]> jfr.im git - solanum.git/blob - ssld/ssld.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ircd: implement EXTENDCHANS, based on ircd-seven (with some improvements from chatircd)
[solanum.git] / ssld / ssld.c
1 /*
2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 *
21 * $Id$
22 */
23
24
25 #include "stdinc.h"
26
27 #ifdef HAVE_LIBZ
28 #include <zlib.h>
29 #endif
30
31 #define MAXPASSFD 4
32 #ifndef READBUF_SIZE
33 #define READBUF_SIZE 16384
34 #endif
35
36 static void setup_signals(void);
37 static pid_t ppid;
38
39 static inline uint32_t
40 buf_to_uint32(uint8_t *buf)
41 {
42 uint32_t x;
43 memcpy(&x, buf, sizeof(x));
44 return x;
45 }
46
47 static inline void
48 uint32_to_buf(uint8_t *buf, uint32_t x)
49 {
50 memcpy(buf, &x, sizeof(x));
51 return;
52 }
53
54 typedef struct _mod_ctl_buf
55 {
56 rb_dlink_node node;
57 uint8_t *buf;
58 size_t buflen;
59 rb_fde_t *F[MAXPASSFD];
60 int nfds;
61 } mod_ctl_buf_t;
62
63 typedef struct _mod_ctl
64 {
65 rb_dlink_node node;
66 int cli_count;
67 rb_fde_t *F;
68 rb_fde_t *F_pipe;
69 rb_dlink_list readq;
70 rb_dlink_list writeq;
71 } mod_ctl_t;
72
73 static mod_ctl_t *mod_ctl;
74
75
76 #ifdef HAVE_LIBZ
77 typedef struct _zlib_stream
78 {
79 z_stream instream;
80 z_stream outstream;
81 } zlib_stream_t;
82 #endif
83
84 typedef struct _conn
85 {
86 rb_dlink_node node;
87 mod_ctl_t *ctl;
88 rawbuf_head_t *modbuf_out;
89 rawbuf_head_t *plainbuf_out;
90
91 uint32_t id;
92
93 rb_fde_t *mod_fd;
94 rb_fde_t *plain_fd;
95 uint64_t mod_out;
96 uint64_t mod_in;
97 uint64_t plain_in;
98 uint64_t plain_out;
99 uint8_t flags;
100 void *stream;
101 } conn_t;
102
103 #define FLAG_SSL 0x01
104 #define FLAG_ZIP 0x02
105 #define FLAG_CORK 0x04
106 #define FLAG_DEAD 0x08
107 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
108 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
109 #define FLAG_ZIPSSL 0x40
110
111 #define IsSSL(x) ((x)->flags & FLAG_SSL)
112 #define IsZip(x) ((x)->flags & FLAG_ZIP)
113 #define IsCork(x) ((x)->flags & FLAG_CORK)
114 #define IsDead(x) ((x)->flags & FLAG_DEAD)
115 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
116 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
117 #define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
118
119 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
120 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
121 #define SetCork(x) ((x)->flags |= FLAG_CORK)
122 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
123 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
124 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
125 #define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
126
127 #define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
128 #define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
129 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
130 #define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
131 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
132 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
133 #define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
134
135 #define NO_WAIT 0x0
136 #define WAIT_PLAIN 0x1
137
138 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
139 #define HASH_WALK_END }
140 #define CONN_HASH_SIZE 2000
141 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
142
143
144
145 static rb_dlink_list connid_hash_table[CONN_HASH_SIZE];
146 static rb_dlink_list dead_list;
147
148 static void conn_mod_read_cb(rb_fde_t *fd, void *data);
149 static void conn_mod_write_sendq(rb_fde_t *, void *data);
150 static void conn_plain_write_sendq(rb_fde_t *, void *data);
151 static void mod_write_ctl(rb_fde_t *, void *data);
152 static void conn_plain_read_cb(rb_fde_t *fd, void *data);
153 static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data);
154 static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len);
