]> jfr.im git - irc/rqf/shadowircd.git/blob - ssld/ssld.c
projects / irc / rqf / shadowircd.git / blob
? search:


a6c6b5f9399ea2331b98314bc0313f6cbd86b25d
[irc/rqf/shadowircd.git] / ssld / ssld.c
1 /*
2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 *
21 * $Id$
22 */
23
24
25 #include "stdinc.h"
26
27 #ifdef HAVE_LIBZ
28 #include <zlib.h>
29 #endif
30
31 #define MAXPASSFD 4
32 #ifndef READBUF_SIZE
33 #define READBUF_SIZE 16384
34 #endif
35
36 static void setup_signals(void);
37 static pid_t ppid;
38
39 static inline int32_t
40 buf_to_int32(char *buf)
41 {
42 int32_t x;
43 memcpy(&x, buf, sizeof(x));
44 return x;
45 }
46
47 static inline void
48 int32_to_buf(char *buf, int32_t x)
49 {
50 memcpy(buf, &x, sizeof(x));
51 return;
52 }
53
54 static inline uint16_t
55 buf_to_uint16(char *buf)
56 {
57 uint16_t x;
58 memcpy(&x, buf, sizeof(x));
59 return x;
60 }
61
62 static inline void
63 uint16_to_buf(char *buf, uint16_t x)
64 {
65 memcpy(buf, &x, sizeof(x));
66 return;
67 }
68
69
70 static char inbuf[READBUF_SIZE];
71 #ifdef HAVE_LIBZ
72 static char outbuf[READBUF_SIZE];
73 #endif
74
75 typedef struct _mod_ctl_buf
76 {
77 rb_dlink_node node;
78 char *buf;
79 size_t buflen;
80 rb_fde_t *F[MAXPASSFD];
81 int nfds;
82 } mod_ctl_buf_t;
83
84 typedef struct _mod_ctl
85 {
86 rb_dlink_node node;
87 int cli_count;
88 rb_fde_t *F;
89 rb_fde_t *F_pipe;
90 rb_dlink_list readq;
91 rb_dlink_list writeq;
92 } mod_ctl_t;
93
94 static mod_ctl_t *mod_ctl;
95
96
97 #ifdef HAVE_LIBZ
98 typedef struct _zlib_stream
99 {
100 z_stream instream;
101 z_stream outstream;
102 } zlib_stream_t;
103 #endif
104
105 typedef struct _conn
106 {
107 rb_dlink_node node;
108 mod_ctl_t *ctl;
109 rawbuf_head_t *modbuf_out;
110 rawbuf_head_t *plainbuf_out;
111
112 int32_t id;
113
114 rb_fde_t *mod_fd;
115 rb_fde_t *plain_fd;
116 unsigned long long mod_out;
117 unsigned long long mod_in;
118 unsigned long long plain_in;
119 unsigned long long plain_out;
120 uint8_t flags;
121 void *stream;
122 } conn_t;
123
124 #define FLAG_SSL 0x01
125 #define FLAG_ZIP 0x02
126 #define FLAG_CORK 0x04
127 #define FLAG_DEAD 0x08
128 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
129 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
130 #define FLAG_ZIPSSL 0x40
131
132 #define IsSSL(x) ((x)->flags & FLAG_SSL)
133 #define IsZip(x) ((x)->flags & FLAG_ZIP)
134 #define IsCork(x) ((x)->flags & FLAG_CORK)
135 #define IsDead(x) ((x)->flags & FLAG_DEAD)
136 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
137 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
138 #define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
139
140 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
141 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
142 #define SetCork(x) ((x)->flags |= FLAG_CORK)
143 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
144 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
145 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
146 #define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
147
148 #define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
149 #define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
150 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
151 #define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
152 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
153 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
154 #define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
155
156 #define NO_WAIT 0x0
157 #define WAIT_PLAIN 0x1
158
159 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
160 #define HASH_WALK_END }
161 #define CONN_HASH_SIZE 2000
162 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
163
164
165
166 static rb_dlink_list connid_hash_table[CONN_HASH_SIZE];
