diff options
author | Michele Calgaro <michele.calgaro@yahoo.it> | 2020-12-06 21:23:48 +0900 |
---|---|---|
committer | Michele Calgaro <michele.calgaro@yahoo.it> | 2020-12-06 21:34:48 +0900 |
commit | 84498d97e27f79e7e919b42bbe54208a02856aaf (patch) | |
tree | 8a66f6e1a88bc2304b453796663ae75f20425490 /tdeio/kssl/ksslsettings.cpp | |
parent | 8bc0bc7fc67437fbf757283604104e998ad2fda7 (diff) | |
download | tdelibs-84498d97e27f79e7e919b42bbe54208a02856aaf.tar.gz tdelibs-84498d97e27f79e7e919b42bbe54208a02856aaf.zip |
Renaming of files in preparation for code style tools.
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
(cherry picked from commit 4f99f868f09bbffa2e15733b8b7c78eba07a199e)
Diffstat (limited to 'tdeio/kssl/ksslsettings.cpp')
-rw-r--r-- | tdeio/kssl/ksslsettings.cpp | 345 |
1 files changed, 345 insertions, 0 deletions
diff --git a/tdeio/kssl/ksslsettings.cpp b/tdeio/kssl/ksslsettings.cpp new file mode 100644 index 000000000..090eaef4f --- /dev/null +++ b/tdeio/kssl/ksslsettings.cpp @@ -0,0 +1,345 @@ +/* This file is part of the KDE project + * + * Copyright (C) 2000 George Staikos <staikos@kde.org> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <sys/types.h> +#include <sys/stat.h> + +#include <stdlib.h> +#include <pwd.h> +#include <unistd.h> + +#include <tqfile.h> +#include <tqsortedlist.h> + +#include "ksslsettings.h" +#include <tdeglobal.h> +#include <kstandarddirs.h> +#include <kdebug.h> + +// this hack provided by Malte Starostik to avoid glibc/openssl bug +// on some systems +#ifdef KSSL_HAVE_SSL +#define crypt _openssl_crypt +#include <openssl/ssl.h> +#undef crypt +#endif +#include <kopenssl.h> + + +class CipherNode { +public: + CipherNode(const char *_name, int _keylen) : + name(_name), keylen(_keylen) {} + TQString name; + int keylen; + inline int operator==(CipherNode &x) + { return ((x.keylen == keylen) && (x.name == name)); } + inline int operator< (CipherNode &x) { return keylen < x.keylen; } + inline int operator<=(CipherNode &x) { return keylen <= x.keylen; } + inline int operator> (CipherNode &x) { return keylen > x.keylen; } + inline int operator>=(CipherNode &x) { return keylen >= x.keylen; } +}; + + +class KSSLSettingsPrivate { +public: + KSSLSettingsPrivate() { + kossl = NULL; // try to delay this as long as possible + } + ~KSSLSettingsPrivate() { + + } + + KOSSL *kossl; + bool m_bUseEGD; + bool m_bUseEFile; + TQString m_EGDPath; + bool m_bSendX509; + bool m_bPromptX509; +}; + +// +// FIXME +// Implementation note: for now, we only read cipher settings from disk, +// and do not store them in memory. This should change. +// + +KSSLSettings::KSSLSettings(bool readConfig) { + d = new KSSLSettingsPrivate; + m_cfg = new TDEConfig("cryptodefaults", false, false); + + if (!TDEGlobal::dirs()->addResourceType("kssl", TDEStandardDirs::kde_default("data") + "kssl")) { + //kdDebug(7029) << "Error adding (kssl, share/apps/kssl)" << endl; + } + + if (readConfig) load(); +} + + +// we don't save settings incase it was a temporary object +KSSLSettings::~KSSLSettings() { + delete m_cfg; + delete d; +} + + +bool KSSLSettings::sslv2() const { + return m_bUseSSLv2; +} + + +bool KSSLSettings::sslv3() const { + return m_bUseSSLv3; +} + + +bool KSSLSettings::tlsv1() const { + return m_bUseTLSv1; +} + + +// FIXME: we should make a default list available if this fails +// since OpenSSL seems to just choose any old thing if it's given an +// empty list. This behavior is not confirmed