X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=apps%2Firssi%2Fsrc%2Fsilc%2Fcore%2Fclientutil.c;h=836347338a3457deaa8af281f5d37ef4d6775dc1;hb=52e57c880aba9c5e89f59d962eb9af75670b76e0;hp=a98b971426ce54329ddd78482b2d39d986f80bf9;hpb=33fde1853daddd7f34565507cb96652f0cec4ee2;p=silc.git diff --git a/apps/irssi/src/silc/core/clientutil.c b/apps/irssi/src/silc/core/clientutil.c index a98b9714..83634733 100644 --- a/apps/irssi/src/silc/core/clientutil.c +++ b/apps/irssi/src/silc/core/clientutil.c @@ -4,12 +4,12 @@ Author: Pekka Riikonen - Copyright (C) 1997 - 2002 Pekka Riikonen + Copyright (C) 1997 - 2006 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -41,15 +41,40 @@ #include "fe-common/core/printtext.h" #include "fe-common/core/keyboard.h" +#include "fe-common/silc/module-formats.h" #include "core.h" +#ifdef SILC_PLUGIN +void silc_client_print_list(char *list) +{ + char **items; + int i=0; + + items = g_strsplit(list, ",", -1); + + while (items[i] != NULL) + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_LIST, + items[i++]); + + g_strfreev(items); +} +#endif + /* Lists supported ciphers */ void silc_client_list_ciphers() { char *ciphers = silc_cipher_get_supported(); +#ifdef SILC_PLUGIN + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_ALGOS, + "cipher"); + silc_client_print_list(ciphers); +#else fprintf(stdout, "%s\n", ciphers); +#endif silc_free(ciphers); } @@ -58,7 +83,14 @@ void silc_client_list_ciphers() void silc_client_list_hash_funcs() { char *hash = silc_hash_get_supported(); +#ifdef SILC_PLUGIN + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_ALGOS, + "hash"); + silc_client_print_list(hash); +#else fprintf(stdout, "%s\n", hash); +#endif silc_free(hash); } @@ -67,7 +99,14 @@ void silc_client_list_hash_funcs() void silc_client_list_hmacs() { char *hash = silc_hmac_get_supported(); +#ifdef SILC_PLUGIN + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_ALGOS, + "hmac"); + silc_client_print_list(hash); +#else fprintf(stdout, "%s\n", hash); +#endif silc_free(hash); } @@ -76,194 +115,29 @@ void silc_client_list_hmacs() void silc_client_list_pkcs() { char *pkcs = silc_pkcs_get_supported(); +#ifdef SILC_PLUGIN + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_ALGOS, + "pkcs"); + silc_client_print_list(pkcs); +#else fprintf(stdout, "%s\n", pkcs); +#endif silc_free(pkcs); } -/* Returns identifier string for public key generation. */ - -char *silc_client_create_identifier() -{ - char *username = NULL, *realname = NULL; - char *hostname, email[256]; - char *ident; - - /* Get realname */ - realname = silc_get_real_name(); - - /* Get hostname */ - hostname = silc_net_localhost(); - if (!hostname) - return NULL; - - /* Get username (mandatory) */ - username = silc_get_username(); - if (!username) - return NULL; - - /* Create default email address, whether it is right or not */ - snprintf(email, sizeof(email), "%s@%s", username, hostname); - - ident = silc_pkcs_encode_identifier(username, hostname, realname, email, - NULL, NULL); - if (realname) - silc_free(realname); - silc_free(hostname); - silc_free(username); - - return ident; -} - -/* Creates new public key and private key pair. This is used only - when user wants to create new key pair from command line. */ - -int silc_client_create_key_pair(char *pkcs_name, int bits, - char *public_key, char *private_key, - char *identifier, - SilcPublicKey *ret_pub_key, - SilcPrivateKey *ret_prv_key) -{ - SilcPKCS pkcs; - SilcPublicKey pub_key; - SilcPrivateKey prv_key; - SilcRng rng; - unsigned char *key; - SilcUInt32 key_len; - char line[256]; - char *pkfile = NULL, *prvfile = NULL; - - if (!pkcs_name || !public_key || !private_key) - printf("\ -New pair of keys will be created. Please, answer to following questions.