ViewVC Help

View File | Revision Log | Show Annotations | View Changeset | Root Listing

root/svn/ircd-hybrid/trunk/src/server.c

Comparing ircd-hybrid-8/src/s_serv.c (file contents):
Revision 1294 by michael, Wed Feb 22 20:48:30 2012 UTC vs.
Revision 1325 by michael, Sat Mar 31 10:29:02 2012 UTC

#	Line 43 | Line 43
43		#include "numeric.h"
44		#include "packet.h"
45		#include "irc_res.h"
46	<	#include "s_conf.h"
46	>	#include "conf.h"
47		#include "s_serv.h"
48	<	#include "s_log.h"
48	>	#include "log.h"
49	>	#include "s_misc.h"
50		#include "s_user.h"
51		#include "send.h"
52		#include "memory.h"
#	Line 56 | Line 57
57
58		static dlink_list cap_list = { NULL, NULL, 0 };
59		static void server_burst(struct Client *);
59	–	static int fork_server(struct Client *);
60		static void burst_all(struct Client *);
61		static void send_tb(struct Client *client_p, struct Channel *chptr);
62
63		static CNCB serv_connect_callback;
64
65	–	static void start_io(struct Client *);
65		static void burst_members(struct Client *, struct Channel *);
66
68	–	static SlinkRplHnd slink_error;
69	–	static SlinkRplHnd slink_zipstats;
70	–
71	–
72	–	#ifdef HAVE_LIBCRYPTO
73	–	struct EncCapability CipherTable[] =
74	–	{
75	–	#ifdef HAVE_EVP_BF_CFB
76	–	{ "BF/168",     CAP_ENC_BF_168,     24, CIPHER_BF     },
77	–	{ "BF/128",     CAP_ENC_BF_128,     16, CIPHER_BF     },
78	–	#endif
79	–	#ifdef HAVE_EVP_CAST5_CFB
80	–	{ "CAST/128",   CAP_ENC_CAST_128,   16, CIPHER_CAST   },
81	–	#endif
82	–	#ifdef HAVE_EVP_IDEA_CFB
83	–	{ "IDEA/128",   CAP_ENC_IDEA_128,   16, CIPHER_IDEA   },
84	–	#endif
85	–	#ifdef HAVE_EVP_RC5_32_12_16_CFB
86	–	{ "RC5.16/128", CAP_ENC_RC5_16_128, 16, CIPHER_RC5_16 },
87	–	{ "RC5.12/128", CAP_ENC_RC5_12_128, 16, CIPHER_RC5_12 },
88	–	{ "RC5.8/128",  CAP_ENC_RC5_8_128,  16, CIPHER_RC5_8  },
89	–	#endif
90	–	#ifdef HAVE_EVP_DES_EDE3_CFB
91	–	{ "3DES/168",   CAP_ENC_3DES_168,   24, CIPHER_3DES   },
92	–	#endif
93	–	#ifdef HAVE_EVP_DES_CFB
94	–	{ "DES/56",     CAP_ENC_DES_56,      8, CIPHER_DES    },
95	–	#endif
96	–	{ 0,            0,                   0, 0             }
97	–	};
98	–	#endif
99	–
100	–	struct SlinkRplDef slinkrpltab[] = {
101	–	{ SLINKRPL_ERROR,    slink_error,    SLINKRPL_FLAG_DATA },
102	–	{ SLINKRPL_ZIPSTATS, slink_zipstats, SLINKRPL_FLAG_DATA },
103	–	{ 0,                 0,              0 },
104	–	};
105	–
106	–
107	–	void
108	–	slink_error(unsigned int rpl, unsigned int len, unsigned char *data,
109	–	struct Client *server_p)
110	–	{
111	–	assert(rpl == SLINKRPL_ERROR);
112	–	assert(len < 256);
113	–
114	–	data[len-1] = '\0';
115	–
116	–	sendto_realops_flags(UMODE_ALL, L_ALL, "SlinkError for %s: %s",
117	–	server_p->name, data);
118	–	/* XXX should this be exit_client? */
119	–	exit_client(server_p, &me, "servlink error -- terminating link");
120	–	}
121	–
122	–	void
123	–	slink_zipstats(unsigned int rpl, unsigned int len, unsigned char *data,
124	–	struct Client *server_p)
125	–	{
126	–	struct ZipStats zipstats;
127	–	uint64_t in = 0, in_wire = 0, out = 0, out_wire = 0;
128	–	int i = 0;
129	–
130	–	assert(rpl == SLINKRPL_ZIPSTATS);
131	–	assert(len == 16);
132	–	assert(IsCapable(server_p, CAP_ZIP));
133	–
134	–	/* Yes, it needs to be done this way, no we cannot let the compiler
135	–	* work with the pointer to the structure.  This works around a GCC
136	–	* bug on SPARC that affects all versions at the time of this writing.
137	–	* I will feed you to the creatures living in RMS's beard if you do
138	–	* not leave this as is, without being sure that you are not causing
139	–	* regression for most of our installed SPARC base.
140	–	* -jmallett, 04/27/2002
141	–	*/
142	–	memcpy(&zipstats, &server_p->localClient->zipstats, sizeof(struct ZipStats));
143	–
144	–	in |= (data[i++] << 24);
145	–	in |= (data[i++] << 16);
146	–	in |= (data[i++] <<  8);
147	–	in |= (data[i++]      );
148	–
149	–	in_wire |= (data[i++] << 24);
150	–	in_wire |= (data[i++] << 16);
151	–	in_wire |= (data[i++] <<  8);
152	–	in_wire |= (data[i++]      );
153	–
154	–	out |= (data[i++] << 24);
155	–	out |= (data[i++] << 16);
156	–	out |= (data[i++] <<  8);
157	–	out |= (data[i++]      );
158	–
159	–	out_wire |= (data[i++] << 24);
160	–	out_wire |= (data[i++] << 16);
161	–	out_wire |= (data[i++] <<  8);
162	–	out_wire |= (data[i++]      );
163	–
164	–	/* This macro adds b to a if a plus b is not an overflow, and sets the
165	–	* value of a to b if it is.
