ssld: take inbuf/outbuf out of global scope, since its unnecessary

[solanum.git] / ssld / ssld.c

diff --git a/ssld/ssld.c b/ssld/ssld.c
index d9dbfa5cb19420488d3c9b53887537ad13b13f71..75312c9612c0ed32a658bc289ae500d0f2f13f7c 100644 (file)
--- a/ssld/ssld.c
+++ b/ssld/ssld.c
@@ -36,46 +36,25 @@
 static void setup_signals(void);
 static pid_t ppid;
 
-static inline int32_t
-buf_to_int32(char *buf)
+static inline uint32_t
+buf_to_uint32(uint8_t *buf)
 {
-       int32_t x;
+       uint32_t x;
        memcpy(&x, buf, sizeof(x));
        return x;
 }
 
 static inline void
-int32_to_buf(char *buf, int32_t x)
+uint32_to_buf(uint8_t *buf, uint32_t x)
 {
        memcpy(buf, &x, sizeof(x));
        return;
 }
 
-static inline uint16_t
-buf_to_uint16(char *buf)
-{
-       uint16_t x;
-       memcpy(&x, buf, sizeof(x));
-       return x;
-}
-
-static inline void
-uint16_to_buf(char *buf, uint16_t x)
-{
-       memcpy(buf, &x, sizeof(x));
-       return;
-}
-
-
-static char inbuf[READBUF_SIZE];
-#ifdef HAVE_LIBZ
-static char outbuf[READBUF_SIZE];
-#endif
-
 typedef struct _mod_ctl_buf
 {
        rb_dlink_node node;
-       char *buf;
+       uint8_t *buf;
        size_t buflen;
        rb_fde_t *F[MAXPASSFD];
        int nfds;
@@ -109,7 +88,7 @@ typedef struct _conn
        rawbuf_head_t *modbuf_out;
        rawbuf_head_t *plainbuf_out;
 
-       int32_t id;
+       uint32_t id;
 
        rb_fde_t *mod_fd;
        rb_fde_t *plain_fd;
@@ -171,9 +150,11 @@ static void conn_mod_write_sendq(rb_fde_t *, void *data);
 static void conn_plain_write_sendq(rb_fde_t *, void *data);
 static void mod_write_ctl(rb_fde_t *, void *data);
 static void conn_plain_read_cb(rb_fde_t *fd, void *data);
+static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data);
 static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len);
 static const char *remote_closed = "Remote host closed the connection";
 static int ssl_ok;
+static int certfp_method = RB_SSL_CERTFP_METH_SHA1;
 #ifdef HAVE_LIBZ
 static int zlib_ok = 1;
 #else
@@ -196,7 +177,7 @@ ssld_free(void *unused, void *ptr)
 #endif
 
 static conn_t *
-conn_find_by_id(int32_t id)
+conn_find_by_id(uint32_t id)
 {
        rb_dlink_node *ptr;
        conn_t *conn;
@@ -211,7 +192,7 @@ conn_find_by_id(int32_t id)
 }
 
 static void
-conn_add_id_hash(conn_t * conn, int32_t id)
+conn_add_id_hash(conn_t * conn, uint32_t id)
 {
        conn->id = id;
        rb_dlinkAdd(conn, &conn->node, connid_hash(id));
@@ -252,7 +233,7 @@ close_conn(conn_t * conn, int wait_plain, const char *fmt, ...)
 {
        va_list ap;
        char reason[128];       /* must always be under 250 bytes */
-       char buf[256];
+       uint8_t buf[256];
        int len;
        if(IsDead(conn))
                return;
@@ -262,23 +243,24 @@ close_conn(conn_t * conn, int wait_plain, const char *fmt, ...)
        rb_close(conn->mod_fd);
        SetDead(conn);
 
