]> jfr.im git - solanum.git/blob - ssld/ssld.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ircd: client: substantially rework the connid registry system
[solanum.git] / ssld / ssld.c
1 /*
2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 */
21
22
23 #include "stdinc.h"
24
25 #ifdef HAVE_LIBZ
26 #include <zlib.h>
27 #endif
28
29 #define MAXPASSFD 4
30 #ifndef READBUF_SIZE
31 #define READBUF_SIZE 16384
32 #endif
33
34 static void setup_signals(void);
35 static pid_t ppid;
36
37 static inline uint32_t
38 buf_to_uint32(uint8_t *buf)
39 {
40 uint32_t x;
41 memcpy(&x, buf, sizeof(x));
42 return x;
43 }
44
45 static inline void
46 uint32_to_buf(uint8_t *buf, uint32_t x)
47 {
48 memcpy(buf, &x, sizeof(x));
49 return;
50 }
51
52 typedef struct _mod_ctl_buf
53 {
54 rb_dlink_node node;
55 uint8_t *buf;
56 size_t buflen;
57 rb_fde_t *F[MAXPASSFD];
58 int nfds;
59 } mod_ctl_buf_t;
60
61 typedef struct _mod_ctl
62 {
63 rb_dlink_node node;
64 int cli_count;
65 rb_fde_t *F;
66 rb_fde_t *F_pipe;
67 rb_dlink_list readq;
68 rb_dlink_list writeq;
69 } mod_ctl_t;
70
71 static mod_ctl_t *mod_ctl;
72
73
74 #ifdef HAVE_LIBZ
75 typedef struct _zlib_stream
76 {
77 z_stream instream;
78 z_stream outstream;
79 } zlib_stream_t;
80 #endif
81
82 typedef struct _conn
83 {
84 rb_dlink_node node;
85 mod_ctl_t *ctl;
86 rawbuf_head_t *modbuf_out;
87 rawbuf_head_t *plainbuf_out;
88
89 uint32_t id;
90
91 rb_fde_t *mod_fd;
92 rb_fde_t *plain_fd;
93 uint64_t mod_out;
94 uint64_t mod_in;
95 uint64_t plain_in;
96 uint64_t plain_out;
97 uint8_t flags;
98 void *stream;
99 } conn_t;
100
101 #define FLAG_SSL 0x01
102 #define FLAG_ZIP 0x02
103 #define FLAG_CORK 0x04
104 #define FLAG_DEAD 0x08
105 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
106 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
107 #define FLAG_ZIPSSL 0x40
108
109 #define IsSSL(x) ((x)->flags & FLAG_SSL)
110 #define IsZip(x) ((x)->flags & FLAG_ZIP)
111 #define IsCork(x) ((x)->flags & FLAG_CORK)
112 #define IsDead(x) ((x)->flags & FLAG_DEAD)
113 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
114 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
115 #define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
116
117 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
118 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
119 #define SetCork(x) ((x)->flags |= FLAG_CORK)
120 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
121 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
122 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
123 #define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
124
125 #define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
126 #define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
127 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
128 #define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
129 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
130 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
131 #define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
132
133 #define NO_WAIT 0x0
134 #define WAIT_PLAIN 0x1
135
136 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
137 #define HASH_WALK_END }
138 #define CONN_HASH_SIZE 2000
139 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
140
141
142
143 static rb_dlink_list connid_hash_table[CONN_HASH_SIZE];
144 static rb_dlink_list dead_list;
145
146 static void conn_mod_read_cb(rb_fde_t *fd, void *data);
147 static void conn_mod_write_sendq(rb_fde_t *, void *data);
148 static void conn_plain_write_sendq(rb_fde_t *, void *data);
149 static void mod_write_ctl(rb_fde_t *, void *data);
150 static void conn_plain_read_cb(rb_fde_t *fd, void *data);
151 static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data);
152 static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len);
153 static const char *remote_closed = "Remote host closed the connection";
154 static bool ssld_ssl_ok;
155 static int certfp_method = RB_SSL_CERTFP_METH_SHA1;
156 #ifdef HAVE_LIBZ
157 static bool zlib_ok = true;
158 #else
159 static bool zlib_ok = false;
160 #endif
161
162
163 #ifdef HAVE_LIBZ
164 static void *
165 ssld_alloc(void *unused, size_t count, size_t size)
166 {
167 return rb_malloc(count * size);
168 }
169
170 static void
171 ssld_free(void *unused, void *ptr)
172 {
173 rb_free(ptr);
174 }
175 #endif
176
177 static conn_t *
178 conn_find_by_id(uint32_t id)
179 {
180 rb_dlink_node *ptr;
181 conn_t *conn;
182
183 RB_DLINK_FOREACH(ptr, (connid_hash(id))->head)
184 {
185 conn = ptr->data;
186 if(conn->id == id && !IsDead(conn))
187 return conn;
188 }
189 return NULL;
190 }
191
192 static void
193 conn_add_id_hash(conn_t * conn, uint32_t id)
194 {
195 conn->id = id;
196 rb_dlinkAdd(conn, &conn->node, connid_hash(id));
197 }
198
199 static void
200 free_conn(conn_t * conn)
201 {
202 rb_free_rawbuffer(conn->modbuf_out);
203 rb_free_rawbuffer(conn->plainbuf_out);
204 #ifdef HAVE_LIBZ
205 if(IsZip(conn))
206 {
207 zlib_stream_t *stream = conn->stream;
208 inflateEnd(&stream->instream);
209 deflateEnd(&stream->outstream);
210 rb_free(stream);
211 }
212 #endif
213 rb_free(conn);
214 }
215
216 static void
217 clean_dead_conns(void *unused)
218 {
219 conn_t *conn;
220 rb_dlink_node *ptr, *next;
221 RB_DLINK_FOREACH_SAFE(ptr, next, dead_list.head)
222 {
223 conn = ptr->data;
224 free_conn(conn);
225 }
226 dead_list.tail = dead_list.head = NULL;
227 }
228
229
230 static void
231 close_conn(conn_t * conn, int wait_plain, const char *fmt, ...)