\n\ -"); - - if (!pkcs_name) { - again_name: - pkcs_name = silc_get_input("PKCS name (l to list names) [rsa]: ", FALSE); - if (!pkcs_name) - pkcs_name = strdup("rsa"); - - if (*pkcs_name == 'l' || *pkcs_name == 'L') { - silc_client_list_pkcs(); - silc_free(pkcs_name); - goto again_name; - } - } - - if (!silc_pkcs_is_supported(pkcs_name)) { - fprintf(stderr, "Unknown PKCS `%s'", pkcs_name); - return FALSE; - } - - if (!bits) { - char *length = NULL; - length = silc_get_input("Key length in bits [1024]: ", FALSE); - if (!length) - bits = 1024; - else - bits = atoi(length); - } - - if (!identifier) { - char *def = silc_client_create_identifier(); - - memset(line, 0, sizeof(line)); - if (def) - snprintf(line, sizeof(line), "Identifier [%s]: ", def); - else - snprintf(line, sizeof(line), - "Identifier (eg. UN=jon, HN=jon.dummy.com, " - "RN=Jon Johnson, E=jon@dummy.com): "); - - while (!identifier) { - identifier = silc_get_input(line, FALSE); - if (!identifier && def) - identifier = strdup(def); - } - - if (def) - silc_free(def); - } - - rng = silc_rng_alloc(); - silc_rng_init(rng); - silc_rng_global_init(rng); - - if (!public_key) { - memset(line, 0, sizeof(line)); - snprintf(line, sizeof(line), "Public key filename [%s] ", - SILC_CLIENT_PUBLIC_KEY_NAME); - pkfile = silc_get_input(line, FALSE); - if (!pkfile) - pkfile = SILC_CLIENT_PUBLIC_KEY_NAME; - } else { - pkfile = public_key; - } - - if (!private_key) { - memset(line, 0, sizeof(line)); - snprintf(line, sizeof(line), "Public key filename [%s] ", - SILC_CLIENT_PRIVATE_KEY_NAME); - prvfile = silc_get_input(line, FALSE); - if (!prvfile) - prvfile = SILC_CLIENT_PRIVATE_KEY_NAME; - } else { - prvfile = private_key; - } - - /* Generate keys */ - silc_pkcs_alloc(pkcs_name, &pkcs); - silc_pkcs_generate_key(pkcs, bits, rng); - - /* Save public key into file */ - key = silc_pkcs_get_public_key(pkcs, &key_len); - pub_key = silc_pkcs_public_key_alloc(pkcs->pkcs->name, identifier, - key, key_len); - silc_pkcs_save_public_key(pkfile, pub_key, SILC_PKCS_FILE_PEM); - if (ret_pub_key) - *ret_pub_key = pub_key; - - memset(key, 0, sizeof(key_len)); - silc_free(key); - - /* Save private key into file */ - key = silc_pkcs_get_private_key(pkcs, &key_len); - prv_key = silc_pkcs_private_key_alloc(pkcs->pkcs->name, key, key_len); - - silc_pkcs_save_private_key(prvfile, prv_key, NULL, SILC_PKCS_FILE_BIN); - if (ret_prv_key) - *ret_prv_key = prv_key; - - printf("Public key has been saved into `%s'.\n", pkfile); - printf("Private key has been saved into `%s'.\n", prvfile); - printf("Press to continue...