X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/1b7a47417b303f48217e495e201daee82eeefedf..f831e92603a86c1997e980927bbad5fe444cdeb8:/ssld/ssld.c diff --git a/ssld/ssld.c b/ssld/ssld.c index 32f95fb4..93491004 100644 --- a/ssld/ssld.c +++ b/ssld/ssld.c @@ -151,12 +151,12 @@ static void conn_plain_read_cb(rb_fde_t *fd, void *data); static void conn_plain_read_shutdown_cb(rb_fde_t *fd, void *data); static void mod_cmd_write_queue(mod_ctl_t * ctl, const void *data, size_t len); static const char *remote_closed = "Remote host closed the connection"; -static int ssl_ok; -static int certfp_method = RB_SSL_CERTFP_METH_SHA1; +static bool ssld_ssl_ok; +static int certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1; #ifdef HAVE_LIBZ -static int zlib_ok = 1; +static bool zlib_ok = true; #else -static int zlib_ok = 0; +static bool zlib_ok = false; #endif @@ -459,7 +459,7 @@ common_zlib_inflate(conn_t * conn, void *buf, size_t len) } #endif -static int +static bool plain_check_cork(conn_t * conn) { if(rb_rawbuf_length(conn->modbuf_out) >= 4096) @@ -470,9 +470,9 @@ plain_check_cork(conn_t * conn) rb_setselect(conn->plain_fd, RB_SELECT_READ, NULL, NULL); /* try to write */ conn_mod_write_sendq(conn->mod_fd, conn); - return 1; + return true; } - return 0; + return false; } @@ -686,17 +686,28 @@ ssl_send_cipher(conn_t *conn) static void ssl_send_certfp(conn_t *conn) { - uint8_t buf[9 + RB_SSL_CERTFP_LEN]; + uint8_t buf[13 + RB_SSL_CERTFP_LEN]; - int len = rb_get_ssl_certfp(conn->mod_fd, &buf[9], certfp_method); + int len = rb_get_ssl_certfp(conn->mod_fd, &buf[13], certfp_method); if (!len) return; lrb_assert(len <= RB_SSL_CERTFP_LEN); buf[0] = 'F'; uint32_to_buf(&buf[1], conn->id); - uint32_to_buf(&buf[5], len); - mod_cmd_write_queue(conn->ctl, buf, 9 + len); + uint32_to_buf(&buf[5], certfp_method); + uint32_to_buf(&buf[9], len); + mod_cmd_write_queue(conn->ctl, buf, 13 + len); +} + +static void +ssl_send_open(conn_t *conn) +{ + uint8_t buf[5]; + + buf[0] = 'O'; + uint32_to_buf(&buf[1], conn->id); + mod_cmd_write_queue(conn->ctl, buf, 5); } static void @@ -706,10 +717,11 @@ ssl_process_accept_cb(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen if(status == RB_OK) { - conn_mod_read_cb(conn->mod_fd, conn); - conn_plain_read_cb(conn->plain_fd, conn); ssl_send_cipher(conn); ssl_send_certfp(conn); + ssl_send_open(conn); + conn_mod_read_cb(conn->mod_fd, conn); + conn_plain_read_cb(conn->plain_fd, conn); return; } /* ircd doesn't care about the reason for this */ @@ -724,10 +736,11 @@ ssl_process_connect_cb(rb_fde_t *F, int status, void *data) if(status == RB_OK) { - conn_mod_read_cb(conn->mod_fd, conn); - conn_plain_read_cb(conn->plain_fd, conn); ssl_send_cipher(conn); ssl_send_certfp(conn); + ssl_send_open(conn); + conn_mod_read_cb(conn->mod_fd, conn); + conn_plain_read_cb(conn->plain_fd, conn); } else if(status == RB_ERR_TIMEOUT) close_conn(conn, WAIT_PLAIN, "SSL handshake timed out"); @@ -824,31 +837,6 @@ process_stats(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb) mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */ } -static void -change_connid(mod_ctl_t *ctl, mod_ctl_buf_t *ctlb) -{ - uint32_t id = buf_to_uint32(&ctlb->buf[1]); - uint32_t