00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
#ifdef HAVE_CONFIG_H
00022
#include <config.h>
00023
#endif
00024
00025
#include <sys/types.h>
00026
#include <sys/stat.h>
00027
00028
#include <stdlib.h>
00029
#include <pwd.h>
00030
#include <unistd.h>
00031
00032
#include <qfile.h>
00033
#include <qsortedlist.h>
00034
00035
#include "ksslsettings.h"
00036
#include <kglobal.h>
00037
#include <kstandarddirs.h>
00038
#include <kdebug.h>
00039
00040
00041
00042
#ifdef KSSL_HAVE_SSL
00043
#define crypt _openssl_crypt
00044
#include <openssl/ssl.h>
00045
#undef crypt
00046
#endif
00047
00048
#include <kopenssl.h>
00049
00050
class CipherNode {
00051
public:
00052 CipherNode(
const char *_name,
int _keylen) :
00053
name(_name), keylen(_keylen) {}
00054
QString name;
00055
int keylen;
00056
inline int operator==(CipherNode &x)
00057 {
return ((x.keylen == keylen) && (x.name ==
name)); }
00058
inline int operator< (CipherNode &x) {
return keylen < x.keylen; }
00059
inline int operator<=(CipherNode &x) {
return keylen <= x.keylen; }
00060
inline int operator> (CipherNode &x) {
return keylen > x.keylen; }
00061
inline int operator>=(CipherNode &x) {
return keylen >= x.keylen; }
00062 };
00063
00064
00065
class KSSLSettingsPrivate {
00066
public:
00067 KSSLSettingsPrivate() {
00068 kossl = NULL;
00069 }
00070 ~KSSLSettingsPrivate() {
00071
00072 }
00073
00074 KOSSL *kossl;
00075
bool m_bUseEGD;
00076
bool m_bUseEFile;
00077
QString m_EGDPath;
00078
bool m_bSendX509;
00079
bool m_bPromptX509;
00080 };
00081
00082
00083
00084
00085
00086
00087
00088 KSSLSettings::KSSLSettings(
bool readConfig) {
00089 d =
new KSSLSettingsPrivate;
00090 m_cfg =
new KConfig(
"cryptodefaults",
false,
false);
00091
00092
if (!
KGlobal::dirs()->
addResourceType(
"kssl", KStandardDirs::kde_default(
"data") +
"kssl")) {
00093
00094 }
00095
00096
if (readConfig)
load();
00097 }
00098
00099
00100
00101 KSSLSettings::~KSSLSettings() {
00102
delete m_cfg;
00103
delete d;
00104 }
00105
00106
00107 bool KSSLSettings::sslv2()
const {
00108
return m_bUseSSLv2;
00109 }
00110
00111
00112 bool KSSLSettings::sslv3()
const {
00113
return m_bUseSSLv3;
00114 }
00115
00116
00117 bool KSSLSettings::tlsv1()
const {
00118
return m_bUseTLSv1;
00119 }
00120
00121
00122
00123
00124
00125 QString KSSLSettings::getCipherList() {
00126
QString clist =
"";
00127
#ifdef KSSL_HAVE_SSL
00128
QString tcipher;
00129
bool firstcipher =
true;
00130 SSL_METHOD *meth;
00131
QSortedList<CipherNode> cipherSort;
00132 cipherSort.setAutoDelete(
true);
00133
00134
00135
if (!d->kossl)
00136 d->kossl = KOSSL::self();
00137
00138
00139
00140
00141
for (
int k = 0; k < 2; k++) {
00142
00143
if (k == 0) {
00144
if (!m_bUseSSLv2)
00145
continue;
00146 m_cfg->
setGroup(
"SSLv2");
00147 meth = d->kossl->SSLv2_client_method();
00148 }
else {
00149
if (!m_bUseSSLv3)
00150
continue;
00151 m_cfg->
setGroup(
"SSLv3");
00152 meth = d->kossl->SSLv3_client_method();
00153 }
00154
00155
00156
00157
00158
00159
00160
00161
00162
00163
00164
00165
00166
00167
for(
int i = 0;; i++) {
00168 SSL_CIPHER *sc = (meth->get_cipher)(i);
00169
if (!sc)
00170
break;
00171 tcipher.
