ViewVC Help

View File | Revision Log | Show Annotations | View Changeset | Root Listing

root/svn/ircd-hybrid/trunk/src/s_bsd.c

Comparing ircd-hybrid/trunk/src/s_bsd.c (file contents):
Revision 1858 by michael, Thu Apr 25 15:00:52 2013 UTC vs.
Revision 4408 by michael, Wed Aug 6 21:19:38 2014 UTC

#	Line 1 | Line 1
1		/*
2	<	*  ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3	<	*  s_bsd.c: Network functions.
2	>	*  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3		*
4	<	*  Copyright (C) 2002 by the past and present ircd coders, and others.
4	>	*  Copyright (c) 1997-2014 ircd-hybrid development team
5		*
6		*  This program is free software; you can redistribute it and/or modify
7		*  it under the terms of the GNU General Public License as published by
#	Line 18 | Line 17
17		*  along with this program; if not, write to the Free Software
18		*  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
19		*  USA
20	<	*
21	<	*  $Id$
20	>	*/
21	>
22	>	/*! \file s_bsd.c
23	>	* \brief Network functions.
24	>	* \version $Id$
25		*/
26
27		#include "stdinc.h"
28	+	#ifdef HAVE_LIBCRYPTO
29	+	#include "rsa.h"
30	+	#endif
31		#include <netinet/in_systm.h>
32		#include <netinet/ip.h>
33		#include <netinet/tcp.h>
#	Line 37 | Line 42
42		#include "listener.h"
43		#include "numeric.h"
44		#include "packet.h"
45	<	#include "irc_res.h"
45	>	#include "res.h"
46		#include "restart.h"
47	<	#include "s_auth.h"
47	>	#include "auth.h"
48		#include "conf.h"
49		#include "log.h"
50	<	#include "s_serv.h"
50	>	#include "server.h"
51		#include "send.h"
52		#include "memory.h"
53	<	#include "s_user.h"
54	<	#include "hook.h"
53	>	#include "user.h"
54	>
55
56		static const char *comm_err_str[] = { "Comm OK", "Error during bind()",
57		"Error during DNS lookup", "connect timeout", "Error during connect()",
58		"Comm Error" };
59
55	–	struct Callback *setup_socket_cb = NULL;
56	–
60		static void comm_connect_callback(fde_t *, int);
61		static PF comm_connect_timeout;
62	<	static void comm_connect_dns_callback(void *, const struct irc_ssaddr *, const char *);
62	>	static void comm_connect_dns_callback(void *, const struct irc_ssaddr *, const char *, size_t);
63		static PF comm_connect_tryconnect;
64
65
#	Line 70 | Line 73 | check_can_use_v6(void)
73		int v6;
74
75		if ((v6 = socket(AF_INET6, SOCK_STREAM, 0)) < 0)
76	<	ServerInfo.can_use_v6 = 0;
76	>	ConfigServerInfo.can_use_v6 = 0;
77		else
78		{
79	<	ServerInfo.can_use_v6 = 1;
79	>	ConfigServerInfo.can_use_v6 = 1;
80		close(v6);
81		}
82		#else
83	<	ServerInfo.can_use_v6 = 0;
83	>	ConfigServerInfo.can_use_v6 = 0;
84		#endif
85		}
86
#	Line 106 | Line 109 | get_sockerr(int fd)
109		}
110
111		/*
112	<	* report_error - report an error from an errno.
112	>	* report_error - report an error from an errno.
113		* Record error to log and also send a copy to all *LOCAL* opers online.
114		*
115		*        text        is a *format* string for outputing error. It must
#	Line 120 | Line 123 | get_sockerr(int fd)
123		* Cannot use perror() within daemon. stderr is closed in
124		* ircd and cannot be used. And, worse yet, it might have
125		* been reassigned to a normal connection...
126	<	*
126	>	*
127		* Actually stderr is still there IFF ircd was run with -s --Rodder
128		*/
129
130		void
131	<	report_error(int level, const char* text, const char* who, int error)
131	>	report_error(int level, const char* text, const char* who, int error)
132		{
133		who = (who) ? who : "";
134
#	Line 139 | Line 142 | report_error(int level, const char* text
142		*
143		* Set the socket non-blocking, and other wonderful bits.
144		*/
145	<	static void *
146	<	setup_socket(va_list args)
145	>	static void
146	>	setup_socket(int fd)
147		{
145	–	int fd = va_arg(args, int);
148		int opt = 1;
149
150		setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt));
#	Line 153 | Line 155 | setup_socket(va_list args)
155		#endif
156
157		fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
156	–
157	–	return NULL;
158	–	}
159	–
160	–	/*
161	–	* init_comm()
162	–	*
163	–	* Initializes comm subsystem.
