[ViewVC] Diff of: svn/ircd-hybrid/trunk/src/s

Comparing:
ircd-hybrid-7.2/src/s_auth.c (file contents), Revision 896 by michael, Sat Nov 3 08:54:09 2007 UTC vs.
ircd-hybrid/trunk/src/s_auth.c (file contents), Revision 1654 by michael, Fri Nov 16 19:39:37 2012 UTC

+ *     any messages from it.
+ *     --Bleep  Thomas Helvey <tomh@inxpress.net>
+ */
-+
+#include "stdinc.h"
-–
+#include "tools.h"
+#include "list.h"
-+
+#include "ircd_defs.h"
-+
+#include "fdlist.h"
+#include "s_auth.h"
-<
+#include "s_conf.h"
->
+#include "conf.h"
+#include "client.h"
-–
+#include "common.h"
+#include "event.h"
-–
+#include "fdlist.h"              /* fdlist_add */
+#include "hook.h"
+#include "irc_string.h"
-–
+#include "sprintf_irc.h"
+#include "ircd.h"
-–
+#include "numeric.h"
+#include "packet.h"
+#include "irc_res.h"
+#include "s_bsd.h"
-<
+#include "s_log.h"
->
+#include "log.h"
+#include "send.h"
-<
+#include "memory.h"
->
+#include "mempool.h"
->
+static const char *HeaderMessages[] = {
+  ":%s NOTICE AUTH :*** Looking up your hostname...",
+#define sendheader(c, i) sendto_one((c), HeaderMessages[(i)], me.name)
-<
+/*
-<
+ * Ok, the original was confusing.
-<
+ * Now there are two lists, an auth request can be on both at the same time
-<
+ * or only on one or the other.
-<
+ * - Dianora
-<
+ */
-<
+static dlink_list auth_doing_dns_list   = { NULL, NULL, 0 };
-<
+static dlink_list auth_doing_ident_list = { NULL, NULL, 0 };
->
+static mp_pool_t *auth_pool = NULL;
->
+static dlink_list auth_doing_list = { NULL, NULL, 0 };
+static EVH timeout_auth_queries_event;
+void
+init_auth(void)
-+
+  auth_pool = mp_pool_new(sizeof(struct AuthRequest), MP_CHUNK_SIZE_AUTH);
+  auth_cb = register_callback("start_auth", start_auth);
+  eventAddIsh("timeout_auth_queries_event", timeout_auth_queries_event, NULL, 1);
+static struct AuthRequest *
+make_auth_request(struct Client *client)
-<
+  struct AuthRequest *request = MyMalloc(sizeof(struct AuthRequest));
->
+  struct AuthRequest *request = mp_pool_get(auth_pool);
-<
+  request->client  = client;
-<
+  request->timeout = CurrentTime + CONNECTTIMEOUT;
->
+  memset(request, 0, sizeof(*request));
->
+  client->localClient->auth = request;
->
+  request->client           = client;
->
+  request->timeout          = CurrentTime + CONNECTTIMEOUT;
+  return request;
+ * the main io processing loop
+ */
+void
-<
+release_auth_client(struct Client *client)
->
+release_auth_client(struct AuthRequest *auth)
-+
+  struct Client *client = auth->client;
-+
-+
+  if (IsDoingAuth(auth) || IsDNSPending(auth))
-+
+    return;
-+
-+
+  client->localClient->auth = NULL;
-+
+  dlinkDelete(&auth->node, &auth_doing_list);
-+
+  mp_pool_release(auth);
-+
+  /*
+   * When a client has auth'ed, we want to start reading what it sends
+   * us. This is what read_packet() does.
+  client->localClient->allow_read = MAX_FLOOD;
+  comm_setflush(&client->localClient->fd, 1000, flood_recalc, client);
-<
+  if ((client->node.prev != NULL) || (client->node.next != NULL))
-<
+  {
-<
+    sendto_realops_flags(UMODE_ALL, L_OPER,
-<
+                         "already linked %s at %s:%d", client->name,
-<
+                         __FILE__, __LINE__);
-<
+    ilog(L_ERROR, "already linked %s at %s:%d", client->name,
-<
+         __FILE__, __LINE__);
-<
+    assert(0==5);
-<
+  }
-<
+  else
-<
+    dlinkAdd(client, &client->node, &global_client_list);
->
+  dlinkAdd(client, &client->node, &global_client_list);
-<
+  client->since  = client->lasttime = client->firsttime = CurrentTime;
->
+  client->localClient->since     = CurrentTime;
->
+  client->localClient->lasttime  = CurrentTime;
->
+  client->localClient->firsttime = CurrentTime;
+  client->flags |= FLAGS_FINISHED_AUTH;
+  read_packet(&client->localClient->fd, client);
+/*
+ * auth_dns_callback - called when resolver query finishes
-<
+ * if the query resulted in a successful search, hp will contain
-<
+ * a non-null pointer, otherwise hp will be null.
