• Skip to content
  • Skip to link menu
KDE 4.2 API Reference
  • KDE API Reference
  • kdelibs
  • Sitemap
  • Contact Us
 

KIO

ksslsettings.cpp

Go to the documentation of this file.
00001 /* This file is part of the KDE project
00002  *
00003  * Copyright (C) 2000 George Staikos <staikos@kde.org>
00004  *
00005  * This library is free software; you can redistribute it and/or
00006  * modify it under the terms of the GNU Library General Public
00007  * License as published by the Free Software Foundation; either
00008  * version 2 of the License, or (at your option) any later version.
00009  *
00010  * This library is distributed in the hope that it will be useful,
00011  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00013  * Library General Public License for more details.
00014  *
00015  * You should have received a copy of the GNU Library General Public License
00016  * along with this library; see the file COPYING.LIB.  If not, write to
00017  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
00018  * Boston, MA 02110-1301, USA.
00019  */
00020 
00021 #include "ksslsettings.h"
00022 
00023 #include <config.h>
00024 #include <ksslconfig.h>
00025 
00026 #include <sys/types.h>
00027 #include <sys/stat.h>
00028 
00029 #include <stdlib.h>
00030 #include <pwd.h>
00031 #include <unistd.h>
00032 
00033 #include <QtCore/QFile>
00034 
00035 #include <kglobal.h>
00036 #include <kstandarddirs.h>
00037 #include <kdebug.h>
00038 #include <kconfiggroup.h>
00039 
00040 // this hack provided by Malte Starostik to avoid glibc/openssl bug
00041 // on some systems
00042 #ifdef KSSL_HAVE_SSL
00043 #define crypt _openssl_crypt
00044 #include <openssl/ssl.h>
00045 #undef crypt
00046 #endif
00047 
00048 #include <kopenssl.h>
00049 
00050 #ifdef KSSL_HAVE_SSL
00051 #define sk_new d->kossl->sk_new
00052 #define sk_push d->kossl->sk_push
00053 #define sk_free d->kossl->sk_free
00054 #define sk_value d->kossl->sk_value
00055 #define sk_num d->kossl->sk_num
00056 #define sk_dup d->kossl->sk_dup
00057 #define sk_pop d->kossl->sk_pop
00058 #endif
00059 
00060 class CipherNode {
00061     public:
00062         CipherNode(const char *_name, int _keylen) :
00063             name(_name), keylen(_keylen) {}
00064         QString name;
00065         int keylen;
00066         inline int operator==(CipherNode &x)
00067         { return ((x.keylen == keylen) && (x.name == name)); }
00068         inline int operator< (CipherNode &x) { return keylen < x.keylen;  }
00069         inline int operator<=(CipherNode &x) { return keylen <= x.keylen; }
00070         inline int operator> (CipherNode &x) { return keylen > x.keylen;  }
00071         inline int operator>=(CipherNode &x) { return keylen >= x.keylen; }
00072 };
00073 
00074 
00075 class KSSLSettingsPrivate {
00076     public:
00077         KSSLSettingsPrivate() {
00078             kossl = 0L;   // try to delay this as long as possible
00079         }
00080         ~KSSLSettingsPrivate() {
00081 
00082         }
00083 
00084         KOSSL *kossl;
00085         bool m_bUseEGD;
00086         bool m_bUseEFile;
00087         QString m_EGDPath;
00088         bool m_bSendX509;
00089         bool m_bPromptX509;
00090 };
00091 
00092 //
00093 // FIXME
00094 // Implementation note: for now, we only read cipher settings from disk,
00095 //                      and do not store them in memory.  This should change.
00096 //
00097 
00098 KSSLSettings::KSSLSettings(bool readConfig)
00099     :d(new KSSLSettingsPrivate)
00100 {
00101         m_cfg = new KConfig("cryptodefaults", KConfig::NoGlobals);
00102 
00103     if (!KGlobal::dirs()->addResourceType("kssl", "data", "kssl")) {
00104         //kDebug(7029) << "Error adding (kssl, share/apps/kssl)";
00105     }
00106 
00107     if (readConfig) load();
00108 }
00109 
00110 
00111 // we don't save settings incase it was a temporary object
00112 KSSLSettings::~KSSLSettings() {