164	–	*/
165	–	void
166	–	init_comm(void)
167	–	{
168	–	setup_socket_cb = register_callback("setup_socket", setup_socket);
169	–	init_netio();
158		}
159
160		/*
#	Line 188 | Line 176 | close_connection(struct Client *client_p
176		* even if it is marked as blocked (COMM_SELECT_READ handler is called
177		* before COMM_SELECT_WRITE). Let's try, nothing to lose.. -adx
178		*/
179	<	ClearSendqBlocked(client_p);
179	>	DelFlag(client_p, FLAGS_BLOCKED);
180		send_queued_write(client_p);
181		}
182
#	Line 237 | Line 225 | close_connection(struct Client *client_p
225
226		dbuf_clear(&client_p->localClient->buf_sendq);
227		dbuf_clear(&client_p->localClient->buf_recvq);
228	<
228	>
229		MyFree(client_p->localClient->passwd);
230		detach_conf(client_p, CONF_CLIENT|CONF_OPER|CONF_SERVER);
243	–	client_p->from = NULL; /* ...this should catch them! >:) --msa */
231		}
232
233		#ifdef HAVE_LIBCRYPTO
#	Line 251 | Line 238 | close_connection(struct Client *client_p
238		static void
239		ssl_handshake(int fd, struct Client *client_p)
240		{
241	<	int ret = SSL_accept(client_p->localClient->fd.ssl);
241	>	X509 *cert = NULL;
242	>	int ret = 0;
243	>
244	>	if ((ret = SSL_accept(client_p->localClient->fd.ssl)) <= 0)
245	>	{
246	>	if ((CurrentTime - client_p->localClient->firsttime) > 30)
247	>	{
248	>	exit_client(client_p, "Timeout during SSL handshake");
249	>	return;
250	>	}
251
256	–	if (ret <= 0)
252		switch (SSL_get_error(client_p->localClient->fd.ssl, ret))
253		{
254		case SSL_ERROR_WANT_WRITE:
255		comm_setselect(&client_p->localClient->fd, COMM_SELECT_WRITE,
256	<	(PF *) ssl_handshake, client_p, 0);
256	>	(PF *)ssl_handshake, client_p, 30);
257		return;
258
259		case SSL_ERROR_WANT_READ:
260		comm_setselect(&client_p->localClient->fd, COMM_SELECT_READ,
261	<	(PF *) ssl_handshake, client_p, 0);
261	>	(PF *)ssl_handshake, client_p, 30);
262		return;
263
264		default:
265	<	exit_client(client_p, client_p, "Error during SSL handshake");
266	<	return;
265	>	exit_client(client_p, "Error during SSL handshake");
266	>	return;
267		}
268	+	}
269	+
270	+	comm_settimeout(&client_p->localClient->fd, 0, NULL, NULL);
271
272	<	execute_callback(auth_cb, client_p);
272	>	if ((cert = SSL_get_peer_certificate(client_p->localClient->fd.ssl)))
273	>	{
274	>	int res = SSL_get_verify_result(client_p->localClient->fd.ssl);
275	>	char buf[EVP_MAX_MD_SIZE * 2 + 1] = "";
276	>	unsigned char md[EVP_MAX_MD_SIZE] = "";
277	>
278	>	if (res == X509_V_OK || res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
279	>	res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
280	>	res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
281	>	{
282	>	unsigned int n = 0;
283	>
284	>	if (X509_digest(cert, ConfigServerInfo.message_digest_algorithm, md, &n))
285	>	{
286	>	binary_to_hex(md, buf, n);
287	>	client_p->certfp = xstrdup(buf);
288	>	}
289	>	}
290	>	else
291	>	ilog(LOG_TYPE_IRCD, "Client %s!%s@%s gave bad SSL client certificate: %d",
292	>	client_p->name, client_p->username, client_p->host, res);
293	>	X509_free(cert);
294	>	}
295	>
296	>	start_auth(client_p);
297		}
298		#endif
299
300		/*
301	<	* add_connection - creates a client which has just connected to us on
301	>	* add_connection - creates a client which has just connected to us on
302		* the given fd. The sockhost field is initialized with the ip# of the host.
303		* An unique id is calculated now, in case it is needed for auth.
304		* The client is sent to the auth module for verification, and not put in
#	Line 285 | Line 307 | ssl_handshake(int fd, struct Client *cli
307		void
308		add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd)
309		{
310	<	struct Client *new_client = make_client(NULL);
310	>	struct Client *client_p = make_client(NULL);
311
312	<	fd_open(&new_client->localClient->fd, fd, 1,
312	>	fd_open(&client_p->localClient->fd, fd, 1,
313		(listener->flags & LISTENER_SSL) ?
314	<	"Incoming SSL connection" : "Incoming connection");
314	>	"Incoming SSL connection" : "Incoming connection");
315
316		/*
317		* copy address to 'sockhost' as a string, copy it to host too
318		* so we have something valid to put into error messages...
