X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=apps%2Firssi%2Fsrc%2Fsilc%2Fcore%2Fclientutil.c;h=8f1639329813e77636874510c9b35420ee2eca08;hb=413da0f8686910f5e627393157566ae729ca99c4;hp=a9b0434e7b4c58ee70ef34e4f4ba97ea665fe021;hpb=6bdd7d2dd5279434f63b673e327b43d2513ec3a5;p=silc.git diff --git a/apps/irssi/src/silc/core/clientutil.c b/apps/irssi/src/silc/core/clientutil.c index a9b0434e..8f163932 100644 --- a/apps/irssi/src/silc/core/clientutil.c +++ b/apps/irssi/src/silc/core/clientutil.c @@ -1,157 +1,368 @@ /* - clientutil.c : irssi - Copyright (C) 2000 Timo Sirainen + client.c - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. + Author: Pekka Riikonen - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. + Copyright (C) 1997 - 2002 Pekka Riikonen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/* $Id$ */ #include "module.h" +#include "net-nonblock.h" +#include "net-sendbuffer.h" +#include "signals.h" +#include "servers.h" +#include "commands.h" +#include "levels.h" +#include "modules.h" +#include "rawlog.h" +#include "misc.h" +#include "settings.h" + +#include "channels-setup.h" + #include "silc-servers.h" +#include "silc-channels.h" +#include "silc-queries.h" +#include "silc-nicklist.h" +#include "window-item-def.h" + +#include "fe-common/core/printtext.h" +#include "fe-common/core/keyboard.h" + +#include "core.h" -/* Verifies received public key. If user decides to trust the key it is - saved as trusted server key for later use. If user does not trust the - key this returns FALSE. */ +/* Lists supported ciphers */ -int silc_client_verify_server_key(SILC_SERVER_REC *server, - unsigned char *pk, unsigned int pk_len, - SilcSKEPKType pk_type) +void silc_client_list_ciphers() { - char filename[256]; - char file[256]; - char *hostname, *fingerprint; + char *ciphers = silc_cipher_get_supported(); + fprintf(stdout, "%s\n", ciphers); + silc_free(ciphers); +} + +/* Lists supported hash functions */ + +void silc_client_list_hash_funcs() +{ + char *hash = silc_hash_get_supported(); + fprintf(stdout, "%s\n", hash); + silc_free(hash); +} + +/* Lists supported hash functions */ + +void silc_client_list_hmacs() +{ + char *hash = silc_hmac_get_supported(); + fprintf(stdout, "%s\n", hash); + silc_free(hash); +} + +/* Lists supported PKCS algorithms */ + +void silc_client_list_pkcs() +{ + char *pkcs = silc_pkcs_get_supported(); + fprintf(stdout, "%s\n", pkcs); + silc_free(pkcs); +} + +/* This checks stats for various SILC files and directories. First it + checks if ~/.silc directory exist and is owned by the correct user. If + it doesn't exist, it will create the directory. After that it checks if + user's Public and Private key files exists and that they aren't expired. + If they doesn't exist or they are expired, they will be (re)created + after return. */ + +int silc_client_check_silc_dir() +{ + char filename[256], file_public_key[256], file_private_key[256]; + char servfilename[256], clientfilename[256], friendsfilename[256]; struct stat st; + struct passwd *pw; + time_t curtime, modtime; + + SILC_LOG_DEBUG(("Checking ~./silc directory")); - hostname = server->connrec->address; + memset(filename, 0, sizeof(filename)); + memset(file_public_key, 0, sizeof(file_public_key)); + memset(file_private_key, 0, sizeof(file_private_key)); - if (pk_type != SILC_SKE_PK_TYPE_SILC) { - //silc_say(client, "We don't support server %s key type", hostname); + pw = getpwuid(getuid()); + if (!pw) { + fprintf(stderr, "silc: %s\n", strerror(errno)); return FALSE; } - memset(filename, 