Hello everyone,
here is a version of the ii SSL patch, updated
for git HEAD (the current version did not work
with either `patch` or `git apply`).
Hope this helps,
pranomostro
diff --git a/config.mk b/config.mk
index b5bc34f..8525a43 100644
--- a/config.mk
+++ b/config.mk
@@ -16,7 +16,7 @@ VERSION = 1.7
# includes and libs
INCLUDES = -I. -I${INCDIR} -I/usr/include
-LIBS = -L${LIBDIR} -L/usr/lib -lc
+LIBS = -L${LIBDIR} -L/usr/lib -lc -lssl -lcrypto
# uncomment and comment other variables for compiling on Solaris
#LIBS = -L${LIBDIR} -L/usr/lib -lc -lsocket -lnsl
#CFLAGS = -g ${INCLUDES} -DVERSION=\"${VERSION}\"
diff --git a/ii.1 b/ii.1
index 11e4e2a..d37db70 100644
--- a/ii.1
+++ b/ii.1
@@ -25,6 +25,8 @@ and ii creates a new channel directory with in and out file.
.IR servername ]
.RB [ \-p
.IR port ]
+.RB [ \-e
+.IR ssl ]
.RB [ \-k
.IR environment variable ]
.RB [ \-i
@@ -42,6 +44,9 @@ lets you override the default servername (irc.freenode.net)
.BI \-p " port"
lets you override the default port (6667)
.TP
+.BI \-e " ssl"
+lets you connect using ssl encryption. The default ssl port is 6697.
+.TP
.BI \-k " environment variable"
lets you specify an environment variable that contains your IRC password, e.g. IIPASS="foobar" ii -k IIPASS.
This is done in order to prevent other users from eavesdropping the server password via the process list.
diff --git a/ii.c b/ii.c
index 5d57458..33c3d08 100644
--- a/ii.c
+++ b/ii.c
@@ -18,6 +18,9 @@
#include <ctype.h>
#include <time.h>
#include <unistd.h>
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
#define EXIT_TIMEOUT 2
@@ -26,6 +29,14 @@
#endif
#define PING_TIMEOUT 300
#define SERVER_PORT 6667
+#define SSL_SERVER_PORT 6697
+#define WRITE(con, mes, len) (use_ssl ? SSL_write(irc->sslHandle, mes, len) : write(con->irc, mes, len))
+#define READ(fd, buf, size) (from_server && use_ssl ? SSL_read(irc->sslHandle, buf, size) : read(fd, buf, size))
+typedef struct {
+ int irc;
+ SSL *sslHandle;
+ SSL_CTX *sslContext;
+} conn;
enum { TOK_NICKSRV = 0, TOK_USER, TOK_CMD, TOK_CHAN, TOK_ARG, TOK_TEXT, TOK_LAST };
typedef struct Channel Channel;
@@ -35,7 +46,8 @@ struct Channel {
Channel *next;
};
-static int irc;
+conn *irc;
+static int use_ssl;
static time_t last_response;
static Channel *channels = NULL;
static char *host = "irc.freenode.net";
@@ -48,7 +60,7 @@ static void usage() {
fputs("ii - irc it - " VERSION "\n"
"(C)opyright MMV-MMVI Anselm R. Garbe\n"
"(C)opyright MMV-MMXI Nico Golde\n"
- "usage: ii [-i <irc dir>] [-s <host>] [-p <port>]\n"
+ "usage: ii [-i <irc dir>] [-s <host>] [-p <port>] [-e ssl]\n"
" [-n <nick>] [-k <password>] [-f <fullname>]\n", stderr);
exit(EXIT_FAILURE);
}
@@ -151,11 +163,12 @@ static void login(char *key, char *fullname) {
nick, nick, host, fullname ? fullname : nick);
else snprintf(message, PIPE_BUF, "NICK %s\r\nUSER %s localhost %s :%s\r\n",
nick, nick, host, fullname ? fullname : nick);
- write(irc, message, strlen(message)); /* login */
+ WRITE(irc, message, strlen(message)); /* login */
}
-static int tcpopen(unsigned short port) {
+conn *tcpopen(unsigned short port) {
int fd;
+ conn *c;
struct sockaddr_in sin;
struct hostent *hp = gethostbyname(host);
@@ -175,7 +188,22 @@ static int tcpopen(unsigned short port) {
perror("ii: cannot connect to host");
exit(EXIT_FAILURE);
}
- return fd;
+ c = malloc(sizeof(conn));
+ c->irc = fd;
+ if(use_ssl) {
+ c->sslHandle = NULL;
+ c->sslContext = NULL;
+ SSL_load_error_strings();
+ SSL_library_init();
+ c->sslContext = SSL_CTX_new(SSLv23_client_method());
+ if(c->sslContext == NULL)
+ ERR_print_errors_fp(stderr);
+ c->sslHandle = SSL_new(c->sslContext);
+ if(!SSL_set_fd(c->sslHandle, c->irc)
