s32 ssl_handshake( s32 ssl_context ){
s32 aSsl_context[8] ATTRIBUTE_ALIGN(32);
s32 aResponse[8] ATTRIBUTE_ALIGN(32);
s32 ret;
ret = ssl_open();
if(ret){
return ret;
}
aSsl_context[0] = ssl_context;
ret = IOS_IoctlvFormat(__ssl_hid, __ssl_fd, IOCTLV_SSL_HANDSHAKE, "d:d", aResponse, 0x20, aSsl_context, 0x20);
ssl_close();
return (ret ? ret : aResponse[0]);
}
s32 ssl_setbuiltinclientcert(s32 ssl_context, s32 index){
s32 aSsl_context[8] ATTRIBUTE_ALIGN(32);
s32 aIndex[8] ATTRIBUTE_ALIGN(32);
s32 aResponse[8] ATTRIBUTE_ALIGN(32);
s32 ret;
ret = ssl_open();
if(ret){
return ret;
}
aSsl_context[0] = ssl_context;
aIndex[0] = index;
ret = IOS_IoctlvFormat(__ssl_hid, __ssl_fd, IOCTLV_SSL_SETBUILTINCLIENTCERT, "d:dd", aResponse, 32, aSsl_context, 32, aIndex, 32);
ssl_close();
return (ret ? ret : aResponse[0]);
}
s32 ssl_connect(s32 ssl_context, s32 socket){
s32 aSsl_context[8] ATTRIBUTE_ALIGN(32);
s32 aSocket[8] ATTRIBUTE_ALIGN(32);
s32 aResponse[8] ATTRIBUTE_ALIGN(32);
s32 ret;
ret = ssl_open();
if(ret){
return ret;
}
aSsl_context[0] = ssl_context;
aSocket[0] = socket;
ret = IOS_IoctlvFormat(__ssl_hid, __ssl_fd, IOCTLV_SSL_CONNECT, "d:dd", aResponse, 0x20, aSsl_context, 0x20, aSocket, 0x20);
ssl_close();
return (ret ? ret : aResponse[0]);
}
void doit(int t) {
int fakev4=0;
int j;
SSL *ssl;
int wstat;
uint32 scope_id;
int sslctl[2];
char *s;
unsigned long tmp_long;
char sslctl_cmd;
stralloc ssl_env = { 0 };
buffer ssl_env_buf;
if (pipe(pi) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (pipe(po) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sslctl) == -1) strerr_die2sys(111,DROP,"unable to create socketpair: ");
switch(fork()) {
case -1:
strerr_die2sys(111,DROP,"unable to fork: ");
case 0:
/* Child */
break;
default:
/* Parent */
close(pi[0]); close(po[1]); close(sslctl[1]);
if ((s=env_get("SSL_CHROOT")))
if (chroot(s) == -1)
strerr_die2x(111,DROPSSL,"unable to chroot");
if ((s=env_get("SSL_GID"))) {
scan_ulong(s,&tmp_long);
gid = tmp_long;
}
if (gid) if (prot_gid(gid) == -1) strerr_die2sys(111,DROPSSL,"unable to set gid: ");
if ((s=env_get("SSL_UID"))) {
scan_ulong(s,&tmp_long);
uid = tmp_long;
}
if (uid) if (prot_uid(uid) == -1)
strerr_die2sys(111,DROPSSL,"unable to set uid: ");
/* This will exit on a fatal error or if the client quits
* without activating SSL
*/
sslctl_cmd = ucspitls_master_wait_for_activation(sslctl[0]);
/* If we got here, SSL must have been activated */
ssl = ssl_new(ctx,t);
if (!ssl) strerr_die2x(111,DROP,"unable to create SSL instance");
if (ndelay_on(t) == -1)
strerr_die2sys(111,DROP,"unable to set socket options: ");
if (ssl_timeoutaccept(ssl,ssltimeout) == -1)
strerr_die3x(111,DROP,"unable to accept SSL: ",ssl_error_str(ssl_errno));
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn3("sslserver: ssl ",strnum," accept ",0);
}
if (flagclientcert) {
switch(ssl_verify(ssl,verifyhost)) {
case -1:
strerr_die2x(111,DROP,"unable to verify client certificate");
case -2:
strerr_die2x(111,DROP,"no client certificate");
case -3:
strerr_die2x(111,DROP,"client name does not match certificate");
default: break;
}
}
if (sslctl_cmd == 'Y') {
ssl_server_env(ssl, &ssl_env);
stralloc_0(&ssl_env); /* Add another NUL */
buffer_init(&ssl_env_buf,buffer_unixwrite,sslctl[0],NULL,0);
if (buffer_putflush(&ssl_env_buf, ssl_env.s, ssl_env.len) == -1) {
strerr_die2sys(111, FATAL, "unable to write SSL environment: ");
}
} else if (sslctl_cmd != 'y') {
strerr_die2x(111,DROP,"Protocol error on SSL control descriptor: invalid command character read");
}
if (close(sslctl[0]) != 0) {
strerr_die2sys(111, DROP, "Error closing SSL control socket: ");
}
if (ssl_io(ssl,pi[1],po[0],io_opt) != 0)
strerr_die3x(111,DROP,"unable to speak SSL: ",ssl_error_str(ssl_errno));
if (wait_nohang(&wstat) > 0)
_exit(wait_exitcode(wstat));
ssl_close(ssl);
_exit(0);
}
/* Child-only below this point */
if (close(sslctl[0]) != 0) {
strerr_die2sys(111, DROP, "Error closing SSL control socket: ");
}
if (!forcev6 && ip6_isv4mapped(remoteip))
fakev4=1;
if (fakev4)
remoteipstr[ip4_fmt(remoteipstr,remoteip+12)] = 0;
else
remoteipstr[ip6_fmt(remoteipstr,remoteip)] = 0;
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn4("sslserver: pid ",strnum," from ",remoteipstr,0);
}
if (socket_local6(t,localip,&localport,&scope_id) == -1)
strerr_die2sys(111,DROP,"unable to get local address: ");
if (fakev4)
localipstr[ip4_fmt(localipstr,localip+12)] = 0;
else
localipstr[ip6_fmt(localipstr,localip)] = 0;
remoteportstr[fmt_ulong(remoteportstr,remoteport)] = 0;
if (!localhost)
if (dns_name6(&localhostsa,localip) == 0)
if (localhostsa.len) {
