Mercurial > pidgin.yaz
changeset 7016:aa619031193b
[gaim-migrate @ 7579]
SSL suport is now provided by invisible plugins that are auto-loaded when
SSL is needed.
committer: Tailor Script <tailor@pidgin.im>
| author | Christian Hammond <chipx86@chipx86.com> |
|---|---|
| date | Mon, 29 Sep 2003 15:29:49 +0000 |
| parents | dece74f05509 |
| children | 15733f9cfe69 |
| files | ChangeLog configure.ac plugins/Makefile.am plugins/ssl/Makefile.am plugins/ssl/ssl-gnutls.c plugins/ssl/ssl-nss.c plugins/ssl/ssl.c src/Makefile.am src/sslconn.c |
| diffstat | 9 files changed, 662 insertions(+), 26 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Sep 29 15:28:20 2003 +0000 +++ b/ChangeLog Mon Sep 29 15:29:49 2003 +0000 @@ -4,6 +4,7 @@ * Display AIM away messages in the tooltip for buddies when they are away. * Re-write of Jabber protocol plugin + * SSL support can now be provided by third party plugins. version 0.70 (09/28/2003): * Implemented Yahoo's new authentication method (Cerulean Studios)
--- a/configure.ac Mon Sep 29 15:28:20 2003 +0000 +++ b/configure.ac Mon Sep 29 15:29:49 2003 +0000 @@ -926,6 +926,7 @@ plugins/gestures/Makefile plugins/perl/Makefile plugins/perl/common/Makefile.PL + plugins/ssl/Makefile plugins/tcl/Makefile plugins/ticker/Makefile po/Makefile.in
--- a/plugins/Makefile.am Mon Sep 29 15:28:20 2003 +0000 +++ b/plugins/Makefile.am Mon Sep 29 15:29:49 2003 +0000 @@ -1,4 +1,4 @@ -DIST_SUBDIRS = docklet gaim-remote gestures perl tcl ticker +DIST_SUBDIRS = docklet gaim-remote gestures perl ssl tcl ticker if USE_PERL PERL_DIR = perl
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/ssl/Makefile.am Mon Sep 29 15:29:49 2003 +0000 @@ -0,0 +1,31 @@ +plugindir = $(libdir)/gaim + +ssl_la_LDFLAGS = -module -avoid-version +ssl_gnutls_la_LDFLAGS = -module -avoid-version +ssl_nss_la_LDFLAGS = -module -avoid-version + +if PLUGINS + +plugin_LTLIBRARIES = \ + ssl.la \ + ssl-gnutls.la \ + ssl-nss.la + +ssl_la_SOURCES = ssl.c +ssl_gnutls_la_SOURCES = ssl-gnutls.c +ssl_nss_la_SOURCES = ssl-nss.c + +ssl_gnutls_la_LIBADD = $(GNUTLS_LIBS) +ssl_nss_la_LIBADD = $(NSS_LIBS) + +endif # PLUGINS + +AM_CPPFLAGS = \ + -DDATADIR=\"$(datadir)\" \ + -DVERSION=\"$(VERSION)\" \ + -I$(top_srcdir)/src \ + $(DEBUG_CFLAGS) \ + $(GTK_CFLAGS) \ + $(PLUGIN_CFLAGS) \ + $(NSS_CFLAGS) \ + $(GNUTLS_CFLAGS)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/ssl/ssl-gnutls.c Mon Sep 29 15:29:49 2003 +0000 @@ -0,0 +1,209 @@ +/** + * @file ssl-gnutls.c GNUTLS SSL plugin. + * + * gaim + * + * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +#include "internal.h" +#include "plugin.h" + +#define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls" + +#ifdef HAVE_GNUTLS + +#include "debug.h" +#include "sslconn.h" + +#include <gnutls/gnutls.h> + +typedef struct +{ + gnutls_session session; + +} GaimSslGnutlsData; + +#define GAIM_SSL_GNUTLS_DATA(gsc) ((GaimSslGnutlsData *)gsc->private_data) + +static gnutls_certificate_client_credentials xcred; + +static gboolean +ssl_gnutls_init(void) +{ + gnutls_global_init(); + + gnutls_certificate_allocate_credentials(&xcred); + gnutls_certificate_set_x509_trust_file(xcred, "ca.pem", + GNUTLS_X509_FMT_PEM); + + return