232 {
233 va_list ap;
234 char reason[128]; /* must always be under 250 bytes */
235 uint8_t buf[256];
236 int len;
237 if(IsDead(conn))
238 return;
239
240 rb_rawbuf_flush(conn->modbuf_out, conn->mod_fd);
241 rb_rawbuf_flush(conn->plainbuf_out, conn->plain_fd);
242 rb_close(conn->mod_fd);
243 SetDead(conn);
244
245 if(!IsZipSSL(conn))
246 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
247
248 if(!wait_plain || fmt == NULL)
249 {
250 rb_close(conn->plain_fd);
251 rb_dlinkAdd(conn, &conn->node, &dead_list);
252 return;
253 }
254 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
255 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
256 va_start(ap, fmt);
257 vsnprintf(reason, sizeof(reason), fmt, ap);
258 va_end(ap);
259
260 buf[0] = 'D';
261 uint32_to_buf(&buf[1], conn->id);
262 rb_strlcpy((char *) &buf[5], reason, sizeof(buf) - 5);
263 len = (strlen(reason) + 1) + 5;
264 mod_cmd_write_queue(conn->ctl, buf, len);
265 }
266
267 static conn_t *
268 make_conn(mod_ctl_t * ctl, rb_fde_t *mod_fd, rb_fde_t *plain_fd)
269 {
270 conn_t *conn = rb_malloc(sizeof(conn_t));
271 conn->ctl = ctl;
272 conn->modbuf_out = rb_new_rawbuffer();
273 conn->plainbuf_out = rb_new_rawbuffer();
274 conn->mod_fd = mod_fd;
275 conn->plain_fd = plain_fd;
276 conn->id = -1;
277 conn->stream = NULL;
278 rb_set_nb(mod_fd);
279 rb_set_nb(plain_fd);
280 return conn;
281 }
282
283 static void
284 check_handshake_flood(void *unused)
285 {
286 conn_t *conn;
287 rb_dlink_node *ptr, *next;
288 unsigned int count;
289 int i;
290 HASH_WALK_SAFE(i, CONN_HASH_SIZE, ptr, next, connid_hash_table)
291 {
292 conn = ptr->data;
293 if(!IsSSL(conn))
294 continue;
295
296 count = rb_ssl_handshake_count(conn->mod_fd);
297 /* nothing needs to do this more than twice in ten seconds i don't think */
298 if(count > 2)
299 close_conn(conn, WAIT_PLAIN, "Handshake flooding");
300 else
301 rb_ssl_clear_handshake_count(conn->mod_fd);
302 }
303 HASH_WALK_END}
304
305 static void
306 conn_mod_write_sendq(rb_fde_t *fd, void *data)
307 {
308 conn_t *conn = data;
309 const char *err;
310 int retlen;
311 if(IsDead(conn))
312 return;
313
314 if(IsSSLWWantsR(conn))
315 {
316 ClearSSLWWantsR(conn);
317 conn_mod_read_cb(conn->mod_fd, conn);
318 if(IsDead(conn))
319 return;
320 }
321
322 while((retlen = rb_rawbuf_flush(conn->modbuf_out, fd)) > 0)
323 conn->mod_out += retlen;
324
325 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
326 {
327 if(retlen == 0)
328 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
329 if(IsSSL(conn) && retlen == RB_RW_SSL_ERROR)
330 err = rb_get_ssl_strerror(conn->mod_fd);
331 else
332 err = strerror(errno);
333 close_conn(conn, WAIT_PLAIN, "Write error: %s", err);
334 return;
335 }
336 if(rb_rawbuf_length(conn->modbuf_out) > 0)
337 {
338 if(retlen != RB_RW_SSL_NEED_READ)
339 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_write_sendq, conn);
340 else
341 {
342 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_write_sendq, conn);
343 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
344 SetSSLWWantsR(conn);
345 }
346 }
347 else
348 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
349
350 if(IsCork(conn) && rb_rawbuf_length(conn->modbuf_out) == 0)
351 {
352 ClearCork(conn);
353 conn_plain_read_cb(conn->plain_fd, conn);
354 }
355
356 }
357
358 static void
359 conn_mod_write(conn_t * conn, void *data, size_t len)
360 {
361 if(IsDead(conn)) /* no point in queueing to a dead man */
362 return;
363 rb_rawbuf_append(conn->modbuf_out, data, len);
364 }
365
366 static void
367 conn_plain_write(conn_t * conn, void *data, size_t len)
368 {
369 if(IsDead(conn)) /* again no point in queueing to dead men */
370 return;
371 rb_rawbuf_append(conn->plainbuf_out, data, len);
372 }
373
374 static void
