nullren/bitlbee_changes.diff

## bitlbee_changes.diff
=== modified file 'lib/ssl_client.h'
--- lib/ssl_client.h	2011-12-23 22:40:17 +0000
+++ lib/ssl_client.h	2013-01-20 19:00:01 +0000
@@ -49,19 +49,39 @@
 #define VERIFY_CERT_EXPIRED 256
 #define VERIFY_CERT_WRONG_HOSTNAME 512

+#include <gnutls/gnutls.h>
+
 extern int ssl_errno;

 /* This is what your callback function should look like. */
 typedef gboolean (*ssl_input_function)(gpointer, int, void*, b_input_condition);
+typedef void (*ssl_credentials_func)(gpointer);
+
+struct scd
+{
+	ssl_input_function func;
+	ssl_credentials_func cred_func;
+	gpointer data;
+	int fd;
+	gboolean established;
+	int inpa;
+	char *hostname;
+	gboolean verify;
+	gnutls_session_t session;
+	gnutls_certificate_credentials_t xcred;
+};
+


 /* Perform any global initialization the SSL library might need. */
 G_MODULE_EXPORT void ssl_init( void );
+G_MODULE_EXPORT void ssl_init_with( gpointer );

 /* Connect to host:port, call the given function when the connection is
    ready to be used for SSL traffic. This is all done asynchronously, no
    blocking I/O! (Except for the DNS lookups, for now...) */
 G_MODULE_EXPORT void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data );
+G_MODULE_EXPORT void *ssl_connect_with_creds( char *host, int port, gboolean verify, ssl_input_function func, ssl_credentials_func cred_func, gpointer data );

 /* Start an SSL session on an existing fd. Useful for STARTTLS functionality,
    for example in Jabber. */

=== modified file 'lib/ssl_gnutls.c'
--- lib/ssl_gnutls.c	2012-12-24 19:17:37 +0000
+++ lib/ssl_gnutls.c	2013-02-03 02:00:21 +0000
@@ -36,8 +36,11 @@

 int ssl_errno = 0;

+static int connect_counter = 0;
 static gboolean initialized = FALSE;
+static gboolean creds_initialized = FALSE;
 gnutls_certificate_credentials_t xcred;
+gnutls_certificate_credentials_t creds_user;

 #include <limits.h>

@@ -49,19 +52,7 @@

 #define SSLDEBUG 0

-struct scd
-{
-	ssl_input_function func;
-	gpointer data;
-	int fd;
-	gboolean established;
-	int inpa;
-	char *hostname;
-	gboolean verify;
-
-	gnutls_session_t session;
-};
-
+static char *TAG = "SSL_GNUTLS";
 static GHashTable *session_cache;

 static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
@@ -72,7 +63,7 @@

 static void ssl_log( int level, const char *line )
 {
-	printf( "%d %s", level, line );
+	//fprintf(stderr, "%d %s", level, line );
 }

 void ssl_init( void )
@@ -82,6 +73,7 @@

 	gnutls_global_init();
 	gnutls_certificate_allocate_credentials( &xcred );
+
 	if( global.conf->cafile )
 	{
 		gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
@@ -94,29 +86,75 @@
 	initialized = TRUE;

 	gnutls_global_set_log_function( ssl_log );
-	/*
-	gnutls_global_set_log_level( 3 );
-	*/
-
-	session_cache = g_hash_table_new_full( g_str_hash, g_str_equal, g_free, g_free );
-
-	atexit( ssl_deinit );
-}
+	gnutls_global_set_log_level( 9 );
+
+	session_cache = g_hash_table_new_full( g_str_hash, g_str_equal, g_free, g_free );
+
+	atexit( ssl_deinit );
+}
+
+void ssl_init_with(gpointer data)
+{
+	struct scd *conn = data;
+
+	if( creds_initialized )
+		return;
+
+	gnutls_global_init();
+	gnutls_certificate_allocate_credentials( &(conn->xcred) );
+
+	creds_user = conn->xcred;
+
+	conn->cred_func(conn);
+
+	creds_initialized = TRUE;
+
+	gnutls_global_set_log_function( ssl_log );
+	gnutls_global_set_log_level( 9 );
+
+	session_cache = g_hash_table_new_full( g_str_hash, g_str_equal, g_free, g_free );
+
+	atexit( ssl_deinit );
+}
+

