2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
31 #define READBUF_SIZE 16384
34 static void setup_signals(void);
37 static inline uint32_t
38 buf_to_uint32(uint8_t *buf
)
41 memcpy(&x
, buf
, sizeof(x
));
46 uint32_to_buf(uint8_t *buf
, uint32_t x
)
48 memcpy(buf
, &x
, sizeof(x
));
52 typedef struct _mod_ctl_buf
57 rb_fde_t
*F
[MAXPASSFD
];
61 typedef struct _mod_ctl
71 static mod_ctl_t
*mod_ctl
;
75 typedef struct _zlib_stream
86 rawbuf_head_t
*modbuf_out
;
87 rawbuf_head_t
*plainbuf_out
;
101 #define FLAG_SSL 0x01
102 #define FLAG_ZIP 0x02
103 #define FLAG_CORK 0x04
104 #define FLAG_DEAD 0x08
105 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
106 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
107 #define FLAG_ZIPSSL 0x40
109 #define IsSSL(x) ((x)->flags & FLAG_SSL)
110 #define IsZip(x) ((x)->flags & FLAG_ZIP)
111 #define IsCork(x) ((x)->flags & FLAG_CORK)
112 #define IsDead(x) ((x)->flags & FLAG_DEAD)
113 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
114 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
115 #define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
117 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
118 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
119 #define SetCork(x) ((x)->flags |= FLAG_CORK)
120 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
121 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
122 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
123 #define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
125 #define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
126 #define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
127 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
128 #define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
129 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
130 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
131 #define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
134 #define WAIT_PLAIN 0x1
136 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
137 #define HASH_WALK_END }
138 #define CONN_HASH_SIZE 2000
139 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
143 static rb_dlink_list connid_hash_table
[CONN_HASH_SIZE
];
144 static rb_dlink_list dead_list
;
146 static void conn_mod_read_cb(rb_fde_t
*fd
, void *data
);
147 static void conn_mod_write_sendq(rb_fde_t
*, void *data
);
148 static void conn_plain_write_sendq(rb_fde_t
*, void *data
);
149 static void mod_write_ctl(rb_fde_t
*, void *data
);
150 static void conn_plain_read_cb(rb_fde_t
*fd
, void *data
);
151 static void conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
);
152 static void mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
);
153 static const char *remote_closed
= "Remote host closed the connection";
154 static bool ssld_ssl_ok
;
155 static int certfp_method
= RB_SSL_CERTFP_METH_SHA1
;
157 static bool zlib_ok
= true;
159 static bool zlib_ok
= false;
165 ssld_alloc(void *unused
, size_t count
, size_t size
)
167 return rb_malloc(count
* size
);
171 ssld_free(void *unused
, void *ptr
)
178 conn_find_by_id(uint32_t id
)
183 RB_DLINK_FOREACH(ptr
, (connid_hash(id
))->head
)
186 if(conn
->id
== id
&& !IsDead(conn
))
193 conn_add_id_hash(conn_t
* conn
, uint32_t id
)
196 rb_dlinkAdd(conn
, &conn
->node
, connid_hash(id
));
200 free_conn(conn_t
* conn
)
202 rb_free_rawbuffer(conn
->modbuf_out
);
203 rb_free_rawbuffer(conn
->plainbuf_out
);
207 zlib_stream_t
*stream
= conn
->stream
;
208 inflateEnd(&stream
->instream
);
209 deflateEnd(&stream
->outstream
);
217 clean_dead_conns(void *unused
)
220 rb_dlink_node
*ptr
, *next
;
221 RB_DLINK_FOREACH_SAFE(ptr
, next
, dead_list
.head
)
226 dead_list
.tail
= dead_list
.head
= NULL
;
231 close_conn(conn_t
* conn
, int wait_plain
, const char *fmt
, ...)