00113     delete m_cfg;
00114     delete d;
00115 }
00116 
00117 
00118 // FIXME: we should make a default list available if this fails
00119 //        since OpenSSL seems to just choose any old thing if it's given an
00120 //        empty list.  This behavior is not confirmed though.
00121 QString KSSLSettings::getCipherList() {
00122     QString clist;
00123 #ifdef KSSL_HAVE_SSL
00124     QString tcipher;
00125     bool firstcipher = true;
00126     SSL_METHOD *meth = 0L;
00127         QList<CipherNode> cipherList;
00128 
00129     if (!d->kossl)
00130         d->kossl = KOSSL::self();
00131 
00132     meth = d->kossl->TLSv1_client_method();
00133 
00134         SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth);
00135         SSL* ssl = d->kossl->SSL_new(ctx);
00136         STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
00137         int cnt = sk_SSL_CIPHER_num(sk);
00138         for (int i=0; i< cnt; i++) {
00139                 SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
00140                 if (!sc)
00141                         break;
00142 
00143                 KConfigGroup cg(m_cfg, QString());
00144 
00145                 if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc)))
00146                         cg.changeGroup("SSLv2");
00147                 else
00148                         cg.changeGroup("SSLv3");
00149 
00150                 tcipher.sprintf("cipher_%s", sc->name);
00151                 int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
00152                 if (cg.readEntry(tcipher, bits >= 56)) {
00153                         cipherList.prepend(CipherNode(sc->name, bits));
00154                 }
00155         }
00156         d->kossl->SSL_free(ssl);
00157         d->kossl->SSL_CTX_free(ctx);
00158 
00159     // Remove any ADH ciphers as per RFC2246
00160     for (int i = 0; i < cipherList.size(); i++) {
00161                 while (cipherList.at(i).name.contains("ADH-")
00162                        || cipherList.at(i).name.contains("FZA-")
00163                        || cipherList.at(i).name.contains("NULL-")
00164                        || cipherList.at(i).name.contains("DES-CBC3-SHA"))
00165                     cipherList.removeAt(i);
00166     }
00167 
00168     // now assemble the list  cipher1:cipher2:cipher3:...:ciphern
00169     while (!cipherList.isEmpty()) {
00170         if (firstcipher)
00171             firstcipher = false;
00172         else clist.append(":");
00173         clist.append(cipherList.last().name);
00174         cipherList.removeLast();
00175     } // while
00176 
00177     kDebug(7029) << "Cipher list is: " << clist;
00178 
00179 #endif
00180     return clist;
00181 }
00182 
00183 // FIXME - sync these up so that we can use them with the control module!!
00184 void KSSLSettings::load() {
00185     m_cfg->reparseConfiguration();
00186 
00187         KConfigGroup cfg(m_cfg, "Warnings");
00188     m_bWarnOnEnter = cfg.readEntry("OnEnter", false);
00189     m_bWarnOnLeave = cfg.readEntry("OnLeave", true);
00190     m_bWarnOnUnencrypted = cfg.readEntry("OnUnencrypted", false);
00191     m_bWarnOnMixed = cfg.readEntry("OnMixed", true);
00192 
00193     cfg.changeGroup("Validation");
00194     m_bWarnSelfSigned = cfg.readEntry("WarnSelfSigned", true);
00195     m_bWarnExpired = cfg.readEntry("WarnExpired", true);
00196     m_bWarnRevoked = cfg.readEntry("WarnRevoked", true);
00197 
00198     cfg.changeGroup("EGD");
00199     d->m_bUseEGD = cfg.readEntry("UseEGD", false);
00200     d->m_bUseEFile = cfg.readEntry("UseEFile", false);
00201     d->m_EGDPath = cfg.readPathEntry("EGDPath", QString());
00202 
00203     cfg.changeGroup("Auth");
00204     d->m_bSendX509 = ("send" == cfg.readEntry("AuthMethod", ""));
00205     d->m_bPromptX509 = ("prompt" == cfg.readEntry("AuthMethod", ""));
00206 
00207 #ifdef KSSL_HAVE_SSL
00208 
00209 