 static void ssl_deinit( void )
 {
+	if( getenv("BITLBEE_DEBUG") ){
+		fprintf(stderr, "%s:ssl_deinit: called!\n", TAG);
+	}
+
 	gnutls_global_deinit();
-	gnutls_certificate_free_credentials( xcred );
-	g_hash_table_destroy( session_cache );
+
+	if(xcred != NULL)
+		gnutls_certificate_free_credentials( xcred );
+	xcred = NULL;
+
+	if(creds_user != NULL)
+		gnutls_certificate_free_credentials( creds_user );
+	creds_user = NULL;
+
+	if( session_cache != NULL)
+		g_hash_table_destroy( session_cache );
 	session_cache = NULL;
+
+	initialized = FALSE;
+	creds_initialized = FALSE;
 }

 void *ssl_connect( char *host, int port, gboolean verify, ssl_input_function func, gpointer data )
 {
+	return ssl_connect_with_creds(host, port, verify, func, NULL, data);
+}
+
+void *ssl_connect_with_creds( char *host, int port, gboolean verify, ssl_input_function func, ssl_credentials_func cred_func, gpointer data )
+{
 	struct scd *conn = g_new0( struct scd, 1 );

 	conn->func = func;
+	conn->cred_func = cred_func;
 	conn->data = data;
+	conn->xcred = creds_user;
 	conn->inpa = -1;
 	conn->hostname = g_strdup( host );
 	conn->verify = verify && global.conf->cafile;
@@ -125,12 +163,18 @@
 	if( conn->fd < 0 )
 	{
 		g_free( conn );
+		if( connect_counter++ < 3 ){
+			ssl_deinit();
+			return ssl_connect_with_creds(host, port, verify, func, cred_func, data);
+		} else
+			connect_counter = 0;
 		return NULL;
 	}

 	return conn;
 }

+
 void *ssl_starttls( int fd, char *hostname, gboolean verify, ssl_input_function func, gpointer data )
 {
 	struct scd *conn = g_new0( struct scd, 1 );
@@ -308,15 +352,18 @@
 		return FALSE;
 	}

-	ssl_init();
+	if( conn->cred_func != NULL )
+		ssl_init_with(conn);
+	else
+		ssl_init();

-	gnutls_init( &conn->session, GNUTLS_CLIENT );
+	gnutls_init( &(conn->session), GNUTLS_CLIENT );
 	gnutls_session_set_ptr( conn->session, (void *) conn );
 #if GNUTLS_VERSION_NUMBER < 0x020c00
 	gnutls_transport_set_lowat( conn->session, 0 );
 #endif
 	gnutls_set_default_priority( conn->session );
-	gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, xcred );
+	gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
 	if( conn->hostname && !isdigit( conn->hostname[0] ) )
 		gnutls_server_name_set( conn->session, GNUTLS_NAME_DNS,
 		                        conn->hostname, strlen( conn->hostname ) );
@@ -343,7 +390,7 @@
 		}
 		else
 		{
-			conn->func( conn->data, 0, NULL, cond );
+			conn->func( conn->data, st, NULL, cond );

 			gnutls_deinit( conn->session );
 			closesocket( conn->fd );
@@ -369,7 +416,7 @@

 			ssl_cache_add( conn );
 			conn->established = TRUE;
-			conn->func( conn->data, 0, conn, cond );
+			conn->func( conn->data, st, conn, cond );
 		}
 	}
	=== modified file 'lib/ssl_client.h'
	--- lib/ssl_client.h 2011-12-23 22:40:17 +0000
	+++ lib/ssl_client.h 2013-01-20 19:00:01 +0000
	@@ -49,19 +49,39 @@
	#define VERIFY_CERT_EXPIRED 256
	#define VERIFY_CERT_WRONG_HOSTNAME 512