sprintf(
"cipher_%s", sc->name);
00172
int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
00173
00174
if (m_cfg->
readBoolEntry(tcipher, bits >= 56)) {
00175 CipherNode *xx =
new CipherNode(sc->name,bits);
00176
if (!cipherSort.contains(xx)) {
00177 cipherSort.inSort(xx);
00178 }
else {
00179
delete xx;
00180 }
00181 }
00182 }
00183 }
00184
00185
00186
00187
00188
00189
00190
00191
00192
00193 CipherNode tnode(
"", 0);
00194
00195
#define AdjustCipher(X, Y) tnode.name = X; tnode.keylen = Y; \
00196
if (cipherSort.find(&tnode) != -1) { \
00197
cipherSort.remove(); \
00198
cipherSort.append(new CipherNode(tnode.name.latin1(), tnode.keylen)); \
00199
}
00200
00201 AdjustCipher(
"IDEA-CBC-MD5", 128);
00202 AdjustCipher(
"DES-CBC3-MD5", 168);
00203 AdjustCipher(
"RC2-CBC-MD5", 128);
00204 AdjustCipher(
"DES-CBC3-SHA", 168);
00205 AdjustCipher(
"IDEA-CBC-SHA", 128);
00206 AdjustCipher(
"RC4-SHA", 128);
00207 AdjustCipher(
"RC4-MD5", 128);
00208
#undef AdjustCipher
00209
00210
00211
for (
unsigned int i = 0; i < cipherSort.count(); i++) {
00212 CipherNode *j = 0L;
00213
while ((j = cipherSort.at(i)) != 0L) {
00214
if (j->name.contains(
"ADH-")) {
00215 cipherSort.remove(j);
00216 }
else {
00217
break;
00218 }
00219 }
00220 }
00221
00222
00223
while (!cipherSort.isEmpty()) {
00224
if (firstcipher)
00225 firstcipher =
false;
00226
else clist.
append(
":");
00227 clist.
append(cipherSort.getLast()->name);
00228 cipherSort.removeLast();
00229 }
00230
00231
00232
00233
#endif
00234
return clist;
00235 }
00236
00237
00238 void KSSLSettings::load() {
00239 m_cfg->
reparseConfiguration();
00240
00241 m_cfg->
setGroup(
"TLS");
00242 m_bUseTLSv1 = m_cfg->
readBoolEntry(
"Enabled",
true);
00243
00244 m_cfg->
setGroup(
"SSLv2");
00245 m_bUseSSLv2 = m_cfg->
readBoolEntry(
"Enabled",
true);
00246
00247 m_cfg->
setGroup(
"SSLv3");
00248 m_bUseSSLv3 = m_cfg->
readBoolEntry(
"Enabled",
true);
00249
00250 m_cfg->
setGroup(
"Warnings");
00251 m_bWarnOnEnter = m_cfg->
readBoolEntry(
"OnEnter",
false);
00252 m_bWarnOnLeave = m_cfg->
readBoolEntry(
"OnLeave",
true);
00253 m_bWarnOnUnencrypted = m_cfg->
readBoolEntry(
"OnUnencrypted",
true);
00254 m_bWarnOnMixed = m_cfg->
readBoolEntry(
"OnMixed",
true);
00255
00256 m_cfg->
setGroup(
"Validation");
00257 m_bWarnSelfSigned = m_cfg->
readBoolEntry(
"WarnSelfSigned",
true);
00258 m_bWarnExpired = m_cfg->
readBoolEntry(
"WarnExpired",
true);
00259 m_bWarnRevoked = m_cfg->
readBoolEntry(
"WarnRevoked",
true);
00260
00261 m_cfg->
setGroup(
"EGD");
00262 d->m_bUseEGD = m_cfg->
readBoolEntry(
"UseEGD",
false);
00263 d->m_bUseEFile = m_cfg->
readBoolEntry(
"UseEFile",
false);
00264 d->m_EGDPath = m_cfg->
readPathEntry(
"EGDPath");
00265
00266 m_cfg->
setGroup(
"Auth");
00267 d->m_bSendX509 = (
"send" == m_cfg->
readEntry(
"AuthMethod",
""));
00268 d->m_bPromptX509 = (
"prompt" == m_cfg->
readEntry(
"AuthMethod",
""));
00269
00270
#ifdef KSSL_HAVE_SSL
00271
00272
00273
00274
#endif
00275
}
00276
00277
00278 void KSSLSettings::defaults() {
00279 m_bUseTLSv1 =
true;
00280 m_bUseSSLv2 =
true;
00281 m_bUseSSLv3 =
true;
00282 m_bWarnOnEnter =
false;
00283 m_bWarnOnLeave =
true;
00284 m_bWarnOnUnencrypted =
true;
00285 m_bWarnOnMixed =
true;
00286 m_bWarnSelfSigned =
true;
00287 m_bWarnExpired =
true;
00288 m_bWarnRevoked =
true;
