Sfoglia il codice sorgente

* Remove all of the old SSL code (never has been used)

Bryan Drewery 16 anni fa
parent
commit
dbe8361a21
6 ha cambiato i file con 4 aggiunte e 276 eliminazioni
  1. 1 10
      src/botnet.c
  2. 0 6
      src/dcc.c
  3. 0 3
      src/main.c
  4. 0 3
      src/mod/server.mod/server.c
  5. 3 234
      src/net.c
  6. 0 20
      src/net.h

+ 1 - 10
src/botnet.c

@@ -1062,16 +1062,7 @@ static void botlink_dns_callback(int id, void *client_data, const char *host, ch
   if (dcc[i].sock < 0 || open_telnet_raw(dcc[i].sock, ips[0], dcc[i].port, 0, 1) < 0)
     failed_link(i);
   else { /* let's attempt to initiate SSL before ANYTHING else... */
-#ifdef HAVE_SSL
-/*    if (!ssl_link(dcc[i].sock, CONNECT_SSL)) {
-      debug2("back from ssl_link(%d, %d) for botlink (failed)", dcc[i].sock, CONNECT_SSL);
-      dcc[i].ssl = 0;
-      putlog(LOG_BOTS, "*", "SSL link for '%s' failed", dcc[i].nick);
-    } else */
-      dcc[i].ssl = 1;
-#else
-      dcc[i].ssl = 0;
-#endif /* HAVE_SSL */
+    dcc[i].ssl = 0;
   }
 
   /* wait for async reply */

+ 0 - 6
src/dcc.c

@@ -349,8 +349,6 @@ cont_link(int idx, char *buf, int ii)
     }
   }
 
-/*.    ssl_link(dcc[idx].sock, CONNECT_SSL); */
-
   dcc[idx].type = &DCC_BOT_NEW;
   dcc[idx].u.bot->numver = 0;
 
@@ -1372,7 +1370,6 @@ dcc_telnet(int idx, char *buf, int ii)
 
   while ((sock == -1) && (errno == EAGAIN))
     sock = answer(dcc[idx].sock, s, &ip, &port, 0);
-/*. ssl_link ACCEPT_SSL should go here!!!! */
   if (sock < 0) {
     putlog(LOG_MISC, "*", "Failed TELNET incoming (%s)", strerror(errno));
 //    killsock(dcc[idx].sock);
@@ -1473,8 +1470,6 @@ static void dcc_telnet_dns_callback(int id, void *client_data, const char *ip, c
     }
   }
 
-/* .  ssl_link(dcc[i].sock, ACCEPT_SSL); */
-
   changeover_dcc(i, &DCC_IDENTWAIT, 0);
   dcc[i].timeval = now;
   dcc[i].uint.ident_sock = dcc[idx].sock;
@@ -2010,7 +2005,6 @@ dcc_telnet_got_ident(int i, char *host)
   /* This is so we dont tell someone doing a portscan anything
    * about ourselves. <cybah>
    */
-/* n  ssl_link(dcc[i].sock, ACCEPT_SSL); */
   if (conf.bot->hub)
     dprintf(i, " \n");			/* represents hub that support new linking scheme */
   else

+ 0 - 3
src/main.c

@@ -189,9 +189,6 @@ void fatal(const char *s, int recoverable)
     putlog(LOG_MISC, "*", STR("!*! %s"), s);
 
 /*  flushlogs(); */
-#ifdef HAVE_SSL
-    ssl_cleanup();
-#endif /* HAVE_SSL */
 
   if (my_port)
     listen_all(my_port, 1); /* close the listening port... */

+ 0 - 3
src/mod/server.mod/server.c

@@ -949,9 +949,6 @@ static void dcc_chat_hostresolved(int i)
     lostdcc(i);
   } else {
     bool ok = 1;
-#ifdef HAVE_SSL
-    ssl_link(dcc[i].sock, CONNECT_SSL);
-#endif /* HAVE_SSL */
 
     dcc[i].status = STAT_ECHO;
     get_user_flagrec(dcc[i].user, &fr, NULL);

+ 3 - 234
src/net.c

@@ -59,11 +59,6 @@
 
 extern egg_traffic_t 	traffic;
 
-#ifdef HAVE_SSL
-  SSL_CTX 		*ssl_c_ctx = NULL, *ssl_s_ctx = NULL;
-  char 			*tls_rand_file = NULL;
-#endif /* HAVE_SSL */
-
 union sockaddr_union cached_myip4_so;
 #ifdef USE_IPV6
 union sockaddr_union cached_myip6_so;
@@ -159,39 +154,6 @@ static int get_ip(char *hostname, union sockaddr_union *so)
 #endif /* USE_IPV6 */
 }
 