155 static const char *remote_closed = "Remote host closed the connection";
156 static int ssl_ok;
157 static int certfp_method = RB_SSL_CERTFP_METH_SHA1;
158 #ifdef HAVE_LIBZ
159 static int zlib_ok = 1;
160 #else
161 static int zlib_ok = 0;
162 #endif
163
164
165 #ifdef HAVE_LIBZ
166 static void *
167 ssld_alloc(void *unused, size_t count, size_t size)
168 {
169 return rb_malloc(count * size);
170 }
171
172 static void
173 ssld_free(void *unused, void *ptr)
174 {
175 rb_free(ptr);
176 }
177 #endif
178
179 static conn_t *
180 conn_find_by_id(uint32_t id)
181 {
182 rb_dlink_node *ptr;
183 conn_t *conn;
184
185 RB_DLINK_FOREACH(ptr, (connid_hash(id))->head)
186 {
187 conn = ptr->data;
188 if(conn->id == id && !IsDead(conn))
189 return conn;
190 }
191 return NULL;
192 }
193
194 static void
195 conn_add_id_hash(conn_t * conn, uint32_t id)
196 {
197 conn->id = id;
198 rb_dlinkAdd(conn, &conn->node, connid_hash(id));
199 }
200
201 static void
202 free_conn(conn_t * conn)
203 {
204 rb_free_rawbuffer(conn->modbuf_out);
205 rb_free_rawbuffer(conn->plainbuf_out);
206 #ifdef HAVE_LIBZ
207 if(IsZip(conn))
208 {
209 zlib_stream_t *stream = conn->stream;
210 inflateEnd(&stream->instream);
211 deflateEnd(&stream->outstream);
212 }
213 #endif
214 rb_free(conn);
215 }
216
217 static void
218 clean_dead_conns(void *unused)
219 {
220 conn_t *conn;
221 rb_dlink_node *ptr, *next;
222 RB_DLINK_FOREACH_SAFE(ptr, next, dead_list.head)
223 {
224 conn = ptr->data;
225 free_conn(conn);
226 }
227 dead_list.tail = dead_list.head = NULL;
228 }
229
230
231 static void
232 close_conn(conn_t * conn, int wait_plain, const char *fmt, ...)
233 {
234 va_list ap;
235 char reason[128]; /* must always be under 250 bytes */
236 uint8_t buf[256];
237 int len;
238 if(IsDead(conn))
239 return;
240
241 rb_rawbuf_flush(conn->modbuf_out, conn->mod_fd);
242 rb_rawbuf_flush(conn->plainbuf_out, conn->plain_fd);
243 rb_close(conn->mod_fd);
244 SetDead(conn);
245
246 if(!IsZipSSL(conn))
247 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
248
249 if(!wait_plain || fmt == NULL)
250 {
251 rb_close(conn->plain_fd);
252 rb_dlinkAdd(conn, &conn->node, &dead_list);
253 return;
254 }
255 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
256 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
257 va_start(ap, fmt);
258 rb_vsnprintf(reason, sizeof(reason), fmt, ap);
259 va_end(ap);
260
261 buf[0] = 'D';
262 uint32_to_buf(&buf[1], conn->id);
263 rb_strlcpy((char *) &buf[5], reason, sizeof(buf) - 5);
264 len = (strlen(reason) + 1) + 5;
265 mod_cmd_write_queue(conn->ctl, buf, len);
266 }
267
268 static conn_t *
269 make_conn(mod_ctl_t * ctl, rb_fde_t *mod_fd, rb_fde_t *plain_fd)
270 {
271 conn_t *conn = rb_malloc(sizeof(conn_t));
272 conn->ctl = ctl;
273 conn->modbuf_out = rb_new_rawbuffer();
274 conn->plainbuf_out = rb_new_rawbuffer();
275 conn->mod_fd = mod_fd;
276 conn->plain_fd = plain_fd;
277 conn->id = -1;
278 conn->stream = NULL;
279 rb_set_nb(mod_fd);
280 rb_set_nb(plain_fd);
281 return conn;
282 }
283
284 static void
285 check_handshake_flood(void *unused)
286 {
287 conn_t *conn;
288 rb_dlink_node *ptr, *next;
289 unsigned int count;
290 int i;
291 HASH_WALK_SAFE(i, CONN_HASH_SIZE, ptr, next, connid_hash_table)
292 {
293 conn = ptr->data;
294 if(!IsSSL(conn))
295 continue;
296
297 count = rb_ssl_handshake_count(conn->mod_fd);
298 /* nothing needs to do this more than twice in ten seconds i don't think */
299 if(count > 2)
300 close_conn(conn, WAIT_PLAIN, "Handshake flooding");
301 else
302 rb_ssl_clear_handshake_count(conn->mod_fd);
303 }
304 HASH_WALK_END}
305
306 static void
307 conn_mod_write_sendq(rb_fde_t *fd, void *data)
308 {
309 conn_t *conn = data;
310 const char *err;
311 int retlen;
312 if(IsDead(conn))
313 return;
314
315 if(IsSSLWWantsR(conn))
316 {
317 ClearSSLWWantsR(conn);
318 conn_mod_read_cb(conn->mod_fd, conn);
319 if(IsDead(conn))
320 return;
321 }
322
