2 * ssld.c: The ircd-ratbox ssl/zlib helper daemon thingy
3 * Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
4 * Copyright (C) 2007 ircd-ratbox development team
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
31 #define READBUF_SIZE 16384
34 static void setup_signals(void);
37 static inline uint32_t
38 buf_to_uint32(uint8_t *buf
)
41 memcpy(&x
, buf
, sizeof(x
));
46 uint32_to_buf(uint8_t *buf
, uint32_t x
)
48 memcpy(buf
, &x
, sizeof(x
));
52 typedef struct _mod_ctl_buf
57 rb_fde_t
*F
[MAXPASSFD
];
61 typedef struct _mod_ctl
71 static mod_ctl_t
*mod_ctl
;
75 typedef struct _zlib_stream
86 rawbuf_head_t
*modbuf_out
;
87 rawbuf_head_t
*plainbuf_out
;
101 #define FLAG_SSL 0x01
102 #define FLAG_ZIP 0x02
103 #define FLAG_CORK 0x04
104 #define FLAG_DEAD 0x08
105 #define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
106 #define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
107 #define FLAG_ZIPSSL 0x40
109 #define IsSSL(x) ((x)->flags & FLAG_SSL)
110 #define IsZip(x) ((x)->flags & FLAG_ZIP)
111 #define IsCork(x) ((x)->flags & FLAG_CORK)
112 #define IsDead(x) ((x)->flags & FLAG_DEAD)
113 #define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
114 #define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
115 #define IsZipSSL(x) ((x)->flags & FLAG_ZIPSSL)
117 #define SetSSL(x) ((x)->flags |= FLAG_SSL)
118 #define SetZip(x) ((x)->flags |= FLAG_ZIP)
119 #define SetCork(x) ((x)->flags |= FLAG_CORK)
120 #define SetDead(x) ((x)->flags |= FLAG_DEAD)
121 #define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
122 #define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
124 #define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
125 #define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
126 #define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
129 #define WAIT_PLAIN 0x1
131 #define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
132 #define HASH_WALK_END }
133 #define CONN_HASH_SIZE 2000
134 #define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
138 static rb_dlink_list connid_hash_table
[CONN_HASH_SIZE
];
139 static rb_dlink_list dead_list
;
141 static void conn_mod_read_cb(rb_fde_t
*fd
, void *data
);
142 static void conn_mod_write_sendq(rb_fde_t
*, void *data
);
143 static void conn_plain_write_sendq(rb_fde_t
*, void *data
);
144 static void mod_write_ctl(rb_fde_t
*, void *data
);
145 static void conn_plain_read_cb(rb_fde_t
*fd
, void *data
);
146 static void conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
);
147 static void mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
);
148 static const char *remote_closed
= "Remote host closed the connection";
149 static bool ssld_ssl_ok
;
150 static int certfp_method
= RB_SSL_CERTFP_METH_CERT_SHA1
;
152 static bool zlib_ok
= true;
154 static bool zlib_ok
= false;
160 ssld_alloc(void *unused
, size_t count
, size_t size
)
162 return rb_malloc(count
* size
);
166 ssld_free(void *unused
, void *ptr
)
173 conn_find_by_id(uint32_t id
)
178 RB_DLINK_FOREACH(ptr
, (connid_hash(id
))->head
)
181 if(conn
->id
== id
&& !IsDead(conn
))
188 conn_add_id_hash(conn_t
* conn
, uint32_t id
)
191 rb_dlinkAdd(conn
, &conn
->node
, connid_hash(id
));
195 free_conn(conn_t
* conn
)
197 rb_free_rawbuffer(conn
->modbuf_out
);
198 rb_free_rawbuffer(conn
->plainbuf_out
);
202 zlib_stream_t
*stream
= conn
->stream
;
203 inflateEnd(&stream
->instream
);
204 deflateEnd(&stream
->outstream
);
212 clean_dead_conns(void *unused
)
215 rb_dlink_node
*ptr
, *next
;
216 RB_DLINK_FOREACH_SAFE(ptr
, next
, dead_list
.head
)
221 dead_list
.tail
= dead_list
.head
= NULL
;
226 close_conn(conn_t
* conn
, int wait_plain
, const char *fmt
, ...)
