ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/trunk/src/auth.c
(Generate patch)

Comparing:
ircd-hybrid/src/s_auth.c (file contents), Revision 32 by knight, Sun Oct 2 20:41:23 2005 UTC vs.
ircd-hybrid-7.2/src/s_auth.c (file contents), Revision 1013 by michael, Sun Oct 18 14:26:49 2009 UTC

# Line 33 | Line 33
33   *     --Bleep  Thomas Helvey <tomh@inxpress.net>
34   */
35   #include "stdinc.h"
36 #include "tools.h"
36   #include "list.h"
37 + #include "ircd_defs.h"
38 + #include "fdlist.h"
39   #include "s_auth.h"
40   #include "s_conf.h"
41 + #include "balloc.h"
42   #include "client.h"
43   #include "common.h"
44   #include "event.h"
43 #include "fdlist.h"              /* fdlist_add */
45   #include "hook.h"
46   #include "irc_string.h"
47   #include "sprintf_irc.h"
# Line 50 | Line 51
51   #include "irc_res.h"
52   #include "s_bsd.h"
53   #include "s_log.h"
53 #include "s_stats.h"
54   #include "send.h"
55 < #include "memory.h"
55 >
56  
57   static const char *HeaderMessages[] = {
58    ":%s NOTICE AUTH :*** Looking up your hostname...",
# Line 78 | Line 78 | enum {
78  
79   #define sendheader(c, i) sendto_one((c), HeaderMessages[(i)], me.name)
80  
81 < /*
82 < * Ok, the original was confusing.
83 < * Now there are two lists, an auth request can be on both at the same time
84 < * or only on one or the other.
85 < * - Dianora
86 < */
87 < static dlink_list auth_doing_dns_list   = { NULL, NULL, 0 };
88 < static dlink_list auth_doing_ident_list = { NULL, NULL, 0 };
81 > static BlockHeap *auth_heap = NULL;
82 > static dlink_list auth_doing_list = { NULL, NULL, 0 };
83  
84   static EVH timeout_auth_queries_event;
85  
# Line 102 | Line 96 | struct Callback *auth_cb = NULL;
96   void
97   init_auth(void)
98   {
99 +  auth_heap = BlockHeapCreate("auth", sizeof(struct AuthRequest), AUTH_HEAP_SIZE);
100    auth_cb = register_callback("start_auth", start_auth);
101    eventAddIsh("timeout_auth_queries_event", timeout_auth_queries_event, NULL, 1);
102   }
# Line 112 | Line 107 | init_auth(void)
107   static struct AuthRequest *
108   make_auth_request(struct Client *client)
109   {
110 <  struct AuthRequest *request = MyMalloc(sizeof(struct AuthRequest));
110 >  struct AuthRequest *request = BlockHeapAlloc(auth_heap);
111  
112 <  request->client  = client;
113 <  request->timeout = CurrentTime + CONNECTTIMEOUT;
112 >  client->localClient->auth = request;
113 >  request->client           = client;
114 >  request->timeout          = CurrentTime + CONNECTTIMEOUT;
115  
116 <  return (request);
116 >  return request;
117   }
118  
119   /*
# Line 126 | Line 122 | make_auth_request(struct Client *client)
122   * the main io processing loop
123   */
124   void
125 < release_auth_client(struct Client *client)
125 > release_auth_client(struct AuthRequest *auth)
126   {
127 +  struct Client *client = auth->client;
128 +
129 +  if (IsDoingAuth(auth) || IsDNSPending(auth))
130 +    return;
131 +
132 +  client->localClient->auth = NULL;
133 +  dlinkDelete(&auth->node, &auth_doing_list);
134 +  BlockHeapFree(auth_heap, auth);
135 +
136    /*
137     * When a client has auth'ed, we want to start reading what it sends
138     * us. This is what read_packet() does.
# Line 135 | Line 140 | release_auth_client(struct Client *clien
140     */
141    client->localClient->allow_read = MAX_FLOOD;
142    comm_setflush(&client->localClient->fd, 1000, flood_recalc, client);
143 <  if ((client->node.prev != NULL) || (client->node.next != NULL))
144 <  {
145 <    sendto_realops_flags(UMODE_ALL, L_OPER,
146 <                         "already linked %s at %s:%d", client->name,
147 <                         __FILE__, __LINE__);
148 <    ilog(L_ERROR, "already linked %s at %s:%d", client->name,
144 <         __FILE__, __LINE__);
145 <    assert(0==5);
146 <  }
147 <  else
148 <    dlinkAdd(client, &client->node, &global_client_list);
143 >
144 >  dlinkAdd(client, &client->node, &global_client_list);
145 >
146 >  client->since  = client->lasttime = client->firsttime = CurrentTime;
147 >  client->flags |= FLAGS_FINISHED_AUTH;
148 >
149    read_packet(&client->localClient->fd, client);
150   }
151  
152   /*
153   * auth_dns_callback - called when resolver query finishes
154 < * if the query resulted in a successful search, hp will contain
155 < * a non-null pointer, otherwise hp will be null.