if (!stralloc_0(&localhostsa)) drop_nomem();
localhost = localhostsa.s;
}
env("PROTO",fakev4?"SSL":"SSL6");
env("SSLLOCALIP",localipstr);
env("SSL6LOCALIP",localipstr);
env("SSLLOCALPORT",localportstr);
env("SSL6LOCALPORT",localportstr);
env("SSLLOCALHOST",localhost);
env("SSL6LOCALHOST",localhost);
if (!fakev4 && scope_id)
env("SSL6INTERFACE",socket_getifname(scope_id));
if (flagtcpenv) {
env("TCPLOCALIP",localipstr);
env("TCP6LOCALIP",localipstr);
env("TCPLOCALPORT",localportstr);
env("TCP6LOCALPORT",localportstr);
env("TCPLOCALHOST",localhost);
env("TCP6LOCALHOST",localhost);
if (!fakev4 && scope_id)
env("TCP6INTERFACE",socket_getifname(scope_id));
}
if (flagremotehost)
if (dns_name6(&remotehostsa,remoteip) == 0)
if (remotehostsa.len) {
if (flagparanoid) {
verifyhost = remoteipstr;
if (dns_ip6(&tmp,&remotehostsa) == 0)
for (j = 0;j + 16 <= tmp.len;j += 16)
if (byte_equal(remoteip,16,tmp.s + j)) {
flagparanoid = 0;
break;
}
}
if (!flagparanoid) {
if (!stralloc_0(&remotehostsa)) drop_nomem();
remotehost = remotehostsa.s;
verifyhost = remotehostsa.s;
}
}
env("SSLREMOTEIP",remoteipstr);
env("SSL6REMOTEIP",remoteipstr);
remoteipstr[ip6_fmt(remoteipstr,remoteip)]=0;
env("SSLREMOTEPORT",remoteportstr);
env("SSL6REMOTEPORT",remoteportstr);
env("SSLREMOTEHOST",remotehost);
env("SSL6REMOTEHOST",remotehost);
if (flagtcpenv) {
env("TCPREMOTEIP",remoteipstr);
env("TCP6REMOTEIP",remoteipstr);
env("TCPREMOTEPORT",remoteportstr);
env("TCP6REMOTEPORT",remoteportstr);
env("TCPREMOTEHOST",remotehost);
env("TCP6REMOTEHOST",remotehost);
}
if (flagremoteinfo) {
if (remoteinfo6(&tcpremoteinfo,remoteip,remoteport,localip,localport,timeout,netif) == -1)
flagremoteinfo = 0;
if (!stralloc_0(&tcpremoteinfo)) drop_nomem();
}
env("SSLREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
env("SSL6REMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
if (flagtcpenv) {
env("TCPREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
env("TCP6REMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
}
if (fnrules) {
int fdrules;
fdrules = open_read(fnrules);
if (fdrules == -1) {
if (errno != error_noent) drop_rules();
if (!flagallownorules) drop_rules();
}
else {
int fakev4=0;
char* temp;
if (!forcev6 && ip6_isv4mapped(remoteip))
fakev4=1;
if (fakev4)
temp=remoteipstr+7;
else
temp=remoteipstr;
if (rules(found,fdrules,temp,remotehost,flagremoteinfo ? tcpremoteinfo.s : 0) == -1) drop_rules();
close(fdrules);
}
}
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
if (!stralloc_copys(&tmp,"sslserver: ")) drop_nomem();
safecats(flagdeny ? "deny" : "ok");
cats(" "); safecats(strnum);
cats(" "); if (localhost) safecats(localhost);
cats(":"); safecats(localipstr);
cats(":"); safecats(localportstr);
cats(" "); if (remotehost) safecats(remotehost);
cats(":"); safecats(remoteipstr);
cats(":"); if (flagremoteinfo) safecats(tcpremoteinfo.s);
cats(":"); safecats(remoteportstr);
cats("\n");
buffer_putflush(buffer_2,tmp.s,tmp.len);
}
if (flagdeny) _exit(100);
if (gid) if (prot_gid(gid) == -1)
strerr_die2sys(111,FATAL,"unable to set gid: ");
if (uid) if (prot_uid(uid) == -1)
strerr_die2sys(111,FATAL,"unable to set uid: ");
close(pi[1]); close(po[0]);
sig_uncatch(sig_child);
sig_unblock(sig_child);
sig_uncatch(sig_term);
sig_uncatch(sig_pipe);
if (fcntl(sslctl[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,sslctl[1])]=0;
setenv("SSLCTLFD",strnum,1);
if (fcntl(pi[0],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,pi[0])]=0;
setenv("SSLREADFD",strnum,1);
if (fcntl(po[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,po[1])]=0;
setenv("SSLWRITEFD",strnum,1);
if (flagsslwait) {
if (fd_copy(0,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_copy(1,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
} else {
if (fd_move(0,pi[0]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_move(1,po[1]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
}
if (flagkillopts)
socket_ipoptionskill(t);
if (!flagdelay)
socket_tcpnodelay(t);
if (*banner) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
if (buffer_putsflush(&b,banner) == -1)
strerr_die2sys(111,DROP,"unable to print banner: ");
}
if (!flagsslwait) {
strnum[fmt_ulong(strnum,flagsslenv)] = 0;
strerr_warn2("flagsslenv: ", strnum, 0);
ucspitls(flagsslenv,0,1);
}
pathexec(prog);
strerr_die4sys(111,DROP,"unable to run ",*prog,": ");
}
void doit(int t) {
int j;
SSL *ssl;
int wstat;
int sslctl[2];
char *s;
unsigned long tmp_long;
char ssl_cmd;
stralloc ssl_env = { 0 };
int bytesleft;
char envbuf[8192];
int childpid;
if (pipe(pi) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (pipe(po) == -1) strerr_die2sys(111,DROP,"unable to create pipe: ");
