X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/4e2fdb1f818f0aa2fffe810660f109a508c70f52..dc34aae05e6e299a6c53c60b728d73ecb88b21bf:/src/sslproc.c diff --git a/src/sslproc.c b/src/sslproc.c index 9d2f43f..178fde3 100644 --- a/src/sslproc.c +++ b/src/sslproc.c @@ -284,15 +284,24 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co for(i = 0; i < count; i++) { ssl_ctl_t *ctl; - rb_socketpair(AF_UNIX, SOCK_DGRAM, 0, &F1, &F2, "SSL/TLS handle passing socket"); + if(rb_socketpair(AF_UNIX, SOCK_DGRAM, 0, &F1, &F2, "SSL/TLS handle passing socket") == -1) + { + ilog(L_MAIN, "Unable to create ssld - rb_socketpair failed: %s", strerror(errno)); + return started; + } + rb_set_buffers(F1, READBUF_SIZE); rb_set_buffers(F2, READBUF_SIZE); rb_snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(F2)); rb_setenv("CTL_FD", fdarg, 1); - rb_pipe(&P1, &P2, "SSL/TLS pipe"); + if(rb_pipe(&P1, &P2, "SSL/TLS pipe") == -1) + { + ilog(L_MAIN, "Unable to create ssld - rb_pipe failed: %s", strerror(errno)); + return started; + } rb_snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(P1)); rb_setenv("CTL_PIPE", fdarg, 1); - rb_snprintf(s_pid, sizeof(s_pid), "%d", getpid()); + rb_snprintf(s_pid, sizeof(s_pid), "%d", (int)getpid()); rb_setenv("CTL_PPID", s_pid, 1); #ifdef _WIN32 SetHandleInformation((HANDLE) rb_get_fd(F2), HANDLE_FLAG_INHERIT, 1); @@ -336,7 +345,7 @@ ssl_process_zipstats(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) struct Client *server; struct ZipStats *zips; int parc; - char *parv[6]; + char *parv[7]; parc = rb_string_to_array(ctl_buf->buf, parv, 6); server = find_server(NULL, parv[1]); if(server == NULL || server->localClient == NULL || !IsCapable(server, CAP_ZIP)) @@ -377,6 +386,14 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) client_p = find_cli_fd_hash(fd); if(client_p == NULL) return; + if(IsAnyServer(client_p) || IsRegistered(client_p)) + { + /* read any last moment ERROR, QUIT or the like -- jilles */ + if (!strcmp(reason, "Remote host closed the connection")) + read_packet(client_p->localClient->F, client_p); + if (IsAnyDead(client_p)) + return; + } if(IsAnyServer(client_p)) { sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) && !IsServer(client_p) ? L_NETWIDE : L_ALL, "ssld error for %s: %s", client_p->name, reason); @@ -385,29 +402,31 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) exit_client(client_p, client_p, &me, reason); } - static void -ssl_process_zip_ready(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) +ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) { struct Client *client_p; int32_t fd; + uint8_t *certfp; + char *certfp_string; + int i; - if(ctl_buf->buflen < 5) + if(ctl_buf->buflen != 5 + RB_SSL_CERTFP_LEN) return; /* bogus message..drop it.. XXX should warn here */ fd = buf_to_int32(&ctl_buf->buf[1]); + certfp = (uint8_t *)&ctl_buf->buf[5]; client_p = find_cli_fd_hash(fd); if(client_p == NULL) return; - - /* Now start sending the data that should be compressed. */ - // ClearCork(client_p); - send_pop_queue(client_p); - /* Start reading uncompressed data. */ - read_packet(client_p->localClient->F, client_p); + rb_free(client_p->certfp); + certfp_string = rb_malloc(RB_SSL_CERTFP_LEN * 2 + 1); + for(i = 0; i < RB_SSL_CERTFP_LEN; i++) + rb_snprintf(certfp_string + 2 * i, 3, "%02x", + certfp[i]); + client_p->certfp = certfp_string; } - static void ssl_process_cmd_recv(ssl_ctl_t * ctl) { @@ -428,6 +447,9 @@ ssl_process_cmd_recv(ssl_ctl_t * ctl) case 'D': ssl_process_dead_fd(ctl, ctl_buf); break; + case 'F': + ssl_process_certfp(ctl, ctl_buf); + break; case 'S': ssl_process_zipstats(ctl, ctl_buf); break; @@ -442,9 +464,6 @@ ssl_process_cmd_recv(ssl_ctl_t * ctl) sendto_realops_snomask(SNO_GENERAL, L_ALL, no_ssl_or_zlib); ssl_killall(); break; - case 'R': - ssl_process_zip_ready(ctl, ctl_buf); - break; case 'z': zlib_ok = 0; break; @@ -713,6 +732,7 @@ start_zlib_session(void *data) rb_fde_t *F[2]; rb_fde_t *xF1, *xF2; char *buf; + char buf2[9]; void *recvq_start; size_t hdr = (sizeof(uint8_t) * 2) + sizeof(int32_t); @@ -757,7 +777,23 @@ start_zlib_session(void *data) /* Pass the socket to ssld. */ *buf = 'Z'; - rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF1, &xF2, "Initial zlib socketpairs"); + if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF1, &xF2, "Initial zlib socketpairs") == -1) + { + sendto_realops_snomask(SNO_GENERAL, L_ALL, "Error creating zlib socketpair - %s", strerror(errno)); + ilog(L_MAIN, "Error creating zlib socketpairs - %s", strerror(errno)); + exit_client(server, server, server, "Error creating zlib socketpair"); + return; + } + + if(IsSSL(server)) + { + /* tell ssld the new connid for the ssl part*/ + buf2[0] = 'Y'; + int32_to_buf(&buf2[1], rb_get_fd(server->localClient->F)); + int32_to_buf(&buf2[5], rb_get_fd(xF2)); + ssl_cmd_write_queue(server->localClient->ssl_ctl, NULL, 0, buf2, sizeof(buf2)); + } + F[0] = server->localClient->F; F[1] = xF1; @@ -766,9 +802,10 @@ start_zlib_session(void *data) /* need to redo as what we did before isn't valid now */ int32_to_buf(&buf[1], rb_get_fd(server->localClient->F)); add_to_cli_fd_hash(server); - server->localClient->ssl_ctl = which_ssld(); - server->localClient->ssl_ctl->cli_count++; - ssl_cmd_write_queue(server->localClient->ssl_ctl, F, 2, buf, len); + + server->localClient->z_ctl = which_ssld(); + server->localClient->z_ctl->cli_count++; + ssl_cmd_write_queue(server->localClient->z_ctl, F, 2, buf, len); rb_free(buf); } @@ -796,7 +833,7 @@ collect_zipstats(void *unused) int32_to_buf(&buf[1], rb_get_fd(target_p->localClient->F)); rb_strlcpy(odata, target_p->name, (sizeof(buf) - len)); len += strlen(odata) + 1; /* Get the \0 as well */ - ssl_cmd_write_queue(target_p->localClient->ssl_ctl, NULL, 0, buf, len); + ssl_cmd_write_queue(target_p->localClient->z_ctl, NULL, 0, buf, len); } } }