2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
31 #define READBUF_SIZE 16384
34 static void setup_signals(void);
37 static inline uint32_t
38 buf_to_uint32(uint8_t *buf
)
41 memcpy(&x
, buf
, sizeof(x
));
46 uint32_to_buf(uint8_t *buf
, uint32_t x
)
48 memcpy(buf
, &x
, sizeof(x
));
52 typedef struct _mod_ctl_buf
57 rb_fde_t
*F
[MAXPASSFD
];
61 typedef struct _mod_ctl
71 static mod_ctl_t
*mod_ctl
;
75 typedef struct _zlib_stream
86 rawbuf_head_t
*modbuf_out
;
87 rawbuf_head_t
*plainbuf_out
;
101 #define FLAG_SSL 0x01
102 #define FLAG_ZIP 0x02
103 #define FLAG_CORK 0x04
104 #define FLAG_DEAD 0x08
105 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
106 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
107 #define FLAG_ZIPSSL 0x40
109 #define IsSSL(x) ((x)->flags & FLAG_SSL)
110 #define IsZip(x) ((x)->flags & FLAG_ZIP)
111 #define IsCork(x) ((x)->flags & FLAG_CORK)
112 #define IsDead(x) ((x)->flags & FLAG_DEAD)
113 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
114 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
115 #define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
117 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
118 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
119 #define SetCork(x) ((x)->flags |= FLAG_CORK)
120 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
121 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
122 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
123 #define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
125 #define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
126 #define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
127 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
128 #define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
129 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
130 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
131 #define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
134 #define WAIT_PLAIN 0x1
136 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
137 #define HASH_WALK_END }
138 #define CONN_HASH_SIZE 2000
139 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
143 static rb_dlink_list connid_hash_table
[CONN_HASH_SIZE
];
144 static rb_dlink_list dead_list
;
146 static void conn_mod_read_cb(rb_fde_t
*fd
, void *data
);
147 static void conn_mod_write_sendq(rb_fde_t
*, void *data
);
148 static void conn_plain_write_sendq(rb_fde_t
*, void *data
);
149 static void mod_write_ctl(rb_fde_t
*, void *data
);
150 static void conn_plain_read_cb(rb_fde_t
*fd
, void *data
);
151 static void conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
);
152 static void mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
);
153 static const char *remote_closed
= "Remote host closed the connection";
155 static int certfp_method
= RB_SSL_CERTFP_METH_SHA1
;
157 static bool zlib_ok
= true;
159 static bool zlib_ok
= false;
165 ssld_alloc(void *unused
, size_t count
, size_t size
)
167 return rb_malloc(count
* size
);
171 ssld_free(void *unused
, void *ptr
)
178 conn_find_by_id(uint32_t id
)
183 RB_DLINK_FOREACH(ptr
, (connid_hash(id
))->head
)
186 if(conn
->id
== id
&& !IsDead(conn
))
193 conn_add_id_hash(conn_t
* conn
, uint32_t id
)
196 rb_dlinkAdd(conn
, &conn
->node
, connid_hash(id
));
200 free_conn(conn_t
* conn
)
202 rb_free_rawbuffer(conn
->modbuf_out
);
203 rb_free_rawbuffer(conn
->plainbuf_out
);
207 zlib_stream_t
*stream
= conn
->stream
;
208 inflateEnd(&stream
->instream
);
209 deflateEnd(&stream
->outstream
);
217 clean_dead_conns(void *unused
)
220 rb_dlink_node
*ptr
, *next
;
221 RB_DLINK_FOREACH_SAFE(ptr
, next
, dead_list
.head
)
226 dead_list
.tail
= dead_list
.head
= NULL
;
231 close_conn(conn_t
* conn
, int wait_plain
, const char *fmt
, ...)
