[ViewVC] Diff of: svn/ircd-hybrid/trunk/src/s

Comparing ircd-hybrid/trunk/src/s_bsd.c (file contents):
Revision 2632 by michael, Sun Dec 8 18:33:48 2013 UTC vs.
Revision 4461 by michael, Wed Aug 13 17:05:26 2014 UTC

+/*
-<
+ *  ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
-<
+ *  s_bsd.c: Network functions.
->
+ *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
-<
+ *  Copyright (C) 2002 by the past and present ircd coders, and others.
->
+ *  Copyright (c) 1997-2014 ircd-hybrid development team
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
+ *  USA
-<
+ *
-<
+ *  $Id$
->
+ */
->
->
+/*! \file s_bsd.c
->
+ * \brief Network functions.
->
+ * \version $Id$
+ */
+#include "stdinc.h"
-+
+#ifdef HAVE_LIBCRYPTO
-+
+#include "rsa.h"
-+
+#endif
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include "listener.h"
+#include "numeric.h"
+#include "packet.h"
-<
+#include "irc_res.h"
->
+#include "res.h"
+#include "restart.h"
-<
+#include "s_auth.h"
->
+#include "auth.h"
+#include "conf.h"
+#include "log.h"
-<
+#include "s_serv.h"
->
+#include "server.h"
+#include "send.h"
+#include "memory.h"
-<
+#include "s_user.h"
-<
+#include "hook.h"
->
+#include "user.h"
->
+static const char *comm_err_str[] = { "Comm OK", "Error during bind()",
+  "Error during DNS lookup", "connect timeout", "Error during connect()",
+  "Comm Error" };
+static void comm_connect_callback(fde_t *, int);
-<
+static PF comm_connect_timeout;
-<
+static void comm_connect_dns_callback(void *, const struct irc_ssaddr *, const char *);
-<
+static PF comm_connect_tryconnect;
->
+static void comm_connect_timeout(fde_t *, void *);
->
+static void comm_connect_dns_callback(void *, const struct irc_ssaddr *, const char *, size_t);
->
+static void comm_connect_tryconnect(fde_t *, void *);
-–
+/* check_can_use_v6()
-–
+ *  Check if the system can open AF_INET6 sockets
-–
+ */
-–
+void
-–
+check_can_use_v6(void)
-–
+{
-–
+#ifdef IPV6
-–
+  int v6;
-–
-–
+  if ((v6 = socket(AF_INET6, SOCK_STREAM, 0)) < 0)
-–
+    ServerInfo.can_use_v6 = 0;
-–
+  else
-–
+  {
-–
+    ServerInfo.can_use_v6 = 1;
-–
+    close(v6);
-–
+  }
-–
+#else
-–
+  ServerInfo.can_use_v6 = 0;
-–
+#endif
-–
+}
-–
+/* get_sockerr - get the error value from the socket or the current errno
+ * Get the *real* error from the socket (well try to anyway..).
+/*
-<
+ * report_error - report an error from an errno.
->
+ * report_error - report an error from an errno.
+ * Record error to log and also send a copy to all *LOCAL* opers online.
+ *        text        is a *format* string for outputing error. It must
+ * Cannot use perror() within daemon. stderr is closed in
+ * ircd and cannot be used. And, worse yet, it might have
+ * been reassigned to a normal connection...
-<
+ *
->
+ *
+ * Actually stderr is still there IFF ircd was run with -s --Rodder
+ */
+void
-<
+report_error(int level, const char* text, const char* who, int error)
->
+report_error(int level, const char* text, const char* who, int error)
+  who = (who) ? who : "";
+     * even if it is marked as blocked (COMM_SELECT_READ handler is called
+     * before COMM_SELECT_WRITE). Let's try, nothing to lose.. -adx
+     */
-<
+    ClearSendqBlocked(client_p);
->
+    DelFlag(client_p, FLAGS_BLOCKED);
+    send_queued_write(client_p);
+  dbuf_clear(&client_p->localClient->buf_sendq);
+  dbuf_clear(&client_p->localClient->buf_recvq);
-<
-<
+  MyFree(client_p->localClient->passwd);
->
->
+  MyFree(client_p->localClient->password);
->
+  client_p->localClient->password = NULL;
->
+  detach_conf(client_p, CONF_CLIENT|CONF_OPER|CONF_SERVER);
-–
+  client_p->from = NULL; /* ...this should catch them! >:) --msa */
+#ifdef HAVE_LIBCRYPTO
+ * read/write events if necessary.