234 char reason
[128]; /* must always be under 250 bytes */
240 rb_rawbuf_flush(conn
->modbuf_out
, conn
->mod_fd
);
241 rb_rawbuf_flush(conn
->plainbuf_out
, conn
->plain_fd
);
242 rb_close(conn
->mod_fd
);
246 rb_dlinkDelete(&conn
->node
, connid_hash(conn
->id
));
248 if(!wait_plain
|| fmt
== NULL
)
250 rb_close(conn
->plain_fd
);
251 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
254 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
255 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
257 vsnprintf(reason
, sizeof(reason
), fmt
, ap
);
261 uint32_to_buf(&buf
[1], conn
->id
);
262 rb_strlcpy((char *) &buf
[5], reason
, sizeof(buf
) - 5);
263 len
= (strlen(reason
) + 1) + 5;
264 mod_cmd_write_queue(conn
->ctl
, buf
, len
);
268 make_conn(mod_ctl_t
* ctl
, rb_fde_t
*mod_fd
, rb_fde_t
*plain_fd
)
270 conn_t
*conn
= rb_malloc(sizeof(conn_t
));
272 conn
->modbuf_out
= rb_new_rawbuffer();
273 conn
->plainbuf_out
= rb_new_rawbuffer();
274 conn
->mod_fd
= mod_fd
;
275 conn
->plain_fd
= plain_fd
;
284 check_handshake_flood(void *unused
)
287 rb_dlink_node
*ptr
, *next
;
290 HASH_WALK_SAFE(i
, CONN_HASH_SIZE
, ptr
, next
, connid_hash_table
)
296 count
= rb_ssl_handshake_count(conn
->mod_fd
);
297 /* nothing needs to do this more than twice in ten seconds i don't think */
299 close_conn(conn
, WAIT_PLAIN
, "Handshake flooding");
301 rb_ssl_clear_handshake_count(conn
->mod_fd
);
306 conn_mod_write_sendq(rb_fde_t
*fd
, void *data
)
314 if(IsSSLWWantsR(conn
))
316 ClearSSLWWantsR(conn
);
317 conn_mod_read_cb(conn
->mod_fd
, conn
);
322 while((retlen
= rb_rawbuf_flush(conn
->modbuf_out
, fd
)) > 0)
323 conn
->mod_out
+= retlen
;
325 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
328 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
329 if(IsSSL(conn
) && retlen
== RB_RW_SSL_ERROR
)
330 err
= rb_get_ssl_strerror(conn
->mod_fd
);
332 err
= strerror(errno
);
333 close_conn(conn
, WAIT_PLAIN
, "Write error: %s", err
);
336 if(rb_rawbuf_length(conn
->modbuf_out
) > 0)
338 if(retlen
!= RB_RW_SSL_NEED_READ
)
339 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_write_sendq
, conn
);
342 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_write_sendq
, conn
);
343 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
348 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
350 if(IsCork(conn
) && rb_rawbuf_length(conn
->modbuf_out
) == 0)
353 conn_plain_read_cb(conn
->plain_fd
, conn
);
359 conn_mod_write(conn_t
* conn
, void *data
, size_t len
)
361 if(IsDead(conn
)) /* no point in queueing to a dead man */
363 rb_rawbuf_append(conn
->modbuf_out
, data
, len
);
367 conn_plain_write(conn_t
* conn
, void *data
, size_t len
)
369 if(IsDead(conn
)) /* again no point in queueing to dead men */
371 rb_rawbuf_append(conn
->plainbuf_out
, data
, len
);
375 mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
)
377 mod_ctl_buf_t
*ctl_buf
;
378 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
379 ctl_buf
->buf
= rb_malloc(len
);
380 ctl_buf
->buflen
= len
;
381 memcpy(ctl_buf
->buf
, data
, len
);
383 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->writeq
);
384 mod_write_ctl(ctl
->F
, ctl
);
389 common_zlib_deflate(conn_t
* conn
, void *buf
, size_t len
)
391 char outbuf