167 static rb_dlink_list dead_list;
168
169 static void conn_mod_read_cb(rb_fde_t *fd, void *data);
170 static void conn_mod_write_sendq(rb_fde_t *, void *data);
171 static void conn_plain_write_sendq(rb_fde_t *, void *data);
172 static void mod_write_ctl(rb_fde_t *, void *data);
173 static void conn_plain_read_cb(rb_fde_t *fd, void *data);
174 static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data);
175 static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len);
176 static const char *remote_closed = "Remote host closed the connection";
177 static int ssl_ok;
178 #ifdef HAVE_LIBZ
179 static int zlib_ok = 1;
180 #else
181 static int zlib_ok = 0;
182 #endif
183
184
185 #ifdef HAVE_LIBZ
186 static void *
187 ssld_alloc(void *unused, size_t count, size_t size)
188 {
189 return rb_malloc(count * size);
190 }
191
192 static void
193 ssld_free(void *unused, void *ptr)
194 {
195 rb_free(ptr);
196 }
197 #endif
198
199 static conn_t *
200 conn_find_by_id(int32_t id)
201 {
202 rb_dlink_node *ptr;
203 conn_t *conn;
204
205 RB_DLINK_FOREACH(ptr, (connid_hash(id))->head)
206 {
207 conn = ptr->data;
208 if(conn->id == id && !IsDead(conn))
209 return conn;
210 }
211 return NULL;
212 }
213
214 static void
215 conn_add_id_hash(conn_t * conn, int32_t id)
216 {
217 conn->id = id;
218 rb_dlinkAdd(conn, &conn->node, connid_hash(id));
219 }
220
221 static void
222 free_conn(conn_t * conn)
223 {
224 rb_free_rawbuffer(conn->modbuf_out);
225 rb_free_rawbuffer(conn->plainbuf_out);
226 #ifdef HAVE_LIBZ
227 if(IsZip(conn))
228 {
229 zlib_stream_t *stream = conn->stream;
230 inflateEnd(&stream->instream);
231 deflateEnd(&stream->outstream);
232 }
233 #endif
234 rb_free(conn);
235 }
236
237 static void
238 clean_dead_conns(void *unused)
239 {
240 conn_t *conn;
241 rb_dlink_node *ptr, *next;
242 RB_DLINK_FOREACH_SAFE(ptr, next, dead_list.head)
243 {
244 conn = ptr->data;
245 free_conn(conn);
246 }
247 dead_list.tail = dead_list.head = NULL;
248 }
249
250
251 static void
252 close_conn(conn_t * conn, int wait_plain, const char *fmt, ...)
253 {
254 va_list ap;
255 char reason[128]; /* must always be under 250 bytes */
256 char buf[256];
257 int len;
258 if(IsDead(conn))
259 return;
260
261 rb_rawbuf_flush(conn->modbuf_out, conn->mod_fd);
262 rb_rawbuf_flush(conn->plainbuf_out, conn->plain_fd);
263 rb_close(conn->mod_fd);
264 SetDead(conn);
265
266 if(conn->id >= 0 && !IsZipSSL(conn))
267 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
268
269 if(!wait_plain || fmt == NULL)
270 {
271 rb_close(conn->plain_fd);
272 rb_dlinkAdd(conn, &conn->node, &dead_list);
273 return;
274 }
275 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
276 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
277 va_start(ap, fmt);
278 rb_vsnprintf(reason, sizeof(reason), fmt, ap);
279 va_end(ap);
280
281 buf[0] = 'D';
282 int32_to_buf(&buf[1], conn->id);
283 strcpy(&buf[5], reason);
284 len = (strlen(reason) + 1) + 5;
285 mod_cmd_write_queue(conn->ctl, buf, len);
286 }
287
288 static conn_t *
289 make_conn(mod_ctl_t * ctl, rb_fde_t *mod_fd, rb_fde_t *plain_fd)
290 {
291 conn_t *conn = rb_malloc(sizeof(conn_t));
292 conn->ctl = ctl;
293 conn->modbuf_out = rb_new_rawbuffer();
294 conn->plainbuf_out = rb_new_rawbuffer();
295 conn->mod_fd = mod_fd;
296 conn->plain_fd = plain_fd;
297 conn->id = -1;
298 conn->stream = NULL;
299 rb_set_nb(mod_fd);
300 rb_set_nb(plain_fd);
301 return conn;
302 }
303
304 static void
305 check_handshake_flood(void *unused)
306 {
307 conn_t *conn;
308 rb_dlink_node *ptr, *next;
309 unsigned int count;
310 int i;
311 HASH_WALK_SAFE(i, CONN_HASH_SIZE, ptr, next, connid_hash_table)
312 {
313 conn = ptr->data;
314 if(!IsSSL(conn))
315 continue;
316
317 count = rb_ssl_handshake_count(conn->mod_fd);