323 while((retlen = rb_rawbuf_flush(conn->modbuf_out, fd)) > 0)
324 conn->mod_out += retlen;
325
326 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
327 {
328 if(retlen == 0)
329 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
330 if(IsSSL(conn) && retlen == RB_RW_SSL_ERROR)
331 err = rb_get_ssl_strerror(conn->mod_fd);
332 else
333 err = strerror(errno);
334 close_conn(conn, WAIT_PLAIN, "Write error: %s", err);
335 return;
336 }
337 if(rb_rawbuf_length(conn->modbuf_out) > 0)
338 {
339 if(retlen != RB_RW_SSL_NEED_READ)
340 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_write_sendq, conn);
341 else
342 {
343 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_write_sendq, conn);
344 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
345 SetSSLWWantsR(conn);
346 }
347 }
348 else
349 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
350
351 if(IsCork(conn) && rb_rawbuf_length(conn->modbuf_out) == 0)
352 {
353 ClearCork(conn);
354 conn_plain_read_cb(conn->plain_fd, conn);
355 }
356
357 }
358
359 static void
360 conn_mod_write(conn_t * conn, void *data, size_t len)
361 {
362 if(IsDead(conn)) /* no point in queueing to a dead man */
363 return;
364 rb_rawbuf_append(conn->modbuf_out, data, len);
365 }
366
367 static void
368 conn_plain_write(conn_t * conn, void *data, size_t len)
369 {
370 if(IsDead(conn)) /* again no point in queueing to dead men */
371 return;
372 rb_rawbuf_append(conn->plainbuf_out, data, len);
373 }
374
375 static void
376 mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len)
377 {
378 mod_ctl_buf_t *ctl_buf;
379 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
380 ctl_buf->buf = rb_malloc(len);
381 ctl_buf->buflen = len;
382 memcpy(ctl_buf->buf, data, len);
383 ctl_buf->nfds = 0;
384 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->writeq);
385 mod_write_ctl(ctl->F, ctl);
386 }
387
388 #ifdef HAVE_LIBZ
389 static void
390 common_zlib_deflate(conn_t * conn, void *buf, size_t len)
391 {
392 char outbuf[READBUF_SIZE];
393 int ret, have;
394 z_stream *outstream = &((zlib_stream_t *) conn->stream)->outstream;
395 outstream->next_in = buf;
396 outstream->avail_in = len;
397 outstream->next_out = (Bytef *) outbuf;
398 outstream->avail_out = sizeof(outbuf);
399
400 ret = deflate(outstream, Z_SYNC_FLUSH);
401 if(ret != Z_OK)
402 {
403 /* deflate error */
404 close_conn(conn, WAIT_PLAIN, "Deflate failed: %s", zError(ret));
405 return;
406 }
407 if(outstream->avail_out == 0)
408 {
409 /* avail_out empty */
410 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_out == 0");
411 return;
412 }
413 if(outstream->avail_in != 0)
414 {
415 /* avail_in isn't empty... */
416 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_in != 0");
417 return;
418 }
419 have = sizeof(outbuf) - outstream->avail_out;
420 conn_mod_write(conn, outbuf, have);
421 }
422
423 static void
424 common_zlib_inflate(conn_t * conn, void *buf, size_t len)
425 {
426 char outbuf[READBUF_SIZE];
427 int ret, have = 0;
428 ((zlib_stream_t *) conn->stream)->instream.next_in = buf;
429 ((zlib_stream_t *) conn->stream)->instream.avail_in = len;
430 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
431 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
432
433 while(((zlib_stream_t *) conn->stream)->instream.avail_in)
434 {
435 ret = inflate(&((zlib_stream_t *) conn->stream)->instream, Z_NO_FLUSH);
436 if(ret != Z_OK)
437 {
438 if(!strncmp("ERROR ", buf, 6))
439 {
440 close_conn(conn, WAIT_PLAIN, "Received uncompressed ERROR");
441 return;
442 }
443 close_conn(conn, WAIT_PLAIN, "Inflate failed: %s", zError(ret));
444 return;
445 }
446 have = sizeof(outbuf) - ((zlib_stream_t *) conn->stream)->instream.avail_out;
447
448 if(((zlib_stream_t *) conn->stream)->instream.avail_in)
449 {
450 conn_plain_write(conn, outbuf, have);
451 have = 0;
452 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
453 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