+ */
+static void
-<
+ssl_handshake(int fd, struct Client *client_p)
->
+ssl_handshake(fde_t *fd, void *data)
-+
+  struct Client *client_p = data;
+  X509 *cert = NULL;
+  int ret = 0;
+  if ((ret = SSL_accept(client_p->localClient->fd.ssl)) <= 0)
-+
+    if ((CurrentTime - client_p->localClient->firsttime) > 30)
-+
+    {
-+
+      exit_client(client_p, "Timeout during SSL handshake");
-+
+      return;
-+
+    }
-+
+    switch (SSL_get_error(client_p->localClient->fd.ssl, ret))
+      case SSL_ERROR_WANT_WRITE:
+        comm_setselect(&client_p->localClient->fd, COMM_SELECT_WRITE,
-<
+                       (PF *) ssl_handshake, client_p, 0);
->
+                       ssl_handshake, client_p, 30);
+        return;
+      case SSL_ERROR_WANT_READ:
+        comm_setselect(&client_p->localClient->fd, COMM_SELECT_READ,
-<
+                       (PF *) ssl_handshake, client_p, 0);
->
+                       ssl_handshake, client_p, 30);
+        return;
+      default:
-<
+        exit_client(client_p, client_p, "Error during SSL handshake");
-<
+        return;
->
+        exit_client(client_p, "Error during SSL handshake");
->
+        return;
-+
+  comm_settimeout(&client_p->localClient->fd, 0, NULL, NULL);
-+
+  if ((cert = SSL_get_peer_certificate(client_p->localClient->fd.ssl)))
+    int res = SSL_get_verify_result(client_p->localClient->fd.ssl);
-<
+    char buf[EVP_MAX_MD_SIZE * 2 + 1] = { '\0' };
-<
+    unsigned char md[EVP_MAX_MD_SIZE] = { '\0' };
->
+    char buf[EVP_MAX_MD_SIZE * 2 + 1] = "";
->
+    unsigned char md[EVP_MAX_MD_SIZE] = "";
+    if (res == X509_V_OK || res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
+        res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
+        res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
-<
+      unsigned int i = 0, n = 0;
->
+      unsigned int n = 0;
-<
+      if (X509_digest(cert, EVP_sha256(), md, &n))
->
+      if (X509_digest(cert, ConfigServerInfo.message_digest_algorithm, md, &n))
-<
+        for (; i < n; ++i)
-<
+          snprintf(buf + 2 * i, 3, "%02X", md[i]);
->
+        binary_to_hex(md, buf, n);
+        client_p->certfp = xstrdup(buf);
+#endif
+/*
-<
+ * add_connection - creates a client which has just connected to us on
->
+ * add_connection - creates a client which has just connected to us on
+ * the given fd. The sockhost field is initialized with the ip# of the host.
+ * An unique id is calculated now, in case it is needed for auth.
+ * The client is sent to the auth module for verification, and not put in
+void
+add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd)
-<
+  struct Client *new_client = make_client(NULL);
->
+  struct Client *client_p = make_client(NULL);
-<
+  fd_open(&new_client->localClient->fd, fd, 1,
->
+  fd_open(&client_p->localClient->fd, fd, 1,
+          (listener->flags & LISTENER_SSL) ?
-<
+          "Incoming SSL connection" : "Incoming connection");
->
+          "Incoming SSL connection" : "Incoming connection");
+  /*
+   * copy address to 'sockhost' as a string, copy it to host too
+   * so we have something valid to put into error messages...