TRUE; +} + +static void +ssl_gnutls_uninit(void) +{ + gnutls_global_deinit(); + + gnutls_certificate_free_credentials(xcred); +} + +static void +ssl_gnutls_connect_cb(gpointer data, gint source, GaimInputCondition cond) +{ + GaimSslConnection *gsc = (GaimSslConnection *)data; + GaimSslGnutlsData *gnutls_data; + static const int cert_type_priority[2] = { GNUTLS_CRT_X509, 0 }; + int ret; + + if (source < 0) + return; + + gsc->fd = source; + + gnutls_data = g_new0(GaimSslGnutlsData, 1); + gsc->private_data = gnutls_data; + + gnutls_init(&gnutls_data->session, GNUTLS_CLIENT); + gnutls_set_default_priority(gnutls_data->session); + + gnutls_certificate_type_set_priority(gnutls_data->session, + cert_type_priority); + + gnutls_credentials_set(gnutls_data->session, GNUTLS_CRD_CERTIFICATE, + xcred); + + gnutls_transport_set_ptr(gnutls_data->session, GINT_TO_POINTER(source)); + + gaim_debug_info("gnutls", "Handshaking\n"); + ret = gnutls_handshake(gnutls_data->session); + + if (ret < 0) + { + gaim_debug_error("gnutls", "Handshake failed\n"); + + /* XXX: notify the guy expecting the callback somehow? */ + gaim_ssl_close(gsc); + } + else + { + gsc->connect_cb(gsc->connect_cb_data, gsc, cond); + } +} + +static void +ssl_gnutls_close(GaimSslConnection *gsc) +{ + GaimSslGnutlsData *gnutls_data = GAIM_SSL_GNUTLS_DATA(gsc); + + gnutls_bye(gnutls_data->session, GNUTLS_SHUT_RDWR); + + gnutls_deinit(gnutls_data->session); + + g_free(gnutls_data); +} + +static size_t +ssl_gnutls_read(GaimSslConnection *gsc, void *data, size_t len) +{ + GaimSslGnutlsData *gnutls_data = GAIM_SSL_GNUTLS_DATA(gsc); + int s; + + s = gnutls_record_recv(gnutls_data->session, data, len); + + if (s < 0) + s = 0; + + return s; +} + +static size_t +ssl_gnutls_write(GaimSslConnection *gsc, const void *data, size_t len) +{ + GaimSslGnutlsData *gnutls_data = GAIM_SSL_GNUTLS_DATA(gsc); + size_t s; + + s = gnutls_record_send(gnutls_data->session, data, len); + + if (s < 0) + s = 0; + + return s; +} + +static GaimSslOps ssl_ops = +{ + ssl_gnutls_init, + ssl_gnutls_uninit, + ssl_gnutls_connect_cb, + ssl_gnutls_close, + ssl_gnutls_read, + ssl_gnutls_write +}; + +#endif /* HAVE_GNUTLS */ + +static gboolean +plugin_load(GaimPlugin *plugin) +{ +#ifdef HAVE_GNUTLS + gaim_ssl_set_ops(&ssl_ops); + + return TRUE; +#else + return FALSE; +#endif +} + +static gboolean +plugin_unload(GaimPlugin *plugin) +{ + return TRUE; +} + +static GaimPluginInfo info = +{ + 2, /**< api_version */ + GAIM_PLUGIN_STANDARD, /**< type */ + NULL, /**< ui_requirement */ + GAIM_PLUGIN_FLAG_INVISIBLE, /**< flags */ + NULL, /**< dependencies */ + GAIM_PRIORITY_DEFAULT, /**< priority */ + + SSL_GNUTLS_PLUGIN_ID, /**< id */ + N_("GNUTLS"), /**< name */ + VERSION, /**< version */ + /** summary */ + N_("Provides SSL support through GNUTLS."), + /** description */ + N_("Provides SSL support through GNUTLS."), + "Christian Hammond <chipx86@gnupdate.org>", + GAIM_WEBSITE, /**< homepage */ + + plugin_load, /**< load */ + plugin_unload, /**< unload */ + NULL, /**< destroy */ + + NULL, /**< ui_info */ + NULL /**< extra_info */ +}; + +static void +init_plugin(GaimPlugin *plugin) +{ +} + +GAIM_INIT_PLUGIN(ssl_gnutls, init_plugin, info)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/ssl/ssl-nss.c Mon Sep 29 15:29:49 2003 +0000 @@ -0,0 +1,305 @@ +/** + * @file ssl-nss.c Mozilla NSS SSL plugin. + * + * gaim + * + * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +#include "internal.h" +#include "plugin.h" + +#define SSL_GNUTLS_PLUGIN_ID "ssl-gnutls" + +#ifdef HAVE_NSS + +#include "debug.h" +#include "sslconn.h" + +#include <nspr.h> +#include <private/pprio.h> +#include <nss.h> +#include <pk11func.h> +#include <prio.h> +#include <secerr.h> +#include <secmod.h> +#include <ssl.h> +#include <sslerr.h> +#include <sslproto.h> + +typedef struct +{ + PRFileDesc *fd; + PRFileDesc *in; + +} GaimSslNssData; + +#define GAIM_SSL_NSS_DATA(gsc) ((GaimSslNssData *)gsc->private_data) + +static const PRIOMethods *_nss_methods = NULL; +static PRDescIdentity _identity; + +static SECStatus +ssl_auth_cert(void *arg, PRFileDesc *socket, PRBool checksig, + PRBool is_server) +{ + return SECSuccess; + +#if 0 + CERTCertificate *cert; + void *pinArg; + SECStatus status; + + cert = SSL_PeerCertificate(socket); + pinArg = SSL_RevealPinArg(socket); + + status = CERT_VerifyCertNow((CERTCertDBHandle *)arg, cert, checksig, + certUsageSSLClient, pinArg); + + if (status != SECSuccess) { + gaim_debug_error("nss", "CERT_VerifyCertNow failed\n"); + CERT_DestroyCertificate(cert); + return status; + } + + CERT_DestroyCertificate(cert); + return SECSuccess; +#endif +} + +static SECStatus +ssl_bad_cert(void *arg, PRFileDesc *socket) +{ + SECStatus status = SECFailure; + PRErrorCode err; + + if (arg == NULL) + return status; + + *(PRErrorCode *)arg = err = PORT_GetError(); + + switch (err) + { + case SEC_ERROR_INVALID_AVA: + case SEC_ERROR_INVALID_TIME: + case SEC_ERROR_BAD_SIGNATURE: + case SEC_ERROR_EXPIRED_CERTIFICATE: + case SEC_ERROR_UNKNOWN_ISSUER: + case SEC_ERROR_UNTRUSTED_CERT: + case SEC_ERROR_CERT_VALID: + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: + case SEC_ERROR_CRL_EXPIRED: + case SEC_ERROR_CRL_BAD_SIGNATURE: + case SEC_ERROR_EXTENSION_VALUE_INVALID: + case SEC_ERROR_CA_CERT_INVALID: + case SEC_ERROR_CERT_USAGES_INVALID: + case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION: + status = SECSuccess; + break; + + default: + status = SECFailure; + break; + } + + gaim_debug_error("nss", "Bad certificate: %d\n"); + + return status; +} + +static gboolean +ssl_nss_init(void) +{ + PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + NSS_NoDB_Init(NULL); + + /* TODO: Fix this so autoconf does the work trying to find this lib. */ + SECMOD_AddNewModule("Builtins", +#ifndef _WIN32 + LIBDIR "/libnssckbi.so", +#else + "nssckbi.dll", +#endif + 0, 0); + NSS_SetDomesticPolicy(); + + _identity = PR_GetUniqueIdentity("Gaim"); + _nss_methods = PR_GetDefaultIOMethods(); + + return TRUE; +} + +static void +ssl_nss_uninit(void) +{ + PR_Cleanup(); + + _nss_methods = NULL; +} + +static void +ssl_nss_connect_cb(gpointer data, gint source, GaimInputCondition cond) +{ + GaimSslConnection *gsc = (GaimSslConnection *)data; + GaimSslNssData *nss_data = g_new0(GaimSslNssData, 1); + PRSocketOptionData socket_opt; + + gsc->private_data = nss_data; + + gsc->fd = source; + + nss_data->fd = PR_ImportTCPSocket(gsc->fd); + + if (nss_data->fd == NULL) + { + gaim_debug_error("nss", "nss_data->fd == NULL!