ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/trunk/src/s_bsd.c
(Generate patch)

Comparing:
ircd-hybrid-7.3/src/s_bsd.c (file contents), Revision 1123 by michael, Sun Feb 6 21:57:50 2011 UTC vs.
ircd-hybrid/trunk/src/s_bsd.c (file contents), Revision 3324 by michael, Tue Apr 15 16:18:07 2014 UTC

# Line 1 | Line 1
1   /*
2 < *  ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3 < *  s_bsd.c: Network functions.
2 > *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3   *
4 < *  Copyright (C) 2002 by the past and present ircd coders, and others.
4 > *  Copyright (c) 1997-2014 ircd-hybrid development team
5   *
6   *  This program is free software; you can redistribute it and/or modify
7   *  it under the terms of the GNU General Public License as published by
# Line 18 | Line 17
17   *  along with this program; if not, write to the Free Software
18   *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
19   *  USA
20 < *
21 < *  $Id$
20 > */
21 >
22 > /*! \file s_bsd.c
23 > * \brief Network functions.
24 > * \version $Id$
25   */
26  
27   #include "stdinc.h"
# Line 30 | Line 32
32   #include "fdlist.h"
33   #include "s_bsd.h"
34   #include "client.h"
33 #include "common.h"
35   #include "dbuf.h"
36   #include "event.h"
37   #include "irc_string.h"
# Line 38 | Line 39
39   #include "listener.h"
40   #include "numeric.h"
41   #include "packet.h"
42 < #include "irc_res.h"
42 > #include "res.h"
43   #include "restart.h"
44 < #include "s_auth.h"
45 < #include "s_conf.h"
46 < #include "s_log.h"
44 > #include "auth.h"
45 > #include "conf.h"
46 > #include "log.h"
47   #include "s_serv.h"
48   #include "send.h"
49   #include "memory.h"
50   #include "s_user.h"
51 < #include "hook.h"
51 >
52  
53   static const char *comm_err_str[] = { "Comm OK", "Error during bind()",
54    "Error during DNS lookup", "connect timeout", "Error during connect()",
55    "Comm Error" };
56  
56 struct Callback *setup_socket_cb = NULL;
57
57   static void comm_connect_callback(fde_t *, int);
58   static PF comm_connect_timeout;
59   static void comm_connect_dns_callback(void *, const struct irc_ssaddr *, const char *);
# Line 107 | Line 106 | get_sockerr(int fd)
106   }
107  
108   /*
109 < * report_error - report an error from an errno.
109 > * report_error - report an error from an errno.
110   * Record error to log and also send a copy to all *LOCAL* opers online.
111   *
112   *        text        is a *format* string for outputing error. It must
# Line 121 | Line 120 | get_sockerr(int fd)
120   * Cannot use perror() within daemon. stderr is closed in
121   * ircd and cannot be used. And, worse yet, it might have
122   * been reassigned to a normal connection...
123 < *
123 > *
124   * Actually stderr is still there IFF ircd was run with -s --Rodder
125   */
126  
127   void
128 < report_error(int level, const char* text, const char* who, int error)
128 > report_error(int level, const char* text, const char* who, int error)
129   {
130    who = (who) ? who : "";
131  
132 <  sendto_realops_flags(UMODE_DEBUG, level, text, who, strerror(error));
133 <  log_oper_action(LOG_IOERR_TYPE, NULL, "%s %s %s\n", who, text, strerror(error));
134 <  ilog(L_ERROR, text, who, strerror(error));
132 >  sendto_realops_flags(UMODE_DEBUG, level, SEND_NOTICE,
133 >                       text, who, strerror(error));
134 >  ilog(LOG_TYPE_IRCD, text, who, strerror(error));
135   }
136  
137   /*
# Line 140 | Line 139 | report_error(int level, const char* text
139   *
140   * Set the socket non-blocking, and other wonderful bits.
141   */
142 < static void *
143 < setup_socket(va_list args)
142 > static void
143 > setup_socket(int fd)
144   {
146  int fd = va_arg(args, int);
145    int opt = 1;
146  
147    setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt));
# Line 154 | Line 152 | setup_socket(va_list args)
152   #endif
153  
154    fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
157
158  return NULL;
159 }
160
161 /*
162 * init_comm()
163 *
164 * Initializes comm subsystem.