454 }
455 }
456 if(have == 0)
457 return;
458
459 conn_plain_write(conn, outbuf, have);
460 }
461 #endif
462
463 static int
464 plain_check_cork(conn_t * conn)
465 {
466 if(rb_rawbuf_length(conn->modbuf_out) >= 4096)
467 {
468 /* if we have over 4k pending outbound, don't read until
469 * we've cleared the queue */
470 SetCork(conn);
471 rb_setselect(conn->plain_fd, RB_SELECT_READ, NULL, NULL);
472 /* try to write */
473 conn_mod_write_sendq(conn->mod_fd, conn);
474 return 1;
475 }
476 return 0;
477 }
478
479
480 static void
481 conn_plain_read_cb(rb_fde_t *fd, void *data)
482 {
483 char inbuf[READBUF_SIZE];
484 conn_t *conn = data;
485 int length = 0;
486 if(conn == NULL)
487 return;
488
489 if(IsDead(conn))
490 return;
491
492 if(plain_check_cork(conn))
493 return;
494
495 while(1)
496 {
497 if(IsDead(conn))
498 return;
499
500 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
501
502 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
503 {
504 close_conn(conn, NO_WAIT, NULL);
505 return;
506 }
507
508 if(length < 0)
509 {
510 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_cb, conn);
511 conn_mod_write_sendq(conn->mod_fd, conn);
512 return;
513 }
514 conn->plain_in += length;
515
516 #ifdef HAVE_LIBZ
517 if(IsZip(conn))
518 common_zlib_deflate(conn, inbuf, length);
519 else
520 #endif
521 conn_mod_write(conn, inbuf, length);
522 if(IsDead(conn))
523 return;
524 if(plain_check_cork(conn))
525 return;
526 }
527 }
528
529 static void
530 conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data)
531 {
532 char inbuf[READBUF_SIZE];
533 conn_t *conn = data;
534 int length = 0;
535
536 if(conn == NULL)
537 return;
538
539 while(1)
540 {
541 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
542
543 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
544 {
545 rb_close(conn->plain_fd);
546 rb_dlinkAdd(conn, &conn->node, &dead_list);
547 return;
548 }
549
550 if(length < 0)
551 {
552 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
553 return;
554 }
555 }
556 }
557
558 static void
559 conn_mod_read_cb(rb_fde_t *fd, void *data)
560 {
561 char inbuf[READBUF_SIZE];
562 conn_t *conn = data;
563 const char *err = remote_closed;
564 int length;
565 if(conn == NULL)
566 return;
567 if(IsDead(conn))
568 return;
569
570 if(IsSSLRWantsW(conn))
571 {
572 ClearSSLRWantsW(conn);
573 conn_mod_write_sendq(conn->mod_fd, conn);
574 if(IsDead(conn))
575 return;
576 }
577
578 while(1)
579 {
580 if(IsDead(conn))
581 return;
582
583 length = rb_read(conn->mod_fd, inbuf, sizeof(inbuf));
584
585 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
586 {
587 if(length == 0)
588 {
589 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
590 return;
591 }
592
593 if(IsSSL(conn) && length == RB_RW_SSL_ERROR)
594 err = rb_get_ssl_strerror(conn->mod_fd);
595 else
596 err = strerror(errno);
597 close_conn(conn, WAIT_PLAIN, "Read error: %s", err);
598 return;
599 }
600 if(length < 0)
601 {
602 if(length != RB_RW_SSL_NEED_WRITE)
603 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_read_cb, conn);
604 else
605 {
606 rb_setselect(conn->mod_fd, RB_SELECT_READ, NULL, NULL);
607 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_read_cb, conn);
608 SetSSLRWantsW(conn);
609 }
610 conn_plain_write_sendq(conn->plain_fd, conn);
611 return;
612 }
613 conn->mod_in += length;
614 #ifdef HAVE_LIBZ
615 if(IsZip(conn))
616 common_zlib_inflate(conn, inbuf, length);
617 else
618 #endif
619 conn_plain_write(conn, inbuf, length);
620 }
621 }
622
623 static void
624 conn_plain_write_sendq(rb_fde_t *fd, void *data)
625 {
626 conn_t *conn = data;
627 int retlen;
628
629 if(IsDead(conn))
630 return;
631
632 while((retlen = rb_rawbuf_flush(conn->plainbuf_out, fd)) > 0)
633 {
634 conn->plain_out += retlen;
635 }
636 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
637 {
638 close_conn(data, NO_WAIT, NULL);
639 return;
640 }
641
642