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sslctl) == -1) strerr_die2sys(111,DROP,"unable to create socketpair: ");
if ((j = ip_fmt(&remoteipsa,&remoteaddr)))
strerr_die3x(111,DROP,"unable to print remote ip",gai_strerror(j));
if (flagremotehost) {
if (dns_name(&remotehostsa,&remoteaddr) == 0)
if (remotehostsa.len) {
if (flagparanoid) {
struct addrinfo *reverse, hints = {0};
verifyhost = remoteipsa.s;
hints.ai_family = remoteaddr.sa4.sin_family;
if (remoteaddr.sa6.sin6_family == AF_INET6) {
hints.ai_flags = AI_V4MAPPED | AI_ALL;
}
if (getaddrinfo(remotehostsa.s, NULL, &hints, &reverse) == 0) {
hints.ai_next = reverse;
while (hints.ai_next) {
if (hints.ai_next->ai_family == AF_INET
&& remoteaddr.sa4.sin_family == AF_INET
&& byte_equal(&remoteaddr.sa4.sin_addr, 4, &((struct sockaddr_in*) hints.ai_next->ai_addr)->sin_addr)
|| hints.ai_next->ai_family == AF_INET6
&& remoteaddr.sa6.sin6_family == AF_INET6
&& byte_equal(remoteaddr.sa6.sin6_addr.s6_addr, 16,
&((struct sockaddr_in6*) hints.ai_next->ai_addr)->sin6_addr.s6_addr)) {
flagparanoid = 0;
break;
}
hints.ai_next = hints.ai_next->ai_next;
}
freeaddrinfo(reverse);
}
}
if (!flagparanoid) {
remotehost = remotehostsa.s;
verifyhost = remotehostsa.s;
}
}
}
switch(childpid=fork()) {
case -1:
strerr_die2sys(111,DROP,"unable to fork: ");
case 0:
/* Child */
close(sslctl[0]);
break;
default:
/* Parent */
close(pi[0]); close(po[1]); close(sslctl[1]);
if ((s=env_get("SSL_CHROOT")))
if (chroot(s) == -1) {
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"unable to chroot");
}
if ((s=env_get("SSL_GID"))) {
scan_ulong(s,&tmp_long);
gid = tmp_long;
}
if (gid) if (prot_gid(gid) == -1) {
kill(childpid, SIGTERM);
strerr_die2sys(111,FATAL,"unable to set gid: ");
}
if ((s=env_get("SSL_UID"))) {
scan_ulong(s,&tmp_long);
uid = tmp_long;
}
if (uid)
if (prot_uid(uid) == -1) {
kill(childpid, SIGTERM);
strerr_die2sys(111,FATAL,"unable to set uid: ");
}
/* Read the TLS command socket. This will block until/unless
* TLS is requested.
*/
if (read(sslctl[0],&ssl_cmd,1) == 1) {
ssl = ssl_new(ctx,t);
if (!ssl) {
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"unable to create SSL instance");
}
if (ndelay_on(t) == -1) {
kill(childpid, SIGTERM);
strerr_die2sys(111,DROP,"unable to set socket options: ");
}
if (ssl_timeoutaccept(ssl,ssltimeout) == -1) {
kill(childpid, SIGTERM);
strerr_die3x(111,DROP,"unable to accept SSL: ",ssl_error_str(ssl_errno));
}
}
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn3("sslserver: ssl ",strnum," accept ",0);
}
if (flagclientcert) {
switch(ssl_verify(ssl,verifyhost)) {
case -1:
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"unable to verify client certificate");
case -2:
kill(childpid, SIGTERM);
strerr_die2x(111,DROP,"no client certificate");
case -3:
kill(childpid, SIGTERM);
strerr_die3x(111,DROP,"certificate name does not match client fqdn: ",verifyhost);
default: break;
}
}
if (ssl_cmd == 'Y') {
ssl_server_env(ssl, &ssl_env);
if(!stralloc_0(&ssl_env)) drop_nomem(); /* Add another NUL */
env("SSLCTL",ssl_env.s);
for(bytesleft = ssl_env.len; bytesleft>0; bytesleft-=j)
if ( (j=write(sslctl[0], ssl_env.s, bytesleft)) < 0) {
kill(childpid, SIGTERM);
strerr_die2sys(111, FATAL, "unable to write SSL environment: ");
}
}
if (ssl_cmd == 'Y' || ssl_cmd == 'y') {
if (ssl_io(ssl,pi[1],po[0],progtimeout) != 0) {
kill(childpid, SIGTERM);
strerr_die3x(111,DROP,"unable to speak SSL: ",ssl_error_str(ssl_errno));
}
if (wait_nohang(&wstat) > 0)
_exit(wait_exitcode(wstat));
ssl_close(ssl);
}
kill(childpid, SIGTERM);
_exit(0);
}
/* Child-only below this point */
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strerr_warn4("sslserver: pid ",strnum," from ",remoteipsa.s,0);
}
if (socket_local(t,&localaddr,&localport) == -1)
strerr_die2sys(111,DROP,"unable to get local address: ");
if ((j = ip_fmt(&localipsa,&localaddr)))
strerr_die3x(111,DROP,"unable to print local address: ",gai_strerror(j));
remoteportstr[fmt_ulong(remoteportstr,remoteport)] = 0;
if (!localhost)
if (dns_name(&localhostsa,&localaddr) == 0)
if (localhostsa.len) {
if (!stralloc_0(&localhostsa)) drop_nomem();
localhost = localhostsa.s;
}
/* If remoteipsa.s contain ':' colon character will assume it is IPv6 */
if (byte_chr(remoteipsa.s, remoteipsa.len, ':') < remoteipsa.len)
env("PROTO","SSL6");
else
env("PROTO","SSL");
env("SSLLOCALIP",localipsa.s);
env("SSLLOCALPORT",localportstr);
env("SSLLOCALHOST",localhost);
if (flagtcpenv) {
env("TCPLOCALIP",localipsa.s);
env("TCPLOCALPORT",localportstr);
env("TCPLOCALHOST",localhost);
