| 26 |
|
#include <netinet/in_systm.h> |
| 27 |
|
#include <netinet/ip.h> |
| 28 |
|
#include <netinet/tcp.h> |
| 29 |
+ |
#include "list.h" |
| 30 |
|
#include "fdlist.h" |
| 31 |
|
#include "s_bsd.h" |
| 32 |
|
#include "client.h" |
| 32 |
– |
#include "common.h" |
| 33 |
|
#include "dbuf.h" |
| 34 |
|
#include "event.h" |
| 35 |
|
#include "irc_string.h" |
| 36 |
– |
#include "irc_getnameinfo.h" |
| 37 |
– |
#include "irc_getaddrinfo.h" |
| 36 |
|
#include "ircd.h" |
| 39 |
– |
#include "list.h" |
| 37 |
|
#include "listener.h" |
| 38 |
|
#include "numeric.h" |
| 39 |
|
#include "packet.h" |
| 40 |
|
#include "irc_res.h" |
| 44 |
– |
#include "inet_misc.h" |
| 41 |
|
#include "restart.h" |
| 42 |
|
#include "s_auth.h" |
| 43 |
< |
#include "s_conf.h" |
| 44 |
< |
#include "s_log.h" |
| 43 |
> |
#include "conf.h" |
| 44 |
> |
#include "log.h" |
| 45 |
|
#include "s_serv.h" |
| 46 |
|
#include "send.h" |
| 47 |
|
#include "memory.h" |
| 54 |
|
|
| 55 |
|
struct Callback *setup_socket_cb = NULL; |
| 56 |
|
|
| 57 |
< |
static void comm_connect_callback(fde_t *fd, int status); |
| 57 |
> |
static void comm_connect_callback(fde_t *, int); |
| 58 |
|
static PF comm_connect_timeout; |
| 59 |
|
static void comm_connect_dns_callback(void *, const struct irc_ssaddr *, const char *); |
| 60 |
|
static PF comm_connect_tryconnect; |
| 129 |
|
{ |
| 130 |
|
who = (who) ? who : ""; |
| 131 |
|
|
| 132 |
< |
sendto_realops_flags(UMODE_DEBUG, level, text, who, strerror(error)); |
| 133 |
< |
log_oper_action(LOG_IOERR_TYPE, NULL, "%s %s %s\n", who, text, strerror(error)); |
| 134 |
< |
ilog(L_ERROR, text, who, strerror(error)); |
| 132 |
> |
sendto_realops_flags(UMODE_DEBUG, level, SEND_NOTICE, |
| 133 |
> |
text, who, strerror(error)); |
| 134 |
> |
ilog(LOG_TYPE_IRCD, text, who, strerror(error)); |
| 135 |
|
} |
| 136 |
|
|
| 137 |
|
/* |
| 177 |
|
void |
| 178 |
|
close_connection(struct Client *client_p) |
| 179 |
|
{ |
| 180 |
< |
struct ConfItem *conf; |
| 185 |
< |
struct AccessItem *aconf; |
| 186 |
< |
struct ClassItem *aclass; |
| 180 |
> |
dlink_node *ptr = NULL; |
| 181 |
|
|
| 182 |
< |
assert(NULL != client_p); |
| 182 |
> |
assert(client_p); |
| 183 |
|
|
| 184 |
|
if (!IsDead(client_p)) |
| 185 |
|
{ |
| 192 |
|
send_queued_write(client_p); |
| 193 |
|
} |
| 194 |
|
|
| 195 |
< |
if (IsServer(client_p)) |
| 195 |
> |
if (IsClient(client_p)) |
| 196 |
> |
{ |
| 197 |
> |
++ServerStats.is_cl; |
| 198 |
> |
ServerStats.is_cbs += client_p->localClient->send.bytes; |
| 199 |
> |
ServerStats.is_cbr += client_p->localClient->recv.bytes; |
| 200 |
> |
ServerStats.is_cti += CurrentTime - client_p->localClient->firsttime; |
| 201 |
> |
} |
| 202 |
> |
else if (IsServer(client_p)) |
| 203 |
|
{ |
