ViewVC Help

View File | Revision Log | Show Annotations | View Changeset | Root Listing

root/svn/ircd-hybrid/trunk/src/s_bsd.c

Comparing:
ircd-hybrid-7.2/src/s_bsd.c (file contents), Revision 992 by michael, Mon Aug 17 19:19:16 2009 UTC vs.
ircd-hybrid/trunk/src/s_bsd.c (file contents), Revision 2881 by michael, Mon Jan 20 17:15:39 2014 UTC

#	Line 23 | Line 23
23		*/
24
25		#include "stdinc.h"
26	–	#ifndef _WIN32
26		#include <netinet/in_systm.h>
27		#include <netinet/ip.h>
28		#include <netinet/tcp.h>
29	<	#endif
29	>	#include "list.h"
30		#include "fdlist.h"
31		#include "s_bsd.h"
32		#include "client.h"
34	–	#include "common.h"
33		#include "dbuf.h"
34		#include "event.h"
35		#include "irc_string.h"
38	–	#include "irc_getnameinfo.h"
39	–	#include "irc_getaddrinfo.h"
36		#include "ircd.h"
41	–	#include "list.h"
37		#include "listener.h"
38		#include "numeric.h"
39		#include "packet.h"
40		#include "irc_res.h"
46	–	#include "inet_misc.h"
41		#include "restart.h"
42		#include "s_auth.h"
43	<	#include "s_conf.h"
44	<	#include "s_log.h"
43	>	#include "conf.h"
44	>	#include "log.h"
45		#include "s_serv.h"
46		#include "send.h"
47		#include "memory.h"
#	Line 58 | Line 52 | static const char *comm_err_str[] = { "C
52		"Error during DNS lookup", "connect timeout", "Error during connect()",
53		"Comm Error" };
54
55	<	struct Callback *setup_socket_cb = NULL;
62	<
63	<	static void comm_connect_callback(fde_t *fd, int status);
55	>	static void comm_connect_callback(fde_t *, int);
56		static PF comm_connect_timeout;
57		static void comm_connect_dns_callback(void *, const struct irc_ssaddr *, const char *);
58		static PF comm_connect_tryconnect;
#	Line 80 | Line 72 | check_can_use_v6(void)
72		else
73		{
74		ServerInfo.can_use_v6 = 1;
83	–	#ifdef _WIN32
84	–	closesocket(v6);
85	–	#else
75		close(v6);
87	–	#endif
76		}
77		#else
78		ServerInfo.can_use_v6 = 0;
#	Line 100 | Line 88 | check_can_use_v6(void)
88		int
89		get_sockerr(int fd)
90		{
103	–	#ifndef _WIN32
91		int errtmp = errno;
105	–	#else
106	–	int errtmp = WSAGetLastError();
107	–	#endif
92		#ifdef SO_ERROR
93		int err = 0;
94		socklen_t len = sizeof(err);
#	Line 143 | Line 127 | report_error(int level, const char* text
127		{
128		who = (who) ? who : "";
129
130	<	sendto_realops_flags(UMODE_DEBUG, level, text, who, strerror(error));
131	<	log_oper_action(LOG_IOERR_TYPE, NULL, "%s %s %s\n", who, text, strerror(error));
132	<	ilog(L_ERROR, text, who, strerror(error));
130	>	sendto_realops_flags(UMODE_DEBUG, level, SEND_NOTICE,
131	>	text, who, strerror(error));
132	>	ilog(LOG_TYPE_IRCD, text, who, strerror(error));
133		}
134
135		/*
#	Line 153 | Line 137 | report_error(int level, const char* text
137		*
138		* Set the socket non-blocking, and other wonderful bits.
139		*/
140	<	static void *
141	<	setup_socket(va_list args)
140	>	static void
141	>	setup_socket(int fd)
142		{
159	–	int fd = va_arg(args, int);
143		int opt = 1;
144
145		setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt));
#	Line 166 | Line 149 | setup_socket(va_list args)
149		setsockopt(fd, IPPROTO_IP, IP_TOS, &opt, sizeof(opt));
150		#endif
151
169	–	#ifndef _WIN32
152		fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
171	–	#endif
172	–
173	–	return NULL;
174	–	}
175	–
176	–	/*
177	–	* init_comm()
178	–	*
179	–	* Initializes comm subsystem.
