]> jfr.im git - irc/rqf/shadowircd.git/blob - ssld/ssld.c
projects / irc / rqf / shadowircd.git / blob
? search:


83ba7655e22ed2cb302cbcf23671280793fc6261
[irc/rqf/shadowircd.git] / ssld / ssld.c
1 /*
2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 *
21 * $Id: ssld.c 25677 2008-07-06 04:21:42Z androsyn $
22 */
23
24
25 #include "stdinc.h"
26
27 #ifdef HAVE_LIBZ
28 #include <zlib.h>
29 #endif
30
31 #define MAXPASSFD 4
32 #ifndef READBUF_SIZE
33 #define READBUF_SIZE 16384
34 #endif
35
36 static void setup_signals(void);
37
38 static inline int32_t buf_to_int32(char *buf)
39 {
40 int32_t x;
41 memcpy(&x, buf, sizeof(x));
42 return x;
43 }
44
45 static inline void int32_to_buf(char *buf, int32_t x)
46 {
47 memcpy(buf, &x, sizeof(x));
48 return;
49 }
50
51 static inline uint16_t buf_to_uint16(char *buf)
52 {
53 uint16_t x;
54 memcpy(&x, buf, sizeof(x));
55 return x;
56 }
57
58 static inline void uint16_to_buf(char *buf, uint16_t x)
59 {
60 memcpy(buf, &x, sizeof(x));
61 return;
62 }
63
64
65 static char inbuf[READBUF_SIZE];
66 #ifdef HAVE_LIBZ
67 static char outbuf[READBUF_SIZE];
68 #endif
69
70 typedef struct _mod_ctl_buf
71 {
72 rb_dlink_node node;
73 char *buf;
74 size_t buflen;
75 rb_fde_t *F[MAXPASSFD];
76 int nfds;
77 } mod_ctl_buf_t;
78
79 typedef struct _mod_ctl
80 {
81 rb_dlink_node node;
82 int cli_count;
83 rb_fde_t *F;
84 rb_fde_t *F_pipe;
85 rb_dlink_list readq;
86 rb_dlink_list writeq;
87 } mod_ctl_t;
88
89 static mod_ctl_t *mod_ctl;
90
91
92 #ifdef HAVE_LIBZ
93 typedef struct _zlib_stream
94 {
95 z_stream instream;
96 z_stream outstream;
97 } zlib_stream_t;
98 #endif
99
100 typedef struct _conn
101 {
102 rb_dlink_node node;
103 mod_ctl_t *ctl;
104 rawbuf_head_t *modbuf_out;
105 rawbuf_head_t *plainbuf_out;
106
107 int32_t id;
108
109 rb_fde_t *mod_fd;
110 rb_fde_t *plain_fd;
111 unsigned long long mod_out;
112 unsigned long long mod_in;
113 unsigned long long plain_in;
114 unsigned long long plain_out;
115 uint8_t flags;
116 void *stream;
117 } conn_t;
118
119 #define FLAG_SSL 0x01
120 #define FLAG_ZIP 0x02
121 #define FLAG_CORK 0x04
122 #define FLAG_DEAD 0x08
123 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
124 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
125
126 #define IsSSL(x) ((x)->flags & FLAG_SSL)
127 #define IsZip(x) ((x)->flags & FLAG_ZIP)
128 #define IsCork(x) ((x)->flags & FLAG_CORK)
129 #define IsDead(x) ((x)->flags & FLAG_DEAD)
130 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
131 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
132
133 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
134 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
135 #define SetCork(x) ((x)->flags |= FLAG_CORK)
136 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
137 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
138 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
139
140 #define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
141 #define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
142 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
143 #define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
144 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
145 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
146
147 #define NO_WAIT 0x0
148 #define WAIT_PLAIN 0x1
149
150 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
151 #define HASH_WALK_END }
152 #define CONN_HASH_SIZE 2000
153 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
154
155
156