0, sizeof(filename)); - memset(file, 0, sizeof(file)); - snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", hostname, - server->connrec->port); - snprintf(filename, sizeof(filename) - 1, "%s/.silc/serverkeys/%s", - g_get_home_dir(), file); - - /* Check wheter this key already exists */ - if (stat(filename, &st) < 0) { - - fingerprint = silc_hash_fingerprint(NULL, pk, pk_len); - /*silc_say(client, "Received server %s public key", hostname); - silc_say(client, "Fingerprint for the server %s key is", hostname); - silc_say(client, "%s", fingerprint);*/ - silc_free(fingerprint); - - /* Ask user to verify the key and save it */ - /*if (silc_client_ask_yes_no(client, - "Would you like to accept the key (y/n)? "))*/ - { - /* Save the key for future checking */ - silc_pkcs_save_public_key_data(filename, pk, pk_len, - SILC_PKCS_FILE_PEM); - return TRUE; + /* We'll take home path from /etc/passwd file to be sure. */ + snprintf(filename, sizeof(filename) - 1, "%s/", get_irssi_dir()); + snprintf(servfilename, sizeof(servfilename) - 1, "%s/serverkeys", + get_irssi_dir()); + snprintf(clientfilename, sizeof(clientfilename) - 1, "%s/clientkeys", + get_irssi_dir()); + snprintf(friendsfilename, sizeof(friendsfilename) - 1, "%s/friends", + get_irssi_dir()); + + /* + * Check ~/.silc directory + */ + if ((stat(filename, &st)) == -1) { + /* If dir doesn't exist */ + if (errno == ENOENT) { + if (pw->pw_uid == geteuid()) { + if ((mkdir(filename, 0755)) == -1) { + fprintf(stderr, "Couldn't create `%s' directory\n", filename); + return FALSE; + } + } else { + fprintf(stderr, "Couldn't create `%s' directory due to a wrong uid!\n", + filename); + return FALSE; } + } else { + fprintf(stderr, "%s\n", strerror(errno)); + return FALSE; + } } else { - /* The key already exists, verify it. */ - SilcPublicKey public_key; - unsigned char *encpk; - unsigned int encpk_len; - - /* Load the key file */ - if (!silc_pkcs_load_public_key(filename, &public_key, - SILC_PKCS_FILE_PEM)) - if (!silc_pkcs_load_public_key(filename, &public_key, - SILC_PKCS_FILE_BIN)) { - fingerprint = silc_hash_fingerprint(NULL, pk, pk_len); - /*silc_say(client, "Received server %s public key", hostname); - silc_say(client, "Fingerprint for the server %s key is", hostname); - silc_say(client, "%s", fingerprint);*/ - silc_free(fingerprint); - /*silc_say(client, "Could not load your local copy of the server %s key", - hostname); - if (silc_client_ask_yes_no(client, - "Would you like to accept the key anyway (y/n)? "))*/ - { - /* Save the key for future checking */ - unlink(filename); - silc_pkcs_save_public_key_data(filename, pk, pk_len, - SILC_PKCS_FILE_PEM); - return TRUE; - } - + + /* Check the owner of the dir */ + if (st.st_uid != 0 && st.st_uid != pw->pw_uid) { + fprintf(stderr, "You don't seem to own `%s' directory\n", + filename); + return FALSE; + } + +#if 0 + /* Check the permissions of the dir */ + if ((st.st_mode & 0777) != 0755) { + if ((chmod(filename, 0755)) == -1) { + fprintf(stderr, "Permissions for `%s' directory must be 0755\n", + filename); + return FALSE; + } + } +#endif + } + + /* + * Check ~./silc/serverkeys directory + */ + if ((stat(servfilename, &st)) == -1) { + /* If dir doesn't exist */ + if (errno == ENOENT) { + if (pw->pw_uid == geteuid()) { + if ((mkdir(servfilename, 0755)) == -1) { + fprintf(stderr, "Couldn't create `%s' directory\n", servfilename); + return FALSE; + } + } else { + fprintf(stderr, "Couldn't create `%s' directory due to a wrong uid!