180	–	*/
181	–	void
182	–	init_comm(void)
183	–	{
184	–	setup_socket_cb = register_callback("setup_socket", setup_socket);
185	–	init_netio();
153		}
154
155		/*
#	Line 193 | Line 160 | init_comm(void)
160		void
161		close_connection(struct Client *client_p)
162		{
163	<	struct ConfItem *conf;
197	<	struct AccessItem *aconf;
198	<	struct ClassItem *aclass;
163	>	dlink_node *ptr = NULL;
164
165	<	assert(NULL != client_p);
165	>	assert(client_p);
166
167		if (!IsDead(client_p))
168		{
#	Line 206 | Line 171 | close_connection(struct Client *client_p
171		* even if it is marked as blocked (COMM_SELECT_READ handler is called
172		* before COMM_SELECT_WRITE). Let's try, nothing to lose.. -adx
173		*/
209	–	ClearSendqBlocked(client_p);
174		send_queued_write(client_p);
175		}
176
177	<	if (IsServer(client_p))
177	>	if (IsClient(client_p))
178	>	{
179	>	++ServerStats.is_cl;
180	>	ServerStats.is_cbs += client_p->localClient->send.bytes;
181	>	ServerStats.is_cbr += client_p->localClient->recv.bytes;
182	>	ServerStats.is_cti += CurrentTime - client_p->localClient->firsttime;
183	>	}
184	>	else if (IsServer(client_p))
185		{
186		++ServerStats.is_sv;
187		ServerStats.is_sbs += client_p->localClient->send.bytes;
188		ServerStats.is_sbr += client_p->localClient->recv.bytes;
189	<	ServerStats.is_sti += CurrentTime - client_p->firsttime;
189	>	ServerStats.is_sti += CurrentTime - client_p->localClient->firsttime;
190
191	<	/* XXX Does this even make any sense at all anymore?
221	<	* scheduling a 'quick' reconnect could cause a pile of
222	<	* nick collides under TSora protocol... -db
223	<	*/
224	<	/*
225	<	* If the connection has been up for a long amount of time, schedule
226	<	* a 'quick' reconnect, else reset the next-connect cycle.
227	<	*/
228	<	if ((conf = find_conf_exact(SERVER_TYPE,
229	<	client_p->name, client_p->username,
230	<	client_p->host)))
191	>	DLINK_FOREACH(ptr, server_items.head)
192		{
193	+	struct MaskItem *conf = ptr->data;
194	+
195	+	if (irccmp(conf->name, client_p->name))
196	+	continue;
197	+
198		/*
199	<	* Reschedule a faster reconnect, if this was a automatically
200	<	* connected configuration entry. (Note that if we have had
235	<	* a rehash in between, the status has been changed to
236	<	* CONF_ILLEGAL). But only do this if it was a "good" link.
199	>	* Reset next-connect cycle of all connect{} blocks that match
200	>	* this servername.
201		*/
202	<	aconf = (struct AccessItem *)map_to_conf(conf);
239	<	aclass = (struct ClassItem *)map_to_conf(aconf->class_ptr);
240	<	aconf->hold = time(NULL);
241	<	aconf->hold += (aconf->hold - client_p->since > HANGONGOODLINK) ?
