2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
33 #define READBUF_SIZE 16384
36 static void setup_signals(void);
40 buf_to_int32(char *buf
)
43 memcpy(&x
, buf
, sizeof(x
));
48 int32_to_buf(char *buf
, int32_t x
)
50 memcpy(buf
, &x
, sizeof(x
));
54 static inline uint16_t
55 buf_to_uint16(char *buf
)
58 memcpy(&x
, buf
, sizeof(x
));
63 uint16_to_buf(char *buf
, uint16_t x
)
65 memcpy(buf
, &x
, sizeof(x
));
70 static char inbuf
[READBUF_SIZE
];
72 static char outbuf
[READBUF_SIZE
];
75 typedef struct _mod_ctl_buf
80 rb_fde_t
*F
[MAXPASSFD
];
84 typedef struct _mod_ctl
94 static mod_ctl_t
*mod_ctl
;
98 typedef struct _zlib_stream
109 rawbuf_head_t
*modbuf_out
;
110 rawbuf_head_t
*plainbuf_out
;
116 unsigned long long mod_out
;
117 unsigned long long mod_in
;
118 unsigned long long plain_in
;
119 unsigned long long plain_out
;
124 #define FLAG_SSL 0x01
125 #define FLAG_ZIP 0x02
126 #define FLAG_CORK 0x04
127 #define FLAG_DEAD 0x08
128 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
129 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
130 #define FLAG_ZIPSSL 0x40
132 #define IsSSL(x) ((x)->flags & FLAG_SSL)
133 #define IsZip(x) ((x)->flags & FLAG_ZIP)
134 #define IsCork(x) ((x)->flags & FLAG_CORK)
135 #define IsDead(x) ((x)->flags & FLAG_DEAD)
136 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
137 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
138 #define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
140 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
141 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
142 #define SetCork(x) ((x)->flags |= FLAG_CORK)
143 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
144 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
145 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
146 #define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
148 #define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
149 #define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
150 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
151 #define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
152 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
153 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
154 #define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
157 #define WAIT_PLAIN 0x1
159 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
160 #define HASH_WALK_END }
161 #define CONN_HASH_SIZE 2000
162 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
166 static rb_dlink_list connid_hash_table
[CONN_HASH_SIZE
];
167 static rb_dlink_list dead_list
;
169 static void conn_mod_read_cb(rb_fde_t
*fd
, void *data
);
170 static void conn_mod_write_sendq(rb_fde_t
*, void *data
);
171 static void conn_plain_write_sendq(rb_fde_t
*, void *data
);
172 static void mod_write_ctl(rb_fde_t
*, void *data
);
173 static void conn_plain_read_cb(rb_fde_t
*fd
, void *data
);
174 static void conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
);
175 static void mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
);
176 static const char *remote_closed
= "Remote host closed the connection";
179 static int zlib_ok
= 1;
181 static int zlib_ok
= 0;
187 ssld_alloc(void *unused
, size_t count
, size_t size
)
189 return rb_malloc(count
* size
);
193 ssld_free(void *unused
, void *ptr
)
200 conn_find_by_id(int32_t id
)
205 RB_DLINK_FOREACH(ptr
, (connid_hash(id
))->head
)
208 if(conn
->id
== id
&& !IsDead(conn
))
215 conn_add_id_hash(conn_t
* conn
, int32_t id
)
218 rb_dlinkAdd(conn
, &conn
->node
, connid_hash(id
));
222 free_conn(conn_t
* conn
)
224 rb_free_rawbuffer(conn
->modbuf_out
);
225 rb_free_rawbuffer(conn
->plainbuf_out
);
229 zlib_stream_t
*stream
= conn
->stream
;
230 inflateEnd(&stream
->instream
);
231 deflateEnd(&stream
->outstream
);
238 clean_dead_conns(void *unused
)
241 rb_dlink_node
*ptr
, *next
;
242 RB_DLINK_FOREACH_SAFE(ptr
, next
, dead_list
.head
)
247 dead_list
.tail
= dead_list
.head
= NULL
;
252 close_conn(conn_t
* conn
, int wait_plain
, const char *fmt
, ...)
