]> jfr.im git - irc/quakenet/newserv.git/blob - trusts/trusts_policy.c
projects / irc / quakenet / newserv.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Policy sockets: Send walls for lost connections.
[irc/quakenet/newserv.git] / trusts / trusts_policy.c
1 #include <stdio.h>
2 #include <stdlib.h>
3 #include <stdarg.h>
4 #include <unistd.h>
5 #include <sys/types.h>
6 #include <sys/socket.h>
7 #include <netinet/in.h>
8
9 #ifndef __USE_MISC
10 #define __USE_MISC /* inet_aton */
11 #endif
12
13 #include <arpa/inet.h>
14 #include <sys/un.h>
15 #include <sys/poll.h>
16 #include <errno.h>
17 #include <fcntl.h>
18
19 #include "../lib/version.h"
20 #include "../lib/hmac.h"
21 #include "../core/events.h"
22 #include "../core/schedule.h"
23 #include "../core/nsmalloc.h"
24 #include "../core/hooks.h"
25 #include "../core/config.h"
26 #include "../control/control.h"
27 #include "../lib/irc_string.h"
28 #include "../irc/irc.h"
29 #include "../glines/glines.h"
30 #include "trusts.h"
31
32 MODULE_VERSION("");
33
34 static int countext, enforcepolicy_irc, enforcepolicy_auth;
35
36 #define TRUSTBUFSIZE 8192
37 #define TRUSTPASSLEN 128
38 #define NONCELEN 16
39
40 typedef struct trustsocket {
41 int fd;
42 int authed;
43 char authuser[SERVERLEN+1];
44 char buf[TRUSTBUFSIZE];
45 unsigned char nonce[NONCELEN];
46 int size;
47 time_t connected;
48 time_t timeout;
49 int accepted;
50 int rejected;
51
52 struct trustsocket *next;
53 } trustsocket;
54
55 static trustsocket *tslist;
56 static int listenerfd = -1;
57 static FILE *urandom;
58
59 typedef struct trustaccount {
60 int used;
61 char server[SERVERLEN+1];
62 char password[TRUSTPASSLEN+1];
63 } trustaccount;
64
65 trustaccount trustaccounts[MAXSERVERS];
66
67 static int checkconnectionth(const char *username, struct irc_in_addr *ip, trusthost *th, int hooknum, int usercountadjustment, char *message, size_t messagelen) {
68 trustgroup *tg;
69
70 if(messagelen>0)
71 message[0] = '\0';
72
73 if(!th || !trustsdbloaded)
74 return POLICY_SUCCESS;
75
76 tg = th->group;
77
78 /*
79 * the purpose of this logic is to avoid spam like this:
80 * WARNING: tgX exceeded limit: 11 connected vs 10 max
81 * (goes back down to 10)
82 * WARNING: tgX exceeded limit: 11 connected vs 10 max
83 */
84
85 if(hooknum == HOOK_TRUSTS_NEWNICK) {
86 patricia_node_t *head, *node;
87 int nodecount = 0;
88
89 head = refnode(iptree, ip, th->nodebits);
90 PATRICIA_WALK(head, node)
91 {
92 nodecount += node->usercount;
93 }
94 PATRICIA_WALK_END;
95 derefnode(iptree, head);
96
97 if(th->maxpernode && nodecount + usercountadjustment > th->maxpernode) {
98 controlwall(NO_OPER, NL_TRUSTS, "Hard connection limit exceeded on subnet: %s (group: %s): %d connected, %d max.", trusts_cidr2str(ip, th->nodebits), tg->name->content, nodecount + usercountadjustment, th->maxpernode);
99 snprintf(message, messagelen, "Too many connections from your host (%s) - see https://www.quakenet.org/help/trusts/connection-limit for details.", IPtostr(*ip));
100 return POLICY_FAILURE_NODECOUNT;
101 }
102
103 if(tg->trustedfor && tg->count + usercountadjustment > tg->trustedfor) {
104 if(tg->count > (long)tg->exts[countext]) {
105 tg->exts[countext] = (void *)(long)tg->count;
106
107 controlwall(NO_OPER, NL_TRUSTS, "Hard connection limit exceeded (group %s): %d connected, %d max.", tg->name->content, tg->count + usercountadjustment, tg->trustedfor);
