]> jfr.im git - solanum.git/blob - ssld/ssld.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rename libratbox to librb, since its pretty modified anyway
[solanum.git] / ssld / ssld.c
1 /*
2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 *
21 * $Id$
22 */
23
24
25 #include "stdinc.h"
26
27 #ifdef HAVE_LIBZ
28 #include <zlib.h>
29 #endif
30
31 #define MAXPASSFD 4
32 #ifndef READBUF_SIZE
33 #define READBUF_SIZE 16384
34 #endif
35
36 static void setup_signals(void);
37 static pid_t ppid;
38
39 static inline uint32_t
40 buf_to_uint32(uint8_t *buf)
41 {
42 uint32_t x;
43 memcpy(&x, buf, sizeof(x));
44 return x;
45 }
46
47 static inline void
48 uint32_to_buf(uint8_t *buf, uint32_t x)
49 {
50 memcpy(buf, &x, sizeof(x));
51 return;
52 }
53
54 typedef struct _mod_ctl_buf
55 {
56 rb_dlink_node node;
57 uint8_t *buf;
58 size_t buflen;
59 rb_fde_t *F[MAXPASSFD];
60 int nfds;
61 } mod_ctl_buf_t;
62
63 typedef struct _mod_ctl
64 {
65 rb_dlink_node node;
66 int cli_count;
67 rb_fde_t *F;
68 rb_fde_t *F_pipe;
69 rb_dlink_list readq;
70 rb_dlink_list writeq;
71 } mod_ctl_t;
72
73 static mod_ctl_t *mod_ctl;
74
75
76 #ifdef HAVE_LIBZ
77 typedef struct _zlib_stream
78 {
79 z_stream instream;
80 z_stream outstream;
81 } zlib_stream_t;
82 #endif
83
84 typedef struct _conn
85 {
86 rb_dlink_node node;
87 mod_ctl_t *ctl;
88 rawbuf_head_t *modbuf_out;
89 rawbuf_head_t *plainbuf_out;
90
91 uint32_t id;
92
93 rb_fde_t *mod_fd;
94 rb_fde_t *plain_fd;
95 uint64_t mod_out;
96 uint64_t mod_in;
97 uint64_t plain_in;
98 uint64_t plain_out;
99 uint8_t flags;
100 void *stream;
101 } conn_t;
102
103 #define FLAG_SSL 0x01
104 #define FLAG_ZIP 0x02
105 #define FLAG_CORK 0x04
106 #define FLAG_DEAD 0x08
107 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
108 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
109 #define FLAG_ZIPSSL 0x40
110
111 #define IsSSL(x) ((x)->flags & FLAG_SSL)
112 #define IsZip(x) ((x)->flags & FLAG_ZIP)
113 #define IsCork(x) ((x)->flags & FLAG_CORK)
114 #define IsDead(x) ((x)->flags & FLAG_DEAD)
115 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
116 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
117 #define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
118
119 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
120 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
121 #define SetCork(x) ((x)->flags |= FLAG_CORK)
122 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
123 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
124 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
125 #define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
126
127 #define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
128 #define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
129 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
130 #define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
131 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
132 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
133 #define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
134
135 #define NO_WAIT 0x0
136 #define WAIT_PLAIN 0x1
137
138 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
139 #define HASH_WALK_END }
140 #define CONN_HASH_SIZE 2000
141 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
142
143
144
145 static rb_dlink_list connid_hash_table[CONN_HASH_SIZE];
146 static rb_dlink_list dead_list;
147
148 static void conn_mod_read_cb(rb_fde_t *fd, void *data);
149 static void conn_mod_write_sendq(rb_fde_t *, void *data);
150 static void conn_plain_write_sendq(rb_fde_t *, void *data);
151 static void mod_write_ctl(rb_fde_t *, void *data);
152 static void conn_plain_read_cb(rb_fde_t *fd, void *data);
153 static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data);
154 static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len);
155 static const char *remote_closed = "Remote host closed the connection";
156 static int ssl_ok;
157 static int certfp_method = RB_SSL_CERTFP_METH_SHA1;
158 #ifdef HAVE_LIBZ
159 static int zlib_ok = 1;
160 #else
161 static int zlib_ok = 0;
162 #endif
163
164
165 #ifdef HAVE_LIBZ
166 static void *
167 ssld_alloc(void *unused, size_t count, size_t size)
168 {
169 return rb_malloc(count * size);
170 }
171
172 static void
173 ssld_free(void *unused, void *ptr)
174 {
175 rb_free(ptr);
176 }
177 #endif
178
179 static conn_t *
180 conn_find_by_id(uint32_t id)
181 {
182 rb_dlink_node *ptr;
183 conn_t *conn;
184
185 RB_DLINK_FOREACH(ptr, (connid_hash(id))->head)
186 {
187 conn = ptr->data;
188 if(conn->id == id && !IsDead(conn))
189 return conn;
190 }
191 return NULL;
192 }
193
194 static void
195 conn_add_id_hash(conn_t * conn, uint32_t id)
196 {
197 conn->id = id;
198 rb_dlinkAdd(conn, &conn->node, connid_hash(id));
199 }
200
201 static void
202 free_conn(conn_t * conn)
203 {
204 rb_free_rawbuffer(conn->modbuf_out);
205 rb_free_rawbuffer(conn->plainbuf_out);
206 #ifdef HAVE_LIBZ
207 if(IsZip(conn))
208 {
209 zlib_stream_t *stream = conn->stream;
210 inflateEnd(&stream->instream);
211 deflateEnd(&stream->outstream);
212 rb_free(stream);
213 }
214 #endif
215 rb_free(conn);
216 }
217
218 static void
219 clean_dead_conns(void *unused)
220 {
221 conn_t *conn;
222 rb_dlink_node *ptr, *next;
223 RB_DLINK_FOREACH_SAFE(ptr, next, dead_list.head)
224 {
225 conn = ptr->data;
226 free_conn(conn);
227 }
228 dead_list.tail = dead_list.head = NULL;
229 }
230
231
232 static void
233 close_conn(conn_t * conn, int wait_plain, const char *fmt, ...)