643 if(rb_rawbuf_length(conn->plainbuf_out) > 0)
644 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, conn_plain_write_sendq, conn);
645 else
646 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
647 }
648
649 static int
650 maxconn(void)
651 {
652 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
653 struct rlimit limit;
654
655 if(!getrlimit(RLIMIT_NOFILE, &limit))
656 {
657 return limit.rlim_cur;
658 }
659 #endif /* RLIMIT_FD_MAX */
660 return MAXCONNECTIONS;
661 }
662
663 static void
664 ssl_send_cipher(conn_t *conn)
665 {
666 size_t len;
667 uint8_t buf[512];
668 char cstring[256];
669 const char *p;
670 if(!IsSSL(conn))
671 return;
672
673 p = rb_ssl_get_cipher(conn->mod_fd);
674
675 if(p == NULL)
676 return;
677
678 rb_strlcpy(cstring, p, sizeof(cstring));
679
680 buf[0] = 'C';
681 uint32_to_buf(&buf[1], conn->id);
682 strcpy((char *) &buf[5], cstring);
683 len = (strlen(cstring) + 1) + 5;
684 mod_cmd_write_queue(conn->ctl, buf, len);
685 }
686
687 static void
688 ssl_send_certfp(conn_t *conn)
689 {
690 uint8_t buf[9 + RB_SSL_CERTFP_LEN];
691
692 int len = rb_get_ssl_certfp(conn->mod_fd, &buf[9], certfp_method);
693 if (!len)
694 return;
695
696 lrb_assert(len <= RB_SSL_CERTFP_LEN);
697 buf[0] = 'F';
698 uint32_to_buf(&buf[1], conn->id);
699 uint32_to_buf(&buf[5], len);
700 mod_cmd_write_queue(conn->ctl, buf, 9 + len);
701 }
702
703 static void
704 ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
705 {
706 conn_t *conn = data;
707
708 if(status == RB_OK)
709 {
710 conn_mod_read_cb(conn->mod_fd, conn);
711 conn_plain_read_cb(conn->plain_fd, conn);
712 ssl_send_cipher(conn);
713 ssl_send_certfp(conn);
714 return;
715 }
716 /* ircd doesn't care about the reason for this */
717 close_conn(conn, NO_WAIT, 0);
718 return;
719 }
720
721 static void
722 ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
723 {
724 conn_t *conn = data;
725
726 if(status == RB_OK)
727 {
728 conn_mod_read_cb(conn->mod_fd, conn);
729 conn_plain_read_cb(conn->plain_fd, conn);
730 ssl_send_cipher(conn);
731 ssl_send_certfp(conn);
732 }
733 else if(status == RB_ERR_TIMEOUT)
734 close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
735 else if(status == RB_ERROR_SSL)
736 close_conn(conn, WAIT_PLAIN, "%s", rb_get_ssl_strerror(conn->mod_fd));
737 else
738 close_conn(conn, WAIT_PLAIN, "SSL handshake failed");
739 }
740
741
742 static void
743 cleanup_bad_message(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
744 {
745 int i;
746
747 /* XXX should log this somehow */
748 for (i = 0; i < ctlb->nfds; i++)
749 rb_close(ctlb->F[i]);
750 }
751
752 static void
753 ssl_process_accept(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
754 {
755 conn_t *conn;
756 uint32_t id;
757
758 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
759
760 id = buf_to_uint32(&ctlb->buf[1]);
761 conn_add_id_hash(conn, id);
762 SetSSL(conn);
763
764 if(rb_get_type(conn->mod_fd) & RB_FD_UNKNOWN)
765 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
766
767 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
768 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
769
770 rb_ssl_start_accepted(ctlb->F[0], ssl_process_accept_cb, conn, 10);
771 }
772
773 static void
774 ssl_change_certfp_method(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
775 {
776 certfp_method = buf_to_uint32(&ctlb->buf[1]);
777 }
778
779 static void
780 ssl_process_connect(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
781 {
782 conn_t *conn;
783 uint32_t id;
784 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
785
786 id = buf_to_uint32(&ctlb->buf[1]);
787 conn_add_id_hash(conn, id);
788 SetSSL(conn);
789
790 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
791 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
792
793 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
794 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
795
796