166	–	* Add and Set if No Overflow.
167	–	*/
168	–	#define ASNO(a, b) a = (a + b >= a ? a + b : b)
169	–
170	–	ASNO(zipstats.in, in);
171	–	ASNO(zipstats.out, out);
172	–	ASNO(zipstats.in_wire, in_wire);
173	–	ASNO(zipstats.out_wire, out_wire);
174	–
175	–	if (zipstats.in > 0)
176	–	zipstats.in_ratio = (((double)(zipstats.in - zipstats.in_wire) /
177	–	(double)zipstats.in) * 100.00);
178	–	else
179	–	zipstats.in_ratio = 0;
180	–
181	–	if (zipstats.out > 0)
182	–	zipstats.out_ratio = (((double)(zipstats.out - zipstats.out_wire) /
183	–	(double)zipstats.out) * 100.00);
184	–	else
185	–	zipstats.out_ratio = 0;
186	–
187	–	memcpy(&server_p->localClient->zipstats, &zipstats, sizeof(struct ZipStats));
188	–	}
189	–
190	–	void
191	–	collect_zipstats(void *unused)
192	–	{
193	–	dlink_node *ptr = NULL;
194	–
195	–	DLINK_FOREACH(ptr, serv_list.head)
196	–	{
197	–	struct Client *target_p = ptr->data;
198	–
199	–	if (IsCapable(target_p, CAP_ZIP))
200	–	{
201	–	/* only bother if we haven't already got something queued... */
202	–	if (!target_p->localClient->slinkq)
203	–	{
204	–	target_p->localClient->slinkq     = MyMalloc(1); /* sigh.. */
205	–	target_p->localClient->slinkq[0]  = SLINKCMD_ZIPSTATS;
206	–	target_p->localClient->slinkq_ofs = 0;
207	–	target_p->localClient->slinkq_len = 1;
208	–	send_queued_slink_write(target_p);
209	–	}
210	–	}
211	–	}
212	–	}
213	–
214	–	#ifdef HAVE_LIBCRYPTO
215	–	struct EncCapability *
216	–	check_cipher(struct Client *client_p, struct AccessItem *aconf)
217	–	{
218	–	struct EncCapability *epref = NULL;
219	–
220	–	/* Use connect{} specific info if available */
221	–	if (aconf->cipher_preference)
222	–	epref = aconf->cipher_preference;
223	–	else if (ConfigFileEntry.default_cipher_preference)
224	–	epref = ConfigFileEntry.default_cipher_preference;
225	–
226	–	/*
227	–	* If the server supports the capability in hand, return the matching
228	–	* conf struct.  Otherwise, return NULL (an error).
229	–	*/
230	–	if (epref && IsCapableEnc(client_p, epref->cap))
231	–	return epref;
232	–
233	–	return NULL;
234	–	}
235	–	#endif /* HAVE_LIBCRYPTO */
236	–
67		/*
68		* write_links_file
69		*
#	Line 251 | Line 81 | write_links_file(void* notused)
81		MessageFileLine *newMessageLine = 0;
82		MessageFile *MessageFileptr;
83		const char *p;
84	<	FBFILE *file;
84	>	FILE *file;
85		char buff[512];
86		dlink_node *ptr;
87
88		MessageFileptr = &ConfigFileEntry.linksfile;
89
90	<	if ((file = fbopen(MessageFileptr->fileName, "w")) == NULL)
90	>	if ((file = fopen(MessageFileptr->fileName, "w")) == NULL)
91		return;
92
93		for (mptr = MessageFileptr->contentsOfFile; mptr; mptr = next_mptr)
#	Line 271 | Line 101 | write_links_file(void* notused)
101
102		DLINK_FOREACH(ptr, global_serv_list.head)
103		{
104	<	size_t nbytes = 0;
275	<	struct Client *target_p = ptr->data;
104	>	const struct Client *target_p = ptr->data;
105
106		/* skip ourselves, we send ourselves in /links */
107		if (IsMe(target_p))
#	Line 303 | Line 132 | write_links_file(void* notused)
132		*/
133		assert(strlen(target_p->name) + strlen(me.name) + 6 + strlen(p) <=
134		MESSAGELINELEN);
135	<	ircsprintf(newMessageLine->line, "%s %s :1 %s",
136	<	target_p->name, me.name, p);
135	>	snprintf(newMessageLine->line, sizeof(newMessageLine->line), "%s %s :1 %s",
136	>	target_p->name, me.name, p);
137		newMessageLine->next = NULL;
138
139		if (MessageFileptr->contentsOfFile)
#	Line 319 | Line 148 | write_links_file(void* notused)
148		currentMessageLine = newMessageLine;
149		}
150
151	<	nbytes = ircsprintf(buff, "%s %s :1 %s\n", target_p->name, me.name, p);
152	<	fbputs(buff, file, nbytes);
151	>	snprintf(buff, sizeof(buff), "%s %s :1 %s\n", target_p->name, me.name, p);
152	>	fputs(buff, file);
153		}
154
155	<	fbclose(file);
155	>	fclose(file);
156		}
157
158		/* hunt_server()
#	Line 565 | Line 394 | valid_servname(const char *name)
394		}
395
396		int
397	<	check_server(const char *name, struct Client *client_p, int cryptlink)
397	>	check_server(const char *name, struct Client *client_p)
398		{
399		dlink_node *ptr;
400		struct ConfItem *conf           = NULL;
