2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
33 #define READBUF_SIZE 16384
36 static void setup_signals(void);
39 static inline uint32_t
40 buf_to_uint32(uint8_t *buf
)
43 memcpy(&x
, buf
, sizeof(x
));
48 uint32_to_buf(uint8_t *buf
, uint32_t x
)
50 memcpy(buf
, &x
, sizeof(x
));
54 typedef struct _mod_ctl_buf
59 rb_fde_t
*F
[MAXPASSFD
];
63 typedef struct _mod_ctl
73 static mod_ctl_t
*mod_ctl
;
77 typedef struct _zlib_stream
88 rawbuf_head_t
*modbuf_out
;
89 rawbuf_head_t
*plainbuf_out
;
103 #define FLAG_SSL 0x01
104 #define FLAG_ZIP 0x02
105 #define FLAG_CORK 0x04
106 #define FLAG_DEAD 0x08
107 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
108 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
109 #define FLAG_ZIPSSL 0x40
111 #define IsSSL(x) ((x)->flags & FLAG_SSL)
112 #define IsZip(x) ((x)->flags & FLAG_ZIP)
113 #define IsCork(x) ((x)->flags & FLAG_CORK)
114 #define IsDead(x) ((x)->flags & FLAG_DEAD)
115 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
116 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
117 #define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
119 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
120 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
121 #define SetCork(x) ((x)->flags |= FLAG_CORK)
122 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
123 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
124 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
125 #define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
127 #define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
128 #define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
129 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
130 #define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
131 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
132 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
133 #define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
136 #define WAIT_PLAIN 0x1
138 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
139 #define HASH_WALK_END }
140 #define CONN_HASH_SIZE 2000
141 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
145 static rb_dlink_list connid_hash_table
[CONN_HASH_SIZE
];
146 static rb_dlink_list dead_list
;
148 static void conn_mod_read_cb(rb_fde_t
*fd
, void *data
);
149 static void conn_mod_write_sendq(rb_fde_t
*, void *data
);
150 static void conn_plain_write_sendq(rb_fde_t
*, void *data
);
151 static void mod_write_ctl(rb_fde_t
*, void *data
);
152 static void conn_plain_read_cb(rb_fde_t
*fd
, void *data
);
153 static void conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
);
154 static void mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
);
155 static const char *remote_closed
= "Remote host closed the connection";
157 static int certfp_method
= RB_SSL_CERTFP_METH_SHA1
;
159 static int zlib_ok
= 1;
161 static int zlib_ok
= 0;
167 ssld_alloc(void *unused
, size_t count
, size_t size
)
169 return rb_malloc(count
* size
);
173 ssld_free(void *unused
, void *ptr
)
180 conn_find_by_id(uint32_t id
)
185 RB_DLINK_FOREACH(ptr
, (connid_hash(id
))->head
)
188 if(conn
->id
== id
&& !IsDead(conn
))
195 conn_add_id_hash(conn_t
* conn
, uint32_t id
)
198 rb_dlinkAdd(conn
, &conn
->node
, connid_hash(id
));
202 free_conn(conn_t
* conn
)
204 rb_free_rawbuffer(conn
->modbuf_out
);
205 rb_free_rawbuffer(conn
->plainbuf_out
);
209 zlib_stream_t
*stream
= conn
->stream
;
210 inflateEnd(&stream
->instream
);
211 deflateEnd(&stream
->outstream
);
219 clean_dead_conns(void *unused
)
222 rb_dlink_node
*ptr
, *next
;
223 RB_DLINK_FOREACH_SAFE(ptr
, next
, dead_list
.head
)
228 dead_list
.tail
= dead_list
.head
= NULL
;
233 close_conn(conn_t
* conn
, int wait_plain
, const char *fmt
, ...)