234 {
235 va_list ap;
236 char reason[128]; /* must always be under 250 bytes */
237 uint8_t buf[256];
238 int len;
239 if(IsDead(conn))
240 return;
241
242 rb_rawbuf_flush(conn->modbuf_out, conn->mod_fd);
243 rb_rawbuf_flush(conn->plainbuf_out, conn->plain_fd);
244 rb_close(conn->mod_fd);
245 SetDead(conn);
246
247 if(!IsZipSSL(conn))
248 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
249
250 if(!wait_plain || fmt == NULL)
251 {
252 rb_close(conn->plain_fd);
253 rb_dlinkAdd(conn, &conn->node, &dead_list);
254 return;
255 }
256 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
257 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
258 va_start(ap, fmt);
259 vsnprintf(reason, sizeof(reason), fmt, ap);
260 va_end(ap);
261
262 buf[0] = 'D';
263 uint32_to_buf(&buf[1], conn->id);
264 rb_strlcpy((char *) &buf[5], reason, sizeof(buf) - 5);
265 len = (strlen(reason) + 1) + 5;
266 mod_cmd_write_queue(conn->ctl, buf, len);
267 }
268
269 static conn_t *
270 make_conn(mod_ctl_t * ctl, rb_fde_t *mod_fd, rb_fde_t *plain_fd)
271 {
272 conn_t *conn = rb_malloc(sizeof(conn_t));
273 conn->ctl = ctl;
274 conn->modbuf_out = rb_new_rawbuffer();
275 conn->plainbuf_out = rb_new_rawbuffer();
276 conn->mod_fd = mod_fd;
277 conn->plain_fd = plain_fd;
278 conn->id = -1;
279 conn->stream = NULL;
280 rb_set_nb(mod_fd);
281 rb_set_nb(plain_fd);
282 return conn;
283 }
284
285 static void
286 check_handshake_flood(void *unused)
287 {
288 conn_t *conn;
289 rb_dlink_node *ptr, *next;
290 unsigned int count;
291 int i;
292 HASH_WALK_SAFE(i, CONN_HASH_SIZE, ptr, next, connid_hash_table)
293 {
294 conn = ptr->data;
295 if(!IsSSL(conn))
296 continue;
297
298 count = rb_ssl_handshake_count(conn->mod_fd);
299 /* nothing needs to do this more than twice in ten seconds i don't think */
300 if(count > 2)
301 close_conn(conn, WAIT_PLAIN, "Handshake flooding");
302 else
303 rb_ssl_clear_handshake_count(conn->mod_fd);
304 }
305 HASH_WALK_END}
306
307 static void
308 conn_mod_write_sendq(rb_fde_t *fd, void *data)
309 {
310 conn_t *conn = data;
311 const char *err;
312 int retlen;
313 if(IsDead(conn))
314 return;
315
316 if(IsSSLWWantsR(conn))
317 {
318 ClearSSLWWantsR(conn);
319 conn_mod_read_cb(conn->mod_fd, conn);
320 if(IsDead(conn))
321 return;
322 }
323
324 while((retlen = rb_rawbuf_flush(conn->modbuf_out, fd)) > 0)
325 conn->mod_out += retlen;
326
327 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
328 {
329 if(retlen == 0)
330 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
331 if(IsSSL(conn) && retlen == RB_RW_SSL_ERROR)
332 err = rb_get_ssl_strerror(conn->mod_fd);
333 else
334 err = strerror(errno);
335 close_conn(conn, WAIT_PLAIN, "Write error: %s", err);
336 return;
337 }
338 if(rb_rawbuf_length(conn->modbuf_out) > 0)
339 {
340 if(retlen != RB_RW_SSL_NEED_READ)
341 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_write_sendq, conn);
342 else
343 {
344 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_write_sendq, conn);
345 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
346 SetSSLWWantsR(conn);
347 }
348 }
349 else
350 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
351
352 if(IsCork(conn) && rb_rawbuf_length(conn->modbuf_out) == 0)
353 {
354 ClearCork(conn);
355 conn_plain_read_cb(conn->plain_fd, conn);
356 }
357
358 }
359
360 static void
361 conn_mod_write(conn_t * conn, void *data, size_t len)
362 {
363 if(IsDead(conn)) /* no point in queueing to a dead man */
364 return;
365 rb_rawbuf_append(conn->modbuf_out, data, len);
366 }
367
368 static void
369 conn_plain_write(conn_t * conn, void *data, size_t len)
370 {
371 if(IsDead(conn)) /* again no point in queueing to dead men */
372 return;
373 rb_rawbuf_append(conn->plainbuf_out, data, len);
374 }
375
376 static void