229 char reason
[128]; /* must always be under 250 bytes */
235 rb_rawbuf_flush(conn
->modbuf_out
, conn
->mod_fd
);
236 rb_rawbuf_flush(conn
->plainbuf_out
, conn
->plain_fd
);
237 rb_close(conn
->mod_fd
);
241 rb_dlinkDelete(&conn
->node
, connid_hash(conn
->id
));
243 if(!wait_plain
|| fmt
== NULL
)
245 rb_close(conn
->plain_fd
);
246 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
249 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
250 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
252 vsnprintf(reason
, sizeof(reason
), fmt
, ap
);
256 uint32_to_buf(&buf
[1], conn
->id
);
257 rb_strlcpy((char *) &buf
[5], reason
, sizeof(buf
) - 5);
258 len
= (strlen(reason
) + 1) + 5;
259 mod_cmd_write_queue(conn
->ctl
, buf
, len
);
263 make_conn(mod_ctl_t
* ctl
, rb_fde_t
*mod_fd
, rb_fde_t
*plain_fd
)
265 conn_t
*conn
= rb_malloc(sizeof(conn_t
));
267 conn
->modbuf_out
= rb_new_rawbuffer();
268 conn
->plainbuf_out
= rb_new_rawbuffer();
269 conn
->mod_fd
= mod_fd
;
270 conn
->plain_fd
= plain_fd
;
279 check_handshake_flood(void *unused
)
282 rb_dlink_node
*ptr
, *next
;
285 HASH_WALK_SAFE(i
, CONN_HASH_SIZE
, ptr
, next
, connid_hash_table
)
291 count
= rb_ssl_handshake_count(conn
->mod_fd
);
292 /* nothing needs to do this more than twice in ten seconds i don't think */
294 close_conn(conn
, WAIT_PLAIN
, "Handshake flooding");
296 rb_ssl_clear_handshake_count(conn
->mod_fd
);
301 conn_mod_write_sendq(rb_fde_t
*fd
, void *data
)
309 if(IsSSLWWantsR(conn
))
311 ClearSSLWWantsR(conn
);
312 conn_mod_read_cb(conn
->mod_fd
, conn
);
317 while((retlen
= rb_rawbuf_flush(conn
->modbuf_out
, fd
)) > 0)
318 conn
->mod_out
+= retlen
;
320 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
323 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
324 if(IsSSL(conn
) && retlen
== RB_RW_SSL_ERROR
)
325 err
= rb_get_ssl_strerror(conn
->mod_fd
);
327 err
= strerror(errno
);
328 close_conn(conn
, WAIT_PLAIN
, "Write error: %s", err
);
331 if(rb_rawbuf_length(conn
->modbuf_out
) > 0)
333 if(retlen
!= RB_RW_SSL_NEED_READ
)
334 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_write_sendq
, conn
);
337 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_write_sendq
, conn
);
338 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
343 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
345 if(IsCork(conn
) && rb_rawbuf_length(conn
->modbuf_out
) == 0)
348 conn_plain_read_cb(conn
->plain_fd
, conn
);
354 conn_mod_write(conn_t
* conn
, void *data
, size_t len
)
356 if(IsDead(conn
)) /* no point in queueing to a dead man */
358 rb_rawbuf_append(conn
->modbuf_out
, data
, len
);
362 conn_plain_write(conn_t
* conn
, void *data
, size_t len
)
364 if(IsDead(conn
)) /* again no point in queueing to dead men */
366 rb_rawbuf_append(conn
->plainbuf_out
, data
, len
);
370 mod_cmd_write_queue(mod_ctl_t
* ctl
, const void *data
, size_t len
)
372 mod_ctl_buf_t
*ctl_buf
;
373 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
374 ctl_buf
->buf
= rb_malloc(len
);
375 ctl_buf
->buflen
= len
;
376 memcpy(ctl_buf
->buf
, data
, len
);
378 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->writeq
);
379 mod_write_ctl(ctl
->F
, ctl
);
384 common_zlib_deflate(conn_t
* conn
, void *buf
, size_t len
)
