ViewVC Help

View File | Revision Log | Show Annotations | View Changeset | Root Listing

root/svn/ircd-hybrid/trunk/src/server.c

Comparing ircd-hybrid-8/src/s_serv.c (file contents):
Revision 1157 by michael, Tue Aug 9 22:03:59 2011 UTC vs.
Revision 1377 by michael, Mon Apr 30 19:35:16 2012 UTC

#	Line 31 | Line 31
31		#include "channel.h"
32		#include "channel_mode.h"
33		#include "client.h"
34	–	#include "common.h"
34		#include "dbuf.h"
35		#include "event.h"
36		#include "fdlist.h"
#	Line 44 | Line 43
43		#include "numeric.h"
44		#include "packet.h"
45		#include "irc_res.h"
46	<	#include "s_conf.h"
46	>	#include "conf.h"
47		#include "s_serv.h"
48	<	#include "s_log.h"
48	>	#include "log.h"
49	>	#include "s_misc.h"
50		#include "s_user.h"
51		#include "send.h"
52		#include "memory.h"
53		#include "channel.h" /* chcap_usage_counts stuff...*/
54	+	#include "parse.h"
55
56		#define MIN_CONN_FREQ 300
57
58		static dlink_list cap_list = { NULL, NULL, 0 };
59		static void server_burst(struct Client *);
59	–	static int fork_server(struct Client *);
60		static void burst_all(struct Client *);
61		static void send_tb(struct Client *client_p, struct Channel *chptr);
62
63		static CNCB serv_connect_callback;
64
65	–	static void start_io(struct Client *);
65		static void burst_members(struct Client *, struct Channel *);
66
68	–	static SlinkRplHnd slink_error;
69	–	static SlinkRplHnd slink_zipstats;
70	–
71	–
72	–	#ifdef HAVE_LIBCRYPTO
73	–	struct EncCapability CipherTable[] =
74	–	{
75	–	#ifdef HAVE_EVP_BF_CFB
76	–	{ "BF/168",     CAP_ENC_BF_168,     24, CIPHER_BF     },
77	–	{ "BF/128",     CAP_ENC_BF_128,     16, CIPHER_BF     },
78	–	#endif
79	–	#ifdef HAVE_EVP_CAST5_CFB
80	–	{ "CAST/128",   CAP_ENC_CAST_128,   16, CIPHER_CAST   },
81	–	#endif
82	–	#ifdef HAVE_EVP_IDEA_CFB
83	–	{ "IDEA/128",   CAP_ENC_IDEA_128,   16, CIPHER_IDEA   },
84	–	#endif
85	–	#ifdef HAVE_EVP_RC5_32_12_16_CFB
86	–	{ "RC5.16/128", CAP_ENC_RC5_16_128, 16, CIPHER_RC5_16 },
87	–	{ "RC5.12/128", CAP_ENC_RC5_12_128, 16, CIPHER_RC5_12 },
88	–	{ "RC5.8/128",  CAP_ENC_RC5_8_128,  16, CIPHER_RC5_8  },
89	–	#endif
90	–	#ifdef HAVE_EVP_DES_EDE3_CFB
91	–	{ "3DES/168",   CAP_ENC_3DES_168,   24, CIPHER_3DES   },
92	–	#endif
93	–	#ifdef HAVE_EVP_DES_CFB
94	–	{ "DES/56",     CAP_ENC_DES_56,      8, CIPHER_DES    },
95	–	#endif
96	–	{ 0,            0,                   0, 0             }
97	–	};
98	–	#endif
99	–
100	–	struct SlinkRplDef slinkrpltab[] = {
101	–	{ SLINKRPL_ERROR,    slink_error,    SLINKRPL_FLAG_DATA },
102	–	{ SLINKRPL_ZIPSTATS, slink_zipstats, SLINKRPL_FLAG_DATA },
103	–	{ 0,                 0,              0 },
104	–	};
105	–
106	–
107	–	void
108	–	slink_error(unsigned int rpl, unsigned int len, unsigned char *data,
109	–	struct Client *server_p)
110	–	{
111	–	assert(rpl == SLINKRPL_ERROR);
112	–	assert(len < 256);
113	–
114	–	data[len-1] = '\0';
115	–
116	–	sendto_realops_flags(UMODE_ALL, L_ALL, "SlinkError for %s: %s",
117	–	server_p->name, data);
118	–	/* XXX should this be exit_client? */
119	–	exit_client(server_p, &me, "servlink error -- terminating link");
120	–	}
121	–
122	–	void
123	–	slink_zipstats(unsigned int rpl, unsigned int len, unsigned char *data,
124	–	struct Client *server_p)
125	–	{
126	–	struct ZipStats zipstats;
127	–	uint64_t in = 0, in_wire = 0, out = 0, out_wire = 0;
128	–	int i = 0;
129	–
130	–	assert(rpl == SLINKRPL_ZIPSTATS);
131	–	assert(len == 16);
132	–	assert(IsCapable(server_p, CAP_ZIP));
133	–
134	–	/* Yes, it needs to be done this way, no we cannot let the compiler
135	–	* work with the pointer to the structure.  This works around a GCC
136	–	* bug on SPARC that affects all versions at the time of this writing.
137	–	* I will feed you to the creatures living in RMS's beard if you do
138	–	* not leave this as is, without being sure that you are not causing
139	–	* regression for most of our installed SPARC base.
140	–	* -jmallett, 04/27/2002
141	–	*/
142	–	memcpy(&zipstats, &server_p->localClient->zipstats, sizeof(struct ZipStats));
143	–
144	–	in |= (data[i++] << 24);
145	–	in |= (data[i++] << 16);
146	–	in |= (data[i++] <<  8);
147	–	in |= (data[i++]      );
148	–
149	–	in_wire |= (data[i++] << 24);
150	–	in_wire |= (data[i++] << 16);
151	–	in_wire |= (data[i++] <<  8);
152	–	in_wire |= (data[i++]      );
153	–
154	–	out |= (data[i++] << 24);
155	–	out |= (data[i++] << 16);
156	–	out |= (data[i++] <<  8);
157	–	out |= (data[i++]      );
158	–
159	–	out_wire |= (data[i++] << 24);
160	–	out_wire |= (data[i++] << 16);
161	–	out_wire |= (data[i++] <<  8);
162	–	out_wire |= (data[i++]      );
163	–
164	–	/* This macro adds b to a if a plus b is not an overflow, and sets the
165	–	* value of a to b if it is.
166	–	* Add and Set if No Overflow.
