WRITES(1, STRING("\x1b[33m[Us->Server] \x1b[34m"));
-#else
-		WRITES(1, STRING("[Us->Server] "));
-#endif
-
-		printprefix = 0;
-	}
-
-	WRITES(1, msg);
-
-	if (msg.len == 0 || msg.data[msg.len - 1] == '\n') {
-		printprefix = 1;
-#if COLORIZE
-		WRITES(1, STRING("\x1b[0m\n"));
-#else
-		WRITES(1, STRING("\n"));
-#endif
-	}
-
-	return WRITES(server_fd, msg);
-}
-#endif
--- a/tls.c
+++ b/tls.c
@ -0,0 +1,120 @@
+// TLS handler for HaxServ
+//
+// Written by: Test_User <hax@andrewyu.org>
+//
+// This is free and unencumbered software released into the public
+// domain.
+//
+// Anyone is free to copy, modify, publish, use, compile, sell, or
+// distribute this software, either in source code form or as a compiled
+// binary, for any purpose, commercial or non-commercial, and by any
+// means.
+//
+// In jurisdictions that recognize copyright laws, the author or authors
+// of this software dedicate any and all copyright interest in the
+// software to the public domain. We make this dedication for the benefit
+// of the public at large and to the detriment of our heirs and
+// successors. We intend this dedication to be an overt act of
+// relinquishment in perpetuity of all present and future rights to this
+// software under copyright law.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+// OTHER DEALINGS IN THE SOFTWARE.
+
+#include <gnutls/gnutls.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <arpa/inet.h>
+
+#include "network.h"
+#include "config.h"
+#include "types.h"
+#include "tls.h"
+
+gnutls_session_t session;
+int fd;
+
+int connect_tls(void) {
+	// TODO: free used things on failure
+
+	if (gnutls_global_init() < 0)
+		return 1;
+
+	gnutls_certificate_credentials_t xcred; // TODO: if we reconnect
+	if (gnutls_certificate_allocate_credentials(&xcred) < 0)
+		return 2;
+
+	if (gnutls_certificate_set_x509_system_trust(xcred) < 0)
+		return 3;
+
+	if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
+		return 4;
+
+	if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
+		return 5;
+
+	if (gnutls_set_default_priority(session) < 0)
+		return 6;
+
+	if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
+		return 7;
+	gnutls_session_set_verify_cert(session, address.data, 0);
+
+	fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+	if (fd == -1)
+		return 8;
+
+	struct sockaddr sockaddr;
+	resolve(address.data, port.data, &sockaddr);
+	int ret = connect(fd, &sockaddr, sizeof(sockaddr));
+	if (ret != 0)
+		return 9;
+
+	gnutls_transport_set_int(session, fd);
+	gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+
+	do {
+		ret = gnutls_handshake(session);
+	} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+	if (ret < 0)
+		return 10;
+
+	gnutls_record_set_timeout(session, 60000); // 60s
+
+	return 0;
+}
+
+extern inline size_t RECV(char *buf, size_t buflen, char *timeout); // Should force it to get compiled into tls.o
+
+#if LOGALL
+ssize_t SEND(struct string msg) {
+	static char printprefix = 1;
+	if (printprefix) {
+#if COLORIZE
+		WRITES(1, STRING("\x1b[33m[Us->Server] \x1b[34m"));
+#else
+		WRITES(1, STRING("[Us->Server] "));
+#endif
+
+		printprefix = 0;
+	}
+
+	WRITES(1, msg);
+
+	if (msg.len == 0 || msg.data[msg.len - 1] == '\n') {
+		printprefix = 1;
+#if COLORIZE
+		WRITES(1, STRING("\x1b[0m\n"));
+#else
+		WRITES(1, STRING("\n"));
+#endif
+	}
+
+	return gnutls_record_send(session, msg.data, msg.len);
+}
+#endif
--- a/tls.h
+++ b/tls.h
@ -0,0 +1,52 @@
+// One of the headers for HaxServ
+//
+// Written by: Test_User <hax@andrewyu.org>
+//
+// This is free and unencumbered software released into the public
+// domain.
+//
+// Anyone is free to copy, modify, publish, use, compile, sell, or
+// distribute this software, either in source code form or as a compiled
+// binary, for any purpose, commercial or non-commercial, and by any
+// means.
+//
+// In jurisdictions that recognize copyright laws, the author or authors
+// of this software dedicate any and all copyright interest in the
+// software to the public domain. We make this dedication for the benefit
+// of the public at large and to the detriment of our heirs and
+// successors. We intend this dedication to be an overt act of
+// relinquishment in perpetuity of all present and future rights to this
+// software under copyright law.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+// OTHER DEALINGS IN THE SOFTWARE.
+
+#include <gnutls/gnutls.h>
+
+#if LOGALL
+extern ssize_t SEND(struct string msg);
+#else
+#define SEND(x) gnutls_record_send(session, x.data, x.len)
+#endif
+
+extern gnutls_session_t session;
+
+extern int connect_tls(void);
+
+inline size_t RECV(char *buf, size_t buflen, char *timeout) {
+	int len;
+	do {
+		len = gnutls_record_recv(session, buf, buflen);
+	} while (len == GNUTLS_E_AGAIN || len == GNUTLS_E_INTERRUPTED);
+
+	*timeout = (len == GNUTLS_E_TIMEDOUT);
+	if (len < 0)
+		return 0;
+	else
+		return (size_t)len;
+}