-#ifdef HAVE_SSL
-int seed_PRNG(void)
-{
-  char stackdata[1024] = "";
-  static char rand_file[300] = "";
-  FILE *fh = NULL;
-
-#if OPENSSL_VERSION_NUMBER >= 0x00905100
-  if (RAND_status()) return 0;
-#endif /* OPENSSL_VERSION_NUMBER */
-  if ((fh = fopen("/dev/urandom", "r"))) {
-    fclose(fh);
-    return 0;
-  }
-  if (RAND_file_name(rand_file, sizeof(rand_file)))
-    tls_rand_file = rand_file;
-  else
-    return 1;
-  if (!RAND_load_file(rand_file, 1024)) {
-    unsigned int c;
-    c = now;
-    RAND_seed(&c, sizeof(c));
-    c = getpid();
-    RAND_seed(&c, sizeof(c));
-    RAND_seed(stackdata, sizeof(stackdata));
-  }
-#if OPENSSL_VERSION_NUMBER >= 0x00905100
-  if (!RAND_status()) return 2;
-#endif /* OPENSSL_VERSION_NUMBER >= 0x00905100 */
-  return 0;
-}
-#endif /* HAVE_SSL */
-
 /* Initialize the socklist
  */
 void init_net()
@@ -205,39 +167,10 @@ void init_net()
 
   for (int i = 0; i < MAXSOCKS; i++) {
     bzero(&socklist[i], sizeof(socklist[i]));
-#ifdef HAVE_SSL
-    socklist[i].ssl = NULL;
-#endif /* HAVE_SSL */
     socklist[i].flags = SOCK_UNUSED;
     socklist[i].sock = -1;
   }
-#ifdef HAVE_SSL
-  SSL_load_error_strings();
-  OpenSSL_add_ssl_algorithms();
-  ssl_c_ctx = SSL_CTX_new(SSLv23_client_method());
-  ssl_s_ctx = SSL_CTX_new(SSLv23_server_method());
-  if (!ssl_c_ctx || !ssl_s_ctx)
-    fatal("SSL Inititlization failed", 0);
-  if (seed_PRNG())
-    fatal("SSL PRNG seeding failed!", 0);
-#endif /* HAVE_SSL */
-}
-
-#ifdef HAVE_SSL
-int ssl_cleanup() {
- if (ssl_c_ctx) {
-    SSL_CTX_free(ssl_c_ctx);
-    ssl_c_ctx = NULL;
-  }
-  if (ssl_s_ctx) {
-    SSL_CTX_free(ssl_s_ctx);
-    ssl_s_ctx = NULL;
-  }
-  if (tls_rand_file) RAND_write_file(tls_rand_file);
- return 0;
 }
-#endif /* HAVE_SSL */
-
 
 /* Get my ipv? ip
  */
@@ -426,9 +359,6 @@ int allocsock(int sock, int options)
       /* yay!  there is table space */
       socklist[i].inbuf = socklist[i].outbuf = NULL;
       socklist[i].inbuflen = socklist[i].outbuflen = 0;
-#ifdef HAVE_SSL
-      socklist[i].ssl = NULL;
-#endif /* HAVE_SSL */
       socklist[i].flags = options;
       socklist[i].sock = sock;
       socklist[i].encstatus = 0;
@@ -491,27 +421,6 @@ int real_getsock(int options, char *fname, int line)
   return sock;
 }
 
-#ifdef HAVE_SSL
-void dropssl(register int sock)
-{
-  if (sock < 0)
-    return;
-  int i;
-
-  for (i = 0; (i < MAXSOCKS); i++)
-    if (socklist[i].sock == sock) break;
-
-  if (socklist[i].ssl) {
-    SSL_set_quiet_shutdown(socklist[i].ssl, 1);
-    SSL_shutdown(socklist[i].ssl);
-    usleep(1000 * 500);
-    SSL_free(socklist[i].ssl);
-    usleep(1000 * 500);
-    socklist[i].ssl = NULL;
-  }
-}
-#endif /* HAVE_SSL */
-
 /* Done with a socket
  */
 void real_killsock(register int sock, const char *file, int line)
@@ -523,9 +432,6 @@ void real_killsock(register int sock, const char *file, int line)
 
   for (register int i = 0; i < MAXSOCKS; i++) {
     if ((socklist[i].sock == sock) && !(socklist[i].flags & SOCK_UNUSED)) {
-#ifdef HAVE_SSL
-      dropssl(sock);
-#endif /* HAVE_SSL */
       close(socklist[i].sock);
       if (socklist[i].inbuf != NULL) {
 	free(socklist[i].inbuf);
@@ -863,73 +769,6 @@ int open_listen_by_af(port_t *port, int af_def)
 #endif /* USE_IPV6 */
 }
 
