X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/1a4058095dfd58dac90114552f03a8f4406bd09c..853058531aa2387ce1e8ab77ec9b416e70c6bffa:/src/sslproc.c diff --git a/src/sslproc.c b/src/sslproc.c index e525af8..178fde3 100644 --- a/src/sslproc.c +++ b/src/sslproc.c @@ -284,12 +284,21 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co for(i = 0; i < count; i++) { ssl_ctl_t *ctl; - rb_socketpair(AF_UNIX, SOCK_DGRAM, 0, &F1, &F2, "SSL/TLS handle passing socket"); + if(rb_socketpair(AF_UNIX, SOCK_DGRAM, 0, &F1, &F2, "SSL/TLS handle passing socket") == -1) + { + ilog(L_MAIN, "Unable to create ssld - rb_socketpair failed: %s", strerror(errno)); + return started; + } + rb_set_buffers(F1, READBUF_SIZE); rb_set_buffers(F2, READBUF_SIZE); rb_snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(F2)); rb_setenv("CTL_FD", fdarg, 1); - rb_pipe(&P1, &P2, "SSL/TLS pipe"); + if(rb_pipe(&P1, &P2, "SSL/TLS pipe") == -1) + { + ilog(L_MAIN, "Unable to create ssld - rb_pipe failed: %s", strerror(errno)); + return started; + } rb_snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(P1)); rb_setenv("CTL_PIPE", fdarg, 1); rb_snprintf(s_pid, sizeof(s_pid), "%d", (int)getpid()); @@ -393,6 +402,31 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) exit_client(client_p, client_p, &me, reason); } +static void +ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) +{ + struct Client *client_p; + int32_t fd; + uint8_t *certfp; + char *certfp_string; + int i; + + if(ctl_buf->buflen != 5 + RB_SSL_CERTFP_LEN) + return; /* bogus message..drop it.. XXX should warn here */ + + fd = buf_to_int32(&ctl_buf->buf[1]); + certfp = (uint8_t *)&ctl_buf->buf[5]; + client_p = find_cli_fd_hash(fd); + if(client_p == NULL) + return; + rb_free(client_p->certfp); + certfp_string = rb_malloc(RB_SSL_CERTFP_LEN * 2 + 1); + for(i = 0; i < RB_SSL_CERTFP_LEN; i++) + rb_snprintf(certfp_string + 2 * i, 3, "%02x", + certfp[i]); + client_p->certfp = certfp_string; +} + static void ssl_process_cmd_recv(ssl_ctl_t * ctl) { @@ -413,6 +447,9 @@ ssl_process_cmd_recv(ssl_ctl_t * ctl) case 'D': ssl_process_dead_fd(ctl, ctl_buf); break; + case 'F': + ssl_process_certfp(ctl, ctl_buf); + break; case 'S': ssl_process_zipstats(ctl, ctl_buf); break; @@ -695,6 +732,7 @@ start_zlib_session(void *data) rb_fde_t *F[2]; rb_fde_t *xF1, *xF2; char *buf; + char buf2[9]; void *recvq_start; size_t hdr = (sizeof(uint8_t) * 2) + sizeof(int32_t); @@ -739,7 +777,23 @@ start_zlib_session(void *data) /* Pass the socket to ssld. */ *buf = 'Z'; - rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF1, &xF2, "Initial zlib socketpairs"); + if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF1, &xF2, "Initial zlib socketpairs") == -1) + { + sendto_realops_snomask(SNO_GENERAL, L_ALL, "Error creating zlib socketpair - %s", strerror(errno)); + ilog(L_MAIN, "Error creating zlib socketpairs - %s", strerror(errno)); + exit_client(server, server, server, "Error creating zlib socketpair"); + return; + } + + if(IsSSL(server)) + { + /* tell ssld the new connid for the ssl part*/ + buf2[0] = 'Y'; + int32_to_buf(&buf2[1], rb_get_fd(server->localClient->F)); + int32_to_buf(&buf2[5], rb_get_fd(xF2)); + ssl_cmd_write_queue(server->localClient->ssl_ctl, NULL, 0, buf2, sizeof(buf2)); + } + F[0] = server->localClient->F; F[1] = xF1;