though. +TQString KSSLSettings::getCipherList() { + TQString clist; +#ifdef KSSL_HAVE_SSL + TQString tcipher; + bool firstcipher = true; + SSL_METHOD *meth = 0L; + TQPtrList<CipherNode> cipherList; + + cipherList.setAutoDelete(true); + + if (!d->kossl) + d->kossl = KOSSL::self(); + + if (m_bUseSSLv3 && m_bUseSSLv2) + meth = d->kossl->TLS_client_method(); + else if(m_bUseSSLv3) + meth = d->kossl->SSLv3_client_method(); + else if (m_bUseSSLv2) + meth = d->kossl->SSLv2_client_method(); + + SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth); + SSL* ssl = d->kossl->SSL_new(ctx); + STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl); + int cnt = d->kossl->OPENSSL_sk_num(sk); + for (int i=0; i< cnt; i++) { + SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(d->kossl->OPENSSL_sk_value(sk,i)); + if (!sc) + break; + + if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc))) + m_cfg->setGroup("SSLv2"); + else + m_cfg->setGroup("SSLv3"); + + tcipher.sprintf("cipher_%s", d->kossl->SSL_CIPHER_get_name(sc)); + int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL); + if (m_cfg->readBoolEntry(tcipher, bits >= 56)) { + CipherNode *xx = new CipherNode(d->kossl->SSL_CIPHER_get_name(sc),bits); + if (!cipherList.contains(xx)) + cipherList.prepend(xx); + else + delete xx; + } + } + d->kossl->SSL_free(ssl); + d->kossl->SSL_CTX_free(ctx); + + // Remove any ADH ciphers as per RFC2246 + // Also remove NULL ciphers and 168bit ciphers + for (unsigned int i = 0; i < cipherList.count(); i++) { + CipherNode *j = 0L; + while ((j = cipherList.at(i)) != 0L) { + if (j->name.contains("ADH-") || j->name.contains("NULL-") || j->name.contains("DES-CBC3-SHA") || j->name.contains("FZA")) { + cipherList.remove(j); + } else { + break; + } + } + } + + // now assemble the list cipher1:cipher2:cipher3:...:ciphern + while (!cipherList.isEmpty()) { + if (firstcipher) + firstcipher = false; + else clist.append(":"); + clist.append(cipherList.getLast()->name); + cipherList.removeLast(); + } // while + + kdDebug(7029) << "Cipher list is: " << clist << endl; + +#endif + return clist; +} + +// FIXME - sync these up so that we can use them with the control module!! +void KSSLSettings::load() { + m_cfg->reparseConfiguration(); + + m_cfg->setGroup("TLS"); + m_bUseTLSv1 = m_cfg->readBoolEntry("Enabled", true); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) + m_bUseSSLv2 = false; +#else + m_cfg->setGroup("SSLv2"); + m_bUseSSLv2 = m_cfg->readBoolEntry("Enabled", false); +#endif + +#if defined(OPENSSL_NO_SSL3) + m_bUseSSLv3 = false; +#else + m_cfg->setGroup("SSLv3"); + m_bUseSSLv3 = m_cfg->readBoolEntry("Enabled", true); +#endif + + m_cfg->setGroup("Warnings"); + m_bWarnOnEnter = m_cfg->readBoolEntry("OnEnter", false); + m_bWarnOnLeave = m_cfg->readBoolEntry("OnLeave", true); + m_bWarnOnUnencrypted = m_cfg->readBoolEntry("OnUnencrypted", true); + m_bWarnOnMixed = m_cfg->readBoolEntry("OnMixed", true); + + m_cfg->setGroup("Validation"); + m_bWarnSelfSigned = m_cfg->readBoolEntry("WarnSelfSigned", true); + m_bWarnExpired = m_cfg->readBoolEntry("WarnExpired", true); + m_bWarnRevoked = m_cfg->readBoolEntry("WarnRevoked", true); + + m_cfg->setGroup("EGD"); + d->m_bUseEGD = m_cfg->readBoolEntry("UseEGD", false); + d->m_bUseEFile = m_cfg->readBoolEntry("UseEFile", false); + d->m_EGDPath = m_cfg->readPathEntry("EGDPath"); + + m_cfg->setGroup("Auth"); + d->m_bSendX509 = ("send" == m_cfg->readEntry("AuthMethod", "")); + d->m_bPromptX509 = ("prompt" == m_cfg->readEntry("AuthMethod", "")); + + #ifdef KSSL_HAVE_SSL + + + + #endif +} + + +void KSSLSettings::defaults() { + m_bUseTLSv1 = true; + m_bUseSSLv2 = false; + m_bUseSSLv3 = true; + m_bWarnOnEnter = false; + m_bWarnOnLeave = true; + m_bWarnOnUnencrypted = true; + m_bWarnOnMixed = true; + m_bWarnSelfSigned = true; + m_bWarnExpired = true; + m_bWarnRevoked = true; + d->m_bUseEGD = false; + d->m_bUseEFile = false; + d->m_EGDPath = ""; +} + + +void KSSLSettings::save() { + m_cfg->setGroup("TLS"); + m_cfg->writeEntry("Enabled", m_bUseTLSv1); + + m_cfg->setGroup("SSLv2"); + m_cfg->writeEntry("Enabled", m_bUseSSLv2); + + m_cfg->setGroup("SSLv3"); + m_cfg->writeEntry("Enabled", m_bUseSSLv3); + + m_cfg->setGroup("Warnings"); + m_cfg->writeEntry("OnEnter", m_bWarnOnEnter); + m_cfg->writeEntry("OnLeave", m_bWarnOnLeave); + m_cfg->writeEntry("OnUnencrypted", m_bWarnOnUnencrypted); + m_cfg->writeEntry("OnMixed", m_bWarnOnMixed); + + m_cfg->setGroup("Validation"); + m_cfg->writeEntry("WarnSelfSigned", m_bWarnSelfSigned); + m_cfg->writeEntry("WarnExpired", m_bWarnExpired); + m_cfg->writeEntry("WarnRevoked", m_bWarnRevoked); + + m_cfg->setGroup("EGD"); + m_cfg->writeEntry("UseEGD", d->m_bUseEGD); + m_cfg->writeEntry("UseEFile", d->m_bUseEFile); + m_cfg->writePathEntry("EGDPath", d->m_EGDPath); + + m_cfg->sync(); + // FIXME - ciphers +#if 0 +#ifdef KSSL_HAVE_SSL + m_cfg->setGroup("SSLv2"); + for (unsigned int i = 0; i < v2ciphers.count(); i++) { + TQString ciphername; + ciphername.sprintf("cipher_%s", v2ciphers[i].ascii()); + if (v2selectedciphers.contains(v2ciphers[i])) { + m_cfg->writeEntry(ciphername, true); + } else m_cfg->writeEntry(ciphername, false); + } + + m_cfg->setGroup("SSLv3"); + for (unsigned int i = 0; i < v3ciphers.count(); i++) { + TQString ciphername; + ciphername.sprintf("cipher_%s", v3ciphers[i].ascii()); + if (v3selectedciphers.contains(v3ciphers[i])) { + m_cfg->writeEntry(ciphername, true); + } else m_cfg->writeEntry(ciphername, false); + } +#endif + + m_cfg->sync(); + + // insure proper permissions -- contains sensitive data + TQString cfgName(TDEGlobal::dirs()->findResource("config", "cryptodefaults")); + if (!cfgName.isEmpty()) + ::chmod(TQFile::encodeName(cfgName), 0600); +#endif +} + + +bool KSSLSettings::warnOnEnter() const { return m_bWarnOnEnter; } +void KSSLSettings::setWarnOnEnter(bool x) { m_bWarnOnEnter = x; } +bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; } +void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; } +bool KSSLSettings::warnOnLeave() const { return m_bWarnOnLeave; } +void KSSLSettings::setWarnOnLeave(bool x) { m_bWarnOnLeave = x; } +bool KSSLSettings::warnOnMixed() const { return m_bWarnOnMixed; } +bool KSSLSettings::warnOnSelfSigned() const { return m_bWarnSelfSigned; } +bool KSSLSettings::warnOnRevoked() const { return m_bWarnRevoked; } +bool KSSLSettings::warnOnExpired() const { return m_bWarnExpired; } +bool KSSLSettings::useEGD() const { return d->m_bUseEGD; } +bool KSSLSettings::useEFile() const { return d->m_bUseEFile; } +bool KSSLSettings::autoSendX509() const { return d->m_bSendX509; } +bool KSSLSettings::promptSendX509() const { return d->m_bPromptX509; } + +void KSSLSettings::setTLSv1(bool enabled) { m_bUseTLSv1 = enabled; } +void KSSLSettings::setSSLv2(bool enabled) { m_bUseSSLv2 = enabled; } +void KSSLSettings::setSSLv3(bool enabled) { m_bUseSSLv3 = enabled; } + +TQString& KSSLSettings::getEGDPath() { return d->m_EGDPath; } + |