}
env("SSLREMOTEIP",remoteipsa.s);
env("SSLREMOTEPORT",remoteportstr);
env("SSLREMOTEHOST",remotehost);
if (flagtcpenv) {
env("TCPREMOTEIP",remoteipsa.s);
env("TCPREMOTEPORT",remoteportstr);
env("TCPREMOTEHOST",remotehost);
}
if (flagremoteinfo) {
if (remoteinfo(&tcpremoteinfo,&remoteaddr,&localaddr,timeout) == -1)
flagremoteinfo = 0;
if (!stralloc_0(&tcpremoteinfo)) drop_nomem();
}
env("SSLREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
if (flagtcpenv)
env("TCPREMOTEINFO",flagremoteinfo ? tcpremoteinfo.s : 0);
if (fnrules) {
int fdrules;
fdrules = open_read(fnrules);
if (fdrules == -1) {
if (errno != error_noent) drop_rules();
if (!flagallownorules) drop_rules();
}
else {
if (rules(found,fdrules,&remoteaddr,remotehost,flagremoteinfo ? tcpremoteinfo.s : 0) == -1)
drop_rules();
close(fdrules);
}
}
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
if (!stralloc_copys(&tmp,"sslserver: ")) drop_nomem();
safecats(flagdeny ? "deny" : "ok");
cats(" "); safecats(strnum);
cats(" "); if (localhost) safecats(localhost);
cats(":"); safecats(localipsa.s);
cats(":"); safecats(localportstr);
cats(" "); if (remotehost) safecats(remotehost);
cats(":"); safecats(remoteipsa.s);
cats(":"); if (flagremoteinfo) safecats(tcpremoteinfo.s);
cats(":"); safecats(remoteportstr);
cats("\n");
buffer_putflush(buffer_2,tmp.s,tmp.len);
}
if (flagdeny) _exit(100);
if (gid) if (prot_gid(gid) == -1)
strerr_die2sys(111,FATAL,"unable to set gid: ");
if (uid) if (prot_uid(uid) == -1)
strerr_die2sys(111,FATAL,"unable to set uid: ");
close(pi[1]); close(po[0]); close(sslctl[0]);
sig_uncatch(sig_child);
sig_unblock(sig_child);
sig_uncatch(sig_term);
sig_uncatch(sig_pipe);
if (fcntl(sslctl[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,sslctl[1])]=0;
env("SSLCTLFD",strnum);
if (fcntl(pi[0],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,pi[0])]=0;
env("SSLREADFD",strnum);
if (fcntl(po[1],F_SETFD,0) == -1)
strerr_die2sys(111,FATAL,"unable to clear close-on-exec flag");
strnum[fmt_ulong(strnum,po[1])]=0;
env("SSLWRITEFD",strnum);
if (flagsslwait) {
if (fd_copy(0,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_copy(1,t) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
} else {
if (fd_move(0,pi[0]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 0: ");
if (fd_move(1,po[1]) == -1)
strerr_die2sys(111,DROP,"unable to set up descriptor 1: ");
}
if (flagkillopts)
socket_ipoptionskill(t);
if (!flagdelay)
socket_tcpnodelay(t);
if (*banner) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
if (buffer_putsflush(&b,banner) == -1)
strerr_die2sys(111,DROP,"unable to print banner: ");
}
if (!flagsslwait) {
ssl_cmd = flagsslenv ? 'Y' : 'y';
if (write(sslctl[1], &ssl_cmd, 1) < 1)
strerr_die2sys(111,DROP,"unable to start SSL: ");
if (flagsslenv) {
while ((j=read(sslctl[1],envbuf,8192)) > 0) {
stralloc_catb(&ssl_env,envbuf,j);
if (ssl_env.len >= 2 && ssl_env.s[ssl_env.len-2]==0 && ssl_env.s[ssl_env.len-1]==0)
break;
}
if (j < 0)
strerr_die2sys(111,DROP,"unable to read SSL environment: ");
pathexec_multienv(&ssl_env);
}
}
pathexec(prog);
strerr_die4sys(111,DROP,"unable to run ",*prog,": ");
}
static SSLSTREAM *ssl_start (TCPSTREAM *tstream,char *host,unsigned long flags)
{
SECURITY_STATUS e;
ULONG a;
TimeStamp t;
SecBuffer ibuf[2],obuf[1];
SecBufferDesc ibufs,obufs;
SCHANNEL_CRED tlscred;
CERT_CONTEXT *cert;
CERT_CHAIN_PARA chparam;
CERT_CHAIN_CONTEXT *chain;
SSL_EXTRA_CERT_CHAIN_POLICY_PARA policy;
CERT_CHAIN_POLICY_PARA polparam;
CERT_CHAIN_POLICY_STATUS status;
char tmp[MAILTMPLEN],certname[256];
char *reason = NIL;
ULONG req = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT |
ISC_REQ_CONFIDENTIALITY | ISC_REQ_USE_SESSION_KEY |
ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM | ISC_REQ_EXTENDED_ERROR |
ISC_REQ_MANUAL_CRED_VALIDATION;
LPSTR usage[] = {
szOID_PKIX_KP_SERVER_AUTH,
szOID_SERVER_GATED_CRYPTO,
szOID_SGC_NETSCAPE
};
PWSTR whost = NIL;
char *buf = (char *) fs_get (ssltsz);
unsigned long size = 0;
sslcertificatequery_t scq =
(sslcertificatequery_t) mail_parameters (NIL,GET_SSLCERTIFICATEQUERY,NIL);
sslfailure_t sf = (sslfailure_t) mail_parameters (NIL,GET_SSLFAILURE,NIL);
SSLSTREAM *stream = (SSLSTREAM *) memset (fs_get (sizeof (SSLSTREAM)),0,
sizeof (SSLSTREAM));
stream->tcpstream = tstream; /* bind TCP stream */
/* initialize TLS credential */
memset (&tlscred,0,sizeof (SCHANNEL_CRED));
tlscred.dwVersion = SCHANNEL_CRED_VERSION;
tlscred.grbitEnabledProtocols = SP_PROT_TLS1;
/* acquire credentials */
if (AcquireCredentialsHandle
(NIL,UNISP_NAME,SECPKG_CRED_OUTBOUND,NIL,(flags & NET_TLSCLIENT) ?
