| 129 |
|
{ |
| 130 |
|
who = (who) ? who : ""; |
| 131 |
|
|
| 132 |
< |
sendto_realops_flags(UMODE_DEBUG, level, text, who, strerror(error)); |
| 132 |
> |
sendto_realops_flags(UMODE_DEBUG, level, SEND_NOTICE, |
| 133 |
> |
text, who, strerror(error)); |
| 134 |
|
ilog(LOG_TYPE_IRCD, text, who, strerror(error)); |
| 135 |
|
} |
| 136 |
|
|
| 177 |
|
void |
| 178 |
|
close_connection(struct Client *client_p) |
| 179 |
|
{ |
| 180 |
< |
struct ConfItem *conf; |
| 180 |
< |
struct AccessItem *aconf; |
| 181 |
< |
struct ClassItem *aclass; |
| 180 |
> |
dlink_node *ptr = NULL; |
| 181 |
|
|
| 182 |
< |
assert(NULL != client_p); |
| 182 |
> |
assert(client_p); |
| 183 |
|
|
| 184 |
|
if (!IsDead(client_p)) |
| 185 |
|
{ |
| 206 |
|
ServerStats.is_sbr += client_p->localClient->recv.bytes; |
| 207 |
|
ServerStats.is_sti += CurrentTime - client_p->localClient->firsttime; |
| 208 |
|
|
| 209 |
< |
/* XXX Does this even make any sense at all anymore? |
| 211 |
< |
* scheduling a 'quick' reconnect could cause a pile of |
| 212 |
< |
* nick collides under TSora protocol... -db |
| 213 |
< |
*/ |
| 214 |
< |
/* |
| 215 |
< |
* If the connection has been up for a long amount of time, schedule |
| 216 |
< |
* a 'quick' reconnect, else reset the next-connect cycle. |
| 217 |
< |
*/ |
| 218 |
< |
if ((conf = find_conf_exact(SERVER_TYPE, client_p->name, |
| 219 |
< |
client_p->username, client_p->host))) |
| 209 |
> |
DLINK_FOREACH(ptr, server_items.head) |
| 210 |
|
{ |
| 211 |
+ |
struct MaskItem *conf = ptr->data; |
| 212 |
+ |
|
| 213 |
+ |
if (irccmp(conf->name, client_p->name)) |
| 214 |
+ |
continue; |
| 215 |
+ |
|
| 216 |
|
/* |
| 217 |
< |
* Reschedule a faster reconnect, if this was a automatically |
| 218 |
< |
* connected configuration entry. (Note that if we have had |
| 224 |
< |
* a rehash in between, the status has been changed to |
| 225 |
< |
* CONF_ILLEGAL). But only do this if it was a "good" link. |
| 217 |
> |
* Reset next-connect cycle of all connect{} blocks that match |
| 218 |
> |
* this servername. |
| 219 |
|
*/ |
| 220 |
< |
aconf = map_to_conf(conf); |
| 228 |
< |
aclass = map_to_conf(aconf->class_ptr); |
| 229 |
< |
aconf->hold = time(NULL); |
| 230 |
< |
aconf->hold += (aconf->hold - client_p->localClient->since > HANGONGOODLINK) ? |
| 231 |
< |
HANGONRETRYDELAY : aclass->con_freq; |
| 220 |
> |
conf->until = CurrentTime + conf->class->con_freq; |
| 221 |
|
} |
| 222 |
|
} |
| 223 |
|
else |
| 239 |
|
dbuf_clear(&client_p->localClient->buf_recvq); |
| 240 |
|
|
| 241 |
|
MyFree(client_p->localClient->passwd); |
| 242 |
< |
detach_conf(client_p, CONF_TYPE); |
| 242 |
> |
detach_conf(client_p, CONF_CLIENT|CONF_OPER|CONF_SERVER); |
| 243 |
|
client_p->from = NULL; /* ...this should catch them! >:) --msa */ |
| 244 |
|
} |
| 245 |
|
|
| 251 |
|
static void |
| 252 |
|