386 char outbuf
[READBUF_SIZE
];
388 z_stream
*outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
389 outstream
->next_in
= buf
;
390 outstream
->avail_in
= len
;
391 outstream
->next_out
= (Bytef
*) outbuf
;
392 outstream
->avail_out
= sizeof(outbuf
);
394 ret
= deflate(outstream
, Z_SYNC_FLUSH
);
398 close_conn(conn
, WAIT_PLAIN
, "Deflate failed: %s", zError(ret
));
401 if(outstream
->avail_out
== 0)
403 /* avail_out empty */
404 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_out == 0");
407 if(outstream
->avail_in
!= 0)
409 /* avail_in isn't empty... */
410 close_conn(conn
, WAIT_PLAIN
, "error compressing data, avail_in != 0");
413 have
= sizeof(outbuf
) - outstream
->avail_out
;
414 conn_mod_write(conn
, outbuf
, have
);
418 common_zlib_inflate(conn_t
* conn
, void *buf
, size_t len
)
420 char outbuf
[READBUF_SIZE
];
422 ((zlib_stream_t
*) conn
->stream
)->instream
.next_in
= buf
;
423 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
= len
;
424 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
425 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
427 while(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
429 ret
= inflate(&((zlib_stream_t
*) conn
->stream
)->instream
, Z_NO_FLUSH
);
432 if(!strncmp("ERROR ", buf
, 6))
434 close_conn(conn
, WAIT_PLAIN
, "Received uncompressed ERROR");
437 close_conn(conn
, WAIT_PLAIN
, "Inflate failed: %s", zError(ret
));
440 have
= sizeof(outbuf
) - ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
;
442 if(((zlib_stream_t
*) conn
->stream
)->instream
.avail_in
)
444 conn_plain_write(conn
, outbuf
, have
);
446 ((zlib_stream_t
*) conn
->stream
)->instream
.next_out
= (Bytef
*) outbuf
;
447 ((zlib_stream_t
*) conn
->stream
)->instream
.avail_out
= sizeof(outbuf
);
453 conn_plain_write(conn
, outbuf
, have
);
458 plain_check_cork(conn_t
* conn
)
460 if(rb_rawbuf_length(conn
->modbuf_out
) >= 4096)
462 /* if we have over 4k pending outbound, don't read until
463 * we've cleared the queue */
465 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, NULL
, NULL
);
467 conn_mod_write_sendq(conn
->mod_fd
, conn
);
475 conn_plain_read_cb(rb_fde_t
*fd
, void *data
)
477 char inbuf
[READBUF_SIZE
];
486 if(plain_check_cork(conn
))
494 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
496 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
498 close_conn(conn
, NO_WAIT
, NULL
);
504 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_cb
, conn
);
505 conn_mod_write_sendq(conn
->mod_fd
, conn
);
508 conn
->plain_in
+= length
;
512 common_zlib_deflate(conn
, inbuf
, length
);
515 conn_mod_write(conn
, inbuf
, length
);
518 if(plain_check_cork(conn
))
524 conn_plain_read_shutdown_cb(rb_fde_t
*fd
, void *data
)
526 char inbuf
[READBUF_SIZE
];
535 length
= rb_read(conn
->plain_fd
, inbuf
, sizeof(inbuf
));
537 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
539 rb_close(conn
->plain_fd
);
540 rb_dlinkAdd(conn
, &conn
->node
, &dead_list
);
546 rb_setselect(conn
->plain_fd
, RB_SELECT_READ
, conn_plain_read_shutdown_cb
, conn
);
553 conn_mod_read_cb(rb_fde_t
*fd
, void *data
)
555 char inbuf
[READBUF_SIZE
];
557 const char *err
= remote_closed
;
564 if(IsSSLRWantsW(conn
))
566 ClearSSLRWantsW(conn
);
567 conn_mod_write_sendq(conn