->
+ * if the query resulted in a successful search, name will contain
->
+ * a non-NULL pointer, otherwise name will be NULL.
+ * set the client on it's way to a connection completion, regardless
+ * of success of failure
+ */
+static void
-<
+auth_dns_callback(void *vptr, struct DNSReply *reply)
->
+auth_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name)
-<
+  struct AuthRequest *auth = (struct AuthRequest *)vptr;
->
+  struct AuthRequest *auth = vptr;
-–
+  dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
+  ClearDNSPending(auth);
-<
+  if (reply != NULL)
->
+  if (name != NULL)
-<
+    struct sockaddr_in *v4, *v4dns;
->
+    const struct sockaddr_in *v4, *v4dns;
+#ifdef IPV6
-<
+    struct sockaddr_in6 *v6, *v6dns;
->
+    const struct sockaddr_in6 *v6, *v6dns;
+#endif
+    int good = 1;
+#ifdef IPV6
+    if (auth->client->localClient->ip.ss.ss_family == AF_INET6)
-<
+      v6 = (struct sockaddr_in6 *)&auth->client->localClient->ip;
-<
+      v6dns = (struct sockaddr_in6 *)&reply->addr;
->
+      v6 = (const struct sockaddr_in6 *)&auth->client->localClient->ip;
->
+      v6dns = (const struct sockaddr_in6 *)addr;
+      if (memcmp(&v6->sin6_addr, &v6dns->sin6_addr, sizeof(struct in6_addr)) != 0)
+        sendheader(auth->client, REPORT_IP_MISMATCH);
+    else
+#endif
-<
+      v4 = (struct sockaddr_in *)&auth->client->localClient->ip;
-<
+      v4dns = (struct sockaddr_in *)&reply->addr;
->
+      v4 = (const struct sockaddr_in *)&auth->client->localClient->ip;
->
+      v4dns = (const struct sockaddr_in *)addr;
+      if(v4->sin_addr.s_addr != v4dns->sin_addr.s_addr)
+        sendheader(auth->client, REPORT_IP_MISMATCH);
+        good = 0;
-<
+    if (good && strlen(reply->h_name) <= HOSTLEN)
->
+    if (good && strlen(name) <= HOSTLEN)
-<
+      strlcpy(auth->client->host, reply->h_name,
->
+      strlcpy(auth->client->host, name,
+              sizeof(auth->client->host));
+      sendheader(auth->client, REPORT_FIN_DNS);
-<
+    else if (strlen(reply->h_name) > HOSTLEN)
->
+    else if (strlen(name) > HOSTLEN)
+      sendheader(auth->client, REPORT_HOST_TOOLONG);
+  else
-<
+      sendheader(auth->client, REPORT_FAIL_DNS);
-<
-<
+  MyFree(auth->client->localClient->dns_query);
-<
+  auth->client->localClient->dns_query = NULL;
->
+    sendheader(auth->client, REPORT_FAIL_DNS);
-<
+  if (!IsDoingAuth(auth))
-<
+  {
-<
+    struct Client *client_p = auth->client;
-<
+    MyFree(auth);
-<
+    release_auth_client(client_p);
-<
+  }
->
+  release_auth_client(auth);
+/*
+  fd_close(&auth->fd);
-–
+  dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
+  ClearAuth(auth);
+  sendheader(auth->client, REPORT_FAIL_ID);
-<
+  if (!IsDNSPending(auth) && !IsCrit(auth))
-<
+  {
-<
+    release_auth_client(auth->client);
-<
+    MyFree(auth);
-<
+  }
->
+  release_auth_client(auth);
+/*
+    report_error(L_ALL, "creating auth stream socket %s:%s",
+        get_client_name(auth->client, SHOW_IP), errno);
-<
+    ilog(L_ERROR, "Unable to create auth socket for %s",
->
+    ilog(LOG_TYPE_IRCD, "Unable to create auth socket for %s",
+        get_client_name(auth->client, SHOW_IP));
+    ++ServerStats.is_abad;
+    return 0;
+#endif
+  localaddr.ss_port = htons(0);
-–
+  SetDoingAuth(auth);
-–
+  dlinkAdd(auth, &auth->ident_node, &auth_doing_ident_list);
-–
