* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
- *
- * $Id$
*/
#include "stdinc.h"
-#ifdef HAVE_LIBZ
-#include <zlib.h>
-#endif
-
#define MAXPASSFD 4
#ifndef READBUF_SIZE
#define READBUF_SIZE 16384
static mod_ctl_t *mod_ctl;
-
-#ifdef HAVE_LIBZ
-typedef struct _zlib_stream
-{
- z_stream instream;
- z_stream outstream;
-} zlib_stream_t;
-#endif
-
typedef struct _conn
{
rb_dlink_node node;
#define SetDead(x) ((x)->flags |= FLAG_DEAD)
#define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
#define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
-#define SetZipSSL(x) ((x)->flags |= FLAG_ZIPSSL)
-#define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
-#define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
#define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
-#define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
#define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
#define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
-#define ClearZipSSL(x) ((x)->flags &= ~FLAG_ZIPSSL)
#define NO_WAIT 0x0
#define WAIT_PLAIN 0x1
static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data);
static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len);
static const char *remote_closed = "Remote host closed the connection";
-static int ssl_ok;
-static int certfp_method = RB_SSL_CERTFP_METH_SHA1;
-#ifdef HAVE_LIBZ
-static int zlib_ok = 1;
-#else
-static int zlib_ok = 0;
-#endif
-
+static bool ssld_ssl_ok;
+static int certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1;
-#ifdef HAVE_LIBZ
-static void *
-ssld_alloc(void *unused, size_t count, size_t size)
-{
- return rb_malloc(count * size);
-}
-
-static void
-ssld_free(void *unused, void *ptr)
-{
- rb_free(ptr);
-}
-#endif
static conn_t *
conn_find_by_id(uint32_t id)
{
rb_free_rawbuffer(conn->modbuf_out);
rb_free_rawbuffer(conn->plainbuf_out);
-#ifdef HAVE_LIBZ
- if(IsZip(conn))
- {
- zlib_stream_t *stream = conn->stream;
- inflateEnd(&stream->instream);
- deflateEnd(&stream->outstream);
- rb_free(stream);
- }
-#endif
rb_free(conn);
}
mod_write_ctl(ctl->F, ctl);
}
-#ifdef HAVE_LIBZ
-static void
-common_zlib_deflate(conn_t * conn, void *buf, size_t len)
-{
- char outbuf[READBUF_SIZE];
- int ret, have;
- z_stream *outstream = &((zlib_stream_t *) conn->stream)->outstream;
- outstream->next_in = buf;
- outstream->avail_in = len;
- outstream->next_out = (Bytef *) outbuf;
- outstream->avail_out = sizeof(outbuf);
-
- ret = deflate(outstream, Z_SYNC_FLUSH);
- if(ret != Z_OK)
- {
- /* deflate error */
- close_conn(conn, WAIT_PLAIN, "Deflate failed: %s", zError(ret));
- return;
- }
- if(outstream->avail_out == 0)
- {
- /* avail_out empty */
- close_conn(conn, WAIT_PLAIN, "error compressing data, avail_out == 0");
- return;
- }
- if(outstream->avail_in != 0)
- {
- /* avail_in isn't empty... */
- close_conn(conn, WAIT_PLAIN, "error compressing data, avail_in != 0");
- return;
- }
- have = sizeof(outbuf) - outstream->avail_out;
- conn_mod_write(conn, outbuf, have);
-}
-
-static void
-common_zlib_inflate(conn_t * conn, void *buf, size_t len)
-{
- char outbuf[READBUF_SIZE];
- int ret, have = 0;