154 > * if the query resulted in a successful search, name will contain
155 > * a non-NULL pointer, otherwise name will be NULL.
156   * set the client on it's way to a connection completion, regardless
157   * of success of failure
158   */
159   static void
160 < auth_dns_callback(void *vptr, struct DNSReply *reply)
160 > auth_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name)
161   {
162 <  struct AuthRequest *auth = (struct AuthRequest *)vptr;
162 >  struct AuthRequest *auth = vptr;
163  
164  dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
164    ClearDNSPending(auth);
165  
166 <  if (reply != NULL)
166 >  if (name != NULL)
167    {
168 <    struct sockaddr_in *v4, *v4dns;
168 >    const struct sockaddr_in *v4, *v4dns;
169   #ifdef IPV6
170 <    struct sockaddr_in6 *v6, *v6dns;
170 >    const struct sockaddr_in6 *v6, *v6dns;
171   #endif
172      int good = 1;
173  
174   #ifdef IPV6
175      if (auth->client->localClient->ip.ss.ss_family == AF_INET6)
176      {
177 <      v6 = (struct sockaddr_in6 *)&auth->client->localClient->ip;
178 <      v6dns = (struct sockaddr_in6 *)&reply->addr;
177 >      v6 = (const struct sockaddr_in6 *)&auth->client->localClient->ip;
178 >      v6dns = (const struct sockaddr_in6 *)addr;
179        if (memcmp(&v6->sin6_addr, &v6dns->sin6_addr, sizeof(struct in6_addr)) != 0)
180        {
181          sendheader(auth->client, REPORT_IP_MISMATCH);
# Line 186 | Line 185 | auth_dns_callback(void *vptr, struct DNS
185      else
186   #endif
187      {
188 <      v4 = (struct sockaddr_in *)&auth->client->localClient->ip;
189 <      v4dns = (struct sockaddr_in *)&reply->addr;
188 >      v4 = (const struct sockaddr_in *)&auth->client->localClient->ip;
189 >      v4dns = (const struct sockaddr_in *)addr;
190        if(v4->sin_addr.s_addr != v4dns->sin_addr.s_addr)
191        {
192          sendheader(auth->client, REPORT_IP_MISMATCH);
193          good = 0;
194        }
195      }
196 <    if (good && strlen(reply->h_name) <= HOSTLEN)
196 >    if (good && strlen(name) <= HOSTLEN)
197      {
198 <      strlcpy(auth->client->host, reply->h_name,
198 >      strlcpy(auth->client->host, name,
199                sizeof(auth->client->host));
200        sendheader(auth->client, REPORT_FIN_DNS);
201      }
202 <    else if (strlen(reply->h_name) > HOSTLEN)
202 >    else if (strlen(name) > HOSTLEN)
203        sendheader(auth->client, REPORT_HOST_TOOLONG);
204    }
205    else
206 <      sendheader(auth->client, REPORT_FAIL_DNS);
206 >    sendheader(auth->client, REPORT_FAIL_DNS);
207  
208 <  MyFree(auth->client->localClient->dns_query);
210 <  auth->client->localClient->dns_query = NULL;
211 <
212 <  if (!IsDoingAuth(auth))
213 <  {
214 <    struct Client *client_p = auth->client;
215 <    MyFree(auth);
216 <    release_auth_client(client_p);
217 <  }
208 >  release_auth_client(auth);
209   }
210  
211   /*
# Line 223 | Line 214 | auth_dns_callback(void *vptr, struct DNS
214   static void
215   auth_error(struct AuthRequest *auth)
216   {
217 <  ++ServerStats->is_abad;
217 >  ++ServerStats.is_abad;
218  
219    fd_close(&auth->fd);
220  
230  dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
221    ClearAuth(auth);
222  
223    sendheader(auth->client, REPORT_FAIL_ID);
224  
225 <  if (!IsDNSPending(auth) && !IsCrit(auth))
236 <  {
237 <    release_auth_client(auth->client);
238 <    MyFree(auth);
239 <  }
225 >  release_auth_client(auth);
226   }
227  
228   /*
# Line 266 | Line 252 | start_auth_query(struct AuthRequest *aut
252          get_client_name(auth->client, SHOW_IP), errno);
253      ilog(L_ERROR, "Unable to create auth socket for %s",
254          get_client_name(auth->client, SHOW_IP));
255 <    ++ServerStats->is_abad;
255 >    ++ServerStats.is_abad;
256      return 0;
257    }
258  
# Line 294 | Line 280 | start_auth_query(struct AuthRequest *aut
280   #endif
281    localaddr.ss_port = htons(0);
282  
297  SetDoingAuth(auth);
298  dlinkAdd(auth, &auth->ident_node, &auth_doing_ident_list);
299
283    comm_connect_tcp(&auth->fd, auth->client->sockhost, 113,
284        (struct sockaddr *)&localaddr, localaddr.ss_len, auth_connect_callback,
285        auth, auth->client->localClient->ip.ss.ss_family,
