]> jfr.im git - solanum.git/blame - ssld/ssld.c
projects / solanum.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Automated merge with ssh://hg.atheme.org//hg/charybdis
[solanum.git] / ssld / ssld.c
CommitLineData
8d99443b
VY		 1/*
2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 *
3202e249 21 * $Id$
8d99443b
VY		 22 */
23
24
25#include "stdinc.h"
26
27#ifdef HAVE_LIBZ
28#include <zlib.h>
29#endif
30
31#define MAXPASSFD 4
32#ifndef READBUF_SIZE
33#define READBUF_SIZE 16384
34#endif
35
36static void setup_signals(void);
3202e249 37static pid_t ppid;
8d99443b 38
3202e249
VY		 39static inline int32_t
40buf_to_int32(char *buf)
8d99443b 41{
7edb4f16 42 int32_t x;
4b6a4d47 43 memcpy(&x, buf, sizeof(x));
8d99443b
VY		 44 return x;
45}
46
3202e249
VY		 47static inline void
48int32_to_buf(char *buf, int32_t x)
8d99443b 49{
4b6a4d47 50 memcpy(buf, &x, sizeof(x));
8d99443b
VY		 51 return;
52}
53
3202e249
VY		 54static inline uint16_t
55buf_to_uint16(char *buf)
8d99443b 56{
7edb4f16 57 uint16_t x;
4b6a4d47 58 memcpy(&x, buf, sizeof(x));
8d99443b
VY		 59 return x;
60}
61
3202e249
VY		 62static inline void
63uint16_to_buf(char *buf, uint16_t x)
8d99443b 64{
4b6a4d47 65 memcpy(buf, &x, sizeof(x));
8d99443b
VY		 66 return;
67}
3202e249 68
8d99443b 69
8d99443b 70static char inbuf[READBUF_SIZE];
4b6a4d47 71#ifdef HAVE_LIBZ
8d99443b 72static char outbuf[READBUF_SIZE];
4b6a4d47 73#endif
8d99443b
VY		 74
75typedef struct _mod_ctl_buf
76{
77 rb_dlink_node node;
78 char *buf;
79 size_t buflen;
80 rb_fde_t *F[MAXPASSFD];
81 int nfds;
82} mod_ctl_buf_t;
83
84typedef struct _mod_ctl
85{
86 rb_dlink_node node;
87 int cli_count;
88 rb_fde_t *F;
89 rb_fde_t *F_pipe;
90 rb_dlink_list readq;
91 rb_dlink_list writeq;
92} mod_ctl_t;
93
94static mod_ctl_t *mod_ctl;
95
96
97#ifdef HAVE_LIBZ
98typedef struct _zlib_stream
99{
100 z_stream instream;
101 z_stream outstream;
102} zlib_stream_t;
103#endif
104
105typedef struct _conn
106{
107 rb_dlink_node node;
108 mod_ctl_t *ctl;
109 rawbuf_head_t *modbuf_out;
110 rawbuf_head_t *plainbuf_out;
111
7edb4f16 112 int32_t id;
8d99443b
VY		 113
114 rb_fde_t *mod_fd;
115 rb_fde_t *plain_fd;
116 unsigned long long mod_out;
117 unsigned long long mod_in;
118 unsigned long long plain_in;
119 unsigned long long plain_out;
7edb4f16 120 uint8_t flags;
8d99443b
VY		 121 void *stream;
122} conn_t;
123
124#define FLAG_SSL 0x01
125#define FLAG_ZIP 0x02
126#define FLAG_CORK 0x04
127#define FLAG_DEAD 0x08
3202e249
VY		 128#define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
129#define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
07c2bb75 130#define FLAG_ZIPSSL 0x40
8d99443b
VY		 131
132#define IsSSL(x) ((x)->flags & FLAG_SSL)
133#define IsZip(x) ((x)->flags & FLAG_ZIP)
134#define IsCork(x) ((x)->flags & FLAG_CORK)
135#define IsDead(x) ((x)->flags & FLAG_DEAD)
73d6283c
VY		 136#define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
137#define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
07c2bb75 138#define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
8d99443b
VY		 139
140#define SetSSL(x) ((x)->flags |= FLAG_SSL)
141#define SetZip(x) ((x)->flags |= FLAG_ZIP)
142#define SetCork(x) ((x)->flags |= FLAG_CORK)
143#define SetDead(x) ((x)->flags |= FLAG_DEAD)
73d6283c
VY		 144#define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
145#define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
07c2bb75 146#define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
8d99443b
VY		 147
148#define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
149#define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
150#define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
151#define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
73d6283c
VY		 152#define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
153#define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
07c2bb75 154#define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
8d99443b
VY		 155
156#define NO_WAIT 0x0
157#define WAIT_PLAIN 0x1
158
4b6a4d47
VY		 159#define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