234 char reason
[128]; /* must always be under 250 bytes */
240 rb_rawbuf_flush(conn
->modbuf_out
, conn
->mod_fd
);
241 rb_rawbuf_flush(conn
->plainbuf_out
, conn
->plain_fd
);
242 rb_close(conn
->mod_fd
);
246 rb_dlinkDelete(&conn
->node
, connid_hash(conn
->id
));
248 if(!wait_plain
|| fmt
== NULL
)
250 rb_close(conn
->plain_fd
);
251 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
254 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
255 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
257 vsnprintf(reason
, sizeof(reason
), fmt
, ap
);
261 uint32_to_buf(&buf
[1], conn
->id
);
262 rb_strlcpy((char *) &buf
[5], reason
, sizeof(buf
) - 5);
263 len
= (strlen(reason
) + 1) + 5;
264 mod_cmd_write_queue(conn
->ctl
, buf
, len
);
268 make_conn(mod_ctl_t
* ctl
, rb_fde_t
*mod_fd
, rb_fde_t
*plain_fd
)
270 conn_t
*conn
= rb_malloc(sizeof(conn_t
));
272 conn
->modbuf_out
= rb_new_rawbuffer();
273 conn
->plainbuf_out
= rb_new_rawbuffer();
274 conn
->mod_fd
= mod_fd
;
275 conn
->plain_fd
= plain_fd
;
284 check_handshake_flood(void *unused
)
287 rb_dlink_node
*ptr
, *next
;
290 HASH_WALK_SAFE(i
, CONN_HASH_SIZE
, ptr
, next
, connid_hash_table
)
296 count
= rb_ssl_handshake_count(conn
->mod_fd
);
297 /* nothing needs to do this more than twice in ten seconds i don't think */
299 close_conn(conn
, WAIT_PLAIN
, "Handshake flooding");
301 rb_ssl_clear_handshake_count(conn
->mod_fd
);
306 conn_mod_write_sendq(rb_fde_t
*fd
, void *data
)
314 if(IsSSLWWantsR(conn
))
316 ClearSSLWWantsR(conn
);
317 conn_mod_read_cb(conn
->mod_fd
, conn
);
322 while((retlen
= rb_rawbuf_flush(conn
->modbuf_out
, fd
)) > 0)
323 conn
->mod_out
+= retlen
;
325 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
328 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
329 if(IsSSL(conn
) && retlen
== RB_RW_SSL_ERROR
)
330 err
= rb_get_ssl_strerror(conn
->mod_fd
);
332 err
= strerror(errno
);
333 close_conn(conn
, WAIT_PLAIN
, "Write error: %s", err
);
336 if(rb_rawbuf_length(conn
->modbuf_out
) > 0)
338 if(retlen
!= RB_RW_SSL_NEED_READ
)
339 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_write_sendq
, conn
);
342 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_write_sendq
, conn
);
343 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
348 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
350 if(IsCork(conn
) && rb_rawbuf_length(conn
->modbuf_out
) == 0)
353 conn_plain_read_cb(conn
->plain_fd
, conn
);
359 conn_mod_write(conn_t
* conn
, void *data
, size_t len
)
361 if(IsDead(conn
)) /* no point in queueing to a dead man */
363 rb_rawbuf_append(conn
->modbuf_out
, data
, len
);
367 conn_plain_write(conn_t
* conn
, void *data
, size_t len
)
369 if(IsDead(conn
)) /* again no point in queueing to dead men */
371 rb_rawbuf_append(conn
->plainbuf_out
, data
, len
);
375 mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
)
377 mod_ctl_buf_t
*ctl_buf
;
378 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
379 ctl_buf
->buf
= rb_malloc(len
);
380 ctl_buf
->buflen
= len
;
381 memcpy(ctl_buf
->buf
, data
, len
);
383 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->writeq
);
384 mod_write_ctl(ctl
->F
, ctl
);
389 common_zlib_deflate(conn_t
* conn
, void *buf
, size_t len
)
391 char outbuf
[READBUF_SIZE
];
393 z_stream
*outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
394 outstream