108 snprintf(message, messagelen, "Too many connections from your trust (%s) - see https://www.quakenet.org/help/trusts/connection-limit for details.", IPtostr(*ip));
109 }
110
111 snprintf(message, messagelen, "Too many connections from your trust (%s) - see https://www.quakenet.org/help/trusts/connection-limit for details.", IPtostr(*ip));
112 return POLICY_FAILURE_GROUPCOUNT;
113 }
114
115 if((tg->flags & TRUST_ENFORCE_IDENT) && (username[0] == '~')) {
116 controlwall(NO_OPER, NL_TRUSTS, "Ident required: %s@%s (group: %s).", username, IPtostr(*ip), tg->name->content);
117 snprintf(message, messagelen, "IDENTD required from your host (%s) - see https://www.quakenet.org/help/trusts/connection-limit for details.", IPtostr(*ip));
118 return POLICY_FAILURE_IDENTD;
119 }
120
121 if(tg->maxperident > 0) {
122 int identcount = 0;
123 trusthost *th2;
124 nick *tnp;
125
126 for(th2=tg->hosts;th2;th2=th2->next) {
127 for(tnp=th2->users;tnp;tnp=nextbytrust(tnp)) {
128 if(!ircd_strcmp(tnp->ident, username))
129 identcount++;
130 }
131 }
132
133 if(identcount + usercountadjustment > tg->maxperident) {
134 controlwall(NO_OPER, NL_TRUSTS, "Hard ident limit exceeded: %s@%s (group: %s): %d connected, %d max.", username, IPtostr(*ip), tg->name->content, identcount + usercountadjustment, tg->maxperident);
135 snprintf(message, messagelen, "Too many connections from your username (%s@%s) - see https://www.quakenet.org/help/trusts/connection-limit for details.", username, IPtostr(*ip));
136 return POLICY_FAILURE_IDENTCOUNT;
137 }
138 }
139 } else {
140 if(tg->count < tg->maxusage)
141 tg->exts[countext] = (void *)(long)tg->count;
142 }
143
144 if(tg->trustedfor > 0)
145 snprintf(message, messagelen, "Trust has %d out of %d allowed connections.", tg->count + usercountadjustment, tg->trustedfor);
146
147 return POLICY_SUCCESS;
148 }
149
150 static int checkconnection(const char *username, struct irc_in_addr *ip, int hooknum, int cloneadjustment, char *message, size_t messagelen) {
151 struct irc_in_addr ip_canonicalized;
152 ip_canonicalize_tunnel(&ip_canonicalized, ip);
153
154 return checkconnectionth(username, &ip_canonicalized, th_getbyhost(&ip_canonicalized), hooknum, cloneadjustment, message, messagelen);
155 }
156
157 static int trustdowrite(trustsocket *sock, char *format, ...) {
158 char buf[1024];
159 va_list va;
160 int r;
161
162 va_start(va, format);
163 r = vsnprintf(buf, sizeof(buf), format, va);
164 va_end(va);
165
166 if(r >= sizeof(buf))
167 r = sizeof(buf) - 1;
168
169 buf[r] = '\n';
170
171 if(write(sock->fd, buf, r + 1) != r + 1)
172 return 0;
173 return 1;
174 }
175
176 static int policycheck_auth(trustsocket *sock, const char *sequence_id, const char *username, const char *host) {
177 char message[512];
178 int verdict;
179 struct irc_in_addr ip;
180 unsigned char bits;
181
182 if(!ipmask_parse(host, &ip, &bits)) {
183 sock->accepted++;
184 return trustdowrite(sock, "PASS %s", sequence_id);
185 }
186
187 verdict = checkconnection(username, &ip, HOOK_TRUSTS_NEWNICK, 1, message, sizeof(message));
188
189 if(!enforcepolicy_auth)
190 verdict = POLICY_SUCCESS;
191
192 if (verdict == POLICY_SUCCESS) {
193 sock->accepted++;
194
195 if(message[0])
196 return trustdowrite(sock, "PASS %s %s", sequence_id, message);
197 else
198 return trustdowrite(sock, "PASS %s", sequence_id);
199 } else {
200 sock->rejected++;
201