165 */
166 void
167 init_comm(void)
168 {
169  setup_socket_cb = register_callback("setup_socket", setup_socket);
170  init_netio();
155   }
156  
157   /*
# Line 178 | Line 162 | init_comm(void)
162   void
163   close_connection(struct Client *client_p)
164   {
165 <  struct ConfItem *conf;
182 <  struct AccessItem *aconf;
183 <  struct ClassItem *aclass;
165 >  dlink_node *ptr = NULL;
166  
167 <  assert(NULL != client_p);
167 >  assert(client_p);
168  
169    if (!IsDead(client_p))
170    {
# Line 191 | Line 173 | close_connection(struct Client *client_p
173       * even if it is marked as blocked (COMM_SELECT_READ handler is called
174       * before COMM_SELECT_WRITE). Let's try, nothing to lose.. -adx
175       */
176 <    ClearSendqBlocked(client_p);
176 >    DelFlag(client_p, FLAGS_BLOCKED);
177      send_queued_write(client_p);
178    }
179  
180 <  if (IsServer(client_p))
180 >  if (IsClient(client_p))
181 >  {
182 >    ++ServerStats.is_cl;
183 >    ServerStats.is_cbs += client_p->localClient->send.bytes;
184 >    ServerStats.is_cbr += client_p->localClient->recv.bytes;
185 >    ServerStats.is_cti += CurrentTime - client_p->localClient->firsttime;
186 >  }
187 >  else if (IsServer(client_p))
188    {
189      ++ServerStats.is_sv;
190      ServerStats.is_sbs += client_p->localClient->send.bytes;
191      ServerStats.is_sbr += client_p->localClient->recv.bytes;
192 <    ServerStats.is_sti += CurrentTime - client_p->firsttime;
192 >    ServerStats.is_sti += CurrentTime - client_p->localClient->firsttime;
193  
194 <    /* XXX Does this even make any sense at all anymore?
206 <     * scheduling a 'quick' reconnect could cause a pile of
207 <     * nick collides under TSora protocol... -db
208 <     */
209 <    /*
210 <     * If the connection has been up for a long amount of time, schedule
211 <     * a 'quick' reconnect, else reset the next-connect cycle.
212 <     */
213 <    if ((conf = find_conf_exact(SERVER_TYPE, client_p->name,
214 <                                client_p->username, client_p->host)))
194 >    DLINK_FOREACH(ptr, server_items.head)
195      {
196 +      struct MaskItem *conf = ptr->data;
197 +
198 +      if (irccmp(conf->name, client_p->name))
199 +        continue;
200 +
201        /*
202 <       * Reschedule a faster reconnect, if this was a automatically
203 <       * connected configuration entry. (Note that if we have had
219 <       * a rehash in between, the status has been changed to
220 <       * CONF_ILLEGAL). But only do this if it was a "good" link.
202 >       * Reset next-connect cycle of all connect{} blocks that match
203 >       * this servername.
204         */
205 <      aconf  = map_to_conf(conf);
223 <      aclass = map_to_conf(aconf->class_ptr);
224 <      aconf->hold = time(NULL);
225 <      aconf->hold += (aconf->hold - client_p->since > HANGONGOODLINK) ?