160#define HASH_WALK_END }
8d99443b
VY		 161#define CONN_HASH_SIZE 2000
162#define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
163
4b6a4d47
VY		 164
165
8d99443b
VY		 166static rb_dlink_list connid_hash_table[CONN_HASH_SIZE];
167static rb_dlink_list dead_list;
168
3202e249 169static void conn_mod_read_cb(rb_fde_t *fd, void *data);
8d99443b
VY		 170static void conn_mod_write_sendq(rb_fde_t *, void *data);
171static void conn_plain_write_sendq(rb_fde_t *, void *data);
172static void mod_write_ctl(rb_fde_t *, void *data);
3202e249 173static void conn_plain_read_cb(rb_fde_t *fd, void *data);
e99f6122 174static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data);
3202e249 175static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len);
8d99443b
VY		 176static const char *remote_closed = "Remote host closed the connection";
177static int ssl_ok;
178#ifdef HAVE_LIBZ
179static int zlib_ok = 1;
180#else
181static int zlib_ok = 0;
182#endif
4b6a4d47
VY		 183
184
185#ifdef HAVE_LIBZ
8d99443b
VY		 186static void *
187ssld_alloc(void *unused, size_t count, size_t size)
188{
189 return rb_malloc(count * size);
190}
191
192static void
193ssld_free(void *unused, void *ptr)
194{
3202e249 195 rb_free(ptr);
8d99443b 196}
4b6a4d47 197#endif
8d99443b
VY		 198
199static conn_t *
7edb4f16 200conn_find_by_id(int32_t id)
8d99443b
VY		 201{
202 rb_dlink_node *ptr;
203 conn_t *conn;
204
205 RB_DLINK_FOREACH(ptr, (connid_hash(id))->head)
206 {
207 conn = ptr->data;
208 if(conn->id == id && !IsDead(conn))
209 return conn;
210 }
211 return NULL;
212}
213
214static void
7edb4f16 215conn_add_id_hash(conn_t * conn, int32_t id)
8d99443b
VY		 216{
217 conn->id = id;
218 rb_dlinkAdd(conn, &conn->node, connid_hash(id));
219}
220
221static void
222free_conn(conn_t * conn)
223{
224 rb_free_rawbuffer(conn->modbuf_out);
225 rb_free_rawbuffer(conn->plainbuf_out);
4b6a4d47 226#ifdef HAVE_LIBZ
8d99443b
VY		 227 if(IsZip(conn))
228 {
229 zlib_stream_t *stream = conn->stream;
230 inflateEnd(&stream->instream);
3202e249 231 deflateEnd(&stream->outstream);
8d99443b 232 }
4b6a4d47 233#endif
8d99443b
VY		 234 rb_free(conn);
235}
236
237static void
238clean_dead_conns(void *unused)
239{
240 conn_t *conn;
241 rb_dlink_node *ptr, *next;
242 RB_DLINK_FOREACH_SAFE(ptr, next, dead_list.head)
243 {
244 conn = ptr->data;
245 free_conn(conn);
246 }
247 dead_list.tail = dead_list.head = NULL;
248}
249
250
251static void
252close_conn(conn_t * conn, int wait_plain, const char *fmt, ...)
253{
254 va_list ap;
3202e249 255 char reason[128]; /* must always be under 250 bytes */
8d99443b
VY		 256 char buf[256];
257 int len;
258 if(IsDead(conn))
259 return;
3202e249 260
8d99443b
VY		 261 rb_rawbuf_flush(conn->modbuf_out, conn->mod_fd);
262 rb_rawbuf_flush(conn->plainbuf_out, conn->plain_fd);
263 rb_close(conn->mod_fd);
264 SetDead(conn);
265
e99f6122
JT		 266 if(conn->id >= 0 && !IsZipSSL(conn))
267 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
268
8d99443b
VY		 269 if(!wait_plain || fmt == NULL)
270 {
271 rb_close(conn->plain_fd);
8d99443b
VY		 272 rb_dlinkAdd(conn, &conn->node, &dead_list);
273 return;
274 }
e99f6122
JT		 275 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
276 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
8d99443b
VY		 277 va_start(ap, fmt);
278 rb_vsnprintf(reason, sizeof(reason), fmt, ap);
279 va_end(ap);
280
281 buf[0] = 'D';
282 int32_to_buf(&buf[1], conn->id);
283 strcpy(&buf[5], reason);
284 len = (strlen(reason) + 1) + 5;
285 mod_cmd_write_queue(conn->ctl, buf, len);
286}
287
288static conn_t *
3202e249 289make_conn(mod_ctl_t * ctl, rb_fde_t *mod_fd, rb_fde_t *plain_fd)
8d99443b
VY		 290{
291 conn_t *conn = rb_malloc(sizeof(conn_t));
292 conn->ctl = ctl;
293 conn->modbuf_out = rb_new_rawbuffer();
294 conn->plainbuf_out = rb_new_rawbuffer();
295 conn->mod_fd = mod_fd;
296 conn->plain_fd = plain_fd;
297 conn->id = -1;
298 conn->stream = NULL;
299 rb_set_nb(mod_fd);
300 rb_set_nb(plain_fd);
301 return conn;
302}
303
4b6a4d47
VY		 304static void
305check_handshake_flood(void *unused)
306{
307 conn_t *conn;