+   */
-<
+  memcpy(&new_client->localClient->ip, irn, sizeof(struct irc_ssaddr));
->
+  memcpy(&client_p->localClient->ip, irn, sizeof(struct irc_ssaddr));
-<
+  getnameinfo((struct sockaddr *)&new_client->localClient->ip,
-<
+              new_client->localClient->ip.ss_len, new_client->sockhost,
-<
+              sizeof(new_client->sockhost), NULL, 0, NI_NUMERICHOST);
-<
+  new_client->localClient->aftype = new_client->localClient->ip.ss.ss_family;
->
+  getnameinfo((struct sockaddr *)&client_p->localClient->ip,
->
+              client_p->localClient->ip.ss_len, client_p->sockhost,
->
+              sizeof(client_p->sockhost), NULL, 0, NI_NUMERICHOST);
->
+  client_p->localClient->aftype = client_p->localClient->ip.ss.ss_family;
+#ifdef HAVE_LIBGEOIP
+  /* XXX IPV6 SUPPORT XXX */
+  if (irn->ss.ss_family == AF_INET && geoip_ctx)
-<
+    const struct sockaddr_in *v4 = (const struct sockaddr_in *)&new_client->localClient->ip;
-<
+    new_client->localClient->country_id = GeoIP_id_by_ipnum(geoip_ctx, (unsigned long)ntohl(v4->sin_addr.s_addr));
->
+    const struct sockaddr_in *v4 = (const struct sockaddr_in *)&client_p->localClient->ip;
->
+    client_p->localClient->country_id = GeoIP_id_by_ipnum(geoip_ctx, (unsigned long)ntohl(v4->sin_addr.s_addr));
+#endif
-<
+  if (new_client->sockhost[0] == ':' && new_client->sockhost[1] == ':')
->
+  if (client_p->sockhost[0] == ':' && client_p->sockhost[1] == ':')
-<
+    strlcpy(new_client->host, "0", sizeof(new_client->host));
-<
+    strlcpy(new_client->host+1, new_client->sockhost, sizeof(new_client->host)-1);
-<
+    memmove(new_client->sockhost+1, new_client->sockhost, sizeof(new_client->sockhost)-1);
-<
+    new_client->sockhost[0] = '0';
->
+    strlcpy(client_p->host, "0", sizeof(client_p->host));
->
+    strlcpy(client_p->host+1, client_p->sockhost, sizeof(client_p->host)-1);
->
+    memmove(client_p->sockhost+1, client_p->sockhost, sizeof(client_p->sockhost)-1);
->
+    client_p->sockhost[0] = '0';
+  else
-<
+    strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host));
->
+    strlcpy(client_p->host, client_p->sockhost, sizeof(client_p->host));
-<
+  new_client->localClient->listener = listener;
->
+  client_p->localClient->listener = listener;
+  ++listener->ref_count;
+#ifdef HAVE_LIBCRYPTO
+  if (listener->flags & LISTENER_SSL)
-<
+    if ((new_client->localClient->fd.ssl = SSL_new(ServerInfo.server_ctx)) == NULL)
->
+    if ((client_p->localClient->fd.ssl = SSL_new(ConfigServerInfo.server_ctx)) == NULL)
+      ilog(LOG_TYPE_IRCD, "SSL_new() ERROR! -- %s",
+           ERR_error_string(ERR_get_error(), NULL));
-<
+      SetDead(new_client);
-<
+      exit_client(new_client, new_client, "SSL_new failed");
->
+      SetDead(client_p);
->
+      exit_client(client_p, "SSL_new failed");
+      return;
-<
+    AddFlag(new_client, FLAGS_SSL);
-<
+    SSL_set_fd(new_client->localClient->fd.ssl, fd);
-<
+    ssl_handshake(0, new_client);
->
+    AddFlag(client_p, FLAGS_SSL);
->
+    SSL_set_fd(client_p->localClient->fd.ssl, fd);
->
+    ssl_handshake(NULL, client_p);
+  else
+#endif
-<
+    start_auth(new_client);
->
+    start_auth(client_p);
+/*
+ * Set the timeout for the fd
+ */
+void
-<
+comm_settimeout(fde_t *fd, time_t timeout, PF *callback, void *cbdata)
->
+comm_settimeout(fde_t *fd, time_t timeout, void (*callback)(fde_t *, void *), void *cbdata)
+  assert(fd->flags.open);
+ * flush functions, and when comm_close() is implemented correctly
+ * with close functions, we _actually_ don't call comm_close() here ..
+ * -- originally Adrian's notes
-<
+ * comm_close() is replaced with fd_close() in fdlist.c
->
+ * comm_close() is replaced with fd_close() in fdlist.c
+ */
+void
-<
+comm_setflush(fde_t *fd, time_t timeout, PF *callback, void *cbdata)
->
+comm_setflush(fde_t *fd, time_t timeout, void (*callback)(fde_t *, void *), void *cbdata)
+  assert(fd->flags.open);
+ * this will happen.
+ */
+void
-<
+comm_checktimeouts(void *notused)
->
+comm_checktimeouts(void *unused)
+  int i;
+  fde_t *F;
-<
+  PF *hdl;
->
+  void (*hdl)(fde_t *, void *);
+  void *data;
+  for (i = 0; i < FD_HASH_SIZE; i++)
+   *   -- adrian
+   */
+  if ((clocal != NULL) && (bind(fd->fd, clocal, socklen) < 0))
-<
+  {
->
+  {
+    /* Failure, call the callback with COMM_ERR_BIND */
+    comm_connect_callback(fd, COMM_ERR_BIND);
+    /* ... and quit */
+ * called ..
+ */
+static void
-<
+comm_connect_timeout(fde_t *fd, void *notused)
->
+comm_connect_timeout(fde_t *fd, void *unused)
+  /* error! */
+  comm_connect_callback(fd, COMM_ERR_TIMEOUT);
+ * otherwise we initiate the connect()
+ */
+static void
-<
+comm_connect_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name)
->
+comm_connect_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name, size_t namelength)
+  fde_t *F = vptr;
-<
+  if (name == NULL)
->
+  if (!addr)
+    comm_connect_callback(F, COMM_ERR_DNS);
+    return;
+  /* Copy over the DNS reply info so we can use it in the connect() */
+  /*
+   * Note we don't fudge the refcount here, because we aren't keeping
-<
+   * the DNS record around, and the DNS cache is gone anyway..