157 static rb_dlink_list connid_hash_table[CONN_HASH_SIZE];
158 static rb_dlink_list dead_list;
159
160 static void conn_mod_read_cb(rb_fde_t * fd, void *data);
161 static void conn_mod_write_sendq(rb_fde_t *, void *data);
162 static void conn_plain_write_sendq(rb_fde_t *, void *data);
163 static void mod_write_ctl(rb_fde_t *, void *data);
164 static void conn_plain_read_cb(rb_fde_t * fd, void *data);
165 static void mod_cmd_write_queue(mod_ctl_t *ctl, const void *data, size_t len);
166 static const char *remote_closed = "Remote host closed the connection";
167 static int ssl_ok;
168 #ifdef HAVE_LIBZ
169 static int zlib_ok = 1;
170 #else
171 static int zlib_ok = 0;
172 #endif
173
174
175 #ifdef HAVE_LIBZ
176 static void *
177 ssld_alloc(void *unused, size_t count, size_t size)
178 {
179 return rb_malloc(count * size);
180 }
181
182 static void
183 ssld_free(void *unused, void *ptr)
184 {
185 rb_free(ptr);
186 }
187 #endif
188
189 static conn_t *
190 conn_find_by_id(int32_t id)
191 {
192 rb_dlink_node *ptr;
193 conn_t *conn;
194
195 RB_DLINK_FOREACH(ptr, (connid_hash(id))->head)
196 {
197 conn = ptr->data;
198 if(conn->id == id && !IsDead(conn))
199 return conn;
200 }
201 return NULL;
202 }
203
204 static void
205 conn_add_id_hash(conn_t * conn, int32_t id)
206 {
207 conn->id = id;
208 rb_dlinkAdd(conn, &conn->node, connid_hash(id));
209 }
210
211 static void
212 free_conn(conn_t * conn)
213 {
214 rb_free_rawbuffer(conn->modbuf_out);
215 rb_free_rawbuffer(conn->plainbuf_out);
216 #ifdef HAVE_LIBZ
217 if(IsZip(conn))
218 {
219 zlib_stream_t *stream = conn->stream;
220 inflateEnd(&stream->instream);
221 deflateEnd(&stream->outstream);
222 }
223 #endif
224 rb_free(conn);
225 }
226
227 static void
228 clean_dead_conns(void *unused)
229 {
230 conn_t *conn;
231 rb_dlink_node *ptr, *next;
232 RB_DLINK_FOREACH_SAFE(ptr, next, dead_list.head)
233 {
234 conn = ptr->data;
235 free_conn(conn);
236 }
237 dead_list.tail = dead_list.head = NULL;
238 }
239
240
241 static void
242 close_conn(conn_t * conn, int wait_plain, const char *fmt, ...)
243 {
244 va_list ap;
245 char reason[128]; /* must always be under 250 bytes */
246 char buf[256];
247 int len;
248 if(IsDead(conn))
249 return;
250
251 rb_rawbuf_flush(conn->modbuf_out, conn->mod_fd);
252 rb_rawbuf_flush(conn->plainbuf_out, conn->plain_fd);
253 rb_close(conn->mod_fd);
254 SetDead(conn);
255
256 if(!wait_plain || fmt == NULL)
257 {
258 rb_close(conn->plain_fd);
259
260 if(conn->id >= 0)
261 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
262 rb_dlinkAdd(conn, &conn->node, &dead_list);
263 return;
264 }
265 rb_setselect(conn->plain_fd, RB_SELECT_WRITE|RB_SELECT_READ, NULL, NULL);
266 va_start(ap, fmt);
267 rb_vsnprintf(reason, sizeof(reason), fmt, ap);
268 va_end(ap);
269
270 buf[0] = 'D';
271 int32_to_buf(&buf[1], conn->id);
272 strcpy(&buf[5], reason);
273 len = (strlen(reason) + 1) + 5;
274 mod_cmd_write_queue(conn->ctl, buf, len);
275 }
276
277 static conn_t *
278 make_conn(mod_ctl_t *ctl, rb_fde_t * mod_fd, rb_fde_t * plain_fd)
279 {
280 conn_t *conn = rb_malloc(sizeof(conn_t));
281 conn->ctl = ctl;
282 conn->modbuf_out = rb_new_rawbuffer();
283 conn->plainbuf_out = rb_new_rawbuffer();
284 conn->mod_fd = mod_fd;
285 conn->plain_fd = plain_fd;
286 conn->id = -1;
287 conn->stream = NULL;
288 rb_set_nb(mod_fd);
289 rb_set_nb(plain_fd);
290 return conn;
291 }
292
293 static void
294 check_handshake_flood(void *unused)
295 {
296 conn_t *conn;
297 rb_dlink_node *ptr, *next;
298 unsigned int count;
299 int i;