202 controlwall(NO_OPER, NL_TRUSTS, "Rejected connection from %s@%s using IAuth: %s", username, host, message);
203 return trustdowrite(sock, "KILL %s %s", sequence_id, message);
204 }
205 }
206
207 static int trustkillconnection(trustsocket *sock, char *reason) {
208 trustdowrite(sock, "QUIT %s", reason);
209 return 0;
210 }
211
212 static void trustfreeconnection(trustsocket *sock, int unlink) {
213 trustsocket **pnext, *ts;
214
215 if(!unlink) {
216 controlwall(NO_OPER, NL_TRUSTS, "Lost connection on policy socket for '%s'.", sock->authed?sock->authuser:"<unauthenticated connection>");
217
218 deregisterhandler(sock->fd, 1);
219 nsfree(POOL_TRUSTS, sock);
220 return;
221 }
222
223 pnext = &tslist;
224
225 for(ts=*pnext;*pnext;pnext=&((*pnext)->next)) {
226 if(ts == sock) {
227 *pnext = sock->next;
228 trustfreeconnection(sock, 0);
229 break;
230 }
231 }
232 }
233
234 static int handletrustauth(trustsocket *sock, char *server_name, char *mac) {
235 int i;
236 char *password = NULL;
237 unsigned char digest[16];
238 char noncehexbuf[NONCELEN * 2 + 1];
239 char hexbuf[sizeof(digest) * 2 + 1];
240
241 for(i=0;i<MAXSERVERS;i++) {
242 if(trustaccounts[i].used && strcmp(trustaccounts[i].server, server_name) == 0) {
243 password = trustaccounts[i].password;
244 break;
245 }
246 }
247
248 if (!password) {
249 controlwall(NO_OPER, NL_TRUSTS, "Invalid servername for policy socket: '%s'", server_name);
250 return trustkillconnection(sock, "Invalid servername.");
251 }
252
253 hmacmd5 h;
254 hmacmd5_init(&h, (unsigned char *)password, strlen(password));
255 hmacmd5_update(&h, (unsigned char *)hmac_printhex(sock->nonce, noncehexbuf, NONCELEN), NONCELEN * 2);
256 hmacmd5_final(&h, digest);
257 if(hmac_strcmp(mac, hmac_printhex(digest, hexbuf, sizeof(digest)))) {
258 controlwall(NO_OPER, NL_TRUSTS, "Invalid password for policy socket with servername '%s'.", server_name);
259 return trustkillconnection(sock, "Bad MAC.");
260 }
261
262 sock->authed = 1;
263 strncpy(sock->authuser, server_name, SERVERLEN);
264
265 controlwall(NO_OPER, NL_TRUSTS, "Successful authentication for policy socket with servername '%s'.", server_name);
266 return trustdowrite(sock, "AUTHOK");
267 }
268
269 #define MAXTOKENS 10
270 static int handletrustline(trustsocket *sock, char *line) {
271 char *command, *p, *lastpos;
272 char *tokens[MAXTOKENS];
273 int tokensfound = -1;
274
275 for(command=lastpos=p=line;*p;p++) {
276 if(*p == ' ') {
277 *p = '\0';
278 if(tokensfound == MAXTOKENS)
279 return trustkillconnection(sock, "too many tokens");
280
281 if(tokensfound >= 0) {
282 tokens[tokensfound++] = lastpos;
283 } else {
284 tokensfound++;
285 }
286 lastpos = p + 1;
287 }
288 }
289 if(lastpos != p) {
290 if(tokensfound == MAXTOKENS)
291 return trustkillconnection(sock, "too many tokens");
292 tokens[tokensfound++] = lastpos;
293 }
294
295 if(!sock->authed && !strcmp("AUTH", command)) {
296 if(tokensfound != 2)
297 return trustkillconnection(sock, "incorrect arg count for command.");
298
299 return handletrustauth(sock, tokens[0], tokens[1]);
300 } else if(sock->authed && !strcmp("CHECK", command)) {
301 if(tokensfound != 3)
302 return trustkillconnection(sock, "incorrect arg count for command.");
303
304 policycheck_auth(sock, tokens[0], tokens[1], tokens[2]);
305 return 1;
306 } else {
307 Error("trusts_policy", ERR_WARNING, "Bad command: %s", command);
308 return 0;
309 }
310 }
