trunk/src/s_bsd.c

/*
 *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
 *
 *  Copyright (c) 1997-2020 ircd-hybrid development team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
 *  USA
 */

/*! \file s_bsd.c
 * \brief Network functions.
 * \version $Id$
 */

#include "stdinc.h"
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include "list.h"
#include "fdlist.h"
#include "s_bsd.h"
#include "client.h"
#include "dbuf.h"
#include "event.h"
#include "irc_string.h"
#include "ircd.h"
#include "listener.h"
#include "numeric.h"
#include "packet.h"
#include "res.h"
#include "restart.h"
#include "conf.h"
#include "log.h"
#include "server.h"
#include "send.h"
#include "memory.h"
#include "user.h"


static const char *const comm_err_str[] =
{
  [COMM_OK] = "Comm OK",
  [COMM_ERR_BIND] = "Error during bind()",
  [COMM_ERR_TIMEOUT] = "connect timeout",
  [COMM_ERR_CONNECT] = "Error during connect()",
  [COMM_ERROR] = "Comm Error"
};

static void comm_connect_callback(fde_t *, int);
static void comm_connect_timeout(fde_t *, void *);
static void comm_connect_tryconnect(fde_t *, void *);


/* comm_get_sockerr - get the error value from the socket or the current errno
 *
 * Get the *real* error from the socket (well try to anyway..).
 * This may only work when SO_DEBUG is enabled but its worth the
 * gamble anyway.
 */
int
comm_get_sockerr(fde_t *F)
{
  int errtmp = errno;
#ifdef SO_ERROR
  int err = 0;
  socklen_t len = sizeof(err);

  assert(F);
  assert(F->flags.open == true);

  if (getsockopt(F->fd, SOL_SOCKET, SO_ERROR, &err, &len) == 0)
  {
    if (err)
      errtmp = err;
  }

  errno = errtmp;
#endif
  return errtmp;
}

/*
 * report_error - report an error from an errno.
 * Record error to log and also send a copy to all *LOCAL* opers online.
 *
 *        text        is a *format* string for outputing error. It must
 *                contain only two '%s', the first will be replaced
 *                by the sockhost from the client, and the latter will
 *                be taken from sys_errlist[errno].
 *
 *        client        if not NULL, is the *LOCAL* client associated with
 *                the error.
 *
 * Cannot use perror() within daemon. stderr is closed in
 * ircd and cannot be used. And, worse yet, it might have
 * been reassigned to a normal connection...
 *
 * Actually stderr is still there IFF ircd was run with -s --Rodder
 */
void
report_error(int level, const char *text, const char *who, int error)
{
  who = (who) ? who : "";

  sendto_realops_flags(UMODE_DEBUG, level, SEND_NOTICE,
                       text, who, strerror(error));
  ilog(LOG_TYPE_IRCD, text, who, strerror(error));
}

/*
 * setup_socket()
 *
 * Set the socket non-blocking, and other wonderful bits.
 */
static void
setup_socket(int fd)
{
  int opt = 1;

  setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt));

#ifdef IPTOS_LOWDELAY
  opt = IPTOS_LOWDELAY;
  setsockopt(fd, IPPROTO_IP, IP_TOS, &opt, sizeof(opt));
#endif

#ifdef TCP_QUICKACK
  opt = 1;
  setsockopt(fd, SOL_SOCKET, TCP_QUICKACK, &opt, sizeof(opt));
#endif

  fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
}

/*
 * ssl_handshake - let OpenSSL initialize the protocol. Register for
 * read/write events if necessary.
 */
static void
ssl_handshake(fde_t *F, void *data)
{
  struct Client *client = data;

  assert(client);
  assert(client->connection);
  assert(client->connection->fd);
  assert(client->connection->fd == F);

  tls_handshake_status_t ret = tls_handshake(&F->tls, TLS_ROLE_SERVER, NULL);
  if (ret != TLS_HANDSHAKE_DONE)
  {
    if ((event_base->time.sec_monotonic - client->connection->created_monotonic) > TLS_HANDSHAKE_TIMEOUT)
    {
      exit_client(client, "Timeout during TLS handshake");
      return;
    }

    switch (ret)
    {
      case TLS_HANDSHAKE_WANT_WRITE:
        comm_setselect(F, COMM_SELECT_WRITE, ssl_handshake, client, TLS_HANDSHAKE_TIMEOUT);
        return;
      case TLS_HANDSHAKE_WANT_READ:
        comm_setselect(F, COMM_SELECT_READ, ssl_handshake, client, TLS_HANDSHAKE_TIMEOUT);
        return;
      default:
        exit_client(client, "Error during TLS handshake");
        return;
    }
  }

  comm_settimeout(F, 0, NULL, NULL);

  if (tls_verify_certificate(&F->tls, ConfigServerInfo.message_digest_algorithm, &client->tls_certfp) == false)
    ilog(LOG_TYPE_IRCD, "Client %s gave bad TLS client certificate",
         client_get_name(client, MASK_IP));

  auth_start(client);
}

/*
 * add_connection - creates a client which has just connected to us on
 * the given fd. The sockhost field is initialized with the ip# of the host.
 * An unique id is calculated now, in case it is needed for auth.
 * The client is sent to the auth module for verification, and not put in
 * any client list yet.
 */
void
add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd)
{
  struct Client *client = client_make(NULL);

  client->connection->fd = fd_open(fd, true, listener_has_flag(listener, LISTENER_TLS) ?
                                   "Incoming TLS connection" : "Incoming connection");