300 HASH_WALK_SAFE(i, CONN_HASH_SIZE, ptr, next, connid_hash_table)
301 {
302 conn = ptr->data;
303 if(!IsSSL(conn))
304 continue;
305
306 count = rb_ssl_handshake_count(conn->mod_fd);
307 /* nothing needs to do this more than twice in ten seconds i don't think */
308 if(count > 2)
309 close_conn(conn, WAIT_PLAIN, "Handshake flooding");
310 else
311 rb_ssl_clear_handshake_count(conn->mod_fd);
312 }
313 HASH_WALK_END
314
315 }
316
317 static void
318 conn_mod_write_sendq(rb_fde_t * fd, void *data)
319 {
320 conn_t *conn = data;
321 const char *err;
322 int retlen;
323 if(IsDead(conn))
324 return;
325
326 if(IsSSLWWantsR(conn))
327 {
328 ClearSSLWWantsR(conn);
329 conn_mod_read_cb(conn->mod_fd, conn);
330 if(IsDead(conn))
331 return;
332 }
333
334 while ((retlen = rb_rawbuf_flush(conn->modbuf_out, fd)) > 0)
335 conn->mod_out += retlen;
336
337 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
338 {
339 if(retlen == 0)
340 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
341 if(IsSSL(conn) && retlen == RB_RW_SSL_ERROR)
342 err = rb_get_ssl_strerror(conn->mod_fd);
343 else
344 err = strerror(errno);
345 close_conn(conn, WAIT_PLAIN, "Write error: %s", err);
346 return;
347 }
348 if(rb_rawbuf_length(conn->modbuf_out) > 0)
349 {
350 if(retlen != RB_RW_SSL_NEED_READ)
351 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_write_sendq, conn);
352 else
353 {
354 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_write_sendq, conn);
355 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
356 SetSSLWWantsR(conn);
357 }
358 }
359 else
360 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
361
362 if(IsCork(conn) && rb_rawbuf_length(conn->modbuf_out) == 0)
363 {
364 ClearCork(conn);
365 conn_plain_read_cb(conn->plain_fd, conn);
366 }
367
368 }
369
370 static void
371 conn_mod_write(conn_t * conn, void *data, size_t len)
372 {
373 if(IsDead(conn)) /* no point in queueing to a dead man */
374 return;
375 rb_rawbuf_append(conn->modbuf_out, data, len);
376 }
377
378 static void
379 conn_plain_write(conn_t * conn, void *data, size_t len)
380 {
381 if(IsDead(conn)) /* again no point in queueing to dead men */
382 return;
383 rb_rawbuf_append(conn->plainbuf_out, data, len);
384 }
385
386 static void
387 mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len)
388 {
389 mod_ctl_buf_t *ctl_buf;
390 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
391 ctl_buf->buf = rb_malloc(len);
392 ctl_buf->buflen = len;
393 memcpy(ctl_buf->buf, data, len);
394 ctl_buf->nfds = 0;
395 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->writeq);
396 mod_write_ctl(ctl->F, ctl);
397 }
398
399 #ifdef HAVE_LIBZ
400 static void
401 common_zlib_deflate(conn_t * conn, void *buf, size_t len)
402 {
403 int ret, have;
404 z_stream *outstream = &((zlib_stream_t *)conn->stream)->outstream;
405 outstream->next_in = buf;
406 outstream->avail_in = len;
407 outstream->next_out = (Bytef *) outbuf;
408 outstream->avail_out = sizeof(outbuf);
409
410 ret = deflate(outstream, Z_SYNC_FLUSH);
411 if(ret != Z_OK)
412 {
413 /* deflate error */
414 close_conn(conn, WAIT_PLAIN, "Deflate failed: %s", zError(ret));
415 return;
416 }
417 if(outstream->avail_out == 0)
418 {
419 /* avail_out empty */
420 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_out == 0");
421 return;
422 }
423 if(outstream->avail_in != 0)
424 {
425 /* avail_in isn't empty...*/
426 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_in != 0");
427 return;
428 }
429 have = sizeof(outbuf) - outstream->avail_out;