#	Line 599 | Line 428 | check_server(const char *name, struct Cl
428		match(aconf->host, client_p->sockhost))
429		{
430		error = -2;
602	–	#ifdef HAVE_LIBCRYPTO
603	–	if (cryptlink && IsConfCryptLink(aconf))
604	–	{
605	–	if (aconf->rsa_public_key)
606	–	server_conf = conf;
607	–	}
608	–	else if (!(cryptlink || IsConfCryptLink(aconf)))
609	–	#endif /* HAVE_LIBCRYPTO */
431		{
432		/* A NULL password is as good as a bad one */
433		if (EmptyString(client_p->localClient->passwd))
#	Line 658 | Line 479 | check_server(const char *name, struct Cl
479
480		server_aconf = map_to_conf(server_conf);
481
661	–	#ifdef HAVE_LIBZ /* otherwise, clear it unconditionally */
662	–	if (!IsConfCompressed(server_aconf))
663	–	#endif
664	–	ClearCap(client_p, CAP_ZIP);
665	–	if (!IsConfCryptLink(server_aconf))
666	–	ClearCap(client_p, CAP_ENC);
482		if (!IsConfTopicBurst(server_aconf))
483		{
484		ClearCap(client_p, CAP_TB);
#	Line 781 | Line 596 | find_capability(const char *capab)
596		* inputs       - Client pointer to send to
597		*              - Pointer to AccessItem (for crypt)
598		*              - int flag of capabilities that this server can send
784	–	*              - int flag of encryption capabilities
599		* output       - NONE
600		* side effects - send the CAPAB line to a server  -orabidoo
601		*
602		*/
603		void
604		send_capabilities(struct Client *client_p, struct AccessItem *aconf,
605	<	int cap_can_send, int enc_can_send)
605	>	int cap_can_send)
606		{
607		struct Capability *cap=NULL;
608		char msgbuf[IRCD_BUFSIZE];
609		char *t;
610		int tl;
611		dlink_node *ptr;
798	–	#ifdef HAVE_LIBCRYPTO
799	–	const struct EncCapability *epref = NULL;
800	–	char *capend;
801	–	int sent_cipher = 0;
802	–	#endif
612
613		t = msgbuf;
614
#	Line 813 | Line 622 | send_capabilities(struct Client *client_
622		t += tl;
623		}
624		}
816	–	#ifdef HAVE_LIBCRYPTO
817	–	if (enc_can_send)
818	–	{
819	–	capend = t;
820	–	strcpy(t, "ENC:");
821	–	t += 4;
822	–
823	–	/* use connect{} specific info if available */
824	–	if (aconf->cipher_preference)
825	–	epref = aconf->cipher_preference;
826	–	else if (ConfigFileEntry.default_cipher_preference)
827	–	epref = ConfigFileEntry.default_cipher_preference;
625
829	–	if (epref && (epref->cap & enc_can_send))
830	–	{
831	–	/* Leave the space -- it is removed later. */
832	–	tl = ircsprintf(t, "%s ", epref->name);
833	–	t += tl;
834	–	sent_cipher = 1;
835	–	}
836	–
837	–	if (!sent_cipher)
838	–	t = capend; /* truncate string before ENC:, below */
839	–	}
840	–	#endif
626		*(t - 1) = '\0';
627		sendto_one(client_p, "CAPAB :%s", msgbuf);
628		}
#	Line 933 | Line 718 | show_capabilities(struct Client *target_
718		if (IsCapable(target_p, cap->cap))
719		t += ircsprintf(t, "%s ", cap->name);
720		}
936	–	#ifdef HAVE_LIBCRYPTO
937	–	if (IsCapable(target_p, CAP_ENC) &&
938	–	target_p->localClient->in_cipher &&
939	–	target_p->localClient->out_cipher)
940	–	t += ircsprintf(t, "ENC:%s ",
941	–	target_p->localClient->in_cipher->name);
942	–	#endif
943	–	*(t - 1) = '\0';
721
722	<	return(msgbuf);
722	>	*(t - 1) = '\0';
723	>	return msgbuf;
724		}
725
726		/* make_server()
#	Line 977 | Line 755 | server_estab(struct Client *client_p)
755		const char *inpath;
756		static char inpath_ip[HOSTLEN * 2 + USERLEN + 6];
757		dlink_node *ptr;
758	+	#ifdef HAVE_LIBCRYPTO
759	+	const COMP_METHOD *compression = NULL, *expansion = NULL;
760	+	#endif
761
762		assert(client_p != NULL);
763
#	Line 1017 | Line 798 | server_estab(struct Client *client_p)
798
799		aconf = map_to_conf(conf);
800
801	<	if (IsUnknown(client_p) && !IsConfCryptLink(aconf))
801	>	if (IsUnknown(client_p))
802		{
803		/* jdc -- 1.  Use EmptyString(), not [0] index reference.
804		*        2.  Check aconf->spasswd, not aconf->passwd.
#	Line 1034 | Line 815 | server_estab(struct Client *client_p)
815		*/
816
817		send_capabilities(client_p, aconf,
818	<	(IsConfCompressed(aconf) ? CAP_ZIP : 0)
1038	<	| (IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0), 0);
818	>	(IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0));
819
1040	–	/* SERVER is the last command sent before switching to ziplinks.