  /*
   * copy address to 'sockhost' as a string, copy it to host too
   * so we have something valid to put into error messages...
   */
  client->ip = *irn;

  getnameinfo((const struct sockaddr *)&client->ip,
              client->ip.ss_len, client->sockhost,
              sizeof(client->sockhost), NULL, 0, NI_NUMERICHOST);

  if (client->sockhost[0] == ':')
  {
    client->sockhost[0] = '0';
    memmove(client->sockhost + 1, client->sockhost, sizeof(client->sockhost) - 1);
  }

  strlcpy(client->host, client->sockhost, sizeof(client->host));

  client->connection->listener = listener;
  ++listener->ref_count;

  if (listener_has_flag(listener, LISTENER_TLS))
  {
    if (tls_new(&client->connection->fd->tls, fd, TLS_ROLE_SERVER) == false)
    {
      SetDead(client);
      exit_client(client, "TLS context initialization failed");
      return;
    }

    AddFlag(client, FLAGS_TLS);
    ssl_handshake(client->connection->fd, client);
  }
  else
    auth_start(client);
}

/*
 * stolen from squid - its a neat (but overused! :) routine which we
 * can use to see whether we can ignore this errno or not. It is
 * generally useful for non-blocking network IO related errnos.
 *     -- adrian
 */
bool
comm_ignore_errno(int ierrno)
{
  switch (ierrno)
  {
    case EINPROGRESS:
    case EWOULDBLOCK:
#if EAGAIN != EWOULDBLOCK
    case EAGAIN:
#endif
    case EALREADY:
    case EINTR:
#ifdef ERESTART
    case ERESTART:
#endif
      return true;
    default:
      return false;
  }
}

/*
 * comm_settimeout() - set the socket timeout
 *
 * Set the timeout for the fd
 */
void
comm_settimeout(fde_t *F, uintmax_t timeout, void (*callback)(fde_t *, void *), void *cbdata)
{
  assert(F);
  assert(F->flags.open == true);

  F->timeout = timeout ? event_base->time.sec_monotonic + timeout : 0;
  F->timeout_handler = callback;
  F->timeout_data = cbdata;
}

/*
 * comm_setflush() - set a flush function
 *
 * A flush function is simply a function called if found during
 * comm_timeouts(). Its basically a second timeout, except in this case
 * I'm too lazy to implement multiple timeout functions! :-)
 * its kinda nice to have it separate, since this is designed for
 * flush functions, and when comm_close() is implemented correctly
 * with close functions, we _actually_ don't call comm_close() here ..
 * -- originally Adrian's notes
 * comm_close() is replaced with fd_close() in fdlist.c
 */
void
comm_setflush(fde_t *F, uintmax_t timeout, void (*callback)(fde_t *, void *), void *cbdata)
{
  assert(F);
  assert(F->flags.open == true);

  F->flush_timeout = timeout ? event_base->time.sec_monotonic + timeout : 0;
  F->flush_handler = callback;
  F->flush_data = cbdata;
}

/*
 * comm_checktimeouts() - check the socket timeouts
 *
 * All this routine does is call the given callback/cbdata, without closing
 * down the file descriptor. When close handlers have been implemented,
 * this will happen.
 */
void
comm_checktimeouts(void *unused)
{
  for (int fd = 0; fd <= highest_fd; ++fd)
  {
    fde_t *F = &fd_table[fd];

    if (F->flags.open == false)
      continue;

    /* check flush functions */
    if (F->flush_timeout && F->flush_timeout < event_base->time.sec_monotonic)
    {
      void (*hdl)(fde_t *, void *) = F->flush_handler;
      void *data = F->flush_data;

      comm_setflush(F, 0, NULL, NULL);
      hdl(F, data);
    }

    /* check timeouts */
    if (F->timeout && F->timeout < event_base->time.sec_monotonic)
    {
      /* Call timeout handler */
      void (*hdl)(fde_t *, void *) = F->timeout_handler;
      void *data = F->timeout_data;

      comm_settimeout(F, 0, NULL, NULL);
      hdl(F, data);
    }
  }
}

/*
 * void comm_connect_tcp(int fd, const char *host, unsigned short port,
 *                       struct sockaddr *clocal, int socklen,
 *                       CNCB *callback, void *data, int aftype, int timeout)
 * Input: An fd to connect with, a host and port to connect to,
 *        a local sockaddr to connect from + length(or NULL to use the
 *        default), a callback, the data to pass into the callback, the
 *        address family.
 * Output: None.
 * Side-effects: A non-blocking connection to the host is started, and
 *               if necessary, set up for selection. The callback given
 *               may be called now, or it may be called later.
 */
void
comm_connect_tcp(fde_t *F, const struct irc_ssaddr *caddr, unsigned short port, const struct irc_ssaddr *baddr,
                 void (*callback)(fde_t *, int, void *), void *data, uintmax_t timeout)
{
  assert(callback);