430 conn_mod_write(conn, outbuf, have);
431 }
432
433 static void
434 common_zlib_inflate(conn_t * conn, void *buf, size_t len)
435 {
436 int ret, have;
437 ((zlib_stream_t *)conn->stream)->instream.next_in = buf;
438 ((zlib_stream_t *)conn->stream)->instream.avail_in = len;
439 ((zlib_stream_t *)conn->stream)->instream.next_out = (Bytef *) outbuf;
440 ((zlib_stream_t *)conn->stream)->instream.avail_out = sizeof(outbuf);
441
442 while (((zlib_stream_t *)conn->stream)->instream.avail_in)
443 {
444 ret = inflate(&((zlib_stream_t *)conn->stream)->instream, Z_NO_FLUSH);
445 if(ret != Z_OK)
446 {
447 if(!strncmp("ERROR ", buf, 6))
448 {
449 close_conn(conn, WAIT_PLAIN, "Received uncompressed ERROR");
450 return;
451 }
452 close_conn(conn, WAIT_PLAIN, "Inflate failed: %s", zError(ret));
453 return;
454 }
455 have = sizeof(outbuf) - ((zlib_stream_t *)conn->stream)->instream.avail_out;
456
457 if(((zlib_stream_t *)conn->stream)->instream.avail_in)
458 {
459 conn_plain_write(conn, outbuf, have);
460 have = 0;
461 ((zlib_stream_t *)conn->stream)->instream.next_out = (Bytef *) outbuf;
462 ((zlib_stream_t *)conn->stream)->instream.avail_out = sizeof(outbuf);
463 }
464 }
465 if(have == 0)
466 return;
467
468 conn_plain_write(conn, outbuf, have);
469 }
470 #endif
471
472 static int
473 plain_check_cork(conn_t * conn)
474 {
475 if(rb_rawbuf_length(conn->modbuf_out) >= 4096)
476 {
477 /* if we have over 4k pending outbound, don't read until
478 * we've cleared the queue */
479 SetCork(conn);
480 rb_setselect(conn->plain_fd, RB_SELECT_READ, NULL, NULL);
481 /* try to write */
482 conn_mod_write_sendq(conn->mod_fd, conn);
483 return 1;
484 }
485 return 0;
486 }
487
488
489 static void
490 conn_plain_read_cb(rb_fde_t * fd, void *data)
491 {
492 conn_t *conn = data;
493 int length = 0;
494 if(conn == NULL)
495 return;
496
497 if(IsDead(conn))
498 return;
499
500 if(plain_check_cork(conn))
501 return;
502
503 while (1)
504 {
505 if(IsDead(conn))
506 return;
507
508 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
509
510 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
511 {
512 close_conn(conn, NO_WAIT, NULL);
513 return;
514 }
515
516 if(length < 0)
517 {
518 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_cb, conn);
519 conn_mod_write_sendq(conn->mod_fd, conn);
520 return;
521 }
522 conn->plain_in += length;
523
524 #ifdef HAVE_LIBZ
525 if(IsZip(conn))
526 common_zlib_deflate(conn, inbuf, length);
527 else
528 #endif
529 conn_mod_write(conn, inbuf, length);
530 if(IsDead(conn))
531 return;
532 if(plain_check_cork(conn))
533 return;
534 }
535 }
536
537 static void
538 conn_mod_read_cb(rb_fde_t * fd, void *data)
539 {
540 conn_t *conn = data;
541 const char *err = remote_closed;
542 int length;
543 if(conn == NULL)
544 return;
545 if(IsDead(conn))
546 return;
547
548 if(IsSSLRWantsW(conn))
549 {
550 ClearSSLRWantsW(conn);
551 conn_mod_write_sendq(conn->mod_fd, conn);
552 if(IsDead(conn))
553 return;
554 }
555
556 while (1)
557 {
558 if(IsDead(conn))
559 return;
560
561 length = rb_read(conn->mod_fd, inbuf, sizeof(inbuf));
562
563 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
564 {
565 if(length == 0) {
566 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
567 return;
568 }
569
570 if(IsSSL(conn) && length == RB_RW_SSL_ERROR)
571 err = rb_get_ssl_strerror(conn->mod_fd);
572 else
573 err = strerror(errno);
574 close_conn(conn, WAIT_PLAIN, "Read error: %s", err);
575 return;
576 }
577 if(length < 0)
578 {
579 if(length != RB_RW_SSL_NEED_WRITE)