255 char reason
[128]; /* must always be under 250 bytes */
261 rb_rawbuf_flush(conn
->modbuf_out
, conn
->mod_fd
);
262 rb_rawbuf_flush(conn
->plainbuf_out
, conn
->plain_fd
);
263 rb_close(conn
->mod_fd
);
266 if(conn
->id
>= 0 && !IsZipSSL(conn
))
267 rb_dlinkDelete(&conn
->node
, connid_hash(conn
->id
));
269 if(!wait_plain
|| fmt
== NULL
)
271 rb_close(conn
->plain_fd
);
272 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
275 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
276 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
278 rb_vsnprintf(reason
, sizeof(reason
), fmt
, ap
);
282 int32_to_buf(&buf
[1], conn
->id
);
283 strcpy(&buf
[5], reason
);
284 len
= (strlen(reason
) + 1) + 5;
285 mod_cmd_write_queue(conn
->ctl
, buf
, len
);
289 make_conn(mod_ctl_t
* ctl
, rb_fde_t
*mod_fd
, rb_fde_t
*plain_fd
)
291 conn_t
*conn
= rb_malloc(sizeof(conn_t
));
293 conn
->modbuf_out
= rb_new_rawbuffer();
294 conn
->plainbuf_out
= rb_new_rawbuffer();
295 conn
->mod_fd
= mod_fd
;
296 conn
->plain_fd
= plain_fd
;
305 check_handshake_flood(void *unused
)
308 rb_dlink_node
*ptr
, *next
;
311 HASH_WALK_SAFE(i
, CONN_HASH_SIZE
, ptr
, next
, connid_hash_table
)
317 count
= rb_ssl_handshake_count(conn
->mod_fd
);
318 /* nothing needs to do this more than twice in ten seconds i don't think */
320 close_conn(conn
, WAIT_PLAIN
, "Handshake flooding");
322 rb_ssl_clear_handshake_count(conn
->mod_fd
);
327 conn_mod_write_sendq(rb_fde_t
*fd
, void *data
)
335 if(IsSSLWWantsR(conn
))
337 ClearSSLWWantsR(conn
);
338 conn_mod_read_cb(conn
->mod_fd
, conn
);
343 while((retlen
= rb_rawbuf_flush(conn
->modbuf_out
, fd
)) > 0)
344 conn
->mod_out
+= retlen
;
346 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
349 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
350 if(IsSSL(conn
) && retlen
== RB_RW_SSL_ERROR
)
351 err
= rb_get_ssl_strerror(conn
->mod_fd
);
353 err
= strerror(errno
);
354 close_conn(conn
, WAIT_PLAIN
, "Write error: %s", err
);
357 if(rb_rawbuf_length(conn
->modbuf_out
) > 0)
359 if(retlen
!= RB_RW_SSL_NEED_READ
)
360 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_write_sendq
, conn
);
363 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_write_sendq
, conn
);
364 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
369 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
371 if(IsCork(conn
) && rb_rawbuf_length(conn
->modbuf_out
) == 0)
374 conn_plain_read_cb(conn
->plain_fd
, conn
);
380 conn_mod_write(conn_t
* conn
, void *data
, size_t len
)
382 if(IsDead(conn
)) /* no point in queueing to a dead man */
384 rb_rawbuf_append(conn
->modbuf_out
, data
, len
);
388 conn_plain_write(conn_t
* conn
, void *data
, size_t len
)
390 if(IsDead(conn
)) /* again no point in queueing to dead men */
392 rb_rawbuf_append(conn
->plainbuf_out
, data
, len
);
396 mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
)
398 mod_ctl_buf_t
*ctl_buf
;
399 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
400 ctl_buf
->buf
= rb_malloc(len
);
401 ctl_buf
->buflen
= len
;
402 memcpy(ctl_buf
->buf
, data
, len
);
404 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->writeq
);
405 mod_write_ctl(ctl
->F
, ctl
);
410 common_zlib_deflate(conn_t
* conn
, void *buf
, size_t len
)
413 z_stream
*outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
414 outstream
->next_in
= buf
;
415 outstream
->avail_in
= len
;
416 outstream
->next_out
= (Bytef
*) outbuf
;
417 outstream
->avail_out
= sizeof(outbuf
);
419 ret
= deflate(outstream
, Z_SYNC_FLUSH
);
423 close_conn(conn
, WAIT_PLAIN
, "Deflate failed: %s", zError(ret
));
426 if(outstream
->avail_out
== 0)
428 /* avail_out empty */
429 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_out == 0");
