X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/9bf8f69cc6440d53f4a980b782b4d0229d1de020..a4d2230fbc3276ed947b801ace231fb54b402ec7:/src/sslproc.c

diff --git a/src/sslproc.c b/src/sslproc.c
index 4789e86..178fde3 100644
--- a/src/sslproc.c
+++ b/src/sslproc.c
@@ -284,12 +284,21 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co
 	for(i = 0; i < count; i++)
 	{
 		ssl_ctl_t *ctl;
-		rb_socketpair(AF_UNIX, SOCK_DGRAM, 0, &F1, &F2, "SSL/TLS handle passing socket");
+		if(rb_socketpair(AF_UNIX, SOCK_DGRAM, 0, &F1, &F2, "SSL/TLS handle passing socket") == -1)
+		{
+			ilog(L_MAIN, "Unable to create ssld - rb_socketpair failed: %s", strerror(errno));
+			return started;
+		}
+		
 		rb_set_buffers(F1, READBUF_SIZE);
 		rb_set_buffers(F2, READBUF_SIZE);
 		rb_snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(F2));
 		rb_setenv("CTL_FD", fdarg, 1);
-		rb_pipe(&P1, &P2, "SSL/TLS pipe");
+		if(rb_pipe(&P1, &P2, "SSL/TLS pipe") == -1)
+		{
+			ilog(L_MAIN, "Unable to create ssld - rb_pipe failed: %s", strerror(errno));
+			return started;
+		}
 		rb_snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(P1));
 		rb_setenv("CTL_PIPE", fdarg, 1);
 		rb_snprintf(s_pid, sizeof(s_pid), "%d", (int)getpid());
@@ -393,6 +402,31 @@ ssl_process_dead_fd(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
 	exit_client(client_p, client_p, &me, reason);
 }
 
+static void
+ssl_process_certfp(ssl_ctl_t * ctl, ssl_ctl_buf_t * ctl_buf)
+{
+	struct Client *client_p;
+	int32_t fd;
+	uint8_t *certfp;
+	char *certfp_string;
+	int i;
+
+	if(ctl_buf->buflen != 5 + RB_SSL_CERTFP_LEN)
+		return;		/* bogus message..drop it.. XXX should warn here */
+
+	fd = buf_to_int32(&ctl_buf->buf[1]);
+	certfp = (uint8_t *)&ctl_buf->buf[5];
+	client_p = find_cli_fd_hash(fd);
+	if(client_p == NULL)
+		return;
+	rb_free(client_p->certfp);
+	certfp_string = rb_malloc(RB_SSL_CERTFP_LEN * 2 + 1);
+	for(i = 0; i < RB_SSL_CERTFP_LEN; i++)
+		rb_snprintf(certfp_string + 2 * i, 3, "%02x",
+				certfp[i]);
+	client_p->certfp = certfp_string;
+}
+
 static void
 ssl_process_cmd_recv(ssl_ctl_t * ctl)
 {
@@ -413,6 +447,9 @@ ssl_process_cmd_recv(ssl_ctl_t * ctl)
 		case 'D':
 			ssl_process_dead_fd(ctl, ctl_buf);
 			break;
+		case 'F':
+			ssl_process_certfp(ctl, ctl_buf);
+			break;
 		case 'S':
 			ssl_process_zipstats(ctl, ctl_buf);
 			break;
@@ -740,8 +777,14 @@ start_zlib_session(void *data)
 
 	/* Pass the socket to ssld. */
 	*buf = 'Z';
-	rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF1, &xF2, "Initial zlib socketpairs");
-
+	if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF1, &xF2, "Initial zlib socketpairs") == -1)
+	{
+		sendto_realops_snomask(SNO_GENERAL, L_ALL, "Error creating zlib socketpair - %s", strerror(errno));
+		ilog(L_MAIN, "Error creating zlib socketpairs - %s", strerror(errno));
+		exit_client(server, server, server, "Error creating zlib socketpair");
+		return;
+	}
+	
 	if(IsSSL(server))
 	{
 		/* tell ssld the new connid for the ssl part*/