mirror of
https://github.com/znc/znc.git
synced 2026-03-28 17:42:41 +01:00
Fix host name retrieval during TLS certificate generation (#1935)
Use HOSTNAME if defined, otherwise invoke gethostname(3) if possible, fallback to uname(2)
This commit is contained in:
Giovanni
GitHub
@@ -318,6 +318,8 @@ check_cxx_symbol_exists(lstat "sys/types.h;sys/stat.h;unistd.h" HAVE_LSTAT)
|
||||
check_cxx_symbol_exists(getpassphrase "stdlib.h" HAVE_GETPASSPHRASE)
|
||||
check_cxx_symbol_exists(tcsetattr "termios.h;unistd.h" HAVE_TCSETATTR)
|
||||
check_cxx_symbol_exists(clock_gettime "time.h" HAVE_CLOCK_GETTIME)
|
||||
check_cxx_symbol_exists(gethostname "unistd.h" ZNC_HAVE_GETHOSTNAME)
|
||||
check_cxx_symbol_exists(uname "sys/utsname.h" ZNC_HAVE_UNAME)
|
||||
|
||||
# Note that old broken systems, such as OpenBSD, NetBSD, which don't support
|
||||
# AI_ADDRCONFIG, also have thread-unsafe getaddrinfo(). Gladly, they fixed
|
||||
|
||||
@@ -44,6 +44,7 @@ class CUtils {
|
||||
|
||||
static CString GetIP(unsigned long addr);
|
||||
static unsigned long GetLongIP(const CString& sIP);
|
||||
static CString GetHostName();
|
||||
|
||||
static void PrintError(const CString& sMessage);
|
||||
static void PrintMessage(const CString& sMessage, bool bStrong = false);
|
||||
@@ -74,7 +75,7 @@ class CUtils {
|
||||
static timeval GetTime();
|
||||
static unsigned long long GetMillTime();
|
||||
#ifdef HAVE_LIBSSL
|
||||
static void GenerateCert(FILE* pOut, const CString& sHost = "");
|
||||
static void GenerateCert(FILE* pOut);
|
||||
#endif /* HAVE_LIBSSL */
|
||||
|
||||
static CString CTime(time_t t, const CString& sTZ);
|
||||
|
||||
@@ -43,6 +43,8 @@
|
||||
#cmakedefine HAVE_TCSETATTR 1
|
||||
#cmakedefine HAVE_GETPASSPHRASE 1
|
||||
#cmakedefine HAVE_CLOCK_GETTIME 1
|
||||
#cmakedefine ZNC_HAVE_GETHOSTNAME 1
|
||||
#cmakedefine ZNC_HAVE_UNAME 1
|
||||
|
||||
#cmakedefine HAVE_ICU 1
|
||||
#define U_USING_ICU_NAMESPACE 1
|
||||
|
||||
@@ -38,6 +38,10 @@
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
|
||||
#ifdef ZNC_HAVE_GETHOSTNAME
|
||||
#include <limits.h>
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netdb.h>
|
||||
@@ -56,6 +60,10 @@
|
||||
#include <argon2.h>
|
||||
#endif
|
||||
|
||||
#ifdef ZNC_HAVE_UNAME
|
||||
#include <sys/utsname.h>
|
||||
#endif
|
||||
|
||||
// Required with GCC 4.3+ if openssl is disabled
|
||||
#include <cstring>
|
||||
#include <cstdlib>
|
||||
@@ -82,7 +90,7 @@ constexpr const char* szDefaultDH2048 =
|
||||
"cvUyzAEcCQYHmiYjp2hoZbSa8b690TQaAwIBAg==\n"
|
||||
"-----END DH PARAMETERS-----\n";
|
||||
|
||||
void CUtils::GenerateCert(FILE* pOut, const CString& sHost) {
|
||||
void CUtils::GenerateCert(FILE* pOut) {
|
||||
const int days = 365;
|
||||
const int years = 10;
|
||||
|
||||
@@ -112,25 +120,19 @@ void CUtils::GenerateCert(FILE* pOut, const CString& sHost) {
|
||||
X509_set_pubkey(pCert.get(), pKey.get());
|
||||
|
||||
const char* pLogName = getenv("LOGNAME");
|
||||
const char* pHostName = nullptr;
|
||||
const CString sHostName = GetHostName();
|
||||
|
||||
if (!pLogName) pLogName = "Unknown";
|
||||
|
||||
if (!sHost.empty()) pHostName = sHost.c_str();
|
||||
|
||||
if (!pHostName) pHostName = getenv("HOSTNAME");
|
||||
|
||||
if (!pHostName) pHostName = "host.unknown";
|
||||
|
||||
CString sEmailAddr = pLogName;
|
||||
sEmailAddr += "@";
|
||||
sEmailAddr += pHostName;
|
||||
sEmailAddr += sHostName;
|
||||
|
||||
X509_NAME* pName = X509_get_subject_name(pCert.get());
|
||||
X509_NAME_add_entry_by_txt(pName, "OU", MBSTRING_ASC,
|
||||
(unsigned char*)pLogName, -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(pName, "CN", MBSTRING_ASC,
|
||||
(unsigned char*)pHostName, -1, -1, 0);
|
||||
(unsigned char*)sHostName.c_str(), -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(pName, "emailAddress", MBSTRING_ASC,
|
||||
(unsigned char*)sEmailAddr.c_str(), -1, -1, 0);
|
||||
|
||||
@@ -180,6 +182,30 @@ unsigned long CUtils::GetLongIP(const CString& sIP) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
CString CUtils::GetHostName() {
|
||||
const char *pEnv;
|
||||
|
||||
pEnv = getenv("HOSTNAME");
|
||||
if (pEnv && pEnv[0])
|
||||
return pEnv;
|
||||
|
||||
#if defined(ZNC_HAVE_GETHOSTNAME) && defined(_POSIX_HOST_NAME_MAX)
|
||||
char szBuffer[_POSIX_HOST_NAME_MAX + 1];
|
||||
szBuffer[_POSIX_HOST_NAME_MAX] = 0;
|
||||
if (gethostname(szBuffer, _POSIX_HOST_NAME_MAX) == 0)
|
||||
return std::string(szBuffer);
|
||||
#endif
|
||||
|
||||
#if defined(ZNC_HAVE_UNAME)
|
||||
struct utsname UnameBuffer;
|
||||
|
||||
if (uname(&UnameBuffer) == 0 && UnameBuffer.nodename[0] != '\0')
|
||||
return UnameBuffer.nodename;
|
||||
#endif
|
||||
|
||||
return "host.unknown";
|
||||
}
|
||||
|
||||
#ifdef ZNC_HAVE_ARGON
|
||||
static CString SaltedArgonHash(const CString& sPass, const CString& sSalt) {
|
||||
#define ZNC_ARGON_PARAMS /* iterations */ 6, /* memory */ 6144, /* parallelism */ 1
|
||||
|
||||
@@ -316,7 +316,7 @@ bool CZNC::WritePemFile() {
|
||||
return false;
|
||||
}
|
||||
|
||||
CUtils::GenerateCert(f, "");
|
||||
CUtils::GenerateCert(f);
|
||||
fclose(f);
|
||||
|
||||
CUtils::PrintStatus(true);
|
||||
|
||||
Reference in New Issue
Block a user