375 mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len)
376 {
377 mod_ctl_buf_t *ctl_buf;
378 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
379 ctl_buf->buf = rb_malloc(len);
380 ctl_buf->buflen = len;
381 memcpy(ctl_buf->buf, data, len);
382 ctl_buf->nfds = 0;
383 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->writeq);
384 mod_write_ctl(ctl->F, ctl);
385 }
386
387 #ifdef HAVE_LIBZ
388 static void
389 common_zlib_deflate(conn_t * conn, void *buf, size_t len)
390 {
391 char outbuf[READBUF_SIZE];
392 int ret, have;
393 z_stream *outstream = &((zlib_stream_t *) conn->stream)->outstream;
394 outstream->next_in = buf;
395 outstream->avail_in = len;
396 outstream->next_out = (Bytef *) outbuf;
397 outstream->avail_out = sizeof(outbuf);
398
399 ret = deflate(outstream, Z_SYNC_FLUSH);
400 if(ret != Z_OK)
401 {
402 /* deflate error */
403 close_conn(conn, WAIT_PLAIN, "Deflate failed: %s", zError(ret));
404 return;
405 }
406 if(outstream->avail_out == 0)
407 {
408 /* avail_out empty */
409 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_out == 0");
410 return;
411 }
412 if(outstream->avail_in != 0)
413 {
414 /* avail_in isn't empty... */
415 close_conn(conn, WAIT_PLAIN, "error compressing data, avail_in != 0");
416 return;
417 }
418 have = sizeof(outbuf) - outstream->avail_out;
419 conn_mod_write(conn, outbuf, have);
420 }
421
422 static void
423 common_zlib_inflate(conn_t * conn, void *buf, size_t len)
424 {
425 char outbuf[READBUF_SIZE];
426 int ret, have = 0;
427 ((zlib_stream_t *) conn->stream)->instream.next_in = buf;
428 ((zlib_stream_t *) conn->stream)->instream.avail_in = len;
429 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
430 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
431
432 while(((zlib_stream_t *) conn->stream)->instream.avail_in)
433 {
434 ret = inflate(&((zlib_stream_t *) conn->stream)->instream, Z_NO_FLUSH);
435 if(ret != Z_OK)
436 {
437 if(!strncmp("ERROR ", buf, 6))
438 {
439 close_conn(conn, WAIT_PLAIN, "Received uncompressed ERROR");
440 return;
441 }
442 close_conn(conn, WAIT_PLAIN, "Inflate failed: %s", zError(ret));
443 return;
444 }
445 have = sizeof(outbuf) - ((zlib_stream_t *) conn->stream)->instream.avail_out;
446
447 if(((zlib_stream_t *) conn->stream)->instream.avail_in)
448 {
449 conn_plain_write(conn, outbuf, have);
450 have = 0;
451 ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
452 ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
453 }
454 }
455 if(have == 0)
456 return;
457
458 conn_plain_write(conn, outbuf, have);
459 }
460 #endif
461
462 static bool
463 plain_check_cork(conn_t * conn)
464 {
465 if(rb_rawbuf_length(conn->modbuf_out) >= 4096)
466 {
467 /* if we have over 4k pending outbound, don't read until
468 * we've cleared the queue */
469 SetCork(conn);
470 rb_setselect(conn->plain_fd, RB_SELECT_READ, NULL, NULL);
471 /* try to write */
472 conn_mod_write_sendq(conn->mod_fd, conn);
473 return true;
474 }
475 return false;
476 }
477
478
479 static void
480 conn_plain_read_cb(rb_fde_t *fd, void *data)
481 {
482 char inbuf[READBUF_SIZE];
483 conn_t *conn = data;
484 int length = 0;
485 if(conn == NULL)
486 return;
487
488 if(IsDead(conn))
489 return;
490
491 if(plain_check_cork(conn))
492 return;
493
494 while(1)
495 {
496 if(IsDead(conn))
497 return;
498
499 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
500
501 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
502 {
503 close_conn(conn, NO_WAIT, NULL);
504 return;
505 }
506
507 if(length < 0)
508 {
509 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_cb, conn);
510 conn_mod_write_sendq(conn->mod_fd, conn);
511 return;
512 }
513 conn->plain_in += length;
514
515 #ifdef HAVE_LIBZ
516 if(IsZip(conn))
517 common_zlib_deflate(conn, inbuf, length);