->next_in
= buf
;
395 outstream
->avail_in
= len
;
396 outstream
->next_out
= (Bytef
*) outbuf
;
397 outstream
->avail_out
= sizeof(outbuf
);
399 ret
= deflate(outstream
, Z_SYNC_FLUSH
);
403 close_conn(conn
, WAIT_PLAIN
, "Deflate failed: %s", zError(ret
));
406 if(outstream
->avail_out
== 0)
408 /* avail_out empty */
409 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_out == 0");
412 if(outstream
->avail_in
!= 0)
414 /* avail_in isn't empty... */
415 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_in != 0");
418 have
= sizeof(outbuf
) - outstream
->avail_out
;
419 conn_mod_write(conn
, outbuf
, have
);
423 common_zlib_inflate(conn_t
* conn
, void *buf
, size_t len
)
425 char outbuf
[READBUF_SIZE
];
427 ((zlib_stream_t
*) conn
->stream
)->instream
.next_in
= buf
;
428 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
= len
;
429 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
430 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
432 while(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
434 ret
= inflate(&((zlib_stream_t
*) conn
->stream
)->instream
, Z_NO_FLUSH
);
437 if(!strncmp("ERROR ", buf
, 6))
439 close_conn(conn
, WAIT_PLAIN
, "Received uncompressed ERROR");
442 close_conn(conn
, WAIT_PLAIN
, "Inflate failed: %s", zError(ret
));
445 have
= sizeof(outbuf
) - ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
;
447 if(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
449 conn_plain_write(conn
, outbuf
, have
);
451 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
452 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
458 conn_plain_write(conn
, outbuf
, have
);
463 plain_check_cork(conn_t
* conn
)
465 if(rb_rawbuf_length(conn
->modbuf_out
) >= 4096)
467 /* if we have over 4k pending outbound, don't read until
468 * we've cleared the queue */
470 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, NULL
, NULL
);
472 conn_mod_write_sendq(conn
->mod_fd
, conn
);
480 conn_plain_read_cb(rb_fde_t
*fd
, void *data
)
482 char inbuf
[READBUF_SIZE
];
491 if(plain_check_cork(conn
))
499 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
501 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
503 close_conn(conn
, NO_WAIT
, NULL
);
509 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_cb
, conn
);
510 conn_mod_write_sendq(conn
->mod_fd
, conn
);
513 conn
->plain_in
+= length
;
517 common_zlib_deflate(conn
, inbuf
, length
);
520 conn_mod_write(conn
, inbuf
, length
);
523 if(plain_check_cork(conn
))
529 conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
)
531 char inbuf
[READBUF_SIZE
];
540 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
542 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
544 rb_close(conn
->plain_fd
);
545 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
551 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
558 conn_mod_read_cb(rb_fde_t
*fd
, void *data
)
560 char inbuf
[READBUF_SIZE
];
562 const char *err
= remote_closed
;
569 if(IsSSLRWantsW(conn
))
571 ClearSSLRWantsW(conn
);
572 conn_mod_write_sendq(conn
->mod_fd
, conn
);
582 length
= rb_read(conn
->mod_fd
, inbuf
, sizeof(inbuf
));
584 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
588 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
592 if(IsSSL(conn
) && length
== RB_RW_SSL_ERROR
)
593 err
= rb_get_ssl_strerror(conn