236 char reason
[128]; /* must always be under 250 bytes */
242 rb_rawbuf_flush(conn
->modbuf_out
, conn
->mod_fd
);
243 rb_rawbuf_flush(conn
->plainbuf_out
, conn
->plain_fd
);
244 rb_close(conn
->mod_fd
);
248 rb_dlinkDelete(&conn
->node
, connid_hash(conn
->id
));
250 if(!wait_plain
|| fmt
== NULL
)
252 rb_close(conn
->plain_fd
);
253 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
256 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
257 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
259 vsnprintf(reason
, sizeof(reason
), fmt
, ap
);
263 uint32_to_buf(&buf
[1], conn
->id
);
264 rb_strlcpy((char *) &buf
[5], reason
, sizeof(buf
) - 5);
265 len
= (strlen(reason
) + 1) + 5;
266 mod_cmd_write_queue(conn
->ctl
, buf
, len
);
270 make_conn(mod_ctl_t
* ctl
, rb_fde_t
*mod_fd
, rb_fde_t
*plain_fd
)
272 conn_t
*conn
= rb_malloc(sizeof(conn_t
));
274 conn
->modbuf_out
= rb_new_rawbuffer();
275 conn
->plainbuf_out
= rb_new_rawbuffer();
276 conn
->mod_fd
= mod_fd
;
277 conn
->plain_fd
= plain_fd
;
286 check_handshake_flood(void *unused
)
289 rb_dlink_node
*ptr
, *next
;
292 HASH_WALK_SAFE(i
, CONN_HASH_SIZE
, ptr
, next
, connid_hash_table
)
298 count
= rb_ssl_handshake_count(conn
->mod_fd
);
299 /* nothing needs to do this more than twice in ten seconds i don't think */
301 close_conn(conn
, WAIT_PLAIN
, "Handshake flooding");
303 rb_ssl_clear_handshake_count(conn
->mod_fd
);
308 conn_mod_write_sendq(rb_fde_t
*fd
, void *data
)
316 if(IsSSLWWantsR(conn
))
318 ClearSSLWWantsR(conn
);
319 conn_mod_read_cb(conn
->mod_fd
, conn
);
324 while((retlen
= rb_rawbuf_flush(conn
->modbuf_out
, fd
)) > 0)
325 conn
->mod_out
+= retlen
;
327 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
330 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
331 if(IsSSL(conn
) && retlen
== RB_RW_SSL_ERROR
)
332 err
= rb_get_ssl_strerror(conn
->mod_fd
);
334 err
= strerror(errno
);
335 close_conn(conn
, WAIT_PLAIN
, "Write error: %s", err
);
338 if(rb_rawbuf_length(conn
->modbuf_out
) > 0)
340 if(retlen
!= RB_RW_SSL_NEED_READ
)
341 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_write_sendq
, conn
);
344 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_write_sendq
, conn
);
345 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
350 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
352 if(IsCork(conn
) && rb_rawbuf_length(conn
->modbuf_out
) == 0)
355 conn_plain_read_cb(conn
->plain_fd
, conn
);
361 conn_mod_write(conn_t
* conn
, void *data
, size_t len
)
363 if(IsDead(conn
)) /* no point in queueing to a dead man */
365 rb_rawbuf_append(conn
->modbuf_out
, data
, len
);
369 conn_plain_write(conn_t
* conn
, void *data
, size_t len
)
371 if(IsDead(conn
)) /* again no point in queueing to dead men */
373 rb_rawbuf_append(conn
->plainbuf_out
, data
, len
);
377 mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
)
379 mod_ctl_buf_t
*ctl_buf
;
380 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
381 ctl_buf
->buf
= rb_malloc(len
);
382 ctl_buf
->buflen
= len
;
383 memcpy(ctl_buf
->buf
, data
, len
);
385 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->writeq
);
386 mod_write_ctl(ctl
->F
, ctl
);
391 common_zlib_deflate(conn_t
* conn
, void *buf
, size_t len
)
393 char outbuf
[READBUF_SIZE
];
395 z_stream
*outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
396 outstream
->next_in
= buf
;
397 outstream
->avail_in
= len
;
398 outstream
->next_out
= (Bytef
*) outbuf
;
399 outstream
->avail_out
= sizeof(outbuf
);
401 ret
= deflate(outstream
, Z_SYNC_FLUSH
);
405 close_conn(conn
, WAIT_PLAIN
, "Deflate failed: %s", zError(ret
));
408 if(outstream
->avail_out
== 0)
410 /* avail_out empty */
411 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_out == 0");
414 if(outstream
->avail_in
!= 0)
416 /* avail_in isn't empty... */
417 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_in != 0");
420 have
= sizeof(outbuf
) - outstream
->avail_out
;
421 conn_mod_write(conn
, outbuf
, have
);
425 common_zlib_inflate(conn_t
* conn
, void *buf
, size_t len
)
427 char outbuf
[READBUF_SIZE
];
429 ((zlib_stream_t
*) conn
->stream
)->instream
.next_in
= buf
;
430 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
= len
;
431 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
432 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
434 while(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
436 ret
= inflate(&((zlib_stream_t
*) conn
->stream
)->instream
, Z_NO_FLUSH
);
439 if(!strncmp("ERROR ", buf
, 6))
441 close_conn(conn
, WAIT_PLAIN
, "Received uncompressed ERROR");
444 close_conn(conn
, WAIT_PLAIN
, "Inflate failed: %s", zError(ret
));
447 have
= sizeof(outbuf
) - ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
;
449 if(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
451 conn_plain_write(conn
, outbuf
, have
);
453 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
454 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
460 conn_plain_write(conn
, outbuf
, have
);
465 plain_check_cork(conn_t
* conn
)
467 if(rb_rawbuf_length(conn
->modbuf_out
) >= 4096)
469 /* if we have over 4k pending outbound, don't read until
470 * we've cleared the queue */
472 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, NULL
, NULL
);
474 conn_mod_write_sendq(conn
->mod_fd
, conn
);
482 conn_plain_read_cb(rb_fde_t
*fd
, void *data
)
484 char inbuf
[READBUF_SIZE
];
493 if(plain_check_cork(conn
))
501 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
503 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
505 close_conn(conn
, NO_WAIT
, NULL
);
511 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_cb
, conn
);
512 conn_mod_write_sendq(conn
->mod_fd
, conn
);
515 conn
->plain_in
+= length
;
519 common_zlib_deflate(conn
, inbuf
, length
);
522 conn_mod_write(conn
, inbuf
, length
);
525 if(plain_check_cork(conn
))
531 conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
)
533 char inbuf
[READBUF_SIZE
];
542 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
544 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
546 rb_close(conn
->plain_fd
);
547 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
553 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
560 conn_mod_read_cb(rb_fde_t
*fd
, void *data
)
562 char inbuf
[READBUF_SIZE
];
564 const char *err
= remote_closed
;
571 if(IsSSLRWantsW(conn
))
573 ClearSSLRWantsW(conn
);
574 conn_mod_write_sendq(conn
->mod_fd
, conn
);
584 length
= rb_read(conn
->mod_fd
, inbuf
, sizeof(inbuf
));
586 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
590 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