308 rb_dlink_node *ptr, *next;
309 unsigned int count;
310 int i;
311 HASH_WALK_SAFE(i, CONN_HASH_SIZE, ptr, next, connid_hash_table)
312 {
313 conn = ptr->data;
314 if(!IsSSL(conn))
315 continue;
3202e249 316
4b6a4d47
VY		 317 count = rb_ssl_handshake_count(conn->mod_fd);
318 /* nothing needs to do this more than twice in ten seconds i don't think */
319 if(count > 2)
320 close_conn(conn, WAIT_PLAIN, "Handshake flooding");
321 else
322 rb_ssl_clear_handshake_count(conn->mod_fd);
3202e249
VY		 323 }
324HASH_WALK_END}
4b6a4d47 325
8d99443b 326static void
3202e249 327conn_mod_write_sendq(rb_fde_t *fd, void *data)
8d99443b
VY		 328{
329 conn_t *conn = data;
330 const char *err;
331 int retlen;
332 if(IsDead(conn))
333 return;
334
73d6283c
VY		 335 if(IsSSLWWantsR(conn))
336 {
337 ClearSSLWWantsR(conn);
338 conn_mod_read_cb(conn->mod_fd, conn);
339 if(IsDead(conn))
340 return;
341 }
342
3202e249 343 while((retlen = rb_rawbuf_flush(conn->modbuf_out, fd)) > 0)
8d99443b
VY		 344 conn->mod_out += retlen;
345
346 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
347 {
348 if(retlen == 0)
349 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
350 if(IsSSL(conn) && retlen == RB_RW_SSL_ERROR)
351 err = rb_get_ssl_strerror(conn->mod_fd);
352 else
353 err = strerror(errno);
354 close_conn(conn, WAIT_PLAIN, "Write error: %s", err);
355 return;
356 }
357 if(rb_rawbuf_length(conn->modbuf_out) > 0)
358 {
73d6283c
VY		 359 if(retlen != RB_RW_SSL_NEED_READ)
360 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_write_sendq, conn);
361 else
362 {
363 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_write_sendq, conn);
364 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
365 SetSSLWWantsR(conn);
366 }
8d99443b
VY		 367 }
368 else
369 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
370
371 if(IsCork(conn) && rb_rawbuf_length(conn->modbuf_out) == 0)
372 {
373 ClearCork(conn);
374 conn_plain_read_cb(conn->plain_fd, conn);
375 }
376
377}
378
379static void
380conn_mod_write(conn_t * conn, void *data, size_t len)
381{
382 if(IsDead(conn)) /* no point in queueing to a dead man */
383 return;
384 rb_rawbuf_append(conn->modbuf_out, data, len);
385}
386
387static void
388conn_plain_write(conn_t * conn, void *data, size_t len)
389{
390 if(IsDead(conn)) /* again no point in queueing to dead men */
391 return;
392 rb_rawbuf_append(conn->plainbuf_out, data, len);
393}
394
395static void
396mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len)
397{
398 mod_ctl_buf_t *ctl_buf;
399 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
400 ctl_buf->buf = rb_malloc(len);
401 ctl_buf->buflen = len;
402 memcpy(ctl_buf->buf, data, len);
403 ctl_buf->nfds = 0;
404 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->writeq);
405 mod_write_ctl(ctl->F, ctl);
406}
407
408#ifdef HAVE_LIBZ
409static void
410common_zlib_deflate(conn_t * conn, void *buf, size_t len)
411{
412 int ret, have;
3202e249 413 z_stream *outstream = &((zlib_stream_t *) conn->stream)->outstream;
8d99443b
VY		 414 outstream->next_in = buf;
415 outstream->avail_in = len;
416 outstream->next_out = (Bytef *) outbuf;
417 outstream->avail_out = sizeof(outbuf);
418
419 ret = deflate(outstream, Z_SYNC_FLUSH);
420 if(ret != Z_OK)
421 {
422 /* deflate error */
423 close_conn(conn, WAIT_PLAIN, "Deflate failed: %s", zError(ret));
424 return;
425 }
426 if(outstream->avail_out == 0)
427 {
428 /* avail_out empty */
429 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_out == 0");
430 return;
431 }
432 if(outstream->avail_in != 0)
433 {
3202e249 434 /* avail_in isn't empty... */
8d99443b
VY		 435 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_in != 0");
436 return;
437 }
438 have = sizeof(outbuf) - outstream->avail_out;
439 conn_mod_write(conn, outbuf, have);
440}
441
442static void
443common_zlib_inflate(conn_t * conn, void *buf, size_t len)
444{
3202e249
VY		 445 int ret, have = 0;
446 ((zlib_stream_t *) conn->stream)->instream.next_in = buf;
447 ((zlib_stream_t *) conn->stream)->instream.avail_in = len;
448 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
