00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021 #ifdef HAVE_CONFIG_H
00022 #include <config.h>
00023 #endif
00024
00025 #include <sys/types.h>
00026 #include <sys/stat.h>
00027
00028 #include <stdlib.h>
00029 #include <pwd.h>
00030 #include <unistd.h>
00031
00032 #include <qfile.h>
00033 #include <qsortedlist.h>
00034
00035 #include "ksslsettings.h"
00036 #include <kglobal.h>
00037 #include <kstandarddirs.h>
00038 #include <kdebug.h>
00039
00040
00041
00042 #ifdef KSSL_HAVE_SSL
00043 #define crypt _openssl_crypt
00044 #include <openssl/ssl.h>
00045 #undef crypt
00046 #endif
00047
00048 #include <kopenssl.h>
00049
00050 class CipherNode {
00051 public:
00052 CipherNode(const char *_name, int _keylen) :
00053 name(_name), keylen(_keylen) {}
00054 QString name;
00055 int keylen;
00056 inline int operator==(CipherNode &x)
00057 { return ((x.keylen == keylen) && (x.name == name)); }
00058 inline int operator< (CipherNode &x) { return keylen < x.keylen; }
00059 inline int operator<=(CipherNode &x) { return keylen <= x.keylen; }
00060 inline int operator> (CipherNode &x) { return keylen > x.keylen; }
00061 inline int operator>=(CipherNode &x) { return keylen >= x.keylen; }
00062 };
00063
00064
00065 class KSSLSettingsPrivate {
00066 public:
00067 KSSLSettingsPrivate() {
00068 kossl = NULL;
00069 }
00070 ~KSSLSettingsPrivate() {
00071
00072 }
00073
00074 KOSSL *kossl;
00075 bool m_bUseEGD;
00076 bool m_bUseEFile;
00077 QString m_EGDPath;
00078 bool m_bSendX509;
00079 bool m_bPromptX509;
00080 };
00081
00082
00083
00084
00085
00086
00087
00088 KSSLSettings::KSSLSettings(bool readConfig) {
00089 d = new KSSLSettingsPrivate;
00090 m_cfg = new KConfig("cryptodefaults", false, false);
00091
00092 if (!KGlobal::dirs()->addResourceType("kssl", KStandardDirs::kde_default("data") + "kssl")) {
00093
00094 }
00095
00096 if (readConfig) load();
00097 }
00098
00099
00100
00101 KSSLSettings::~KSSLSettings() {
00102 delete m_cfg;
00103 delete d;
00104 }
00105
00106
00107 bool KSSLSettings::sslv2() const {
00108 return m_bUseSSLv2;
00109 }
00110
00111
00112 bool KSSLSettings::sslv3() const {
00113 return m_bUseSSLv3;
00114 }
00115
00116
00117 bool KSSLSettings::tlsv1() const {
00118 return m_bUseTLSv1;
00119 }
00120
00121
00122
00123
00124
00125 QString KSSLSettings::getCipherList() {
00126 QString clist = "";
00127 #ifdef KSSL_HAVE_SSL
00128 QString tcipher;
00129 bool firstcipher = true;
00130 SSL_METHOD *meth;
00131 QSortedList<CipherNode> cipherSort;
00132 cipherSort.setAutoDelete(true);
00133
00134
00135 if (!d->kossl)
00136 d->kossl = KOSSL::self();
00137
00138 if (m_bUseSSLv2 && m_bUseSSLv3)
00139 meth = d->kossl->SSLv23_client_method();
00140 else if (m_bUseSSLv3)
00141 meth = d->kossl->SSLv3_client_method();
00142 else
00143 meth = d->kossl->SSLv2_client_method();
00144
00145
00146
00147
00148 for (int k = 0; k < 2; k++) {
00149
00150 if (k == 0) {
00151 if (!m_bUseSSLv2) continue;
00152 m_cfg->setGroup("SSLv2");
00153 } else {
00154 if (!m_bUseSSLv3) continue;
00155 m_cfg->setGroup("SSLv3");
00156 }
00157
00158
00159
00160
00161
00162
00163
00164
00165
00166
00167
00168
00169
00170 for(int i = 0;; i++) {