797 rb_ssl_start_connected(ctlb->F[0], ssl_process_connect_cb, conn, 10);
798 }
799
800 static void
801 process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
802 {
803 char outstat[512];
804 conn_t *conn;
805 uint8_t *odata;
806 uint32_t id;
807
808 id = buf_to_uint32(&ctlb->buf[1]);
809
810 odata = &ctlb->buf[5];
811 conn = conn_find_by_id(id);
812
813 if(conn == NULL)
814 return;
815
816 rb_snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata,
817 conn->plain_out, conn->mod_in, conn->plain_in, conn->mod_out);
818 conn->plain_out = 0;
819 conn->plain_in = 0;
820 conn->mod_in = 0;
821 conn->mod_out = 0;
822 mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */
823 }
824
825 static void
826 change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
827 {
828 uint32_t id = buf_to_uint32(&ctlb->buf[1]);
829 uint32_t newid = buf_to_uint32(&ctlb->buf[5]);
830 conn_t *conn = conn_find_by_id(id);
831 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
832 SetZipSSL(conn);
833 conn->id = newid;
834 }
835
836 #ifdef HAVE_LIBZ
837 static void
838 zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
839 {
840 uint8_t level;
841 size_t recvqlen;
842 size_t hdr = (sizeof(uint8_t) * 2) + sizeof(uint32_t);
843 void *recvq_start;
844 z_stream *instream, *outstream;
845 conn_t *conn;
846 uint32_t id;
847
848 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
849 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
850 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
851
852 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
853 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
854
855 id = buf_to_uint32(&ctlb->buf[1]);
856 conn_add_id_hash(conn, id);
857
858 level = (uint8_t)ctlb->buf[5];
859
860 recvqlen = ctlb->buflen - hdr;
861 recvq_start = &ctlb->buf[6];
862
863 SetZip(conn);
864 conn->stream = rb_malloc(sizeof(zlib_stream_t));
865 instream = &((zlib_stream_t *) conn->stream)->instream;
866 outstream = &((zlib_stream_t *) conn->stream)->outstream;
867
868 instream->total_in = 0;
869 instream->total_out = 0;
870 instream->zalloc = (alloc_func) ssld_alloc;
871 instream->zfree = (free_func) ssld_free;
872 instream->data_type = Z_ASCII;
873 inflateInit(&((zlib_stream_t *) conn->stream)->instream);
874
875 outstream->total_in = 0;
876 outstream->total_out = 0;
877 outstream->zalloc = (alloc_func) ssld_alloc;
878 outstream->zfree = (free_func) ssld_free;
879 outstream->data_type = Z_ASCII;
880
881 if(level > 9)
882 level = (uint8_t) Z_DEFAULT_COMPRESSION;
883
884 deflateInit(&((zlib_stream_t *) conn->stream)->outstream, level);
885 if(recvqlen > 0)
886 common_zlib_inflate(conn, recvq_start, recvqlen);
887
888 conn_mod_read_cb(conn->mod_fd, conn);
889 conn_plain_read_cb(conn->plain_fd, conn);
890 return;
891
892 }
893 #endif
894
895 static void
896 init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
897 {
898 char *path;
899 prng_seed_t seed_type;
900
901 seed_type = (prng_seed_t) ctl_buf->buf[1];
902 path = (char *) &ctl_buf->buf[2];
903 rb_init_prng(path, seed_type);
904 }
905
906
907 static void
908 ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
909 {
910 char *buf;
911 char *cert, *key, *dhparam, *cipher_list;
912
913 buf = (char *) &ctl_buf->buf[2];
914 cert = buf;
915 buf += strlen(cert) + 1;
916 key = buf;
917 buf += strlen(key) + 1;
918 dhparam = buf;
919 if(strlen(dhparam) == 0)
920 dhparam = NULL;
921 buf += strlen(dhparam) + 1;
922 cipher_list = buf;
923 if(strlen(cipher_list) == 0)
924 cipher_list = NULL;
925
926 if(!rb_setup_ssl_server(cert, key, dhparam, cipher_list))
927 {
928 const char *invalid = "I";
929 mod_cmd_write_queue(ctl, invalid, strlen(invalid));
930 return;
931 }
932 }
933
934 static void
935 send_nossl_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
936 {
937 static const char *nossl_cmd = "N";
938 conn_t *conn;
939 uint32_t id;
940
941 if(ctlb != NULL)
942 {