377 mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len)
378 {
379 mod_ctl_buf_t *ctl_buf;
380 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
381 ctl_buf->buf = rb_malloc(len);
382 ctl_buf->buflen = len;
383 memcpy(ctl_buf->buf, data, len);
384 ctl_buf->nfds = 0;
385 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->writeq);
386 mod_write_ctl(ctl->F, ctl);
387 }
388
389 #ifdef HAVE_LIBZ
390 static void
391 common_zlib_deflate(conn_t * conn, void *buf, size_t len)
392 {
393 char outbuf[READBUF_SIZE];
394 int ret, have;
395 z_stream *outstream = &((zlib_stream_t *) conn->stream)->outstream;
396 outstream->next_in = buf;
397 outstream->avail_in = len;
398 outstream->next_out = (Bytef *) outbuf;
399 outstream->avail_out = sizeof(outbuf);
400
401 ret = deflate(outstream, Z_SYNC_FLUSH);
402 if(ret != Z_OK)
403 {
404 /* deflate error */
405 close_conn(conn, WAIT_PLAIN, "Deflate failed: %s", zError(ret));
406 return;
407 }
408 if(outstream->avail_out == 0)
409 {
410 /* avail_out empty */
411 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_out == 0");
412 return;
413 }
414 if(outstream->avail_in != 0)
415 {
416 /* avail_in isn't empty... */
417 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_in != 0");
418 return;
419 }
420 have = sizeof(outbuf) - outstream->avail_out;
421 conn_mod_write(conn, outbuf, have);
422 }
423
424 static void
425 common_zlib_inflate(conn_t * conn, void *buf, size_t len)
426 {
427 char outbuf[READBUF_SIZE];
428 int ret, have = 0;
429 ((zlib_stream_t *) conn->stream)->instream.next_in = buf;
430 ((zlib_stream_t *) conn->stream)->instream.avail_in = len;
431 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
432 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
433
434 while(((zlib_stream_t *) conn->stream)->instream.avail_in)
435 {
436 ret = inflate(&((zlib_stream_t *) conn->stream)->instream, Z_NO_FLUSH);
437 if(ret != Z_OK)
438 {
439 if(!strncmp("ERROR ", buf, 6))
440 {
441 close_conn(conn, WAIT_PLAIN, "Received uncompressed ERROR");
442 return;
443 }
444 close_conn(conn, WAIT_PLAIN, "Inflate failed: %s", zError(ret));
445 return;
446 }
447 have = sizeof(outbuf) - ((zlib_stream_t *) conn->stream)->instream.avail_out;
448
449 if(((zlib_stream_t *) conn->stream)->instream.avail_in)
450 {
451 conn_plain_write(conn, outbuf, have);
452 have = 0;
453 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
454 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
455 }
456 }
457 if(have == 0)
458 return;
459
460 conn_plain_write(conn, outbuf, have);
461 }
462 #endif
463
464 static int
465 plain_check_cork(conn_t * conn)
466 {
467 if(rb_rawbuf_length(conn->modbuf_out) >= 4096)
468 {
469 /* if we have over 4k pending outbound, don't read until
470 * we've cleared the queue */
471 SetCork(conn);
472 rb_setselect(conn->plain_fd, RB_SELECT_READ, NULL, NULL);
473 /* try to write */
474 conn_mod_write_sendq(conn->mod_fd, conn);
475 return 1;
476 }
477 return 0;
478 }
479
480
481 static void
482 conn_plain_read_cb(rb_fde_t *fd, void *data)
483 {
484 char inbuf[READBUF_SIZE];
485 conn_t *conn = data;
486 int length = 0;
487 if(conn == NULL)
488 return;
489
490 if(IsDead(conn))
491 return;
492
493 if(plain_check_cork(conn))
494 return;
495
496 while(1)
497 {
498 if(IsDead(conn))
499 return;
500
501 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
502
503 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
504 {
505 close_conn(conn, NO_WAIT, NULL);
506 return;
507 }
508
509 if(length < 0)
510 {
511 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_cb, conn);
512 conn_mod_write_sendq(conn->mod_fd, conn);
513 return;
514 }
515 conn->plain_in += length;
516
517 #ifdef HAVE_LIBZ
518 if(IsZip(conn))
519 common_zlib_deflate(conn, inbuf, length);
520 else
521 #endif