318 /* nothing needs to do this more than twice in ten seconds i don't think */
319 if(count > 2)
320 close_conn(conn, WAIT_PLAIN, "Handshake flooding");
321 else
322 rb_ssl_clear_handshake_count(conn->mod_fd);
323 }
324 HASH_WALK_END}
325
326 static void
327 conn_mod_write_sendq(rb_fde_t *fd, void *data)
328 {
329 conn_t *conn = data;
330 const char *err;
331 int retlen;
332 if(IsDead(conn))
333 return;
334
335 if(IsSSLWWantsR(conn))
336 {
337 ClearSSLWWantsR(conn);
338 conn_mod_read_cb(conn->mod_fd, conn);
339 if(IsDead(conn))
340 return;
341 }
342
343 while((retlen = rb_rawbuf_flush(conn->modbuf_out, fd)) > 0)
344 conn->mod_out += retlen;
345
346 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
347 {
348 if(retlen == 0)
349 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
350 if(IsSSL(conn) && retlen == RB_RW_SSL_ERROR)
351 err = rb_get_ssl_strerror(conn->mod_fd);
352 else
353 err = strerror(errno);
354 close_conn(conn, WAIT_PLAIN, "Write error: %s", err);
355 return;
356 }
357 if(rb_rawbuf_length(conn->modbuf_out) > 0)
358 {
359 if(retlen != RB_RW_SSL_NEED_READ)
360 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_write_sendq, conn);
361 else
362 {
363 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_write_sendq, conn);
364 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
365 SetSSLWWantsR(conn);
366 }
367 }
368 else
369 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
370
371 if(IsCork(conn) && rb_rawbuf_length(conn->modbuf_out) == 0)
372 {
373 ClearCork(conn);
374 conn_plain_read_cb(conn->plain_fd, conn);
375 }
376
377 }
378
379 static void
380 conn_mod_write(conn_t * conn, void *data, size_t len)
381 {
382 if(IsDead(conn)) /* no point in queueing to a dead man */
383 return;
384 rb_rawbuf_append(conn->modbuf_out, data, len);
385 }
386
387 static void
388 conn_plain_write(conn_t * conn, void *data, size_t len)
389 {
390 if(IsDead(conn)) /* again no point in queueing to dead men */
391 return;
392 rb_rawbuf_append(conn->plainbuf_out, data, len);
393 }
394
395 static void
396 mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len)
397 {
398 mod_ctl_buf_t *ctl_buf;
399 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
400 ctl_buf->buf = rb_malloc(len);
401 ctl_buf->buflen = len;
402 memcpy(ctl_buf->buf, data, len);
403 ctl_buf->nfds = 0;
404 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->writeq);
405 mod_write_ctl(ctl->F, ctl);
406 }
407
408 #ifdef HAVE_LIBZ
409 static void
410 common_zlib_deflate(conn_t * conn, void *buf, size_t len)
411 {
412 int ret, have;
413 z_stream *outstream = &((zlib_stream_t *) conn->stream)->outstream;
414 outstream->next_in = buf;
415 outstream->avail_in = len;
416 outstream->next_out = (Bytef *) outbuf;
417 outstream->avail_out = sizeof(outbuf);
418
419 ret = deflate(outstream, Z_SYNC_FLUSH);
420 if(ret != Z_OK)
421 {
422 /* deflate error */
423 close_conn(conn, WAIT_PLAIN, "Deflate failed: %s", zError(ret));
424 return;
425 }
426 if(outstream->avail_out == 0)
427 {
428 /* avail_out empty */
429 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_out == 0");
430 return;
431 }
432 if(outstream->avail_in != 0)
433 {
434 /* avail_in isn't empty... */
435 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_in != 0");
436 return;
437 }
438 have = sizeof(outbuf) - outstream->avail_out;
439 conn_mod_write(conn, outbuf, have);
440 }
441
442 static void
443 common_zlib_inflate(conn_t * conn, void *buf, size_t len)
444 {
445 int ret, have = 0;
446 ((zlib_stream_t *) conn->stream)->instream.next_in = buf;
447 ((zlib_stream_t *) conn->stream)->instream.avail_in = len;
448 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
449 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
450
451 while(((zlib_stream_t *) conn->stream)->instream.avail_in)