943 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
944 id = buf_to_uint32(&ctlb->buf[1]);
945 conn_add_id_hash(conn, id);
946 close_conn(conn, WAIT_PLAIN, "libratbox reports no SSL/TLS support");
947 }
948 mod_cmd_write_queue(ctl, nossl_cmd, strlen(nossl_cmd));
949 }
950
951 static void
952 send_i_am_useless(mod_ctl_t * ctl)
953 {
954 static const char *useless = "U";
955 mod_cmd_write_queue(ctl, useless, strlen(useless));
956 }
957
958 static void
959 send_nozlib_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
960 {
961 static const char *nozlib_cmd = "z";
962 conn_t *conn;
963 uint32_t id;
964 if(ctlb != NULL)
965 {
966 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
967 id = buf_to_uint32(&ctlb->buf[1]);
968 conn_add_id_hash(conn, id);
969 close_conn(conn, WAIT_PLAIN, "libratbox reports no zlib support");
970 }
971 mod_cmd_write_queue(ctl, nozlib_cmd, strlen(nozlib_cmd));
972 }
973
974 static void
975 mod_process_cmd_recv(mod_ctl_t * ctl)
976 {
977 rb_dlink_node *ptr, *next;
978 mod_ctl_buf_t *ctl_buf;
979
980 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->readq.head)
981 {
982 ctl_buf = ptr->data;
983
984 switch (*ctl_buf->buf)
985 {
986 case 'A':
987 {
988 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
989 {
990 cleanup_bad_message(ctl, ctl_buf);
991 break;
992 }
993
994 if(!ssl_ok)
995 {
996 send_nossl_support(ctl, ctl_buf);
997 break;
998 }
999 ssl_process_accept(ctl, ctl_buf);
1000 break;
1001 }
1002 case 'C':
1003 {
1004 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
1005 {
1006 cleanup_bad_message(ctl, ctl_buf);
1007 break;
1008 }
1009
1010 if(!ssl_ok)
1011 {
1012 send_nossl_support(ctl, ctl_buf);
1013 break;
1014 }
1015 ssl_process_connect(ctl, ctl_buf);
1016 break;
1017 }
1018 case 'F':
1019 {
1020 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
1021 {
1022 cleanup_bad_message(ctl, ctl_buf);
1023 break;
1024 }
1025 ssl_change_certfp_method(ctl, ctl_buf);
1026 break;
1027 }
1028 case 'K':
1029 {
1030 if(!ssl_ok)
1031 {
1032 send_nossl_support(ctl, ctl_buf);
1033 break;
1034 }
1035 ssl_new_keys(ctl, ctl_buf);
1036 break;
1037 }
1038 case 'I':
1039 init_prng(ctl, ctl_buf);
1040 break;
1041 case 'S':
1042 {
1043 process_stats(ctl, ctl_buf);
1044 break;
1045 }
1046 case 'Y':
1047 {
1048 change_connid(ctl, ctl_buf);
1049 break;
1050 }
1051
1052 #ifdef HAVE_LIBZ
1053 case 'Z':
1054 {
1055 if (ctl_buf->nfds != 2 || ctl_buf->buflen < 6)
1056 {
1057 cleanup_bad_message(ctl, ctl_buf);
1058 break;
1059 }
1060
1061 /* just zlib only */
1062 zlib_process(ctl, ctl_buf);
1063 break;
1064 }
1065 #else
1066
1067 case 'Z':
1068 send_nozlib_support(ctl, ctl_buf);
1069 break;
1070
1071 #endif
1072 default:
1073 break;
1074 /* Log unknown commands */
1075 }
1076 rb_dlinkDelete(ptr, &ctl->readq);
1077 rb_free(ctl_buf->buf);
1078 rb_free(ctl_buf);
1079 }
1080
1081 }
1082
1083
1084
1085 static void
1086 mod_read_ctl(rb_fde_t *F, void *data)
1087 {
1088 mod_ctl_buf_t *ctl_buf;
1089 mod_ctl_t *ctl = data;
1090 int retlen;
1091 int i;
1092
1093 do
1094 {
1095 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
1096 ctl_buf->buf = rb_malloc(READBUF_SIZE);
1097 ctl_buf->buflen = READBUF_SIZE;
1098 retlen = rb_recv_fd_buf(ctl->F, ctl_buf->buf, ctl_buf->buflen, ctl_buf->F,
1099 MAXPASSFD);
1100 if(retlen <= 0)
1101 {
1102 rb_free(ctl_buf->buf);
1103 rb_free(ctl_buf);
1104 }
1105 else
1106 {
1107 ctl_buf->buflen = retlen;
1108 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->readq);
1109 for (i = 0; i < MAXPASSFD && ctl_buf->F[i] != NULL; i++)
1110 ;
1111 ctl_buf->nfds = i;
1112 }
1113 }
1114 while(retlen > 0);
1115
1116 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1117 exit(0);
1118
1119 mod_process_cmd_recv(ctl);
1120 rb_setselect(ctl->F, RB_SELECT_READ, mod_read_ctl, ctl);
1121 }
1122
1123 static void
1124 mod_write_ctl(rb_fde_t *F, void *data)
1125 {
1126 mod_ctl_t *ctl = data;
1127 mod_ctl_buf_t *ctl_buf;