580 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_read_cb, conn);
581 else
582 {
583 rb_setselect(conn->mod_fd, RB_SELECT_READ, NULL, NULL);
584 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_read_cb, conn);
585 SetSSLRWantsW(conn);
586 }
587 conn_plain_write_sendq(conn->plain_fd, conn);
588 return;
589 }
590 conn->mod_in += length;
591 #ifdef HAVE_LIBZ
592 if(IsZip(conn))
593 common_zlib_inflate(conn, inbuf, length);
594 else
595 #endif
596 conn_plain_write(conn, inbuf, length);
597 }
598 }
599
600 static void
601 conn_plain_write_sendq(rb_fde_t * fd, void *data)
602 {
603 conn_t *conn = data;
604 int retlen;
605
606 if(IsDead(conn))
607 return;
608
609 while ((retlen = rb_rawbuf_flush(conn->plainbuf_out, fd)) > 0)
610 {
611 conn->plain_out += retlen;
612 }
613 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
614 {
615 close_conn(data, NO_WAIT, NULL);
616 return;
617 }
618
619
620 if(rb_rawbuf_length(conn->plainbuf_out) > 0)
621 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, conn_plain_write_sendq, conn);
622 else
623 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
624 }
625
626 static int
627 maxconn(void)
628 {
629 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
630 struct rlimit limit;
631
632 if(!getrlimit(RLIMIT_NOFILE, &limit))
633 {
634 return limit.rlim_cur;
635 }
636 #endif /* RLIMIT_FD_MAX */
637 return MAXCONNECTIONS;
638 }
639
640 static void
641 ssl_process_accept_cb(rb_fde_t * F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
642 {
643 conn_t *conn = data;
644 if(status == RB_OK)
645 {
646 conn_mod_read_cb(conn->mod_fd, conn);
647 conn_plain_read_cb(conn->plain_fd, conn);
648 return;
649 }
650 /* ircd doesn't care about the reason for this */
651 close_conn(conn, NO_WAIT, 0);
652 return;
653 }
654
655 static void
656 ssl_process_connect_cb(rb_fde_t * F, int status, void *data)
657 {
658 conn_t *conn = data;
659 if(status == RB_OK)
660 {
661 conn_mod_read_cb(conn->mod_fd, conn);
662 conn_plain_read_cb(conn->plain_fd, conn);
663 }
664 else if(status == RB_ERR_TIMEOUT)
665 close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
666 else if(status == RB_ERROR_SSL)
667 close_conn(conn, WAIT_PLAIN, "%s", rb_get_ssl_strerror(conn->mod_fd));
668 else
669 close_conn(conn, WAIT_PLAIN, "SSL handshake failed");
670 }
671
672
673 static void
674 ssl_process_accept(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
675 {
676 conn_t *conn;
677 int32_t id;
678
679 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
680
681 id = buf_to_int32(&ctlb->buf[1]);
682
683 if(id >= 0)
684 conn_add_id_hash(conn, id);
685 SetSSL(conn);
686
687 if(rb_get_type(conn->mod_fd) & RB_FD_UNKNOWN)
688 {
689
690 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
691 }
692 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
693 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
694
695 rb_ssl_start_accepted(ctlb->F[0], ssl_process_accept_cb, conn, 10);
696 }
697
698 static void
699 ssl_process_connect(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
700 {
701 conn_t *conn;
702 int32_t id;
703 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
704
705 id = buf_to_int32(&ctlb->buf[1]);
706
707 if(id >= 0)
708 conn_add_id_hash(conn, id);
709 SetSSL(conn);
710
711 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
712 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
713
714 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
715 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