| 204 |
|
++ServerStats.is_sv; |
| 205 |
|
ServerStats.is_sbs += client_p->localClient->send.bytes; |
| 206 |
|
ServerStats.is_sbr += client_p->localClient->recv.bytes; |
| 207 |
< |
ServerStats.is_sti += CurrentTime - client_p->firsttime; |
| 207 |
> |
ServerStats.is_sti += CurrentTime - client_p->localClient->firsttime; |
| 208 |
|
|
| 209 |
< |
/* XXX Does this even make any sense at all anymore? |
| 209 |
< |
* scheduling a 'quick' reconnect could cause a pile of |
| 210 |
< |
* nick collides under TSora protocol... -db |
| 211 |
< |
*/ |
| 212 |
< |
/* |
| 213 |
< |
* If the connection has been up for a long amount of time, schedule |
| 214 |
< |
* a 'quick' reconnect, else reset the next-connect cycle. |
| 215 |
< |
*/ |
| 216 |
< |
if ((conf = find_conf_exact(SERVER_TYPE, |
| 217 |
< |
client_p->name, client_p->username, |
| 218 |
< |
client_p->host))) |
| 209 |
> |
DLINK_FOREACH(ptr, server_items.head) |
| 210 |
|
{ |
| 211 |
+ |
struct MaskItem *conf = ptr->data; |
| 212 |
+ |
|
| 213 |
+ |
if (irccmp(conf->name, client_p->name)) |
| 214 |
+ |
continue; |
| 215 |
+ |
|
| 216 |
|
/* |
| 217 |
< |
* Reschedule a faster reconnect, if this was a automatically |
| 218 |
< |
* connected configuration entry. (Note that if we have had |
| 223 |
< |
* a rehash in between, the status has been changed to |
| 224 |
< |
* CONF_ILLEGAL). But only do this if it was a "good" link. |
| 217 |
> |
* Reset next-connect cycle of all connect{} blocks that match |
| 218 |
> |
* this servername. |
| 219 |
|
*/ |
| 220 |
< |
aconf = (struct AccessItem *)map_to_conf(conf); |
| 227 |
< |
aclass = (struct ClassItem *)map_to_conf(aconf->class_ptr); |
| 228 |
< |
aconf->hold = time(NULL); |
| 229 |
< |
aconf->hold += (aconf->hold - client_p->since > HANGONGOODLINK) ? |
| 230 |
< |
HANGONRETRYDELAY : ConFreq(aclass); |
| 231 |
< |
if (nextconnect > aconf->hold) |
| 232 |
< |
nextconnect = aconf->hold; |
| 220 |
> |
conf->until = CurrentTime + conf->class->con_freq; |
| 221 |
|
} |
| 222 |
|
} |
| 235 |
– |
else if (IsClient(client_p)) |
| 236 |
– |
{ |
| 237 |
– |
++ServerStats.is_cl; |
| 238 |
– |
ServerStats.is_cbs += client_p->localClient->send.bytes; |
| 239 |
– |
ServerStats.is_cbr += client_p->localClient->recv.bytes; |
| 240 |
– |
ServerStats.is_cti += CurrentTime - client_p->firsttime; |
| 241 |
– |
} |
| 223 |
|
else |
| 224 |
|
++ServerStats.is_ni; |
| 225 |
|
|
| 235 |
|
if (client_p->localClient->fd.flags.open) |
| 236 |
|
fd_close(&client_p->localClient->fd); |
| 237 |
|
|
| 257 |
– |
if (HasServlink(client_p)) |
| 258 |
– |
{ |
| 259 |
– |
if (client_p->localClient->ctrlfd.flags.open) |
| 260 |
– |
fd_close(&client_p->localClient->ctrlfd); |
| 261 |
– |
} |
| 262 |
– |
|
| 238 |
|