167	–	*/
168	–	#define ASNO(a, b) a = (a + b >= a ? a + b : b)
169	–
170	–	ASNO(zipstats.in, in);
171	–	ASNO(zipstats.out, out);
172	–	ASNO(zipstats.in_wire, in_wire);
173	–	ASNO(zipstats.out_wire, out_wire);
174	–
175	–	if (zipstats.in > 0)
176	–	zipstats.in_ratio = (((double)(zipstats.in - zipstats.in_wire) /
177	–	(double)zipstats.in) * 100.00);
178	–	else
179	–	zipstats.in_ratio = 0;
180	–
181	–	if (zipstats.out > 0)
182	–	zipstats.out_ratio = (((double)(zipstats.out - zipstats.out_wire) /
183	–	(double)zipstats.out) * 100.00);
184	–	else
185	–	zipstats.out_ratio = 0;
186	–
187	–	memcpy(&server_p->localClient->zipstats, &zipstats, sizeof(struct ZipStats));
188	–	}
189	–
190	–	void
191	–	collect_zipstats(void *unused)
192	–	{
193	–	dlink_node *ptr = NULL;
194	–
195	–	DLINK_FOREACH(ptr, serv_list.head)
196	–	{
197	–	struct Client *target_p = ptr->data;
198	–
199	–	if (IsCapable(target_p, CAP_ZIP))
200	–	{
201	–	/* only bother if we haven't already got something queued... */
202	–	if (!target_p->localClient->slinkq)
203	–	{
204	–	target_p->localClient->slinkq     = MyMalloc(1); /* sigh.. */
205	–	target_p->localClient->slinkq[0]  = SLINKCMD_ZIPSTATS;
206	–	target_p->localClient->slinkq_ofs = 0;
207	–	target_p->localClient->slinkq_len = 1;
208	–	send_queued_slink_write(target_p);
209	–	}
210	–	}
211	–	}
212	–	}
213	–
214	–	#ifdef HAVE_LIBCRYPTO
215	–	struct EncCapability *
216	–	check_cipher(struct Client *client_p, struct AccessItem *aconf)
217	–	{
218	–	struct EncCapability *epref = NULL;
219	–
220	–	/* Use connect{} specific info if available */
221	–	if (aconf->cipher_preference)
222	–	epref = aconf->cipher_preference;
223	–	else if (ConfigFileEntry.default_cipher_preference)
224	–	epref = ConfigFileEntry.default_cipher_preference;
225	–
226	–	/*
227	–	* If the server supports the capability in hand, return the matching
228	–	* conf struct.  Otherwise, return NULL (an error).
229	–	*/
230	–	if (epref && IsCapableEnc(client_p, epref->cap))
231	–	return epref;
232	–
233	–	return NULL;
234	–	}
235	–	#endif /* HAVE_LIBCRYPTO */
236	–
67		/*
68		* write_links_file
69		*
#	Line 251 | Line 81 | write_links_file(void* notused)
81		MessageFileLine *newMessageLine = 0;
82		MessageFile *MessageFileptr;
83		const char *p;
84	<	FBFILE *file;
84	>	FILE *file;
85		char buff[512];
86		dlink_node *ptr;
87
88		MessageFileptr = &ConfigFileEntry.linksfile;
89
90	<	if ((file = fbopen(MessageFileptr->fileName, "w")) == NULL)
90	>	if ((file = fopen(MessageFileptr->fileName, "w")) == NULL)
91		return;
92
93		for (mptr = MessageFileptr->contentsOfFile; mptr; mptr = next_mptr)
#	Line 271 | Line 101 | write_links_file(void* notused)
101
102		DLINK_FOREACH(ptr, global_serv_list.head)
103		{
104	<	size_t nbytes = 0;
275	<	struct Client *target_p = ptr->data;
104	>	const struct Client *target_p = ptr->data;
105
106		/* skip ourselves, we send ourselves in /links */
107		if (IsMe(target_p))
#	Line 303 | Line 132 | write_links_file(void* notused)
132		*/
133		assert(strlen(target_p->name) + strlen(me.name) + 6 + strlen(p) <=
134		MESSAGELINELEN);
135	<	ircsprintf(newMessageLine->line, "%s %s :1 %s",
136	<	target_p->name, me.name, p);
135	>	snprintf(newMessageLine->line, sizeof(newMessageLine->line), "%s %s :1 %s",
136	>	target_p->name, me.name, p);
137		newMessageLine->next = NULL;
138
139		if (MessageFileptr->contentsOfFile)
#	Line 319 | Line 148 | write_links_file(void* notused)
148		currentMessageLine = newMessageLine;
149		}
150
151	<	nbytes = ircsprintf(buff, "%s %s :1 %s\n", target_p->name, me.name, p);
152	<	fbputs(buff, file, nbytes);
151	>	snprintf(buff, sizeof(buff), "%s %s :1 %s\n", target_p->name, me.name, p);
152	>	fputs(buff, file);
153		}
154
155	<	fbclose(file);
155	>	fclose(file);
156		}
157
158		/* hunt_server()
#	Line 354 | Line 183 | hunt_server(struct Client *client_p, str
183		dlink_node *ptr;
184		int wilds;
185
186	<	/* Assume it's me, if no server
187	<	*/
188	<	if (parc <= server || EmptyString(parv[server]) ||
189	<	match(me.name, parv[server]) ||
190	<	match(parv[server], me.name) ||
191	<	!strcmp(parv[server], me.id))
363	<	return(HUNTED_ISME);
186	>	/* Assume it's me, if no server */
187	>	if (parc <= server || EmptyString(parv[server]))
188	>	return HUNTED_ISME;
189	>
190	>	if (!strcmp(parv[server], me.id) || match(parv[server], me.name))
191	>	return HUNTED_ISME;
192
193		/* These are to pickup matches that would cause the following
194		* message to go in the wrong direction while doing quick fast
195		* non-matching lookups.
196		*/
197		if (MyClient(source_p))
198	<	target_p = find_client(parv[server]);
198	>	target_p = hash_find_client(parv[server]);
199		else
200		target_p = find_person(client_p, parv[server]);
201
#	Line 375 | Line 203 | hunt_server(struct Client *client_p, str
203		if (target_p->from == source_p->from && !MyConnect(target_p))
204		target_p = NULL;
205
206	<	if (target_p == NULL && (target_p = find_server(parv[server])))
206	>	if (target_p == NULL && (target_p = hash_find_server(parv[server])))
207		if (target_p->from == source_p->from && !MyConnect(target_p))
208		target_p = NULL;
209
#	Line 389 | Line 217 | hunt_server(struct Client *client_p, str
217		{
218		if (!wilds)
219		{
220	<	if (!(target_p = find_server(parv[server])))
220	>	if (!(target_p = hash_find_server(parv[server])))
221		{
222		sendto_one(source_p, form_str(ERR_NOSUCHSERVER),
223	<	me.name, parv[0], parv[server]);
223	>	me.name, source_p->name, parv[server]);
224		return(HUNTED_NOSUCH);
225		}
226		}
#	Line 420 | Line 248 | hunt_server(struct Client *client_p, str
248		if(!IsRegistered(target_p))
249		{
250		sendto_one(source_p, form_str(ERR_NOSUCHSERVER),
251	<	me.name, parv[0], parv[server]);
251	>	me.name, source_p->name, parv[server]);
252		return HUNTED_NOSUCH;
253		}
254
#	Line 443 | Line 271 | hunt_server(struct Client *client_p, str
271		}
272
273		sendto_one(source_p, form_str(ERR_NOSUCHSERVER),
274	<	me.name, parv[0], parv[server]);
274	>	me.name, source_p->name, parv[server]);
275		return(HUNTED_NOSUCH);
276		}
277
#	Line 496 | Line 324 | try_connections(void *unused)
324		confrq = DEFAULT_CONNECTFREQUENCY;
325		else
326		{
327	<	confrq = ConFreq(cltmp);
328	<	if (confrq < MIN_CONN_FREQ )
327	>	confrq = cltmp->con_freq;
328	>	if (confrq < MIN_CONN_FREQ)
329		confrq = MIN_CONN_FREQ;
330		}
331
#	Line 506 | Line 334 | try_connections(void *unused)
334		/* Found a CONNECT config with port specified, scan clients
335		* and see if this server is already connected?