# Line 388 | Line 371 | start_auth(va_list args)
371    assert(client != NULL);
372  
373    auth = make_auth_request(client);
374 <  SetCrit(auth);
392 <
393 <  client->localClient->dns_query = MyMalloc(sizeof(struct DNSQuery));
394 <  client->localClient->dns_query->ptr = auth;
395 <  client->localClient->dns_query->callback = auth_dns_callback;
374 >  dlinkAdd(auth, &auth->node, &auth_doing_list);
375  
376    sendheader(client, REPORT_DO_DNS);
377  
378 +  SetDNSPending(auth);
379 +
380    if (ConfigFileEntry.disable_auth == 0)
381 +  {
382 +    SetDoingAuth(auth);
383      start_auth_query(auth);
384 +  }
385  
386 <  /* auth order changed, before gethost_byaddr can immediately call
403 <   * dns callback under win32 when the lookup cannot be started.
404 <   * And that would do MyFree(auth) etc -adx */
405 <  SetDNSPending(auth);
406 <  dlinkAdd(auth, &auth->dns_node, &auth_doing_dns_list);
407 <  ClearCrit(auth);
408 <  gethost_byaddr(&client->localClient->ip, client->localClient->dns_query);
386 >  gethost_byaddr(auth_dns_callback, auth, &client->localClient->ip);
387  
388    return NULL;
389   }
# Line 417 | Line 395 | start_auth(va_list args)
395   static void
396   timeout_auth_queries_event(void *notused)
397   {
398 <  dlink_node *ptr;
421 <  dlink_node *next_ptr;
422 <  struct AuthRequest* auth;
398 >  dlink_node *ptr = NULL, *next_ptr = NULL;
399  
400 <  DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_ident_list.head)
400 >  DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_list.head)
401    {
402 <    auth = ptr->data;
402 >    struct AuthRequest *auth = ptr->data;
403  
404 <    if (auth->timeout <= CurrentTime)
405 <    {
430 <      fd_close(&auth->fd);
404 >    if (auth->timeout > CurrentTime)
405 >      continue;
406  
407 <      ++ServerStats->is_abad;
407 >    if (IsDoingAuth(auth))
408 >    {  
409 >      ++ServerStats.is_abad;
410 >      fd_close(&auth->fd);
411 >      ClearAuth(auth);
412        sendheader(auth->client, REPORT_FAIL_ID);
413 +    }
414  
415 <      if (IsDNSPending(auth))
416 <      {
417 <        struct Client *client_p = auth->client;
418 <
419 <        dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
440 <        if (client_p->localClient->dns_query != NULL)
441 <        {
442 <          delete_resolver_queries(client_p->localClient->dns_query);
443 <          MyFree(client_p->localClient->dns_query);
444 <        }
445 <        auth->client->localClient->dns_query = NULL;
446 <        sendheader(client_p, REPORT_FAIL_DNS);
447 <      }
448 <
449 <      ilog(L_INFO, "DNS/AUTH timeout %s",
450 <           get_client_name(auth->client, SHOW_IP));
451 <
452 <      dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
453 <      release_auth_client(auth->client);
454 <      MyFree(auth);
415 >    if (IsDNSPending(auth))
416 >    {
417 >      delete_resolver_queries(auth);
418 >      ClearDNSPending(auth);
419 >      sendheader(auth->client, REPORT_FAIL_DNS);
420      }
421 +
422 +    ilog(L_INFO, "DNS/AUTH timeout %s",
423 +         get_client_name(auth->client, SHOW_IP));
424 +    release_auth_client(auth);
425    }
426   }
427  
# Line 489 | Line 458 | auth_connect_callback(fde_t *fd, int err
458      return;
459    }
460  
461 <  if (getsockname(auth->client->localClient->fd.fd, (struct sockaddr *) &us,
462 <      (socklen_t *) &ulen) ||
463 <      getpeername(auth->client->localClient->fd.fd, (struct sockaddr *) &them,
464 <      (socklen_t *) &tlen))
461 >  if (getsockname(auth->client->localClient->fd.fd, (struct sockaddr *)&us,
462 >      &ulen) ||
463 >      getpeername(auth->client->localClient->fd.fd, (struct sockaddr *)&them,
464 >      &tlen))
465    {
466      ilog(L_INFO, "auth get{sock,peer}name error for %s",
467          get_client_name(auth->client, SHOW_IP));
# Line 523 | Line 492 | auth_connect_callback(fde_t *fd, int err
492      auth_error(auth);
493      return;
494    }
495 +
496    read_auth_reply(&auth->fd, auth);
497   }
498  
# Line 544 | Line 514 | read_auth_reply(fde_t *fd, void *data)
514    int count;
515    char buf[AUTH_BUFSIZ + 1]; /* buffer to read auth reply into */
516  
517 <  len = recv(fd->fd, buf, AUTH_BUFSIZ, 0);
518 <  
517 >  /* Why?