522 conn_mod_write(conn, inbuf, length);
523 if(IsDead(conn))
524 return;
525 if(plain_check_cork(conn))
526 return;
527 }
528 }
529
530 static void
531 conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data)
532 {
533 char inbuf[READBUF_SIZE];
534 conn_t *conn = data;
535 int length = 0;
536
537 if(conn == NULL)
538 return;
539
540 while(1)
541 {
542 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
543
544 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
545 {
546 rb_close(conn->plain_fd);
547 rb_dlinkAdd(conn, &conn->node, &dead_list);
548 return;
549 }
550
551 if(length < 0)
552 {
553 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
554 return;
555 }
556 }
557 }
558
559 static void
560 conn_mod_read_cb(rb_fde_t *fd, void *data)
561 {
562 char inbuf[READBUF_SIZE];
563 conn_t *conn = data;
564 const char *err = remote_closed;
565 int length;
566 if(conn == NULL)
567 return;
568 if(IsDead(conn))
569 return;
570
571 if(IsSSLRWantsW(conn))
572 {
573 ClearSSLRWantsW(conn);
574 conn_mod_write_sendq(conn->mod_fd, conn);
575 if(IsDead(conn))
576 return;
577 }
578
579 while(1)
580 {
581 if(IsDead(conn))
582 return;
583
584 length = rb_read(conn->mod_fd, inbuf, sizeof(inbuf));
585
586 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
587 {
588 if(length == 0)
589 {
590 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
591 return;
592 }
593
594 if(IsSSL(conn) && length == RB_RW_SSL_ERROR)
595 err = rb_get_ssl_strerror(conn->mod_fd);
596 else
597 err = strerror(errno);
598 close_conn(conn, WAIT_PLAIN, "Read error: %s", err);
599 return;
600 }
601 if(length < 0)
602 {
603 if(length != RB_RW_SSL_NEED_WRITE)
604 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_read_cb, conn);
605 else
606 {
607 rb_setselect(conn->mod_fd, RB_SELECT_READ, NULL, NULL);
608 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_read_cb, conn);
609 SetSSLRWantsW(conn);
610 }
611 conn_plain_write_sendq(conn->plain_fd, conn);
612 return;
613 }
614 conn->mod_in += length;
615 #ifdef HAVE_LIBZ
616 if(IsZip(conn))
617 common_zlib_inflate(conn, inbuf, length);
618 else
619 #endif
620 conn_plain_write(conn, inbuf, length);
621 }
622 }
623
624 static void
625 conn_plain_write_sendq(rb_fde_t *fd, void *data)
626 {
627 conn_t *conn = data;
628 int retlen;
629
630 if(IsDead(conn))
631 return;
632
633 while((retlen = rb_rawbuf_flush(conn->plainbuf_out, fd)) > 0)
634 {
635 conn->plain_out += retlen;
636 }
637 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
638 {
639 close_conn(data, NO_WAIT, NULL);
640 return;
641 }
642
643
644 if(rb_rawbuf_length(conn->plainbuf_out) > 0)
645 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, conn_plain_write_sendq, conn);
646 else
647 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
648 }
649
650 static int
651 maxconn(void)
652 {
653 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
654 struct rlimit limit;
655
656 if(!getrlimit(RLIMIT_NOFILE, &limit))
657 {
658 return limit.rlim_cur;
659 }
660 #endif /* RLIMIT_FD_MAX */
661 return MAXCONNECTIONS;
662 }
663
664 static void
665 ssl_send_cipher(conn_t *conn)
666 {
667 size_t len;
668 uint8_t buf[512];
669 char cstring[256];
670 const char *p;
671 if(!IsSSL(conn))
672 return;
673
674 p = rb_ssl_get_cipher(conn->mod_fd);
675
676 if(p == NULL)
677 return;
678
679 rb_strlcpy(cstring, p, sizeof(cstring));
680
681 buf[0] = 'C';
682 uint32_to_buf(&buf[1], conn->id);
683 strcpy((char *) &buf[5], cstring);
684 len = (strlen(cstring) + 1) + 5;
685 mod_cmd_write_queue(conn->ctl, buf, len);
686 }
687
688 static void
689 ssl_send_certfp(conn_t *conn)
690 {
691 uint8_t buf[9 + RB_SSL_CERTFP_LEN];
692
693 int len = rb_get_ssl_certfp(conn->mod_fd, &buf[9], certfp_method);
694 if (!len)
695 return;
696
697 lrb_assert(len <= RB_SSL_CERTFP_LEN);