336		*/
337	<	if (find_server(conf->name) != NULL)
337	>	if (hash_find_server(conf->name) != NULL)
338		continue;
339
340	<	if (CurrUserCount(cltmp) < MaxTotal(cltmp))
340	>	if (cltmp->curr_user_count < cltmp->max_total)
341		{
342		/* Go to the end of the list, if not already last */
343		if (ptr->next != NULL)
#	Line 565 | Line 393 | valid_servname(const char *name)
393		}
394
395		int
396	<	check_server(const char *name, struct Client *client_p, int cryptlink)
396	>	check_server(const char *name, struct Client *client_p)
397		{
398		dlink_node *ptr;
399		struct ConfItem *conf           = NULL;
#	Line 599 | Line 427 | check_server(const char *name, struct Cl
427		match(aconf->host, client_p->sockhost))
428		{
429		error = -2;
602	–	#ifdef HAVE_LIBCRYPTO
603	–	if (cryptlink && IsConfCryptLink(aconf))
604	–	{
605	–	if (aconf->rsa_public_key)
606	–	server_conf = conf;
607	–	}
608	–	else if (!(cryptlink || IsConfCryptLink(aconf)))
609	–	#endif /* HAVE_LIBCRYPTO */
430		{
431		/* A NULL password is as good as a bad one */
432		if (EmptyString(client_p->localClient->passwd))
#	Line 658 | Line 478 | check_server(const char *name, struct Cl
478
479		server_aconf = map_to_conf(server_conf);
480
661	–	#ifdef HAVE_LIBZ /* otherwise, clear it unconditionally */
662	–	if (!IsConfCompressed(server_aconf))
663	–	#endif
664	–	ClearCap(client_p, CAP_ZIP);
665	–	if (!IsConfCryptLink(server_aconf))
666	–	ClearCap(client_p, CAP_ENC);
481		if (!IsConfTopicBurst(server_aconf))
482		{
483		ClearCap(client_p, CAP_TB);
#	Line 781 | Line 595 | find_capability(const char *capab)
595		* inputs       - Client pointer to send to
596		*              - Pointer to AccessItem (for crypt)
597		*              - int flag of capabilities that this server can send
784	–	*              - int flag of encryption capabilities
598		* output       - NONE
599		* side effects - send the CAPAB line to a server  -orabidoo
600		*
601		*/
602		void
603		send_capabilities(struct Client *client_p, struct AccessItem *aconf,
604	<	int cap_can_send, int enc_can_send)
604	>	int cap_can_send)
605		{
606		struct Capability *cap=NULL;
607		char msgbuf[IRCD_BUFSIZE];
608		char *t;
609		int tl;
610		dlink_node *ptr;
798	–	#ifdef HAVE_LIBCRYPTO
799	–	const struct EncCapability *epref = NULL;
800	–	char *capend;
801	–	int sent_cipher = 0;
802	–	#endif
611
612		t = msgbuf;
613
#	Line 813 | Line 621 | send_capabilities(struct Client *client_
621		t += tl;
622		}
623		}
816	–	#ifdef HAVE_LIBCRYPTO
817	–	if (enc_can_send)
818	–	{
819	–	capend = t;
820	–	strcpy(t, "ENC:");
821	–	t += 4;
822	–
823	–	/* use connect{} specific info if available */
824	–	if (aconf->cipher_preference)
825	–	epref = aconf->cipher_preference;
826	–	else if (ConfigFileEntry.default_cipher_preference)
827	–	epref = ConfigFileEntry.default_cipher_preference;
624
829	–	if (epref && (epref->cap & enc_can_send))
830	–	{
831	–	/* Leave the space -- it is removed later. */
832	–	tl = ircsprintf(t, "%s ", epref->name);
833	–	t += tl;
834	–	sent_cipher = 1;
835	–	}
836	–
837	–	if (!sent_cipher)
838	–	t = capend; /* truncate string before ENC:, below */
839	–	}
840	–	#endif
625		*(t - 1) = '\0';
626		sendto_one(client_p, "CAPAB :%s", msgbuf);
627		}
#	Line 857 | Line 641 | sendnick_TS(struct Client *client_p, str
641		if (!IsClient(target_p))
642		return;
643
644	<	send_umode(NULL, target_p, 0, IsOperHiddenAdmin(target_p) ?
861	<	SEND_UMODES & ~UMODE_ADMIN : SEND_UMODES, ubuf);
644	>	send_umode(NULL, target_p, 0, SEND_UMODES, ubuf);
645
646		if (ubuf[0] == '\0')
647		{
#	Line 867 | Line 650 | sendnick_TS(struct Client *client_p, str
650		}
651
652		/* XXX Both of these need to have a :me.name or :mySID!?!?! */
653	<	if (HasID(target_p) && IsCapable(client_p, CAP_TS6))
654	<	sendto_one(client_p, ":%s UID %s %d %lu %s %s %s %s %s :%s",
655	<	target_p->servptr->id,
656	<	target_p->name, target_p->hopcount + 1,
657	<	(unsigned long) target_p->tsinfo,
658	<	ubuf, target_p->username, target_p->host,
659	<	(MyClient(target_p) && IsIPSpoof(target_p)) ?
660	<	"0" : target_p->sockhost, target_p->id, target_p->info);
653	>	if (IsCapable(client_p, CAP_SVS))
654	>	{
655	>	if (HasID(target_p) && IsCapable(client_p, CAP_TS6))
656	>	sendto_one(client_p, ":%s UID %s %d %lu %s %s %s %s %s %lu :%s",
657	>	target_p->servptr->id,
658	>	target_p->name, target_p->hopcount + 1,
659	>	(unsigned long) target_p->tsinfo,
660	>	ubuf, target_p->username, target_p->host,
661	>	(MyClient(target_p) && IsIPSpoof(target_p)) ?
662	>	"0" : target_p->sockhost, target_p->id,
663	>	(unsigned long)target_p->servicestamp, target_p->info);
664	>	else
665	>	sendto_one(client_p, "NICK %s %d %lu %s %s %s %s %lu :%s",
666	>	target_p->name, target_p->hopcount + 1,
667	>	(unsigned long) target_p->tsinfo,
668	>	ubuf, target_p->username, target_p->host,
669	>	target_p->servptr->name, (unsigned long)target_p->servicestamp,
670	>	target_p->info);
671	>	}
672		else
673	<	sendto_one(client_p, "NICK %s %d %lu %s %s %s %s :%s",
674	<	target_p->name, target_p->hopcount + 1,
675	<	(unsigned long) target_p->tsinfo,
676	<	ubuf, target_p->username, target_p->host,
677	<	target_p->servptr->name, target_p->info);
673	>	{
674	>	if (HasID(target_p) && IsCapable(client_p, CAP_TS6))
675	>	sendto_one(client_p, ":%s UID %s %d %lu %s %s %s %s %s :%s",
676	>	target_p->servptr->id,
677	>	target_p->name, target_p->hopcount + 1,
678	>	(unsigned long) target_p->tsinfo,
679	>	ubuf, target_p->username, target_p->host,
680	>	(MyClient(target_p) && IsIPSpoof(target_p)) ?