1041	–	* We set TCPNODELAY on the socket to make sure it gets sent out
1042	–	* on the wire immediately.  Otherwise, it could be sitting in
1043	–	* a kernel buffer when we start sending zipped data, and the
1044	–	* parser on the receiving side can't hand both unzipped and zipped
1045	–	* data in one packet. --Rodder
1046	–	*
1047	–	* currently we only need to call send_queued_write,
1048	–	* Nagle is already disabled at this point --adx
1049	–	*/
820		sendto_one(client_p, "SERVER %s 1 :%s%s",
821		me.name, ConfigServerHide.hidden ? "(H) " : "", me.info);
1052	–	send_queued_write(client_p);
1053	–	}
1054	–
1055	–	/* Hand the server off to servlink now */
1056	–	if (IsCapable(client_p, CAP_ENC) || IsCapable(client_p, CAP_ZIP))
1057	–	{
1058	–	if (fork_server(client_p) < 0)
1059	–	{
1060	–	sendto_realops_flags(UMODE_ALL, L_ADMIN,
1061	–	"Warning: fork failed for server %s -- check servlink_path (%s)",
1062	–	get_client_name(client_p, HIDE_IP), ConfigFileEntry.servlink_path);
1063	–	sendto_realops_flags(UMODE_ALL, L_OPER, "Warning: fork failed for server "
1064	–	"%s -- check servlink_path (%s)",
1065	–	get_client_name(client_p, MASK_IP),
1066	–	ConfigFileEntry.servlink_path);
1067	–	exit_client(client_p, &me, "fork failed");
1068	–	return;
1069	–	}
1070	–
1071	–	start_io(client_p);
1072	–	SetServlink(client_p);
822		}
823
824		sendto_one(client_p, "SVINFO %d %d 0 :%lu", TS_CURRENT, TS_MIN,
#	Line 1122 | Line 871 | server_estab(struct Client *client_p)
871		/* fixing eob timings.. -gnp */
872		client_p->localClient->firsttime = CurrentTime;
873
1125	–
874		if (find_matching_name_conf(SERVICE_TYPE, client_p->name, NULL, NULL, 0))
875		AddFlag(client_p, FLAGS_SERVICE);
876
877		/* Show the real host/IP to admins */
878	<	sendto_realops_flags(UMODE_ALL, L_ADMIN,
879	<	"Link with %s established: (%s) link",
1132	<	inpath_ip,show_capabilities(client_p));
1133	<	/* Now show the masked hostname/IP to opers */
1134	<	sendto_realops_flags(UMODE_ALL, L_OPER,
1135	<	"Link with %s established: (%s) link",
1136	<	inpath,show_capabilities(client_p));
1137	<	ilog(LOG_TYPE_IRCD, "Link with %s established: (%s) link",
1138	<	inpath_ip, show_capabilities(client_p));
1139	<
1140	<	client_p->serv->sconf = conf;
1141	<
1142	<	if (HasServlink(client_p))
878	>	#ifdef HAVE_LIBCRYPTO
879	>	if (client_p->localClient->fd.ssl)
880		{
881	<	/* we won't overflow FD_DESC_SZ here, as it can hold
882	<	* client_p->name + 64
883	<	*/
884	<	fd_note(&client_p->localClient->fd, "slink data: %s", client_p->name);
885	<	fd_note(&client_p->localClient->ctrlfd, "slink ctrl: %s", client_p->name);
881	>	compression = SSL_get_current_compression(client_p->localClient->fd.ssl);
882	>	expansion   = SSL_get_current_expansion(client_p->localClient->fd.ssl);
883	>
884	>	sendto_realops_flags(UMODE_ALL, L_ADMIN,
885	>	"Link with %s established: [SSL: %s, Compression/Expansion method: %s/%s] (Capabilities: %s)",
886	>	inpath_ip, ssl_get_cipher(client_p->localClient->fd.ssl),
887	>	compression ? SSL_COMP_get_name(compression) : "NONE",
888	>	expansion ? SSL_COMP_get_name(expansion) : "NONE",
889	>	show_capabilities(client_p));
890	>	/* Now show the masked hostname/IP to opers */
891	>	sendto_realops_flags(UMODE_ALL, L_OPER,
892	>	"Link with %s established: [SSL: %s, Compression/Expansion method: %s/%s] (Capabilities: %s)",
893	>	inpath, ssl_get_cipher(client_p->localClient->fd.ssl),
894	>	compression ? SSL_COMP_get_name(compression) : "NONE",
895	>	expansion ? SSL_COMP_get_name(expansion) : "NONE",
896	>	show_capabilities(client_p));
897	>	ilog(LOG_TYPE_IRCD, "Link with %s established: [SSL: %s, Compression/Expansion method: %s/%s] (Capabilities: %s)",
898	>	inpath_ip, ssl_get_cipher(client_p->localClient->fd.ssl),
899	>	compression ? SSL_COMP_get_name(compression) : "NONE",
900	>	expansion ? SSL_COMP_get_name(expansion) : "NONE",
901	>	show_capabilities(client_p));
902		}
903		else
904	<	fd_note(&client_p->localClient->fd, "Server: %s", client_p->name);
904	>	#endif
905	>	{
906	>	sendto_realops_flags(UMODE_ALL, L_ADMIN,
907	>	"Link with %s established: (Capabilities: %s)",
908	>	inpath_ip,show_capabilities(client_p));
909	>	/* Now show the masked hostname/IP to opers */
910	>	sendto_realops_flags(UMODE_ALL, L_OPER,
911	>	"Link with %s established: (Capabilities: %s)",
912	>	inpath,show_capabilities(client_p));
913	>	ilog(LOG_TYPE_IRCD, "Link with %s established: (Capabilities: %s)",
914	>	inpath_ip, show_capabilities(client_p));
915	>	}
916	>
917	>	client_p->serv->sconf = conf;
918	>
919	>	fd_note(&client_p->localClient->fd, "Server: %s", client_p->name);
920
921		/* Old sendto_serv_but_one() call removed because we now
922		** need to send different names to different servers
#	Line 1220 | Line 988 | server_estab(struct Client *client_p)
988		server_burst(client_p);