	+#include <gnutls/gnutls.h>
	+
	extern int ssl_errno;

	/* This is what your callback function should look like. */
	typedef gboolean (ssl_input_function)(gpointer, int, void, b_input_condition);
	+typedef void (*ssl_credentials_func)(gpointer);
	+
	+struct scd
	+{
	+ ssl_input_function func;
	+ ssl_credentials_func cred_func;
	+ gpointer data;
	+ int fd;
	+ gboolean established;
	+ int inpa;
	+ char *hostname;
	+ gboolean verify;
	+ gnutls_session_t session;
	+ gnutls_certificate_credentials_t xcred;
	+};
	+


	/* Perform any global initialization the SSL library might need. */
	G_MODULE_EXPORT void ssl_init( void );
	+G_MODULE_EXPORT void ssl_init_with( gpointer );

	/* Connect to host:port, call the given function when the connection is
	ready to be used for SSL traffic. This is all done asynchronously, no
	blocking I/O! (Except for the DNS lookups, for now...) */
	G_MODULE_EXPORT void ssl_connect( char host, int port, gboolean verify, ssl_input_function func, gpointer data );
	+G_MODULE_EXPORT void ssl_connect_with_creds( char host, int port, gboolean verify, ssl_input_function func, ssl_credentials_func cred_func, gpointer data );

	/* Start an SSL session on an existing fd. Useful for STARTTLS functionality,
	for example in Jabber. */

	=== modified file 'lib/ssl_gnutls.c'
	--- lib/ssl_gnutls.c 2012-12-24 19:17:37 +0000
	+++ lib/ssl_gnutls.c 2013-02-03 02:00:21 +0000
	@@ -36,8 +36,11 @@

	int ssl_errno = 0;

	+static int connect_counter = 0;
	static gboolean initialized = FALSE;
	+static gboolean creds_initialized = FALSE;
	gnutls_certificate_credentials_t xcred;
	+gnutls_certificate_credentials_t creds_user;

	#include <limits.h>

	@@ -49,19 +52,7 @@

	#define SSLDEBUG 0

	-struct scd
	-{
	- ssl_input_function func;
	- gpointer data;
	- int fd;
	- gboolean established;
	- int inpa;
	- char *hostname;
	- gboolean verify;
	-
	- gnutls_session_t session;
	-};
	-
	+static char *TAG = "SSL_GNUTLS";
	static GHashTable *session_cache;

	static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
	@@ -72,7 +63,7 @@

	static void ssl_log( int level, const char *line )
	{
	- printf( "%d %s", level, line );
	+ //fprintf(stderr, "%d %s", level, line );
	}

	void ssl_init( void )
	@@ -82,6 +73,7 @@

	gnutls_global_init();
	gnutls_certificate_allocate_credentials( &xcred );
	+
	if( global.conf->cafile )
	{
	gnutls_certificate_set_x509_trust_file( xcred, global.conf->cafile, GNUTLS_X509_FMT_PEM );
	@@ -94,29 +86,75 @@
	initialized = TRUE;

	gnutls_global_set_log_function( ssl_log );
	- /*
	- gnutls_global_set_log_level( 3 );
	- */
	-
	- session_cache = g_hash_table_new_full( g_str_hash, g_str_equal, g_free, g_free );
	-
	- atexit( ssl_deinit );
	-}
	+ gnutls_global_set_log_level( 9 );
	+
	+ session_cache = g_hash_table_new_full( g_str_hash, g_str_equal, g_free, g_free );
	+
	+ atexit( ssl_deinit );
	+}
	+
	+void ssl_init_with(gpointer data)
	+{
	+ struct scd *conn = data;
	+
	+ if( creds_initialized )
	+ return;
	+
	+ gnutls_global_init();
	+ gnutls_certificate_allocate_credentials( &(conn->xcred) );
	+
	+ creds_user = conn->xcred;
	+
	+ conn->cred_func(conn);
	+
	+ creds_initialized = TRUE;
	+
	+ gnutls_global_set_log_function( ssl_log );
	+ gnutls_global_set_log_level( 9 );
	+
	+ session_cache = g_hash_table_new_full( g_str_hash, g_str_equal, g_free, g_free );
	+
	+ atexit( ssl_deinit );
	+}
	+