681	>	"0" : target_p->sockhost, target_p->id, target_p->info);
682	>	else
683	>	sendto_one(client_p, "NICK %s %d %lu %s %s %s %s :%s",
684	>	target_p->name, target_p->hopcount + 1,
685	>	(unsigned long) target_p->tsinfo,
686	>	ubuf, target_p->username, target_p->host,
687	>	target_p->servptr->name, target_p->info);
688	>	}
689
690		if (IsConfAwayBurst((struct AccessItem *)map_to_conf(client_p->serv->sconf)))
691		if (!EmptyString(target_p->away))
#	Line 912 | Line 717 | show_capabilities(struct Client *target_
717		if (IsCapable(target_p, cap->cap))
718		t += ircsprintf(t, "%s ", cap->name);
719		}
915	–	#ifdef HAVE_LIBCRYPTO
916	–	if (IsCapable(target_p, CAP_ENC) &&
917	–	target_p->localClient->in_cipher &&
918	–	target_p->localClient->out_cipher)
919	–	t += ircsprintf(t, "ENC:%s ",
920	–	target_p->localClient->in_cipher->name);
921	–	#endif
922	–	*(t - 1) = '\0';
720
721	<	return(msgbuf);
721	>	*(t - 1) = '\0';
722	>	return msgbuf;
723		}
724
725		/* make_server()
#	Line 956 | Line 754 | server_estab(struct Client *client_p)
754		const char *inpath;
755		static char inpath_ip[HOSTLEN * 2 + USERLEN + 6];
756		dlink_node *ptr;
757	+	#ifdef HAVE_LIBCRYPTO
758	+	const COMP_METHOD *compression = NULL, *expansion = NULL;
759	+	#endif
760
761		assert(client_p != NULL);
762
#	Line 996 | Line 797 | server_estab(struct Client *client_p)
797
798		aconf = map_to_conf(conf);
799
800	<	if (IsUnknown(client_p) && !IsConfCryptLink(aconf))
800	>	if (IsUnknown(client_p))
801		{
802		/* jdc -- 1.  Use EmptyString(), not [0] index reference.
803		*        2.  Check aconf->spasswd, not aconf->passwd.
#	Line 1013 | Line 814 | server_estab(struct Client *client_p)
814		*/
815
816		send_capabilities(client_p, aconf,
817	<	(IsConfCompressed(aconf) ? CAP_ZIP : 0)
1017	<	| (IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0), 0);
817	>	(IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0));
818
1019	–	/* SERVER is the last command sent before switching to ziplinks.
1020	–	* We set TCPNODELAY on the socket to make sure it gets sent out
1021	–	* on the wire immediately.  Otherwise, it could be sitting in
1022	–	* a kernel buffer when we start sending zipped data, and the
1023	–	* parser on the receiving side can't hand both unzipped and zipped
1024	–	* data in one packet. --Rodder
1025	–	*
1026	–	* currently we only need to call send_queued_write,
1027	–	* Nagle is already disabled at this point --adx
1028	–	*/
819		sendto_one(client_p, "SERVER %s 1 :%s%s",
820		me.name, ConfigServerHide.hidden ? "(H) " : "", me.info);
1031	–	send_queued_write(client_p);
1032	–	}
1033	–
1034	–	/* Hand the server off to servlink now */
1035	–	if (IsCapable(client_p, CAP_ENC) || IsCapable(client_p, CAP_ZIP))
1036	–	{
1037	–	if (fork_server(client_p) < 0)
1038	–	{
1039	–	sendto_realops_flags(UMODE_ALL, L_ADMIN,
1040	–	"Warning: fork failed for server %s -- check servlink_path (%s)",
1041	–	get_client_name(client_p, HIDE_IP), ConfigFileEntry.servlink_path);
1042	–	sendto_realops_flags(UMODE_ALL, L_OPER, "Warning: fork failed for server "
1043	–	"%s -- check servlink_path (%s)",
1044	–	get_client_name(client_p, MASK_IP),
1045	–	ConfigFileEntry.servlink_path);
1046	–	exit_client(client_p, &me, "fork failed");
1047	–	return;
1048	–	}
1049	–
1050	–	start_io(client_p);
1051	–	SetServlink(client_p);
821		}
822
823		sendto_one(client_p, "SVINFO %d %d 0 :%lu", TS_CURRENT, TS_MIN,
#	Line 1099 | Line 868 | server_estab(struct Client *client_p)
868		make_server(client_p);
869
870		/* fixing eob timings.. -gnp */
871	<	client_p->firsttime = CurrentTime;
1103	<
871	>	client_p->localClient->firsttime = CurrentTime;
872
873		if (find_matching_name_conf(SERVICE_TYPE, client_p->name, NULL, NULL, 0))
874	<	SetService(client_p);
874	>	AddFlag(client_p, FLAGS_SERVICE);
875
876		/* Show the real host/IP to admins */
877	<	sendto_realops_flags(UMODE_ALL, L_ADMIN,
878	<	"Link with %s established: (%s) link",
1111	<	inpath_ip,show_capabilities(client_p));
1112	<	/* Now show the masked hostname/IP to opers */
1113	<	sendto_realops_flags(UMODE_ALL, L_OPER,
1114	<	"Link with %s established: (%s) link",
1115	<	inpath,show_capabilities(client_p));
1116	<	ilog(L_NOTICE, "Link with %s established: (%s) link",
1117	<	inpath_ip, show_capabilities(client_p));
1118	<
1119	<	client_p->serv->sconf = conf;
1120	<
1121	<	if (HasServlink(client_p))
877	>	#ifdef HAVE_LIBCRYPTO
878	>	if (client_p->localClient->fd.ssl)
879		{
880	<	/* we won't overflow FD_DESC_SZ here, as it can hold
881	<	* client_p->name + 64
882	<	*/
883	<	fd_note(&client_p->localClient->fd, "slink data: %s", client_p->name);
884	<	fd_note(&client_p->localClient->ctrlfd, "slink ctrl: %s", client_p->name);
880	>	compression = SSL_get_current_compression(client_p->localClient->fd.ssl);
881	>	expansion   = SSL_get_current_expansion(client_p->localClient->fd.ssl);
882	>
883	>	sendto_realops_flags(UMODE_ALL, L_ADMIN,
884	>	"Link with %s established: [SSL: %s, Compression/Expansion method: %s/%s] (Capabilities: %s)",
885	>	inpath_ip, ssl_get_cipher(client_p->localClient->fd.ssl),
886	>	compression ? SSL_COMP_get_name(compression) : "NONE",
887	>	expansion ? SSL_COMP_get_name(expansion) : "NONE",
888	>	show_capabilities(client_p));
889	>	/* Now show the masked hostname/IP to opers */
890	>	sendto_realops_flags(UMODE_ALL, L_OPER,
891	>	"Link with %s established: [SSL: %s, Compression/Expansion method: %s/%s] (Capabilities: %s)",
892	>	inpath, ssl_get_cipher(client_p->localClient->fd.ssl),
893	>	compression ? SSL_COMP_get_name(compression) : "NONE",
894	>	expansion ? SSL_COMP_get_name(expansion) : "NONE",