452 {
453 ret = inflate(&((zlib_stream_t *) conn->stream)->instream, Z_NO_FLUSH);
454 if(ret != Z_OK)
455 {
456 if(!strncmp("ERROR ", buf, 6))
457 {
458 close_conn(conn, WAIT_PLAIN, "Received uncompressed ERROR");
459 return;
460 }
461 close_conn(conn, WAIT_PLAIN, "Inflate failed: %s", zError(ret));
462 return;
463 }
464 have = sizeof(outbuf) - ((zlib_stream_t *) conn->stream)->instream.avail_out;
465
466 if(((zlib_stream_t *) conn->stream)->instream.avail_in)
467 {
468 conn_plain_write(conn, outbuf, have);
469 have = 0;
470 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
471 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
472 }
473 }
474 if(have == 0)
475 return;
476
477 conn_plain_write(conn, outbuf, have);
478 }
479 #endif
480
481 static int
482 plain_check_cork(conn_t * conn)
483 {
484 if(rb_rawbuf_length(conn->modbuf_out) >= 4096)
485 {
486 /* if we have over 4k pending outbound, don't read until
487 * we've cleared the queue */
488 SetCork(conn);
489 rb_setselect(conn->plain_fd, RB_SELECT_READ, NULL, NULL);
490 /* try to write */
491 conn_mod_write_sendq(conn->mod_fd, conn);
492 return 1;
493 }
494 return 0;
495 }
496
497
498 static void
499 conn_plain_read_cb(rb_fde_t *fd, void *data)
500 {
501 conn_t *conn = data;
502 int length = 0;
503 if(conn == NULL)
504 return;
505
506 if(IsDead(conn))
507 return;
508
509 if(plain_check_cork(conn))
510 return;
511
512 while(1)
513 {
514 if(IsDead(conn))
515 return;
516
517 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
518
519 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
520 {
521 close_conn(conn, NO_WAIT, NULL);
522 return;
523 }
524
525 if(length < 0)
526 {
527 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_cb, conn);
528 conn_mod_write_sendq(conn->mod_fd, conn);
529 return;
530 }
531 conn->plain_in += length;
532
533 #ifdef HAVE_LIBZ
534 if(IsZip(conn))
535 common_zlib_deflate(conn, inbuf, length);
536 else
537 #endif
538 conn_mod_write(conn, inbuf, length);
539 if(IsDead(conn))
540 return;
541 if(plain_check_cork(conn))
542 return;
543 }
544 }
545
546 static void
547 conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data)
548 {
549 conn_t *conn = data;
550 int length = 0;
551
552 if(conn == NULL)
553 return;
554
555 while(1)
556 {
557 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
558
559 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
560 {
561 rb_close(conn->plain_fd);
562 rb_dlinkAdd(conn, &conn->node, &dead_list);
563 return;
564 }
565
566 if(length < 0)
567 {
568 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
569 return;
570 }
571 }
572 }
573
574 static void
575 conn_mod_read_cb(rb_fde_t *fd, void *data)
576 {
577 conn_t *conn = data;
578 const char *err = remote_closed;
579 int length;
580 if(conn == NULL)
581 return;
582 if(IsDead(conn))
583 return;
584
585 if(IsSSLRWantsW(conn))
586 {
587 ClearSSLRWantsW(conn);
588 conn_mod_write_sendq(conn->mod_fd, conn);
589 if(IsDead(conn))
590 return;
591 }
592
593 while(1)
594 {
595 if(IsDead(conn))
596 return;
597
598 length = rb_read(conn->mod_fd, inbuf, sizeof(inbuf));
599
600 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
601 {
602 if(length == 0)
603 {
604 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
605 return;
606 }
607
608 if(IsSSL(conn) && length == RB_RW_SSL_ERROR)
609 err = rb_get_ssl_strerror(conn->mod_fd);
610 else
611 err = strerror(errno);
612 close_conn(conn, WAIT_PLAIN, "Read error: %s", err);
613 return;
614 }
615 if(length < 0)
616 {
617 if(length != RB_RW_SSL_NEED_WRITE)
618 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_read_cb, conn);
619 else
620 {
621 rb_setselect(conn->mod_fd, RB_SELECT_READ, NULL, NULL);
622 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_read_cb, conn);
