diff options
author | louiz’ <louiz@louiz.org> | 2017-04-30 15:04:40 +0200 |
---|---|---|
committer | louiz’ <louiz@louiz.org> | 2017-04-30 15:14:54 +0200 |
commit | 7b3e0e0cf3eddd3537455a3605b04a48ee663f47 (patch) | |
tree | 06658235b0082b1f173c6114d4aeac2388540297 /src | |
parent | 1472adfa77f9c3a03967e723d8460f33544b545d (diff) | |
download | biboumi-7b3e0e0cf3eddd3537455a3605b04a48ee663f47.tar.gz biboumi-7b3e0e0cf3eddd3537455a3605b04a48ee663f47.tar.bz2 biboumi-7b3e0e0cf3eddd3537455a3605b04a48ee663f47.tar.xz biboumi-7b3e0e0cf3eddd3537455a3605b04a48ee663f47.zip |
Make botan’s policy configurable from a file
fix #3244
Diffstat (limited to 'src')
-rw-r--r-- | src/network/tcp_socket_handler.cpp | 14 | ||||
-rw-r--r-- | src/network/tcp_socket_handler.hpp | 17 | ||||
-rw-r--r-- | src/network/tls_policy.cpp | 48 | ||||
-rw-r--r-- | src/network/tls_policy.hpp | 28 | ||||
-rw-r--r-- | src/utils/dirname.cpp | 16 | ||||
-rw-r--r-- | src/utils/dirname.hpp | 6 | ||||
-rw-r--r-- | src/utils/xdg.hpp | 2 |
7 files changed, 108 insertions, 23 deletions
diff --git a/src/network/tcp_socket_handler.cpp b/src/network/tcp_socket_handler.cpp index 02265ec..1bd5315 100644 --- a/src/network/tcp_socket_handler.cpp +++ b/src/network/tcp_socket_handler.cpp @@ -14,6 +14,8 @@ #ifdef BOTAN_FOUND # include <botan/hex.h> # include <botan/tls_exceptn.h> +# include <config/config.hpp> +# include <utils/dirname.hpp> namespace { @@ -22,11 +24,6 @@ namespace static Botan::AutoSeeded_RNG rng{}; return rng; } - BiboumiTLSPolicy& get_policy() - { - static BiboumiTLSPolicy policy{}; - return policy; - } Botan::TLS::Session_Manager_In_Memory& get_session_manager() { static Botan::TLS::Session_Manager_In_Memory session_manager{get_rng()}; @@ -233,6 +230,11 @@ void TCPSocketHandler::consume_in_buffer(const std::size_t size) void TCPSocketHandler::start_tls(const std::string& address, const std::string& port) { Botan::TLS::Server_Information server_info(address, "irc", std::stoul(port)); + auto policy_directory = Config::get("policy_directory", utils::dirname(Config::get_filename())); + if (!policy_directory.empty() && policy_directory[policy_directory.size()-1] != '/') + policy_directory += '/'; + this->policy.load(policy_directory + "policy.txt"); + this->policy.load(policy_directory + address + ".policy.txt"); this->tls = std::make_unique<Botan::TLS::Client>( # if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32) *this, @@ -242,7 +244,7 @@ void TCPSocketHandler::start_tls(const std::string& address, const std::string& [this](Botan::TLS::Alert alert, const Botan::byte*, size_t) { this->tls_alert(alert); }, [this](const Botan::TLS::Session& session) { return this->tls_session_established(session); }, # endif - get_session_manager(), this->credential_manager, get_policy(), + get_session_manager(), this->credential_manager, this->policy, get_rng(), server_info, Botan::TLS::Protocol_Version::latest_tls_version()); } diff --git a/src/network/tcp_socket_handler.hpp b/src/network/tcp_socket_handler.hpp index ba23861..f68698e 100644 --- a/src/network/tcp_socket_handler.hpp +++ b/src/network/tcp_socket_handler.hpp @@ -23,21 +23,7 @@ # include <botan/types.h> # include <botan/botan.h> # include <botan/tls_session_manager.h> - -class BiboumiTLSPolicy: public Botan::TLS::Policy -{ -public: -# if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) - bool use_ecc_point_compression() const override - { - return true; - } - bool require_cert_revocation_info() const override - { - return false; - } -# endif -}; +# include <network/tls_policy.hpp> # if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,32) # define BOTAN_TLS_CALLBACKS_OVERRIDE override final @@ -230,6 +216,7 @@ protected: protected: BasicCredentialsManager credential_manager; private: + BiboumiTLSPolicy policy; /** * We use a unique_ptr because we may not want to create the object at * all. The Botan::TLS::Client object generates a handshake message and diff --git a/src/network/tls_policy.cpp b/src/network/tls_policy.cpp new file mode 100644 index 0000000..5439397 --- /dev/null +++ b/src/network/tls_policy.cpp @@ -0,0 +1,48 @@ +#include "biboumi.h" + +#ifdef BOTAN_FOUND + +#include <fstream> + +#include <utils/tolower.hpp> + +#include <network/tls_policy.hpp> +#include <logger/logger.hpp> + +bool BiboumiTLSPolicy::load(const std::string& filename) +{ + std::ifstream is(filename.data()); + if (is) + { + try { + this->load(is); + log_info("Successfully loaded policy file: ", filename); + return true; + } catch (const Botan::Exception& e) { + log_error("Failed to parse policy_file ", filename, ": ", e.what()); + return false; + } + } + log_info("Could not open policy file: ", filename); + return false; +} + +void BiboumiTLSPolicy::load(std::istream& is) +{ + const auto dict = Botan::read_cfg(is); + for (const auto& pair: dict) + { + // Workaround for options that are not overridden in Botan::TLS::Text_Policy + if (pair.first == "require_cert_revocation_info") + this->req_cert_revocation_info = !(pair.second == "0" || utils::tolower(pair.second) == "false"); + else + this->set(pair.first, pair.second); + } +} + +bool BiboumiTLSPolicy::require_cert_revocation_info() const +{ + return this->req_cert_revocation_info; +} + +#endif diff --git a/src/network/tls_policy.hpp b/src/network/tls_policy.hpp new file mode 100644 index 0000000..29fd2b3 --- /dev/null +++ b/src/network/tls_policy.hpp @@ -0,0 +1,28 @@ +#pragma once + +#include "biboumi.h" + +#ifdef BOTAN_FOUND + +#include <botan/tls_policy.h> + +class BiboumiTLSPolicy: public Botan::TLS::Text_Policy +{ +public: + BiboumiTLSPolicy(): + Botan::TLS::Text_Policy({}) + {} + bool load(const std::string& filename); + void load(std::istream& iss); + + BiboumiTLSPolicy(const BiboumiTLSPolicy &) = delete; + BiboumiTLSPolicy(BiboumiTLSPolicy &&) = delete; + BiboumiTLSPolicy &operator=(const BiboumiTLSPolicy &) = delete; + BiboumiTLSPolicy &operator=(BiboumiTLSPolicy &&) = delete; + + bool require_cert_revocation_info() const override; +protected: + bool req_cert_revocation_info{true}; +}; + +#endif diff --git a/src/utils/dirname.cpp b/src/utils/dirname.cpp new file mode 100644 index 0000000..71c9c38 --- /dev/null +++ b/src/utils/dirname.cpp @@ -0,0 +1,16 @@ +#include <utils/dirname.hpp> + +namespace utils +{ + std::string dirname(const std::string filename) + { + if (filename.empty()) + return "./"; + if (filename == ".." || filename == ".") + return filename; + auto pos = filename.rfind('/'); + if (pos == std::string::npos) + return "./"; + return filename.substr(0, pos + 1); + } +} diff --git a/src/utils/dirname.hpp b/src/utils/dirname.hpp new file mode 100644 index 0000000..c1df81b --- /dev/null +++ b/src/utils/dirname.hpp @@ -0,0 +1,6 @@ +#include <string> + +namespace utils +{ +std::string dirname(const std::string filename); +} diff --git a/src/utils/xdg.hpp b/src/utils/xdg.hpp index 56e11da..7be6922 100644 --- a/src/utils/xdg.hpp +++ b/src/utils/xdg.hpp @@ -10,5 +10,3 @@ */ std::string xdg_config_path(const std::string& filename); std::string xdg_data_path(const std::string& filename); - - |