518 >   * Well, recv() on many POSIX systems is a per-packet operation,
519 >   * and we do not necessarily want this, because on lowspec machines,
520 >   * the ident response may come back fragmented, thus resulting in an
521 >   * invalid ident response, even if the ident response was really OK.
522 >   *
523 >   * So PLEASE do not change this code to recv without being aware of the
524 >   * consequences.
525 >   *
526 >   *    --nenolod
527 >   */
528 >  len = read(fd->fd, buf, AUTH_BUFSIZ);
529 >
530    if (len < 0)
531    {
551 #ifdef _WIN32
552    errno = WSAGetLastError();
553 #endif
532      if (ignoreErrno(errno))
533        comm_setselect(fd, COMM_SELECT_READ, read_auth_reply, auth, 0);
534      else
# Line 586 | Line 564 | read_auth_reply(fde_t *fd, void *data)
564  
565    fd_close(fd);
566  
589  dlinkDelete(&auth->ident_node, &auth_doing_ident_list);  
567    ClearAuth(auth);
568  
569    if (s == NULL)
570    {
571      sendheader(auth->client, REPORT_FAIL_ID);
572 <    ++ServerStats->is_abad;
572 >    ++ServerStats.is_abad;
573    }
574    else
575    {
576      sendheader(auth->client, REPORT_FIN_ID);
577 <    ++ServerStats->is_asuc;
577 >    ++ServerStats.is_asuc;
578      SetGotId(auth->client);
579    }
580  
581 <  if (!IsDNSPending(auth) && !IsCrit(auth))
605 <  {
606 <    release_auth_client(auth->client);
607 <    MyFree(auth);
608 <  }
581 >  release_auth_client(auth);
582   }
583  
584   /*
585   * delete_auth()
586   */
587   void
588 < delete_auth(struct Client *target_p)
588 > delete_auth(struct AuthRequest *auth)
589   {
590 <  dlink_node *ptr;
591 <  dlink_node *next_ptr;
619 <  struct AuthRequest *auth;
620 <
621 <  if (!IsUnknown(target_p))
622 <    return;
623 <
624 <  if (target_p->localClient->dns_query != NULL)
625 <    DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_dns_list.head)
626 <    {
627 <      auth = ptr->data;
628 <
629 <      if (auth->client == target_p)
630 <      {
631 <        delete_resolver_queries(target_p->localClient->dns_query);
632 <
633 <        dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
634 <        if (!IsDoingAuth(auth))
635 <        {
636 <          MyFree(auth);
637 <          return;
638 <        }
639 <      }
640 <    }
641 <
642 <  DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_ident_list.head)
643 <  {
644 <    auth = ptr->data;
590 >  if (IsDNSPending(auth))
591 >    delete_resolver_queries(auth);
592  
593 <    if (auth->client == target_p)
594 <    {
648 <      fd_close(&auth->fd);
593 >  if (IsDoingAuth(auth))
594 >    fd_close(&auth->fd);
595  
596 <      dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
597 <      MyFree(auth);
652 <    }
653 <  }
596 >  dlinkDelete(&auth->node, &auth_doing_list);
597 >  BlockHeapFree(auth_heap, auth);
598   }

Comparing:
ircd-hybrid/src/s_auth.c (property svn:keywords), Revision 32 by knight, Sun Oct 2 20:41:23 2005 UTC vs.
ircd-hybrid-7.2/src/s_auth.c (property svn:keywords), Revision 1013 by michael, Sun Oct 18 14:26:49 2009 UTC

# Line 1 | Line 1
1 < Revision
1 > Id Revision

Diff Legend

Removed lines
+ Added lines
< Changed lines (old)
> Changed lines (new)