+       if(!IsZipSSL(conn))
+               rb_dlinkDelete(&conn->node, connid_hash(conn->id));
+
        if(!wait_plain || fmt == NULL)
        {
                rb_close(conn->plain_fd);
-
-               if(conn->id >= 0 && !IsZipSSL(conn))
-                       rb_dlinkDelete(&conn->node, connid_hash(conn->id));
                rb_dlinkAdd(conn, &conn->node, &dead_list);
                return;
        }
-       rb_setselect(conn->plain_fd, RB_SELECT_WRITE | RB_SELECT_READ, NULL, NULL);
+       rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
+       rb_setselect(conn->plain_fd, RB_SELECT_WRITE, NULL, NULL);
        va_start(ap, fmt);
        rb_vsnprintf(reason, sizeof(reason), fmt, ap);
        va_end(ap);
 
        buf[0] = 'D';
-       int32_to_buf(&buf[1], conn->id);
-       strcpy(&buf[5], reason);
+       uint32_to_buf(&buf[1], conn->id);
+       rb_strlcpy((char *) &buf[5], reason, sizeof(buf) - 5);
        len = (strlen(reason) + 1) + 5;
        mod_cmd_write_queue(conn->ctl, buf, len);
 }
@@ -407,6 +389,7 @@ mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len)
 static void
 common_zlib_deflate(conn_t * conn, void *buf, size_t len)
 {
+       char outbuf[READBUF_SIZE];
        int ret, have;
        z_stream *outstream = &((zlib_stream_t *) conn->stream)->outstream;
        outstream->next_in = buf;
@@ -440,6 +423,7 @@ common_zlib_deflate(conn_t * conn, void *buf, size_t len)
 static void
 common_zlib_inflate(conn_t * conn, void *buf, size_t len)
 {
+       char outbuf[READBUF_SIZE];
        int ret, have = 0;
        ((zlib_stream_t *) conn->stream)->instream.next_in = buf;
        ((zlib_stream_t *) conn->stream)->instream.avail_in = len;
@@ -481,7 +465,7 @@ plain_check_cork(conn_t * conn)
 {
        if(rb_rawbuf_length(conn->modbuf_out) >= 4096)
        {
-               /* if we have over 4k pending outbound, don't read until 
+               /* if we have over 4k pending outbound, don't read until
                 * we've cleared the queue */
                SetCork(conn);
                rb_setselect(conn->plain_fd, RB_SELECT_READ, NULL, NULL);
@@ -496,6 +480,7 @@ plain_check_cork(conn_t * conn)
 static void
 conn_plain_read_cb(rb_fde_t *fd, void *data)
 {
+       char inbuf[READBUF_SIZE];
        conn_t *conn = data;
        int length = 0;
        if(conn == NULL)
@@ -541,9 +526,39 @@ conn_plain_read_cb(rb_fde_t *fd, void *data)
        }
 }
 
+static void
+conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data)
+{
+       char inbuf[READBUF_SIZE];
+       conn_t *conn = data;
+       int length = 0;
+
+       if(conn == NULL)
+               return;
+
+       while(1)
+       {
+               length = rb_read(conn->plain_fd, inbuf, sizeof(inbuf));
+
+               if(length == 0 || (length < 0 && !rb_ignore_errno(errno)))
+               {
+                       rb_close(conn->plain_fd);
+                       rb_dlinkAdd(conn, &conn->node, &dead_list);
+                       return;
+               }
+
+               if(length < 0)
+               {
+                       rb_setselect(conn->plain_fd, RB_SELECT_READ, conn_plain_read_shutdown_cb, conn);
+                       return;
+               }
+       }
+}
+
 static void
 conn_mod_read_cb(rb_fde_t *fd, void *data)
 {
+       char inbuf[READBUF_SIZE];
        conn_t *conn = data;
        const char *err = remote_closed;
        int length;
@@ -645,14 +660,57 @@ maxconn(void)
        return MAXCONNECTIONS;
 }
 