  F->connect.hostaddr = *caddr;
  /* The cast is hacky, but safe - port offset is same on v4 and v6 */
  ((struct sockaddr_in *)&F->connect.hostaddr)->sin_port = htons(port);
  F->connect.callback = callback;
  F->connect.data = data;

  /* Note that we're using a passed sockaddr here. This is because
   * generally you'll be bind()ing to a sockaddr grabbed from
   * getsockname(), so this makes things easier.
   * XXX If NULL is passed as local, we should later on bind() to the
   * virtual host IP, for completeness.
   *   -- adrian
   */
  if (baddr && bind(F->fd, (const struct sockaddr *)baddr, baddr->ss_len) < 0)
  {
    /* Failure, call the callback with COMM_ERR_BIND */
    comm_connect_callback(F, COMM_ERR_BIND);
    return;  /* ... and quit */
  }

  comm_settimeout(F, timeout, comm_connect_timeout, NULL);
  comm_connect_tryconnect(F, NULL);
}

/*
 * comm_connect_callback() - call the callback, and continue with life
 */
static void
comm_connect_callback(fde_t *F, int status)
{
  void (*hdl)(fde_t *, int, void *);

  /* This check is gross..but probably necessary */
  if (F->connect.callback == NULL)
    return;

  /* Clear the connect flag + handler */
  hdl = F->connect.callback;
  F->connect.callback = NULL;

  /* Clear the timeout handler */
  comm_settimeout(F, 0, NULL, NULL);

  /* Call the handler */
  hdl(F, status, F->connect.data);
}

/*
 * comm_connect_timeout() - this gets called when the socket connection
 * times out. This *only* can be called once connect() is initially
 * called ..
 */
static void
comm_connect_timeout(fde_t *F, void *unused)
{
  /* error! */
  comm_connect_callback(F, COMM_ERR_TIMEOUT);
}

/* static void comm_connect_tryconnect(fde_t *fd, void *unused)
 * Input: The fd, the handler data(unused).
 * Output: None.
 * Side-effects: Try and connect with pending connect data for the FD. If
 *               we succeed or get a fatal error, call the callback.
 *               Otherwise, it is still blocking or something, so register
 *               to select for a write event on this FD.
 */
static void
comm_connect_tryconnect(fde_t *F, void *unused)
{
  /* This check is needed or re-entrant s_bsd_* like sigio break it. */
  if (F->connect.callback == NULL)
    return;

  /* Try the connect() */
  int retval = connect(F->fd, (struct sockaddr *)&F->connect.hostaddr, F->connect.hostaddr.ss_len);

  /* Error? */
  if (retval < 0)
  {
    /*
     * If we get EISCONN, then we've already connect()ed the socket,
     * which is a good thing.
     *   -- adrian
     */
    if (errno == EISCONN)
      comm_connect_callback(F, COMM_OK);
    else if (comm_ignore_errno(errno))
      /* Ignore error? Reschedule */
      comm_setselect(F, COMM_SELECT_WRITE, comm_connect_tryconnect, NULL, 0);
    else
      /* Error? Fail with COMM_ERR_CONNECT */
      comm_connect_callback(F, COMM_ERR_CONNECT);
    return;
  }

  /* If we get here, we've suceeded, so call with COMM_OK */
  comm_connect_callback(F, COMM_OK);
}

/*
 * comm_errorstr() - return an error string for the given error condition
 */
const char *
comm_errstr(int error)
{
  if (error < 0 || error >= COMM_ERR_MAX)
    return "Invalid error number!";
  return comm_err_str[error];
}

/*
 * comm_open() - open a socket
 *
 * This is a highly highly cut down version of squid's comm_open() which
 * for the most part emulates socket(), *EXCEPT* it fails if we're about
 * to run out of file descriptors.
 */
int
comm_socket(int family, int sock_type, int proto)
{
  /* First, make sure we aren't going to run out of file descriptors */
  if (number_fd >= hard_fdlimit)
  {
    errno = ENFILE;
    return -1;
  }

  /*
   * Next, we try to open the socket. We *should* drop the reserved FD
   * limit if/when we get an error, but we can deal with that later.
   * XXX !!! -- adrian
   */
  int fd = socket(family, sock_type, proto);
  if (fd < 0)
    return -1; /* errno will be passed through, yay.. */

  setup_socket(fd);

  return fd;
}

/*
 * comm_accept() - accept an incoming connection
 *
 * This is a simple wrapper for accept() which enforces FD limits like
 * comm_open() does. Returned fd must be either closed or tagged with
 * fd_open (this function no longer does it).
 */
int
comm_accept(fde_t *F, struct irc_ssaddr *addr)
{
  socklen_t addrlen = sizeof(struct irc_ssaddr);

  if (number_fd >= hard_fdlimit)
  {
    errno = ENFILE;
    return -1;
  }

  memset(addr, 0, sizeof(*addr));