newid = buf_to_uint32(&ctlb->buf[5]); - conn_t *conn = conn_find_by_id(id); - lrb_assert(conn != NULL); - if(conn == NULL) - { - uint8_t buf[256]; - int len; - - buf[0] = 'D'; - uint32_to_buf(&buf[1], newid); - sprintf((char *) &buf[5], "connid %d does not exist", id); - len = (strlen((char *) &buf[5]) + 1) + 5; - mod_cmd_write_queue(ctl, buf, len); - - return; - } - rb_dlinkDelete(&conn->node, connid_hash(conn->id)); - SetZipSSL(conn); - conn->id = newid; -} - #ifdef HAVE_LIBZ static void zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb) @@ -908,18 +896,6 @@ zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb) } #endif -static void -init_prng(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf) -{ - char *path; - prng_seed_t seed_type; - - seed_type = (prng_seed_t) ctl_buf->buf[1]; - path = (char *) &ctl_buf->buf[2]; - rb_init_prng(path, seed_type); -} - - static void ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf) { @@ -932,10 +908,10 @@ ssl_new_keys(mod_ctl_t * ctl, mod_ctl_buf_t * ctl_buf) key = buf; buf += strlen(key) + 1; dhparam = buf; - if(strlen(dhparam) == 0) - dhparam = NULL; buf += strlen(dhparam) + 1; cipher_list = buf; + if(strlen(dhparam) == 0) + dhparam = NULL; if(strlen(cipher_list) == 0) cipher_list = NULL; @@ -1015,7 +991,7 @@ mod_process_cmd_recv(mod_ctl_t * ctl) break; } - if(!ssl_ok) + if(!ssld_ssl_ok) { send_nossl_support(ctl, ctl_buf); break; @@ -1025,13 +1001,13 @@ mod_process_cmd_recv(mod_ctl_t * ctl) } case 'C': { - if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5) + if (ctl_buf->buflen != 5) { cleanup_bad_message(ctl, ctl_buf); break; } - if(!ssl_ok) + if(!ssld_ssl_ok) { send_nossl_support(ctl, ctl_buf); break; @@ -1041,7 +1017,7 @@ mod_process_cmd_recv(mod_ctl_t * ctl) } case 'F': { - if (ctl_buf->nfds != 2 || ctl_buf->buflen != 5) + if (ctl_buf->buflen != 5) { cleanup_bad_message(ctl, ctl_buf); break; @@ -1051,7 +1027,7 @@ mod_process_cmd_recv(mod_ctl_t * ctl) } case 'K': { - if(!ssl_ok) + if(!ssld_ssl_ok) { send_nossl_support(ctl, ctl_buf); break; @@ -1059,19 +1035,11 @@ mod_process_cmd_recv(mod_ctl_t * ctl) ssl_new_keys(ctl, ctl_buf); break; } - case 'I': - init_prng(ctl, ctl_buf); - break; case 'S': { process_stats(ctl, ctl_buf); break; } - case 'Y': - { - change_connid(ctl, ctl_buf); - break; - } #ifdef HAVE_LIBZ case 'Z': @@ -1237,7 +1205,8 @@ main(int argc, char **argv) setup_signals(); rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096); rb_init_rawbuffers(1024); - ssl_ok = rb_supports_ssl(); + rb_init_prng(NULL, RB_PRNG_DEFAULT); + ssld_ssl_ok = rb_supports_ssl(); mod_ctl = rb_malloc(sizeof(mod_ctl_t)); mod_ctl->F = rb_open(ctlfd, RB_FD_SOCKET, "ircd control socket"); mod_ctl->F_pipe = rb_open(pipefd, RB_FD_PIPE, "ircd pipe"); @@ -1248,7 +1217,7 @@ main(int argc, char **argv) read_pipe_ctl(mod_ctl->F_pipe, NULL); mod_read_ctl(mod_ctl->F, mod_ctl); send_version(mod_ctl); - if(!zlib_ok && !ssl_ok) + if(!zlib_ok && !ssld_ssl_ok) { /* this is really useless... */ send_i_am_useless(mod_ctl); @@ -1259,7 +1228,7 @@ main(int argc, char **argv) if(!zlib_ok) send_nozlib_support(mod_ctl, NULL); - if(!ssl_ok) + if(!ssld_ssl_ok) send_nossl_support(mod_ctl, NULL); rb_lib_loop(0); return 0;