[READBUF_SIZE
];
393 z_stream
*outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
394 outstream
->next_in
= buf
;
395 outstream
->avail_in
= len
;
396 outstream
->next_out
= (Bytef
*) outbuf
;
397 outstream
->avail_out
= sizeof(outbuf
);
399 ret
= deflate(outstream
, Z_SYNC_FLUSH
);
403 close_conn(conn
, WAIT_PLAIN
, "Deflate failed: %s", zError(ret
));
406 if(outstream
->avail_out
== 0)
408 /* avail_out empty */
409 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_out == 0");
412 if(outstream
->avail_in
!= 0)
414 /* avail_in isn't empty... */
415 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_in != 0");
418 have
= sizeof(outbuf
) - outstream
->avail_out
;
419 conn_mod_write(conn
, outbuf
, have
);
423 common_zlib_inflate(conn_t
* conn
, void *buf
, size_t len
)
425 char outbuf
[READBUF_SIZE
];
427 ((zlib_stream_t
*) conn
->stream
)->instream
.next_in
= buf
;
428 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
= len
;
429 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
430 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
432 while(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
434 ret
= inflate(&((zlib_stream_t
*) conn
->stream
)->instream
, Z_NO_FLUSH
);
437 if(!strncmp("ERROR ", buf
, 6))
439 close_conn(conn
, WAIT_PLAIN
, "Received uncompressed ERROR");
442 close_conn(conn
, WAIT_PLAIN
, "Inflate failed: %s", zError(ret
));
445 have
= sizeof(outbuf
) - ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
;
447 if(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
449 conn_plain_write(conn
, outbuf
, have
);
451 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
452 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
458 conn_plain_write(conn
, outbuf
, have
);
463 plain_check_cork(conn_t
* conn
)
465 if(rb_rawbuf_length(conn
->modbuf_out
) >= 4096)
467 /* if we have over 4k pending outbound, don't read until
468 * we've cleared the queue */
470 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, NULL
, NULL
);
472 conn_mod_write_sendq(conn
->mod_fd
, conn
);
480 conn_plain_read_cb(rb_fde_t
*fd
, void *data
)
482 char inbuf
[READBUF_SIZE
];
491 if(plain_check_cork(conn
))
499 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
501 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
503 close_conn(conn
, NO_WAIT
, NULL
);
509 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_cb
, conn
);
510 conn_mod_write_sendq(conn
->mod_fd
, conn
);
513 conn
->plain_in
+= length
;
517 common_zlib_deflate(conn
, inbuf
, length
);
520 conn_mod_write(conn
, inbuf
, length
);
523 if(plain_check_cork(conn
))
529 conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
)
531 char inbuf
[READBUF_SIZE
];
540 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
542 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
544 rb_close(conn
->plain_fd
);
545 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
551 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
558 conn_mod_read_cb(rb_fde_t
*fd
, void *data
)
560 char inbuf
[READBUF_SIZE
];
562 const char *err
= remote_closed
;
569 if(IsSSLRWantsW(conn
))
571 ClearSSLRWantsW(conn
);
572 conn_mod_write_sendq(conn
->mod_fd
, conn
);
582 length
= rb_read(conn
->mod_fd
, inbuf
, sizeof(inbuf
));