242	<	HANGONRETRYDELAY : ConFreq(aclass);
243	<	if (nextconnect > aconf->hold)
244	<	nextconnect = aconf->hold;
202	>	conf->until = CurrentTime + conf->class->con_freq;
203		}
204		}
247	–	else if (IsClient(client_p))
248	–	{
249	–	++ServerStats.is_cl;
250	–	ServerStats.is_cbs += client_p->localClient->send.bytes;
251	–	ServerStats.is_cbr += client_p->localClient->recv.bytes;
252	–	ServerStats.is_cti += CurrentTime - client_p->firsttime;
253	–	}
205		else
206		++ServerStats.is_ni;
207
#	Line 266 | Line 217 | close_connection(struct Client *client_p
217		if (client_p->localClient->fd.flags.open)
218		fd_close(&client_p->localClient->fd);
219
269	–	if (HasServlink(client_p))
270	–	{
271	–	if (client_p->localClient->ctrlfd.flags.open)
272	–	fd_close(&client_p->localClient->ctrlfd);
273	–	}
274	–
220		dbuf_clear(&client_p->localClient->buf_sendq);
221		dbuf_clear(&client_p->localClient->buf_recvq);
222
223		MyFree(client_p->localClient->passwd);
224	<	detach_conf(client_p, CONF_TYPE);
224	>	detach_conf(client_p, CONF_CLIENT|CONF_OPER|CONF_SERVER);
225		client_p->from = NULL; /* ...this should catch them! >:) --msa */
226		}
227
#	Line 288 | Line 233 | close_connection(struct Client *client_p
233		static void
234		ssl_handshake(int fd, struct Client *client_p)
235		{
236	<	int ret = SSL_accept(client_p->localClient->fd.ssl);
236	>	X509 *cert = NULL;
237	>	int ret = 0;
238	>
239	>	if ((ret = SSL_accept(client_p->localClient->fd.ssl)) <= 0)
240	>	{
241	>	if ((CurrentTime - client_p->localClient->firsttime) > 30)
242	>	{
243	>	exit_client(client_p, client_p, "Timeout during SSL handshake");
244	>	return;
245	>	}
246
293	–	if (ret <= 0)
247		switch (SSL_get_error(client_p->localClient->fd.ssl, ret))
248		{
249		case SSL_ERROR_WANT_WRITE:
250		comm_setselect(&client_p->localClient->fd, COMM_SELECT_WRITE,
251	<	(PF *) ssl_handshake, client_p, 0);
251	>	(PF *) ssl_handshake, client_p, 30);
252		return;
253
254		case SSL_ERROR_WANT_READ:
255		comm_setselect(&client_p->localClient->fd, COMM_SELECT_READ,
256	<	(PF *) ssl_handshake, client_p, 0);
256	>	(PF *) ssl_handshake, client_p, 30);
257		return;
258
259		default:
260		exit_client(client_p, client_p, "Error during SSL handshake");
261		return;
262		}
263	+	}
264	+
265	+	comm_settimeout(&client_p->localClient->fd, 0, NULL, NULL);
266	+
267	+	if ((cert = SSL_get_peer_certificate(client_p->localClient->fd.ssl)))
268	+	{
269	+	int res = SSL_get_verify_result(client_p->localClient->fd.ssl);
270	+	char buf[EVP_MAX_MD_SIZE * 2 + 1] = { '\0' };
271	+	unsigned char md[EVP_MAX_MD_SIZE] = { '\0' };
272	+
273	+	if (res == X509_V_OK || res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
274	+	res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
275	+	res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
276	+	{
277	+	unsigned int i = 0, n = 0;
278	+
279	+	if (X509_digest(cert, EVP_sha256(), md, &n))
280	+	{
281	+	for (; i < n; ++i)
282	+	snprintf(buf + 2 * i, 3, "%02X", md[i]);
283	+	client_p->certfp = xstrdup(buf);
284	+	}
285	+	}
286	+	else
287	+	ilog(LOG_TYPE_IRCD, "Client %s!%s@%s gave bad SSL client certificate: %d",
288	+	client_p->name, client_p->username, client_p->host, res);
289	+	X509_free(cert);
290	+	}
291
292	<	execute_callback(auth_cb, client_p);
292	>	start_auth(client_p);
293		}
294		#endif
295
#	Line 322 | Line 303 | ssl_handshake(int fd, struct Client *cli
303		void
304		add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd)
305		{
306	<	struct Client *new_client;
326	<
327	<	assert(NULL != listener);
328	<
329	<	new_client = make_client(NULL);
306	>	struct Client *new_client = make_client(NULL);
307
308		fd_open(&new_client->localClient->fd, fd, 1,
309		(listener->flags & LISTENER_SSL) ?