- ((zlib_stream_t *) conn->stream)->instream.next_in = buf;
- ((zlib_stream_t *) conn->stream)->instream.avail_in = len;
- ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
- ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
-
- while(((zlib_stream_t *) conn->stream)->instream.avail_in)
- {
- ret = inflate(&((zlib_stream_t *) conn->stream)->instream, Z_NO_FLUSH);
- if(ret != Z_OK)
- {
- if(!strncmp("ERROR ", buf, 6))
- {
- close_conn(conn, WAIT_PLAIN, "Received uncompressed ERROR");
- return;
- }
- close_conn(conn, WAIT_PLAIN, "Inflate failed: %s", zError(ret));
- return;
- }
- have = sizeof(outbuf) - ((zlib_stream_t *) conn->stream)->instream.avail_out;
-
- if(((zlib_stream_t *) conn->stream)->instream.avail_in)
- {
- conn_plain_write(conn, outbuf, have);
- have = 0;
- ((zlib_stream_t *) conn->stream)->instream.next_out = (Bytef *) outbuf;
- ((zlib_stream_t *) conn->stream)->instream.avail_out = sizeof(outbuf);
- }
- }
- if(have == 0)
- return;
-
- conn_plain_write(conn, outbuf, have);
-}
-#endif
-
-static int
+static bool
plain_check_cork(conn_t * conn)
{
if(rb_rawbuf_length(conn->modbuf_out) >= 4096)
rb_setselect(conn->plain_fd, RB_SELECT_READ, NULL, NULL);
/* try to write */
conn_mod_write_sendq(conn->mod_fd, conn);
- return 1;
+ return true;
}
- return 0;
+ return false;
}
}
conn->plain_in += length;
-#ifdef HAVE_LIBZ
- if(IsZip(conn))
- common_zlib_deflate(conn, inbuf, length);
- else
-#endif
- conn_mod_write(conn, inbuf, length);
+ conn_mod_write(conn, inbuf, length);
if(IsDead(conn))
return;
if(plain_check_cork(conn))
{
char inbuf[READBUF_SIZE];
conn_t *conn = data;
- const char *err = remote_closed;
int length;
if(conn == NULL)
return;
return;
}
+ const char *err;
if(IsSSL(conn) && length == RB_RW_SSL_ERROR)
err = rb_get_ssl_strerror(conn->mod_fd);
else
return;
}
conn->mod_in += length;
-#ifdef HAVE_LIBZ
- if(IsZip(conn))
- common_zlib_inflate(conn, inbuf, length);
- else
-#endif
- conn_plain_write(conn, inbuf, length);
+ conn_plain_write(conn, inbuf, length);
}
}
static int
maxconn(void)
{
-#if defined(RLIMIT_NOFILE) && defined(HAVE_SYS_RESOURCE_H)
struct rlimit limit;
if(!getrlimit(RLIMIT_NOFILE, &limit))
{
return limit.rlim_cur;
}
-#endif /* RLIMIT_FD_MAX */
return MAXCONNECTIONS;
}
static void
ssl_send_certfp(conn_t *conn)
{
- uint8_t buf[9 + RB_SSL_CERTFP_LEN];
+ uint8_t buf[13 + RB_SSL_CERTFP_LEN];
- int len = rb_get_ssl_certfp(conn->mod_fd, &buf[9], certfp_method);
+ int len = rb_get_ssl_certfp(conn->mod_fd, &buf[13], certfp_method);
if (!len)
return;
lrb_assert(len <= RB_SSL_CERTFP_LEN);
buf[0] = 'F';
uint32_to_buf(&buf[1], conn->id);
- uint32_to_buf(&buf[5], len);
- mod_cmd_write_queue(conn->ctl, buf, 9 + len);
+ uint32_to_buf(&buf[5], certfp_method);
+ uint32_to_buf(&buf[9], len);
+ mod_cmd_write_queue(conn->ctl, buf, 13 + len);
+}
+
+static void
+ssl_send_open(conn_t *conn)
+{
+ uint8_t buf[5];
+
+ buf[0] = 'O';
+ uint32_to_buf(&buf[1], conn->id);
+ mod_cmd_write_queue(conn->ctl, buf, 5);
}
static void
if(status == RB_OK)
{
- conn_mod_read_cb(conn->mod_fd, conn);
- conn_plain_read_cb(conn->plain_fd, conn);
ssl_send_cipher(conn);
ssl_send_certfp(conn);
+ ssl_send_open(conn);