-#ifdef HAVE_SSL
-int ssl_link(register int sock, int state)
-{
-  int err = 0, i = 0, errs = 0;
-
-  debug2("ssl_link(%d, %d)", sock, state);
-  for (i = 0; (i < MAXSOCKS); i++) {		
-    if (socklist[i].sock == sock) break;
-  }
-  if (socklist[i].ssl) {
-    putlog(LOG_ERROR, "*", "Switching to SSL (%d,%d) - already active", state, sock);
-    return 0;
-  }
-  if (state == CONNECT_SSL) {
-    socklist[i].ssl = SSL_new(ssl_c_ctx);
-  } else if (state == ACCEPT_SSL) {
-    socklist[i].ssl = SSL_new(ssl_s_ctx);
-  }
-  if (!socklist[i].ssl) {
-    putlog(LOG_ERROR, "*", "Switching to SSL (%d) - SSL_new(%d) failed", sock, state);
-    return 0;
-  }
-  if (!SSL_set_fd(socklist[i].ssl, socklist[i].sock)) {
-    putlog(LOG_ERROR, "*", "SSL_set_fd(%d) (%d) failed", state, socklist[i].sock);
-    return 0;
-  }
-  if (state == CONNECT_SSL) {
-    SSL_set_connect_state(socklist[i].ssl);
-  } else if (state == ACCEPT_SSL) {
-    SSL_set_accept_state(socklist[i].ssl);
-  } else {
-    putlog(LOG_DEBUG, "*", "ssl_link(%d, 0?) NO STATE?", sock);
-    return 0;
-  }
-
-  if (state == CONNECT_SSL) {
-    err = SSL_connect(socklist[i].ssl);
-  } else if (state == ACCEPT_SSL) {
-    err = SSL_accept(socklist[i].ssl);
-  }
-  if (!setjmp(alarmret)) {
-      alarm(5); /* this is plenty of time */
-      while ((err < 1) && (errno == EAGAIN)) {
-        if (state == CONNECT_SSL) {
-          err = SSL_connect(socklist[i].ssl);
-        } else if (state == ACCEPT_SSL) {
-          err = SSL_accept(socklist[i].ssl);
-        }
-/*        if ((errs!=SSL_ERROR_WANT_READ)&&(errs!=SSL_ERROR_WANT_WRITE)&& (errs!=SSL_ERROR_WANT_X509_LOOKUP)) */
-/*          break;  anything not one of these is a sufficient condition to break out... */
-      }
-      alarm(0);
-  }
-      errs = SSL_get_error(socklist[i].ssl, err);
-        putlog(LOG_DEBUG, "*", "SSL_link(%d, %d) = %d, errs: %d (%d), %s", sock, state, err, errs, errno, (char *)ERR_error_string(ERR_get_error(), NULL));
-        if (errno) putlog(LOG_DEBUG, "*", "errno %d: %s", errno, strerror(errno));
-  if (err == 1) {
-    putlog(LOG_ERROR, "*", "SSL_link(%d, %d) was successfull", sock, state);
-    return 1;
-  } else {
-    putlog(LOG_ERROR, "*", "SSL_link(%d, %d) failed", sock, state);
-    dropssl(socklist[i].sock);
-  }
-  return 0;
-}
-#endif /* HAVE_SSL */
-
 /* Returns the given network byte order IP address in the
  * dotted format - "##.##.##.##"
  */
@@ -1107,9 +946,6 @@ static int sockread(char *s, int *len)
     /* Something happened */
     for (i = 0; i < MAXSOCKS; i++) {
       if ((!(socklist[i].flags & SOCK_UNUSED)) && ((FD_ISSET(socklist[i].sock, &fd)) ||
-#ifdef HAVE_SSL
-          ((socklist[i].ssl) && (SSL_pending(socklist[i].ssl))) ||
-#endif /* HAVE_SSL */
 	  ((socklist[i].sock == STDOUT) && (!backgrd) && (FD_ISSET(STDIN, &fd))))) {
 	if (socklist[i].flags & (SOCK_LISTEN | SOCK_CONNECT)) {
 	  /* Listening socket -- don't read, just return activity */
@@ -1122,12 +958,6 @@ static int sockread(char *s, int *len)
 	    debug1("net: connect! sock %d", socklist[i].sock);
 	    s[0] = 0;
 	    *len = 0;
-#ifdef HAVE_SSL
-/*            debug0("CALLING SSL_LINK() FROM SOCKREAD");
-            if (!ssl_link(socklist[i].sock))
-              debug0("SSL_LINK FAILED");
-            debug0("BACK FROM SSL_LINK()"); */
-#endif /* HAVE_SSL */
 	    return i;
 	  }
 	} else if (socklist[i].flags & SOCK_PASS) {
@@ -1138,29 +968,9 @@ static int sockread(char *s, int *len)
 	errno = 0;
 	if ((socklist[i].sock == STDOUT) && !backgrd)
 	  x = read(STDIN, s, grab);
-	else {
-#ifdef HAVE_SSL
-          if (socklist[i].ssl) {
-            x = SSL_read(socklist[i].ssl, s, grab);
-            if (x < 0) {
-              int err = SSL_get_error(socklist[i].ssl, x);
-              x = -1;
-              switch (err) {
-                case SSL_ERROR_WANT_READ:
-                  errno = EAGAIN;
-                  break;
-                case SSL_ERROR_WANT_WRITE:
-                  errno = EAGAIN;
-                  break;
-                case SSL_ERROR_WANT_X509_LOOKUP:
-                  errno = EAGAIN;
-                  break;
-              }
-            }
-          } else 
-#endif /* HAVE_SSL */
-            x = read(socklist[i].sock, s, grab);
-        }
+	else
+          x = read(socklist[i].sock, s, grab);
+
 	if (x <= 0) {		/* eof */
 	  if (errno != EAGAIN) { /* EAGAIN happens when the operation would block 
 				    on a non-blocking socket, if the socket is going
@@ -1473,26 +1283,6 @@ void tputs(register int z, char *s, size_t len)
 	return;
       }
       /* Try. */
-#ifdef HAVE_SSL
-      if (socklist[i].ssl) {
-        x = SSL_write(socklist[i].ssl, s, len);
-        if (x < 0) {
-          int err = SSL_get_error(socklist[i].ssl, x);
-          x = -1;
-          switch (err) {
-            case SSL_ERROR_WANT_READ:
-              errno = EAGAIN;
-              break;
-            case SSL_ERROR_WANT_WRITE:
-              errno = EAGAIN;
-              break;
-            case SSL_ERROR_WANT_X509_LOOKUP:
-              errno = EAGAIN;
-              break;
-          }
-        }
-      } else
-#endif /* HAVE_SSL */
 #ifdef HAVE_ZLIB_H
 /*
       if (socklist[i].gz) { 		
@@ -1596,27 +1386,6 @@ void dequeue_sockets()
 	(socklist[i].outbuf != NULL) && (FD_ISSET(socklist[i].sock, &wfds))) {
       /* Trick tputs into doing the work */
       errno = 0;
-#ifdef HAVE_SSL
-      if (socklist[i].ssl) {
-        x = write(socklist[i].sock, socklist[i].outbuf, socklist[i].outbuflen);
-        if (x < 0) {
-          int err = SSL_get_error(socklist[i].ssl, x);
-
-          x = -1;
-          switch (err) {
-            case SSL_ERROR_WANT_READ:
-              errno = EAGAIN;
-              break;
-            case SSL_ERROR_WANT_WRITE:
-              errno = EAGAIN;
-              break;
-            case SSL_ERROR_WANT_X509_LOOKUP:
-              errno = EAGAIN;
-              break;
-          }
-        }
-      } else
-#endif /* HAVE_SSL */
       x = write(socklist[i].sock, socklist[i].outbuf, socklist[i].outbuflen);
       if ((x < 0) && (errno != EAGAIN)
 #ifdef EBADSLT