+  comm_connect_tcp(&auth->fd, auth->client->sockhost, 113,
+      (struct sockaddr *)&localaddr, localaddr.ss_len, auth_connect_callback,
+      auth, auth->client->localClient->ip.ss.ss_family,
+  assert(client != NULL);
+  auth = make_auth_request(client);
-<
+  SetCrit(auth);
-<
-<
+  client->localClient->dns_query = MyMalloc(sizeof(struct DNSQuery));
-<
+  client->localClient->dns_query->ptr = auth;
-<
+  client->localClient->dns_query->callback = auth_dns_callback;
->
+  dlinkAdd(auth, &auth->node, &auth_doing_list);
+  sendheader(client, REPORT_DO_DNS);
-+
+  SetDNSPending(auth);
-+
+  if (ConfigFileEntry.disable_auth == 0)
-+
+  {
-+
+    SetDoingAuth(auth);
+    start_auth_query(auth);
-+
+  }
-<
+  /* auth order changed, before gethost_byaddr can immediately call
-<
+   * dns callback under win32 when the lookup cannot be started.
-<
+   * And that would do MyFree(auth) etc -adx */
-<
+  SetDNSPending(auth);
-<
+  dlinkAdd(auth, &auth->dns_node, &auth_doing_dns_list);
-<
+  ClearCrit(auth);
-<
+  gethost_byaddr(&client->localClient->ip, client->localClient->dns_query);
->
+  gethost_byaddr(auth_dns_callback, auth, &client->localClient->ip);
+  return NULL;
+static void
+timeout_auth_queries_event(void *notused)
-<
+  dlink_node *ptr;
-<
+  dlink_node *next_ptr;
-<
+  struct AuthRequest* auth;
->
+  dlink_node *ptr = NULL, *next_ptr = NULL;
-<
+  DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_ident_list.head)
->
+  DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_list.head)
-<
+    auth = ptr->data;
->
+    struct AuthRequest *auth = ptr->data;
-<
+    if (auth->timeout <= CurrentTime)
-<
+    {
-<
+      fd_close(&auth->fd);
->
+    if (auth->timeout > CurrentTime)
->
+      continue;
-+
+    if (IsDoingAuth(auth))
-+
+    {
+      ++ServerStats.is_abad;
-+
+      fd_close(&auth->fd);
-+
+      ClearAuth(auth);
+      sendheader(auth->client, REPORT_FAIL_ID);
-+
+    }
-<
+      if (IsDNSPending(auth))
-<
+      {
-<
+        struct Client *client_p = auth->client;
-<
-<
+        dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
-<
+        if (client_p->localClient->dns_query != NULL)
-<
+        {
-<
+          delete_resolver_queries(client_p->localClient->dns_query);
-<
+          MyFree(client_p->localClient->dns_query);
-<
+        }
-<
+        auth->client->localClient->dns_query = NULL;
-<
+        sendheader(client_p, REPORT_FAIL_DNS);
-<
+      }
-<
-<
+      ilog(L_INFO, "DNS/AUTH timeout %s",
-<
+           get_client_name(auth->client, SHOW_IP));
-<
-<
+      dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
-<
+      release_auth_client(auth->client);
-<
+      MyFree(auth);
->
+    if (IsDNSPending(auth))
->
+    {
->
+      delete_resolver_queries(auth);
->
+      ClearDNSPending(auth);
->
+      sendheader(auth->client, REPORT_FAIL_DNS);
-+
-+
+    ilog(LOG_TYPE_IRCD, "DNS/AUTH timeout %s",
-+
+         get_client_name(auth->client, SHOW_IP));
-+
+    release_auth_client(auth);
+  char authbuf[32];
+  socklen_t ulen = sizeof(struct irc_ssaddr);
+  socklen_t tlen = sizeof(struct irc_ssaddr);
-<
+  u_int16_t uport, tport;
->
+  uint16_t uport, tport;
+#ifdef IPV6
+  struct sockaddr_in6 *v6;
+#else
+    return;
-<
+  if (getsockname(auth->client->localClient->fd.fd, (struct sockaddr *) &us,
-<
+      (socklen_t *) &ulen) ||