449 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
8d99443b 450
3202e249 451 while(((zlib_stream_t *) conn->stream)->instream.avail_in)
8d99443b 452 {
3202e249 453 ret = inflate(&((zlib_stream_t *) conn->stream)->instream, Z_NO_FLUSH);
8d99443b
VY		 454 if(ret != Z_OK)
455 {
456 if(!strncmp("ERROR ", buf, 6))
457 {
458 close_conn(conn, WAIT_PLAIN, "Received uncompressed ERROR");
459 return;
460 }
461 close_conn(conn, WAIT_PLAIN, "Inflate failed: %s", zError(ret));
462 return;
463 }
3202e249 464 have = sizeof(outbuf) - ((zlib_stream_t *) conn->stream)->instream.avail_out;
8d99443b 465
3202e249 466 if(((zlib_stream_t *) conn->stream)->instream.avail_in)
8d99443b
VY		 467 {
468 conn_plain_write(conn, outbuf, have);
469 have = 0;
3202e249
VY		 470 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
471 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
8d99443b
VY		 472 }
473 }
474 if(have == 0)
475 return;
476
477 conn_plain_write(conn, outbuf, have);
478}
479#endif
480
481static int
482plain_check_cork(conn_t * conn)
483{
484 if(rb_rawbuf_length(conn->modbuf_out) >= 4096)
485 {
486 /* if we have over 4k pending outbound, don't read until
487 * we've cleared the queue */
488 SetCork(conn);
489 rb_setselect(conn->plain_fd, RB_SELECT_READ, NULL, NULL);
490 /* try to write */
491 conn_mod_write_sendq(conn->mod_fd, conn);
492 return 1;
493 }
494 return 0;
495}
496
497
498static void
3202e249 499conn_plain_read_cb(rb_fde_t *fd, void *data)
8d99443b
VY		 500{
501 conn_t *conn = data;
502 int length = 0;
503 if(conn == NULL)
504 return;
505
506 if(IsDead(conn))
507 return;
508
509 if(plain_check_cork(conn))
510 return;
511
3202e249 512 while(1)
8d99443b
VY		 513 {
514 if(IsDead(conn))
515 return;
516
517 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
518
519 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
520 {
521 close_conn(conn, NO_WAIT, NULL);
522 return;
523 }
524
525 if(length < 0)
526 {
527 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_cb, conn);
528 conn_mod_write_sendq(conn->mod_fd, conn);
529 return;
530 }
531 conn->plain_in += length;
532
533#ifdef HAVE_LIBZ
534 if(IsZip(conn))
535 common_zlib_deflate(conn, inbuf, length);
536 else
537#endif
538 conn_mod_write(conn, inbuf, length);
539 if(IsDead(conn))
540 return;
541 if(plain_check_cork(conn))
542 return;
543 }
544}
545
e99f6122
JT		 546static void
547conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data)
548{
549 conn_t *conn = data;
550 int length = 0;
551
552 if(conn == NULL)
553 return;
554
555 while(1)
556 {
557 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
558
559 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
560 {
561 rb_close(conn->plain_fd);
562 rb_dlinkAdd(conn, &conn->node, &dead_list);
563 return;
564 }
565
566 if(length < 0)
567 {
568 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
569 return;
570 }
571 }
572}
573
8d99443b 574static void
3202e249 575conn_mod_read_cb(rb_fde_t *fd, void *data)
8d99443b
VY		 576{
577 conn_t *conn = data;
578 const char *err = remote_closed;
579 int length;
580 if(conn == NULL)
581 return;
582 if(IsDead(conn))
583 return;
584
73d6283c
VY		 585 if(IsSSLRWantsW(conn))
586 {
587 ClearSSLRWantsW(conn);
588 conn_mod_write_sendq(conn->mod_fd, conn);
589 if(IsDead(conn))
590 return;
591 }
592
3202e249 593 while(1)
8d99443b
VY		 594 {
595 if(IsDead(conn))
596 return;
597
598 length = rb_read(conn->mod_fd, inbuf, sizeof(inbuf));
599
600 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
601 {
3202e249
VY		 602 if(length == 0)
603 {
8d99443b
VY		 604 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
605 return;
606 }
607
608 if(IsSSL(conn) && length == RB_RW_SSL_ERROR)
609 err = rb_get_ssl_strerror(conn->mod_fd);
610 else
611 err = strerror(errno);
612 close_conn(conn, WAIT_PLAIN, "Read error: %s", err);
613 return;
614 }
615 if(length < 0)
616 {
73d6283c
VY		 617 if(length != RB_RW_SSL_NEED_WRITE)
618 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_read_cb, conn);
619 else
620 {
621 rb_setselect(conn->mod_fd, RB_SELECT_READ, NULL, NULL);
622 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_read_cb, conn);