594 if(IsSSL(conn
) && length
== RB_RW_SSL_ERROR
)
595 err
= rb_get_ssl_strerror(conn
->mod_fd
);
597 err
= strerror(errno
);
598 close_conn(conn
, WAIT_PLAIN
, "Read error: %s", err
);
603 if(length
!= RB_RW_SSL_NEED_WRITE
)
604 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_read_cb
, conn
);
607 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, NULL
, NULL
);
608 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_read_cb
, conn
);
611 conn_plain_write_sendq(conn
->plain_fd
, conn
);
614 conn
->mod_in
+= length
;
617 common_zlib_inflate(conn
, inbuf
, length
);
620 conn_plain_write(conn
, inbuf
, length
);
625 conn_plain_write_sendq(rb_fde_t
*fd
, void *data
)
633 while((retlen
= rb_rawbuf_flush(conn
->plainbuf_out
, fd
)) > 0)
635 conn
->plain_out
+= retlen
;
637 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
639 close_conn(data
, NO_WAIT
, NULL
);
644 if(rb_rawbuf_length(conn
->plainbuf_out
) > 0)
645 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, conn_plain_write_sendq
, conn
);
647 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
653 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
656 if(!getrlimit(RLIMIT_NOFILE
, &limit
))
658 return limit
.rlim_cur
;
660 #endif /* RLIMIT_FD_MAX */
661 return MAXCONNECTIONS
;
665 ssl_send_cipher(conn_t
*conn
)
674 p
= rb_ssl_get_cipher(conn
->mod_fd
);
679 rb_strlcpy(cstring
, p
, sizeof(cstring
));
682 uint32_to_buf(&buf
[1], conn
->id
);
683 strcpy((char *) &buf
[5], cstring
);
684 len
= (strlen(cstring
) + 1) + 5;
685 mod_cmd_write_queue(conn
->ctl
, buf
, len
);
689 ssl_send_certfp(conn_t
*conn
)
691 uint8_t buf
[9 + RB_SSL_CERTFP_LEN
];
693 int len
= rb_get_ssl_certfp(conn
->mod_fd
, &buf
[9], certfp_method
);
697 lrb_assert(len
<= RB_SSL_CERTFP_LEN
);
699 uint32_to_buf(&buf
[1], conn
->id
);
700 uint32_to_buf(&buf
[5], len
);
701 mod_cmd_write_queue(conn
->ctl
, buf
, 9 + len
);
705 ssl_process_accept_cb(rb_fde_t
*F
, int status
, struct sockaddr
*addr
, rb_socklen_t len
, void *data
)
711 conn_mod_read_cb(conn
->mod_fd
, conn
);
712 conn_plain_read_cb(conn
->plain_fd
, conn
);
713 ssl_send_cipher(conn
);
714 ssl_send_certfp(conn
);
717 /* ircd doesn't care about the reason for this */
718 close_conn(conn
, NO_WAIT
, 0);
723 ssl_process_connect_cb(rb_fde_t
*F
, int status
, void *data
)
729 conn_mod_read_cb(conn
->mod_fd
, conn
);
730 conn_plain_read_cb(conn
->plain_fd
, conn
);
731 ssl_send_cipher(conn
);
732 ssl_send_certfp(conn
);
734 else if(status
== RB_ERR_TIMEOUT
)
735 close_conn(conn
, WAIT_PLAIN
, "SSL handshake timed out");
736 else if(status
== RB_ERROR_SSL
)
737 close_conn(conn
, WAIT_PLAIN
, "%s", rb_get_ssl_strerror(conn
->mod_fd
));
739 close_conn(conn
, WAIT_PLAIN
, "SSL handshake failed");
744 cleanup_bad_message(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
748 /* XXX should log this somehow */
749 for (i
= 0; i
< ctlb
->nfds
; i
++)
750 rb_close(ctlb
->F
[i
]);
754 ssl_process_accept(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
759 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
761 id
= buf_to_uint32(&ctlb
->buf
[1]);
762 conn_add_id_hash(conn
, id
);
765 if(rb_get_type(conn
->mod_fd
) & RB_FD_UNKNOWN
)
766 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