895	>	show_capabilities(client_p));
896	>	ilog(LOG_TYPE_IRCD, "Link with %s established: [SSL: %s, Compression/Expansion method: %s/%s] (Capabilities: %s)",
897	>	inpath_ip, ssl_get_cipher(client_p->localClient->fd.ssl),
898	>	compression ? SSL_COMP_get_name(compression) : "NONE",
899	>	expansion ? SSL_COMP_get_name(expansion) : "NONE",
900	>	show_capabilities(client_p));
901		}
902		else
903	<	fd_note(&client_p->localClient->fd, "Server: %s", client_p->name);
903	>	#endif
904	>	{
905	>	sendto_realops_flags(UMODE_ALL, L_ADMIN,
906	>	"Link with %s established: (Capabilities: %s)",
907	>	inpath_ip,show_capabilities(client_p));
908	>	/* Now show the masked hostname/IP to opers */
909	>	sendto_realops_flags(UMODE_ALL, L_OPER,
910	>	"Link with %s established: (Capabilities: %s)",
911	>	inpath,show_capabilities(client_p));
912	>	ilog(LOG_TYPE_IRCD, "Link with %s established: (Capabilities: %s)",
913	>	inpath_ip, show_capabilities(client_p));
914	>	}
915	>
916	>	client_p->serv->sconf = conf;
917	>
918	>	fd_note(&client_p->localClient->fd, "Server: %s", client_p->name);
919
920		/* Old sendto_serv_but_one() call removed because we now
921		** need to send different names to different servers
#	Line 1199 | Line 987 | server_estab(struct Client *client_p)
987		server_burst(client_p);
988		}
989
1202	–	static void
1203	–	start_io(struct Client *server)
1204	–	{
1205	–	struct LocalUser *lserver = server->localClient;
1206	–	int alloclen = 1;
1207	–	char *buf;
1208	–	dlink_node *ptr;
1209	–	struct dbuf_block *block;
1210	–
1211	–	/* calculate how many bytes to allocate */
1212	–	if (IsCapable(server, CAP_ZIP))
1213	–	alloclen += 6;
1214	–	#ifdef HAVE_LIBCRYPTO
1215	–	if (IsCapable(server, CAP_ENC))
1216	–	alloclen += 16 + lserver->in_cipher->keylen + lserver->out_cipher->keylen;
1217	–	#endif
1218	–	alloclen += dbuf_length(&lserver->buf_recvq);
1219	–	alloclen += dlink_list_length(&lserver->buf_recvq.blocks) * 3;
1220	–	alloclen += dbuf_length(&lserver->buf_sendq);
1221	–	alloclen += dlink_list_length(&lserver->buf_sendq.blocks) * 3;
1222	–
1223	–	/* initialize servlink control sendq */
1224	–	lserver->slinkq = buf = MyMalloc(alloclen);
1225	–	lserver->slinkq_ofs = 0;
1226	–	lserver->slinkq_len = alloclen;
1227	–
1228	–	if (IsCapable(server, CAP_ZIP))
1229	–	{
1230	–	/* ziplink */
1231	–	*buf++ = SLINKCMD_SET_ZIP_OUT_LEVEL;
1232	–	*buf++ = 0; /* |          */
1233	–	*buf++ = 1; /* \ len is 1 */
1234	–	*buf++ = ConfigFileEntry.compression_level;
1235	–	*buf++ = SLINKCMD_START_ZIP_IN;
1236	–	*buf++ = SLINKCMD_START_ZIP_OUT;
1237	–	}
1238	–	#ifdef HAVE_LIBCRYPTO
1239	–	if (IsCapable(server, CAP_ENC))
1240	–	{
1241	–	/* Decryption settings */
1242	–	*buf++ = SLINKCMD_SET_CRYPT_IN_CIPHER;
1243	–	*buf++ = 0; /* /                     (upper 8-bits of len) */
1244	–	*buf++ = 1; /* \ cipher id is 1 byte (lower 8-bits of len) */
1245	–	*buf++ = lserver->in_cipher->cipherid;
1246	–	*buf++ = SLINKCMD_SET_CRYPT_IN_KEY;
1247	–	*buf++ = 0; /* keylen < 256 */
1248	–	*buf++ = lserver->in_cipher->keylen;
1249	–	memcpy(buf, lserver->in_key, lserver->in_cipher->keylen);
1250	–	buf += lserver->in_cipher->keylen;
1251	–	/* Encryption settings */
1252	–	*buf++ = SLINKCMD_SET_CRYPT_OUT_CIPHER;
1253	–	*buf++ = 0; /* /                     (upper 8-bits of len) */
1254	–	*buf++ = 1; /* \ cipher id is 1 byte (lower 8-bits of len) */
1255	–	*buf++ = lserver->out_cipher->cipherid;
1256	–	*buf++ = SLINKCMD_SET_CRYPT_OUT_KEY;
1257	–	*buf++ = 0; /* keylen < 256 */
1258	–	*buf++ = lserver->out_cipher->keylen;
1259	–	memcpy(buf, lserver->out_key, lserver->out_cipher->keylen);
1260	–	buf += lserver->out_cipher->keylen;
1261	–	*buf++ = SLINKCMD_START_CRYPT_IN;
1262	–	*buf++ = SLINKCMD_START_CRYPT_OUT;
1263	–	}
1264	–	#endif
1265	–
1266	–	/* pass the whole recvq to servlink */
1267	–	DLINK_FOREACH (ptr, lserver->buf_recvq.blocks.head)
1268	–	{
1269	–	block = ptr->data;
1270	–	*buf++ = SLINKCMD_INJECT_RECVQ;
1271	–	*buf++ = (block->size >> 8);
1272	–	*buf++ = (block->size & 0xff);
1273	–	memcpy(buf, &block->data[0], block->size);
1274	–	buf += block->size;
1275	–	}
1276	–
1277	–	dbuf_clear(&lserver->buf_recvq);
1278	–
1279	–	/* pass the whole sendq to servlink */
1280	–	DLINK_FOREACH (ptr, lserver->buf_sendq.blocks.head)
1281	–	{
1282	–	block = ptr->data;
1283	–	*buf++ = SLINKCMD_INJECT_SENDQ;
1284	–	*buf++ = (block->size >> 8);
1285	–	*buf++ = (block->size & 0xff);
1286	–	memcpy(buf, &block->data[0], block->size);
1287	–	buf += block->size;
1288	–	}
1289	–
1290	–	dbuf_clear(&lserver->buf_sendq);
1291	–
1292	–	/* start io */
1293	–	*buf++ = SLINKCMD_INIT;
1294	–
1295	–	/* schedule a write */
1296	–	send_queued_slink_write(server);
1297	–	}
1298	–
1299	–	/* fork_server()
1300	–	*
1301	–	* inputs       - struct Client *server
1302	–	* output       - success: 0 / failure: -1
1303	–	* side effect  - fork, and exec SERVLINK to handle this connection
1304	–	*/
1305	–	static int
1306	–	fork_server(struct Client *server)
1307	–	{
1308	–	#ifndef HAVE_SOCKETPAIR
1309	–	return -1;
1310	–	#else
1311	–	int i;
1312	–	int slink_fds[2][2];
1313	–	/* 0? - ctrl  | 1? - data
1314	–	* ?0 - child | ?1 - parent */
1315	–
1316	–	if (socketpair(AF_UNIX, SOCK_STREAM, 0, slink_fds[0]) < 0)
1317	–	return -1;
1318	–	if (socketpair(AF_UNIX, SOCK_STREAM, 0, slink_fds[1]) < 0)
1319	–	goto free_ctrl_fds;
1320	–
1321	–	if ((i = fork()) < 0)
1322	–	{
1323	–	close(slink_fds[1][0]);  close(slink_fds[1][1]);
1324	–	free_ctrl_fds:
1325	–	close(slink_fds[0][0]);  close(slink_fds[0][1]);
1326	–	return -1;
1327	–	}
1328	–
1329	–	if (i == 0)
1330	–	{