+ conn_mod_read_cb(conn->mod_fd, conn);
+ conn_plain_read_cb(conn->plain_fd, conn);
return;
}
/* ircd doesn't care about the reason for this */
if(status == RB_OK)
{
- conn_mod_read_cb(conn->mod_fd, conn);
- conn_plain_read_cb(conn->plain_fd, conn);
ssl_send_cipher(conn);
ssl_send_certfp(conn);
+ ssl_send_open(conn);
+ conn_mod_read_cb(conn->mod_fd, conn);
+ conn_plain_read_cb(conn->plain_fd, conn);
}
else if(status == RB_ERR_TIMEOUT)
close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */
}
-static void
-change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb)
-{
- uint32_t id = buf_to_uint32(&ctlb->buf[1]);
- uint32_t newid = buf_to_uint32(&ctlb->buf[5]);
- conn_t *conn = conn_find_by_id(id);
- lrb_assert(conn != NULL);
- if(conn == NULL)
- {
- uint8_t buf[256];
- int len;
-
- buf[0] = 'D';
- uint32_to_buf(&buf[1], newid);
- sprintf((char *) &buf[5], "connid %d does not exist", id);
- len = (strlen((char *) &buf[5]) + 1) + 5;
- mod_cmd_write_queue(ctl, buf, len);
-
- return;
- }
- rb_dlinkDelete(&conn->node, connid_hash(conn->id));
- SetZipSSL(conn);
- conn->id = newid;
-}
-
-#ifdef HAVE_LIBZ
-static void
-zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
-{
- uint8_t level;
- size_t recvqlen;
- size_t hdr = (sizeof(uint8_t) * 2) + sizeof(uint32_t);
- void *recvq_start;
- z_stream *instream, *outstream;
- conn_t *conn;
- uint32_t id;
-
- conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
- if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
- rb_set_type(conn->mod_fd, RB_FD_SOCKET);
-
- if(rb_get_type(conn->plain_fd) == RB_FD_UNKNOWN)
- rb_set_type(conn->plain_fd, RB_FD_SOCKET);
-
- id = buf_to_uint32(&ctlb->buf[1]);
- conn_add_id_hash(conn, id);
-
- level = (uint8_t)ctlb->buf[5];
-
- recvqlen = ctlb->buflen - hdr;
- recvq_start = &ctlb->buf[6];
-
- SetZip(conn);
- conn->stream = rb_malloc(sizeof(zlib_stream_t));
- instream = &((zlib_stream_t *) conn->stream)->instream;
- outstream = &((zlib_stream_t *) conn->stream)->outstream;
-
- instream->total_in = 0;
- instream->total_out = 0;
- instream->zalloc = (alloc_func) ssld_alloc;
- instream->zfree = (free_func) ssld_free;
- instream->data_type = Z_ASCII;
- inflateInit(&((zlib_stream_t *) conn->stream)->instream);
-
- outstream->total_in = 0;
- outstream->total_out = 0;
- outstream->zalloc = (alloc_func) ssld_alloc;
- outstream->zfree = (free_func) ssld_free;
- outstream->data_type = Z_ASCII;
-
- if(level > 9)
- level = (uint8_t) Z_DEFAULT_COMPRESSION;
-
- deflateInit(&((zlib_stream_t *) conn->stream)->outstream, level);
- if(recvqlen > 0)
- common_zlib_inflate(conn, recvq_start, recvqlen);
-
- conn_mod_read_cb(conn->mod_fd, conn);
- conn_plain_read_cb(conn->plain_fd, conn);
- return;
-
-}
-#endif
-
-static void
-init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
-{
- char *path;
- prng_seed_t seed_type;
-
- seed_type = (prng_seed_t) ctl_buf->buf[1];
- path = (char *) &ctl_buf->buf[2];
- rb_init_prng(path, seed_type);
-}
-
-
static void
ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf)
{
key = buf;
buf += strlen(key) + 1;
dhparam = buf;
- if(strlen(dhparam) == 0)
- dhparam = NULL;
buf += strlen(dhparam) + 1;