989		}
990
1223	–	static void
1224	–	start_io(struct Client *server)
1225	–	{
1226	–	struct LocalUser *lserver = server->localClient;
1227	–	int alloclen = 1;
1228	–	char *buf;
1229	–	dlink_node *ptr;
1230	–	struct dbuf_block *block;
1231	–
1232	–	/* calculate how many bytes to allocate */
1233	–	if (IsCapable(server, CAP_ZIP))
1234	–	alloclen += 6;
1235	–	#ifdef HAVE_LIBCRYPTO
1236	–	if (IsCapable(server, CAP_ENC))
1237	–	alloclen += 16 + lserver->in_cipher->keylen + lserver->out_cipher->keylen;
1238	–	#endif
1239	–	alloclen += dbuf_length(&lserver->buf_recvq);
1240	–	alloclen += dlink_list_length(&lserver->buf_recvq.blocks) * 3;
1241	–	alloclen += dbuf_length(&lserver->buf_sendq);
1242	–	alloclen += dlink_list_length(&lserver->buf_sendq.blocks) * 3;
1243	–
1244	–	/* initialize servlink control sendq */
1245	–	lserver->slinkq = buf = MyMalloc(alloclen);
1246	–	lserver->slinkq_ofs = 0;
1247	–	lserver->slinkq_len = alloclen;
1248	–
1249	–	if (IsCapable(server, CAP_ZIP))
1250	–	{
1251	–	/* ziplink */
1252	–	*buf++ = SLINKCMD_SET_ZIP_OUT_LEVEL;
1253	–	*buf++ = 0; /* |          */
1254	–	*buf++ = 1; /* \ len is 1 */
1255	–	*buf++ = ConfigFileEntry.compression_level;
1256	–	*buf++ = SLINKCMD_START_ZIP_IN;
1257	–	*buf++ = SLINKCMD_START_ZIP_OUT;
1258	–	}
1259	–	#ifdef HAVE_LIBCRYPTO
1260	–	if (IsCapable(server, CAP_ENC))
1261	–	{
1262	–	/* Decryption settings */
1263	–	*buf++ = SLINKCMD_SET_CRYPT_IN_CIPHER;
1264	–	*buf++ = 0; /* /                     (upper 8-bits of len) */
1265	–	*buf++ = 1; /* \ cipher id is 1 byte (lower 8-bits of len) */
1266	–	*buf++ = lserver->in_cipher->cipherid;
1267	–	*buf++ = SLINKCMD_SET_CRYPT_IN_KEY;
1268	–	*buf++ = 0; /* keylen < 256 */
1269	–	*buf++ = lserver->in_cipher->keylen;
1270	–	memcpy(buf, lserver->in_key, lserver->in_cipher->keylen);
1271	–	buf += lserver->in_cipher->keylen;
1272	–	/* Encryption settings */
1273	–	*buf++ = SLINKCMD_SET_CRYPT_OUT_CIPHER;
1274	–	*buf++ = 0; /* /                     (upper 8-bits of len) */
1275	–	*buf++ = 1; /* \ cipher id is 1 byte (lower 8-bits of len) */
1276	–	*buf++ = lserver->out_cipher->cipherid;
1277	–	*buf++ = SLINKCMD_SET_CRYPT_OUT_KEY;
1278	–	*buf++ = 0; /* keylen < 256 */
1279	–	*buf++ = lserver->out_cipher->keylen;
1280	–	memcpy(buf, lserver->out_key, lserver->out_cipher->keylen);
1281	–	buf += lserver->out_cipher->keylen;
1282	–	*buf++ = SLINKCMD_START_CRYPT_IN;
1283	–	*buf++ = SLINKCMD_START_CRYPT_OUT;
1284	–	}
1285	–	#endif
1286	–
1287	–	/* pass the whole recvq to servlink */
1288	–	DLINK_FOREACH (ptr, lserver->buf_recvq.blocks.head)
1289	–	{
1290	–	block = ptr->data;
1291	–	*buf++ = SLINKCMD_INJECT_RECVQ;
1292	–	*buf++ = (block->size >> 8);
1293	–	*buf++ = (block->size & 0xff);
1294	–	memcpy(buf, &block->data[0], block->size);
1295	–	buf += block->size;
1296	–	}
1297	–
1298	–	dbuf_clear(&lserver->buf_recvq);
1299	–
1300	–	/* pass the whole sendq to servlink */
1301	–	DLINK_FOREACH (ptr, lserver->buf_sendq.blocks.head)
1302	–	{
1303	–	block = ptr->data;
1304	–	*buf++ = SLINKCMD_INJECT_SENDQ;
1305	–	*buf++ = (block->size >> 8);
1306	–	*buf++ = (block->size & 0xff);
1307	–	memcpy(buf, &block->data[0], block->size);
1308	–	buf += block->size;
1309	–	}
1310	–
1311	–	dbuf_clear(&lserver->buf_sendq);
1312	–
1313	–	/* start io */
1314	–	*buf++ = SLINKCMD_INIT;
1315	–
1316	–	/* schedule a write */
1317	–	send_queued_slink_write(server);
1318	–	}
1319	–
1320	–	/* fork_server()
1321	–	*
1322	–	* inputs       - struct Client *server
1323	–	* output       - success: 0 / failure: -1
1324	–	* side effect  - fork, and exec SERVLINK to handle this connection
1325	–	*/
1326	–	static int
1327	–	fork_server(struct Client *server)
1328	–	{
1329	–	#ifndef HAVE_SOCKETPAIR
1330	–	return -1;
1331	–	#else
1332	–	int i;
1333	–	int slink_fds[2][2];
1334	–	/* 0? - ctrl  | 1? - data
1335	–	* ?0 - child | ?1 - parent */
1336	–
1337	–	if (socketpair(AF_UNIX, SOCK_STREAM, 0, slink_fds[0]) < 0)
1338	–	return -1;
1339	–	if (socketpair(AF_UNIX, SOCK_STREAM, 0, slink_fds[1]) < 0)
1340	–	goto free_ctrl_fds;
1341	–
1342	–	if ((i = fork()) < 0)
1343	–	{
1344	–	close(slink_fds[1][0]);  close(slink_fds[1][1]);
1345	–	free_ctrl_fds:
1346	–	close(slink_fds[0][0]);  close(slink_fds[0][1]);
1347	–	return -1;
1348	–	}
1349	–
1350	–	if (i == 0)
1351	–	{
1352	–	char fd_str[3][6];   /* store 3x sizeof("65535") */
1353	–	char *kid_argv[7];
1354	–
1355	–	#ifdef O_ASYNC
1356	–	fcntl(server->localClient->fd.fd, F_SETFL,
1357	–	fcntl(server->localClient->fd.fd, F_GETFL, 0) & ~O_ASYNC);
1358	–	#endif
1359	–	close_fds(&server->localClient->fd);
1360	–	close(slink_fds[0][1]);
1361	–	close(slink_fds[1][1]);
1362	–
1363	–	sprintf(fd_str[0], "%d", slink_fds[0][0]);
1364	–	sprintf(fd_str[1], "%d", slink_fds[1][0]);
1365	–	sprintf(fd_str[2], "%d", server->localClient->fd.fd);
1366	–