1331	–	char fd_str[3][6];   /* store 3x sizeof("65535") */
1332	–	char *kid_argv[7];
1333	–
1334	–	#ifdef O_ASYNC
1335	–	fcntl(server->localClient->fd.fd, F_SETFL,
1336	–	fcntl(server->localClient->fd.fd, F_GETFL, 0) & ~O_ASYNC);
1337	–	#endif
1338	–	close_fds(&server->localClient->fd);
1339	–	close(slink_fds[0][1]);
1340	–	close(slink_fds[1][1]);
1341	–
1342	–	sprintf(fd_str[0], "%d", slink_fds[0][0]);
1343	–	sprintf(fd_str[1], "%d", slink_fds[1][0]);
1344	–	sprintf(fd_str[2], "%d", server->localClient->fd.fd);
1345	–
1346	–	kid_argv[0] = "-slink";
1347	–	kid_argv[1] = kid_argv[2] = fd_str[0];  /* ctrl */
1348	–	kid_argv[3] = kid_argv[4] = fd_str[1];  /* data */
1349	–	kid_argv[5] = fd_str[2];    /* network */
1350	–	kid_argv[6] = NULL;
1351	–
1352	–	execv(ConfigFileEntry.servlink_path, kid_argv);
1353	–
1354	–	_exit(1);
1355	–	}
1356	–
1357	–	/* close the network fd and the child ends of the pipes */
1358	–	fd_close(&server->localClient->fd);
1359	–	close(slink_fds[0][0]);
1360	–	close(slink_fds[1][0]);
1361	–
1362	–	execute_callback(setup_socket_cb, slink_fds[0][1]);
1363	–	execute_callback(setup_socket_cb, slink_fds[1][1]);
1364	–
1365	–	fd_open(&server->localClient->ctrlfd, slink_fds[0][1], 1, "slink ctrl");
1366	–	fd_open(&server->localClient->fd, slink_fds[1][1], 1, "slink data");
1367	–
1368	–	read_ctrl_packet(&server->localClient->ctrlfd, server);
1369	–	read_packet(&server->localClient->fd, server);
1370	–
1371	–	return 0;
1372	–	#endif
1373	–	}
1374	–
990		/* server_burst()
991		*
992		* inputs       - struct Client pointer server
#	Line 1432 | Line 1047 | burst_all(struct Client *client_p)
1047		{
1048		struct Client *target_p = ptr->data;
1049
1050	<	if (!IsBursted(target_p) && target_p->from != client_p)
1050	>	if (!HasFlag(target_p, FLAGS_BURSTED) && target_p->from != client_p)
1051		sendnick_TS(client_p, target_p);
1052
1053	<	ClearBursted(target_p);
1053	>	DelFlag(target_p, FLAGS_BURSTED);
1054		}
1055
1056		/* We send the time we started the burst, and let the remote host determine an EOB time,
#	Line 1477 | Line 1092 | send_tb(struct Client *client_p, struct
1092		sendto_one(client_p, ":%s TBURST %lu %s %lu %s :%s",
1093		me.name, (unsigned long)chptr->channelts, chptr->chname,
1094		(unsigned long)chptr->topic_time,
1095	<	chptr->topic_info ? chptr->topic_info : "",
1096	<	chptr->topic ? chptr->topic : "");
1095	>	chptr->topic_info,
1096	>	chptr->topic);
1097		else if (IsCapable(client_p, CAP_TB))
1098		{
1099		if (ConfigChannel.burst_topicwho)
#	Line 1486 | Line 1101 | send_tb(struct Client *client_p, struct
1101		sendto_one(client_p, ":%s TB %s %lu %s :%s",
1102		me.name, chptr->chname,
1103		(unsigned long)chptr->topic_time,
1104	<	chptr->topic_info, chptr->topic ? chptr->topic : "");
1104	>	chptr->topic_info, chptr->topic);
1105		}
1106		else
1107		{
1108		sendto_one(client_p, ":%s TB %s %lu :%s",
1109		me.name, chptr->chname,
1110		(unsigned long)chptr->topic_time,
1111	<	chptr->topic ? chptr->topic : "");
1111	>	chptr->topic);
1112		}
1113		}
1114		}
#	Line 1518 | Line 1133 | burst_members(struct Client *client_p, s
1133		ms       = ptr->data;
1134		target_p = ms->client_p;
1135
1136	<	if (!IsBursted(target_p))
1136	>	if (!HasFlag(target_p, FLAGS_BURSTED))
1137		{
1138	<	SetBursted(target_p);
1138	>	AddFlag(target_p, FLAGS_BURSTED);
1139
1140		if (target_p->from != client_p)
1141		sendnick_TS(client_p, target_p);
#	Line 1570 | Line 1185 | serv_connect(struct AccessItem *aconf, s
1185		/* log */
1186		getnameinfo((struct sockaddr *)&aconf->ipnum, aconf->ipnum.ss_len,
1187		buf, sizeof(buf), NULL, 0, NI_NUMERICHOST);
1188	<	ilog(L_NOTICE, "Connect to %s[%s] @%s", aconf->user, aconf->host,
1188	>	ilog(LOG_TYPE_IRCD, "Connect to %s[%s] @%s", aconf->user, aconf->host,
1189		buf);
1190
1191		/* Still processing a DNS lookup? -> exit */
#	Line 1593 | Line 1208 | serv_connect(struct AccessItem *aconf, s
1208		/* Make sure this server isn't already connected
1209		* Note: aconf should ALWAYS be a valid C: line
1210		*/
1211	<	if ((client_p = find_server(conf->name)) != NULL)
1211	>	if ((client_p = hash_find_server(conf->name)) != NULL)
1212		{
1213		sendto_realops_flags(UMODE_ALL, L_ADMIN,
1214		"Server %s already present from %s",
#	Line 1749 | Line 1364 | serv_connect(struct AccessItem *aconf, s
1364		return (1);
1365		}
1366
1367	+	#ifdef HAVE_LIBCRYPTO
1368	+	static void
1369	+	finish_ssl_server_handshake(struct Client *client_p)
1370	+	{
1371	+	struct ConfItem *conf=NULL;
1372	+	struct AccessItem *aconf=NULL;
1373	+
1374	+	conf = find_conf_name(&client_p->localClient->confs,
1375	+	client_p->name, SERVER_TYPE);
1376	+	if (conf == NULL)
1377	+	{
1378	+	sendto_realops_flags(UMODE_ALL, L_ADMIN,
1379	+	"Lost connect{} block for %s", get_client_name(client_p, HIDE_IP));
1380	+	sendto_realops_flags(UMODE_ALL, L_OPER,
1381	+	"Lost connect{} block for %s", get_client_name(client_p, MASK_IP));
1382	+
1383	+	exit_client(client_p, &me, "Lost connect{} block");
1384	+	return;
1385	+	}
1386	+
1387	+	aconf = map_to_conf(conf);
1388	+
1389	+	/* jdc -- Check and send spasswd, not passwd. */
1390	+	if (!EmptyString(aconf->spasswd))
1391	+	sendto_one(client_p, "PASS %s TS %d %s",
1392	+	aconf->spasswd, TS_CURRENT, me.id);
1393	+
1394	+	send_capabilities(client_p, aconf,
1395	+	(IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0));
1396	+
1397	+	sendto_one(client_p, "SERVER %s 1 :%s%s",
1398	+	me.name, ConfigServerHide.hidden ? "(H) " : "",
1399	+	me.info);
1400	+
1401	+	/* If we've been marked dead because a send failed, just exit
1402	+	* here now and save everyone the trouble of us ever existing.