00171 SSL_CIPHER *sc = (meth->get_cipher)(i);
00172 if (!sc) break;;
00173 tcipher.sprintf("cipher_%s", sc->name);
00174 int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
00175
00176 if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
00177 CipherNode *xx = new CipherNode(sc->name,bits);
00178 if (!cipherSort.contains(xx))
00179 cipherSort.inSort(xx);
00180 else delete xx;
00181 }
00182 }
00183
00184 }
00185
00186
00187
00188
00189
00190
00191
00192
00193
00194 CipherNode tnode("", 0);
00195
00196 #define AdjustCipher(X, Y) tnode.name = X; tnode.keylen = Y; \
00197 if (cipherSort.find(&tnode) != -1) { \
00198 cipherSort.remove(); \
00199 cipherSort.append(new CipherNode(tnode.name.latin1(), tnode.keylen)); \
00200 }
00201
00202 AdjustCipher("IDEA-CBC-MD5", 128);
00203 AdjustCipher("DES-CBC3-MD5", 168);
00204 AdjustCipher("RC2-CBC-MD5", 128);
00205 AdjustCipher("DES-CBC3-SHA", 168);
00206 AdjustCipher("IDEA-CBC-SHA", 128);
00207 AdjustCipher("RC4-SHA", 128);
00208 AdjustCipher("RC4-MD5", 128);
00209 #undef AdjustCipher
00210
00211
00212
00213 while (!cipherSort.isEmpty()) {
00214 if (firstcipher)
00215 firstcipher = false;
00216 else clist.append(":");
00217 clist.append(cipherSort.getLast()->name);
00218 cipherSort.removeLast();
00219 }
00220
00221
00222
00223 #endif
00224 return clist;
00225 }
00226
00227
00228 void KSSLSettings::load() {
00229 m_cfg->reparseConfiguration();
00230
00231 m_cfg->setGroup("TLS");
00232 m_bUseTLSv1 = m_cfg->readBoolEntry("Enabled", true);
00233
00234 m_cfg->setGroup("SSLv2");
00235 m_bUseSSLv2 = m_cfg->readBoolEntry("Enabled", true);
00236
00237 m_cfg->setGroup("SSLv3");
00238 m_bUseSSLv3 = m_cfg->readBoolEntry("Enabled", true);
00239
00240 m_cfg->setGroup("Warnings");
00241 m_bWarnOnEnter = m_cfg->readBoolEntry("OnEnter", false);
00242 m_bWarnOnLeave = m_cfg->readBoolEntry("OnLeave", true);
00243 m_bWarnOnUnencrypted = m_cfg->readBoolEntry("OnUnencrypted", true);
00244 m_bWarnOnMixed = m_cfg->readBoolEntry("OnMixed", true);
00245
00246 m_cfg->setGroup("Validation");
00247 m_bWarnSelfSigned = m_cfg->readBoolEntry("WarnSelfSigned", true);
00248 m_bWarnExpired = m_cfg->readBoolEntry("WarnExpired", true);
00249 m_bWarnRevoked = m_cfg->readBoolEntry("WarnRevoked", true);
00250
00251 m_cfg->setGroup("EGD");
00252 d->m_bUseEGD = m_cfg->readBoolEntry("UseEGD", false);
00253 d->m_bUseEFile = m_cfg->readBoolEntry("UseEFile", false);
00254 d->m_EGDPath = m_cfg->readEntry("EGDPath");
00255
00256 m_cfg->setGroup("Auth");
00257 d->m_bSendX509 = ("send" == m_cfg->readEntry("AuthMethod", ""));
00258 d->m_bPromptX509 = ("prompt" == m_cfg->readEntry("AuthMethod", ""));
00259
00260 #ifdef KSSL_HAVE_SSL
00261
00262
00263
00264 #endif
00265 }
00266
00267
00268 void KSSLSettings::defaults() {
00269 m_bUseTLSv1 = true;
00270 m_bUseSSLv2 = true;
00271 m_bUseSSLv3 = true;
00272 m_bWarnOnEnter = false;
00273 m_bWarnOnLeave = true;
00274 m_bWarnOnUnencrypted = true;
00275 m_bWarnOnMixed = true;
00276 m_bWarnSelfSigned = true;
00277 m_bWarnExpired = true;
00278 m_bWarnRevoked = true;
00279 d->m_bUseEGD = false;
00280 d->m_bUseEFile = false;
00281 d->m_EGDPath = "";