518 else
519 #endif
520 conn_mod_write(conn, inbuf, length);
521 if(IsDead(conn))
522 return;
523 if(plain_check_cork(conn))
524 return;
525 }
526 }
527
528 static void
529 conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data)
530 {
531 char inbuf[READBUF_SIZE];
532 conn_t *conn = data;
533 int length = 0;
534
535 if(conn == NULL)
536 return;
537
538 while(1)
539 {
540 length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
541
542 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
543 {
544 rb_close(conn->plain_fd);
545 rb_dlinkAdd(conn, &conn->node, &dead_list);
546 return;
547 }
548
549 if(length < 0)
550 {
551 rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
552 return;
553 }
554 }
555 }
556
557 static void
558 conn_mod_read_cb(rb_fde_t *fd, void *data)
559 {
560 char inbuf[READBUF_SIZE];
561 conn_t *conn = data;
562 const char *err = remote_closed;
563 int length;
564 if(conn == NULL)
565 return;
566 if(IsDead(conn))
567 return;
568
569 if(IsSSLRWantsW(conn))
570 {
571 ClearSSLRWantsW(conn);
572 conn_mod_write_sendq(conn->mod_fd, conn);
573 if(IsDead(conn))
574 return;
575 }
576
577 while(1)
578 {
579 if(IsDead(conn))
580 return;
581
582 length = rb_read(conn->mod_fd, inbuf, sizeof(inbuf));
583
584 if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
585 {
586 if(length == 0)
587 {
588 close_conn(conn, WAIT_PLAIN, "%s", remote_closed);
589 return;
590 }
591
592 if(IsSSL(conn) && length == RB_RW_SSL_ERROR)
593 err = rb_get_ssl_strerror(conn->mod_fd);
594 else
595 err = strerror(errno);
596 close_conn(conn, WAIT_PLAIN, "Read error: %s", err);
597 return;
598 }
599 if(length < 0)
600 {
601 if(length != RB_RW_SSL_NEED_WRITE)
602 rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_read_cb, conn);
603 else
604 {
605 rb_setselect(conn->mod_fd, RB_SELECT_READ, NULL, NULL);
606 rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_read_cb, conn);
607 SetSSLRWantsW(conn);
608 }
609 conn_plain_write_sendq(conn->plain_fd, conn);
610 return;
611 }
612 conn->mod_in += length;
613 #ifdef HAVE_LIBZ
614 if(IsZip(conn))
615 common_zlib_inflate(conn, inbuf, length);
616 else
617 #endif
618 conn_plain_write(conn, inbuf, length);
619 }
620 }
621
622 static void
623 conn_plain_write_sendq(rb_fde_t *fd, void *data)
624 {
625 conn_t *conn = data;
626 int retlen;
627
628 if(IsDead(conn))
629 return;
630
631 while((retlen = rb_rawbuf_flush(conn->plainbuf_out, fd)) > 0)
632 {
633 conn->plain_out += retlen;
634 }
635 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
636 {
637 close_conn(data, NO_WAIT, NULL);
638 return;
639 }
640
641
642 if(rb_rawbuf_length(conn->plainbuf_out) > 0)
643 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, conn_plain_write_sendq, conn);
644 else
645 rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
646 }
647
648 static int
649 maxconn(void)
650 {
651 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
652 struct rlimit limit;
653
654 if(!getrlimit(RLIMIT_NOFILE, &limit))
655 {
656 return limit.rlim_cur;
657 }
658 #endif /* RLIMIT_FD_MAX */
659 return MAXCONNECTIONS;
660 }
661
662 static void
663 ssl_send_cipher(conn_t *conn)
664 {
665 size_t len;
666 uint8_t buf[512];
667 char cstring[256];
668 const char *p;
669 if(!IsSSL(conn))
670 return;
671
672 p = rb_ssl_get_cipher(conn->mod_fd);
673
674 if(p == NULL)
675 return;
676
677 rb_strlcpy(cstring, p, sizeof(cstring));
678
679 buf[0] = 'C';
680 uint32_to_buf(&buf[1], conn->id);
681 strcpy((char *) &buf[5], cstring);
682 len = (strlen(cstring) + 1) + 5;
683 mod_cmd_write_queue(conn->ctl, buf, len);
684 }
685
686 static void
687 ssl_send_certfp(conn_t *conn)
688 {
689 uint8_t buf[9 + RB_SSL_CERTFP_LEN];
690
691 int len = rb_get_ssl_certfp(conn->mod_fd, &buf[9], certfp_method);
692 if (!len)