  /*
   * Next, do the accept(). if we get an error, we should drop the
   * reserved fd limit, but we can deal with that when comm_open()
   * also does it. XXX -- adrian
   */
  int fd = accept(F->fd, (struct sockaddr *)addr, &addrlen);
  if (fd < 0)
    return -1;

  remove_ipv6_mapping(addr);

  setup_socket(fd);

  /* .. and return */
  return fd;
}

/*
 * remove_ipv6_mapping() - Removes IPv4-In-IPv6 mapping from an address
 * OSes with IPv6 mapping listening on both
 * AF_INET and AF_INET6 map AF_INET connections inside AF_INET6 structures
 *
 */
void
remove_ipv6_mapping(struct irc_ssaddr *addr)
{
  if (addr->ss.ss_family == AF_INET6)
  {
    if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)addr)->sin6_addr))
    {
      struct sockaddr_in6 v6;
      struct sockaddr_in *v4 = (struct sockaddr_in *)addr;

      memcpy(&v6, addr, sizeof(v6));
      memset(v4, 0, sizeof(struct sockaddr_in));
      memcpy(&v4->sin_addr, &v6.sin6_addr.s6_addr[12], sizeof(v4->sin_addr));

      addr->ss.ss_family = AF_INET;
      addr->ss_len = sizeof(struct sockaddr_in);
    }
    else
      addr->ss_len = sizeof(struct sockaddr_in6);
  }
  else
    addr->ss_len = sizeof(struct sockaddr_in);
}
Revision:	9590
Committed:	Sat Aug 29 14:23:01 2020 UTC (4 years, 11 months ago) by michael
Content type:	text/x-csrc
File size:	15977 byte(s)
Log Message:	- Make use of listener_has_flag() in various places; client-only listeners are now marked with a 'C' in "/stats P"
#	User	Rev	Content
1	adx	30	/*
2	michael	2916	* ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3	adx	30	*
4	michael	9101	* Copyright (c) 1997-2020 ircd-hybrid development team
5	adx	30	*
6			* This program is free software; you can redistribute it and/or modify
7			* it under the terms of the GNU General Public License as published by
8			* the Free Software Foundation; either version 2 of the License, or
9			* (at your option) any later version.
10			*
11			* This program is distributed in the hope that it will be useful,
12			* but WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU General Public License for more details.
15			*
16			* You should have received a copy of the GNU General Public License
17			* along with this program; if not, write to the Free Software
18	michael	4565	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19	adx	30	* USA
20			*/
21
22	michael	2916	/*! \file s_bsd.c
23			* \brief Network functions.
24			* \version $Id$
25			*/
26
27	adx	30	#include "stdinc.h"
28			#include <netinet/in_systm.h>
29			#include <netinet/ip.h>
30			#include <netinet/tcp.h>
31	michael	1011	#include "list.h"
32	adx	30	#include "fdlist.h"
33			#include "s_bsd.h"
34			#include "client.h"
35			#include "dbuf.h"
36			#include "event.h"
37			#include "irc_string.h"
38			#include "ircd.h"
39			#include "listener.h"
40			#include "numeric.h"
41			#include "packet.h"
42	michael	3322	#include "res.h"
43	adx	30	#include "restart.h"
44	michael	1309	#include "conf.h"
45			#include "log.h"
46	michael	3347	#include "server.h"
47	adx	30	#include "send.h"
48			#include "memory.h"
49	michael	3347	#include "user.h"
50	adx	30
51	michael	3274
52	michael	5887	static const char *const comm_err_str[] =
53			{
54			[COMM_OK] = "Comm OK",
55			[COMM_ERR_BIND] = "Error during bind()",
56			[COMM_ERR_TIMEOUT] = "connect timeout",
57			[COMM_ERR_CONNECT] = "Error during connect()",
58			[COMM_ERROR] = "Comm Error"
59			};
60	adx	30
61	michael	1013	static void comm_connect_callback(fde_t *, int);
62	michael	4461	static void comm_connect_timeout(fde_t , void );
63			static void comm_connect_tryconnect(fde_t , void );
64	adx	30
65
66	michael	8414	/* comm_get_sockerr - get the error value from the socket or the current errno
67	adx	30	*
68			* Get the real error from the socket (well try to anyway..).
69			* This may only work when SO_DEBUG is enabled but its worth the
70			* gamble anyway.
71			*/
72			int
73	michael	8826	comm_get_sockerr(fde_t *F)
74	adx	30	{
75			int errtmp = errno;
76			#ifdef SO_ERROR
77			int err = 0;
78			socklen_t len = sizeof(err);
79
80	michael	8826	assert(F);
81			assert(F->flags.open == true);
82
83			if (getsockopt(F->fd, SOL_SOCKET, SO_ERROR, &err, &len) == 0)
84	adx	30	{
85			if (err)
86			errtmp = err;
87			}
88	michael	8557
89	adx	30	errno = errtmp;