716
717
718 rb_ssl_start_connected(ctlb->F[0], ssl_process_connect_cb, conn, 10);
719 }
720
721 static void
722 process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
723 {
724 char outstat[512];
725 conn_t *conn;
726 const char *odata;
727 int32_t id;
728
729 id = buf_to_int32(&ctlb->buf[1]);
730
731 if(id < 0)
732 return;
733
734 odata = &ctlb->buf[5];
735 conn = conn_find_by_id(id);
736
737 if(conn == NULL)
738 return;
739
740 rb_snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata,
741 conn->plain_out, conn->mod_in, conn->plain_in, conn->mod_out);
742 conn->plain_out = 0;
743 conn->plain_in = 0;
744 conn->mod_in = 0;
745 conn->mod_out = 0;
746 mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */
747 }
748
749 #ifdef HAVE_LIBZ
750 static void
751 zlib_send_zip_ready(mod_ctl_t *ctl, conn_t *conn)
752 {
753 char buf[5];
754
755 buf[0] = 'R';
756 int32_to_buf(&buf[1], conn->id);
757 mod_cmd_write_queue(conn->ctl, buf, sizeof(buf));
758 }
759
760 static void
761 zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
762 {
763 uint8_t level;
764 size_t recvqlen;
765 size_t hdr = (sizeof(uint8_t) * 2) + sizeof(int32_t);
766 void *recvq_start;
767 z_stream *instream, *outstream;
768 conn_t *conn;
769 int32_t id;
770
771 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
772 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
773 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
774
775 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
776 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
777
778 id = buf_to_int32(&ctlb->buf[1]);
779 conn_add_id_hash(conn, id);
780
781 level = (uint8_t) ctlb->buf[5];
782
783 recvqlen = ctlb->buflen - hdr;
784 recvq_start = &ctlb->buf[6];
785
786 SetZip(conn);
787 conn->stream = rb_malloc(sizeof(zlib_stream_t));
788 instream = &((zlib_stream_t *)conn->stream)->instream;
789 outstream = &((zlib_stream_t *)conn->stream)->outstream;
790
791 instream->total_in = 0;
792 instream->total_out = 0;
793 instream->zalloc = (alloc_func) ssld_alloc;
794 instream->zfree = (free_func) ssld_free;
795 instream->data_type = Z_ASCII;
796 inflateInit(&((zlib_stream_t *)conn->stream)->instream);
797
798 outstream->total_in = 0;
799 outstream->total_out = 0;
800 outstream->zalloc = (alloc_func) ssld_alloc;
801 outstream->zfree = (free_func) ssld_free;
802 outstream->data_type = Z_ASCII;
803
804 if(level > 9)
805 level = Z_DEFAULT_COMPRESSION;
806
807 deflateInit(&((zlib_stream_t *)conn->stream)->outstream, level);
808 if(recvqlen > 0)
809 common_zlib_inflate(conn, recvq_start, recvqlen);
810 zlib_send_zip_ready(ctl, conn);
811 conn_mod_read_cb(conn->mod_fd, conn);
812 conn_plain_read_cb(conn->plain_fd, conn);
813 return;
814
815 }
816 #endif
817
818 static void
819 init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
820 {
821 char *path;
822 prng_seed_t seed_type;
823
824 seed_type = (prng_seed_t)ctl_buf->buf[1];
825 path = &ctl_buf->buf[2];
826 rb_init_prng(path, seed_type);
827 }
828
829
830 static void
831 ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
832 {
833 char *buf;
834 char *cert, *key, *dhparam;
835
836 buf = &ctl_buf->buf[2];
837 cert = buf;
838 buf += strlen(cert) + 1;
839 key = buf;
840 buf += strlen(key) + 1;
841 dhparam = buf;
842 if(strlen(dhparam) == 0)
843 dhparam = NULL;
844
845 if(!rb_setup_ssl_server(cert, key, dhparam))
846 {
847 const char *invalid = "I";
848 mod_cmd_write_queue(ctl, invalid, strlen(invalid));
849 return;
850 }
851 }
852
853 static void