->mod_fd
);
595 err
= strerror(errno
);
596 close_conn(conn
, WAIT_PLAIN
, "Read error: %s", err
);
601 if(length
!= RB_RW_SSL_NEED_WRITE
)
602 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_read_cb
, conn
);
605 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, NULL
, NULL
);
606 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_read_cb
, conn
);
609 conn_plain_write_sendq(conn
->plain_fd
, conn
);
612 conn
->mod_in
+= length
;
615 common_zlib_inflate(conn
, inbuf
, length
);
618 conn_plain_write(conn
, inbuf
, length
);
623 conn_plain_write_sendq(rb_fde_t
*fd
, void *data
)
631 while((retlen
= rb_rawbuf_flush(conn
->plainbuf_out
, fd
)) > 0)
633 conn
->plain_out
+= retlen
;
635 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
637 close_conn(data
, NO_WAIT
, NULL
);
642 if(rb_rawbuf_length(conn
->plainbuf_out
) > 0)
643 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, conn_plain_write_sendq
, conn
);
645 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
651 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
654 if(!getrlimit(RLIMIT_NOFILE
, &limit
))
656 return limit
.rlim_cur
;
658 #endif /* RLIMIT_FD_MAX */
659 return MAXCONNECTIONS
;
663 ssl_send_cipher(conn_t
*conn
)
672 p
= rb_ssl_get_cipher(conn
->mod_fd
);
677 rb_strlcpy(cstring
, p
, sizeof(cstring
));
680 uint32_to_buf(&buf
[1], conn
->id
);
681 strcpy((char *) &buf
[5], cstring
);
682 len
= (strlen(cstring
) + 1) + 5;
683 mod_cmd_write_queue(conn
->ctl
, buf
, len
);
687 ssl_send_certfp(conn_t
*conn
)
689 uint8_t buf
[9 + RB_SSL_CERTFP_LEN
];
691 int len
= rb_get_ssl_certfp(conn
->mod_fd
, &buf
[9], certfp_method
);
695 lrb_assert(len
<= RB_SSL_CERTFP_LEN
);
697 uint32_to_buf(&buf
[1], conn
->id
);
698 uint32_to_buf(&buf
[5], len
);
699 mod_cmd_write_queue(conn
->ctl
, buf
, 9 + len
);
703 ssl_process_accept_cb(rb_fde_t
*F
, int status
, struct sockaddr
*addr
, rb_socklen_t len
, void *data
)
709 conn_mod_read_cb(conn
->mod_fd
, conn
);
710 conn_plain_read_cb(conn
->plain_fd
, conn
);
711 ssl_send_cipher(conn
);
712 ssl_send_certfp(conn
);
715 /* ircd doesn't care about the reason for this */
716 close_conn(conn
, NO_WAIT
, 0);
721 ssl_process_connect_cb(rb_fde_t
*F
, int status
, void *data
)
727 conn_mod_read_cb(conn
->mod_fd
, conn
);
728 conn_plain_read_cb(conn
->plain_fd
, conn
);
729 ssl_send_cipher(conn
);
730 ssl_send_certfp(conn
);
732 else if(status
== RB_ERR_TIMEOUT
)
733 close_conn(conn
, WAIT_PLAIN
, "SSL handshake timed out");
734 else if(status
== RB_ERROR_SSL
)
735 close_conn(conn
, WAIT_PLAIN
, "%s", rb_get_ssl_strerror(conn
->mod_fd
));
737 close_conn(conn
, WAIT_PLAIN
, "SSL handshake failed");
742 cleanup_bad_message(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
746 /* XXX should log this somehow */
747 for (i
= 0; i
< ctlb
->nfds
; i
++)
748 rb_close(ctlb
->F
[i
]);
752 ssl_process_accept(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
757 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
759 id
= buf_to_uint32(&ctlb
->buf
[1]);
760 conn_add_id_hash(conn
, id
);
763 if(rb_get_type(conn
->mod_fd
) & RB_FD_UNKNOWN
)
764 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
766 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
767 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
769 rb_ssl_start_accepted(ctlb
->F
[0], ssl_process_accept_cb
, conn