310		"Incoming SSL connection" : "Incoming connection");
311
312	<	/*
312	>	/*
313		* copy address to 'sockhost' as a string, copy it to host too
314		* so we have something valid to put into error messages...
315		*/
316		memcpy(&new_client->localClient->ip, irn, sizeof(struct irc_ssaddr));
317
318	<	irc_getnameinfo((struct sockaddr*)&new_client->localClient->ip,
319	<	new_client->localClient->ip.ss_len,  new_client->sockhost,
320	<	HOSTIPLEN, NULL, 0, NI_NUMERICHOST);
318	>	getnameinfo((struct sockaddr *)&new_client->localClient->ip,
319	>	new_client->localClient->ip.ss_len, new_client->sockhost,
320	>	sizeof(new_client->sockhost), NULL, 0, NI_NUMERICHOST);
321		new_client->localClient->aftype = new_client->localClient->ip.ss.ss_family;
345	–	#ifdef IPV6
346	–	if (new_client->sockhost[0] == ':')
347	–	strlcat(new_client->host, "0", HOSTLEN+1);
322
323	<	if (new_client->localClient->aftype == AF_INET6 &&
324	<	ConfigFileEntry.dot_in_ip6_addr == 1)
323	>	#ifdef HAVE_LIBGEOIP
324	>	/* XXX IPV6 SUPPORT XXX */
325	>	if (irn->ss.ss_family == AF_INET && geoip_ctx)
326		{
327	<	strlcat(new_client->host, new_client->sockhost,HOSTLEN+1);
328	<	strlcat(new_client->host, ".", HOSTLEN+1);
327	>	const struct sockaddr_in *v4 = (const struct sockaddr_in *)&new_client->localClient->ip;
328	>	new_client->localClient->country_id = GeoIP_id_by_ipnum(geoip_ctx, (unsigned long)ntohl(v4->sin_addr.s_addr));
329		}
355	–	else
330		#endif
331	<	strlcat(new_client->host, new_client->sockhost,HOSTLEN+1);
331	>
332	>	if (new_client->sockhost[0] == ':' && new_client->sockhost[1] == ':')
333	>	{
334	>	strlcpy(new_client->host, "0", sizeof(new_client->host));
335	>	strlcpy(new_client->host+1, new_client->sockhost, sizeof(new_client->host)-1);
336	>	memmove(new_client->sockhost+1, new_client->sockhost, sizeof(new_client->sockhost)-1);
337	>	new_client->sockhost[0] = '0';
338	>	}
339	>	else
340	>	strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host));
341
342		new_client->localClient->listener = listener;
343		++listener->ref_count;
#	Line 364 | Line 347 | add_connection(struct Listener *listener
347		{
348		if ((new_client->localClient->fd.ssl = SSL_new(ServerInfo.server_ctx)) == NULL)
349		{
350	<	ilog(L_CRIT, "SSL_new() ERROR! -- %s",
350	>	ilog(LOG_TYPE_IRCD, "SSL_new() ERROR! -- %s",
351		ERR_error_string(ERR_get_error(), NULL));
352
353		SetDead(new_client);
#	Line 372 | Line 355 | add_connection(struct Listener *listener
355		return;
356		}
357
358	+	AddFlag(new_client, FLAGS_SSL);
359		SSL_set_fd(new_client->localClient->fd.ssl, fd);
360		ssl_handshake(0, new_client);
361		}
362		else
363		#endif
364	<	execute_callback(auth_cb, new_client);
364	>	start_auth(new_client);
365		}
366
367		/*
#	Line 541 | Line 525 | comm_connect_tcp(fde_t *fd, const char *
525
526		snprintf(portname, sizeof(portname), "%d", port);
527
528	<	if (irc_getaddrinfo(host, portname, &hints, &res))
528	>	if (getaddrinfo(host, portname, &hints, &res))
529		{
530		/* Send the DNS request, for the next level */
531		if (aftype == AF_INET6)
#	Line 557 | Line 541 | comm_connect_tcp(fde_t *fd, const char *
541		memcpy(&fd->connect.hostaddr, res->ai_addr, res->ai_addrlen);
542		fd->connect.hostaddr.ss_len = res->ai_addrlen;
543		fd->connect.hostaddr.ss.ss_family = res->ai_family;
544	<	irc_freeaddrinfo(res);
544	>	freeaddrinfo(res);
545		comm_settimeout(fd, timeout*1000, comm_connect_timeout, NULL);
546		comm_connect_tryconnect(fd, NULL);
547		}
#	Line 658 | Line 642 | comm_connect_tryconnect(fde_t *fd, void
642		/* Error? */
643		if (retval < 0)
644		{
661	–	#ifdef _WIN32
662	–	errno = WSAGetLastError();
663	–	#endif
645		/*
646		* If we get EISCONN, then we've already connect()ed the socket,
647		* which is a good thing.