226 <        HANGONRETRYDELAY : ConFreq(aclass);
205 >      conf->until = CurrentTime + conf->class->con_freq;
206      }
207    }
229  else if (IsClient(client_p))
230  {
231    ++ServerStats.is_cl;
232    ServerStats.is_cbs += client_p->localClient->send.bytes;
233    ServerStats.is_cbr += client_p->localClient->recv.bytes;
234    ServerStats.is_cti += CurrentTime - client_p->firsttime;
235  }
208    else
209      ++ServerStats.is_ni;
210  
# Line 248 | Line 220 | close_connection(struct Client *client_p
220    if (client_p->localClient->fd.flags.open)
221      fd_close(&client_p->localClient->fd);
222  
251  if (HasServlink(client_p))
252  {
253    if (client_p->localClient->ctrlfd.flags.open)
254      fd_close(&client_p->localClient->ctrlfd);
255  }
256
223    dbuf_clear(&client_p->localClient->buf_sendq);
224    dbuf_clear(&client_p->localClient->buf_recvq);
225 <  
225 >
226    MyFree(client_p->localClient->passwd);
227 <  detach_conf(client_p, CONF_TYPE);
262 <  client_p->from = NULL; /* ...this should catch them! >:) --msa */
227 >  detach_conf(client_p, CONF_CLIENT|CONF_OPER|CONF_SERVER);
228   }
229  
230   #ifdef HAVE_LIBCRYPTO
# Line 270 | Line 235 | close_connection(struct Client *client_p
235   static void
236   ssl_handshake(int fd, struct Client *client_p)
237   {
238 <  int ret = SSL_accept(client_p->localClient->fd.ssl);
238 >  X509 *cert = NULL;
239 >  int ret = 0;
240 >
241 >  if ((ret = SSL_accept(client_p->localClient->fd.ssl)) <= 0)
242 >  {
243 >    if ((CurrentTime - client_p->localClient->firsttime) > 30)
244 >    {
245 >      exit_client(client_p, "Timeout during SSL handshake");
246 >      return;
247 >    }
248  
275  if (ret <= 0)
249      switch (SSL_get_error(client_p->localClient->fd.ssl, ret))
250      {
251        case SSL_ERROR_WANT_WRITE:
252          comm_setselect(&client_p->localClient->fd, COMM_SELECT_WRITE,
253 <                       (PF *) ssl_handshake, client_p, 0);
253 >                       (PF *)ssl_handshake, client_p, 30);
254          return;
255  
256        case SSL_ERROR_WANT_READ:
257          comm_setselect(&client_p->localClient->fd, COMM_SELECT_READ,
258 <                       (PF *) ssl_handshake, client_p, 0);
258 >                       (PF *)ssl_handshake, client_p, 30);
259          return;
260  
261        default:
262 <        exit_client(client_p, client_p, "Error during SSL handshake");
263 <        return;
262 >        exit_client(client_p, "Error during SSL handshake");
263 >        return;
264      }
265 +  }
266 +
267 +  comm_settimeout(&client_p->localClient->fd, 0, NULL, NULL);
268 +
269 +  if ((cert = SSL_get_peer_certificate(client_p->localClient->fd.ssl)))
270 +  {
271 +    int res = SSL_get_verify_result(client_p->localClient->fd.ssl);
272 +    char buf[EVP_MAX_MD_SIZE * 2 + 1] = { '\0' };
273 +    unsigned char md[EVP_MAX_MD_SIZE] = { '\0' };
274 +
275 +    if (res == X509_V_OK || res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
276 +        res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
277 +        res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
278 +    {
279 +      unsigned int i = 0, n = 0;
280  
281 <  execute_callback(auth_cb, client_p);
281 >      if (X509_digest(cert, EVP_sha256(), md, &n))
282 >      {
283 >        for (; i < n; ++i)
284 >          snprintf(buf + 2 * i, 3, "%02X", md[i]);
285 >        client_p->certfp = xstrdup(buf);
286 >      }
287 >    }
288 >    else
289 >      ilog(LOG_TYPE_IRCD, "Client %s!%s@%s gave bad SSL client certificate: %d",
290 >           client_p->name, client_p->username, client_p->host, res);
291 >    X509_free(cert);
292 >  }
293 >
294 >  start_auth(client_p);
295   }
296   #endif
297  
298   /*
299 < * add_connection - creates a client which has just connected to us on
299 > * add_connection - creates a client which has just connected to us on
300   * the given fd. The sockhost field is initialized with the ip# of the host.
301   * An unique id is calculated now, in case it is needed for auth.
302   * The client is sent to the auth module for verification, and not put in
# Line 304 | Line 305 | ssl_handshake(int fd, struct Client *cli
305   void
306   add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd)
307   {
308 <  struct Client *new_client = make_client(NULL);
308 >  struct Client *client_p = make_client(NULL);
309  
310 <  fd_open(&new_client->localClient->fd, fd, 1,
310 >  fd_open(&client_p->localClient->fd, fd, 1,
311            (listener->flags & LISTENER_SSL) ?
