X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/6f3b64079f6cfa25d3e862994a417a2100be85be..a4d2230fbc3276ed947b801ace231fb54b402ec7:/src/sslproc.c diff --git a/src/sslproc.c b/src/sslproc.c index 73c28b4..178fde3 100644 --- a/src/sslproc.c +++ b/src/sslproc.c @@ -284,12 +284,21 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co for(i = 0; i < count; i++) { ssl_ctl_t *ctl; - rb_socketpair(AF_UNIX, SOCK_DGRAM, 0, &F1, &F2, "SSL/TLS handle passing socket"); + if(rb_socketpair(AF_UNIX, SOCK_DGRAM, 0, &F1, &F2, "SSL/TLS handle passing socket") == -1) + { + ilog(L_MAIN, "Unable to create ssld - rb_socketpair failed: %s", strerror(errno)); + return started; + } + rb_set_buffers(F1, READBUF_SIZE); rb_set_buffers(F2, READBUF_SIZE); rb_snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(F2)); rb_setenv("CTL_FD", fdarg, 1); - rb_pipe(&P1, &P2, "SSL/TLS pipe"); + if(rb_pipe(&P1, &P2, "SSL/TLS pipe") == -1) + { + ilog(L_MAIN, "Unable to create ssld - rb_pipe failed: %s", strerror(errno)); + return started; + } rb_snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(P1)); rb_setenv("CTL_PIPE", fdarg, 1); rb_snprintf(s_pid, sizeof(s_pid), "%d", (int)getpid()); @@ -336,7 +345,7 @@ ssl_process_zipstats(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) struct Client *server; struct ZipStats *zips; int parc; - char *parv[6]; + char *parv[7]; parc = rb_string_to_array(ctl_buf->buf, parv, 6); server = find_server(NULL, parv[1]); if(server == NULL || server->localClient == NULL || !IsCapable(server, CAP_ZIP)) @@ -377,6 +386,14 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) client_p = find_cli_fd_hash(fd); if(client_p == NULL) return; + if(IsAnyServer(client_p) || IsRegistered(client_p)) + { + /* read any last moment ERROR, QUIT or the like -- jilles */ + if (!strcmp(reason, "Remote host closed the connection")) + read_packet(client_p->localClient->F, client_p); + if (IsAnyDead(client_p)) + return; + } if(IsAnyServer(client_p)) { sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) && !IsServer(client_p) ? L_NETWIDE : L_ALL, "ssld error for %s: %s", client_p->name, reason); @@ -385,6 +402,31 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) exit_client(client_p, client_p, &me, reason); } +static void +ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf) +{ + struct Client *client_p; + int32_t fd; + uint8_t *certfp; + char *certfp_string; + int i; + + if(ctl_buf->buflen != 5 + RB_SSL_CERTFP_LEN) + return; /* bogus message..drop it.. XXX should warn here */ + + fd = buf_to_int32(&ctl_buf->buf[1]); + certfp = (uint8_t *)&ctl_buf->buf[5]; + client_p = find_cli_fd_hash(fd); + if(client_p == NULL) + return; + rb_free(client_p->certfp); + certfp_string = rb_malloc(RB_SSL_CERTFP_LEN * 2 + 1); + for(i = 0; i < RB_SSL_CERTFP_LEN; i++) + rb_snprintf(certfp_string + 2 * i, 3, "%02x", + certfp[i]); + client_p->certfp = certfp_string; +} + static void ssl_process_cmd_recv(ssl_ctl_t * ctl) { @@ -405,6 +447,9 @@ ssl_process_cmd_recv(ssl_ctl_t * ctl) case 'D': ssl_process_dead_fd(ctl, ctl_buf); break; + case 'F': + ssl_process_certfp(ctl, ctl_buf); + break; case 'S': ssl_process_zipstats(ctl, ctl_buf); break; @@ -687,6 +732,7 @@ start_zlib_session(void *data) rb_fde_t *F[2]; rb_fde_t *xF1, *xF2; char *buf; + char buf2[9]; void *recvq_start; size_t hdr = (sizeof(uint8_t) * 2) + sizeof(int32_t); @@ -731,7 +777,23 @@ start_zlib_session(void *data) /* Pass the socket to ssld. */ *buf = 'Z'; - rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF1, &xF2, "Initial zlib socketpairs"); + if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF1, &xF2, "Initial zlib socketpairs") == -1) + { + sendto_realops_snomask(SNO_GENERAL, L_ALL, "Error creating zlib socketpair - %s", strerror(errno)); + ilog(L_MAIN, "Error creating zlib socketpairs - %s", strerror(errno)); + exit_client(server, server, server, "Error creating zlib socketpair"); + return; + } + + if(IsSSL(server)) + { + /* tell ssld the new connid for the ssl part*/ + buf2[0] = 'Y'; + int32_to_buf(&buf2[1], rb_get_fd(server->localClient->F)); + int32_to_buf(&buf2[5], rb_get_fd(xF2)); + ssl_cmd_write_queue(server->localClient->ssl_ctl, NULL, 0, buf2, sizeof(buf2)); + } + F[0] = server->localClient->F; F[1] = xF1;