1403	+	*/
1404	+	if (IsDead(client_p))
1405	+	{
1406	+	sendto_realops_flags(UMODE_ALL, L_ADMIN,
1407	+	"%s[%s] went dead during handshake",
1408	+	client_p->name,
1409	+	client_p->host);
1410	+	sendto_realops_flags(UMODE_ALL, L_OPER,
1411	+	"%s went dead during handshake", client_p->name);
1412	+	return;
1413	+	}
1414	+
1415	+	/* don't move to serv_list yet -- we haven't sent a burst! */
1416	+	/* If we get here, we're ok, so lets start reading some data */
1417	+	comm_setselect(&client_p->localClient->fd, COMM_SELECT_READ, read_packet, client_p, 0);
1418	+	}
1419	+
1420	+	static void
1421	+	ssl_server_handshake(fde_t *fd, struct Client *client_p)
1422	+	{
1423	+	int ret;
1424	+	int err;
1425	+
1426	+	ret = SSL_connect(client_p->localClient->fd.ssl);
1427	+
1428	+	if (ret <= 0)
1429	+	{
1430	+	switch ((err = SSL_get_error(client_p->localClient->fd.ssl, ret)))
1431	+	{
1432	+	case SSL_ERROR_WANT_WRITE:
1433	+	comm_setselect(&client_p->localClient->fd, COMM_SELECT_WRITE,
1434	+	(PF *)ssl_server_handshake, client_p, 0);
1435	+	return;
1436	+	case SSL_ERROR_WANT_READ:
1437	+	comm_setselect(&client_p->localClient->fd, COMM_SELECT_READ,
1438	+	(PF *)ssl_server_handshake, client_p, 0);
1439	+	return;
1440	+	default:
1441	+	{
1442	+	const char *sslerr = ERR_error_string(ERR_get_error(), NULL);
1443	+	sendto_realops_flags(UMODE_ALL, L_ALL,
1444	+	"Error connecting to %s: %s", client_p->name,
1445	+	sslerr ? sslerr : "unknown SSL error");
1446	+	exit_client(client_p, client_p, "Error during SSL handshake");
1447	+	return;
1448	+	}
1449	+	}
1450	+	}
1451	+
1452	+	finish_ssl_server_handshake(client_p);
1453	+	}
1454	+
1455	+	static void
1456	+	ssl_connect_init(struct Client *client_p, struct AccessItem *aconf, fde_t *fd)
1457	+	{
1458	+	if ((client_p->localClient->fd.ssl = SSL_new(ServerInfo.client_ctx)) == NULL)
1459	+	{
1460	+	ilog(LOG_TYPE_IRCD, "SSL_new() ERROR! -- %s",
1461	+	ERR_error_string(ERR_get_error(), NULL));
1462	+	SetDead(client_p);
1463	+	exit_client(client_p, client_p, "SSL_new failed");
1464	+	return;
1465	+	}
1466	+
1467	+	SSL_set_fd(fd->ssl, fd->fd);
1468	+
1469	+	if (!EmptyString(aconf->cipher_list))
1470	+	SSL_set_cipher_list(client_p->localClient->fd.ssl, aconf->cipher_list);
1471	+
1472	+	ssl_server_handshake(NULL, client_p);
1473	+	}
1474	+	#endif
1475	+
1476		/* serv_connect_callback() - complete a server connection.
1477		*
1478		* This routine is called after the server connection attempt has
#	Line 1812 | Line 1536 | serv_connect_callback(fde_t *fd, int sta
1536		return;
1537		}
1538
1539	<	aconf = (struct AccessItem *)map_to_conf(conf);
1539	>	aconf = map_to_conf(conf);
1540		/* Next, send the initial handshake */
1541		SetHandshake(client_p);
1542
1543		#ifdef HAVE_LIBCRYPTO
1544	<	/* Handle all CRYPTLINK links in cryptlink_init */
1821	<	if (IsConfCryptLink(aconf))
1544	>	if (IsConfSSL(aconf))
1545		{
1546	<	cryptlink_init(client_p, conf, fd);
1546	>	ssl_connect_init(client_p, aconf, fd);
1547		return;
1548		}
1549		#endif
1550
1551		/* jdc -- Check and send spasswd, not passwd. */
1552		if (!EmptyString(aconf->spasswd))
1830	–	/* Send TS 6 form only if id */
1553		sendto_one(client_p, "PASS %s TS %d %s",
1554		aconf->spasswd, TS_CURRENT, me.id);
1555
1834	–	/* Pass my info to the new server
1835	–	*
1836	–	* Pass on ZIP if supported
1837	–	* Pass on TB if supported.
1838	–	* - Dianora
1839	–	*/
1556		send_capabilities(client_p, aconf,
1557	<	(IsConfCompressed(aconf) ? CAP_ZIP : 0)
1842	<	| (IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0), 0);
1557	>	(IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0));
1558
1559		sendto_one(client_p, "SERVER %s 1 :%s%s",
1560		me.name, ConfigServerHide.hidden ? "(H) " : "",
#	Line 1881 | Line 1596 | find_servconn_in_progress(const char *na
1596
1597		return NULL;
1598		}
1884	–
1885	–	#ifdef HAVE_LIBCRYPTO
1886	–	/*
1887	–	* sends a CRYPTLINK SERV command.
1888	–	*/
1889	–	void
1890	–	cryptlink_init(struct Client *client_p, struct ConfItem *conf, fde_t *fd)
1891	–	{
1892	–	struct AccessItem *aconf;
1893	–	char *encrypted;
1894	–	unsigned char *key_to_send;
1895	–	char randkey[CIPHERKEYLEN];
1896	–	int enc_len;
1897	–
1898	–	/* get key */
1899	–	if ((!ServerInfo.rsa_private_key) ||
1900	–	(!RSA_check_key(ServerInfo.rsa_private_key)) )
1901	–	{
1902	–	cryptlink_error(client_p, "SERV", "Invalid RSA private key",
1903	–	"Invalid RSA private key");
1904	–	return;
1905	–	}
1906	–
1907	–	aconf = (struct AccessItem *)map_to_conf(conf);
1908	–
1909	–	if (aconf->rsa_public_key == NULL)
1910	–	{
1911	–	cryptlink_error(client_p, "SERV", "Invalid RSA public key",
1912	–	"Invalid RSA public key");
1913	–	return;
1914	–	}
1915	–
1916	–	if (get_randomness((unsigned char *)randkey, CIPHERKEYLEN) != 1)
1917	–	{
1918	–	cryptlink_error(client_p, "SERV", "Couldn't generate keyphrase",
1919	–	"Couldn't generate keyphrase");
1920	–	return;
1921	–	}
1922	–
1923	–	encrypted = MyMalloc(RSA_size(ServerInfo.rsa_private_key));
1924	–	enc_len   = RSA_public_encrypt(CIPHERKEYLEN,
1925	–	(unsigned char *)randkey,
1926	–	(unsigned char *)encrypted,
1927	–	aconf->rsa_public_key,
1928	–	RSA_PKCS1_PADDING);
1929	–
1930	–	memcpy(client_p->localClient->in_key, randkey, CIPHERKEYLEN);
1931	–
1932	–	if (enc_len <= 0)
1933	–	{
1934	–	report_crypto_errors();
1935	–	MyFree(encrypted);
1936	–	cryptlink_error(client_p, "SERV", "Couldn't encrypt data",
1937	–	"Couldn't encrypt data");
1938	–	return;
1939	–	}
1940	–
1941	–	if (!(base64_block(&key_to_send, encrypted, enc_len)))
1942	–	{
1943	–	MyFree(encrypted);
1944	–	cryptlink_error(client_p, "SERV", "Couldn't base64 encode key",
1945	–	"Couldn't base64 encode key");
1946	–	return;
1947	–	}
1948	–
1949	–	send_capabilities(client_p, aconf,
1950	–	(IsConfCompressed(aconf) ? CAP_ZIP : 0)
1951	–	| (IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0), CAP_ENC_MASK);
1952	–
1953	–	sendto_one(client_p, "PASS . TS %d %s", TS_CURRENT, me.id);
1954	–	sendto_one(client_p, "CRYPTLINK SERV %s %s :%s%s",
1955	–	me.name, key_to_send,
1956	–	ConfigServerHide.hidden ? "(H) " : "", me.info);
1957	–
1958	–	SetHandshake(client_p);
1959	–	SetWaitAuth(client_p);
1960	–
1961	–	MyFree(encrypted);
1962	–	MyFree(key_to_send);
1963	–
1964	–	if (IsDead(client_p))
1965	–	cryptlink_error(client_p, "SERV", "Went dead during handshake",
1966	–	"Went dead during handshake");
1967	–	else if (fd != NULL)
1968	–	/* If we get here, we're ok, so lets start reading some data */
1969	–	comm_setselect(fd, COMM_SELECT_READ, read_packet, client_p, 0);
1970	–	}
1971	–
1972	–	void
1973	–	cryptlink_error(struct Client *client_p, const char *type,
1974	–	const char *reason, const char *client_reason)
1975	–	{
1976	–	sendto_realops_flags(UMODE_ALL, L_ADMIN, "%s: CRYPTLINK %s error - %s",
1977	–	get_client_name(client_p, SHOW_IP), type, reason);
1978	–	sendto_realops_flags(UMODE_ALL, L_OPER,  "%s: CRYPTLINK %s error - %s",
1979	–	get_client_name(client_p, MASK_IP), type, reason);
1980	–	ilog(L_ERROR, "%s: CRYPTLINK %s error - %s",
1981	–	get_client_name(client_p, SHOW_IP), type, reason);
1982	–
1983	–	/* If client_reason isn't NULL, then exit the client with the message
1984	–	* defined in the call.