\n"); - getchar(); - - memset(key, 0, sizeof(key_len)); - silc_free(key); - - silc_rng_free(rng); - silc_pkcs_free(pkcs); - - return TRUE; -} - -/* This checks stats for various SILC files and directories. First it - checks if ~/.silc directory exist and is owned by the correct user. If +/* This checks stats for various SILC files and directories. First it + checks if ~/.silc directory exist and is owned by the correct user. If it doesn't exist, it will create the directory. After that it checks if - user's Public and Private key files exists and that they aren't expired. - If they doesn't exist or they are expired, they will be (re)created - after return. */ + user's Public and Private key files exists. If they doesn't exist they + will be created after return. */ int silc_client_check_silc_dir() { char filename[256], file_public_key[256], file_private_key[256]; - char servfilename[256], clientfilename[256]; - char *identifier; + char servfilename[256], clientfilename[256], friendsfilename[256]; struct stat st; struct passwd *pw; - int firstime = FALSE; - time_t curtime, modtime; SILC_LOG_DEBUG(("Checking ~./silc directory")); @@ -271,21 +145,19 @@ int silc_client_check_silc_dir() memset(file_public_key, 0, sizeof(file_public_key)); memset(file_private_key, 0, sizeof(file_private_key)); - identifier = silc_client_create_identifier(); - pw = getpwuid(getuid()); if (!pw) { fprintf(stderr, "silc: %s\n", strerror(errno)); - if (identifier) - silc_free(identifier); return FALSE; } /* We'll take home path from /etc/passwd file to be sure. */ snprintf(filename, sizeof(filename) - 1, "%s/", get_irssi_dir()); - snprintf(servfilename, sizeof(servfilename) - 1, "%s/serverkeys", + snprintf(servfilename, sizeof(servfilename) - 1, "%s/serverkeys", + get_irssi_dir()); + snprintf(clientfilename, sizeof(clientfilename) - 1, "%s/clientkeys", get_irssi_dir()); - snprintf(clientfilename, sizeof(clientfilename) - 1, "%s/clientkeys", + snprintf(friendsfilename, sizeof(friendsfilename) - 1, "%s/friends", get_irssi_dir()); /* @@ -299,9 +171,6 @@ int silc_client_check_silc_dir() fprintf(stderr, "Couldn't create `%s' directory\n", filename); return FALSE; } - - /* Directory was created. First time running SILC */ - firstime = TRUE; } else { fprintf(stderr, "Couldn't create `%s' directory due to a wrong uid!\n", filename); @@ -312,19 +181,19 @@ int silc_client_check_silc_dir() return FALSE; } } else { - + /* Check the owner of the dir */ - if (st.st_uid != 0 && st.st_uid != pw->pw_uid) { + if (st.st_uid != 0 && st.st_uid != pw->pw_uid) { fprintf(stderr, "You don't seem to own `%s' directory\n", filename); return FALSE; } - + #if 0 /* Check the permissions of the dir */ if ((st.st_mode & 0777) != 0755) { if ((chmod(filename, 0755)) == -1) { - fprintf(stderr, "Permissions for `%s' directory must be 0755\n", + fprintf(stderr, "Permissions for `%s' directory must be 0755\n", filename); return FALSE; } @@ -353,7 +222,7 @@ int silc_client_check_silc_dir() return FALSE; } } - + /* * Check ~./silc/clientkeys directory */ @@ -375,101 +244,94 @@ int silc_client_check_silc_dir() return FALSE; } } - + + /* + * Check ~./silc/friends directory + */ + if ((stat(friendsfilename, &st)) == -1) { + /* If dir doesn't exist */ + if (errno == ENOENT) { + if (pw->pw_uid == geteuid()) { + if ((mkdir(friendsfilename, 0755)) == -1) { + fprintf(stderr, "Couldn't create `%s' directory\n", friendsfilename); + return FALSE; + } + } else { + fprintf(stderr, "Couldn't create `%s' directory due to a wrong uid!