584 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
588 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
592 if(IsSSL(conn
) && length
== RB_RW_SSL_ERROR
)
593 err
= rb_get_ssl_strerror(conn
->mod_fd
);
595 err
= strerror(errno
);
596 close_conn(conn
, WAIT_PLAIN
, "Read error: %s", err
);
601 if(length
!= RB_RW_SSL_NEED_WRITE
)
602 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_read_cb
, conn
);
605 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, NULL
, NULL
);
606 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_read_cb
, conn
);
609 conn_plain_write_sendq(conn
->plain_fd
, conn
);
612 conn
->mod_in
+= length
;
615 common_zlib_inflate(conn
, inbuf
, length
);
618 conn_plain_write(conn
, inbuf
, length
);
623 conn_plain_write_sendq(rb_fde_t
*fd
, void *data
)
631 while((retlen
= rb_rawbuf_flush(conn
->plainbuf_out
, fd
)) > 0)
633 conn
->plain_out
+= retlen
;
635 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
637 close_conn(data
, NO_WAIT
, NULL
);
642 if(rb_rawbuf_length(conn
->plainbuf_out
) > 0)
643 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, conn_plain_write_sendq
, conn
);
645 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
651 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
654 if(!getrlimit(RLIMIT_NOFILE
, &limit
))
656 return limit
.rlim_cur
;
658 #endif /* RLIMIT_FD_MAX */
659 return MAXCONNECTIONS
;
663 ssl_send_cipher(conn_t
*conn
)
672 p
= rb_ssl_get_cipher(conn
->mod_fd
);
677 rb_strlcpy(cstring
, p
, sizeof(cstring
));
680 uint32_to_buf(&buf
[1], conn
->id
);
681 strcpy((char *) &buf
[5], cstring
);
682 len
= (strlen(cstring
) + 1) + 5;
683 mod_cmd_write_queue(conn
->ctl
, buf
, len
);
687 ssl_send_certfp(conn_t
*conn
)
689 uint8_t buf
[9 + RB_SSL_CERTFP_LEN
];
691 int len
= rb_get_ssl_certfp(conn
->mod_fd
, &buf
[9], certfp_method
);
695 lrb_assert(len
<= RB_SSL_CERTFP_LEN
);
697 uint32_to_buf(&buf
[1], conn
->id
);
698 uint32_to_buf(&buf
[5], len
);
699 mod_cmd_write_queue(conn
->ctl
, buf
, 9 + len
);
703 ssl_process_accept_cb(rb_fde_t
*F
, int status
, struct sockaddr
*addr
, rb_socklen_t len
, void *data
)
709 conn_mod_read_cb(conn
->mod_fd
, conn
);
710 conn_plain_read_cb(conn
->plain_fd
, conn
);
711 ssl_send_cipher(conn
);
712 ssl_send_certfp(conn
);
715 /* ircd doesn't care about the reason for this */
716 close_conn(conn
, NO_WAIT
, 0);
721 ssl_process_connect_cb(rb_fde_t
*F
, int status
, void *data
)
727 conn_mod_read_cb(conn
->mod_fd
, conn
);
728 conn_plain_read_cb(conn
->plain_fd
, conn
);
729 ssl_send_cipher(conn
);
730 ssl_send_certfp(conn
);
732 else if(status
== RB_ERR_TIMEOUT
)
733 close_conn(conn
, WAIT_PLAIN
, "SSL handshake timed out");
734 else if(status
== RB_ERROR_SSL
)
735 close_conn(conn
, WAIT_PLAIN
, "%s", rb_get_ssl_strerror(conn
->mod_fd
));
737 close_conn(conn
, WAIT_PLAIN
, "SSL handshake failed");
742 cleanup_bad_message(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
746 /* XXX should log this somehow */
747 for (i
= 0; i
< ctlb
->nfds
; i
++)
748 rb_close(ctlb
->F
[i
]);
752 ssl_process_accept(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
757 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
759 id
= buf_to_uint32(&ctlb
->buf
[1]);
760 conn_add_id_hash(conn
, id
);
763 if(rb_get_type(conn