&tlscred : NIL,NIL,NIL,&stream->cred,&t)
!= SEC_E_OK) reason = "Acquire credentials handle failed";
else while (!reason) { /* negotiate security context */
/* initialize buffers */
ibuf[0].cbBuffer = size; ibuf[0].pvBuffer = buf;
ibuf[1].cbBuffer = 0; ibuf[1].pvBuffer = NIL;
obuf[0].cbBuffer = 0; obuf[0].pvBuffer = NIL;
ibuf[0].BufferType = obuf[0].BufferType = SECBUFFER_TOKEN;
ibuf[1].BufferType = SECBUFFER_EMPTY;
/* initialize buffer descriptors */
ibufs.ulVersion = obufs.ulVersion = SECBUFFER_VERSION;
ibufs.cBuffers = 2; obufs.cBuffers = 1;
ibufs.pBuffers = ibuf; obufs.pBuffers = obuf;
/* negotiate security */
e = InitializeSecurityContext
(&stream->cred,size ? &stream->context : NIL,host,req,0,
SECURITY_NETWORK_DREP,size? &ibufs:NIL,0,&stream->context,&obufs,&a,&t);
/* have an output buffer we need to send? */
if (obuf[0].pvBuffer && obuf[0].cbBuffer) {
if (!tcp_sout (stream->tcpstream,obuf[0].pvBuffer,obuf[0].cbBuffer))
reason = "Unexpected TCP output disconnect";
/* free the buffer */
FreeContextBuffer (obuf[0].pvBuffer);
}
if (!reason) switch (e) { /* negotiation state */
case SEC_I_INCOMPLETE_CREDENTIALS:
break; /* server wants client auth */
case SEC_I_CONTINUE_NEEDED:
if (size) { /* continue, read any data? */
/* yes, anything regurgiated back to us? */
if (ibuf[1].BufferType == SECBUFFER_EXTRA) {
/* yes, set this as the new data */
memmove (buf,buf + size - ibuf[1].cbBuffer,ibuf[1].cbBuffer);
size = ibuf[1].cbBuffer;
break;
}
size = 0; /* otherwise, read more stuff from server */
}
case SEC_E_INCOMPLETE_MESSAGE:
/* need to read more data from server */
if (!tcp_getdata (stream->tcpstream))
reason = "Unexpected TCP input disconnect";
else {
memcpy (buf+size,stream->tcpstream->iptr,stream->tcpstream->ictr);
size += stream->tcpstream->ictr;
/* empty it from TCP's buffers */
stream->tcpstream->iptr += stream->tcpstream->ictr;
stream->tcpstream->ictr = 0;
}
break;
case SEC_E_OK: /* success, any data to be regurgitated? */
if (ibuf[1].BufferType == SECBUFFER_EXTRA) {
/* yes, set this as the new data */
memmove (stream->tcpstream->iptr = stream->tcpstream->ibuf,
buf + size - ibuf[1].cbBuffer,ibuf[1].cbBuffer);
stream->tcpstream->ictr = ibuf[1].cbBuffer;
}
if (!(flags & NET_NOVALIDATECERT)) {
/* need validation, make wchar of host */
if (!((size = MultiByteToWideChar (CP_ACP,0,host,-1,NIL,0)) &&
(whost = (PWSTR) fs_get (size*sizeof (WCHAR))) &&
MultiByteToWideChar (CP_ACP,0,host,-1,whost,size)))
fatal ("Can't make wchar of host name!");
/* get certificate */
if ((QueryContextAttributes
(&stream->context,SECPKG_ATTR_REMOTE_CERT_CONTEXT,&cert) !=
SEC_E_OK) || !cert) {
reason = "*Unable to get certificate";
strcpy (certname,"<no certificate>");
}
else { /* get certificate subject name */
CertNameToStr (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&cert->pCertInfo->Subject,CERT_X500_NAME_STR,
certname,255);
/* build certificate chain */
memset (&chparam,0,sizeof (chparam));
chparam.cbSize = sizeof (chparam);
chparam.RequestedUsage.dwType = USAGE_MATCH_TYPE_OR;
chparam.RequestedUsage.Usage.rgpszUsageIdentifier = usage;
chparam.RequestedUsage.Usage.cUsageIdentifier =
sizeof (usage) / sizeof (LPSTR);
if (!CertGetCertificateChain
(NIL,cert,NIL,cert->hCertStore,&chparam,NIL,NIL,&chain))
reason = ssl_analyze_status (GetLastError (),tmp);
else { /* validate certificate chain */
memset (&policy,0,sizeof (SSL_EXTRA_CERT_CHAIN_POLICY_PARA));
policy.cbStruct = sizeof (SSL_EXTRA_CERT_CHAIN_POLICY_PARA);
policy.dwAuthType = AUTHTYPE_SERVER;
policy.fdwChecks = NIL;
policy.pwszServerName = whost;
memset (&polparam,0,sizeof (polparam));
polparam.cbSize = sizeof (polparam);