+ || (SSL_connect(c->sslHandle) != 1))
+ ERR_print_errors_fp(stderr);
+ }
+ return c;
}
static size_t tokenize(char **result, size_t reslen, char *str, char delim) {
@@ -222,7 +250,7 @@ static void proc_channels_privmsg(char *channel, char *buf) {
snprintf(message, PIPE_BUF, "<%s> %s", nick, buf);
print_out(channel, message);
snprintf(message, PIPE_BUF, "PRIVMSG %s :%s\r\n", channel, buf);
- write(irc, message, strlen(message));
+ WRITE(irc, message, strlen(message));
}
static void proc_channels_input(Channel *c, char *buf) {
@@ -276,7 +304,7 @@ static void proc_channels_input(Channel *c, char *buf) {
else
snprintf(message, PIPE_BUF,
"PART %s :ii - 500 SLOC are too much\r\n", c->name);
- write(irc, message, strlen(message));
+ WRITE(irc, message, strlen(message));
close(c->fd);
/*create_filepath(infile, sizeof(infile), c->name, "in");
unlink(infile); */
@@ -291,7 +319,7 @@ static void proc_channels_input(Channel *c, char *buf) {
snprintf(message, PIPE_BUF, "%s\r\n", &buf[1]);
if (message[0] != '\0')
- write(irc, message, strlen(message));
+ WRITE(irc, message, strlen(message));
}
static void proc_server_cmd(char *buf) {
@@ -342,7 +370,7 @@ static void proc_server_cmd(char *buf) {
return;
} else if(!strncmp("PING", argv[TOK_CMD], 5)) {
snprintf(message, PIPE_BUF, "PONG %s\r\n", argv[TOK_TEXT]);
- write(irc, message, strlen(message));
+ WRITE(irc, message, strlen(message));
return;
} else if(!argv[TOK_NICKSRV] || !argv[TOK_USER]) { /* server command */
snprintf(message, PIPE_BUF, "%s%s", argv[TOK_ARG] ? argv[TOK_ARG] : "", argv[TOK_TEXT] ? argv[TOK_TEXT] : "");
@@ -383,11 +411,11 @@ static void proc_server_cmd(char *buf) {
print_out(argv[TOK_CHAN], message);
}
-static int read_line(int fd, size_t res_len, char *buf) {
+static int read_line(int fd, size_t res_len, char *buf, int from_server) {
size_t i = 0;
char c = 0;
do {
- if(read(fd, &c, sizeof(char)) != sizeof(char))
+ if(READ(fd, &c, sizeof(char)) != sizeof(char))
return -1;
buf[i++] = c;
}
@@ -398,7 +426,7 @@ static int read_line(int fd, size_t res_len, char *buf) {
static void handle_channels_input(Channel *c) {
static char buf[PIPE_BUF];
- if(read_line(c->fd, PIPE_BUF, buf) == -1) {
+ if(read_line(c->fd, PIPE_BUF, buf, 0) == -1) {
close(c->fd);
int fd = open_channel(c->name);
if(fd != -1)
@@ -412,7 +440,7 @@ static void handle_channels_input(Channel *c) {
static void handle_server_output() {
static char buf[PIPE_BUF];
- if(read_line(irc, PIPE_BUF, buf) == -1) {
+ if(read_line(irc->irc, PIPE_BUF, buf, 1) == -1) {
perror("ii: remote host closed connection");
exit(EXIT_FAILURE);
}
@@ -429,8 +457,8 @@ static void run() {
snprintf(ping_msg, sizeof(ping_msg), "PING %s\r\n", host);
for(;;) {
FD_ZERO(&rd);
- maxfd = irc;
- FD_SET(irc, &rd);
+ maxfd = irc->irc;
+ FD_SET(irc->irc, &rd);
for(c = channels; c; c = c->next) {
if(maxfd < c->fd)
maxfd = c->fd;
@@ -450,10 +478,10 @@ static void run() {
print_out(NULL, "-!- ii shutting down: ping timeout");
exit(EXIT_TIMEOUT);
}
- write(irc, ping_msg, strlen(ping_msg));
+ WRITE(irc, ping_msg, strlen(ping_msg));
continue;
}
- if(FD_ISSET(irc, &rd)) {
+ if(FD_ISSET(irc->irc, &rd)) {
handle_server_output();
last_response = time(NULL);
}
@@ -487,10 +515,13 @@ int main(int argc, char *argv[]) {
case 'p': port = strtol(argv[++i], NULL, 10); break;
case 'n': snprintf(nick,sizeof(nick),"%s", argv[++i]); break;
case 'k': key = getenv(argv[++i]); break;
+ case 'e': use_ssl = 1; ++i; break;
case 'f': fullname = argv[++i]; break;
default: usage(); break;
}
}
+ if(use_ssl)
+ port = port == SERVER_PORT ? SSL_SERVER_PORT : port;
irc = tcpopen(port);
#ifdef __OpenBSD__ /* OpenBSD pledge(2) support */
