KIO
ksslsettings.cpp
Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021 #include "ksslsettings.h"
00022
00023 #include <config.h>
00024 #include <ksslconfig.h>
00025
00026 #include <sys/types.h>
00027 #include <sys/stat.h>
00028
00029 #include <stdlib.h>
00030 #include <pwd.h>
00031 #include <unistd.h>
00032
00033 #include <QtCore/QFile>
00034
00035 #include <kglobal.h>
00036 #include <kstandarddirs.h>
00037 #include <kdebug.h>
00038 #include <kconfiggroup.h>
00039
00040
00041
00042 #ifdef KSSL_HAVE_SSL
00043 #define crypt _openssl_crypt
00044 #include <openssl/ssl.h>
00045 #undef crypt
00046 #endif
00047
00048 #include <kopenssl.h>
00049
00050 #ifdef KSSL_HAVE_SSL
00051 #define sk_new d->kossl->sk_new
00052 #define sk_push d->kossl->sk_push
00053 #define sk_free d->kossl->sk_free
00054 #define sk_value d->kossl->sk_value
00055 #define sk_num d->kossl->sk_num
00056 #define sk_dup d->kossl->sk_dup
00057 #define sk_pop d->kossl->sk_pop
00058 #endif
00059
00060 class CipherNode {
00061 public:
00062 CipherNode(const char *_name, int _keylen) :
00063 name(_name), keylen(_keylen) {}
00064 QString name;
00065 int keylen;
00066 inline int operator==(CipherNode &x)
00067 { return ((x.keylen == keylen) && (x.name == name)); }
00068 inline int operator< (CipherNode &x) { return keylen < x.keylen; }
00069 inline int operator<=(CipherNode &x) { return keylen <= x.keylen; }
00070 inline int operator> (CipherNode &x) { return keylen > x.keylen; }
00071 inline int operator>=(CipherNode &x) { return keylen >= x.keylen; }
00072 };
00073
00074
00075 class KSSLSettingsPrivate {
00076 public:
00077 KSSLSettingsPrivate() {
00078 kossl = 0L;
00079 }
00080 ~KSSLSettingsPrivate() {
00081
00082 }
00083
00084 KOSSL *kossl;
00085 bool m_bUseEGD;
00086 bool m_bUseEFile;
00087 QString m_EGDPath;
00088 bool m_bSendX509;
00089 bool m_bPromptX509;
00090 };
00091
00092
00093
00094
00095
00096
00097
00098 KSSLSettings::KSSLSettings(bool readConfig)
00099 :d(new KSSLSettingsPrivate)
00100 {
00101 m_cfg = new KConfig("cryptodefaults", KConfig::NoGlobals);
00102
00103 if (!KGlobal::dirs()->addResourceType("kssl", "data", "kssl")) {
00104
00105 }
00106
00107 if (readConfig) load();
00108 }
00109
00110
00111
00112 KSSLSettings::~KSSLSettings() {
00113 delete m_cfg;
00114 delete d;
00115 }
00116
00117
00118
00119
00120
00121 QString KSSLSettings::getCipherList() {
00122 QString clist;
00123 #ifdef KSSL_HAVE_SSL
00124 QString tcipher;
00125 bool firstcipher = true;
00126 SSL_METHOD *meth = 0L;
00127 QList<CipherNode> cipherList;
00128
00129 if (!d->kossl)
00130 d->kossl = KOSSL::self();
00131
00132 meth = d->kossl->TLSv1_client_method();
00133
00134 SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth);
00135 SSL* ssl = d->kossl->SSL_new(ctx);
00136 STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
00137 int cnt = sk_SSL_CIPHER_num(sk);
00138 for (int i=0; i< cnt; i++) {
00139 SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
00140 if (!sc)
00141 break;
00142
00143 KConfigGroup cg(m_cfg, QString());
00144
00145 if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc)))
00146 cg.changeGroup("SSLv2");
00147 else
00148 cg.changeGroup("SSLv3");
00149
00150 tcipher.sprintf("cipher_%s", sc->name);
00151 int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
00152 if (cg.readEntry(tcipher, bits >= 56)) {
00153 cipherList.prepend(CipherNode(sc->name, bits));
00154 }
00155 }
00156 d->kossl->SSL_free(ssl);
00157 d->kossl->SSL_CTX_free(ctx);
00158
00159
00160 for (int i = 0; i < cipherList.size(); i++) {
00161 while (cipherList.at(i).name.contains("ADH-")
00162 || cipherList.at(i).name.contains("FZA-")
00163 || cipherList.at(i).name.contains("NULL-")
00164 || cipherList.at(i).name.contains("DES-CBC3-SHA"))
00165 cipherList.removeAt(i);
00166 }
00167
00168
00169 while (!cipherList.isEmpty()) {
00170 if (firstcipher)
00171 firstcipher = false;
00172 else clist.append(":");