->mod_fd
) & RB_FD_UNKNOWN
)
764 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
766 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
767 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
769 rb_ssl_start_accepted(ctlb
->F
[0], ssl_process_accept_cb
, conn
, 10);
773 ssl_change_certfp_method(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
775 certfp_method
= buf_to_uint32(&ctlb
->buf
[1]);
779 ssl_process_connect(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
783 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
785 id
= buf_to_uint32(&ctlb
->buf
[1]);
786 conn_add_id_hash(conn
, id
);
789 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
790 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
792 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
793 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
796 rb_ssl_start_connected(ctlb
->F
[0], ssl_process_connect_cb
, conn
, 10);
800 process_stats(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
807 id
= buf_to_uint32(&ctlb
->buf
[1]);
809 odata
= &ctlb
->buf
[5];
810 conn
= conn_find_by_id(id
);
815 snprintf(outstat
, sizeof(outstat
), "S %s %llu %llu %llu %llu", odata
,
816 (unsigned long long)conn
->plain_out
,
817 (unsigned long long)conn
->mod_in
,
818 (unsigned long long)conn
->plain_in
,
819 (unsigned long long)conn
->mod_out
);
824 mod_cmd_write_queue(ctl
, outstat
, strlen(outstat
) + 1); /* +1 is so we send the \0 as well */
829 zlib_process(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
833 size_t hdr
= (sizeof(uint8_t) * 2) + sizeof(uint32_t);
835 z_stream
*instream
, *outstream
;
839 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
840 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
841 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
843 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
844 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
846 id
= buf_to_uint32(&ctlb
->buf
[1]);
847 conn_add_id_hash(conn
, id
);
849 level
= (uint8_t)ctlb
->buf
[5];
851 recvqlen
= ctlb
->buflen
- hdr
;
852 recvq_start
= &ctlb
->buf
[6];
855 conn
->stream
= rb_malloc(sizeof(zlib_stream_t
));
856 instream
= &((zlib_stream_t
*) conn
->stream
)->instream
;
857 outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
859 instream
->total_in
= 0;
860 instream
->total_out
= 0;
861 instream
->zalloc
= (alloc_func
) ssld_alloc
;
862 instream
->zfree
= (free_func
) ssld_free
;
863 instream
->data_type
= Z_ASCII
;
864 inflateInit(&((zlib_stream_t
*) conn
->stream
)->instream
);
866 outstream
->total_in
= 0;
867 outstream
->total_out
= 0;
868 outstream
->zalloc
= (alloc_func
) ssld_alloc
;
869 outstream
->zfree
= (free_func
) ssld_free
;
870 outstream
->data_type
= Z_ASCII
;
873 level
= (uint8_t) Z_DEFAULT_COMPRESSION
;
875 deflateInit(&((zlib_stream_t
*) conn
->stream
)->outstream
, level
);
877 common_zlib_inflate(conn
, recvq_start
, recvqlen
);
879 conn_mod_read_cb(conn
->mod_fd
, conn
);
880 conn_plain_read_cb(conn
->plain_fd
, conn
);
887 init_prng(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctl_buf
)
890 prng_seed_t seed_type
;
892 seed_type
= (prng_seed_t
) ctl_buf
->buf
[1];
893 path
= (char *) &ctl_buf
->buf
[2];
894 rb_init_prng(path
, seed_type
);