\n", + servfilename); return FALSE; } + } else { + fprintf(stderr, "%s\n", strerror(errno)); + return FALSE; + } + } - /* Encode the key data */ - encpk = silc_pkcs_public_key_encode(public_key, &encpk_len); - if (!encpk) { - fingerprint = silc_hash_fingerprint(NULL, pk, pk_len); - /*silc_say(client, "Received server %s public key", hostname); - silc_say(client, "Fingerprint for the server %s key is", hostname); - silc_say(client, "%s", fingerprint);*/ - silc_free(fingerprint); - /*silc_say(client, "Your local copy of the server %s key is malformed", - hostname); - if (silc_client_ask_yes_no(client, - "Would you like to accept the key anyway (y/n)? "))*/ - { - /* Save the key for future checking */ - unlink(filename); - silc_pkcs_save_public_key_data(filename, pk, pk_len, - SILC_PKCS_FILE_PEM); - return TRUE; + /* + * Check ~./silc/clientkeys directory + */ + if ((stat(clientfilename, &st)) == -1) { + /* If dir doesn't exist */ + if (errno == ENOENT) { + if (pw->pw_uid == geteuid()) { + if ((mkdir(clientfilename, 0755)) == -1) { + fprintf(stderr, "Couldn't create `%s' directory\n", clientfilename); + return FALSE; } - + } else { + fprintf(stderr, "Couldn't create `%s' directory due to a wrong uid!\n", + clientfilename); + return FALSE; + } + } else { + fprintf(stderr, "%s\n", strerror(errno)); return FALSE; } - - if (memcmp(encpk, pk, encpk_len)) { - fingerprint = silc_hash_fingerprint(NULL, pk, pk_len); - /*silc_say(client, "Received server %s public key", hostname); - silc_say(client, "Fingerprint for the server %s key is", hostname); - silc_say(client, "%s", fingerprint);*/ - silc_free(fingerprint); - /*silc_say(client, "Server %s key does not match with your local copy", - hostname); - silc_say(client, "It is possible that the key has expired or changed"); - silc_say(client, "It is also possible that some one is performing " - "man-in-the-middle attack");*/ - - /* Ask user to verify the key and save it */ - /*if (silc_client_ask_yes_no(client, - "Would you like to accept the key anyway (y/n)? "))*/ - { - /* Save the key for future checking */ - unlink(filename); - silc_pkcs_save_public_key_data(filename, pk, pk_len, - SILC_PKCS_FILE_PEM); - return TRUE; + } + + /* + * Check ~./silc/friends directory + */ + if ((stat(friendsfilename, &st)) == -1) { + /* If dir doesn't exist */ + if (errno == ENOENT) { + if (pw->pw_uid == geteuid()) { + if ((mkdir(friendsfilename, 0755)) == -1) { + fprintf(stderr, "Couldn't create `%s' directory\n", friendsfilename); + return FALSE; } - - //silc_say(client, "Will not accept server %s key", hostname); + } else { + fprintf(stderr, "Couldn't create `%s' directory due to a wrong uid!\n", + friendsfilename); + return FALSE; + } + } else { + fprintf(stderr, "%s\n", strerror(errno)); + return FALSE; + } + } + + /* + * Check Public and Private keys + */ + snprintf(file_public_key, sizeof(file_public_key) - 1, "%s%s", + filename, SILC_CLIENT_PUBLIC_KEY_NAME); + snprintf(file_private_key, sizeof(file_private_key) - 1, "%s%s", + filename, SILC_CLIENT_PRIVATE_KEY_NAME); + + if ((stat(file_public_key, &st)) == -1) { + /* If file doesn't exist */ + if (errno == ENOENT) { + fprintf(stdout, "Running SILC for the first time\n"); + silc_create_key_pair(SILC_CLIENT_DEF_PKCS, + SILC_CLIENT_DEF_PKCS_LEN, + file_public_key, file_private_key, NULL, + NULL, NULL, NULL, NULL, FALSE); + printf("Press to continue...\n"); + getchar(); + } else { + fprintf(stderr, "%s\n", strerror(errno)); + return FALSE; + } + } + + /* Check the owner of the public key */ + if (st.st_uid != 0 && st.st_uid != pw->pw_uid) { + fprintf(stderr, "You don't seem to own your public key!?