->
+   * the DNS record around, and the DNS cache is gone anyway..
+   *     -- adrian
+   */
+  memcpy(&F->connect.hostaddr, addr, addr->ss_len);
+  /* The cast is hacky, but safe - port offset is same on v4 and v6 */
-<
+  ((struct sockaddr_in *) &F->connect.hostaddr)->sin_port =
-<
+    F->connect.hostaddr.ss_port;
->
+  ((struct sockaddr_in *) &F->connect.hostaddr)->sin_port = F->connect.hostaddr.ss_port;
+  F->connect.hostaddr.ss_len = addr->ss_len;
+  /* Now, call the tryconnect() routine to try a connect() */
+  comm_connect_tryconnect(F, NULL);
-<
+/* static void comm_connect_tryconnect(int fd, void *notused)
->
+/* static void comm_connect_tryconnect(int fd, void *unused)
+ * Input: The fd, the handler data(unused).
+ * Output: None.
+ * Side-effects: Try and connect with pending connect data for the FD. If
+ *               to select for a write event on this FD.
+ */
+static void
-<
+comm_connect_tryconnect(fde_t *fd, void *notused)
->
+comm_connect_tryconnect(fde_t *fd, void *unused)
+  int retval;
+    return;
+  /* Try the connect() */
-<
+  retval = connect(fd->fd, (struct sockaddr *) &fd->connect.hostaddr,
->
+  retval = connect(fd->fd, (struct sockaddr *) &fd->connect.hostaddr,
+    fd->connect.hostaddr.ss_len);
+  /* Error? */
+ * fd_open (this function no longer does it).
+ */
+int
-<
+comm_accept(struct Listener *lptr, struct irc_ssaddr *pn)
->
+comm_accept(struct Listener *lptr, struct irc_ssaddr *addr)
+  int newfd;
+  socklen_t addrlen = sizeof(struct irc_ssaddr);
+    return -1;
-+
+  memset(addr, 0, sizeof(struct irc_ssaddr));
-+
+  /*
+   * Next, do the accept(). if we get an error, we should drop the
+   * reserved fd limit, but we can deal with that when comm_open()
+   * also does it. XXX -- adrian
+   */
-<
+  newfd = accept(lptr->fd.fd, (struct sockaddr *)pn, &addrlen);
->
+  newfd = accept(lptr->fd.fd, (struct sockaddr *)addr, &addrlen);
+  if (newfd < 0)
+    return -1;
-<
+#ifdef IPV6
-<
+  remove_ipv6_mapping(pn);
-<
+#else
-<
+  pn->ss_len = addrlen;
-<
+#endif
->
+  remove_ipv6_mapping(addr);
+  setup_socket(newfd);
+  return newfd;
-<
+/*
->
+/*
+ * remove_ipv6_mapping() - Removes IPv4-In-IPv6 mapping from an address
+ * OSes with IPv6 mapping listening on both
+ * AF_INET and AF_INET6 map AF_INET connections inside AF_INET6 structures
-<
+ *
->
+ *
+ */
-–
+#ifdef IPV6
+void
+remove_ipv6_mapping(struct irc_ssaddr *addr)
+    if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)addr)->sin6_addr))
-<
+      struct sockaddr_in6 v6;
->
+      struct sockaddr_in6 v6;
+      struct sockaddr_in *v4 = (struct sockaddr_in *)addr;
+      memcpy(&v6, addr, sizeof(v6));
+      addr->ss.ss_family = AF_INET;
+      addr->ss_len = sizeof(struct sockaddr_in);
-<
+    else
->
+    else
+      addr->ss_len = sizeof(struct sockaddr_in6);
+  else
+    addr->ss_len = sizeof(struct sockaddr_in);
-<
+}
-<
+#endif
->
+}

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines (old)
->
+Changed lines (new)

Comparing ircd-hybrid/trunk/src/s_bsd.c (file contents): Revision 2632 by michael, Sun Dec 8 18:33:48 2013 UTC vs. Revision 4461 by michael, Wed Aug 13 17:05:26 2014 UTC

Diff Legend

Comparing ircd-hybrid/trunk/src/s_bsd.c (file contents):
Revision 2632 by michael, Sun Dec 8 18:33:48 2013 UTC vs.
Revision 4461 by michael, Wed Aug 13 17:05:26 2014 UTC