899 ssl_new_keys(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctl_buf
)
902 char *cert
, *key
, *dhparam
, *cipher_list
;
904 buf
= (char *) &ctl_buf
->buf
[2];
906 buf
+= strlen(cert
) + 1;
908 buf
+= strlen(key
) + 1;
910 if(strlen(dhparam
) == 0)
912 buf
+= strlen(dhparam
) + 1;
914 if(strlen(cipher_list
) == 0)
917 if(!rb_setup_ssl_server(cert
, key
, dhparam
, cipher_list
))
919 const char *invalid
= "I";
920 mod_cmd_write_queue(ctl
, invalid
, strlen(invalid
));
926 send_nossl_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
928 static const char *nossl_cmd
= "N";
934 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
935 id
= buf_to_uint32(&ctlb
->buf
[1]);
936 conn_add_id_hash(conn
, id
);
937 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no SSL/TLS support");
939 mod_cmd_write_queue(ctl
, nossl_cmd
, strlen(nossl_cmd
));
943 send_i_am_useless(mod_ctl_t
* ctl
)
945 static const char *useless
= "U";
946 mod_cmd_write_queue(ctl
, useless
, strlen(useless
));
950 send_version(mod_ctl_t
* ctl
)
952 char version
[256] = { 'V', 0 };
953 strncpy(&version
[1], rb_lib_version(), sizeof(version
) - 2);
954 mod_cmd_write_queue(ctl
, version
, strlen(version
));
958 send_nozlib_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
960 static const char *nozlib_cmd
= "z";
965 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
966 id
= buf_to_uint32(&ctlb
->buf
[1]);
967 conn_add_id_hash(conn
, id
);
968 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no zlib support");
970 mod_cmd_write_queue(ctl
, nozlib_cmd
, strlen(nozlib_cmd
));
974 mod_process_cmd_recv(mod_ctl_t
* ctl
)
976 rb_dlink_node
*ptr
, *next
;
977 mod_ctl_buf_t
*ctl_buf
;
979 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->readq
.head
)
983 switch (*ctl_buf
->buf
)
987 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
989 cleanup_bad_message(ctl
, ctl_buf
);
995 send_nossl_support(ctl
, ctl_buf
);
998 ssl_process_accept(ctl
, ctl_buf
);
1003 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
1005 cleanup_bad_message(ctl
, ctl_buf
);
1011 send_nossl_support(ctl
, ctl_buf
);
1014 ssl_process_connect(ctl
, ctl_buf
);
1019 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
1021 cleanup_bad_message(ctl
, ctl_buf
);
1024 ssl_change_certfp_method(ctl
, ctl_buf
);
1031 send_nossl_support(ctl
, ctl_buf
);
1034 ssl_new_keys(ctl
, ctl_buf
);
1038 init_prng(ctl
, ctl_buf
);
1042 process_stats(ctl
, ctl_buf
);
1049 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
< 6)
1051 cleanup_bad_message(ctl
, ctl_buf
);
1055 /* just zlib only */
1056 zlib_process(ctl
, ctl_buf
);
1062 send_nozlib_support(ctl
, ctl_buf
);
1068 /* Log unknown commands */
1070 rb_dlinkDelete(ptr
, &ctl
->readq
);
1071 rb_free(ctl_buf
->buf
);
1080 mod_read_ctl(rb_fde_t
*F
, void *data
)
1082 mod_ctl_buf_t
*ctl_buf
;
1083 mod_ctl_t
*ctl
= data
;
1089 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
1090 ctl_buf
->buf
= rb_malloc(READBUF_SIZE
);
1091 ctl_buf
->buflen
= READBUF_SIZE
;
1092 retlen
= rb_recv_fd_buf(ctl
->F
, ctl_buf
->buf
, ctl_buf
->buflen
, ctl_buf
->F
,
1096 rb_free(ctl_buf
->buf
);
1101 ctl_buf
->buflen
= retlen
;
1102 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->readq
);
1103 for (i
= 0; i
< MAXPASSFD
&& ctl_buf