312 <          "Incoming SSL connection" : "Incoming connection");
312 >          "Incoming SSL connection" : "Incoming connection");
313  
314    /*
315     * copy address to 'sockhost' as a string, copy it to host too
316     * so we have something valid to put into error messages...
317     */
318 <  memcpy(&new_client->localClient->ip, irn, sizeof(struct irc_ssaddr));
318 >  memcpy(&client_p->localClient->ip, irn, sizeof(struct irc_ssaddr));
319  
320 <  getnameinfo((struct sockaddr *)&new_client->localClient->ip,
321 <              new_client->localClient->ip.ss_len, new_client->sockhost,
322 <              sizeof(new_client->sockhost), NULL, 0, NI_NUMERICHOST);
323 <  new_client->localClient->aftype = new_client->localClient->ip.ss.ss_family;
324 <
325 <  if (new_client->sockhost[0] == ':' && new_client->sockhost[1] == ':')
326 <  {
327 <    strlcpy(new_client->host, "0", sizeof(new_client->host));
328 <    strlcpy(new_client->host+1, new_client->sockhost, sizeof(new_client->host)-1);
329 <    memmove(new_client->sockhost+1, new_client->sockhost, sizeof(new_client->sockhost)-1);
330 <    new_client->sockhost[0] = '0';
320 >  getnameinfo((struct sockaddr *)&client_p->localClient->ip,
321 >              client_p->localClient->ip.ss_len, client_p->sockhost,
322 >              sizeof(client_p->sockhost), NULL, 0, NI_NUMERICHOST);
323 >  client_p->localClient->aftype = client_p->localClient->ip.ss.ss_family;
324 >
325 > #ifdef HAVE_LIBGEOIP
326 >  /* XXX IPV6 SUPPORT XXX */
327 >  if (irn->ss.ss_family == AF_INET && geoip_ctx)
328 >  {
329 >    const struct sockaddr_in *v4 = (const struct sockaddr_in *)&client_p->localClient->ip;
330 >    client_p->localClient->country_id = GeoIP_id_by_ipnum(geoip_ctx, (unsigned long)ntohl(v4->sin_addr.s_addr));
331 >  }
332 > #endif
333 >
334 >  if (client_p->sockhost[0] == ':' && client_p->sockhost[1] == ':')
335 >  {
336 >    strlcpy(client_p->host, "0", sizeof(client_p->host));
337 >    strlcpy(client_p->host+1, client_p->sockhost, sizeof(client_p->host)-1);
338 >    memmove(client_p->sockhost+1, client_p->sockhost, sizeof(client_p->sockhost)-1);
339 >    client_p->sockhost[0] = '0';
340    }
341    else
342 <    strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host));
342 >    strlcpy(client_p->host, client_p->sockhost, sizeof(client_p->host));
343  
344 <  new_client->localClient->listener = listener;
344 >  client_p->localClient->listener = listener;
345    ++listener->ref_count;
346  
347   #ifdef HAVE_LIBCRYPTO
348    if (listener->flags & LISTENER_SSL)
349    {
350 <    if ((new_client->localClient->fd.ssl = SSL_new(ServerInfo.server_ctx)) == NULL)
350 >    if ((client_p->localClient->fd.ssl = SSL_new(ServerInfo.server_ctx)) == NULL)
351      {
352 <      ilog(L_CRIT, "SSL_new() ERROR! -- %s",
352 >      ilog(LOG_TYPE_IRCD, "SSL_new() ERROR! -- %s",
353             ERR_error_string(ERR_get_error(), NULL));
354  
355 <      SetDead(new_client);
356 <      exit_client(new_client, new_client, "SSL_new failed");
355 >      SetDead(client_p);
356 >      exit_client(client_p, "SSL_new failed");
357        return;
358      }
359  
360 <    SSL_set_fd(new_client->localClient->fd.ssl, fd);
361 <    ssl_handshake(0, new_client);
360 >    AddFlag(client_p, FLAGS_SSL);
361 >    SSL_set_fd(client_p->localClient->fd.ssl, fd);
362 >    ssl_handshake(0, client_p);
363    }
364    else
365   #endif
366 <    execute_callback(auth_cb, new_client);
366 >    start_auth(client_p);
367   }
368  
369   /*
# Line 407 | Line 418 | comm_settimeout(fde_t *fd, time_t timeou
418   * flush functions, and when comm_close() is implemented correctly
419   * with close functions, we _actually_ don't call comm_close() here ..