623 SetSSLRWantsW(conn);
624 }
625 conn_plain_write_sendq(conn->plain_fd, conn);
626 return;
627 }
628 conn->mod_in += length;
629 #ifdef HAVE_LIBZ
630 if(IsZip(conn))
631 common_zlib_inflate(conn, inbuf, length);
632 else
633 #endif
634 conn_plain_write(conn, inbuf, length);
635 }
636 }
637
638 static void
639 conn_plain_write_sendq(rb_fde_t *fd, void *data)
640 {
641 conn_t *conn = data;
642 int retlen;
643
644 if(IsDead(conn))
645 return;
646
647 while((retlen = rb_rawbuf_flush(conn->plainbuf_out, fd)) > 0)
648 {
649 conn->plain_out += retlen;
650 }
651 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
652 {
653 close_conn(data, NO_WAIT, NULL);
654 return;
655 }
656
657
658 if(rb_rawbuf_length(conn->plainbuf_out) > 0)
659 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, conn_plain_write_sendq, conn);
660 else
661 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
662 }
663
664 static int
665 maxconn(void)
666 {
667 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
668 struct rlimit limit;
669
670 if(!getrlimit(RLIMIT_NOFILE, &limit))
671 {
672 return limit.rlim_cur;
673 }
674 #endif /* RLIMIT_FD_MAX */
675 return MAXCONNECTIONS;
676 }
677
678 static void
679 ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
680 {
681 conn_t *conn = data;
682 char buf[5 + RB_SSL_CERTFP_LEN];
683
684 if(status == RB_OK)
685 {
686 if(rb_get_ssl_certfp(F, &buf[5]))
687 {
688 buf[0] = 'F';
689 int32_to_buf(&buf[1], conn->id);
690 mod_cmd_write_queue(conn->ctl, buf, sizeof buf);
691 }
692 conn_mod_read_cb(conn->mod_fd, conn);
693 conn_plain_read_cb(conn->plain_fd, conn);
694 return;
695 }
696 /* ircd doesn't care about the reason for this */
697 close_conn(conn, NO_WAIT, 0);
698 return;
699 }
700
701 static void
702 ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
703 {
704 conn_t *conn = data;
705 if(status == RB_OK)
706 {
707 conn_mod_read_cb(conn->mod_fd, conn);
708 conn_plain_read_cb(conn->plain_fd, conn);
709 }
710 else if(status == RB_ERR_TIMEOUT)
711 close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
712 else if(status == RB_ERROR_SSL)
713 close_conn(conn, WAIT_PLAIN, "%s", rb_get_ssl_strerror(conn->mod_fd));
714 else
715 close_conn(conn, WAIT_PLAIN, "SSL handshake failed");
716 }
717
718
719 static void
720 cleanup_bad_message(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
721 {
722 int i;
723
724 /* XXX should log this somehow */
725 for (i = 0; i < ctlb->nfds; i++)
726 rb_close(ctlb->F[i]);
727 }
728
729 static void
730 ssl_process_accept(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
731 {
732 conn_t *conn;
733 int32_t id;
734
735 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
736
737 id = buf_to_int32(&ctlb->buf[1]);
738
739 if(id >= 0)
740 conn_add_id_hash(conn, id);
741 SetSSL(conn);
742
743 if(rb_get_type(conn->mod_fd) & RB_FD_UNKNOWN)
744 {
745
746 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
747 }
748 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
749 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
750
751 rb_ssl_start_accepted(ctlb->F[0], ssl_process_accept_cb, conn, 10);
752 }
753
754 static void
755 ssl_process_connect(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
756 {
757 conn_t *conn;
758 int32_t id;
759 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
760
761 id = buf_to_int32(&ctlb->buf[1]);
762
763 if(id >= 0)
764 conn_add_id_hash(conn, id);
765 SetSSL(conn);
766
767 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
768 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
769
770 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
771 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
772
773
774 rb_ssl_start_connected(ctlb->F[0], ssl_process_connect_cb, conn, 10);
775 }
776
777 static void