->F
[i
] != NULL
; i
++)
1110 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1113 mod_process_cmd_recv(ctl
);
1114 rb_setselect(ctl
->F
, RB_SELECT_READ
, mod_read_ctl
, ctl
);
1118 mod_write_ctl(rb_fde_t
*F
, void *data
)
1120 mod_ctl_t
*ctl
= data
;
1121 mod_ctl_buf_t
*ctl_buf
;
1122 rb_dlink_node
*ptr
, *next
;
1125 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->writeq
.head
)
1127 ctl_buf
= ptr
->data
;
1128 retlen
= rb_send_fd_buf(ctl
->F
, ctl_buf
->F
, ctl_buf
->nfds
, ctl_buf
->buf
,
1129 ctl_buf
->buflen
, ppid
);
1132 rb_dlinkDelete(ptr
, &ctl
->writeq
);
1133 for(x
= 0; x
< ctl_buf
->nfds
; x
++)
1134 rb_close(ctl_buf
->F
[x
]);
1135 rb_free(ctl_buf
->buf
);
1139 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1143 if(rb_dlink_list_length(&ctl
->writeq
) > 0)
1144 rb_setselect(ctl
->F
, RB_SELECT_WRITE
, mod_write_ctl
, ctl
);
1149 read_pipe_ctl(rb_fde_t
*F
, void *data
)
1151 char inbuf
[READBUF_SIZE
];
1153 while((retlen
= rb_read(F
, inbuf
, sizeof(inbuf
))) > 0)
1155 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1157 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1159 rb_setselect(F
, RB_SELECT_READ
, read_pipe_ctl
, NULL
);
1164 main(int argc
, char **argv
)
1166 const char *s_ctlfd
, *s_pipe
, *s_pid
;
1167 int ctlfd
, pipefd
, x
, maxfd
;
1170 s_ctlfd
= getenv("CTL_FD");
1171 s_pipe
= getenv("CTL_PIPE");
1172 s_pid
= getenv("CTL_PPID");
1174 if(s_ctlfd
== NULL
|| s_pipe
== NULL
|| s_pid
== NULL
)
1177 "This is the charybdis ssld for internal ircd use.\n");
1179 "You aren't supposed to run me directly. Exiting.\n");
1183 ctlfd
= atoi(s_ctlfd
);
1184 pipefd
= atoi(s_pipe
);
1188 for(x
= 0; x
< maxfd
; x
++)
1190 if(x
!= ctlfd
&& x
!= pipefd
&& x
> 2)
1193 x
= open("/dev/null", O_RDWR
);
1197 if(ctlfd
!= 0 && pipefd
!= 0)
1199 if(ctlfd
!= 1 && pipefd
!= 1)
1201 if(ctlfd
!= 2 && pipefd
!= 2)
1208 rb_lib_init(NULL
, NULL
, NULL
, 0, maxfd
, 1024, 4096);
1209 rb_init_rawbuffers(1024);
1210 ssld_ssl_ok
= rb_supports_ssl();
1211 mod_ctl
= rb_malloc(sizeof(mod_ctl_t
));
1212 mod_ctl
->F
= rb_open(ctlfd
, RB_FD_SOCKET
, "ircd control socket");
1213 mod_ctl
->F_pipe
= rb_open(pipefd
, RB_FD_PIPE
, "ircd pipe");
1214 rb_set_nb(mod_ctl
->F
);
1215 rb_set_nb(mod_ctl
->F_pipe
);
1216 rb_event_addish("clean_dead_conns", clean_dead_conns
, NULL
, 10);
1217 rb_event_add("check_handshake_flood", check_handshake_flood
, NULL
, 10);
1218 read_pipe_ctl(mod_ctl
->F_pipe
, NULL
);
1219 mod_read_ctl(mod_ctl
->F
, mod_ctl
);
1220 send_version(mod_ctl
);
1221 if(!zlib_ok
&& !ssld_ssl_ok
)
1223 /* this is really useless... */
1224 send_i_am_useless(mod_ctl
);
1225 /* sleep until the ircd kills us */
1226 rb_sleep(2 << 30, 0);
1231 send_nozlib_support(mod_ctl
, NULL
);
1233 send_nossl_support(mod_ctl
, NULL
);
1241 dummy_handler(int sig
)
1251 struct sigaction act
;
1254 act
.sa_handler
= SIG_IGN
;
1255 sigemptyset(&act
.sa_mask
);
1256 sigaddset(&act
.sa_mask
, SIGPIPE
);
1257 sigaddset(&act
.sa_mask
, SIGALRM
);
1259 sigaddset(&act
.sa_mask
, SIGTRAP
);
1263 sigaddset(&act
.sa_mask
, SIGWINCH
);
1264 sigaction(SIGWINCH
, &act
, 0);
1266 sigaction(SIGPIPE
, &act
, 0);
1268 sigaction(SIGTRAP
, &act
, 0);
1271 act
.sa_handler
= dummy_handler
;
1272 sigaction(SIGALRM
, &act
, 0);