dbuf_clear(&client_p->localClient->buf_sendq); |
| 239 |
|
dbuf_clear(&client_p->localClient->buf_recvq); |
| 240 |
|
|
| 241 |
|
MyFree(client_p->localClient->passwd); |
| 242 |
< |
detach_conf(client_p, CONF_TYPE); |
| 242 |
> |
detach_conf(client_p, CONF_CLIENT|CONF_OPER|CONF_SERVER); |
| 243 |
|
client_p->from = NULL; /* ...this should catch them! >:) --msa */ |
| 244 |
|
} |
| 245 |
|
|
| 251 |
|
static void |
| 252 |
|
ssl_handshake(int fd, struct Client *client_p) |
| 253 |
|
{ |
| 254 |
+ |
X509 *cert = NULL; |
| 255 |
|
int ret = SSL_accept(client_p->localClient->fd.ssl); |
| 256 |
|
|
| 257 |
+ |
if ((cert = SSL_get_peer_certificate(client_p->localClient->fd.ssl))) |
| 258 |
+ |
{ |
| 259 |
+ |
int res = SSL_get_verify_result(client_p->localClient->fd.ssl); |
| 260 |
+ |
char buf[EVP_MAX_MD_SIZE * 2 + 1] = { '\0' }; |
| 261 |
+ |
unsigned char md[EVP_MAX_MD_SIZE] = { '\0' }; |
| 262 |
+ |
|
| 263 |
+ |
if (res == X509_V_OK || res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || |
| 264 |
+ |
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE || |
| 265 |
+ |
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) |
| 266 |
+ |
{ |
| 267 |
+ |
unsigned int i = 0, n = 0; |
| 268 |
+ |
|
| 269 |
+ |
if (X509_digest(cert, EVP_sha256(), md, &n)) |
| 270 |
+ |
{ |
| 271 |
+ |
for (; i < n; ++i) |
| 272 |
+ |
snprintf(buf + 2 * i, 3, "%02X", md[i]); |
| 273 |
+ |
client_p->certfp = xstrdup(buf); |
| 274 |
+ |
} |
| 275 |
+ |
} |
| 276 |
+ |
else |
| 277 |
+ |
ilog(LOG_TYPE_IRCD, "Client %s!%s@%s gave bad SSL client certificate: %d", |
| 278 |
+ |
client_p->name, client_p->username, client_p->host, res); |
| 279 |
+ |
X509_free(cert); |
| 280 |
+ |
} |
| 281 |
+ |
|
| 282 |
|
if (ret <= 0) |
| 283 |
+ |
{ |
| 284 |
|
switch (SSL_get_error(client_p->localClient->fd.ssl, ret)) |
| 285 |
|
{ |
| 286 |
|
case SSL_ERROR_WANT_WRITE: |
| 297 |
|
exit_client(client_p, client_p, "Error during SSL handshake"); |
| 298 |
|
return; |
| 299 |
|
} |
| 300 |
+ |
} |
| 301 |
|
|
| 302 |
< |
execute_callback(auth_cb, client_p); |
| 302 |
> |
start_auth(client_p); |
| 303 |
|
} |
| 304 |
|
#endif |
| 305 |
|
|
| 313 |
|
void |
| 314 |
|
add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd) |
| 315 |
|
{ |
| 316 |
< |
struct Client *new_client; |
| 314 |
< |
|
| 315 |
< |
assert(NULL != listener); |
| 316 |
< |
|
| 317 |
< |
new_client = make_client(NULL); |
| 316 |
> |
struct Client *new_client = make_client(NULL); |
| 317 |
|
|
| 318 |
|
fd_open(&new_client->localClient->fd, fd, 1, |
| 319 |
|
(listener->flags & LISTENER_SSL) ? |
| 320 |
|
"Incoming SSL connection" : "Incoming connection"); |
| 321 |
|
|
| 322 |
< |
/* |
| 322 |
> |
/* |
| 323 |
|
* copy address to 'sockhost' as a string, copy it to host too |