\n", + friendsfilename); + return FALSE; + } + } else { + fprintf(stderr, "%s\n", strerror(errno)); + return FALSE; + } + } + /* * Check Public and Private keys */ - snprintf(file_public_key, sizeof(file_public_key) - 1, "%s%s", + snprintf(file_public_key, sizeof(file_public_key) - 1, "%s%s", filename, SILC_CLIENT_PUBLIC_KEY_NAME); - snprintf(file_private_key, sizeof(file_private_key) - 1, "%s%s", + snprintf(file_private_key, sizeof(file_private_key) - 1, "%s%s", filename, SILC_CLIENT_PRIVATE_KEY_NAME); - - /* If running SILC first time */ - if (firstime) { - fprintf(stdout, "Running SILC for the first time\n"); - silc_client_create_key_pair(SILC_CLIENT_DEF_PKCS, - SILC_CLIENT_DEF_PKCS_LEN, - file_public_key, file_private_key, - identifier, NULL, NULL); - return TRUE; - } - + if ((stat(file_public_key, &st)) == -1) { /* If file doesn't exist */ if (errno == ENOENT) { - fprintf(stdout, "Your public key doesn't exist\n"); - silc_client_create_key_pair(SILC_CLIENT_DEF_PKCS, - SILC_CLIENT_DEF_PKCS_LEN, - file_public_key, - file_private_key, identifier, NULL, NULL); + fprintf(stdout, "Running SILC for the first time\n"); + silc_create_key_pair(SILC_CLIENT_DEF_PKCS, + SILC_CLIENT_DEF_PKCS_LEN, + file_public_key, file_private_key, + NULL, NULL, NULL, NULL, FALSE); + printf("Press to continue...\n"); + getchar(); } else { fprintf(stderr, "%s\n", strerror(errno)); return FALSE; } } + /* Check the owner of the public key */ + if (st.st_uid != 0 && st.st_uid != pw->pw_uid) { + fprintf(stderr, "You don't seem to own your public key!?\n"); + return FALSE; + } + if ((stat(file_private_key, &st)) == -1) { /* If file doesn't exist */ if (errno == ENOENT) { fprintf(stdout, "Your private key doesn't exist\n"); - silc_client_create_key_pair(SILC_CLIENT_DEF_PKCS, - SILC_CLIENT_DEF_PKCS_LEN, - file_public_key, - file_private_key, identifier, NULL, NULL); + silc_create_key_pair(SILC_CLIENT_DEF_PKCS, + SILC_CLIENT_DEF_PKCS_LEN, + file_public_key, file_private_key, + NULL, NULL, NULL, NULL, FALSE); + printf("Press to continue...\n"); + getchar(); } else { fprintf(stderr, "%s\n", strerror(errno)); return FALSE; } } - - /* Check the owner of the public key */ - if (st.st_uid != 0 && st.st_uid != pw->pw_uid) { - fprintf(stderr, "You don't seem to own your public key!?\n"); - return FALSE; - } - + /* Check the owner of the private key */ - if (st.st_uid != 0 && st.st_uid != pw->pw_uid) { + if (st.st_uid != 0 && st.st_uid != pw->pw_uid) { fprintf(stderr, "You don't seem to own your private key!?\n"); return FALSE; } - + /* Check the permissions for the private key */ if ((st.st_mode & 0777) != 0600) { fprintf(stderr, "Wrong permissions in your private key file `%s'!\n" "Trying to change them ... ", file_private_key); if ((chmod(file_private_key, 0600)) == -1) { fprintf(stderr, - "Failed to change permissions for private key file!\n" + "Failed to change permissions for private key file!\n" "Permissions for your private key file must be 0600.\n"); return FALSE; } fprintf(stderr, "Done.\n\n"); } - /* See if the key has expired. */ - modtime = st.st_mtime; /* last modified */ - curtime = time(0) - modtime; - - /* 86400 is seconds in a day. */ - if (curtime >= (86400 * SILC_CLIENT_KEY_EXPIRES)) { - fprintf(stdout, - "--------------------------------------------------\n" - "Your private key has expired and needs to be\n" - "recreated. This will be done automatically now.\n" - "Your new key will expire in %d days from today.