623 SetSSLRWantsW(conn);
624 }
8d99443b
VY		 625 conn_plain_write_sendq(conn->plain_fd, conn);
626 return;
3202e249 627 }
8d99443b
VY		 628 conn->mod_in += length;
629#ifdef HAVE_LIBZ
630 if(IsZip(conn))
631 common_zlib_inflate(conn, inbuf, length);
632 else
633#endif
634 conn_plain_write(conn, inbuf, length);
635 }
636}
637
638static void
3202e249 639conn_plain_write_sendq(rb_fde_t *fd, void *data)
8d99443b
VY		 640{
641 conn_t *conn = data;
642 int retlen;
643
644 if(IsDead(conn))
645 return;
646
3202e249 647 while((retlen = rb_rawbuf_flush(conn->plainbuf_out, fd)) > 0)
8d99443b
VY		 648 {
649 conn->plain_out += retlen;
650 }
651 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
652 {
653 close_conn(data, NO_WAIT, NULL);
654 return;
655 }
3202e249 656
8d99443b
VY		 657
658 if(rb_rawbuf_length(conn->plainbuf_out) > 0)
659 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, conn_plain_write_sendq, conn);
660 else
661 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
662}
663
664static int
665maxconn(void)
666{
667#if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
668 struct rlimit limit;
669
670 if(!getrlimit(RLIMIT_NOFILE, &limit))
671 {
672 return limit.rlim_cur;
673 }
674#endif /* RLIMIT_FD_MAX */
675 return MAXCONNECTIONS;
676}
677
678static void
3202e249 679ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
8d99443b
VY		 680{
681 conn_t *conn = data;
682 if(status == RB_OK)
683 {
684 conn_mod_read_cb(conn->mod_fd, conn);
685 conn_plain_read_cb(conn->plain_fd, conn);
686 return;
687 }
a444bb78 688 /* ircd doesn't care about the reason for this */
8d99443b
VY		 689 close_conn(conn, NO_WAIT, 0);
690 return;
691}
692
693static void
3202e249 694ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
8d99443b
VY		 695{
696 conn_t *conn = data;
697 if(status == RB_OK)
698 {
699 conn_mod_read_cb(conn->mod_fd, conn);
700 conn_plain_read_cb(conn->plain_fd, conn);
8d99443b 701 }
a444bb78
JT		 702 else if(status == RB_ERR_TIMEOUT)
703 close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
704 else if(status == RB_ERROR_SSL)
705 close_conn(conn, WAIT_PLAIN, "%s", rb_get_ssl_strerror(conn->mod_fd));
706 else
707 close_conn(conn, WAIT_PLAIN, "SSL handshake failed");
8d99443b
VY		 708}
709
710
c03677e9
JT		 711static void
712cleanup_bad_message(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
713{
714 int i;
715
716 /* XXX should log this somehow */
717 for (i = 0; i < ctlb->nfds; i++)
718 rb_close(ctlb->F[i]);
719}
720
8d99443b
VY		 721static void
722ssl_process_accept(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
723{
724 conn_t *conn;
7edb4f16 725 int32_t id;
8d99443b
VY		 726
727 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
728
729 id = buf_to_int32(&ctlb->buf[1]);
730
731 if(id >= 0)
732 conn_add_id_hash(conn, id);
733 SetSSL(conn);
734
735 if(rb_get_type(conn->mod_fd) & RB_FD_UNKNOWN)
736 {
3202e249 737
8d99443b
VY		 738 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
739 }
740 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
741 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
742
743 rb_ssl_start_accepted(ctlb->F[0], ssl_process_accept_cb, conn, 10);
744}
745
746static void
747ssl_process_connect(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
748{
749 conn_t *conn;
7edb4f16 750 int32_t id;
8d99443b
VY		 751 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
752
753 id = buf_to_int32(&ctlb->buf[1]);
754
755 if(id >= 0)
756 conn_add_id_hash(conn, id);
757 SetSSL(conn);
758
759 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
760 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
761
762 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
763 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
764
765
766 rb_ssl_start_connected(ctlb->F[0], ssl_process_connect_cb, conn, 10);
767}
768
769static void
770process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
771{
772 char outstat[512];
773 conn_t *conn;
774 const char *odata;
7edb4f16 775 int32_t id;
8d99443b
VY		 776
777 id = buf_to_int32(&ctlb->buf[1]);
778