+ 0 - 20
src/net.h

@@ -14,16 +14,6 @@
 #define ENC_KEY_LEN 32
 
 
-#ifdef HAVE_OPENSSL_SSL_H
-# ifdef USE_SSL
-#  include <openssl/ssl.h>
-#  include <openssl/rand.h>
-#  include <openssl/err.h>
-#  undef HAVE_SSL
-# endif /* USE_SSL */
-/* #define HAVE_SSL 1 */
-#endif /* HAVE_OPENSSL_SSL_H */
-
 #define SGRAB 2010         /* How much data to allow through sockets. */
 
 enum {
@@ -55,9 +45,6 @@ enum {
 
 #define iptolong(a)             (0xffffffff &                           \
                                  (long) (htonl((unsigned long) a)))
-#define CONNECT_SSL 1
-#define ACCEPT_SSL 2
-
 #ifdef USE_IPV6
 #define SIZEOF_SOCKADDR(so) ((so).sa.sa_family == AF_INET6 ? sizeof(so.sin6) : sizeof(so.sin))
 #else
@@ -93,9 +80,6 @@ typedef struct {
   int iseed;                            /* botlink in seed */
   int gz; /* gzip compression */
   int enclink;				/* new encrypted botlink */
-#ifdef HAVE_SSL
-  SSL           *ssl;
-#endif /* HAVE_SSL */
   char *inbuf;
   char *outbuf;
   char *host;
@@ -109,10 +93,6 @@ typedef struct {
 # define killsock(x)     	real_killsock((x),__FILE__,__LINE__)
 
 unsigned long my_atoul(char *);
-#ifdef HAVE_SSL
-int ssl_cleanup();
-int ssl_link(int, int);
-#endif /* HAVE_SSL */
 char *myipstr(int);
 in_addr_t getmyip();
 void cache_my_ip();