polparam.pvExtraPolicyPara = &policy;
memset (&status,0,sizeof (status));
status.cbSize = sizeof (status);
if (!CertVerifyCertificateChainPolicy
(CERT_CHAIN_POLICY_SSL,chain,&polparam,&status))
reason = ssl_analyze_status (GetLastError (),tmp);
else if (status.dwError)
reason = ssl_analyze_status (status.dwError,tmp);
CertFreeCertificateChain (chain);
}
}
if (whost) fs_give ((void **) &whost);
if (reason) { /* got an error? */
/* application callback */
if (scq) reason = (*scq) ((*reason == '*') ? reason + 1 : reason,
host,certname) ? NIL : "";
else if (*certname) { /* error message to return via mm_log() */
sprintf (buf,"*%.128s: %.255s",
(*reason == '*') ? reason + 1 : reason,certname);
reason = buf;
}
}
}
if (reason ||
(reason = ssl_analyze_status
(QueryContextAttributes
(&stream->context,SECPKG_ATTR_STREAM_SIZES,&stream->sizes),buf)))
break; /* error in certificate or getting sizes */
fs_give ((void **) &buf); /* flush temporary buffer */
/* make maximum-sized buffers */
stream->bufsize = stream->sizes.cbHeader +
stream->sizes.cbMaximumMessage + stream->sizes.cbTrailer;
if (stream->sizes.cbMaximumMessage < SSLBUFLEN)
fatal ("cbMaximumMessage is less than SSLBUFLEN!");
else if (stream->sizes.cbMaximumMessage < 16384) {
sprintf (tmp,"WINDOWS BUG: cbMaximumMessage = %ld, should be 16384",
(long) stream->sizes.cbMaximumMessage);
mm_log (tmp,NIL);
}
stream->ibuf = (char *) fs_get (stream->bufsize);
stream->obuf = (char *) fs_get (stream->bufsize);
return stream;
default:
reason = ssl_analyze_status (e,buf);
}
}
ssl_close (stream); /* failed to do SSL */
stream = NIL; /* no stream returned */
switch (*reason) { /* analyze reason */
case '*': /* certificate failure */
++reason; /* skip over certificate failure indication */
/* pass to error callback */
if (sf) (*sf) (host,reason,flags);
else { /* no error callback, build error message */
sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason);
mm_log (tmp,ERROR);
}
case '\0': /* user answered no to certificate callback */
if (flags & NET_TRYSSL) /* return dummy stream to stop tryssl */
stream = (SSLSTREAM *) memset (fs_get (sizeof (SSLSTREAM)),0,
sizeof (SSLSTREAM));
break;
default: /* non-certificate failure */
if (flags & NET_TRYSSL); /* no error output if tryssl */
/* pass to error callback */
else if (sf) (*sf) (host,reason,flags);
else { /* no error callback, build error message */
sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason);
mm_log (tmp,ERROR);
}
break;
}
fs_give ((void **) &buf); /* flush temporary buffer */
return stream;
}
static SSLSTREAM *ssl_start (TCPSTREAM *tstream,char *host,unsigned long flags)
{
SECURITY_STATUS e;
ULONG a;
TimeStamp t;
SecBuffer ibuf[2],obuf[1];
SecBufferDesc ibufs,obufs;
char tmp[MAILTMPLEN];
char *reason = NIL;
ULONG req = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT |
ISC_REQ_CONFIDENTIALITY | ISC_REQ_USE_SESSION_KEY |
ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM | ISC_REQ_EXTENDED_ERROR +
((flags & NET_NOVALIDATECERT) ? ISC_REQ_MANUAL_CRED_VALIDATION :
ISC_REQ_MUTUAL_AUTH);
SCHANNEL_CRED tlscred;
char *buf = (char *) fs_get (ssltsz);
unsigned long size = 0;
sslfailure_t sf = (sslfailure_t) mail_parameters (NIL,GET_SSLFAILURE,NIL);
SSLSTREAM *stream = (SSLSTREAM *) memset (fs_get (sizeof (SSLSTREAM)),0,
sizeof (SSLSTREAM));
stream->tcpstream = tstream; /* bind TCP stream */
/* initialize TLS credential */
memset (&tlscred,0,sizeof (SCHANNEL_CRED));
tlscred.dwVersion = SCHANNEL_CRED_VERSION;
tlscred.grbitEnabledProtocols = SP_PROT_TLS1;
/* acquire credentials */
if (sft->AcquireCredentialsHandle
(NIL,UNISP_NAME,SECPKG_CRED_OUTBOUND,NIL,(flags & NET_TLSCLIENT) ?
