/*
* This is used after the other side of a connection has accepted our credentials.
* They are then introducing themselves to us, BEFORE either of us burst. -- w
*/
bool TreeSocket::Outbound_Reply_Server(parameterlist ¶ms)
{
const Link* x = AuthRemote(params);
if (x)
{
/*
* They're in WAIT_AUTH_2 (having accepted our credentials).
* Set our state to CONNECTED (since everything's peachy so far) and send our
* netburst to them, which will trigger their CONNECTED state, and BURST in reply.
*
* While we're at it, create a treeserver object so we know about them.
* -- w
*/
FinishAuth(params[0], params[3], params.back(), x->Hidden);
return true;
}
return false;
}
void TreeSocket::ProcessLine(std::string &line)
{
std::string prefix;
std::string command;
parameterlist params;
ServerInstance->Logs->Log(MODNAME, LOG_RAWIO, "S[%d] I %s", this->GetFd(), line.c_str());
Split(line, prefix, command, params);
if (command.empty())
return;
switch (this->LinkState)
{
case WAIT_AUTH_1:
/*
* State WAIT_AUTH_1:
* Waiting for SERVER command from remote server. Server initiating
* the connection sends the first SERVER command, listening server
* replies with theirs if its happy, then if the initiator is happy,
* it starts to send its net sync, which starts the merge, otherwise
* it sends an ERROR.
*/
if (command == "PASS")
{
/*
* Ignore this silently. Some services packages insist on sending PASS, even
* when it is not required (i.e. by us). We have to ignore this here, otherwise
* as it's an unknown command (effectively), it will cause the connection to be
* closed, which probably isn't what people want. -- w00t
*/
}
else if (command == "SERVER")
{
this->Inbound_Server(params);
}
else if (command == "ERROR")
{
this->Error(params);
}
else if (command == "USER")
{
this->SendError("Client connections to this port are prohibited.");
}
else if (command == "CAPAB")
{
this->Capab(params);
}
else
{
this->SendError("Invalid command in negotiation phase: " + command);
}
break;
case WAIT_AUTH_2:
/*
* State WAIT_AUTH_2:
* We have sent SERVER to the other side of the connection. Now we're waiting for them to start BURST.
* The other option at this stage of things, of course, is for them to close our connection thanks
* to invalid credentials.. -- w
*/
if (command == "SERVER")
{
/*
* Connection is either attempting to re-auth itself (stupid) or sending netburst without sending BURST.
* Both of these aren't allowable, so block them here. -- w
*/
this->SendError("You may not re-authenticate or commence netburst without sending BURST.");
}
else if (command == "BURST")
{
if (params.size())
{
time_t them = ConvToInt(params[0]);
time_t delta = them - ServerInstance->Time();
if ((delta < -600) || (delta > 600))
{
ServerInstance->SNO->WriteGlobalSno('l',"\2ERROR\2: Your clocks are out by %ld seconds (this is more than five minutes). Link aborted, \2PLEASE SYNC YOUR CLOCKS!\2",labs((long)delta));
SendError("Your clocks are out by "+ConvToStr(labs((long)delta))+" seconds (this is more than five minutes). Link aborted, PLEASE SYNC YOUR CLOCKS!");
return;
}
else if ((delta < -30) || (delta > 30))
{
ServerInstance->SNO->WriteGlobalSno('l',"\2WARNING\2: Your clocks are out by %ld seconds. Please consider synching your clocks.", labs((long)delta));
}
}
// Check for duplicate server name/sid again, it's possible that a new
// server was introduced while we were waiting for them to send BURST.
// (we do not reserve their server name/sid when they send SERVER, we do it now)
if (!CheckDuplicate(capab->name, capab->sid))
return;
FinishAuth(capab->name, capab->sid, capab->description, capab->hidden);
}
else if (command == "ERROR")
{
this->Error(params);
}
else if (command == "CAPAB")
{
this->Capab(params);
}
break;
case CONNECTING:
/*
* State CONNECTING:
* We're connecting (OUTGOING) to another server. They are in state WAIT_AUTH_1 until they verify
* our credentials, when they proceed into WAIT_AUTH_2 and send SERVER to us. We then send BURST
* + our netburst, which will put them into CONNECTED state. -- w
*/
if (command == "SERVER")
{
// Our credentials have been accepted, send netburst. (this puts US into the CONNECTED state)
this->Outbound_Reply_Server(params);
}
else if (command == "ERROR")
{
this->Error(params);
}
else if (command == "CAPAB")
{
this->Capab(params);
}
break;
case CONNECTED:
/*
* State CONNECTED:
* Credentials have been exchanged, we've gotten their 'BURST' (or sent ours).
* Anything from here on should be accepted a little more reasonably.
*/
this->ProcessConnectedLine(prefix, command, params);
break;
case DYING:
break;
}
}