698 buf[0] = 'F';
699 uint32_to_buf(&buf[1], conn->id);
700 uint32_to_buf(&buf[5], len);
701 mod_cmd_write_queue(conn->ctl, buf, 9 + len);
702 }
703
704 static void
705 ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
706 {
707 conn_t *conn = data;
708
709 if(status == RB_OK)
710 {
711 conn_mod_read_cb(conn->mod_fd, conn);
712 conn_plain_read_cb(conn->plain_fd, conn);
713 ssl_send_cipher(conn);
714 ssl_send_certfp(conn);
715 return;
716 }
717 /* ircd doesn't care about the reason for this */
718 close_conn(conn, NO_WAIT, 0);
719 return;
720 }
721
722 static void
723 ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
724 {
725 conn_t *conn = data;
726
727 if(status == RB_OK)
728 {
729 conn_mod_read_cb(conn->mod_fd, conn);
730 conn_plain_read_cb(conn->plain_fd, conn);
731 ssl_send_cipher(conn);
732 ssl_send_certfp(conn);
733 }
734 else if(status == RB_ERR_TIMEOUT)
735 close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
736 else if(status == RB_ERROR_SSL)
737 close_conn(conn, WAIT_PLAIN, "%s", rb_get_ssl_strerror(conn->mod_fd));
738 else
739 close_conn(conn, WAIT_PLAIN, "SSL handshake failed");
740 }
741
742
743 static void
744 cleanup_bad_message(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
745 {
746 int i;
747
748 /* XXX should log this somehow */
749 for (i = 0; i < ctlb->nfds; i++)
750 rb_close(ctlb->F[i]);
751 }
752
753 static void
754 ssl_process_accept(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
755 {
756 conn_t *conn;
757 uint32_t id;
758
759 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
760
761 id = buf_to_uint32(&ctlb->buf[1]);
762 conn_add_id_hash(conn, id);
763 SetSSL(conn);
764
765 if(rb_get_type(conn->mod_fd) & RB_FD_UNKNOWN)
766 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
767
768 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
769 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
770
771 rb_ssl_start_accepted(ctlb->F[0], ssl_process_accept_cb, conn, 10);
772 }
773
774 static void
775 ssl_change_certfp_method(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
776 {
777 certfp_method = buf_to_uint32(&ctlb->buf[1]);
778 }
779
780 static void
781 ssl_process_connect(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
782 {
783 conn_t *conn;
784 uint32_t id;
785 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
786
787 id = buf_to_uint32(&ctlb->buf[1]);
788 conn_add_id_hash(conn, id);
789 SetSSL(conn);
790
791 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
792 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
793
794 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
795 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
796
797
798 rb_ssl_start_connected(ctlb->F[0], ssl_process_connect_cb, conn, 10);
799 }
800
801 static void
802 process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
803 {
804 char outstat[512];
805 conn_t *conn;
806 uint8_t *odata;
807 uint32_t id;
808
809 id = buf_to_uint32(&ctlb->buf[1]);
810
811 odata = &ctlb->buf[5];
812 conn = conn_find_by_id(id);
813
814 if(conn == NULL)
815 return;
816
817 snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata,
818 (unsigned long long)conn->plain_out,
819 (unsigned long long)conn->mod_in,
820 (unsigned long long)conn->plain_in,
821 (unsigned long long)conn->mod_out);
822 conn->plain_out = 0;
823 conn->plain_in = 0;
824 conn->mod_in = 0;
825 conn->mod_out = 0;
826 mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */
827 }
828
829 static void
830 change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
831 {
832 uint32_t id = buf_to_uint32(&ctlb->buf[1]);
833 uint32_t newid = buf_to_uint32(&ctlb->buf[5]);
834 conn_t *conn = conn_find_by_id(id);
835 lrb_assert(conn != NULL);
836 if(conn == NULL)
837 {
838 uint8_t buf[256];