&tlscred : NIL,NIL,NIL,&stream->cred,&t)
!= SEC_E_OK) reason = "Acquire credentials handle failed";
else while (!reason) { /* negotiate security context */
/* initialize buffers */
ibuf[0].cbBuffer = size; ibuf[0].pvBuffer = buf;
ibuf[1].cbBuffer = 0; ibuf[1].pvBuffer = NIL;
obuf[0].cbBuffer = 0; obuf[0].pvBuffer = NIL;
ibuf[0].BufferType = obuf[0].BufferType = SECBUFFER_TOKEN;
ibuf[1].BufferType = SECBUFFER_EMPTY;
/* initialize buffer descriptors */
ibufs.ulVersion = obufs.ulVersion = SECBUFFER_VERSION;
ibufs.cBuffers = 2; obufs.cBuffers = 1;
ibufs.pBuffers = ibuf; obufs.pBuffers = obuf;
/* negotiate security */
e = sft->InitializeSecurityContext
(&stream->cred,size ? &stream->context : NIL,host,req,0,
SECURITY_NETWORK_DREP,size? &ibufs:NIL,0,&stream->context,&obufs,&a,&t);
/* have an output buffer we need to send? */
if (obuf[0].pvBuffer && obuf[0].cbBuffer) {
if (!tcp_sout (stream->tcpstream,obuf[0].pvBuffer,obuf[0].cbBuffer))
reason = "Unexpected TCP output disconnect";
/* free the buffer */
sft->FreeContextBuffer (obuf[0].pvBuffer);
}
if (!reason) switch (e) { /* negotiation state */
case SEC_I_INCOMPLETE_CREDENTIALS:
break; /* server wants client auth */
case SEC_I_CONTINUE_NEEDED:
if (size) { /* continue, read any data? */
/* yes, anything regurgiated back to us? */
if (ibuf[1].BufferType == SECBUFFER_EXTRA) {
/* yes, set this as the new data */
memmove (buf,buf + size - ibuf[1].cbBuffer,ibuf[1].cbBuffer);
size = ibuf[1].cbBuffer;
break;
}
size = 0; /* otherwise, read more stuff from server */
}
case SEC_E_INCOMPLETE_MESSAGE:
/* need to read more data from server */
if (!tcp_getdata (stream->tcpstream))
reason = "Unexpected TCP input disconnect";
else {
memcpy (buf+size,stream->tcpstream->iptr,stream->tcpstream->ictr);
size += stream->tcpstream->ictr;
/* empty it from TCP's buffers */
stream->tcpstream->iptr += stream->tcpstream->ictr;
stream->tcpstream->ictr = 0;
}
break;
case SEC_E_OK: /* success, any data to be regurgitated? */
if (ibuf[1].BufferType == SECBUFFER_EXTRA) {
/* yes, set this as the new data */
memmove (stream->tcpstream->iptr = stream->tcpstream->ibuf,
buf + size - ibuf[1].cbBuffer,ibuf[1].cbBuffer);
stream->tcpstream->ictr = ibuf[1].cbBuffer;
}
if (reason = ssl_analyze_status
(sft->QueryContextAttributes
(&stream->context,SECPKG_ATTR_STREAM_SIZES,&stream->sizes),buf))
break; /* error getting sizes */
fs_give ((void **) &buf); /* flush temporary buffer */
/* make maximum-sized buffers */
stream->bufsize = stream->sizes.cbHeader +
stream->sizes.cbMaximumMessage + stream->sizes.cbTrailer;
if (stream->sizes.cbMaximumMessage < SSLBUFLEN)
fatal ("cbMaximumMessage is less than SSLBUFLEN!");
else if (stream->sizes.cbMaximumMessage < 16384) {
sprintf (tmp,"WINDOWS BUG: cbMaximumMessage = %ld, should be 16384",
(long) stream->sizes.cbMaximumMessage);
mm_log (tmp,NIL);
}
stream->ibuf = (char *) fs_get (stream->bufsize);
stream->obuf = (char *) fs_get (stream->bufsize);
return stream;
default:
reason = ssl_analyze_status (e,buf);
}
}
ssl_close (stream); /* failed to do SSL */
stream = NIL; /* no stream returned */
fs_give ((void **) &buf); /* flush temporary buffer */
switch (*reason) { /* analyze reason */
case '*': /* certificate failure */
++reason; /* skip over certificate failure indication */
/* pass to error callback */
if (sf) (*sf) (host,reason,flags);
else { /* no error callback, build error message */
sprintf (tmp,"Certificate failure for %.80s: %.512s",host,reason);
mm_log (tmp,ERROR);
}
case '\0': /* user answered no to certificate callback */
if (flags & NET_TRYSSL) /* return dummy stream to stop tryssl */
stream = (SSLSTREAM *) memset (fs_get (sizeof (SSLSTREAM)),0,
sizeof (SSLSTREAM));
break;
default: /* non-certificate failure */
if (flags & NET_TRYSSL); /* no error output if tryssl */
/* pass to error callback */
else if (sf) (*sf) (host,reason,flags);
else { /* no error callback, build error message */
sprintf (tmp,"TLS/SSL failure for %.80s: %.512s",host,reason);
mm_log (tmp,ERROR);
}
break;
}
return stream;
}
int main(int argc,char **argv)
{
TASK_FACTORY *task;
SMBOT_CONF *conf;
LIST *list;
struct sigaction act;
char *data;
printf("init task factory . . .\n");
task=task_factory_init(20,100);
printf("init task factory successed . . .\n");
printf("set signal . . .\n");
act.sa_flags=0;
act.sa_handler=quit;
sigaction(SIGINT,&act,NULL);
printf("set signal successed . . .\n");
printf("read config . . .\n");
conf=smbot_conf_init();
smbot_conf_open(conf);
smbot_conf_read(conf);
printf("read config successed . . .\n");
printf("init list . . .\n");
list=list_init();
printf("list init successed . . .\n");
printf("connect irc . . .\n");
if(strstr(conf->use_ssl,"true"))
{
is_use_ssl=TRUE;
ssl=ssl_connect(conf->server,conf->port,NULL,NULL);
}
else
{
is_use_ssl=FALSE;
sockfd=tcp_connect(conf->server,conf->port);
}
printf("connect irc successed . . .\n");
if(is_use_ssl)
safe_send_data(ssl,conf);
else
send_data(sockfd,conf);
task_factory_add(task,time_keeping,&is_use_ssl,1);
smbot_conf_close(conf);
while(1)
{
if(smbot_select(sockfd,ssl,is_use_ssl) <= 0)