90			#endif
91			return errtmp;
92			}
93
94			/*
95	michael	2916	* report_error - report an error from an errno.
96	adx	30	* Record error to log and also send a copy to all LOCAL opers online.
97			*
98			* text is a format string for outputing error. It must
99			* contain only two '%s', the first will be replaced
100	michael	9250	* by the sockhost from the client, and the latter will
101	adx	30	* be taken from sys_errlist[errno].
102			*
103	michael	9250	* client if not NULL, is the LOCAL client associated with
104	adx	30	* the error.
105			*
106			* Cannot use perror() within daemon. stderr is closed in
107			* ircd and cannot be used. And, worse yet, it might have
108			* been reassigned to a normal connection...
109	michael	2916	*
110	adx	30	* Actually stderr is still there IFF ircd was run with -s --Rodder
111			*/
112			void
113	michael	8431	report_error(int level, const char text, const char who, int error)
114	adx	30	{
115			who = (who) ? who : "";
116
117	michael	1618	sendto_realops_flags(UMODE_DEBUG, level, SEND_NOTICE,
118			text, who, strerror(error));
119	michael	1247	ilog(LOG_TYPE_IRCD, text, who, strerror(error));
120	adx	30	}
121
122			/*
123			* setup_socket()
124			*
125			* Set the socket non-blocking, and other wonderful bits.
126			*/
127	michael	2632	static void
128			setup_socket(int fd)
129	adx	30	{
130			int opt = 1;
131
132	michael	967	setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt));
133	adx	30
134			#ifdef IPTOS_LOWDELAY
135			opt = IPTOS_LOWDELAY;
136	michael	967	setsockopt(fd, IPPROTO_IP, IP_TOS, &opt, sizeof(opt));
137	adx	30	#endif
138
139	michael	9054	#ifdef TCP_QUICKACK
140			opt = 1;
141			setsockopt(fd, SOL_SOCKET, TCP_QUICKACK, &opt, sizeof(opt));
142			#endif
143
144	adx	30	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) \| O_NONBLOCK);
145			}
146
147			/*
148			* ssl_handshake - let OpenSSL initialize the protocol. Register for
149			* read/write events if necessary.
150			*/
151			static void
152	michael	8339	ssl_handshake(fde_t F, void data)
153	adx	30	{
154	michael	9250	struct Client *client = data;
155	adx	30
156	michael	9250	assert(client);
157			assert(client->connection);
158			assert(client->connection->fd);
159			assert(client->connection->fd == F);
160	michael	8339
161	michael	9157	tls_handshake_status_t ret = tls_handshake(&F->tls, TLS_ROLE_SERVER, NULL);
162	michael	7105	if (ret != TLS_HANDSHAKE_DONE)
163	michael	2463	{
164	michael	9250	if ((event_base->time.sec_monotonic - client->connection->created_monotonic) > TLS_HANDSHAKE_TIMEOUT)
165	michael	2725	{
166	michael	9250	exit_client(client, "Timeout during TLS handshake");
167	michael	2725	return;
168			}
169
170	michael	7105	switch (ret)
171	michael	2463	{
172	michael	7105	case TLS_HANDSHAKE_WANT_WRITE:
173	michael	9250	comm_setselect(F, COMM_SELECT_WRITE, ssl_handshake, client, TLS_HANDSHAKE_TIMEOUT);
174	michael	2463	return;
175	michael	7105	case TLS_HANDSHAKE_WANT_READ:
176	michael	9250	comm_setselect(F, COMM_SELECT_READ, ssl_handshake, client, TLS_HANDSHAKE_TIMEOUT);
177	michael	2463	return;
178			default:
179	michael	9250	exit_client(client, "Error during TLS handshake");
180	michael	2916	return;
181	michael	2463	}
182			}
183
184	michael	8339	comm_settimeout(F, 0, NULL, NULL);
185	michael	2733
186	michael	9408	if (tls_verify_certificate(&F->tls, ConfigServerInfo.message_digest_algorithm, &client->tls_certfp) == false)
187	michael	9213	ilog(LOG_TYPE_IRCD, "Client %s gave bad TLS client certificate",
188	michael	9250	client_get_name(client, MASK_IP));
189	michael	2228
190	michael	9250	auth_start(client);
191	adx	30	}
192
193			/*
194	michael	2916	* add_connection - creates a client which has just connected to us on
195	adx	30	* the given fd. The sockhost field is initialized with the ip# of the host.
196			* An unique id is calculated now, in case it is needed for auth.
197			* The client is sent to the auth module for verification, and not put in
198			* any client list yet.
199			*/
200			void
201	michael	549	add_connection(struct Listener listener, struct irc_ssaddr irn, int fd)
202	adx	30	{
203	michael	9250	struct Client *client = client_make(NULL);
204	michael	549
205	michael	9590	client->connection->fd = fd_open(fd, true, listener_has_flag(listener, LISTENER_TLS) ?