\n" - "--------------------------------------------------\n", - SILC_CLIENT_KEY_EXPIRES); - - silc_client_create_key_pair(SILC_CLIENT_DEF_PKCS, - SILC_CLIENT_DEF_PKCS_LEN, - file_public_key, - file_private_key, identifier, NULL, NULL); - } - - if (identifier) - silc_free(identifier); - return TRUE; } @@ -477,8 +339,9 @@ int silc_client_check_silc_dir() int silc_client_load_keys(SilcClient client) { - char filename[256]; + char pub[256], prv[256]; struct passwd *pw; + bool ret; SILC_LOG_DEBUG(("Loading public and private keys")); @@ -486,90 +349,123 @@ int silc_client_load_keys(SilcClient client) if (!pw) return FALSE; - memset(filename, 0, sizeof(filename)); - snprintf(filename, sizeof(filename) - 1, "%s/%s", + memset(prv, 0, sizeof(prv)); + snprintf(prv, sizeof(prv) - 1, "%s/%s", get_irssi_dir(), SILC_CLIENT_PRIVATE_KEY_NAME); - if (silc_pkcs_load_private_key(filename, &client->private_key, - SILC_PKCS_FILE_BIN) == FALSE) - if (silc_pkcs_load_private_key(filename, &client->private_key, - SILC_PKCS_FILE_PEM) == FALSE) - return FALSE; - - memset(filename, 0, sizeof(filename)); - snprintf(filename, sizeof(filename) - 1, "%s/%s", + memset(pub, 0, sizeof(pub)); + snprintf(pub, sizeof(pub) - 1, "%s/%s", get_irssi_dir(), SILC_CLIENT_PUBLIC_KEY_NAME); - if (silc_pkcs_load_public_key(filename, &client->public_key, - SILC_PKCS_FILE_PEM) == FALSE) - if (silc_pkcs_load_public_key(filename, &client->public_key, - SILC_PKCS_FILE_BIN) == FALSE) - return FALSE; + /* Try loading first with "" passphrase, for those that didn't set + passphrase for private key, and only if that fails let it prompt + for passphrase. */ + ret = silc_load_key_pair(pub, prv, "", &irssi_pubkey, &irssi_privkey); + if (!ret) + ret = silc_load_key_pair(pub, prv, NULL, &irssi_pubkey, &irssi_privkey); - silc_pkcs_alloc(client->public_key->name, &client->pkcs); - silc_pkcs_public_key_set(client->pkcs, client->public_key); - silc_pkcs_private_key_set(client->pkcs, client->private_key); + if (!ret) + SILC_LOG_ERROR(("Could not load key pair")); - return TRUE; + return ret; } -/* Dumps the public key on screen. Used from the command line option. */ - -int silc_client_show_key(char *keyfile) +#ifdef SILC_PLUGIN +void create_key_passphrase(const char *answer, CREATE_KEY_REC *rec) { - SilcPublicKey public_key; - SilcPublicKeyIdentifier ident; - char *fingerprint, *babbleprint; - unsigned char *pk; - SilcUInt32 pk_len; - SilcPKCS pkcs; - int key_len = 0; - - if (silc_pkcs_load_public_key(keyfile, &public_key, - SILC_PKCS_FILE_PEM) == FALSE) - if (silc_pkcs_load_public_key(keyfile, &public_key, - SILC_PKCS_FILE_BIN) == FALSE) { - fprintf(stderr, "Could not load public key file `%s'\n", keyfile); - return FALSE; + char priv_key_file[128], pub_key_file[128]; + + signal_stop(); + + if ((rec->passphrase == NULL) && (answer) && (*answer != '\0')) { + rec->passphrase = g_strdup(answer); + keyboard_entry_redirect((SIGNAL_FUNC) create_key_passphrase, + format_get_text("fe-common/silc", NULL, NULL, + NULL, SILCTXT_CONFIG_PASS_ASK2), + ENTRY_REDIRECT_FLAG_HIDDEN, rec); + return; + } + + if ((answer) && (*answer != '\0') && (rec->passphrase != NULL)) { + if (strcmp(answer, rec->passphrase)) { + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_PASSMISMATCH); + g_free(rec->pkcs); + g_free(rec->passphrase); + g_free(rec); + return; } + } - ident = silc_pkcs_decode_identifier(public_key->identifier); + memset(priv_key_file, 0, sizeof(priv_key_file)); + memset(pub_key_file, 0, sizeof(pub_key_file)); + snprintf(priv_key_file, sizeof(priv_key_file) - 1, "%s/%s", + get_irssi_dir(), SILC_CLIENT_PRIVATE_KEY_NAME); + snprintf(pub_key_file, sizeof(pub_key_file) - 1, "%s/%s", + get_irssi_dir(), SILC_CLIENT_PUBLIC_KEY_NAME); - pk = silc_pkcs_public_key_encode(public_key, &pk_len); - fingerprint = silc_hash_fingerprint(NULL, pk, pk_len); - babbleprint = silc_hash_babbleprint(NULL, pk, pk_len); + if (silc_create_key_pair(rec->pkcs, rec->bits, pub_key_file, priv_key_file, + NULL, (rec->passphrase == NULL ? "" : rec->passphrase), + NULL, NULL, FALSE) == TRUE) + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_CREATE); + else + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_CREATE_FAIL); + + g_free(rec->passphrase); + g_free(rec->pkcs); + g_free(rec); +} - if (silc_pkcs_alloc(public_key->name, &pkcs)) { - key_len = silc_pkcs_public_key_set(pkcs, public_key); - silc_pkcs_free(pkcs); +void change_private_key_passphrase(const char *answer, CREATE_KEY_REC *rec) +{ + signal_stop(); + + if (rec->old == NULL) { + rec->old = g_strdup((answer == NULL ? "" : answer)); + keyboard_entry_redirect((SIGNAL_FUNC) change_private_key_passphrase, + format_get_text("fe-common/silc", NULL, NULL, + NULL, SILCTXT_CONFIG_PASS_ASK2), + ENTRY_REDIRECT_FLAG_HIDDEN, rec); + return; } - printf("Public key file : %s\n", keyfile); - printf("Algorithm : %s\n", public_key->name); - if (key_len) - printf("Key length (bits) : %d\n", key_len); - if (ident->realname) - printf("Real name : %s\n", ident->realname); - if (ident->username) - printf("Username : %s\n", ident->username); - if (ident->host) - printf("Hostname : %s\n", ident->host); - if (ident->email) - printf("Email : %s\n", ident->email); - if (ident->org) - printf("Organization : %s\n", ident->org); - if (ident->country) - printf("Country : %s\n", ident->country); - printf("Fingerprint (SHA1) : %s\n", fingerprint); - printf("Babbleprint (SHA1) : %s\n", babbleprint); - - fflush(stdout); - - silc_free(fingerprint); - silc_free(babbleprint); - silc_free(pk); - silc_pkcs_public_key_free(public_key); - silc_pkcs_free_identifier(ident); + if ((rec->passphrase == NULL) && (answer) && (*answer != '\0')) { + rec->passphrase = g_strdup(answer); + keyboard_entry_redirect((SIGNAL_FUNC) change_private_key_passphrase, + format_get_text("fe-common/silc", NULL, NULL, + NULL, SILCTXT_CONFIG_PASS_ASK3), + ENTRY_REDIRECT_FLAG_HIDDEN, rec); + return; + } + + if ((answer) && (*answer != '\0') && (rec->passphrase != NULL)) { + if (strcmp(answer, rec->passphrase)) { + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_PASSMISMATCH); + g_free(rec->old); + g_free(rec->file); + g_free(rec->pkcs); + g_free(rec->passphrase); + g_free(rec); + return; + } + } + + if (silc_change_private_key_passphrase(rec->file, rec->old, + (rec->passphrase == NULL ? + "" : rec->passphrase)) == TRUE) + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_PASSCHANGE); + else + printformat_module("fe-common/silc", NULL, NULL, + MSGLEVEL_CRAP, SILCTXT_CONFIG_PASSCHANGE_FAIL); + g_free(rec->old); + g_free(rec->file); + g_free(rec->passphrase); + g_free(rec->pkcs); + g_free(rec); - return TRUE; } +#endif