\n"); + + gaim_ssl_close((GaimSslConnection *)gsc); + + return; + } + + socket_opt.option = PR_SockOpt_Nonblocking; + socket_opt.value.non_blocking = PR_FALSE; + + PR_SetSocketOption(nss_data->fd, &socket_opt); + + nss_data->in = SSL_ImportFD(NULL, nss_data->fd); + + if (nss_data->in == NULL) + { + gaim_debug_error("nss", "nss_data->in == NUL!\n"); + + gaim_ssl_close((GaimSslConnection *)gsc); + + return; + } + + SSL_OptionSet(nss_data->in, SSL_SECURITY, PR_TRUE); + SSL_OptionSet(nss_data->in, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); + + SSL_AuthCertificateHook(nss_data->in, + (SSLAuthCertificate)ssl_auth_cert, + (void *)CERT_GetDefaultCertDB()); + SSL_BadCertHook(nss_data->in, (SSLBadCertHandler)ssl_bad_cert, NULL); + + SSL_SetURL(nss_data->in, gsc->host); + + SSL_ResetHandshake(nss_data->in, PR_FALSE); + + if (SSL_ForceHandshake(nss_data->in)) + { + gaim_debug_error("nss", "Handshake failed\n"); + + gaim_ssl_close(gsc); + + return; + } + + gsc->connect_cb(gsc->connect_cb_data, gsc, cond); +} + +static void +ssl_nss_close(GaimSslConnection *gsc) +{ + GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); + + if (nss_data->in) PR_Close(nss_data->in); + /* if (nss_data->fd) PR_Close(nss_data->fd); */ + + g_free(nss_data); +} + +static size_t +ssl_nss_read(GaimSslConnection *gsc, void *data, size_t len) +{ + GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); + + return PR_Read(nss_data->in, data, len); +} + +static size_t +ssl_nss_write(GaimSslConnection *gsc, const void *data, size_t len) +{ + GaimSslNssData *nss_data = GAIM_SSL_NSS_DATA(gsc); + + return PR_Write(nss_data->in, data, len); +} + +static GaimSslOps ssl_ops = +{ + ssl_nss_init, + ssl_nss_uninit, + ssl_nss_connect_cb, + ssl_nss_close, + ssl_nss_read, + ssl_nss_write +}; + +#endif /* HAVE_NSS */ + + +static gboolean +plugin_load(GaimPlugin *plugin) +{ +#ifdef HAVE_NSS + gaim_ssl_set_ops(&ssl_ops); + + return TRUE; +#else + return FALSE; +#endif +} + +static gboolean +plugin_unload(GaimPlugin *plugin) +{ + return TRUE; +} + +static GaimPluginInfo info = +{ + 2, /**< api_version */ + GAIM_PLUGIN_STANDARD, /**< type */ + NULL, /**< ui_requirement */ + GAIM_PLUGIN_FLAG_INVISIBLE, /**< flags */ + NULL, /**< dependencies */ + GAIM_PRIORITY_DEFAULT, /**< priority */ + + SSL_GNUTLS_PLUGIN_ID, /**< id */ + N_("NSS"), /**< name */ + VERSION, /**< version */ + /** summary */ + N_("Provides SSL support through Mozilla NSS."), + /** description */ + N_("Provides SSL support through Mozilla NSS."), + "Christian Hammond <chipx86@gnupdate.org>", + GAIM_WEBSITE, /**< homepage */ + + plugin_load, /**< load */ + plugin_unload, /**< unload */ + NULL, /**< destroy */ + + NULL, /**< ui_info */ + NULL /**< extra_info */ +}; + +static void +init_plugin(GaimPlugin *plugin) +{ +} + +GAIM_INIT_PLUGIN(ssl_nss, init_plugin, info)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/ssl/ssl.c Mon Sep 29 15:29:49 2003 +0000 @@ -0,0 +1,112 @@ +/** + * @file ssl.c Main SSL plugin + * + * gaim + * + * Copyright (C) 2003 Christian Hammond <chipx86@gnupdate.