->mod_fd
, conn
);
577 length
= rb_read(conn
->mod_fd
, inbuf
, sizeof(inbuf
));
579 if(length
== 0 || (length
< 0 && !rb_ignore_errno(errno
)))
583 close_conn(conn
, WAIT_PLAIN
, "%s", remote_closed
);
587 if(IsSSL(conn
) && length
== RB_RW_SSL_ERROR
)
588 err
= rb_get_ssl_strerror(conn
->mod_fd
);
590 err
= strerror(errno
);
591 close_conn(conn
, WAIT_PLAIN
, "Read error: %s", err
);
596 if(length
!= RB_RW_SSL_NEED_WRITE
)
597 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, conn_mod_read_cb
, conn
);
600 rb_setselect(conn
->mod_fd
, RB_SELECT_READ
, NULL
, NULL
);
601 rb_setselect(conn
->mod_fd
, RB_SELECT_WRITE
, conn_mod_read_cb
, conn
);
604 conn_plain_write_sendq(conn
->plain_fd
, conn
);
607 conn
->mod_in
+= length
;
610 common_zlib_inflate(conn
, inbuf
, length
);
613 conn_plain_write(conn
, inbuf
, length
);
618 conn_plain_write_sendq(rb_fde_t
*fd
, void *data
)
626 while((retlen
= rb_rawbuf_flush(conn
->plainbuf_out
, fd
)) > 0)
628 conn
->plain_out
+= retlen
;
630 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
632 close_conn(data
, NO_WAIT
, NULL
);
637 if(rb_rawbuf_length(conn
->plainbuf_out
) > 0)
638 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, conn_plain_write_sendq
, conn
);
640 rb_setselect(conn
->plain_fd
, RB_SELECT_WRITE
, NULL
, NULL
);
646 #if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
649 if(!getrlimit(RLIMIT_NOFILE
, &limit
))
651 return limit
.rlim_cur
;
653 #endif /* RLIMIT_FD_MAX */
654 return MAXCONNECTIONS
;
658 ssl_send_cipher(conn_t
*conn
)
667 p
= rb_ssl_get_cipher(conn
->mod_fd
);
672 rb_strlcpy(cstring
, p
, sizeof(cstring
));
675 uint32_to_buf(&buf
[1], conn
->id
);
676 strcpy((char *) &buf
[5], cstring
);
677 len
= (strlen(cstring
) + 1) + 5;
678 mod_cmd_write_queue(conn
->ctl
, buf
, len
);
682 ssl_send_certfp(conn_t
*conn
)
684 uint8_t buf
[13 + RB_SSL_CERTFP_LEN
];
686 int len
= rb_get_ssl_certfp(conn
->mod_fd
, &buf
[13], certfp_method
);
690 lrb_assert(len
<= RB_SSL_CERTFP_LEN
);
692 uint32_to_buf(&buf
[1], conn
->id
);
693 uint32_to_buf(&buf
[5], certfp_method
);
694 uint32_to_buf(&buf
[9], len
);
695 mod_cmd_write_queue(conn
->ctl
, buf
, 13 + len
);
699 ssl_send_open(conn_t
*conn
)
704 uint32_to_buf(&buf
[1], conn
->id
);
705 mod_cmd_write_queue(conn
->ctl
, buf
, 5);
709 ssl_process_accept_cb(rb_fde_t
*F
, int status
, struct sockaddr
*addr
, rb_socklen_t len
, void *data
)
715 ssl_send_cipher(conn
);
716 ssl_send_certfp(conn
);
718 conn_mod_read_cb(conn
->mod_fd
, conn
);
719 conn_plain_read_cb(conn
->plain_fd
, conn
);
722 /* ircd doesn't care about the reason for this */
723 close_conn(conn
, NO_WAIT
, 0);
728 ssl_process_connect_cb(rb_fde_t
*F
, int status
, void *data
)
734 ssl_send_cipher(conn
);
735 ssl_send_certfp(conn
);
737 conn_mod_read_cb(conn
->mod_fd
, conn
);
738 conn_plain_read_cb(conn
->plain_fd
, conn
);
740 else if(status
== RB_ERR_TIMEOUT
)
741 close_conn(conn
, WAIT_PLAIN
, "SSL handshake timed out");
742 else if(status
== RB_ERROR_SSL
)
743 close_conn(conn
, WAIT_PLAIN
, "%s", rb_get_ssl_strerror(conn
->mod_fd
));
745 close_conn(conn
, WAIT_PLAIN
, "SSL handshake failed");
750 cleanup_bad_message(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
754 /* XXX should log this somehow */
755 for (i