432 if(outstream
->avail_in
!= 0)
434 /* avail_in isn't empty... */
435 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_in != 0");
438 have
= sizeof(outbuf
) - outstream
->avail_out
;
439 conn_mod_write(conn
, outbuf
, have
);
443 common_zlib_inflate(conn_t
* conn
, void *buf
, size_t len
)
446 ((zlib_stream_t
*) conn
->stream
)->instream
.next_in
= buf
;
447 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
= len
;
448 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
449 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
451 while(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
453 ret
= inflate(&((zlib_stream_t
*) conn
->stream
)->instream
, Z_NO_FLUSH
);
456 if(!strncmp("ERROR ", buf
, 6))
458 close_conn(conn
, WAIT_PLAIN
, "Received uncompressed ERROR");
461 close_conn(conn
, WAIT_PLAIN
, "Inflate failed: %s", zError(ret
));
464 have
= sizeof(outbuf
) - ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
;
466 if(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
468 conn_plain_write(conn
, outbuf
, have
);
470 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
471 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
477 conn_plain_write(conn
, outbuf
, have
);
482 plain_check_cork(conn_t
* conn
)
484 if(rb_rawbuf_length(conn
->modbuf_out
) >= 4096)
486 /* if we have over 4k pending outbound, don't read until
487 * we've cleared the queue */
489 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, NULL
, NULL
);
491 conn_mod_write_sendq(conn
->mod_fd
, conn
);
499 conn_plain_read_cb(rb_fde_t
*fd
, void *data
)
509 if(plain_check_cork(conn
))
517 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
519 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
521 close_conn(conn
, NO_WAIT
, NULL
);
527 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_cb
, conn
);
528 conn_mod_write_sendq(conn
->mod_fd
, conn
);
531 conn
->plain_in
+= length
;
535 common_zlib_deflate(conn
, inbuf
, length
);
538 conn_mod_write(conn
, inbuf
, length
);
541 if(plain_check_cork(conn
))
547 conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
)
557 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
559 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
561 rb_close(conn
->plain_fd
);
562 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
568 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
575 conn_mod_read_cb(rb_fde_t
*fd
, void *data
)
578 const char *err
= remote_closed
;
585 if(IsSSLRWantsW(conn
))
587 ClearSSLRWantsW(conn
);
588 conn_mod_write_sendq(conn
->mod_fd
, conn
);
598 length
= rb_read(conn
->mod_fd
, inbuf
, sizeof(inbuf
));
600 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
604 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
608 if(IsSSL(conn
) && length
== RB_RW_SSL_ERROR
)
609 err
= rb_get_ssl_strerror(conn
->mod_fd
);
611 err
= strerror(errno
);
612 close_conn(conn
, WAIT_PLAIN
, "Read error: %s", err
);
617 if(length
!= RB_RW_SSL_NEED_WRITE
)
618 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_read_cb
, conn
);
621 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, NULL
, NULL
);
622 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_read_cb
, conn
);
625 conn_plain_write_sendq(conn
->plain_fd
, conn
);
628 conn
->mod_in
+= length
;
631 common_zlib_inflate(conn
, inbuf
, length
);
634 conn_plain_write(conn
, inbuf
, length
);
639 conn_plain_write_sendq(rb_fde_t
*fd
, void *data
)
647 while((retlen
= rb_rawbuf_flush(conn
->plainbuf_out
, fd
)) > 0)
649 conn
->plain_out
+= retlen
;
651 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
653 close_conn(data
, NO_WAIT
, NULL
);
658 if(rb_rawbuf_length(conn
->plainbuf_out
) > 0)