	static void ssl_deinit( void )
	{
	+ if( getenv("BITLBEE_DEBUG") ){
	+ fprintf(stderr, "%s:ssl_deinit: called!\n", TAG);
	+ }
	+
	gnutls_global_deinit();
	- gnutls_certificate_free_credentials( xcred );
	- g_hash_table_destroy( session_cache );
	+
	+ if(xcred != NULL)
	+ gnutls_certificate_free_credentials( xcred );
	+ xcred = NULL;
	+
	+ if(creds_user != NULL)
	+ gnutls_certificate_free_credentials( creds_user );
	+ creds_user = NULL;
	+
	+ if( session_cache != NULL)
	+ g_hash_table_destroy( session_cache );
	session_cache = NULL;
	+
	+ initialized = FALSE;
	+ creds_initialized = FALSE;
	}

	void ssl_connect( char host, int port, gboolean verify, ssl_input_function func, gpointer data )
	{
	+ return ssl_connect_with_creds(host, port, verify, func, NULL, data);
	+}
	+
	+void ssl_connect_with_creds( char host, int port, gboolean verify, ssl_input_function func, ssl_credentials_func cred_func, gpointer data )
	+{
	struct scd *conn = g_new0( struct scd, 1 );

	conn->func = func;
	+ conn->cred_func = cred_func;
	conn->data = data;
	+ conn->xcred = creds_user;
	conn->inpa = -1;
	conn->hostname = g_strdup( host );
	conn->verify = verify && global.conf->cafile;
	@@ -125,12 +163,18 @@
	if( conn->fd < 0 )
	{
	g_free( conn );
	+ if( connect_counter++ < 3 ){
	+ ssl_deinit();
	+ return ssl_connect_with_creds(host, port, verify, func, cred_func, data);
	+ } else
	+ connect_counter = 0;
	return NULL;
	}

	return conn;
	}

	+
	void ssl_starttls( int fd, char hostname, gboolean verify, ssl_input_function func, gpointer data )
	{
	struct scd *conn = g_new0( struct scd, 1 );
	@@ -308,15 +352,18 @@
	return FALSE;
	}

	- ssl_init();
	+ if( conn->cred_func != NULL )
	+ ssl_init_with(conn);
	+ else
	+ ssl_init();

	- gnutls_init( &conn->session, GNUTLS_CLIENT );
	+ gnutls_init( &(conn->session), GNUTLS_CLIENT );
	gnutls_session_set_ptr( conn->session, (void *) conn );
	#if GNUTLS_VERSION_NUMBER < 0x020c00
	gnutls_transport_set_lowat( conn->session, 0 );
	#endif
	gnutls_set_default_priority( conn->session );
	- gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, xcred );
	+ gnutls_credentials_set( conn->session, GNUTLS_CRD_CERTIFICATE, conn->xcred );
	if( conn->hostname && !isdigit( conn->hostname[0] ) )
	gnutls_server_name_set( conn->session, GNUTLS_NAME_DNS,
	conn->hostname, strlen( conn->hostname ) );
	@@ -343,7 +390,7 @@
	}
	else
	{
	- conn->func( conn->data, 0, NULL, cond );
	+ conn->func( conn->data, st, NULL, cond );

	gnutls_deinit( conn->session );
	closesocket( conn->fd );
	@@ -369,7 +416,7 @@

	ssl_cache_add( conn );
	conn->established = TRUE;
	- conn->func( conn->data, 0, conn, cond );
	+ conn->func( conn->data, st, conn, cond );
	}
	}