1985	–	*/
1986	–	if ((client_reason != NULL) && (!IsDead(client_p)))
1987	–	exit_client(client_p, &me, client_reason);
1988	–	}
1989	–
1990	–	static char base64_chars[] =
1991	–	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
1992	–
1993	–	static char base64_values[] =
1994	–	{
1995	–	/* 00-15   */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1996	–	/* 16-31   */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
1997	–	/* 32-47   */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
1998	–	/* 48-63   */ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1,  0, -1, -1,
1999	–	/* 64-79   */ -1,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14,
2000	–	/* 80-95   */ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
2001	–	/* 96-111  */ -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
2002	–	/* 112-127 */ 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1,
2003	–	/* 128-143 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2004	–	/* 144-159 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2005	–	/* 160-175 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2006	–	/* 186-191 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2007	–	/* 192-207 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2008	–	/* 208-223 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2009	–	/* 224-239 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2010	–	/* 240-255 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
2011	–	};
2012	–
2013	–	/*
2014	–	* base64_block will allocate and return a new block of memory
2015	–	* using MyMalloc().  It should be freed after use.
2016	–	*/
2017	–	int
2018	–	base64_block(unsigned char **output, char *data, int len)
2019	–	{
2020	–	unsigned char *out;
2021	–	unsigned char *in = (unsigned char*)data;
2022	–	unsigned long int q_in;
2023	–	int i;
2024	–	int count = 0;
2025	–
2026	–	out = MyMalloc(((((len + 2) - ((len + 2) % 3)) / 3) * 4) + 1);
2027	–
2028	–	/* process 24 bits at a time */
2029	–	for( i = 0; i < len; i += 3)
2030	–	{
2031	–	q_in = 0;
2032	–
2033	–	if ( i + 2 < len )
2034	–	{
2035	–	q_in  = (in[i+2] & 0xc0) << 2;
2036	–	q_in |=  in[i+2];
2037	–	}
2038	–
2039	–	if ( i + 1 < len )
2040	–	{
2041	–	q_in |= (in[i+1] & 0x0f) << 10;
2042	–	q_in |= (in[i+1] & 0xf0) << 12;
2043	–	}
2044	–
2045	–	q_in |= (in[i]   & 0x03) << 20;
2046	–	q_in |=  in[i]           << 22;
2047	–
2048	–	q_in &= 0x3f3f3f3f;
2049	–
2050	–	out[count++] = base64_chars[((q_in >> 24)       )];
2051	–	out[count++] = base64_chars[((q_in >> 16) & 0xff)];
2052	–	out[count++] = base64_chars[((q_in >>  8) & 0xff)];
2053	–	out[count++] = base64_chars[((q_in      ) & 0xff)];
2054	–	}
2055	–	if ( (i - len) > 0 )
2056	–	{
2057	–	out[count-1] = '=';
2058	–	if ( (i - len) > 1 )
2059	–	out[count-2] = '=';
2060	–	}
2061	–
2062	–	out[count] = '\0';
2063	–	*output = out;
2064	–	return (count);
2065	–	}
2066	–
2067	–	/*
2068	–	* unbase64_block will allocate and return a new block of memory
2069	–	* using MyMalloc().  It should be freed after use.
2070	–	*/
2071	–	int
2072	–	unbase64_block(unsigned char **output, char *data, int len)
2073	–	{
2074	–	unsigned char *out;
2075	–	unsigned char *in = (unsigned char*)data;
2076	–	unsigned long int q_in;
2077	–	int i;
2078	–	int count = 0;
2079	–
2080	–	if ((len % 4) != 0)
2081	–	return (0);
2082	–
2083	–	out = MyMalloc(((len / 4) * 3) + 1);
2084	–
2085	–	/* process 32 bits at a time */
2086	–	for( i = 0; (i + 3) < len; i+=4)
2087	–	{
2088	–	/* compress input (chars a, b, c and d) as follows:
2089	–	* (after converting ascii -> base64 value)
2090	–	*
2091	–	* |00000000aaaaaabbbbbbccccccdddddd|
2092	–	* |  765432  107654  321076  543210|
2093	–	*/
2094	–
2095	–	q_in = 0;
2096	–
2097	–	if (base64_values[in[i+3]] > -1)
2098	–	q_in |= base64_values[in[i+3]]      ;
2099	–	if (base64_values[in[i+2]] > -1)
2100	–	q_in |= base64_values[in[i+2]] <<  6;
2101	–	if (base64_values[in[i+1]] > -1)
2102	–	q_in |= base64_values[in[i+1]] << 12;
2103	–	if (base64_values[in[i  ]] > -1)
2104	–	q_in |= base64_values[in[i  ]] << 18;
2105	–
2106	–	out[count++] = (q_in >> 16) & 0xff;
2107	–	out[count++] = (q_in >>  8) & 0xff;
2108	–	out[count++] = (q_in      ) & 0xff;
2109	–	}
2110	–
2111	–	if (in[i-1] == '=') count--;
2112	–	if (in[i-2] == '=') count--;
2113	–
2114	–	out[count] = '\0';
2115	–	*output = out;
2116	–	return (count);
2117	–	}
2118	–
2119	–	#endif /* HAVE_LIBCRYPTO */
2120	–

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines (old)
>	Changed lines (new)