768 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
769 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
771 rb_ssl_start_accepted(ctlb
->F
[0], ssl_process_accept_cb
, conn
, 10);
775 ssl_change_certfp_method(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
777 certfp_method
= buf_to_uint32(&ctlb
->buf
[1]);
781 ssl_process_connect(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
785 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
787 id
= buf_to_uint32(&ctlb
->buf
[1]);
788 conn_add_id_hash(conn
, id
);
791 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
792 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
794 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
795 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
798 rb_ssl_start_connected(ctlb
->F
[0], ssl_process_connect_cb
, conn
, 10);
802 process_stats(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
809 id
= buf_to_uint32(&ctlb
->buf
[1]);
811 odata
= &ctlb
->buf
[5];
812 conn
= conn_find_by_id(id
);
817 snprintf(outstat
, sizeof(outstat
), "S %s %llu %llu %llu %llu", odata
,
818 conn
->plain_out
, conn
->mod_in
, conn
->plain_in
, conn
->mod_out
);
823 mod_cmd_write_queue(ctl
, outstat
, strlen(outstat
) + 1); /* +1 is so we send the \0 as well */
827 change_connid(mod_ctl_t
*ctl
, mod_ctl_buf_t
*ctlb
)
829 uint32_t id
= buf_to_uint32(&ctlb
->buf
[1]);
830 uint32_t newid
= buf_to_uint32(&ctlb
->buf
[5]);
831 conn_t
*conn
= conn_find_by_id(id
);
832 lrb_assert(conn
!= NULL
);
839 uint32_to_buf(&buf
[1], newid
);
840 sprintf(&buf
[5], "connid %d does not exist", id
);
841 len
= (strlen(&buf
[5]) + 1) + 5;
842 mod_cmd_write_queue(ctl
, buf
, len
);
846 rb_dlinkDelete(&conn
->node
, connid_hash(conn
->id
));
853 zlib_process(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
857 size_t hdr
= (sizeof(uint8_t) * 2) + sizeof(uint32_t);
859 z_stream
*instream
, *outstream
;
863 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
864 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
865 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
867 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
868 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
870 id
= buf_to_uint32(&ctlb
->buf
[1]);
871 conn_add_id_hash(conn
, id
);
873 level
= (uint8_t)ctlb
->buf
[5];
875 recvqlen
= ctlb
->buflen
- hdr
;
876 recvq_start
= &ctlb
->buf
[6];
879 conn
->stream
= rb_malloc(sizeof(zlib_stream_t
));
880 instream
= &((zlib_stream_t
*) conn
->stream
)->instream
;
881 outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
883 instream
->total_in
= 0;
884 instream
->total_out
= 0;
885 instream
->zalloc
= (alloc_func
) ssld_alloc
;
886 instream
->zfree
= (free_func
) ssld_free
;
887 instream
->data_type
= Z_ASCII
;
888 inflateInit(&((zlib_stream_t
*) conn
->stream
)->instream
);
890 outstream
->total_in
= 0;
891 outstream
->total_out
= 0;
892 outstream
->zalloc
= (alloc_func
) ssld_alloc
;
893 outstream
->zfree
= (free_func
) ssld_free
;
894 outstream
->data_type
= Z_ASCII
;
897 level
= (uint8_t) Z_DEFAULT_COMPRESSION
;
899 deflateInit(&((zlib_stream_t
*) conn
->stream
)->outstream
, level
);
901 common_zlib_inflate(conn
, recvq_start
, recvqlen
);
903 conn_mod_read_cb(conn
->mod_fd
, conn
);
904 conn_plain_read_cb(conn
->plain_fd
, conn
);