#	Line 719 | Line 700 | comm_open(fde_t *F, int family, int sock
700		*/
701		fd = socket(family, sock_type, proto);
702		if (fd < 0)
722	–	{
723	–	#ifdef _WIN32
724	–	errno = WSAGetLastError();
725	–	#endif
703		return -1; /* errno will be passed through, yay.. */
727	–	}
704
705	<	execute_callback(setup_socket_cb, fd);
705	>	setup_socket(fd);
706
707		/* update things in our fd tracking */
708		fd_open(F, fd, 1, note);
#	Line 757 | Line 733 | comm_accept(struct Listener *lptr, struc
733		* reserved fd limit, but we can deal with that when comm_open()
734		* also does it. XXX -- adrian
735		*/
736	<	newfd = accept(lptr->fd.fd, (struct sockaddr *)pn, (socklen_t *)&addrlen);
736	>	newfd = accept(lptr->fd.fd, (struct sockaddr *)pn, &addrlen);
737		if (newfd < 0)
762	–	{
763	–	#ifdef _WIN32
764	–	errno = WSAGetLastError();
765	–	#endif
738		return -1;
767	–	}
739
740		#ifdef IPV6
741		remove_ipv6_mapping(pn);
#	Line 772 | Line 743 | comm_accept(struct Listener *lptr, struc
743		pn->ss_len = addrlen;
744		#endif
745
746	<	execute_callback(setup_socket_cb, newfd);
746	>	setup_socket(newfd);
747
748		/* .. and return */
749		return newfd;
#	Line 780 | Line 751 | comm_accept(struct Listener *lptr, struc
751
752		/*
753		* remove_ipv6_mapping() - Removes IPv4-In-IPv6 mapping from an address
754	<	* This function should really inspect the struct itself rather than relying
784	<	* on inet_pton and inet_ntop.  OSes with IPv6 mapping listening on both
754	>	* OSes with IPv6 mapping listening on both
755		* AF_INET and AF_INET6 map AF_INET connections inside AF_INET6 structures
756		*
757		*/
#	Line 791 | Line 761 | remove_ipv6_mapping(struct irc_ssaddr *a
761		{
762		if (addr->ss.ss_family == AF_INET6)
763		{
764	<	struct sockaddr_in6 *v6;
795	<
796	<	v6 = (struct sockaddr_in6*)addr;
797	<	if (IN6_IS_ADDR_V4MAPPED(&v6->sin6_addr))
764	>	if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)addr)->sin6_addr))
765		{
766	<	char v4ip[HOSTIPLEN];
767	<	struct sockaddr_in *v4 = (struct sockaddr_in*)addr;
768	<	inetntop(AF_INET6, &v6->sin6_addr, v4ip, HOSTIPLEN);
769	<	inet_pton(AF_INET, v4ip, &v4->sin_addr);
766	>	struct sockaddr_in6 v6;
767	>	struct sockaddr_in *v4 = (struct sockaddr_in *)addr;
768	>
769	>	memcpy(&v6, addr, sizeof(v6));
770	>	memset(v4, 0, sizeof(struct sockaddr_in));
771	>	memcpy(&v4->sin_addr, &v6.sin6_addr.s6_addr[12], sizeof(v4->sin_addr));
772	>
773		addr->ss.ss_family = AF_INET;
774		addr->ss_len = sizeof(struct sockaddr_in);
775		}

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines (old)
>	Changed lines (new)