311
312 static trustsocket *findtrustsocketbyfd(int fd) {
313 for(trustsocket *ts=tslist;ts;ts=ts->next)
314 if(ts->fd==fd)
315 return ts;
316
317 return NULL;
318 }
319
320 static int handletrustclient(trustsocket *sock) {
321 int r, remaining = TRUSTBUFSIZE - sock->size, i;
322 char *lastpos, *c;
323
324 if(!remaining) {
325 trustkillconnection(sock, "Buffer overflow.");
326 return 0;
327 }
328
329 r = read(sock->fd, sock->buf + sock->size, remaining);
330 if(r <= 0)
331 return 0;
332
333 sock->size+=r;
334 lastpos = sock->buf;
335
336 for(c=sock->buf,i=0;i<sock->size;i++,c++) {
337 if(*c != '\n')
338 continue;
339 *c = '\0';
340 if(!handletrustline(sock, lastpos))
341 return 0;
342
343 lastpos = c + 1; /* is this ok? */
344 }
345 sock->size-=lastpos - sock->buf;
346 memmove(sock->buf, lastpos, sock->size);
347
348 return 1;
349 }
350
351 static void processtrustclient(int fd, short events) {
352 trustsocket *sock = findtrustsocketbyfd(fd);
353
354 if(!sock)
355 return;
356
357 if(events & POLLIN)
358 if(!handletrustclient(sock))
359 trustfreeconnection(sock, 1);
360 }
361
362 static void trustdotimeout(void *arg) {
363 time_t t = time(NULL);
364 trustsocket **pnext, *sock;
365
366 pnext = &tslist;
367
368 for(sock=*pnext;*pnext;pnext=&((*pnext)->next)) {
369 if(!sock->authed && t >= sock->timeout) {
370 trustkillconnection(sock, "Auth timeout.");
371 *pnext = sock->next;
372 trustfreeconnection(sock, 0);
373 }
374 }
375 }
376
377 static void processtrustlistener(int fd, short events) {
378 if(events & POLLIN) {
379 trustsocket *sock;
380 char buf[NONCELEN * 2 + 1];
381
382 int newfd = accept(fd, NULL, NULL), flags;
383 if(newfd == -1)
384 return;
385
386 flags = fcntl(newfd, F_GETFL, 0);
387 if(flags < 0) {
388 Error("trusts_policy", ERR_WARNING, "Unable to set socket non-blocking.");
389 close(newfd);
390 return;
391 }
392
393 if(fcntl(fd, F_SETFL, flags|O_NONBLOCK) < 0) {
394 Error("trusts_policy", ERR_WARNING, "Unable to set socket non-blocking.");
395 close(newfd);
396 return;
397 }
398
399 registerhandler(newfd, POLLIN|POLLERR|POLLHUP, processtrustclient);
400
401 sock = nsmalloc(POOL_TRUSTS, sizeof(trustsocket));
402 if(!sock) {
403 deregisterhandler(newfd, 1);
404 return;
405 }
406
407 sock->fd = newfd;
408 sock->next = tslist;
409 tslist = sock;
410
411 if(fread((char *)sock->nonce, 1, NONCELEN, urandom) != NONCELEN) {
412 Error("trusts_policy", ERR_WARNING, "Error getting random bytes.");
413 deregisterhandler(newfd, 1);
414 tslist = sock->next;
415 nsfree(POOL_TRUSTS, sock);
416 } else {
417 sock->authed = 0;
418 sock->size = 0;
419 sock->connected = time(NULL);
420 sock->timeout = time(NULL) + 30;
421 sock->accepted = 0;
422 sock->rejected = 0;
423 if(!trustdowrite(sock, "AUTH %s", hmac_printhex(sock->nonce, buf, NONCELEN))) {
424 Error("trusts_policy", ERR_WARNING, "Error writing auth to fd %d.", newfd);
425 deregisterhandler(newfd, 1);
426 tslist = sock->next;
427 nsfree(POOL_TRUSTS, sock);
428 return;
429 }
430 }
431 }
432 }
433
434 static int createlistenersock(int port) {
435 struct sockaddr_in s;
436 int fd;
437 int optval;
438
439 memset(&s, 0, sizeof(struct sockaddr_in));
440 s.sin_family = AF_INET;
441 s.sin_addr.s_addr = INADDR_ANY;
442 s.sin_port = htons(port);
443
444 fd = socket(PF_INET, SOCK_STREAM, 0);
445 if(fd < 0) {
446 Error("trusts_policy", ERR_WARNING, "Unable to get socket for trustfd.");