\n"); + return FALSE; + } + + if ((stat(file_private_key, &st)) == -1) { + /* If file doesn't exist */ + if (errno == ENOENT) { + fprintf(stdout, "Your private key doesn't exist\n"); + silc_create_key_pair(SILC_CLIENT_DEF_PKCS, + SILC_CLIENT_DEF_PKCS_LEN, + file_public_key, file_private_key, NULL, + NULL, NULL, NULL, NULL, FALSE); + printf("Press to continue...\n"); + getchar(); + } else { + fprintf(stderr, "%s\n", strerror(errno)); return FALSE; } + } + + /* Check the owner of the private key */ + if (st.st_uid != 0 && st.st_uid != pw->pw_uid) { + fprintf(stderr, "You don't seem to own your private key!?\n"); + return FALSE; + } + + /* Check the permissions for the private key */ + if ((st.st_mode & 0777) != 0600) { + fprintf(stderr, "Wrong permissions in your private key file `%s'!\n" + "Trying to change them ... ", file_private_key); + if ((chmod(file_private_key, 0600)) == -1) { + fprintf(stderr, + "Failed to change permissions for private key file!\n" + "Permissions for your private key file must be 0600.\n"); + return FALSE; + } + fprintf(stderr, "Done.\n\n"); + } + + /* See if the key has expired. */ + modtime = st.st_mtime; /* last modified */ + curtime = time(0) - modtime; + + /* 86400 is seconds in a day. */ + if (curtime >= (86400 * SILC_CLIENT_KEY_EXPIRES)) { + char *answer; + + fprintf(stdout, + "----------------------------------------------------\n" + "Your private key has expired and needs to be\n" + "recreated. Would you like to create a new key pair\n" + "now? If you answer Yes, the new key will expire in\n" + "%d days from today. If you answer No, the old key\n" + "will expire again in %d days from today.\n" + "----------------------------------------------------\n", + SILC_CLIENT_KEY_EXPIRES, SILC_CLIENT_KEY_EXPIRES); - /* Local copy matched */ - return TRUE; + answer = silc_get_input("Would you like to create a new key pair " + "(y/n)?: ", FALSE); + while (!answer) { + printf("Answer 'y' or 'n' and press Enter\n"); + answer = silc_get_input("Would you like to create a new key pair " + "(y/n)?: ", FALSE); + } + if (answer[0] == 'Y' || answer[0] == 'y') { + silc_create_key_pair(SILC_CLIENT_DEF_PKCS, + SILC_CLIENT_DEF_PKCS_LEN, + file_public_key, file_private_key, NULL, + NULL, NULL, NULL, NULL, FALSE); + printf("Press to continue...\n"); + getchar(); + } else { +#ifdef HAVE_UTIME + struct utimbuf utim; + utim.actime = time(NULL); + utim.modtime = time(NULL); + utime(file_private_key, &utim); +#endif + } + silc_free(answer); } + + return TRUE; +} + +/* Loads public and private key from files. */ + +int silc_client_load_keys(SilcClient client) +{ + char pub[256], prv[256]; + struct passwd *pw; + bool ret; - //silc_say(client, "Will not accept server %s key", hostname); - return FALSE; + SILC_LOG_DEBUG(("Loading public and private keys")); + + pw = getpwuid(getuid()); + if (!pw) + return FALSE; + + memset(prv, 0, sizeof(prv)); + snprintf(prv, sizeof(prv) - 1, "%s/%s", + get_irssi_dir(), SILC_CLIENT_PRIVATE_KEY_NAME); + + memset(pub, 0, sizeof(pub)); + snprintf(pub, sizeof(pub) - 1, "%s/%s", + get_irssi_dir(), SILC_CLIENT_PUBLIC_KEY_NAME); + + /* Try loading first with "" passphrase, for those that didn't set + passphrase for private key, and only if that fails let it prompt + for passphrase. */ + ret = silc_load_key_pair(pub, prv, "", &client->pkcs, &client->public_key, + &client->private_key); + if (!ret) + ret = silc_load_key_pair(pub, prv, NULL, &client->pkcs, + &client->public_key, &client->private_key); + return ret; }