206			"Incoming TLS connection" : "Incoming connection");
207	adx	30
208	michael	1123	/*
209	adx	30	* copy address to 'sockhost' as a string, copy it to host too
210			* so we have something valid to put into error messages...
211			*/
212	michael	9250	client->ip = *irn;
213	adx	30
214	michael	9250	getnameinfo((const struct sockaddr *)&client->ip,
215			client->ip.ss_len, client->sockhost,
216			sizeof(client->sockhost), NULL, 0, NI_NUMERICHOST);
217	michael	1072
218	michael	9250	if (client->sockhost[0] == ':')
219	adx	30	{
220	michael	9250	client->sockhost[0] = '0';
221			memmove(client->sockhost + 1, client->sockhost, sizeof(client->sockhost) - 1);
222	michael	549	}
223	adx	30
224	michael	9250	strlcpy(client->host, client->sockhost, sizeof(client->host));
225	michael	8265
226	michael	9250	client->connection->listener = listener;
227	adx	30	++listener->ref_count;
228
229	michael	9590	if (listener_has_flag(listener, LISTENER_TLS))
230	adx	30	{
231	michael	9250	if (tls_new(&client->connection->fd->tls, fd, TLS_ROLE_SERVER) == false)
232	adx	30	{
233	michael	9250	SetDead(client);
234			exit_client(client, "TLS context initialization failed");
235	adx	30	return;
236			}
237
238	michael	9250	AddFlag(client, FLAGS_TLS);
239			ssl_handshake(client->connection->fd, client);
240	adx	30	}
241			else
242	michael	9250	auth_start(client);
243	adx	30	}
244
245			/*
246			* stolen from squid - its a neat (but overused! :) routine which we
247			* can use to see whether we can ignore this errno or not. It is
248			* generally useful for non-blocking network IO related errnos.
249			* -- adrian
250			*/
251	michael	8660	bool
252	michael	8414	comm_ignore_errno(int ierrno)
253	adx	30	{
254			switch (ierrno)
255			{
256			case EINPROGRESS:
257			case EWOULDBLOCK:
258			#if EAGAIN != EWOULDBLOCK
259			case EAGAIN:
260			#endif
261			case EALREADY:
262			case EINTR:
263			#ifdef ERESTART
264			case ERESTART:
265			#endif
266	michael	8660	return true;
267	adx	30	default:
268	michael	8660	return false;
269	adx	30	}
270			}
271
272			/*
273			* comm_settimeout() - set the socket timeout
274			*
275			* Set the timeout for the fd
276			*/
277			void
278	michael	8339	comm_settimeout(fde_t F, uintmax_t timeout, void (callback)(fde_t , void ), void *cbdata)
279	adx	30	{
280	michael	8717	assert(F);
281	michael	8658	assert(F->flags.open == true);
282	adx	30
283	michael	9438	F->timeout = timeout ? event_base->time.sec_monotonic + timeout : 0;
284	michael	8339	F->timeout_handler = callback;
285			F->timeout_data = cbdata;
286	adx	30	}
287
288			/*
289			* comm_setflush() - set a flush function
290			*
291			* A flush function is simply a function called if found during
292			* comm_timeouts(). Its basically a second timeout, except in this case
293			* I'm too lazy to implement multiple timeout functions! :-)
294			* its kinda nice to have it separate, since this is designed for
295			* flush functions, and when comm_close() is implemented correctly
296			* with close functions, we _actually_ don't call comm_close() here ..
297			* -- originally Adrian's notes
298	michael	2916	* comm_close() is replaced with fd_close() in fdlist.c
299	adx	30	*/
300			void
301	michael	8339	comm_setflush(fde_t F, uintmax_t timeout, void (callback)(fde_t , void ), void *cbdata)
302	adx	30	{
303	michael	8717	assert(F);
304	michael	8658	assert(F->flags.open == true);
305	adx	30
306	michael	9438	F->flush_timeout = timeout ? event_base->time.sec_monotonic + timeout : 0;
307	michael	8339	F->flush_handler = callback;
308			F->flush_data = cbdata;
309	adx	30	}
310
311			/*
312			* comm_checktimeouts() - check the socket timeouts
313			*
314			* All this routine does is call the given callback/cbdata, without closing
315			* down the file descriptor. When close handlers have been implemented,
316			* this will happen.
317			*/
318			void
319	michael	4439	comm_checktimeouts(void *unused)
320	adx	30	{
321	michael	8339	for (int fd = 0; fd <= highest_fd; ++fd)
322	michael	7431	{
323	michael	8339	fde_t *F = &fd_table[fd];
324	adx	30
325	michael	8658	if (F->flags.open == false)
326	michael	8339	continue;
327	adx	30
328	michael	8339	/* check flush functions */
329	michael	9440	if (F->flush_timeout && F->flush_timeout < event_base->time.sec_monotonic)
330	michael	8339	{