+static void
+ssl_send_cipher(conn_t *conn)
+{
+       size_t len;
+       char buf[512];
+       char cstring[256];
+       const char *p;
+       if(!IsSSL(conn))
+               return;
+
+       p = rb_ssl_get_cipher(conn->mod_fd);
+
+       if(p == NULL)
+               return;
+
+       rb_strlcpy(cstring, p, sizeof(cstring));
+
+       buf[0] = 'C';
+       uint32_to_buf(&buf[1], conn->id);
+       strcpy(&buf[5], cstring);
+       len = (strlen(cstring) + 1) + 5;
+       mod_cmd_write_queue(conn->ctl, buf, len);
+}
+
+static void
+ssl_send_certfp(conn_t *conn)
+{
+       uint8_t buf[9 + RB_SSL_CERTFP_LEN];
+
+       int len = rb_get_ssl_certfp(conn->mod_fd, &buf[9], certfp_method);
+       if (!len)
+               return;
+
+       lrb_assert(len <= RB_SSL_CERTFP_LEN);
+       buf[0] = 'F';
+       uint32_to_buf(&buf[1], conn->id);
+       uint32_to_buf(&buf[5], len);
+       mod_cmd_write_queue(conn->ctl, buf, 9 + len);
+}
+
 static void
 ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
 {
        conn_t *conn = data;
+
        if(status == RB_OK)
        {
                conn_mod_read_cb(conn->mod_fd, conn);
                conn_plain_read_cb(conn->plain_fd, conn);
+               ssl_send_cipher(conn);
+               ssl_send_certfp(conn);
                return;
        }
        /* ircd doesn't care about the reason for this */
@@ -664,10 +722,13 @@ static void
 ssl_process_connect_cb(rb_fde_t *F, int status, void *data)
 {
        conn_t *conn = data;
+
        if(status == RB_OK)
        {
                conn_mod_read_cb(conn->mod_fd, conn);
                conn_plain_read_cb(conn->plain_fd, conn);
+               ssl_send_cipher(conn);
+               ssl_send_certfp(conn);
        }
        else if(status == RB_ERR_TIMEOUT)
                close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
@@ -692,14 +753,12 @@ static void
 ssl_process_accept(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
 {
        conn_t *conn;
-       int32_t id;
+       uint32_t id;
 
        conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
 
-       id = buf_to_int32(&ctlb->buf[1]);
-
-       if(id >= 0)
-               conn_add_id_hash(conn, id);
+       id = buf_to_uint32(&ctlb->buf[1]);
+       conn_add_id_hash(conn, id);
        SetSSL(conn);
 
        if(rb_get_type(conn->mod_fd) & RB_FD_UNKNOWN)
@@ -713,17 +772,21 @@ ssl_process_accept(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
        rb_ssl_start_accepted(ctlb->F[0], ssl_process_accept_cb, conn, 10);
 }
 
+static void
+ssl_change_certfp_method(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
+{
+       certfp_method = buf_to_uint32(&ctlb->buf[1]);
+}
+
 static void
 ssl_process_connect(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
 {
        conn_t *conn;
-       int32_t id;
+       uint32_t id;
        conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
 
-       id = buf_to_int32(&ctlb->buf[1]);
-
-       if(id >= 0)
-               conn_add_id_hash(conn, id);
+       id = buf_to_uint32(&ctlb->buf[1]);
+       conn_add_id_hash(conn, id);
        SetSSL(conn);
 
        if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
@@ -741,13 +804,10 @@ process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
 {
        char outstat[512];
        conn_t *conn;
-       const char *odata;
-       int32_t id;
+       uint8_t *odata;
+       uint32_t id;
 
-       id = buf_to_int32(&ctlb->buf[1]);
-
-       if(id < 0)
-               return;
+       id = buf_to_uint32(&ctlb->buf[1]);
 
        odata = &ctlb->buf[5];
        conn = conn_find_by_id(id);
@@ -767,11 +827,10 @@ process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
 static void
 change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
 {
-       int32_t id = buf_to_int32(&ctlb->buf[1]);
-       int32_t newid = buf_to_int32(&ctlb->buf[5]);
+       uint32_t id = buf_to_uint32(&ctlb->buf[1]);
+       uint32_t newid = buf_to_uint32(&ctlb->buf[5]);
        conn_t *conn = conn_find_by_id(id);
-       if(conn->id >= 0)
-               rb_dlinkDelete(&conn->node, connid_hash(conn->id));
+       rb_dlinkDelete(&conn->node, connid_hash(conn->id));
        SetZipSSL(conn);
        conn->id = newid;
 }
@@ -782,11 +841,11 @@ zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
 {
        uint8_t level;
        size_t recvqlen;
-       size_t hdr = (sizeof(uint8_t) * 2) + sizeof(int32_t);
+       size_t hdr = (sizeof(uint8_t) * 2) + sizeof(uint32_t);
        void *recvq_start;
        z_stream *instream, *outstream;
        conn_t *conn;
-       int32_t id;
+       uint32_t id;
 
        conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
        if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
@@ -795,7 +854,7 @@ zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
        if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
                rb_set_type(conn->plain_fd, RB_FD_SOCKET);
 