693 return;
694
695 lrb_assert(len <= RB_SSL_CERTFP_LEN);
696 buf[0] = 'F';
697 uint32_to_buf(&buf[1], conn->id);
698 uint32_to_buf(&buf[5], len);
699 mod_cmd_write_queue(conn->ctl, buf, 9 + len);
700 }
701
702 static void
703 ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
704 {
705 conn_t *conn = data;
706
707 if(status == RB_OK)
708 {
709 conn_mod_read_cb(conn->mod_fd, conn);
710 conn_plain_read_cb(conn->plain_fd, conn);
711 ssl_send_cipher(conn);
712 ssl_send_certfp(conn);
713 return;
714 }
715 /* ircd doesn't care about the reason for this */
716 close_conn(conn, NO_WAIT, 0);
717 return;
718 }
719
720 static void
721 ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
722 {
723 conn_t *conn = data;
724
725 if(status == RB_OK)
726 {
727 conn_mod_read_cb(conn->mod_fd, conn);
728 conn_plain_read_cb(conn->plain_fd, conn);
729 ssl_send_cipher(conn);
730 ssl_send_certfp(conn);
731 }
732 else if(status == RB_ERR_TIMEOUT)
733 close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
734 else if(status == RB_ERROR_SSL)
735 close_conn(conn, WAIT_PLAIN, "%s", rb_get_ssl_strerror(conn->mod_fd));
736 else
737 close_conn(conn, WAIT_PLAIN, "SSL handshake failed");
738 }
739
740
741 static void
742 cleanup_bad_message(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
743 {
744 int i;
745
746 /* XXX should log this somehow */
747 for (i = 0; i < ctlb->nfds; i++)
748 rb_close(ctlb->F[i]);
749 }
750
751 static void
752 ssl_process_accept(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
753 {
754 conn_t *conn;
755 uint32_t id;
756
757 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
758
759 id = buf_to_uint32(&ctlb->buf[1]);
760 conn_add_id_hash(conn, id);
761 SetSSL(conn);
762
763 if(rb_get_type(conn->mod_fd) & RB_FD_UNKNOWN)
764 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
765
766 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
767 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
768
769 rb_ssl_start_accepted(ctlb->F[0], ssl_process_accept_cb, conn, 10);
770 }
771
772 static void
773 ssl_change_certfp_method(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
774 {
775 certfp_method = buf_to_uint32(&ctlb->buf[1]);
776 }
777
778 static void
779 ssl_process_connect(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
780 {
781 conn_t *conn;
782 uint32_t id;
783 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
784
785 id = buf_to_uint32(&ctlb->buf[1]);
786 conn_add_id_hash(conn, id);
787 SetSSL(conn);
788
789 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
790 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
791
792 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
793 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
794
795
796 rb_ssl_start_connected(ctlb->F[0], ssl_process_connect_cb, conn, 10);
797 }
798
799 static void
800 process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
801 {
802 char outstat[512];
803 conn_t *conn;
804 uint8_t *odata;
805 uint32_t id;
806
807 id = buf_to_uint32(&ctlb->buf[1]);
808
809 odata = &ctlb->buf[5];
810 conn = conn_find_by_id(id);
811
812 if(conn == NULL)
813 return;
814
815 snprintf(outstat, sizeof(outstat), "S %s %llu %llu %llu %llu", odata,
816 (unsigned long long)conn->plain_out,
817 (unsigned long long)conn->mod_in,
818 (unsigned long long)conn->plain_in,
819 (unsigned long long)conn->mod_out);
820 conn->plain_out = 0;
821 conn->plain_in = 0;
822 conn->mod_in = 0;
823 conn->mod_out = 0;
824 mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */
825 }
826
827 static void
828 change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
829 {
830 uint32_t id = buf_to_uint32(&ctlb->buf[1]);
831 uint32_t newid = buf_to_uint32(&ctlb->buf[5]);
832 conn_t *conn = conn_find_by_id(id);