839 int len;
840
841 buf[0] = 'D';
842 uint32_to_buf(&buf[1], newid);
843 sprintf((char *) &buf[5], "connid %d does not exist", id);
844 len = (strlen((char *) &buf[5]) + 1) + 5;
845 mod_cmd_write_queue(ctl, buf, len);
846
847 return;
848 }
849 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
850 SetZipSSL(conn);
851 conn->id = newid;
852 }
853
854 #ifdef HAVE_LIBZ
855 static void
856 zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
857 {
858 uint8_t level;
859 size_t recvqlen;
860 size_t hdr = (sizeof(uint8_t) * 2) + sizeof(uint32_t);
861 void *recvq_start;
862 z_stream *instream, *outstream;
863 conn_t *conn;
864 uint32_t id;
865
866 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
867 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
868 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
869
870 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
871 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
872
873 id = buf_to_uint32(&ctlb->buf[1]);
874 conn_add_id_hash(conn, id);
875
876 level = (uint8_t)ctlb->buf[5];
877
878 recvqlen = ctlb->buflen - hdr;
879 recvq_start = &ctlb->buf[6];
880
881 SetZip(conn);
882 conn->stream = rb_malloc(sizeof(zlib_stream_t));
883 instream = &((zlib_stream_t *) conn->stream)->instream;
884 outstream = &((zlib_stream_t *) conn->stream)->outstream;
885
886 instream->total_in = 0;
887 instream->total_out = 0;
888 instream->zalloc = (alloc_func) ssld_alloc;
889 instream->zfree = (free_func) ssld_free;
890 instream->data_type = Z_ASCII;
891 inflateInit(&((zlib_stream_t *) conn->stream)->instream);
892
893 outstream->total_in = 0;
894 outstream->total_out = 0;
895 outstream->zalloc = (alloc_func) ssld_alloc;
896 outstream->zfree = (free_func) ssld_free;
897 outstream->data_type = Z_ASCII;
898
899 if(level > 9)
900 level = (uint8_t) Z_DEFAULT_COMPRESSION;
901
902 deflateInit(&((zlib_stream_t *) conn->stream)->outstream, level);
903 if(recvqlen > 0)
904 common_zlib_inflate(conn, recvq_start, recvqlen);
905
906 conn_mod_read_cb(conn->mod_fd, conn);
907 conn_plain_read_cb(conn->plain_fd, conn);
908 return;
909
910 }
911 #endif
912
913 static void
914 init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
915 {
916 char *path;
917 prng_seed_t seed_type;
918
919 seed_type = (prng_seed_t) ctl_buf->buf[1];
920 path = (char *) &ctl_buf->buf[2];
921 rb_init_prng(path, seed_type);
922 }
923
924
925 static void
926 ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
927 {
928 char *buf;
929 char *cert, *key, *dhparam, *cipher_list;
930
931 buf = (char *) &ctl_buf->buf[2];
932 cert = buf;
933 buf += strlen(cert) + 1;
934 key = buf;
935 buf += strlen(key) + 1;
936 dhparam = buf;
937 if(strlen(dhparam) == 0)
938 dhparam = NULL;
939 buf += strlen(dhparam) + 1;
940 cipher_list = buf;
941 if(strlen(cipher_list) == 0)
942 cipher_list = NULL;
943
944 if(!rb_setup_ssl_server(cert, key, dhparam, cipher_list))
945 {
946 const char *invalid = "I";
947 mod_cmd_write_queue(ctl, invalid, strlen(invalid));
948 return;
949 }
950 }
951
952 static void
953 send_nossl_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
954 {
955 static const char *nossl_cmd = "N";
956 conn_t *conn;
957 uint32_t id;
958
959 if(ctlb != NULL)
960 {
961 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
962 id = buf_to_uint32(&ctlb->buf[1]);
963 conn_add_id_hash(conn, id);
964 close_conn(conn, WAIT_PLAIN, "libratbox reports no SSL/TLS support");
965 }
966 mod_cmd_write_queue(ctl, nossl_cmd, strlen(nossl_cmd));
967 }
968
969 static void
970 send_i_am_useless(mod_ctl_t * ctl)
971 {
972 static const char *useless = "U";
973 mod_cmd_write_queue(ctl, useless, strlen(useless));
974 }
975
976 static void
977 send_version(mod_ctl_t * ctl)
978 {
979 char version[256] = { 'V', 0 };