= 0; i
< ctlb
->nfds
; i
++)
756 rb_close(ctlb
->F
[i
]);
760 ssl_process_accept(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
765 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
767 id
= buf_to_uint32(&ctlb
->buf
[1]);
768 conn_add_id_hash(conn
, id
);
771 if(rb_get_type(conn
->mod_fd
) & RB_FD_UNKNOWN
)
772 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
774 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
775 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
777 rb_ssl_start_accepted(ctlb
->F
[0], ssl_process_accept_cb
, conn
, 10);
781 ssl_change_certfp_method(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
783 certfp_method
= buf_to_uint32(&ctlb
->buf
[1]);
787 ssl_process_connect(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
791 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
793 id
= buf_to_uint32(&ctlb
->buf
[1]);
794 conn_add_id_hash(conn
, id
);
797 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
798 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
800 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
801 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
804 rb_ssl_start_connected(ctlb
->F
[0], ssl_process_connect_cb
, conn
, 10);
808 process_stats(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
815 id
= buf_to_uint32(&ctlb
->buf
[1]);
817 odata
= &ctlb
->buf
[5];
818 conn
= conn_find_by_id(id
);
823 snprintf(outstat
, sizeof(outstat
), "S %s %llu %llu %llu %llu", odata
,
824 (unsigned long long)conn
->plain_out
,
825 (unsigned long long)conn
->mod_in
,
826 (unsigned long long)conn
->plain_in
,
827 (unsigned long long)conn
->mod_out
);
832 mod_cmd_write_queue(ctl
, outstat
, strlen(outstat
) + 1); /* +1 is so we send the \0 as well */
837 zlib_process(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
841 size_t hdr
= (sizeof(uint8_t) * 2) + sizeof(uint32_t);
843 z_stream
*instream
, *outstream
;
847 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
848 if(rb_get_type(conn
->mod_fd
) == RB_FD_UNKNOWN
)
849 rb_set_type(conn
->mod_fd
, RB_FD_SOCKET
);
851 if(rb_get_type(conn
->plain_fd
) == RB_FD_UNKNOWN
)
852 rb_set_type(conn
->plain_fd
, RB_FD_SOCKET
);
854 id
= buf_to_uint32(&ctlb
->buf
[1]);
855 conn_add_id_hash(conn
, id
);
857 level
= (uint8_t)ctlb
->buf
[5];
859 recvqlen
= ctlb
->buflen
- hdr
;
860 recvq_start
= &ctlb
->buf
[6];
863 conn
->stream
= rb_malloc(sizeof(zlib_stream_t
));
864 instream
= &((zlib_stream_t
*) conn
->stream
)->instream
;
865 outstream
= &((zlib_stream_t
*) conn
->stream
)->outstream
;
867 instream
->total_in
= 0;
868 instream
->total_out
= 0;
869 instream
->zalloc
= (alloc_func
) ssld_alloc
;
870 instream
->zfree
= (free_func
) ssld_free
;
871 instream
->data_type
= Z_ASCII
;
872 inflateInit(&((zlib_stream_t
*) conn
->stream
)->instream
);
874 outstream
->total_in
= 0;
875 outstream
->total_out
= 0;
876 outstream
->zalloc
= (alloc_func
) ssld_alloc
;
877 outstream
->zfree
= (free_func
) ssld_free
;
878 outstream
->data_type
= Z_ASCII
;
881 level
= (uint8_t) Z_DEFAULT_COMPRESSION
;
883 deflateInit(&((zlib_stream_t
*) conn
->stream
)->outstream
, level
);
885 common_zlib_inflate(conn
, recvq_start
, recvqlen
);
887 conn_mod_read_cb(conn
->mod_fd
, conn
);
888 conn_plain_read_cb(conn