break;
if(is_use_ssl)
data=ssl_read_line(ssl);
else
data=read_line(sockfd);
if(data == NULL) break;
printf("%s\n",data);
if(strstr(data,"!man"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!man","!man [1-8] <要查询的内容> 功能:linux manpages查询",get_man_url,5);
if(strstr(data,"!ip"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!ip","!ip <ipv4/6地址或域名> 功能:返回ipv4/6或者域名的物理位置",get_ip_addr,5);
if(strstr(data,"!time"))
{
send_time(is_use_ssl,data);
free(data);
continue;
}
if(strstr(data,"!idiom"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!idiom","!idiom <成语词典> 功能:成语词典查询",get_idiom,1);
if(strstr(data,"!dict"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!dict","!dict <目标语言> <要查询的内容> 功能:bing翻译",bing_dict,3);
if(strstr(data,"!youku"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!youku","!youku <关键词> 功能:返回youku第一个链接",get_youku_url,4);
if(strstr(data,"!yt"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!yt","!yt <关键词> 功能:返回youtube第一个频道连接",get_youtube,4);
if(strstr(data,"!bt"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!bt","!bt <关键词> 功能:返回btdigg.org第一个磁力链接",get_bt,4);
if(strstr(data,"!zip"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!zip","!zip <地名> 功能:查询邮政编码",get_zip_code,4);
if(strstr(data,"!weather"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!weather","!weather <地名> 功能:天气预报查询",get_weather,3);
if(strstr(data,"!stack"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!stack","!stack <问题> 功能:返回stackoverflow第一个搜索",get_stack,3);
if(strstr(data,"!id"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!id","!id <身份证号码> 功能:身份证号码查询",get_id_information,5);
if(strstr(data,"!checkid"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!checkid","!checkid <身份证号码> 功能:校验身份证最后一位",check_id_card,5);
if(strstr(data,"!url"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!url","!url <信息> 功能:url编码",get_url_encode,5);
if(strstr(data,"!deurl"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!deurl","!deurl <url编码> 功能:url解码",get_url_decode,5);
if(strstr(data,"!joke"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!joke","!joke <关键词> 功能:返回一个小笑话",get_joke,2);
if(strstr(data,"!dream"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!dream","!dream <关键词> 功能:周公解梦",get_dream,2);
if(strstr(data,"!song"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!song","!song <歌曲> 功能:返回百度音乐第一个搜索结果",get_song_url,2);
if(strstr(data,"!bing"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!bing","!bing <关键词> 功能:返回bing搜索第一个结果",get_bing,1);
if(strstr(data,"!image"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!image","!image <关键词> 功能:返回google搜索第一张图片链接",get_google_image_url,1);
if(strstr(data,"!google"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!google","!google <关键词> 功能:返回google搜索第一个结果",get_google,1);
if(strstr(data,"!baidu"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!baidu","!baidu <关键词> 功能:返回baidu搜索第一个结果",get_baidu,1);
if(strstr(data,"!bimg"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!bimg","!bimg <关键词> 功能:返回百度图片搜索第一个结果",get_bimg,1);
if(strstr(data,"!news"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!news","!news <关键词> 功能:根据关键词返回百度新闻第一条结果",get_news,1);
if(strstr(data,"!air"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!air","!air <城市名称> 功能:查询城市空气质量",get_air,1);
if(strstr(data,"!website"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!website","!website <域名> 功能:网址安全检测,检测结果由金山云盾提供",get_website_testing,1);
if(strstr(data,"!wifi"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!wifi","!wifi <城市名称> 功能:根据城市名返回查到的第一个wifi热点",get_wifi,1);
if(strstr(data,"!train"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!train","!train <车次> 功能:火车时刻表查询",get_train,1);
if(strstr(data,"!sm"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!sm","!sm <你想要说的话> 功能:与机器人对话,使用\'问题%答案\'方式可调教机器人",get_sm_message,1);
if(strstr(data,"!word"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!word","!word <新华字典> 功能:新华字典查询",get_word,1);
if(strstr(data,"!term"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!term","!term <汉语词典> 功能:汉语词典查询",get_term,1);
/* if(strstr(data,"!idiom"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!idiom","!idiom <成语词典> 功能:成语词典查询",get_idiom,1);*/
if(strstr(data,"!b64"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!b64","!b64 <base64编码> 功能:base64编码",get_base64_encode,1);
if(strstr(data,"!deb64"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!deb64","!deb64 <base64解码> 功能:base64解码",get_base64_decode,1);
if(strstr(data,"!baike"))
parse_arg("^:.[^ ]* PRIVMSG .[^ ]* :!baike","!baike <百度百科> 功能:百度百科查询",get_baike,1);
if(strstr(data,"!list") && strstr(data,"PRIVMSG"))
{
smbot_list(data,is_use_ssl);
free(data);
continue;
}
if(strstr(data,"!help smbot") && strstr(data,"PRIVMSG"))
{
smbot_help(data,is_use_ssl);
free(data);
continue;
}
//if(strstr(data,"PING") && !strstr(data,"PRIVMSG"))
if(pong("^PING :.*",data))
pong_server(data,is_use_ssl);
if(pong("^:.[^ ]* PRIVMSG smbot :\x1PING .*",data))
notice(data,is_use_ssl);
}
task_factory_destroy(task);
ssl_close(ssl);
return 0;
}