447 return -1;
448 }
449
450 optval = 1;
451 setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof(optval));
452
453 if(bind(fd, (struct sockaddr *)&s, sizeof(struct sockaddr_in)) < 0) {
454 Error("trusts_policy", ERR_WARNING, "Unable to bind trustfd.");
455 close(fd);
456 return -1;
457 }
458
459 if(listen(fd, 5) < 0) {
460 Error("trusts_policy", ERR_WARNING, "Unable to listen on trustfd.");
461 close(fd);
462 return -1;
463 }
464
465 registerhandler(fd, POLLIN, processtrustlistener);
466
467 return fd;
468 }
469
470 static void policycheck_irc(int hooknum, void *arg) {
471 void **args = arg;
472 nick *np = args[0];
473 long moving = (long)args[1];
474 char message[512];
475 int verdict;
476
477 if(moving)
478 return;
479
480 verdict = checkconnectionth(np->ident, &np->p_nodeaddr, gettrusthost(np), hooknum, 0, message, sizeof(message));
481
482 if(!enforcepolicy_irc)
483 verdict = POLICY_SUCCESS;
484
485 switch (verdict) {
486 case POLICY_FAILURE_NODECOUNT:
487 glinebynick(np, POLICY_GLINE_DURATION, message, GLINE_IGNORE_TRUST, "trusts_policy");
488 break;
489 case POLICY_FAILURE_IDENTD:
490 glinebyip("~*", &np->p_ipaddr, 128, POLICY_GLINE_DURATION, message, GLINE_ALWAYS_USER|GLINE_IGNORE_TRUST, "trusts_policy");
491 break;
492 case POLICY_FAILURE_IDENTCOUNT:
493 glinebynick(np, POLICY_GLINE_DURATION, message, GLINE_ALWAYS_USER|GLINE_IGNORE_TRUST, "trusts_policy");
494 break;
495 }
496 }
497
498 static int trusts_cmdtrustpolicyirc(void *source, int cargc, char **cargv) {
499 nick *sender = source;
500
501 if(cargc < 1) {
502 controlreply(sender, "Use of glines for trust policy enforcement is currently %s.", enforcepolicy_irc?"enabled":"disabled");
503 return CMD_OK;
504 }
505
506 enforcepolicy_irc = atoi(cargv[0]);
507 controlwall(NO_OPER, NL_TRUSTS, "%s %s use of glines for trust policy enforcement.", controlid(sender), enforcepolicy_irc?"enabled":"disabled");
508 controlreply(sender, "Use of glines for trust policy enforcement is now %s.", enforcepolicy_irc?"enabled":"disabled");
509
510 return CMD_OK;
511 }
512
513 static int trusts_cmdtrustpolicyauth(void *source, int cargc, char **cargv) {
514 nick *sender = source;
515
516 if(cargc < 1) {
517 controlreply(sender, "Trust policy enforcement with IAuth is currently %s.", enforcepolicy_auth?"enabled":"disabled");
518 return CMD_OK;
519 }
520
521 enforcepolicy_auth = atoi(cargv[0]);
522 controlwall(NO_OPER, NL_TRUSTS, "%s %s trust policy enforcement with IAuth.", controlid(sender), enforcepolicy_auth?"enabled":"disabled");
523 controlreply(sender, "Trust policy enforcement with IAuth is now %s.", enforcepolicy_auth?"enabled":"disabled");
524
525 return CMD_OK;
526 }
527
528
529 static int trusts_cmdtrustsockets(void *source, int cargc, char **cargv) {
530 nick *sender = source;
531 time_t now;
532 trustsocket *sock;
533
534 time(&now);
535
536 controlreply(sender, "Server Connected for Accepted Rejected");
537
538 for(sock=tslist;sock;sock=sock->next)
539 controlreply(sender, "%-20s %20s %10d %15d", sock->authed?sock->authuser:"<unauthenticated connection>", longtoduration(now - sock->connected, 0), sock->accepted, sock->rejected);
540
541 controlreply(sender, "-- End of list.");
542 return CMD_OK;
543 }
544
545 void loadtrustaccounts(void) {
546 array *accts;
547
548 memset(trustaccounts, 0, sizeof(trustaccounts));
549
550 accts = getconfigitems("trusts_policy", "server");