778 process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
779 {
780 char outstat[512];
781 conn_t *conn;
782 const char *odata;
783 int32_t id;
784
785 id = buf_to_int32(&ctlb->buf[1]);
786
787 if(id < 0)
788 return;
789
790 odata = &ctlb->buf[5];
791 conn = conn_find_by_id(id);
792
793 if(conn == NULL)
794 return;
795
796 rb_snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata,
797 conn->plain_out, conn->mod_in, conn->plain_in, conn->mod_out);
798 conn->plain_out = 0;
799 conn->plain_in = 0;
800 conn->mod_in = 0;
801 conn->mod_out = 0;
802 mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */
803 }
804
805 static void
806 change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
807 {
808 int32_t id = buf_to_int32(&ctlb->buf[1]);
809 int32_t newid = buf_to_int32(&ctlb->buf[5]);
810 conn_t *conn = conn_find_by_id(id);
811 if(conn->id >= 0)
812 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
813 SetZipSSL(conn);
814 conn->id = newid;
815 }
816
817 #ifdef HAVE_LIBZ
818 static void
819 zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
820 {
821 uint8_t level;
822 size_t recvqlen;
823 size_t hdr = (sizeof(uint8_t) * 2) + sizeof(int32_t);
824 void *recvq_start;
825 z_stream *instream, *outstream;
826 conn_t *conn;
827 int32_t id;
828
829 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
830 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
831 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
832
833 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
834 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
835
836 id = buf_to_int32(&ctlb->buf[1]);
837 conn_add_id_hash(conn, id);
838
839 level = (uint8_t)ctlb->buf[5];
840
841 recvqlen = ctlb->buflen - hdr;
842 recvq_start = &ctlb->buf[6];
843
844 SetZip(conn);
845 conn->stream = rb_malloc(sizeof(zlib_stream_t));
846 instream = &((zlib_stream_t *) conn->stream)->instream;
847 outstream = &((zlib_stream_t *) conn->stream)->outstream;
848
849 instream->total_in = 0;
850 instream->total_out = 0;
851 instream->zalloc = (alloc_func) ssld_alloc;
852 instream->zfree = (free_func) ssld_free;
853 instream->data_type = Z_ASCII;
854 inflateInit(&((zlib_stream_t *) conn->stream)->instream);
855
856 outstream->total_in = 0;
857 outstream->total_out = 0;
858 outstream->zalloc = (alloc_func) ssld_alloc;
859 outstream->zfree = (free_func) ssld_free;
860 outstream->data_type = Z_ASCII;
861
862 if(level > 9)
863 level = Z_DEFAULT_COMPRESSION;
864
865 deflateInit(&((zlib_stream_t *) conn->stream)->outstream, level);
866 if(recvqlen > 0)
867 common_zlib_inflate(conn, recvq_start, recvqlen);
868
869 conn_mod_read_cb(conn->mod_fd, conn);
870 conn_plain_read_cb(conn->plain_fd, conn);
871 return;
872
873 }
874 #endif
875
876 static void
877 init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
878 {
879 char *path;
880 prng_seed_t seed_type;
881
882 seed_type = (prng_seed_t) ctl_buf->buf[1];
883 path = &ctl_buf->buf[2];
884 rb_init_prng(path, seed_type);
885 }
886
887
888 static void
889 ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
890 {
891 char *buf;
892 char *cert, *key, *dhparam;
893
894 buf = &ctl_buf->buf[2];
895 cert = buf;
896 buf += strlen(cert) + 1;
897 key = buf;
898 buf += strlen(key) + 1;
899 dhparam = buf;
900 if(strlen(dhparam) == 0)
901 dhparam = NULL;
902
903 if(!rb_setup_ssl_server(cert, key, dhparam))
904 {
905 const char *invalid = "I";
906 mod_cmd_write_queue(ctl, invalid, strlen(invalid));
907 return;
908 }
909 }
910
911 static void
912 send_nossl_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
913 {
914 static const char *nossl_cmd = "N";
915 conn_t *conn;
916 int32_t id;
917
918 if(ctlb != NULL)
919 {
920 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
921 id = buf_to_int32(&ctlb->buf[1]);