-       id = buf_to_int32(&ctlb->buf[1]);
+       id = buf_to_uint32(&ctlb->buf[1]);
        conn_add_id_hash(conn, id);
 
        level = (uint8_t)ctlb->buf[5];
@@ -822,7 +881,7 @@ zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
        outstream->data_type = Z_ASCII;
 
        if(level > 9)
-               level = Z_DEFAULT_COMPRESSION;
+               level = (uint8_t) Z_DEFAULT_COMPRESSION;
 
        deflateInit(&((zlib_stream_t *) conn->stream)->outstream, level);
        if(recvqlen > 0)
@@ -842,7 +901,7 @@ init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
        prng_seed_t seed_type;
 
        seed_type = (prng_seed_t) ctl_buf->buf[1];
-       path = &ctl_buf->buf[2];
+       path = (char *) &ctl_buf->buf[2];
        rb_init_prng(path, seed_type);
 }
 
@@ -853,7 +912,7 @@ ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
        char *buf;
        char *cert, *key, *dhparam;
 
-       buf = &ctl_buf->buf[2];
+       buf = (char *) &ctl_buf->buf[2];
        cert = buf;
        buf += strlen(cert) + 1;
        key = buf;
@@ -875,15 +934,13 @@ send_nossl_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
 {
        static const char *nossl_cmd = "N";
        conn_t *conn;
-       int32_t id;
+       uint32_t id;
 
        if(ctlb != NULL)
        {
                conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
-               id = buf_to_int32(&ctlb->buf[1]);
-
-               if(id >= 0)
-                       conn_add_id_hash(conn, id);
+               id = buf_to_uint32(&ctlb->buf[1]);
+               conn_add_id_hash(conn, id);
                close_conn(conn, WAIT_PLAIN, "libratbox reports no SSL/TLS support");
        }
        mod_cmd_write_queue(ctl, nossl_cmd, strlen(nossl_cmd));
@@ -901,14 +958,12 @@ send_nozlib_support(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
 {
        static const char *nozlib_cmd = "z";
        conn_t *conn;
-       int32_t id;
+       uint32_t id;
        if(ctlb != NULL)
        {
                conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
-               id = buf_to_int32(&ctlb->buf[1]);
-
-               if(id >= 0)
-                       conn_add_id_hash(conn, id);
+               id = buf_to_uint32(&ctlb->buf[1]);
+               conn_add_id_hash(conn, id);
                close_conn(conn, WAIT_PLAIN, "libratbox reports no zlib support");
        }
        mod_cmd_write_queue(ctl, nozlib_cmd, strlen(nozlib_cmd));
@@ -958,7 +1013,16 @@ mod_process_cmd_recv(mod_ctl_t * ctl)
                                ssl_process_connect(ctl, ctl_buf);
                                break;
                        }
-
+               case 'F':
+                       {
+                               if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
+                               {
+                                       cleanup_bad_message(ctl, ctl_buf);
+                                       break;
+                               }
+                               ssl_change_certfp_method(ctl, ctl_buf);
+                               break;
+                       }
                case 'K':
                        {
                                if(!ssl_ok)
@@ -997,7 +1061,7 @@ mod_process_cmd_recv(mod_ctl_t * ctl)
                                break;
                        }
 #else
-                       
+
                case 'Z':
                        send_nozlib_support(ctl, ctl_buf);
                        break;
@@ -1088,6 +1152,7 @@ mod_write_ctl(rb_fde_t *F, void *data)
 static void
 read_pipe_ctl(rb_fde_t *F, void *data)
 {
+       char inbuf[READBUF_SIZE];
        int retlen;
        while((retlen = rb_read(F, inbuf, sizeof(inbuf))) > 0)
        {