00282 }
00283
00284
00285 void KSSLSettings::save() {
00286 m_cfg->setGroup("TLS");
00287 m_cfg->writeEntry("Enabled", m_bUseTLSv1);
00288
00289 m_cfg->setGroup("SSLv2");
00290 m_cfg->writeEntry("Enabled", m_bUseSSLv2);
00291
00292 m_cfg->setGroup("SSLv3");
00293 m_cfg->writeEntry("Enabled", m_bUseSSLv3);
00294
00295 m_cfg->setGroup("Warnings");
00296 m_cfg->writeEntry("OnEnter", m_bWarnOnEnter);
00297 m_cfg->writeEntry("OnLeave", m_bWarnOnLeave);
00298 m_cfg->writeEntry("OnUnencrypted", m_bWarnOnUnencrypted);
00299 m_cfg->writeEntry("OnMixed", m_bWarnOnMixed);
00300
00301 m_cfg->setGroup("Validation");
00302 m_cfg->writeEntry("WarnSelfSigned", m_bWarnSelfSigned);
00303 m_cfg->writeEntry("WarnExpired", m_bWarnExpired);
00304 m_cfg->writeEntry("WarnRevoked", m_bWarnRevoked);
00305
00306 m_cfg->setGroup("EGD");
00307 m_cfg->writeEntry("UseEGD", d->m_bUseEGD);
00308 m_cfg->writeEntry("UseEFile", d->m_bUseEFile);
00309 m_cfg->writeEntry("EGDPath", d->m_EGDPath);
00310
00311
00312 #if 0
00313 #ifdef KSSL_HAVE_SSL
00314 m_cfg->setGroup("SSLv2");
00315 for (unsigned int i = 0; i < v2ciphers.count(); i++) {
00316 QString ciphername;
00317 ciphername.sprintf("cipher_%s", v2ciphers[i].ascii());
00318 if (v2selectedciphers.contains(v2ciphers[i])) {
00319 m_cfg->writeEntry(ciphername, true);
00320 } else m_cfg->writeEntry(ciphername, false);
00321 }
00322
00323 m_cfg->setGroup("SSLv3");
00324 for (unsigned int i = 0; i < v3ciphers.count(); i++) {
00325 QString ciphername;
00326 ciphername.sprintf("cipher_%s", v3ciphers[i].ascii());
00327 if (v3selectedciphers.contains(v3ciphers[i])) {
00328 m_cfg->writeEntry(ciphername, true);
00329 } else m_cfg->writeEntry(ciphername, false);
00330 }
00331 #endif
00332
00333 m_cfg->sync();
00334
00335
00336 QString cfgName(KGlobal::dirs()->findResource("config", "cryptodefaults"));
00337 if (!cfgName.isEmpty())
00338 ::chmod(QFile::encodeName(cfgName), 0600);
00339 #endif
00340 }
00341
00342
00343 bool KSSLSettings::warnOnEnter() const { return m_bWarnOnEnter; }
00344 bool KSSLSettings::warnOnUnencrypted() const { return m_bWarnOnUnencrypted; }
00345 void KSSLSettings::setWarnOnUnencrypted(bool x) { m_bWarnOnUnencrypted = x; }
00346 bool KSSLSettings::warnOnLeave() const { return m_bWarnOnLeave; }
00347 bool KSSLSettings::warnOnMixed() const { return m_bWarnOnMixed; }
00348 bool KSSLSettings::warnOnSelfSigned() const { return m_bWarnSelfSigned; }
00349 bool KSSLSettings::warnOnRevoked() const { return m_bWarnRevoked; }
00350 bool KSSLSettings::warnOnExpired() const { return m_bWarnExpired; }
00351 bool KSSLSettings::useEGD() const { return d->m_bUseEGD; }
00352 bool KSSLSettings::useEFile() const { return d->m_bUseEFile; }
00353 bool KSSLSettings::autoSendX509() const { return d->m_bSendX509; }
00354 bool KSSLSettings::promptSendX509() const { return d->m_bPromptX509; }
00355
00356 void KSSLSettings::setTLSv1(bool enabled) { m_bUseTLSv1 = enabled; }
00357 void KSSLSettings::setSSLv2(bool enabled) { m_bUseSSLv2 = enabled; }
00358 void KSSLSettings::setSSLv3(bool enabled) { m_bUseSSLv3 = enabled; }
00359
00360 QString& KSSLSettings::getEGDPath() { return d->m_EGDPath; }
00361