922
923 if(id >= 0)
924 conn_add_id_hash(conn, id);
925 close_conn(conn, WAIT_PLAIN, "libratbox reports no SSL/TLS support");
926 }
927 mod_cmd_write_queue(ctl, nossl_cmd, strlen(nossl_cmd));
928 }
929
930 static void
931 send_i_am_useless(mod_ctl_t * ctl)
932 {
933 static const char *useless = "U";
934 mod_cmd_write_queue(ctl, useless, strlen(useless));
935 }
936
937 static void
938 send_nozlib_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
939 {
940 static const char *nozlib_cmd = "z";
941 conn_t *conn;
942 int32_t id;
943 if(ctlb != NULL)
944 {
945 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
946 id = buf_to_int32(&ctlb->buf[1]);
947
948 if(id >= 0)
949 conn_add_id_hash(conn, id);
950 close_conn(conn, WAIT_PLAIN, "libratbox reports no zlib support");
951 }
952 mod_cmd_write_queue(ctl, nozlib_cmd, strlen(nozlib_cmd));
953 }
954
955 static void
956 mod_process_cmd_recv(mod_ctl_t * ctl)
957 {
958 rb_dlink_node *ptr, *next;
959 mod_ctl_buf_t *ctl_buf;
960
961 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->readq.head)
962 {
963 ctl_buf = ptr->data;
964
965 switch (*ctl_buf->buf)
966 {
967 case 'A':
968 {
969 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
970 {
971 cleanup_bad_message(ctl, ctl_buf);
972 break;
973 }
974
975 if(!ssl_ok)
976 {
977 send_nossl_support(ctl, ctl_buf);
978 break;
979 }
980 ssl_process_accept(ctl, ctl_buf);
981 break;
982 }
983 case 'C':
984 {
985 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
986 {
987 cleanup_bad_message(ctl, ctl_buf);
988 break;
989 }
990
991 if(!ssl_ok)
992 {
993 send_nossl_support(ctl, ctl_buf);
994 break;
995 }
996 ssl_process_connect(ctl, ctl_buf);
997 break;
998 }
999
1000 case 'K':
1001 {
1002 if(!ssl_ok)
1003 {
1004 send_nossl_support(ctl, ctl_buf);
1005 break;
1006 }
1007 ssl_new_keys(ctl, ctl_buf);
1008 break;
1009 }
1010 case 'I':
1011 init_prng(ctl, ctl_buf);
1012 break;
1013 case 'S':
1014 {
1015 process_stats(ctl, ctl_buf);
1016 break;
1017 }
1018 case 'Y':
1019 {
1020 change_connid(ctl, ctl_buf);
1021 break;
1022 }
1023
1024 #ifdef HAVE_LIBZ
1025 case 'Z':
1026 {
1027 if (ctl_buf->nfds != 2 || ctl_buf->buflen < 6)
1028 {
1029 cleanup_bad_message(ctl, ctl_buf);
1030 break;
1031 }
1032
1033 /* just zlib only */
1034 zlib_process(ctl, ctl_buf);
1035 break;
1036 }
1037 #else
1038
1039 case 'Z':
1040 send_nozlib_support(ctl, ctl_buf);
1041 break;
1042
1043 #endif
1044 default:
1045 break;
1046 /* Log unknown commands */
1047 }
1048 rb_dlinkDelete(ptr, &ctl->readq);
1049 rb_free(ctl_buf->buf);
1050 rb_free(ctl_buf);
1051 }
1052
1053 }
1054
1055
1056
1057 static void
1058 mod_read_ctl(rb_fde_t *F, void *data)
1059 {
1060 mod_ctl_buf_t *ctl_buf;
1061 mod_ctl_t *ctl = data;
1062 int retlen;
1063 int i;
1064
1065 do
1066 {
1067 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
1068 ctl_buf->buf = rb_malloc(READBUF_SIZE);
1069 ctl_buf->buflen = READBUF_SIZE;
1070 retlen = rb_recv_fd_buf(ctl->F, ctl_buf->buf, ctl_buf->buflen, ctl_buf->F,
1071 MAXPASSFD);
1072 if(retlen <= 0)
1073 {
1074 rb_free(ctl_buf->buf);
1075 rb_free(ctl_buf);
1076 }
1077 else
1078 {
1079 ctl_buf->buflen = retlen;
1080 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->readq);
1081 for (i = 0; i < MAXPASSFD && ctl_buf->F[i] != NULL; i++)
1082 ;
1083 ctl_buf->nfds = i;
1084 }
1085 }
1086 while(retlen > 0);
1087
1088 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1089 exit(0);
1090
1091 mod_process_cmd_recv(ctl);
1092 rb_setselect(ctl->F, RB_SELECT_READ, mod_read_ctl, ctl);
1093 }
1094
1095 static void
1096 mod_write_ctl(rb_fde_t *F, void *data)
1097 {
1098 mod_ctl_t *ctl = data;
1099 mod_ctl_buf_t *ctl_buf;
1100 rb_dlink_node *ptr, *next;
1101 int retlen, x;
1102
1103 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->writeq.head)