331	michael	9440	void (hdl)(fde_t , void *) = F->flush_handler;
332			void *data = F->flush_data;
333	michael	8349
334	michael	8339	comm_setflush(F, 0, NULL, NULL);
335			hdl(F, data);
336	adx	30	}
337	michael	8339
338			/* check timeouts */
339	michael	9440	if (F->timeout && F->timeout < event_base->time.sec_monotonic)
340	michael	8339	{
341			/* Call timeout handler */
342	michael	9440	void (hdl)(fde_t , void *) = F->timeout_handler;
343			void *data = F->timeout_data;
344	michael	8349
345	michael	8339	comm_settimeout(F, 0, NULL, NULL);
346			hdl(F, data);
347			}
348	michael	7431	}
349	adx	30	}
350
351			/*
352			* void comm_connect_tcp(int fd, const char *host, unsigned short port,
353			* struct sockaddr *clocal, int socklen,
354			* CNCB callback, void data, int aftype, int timeout)
355			* Input: An fd to connect with, a host and port to connect to,
356			* a local sockaddr to connect from + length(or NULL to use the
357			* default), a callback, the data to pass into the callback, the
358			* address family.
359			* Output: None.
360			* Side-effects: A non-blocking connection to the host is started, and
361			* if necessary, set up for selection. The callback given
362			* may be called now, or it may be called later.
363			*/
364			void
365	michael	8872	comm_connect_tcp(fde_t F, const struct irc_ssaddr caddr, unsigned short port, const struct irc_ssaddr *baddr,
366			void (callback)(fde_t , int, void ), void data, uintmax_t timeout)
367	adx	30	{
368	michael	8872	assert(callback);
369	adx	30
370	michael	9043	F->connect.hostaddr = *caddr;
371	michael	8872	/* The cast is hacky, but safe - port offset is same on v4 and v6 */
372			((struct sockaddr_in *)&F->connect.hostaddr)->sin_port = htons(port);
373	michael	8339	F->connect.callback = callback;
374			F->connect.data = data;
375	adx	30
376			/* Note that we're using a passed sockaddr here. This is because
377			* generally you'll be bind()ing to a sockaddr grabbed from
378			* getsockname(), so this makes things easier.
379			* XXX If NULL is passed as local, we should later on bind() to the
380			* virtual host IP, for completeness.
381			* -- adrian
382			*/
383	michael	8872	if (baddr && bind(F->fd, (const struct sockaddr *)baddr, baddr->ss_len) < 0)
384	michael	2916	{
385	adx	30	/* Failure, call the callback with COMM_ERR_BIND */
386	michael	8339	comm_connect_callback(F, COMM_ERR_BIND);
387	michael	6948	return; /* ... and quit */
388	adx	30	}
389
390	michael	8941	comm_settimeout(F, timeout, comm_connect_timeout, NULL);
391	michael	8872	comm_connect_tryconnect(F, NULL);
392	adx	30	}
393
394			/*
395			* comm_connect_callback() - call the callback, and continue with life
396			*/
397			static void
398	michael	8339	comm_connect_callback(fde_t *F, int status)
399	adx	30	{
400	michael	4464	void (hdl)(fde_t , int, void *);
401	adx	30
402			/* This check is gross..but probably necessary */
403	michael	8339	if (F->connect.callback == NULL)
404	adx	30	return;
405
406			/* Clear the connect flag + handler */
407	michael	8339	hdl = F->connect.callback;
408			F->connect.callback = NULL;
409	adx	30
410			/* Clear the timeout handler */
411	michael	8339	comm_settimeout(F, 0, NULL, NULL);
412	adx	30
413			/* Call the handler */
414	michael	8339	hdl(F, status, F->connect.data);
415	adx	30	}
416
417			/*
418			* comm_connect_timeout() - this gets called when the socket connection
419			* times out. This only can be called once connect() is initially
420			* called ..
421			*/
422			static void
423	michael	8339	comm_connect_timeout(fde_t F, void unused)
424	adx	30	{
425			/* error! */
426	michael	8339	comm_connect_callback(F, COMM_ERR_TIMEOUT);
427	adx	30	}
428
429	michael	8339	/* static void comm_connect_tryconnect(fde_t fd, void unused)
430	adx	30	* Input: The fd, the handler data(unused).
431			* Output: None.
432			* Side-effects: Try and connect with pending connect data for the FD. If
433			* we succeed or get a fatal error, call the callback.
434			* Otherwise, it is still blocking or something, so register
435			* to select for a write event on this FD.
436			*/
437			static void
438	michael	8339	comm_connect_tryconnect(fde_t F, void unused)
439	adx	30	{
440			/* This check is needed or re-entrant s_bsd_* like sigio break it. */
441	michael	8339	if (F->connect.callback == NULL)