420   * -- originally Adrian's notes
421 < * comm_close() is replaced with fd_close() in fdlist.c
421 > * comm_close() is replaced with fd_close() in fdlist.c
422   */
423   void
424   comm_setflush(fde_t *fd, time_t timeout, PF *callback, void *cbdata)
# Line 499 | Line 510 | comm_connect_tcp(fde_t *fd, const char *
510     *   -- adrian
511     */
512    if ((clocal != NULL) && (bind(fd->fd, clocal, socklen) < 0))
513 <  {
513 >  {
514      /* Failure, call the callback with COMM_ERR_BIND */
515      comm_connect_callback(fd, COMM_ERR_BIND);
516      /* ... and quit */
# Line 596 | Line 607 | comm_connect_dns_callback(void *vptr, co
607    /* Copy over the DNS reply info so we can use it in the connect() */
608    /*
609     * Note we don't fudge the refcount here, because we aren't keeping
610 <   * the DNS record around, and the DNS cache is gone anyway..
610 >   * the DNS record around, and the DNS cache is gone anyway..
611     *     -- adrian
612     */
613    memcpy(&F->connect.hostaddr, addr, addr->ss_len);
# Line 627 | Line 638 | comm_connect_tryconnect(fde_t *fd, void
638      return;
639  
640    /* Try the connect() */
641 <  retval = connect(fd->fd, (struct sockaddr *) &fd->connect.hostaddr,
641 >  retval = connect(fd->fd, (struct sockaddr *) &fd->connect.hostaddr,
642      fd->connect.hostaddr.ss_len);
643  
644    /* Error? */
# Line 693 | Line 704 | comm_open(fde_t *F, int family, int sock
704    if (fd < 0)
705      return -1; /* errno will be passed through, yay.. */
706  
707 <  execute_callback(setup_socket_cb, fd);
707 >  setup_socket(fd);
708  
709    /* update things in our fd tracking */
710    fd_open(F, fd, 1, note);
# Line 734 | Line 745 | comm_accept(struct Listener *lptr, struc
745    pn->ss_len = addrlen;
746   #endif
747  
748 <  execute_callback(setup_socket_cb, newfd);
748 >  setup_socket(newfd);
749  
750    /* .. and return */
751    return newfd;
752   }
753  
754 < /*
754 > /*
755   * remove_ipv6_mapping() - Removes IPv4-In-IPv6 mapping from an address
756   * OSes with IPv6 mapping listening on both
757   * AF_INET and AF_INET6 map AF_INET connections inside AF_INET6 structures
758 < *
758 > *
759   */
760   #ifdef IPV6
761   void
# Line 754 | Line 765 | remove_ipv6_mapping(struct irc_ssaddr *a
765    {
766      if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)addr)->sin6_addr))
767      {
768 <      struct sockaddr_in6 v6;
768 >      struct sockaddr_in6 v6;
769        struct sockaddr_in *v4 = (struct sockaddr_in *)addr;
770  
771        memcpy(&v6, addr, sizeof(v6));
# Line 764 | Line 775 | remove_ipv6_mapping(struct irc_ssaddr *a
775        addr->ss.ss_family = AF_INET;
776        addr->ss_len = sizeof(struct sockaddr_in);
777      }
778 <    else
778 >    else
779        addr->ss_len = sizeof(struct sockaddr_in6);
780    }
781    else
782      addr->ss_len = sizeof(struct sockaddr_in);
783 < }
783 > }
784   #endif

Diff Legend

Removed lines
+ Added lines
< Changed lines (old)
> Changed lines (new)