1367	–	kid_argv[0] = "-slink";
1368	–	kid_argv[1] = kid_argv[2] = fd_str[0];  /* ctrl */
1369	–	kid_argv[3] = kid_argv[4] = fd_str[1];  /* data */
1370	–	kid_argv[5] = fd_str[2];    /* network */
1371	–	kid_argv[6] = NULL;
1372	–
1373	–	execv(ConfigFileEntry.servlink_path, kid_argv);
1374	–
1375	–	_exit(1);
1376	–	}
1377	–
1378	–	/* close the network fd and the child ends of the pipes */
1379	–	fd_close(&server->localClient->fd);
1380	–	close(slink_fds[0][0]);
1381	–	close(slink_fds[1][0]);
1382	–
1383	–	execute_callback(setup_socket_cb, slink_fds[0][1]);
1384	–	execute_callback(setup_socket_cb, slink_fds[1][1]);
1385	–
1386	–	fd_open(&server->localClient->ctrlfd, slink_fds[0][1], 1, "slink ctrl");
1387	–	fd_open(&server->localClient->fd, slink_fds[1][1], 1, "slink data");
1388	–
1389	–	read_ctrl_packet(&server->localClient->ctrlfd, server);
1390	–	read_packet(&server->localClient->fd, server);
1391	–
1392	–	return 0;
1393	–	#endif
1394	–	}
1395	–
991		/* server_burst()
992		*
993		* inputs       - struct Client pointer server
#	Line 1770 | Line 1365 | serv_connect(struct AccessItem *aconf, s
1365		return (1);
1366		}
1367
1368	+	#ifdef HAVE_LIBCRYPTO
1369	+	static void
1370	+	finish_ssl_server_handshake(struct Client *client_p)
1371	+	{
1372	+	struct ConfItem *conf=NULL;
1373	+	struct AccessItem *aconf=NULL;
1374	+
1375	+	conf = find_conf_name(&client_p->localClient->confs,
1376	+	client_p->name, SERVER_TYPE);
1377	+	if (conf == NULL)
1378	+	{
1379	+	sendto_realops_flags(UMODE_ALL, L_ADMIN,
1380	+	"Lost connect{} block for %s", get_client_name(client_p, HIDE_IP));
1381	+	sendto_realops_flags(UMODE_ALL, L_OPER,
1382	+	"Lost connect{} block for %s", get_client_name(client_p, MASK_IP));
1383	+
1384	+	exit_client(client_p, &me, "Lost connect{} block");
1385	+	return;
1386	+	}
1387	+
1388	+	aconf = map_to_conf(conf);
1389	+
1390	+	/* jdc -- Check and send spasswd, not passwd. */
1391	+	if (!EmptyString(aconf->spasswd))
1392	+	sendto_one(client_p, "PASS %s TS %d %s",
1393	+	aconf->spasswd, TS_CURRENT, me.id);
1394	+
1395	+	send_capabilities(client_p, aconf,
1396	+	(IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0));
1397	+
1398	+	sendto_one(client_p, "SERVER %s 1 :%s%s",
1399	+	me.name, ConfigServerHide.hidden ? "(H) " : "",
1400	+	me.info);
1401	+
1402	+	/* If we've been marked dead because a send failed, just exit
1403	+	* here now and save everyone the trouble of us ever existing.
1404	+	*/
1405	+	if (IsDead(client_p))
1406	+	{
1407	+	sendto_realops_flags(UMODE_ALL, L_ADMIN,
1408	+	"%s[%s] went dead during handshake",
1409	+	client_p->name,
1410	+	client_p->host);
1411	+	sendto_realops_flags(UMODE_ALL, L_OPER,
1412	+	"%s went dead during handshake", client_p->name);
1413	+	return;
1414	+	}
1415	+
1416	+	/* don't move to serv_list yet -- we haven't sent a burst! */
1417	+	/* If we get here, we're ok, so lets start reading some data */
1418	+	comm_setselect(&client_p->localClient->fd, COMM_SELECT_READ, read_packet, client_p, 0);
1419	+	}
1420	+
1421	+	static void
1422	+	ssl_server_handshake(fde_t *fd, struct Client *client_p)
1423	+	{
1424	+	int ret;
1425	+	int err;
1426	+
1427	+	ret = SSL_connect(client_p->localClient->fd.ssl);
1428	+
1429	+	if (ret <= 0)
1430	+	{
1431	+	switch ((err = SSL_get_error(client_p->localClient->fd.ssl, ret)))
1432	+	{
1433	+	case SSL_ERROR_WANT_WRITE:
1434	+	comm_setselect(&client_p->localClient->fd, COMM_SELECT_WRITE,
1435	+	(PF *)ssl_server_handshake, client_p, 0);
1436	+	return;
1437	+	case SSL_ERROR_WANT_READ:
1438	+	comm_setselect(&client_p->localClient->fd, COMM_SELECT_READ,
1439	+	(PF *)ssl_server_handshake, client_p, 0);
1440	+	return;
1441	+	default:
1442	+	{
1443	+	const char *sslerr = ERR_error_string(ERR_get_error(), NULL);
1444	+	sendto_realops_flags(UMODE_ALL, L_ALL,
1445	+	"Error connecting to %s: %s", client_p->name,
1446	+	sslerr ? sslerr : "unknown SSL error");
1447	+	exit_client(client_p, client_p, "Error during SSL handshake");
1448	+	return;
1449	+	}
1450	+	}
1451	+	}
1452	+
1453	+	finish_ssl_server_handshake(client_p);
1454	+	}
1455	+
1456	+	static void
1457	+	ssl_connect_init(struct Client *client_p, struct AccessItem *aconf, fde_t *fd)
1458	+	{
1459	+	if ((client_p->localClient->fd.ssl = SSL_new(ServerInfo.client_ctx)) == NULL)
1460	+	{
1461	+	ilog(LOG_TYPE_IRCD, "SSL_new() ERROR! -- %s",
1462	+	ERR_error_string(ERR_get_error(), NULL));
1463	+	SetDead(client_p);
1464	+	exit_client(client_p, client_p, "SSL_new failed");
1465	+	return;
1466	+	}
1467	+
1468	+	SSL_set_fd(fd->ssl, fd->fd);
1469	+
1470	+	if (!EmptyString(aconf->cipher_list))
1471	+	SSL_set_cipher_list(client_p->localClient->fd.ssl, aconf->cipher_list);
1472	+
1473	+	ssl_server_handshake(NULL, client_p);
1474	+	}
1475	+	#endif
1476	+
1477		/* serv_connect_callback() - complete a server connection.