442	adx	30	return;
443
444			/* Try the connect() */
445	michael	8339	int retval = connect(F->fd, (struct sockaddr *)&F->connect.hostaddr, F->connect.hostaddr.ss_len);
446	adx	30
447			/* Error? */
448			if (retval < 0)
449			{
450			/*
451			* If we get EISCONN, then we've already connect()ed the socket,
452			* which is a good thing.
453			* -- adrian
454			*/
455			if (errno == EISCONN)
456	michael	8339	comm_connect_callback(F, COMM_OK);
457	michael	8414	else if (comm_ignore_errno(errno))
458	adx	30	/* Ignore error? Reschedule */
459	michael	8339	comm_setselect(F, COMM_SELECT_WRITE, comm_connect_tryconnect, NULL, 0);
460	adx	30	else
461			/* Error? Fail with COMM_ERR_CONNECT */
462	michael	8339	comm_connect_callback(F, COMM_ERR_CONNECT);
463	adx	30	return;
464			}
465
466			/* If we get here, we've suceeded, so call with COMM_OK */
467	michael	8339	comm_connect_callback(F, COMM_OK);
468	adx	30	}
469
470			/*
471			* comm_errorstr() - return an error string for the given error condition
472			*/
473			const char *
474			comm_errstr(int error)
475			{
476			if (error < 0 \|\| error >= COMM_ERR_MAX)
477			return "Invalid error number!";
478			return comm_err_str[error];
479			}
480
481			/*
482			* comm_open() - open a socket
483			*
484			* This is a highly highly cut down version of squid's comm_open() which
485			* for the most part emulates socket(), EXCEPT it fails if we're about
486			* to run out of file descriptors.
487			*/
488			int
489	michael	8339	comm_socket(int family, int sock_type, int proto)
490	adx	30	{
491			/* First, make sure we aren't going to run out of file descriptors */
492			if (number_fd >= hard_fdlimit)
493			{
494			errno = ENFILE;
495			return -1;
496			}
497
498			/*
499			* Next, we try to open the socket. We should drop the reserved FD
500			* limit if/when we get an error, but we can deal with that later.
501			* XXX !!! -- adrian
502			*/
503	michael	7431	int fd = socket(family, sock_type, proto);
504	adx	30	if (fd < 0)
505			return -1; /* errno will be passed through, yay.. */
506
507	michael	2632	setup_socket(fd);
508	adx	30
509	michael	8339	return fd;
510	adx	30	}
511
512			/*
513			* comm_accept() - accept an incoming connection
514			*
515			* This is a simple wrapper for accept() which enforces FD limits like
516			* comm_open() does. Returned fd must be either closed or tagged with
517			* fd_open (this function no longer does it).
518			*/
519			int
520	michael	8826	comm_accept(fde_t F, struct irc_ssaddr addr)
521	adx	30	{
522			socklen_t addrlen = sizeof(struct irc_ssaddr);
523
524			if (number_fd >= hard_fdlimit)
525			{
526			errno = ENFILE;
527			return -1;
528			}
529
530	michael	8431	memset(addr, 0, sizeof(*addr));
531	michael	4407
532	adx	30	/*
533			* Next, do the accept(). if we get an error, we should drop the
534			* reserved fd limit, but we can deal with that when comm_open()
535			* also does it. XXX -- adrian
536			*/
537	michael	8826	int fd = accept(F->fd, (struct sockaddr *)addr, &addrlen);
538			if (fd < 0)
539	adx	30	return -1;
540
541	michael	4407	remove_ipv6_mapping(addr);
542	adx	30
543	michael	8826	setup_socket(fd);
544	adx	30
545			/* .. and return */
546	michael	8826	return fd;
547	adx	30	}
548
549	michael	2916	/*
550	adx	30	* remove_ipv6_mapping() - Removes IPv4-In-IPv6 mapping from an address
551	michael	1122	* OSes with IPv6 mapping listening on both
552	adx	30	* AF_INET and AF_INET6 map AF_INET connections inside AF_INET6 structures
553	michael	2916	*
554	adx	30	*/
555			void
556			remove_ipv6_mapping(struct irc_ssaddr *addr)
557			{
558			if (addr->ss.ss_family == AF_INET6)
559			{
560	michael	1122	if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)addr)->sin6_addr))
561			{
562	michael	2916	struct sockaddr_in6 v6;
563	michael	1122	struct sockaddr_in v4 = (struct sockaddr_in )addr;
564	adx	30
565	michael	1122	memcpy(&v6, addr, sizeof(v6));
566			memset(v4, 0, sizeof(struct sockaddr_in));
567			memcpy(&v4->sin_addr, &v6.sin6_addr.s6_addr[12], sizeof(v4->sin_addr));
568
569	adx	30	addr->ss.ss_family = AF_INET;
570			addr->ss_len = sizeof(struct sockaddr_in);
571			}
572	michael	2916	else
573	adx	30	addr->ss_len = sizeof(struct sockaddr_in6);
574			}
575			else
576			addr->ss_len = sizeof(struct sockaddr_in);
577	michael	2916	}