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +#include "internal.h" +#include "debug.h" +#include "plugin.h" +#include "sslconn.h" + +#define SSL_PLUGIN_ID "core-ssl" + +static GaimPlugin *ssl_plugin = NULL; + +static gboolean +probe_ssl_plugins(GaimPlugin *my_plugin) +{ + GaimPlugin *plugin; + GList *l; + + ssl_plugin = NULL; + + for (l = gaim_plugins_get_all(); l != NULL; l = l->next) + { + plugin = (GaimPlugin *)l->data; + + if (plugin == my_plugin) + continue; + + if (plugin->info != NULL && plugin->info->id != NULL && + strncmp(plugin->info->id, "ssl-", 4) == 0) + { + if (gaim_plugin_is_loaded(plugin) || gaim_plugin_load(plugin)) + { + ssl_plugin = plugin; + + break; + } + } + } + + return (ssl_plugin != NULL); +} + +static gboolean +plugin_load(GaimPlugin *plugin) +{ + return probe_ssl_plugins(plugin); +} + +static gboolean +plugin_unload(GaimPlugin *plugin) +{ + if (ssl_plugin != NULL) + { + gaim_plugin_unload(ssl_plugin); + + ssl_plugin = NULL; + } + + return TRUE; +} + +static GaimPluginInfo info = +{ + 2, /**< api_version */ + GAIM_PLUGIN_STANDARD, /**< type */ + NULL, /**< ui_requirement */ + GAIM_PLUGIN_FLAG_INVISIBLE, /**< flags */ + NULL, /**< dependencies */ + GAIM_PRIORITY_DEFAULT, /**< priority */ + + SSL_PLUGIN_ID, /**< id */ + N_("SSL"), /**< name */ + VERSION, /**< version */ + /** summary */ + N_("Provides a wrapper around SSL support libraries."), + /** description */ + N_("Provides a wrapper around SSL support libraries."), + "Christian Hammond <chipx86@gnupdate.org>", + GAIM_WEBSITE, /**< homepage */ + + plugin_load, /**< load */ + plugin_unload, /**< unload */ + NULL, /**< destroy */ + + NULL, /**< ui_info */ + NULL /**< extra_info */ +}; + +static void +init_plugin(GaimPlugin *plugin) +{ +} + +GAIM_INIT_PLUGIN(ssl, init_plugin, info)
--- a/src/Makefile.am Mon Sep 29 15:28:20 2003 +0000 +++ b/src/Makefile.am Mon Sep 29 15:29:49 2003 +0000 @@ -4,8 +4,6 @@ getopt1.c \ Makefile.mingw \ win_gaim.c \ - ssl-nss.c \ - ssl-gnutls.c \ win32/IdleTracker/Makefile.mingw \ win32/IdleTracker/idletrack.c \ win32/IdleTracker/idletrack.h \ @@ -99,8 +97,6 @@ status.h \ sound.c \ sound.h \ - ssl-gnutls.c \ - ssl-nss.c \ sslconn.c \ sslconn.h \ util.c \ @@ -176,9 +172,7 @@ $(XSS_LIBS) \ $(SM_LIBS) \ $(INTLLIBS) \ - $(GTKSPELL_LIBS) \ - $(NSS_LIBS) \ - $(GNUTLS_LIBS) + $(GTKSPELL_LIBS) gaim_remote_SOURCES = \ gaim-remote.c @@ -197,6 +191,4 @@ $(AO_CFLAGS) \ $(DEBUG_CFLAGS) \ $(GTK_CFLAGS) \ - $(GTKSPELL_CFLAGS) \ - $(NSS_CFLAGS) \ - $(GNUTLS_CFLAGS) + $(GTKSPELL_CFLAGS)
--- a/src/sslconn.c Mon Sep 29 15:28:20 2003 +0000 +++ b/src/sslconn.c Mon Sep 29 15:29:49 2003 +0000 @@ -25,16 +25,6 @@ #include "debug.h" #include "sslconn.h" -/* Pre-installed SSL op functions. */ -#ifdef HAVE_NSS -GaimSslOps *gaim_ssl_nss_get_ops(); -#endif - -#ifdef HAVE_GNUTLS -GaimSslOps *gaim_ssl_gnutls_get_ops(); -#endif - - static gboolean _ssl_initialized = FALSE; static GaimSslOps *_ssl_ops = NULL; @@ -237,11 +227,6 @@ void gaim_ssl_init(void) { -#if defined(HAVE_NSS) - gaim_ssl_set_ops(gaim_ssl_nss_get_ops()); -#elif defined(HAVE_GNUTLS) - gaim_ssl_set_ops(gaim_ssl_gnutls_get_ops()); -#endif } void