319		*/
320	<	memcpy(&new_client->localClient->ip, irn, sizeof(struct irc_ssaddr));
320	>	memcpy(&client_p->localClient->ip, irn, sizeof(struct irc_ssaddr));
321
322	<	getnameinfo((struct sockaddr *)&new_client->localClient->ip,
323	<	new_client->localClient->ip.ss_len, new_client->sockhost,
324	<	sizeof(new_client->sockhost), NULL, 0, NI_NUMERICHOST);
325	<	new_client->localClient->aftype = new_client->localClient->ip.ss.ss_family;
322	>	getnameinfo((struct sockaddr *)&client_p->localClient->ip,
323	>	client_p->localClient->ip.ss_len, client_p->sockhost,
324	>	sizeof(client_p->sockhost), NULL, 0, NI_NUMERICHOST);
325	>	client_p->localClient->aftype = client_p->localClient->ip.ss.ss_family;
326
327		#ifdef HAVE_LIBGEOIP
328		/* XXX IPV6 SUPPORT XXX */
329		if (irn->ss.ss_family == AF_INET && geoip_ctx)
330		{
331	<	const struct sockaddr_in *v4 = (const struct sockaddr_in *)&new_client->localClient->ip;
332	<	new_client->localClient->country_id = GeoIP_id_by_ipnum(geoip_ctx, (unsigned long)ntohl(v4->sin_addr.s_addr));
331	>	const struct sockaddr_in *v4 = (const struct sockaddr_in *)&client_p->localClient->ip;
332	>	client_p->localClient->country_id = GeoIP_id_by_ipnum(geoip_ctx, (unsigned long)ntohl(v4->sin_addr.s_addr));
333		}
334		#endif
335
336	<	if (new_client->sockhost[0] == ':' && new_client->sockhost[1] == ':')
336	>	if (client_p->sockhost[0] == ':' && client_p->sockhost[1] == ':')
337		{
338	<	strlcpy(new_client->host, "0", sizeof(new_client->host));
339	<	strlcpy(new_client->host+1, new_client->sockhost, sizeof(new_client->host)-1);
340	<	memmove(new_client->sockhost+1, new_client->sockhost, sizeof(new_client->sockhost)-1);
341	<	new_client->sockhost[0] = '0';
338	>	strlcpy(client_p->host, "0", sizeof(client_p->host));
339	>	strlcpy(client_p->host+1, client_p->sockhost, sizeof(client_p->host)-1);
340	>	memmove(client_p->sockhost+1, client_p->sockhost, sizeof(client_p->sockhost)-1);
341	>	client_p->sockhost[0] = '0';
342		}
343		else
344	<	strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host));
344	>	strlcpy(client_p->host, client_p->sockhost, sizeof(client_p->host));
345
346	<	new_client->localClient->listener = listener;
346	>	client_p->localClient->listener = listener;
347		++listener->ref_count;
348
349		#ifdef HAVE_LIBCRYPTO
350		if (listener->flags & LISTENER_SSL)
351		{
352	<	if ((new_client->localClient->fd.ssl = SSL_new(ServerInfo.server_ctx)) == NULL)
352	>	if ((client_p->localClient->fd.ssl = SSL_new(ConfigServerInfo.server_ctx)) == NULL)
353		{
354		ilog(LOG_TYPE_IRCD, "SSL_new() ERROR! -- %s",
355		ERR_error_string(ERR_get_error(), NULL));
356
357	<	SetDead(new_client);
358	<	exit_client(new_client, new_client, "SSL_new failed");
357	>	SetDead(client_p);
358	>	exit_client(client_p, "SSL_new failed");
359		return;
360		}
361
362	<	SSL_set_fd(new_client->localClient->fd.ssl, fd);
363	<	ssl_handshake(0, new_client);
362	>	AddFlag(client_p, FLAGS_SSL);
363	>	SSL_set_fd(client_p->localClient->fd.ssl, fd);
364	>	ssl_handshake(0, client_p);
365		}
366		else
367		#endif
368	<	execute_callback(auth_cb, new_client);
368	>	start_auth(client_p);
369		}
370
371		/*
#	Line 397 | Line 420 | comm_settimeout(fde_t *fd, time_t timeou
420		* flush functions, and when comm_close() is implemented correctly
421		* with close functions, we _actually_ don't call comm_close() here ..