833 lrb_assert(conn != NULL);
834 if(conn == NULL)
835 {
836 uint8_t buf[256];
837 int len;
838
839 buf[0] = 'D';
840 uint32_to_buf(&buf[1], newid);
841 sprintf((char *) &buf[5], "connid %d does not exist", id);
842 len = (strlen((char *) &buf[5]) + 1) + 5;
843 mod_cmd_write_queue(ctl, buf, len);
844
845 return;
846 }
847 rb_dlinkDelete(&conn->node, connid_hash(conn->id));
848 SetZipSSL(conn);
849 conn->id = newid;
850 }
851
852 #ifdef HAVE_LIBZ
853 static void
854 zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
855 {
856 uint8_t level;
857 size_t recvqlen;
858 size_t hdr = (sizeof(uint8_t) * 2) + sizeof(uint32_t);
859 void *recvq_start;
860 z_stream *instream, *outstream;
861 conn_t *conn;
862 uint32_t id;
863
864 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
865 if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
866 rb_set_type(conn->mod_fd, RB_FD_SOCKET);
867
868 if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
869 rb_set_type(conn->plain_fd, RB_FD_SOCKET);
870
871 id = buf_to_uint32(&ctlb->buf[1]);
872 conn_add_id_hash(conn, id);
873
874 level = (uint8_t)ctlb->buf[5];
875
876 recvqlen = ctlb->buflen - hdr;
877 recvq_start = &ctlb->buf[6];
878
879 SetZip(conn);
880 conn->stream = rb_malloc(sizeof(zlib_stream_t));
881 instream = &((zlib_stream_t *) conn->stream)->instream;
882 outstream = &((zlib_stream_t *) conn->stream)->outstream;
883
884 instream->total_in = 0;
885 instream->total_out = 0;
886 instream->zalloc = (alloc_func) ssld_alloc;
887 instream->zfree = (free_func) ssld_free;
888 instream->data_type = Z_ASCII;
889 inflateInit(&((zlib_stream_t *) conn->stream)->instream);
890
891 outstream->total_in = 0;
892 outstream->total_out = 0;
893 outstream->zalloc = (alloc_func) ssld_alloc;
894 outstream->zfree = (free_func) ssld_free;
895 outstream->data_type = Z_ASCII;
896
897 if(level > 9)
898 level = (uint8_t) Z_DEFAULT_COMPRESSION;
899
900 deflateInit(&((zlib_stream_t *) conn->stream)->outstream, level);
901 if(recvqlen > 0)
902 common_zlib_inflate(conn, recvq_start, recvqlen);
903
904 conn_mod_read_cb(conn->mod_fd, conn);
905 conn_plain_read_cb(conn->plain_fd, conn);
906 return;
907
908 }
909 #endif
910
911 static void
912 init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
913 {
914 char *path;
915 prng_seed_t seed_type;
916
917 seed_type = (prng_seed_t) ctl_buf->buf[1];
918 path = (char *) &ctl_buf->buf[2];
919 rb_init_prng(path, seed_type);
920 }
921
922
923 static void
924 ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
925 {
926 char *buf;
927 char *cert, *key, *dhparam, *cipher_list;
928
929 buf = (char *) &ctl_buf->buf[2];
930 cert = buf;
931 buf += strlen(cert) + 1;
932 key = buf;
933 buf += strlen(key) + 1;
934 dhparam = buf;
935 if(strlen(dhparam) == 0)
936 dhparam = NULL;
937 buf += strlen(dhparam) + 1;
938 cipher_list = buf;
939 if(strlen(cipher_list) == 0)
940 cipher_list = NULL;
941
942 if(!rb_setup_ssl_server(cert, key, dhparam, cipher_list))
943 {
944 const char *invalid = "I";
945 mod_cmd_write_queue(ctl, invalid, strlen(invalid));
946 return;
947 }
948 }
949
950 static void
951 send_nossl_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
952 {
953 static const char *nossl_cmd = "N";
954 conn_t *conn;
955 uint32_t id;
956
957 if(ctlb != NULL)
958 {
959 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
960 id = buf_to_uint32(&ctlb->buf[1]);
961 conn_add_id_hash(conn, id);
962 close_conn(conn, WAIT_PLAIN, "libratbox reports no SSL/TLS support");
963 }
964 mod_cmd_write_queue(ctl, nossl_cmd, strlen(nossl_cmd));
965 }
966
967 static void
968 send_i_am_useless(mod_ctl_t * ctl)
969 {
970 static const char *useless = "U";
971 mod_cmd_write_queue(ctl, useless, strlen(useless));
972 }
973
974 static void
975 send_version(mod_ctl_t * ctl)