, 10);
773 ssl_change_certfp_method(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
775 certfp_method
= buf_to_uint32(&ctlb
->buf
[1]);
779 ssl_process_connect(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
783 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
785 id
= buf_to_uint32(&ctlb
->buf
[1]);
786 conn_add_id_hash(conn
, id
);
789 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
790 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
792 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
793 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
796 rb_ssl_start_connected(ctlb
->F
[0], ssl_process_connect_cb
, conn
, 10);
800 process_stats(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
807 id
= buf_to_uint32(&ctlb
->buf
[1]);
809 odata
= &ctlb
->buf
[5];
810 conn
= conn_find_by_id(id
);
815 snprintf(outstat
, sizeof(outstat
), "S %s %llu %llu %llu %llu", odata
,
816 (unsigned long long)conn
->plain_out
,
817 (unsigned long long)conn
->mod_in
,
818 (unsigned long long)conn
->plain_in
,
819 (unsigned long long)conn
->mod_out
);
824 mod_cmd_write_queue(ctl
, outstat
, strlen(outstat
) + 1); /* +1 is so we send the \0 as well */
828 change_connid(mod_ctl_t
*ctl
, mod_ctl_buf_t
*ctlb
)
830 uint32_t id
= buf_to_uint32(&ctlb
->buf
[1]);
831 uint32_t newid
= buf_to_uint32(&ctlb
->buf
[5]);
832 conn_t
*conn
= conn_find_by_id(id
);
833 lrb_assert(conn
!= NULL
);
840 uint32_to_buf(&buf
[1], newid
);
841 sprintf((char *) &buf
[5], "connid %d does not exist", id
);
842 len
= (strlen((char *) &buf
[5]) + 1) + 5;
843 mod_cmd_write_queue(ctl
, buf
, len
);
847 rb_dlinkDelete(&conn
->node
, connid_hash(conn
->id
));
854 zlib_process(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
858 size_t hdr
= (sizeof(uint8_t) * 2) + sizeof(uint32_t);
860 z_stream
*instream
, *outstream
;
864 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
865 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
866 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
868 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
869 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
871 id
= buf_to_uint32(&ctlb
->buf
[1]);
872 conn_add_id_hash(conn
, id
);
874 level
= (uint8_t)ctlb
->buf
[5];
876 recvqlen
= ctlb
->buflen
- hdr
;
877 recvq_start
= &ctlb
->buf
[6];
880 conn
->stream
= rb_malloc(sizeof(zlib_stream_t
));
881 instream
= &((zlib_stream_t
*) conn
->stream
)->instream
;
882 outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
884 instream
->total_in
= 0;
885 instream
->total_out
= 0;
886 instream
->zalloc
= (alloc_func
) ssld_alloc
;
887 instream
->zfree
= (free_func
) ssld_free
;
888 instream
->data_type
= Z_ASCII
;
889 inflateInit(&((zlib_stream_t
*) conn
->stream
)->instream
);
891 outstream
->total_in
= 0;
892 outstream
->total_out
= 0;
893 outstream
->zalloc
= (alloc_func
) ssld_alloc
;
894 outstream
->zfree
= (free_func
) ssld_free
;
895 outstream
->data_type
= Z_ASCII
;
898 level
= (uint8_t) Z_DEFAULT_COMPRESSION
;
900 deflateInit(&((zlib_stream_t
*) conn
->stream
)->outstream
, level
);
902 common_zlib_inflate(conn
, recvq_start
, recvqlen
);
904 conn_mod_read_cb(conn
->mod_fd
, conn
);
905 conn_plain_read_cb(conn
->plain_fd
, conn
);
912 init_prng(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctl_buf
)
915 prng_seed_t seed_type
;
917 seed_type
= (prng_seed_t