1128 rb_dlink_node *ptr, *next;
1129 int retlen, x;
1130
1131 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->writeq.head)
1132 {
1133 ctl_buf = ptr->data;
1134 retlen = rb_send_fd_buf(ctl->F, ctl_buf->F, ctl_buf->nfds, ctl_buf->buf,
1135 ctl_buf->buflen, ppid);
1136 if(retlen > 0)
1137 {
1138 rb_dlinkDelete(ptr, &ctl->writeq);
1139 for(x = 0; x < ctl_buf->nfds; x++)
1140 rb_close(ctl_buf->F[x]);
1141 rb_free(ctl_buf->buf);
1142 rb_free(ctl_buf);
1143
1144 }
1145 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1146 exit(0);
1147
1148 }
1149 if(rb_dlink_list_length(&ctl->writeq) > 0)
1150 rb_setselect(ctl->F, RB_SELECT_WRITE, mod_write_ctl, ctl);
1151 }
1152
1153
1154 static void
1155 read_pipe_ctl(rb_fde_t *F, void *data)
1156 {
1157 char inbuf[READBUF_SIZE];
1158 int retlen;
1159 while((retlen = rb_read(F, inbuf, sizeof(inbuf))) > 0)
1160 {
1161 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1162 }
1163 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1164 exit(0);
1165 rb_setselect(F, RB_SELECT_READ, read_pipe_ctl, NULL);
1166
1167 }
1168
1169 int
1170 main(int argc, char **argv)
1171 {
1172 const char *s_ctlfd, *s_pipe, *s_pid;
1173 int ctlfd, pipefd, x, maxfd;
1174 maxfd = maxconn();
1175
1176 s_ctlfd = getenv("CTL_FD");
1177 s_pipe = getenv("CTL_PIPE");
1178 s_pid = getenv("CTL_PPID");
1179
1180 if(s_ctlfd == NULL || s_pipe == NULL || s_pid == NULL)
1181 {
1182 fprintf(stderr,
1183 "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n");
1184 fprintf(stderr,
1185 "You get an Id tag for this: $Id$\n");
1186 fprintf(stderr, "Have a nice life\n");
1187 exit(1);
1188 }
1189
1190 ctlfd = atoi(s_ctlfd);
1191 pipefd = atoi(s_pipe);
1192 ppid = atoi(s_pid);
1193 x = 0;
1194 #ifndef _WIN32
1195 for(x = 0; x < maxfd; x++)
1196 {
1197 if(x != ctlfd && x != pipefd && x > 2)
1198 close(x);
1199 }
1200 x = open("/dev/null", O_RDWR);
1201
1202 if(x >= 0)
1203 {
1204 if(ctlfd != 0 && pipefd != 0)
1205 dup2(x, 0);
1206 if(ctlfd != 1 && pipefd != 1)
1207 dup2(x, 1);
1208 if(ctlfd != 2 && pipefd != 2)
1209 dup2(x, 2);
1210 if(x > 2)
1211 close(x);
1212 }
1213 #endif
1214 setup_signals();
1215 rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096);
1216 rb_init_rawbuffers(1024);
1217 ssl_ok = rb_supports_ssl();
1218 mod_ctl = rb_malloc(sizeof(mod_ctl_t));
1219 mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket");
1220 mod_ctl->F_pipe = rb_open(pipefd, RB_FD_PIPE, "ircd pipe");
1221 rb_set_nb(mod_ctl->F);
1222 rb_set_nb(mod_ctl->F_pipe);
1223 rb_event_addish("clean_dead_conns", clean_dead_conns, NULL, 10);
1224 rb_event_add("check_handshake_flood", check_handshake_flood, NULL, 10);
1225 read_pipe_ctl(mod_ctl->F_pipe, NULL);
1226 mod_read_ctl(mod_ctl->F, mod_ctl);
1227 if(!zlib_ok && !ssl_ok)
1228 {
1229 /* this is really useless... */
1230 send_i_am_useless(mod_ctl);
1231 /* sleep until the ircd kills us */
1232 rb_sleep(2 << 30, 0);
1233 exit(1);
1234 }
1235
1236 if(!zlib_ok)
1237 send_nozlib_support(mod_ctl, NULL);
1238 if(!ssl_ok)
1239 send_nossl_support(mod_ctl, NULL);
1240 rb_lib_loop(0);
1241 return 0;
1242 }
1243
1244
1245 #ifndef _WIN32
1246 static void
1247 dummy_handler(int sig)
1248 {
1249 return;
1250 }
1251 #endif
1252
1253 static void
1254 setup_signals()
1255 {
1256 #ifndef _WIN32
1257 struct sigaction act;
1258
1259 act.sa_flags = 0;
1260 act.sa_handler = SIG_IGN;
1261 sigemptyset(&act.sa_mask);
1262 sigaddset(&act.sa_mask, SIGPIPE);
1263 sigaddset(&act.sa_mask, SIGALRM);
1264 #ifdef SIGTRAP
1265 sigaddset(&act.sa_mask, SIGTRAP);
1266 #endif
1267
1268 #ifdef SIGWINCH
1269 sigaddset(&act.sa_mask, SIGWINCH);
1270 sigaction(SIGWINCH, &act, 0);
1271 #endif
1272 sigaction(SIGPIPE, &act, 0);
1273 #ifdef SIGTRAP
1274 sigaction(SIGTRAP, &act, 0);
1275 #endif
1276
1277 act.sa_handler = dummy_handler;
1278 sigaction(SIGALRM, &act, 0);
1279 #endif
1280 }
Fork of solanum ircd, history is rebased regularly