980 strncpy(&version[1], rb_lib_version(), sizeof(version) - 2);
981 mod_cmd_write_queue(ctl, version, strlen(version));
982 }
983
984 static void
985 send_nozlib_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
986 {
987 static const char *nozlib_cmd = "z";
988 conn_t *conn;
989 uint32_t id;
990 if(ctlb != NULL)
991 {
992 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
993 id = buf_to_uint32(&ctlb->buf[1]);
994 conn_add_id_hash(conn, id);
995 close_conn(conn, WAIT_PLAIN, "libratbox reports no zlib support");
996 }
997 mod_cmd_write_queue(ctl, nozlib_cmd, strlen(nozlib_cmd));
998 }
999
1000 static void
1001 mod_process_cmd_recv(mod_ctl_t * ctl)
1002 {
1003 rb_dlink_node *ptr, *next;
1004 mod_ctl_buf_t *ctl_buf;
1005
1006 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->readq.head)
1007 {
1008 ctl_buf = ptr->data;
1009
1010 switch (*ctl_buf->buf)
1011 {
1012 case 'A':
1013 {
1014 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
1015 {
1016 cleanup_bad_message(ctl, ctl_buf);
1017 break;
1018 }
1019
1020 if(!ssl_ok)
1021 {
1022 send_nossl_support(ctl, ctl_buf);
1023 break;
1024 }
1025 ssl_process_accept(ctl, ctl_buf);
1026 break;
1027 }
1028 case 'C':
1029 {
1030 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
1031 {
1032 cleanup_bad_message(ctl, ctl_buf);
1033 break;
1034 }
1035
1036 if(!ssl_ok)
1037 {
1038 send_nossl_support(ctl, ctl_buf);
1039 break;
1040 }
1041 ssl_process_connect(ctl, ctl_buf);
1042 break;
1043 }
1044 case 'F':
1045 {
1046 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
1047 {
1048 cleanup_bad_message(ctl, ctl_buf);
1049 break;
1050 }
1051 ssl_change_certfp_method(ctl, ctl_buf);
1052 break;
1053 }
1054 case 'K':
1055 {
1056 if(!ssl_ok)
1057 {
1058 send_nossl_support(ctl, ctl_buf);
1059 break;
1060 }
1061 ssl_new_keys(ctl, ctl_buf);
1062 break;
1063 }
1064 case 'I':
1065 init_prng(ctl, ctl_buf);
1066 break;
1067 case 'S':
1068 {
1069 process_stats(ctl, ctl_buf);
1070 break;
1071 }
1072 case 'Y':
1073 {
1074 change_connid(ctl, ctl_buf);
1075 break;
1076 }
1077
1078 #ifdef HAVE_LIBZ
1079 case 'Z':
1080 {
1081 if (ctl_buf->nfds != 2 || ctl_buf->buflen < 6)
1082 {
1083 cleanup_bad_message(ctl, ctl_buf);
1084 break;
1085 }
1086
1087 /* just zlib only */
1088 zlib_process(ctl, ctl_buf);
1089 break;
1090 }
1091 #else
1092
1093 case 'Z':
1094 send_nozlib_support(ctl, ctl_buf);
1095 break;
1096
1097 #endif
1098 default:
1099 break;
1100 /* Log unknown commands */
1101 }
1102 rb_dlinkDelete(ptr, &ctl->readq);
1103 rb_free(ctl_buf->buf);
1104 rb_free(ctl_buf);
1105 }
1106
1107 }
1108
1109
1110
1111 static void
1112 mod_read_ctl(rb_fde_t *F, void *data)
1113 {
1114 mod_ctl_buf_t *ctl_buf;
1115 mod_ctl_t *ctl = data;
1116 int retlen;
1117 int i;
1118
1119 do
1120 {
1121 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
1122 ctl_buf->buf = rb_malloc(READBUF_SIZE);
1123 ctl_buf->buflen = READBUF_SIZE;
1124 retlen = rb_recv_fd_buf(ctl->F, ctl_buf->buf, ctl_buf->buflen, ctl_buf->F,
1125 MAXPASSFD);
1126 if(retlen <= 0)
1127 {
1128 rb_free(ctl_buf->buf);
1129 rb_free(ctl_buf);
1130 }
1131 else
1132 {
1133 ctl_buf->buflen = retlen;
1134 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->readq);
1135 for (i = 0; i < MAXPASSFD && ctl_buf->F[i] != NULL; i++)
1136 ;
1137 ctl_buf->nfds = i;
1138 }
1139 }
1140 while(retlen > 0);
1141
1142 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1143 exit(0);
1144
1145 mod_process_cmd_recv(ctl);
1146 rb_setselect(ctl->F, RB_SELECT_READ, mod_read_ctl, ctl);
1147 }
1148
1149 static void
1150 mod_write_ctl(rb_fde_t *F, void *data)
1151 {
1152 mod_ctl_t *ctl = data;
1153 mod_ctl_buf_t *ctl_buf;
1154 rb_dlink_node *ptr, *next;
1155 int retlen, x;
1156
1157 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->writeq.head)