00289 d->m_bUseEGD =
false;
00290 d->m_bUseEFile =
false;
00291 d->m_EGDPath =
"";
00292 }
00293
00294
00295 void KSSLSettings::save() {
00296 m_cfg->
setGroup(
"TLS");
00297 m_cfg->
writeEntry(
"Enabled", m_bUseTLSv1);
00298
00299 m_cfg->
setGroup(
"SSLv2");
00300 m_cfg->
writeEntry(
"Enabled", m_bUseSSLv2);
00301
00302 m_cfg->
setGroup(
"SSLv3");
00303 m_cfg->
writeEntry(
"Enabled", m_bUseSSLv3);
00304
00305 m_cfg->
setGroup(
"Warnings");
00306 m_cfg->
writeEntry(
"OnEnter", m_bWarnOnEnter);
00307 m_cfg->
writeEntry(
"OnLeave", m_bWarnOnLeave);
00308 m_cfg->
writeEntry(
"OnUnencrypted", m_bWarnOnUnencrypted);
00309 m_cfg->
writeEntry(
"OnMixed", m_bWarnOnMixed);
00310
00311 m_cfg->
setGroup(
"Validation");
00312 m_cfg->
writeEntry(
"WarnSelfSigned", m_bWarnSelfSigned);
00313 m_cfg->
writeEntry(
"WarnExpired", m_bWarnExpired);
00314 m_cfg->
writeEntry(
"WarnRevoked", m_bWarnRevoked);
00315
00316 m_cfg->
setGroup(
"EGD");
00317 m_cfg->
writeEntry(
"UseEGD", d->m_bUseEGD);
00318 m_cfg->
writeEntry(
"UseEFile", d->m_bUseEFile);
00319 m_cfg->
writePathEntry(
"EGDPath", d->m_EGDPath);
00320
00321
00322
#if 0
00323
#ifdef KSSL_HAVE_SSL
00324
m_cfg->
setGroup(
"SSLv2");
00325
for (
unsigned int i = 0; i < v2ciphers.
count(); i++) {
00326
QString ciphername;
00327 ciphername.
sprintf(
"cipher_%s", v2ciphers[i].ascii());
00328
if (v2selectedciphers.
contains(v2ciphers[i])) {
00329 m_cfg->
writeEntry(ciphername,
true);
00330 }
else m_cfg->
writeEntry(ciphername,
false);
00331 }
00332
00333 m_cfg->
setGroup(
"SSLv3");
00334
for (
unsigned int i = 0; i < v3ciphers.
count(); i++) {
00335
QString ciphername;
00336 ciphername.
sprintf(
"cipher_%s", v3ciphers[i].ascii());
00337
if (v3selectedciphers.
contains(v3ciphers[i])) {
00338 m_cfg->
writeEntry(ciphername,
true);
00339 }
else m_cfg->
writeEntry(ciphername,
false);
00340 }
00341
#endif
00342
00343 m_cfg->
sync();
00344
00345
00346
QString cfgName(KGlobal::dirs()->findResource(
"config",
"cryptodefaults"));
00347
if (!cfgName.
isEmpty())
00348 ::chmod(QFile::encodeName(cfgName), 0600);
00349
#endif
00350
}
00351
00352
00353 bool KSSLSettings::warnOnEnter()
const {
return m_bWarnOnEnter; }
00354 bool KSSLSettings::warnOnUnencrypted()
const {
return m_bWarnOnUnencrypted; }
00355 void KSSLSettings::setWarnOnUnencrypted(
bool x) { m_bWarnOnUnencrypted = x; }
00356 bool KSSLSettings::warnOnLeave()
const {
return m_bWarnOnLeave; }
00357 bool KSSLSettings::warnOnMixed()
const {
return m_bWarnOnMixed; }
00358 bool KSSLSettings::warnOnSelfSigned()
const {
return m_bWarnSelfSigned; }
00359 bool KSSLSettings::warnOnRevoked()
const {
return m_bWarnRevoked; }
00360 bool KSSLSettings::warnOnExpired()
const {
return m_bWarnExpired; }
00361 bool KSSLSettings::useEGD()
const {
return d->m_bUseEGD; }
00362 bool KSSLSettings::useEFile()
const {
return d->m_bUseEFile; }
00363 bool KSSLSettings::autoSendX509()
const {
return d->m_bSendX509; }
00364 bool KSSLSettings::promptSendX509()
const {
return d->m_bPromptX509; }
00365
00366 void KSSLSettings::setTLSv1(
bool enabled) { m_bUseTLSv1 = enabled; }
00367 void KSSLSettings::setSSLv2(
bool enabled) { m_bUseSSLv2 = enabled; }
00368 void KSSLSettings::setSSLv3(
bool enabled) { m_bUseSSLv3 = enabled; }
00369
00370 QString&
KSSLSettings::getEGDPath() {
return d->m_EGDPath; }
00371