854 send_nossl_support(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
855 {
856 static const char *nossl_cmd = "N";
857 conn_t *conn;
858 int32_t id;
859
860 if(ctlb != NULL)
861 {
862 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
863 id = buf_to_int32(&ctlb->buf[1]);
864
865 if(id >= 0)
866 conn_add_id_hash(conn, id);
867 close_conn(conn, WAIT_PLAIN, "libratbox reports no SSL/TLS support");
868 }
869 mod_cmd_write_queue(ctl, nossl_cmd, strlen(nossl_cmd));
870 }
871
872 static void
873 send_i_am_useless(mod_ctl_t *ctl)
874 {
875 static const char *useless = "U";
876 mod_cmd_write_queue(ctl, useless, strlen(useless));
877 }
878
879 static void
880 send_nozlib_support(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
881 {
882 static const char *nozlib_cmd = "z";
883 conn_t *conn;
884 int32_t id;
885 if(ctlb != NULL)
886 {
887 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
888 id = buf_to_int32(&ctlb->buf[1]);
889
890 if(id >= 0)
891 conn_add_id_hash(conn, id);
892 close_conn(conn, WAIT_PLAIN, "libratbox reports no zlib support");
893 }
894 mod_cmd_write_queue(ctl, nozlib_cmd, strlen(nozlib_cmd));
895 }
896
897 static void
898 mod_process_cmd_recv(mod_ctl_t * ctl)
899 {
900 rb_dlink_node *ptr, *next;
901 mod_ctl_buf_t *ctl_buf;
902
903 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->readq.head)
904 {
905 ctl_buf = ptr->data;
906
907 switch (*ctl_buf->buf)
908 {
909 case 'A':
910 {
911 if(!ssl_ok)
912 {
913 send_nossl_support(ctl, ctl_buf);
914 break;
915 }
916 ssl_process_accept(ctl, ctl_buf);
917 break;
918 }
919 case 'C':
920 {
921 if(!ssl_ok)
922 {
923 send_nossl_support(ctl, ctl_buf);
924 break;
925 }
926 ssl_process_connect(ctl, ctl_buf);
927 break;
928 }
929
930 case 'K':
931 {
932 if(!ssl_ok)
933 {
934 send_nossl_support(ctl, ctl_buf);
935 break;
936 }
937 ssl_new_keys(ctl, ctl_buf);
938 break;
939 }
940 case 'I':
941 init_prng(ctl, ctl_buf);
942 break;
943 case 'S':
944 {
945 process_stats(ctl, ctl_buf);
946 break;
947 }
948 #ifdef HAVE_LIBZ
949 case 'Z':
950 {
951 /* just zlib only */
952 zlib_process(ctl, ctl_buf);
953 break;
954 }
955 #else
956 case 'Y':
957 case 'Z':
958 send_nozlib_support(ctl, ctl_buf);
959 break;
960
961 #endif
962 default:
963 break;
964 /* Log unknown commands */
965 }
966 rb_dlinkDelete(ptr, &ctl->readq);
967 rb_free(ctl_buf->buf);
968 rb_free(ctl_buf);
969 }
970
971 }
972
973
974
975 static void
976 mod_read_ctl(rb_fde_t * F, void *data)
977 {
978 mod_ctl_buf_t *ctl_buf;
979 mod_ctl_t *ctl = data;
980 int retlen;
981
982 do
983 {
984 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
985 ctl_buf->buf = rb_malloc(READBUF_SIZE);
986 ctl_buf->buflen = READBUF_SIZE;
987 retlen = rb_recv_fd_buf(ctl->F, ctl_buf->buf, ctl_buf->buflen, ctl_buf->F,
988 MAXPASSFD);
989 if(retlen <= 0)
990 {
991 rb_free(ctl_buf->buf);
992 rb_free(ctl_buf);
993 }
994 else
995 {
996 ctl_buf->buflen = retlen;
997 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->readq);
998 }
999 }
1000 while (retlen > 0);
1001
1002 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1003 exit(0);
1004
1005 mod_process_cmd_recv(ctl);
1006 rb_setselect(ctl->F, RB_SELECT_READ, mod_read_ctl, ctl);
1007 }
1008
1009 static void
1010 mod_write_ctl(rb_fde_t * F, void *data)
1011 {
1012 mod_ctl_t *ctl = data;
1013 mod_ctl_buf_t *ctl_buf;
1014 rb_dlink_node *ptr, *next;
1015 int retlen, x;
1016
1017 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->writeq.head)
1018 {
1019 ctl_buf = ptr->data;