551 if(!accts) {
552 Error("trusts_policy", ERR_INFO, "No servers added.");
553 } else {
554 sstring **servers = (sstring **)(accts->content);
555 int i;
556 for(i=0;i<accts->cursi;i++) {
557 char server[512];
558 char *pos;
559
560 if(i>=MAXSERVERS) {
561 Error("trusts_policy", ERR_INFO, "Too many servers specified.");
562 break;
563 }
564
565 strncpy(server, servers[i]->content, sizeof(server));
566
567 pos = strchr(server, ',');
568
569 if(!pos) {
570 Error("trusts_policy", ERR_INFO, "Server line is missing password: %s", server);
571 continue;
572 }
573
574 *pos = '\0';
575
576 trustaccounts[i].used = 1;
577 strncpy(trustaccounts[i].server, server, SERVERLEN);
578 strncpy(trustaccounts[i].password, pos+1, TRUSTPASSLEN);
579 }
580 }
581 }
582
583 static void trustaccounts_rehash(int hooknum, void *arg) {
584 loadtrustaccounts();
585 }
586
587 void _init(void) {
588 sstring *m;
589 int trustport;
590
591 countext = registertgext("count");
592 if(countext == -1)
593 return;
594
595 m = getconfigitem("trusts_policy", "enforcepolicy_irc");
596 if(m)
597 enforcepolicy_irc = atoi(m->content);
598
599 m = getconfigitem("trusts_policy", "enforcepolicy_auth");
600 if(m)
601 enforcepolicy_auth = atoi(m->content);
602
603 m = getconfigitem("trusts_policy", "trustport");
604 if(m)
605 trustport = atoi(m->content);
606 else
607 trustport = DEFAULT_TRUSTPORT;
608
609 if(trustport)
610 listenerfd = createlistenersock(trustport);
611
612 loadtrustaccounts();
613
614 registerhook(HOOK_TRUSTS_NEWNICK, policycheck_irc);
615 registerhook(HOOK_TRUSTS_LOSTNICK, &policycheck_irc);
616 registerhook(HOOK_CORE_REHASH, trustaccounts_rehash);
617
618 registercontrolhelpcmd("trustpolicyirc", NO_DEVELOPER, 1, trusts_cmdtrustpolicyirc, "Usage: trustpolicyirc ?1|0?\nEnables or disables policy enforcement (IRC). Shows current status when no parameter is specified.");
619 registercontrolhelpcmd("trustpolicyauth", NO_DEVELOPER, 1, trusts_cmdtrustpolicyauth, "Usage: trustpolicyauth ?1|0?\nEnables or disables policy enforcement (IAuth). Shows current status when no parameter is specified.");
620 registercontrolhelpcmd("trustsockets", NO_DEVELOPER, 0, trusts_cmdtrustsockets, "Usage: trustsockets\nLists all currently active TRUST sockets.");
621
622 schedulerecurring(time(NULL)+1, 0, 5, trustdotimeout, NULL);
623
624 urandom = fopen("/dev/urandom", "rb");
625 if(!urandom)
626 Error("trusts_policy", ERR_ERROR, "Couldn't open /dev/urandom.");
627 }
628
629 void _fini(void) {
630 trustsocket *sock, *next;
631
632 if(countext == -1)
633 return;
634
635 releasetgext(countext);
636
637 deregisterhook(HOOK_TRUSTS_NEWNICK, policycheck_irc);
638 deregisterhook(HOOK_TRUSTS_LOSTNICK, policycheck_irc);
639 deregisterhook(HOOK_CORE_REHASH, trustaccounts_rehash);
640
641 deregistercontrolcmd("trustpolicyirc", trusts_cmdtrustpolicyirc);
642 deregistercontrolcmd("trustpolicyauth", trusts_cmdtrustpolicyauth);
643 deregistercontrolcmd("trustsockets", trusts_cmdtrustsockets);
644
645 deleteallschedules(trustdotimeout);
646
647 if (urandom)
648 fclose(urandom);
649
650 if (listenerfd != -1)
651 deregisterhandler(listenerfd, 1);
652
653 for(sock=tslist;sock;) {
654 next = sock->next;
655
656 trustkillconnection(sock, "Unloading module.");
657 trustfreeconnection(sock, 0);
658
659 sock = next;
660 }
661 }
Unnamed repository; edit this file 'description' to name the repository.