cipher_list = buf;
+ if(strlen(key) == 0)
+ key = cert;
+ if(strlen(dhparam) == 0)
+ dhparam = NULL;
if(strlen(cipher_list) == 0)
cipher_list = NULL;
break;
}
- if(!ssl_ok)
+ if(!ssld_ssl_ok)
{
send_nossl_support(ctl, ctl_buf);
break;
}
case 'C':
{
- if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
+ if (ctl_buf->buflen != 5)
{
cleanup_bad_message(ctl, ctl_buf);
break;
}
- if(!ssl_ok)
+ if(!ssld_ssl_ok)
{
send_nossl_support(ctl, ctl_buf);
break;
}
case 'F':
{
- if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5)
+ if (ctl_buf->buflen != 5)
{
cleanup_bad_message(ctl, ctl_buf);
break;
}
case 'K':
{
- if(!ssl_ok)
+ if(!ssld_ssl_ok)
{
send_nossl_support(ctl, ctl_buf);
break;
ssl_new_keys(ctl, ctl_buf);
break;
}
- case 'I':
- init_prng(ctl, ctl_buf);
- break;
case 'S':
{
process_stats(ctl, ctl_buf);
break;
}
- case 'Y':
- {
- change_connid(ctl, ctl_buf);
- break;
- }
-
-#ifdef HAVE_LIBZ
- case 'Z':
- {
- if (ctl_buf->nfds != 2 || ctl_buf->buflen < 6)
- {
- cleanup_bad_message(ctl, ctl_buf);
- break;
- }
-
- /* just zlib only */
- zlib_process(ctl, ctl_buf);
- break;
- }
-#else
case 'Z':
send_nozlib_support(ctl, ctl_buf);
break;
-#endif
default:
break;
/* Log unknown commands */
main(int argc, char **argv)
{
const char *s_ctlfd, *s_pipe, *s_pid;
- int ctlfd, pipefd, x, maxfd;
+ int ctlfd, pipefd, maxfd, x;
maxfd = maxconn();
s_ctlfd = getenv("CTL_FD");
if(s_ctlfd == NULL || s_pipe == NULL || s_pid == NULL)
{
fprintf(stderr,
- "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n");
+ "This is the solanum ssld for internal ircd use.\n");
fprintf(stderr,
- "You get an Id tag for this: $Id$\n");
- fprintf(stderr, "Have a nice life\n");
+ "You aren't supposed to run me directly. Exiting.\n");
exit(1);
}
ctlfd = atoi(s_ctlfd);
pipefd = atoi(s_pipe);
ppid = atoi(s_pid);
- x = 0;
-#ifndef _WIN32
- for(x = 0; x < maxfd; x++)
+
+ for(x = 3; x < maxfd; x++)
{
- if(x != ctlfd && x != pipefd && x > 2)
+ if(x != ctlfd && x != pipefd)
close(x);
}
+
x = open("/dev/null", O_RDWR);
if(x >= 0)
if(x > 2)
close(x);
}
-#endif
+
setup_signals();
rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096);
rb_init_rawbuffers(1024);
- ssl_ok = rb_supports_ssl();
+ rb_init_prng(NULL, RB_PRNG_DEFAULT);
+ ssld_ssl_ok = rb_supports_ssl();
mod_ctl = rb_malloc(sizeof(mod_ctl_t));
mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket");
mod_ctl->F_pipe = rb_open(pipefd, RB_FD_PIPE, "ircd pipe");
read_pipe_ctl(mod_ctl->F_pipe, NULL);
mod_read_ctl(mod_ctl->F, mod_ctl);
send_version(mod_ctl);
- if(!zlib_ok && !ssl_ok)
+ if(!ssld_ssl_ok)
{
/* this is really useless... */
send_i_am_useless(mod_ctl);
/* sleep until the ircd kills us */
- rb_sleep(2 << 30, 0);
+ rb_sleep(1 << 30, 0);
exit(1);
}
- if(!zlib_ok)
- send_nozlib_support(mod_ctl, NULL);
- if(!ssl_ok)
+ send_nozlib_support(mod_ctl, NULL);
+ if(!ssld_ssl_ok)
send_nossl_support(mod_ctl, NULL);
rb_lib_loop(0);
return 0;
}
-#ifndef _WIN32
static void
dummy_handler(int sig)
{
return;
}
-#endif
static void
setup_signals()
{
-#ifndef _WIN32
struct sigaction act;
act.sa_flags = 0;
act.sa_handler = dummy_handler;
sigaction(SIGALRM, &act, 0);
-#endif
}