1158 {
1159 ctl_buf = ptr->data;
1160 retlen = rb_send_fd_buf(ctl->F, ctl_buf->F, ctl_buf->nfds, ctl_buf->buf,
1161 ctl_buf->buflen, ppid);
1162 if(retlen > 0)
1163 {
1164 rb_dlinkDelete(ptr, &ctl->writeq);
1165 for(x = 0; x < ctl_buf->nfds; x++)
1166 rb_close(ctl_buf->F[x]);
1167 rb_free(ctl_buf->buf);
1168 rb_free(ctl_buf);
1169
1170 }
1171 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1172 exit(0);
1173
1174 }
1175 if(rb_dlink_list_length(&ctl->writeq) > 0)
1176 rb_setselect(ctl->F, RB_SELECT_WRITE, mod_write_ctl, ctl);
1177 }
1178
1179
1180 static void
1181 read_pipe_ctl(rb_fde_t *F, void *data)
1182 {
1183 char inbuf[READBUF_SIZE];
1184 int retlen;
1185 while((retlen = rb_read(F, inbuf, sizeof(inbuf))) > 0)
1186 {
1187 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1188 }
1189 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1190 exit(0);
1191 rb_setselect(F, RB_SELECT_READ, read_pipe_ctl, NULL);
1192
1193 }
1194
1195 int
1196 main(int argc, char **argv)
1197 {
1198 const char *s_ctlfd, *s_pipe, *s_pid;
1199 int ctlfd, pipefd, x, maxfd;
1200 maxfd = maxconn();
1201
1202 s_ctlfd = getenv("CTL_FD");
1203 s_pipe = getenv("CTL_PIPE");
1204 s_pid = getenv("CTL_PPID");
1205
1206 if(s_ctlfd == NULL || s_pipe == NULL || s_pid == NULL)
1207 {
1208 fprintf(stderr,
1209 "This is the charybdis ssld for internal ircd use.\n");
1210 fprintf(stderr,
1211 "You aren't supposed to run me directly. Exiting.\n");
1212 exit(1);
1213 }
1214
1215 ctlfd = atoi(s_ctlfd);
1216 pipefd = atoi(s_pipe);
1217 ppid = atoi(s_pid);
1218 x = 0;
1219 #ifndef _WIN32
1220 for(x = 0; x < maxfd; x++)
1221 {
1222 if(x != ctlfd && x != pipefd && x > 2)
1223 close(x);
1224 }
1225 x = open("/dev/null", O_RDWR);
1226
1227 if(x >= 0)
1228 {
1229 if(ctlfd != 0 && pipefd != 0)
1230 dup2(x, 0);
1231 if(ctlfd != 1 && pipefd != 1)
1232 dup2(x, 1);
1233 if(ctlfd != 2 && pipefd != 2)
1234 dup2(x, 2);
1235 if(x > 2)
1236 close(x);
1237 }
1238 #endif
1239 setup_signals();
1240 rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096);
1241 rb_init_rawbuffers(1024);
1242 ssl_ok = rb_supports_ssl();
1243 mod_ctl = rb_malloc(sizeof(mod_ctl_t));
1244 mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket");
1245 mod_ctl->F_pipe = rb_open(pipefd, RB_FD_PIPE, "ircd pipe");
1246 rb_set_nb(mod_ctl->F);
1247 rb_set_nb(mod_ctl->F_pipe);
1248 rb_event_addish("clean_dead_conns", clean_dead_conns, NULL, 10);
1249 rb_event_add("check_handshake_flood", check_handshake_flood, NULL, 10);
1250 read_pipe_ctl(mod_ctl->F_pipe, NULL);
1251 mod_read_ctl(mod_ctl->F, mod_ctl);
1252 send_version(mod_ctl);
1253 if(!zlib_ok && !ssl_ok)
1254 {
1255 /* this is really useless... */
1256 send_i_am_useless(mod_ctl);
1257 /* sleep until the ircd kills us */
1258 rb_sleep(2 << 30, 0);
1259 exit(1);
1260 }
1261
1262 if(!zlib_ok)
1263 send_nozlib_support(mod_ctl, NULL);
1264 if(!ssl_ok)
1265 send_nossl_support(mod_ctl, NULL);
1266 rb_lib_loop(0);
1267 return 0;
1268 }
1269
1270
1271 #ifndef _WIN32
1272 static void
1273 dummy_handler(int sig)
1274 {
1275 return;
1276 }
1277 #endif
1278
1279 static void
1280 setup_signals()
1281 {
1282 #ifndef _WIN32
1283 struct sigaction act;
1284
1285 act.sa_flags = 0;
1286 act.sa_handler = SIG_IGN;
1287 sigemptyset(&act.sa_mask);
1288 sigaddset(&act.sa_mask, SIGPIPE);
1289 sigaddset(&act.sa_mask, SIGALRM);
1290 #ifdef SIGTRAP
1291 sigaddset(&act.sa_mask, SIGTRAP);
1292 #endif
1293
1294 #ifdef SIGWINCH
1295 sigaddset(&act.sa_mask, SIGWINCH);
1296 sigaction(SIGWINCH, &act, 0);
1297 #endif
1298 sigaction(SIGPIPE, &act, 0);
1299 #ifdef SIGTRAP
1300 sigaction(SIGTRAP, &act, 0);
1301 #endif
1302
1303 act.sa_handler = dummy_handler;
1304 sigaction(SIGALRM, &act, 0);
1305 #endif
1306 }
Fork of solanum ircd, history is rebased regularly