659 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, conn_plain_write_sendq
, conn
);
661 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
667 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
670 if(!getrlimit(RLIMIT_NOFILE
, &limit
))
672 return limit
.rlim_cur
;
674 #endif /* RLIMIT_FD_MAX */
675 return MAXCONNECTIONS
;
679 ssl_process_accept_cb(rb_fde_t
*F
, int status
, struct sockaddr
*addr
, rb_socklen_t len
, void *data
)
682 char buf
[5 + RB_SSL_CERTFP_LEN
];
686 if(rb_get_ssl_certfp(F
, &buf
[5]))
689 int32_to_buf(&buf
[1], conn
->id
);
690 mod_cmd_write_queue(conn
->ctl
, buf
, sizeof buf
);
692 conn_mod_read_cb(conn
->mod_fd
, conn
);
693 conn_plain_read_cb(conn
->plain_fd
, conn
);
696 /* ircd doesn't care about the reason for this */
697 close_conn(conn
, NO_WAIT
, 0);
702 ssl_process_connect_cb(rb_fde_t
*F
, int status
, void *data
)
705 char buf
[5 + RB_SSL_CERTFP_LEN
];
709 if(rb_get_ssl_certfp(F
, &buf
[5]))
712 int32_to_buf(&buf
[1], conn
->id
);
713 mod_cmd_write_queue(conn
->ctl
, buf
, sizeof buf
);
715 conn_mod_read_cb(conn
->mod_fd
, conn
);
716 conn_plain_read_cb(conn
->plain_fd
, conn
);
718 else if(status
== RB_ERR_TIMEOUT
)
719 close_conn(conn
, WAIT_PLAIN
, "SSL handshake timed out");
720 else if(status
== RB_ERROR_SSL
)
721 close_conn(conn
, WAIT_PLAIN
, "%s", rb_get_ssl_strerror(conn
->mod_fd
));
723 close_conn(conn
, WAIT_PLAIN
, "SSL handshake failed");
728 cleanup_bad_message(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
732 /* XXX should log this somehow */
733 for (i
= 0; i
< ctlb
->nfds
; i
++)
734 rb_close(ctlb
->F
[i
]);
738 ssl_process_accept(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
743 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
745 id
= buf_to_int32(&ctlb
->buf
[1]);
748 conn_add_id_hash(conn
, id
);
751 if(rb_get_type(conn
->mod_fd
) & RB_FD_UNKNOWN
)
754 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
756 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
757 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
759 rb_ssl_start_accepted(ctlb
->F
[0], ssl_process_accept_cb
, conn
, 10);
763 ssl_process_connect(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
767 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
769 id
= buf_to_int32(&ctlb
->buf
[1]);
772 conn_add_id_hash(conn
, id
);
775 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
776 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
778 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
779 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
782 rb_ssl_start_connected(ctlb
->F
[0], ssl_process_connect_cb
, conn
, 10);
786 process_stats(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
793 id
= buf_to_int32(&ctlb
->buf
[1]);
798 odata
= &ctlb
->buf
[5];
799 conn
= conn_find_by_id(id
);
804 rb_snprintf(outstat
, sizeof(outstat
), "S %s %llu %llu %llu %llu", odata
,
805 conn
->plain_out
, conn
->mod_in
, conn
->plain_in
, conn
->mod_out
);
810 mod_cmd_write_queue(ctl
, outstat
, strlen(outstat
) + 1); /* +1 is so we send the \0 as well */
814 change_connid(mod_ctl_t
*ctl
, mod_ctl_buf_t
*ctlb
)
816 int32_t id
= buf_to_int32(&ctlb
->buf
[1]);
817 int32_t newid
= buf_to_int32(&ctlb
->buf
[5]);
818 conn_t
*conn
= conn_find_by_id(id
);
820 rb_dlinkDelete(&conn
->node
, connid_hash(conn
->id
));
827 zlib_process(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
831 size_t hdr
= (sizeof(uint8_t) * 2) + sizeof(int32_t);
833 z_stream
*instream
, *outstream
;
837 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
838 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
839 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
841 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