779 if(id < 0)
780 return;
3202e249 781
8d99443b
VY		 782 odata = &ctlb->buf[5];
783 conn = conn_find_by_id(id);
784
785 if(conn == NULL)
786 return;
787
788 rb_snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata,
789 conn->plain_out, conn->mod_in, conn->plain_in, conn->mod_out);
790 conn->plain_out = 0;
791 conn->plain_in = 0;
792 conn->mod_in = 0;
793 conn->mod_out = 0;
794 mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */
795}
796
07c2bb75
JT		 797static void
798change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
799{
800 int32_t id = buf_to_int32(&ctlb->buf[1]);
801 int32_t newid = buf_to_int32(&ctlb->buf[5]);
802 conn_t *conn = conn_find_by_id(id);
803 if(conn->id >= 0)
804 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
805 SetZipSSL(conn);
806 conn->id = newid;
807}
808
8d99443b 809#ifdef HAVE_LIBZ
8d99443b
VY		 810static void
811zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
812{
7edb4f16 813 uint8_t level;
8d99443b 814 size_t recvqlen;
7edb4f16 815 size_t hdr = (sizeof(uint8_t) * 2) + sizeof(int32_t);
8d99443b
VY		 816 void *recvq_start;
817 z_stream *instream, *outstream;
818 conn_t *conn;
7edb4f16 819 int32_t id;
8d99443b
VY		 820
821 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
822 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
823 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
824
825 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
826 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
827
828 id = buf_to_int32(&ctlb->buf[1]);
829 conn_add_id_hash(conn, id);
830
3202e249 831 level = (uint8_t)ctlb->buf[5];
8d99443b
VY		 832
833 recvqlen = ctlb->buflen - hdr;
834 recvq_start = &ctlb->buf[6];
835
836 SetZip(conn);
837 conn->stream = rb_malloc(sizeof(zlib_stream_t));
3202e249
VY		 838 instream = &((zlib_stream_t *) conn->stream)->instream;
839 outstream = &((zlib_stream_t *) conn->stream)->outstream;
840
8d99443b
VY		 841 instream->total_in = 0;
842 instream->total_out = 0;
843 instream->zalloc = (alloc_func) ssld_alloc;
844 instream->zfree = (free_func) ssld_free;
845 instream->data_type = Z_ASCII;
3202e249 846 inflateInit(&((zlib_stream_t *) conn->stream)->instream);
8d99443b
VY		 847
848 outstream->total_in = 0;
849 outstream->total_out = 0;
850 outstream->zalloc = (alloc_func) ssld_alloc;
851 outstream->zfree = (free_func) ssld_free;
852 outstream->data_type = Z_ASCII;
853
854 if(level > 9)
855 level = Z_DEFAULT_COMPRESSION;
856
3202e249 857 deflateInit(&((zlib_stream_t *) conn->stream)->outstream, level);
8d99443b
VY		 858 if(recvqlen > 0)
859 common_zlib_inflate(conn, recvq_start, recvqlen);
0bd120ed 860
8d99443b
VY		 861 conn_mod_read_cb(conn->mod_fd, conn);
862 conn_plain_read_cb(conn->plain_fd, conn);
863 return;
864
865}
866#endif
867
868static void
869init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
870{
871 char *path;
872 prng_seed_t seed_type;
3202e249
VY		 873
874 seed_type = (prng_seed_t) ctl_buf->buf[1];
8d99443b
VY		 875 path = &ctl_buf->buf[2];
876 rb_init_prng(path, seed_type);
877}
878
879
880static void
881ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
882{
883 char *buf;
884 char *cert, *key, *dhparam;
885
886 buf = &ctl_buf->buf[2];
887 cert = buf;
888 buf += strlen(cert) + 1;
889 key = buf;
890 buf += strlen(key) + 1;
891 dhparam = buf;
892 if(strlen(dhparam) == 0)
893 dhparam = NULL;
894
895 if(!rb_setup_ssl_server(cert, key, dhparam))
896 {
897 const char *invalid = "I";
898 mod_cmd_write_queue(ctl, invalid, strlen(invalid));
899 return;
3202e249 900 }
8d99443b
VY		 901}
902
903static void
3202e249 904send_nossl_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
8d99443b
VY		 905{
906 static const char *nossl_cmd = "N";
907 conn_t *conn;
7edb4f16 908 int32_t id;
8d99443b
VY		 909
910 if(ctlb != NULL)
3202e249 911 {
8d99443b
VY		 912 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
913 id = buf_to_int32(&ctlb->buf[1]);
914
915 if(id >= 0)
916 conn_add_id_hash(conn, id);
917 close_conn(conn, WAIT_PLAIN, "libratbox reports no SSL/TLS support");
3202e249
VY		 918 }
919 mod_cmd_write_queue(ctl, nossl_cmd, strlen(nossl_cmd));