1478		*
1479		* This routine is called after the server connection attempt has
#	Line 1833 | Line 1537 | serv_connect_callback(fde_t *fd, int sta
1537		return;
1538		}
1539
1540	<	aconf = (struct AccessItem *)map_to_conf(conf);
1540	>	aconf = map_to_conf(conf);
1541		/* Next, send the initial handshake */
1542		SetHandshake(client_p);
1543
1544		#ifdef HAVE_LIBCRYPTO
1545	<	/* Handle all CRYPTLINK links in cryptlink_init */
1842	<	if (IsConfCryptLink(aconf))
1545	>	if (IsConfSSL(aconf))
1546		{
1547	<	cryptlink_init(client_p, conf, fd);
1547	>	ssl_connect_init(client_p, aconf, fd);
1548		return;
1549		}
1550		#endif
1551
1552		/* jdc -- Check and send spasswd, not passwd. */
1553		if (!EmptyString(aconf->spasswd))
1851	–	/* Send TS 6 form only if id */
1554		sendto_one(client_p, "PASS %s TS %d %s",
1555		aconf->spasswd, TS_CURRENT, me.id);
1556
1855	–	/* Pass my info to the new server
1856	–	*
1857	–	* Pass on ZIP if supported
1858	–	* Pass on TB if supported.
1859	–	* - Dianora
1860	–	*/
1557		send_capabilities(client_p, aconf,
1558	<	(IsConfCompressed(aconf) ? CAP_ZIP : 0)
1863	<	| (IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0), 0);
1558	>	(IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0));
1559
1560		sendto_one(client_p, "SERVER %s 1 :%s%s",
1561		me.name, ConfigServerHide.hidden ? "(H) " : "",
#	Line 1902 | Line 1597 | find_servconn_in_progress(const char *na
1597
1598		return NULL;
1599		}
1905	–
1906	–	#ifdef HAVE_LIBCRYPTO
1907	–	/*
1908	–	* sends a CRYPTLINK SERV command.
1909	–	*/
1910	–	void
1911	–	cryptlink_init(struct Client *client_p, struct ConfItem *conf, fde_t *fd)
1912	–	{
1913	–	struct AccessItem *aconf;
1914	–	char *encrypted;
1915	–	unsigned char *key_to_send;
1916	–	char randkey[CIPHERKEYLEN];
1917	–	int enc_len;
1918	–
1919	–	/* get key */
1920	–	if ((!ServerInfo.rsa_private_key) ||
1921	–	(!RSA_check_key(ServerInfo.rsa_private_key)) )
1922	–	{
1923	–	cryptlink_error(client_p, "SERV", "Invalid RSA private key",
1924	–	"Invalid RSA private key");
1925	–	return;
1926	–	}
1927	–
1928	–	aconf = (struct AccessItem *)map_to_conf(conf);
1929	–
1930	–	if (aconf->rsa_public_key == NULL)
1931	–	{
1932	–	cryptlink_error(client_p, "SERV", "Invalid RSA public key",
1933	–	"Invalid RSA public key");
1934	–	return;
1935	–	}
1936	–
1937	–	if (get_randomness((unsigned char *)randkey, CIPHERKEYLEN) != 1)
1938	–	{
1939	–	cryptlink_error(client_p, "SERV", "Couldn't generate keyphrase",
1940	–	"Couldn't generate keyphrase");
1941	–	return;
1942	–	}
1943	–
1944	–	encrypted = MyMalloc(RSA_size(ServerInfo.rsa_private_key));
1945	–	enc_len   = RSA_public_encrypt(CIPHERKEYLEN,
1946	–	(unsigned char *)randkey,
1947	–	(unsigned char *)encrypted,
1948	–	aconf->rsa_public_key,
1949	–	RSA_PKCS1_PADDING);
1950	–
1951	–	memcpy(client_p->localClient->in_key, randkey, CIPHERKEYLEN);
1952	–
1953	–	if (enc_len <= 0)
1954	–	{
1955	–	report_crypto_errors();
1956	–	MyFree(encrypted);
1957	–	cryptlink_error(client_p, "SERV", "Couldn't encrypt data",
1958	–	"Couldn't encrypt data");
1959	–	return;
1960	–	}
1961	–
1962	–	if (!(base64_block(&key_to_send, encrypted, enc_len)))
1963	–	{
1964	–	MyFree(encrypted);
1965	–	cryptlink_error(client_p, "SERV", "Couldn't base64 encode key",
1966	–	"Couldn't base64 encode key");
1967	–	return;
1968	–	}
1969	–
1970	–	send_capabilities(client_p, aconf,
1971	–	(IsConfCompressed(aconf) ? CAP_ZIP : 0)
1972	–	| (IsConfTopicBurst(aconf) ? CAP_TBURST|CAP_TB : 0), CAP_ENC_MASK);
1973	–
1974	–	sendto_one(client_p, "PASS . TS %d %s", TS_CURRENT, me.id);
1975	–	sendto_one(client_p, "CRYPTLINK SERV %s %s :%s%s",
1976	–	me.name, key_to_send,
1977	–	ConfigServerHide.hidden ? "(H) " : "", me.info);
1978	–
1979	–	SetHandshake(client_p);
1980	–	SetWaitAuth(client_p);
1981	–
1982	–	MyFree(encrypted);
1983	–	MyFree(key_to_send);
1984	–
1985	–	if (IsDead(client_p))
1986	–	cryptlink_error(client_p, "SERV", "Went dead during handshake",
1987	–	"Went dead during handshake");
1988	–	else if (fd != NULL)
1989	–	/* If we get here, we're ok, so lets start reading some data */
1990	–	comm_setselect(fd, COMM_SELECT_READ, read_packet, client_p, 0);
1991	–	}
1992	–
1993	–	void
1994	–	cryptlink_error(struct Client *client_p, const char *type,
1995	–	const char *reason, const char *client_reason)
1996	–	{
1997	–	sendto_realops_flags(UMODE_ALL, L_ADMIN, "%s: CRYPTLINK %s error - %s",
1998	–	get_client_name(client_p, SHOW_IP), type, reason);
1999	–	sendto_realops_flags(UMODE_ALL, L_OPER,  "%s: CRYPTLINK %s error - %s",
2000	–	get_client_name(client_p, MASK_IP), type, reason);
2001	–	ilog(LOG_TYPE_IRCD, "%s: CRYPTLINK %s error - %s",
2002	–	get_client_name(client_p, SHOW_IP), type, reason);
2003	–
2004	–	/* If client_reason isn't NULL, then exit the client with the message
2005	–	* defined in the call.