422		* -- originally Adrian's notes
423	<	* comm_close() is replaced with fd_close() in fdlist.c
423	>	* comm_close() is replaced with fd_close() in fdlist.c
424		*/
425		void
426		comm_setflush(fde_t *fd, time_t timeout, PF *callback, void *cbdata)
#	Line 489 | Line 512 | comm_connect_tcp(fde_t *fd, const char *
512		*   -- adrian
513		*/
514		if ((clocal != NULL) && (bind(fd->fd, clocal, socklen) < 0))
515	<	{
515	>	{
516		/* Failure, call the callback with COMM_ERR_BIND */
517		comm_connect_callback(fd, COMM_ERR_BIND);
518		/* ... and quit */
#	Line 570 | Line 593 | comm_connect_timeout(fde_t *fd, void *no
593		* otherwise we initiate the connect()
594		*/
595		static void
596	<	comm_connect_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name)
596	>	comm_connect_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name, size_t namelength)
597		{
598		fde_t *F = vptr;
599
600	<	if (name == NULL)
600	>	if (EmptyString(name) || namelength > HOSTLEN)
601		{
602		comm_connect_callback(F, COMM_ERR_DNS);
603		return;
#	Line 586 | Line 609 | comm_connect_dns_callback(void *vptr, co
609		/* Copy over the DNS reply info so we can use it in the connect() */
610		/*
611		* Note we don't fudge the refcount here, because we aren't keeping
612	<	* the DNS record around, and the DNS cache is gone anyway..
612	>	* the DNS record around, and the DNS cache is gone anyway..
613		*     -- adrian
614		*/
615		memcpy(&F->connect.hostaddr, addr, addr->ss_len);
#	Line 617 | Line 640 | comm_connect_tryconnect(fde_t *fd, void
640		return;
641
642		/* Try the connect() */
643	<	retval = connect(fd->fd, (struct sockaddr *) &fd->connect.hostaddr,
643	>	retval = connect(fd->fd, (struct sockaddr *) &fd->connect.hostaddr,
644		fd->connect.hostaddr.ss_len);
645
646		/* Error? */
#	Line 683 | Line 706 | comm_open(fde_t *F, int family, int sock
706		if (fd < 0)
707		return -1; /* errno will be passed through, yay.. */
708
709	<	execute_callback(setup_socket_cb, fd);
709	>	setup_socket(fd);
710
711		/* update things in our fd tracking */
712		fd_open(F, fd, 1, note);
#	Line 698 | Line 721 | comm_open(fde_t *F, int family, int sock
721		* fd_open (this function no longer does it).
722		*/
723		int
724	<	comm_accept(struct Listener *lptr, struct irc_ssaddr *pn)
724	>	comm_accept(struct Listener *lptr, struct irc_ssaddr *addr)
725		{
726		int newfd;
727		socklen_t addrlen = sizeof(struct irc_ssaddr);
#	Line 709 | Line 732 | comm_accept(struct Listener *lptr, struc
732		return -1;
733		}
734
735	+	memset(&addr, 0, sizeof(struct irc_ssaddr));
736	+
737		/*
738		* Next, do the accept(). if we get an error, we should drop the
739		* reserved fd limit, but we can deal with that when comm_open()
740		* also does it. XXX -- adrian
741		*/
742	<	newfd = accept(lptr->fd.fd, (struct sockaddr *)pn, &addrlen);
742	>	newfd = accept(lptr->fd.fd, (struct sockaddr *)addr, &addrlen);
743		if (newfd < 0)
744		return -1;
745
746		#ifdef IPV6
747	<	remove_ipv6_mapping(pn);
747	>	remove_ipv6_mapping(addr);
748		#else
749	<	pn->ss_len = addrlen;
749	>	addr->ss_len = addrlen;
750		#endif
751
752	<	execute_callback(setup_socket_cb, newfd);
752	>	setup_socket(newfd);
753
754		/* .. and return */
755		return newfd;
756		}
757
758	<	/*
758	>	/*
759		* remove_ipv6_mapping() - Removes IPv4-In-IPv6 mapping from an address
760		* OSes with IPv6 mapping listening on both
761		* AF_INET and AF_INET6 map AF_INET connections inside AF_INET6 structures
762	<	*
762	>	*
763		*/
764		#ifdef IPV6
765		void
#	Line 744 | Line 769 | remove_ipv6_mapping(struct irc_ssaddr *a
769		{
770		if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)addr)->sin6_addr))
771		{
772	<	struct sockaddr_in6 v6;
772	>	struct sockaddr_in6 v6;
773		struct sockaddr_in *v4 = (struct sockaddr_in *)addr;
774
775		memcpy(&v6, addr, sizeof(v6));
#	Line 754 | Line 779 | remove_ipv6_mapping(struct irc_ssaddr *a
779		addr->ss.ss_family = AF_INET;
780		addr->ss_len = sizeof(struct sockaddr_in);
781		}
782	<	else
782	>	else
783		addr->ss_len = sizeof(struct sockaddr_in6);
784		}
785		else
786		addr->ss_len = sizeof(struct sockaddr_in);
787	<	}
787	>	}
788		#endif

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines (old)
>	Changed lines (new)