->plain_fd
, conn
);
895 ssl_new_keys(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctl_buf
)
898 char *cert
, *key
, *dhparam
, *cipher_list
;
900 buf
= (char *) &ctl_buf
->buf
[2];
902 buf
+= strlen(cert
) + 1;
904 buf
+= strlen(key
) + 1;
906 buf
+= strlen(dhparam
) + 1;
910 if(strlen(dhparam
) == 0)
912 if(strlen(cipher_list
) == 0)
915 if(!rb_setup_ssl_server(cert
, key
, dhparam
, cipher_list
))
917 const char *invalid
= "I";
918 mod_cmd_write_queue(ctl
, invalid
, strlen(invalid
));
924 send_nossl_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
926 static const char *nossl_cmd
= "N";
932 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
933 id
= buf_to_uint32(&ctlb
->buf
[1]);
934 conn_add_id_hash(conn
, id
);
935 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no SSL/TLS support");
937 mod_cmd_write_queue(ctl
, nossl_cmd
, strlen(nossl_cmd
));
941 send_i_am_useless(mod_ctl_t
* ctl
)
943 static const char *useless
= "U";
944 mod_cmd_write_queue(ctl
, useless
, strlen(useless
));
948 send_version(mod_ctl_t
* ctl
)
950 char version
[256] = { 'V', 0 };
951 strncpy(&version
[1], rb_lib_version(), sizeof(version
) - 2);
952 mod_cmd_write_queue(ctl
, version
, strlen(version
));
956 send_nozlib_support(mod_ctl_t
* ctl
, mod_ctl_buf_t
* ctlb
)
958 static const char *nozlib_cmd
= "z";
963 conn
= make_conn(ctl
, ctlb
->F
[0], ctlb
->F
[1]);
964 id
= buf_to_uint32(&ctlb
->buf
[1]);
965 conn_add_id_hash(conn
, id
);
966 close_conn(conn
, WAIT_PLAIN
, "libratbox reports no zlib support");
968 mod_cmd_write_queue(ctl
, nozlib_cmd
, strlen(nozlib_cmd
));
972 mod_process_cmd_recv(mod_ctl_t
* ctl
)
974 rb_dlink_node
*ptr
, *next
;
975 mod_ctl_buf_t
*ctl_buf
;
977 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->readq
.head
)
981 switch (*ctl_buf
->buf
)
985 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
!= 5)
987 cleanup_bad_message(ctl
, ctl_buf
);
993 send_nossl_support(ctl
, ctl_buf
);
996 ssl_process_accept(ctl
, ctl_buf
);
1001 if (ctl_buf
->buflen
!= 5)
1003 cleanup_bad_message(ctl
, ctl_buf
);
1009 send_nossl_support(ctl
, ctl_buf
);
1012 ssl_process_connect(ctl
, ctl_buf
);
1017 if (ctl_buf
->buflen
!= 5)
1019 cleanup_bad_message(ctl
, ctl_buf
);
1022 ssl_change_certfp_method(ctl
, ctl_buf
);
1029 send_nossl_support(ctl
, ctl_buf
);
1032 ssl_new_keys(ctl
, ctl_buf
);
1037 process_stats(ctl
, ctl_buf
);
1044 if (ctl_buf
->nfds
!= 2 || ctl_buf
->buflen
< 6)
1046 cleanup_bad_message(ctl
, ctl_buf
);
1050 /* just zlib only */
1051 zlib_process(ctl
, ctl_buf
);
1057 send_nozlib_support(ctl
, ctl_buf
);
1063 /* Log unknown commands */
1065 rb_dlinkDelete(ptr
, &ctl
->readq
);
1066 rb_free(ctl_buf
->buf
);
1075 mod_read_ctl(rb_fde_t
*F
, void *data
)
1077 mod_ctl_buf_t
*ctl_buf
;
1078 mod_ctl_t
*ctl
= data
;
1084 ctl_buf
= rb_malloc(sizeof(mod_ctl_buf_t
));
1085 ctl_buf
->buf
= rb_malloc(READBUF_SIZE
);
1086 ctl_buf
->buflen
= READBUF_SIZE
;
1087 retlen
= rb_recv_fd_buf(ctl
->F
, ctl_buf
->buf
, ctl_buf
->buflen
, ctl_buf
->F
,
1091 rb_free(ctl_buf
->buf
);
1096 ctl_buf
->buflen
= retlen
;
1097 rb_dlinkAddTail(ctl_buf
, &ctl_buf
->node
, &ctl
->readq
);
1098 for (i
= 0; i
< MAXPASSFD
&& ctl_buf
->F
[i
] != NULL
; i
++)
1105 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1108 mod_process_cmd_recv(ctl