2006	–	*/
2007	–	if ((client_reason != NULL) && (!IsDead(client_p)))
2008	–	exit_client(client_p, &me, client_reason);
2009	–	}
2010	–
2011	–	static char base64_chars[] =
2012	–	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
2013	–
2014	–	static char base64_values[] =
2015	–	{
2016	–	/* 00-15   */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2017	–	/* 16-31   */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2018	–	/* 32-47   */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
2019	–	/* 48-63   */ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1,  0, -1, -1,
2020	–	/* 64-79   */ -1,  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14,
2021	–	/* 80-95   */ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
2022	–	/* 96-111  */ -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
2023	–	/* 112-127 */ 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1,
2024	–	/* 128-143 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2025	–	/* 144-159 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2026	–	/* 160-175 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2027	–	/* 186-191 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2028	–	/* 192-207 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2029	–	/* 208-223 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2030	–	/* 224-239 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
2031	–	/* 240-255 */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
2032	–	};
2033	–
2034	–	/*
2035	–	* base64_block will allocate and return a new block of memory
2036	–	* using MyMalloc().  It should be freed after use.
2037	–	*/
2038	–	int
2039	–	base64_block(unsigned char **output, char *data, int len)
2040	–	{
2041	–	unsigned char *out;
2042	–	unsigned char *in = (unsigned char*)data;
2043	–	unsigned long int q_in;
2044	–	int i;
2045	–	int count = 0;
2046	–
2047	–	out = MyMalloc(((((len + 2) - ((len + 2) % 3)) / 3) * 4) + 1);
2048	–
2049	–	/* process 24 bits at a time */
2050	–	for( i = 0; i < len; i += 3)
2051	–	{
2052	–	q_in = 0;
2053	–
2054	–	if ( i + 2 < len )
2055	–	{
2056	–	q_in  = (in[i+2] & 0xc0) << 2;
2057	–	q_in |=  in[i+2];
2058	–	}
2059	–
2060	–	if ( i + 1 < len )
2061	–	{
2062	–	q_in |= (in[i+1] & 0x0f) << 10;
2063	–	q_in |= (in[i+1] & 0xf0) << 12;
2064	–	}
2065	–
2066	–	q_in |= (in[i]   & 0x03) << 20;
2067	–	q_in |=  in[i]           << 22;
2068	–
2069	–	q_in &= 0x3f3f3f3f;
2070	–
2071	–	out[count++] = base64_chars[((q_in >> 24)       )];
2072	–	out[count++] = base64_chars[((q_in >> 16) & 0xff)];
2073	–	out[count++] = base64_chars[((q_in >>  8) & 0xff)];
2074	–	out[count++] = base64_chars[((q_in      ) & 0xff)];
2075	–	}
2076	–	if ( (i - len) > 0 )
2077	–	{
2078	–	out[count-1] = '=';
2079	–	if ( (i - len) > 1 )
2080	–	out[count-2] = '=';
2081	–	}
2082	–
2083	–	out[count] = '\0';
2084	–	*output = out;
2085	–	return (count);
2086	–	}
2087	–
2088	–	/*
2089	–	* unbase64_block will allocate and return a new block of memory
2090	–	* using MyMalloc().  It should be freed after use.
2091	–	*/
2092	–	int
2093	–	unbase64_block(unsigned char **output, char *data, int len)
2094	–	{
2095	–	unsigned char *out;
2096	–	unsigned char *in = (unsigned char*)data;
2097	–	unsigned long int q_in;
2098	–	int i;
2099	–	int count = 0;
2100	–
2101	–	if ((len % 4) != 0)
2102	–	return (0);
2103	–
2104	–	out = MyMalloc(((len / 4) * 3) + 1);
2105	–
2106	–	/* process 32 bits at a time */
2107	–	for( i = 0; (i + 3) < len; i+=4)
2108	–	{
2109	–	/* compress input (chars a, b, c and d) as follows:
2110	–	* (after converting ascii -> base64 value)
2111	–	*
2112	–	* |00000000aaaaaabbbbbbccccccdddddd|
2113	–	* |  765432  107654  321076  543210|
2114	–	*/
2115	–
2116	–	q_in = 0;
2117	–
2118	–	if (base64_values[in[i+3]] > -1)
2119	–	q_in |= base64_values[in[i+3]]      ;
2120	–	if (base64_values[in[i+2]] > -1)
2121	–	q_in |= base64_values[in[i+2]] <<  6;
2122	–	if (base64_values[in[i+1]] > -1)
2123	–	q_in |= base64_values[in[i+1]] << 12;
2124	–	if (base64_values[in[i  ]] > -1)
2125	–	q_in |= base64_values[in[i  ]] << 18;
2126	–
2127	–	out[count++] = (q_in >> 16) & 0xff;
2128	–	out[count++] = (q_in >>  8) & 0xff;
2129	–	out[count++] = (q_in      ) & 0xff;
2130	–	}
2131	–
2132	–	if (in[i-1] == '=') count--;
2133	–	if (in[i-2] == '=') count--;
2134	–
2135	–	out[count] = '\0';
2136	–	*output = out;
2137	–	return (count);
2138	–	}
2139	–
2140	–	#endif /* HAVE_LIBCRYPTO */
2141	–

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines (old)
>	Changed lines (new)