| 324 |
|
* so we have something valid to put into error messages... |
| 325 |
|
*/ |
| 326 |
|
memcpy(&new_client->localClient->ip, irn, sizeof(struct irc_ssaddr)); |
| 327 |
|
|
| 328 |
< |
irc_getnameinfo((struct sockaddr*)&new_client->localClient->ip, |
| 329 |
< |
new_client->localClient->ip.ss_len, new_client->sockhost, |
| 330 |
< |
HOSTIPLEN, NULL, 0, NI_NUMERICHOST); |
| 328 |
> |
getnameinfo((struct sockaddr *)&new_client->localClient->ip, |
| 329 |
> |
new_client->localClient->ip.ss_len, new_client->sockhost, |
| 330 |
> |
sizeof(new_client->sockhost), NULL, 0, NI_NUMERICHOST); |
| 331 |
|
new_client->localClient->aftype = new_client->localClient->ip.ss.ss_family; |
| 333 |
– |
#ifdef IPV6 |
| 334 |
– |
if (new_client->sockhost[0] == ':') |
| 335 |
– |
strlcat(new_client->host, "0", HOSTLEN+1); |
| 332 |
|
|
| 333 |
< |
if (new_client->localClient->aftype == AF_INET6 && |
| 334 |
< |
ConfigFileEntry.dot_in_ip6_addr == 1) |
| 333 |
> |
#ifdef HAVE_LIBGEOIP |
| 334 |
> |
/* XXX IPV6 SUPPORT XXX */ |
| 335 |
> |
if (irn->ss.ss_family == AF_INET && geoip_ctx) |
| 336 |
|
{ |
| 337 |
< |
strlcat(new_client->host, new_client->sockhost,HOSTLEN+1); |
| 338 |
< |
strlcat(new_client->host, ".", HOSTLEN+1); |
| 337 |
> |
const struct sockaddr_in *v4 = (const struct sockaddr_in *)&new_client->localClient->ip; |
| 338 |
> |
new_client->localClient->country_id = GeoIP_id_by_ipnum(geoip_ctx, (unsigned long)ntohl(v4->sin_addr.s_addr)); |
| 339 |
|
} |
| 343 |
– |
else |
| 340 |
|
#endif |
| 341 |
< |
strlcat(new_client->host, new_client->sockhost,HOSTLEN+1); |
| 341 |
> |
|
| 342 |
> |
if (new_client->sockhost[0] == ':' && new_client->sockhost[1] == ':') |
| 343 |
> |
{ |
| 344 |
> |
strlcpy(new_client->host, "0", sizeof(new_client->host)); |
| 345 |
> |
strlcpy(new_client->host+1, new_client->sockhost, sizeof(new_client->host)-1); |
| 346 |
> |
memmove(new_client->sockhost+1, new_client->sockhost, sizeof(new_client->sockhost)-1); |
| 347 |
> |
new_client->sockhost[0] = '0'; |
| 348 |
> |
} |
| 349 |
> |
else |
| 350 |
> |
strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host)); |
| 351 |
|
|
| 352 |
|
new_client->localClient->listener = listener; |
| 353 |
|
++listener->ref_count; |
| 357 |
|
{ |
| 358 |
|
if ((new_client->localClient->fd.ssl = SSL_new(ServerInfo.server_ctx)) == NULL) |
| 359 |
|
{ |
| 360 |
< |
ilog(L_CRIT, "SSL_new() ERROR! -- %s", |
| 360 |
> |
ilog(LOG_TYPE_IRCD, "SSL_new() ERROR! -- %s", |
| 361 |
|
ERR_error_string(ERR_get_error(), NULL)); |
| 362 |
|
|
| 363 |
|
SetDead(new_client); |
| 365 |
|
return; |
| 366 |
|
} |
| 367 |
|
|
| 368 |
+ |
AddFlag(new_client, FLAGS_SSL); |
| 369 |
|
SSL_set_fd(new_client->localClient->fd.ssl, fd); |
| 370 |
|