);
1109 rb_setselect(ctl
->F
, RB_SELECT_READ
, mod_read_ctl
, ctl
);
1113 mod_write_ctl(rb_fde_t
*F
, void *data
)
1115 mod_ctl_t
*ctl
= data
;
1116 mod_ctl_buf_t
*ctl_buf
;
1117 rb_dlink_node
*ptr
, *next
;
1120 RB_DLINK_FOREACH_SAFE(ptr
, next
, ctl
->writeq
.head
)
1122 ctl_buf
= ptr
->data
;
1123 retlen
= rb_send_fd_buf(ctl
->F
, ctl_buf
->F
, ctl_buf
->nfds
, ctl_buf
->buf
,
1124 ctl_buf
->buflen
, ppid
);
1127 rb_dlinkDelete(ptr
, &ctl
->writeq
);
1128 for(x
= 0; x
< ctl_buf
->nfds
; x
++)
1129 rb_close(ctl_buf
->F
[x
]);
1130 rb_free(ctl_buf
->buf
);
1134 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1138 if(rb_dlink_list_length(&ctl
->writeq
) > 0)
1139 rb_setselect(ctl
->F
, RB_SELECT_WRITE
, mod_write_ctl
, ctl
);
1144 read_pipe_ctl(rb_fde_t
*F
, void *data
)
1146 char inbuf
[READBUF_SIZE
];
1148 while((retlen
= rb_read(F
, inbuf
, sizeof(inbuf
))) > 0)
1150 ;; /* we don't do anything with the pipe really, just care if the other process dies.. */
1152 if(retlen
== 0 || (retlen
< 0 && !rb_ignore_errno(errno
)))
1154 rb_setselect(F
, RB_SELECT_READ
, read_pipe_ctl
, NULL
);
1159 main(int argc
, char **argv
)
1161 const char *s_ctlfd
, *s_pipe
, *s_pid
;
1162 int ctlfd
, pipefd
, x
, maxfd
;
1165 s_ctlfd
= getenv("CTL_FD");
1166 s_pipe
= getenv("CTL_PIPE");
1167 s_pid
= getenv("CTL_PPID");
1169 if(s_ctlfd
== NULL
|| s_pipe
== NULL
|| s_pid
== NULL
)
1172 "This is the charybdis ssld for internal ircd use.\n");
1174 "You aren't supposed to run me directly. Exiting.\n");
1178 ctlfd
= atoi(s_ctlfd
);
1179 pipefd
= atoi(s_pipe
);
1183 for(x
= 0; x
< maxfd
; x
++)
1185 if(x
!= ctlfd
&& x
!= pipefd
&& x
> 2)
1188 x
= open("/dev/null", O_RDWR
);
1192 if(ctlfd
!= 0 && pipefd
!= 0)
1194 if(ctlfd
!= 1 && pipefd
!= 1)
1196 if(ctlfd
!= 2 && pipefd
!= 2)
1203 rb_lib_init(NULL
, NULL
, NULL
, 0, maxfd
, 1024, 4096);
1204 rb_init_rawbuffers(1024);
1205 rb_init_prng(NULL
, RB_PRNG_DEFAULT
);
1206 ssld_ssl_ok
= rb_supports_ssl();
1207 mod_ctl
= rb_malloc(sizeof(mod_ctl_t
));
1208 mod_ctl
->F
= rb_open(ctlfd
, RB_FD_SOCKET
, "ircd control socket");
1209 mod_ctl
->F_pipe
= rb_open(pipefd
, RB_FD_PIPE
, "ircd pipe");
1210 rb_set_nb(mod_ctl
->F
);
1211 rb_set_nb(mod_ctl
->F_pipe
);
1212 rb_event_addish("clean_dead_conns", clean_dead_conns
, NULL
, 10);
1213 rb_event_add("check_handshake_flood", check_handshake_flood
, NULL
, 10);
1214 read_pipe_ctl(mod_ctl
->F_pipe
, NULL
);
1215 mod_read_ctl(mod_ctl
->F
, mod_ctl
);
1216 send_version(mod_ctl
);
1217 if(!zlib_ok
&& !ssld_ssl_ok
)
1219 /* this is really useless... */
1220 send_i_am_useless(mod_ctl
);
1221 /* sleep until the ircd kills us */
1222 rb_sleep(1 << 30, 0);
1227 send_nozlib_support(mod_ctl
, NULL
);
1229 send_nossl_support(mod_ctl
, NULL
);
1237 dummy_handler(int sig
)
1247 struct sigaction act
;
1250 act
.sa_handler
= SIG_IGN
;
1251 sigemptyset(&act
.sa_mask
);
1252 sigaddset(&act
.sa_mask
, SIGPIPE
);
1253 sigaddset(&act
.sa_mask
, SIGALRM
);
1255 sigaddset(&act
.sa_mask
, SIGTRAP
);
1259 sigaddset(&act
.sa_mask
, SIGWINCH
);
1260 sigaction(SIGWINCH
, &act
, 0);
1262 sigaction(SIGPIPE
, &act
, 0);
1264 sigaction(SIGTRAP
, &act
, 0);
1267 act
.sa_handler
= dummy_handler
;
1268 sigaction(SIGALRM
, &act
, 0);