00210 
00211 #endif
00212 }
00213 
00214 
00215 void KSSLSettings::defaults() {
00216     m_bWarnOnEnter = false;
00217     m_bWarnOnLeave = true;
00218     m_bWarnOnUnencrypted = true;
00219     m_bWarnOnMixed = true;
00220     m_bWarnSelfSigned = true;
00221     m_bWarnExpired = true;
00222     m_bWarnRevoked = true;
00223     d->m_bUseEGD = false;
00224     d->m_bUseEFile = false;
00225     d->m_EGDPath = "";
00226 }
00227 
00228 
00229 void KSSLSettings::save() {
00230         KConfigGroup cfg(m_cfg, "Warnings");
00231     cfg.writeEntry("OnEnter", m_bWarnOnEnter);
00232     cfg.writeEntry("OnLeave", m_bWarnOnLeave);
00233     cfg.writeEntry("OnUnencrypted", m_bWarnOnUnencrypted);
00234     cfg.writeEntry("OnMixed", m_bWarnOnMixed);
00235 
00236     cfg.changeGroup("Validation");
00237     cfg.writeEntry("WarnSelfSigned", m_bWarnSelfSigned);
00238     cfg.writeEntry("WarnExpired", m_bWarnExpired);
00239     cfg.writeEntry("WarnRevoked", m_bWarnRevoked);
00240 
00241     cfg.changeGroup("EGD");
00242     cfg.writeEntry("UseEGD", d->m_bUseEGD);
00243     cfg.writeEntry("UseEFile", d->m_bUseEFile);
00244     cfg.writePathEntry("EGDPath", d->m_EGDPath);
00245 
00246     m_cfg->sync();
00247     // FIXME - ciphers
00248 #if 0
00249 #ifdef KSSL_HAVE_SSL
00250     cfg.setGroup("SSLv3");
00251     for (unsigned int i = 0; i < v3ciphers.count(); i++) {
00252         QString ciphername;
00253         ciphername.sprintf("cipher_%s", v3ciphers[i].ascii());
00254         if (v3selectedciphers.contains(v3ciphers[i])) {
00255             cfg.writeEntry(ciphername, true);
00256         } else cfg.writeEntry(ciphername, false);
00257     }
00258         m_cfg->sync();
00259 #endif
00260 
00261     // insure proper permissions -- contains sensitive data
00262     QString cfgName(KGlobal::dirs()->findResource("config", "cryptodefaults"));
00263     if (!cfgName.isEmpty())
00264         ::chmod(QFile::encodeName(cfgName), 0600);
00265 #endif
00266 }
00267 
00268 
00269 bool KSSLSettings::warnOnEnter() const       { return m_bWarnOnEnter; }
00270 void KSSLSettings::setWarnOnEnter(bool x)    { m_bWarnOnEnter = x; }
00271 bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; }
00272 void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; }
00273 bool KSSLSettings::warnOnLeave() const       { return m_bWarnOnLeave; }
00274 void KSSLSettings::setWarnOnLeave(bool x)    { m_bWarnOnLeave = x; }
00275 bool KSSLSettings::warnOnMixed() const       { return m_bWarnOnMixed; }
00276 bool KSSLSettings::useEGD() const            { return d->m_bUseEGD;      }
00277 bool KSSLSettings::useEFile() const          { return d->m_bUseEFile;    }
00278 bool KSSLSettings::autoSendX509() const      { return d->m_bSendX509; }
00279 bool KSSLSettings::promptSendX509() const    { return d->m_bPromptX509; }
00280 QString& KSSLSettings::getEGDPath()       { return d->m_EGDPath; }
00281 
00282 #ifdef KSSL_HAVE_SSL
00283 #undef sk_new
00284 #undef sk_push
00285 #undef sk_free
00286 #undef sk_value
00287 #undef sk_num
00288 #undef sk_pop
00289 #undef sk_dup
00290 #endif

KIO

Skip menu "KIO"
  • Main Page
  • Namespace List
  • Class Hierarchy
  • Alphabetical List
  • Class List
  • File List
  • Namespace Members
  • Class Members
  • Related Pages

kdelibs

Skip menu "kdelibs"
  • DNSSD
  • Interfaces
  •   KHexEdit
  •   KMediaPlayer
  •   KSpeech
  •   KTextEditor
  • Kate
  • kconf_update
  • KDE3Support
  •   KUnitTest
  • KDECore
  • KDED
  • KDEsu
  • KDEUI
  • KDocTools
  • KFile
  • KHTML
  • KImgIO
  • KInit
  • kio
  • KIOSlave
  • KJS
  •   KJS-API
  •   WTF
  • kjsembed
  • KNewStuff
  • KParts
  • Kross
  • KUtils
  • Nepomuk
  • Plasma
  • Solid
  • Sonnet
  • ThreadWeaver
Generated for kdelibs by doxygen 1.5.7
This website is maintained by Adriaan de Groot and Allen Winter.
KDE® and the K Desktop Environment® logo are registered trademarks of KDE e.V. | Legal