842 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
844 id
= buf_to_int32(&ctlb
->buf
[1]);
845 conn_add_id_hash(conn
, id
);
847 level
= (uint8_t)ctlb
->buf
[5];
849 recvqlen
= ctlb
->buflen
- hdr
;
850 recvq_start
= &ctlb
->buf
[6];
853 conn
->stream
= rb_malloc(sizeof(zlib_stream_t
));
854 instream
= &((zlib_stream_t
*) conn
->stream
)->instream
;
855 outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
857 instream
->total_in
= 0;
858 instream
->total_out
= 0;
859 instream
->zalloc
= (alloc_func
) ssld_alloc
;
860 instream
->zfree
= (free_func
) ssld_free
;
861 instream
->data_type
= Z_ASCII
;
862 inflateInit(&((zlib_stream_t
*) conn
->stream
)->instream
);
864 outstream
->total_in
= 0;
865 outstream
->total_out
= 0;
866 outstream
->zalloc
= (alloc_func
) ssld_alloc
;
867 outstream
->zfree
= (free_func
) ssld_free
;
868 outstream
->data_type
= Z_ASCII
;
871 level
= Z_DEFAULT_COMPRESSION
;
873 deflateInit(&((zlib_stream_t
*) conn
->stream
)->outstream
, level
);
875 common_zlib_inflate(conn
, recvq_start
, recvqlen
);
877 conn_mod_read_cb(conn
->mod_fd
, conn
);
878 conn_plain_read_cb(conn
->plain_fd
, conn
);
885 init_prng(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctl_buf
)
888 prng_seed_t seed_type
;
890 seed_type
= (prng_seed_t
) ctl_buf
->buf
[1];
891 path
= &ctl_buf
->buf
[2];
892 rb_init_prng(path
, seed_type
);
897 ssl_new_keys(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctl_buf
)
900 char *cert
, *key
, *dhparam
;
902 buf
= &ctl_buf
->buf
[2];
904 buf
+= strlen(cert
) + 1;
906 buf
+= strlen(key
) + 1;
908 if(strlen(dhparam
) == 0)
911 if(!rb_setup_ssl_server(cert
, key
, dhparam
))
913 const char *invalid
= "I";
914 mod_cmd_write_queue(ctl
, invalid
, strlen(invalid
));
920 send_nossl_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
922 static const char *nossl_cmd
= "N";
928 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
929 id
= buf_to_int32(&ctlb
->buf
[1]);
932 conn_add_id_hash(conn
, id
);
933 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no SSL/TLS support");
935 mod_cmd_write_queue(ctl
, nossl_cmd
, strlen(nossl_cmd
));
939 send_i_am_useless(mod_ctl_t
* ctl
)
941 static const char *useless
= "U";
942 mod_cmd_write_queue(ctl
, useless
, strlen(useless
));
946 send_nozlib_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
948 static const char *nozlib_cmd
= "z";
953 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
954 id
= buf_to_int32(&ctlb
->buf
[1]);
957 conn_add_id_hash(conn
, id
);
958 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no zlib support");
960 mod_cmd_write_queue(ctl
, nozlib_cmd
, strlen(nozlib_cmd
));
964 mod_process_cmd_recv(mod_ctl_t
* ctl
)
966 rb_dlink_node
*ptr
, *next
;
967 mod_ctl_buf_t
*ctl_buf
;
969 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->readq
.head
)
973 switch (*ctl_buf
->buf
)
977 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
979 cleanup_bad_message(ctl
, ctl_buf
);
985 send_nossl_support(ctl
, ctl_buf
);
988 ssl_process_accept(ctl
, ctl_buf
);
993 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
995 cleanup_bad_message(ctl
, ctl_buf
);
1001 send_nossl_support(ctl
, ctl_buf
);
1004 ssl_process_connect(ctl
, ctl_buf
);
1012 send_nossl_support(ctl
, ctl_buf
);
1015 ssl_new_keys(ctl
, ctl_buf
);
1019 init_prng(ctl
, ctl_buf
);
1023 process_stats(ctl
, ctl_buf
);
1028 change_connid(ctl
, ctl_buf
);
1035 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
< 6)
1037 cleanup_bad_message(ctl
, ctl_buf
);
1041 /* just zlib only */
1042 zlib_process(ctl
, ctl_buf
);
1048 send_nozlib_support(ctl
, ctl_buf
);
1054 /* Log unknown commands */
1056 rb_dlinkDelete(ptr
, &ctl
->readq
);
1057 rb_free(ctl_buf
->buf
);
1066 mod_read_ctl(rb_fde_t