911 init_prng(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctl_buf
)
914 prng_seed_t seed_type
;
916 seed_type
= (prng_seed_t
) ctl_buf
->buf
[1];
917 path
= (char *) &ctl_buf
->buf
[2];
918 rb_init_prng(path
, seed_type
);
923 ssl_new_keys(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctl_buf
)
926 char *cert
, *key
, *dhparam
, *cipher_list
;
928 buf
= (char *) &ctl_buf
->buf
[2];
930 buf
+= strlen(cert
) + 1;
932 buf
+= strlen(key
) + 1;
934 if(strlen(dhparam
) == 0)
936 buf
+= strlen(dhparam
) + 1;
938 if(strlen(cipher_list
) == 0)
941 if(!rb_setup_ssl_server(cert
, key
, dhparam
, cipher_list
))
943 const char *invalid
= "I";
944 mod_cmd_write_queue(ctl
, invalid
, strlen(invalid
));
950 send_nossl_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
952 static const char *nossl_cmd
= "N";
958 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
959 id
= buf_to_uint32(&ctlb
->buf
[1]);
960 conn_add_id_hash(conn
, id
);
961 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no SSL/TLS support");
963 mod_cmd_write_queue(ctl
, nossl_cmd
, strlen(nossl_cmd
));
967 send_i_am_useless(mod_ctl_t
* ctl
)
969 static const char *useless
= "U";
970 mod_cmd_write_queue(ctl
, useless
, strlen(useless
));
974 send_nozlib_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
976 static const char *nozlib_cmd
= "z";
981 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
982 id
= buf_to_uint32(&ctlb
->buf
[1]);
983 conn_add_id_hash(conn
, id
);
984 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no zlib support");
986 mod_cmd_write_queue(ctl
, nozlib_cmd
, strlen(nozlib_cmd
));
990 mod_process_cmd_recv(mod_ctl_t
* ctl
)
992 rb_dlink_node
*ptr
, *next
;
993 mod_ctl_buf_t
*ctl_buf
;
995 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->readq
.head
)
999 switch (*ctl_buf
->buf
)
1003 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
1005 cleanup_bad_message(ctl
, ctl_buf
);
1011 send_nossl_support(ctl
, ctl_buf
);
1014 ssl_process_accept(ctl
, ctl_buf
);
1019 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
1021 cleanup_bad_message(ctl
, ctl_buf
);
1027 send_nossl_support(ctl
, ctl_buf
);
1030 ssl_process_connect(ctl
, ctl_buf
);
1035 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
1037 cleanup_bad_message(ctl
, ctl_buf
);
1040 ssl_change_certfp_method(ctl
, ctl_buf
);
1047 send_nossl_support(ctl
, ctl_buf
);
1050 ssl_new_keys(ctl
, ctl_buf
);
1054 init_prng(ctl
, ctl_buf
);
1058 process_stats(ctl
, ctl_buf
);
1063 change_connid(ctl
, ctl_buf
);
1070 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
< 6)
1072 cleanup_bad_message(ctl
, ctl_buf
);
1076 /* just zlib only */
1077 zlib_process(ctl
, ctl_buf
);
1083 send_nozlib_support(ctl
, ctl_buf
);
1089 /* Log unknown commands */
1091 rb_dlinkDelete(ptr
, &ctl
->readq
);
1092 rb_free(ctl_buf
->buf
);
1101 mod_read_ctl(rb_fde_t
*F
, void *data
)
1103 mod_ctl_buf_t
*ctl_buf
;
1104 mod_ctl_t
*ctl
= data
;
1110 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
1111 ctl_buf
->buf
= rb_malloc(READBUF_SIZE
);
1112 ctl_buf
->buflen
= READBUF_SIZE
;
1113 retlen
= rb_recv_fd_buf(ctl
->F
, ctl_buf
->buf
, ctl_buf
->buflen
, ctl_buf
->F
,
1117 rb_free(ctl_buf
->buf
);
1122 ctl_buf
->buflen
= retlen
;
1123 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->readq
);