976 {
977 char version[256] = { 'V', 0 };
978 strncpy(&version[1], rb_lib_version(), sizeof(version) - 2);
979 mod_cmd_write_queue(ctl, version, strlen(version));
980 }
981
982 static void
983 send_nozlib_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
984 {
985 static const char *nozlib_cmd = "z";
986 conn_t *conn;
987 uint32_t id;
988 if(ctlb != NULL)
989 {
990 conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
991 id = buf_to_uint32(&ctlb->buf[1]);
992 conn_add_id_hash(conn, id);
993 close_conn(conn, WAIT_PLAIN, "libratbox reports no zlib support");
994 }
995 mod_cmd_write_queue(ctl, nozlib_cmd, strlen(nozlib_cmd));
996 }
997
998 static void
999 mod_process_cmd_recv(mod_ctl_t * ctl)
1000 {
1001 rb_dlink_node *ptr, *next;
1002 mod_ctl_buf_t *ctl_buf;
1003
1004 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->readq.head)
1005 {
1006 ctl_buf = ptr->data;
1007
1008 switch (*ctl_buf->buf)
1009 {
1010 case 'A':
1011 {
1012 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
1013 {
1014 cleanup_bad_message(ctl, ctl_buf);
1015 break;
1016 }
1017
1018 if(!ssld_ssl_ok)
1019 {
1020 send_nossl_support(ctl, ctl_buf);
1021 break;
1022 }
1023 ssl_process_accept(ctl, ctl_buf);
1024 break;
1025 }
1026 case 'C':
1027 {
1028 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
1029 {
1030 cleanup_bad_message(ctl, ctl_buf);
1031 break;
1032 }
1033
1034 if(!ssld_ssl_ok)
1035 {
1036 send_nossl_support(ctl, ctl_buf);
1037 break;
1038 }
1039 ssl_process_connect(ctl, ctl_buf);
1040 break;
1041 }
1042 case 'F':
1043 {
1044 if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
1045 {
1046 cleanup_bad_message(ctl, ctl_buf);
1047 break;
1048 }
1049 ssl_change_certfp_method(ctl, ctl_buf);
1050 break;
1051 }
1052 case 'K':
1053 {
1054 if(!ssld_ssl_ok)
1055 {
1056 send_nossl_support(ctl, ctl_buf);
1057 break;
1058 }
1059 ssl_new_keys(ctl, ctl_buf);
1060 break;
1061 }
1062 case 'I':
1063 init_prng(ctl, ctl_buf);
1064 break;
1065 case 'S':
1066 {
1067 process_stats(ctl, ctl_buf);
1068 break;
1069 }
1070
1071 #ifdef HAVE_LIBZ
1072 case 'Z':
1073 {
1074 if (ctl_buf->nfds != 2 || ctl_buf->buflen < 6)
1075 {
1076 cleanup_bad_message(ctl, ctl_buf);
1077 break;
1078 }
1079
1080 /* just zlib only */
1081 zlib_process(ctl, ctl_buf);
1082 break;
1083 }
1084 #else
1085
1086 case 'Z':
1087 send_nozlib_support(ctl, ctl_buf);
1088 break;
1089
1090 #endif
1091 default:
1092 break;
1093 /* Log unknown commands */
1094 }
1095 rb_dlinkDelete(ptr, &ctl->readq);
1096 rb_free(ctl_buf->buf);
1097 rb_free(ctl_buf);
1098 }
1099
1100 }
1101
1102
1103
1104 static void
1105 mod_read_ctl(rb_fde_t *F, void *data)
1106 {
1107 mod_ctl_buf_t *ctl_buf;
1108 mod_ctl_t *ctl = data;
1109 int retlen;
1110 int i;
1111
1112 do
1113 {
1114 ctl_buf = rb_malloc(sizeof(mod_ctl_buf_t));
1115 ctl_buf->buf = rb_malloc(READBUF_SIZE);
1116 ctl_buf->buflen = READBUF_SIZE;
1117 retlen = rb_recv_fd_buf(ctl->F, ctl_buf->buf, ctl_buf->buflen, ctl_buf->F,
1118 MAXPASSFD);
1119 if(retlen <= 0)
1120 {
1121 rb_free(ctl_buf->buf);
1122 rb_free(ctl_buf);
1123 }
1124 else
1125 {
1126 ctl_buf->buflen = retlen;
1127 rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->readq);
1128 for (i = 0; i < MAXPASSFD && ctl_buf->F[i] != NULL; i++)
1129 ;
1130 ctl_buf->nfds = i;
1131 }
1132 }
1133 while(retlen > 0);
1134
1135 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1136 exit(0);
1137
1138 mod_process_cmd_recv(ctl);
1139 rb_setselect(ctl->F, RB_SELECT_READ, mod_read_ctl, ctl);
1140 }
1141
1142 static void
1143 mod_write_ctl(rb_fde_t *F, void *data)
1144 {
1145 mod_ctl_t *ctl = data;
1146 mod_ctl_buf_t *ctl_buf;
1147 rb_dlink_node *ptr, *next;
1148 int retlen, x;
1149
1150 RB_DLINK_FOREACH_SAFE(ptr, next, ctl->writeq.head)
1151 {
1152 ctl_buf = ptr->data;