ssl_handshake(0, new_client); |
| 371 |
|
} |
| 372 |
|
else |
| 373 |
|
#endif |
| 374 |
< |
execute_callback(auth_cb, new_client); |
| 374 |
> |
start_auth(new_client); |
| 375 |
|
} |
| 376 |
|
|
| 377 |
|
/* |
| 535 |
|
|
| 536 |
|
snprintf(portname, sizeof(portname), "%d", port); |
| 537 |
|
|
| 538 |
< |
if (irc_getaddrinfo(host, portname, &hints, &res)) |
| 538 |
> |
if (getaddrinfo(host, portname, &hints, &res)) |
| 539 |
|
{ |
| 540 |
|
/* Send the DNS request, for the next level */ |
| 541 |
|
if (aftype == AF_INET6) |
| 551 |
|
memcpy(&fd->connect.hostaddr, res->ai_addr, res->ai_addrlen); |
| 552 |
|
fd->connect.hostaddr.ss_len = res->ai_addrlen; |
| 553 |
|
fd->connect.hostaddr.ss.ss_family = res->ai_family; |
| 554 |
< |
irc_freeaddrinfo(res); |
| 554 |
> |
freeaddrinfo(res); |
| 555 |
|
comm_settimeout(fd, timeout*1000, comm_connect_timeout, NULL); |
| 556 |
|
comm_connect_tryconnect(fd, NULL); |
| 557 |
|
} |
| 743 |
|
* reserved fd limit, but we can deal with that when comm_open() |
| 744 |
|
* also does it. XXX -- adrian |
| 745 |
|
*/ |
| 746 |
< |
newfd = accept(lptr->fd.fd, (struct sockaddr *)pn, (socklen_t *)&addrlen); |
| 746 |
> |
newfd = accept(lptr->fd.fd, (struct sockaddr *)pn, &addrlen); |
| 747 |
|
if (newfd < 0) |
| 748 |
|
return -1; |
| 749 |
|
|
| 761 |
|
|
| 762 |
|
/* |
| 763 |
|
* remove_ipv6_mapping() - Removes IPv4-In-IPv6 mapping from an address |
| 764 |
< |
* This function should really inspect the struct itself rather than relying |
| 759 |
< |
* on inet_pton and inet_ntop. OSes with IPv6 mapping listening on both |
| 764 |
> |
* OSes with IPv6 mapping listening on both |
| 765 |
|
* AF_INET and AF_INET6 map AF_INET connections inside AF_INET6 structures |
| 766 |
|
* |
| 767 |
|
*/ |
| 771 |
|
{ |
| 772 |
|
if (addr->ss.ss_family == AF_INET6) |
| 773 |
|
{ |
| 774 |
< |
struct sockaddr_in6 *v6; |
| 770 |
< |
|
| 771 |
< |
v6 = (struct sockaddr_in6*)addr; |
| 772 |
< |
if (IN6_IS_ADDR_V4MAPPED(&v6->sin6_addr)) |
| 774 |
> |
if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)addr)->sin6_addr)) |
| 775 |
|
{ |
| 776 |
< |
char v4ip[HOSTIPLEN]; |
| 777 |
< |
struct sockaddr_in *v4 = (struct sockaddr_in*)addr; |
| 778 |
< |
inetntop(AF_INET6, &v6->sin6_addr, v4ip, HOSTIPLEN); |
| 779 |
< |
inet_pton(AF_INET, v4ip, &v4->sin_addr); |
| 776 |
> |
struct sockaddr_in6 v6; |
| 777 |
> |
struct sockaddr_in *v4 = (struct sockaddr_in *)addr; |
| 778 |
> |
|
| 779 |
> |
memcpy(&v6, addr, sizeof(v6)); |
| 780 |
> |
memset(v4, 0, sizeof(struct sockaddr_in)); |
| 781 |
> |
memcpy(&v4->sin_addr, &v6.sin6_addr.s6_addr[12], sizeof(v4->sin_addr)); |
| 782 |
> |
|
| 783 |
|
addr->ss.ss_family = AF_INET; |
| 784 |
|
addr->ss_len = sizeof(struct sockaddr_in); |
| 785 |
|
} |