1124 for (i
= 0; i
< MAXPASSFD
&& ctl_buf
->F
[i
] != NULL
; i
++)
1131 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1134 mod_process_cmd_recv(ctl
);
1135 rb_setselect(ctl
->F
, RB_SELECT_READ
, mod_read_ctl
, ctl
);
1139 mod_write_ctl(rb_fde_t
*F
, void *data
)
1141 mod_ctl_t
*ctl
= data
;
1142 mod_ctl_buf_t
*ctl_buf
;
1143 rb_dlink_node
*ptr
, *next
;
1146 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->writeq
.head
)
1148 ctl_buf
= ptr
->data
;
1149 retlen
= rb_send_fd_buf(ctl
->F
, ctl_buf
->F
, ctl_buf
->nfds
, ctl_buf
->buf
,
1150 ctl_buf
->buflen
, ppid
);
1153 rb_dlinkDelete(ptr
, &ctl
->writeq
);
1154 for(x
= 0; x
< ctl_buf
->nfds
; x
++)
1155 rb_close(ctl_buf
->F
[x
]);
1156 rb_free(ctl_buf
->buf
);
1160 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1164 if(rb_dlink_list_length(&ctl
->writeq
) > 0)
1165 rb_setselect(ctl
->F
, RB_SELECT_WRITE
, mod_write_ctl
, ctl
);
1170 read_pipe_ctl(rb_fde_t
*F
, void *data
)
1172 char inbuf
[READBUF_SIZE
];
1174 while((retlen
= rb_read(F
, inbuf
, sizeof(inbuf
))) > 0)
1176 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1178 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1180 rb_setselect(F
, RB_SELECT_READ
, read_pipe_ctl
, NULL
);
1185 main(int argc
, char **argv
)
1187 const char *s_ctlfd
, *s_pipe
, *s_pid
;
1188 int ctlfd
, pipefd
, x
, maxfd
;
1191 s_ctlfd
= getenv("CTL_FD");
1192 s_pipe
= getenv("CTL_PIPE");
1193 s_pid
= getenv("CTL_PPID");
1195 if(s_ctlfd
== NULL
|| s_pipe
== NULL
|| s_pid
== NULL
)
1198 "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n");
1200 "You get an Id tag for this: $Id$\n");
1201 fprintf(stderr
, "Have a nice life\n");
1205 ctlfd
= atoi(s_ctlfd
);
1206 pipefd
= atoi(s_pipe
);
1210 for(x
= 0; x
< maxfd
; x
++)
1212 if(x
!= ctlfd
&& x
!= pipefd
&& x
> 2)
1215 x
= open("/dev/null", O_RDWR
);
1219 if(ctlfd
!= 0 && pipefd
!= 0)
1221 if(ctlfd
!= 1 && pipefd
!= 1)
1223 if(ctlfd
!= 2 && pipefd
!= 2)
1230 rb_lib_init(NULL
, NULL
, NULL
, 0, maxfd
, 1024, 4096);
1231 rb_init_rawbuffers(1024);
1232 ssl_ok
= rb_supports_ssl();
1233 mod_ctl
= rb_malloc(sizeof(mod_ctl_t
));
1234 mod_ctl
->F
= rb_open(ctlfd
, RB_FD_SOCKET
, "ircd control socket");
1235 mod_ctl
->F_pipe
= rb_open(pipefd
, RB_FD_PIPE
, "ircd pipe");
1236 rb_set_nb(mod_ctl
->F
);
1237 rb_set_nb(mod_ctl
->F_pipe
);
1238 rb_event_addish("clean_dead_conns", clean_dead_conns
, NULL
, 10);
1239 rb_event_add("check_handshake_flood", check_handshake_flood
, NULL
, 10);
1240 read_pipe_ctl(mod_ctl
->F_pipe
, NULL
);
1241 mod_read_ctl(mod_ctl
->F
, mod_ctl
);
1242 if(!zlib_ok
&& !ssl_ok
)
1244 /* this is really useless... */
1245 send_i_am_useless(mod_ctl
);
1246 /* sleep until the ircd kills us */
1247 rb_sleep(2 << 30, 0);
1252 send_nozlib_support(mod_ctl
, NULL
);
1254 send_nossl_support(mod_ctl
, NULL
);
1262 dummy_handler(int sig
)
1272 struct sigaction act
;
1275 act
.sa_handler
= SIG_IGN
;
1276 sigemptyset(&act
.sa_mask
);
1277 sigaddset(&act
.sa_mask
, SIGPIPE
);
1278 sigaddset(&act
.sa_mask
, SIGALRM
);
1280 sigaddset(&act
.sa_mask
, SIGTRAP
);
1284 sigaddset(&act
.sa_mask
, SIGWINCH
);
1285 sigaction(SIGWINCH
, &act
, 0);
1287 sigaction(SIGPIPE
, &act
, 0);
1289 sigaction(SIGTRAP
, &act
, 0);
1292 act
.sa_handler
= dummy_handler
;
1293 sigaction(SIGALRM
, &act
, 0);