8d99443b
VY		 920}
921
922static void
3202e249 923send_i_am_useless(mod_ctl_t * ctl)
8d99443b
VY		 924{
925 static const char *useless = "U";
926 mod_cmd_write_queue(ctl, useless, strlen(useless));
927}
928
929static void
3202e249 930send_nozlib_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
8d99443b
VY		 931{
932 static const char *nozlib_cmd = "z";
933 conn_t *conn;
7edb4f16 934 int32_t id;
8d99443b
VY		 935 if(ctlb != NULL)
936 {
937 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
938 id = buf_to_int32(&ctlb->buf[1]);
939
940 if(id >= 0)
941 conn_add_id_hash(conn, id);
942 close_conn(conn, WAIT_PLAIN, "libratbox reports no zlib support");
3202e249 943 }
8d99443b
VY		 944 mod_cmd_write_queue(ctl, nozlib_cmd, strlen(nozlib_cmd));
945}
946
947static void
948mod_process_cmd_recv(mod_ctl_t * ctl)
949{
950 rb_dlink_node *ptr, *next;
951 mod_ctl_buf_t *ctl_buf;
952
953 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->readq.head)
954 {
955 ctl_buf = ptr->data;
956
957 switch (*ctl_buf->buf)
958 {
959 case 'A':
960 {
c03677e9
JT		 961 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
962 {
963 cleanup_bad_message(ctl, ctl_buf);
964 break;
965 }
966
8d99443b
VY		 967 if(!ssl_ok)
968 {
969 send_nossl_support(ctl, ctl_buf);
970 break;
971 }
972 ssl_process_accept(ctl, ctl_buf);
973 break;
974 }
975 case 'C':
976 {
c03677e9
JT		 977 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
978 {
979 cleanup_bad_message(ctl, ctl_buf);
980 break;
981 }
982
8d99443b
VY		 983 if(!ssl_ok)
984 {
985 send_nossl_support(ctl, ctl_buf);
986 break;
987 }
988 ssl_process_connect(ctl, ctl_buf);
989 break;
990 }
991
992 case 'K':
993 {
994 if(!ssl_ok)
995 {
996 send_nossl_support(ctl, ctl_buf);
997 break;
998 }
999 ssl_new_keys(ctl, ctl_buf);
1000 break;
1001 }
1002 case 'I':
3202e249
VY		 1003 init_prng(ctl, ctl_buf);
1004 break;
8d99443b
VY		 1005 case 'S':
1006 {
1007 process_stats(ctl, ctl_buf);
1008 break;
1009 }
07c2bb75
JT		 1010 case 'Y':
1011 {
1012 change_connid(ctl, ctl_buf);
1013 break;
1014 }
1015
8d99443b
VY		 1016#ifdef HAVE_LIBZ
1017 case 'Z':
1018 {
c03677e9
JT		 1019 if (ctl_buf->nfds != 2 || ctl_buf->buflen < 6)
1020 {
1021 cleanup_bad_message(ctl, ctl_buf);
1022 break;
1023 }
1024
8d99443b
VY		 1025 /* just zlib only */
1026 zlib_process(ctl, ctl_buf);
1027 break;
1028 }
1029#else
07c2bb75 1030
8d99443b 1031 case 'Z':
21192997 1032 send_nozlib_support(ctl, ctl_buf);
8d99443b 1033 break;
3202e249 1034
8d99443b
VY		 1035#endif
1036 default:
1037 break;
1038 /* Log unknown commands */
1039 }
1040 rb_dlinkDelete(ptr, &ctl->readq);
1041 rb_free(ctl_buf->buf);
1042 rb_free(ctl_buf);
1043 }
1044
1045}
1046
1047
1048
1049static void
3202e249 1050mod_read_ctl(rb_fde_t *F, void *data)
8d99443b
VY		 1051{
1052 mod_ctl_buf_t *ctl_buf;
1053 mod_ctl_t *ctl = data;
1054 int retlen;
c03677e9 1055 int i;
8d99443b
VY		 1056
1057 do
1058 {
1059 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
1060 ctl_buf->buf = rb_malloc(READBUF_SIZE);
1061 ctl_buf->buflen = READBUF_SIZE;
1062 retlen = rb_recv_fd_buf(ctl->F, ctl_buf->buf, ctl_buf->buflen, ctl_buf->F,
1063 MAXPASSFD);
1064 if(retlen <= 0)
1065 {
1066 rb_free(ctl_buf->buf);
1067 rb_free(ctl_buf);
1068 }
1069 else
1070 {
1071 ctl_buf->buflen = retlen;
1072 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->readq);
c03677e9
JT		 1073 for (i = 0; i < MAXPASSFD && ctl_buf->F[i] != NULL; i++)
1074 ;
1075 ctl_buf->nfds = i;
8d99443b
VY		 1076 }
1077 }
3202e249 1078 while(retlen > 0);
8d99443b
VY		 1079
1080 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1081 exit(0);
1082
1083 mod_process_cmd_recv(ctl);
1084 rb_setselect(ctl->F, RB_SELECT_READ, mod_read_ctl, ctl);
1085}
1086
1087static void
3202e249 1088mod_write_ctl(rb_fde_t *F, void *data)
8d99443b
VY		 1089{
1090 mod_ctl_t *ctl = data;
1091 mod_ctl_buf_t *ctl_buf;
1092 rb_dlink_node *ptr, *next;
1093 int retlen, x;
1094
1095 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->writeq.head)
1096 {
1097 ctl_buf = ptr->data;
1098 retlen = rb_send_fd_buf(ctl->F, ctl_buf->F, ctl_buf->nfds, ctl_buf->buf,