1020 retlen = rb_send_fd_buf(ctl->F, ctl_buf->F, ctl_buf->nfds, ctl_buf->buf,
1021 ctl_buf->buflen);
1022 if(retlen > 0)
1023 {
1024 rb_dlinkDelete(ptr, &ctl->writeq);
1025 for (x = 0; x < ctl_buf->nfds; x++)
1026 rb_close(ctl_buf->F[x]);
1027 rb_free(ctl_buf->buf);
1028 rb_free(ctl_buf);
1029
1030 }
1031 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1032 exit(0);
1033
1034 rb_setselect(ctl->F, RB_SELECT_WRITE, mod_write_ctl, ctl);
1035 }
1036 }
1037
1038
1039 static void
1040 read_pipe_ctl(rb_fde_t * F, void *data)
1041 {
1042 int retlen;
1043 while ((retlen = rb_read(F, inbuf, sizeof(inbuf))) > 0)
1044 {
1045 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1046 }
1047 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1048 exit(0);
1049 rb_setselect(F, RB_SELECT_READ, read_pipe_ctl, NULL);
1050
1051 }
1052
1053 int
1054 main(int argc, char **argv)
1055 {
1056 const char *s_ctlfd, *s_pipe;
1057 int ctlfd, pipefd, x, maxfd;
1058 maxfd = maxconn();
1059 s_ctlfd = getenv("CTL_FD");
1060 s_pipe = getenv("CTL_PIPE");
1061
1062 if(s_ctlfd == NULL || s_pipe == NULL)
1063 {
1064 fprintf(stderr, "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n");
1065 fprintf(stderr, "You get an Id tag for this: $Id: ssld.c 25677 2008-07-06 04:21:42Z androsyn $\n");
1066 fprintf(stderr, "Have a nice life\n");
1067 exit(1);
1068 }
1069
1070 ctlfd = atoi(s_ctlfd);
1071 pipefd = atoi(s_pipe);
1072
1073 for (x = 0; x < maxfd; x++)
1074 {
1075 if(x != ctlfd && x != pipefd && x > 2)
1076 close(x);
1077 }
1078
1079 x = open("/dev/null", O_RDWR);
1080 if(x >= 0)
1081 {
1082 if(ctlfd != 0 && pipefd != 0)
1083 dup2(x, 0);
1084 if(ctlfd != 1 && pipefd != 1)
1085 dup2(x, 1);
1086 if(ctlfd != 2 && pipefd != 2)
1087 dup2(x, 2);
1088 if(x > 2)
1089 close(x);
1090 }
1091
1092 setup_signals();
1093 rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096);
1094 rb_init_rawbuffers(1024);
1095 ssl_ok = rb_supports_ssl();
1096
1097 mod_ctl = rb_malloc(sizeof(mod_ctl_t));
1098 mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket");
1099 mod_ctl->F_pipe = rb_open(pipefd, RB_FD_PIPE, "ircd pipe");
1100 rb_set_nb(mod_ctl->F);
1101 rb_set_nb(mod_ctl->F_pipe);
1102 rb_event_addish("clean_dead_conns", clean_dead_conns, NULL, 10);
1103 rb_event_add("check_handshake_flood", check_handshake_flood, NULL, 10);
1104 read_pipe_ctl(mod_ctl->F_pipe, NULL);
1105 mod_read_ctl(mod_ctl->F, mod_ctl);
1106 if(!zlib_ok && !ssl_ok)
1107 {
1108 /* this is really useless... */
1109 send_i_am_useless(mod_ctl);
1110 /* sleep until the ircd kills us */
1111 rb_sleep(2<<30, 0);
1112 exit(1);
1113 }
1114
1115 if(!zlib_ok)
1116 send_nozlib_support(mod_ctl, NULL);
1117 if(!ssl_ok)
1118 send_nossl_support(mod_ctl, NULL);
1119 rb_lib_loop(0);
1120 return 0;
1121 }
1122
1123
1124
1125 static void
1126 dummy_handler(int sig)
1127 {
1128 return;
1129 }
1130
1131 static void
1132 setup_signals()
1133 {
1134 struct sigaction act;
1135
1136 act.sa_flags = 0;
1137 act.sa_handler = SIG_IGN;
1138 sigemptyset(&act.sa_mask);
1139 sigaddset(&act.sa_mask, SIGPIPE);
1140 sigaddset(&act.sa_mask, SIGALRM);
1141 #ifdef SIGTRAP
1142 sigaddset(&act.sa_mask, SIGTRAP);
1143 #endif
1144
1145 #ifdef SIGWINCH
1146 sigaddset(&act.sa_mask, SIGWINCH);
1147 sigaction(SIGWINCH, &act, 0);
1148 #endif
1149 sigaction(SIGPIPE, &act, 0);
1150 #ifdef SIGTRAP
1151 sigaction(SIGTRAP, &act, 0);
1152 #endif
1153
1154 act.sa_handler = dummy_handler;
1155 sigaction(SIGALRM, &act, 0);
1156 }
1157
Unnamed repository; edit this file 'description' to name the repository.