ssl_handshake(int fd, struct Client *client_p) |
| 253 |
|
{ |
| 254 |
+ |
X509 *cert = NULL; |
| 255 |
|
int ret = SSL_accept(client_p->localClient->fd.ssl); |
| 256 |
|
|
| 257 |
+ |
if ((cert = SSL_get_peer_certificate(client_p->localClient->fd.ssl))) |
| 258 |
+ |
{ |
| 259 |
+ |
int res = SSL_get_verify_result(client_p->localClient->fd.ssl); |
| 260 |
+ |
char buf[EVP_MAX_MD_SIZE * 2 + 1] = { '\0' }; |
| 261 |
+ |
unsigned char md[EVP_MAX_MD_SIZE] = { '\0' }; |
| 262 |
+ |
|
| 263 |
+ |
if (res == X509_V_OK || res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || |
| 264 |
+ |
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE || |
| 265 |
+ |
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) |
| 266 |
+ |
{ |
| 267 |
+ |
unsigned int i = 0, n = 0; |
| 268 |
+ |
|
| 269 |
+ |
if (X509_digest(cert, EVP_sha256(), md, &n)) |
| 270 |
+ |
{ |
| 271 |
+ |
for (; i < n; ++i) |
| 272 |
+ |
snprintf(buf + 2 * i, 3, "%02X", md[i]); |
| 273 |
+ |
client_p->certfp = xstrdup(buf); |
| 274 |
+ |
} |
| 275 |
+ |
} |
| 276 |
+ |
else |
| 277 |
+ |
ilog(LOG_TYPE_IRCD, "Client %s!%s@%s gave bad SSL client certificate: %d", |
| 278 |
+ |
client_p->name, client_p->username, client_p->host, res); |
| 279 |
+ |
X509_free(cert); |
| 280 |
+ |
} |
| 281 |
+ |
|
| 282 |
|
if (ret <= 0) |
| 283 |
+ |
{ |
| 284 |
|
switch (SSL_get_error(client_p->localClient->fd.ssl, ret)) |
| 285 |
|
{ |
| 286 |
|
case SSL_ERROR_WANT_WRITE: |
| 297 |
|
exit_client(client_p, client_p, "Error during SSL handshake"); |
| 298 |
|
return; |
| 299 |
|
} |
| 300 |
+ |
} |
| 301 |
|
|
| 302 |
< |
execute_callback(auth_cb, client_p); |
| 302 |
> |
start_auth(client_p); |
| 303 |
|
} |
| 304 |
|
#endif |
| 305 |
|
|
| 330 |
|
sizeof(new_client->sockhost), NULL, 0, NI_NUMERICHOST); |
| 331 |
|
new_client->localClient->aftype = new_client->localClient->ip.ss.ss_family; |
| 332 |
|
|
| 333 |
+ |
#ifdef HAVE_LIBGEOIP |
| 334 |
+ |
/* XXX IPV6 SUPPORT XXX */ |
| 335 |
+ |
if (irn->ss.ss_family == AF_INET && geoip_ctx) |
| 336 |
+ |
{ |
| 337 |
+ |
const struct sockaddr_in *v4 = (const struct sockaddr_in *)&new_client->localClient->ip; |
| 338 |
+ |
new_client->localClient->country_id = GeoIP_id_by_ipnum(geoip_ctx, (unsigned long)ntohl(v4->sin_addr.s_addr)); |
| 339 |
+ |
} |
| 340 |
+ |
#endif |
| 341 |
+ |
|
| 342 |
|
if (new_client->sockhost[0] == ':' && new_client->sockhost[1] == ':') |
| 343 |
|
{ |
| 344 |
|
strlcpy(new_client->host, "0", sizeof(new_client->host)); |
| 365 |
|
return; |
| 366 |
|
} |
| 367 |
|
|
| 368 |
+ |
AddFlag(new_client, FLAGS_SSL); |
| 369 |
|
SSL_set_fd(new_client->localClient->fd.ssl, fd); |
| 370 |
|
ssl_handshake(0, new_client); |
| 371 |
|
} |
| 372 |
|
else |
| 373 |
|
#endif |
| 374 |
< |
execute_callback(auth_cb, new_client); |
| 374 |
> |
start_auth(new_client); |
| 375 |
|
} |
| 376 |
|
|
| 377 |
|
/* |