-<
+      getpeername(auth->client->localClient->fd.fd, (struct sockaddr *) &them,
-<
+      (socklen_t *) &tlen))
->
+  if (getsockname(auth->client->localClient->fd.fd, (struct sockaddr *)&us,
->
+      &ulen) ||
->
+      getpeername(auth->client->localClient->fd.fd, (struct sockaddr *)&them,
->
+      &tlen))
-<
+    ilog(L_INFO, "auth get{sock,peer}name error for %s",
->
+    ilog(LOG_TYPE_IRCD, "auth get{sock,peer}name error for %s",
+        get_client_name(auth->client, SHOW_IP));
+    auth_error(auth);
+    return;
+  them.ss_len = tlen;
+#endif
-<
+  ircsprintf(authbuf, "%u , %u\r\n", tport, uport);
->
+  snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n", tport, uport);
+  if (send(fd->fd, authbuf, strlen(authbuf), 0) == -1)
+   *    --nenolod
+   */
-–
+#ifndef _WIN32
+  len = read(fd->fd, buf, AUTH_BUFSIZ);
-<
+#else
-<
+  len = recv(fd->fd, buf, AUTH_BUFSIZ, 0);
-<
+#endif
-<
->
+  if (len < 0)
-–
+#ifdef _WIN32
-–
+    errno = WSAGetLastError();
-–
+#endif
+    if (ignoreErrno(errno))
+      comm_setselect(fd, COMM_SELECT_READ, read_auth_reply, auth, 0);
+    else
+  fd_close(fd);
-–
+  dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
+  ClearAuth(auth);
+  if (s == NULL)
+    SetGotId(auth->client);
-<
+  if (!IsDNSPending(auth) && !IsCrit(auth))
-<
+  {
-<
+    release_auth_client(auth->client);
-<
+    MyFree(auth);
-<
+  }
->
+  release_auth_client(auth);
+/*
+ * delete_auth()
+ */
+void
-<
+delete_auth(struct Client *target_p)
->
+delete_auth(struct AuthRequest *auth)
-<
+  dlink_node *ptr;
-<
+  dlink_node *next_ptr;
-<
+  struct AuthRequest *auth;
-<
-<
+  if (!IsUnknown(target_p))
-<
+    return;
->
+  if (IsDNSPending(auth))
->
+    delete_resolver_queries(auth);
-<
+  if (target_p->localClient->dns_query != NULL)
-<
+    DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_dns_list.head)
-<
+    {
-<
+      auth = ptr->data;
-<
-<
+      if (auth->client == target_p)
-<
+      {
-<
+        delete_resolver_queries(target_p->localClient->dns_query);
-<
+        MyFree(target_p->localClient->dns_query);
-<
+        target_p->localClient->dns_query = NULL;
-<
-<
+        dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
-<
-<
+        if (!IsDoingAuth(auth))
-<
+        {
-<
+          MyFree(auth);
-<
+          return;
-<
+        }
-<
+      }
-<
+    }
-<
-<
+  DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_ident_list.head)
-<
+  {
-<
+    auth = ptr->data;
-<
-<
+    if (auth->client == target_p)
-<
+    {
-<
+      fd_close(&auth->fd);
->
+  if (IsDoingAuth(auth))
->
+    fd_close(&auth->fd);
-<
+      dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
-<
+      MyFree(auth);
-<
+    }
-<
+  }
->
+  dlinkDelete(&auth->node, &auth_doing_list);
->
+  mp_pool_release(auth);

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines (old)
->
+Changed lines (new)

Comparing: ircd-hybrid-7.2/src/s_auth.c (file contents), Revision 896 by michael, Sat Nov 3 08:54:09 2007 UTC vs. ircd-hybrid/trunk/src/s_auth.c (file contents), Revision 1654 by michael, Fri Nov 16 19:39:37 2012 UTC

Diff Legend

Comparing:
ircd-hybrid-7.2/src/s_auth.c (file contents), Revision 896 by michael, Sat Nov 3 08:54:09 2007 UTC vs.
ircd-hybrid/trunk/src/s_auth.c (file contents), Revision 1654 by michael, Fri Nov 16 19:39:37 2012 UTC