1153 retlen = rb_send_fd_buf(ctl->F, ctl_buf->F, ctl_buf->nfds, ctl_buf->buf,
1154 ctl_buf->buflen, ppid);
1155 if(retlen > 0)
1156 {
1157 rb_dlinkDelete(ptr, &ctl->writeq);
1158 for(x = 0; x < ctl_buf->nfds; x++)
1159 rb_close(ctl_buf->F[x]);
1160 rb_free(ctl_buf->buf);
1161 rb_free(ctl_buf);
1162
1163 }
1164 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1165 exit(0);
1166
1167 }
1168 if(rb_dlink_list_length(&ctl->writeq) > 0)
1169 rb_setselect(ctl->F, RB_SELECT_WRITE, mod_write_ctl, ctl);
1170 }
1171
1172
1173 static void
1174 read_pipe_ctl(rb_fde_t *F, void *data)
1175 {
1176 char inbuf[READBUF_SIZE];
1177 int retlen;
1178 while((retlen = rb_read(F, inbuf, sizeof(inbuf))) > 0)
1179 {
1180 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1181 }
1182 if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
1183 exit(0);
1184 rb_setselect(F, RB_SELECT_READ, read_pipe_ctl, NULL);
1185
1186 }
1187
1188 int
1189 main(int argc, char **argv)
1190 {
1191 const char *s_ctlfd, *s_pipe, *s_pid;
1192 int ctlfd, pipefd, x, maxfd;
1193 maxfd = maxconn();
1194
1195 s_ctlfd = getenv("CTL_FD");
1196 s_pipe = getenv("CTL_PIPE");
1197 s_pid = getenv("CTL_PPID");
1198
1199 if(s_ctlfd == NULL || s_pipe == NULL || s_pid == NULL)
1200 {
1201 fprintf(stderr,
1202 "This is the charybdis ssld for internal ircd use.\n");
1203 fprintf(stderr,
1204 "You aren't supposed to run me directly. Exiting.\n");
1205 exit(1);
1206 }
1207
1208 ctlfd = atoi(s_ctlfd);
1209 pipefd = atoi(s_pipe);
1210 ppid = atoi(s_pid);
1211 x = 0;
1212 #ifndef _WIN32
1213 for(x = 0; x < maxfd; x++)
1214 {
1215 if(x != ctlfd && x != pipefd && x > 2)
1216 close(x);
1217 }
1218 x = open("/dev/null", O_RDWR);
1219
1220 if(x >= 0)
1221 {
1222 if(ctlfd != 0 && pipefd != 0)
1223 dup2(x, 0);
1224 if(ctlfd != 1 && pipefd != 1)
1225 dup2(x, 1);
1226 if(ctlfd != 2 && pipefd != 2)
1227 dup2(x, 2);
1228 if(x > 2)
1229 close(x);
1230 }
1231 #endif
1232 setup_signals();
1233 rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096);
1234 rb_init_rawbuffers(1024);
1235 ssld_ssl_ok = rb_supports_ssl();
1236 mod_ctl = rb_malloc(sizeof(mod_ctl_t));
1237 mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket");
1238 mod_ctl->F_pipe = rb_open(pipefd, RB_FD_PIPE, "ircd pipe");
1239 rb_set_nb(mod_ctl->F);
1240 rb_set_nb(mod_ctl->F_pipe);
1241 rb_event_addish("clean_dead_conns", clean_dead_conns, NULL, 10);
1242 rb_event_add("check_handshake_flood", check_handshake_flood, NULL, 10);
1243 read_pipe_ctl(mod_ctl->F_pipe, NULL);
1244 mod_read_ctl(mod_ctl->F, mod_ctl);
1245 send_version(mod_ctl);
1246 if(!zlib_ok && !ssld_ssl_ok)
1247 {
1248 /* this is really useless... */
1249 send_i_am_useless(mod_ctl);
1250 /* sleep until the ircd kills us */
1251 rb_sleep(2 << 30, 0);
1252 exit(1);
1253 }
1254
1255 if(!zlib_ok)
1256 send_nozlib_support(mod_ctl, NULL);
1257 if(!ssld_ssl_ok)
1258 send_nossl_support(mod_ctl, NULL);
1259 rb_lib_loop(0);
1260 return 0;
1261 }
1262
1263
1264 #ifndef _WIN32
1265 static void
1266 dummy_handler(int sig)
1267 {
1268 return;
1269 }
1270 #endif
1271
1272 static void
1273 setup_signals()
1274 {
1275 #ifndef _WIN32
1276 struct sigaction act;
1277
1278 act.sa_flags = 0;
1279 act.sa_handler = SIG_IGN;
1280 sigemptyset(&act.sa_mask);
1281 sigaddset(&act.sa_mask, SIGPIPE);
1282 sigaddset(&act.sa_mask, SIGALRM);
1283 #ifdef SIGTRAP
1284 sigaddset(&act.sa_mask, SIGTRAP);
1285 #endif
1286
1287 #ifdef SIGWINCH
1288 sigaddset(&act.sa_mask, SIGWINCH);
1289 sigaction(SIGWINCH, &act, 0);
1290 #endif
1291 sigaction(SIGPIPE, &act, 0);
1292 #ifdef SIGTRAP
1293 sigaction(SIGTRAP, &act, 0);
1294 #endif
1295
1296 act.sa_handler = dummy_handler;
1297 sigaction(SIGALRM, &act, 0);
1298 #endif
1299 }
Fork of solanum ircd, history is rebased regularly