3202e249 1099 ctl_buf->buflen, ppid);
8d99443b
VY		 1100 if(retlen > 0)
1101 {
1102 rb_dlinkDelete(ptr, &ctl->writeq);
3202e249 1103 for(x = 0; x < ctl_buf->nfds; x++)
8d99443b
VY		 1104 rb_close(ctl_buf->F[x]);
1105 rb_free(ctl_buf->buf);
1106 rb_free(ctl_buf);
1107
1108 }
1109 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
3202e249
VY		 1110 exit(0);
1111
8d99443b 1112 }
464b7606
JT		 1113 if(rb_dlink_list_length(&ctl->writeq) > 0)
1114 rb_setselect(ctl->F, RB_SELECT_WRITE, mod_write_ctl, ctl);
8d99443b
VY		 1115}
1116
1117
1118static void
3202e249 1119read_pipe_ctl(rb_fde_t *F, void *data)
8d99443b
VY		 1120{
1121 int retlen;
3202e249 1122 while((retlen = rb_read(F, inbuf, sizeof(inbuf))) > 0)
8d99443b
VY		 1123 {
1124 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1125 }
1126 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1127 exit(0);
1128 rb_setselect(F, RB_SELECT_READ, read_pipe_ctl, NULL);
1129
1130}
1131
1132int
1133main(int argc, char **argv)
1134{
3202e249 1135 const char *s_ctlfd, *s_pipe, *s_pid;
8d99443b
VY		 1136 int ctlfd, pipefd, x, maxfd;
1137 maxfd = maxconn();
3202e249 1138
8d99443b
VY		 1139 s_ctlfd = getenv("CTL_FD");
1140 s_pipe = getenv("CTL_PIPE");
3202e249 1141 s_pid = getenv("CTL_PPID");
8d99443b 1142
3202e249 1143 if(s_ctlfd == NULL || s_pipe == NULL || s_pid == NULL)
8d99443b 1144 {
3202e249
VY		 1145 fprintf(stderr,
1146 "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n");
1147 fprintf(stderr,
1148 "You get an Id tag for this: $Id$\n");
8d99443b
VY		 1149 fprintf(stderr, "Have a nice life\n");
1150 exit(1);
1151 }
1152
1153 ctlfd = atoi(s_ctlfd);
1154 pipefd = atoi(s_pipe);
3202e249
VY		 1155 ppid = atoi(s_pid);
1156 x = 0;
1157#ifndef _WIN32
1158 for(x = 0; x < maxfd; x++)
8d99443b
VY		 1159 {
1160 if(x != ctlfd && x != pipefd && x > 2)
1161 close(x);
1162 }
8d99443b 1163 x = open("/dev/null", O_RDWR);
464b7606 1164
8d99443b
VY		 1165 if(x >= 0)
1166 {
1167 if(ctlfd != 0 && pipefd != 0)
1168 dup2(x, 0);
1169 if(ctlfd != 1 && pipefd != 1)
1170 dup2(x, 1);
1171 if(ctlfd != 2 && pipefd != 2)
1172 dup2(x, 2);
1173 if(x > 2)
1174 close(x);
1175 }
3202e249 1176#endif
8d99443b
VY		 1177 setup_signals();
1178 rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096);
1179 rb_init_rawbuffers(1024);
3202e249 1180 ssl_ok = rb_supports_ssl();
8d99443b
VY		 1181 mod_ctl = rb_malloc(sizeof(mod_ctl_t));
1182 mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket");
1183 mod_ctl->F_pipe = rb_open(pipefd, RB_FD_PIPE, "ircd pipe");
1184 rb_set_nb(mod_ctl->F);
1185 rb_set_nb(mod_ctl->F_pipe);
1186 rb_event_addish("clean_dead_conns", clean_dead_conns, NULL, 10);
4b6a4d47 1187 rb_event_add("check_handshake_flood", check_handshake_flood, NULL, 10);
8d99443b
VY		 1188 read_pipe_ctl(mod_ctl->F_pipe, NULL);
1189 mod_read_ctl(mod_ctl->F, mod_ctl);
1190 if(!zlib_ok && !ssl_ok)
1191 {
1192 /* this is really useless... */
1193 send_i_am_useless(mod_ctl);
1194 /* sleep until the ircd kills us */
3202e249 1195 rb_sleep(2 << 30, 0);
8d99443b
VY		 1196 exit(1);
1197 }
1198
1199 if(!zlib_ok)
1200 send_nozlib_support(mod_ctl, NULL);
1201 if(!ssl_ok)
1202 send_nossl_support(mod_ctl, NULL);
1203 rb_lib_loop(0);
1204 return 0;
1205}
1206
1207
3202e249 1208#ifndef _WIN32
8d99443b
VY		 1209static void
1210dummy_handler(int sig)
1211{
1212 return;
1213}
3202e249 1214#endif
8d99443b
VY		 1215
1216static void
1217setup_signals()
1218{
3202e249 1219#ifndef _WIN32
8d99443b
VY		 1220 struct sigaction act;
1221
1222 act.sa_flags = 0;
1223 act.sa_handler = SIG_IGN;
1224 sigemptyset(&act.sa_mask);
1225 sigaddset(&act.sa_mask, SIGPIPE);
1226 sigaddset(&act.sa_mask, SIGALRM);
1227#ifdef SIGTRAP
1228 sigaddset(&act.sa_mask, SIGTRAP);
1229#endif
1230
1231#ifdef SIGWINCH
1232 sigaddset(&act.sa_mask, SIGWINCH);
1233 sigaction(SIGWINCH, &act, 0);
1234#endif
1235 sigaction(SIGPIPE, &act, 0);
1236#ifdef SIGTRAP
1237 sigaction(SIGTRAP, &act, 0);
1238#endif
1239
1240 act.sa_handler = dummy_handler;
1241 sigaction(SIGALRM, &act, 0);
3202e249 1242#endif
8d99443b 1243}
Fork of solanum ircd, history is rebased regularly