) ctl_buf
->buf
[1];
918 path
= (char *) &ctl_buf
->buf
[2];
919 rb_init_prng(path
, seed_type
);
924 ssl_new_keys(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctl_buf
)
927 char *cert
, *key
, *dhparam
, *cipher_list
;
929 buf
= (char *) &ctl_buf
->buf
[2];
931 buf
+= strlen(cert
) + 1;
933 buf
+= strlen(key
) + 1;
935 if(strlen(dhparam
) == 0)
937 buf
+= strlen(dhparam
) + 1;
939 if(strlen(cipher_list
) == 0)
942 if(!rb_setup_ssl_server(cert
, key
, dhparam
, cipher_list
))
944 const char *invalid
= "I";
945 mod_cmd_write_queue(ctl
, invalid
, strlen(invalid
));
951 send_nossl_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
953 static const char *nossl_cmd
= "N";
959 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
960 id
= buf_to_uint32(&ctlb
->buf
[1]);
961 conn_add_id_hash(conn
, id
);
962 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no SSL/TLS support");
964 mod_cmd_write_queue(ctl
, nossl_cmd
, strlen(nossl_cmd
));
968 send_i_am_useless(mod_ctl_t
* ctl
)
970 static const char *useless
= "U";
971 mod_cmd_write_queue(ctl
, useless
, strlen(useless
));
975 send_version(mod_ctl_t
* ctl
)
977 char version
[256] = { 'V', 0 };
978 strncpy(&version
[1], rb_lib_version(), sizeof(version
) - 2);
979 mod_cmd_write_queue(ctl
, version
, strlen(version
));
983 send_nozlib_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
985 static const char *nozlib_cmd
= "z";
990 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
991 id
= buf_to_uint32(&ctlb
->buf
[1]);
992 conn_add_id_hash(conn
, id
);
993 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no zlib support");
995 mod_cmd_write_queue(ctl
, nozlib_cmd
, strlen(nozlib_cmd
));
999 mod_process_cmd_recv(mod_ctl_t
* ctl
)
1001 rb_dlink_node
*ptr
, *next
;
1002 mod_ctl_buf_t
*ctl_buf
;
1004 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->readq
.head
)
1006 ctl_buf
= ptr
->data
;
1008 switch (*ctl_buf
->buf
)
1012 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
1014 cleanup_bad_message(ctl
, ctl_buf
);
1020 send_nossl_support(ctl
, ctl_buf
);
1023 ssl_process_accept(ctl
, ctl_buf
);
1028 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
1030 cleanup_bad_message(ctl
, ctl_buf
);
1036 send_nossl_support(ctl
, ctl_buf
);
1039 ssl_process_connect(ctl
, ctl_buf
);
1044 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
1046 cleanup_bad_message(ctl
, ctl_buf
);
1049 ssl_change_certfp_method(ctl
, ctl_buf
);
1056 send_nossl_support(ctl
, ctl_buf
);
1059 ssl_new_keys(ctl
, ctl_buf
);
1063 init_prng(ctl
, ctl_buf
);
1067 process_stats(ctl
, ctl_buf
);
1072 change_connid(ctl
, ctl_buf
);
1079 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
< 6)
1081 cleanup_bad_message(ctl
, ctl_buf
);
1085 /* just zlib only */
1086 zlib_process(ctl
, ctl_buf
);
1092 send_nozlib_support(ctl
, ctl_buf
);
1098 /* Log unknown commands */
1100 rb_dlinkDelete(ptr
, &ctl
->readq
);
1101 rb_free(ctl_buf
->buf
);
1110 mod_read_ctl(rb_fde_t
*F
, void *data
)
1112 mod_ctl_buf_t
*ctl_buf
;
1113 mod_ctl_t
*ctl
= data
;
1119 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
1120 ctl_buf
->buf
= rb_malloc(READBUF_SIZE
);
1121 ctl_buf
->buflen
= READBUF_SIZE
;
1122 retlen
= rb_recv_fd_buf(ctl
->F
, ctl_buf
->buf
, ctl_buf
->buflen
, ctl_buf
->F
,
1126 rb_free(ctl_buf
->buf
);
1131 ctl_buf
->buflen
= retlen
;