00173 clist.append(cipherList.last().name);
00174 cipherList.removeLast();
00175 }
00176
00177 kDebug(7029) << "Cipher list is: " << clist;
00178
00179 #endif
00180 return clist;
00181 }
00182
00183
00184 void KSSLSettings::load() {
00185 m_cfg->reparseConfiguration();
00186
00187 KConfigGroup cfg(m_cfg, "Warnings");
00188 m_bWarnOnEnter = cfg.readEntry("OnEnter", false);
00189 m_bWarnOnLeave = cfg.readEntry("OnLeave", true);
00190 m_bWarnOnUnencrypted = cfg.readEntry("OnUnencrypted", false);
00191 m_bWarnOnMixed = cfg.readEntry("OnMixed", true);
00192
00193 cfg.changeGroup("Validation");
00194 m_bWarnSelfSigned = cfg.readEntry("WarnSelfSigned", true);
00195 m_bWarnExpired = cfg.readEntry("WarnExpired", true);
00196 m_bWarnRevoked = cfg.readEntry("WarnRevoked", true);
00197
00198 cfg.changeGroup("EGD");
00199 d->m_bUseEGD = cfg.readEntry("UseEGD", false);
00200 d->m_bUseEFile = cfg.readEntry("UseEFile", false);
00201 d->m_EGDPath = cfg.readPathEntry("EGDPath", QString());
00202
00203 cfg.changeGroup("Auth");
00204 d->m_bSendX509 = ("send" == cfg.readEntry("AuthMethod", ""));
00205 d->m_bPromptX509 = ("prompt" == cfg.readEntry("AuthMethod", ""));
00206
00207 #ifdef KSSL_HAVE_SSL
00208
00209
00210
00211 #endif
00212 }
00213
00214
00215 void KSSLSettings::defaults() {
00216 m_bWarnOnEnter = false;
00217 m_bWarnOnLeave = true;
00218 m_bWarnOnUnencrypted = true;
00219 m_bWarnOnMixed = true;
00220 m_bWarnSelfSigned = true;
00221 m_bWarnExpired = true;
00222 m_bWarnRevoked = true;
00223 d->m_bUseEGD = false;
00224 d->m_bUseEFile = false;
00225 d->m_EGDPath = "";
00226 }
00227
00228
00229 void KSSLSettings::save() {
00230 KConfigGroup cfg(m_cfg, "Warnings");
00231 cfg.writeEntry("OnEnter", m_bWarnOnEnter);
00232 cfg.writeEntry("OnLeave", m_bWarnOnLeave);
00233 cfg.writeEntry("OnUnencrypted", m_bWarnOnUnencrypted);
00234 cfg.writeEntry("OnMixed", m_bWarnOnMixed);
00235
00236 cfg.changeGroup("Validation");
00237 cfg.writeEntry("WarnSelfSigned", m_bWarnSelfSigned);
00238 cfg.writeEntry("WarnExpired", m_bWarnExpired);
00239 cfg.writeEntry("WarnRevoked", m_bWarnRevoked);
00240
00241 cfg.changeGroup("EGD");
00242 cfg.writeEntry("UseEGD", d->m_bUseEGD);
00243 cfg.writeEntry("UseEFile", d->m_bUseEFile);
00244 cfg.writePathEntry("EGDPath", d->m_EGDPath);
00245
00246 m_cfg->sync();
00247
00248 #if 0
00249 #ifdef KSSL_HAVE_SSL
00250 cfg.setGroup("SSLv3");
00251 for (unsigned int i = 0; i < v3ciphers.count(); i++) {
00252 QString ciphername;
00253 ciphername.sprintf("cipher_%s", v3ciphers[i].ascii());
00254 if (v3selectedciphers.contains(v3ciphers[i])) {
00255 cfg.writeEntry(ciphername, true);
00256 } else cfg.writeEntry(ciphername, false);
00257 }
00258 m_cfg->sync();
00259 #endif
00260
00261
00262 QString cfgName(KGlobal::dirs()->findResource("config", "cryptodefaults"));
00263 if (!cfgName.isEmpty())
00264 ::chmod(QFile::encodeName(cfgName), 0600);
00265 #endif
00266 }
00267
00268
00269 bool KSSLSettings::warnOnEnter() const { return m_bWarnOnEnter; }
00270 void KSSLSettings::setWarnOnEnter(bool x) { m_bWarnOnEnter = x; }
00271 bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; }
00272 void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; }
00273 bool KSSLSettings::warnOnLeave() const { return m_bWarnOnLeave; }
00274 void KSSLSettings::setWarnOnLeave(bool x) { m_bWarnOnLeave = x; }
00275 bool KSSLSettings::warnOnMixed() const { return m_bWarnOnMixed; }
00276 bool KSSLSettings::useEGD() const { return d->m_bUseEGD; }
00277 bool KSSLSettings::useEFile() const { return d->m_bUseEFile; }
00278 bool KSSLSettings::autoSendX509() const { return d->m_bSendX509; }
00279 bool KSSLSettings::promptSendX509() const { return d->m_bPromptX509; }
00280 QString& KSSLSettings::getEGDPath() { return d->m_EGDPath; }
00281
00282 #ifdef KSSL_HAVE_SSL
00283 #undef sk_new
00284 #undef sk_push
00285 #undef sk_free
00286 #undef sk_value
00287 #undef sk_num
00288 #undef sk_pop
00289 #undef sk_dup
00290 #endif