*F
, void *data
)
1068 mod_ctl_buf_t
*ctl_buf
;
1069 mod_ctl_t
*ctl
= data
;
1075 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
1076 ctl_buf
->buf
= rb_malloc(READBUF_SIZE
);
1077 ctl_buf
->buflen
= READBUF_SIZE
;
1078 retlen
= rb_recv_fd_buf(ctl
->F
, ctl_buf
->buf
, ctl_buf
->buflen
, ctl_buf
->F
,
1082 rb_free(ctl_buf
->buf
);
1087 ctl_buf
->buflen
= retlen
;
1088 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->readq
);
1089 for (i
= 0; i
< MAXPASSFD
&& ctl_buf
->F
[i
] != NULL
; i
++)
1096 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1099 mod_process_cmd_recv(ctl
);
1100 rb_setselect(ctl
->F
, RB_SELECT_READ
, mod_read_ctl
, ctl
);
1104 mod_write_ctl(rb_fde_t
*F
, void *data
)
1106 mod_ctl_t
*ctl
= data
;
1107 mod_ctl_buf_t
*ctl_buf
;
1108 rb_dlink_node
*ptr
, *next
;
1111 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->writeq
.head
)
1113 ctl_buf
= ptr
->data
;
1114 retlen
= rb_send_fd_buf(ctl
->F
, ctl_buf
->F
, ctl_buf
->nfds
, ctl_buf
->buf
,
1115 ctl_buf
->buflen
, ppid
);
1118 rb_dlinkDelete(ptr
, &ctl
->writeq
);
1119 for(x
= 0; x
< ctl_buf
->nfds
; x
++)
1120 rb_close(ctl_buf
->F
[x
]);
1121 rb_free(ctl_buf
->buf
);
1125 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1129 if(rb_dlink_list_length(&ctl
->writeq
) > 0)
1130 rb_setselect(ctl
->F
, RB_SELECT_WRITE
, mod_write_ctl
, ctl
);
1135 read_pipe_ctl(rb_fde_t
*F
, void *data
)
1138 while((retlen
= rb_read(F
, inbuf
, sizeof(inbuf
))) > 0)
1140 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1142 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1144 rb_setselect(F
, RB_SELECT_READ
, read_pipe_ctl
, NULL
);
1149 main(int argc
, char **argv
)
1151 const char *s_ctlfd
, *s_pipe
, *s_pid
;
1152 int ctlfd
, pipefd
, x
, maxfd
;
1155 s_ctlfd
= getenv("CTL_FD");
1156 s_pipe
= getenv("CTL_PIPE");
1157 s_pid
= getenv("CTL_PPID");
1159 if(s_ctlfd
== NULL
|| s_pipe
== NULL
|| s_pid
== NULL
)
1162 "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n");
1164 "You get an Id tag for this: $Id$\n");
1165 fprintf(stderr
, "Have a nice life\n");
1169 ctlfd
= atoi(s_ctlfd
);
1170 pipefd
= atoi(s_pipe
);
1174 for(x
= 0; x
< maxfd
; x
++)
1176 if(x
!= ctlfd
&& x
!= pipefd
&& x
> 2)
1179 x
= open("/dev/null", O_RDWR
);
1183 if(ctlfd
!= 0 && pipefd
!= 0)
1185 if(ctlfd
!= 1 && pipefd
!= 1)
1187 if(ctlfd
!= 2 && pipefd
!= 2)
1194 rb_lib_init(NULL
, NULL
, NULL
, 0, maxfd
, 1024, 4096);
1195 rb_init_rawbuffers(1024);
1196 ssl_ok
= rb_supports_ssl();
1197 mod_ctl
= rb_malloc(sizeof(mod_ctl_t
));
1198 mod_ctl
->F
= rb_open(ctlfd
, RB_FD_SOCKET
, "ircd control socket");
1199 mod_ctl
->F_pipe
= rb_open(pipefd
, RB_FD_PIPE
, "ircd pipe");
1200 rb_set_nb(mod_ctl
->F
);
1201 rb_set_nb(mod_ctl
->F_pipe
);
1202 rb_event_addish("clean_dead_conns", clean_dead_conns
, NULL
, 10);
1203 rb_event_add("check_handshake_flood", check_handshake_flood
, NULL
, 10);
1204 read_pipe_ctl(mod_ctl
->F_pipe
, NULL
);
1205 mod_read_ctl(mod_ctl
->F
, mod_ctl
);
1206 if(!zlib_ok
&& !ssl_ok
)
1208 /* this is really useless... */
1209 send_i_am_useless(mod_ctl
);
1210 /* sleep until the ircd kills us */
1211 rb_sleep(2 << 30, 0);
1216 send_nozlib_support(mod_ctl
, NULL
);
1218 send_nossl_support(mod_ctl
, NULL
);
1226 dummy_handler(int sig
)
1236 struct sigaction act
;
1239 act
.sa_handler
= SIG_IGN
;
1240 sigemptyset(&act
.sa_mask
);
1241 sigaddset(&act
.sa_mask
, SIGPIPE
);
1242 sigaddset(&act
.sa_mask
, SIGALRM
);
1244 sigaddset(&act
.sa_mask
, SIGTRAP
);
1248 sigaddset(&act
.sa_mask
, SIGWINCH
);
1249 sigaction(SIGWINCH
, &act
, 0);
1251 sigaction(SIGPIPE
, &act
, 0);
1253 sigaction(SIGTRAP
, &act
, 0);
1256 act
.sa_handler
= dummy_handler
;
1257 sigaction(SIGALRM
, &act
, 0);