1132 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->readq
);
1133 for (i
= 0; i
< MAXPASSFD
&& ctl_buf
->F
[i
] != NULL
; i
++)
1140 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1143 mod_process_cmd_recv(ctl
);
1144 rb_setselect(ctl
->F
, RB_SELECT_READ
, mod_read_ctl
, ctl
);
1148 mod_write_ctl(rb_fde_t
*F
, void *data
)
1150 mod_ctl_t
*ctl
= data
;
1151 mod_ctl_buf_t
*ctl_buf
;
1152 rb_dlink_node
*ptr
, *next
;
1155 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->writeq
.head
)
1157 ctl_buf
= ptr
->data
;
1158 retlen
= rb_send_fd_buf(ctl
->F
, ctl_buf
->F
, ctl_buf
->nfds
, ctl_buf
->buf
,
1159 ctl_buf
->buflen
, ppid
);
1162 rb_dlinkDelete(ptr
, &ctl
->writeq
);
1163 for(x
= 0; x
< ctl_buf
->nfds
; x
++)
1164 rb_close(ctl_buf
->F
[x
]);
1165 rb_free(ctl_buf
->buf
);
1169 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1173 if(rb_dlink_list_length(&ctl
->writeq
) > 0)
1174 rb_setselect(ctl
->F
, RB_SELECT_WRITE
, mod_write_ctl
, ctl
);
1179 read_pipe_ctl(rb_fde_t
*F
, void *data
)
1181 char inbuf
[READBUF_SIZE
];
1183 while((retlen
= rb_read(F
, inbuf
, sizeof(inbuf
))) > 0)
1185 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1187 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1189 rb_setselect(F
, RB_SELECT_READ
, read_pipe_ctl
, NULL
);
1194 main(int argc
, char **argv
)
1196 const char *s_ctlfd
, *s_pipe
, *s_pid
;
1197 int ctlfd
, pipefd
, x
, maxfd
;
1200 s_ctlfd
= getenv("CTL_FD");
1201 s_pipe
= getenv("CTL_PIPE");
1202 s_pid
= getenv("CTL_PPID");
1204 if(s_ctlfd
== NULL
|| s_pipe
== NULL
|| s_pid
== NULL
)
1207 "This is the charybdis ssld for internal ircd use.\n");
1209 "You aren't supposed to run me directly. Exiting.\n");
1213 ctlfd
= atoi(s_ctlfd
);
1214 pipefd
= atoi(s_pipe
);
1218 for(x
= 0; x
< maxfd
; x
++)
1220 if(x
!= ctlfd
&& x
!= pipefd
&& x
> 2)
1223 x
= open("/dev/null", O_RDWR
);
1227 if(ctlfd
!= 0 && pipefd
!= 0)
1229 if(ctlfd
!= 1 && pipefd
!= 1)
1231 if(ctlfd
!= 2 && pipefd
!= 2)
1238 rb_lib_init(NULL
, NULL
, NULL
, 0, maxfd
, 1024, 4096);
1239 rb_init_rawbuffers(1024);
1240 ssl_ok
= rb_supports_ssl();
1241 mod_ctl
= rb_malloc(sizeof(mod_ctl_t
));
1242 mod_ctl
->F
= rb_open(ctlfd
, RB_FD_SOCKET
, "ircd control socket");
1243 mod_ctl
->F_pipe
= rb_open(pipefd
, RB_FD_PIPE
, "ircd pipe");
1244 rb_set_nb(mod_ctl
->F
);
1245 rb_set_nb(mod_ctl
->F_pipe
);
1246 rb_event_addish("clean_dead_conns", clean_dead_conns
, NULL
, 10);
1247 rb_event_add("check_handshake_flood", check_handshake_flood
, NULL
, 10);
1248 read_pipe_ctl(mod_ctl
->F_pipe
, NULL
);
1249 mod_read_ctl(mod_ctl
->F
, mod_ctl
);
1250 send_version(mod_ctl
);
1251 if(!zlib_ok
&& !ssl_ok
)
1253 /* this is really useless... */
1254 send_i_am_useless(mod_ctl
);
1255 /* sleep until the ircd kills us */
1256 rb_sleep(2 << 30, 0);
1261 send_nozlib_support(mod_ctl
, NULL
);
1263 send_nossl_support(mod_ctl
, NULL
);
1271 dummy_handler(int sig
)
1281 struct sigaction act
;
1284 act
.sa_handler
= SIG_IGN
;
1285 sigemptyset(&act
.sa_mask
);
1286 sigaddset(&act
.sa_mask
, SIGPIPE
);
1287 sigaddset(&act
.sa_mask
, SIGALRM
);
1289 sigaddset(&act
.sa_mask
, SIGTRAP
);
1293 sigaddset(&act
.sa_mask
, SIGWINCH
);
1294 sigaction(SIGWINCH
, &act
, 0);
1296 sigaction(SIGPIPE
, &act
, 0);
1298 sigaction(SIGTRAP
, &act
, 0);
1301 act
.sa_handler
= dummy_handler
;
1302 sigaction(SIGALRM
, &act
, 0);