1104 {
1105 ctl_buf = ptr->data;
1106 retlen = rb_send_fd_buf(ctl->F, ctl_buf->F, ctl_buf->nfds, ctl_buf->buf,
1107 ctl_buf->buflen, ppid);
1108 if(retlen > 0)
1109 {
1110 rb_dlinkDelete(ptr, &ctl->writeq);
1111 for(x = 0; x < ctl_buf->nfds; x++)
1112 rb_close(ctl_buf->F[x]);
1113 rb_free(ctl_buf->buf);
1114 rb_free(ctl_buf);
1115
1116 }
1117 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1118 exit(0);
1119
1120 }
1121 if(rb_dlink_list_length(&ctl->writeq) > 0)
1122 rb_setselect(ctl->F, RB_SELECT_WRITE, mod_write_ctl, ctl);
1123 }
1124
1125
1126 static void
1127 read_pipe_ctl(rb_fde_t *F, void *data)
1128 {
1129 int retlen;
1130 while((retlen = rb_read(F, inbuf, sizeof(inbuf))) > 0)
1131 {
1132 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1133 }
1134 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1135 exit(0);
1136 rb_setselect(F, RB_SELECT_READ, read_pipe_ctl, NULL);
1137
1138 }
1139
1140 int
1141 main(int argc, char **argv)
1142 {
1143 const char *s_ctlfd, *s_pipe, *s_pid;
1144 int ctlfd, pipefd, x, maxfd;
1145 maxfd = maxconn();
1146
1147 s_ctlfd = getenv("CTL_FD");
1148 s_pipe = getenv("CTL_PIPE");
1149 s_pid = getenv("CTL_PPID");
1150
1151 if(s_ctlfd == NULL || s_pipe == NULL || s_pid == NULL)
1152 {
1153 fprintf(stderr,
1154 "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n");
1155 fprintf(stderr,
1156 "You get an Id tag for this: $Id$\n");
1157 fprintf(stderr, "Have a nice life\n");
1158 exit(1);
1159 }
1160
1161 ctlfd = atoi(s_ctlfd);
1162 pipefd = atoi(s_pipe);
1163 ppid = atoi(s_pid);
1164 x = 0;
1165 #ifndef _WIN32
1166 for(x = 0; x < maxfd; x++)
1167 {
1168 if(x != ctlfd && x != pipefd && x > 2)
1169 close(x);
1170 }
1171 x = open("/dev/null", O_RDWR);
1172
1173 if(x >= 0)
1174 {
1175 if(ctlfd != 0 && pipefd != 0)
1176 dup2(x, 0);
1177 if(ctlfd != 1 && pipefd != 1)
1178 dup2(x, 1);
1179 if(ctlfd != 2 && pipefd != 2)
1180 dup2(x, 2);
1181 if(x > 2)
1182 close(x);
1183 }
1184 #endif
1185 setup_signals();
1186 rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096);
1187 rb_init_rawbuffers(1024);
1188 ssl_ok = rb_supports_ssl();
1189 mod_ctl = rb_malloc(sizeof(mod_ctl_t));
1190 mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket");
1191 mod_ctl->F_pipe = rb_open(pipefd, RB_FD_PIPE, "ircd pipe");
1192 rb_set_nb(mod_ctl->F);
1193 rb_set_nb(mod_ctl->F_pipe);
1194 rb_event_addish("clean_dead_conns", clean_dead_conns, NULL, 10);
1195 rb_event_add("check_handshake_flood", check_handshake_flood, NULL, 10);
1196 read_pipe_ctl(mod_ctl->F_pipe, NULL);
1197 mod_read_ctl(mod_ctl->F, mod_ctl);
1198 if(!zlib_ok && !ssl_ok)
1199 {
1200 /* this is really useless... */
1201 send_i_am_useless(mod_ctl);
1202 /* sleep until the ircd kills us */
1203 rb_sleep(2 << 30, 0);
1204 exit(1);
1205 }
1206
1207 if(!zlib_ok)
1208 send_nozlib_support(mod_ctl, NULL);
1209 if(!ssl_ok)
1210 send_nossl_support(mod_ctl, NULL);
1211 rb_lib_loop(0);
1212 return 0;
1213 }
1214
1215
1216 #ifndef _WIN32
1217 static void
1218 dummy_handler(int sig)
1219 {
1220 return;
1221 }
1222 #endif
1223
1224 static void
1225 setup_signals()
1226 {
1227 #ifndef _WIN32
1228 struct sigaction act;
1229
1230 act.sa_flags = 0;
1231 act.sa_handler = SIG_IGN;
1232 sigemptyset(&act.sa_mask);
1233 sigaddset(&act.sa_mask, SIGPIPE);
1234 sigaddset(&act.sa_mask, SIGALRM);
1235 #ifdef SIGTRAP
1236 sigaddset(&act.sa_mask, SIGTRAP);
1237 #endif
1238
1239 #ifdef SIGWINCH
1240 sigaddset(&act.sa_mask, SIGWINCH);
1241 sigaction(SIGWINCH, &act, 0);
1242 #endif
1243 sigaction(SIGPIPE, &act, 0);
1244 #ifdef SIGTRAP
1245 sigaction(SIGTRAP, &act, 0);
1246 #endif
1247
1248 act.sa_handler = dummy_handler;
1249 sigaction(SIGALRM, &act, 0);
1250 #endif
1251 }
Unnamed repository; edit this file 'description' to name the repository.