/*
* add_connection - creates a client which has just connected to us on
* the given fd. The sockhost field is initialized with the ip# of the host.
* The client is sent to the auth module for verification, and not put in
* any client list yet.
*/
static void
add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, struct sockaddr *lai)
{
struct Client *new_client;
s_assert(NULL != listener);
/*
* get the client socket name from the socket
* the client has already been checked out in accept_connection
*/
new_client = make_client(NULL);
if (listener->ssl)
{
rb_fde_t *xF[2];
if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Incoming ssld Connection") == -1)
{
free_client(new_client);
return;
}
new_client->localClient->ssl_ctl = start_ssld_accept(F, xF[1], new_client->localClient->connid); /* this will close F for us */
if(new_client->localClient->ssl_ctl == NULL)
{
free_client(new_client);
return;
}
F = xF[0];
SetSSL(new_client);
}
memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage));
memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage));
/*
* copy address to 'sockhost' as a string, copy it to host too
* so we have something valid to put into error messages...
*/
rb_inet_ntop_sock((struct sockaddr *)&new_client->localClient->ip, new_client->sockhost,
sizeof(new_client->sockhost));
rb_strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host));
new_client->localClient->F = F;
new_client->localClient->listener = listener;
++listener->ref_count;
start_auth(new_client);
}
int main(int argc, char *argv[])
{
WSADATA wsaData;
int sock;
banner();
if(argc!=4) {
printf("syntax: %s <host> <your_ip> <your_port>\r\n",argv[0]);
return -1;
}
if(WSAStartup(0x0101,&wsaData)!=0) {
printf("error: unable to load winsock\r\n");
return -1;
}
sock=cnx(argv[1]);
if(!sock)
return -1;
start_auth(sock,argv[2],atoi(argv[3]));
return 0;
}
/*
* add_connection - creates a client which has just connected to us on
* the given fd. The sockhost field is initialized with the ip# of the host.
* The client is sent to the auth module for verification, and not put in
* any client list yet.
*/
static void
add_connection(struct Listener *listener, int fd, struct sockaddr *sai)
{
struct Client *new_client;
s_assert(NULL != listener);
/*
* get the client socket name from the socket
* the client has already been checked out in accept_connection
*/
new_client = make_client(NULL);
memcpy(&new_client->localClient->ip, sai, sizeof(struct irc_sockaddr_storage));
/*
* copy address to 'sockhost' as a string, copy it to host too
* so we have something valid to put into error messages...
*/
inetntop_sock((struct sockaddr *) &new_client->localClient->ip, new_client->sockhost,
sizeof(new_client->sockhost));
strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host));
#ifdef IPV6
if(new_client->localClient->ip.ss_family == AF_INET6
&& ConfigFileEntry.dot_in_ip6_addr == 1)
{
strlcat(new_client->host, ".", sizeof(new_client->host));
}
#endif
new_client->localClient->fd = fd;
new_client->localClient->listener = listener;
++listener->ref_count;
if(check_reject(new_client))
return;
start_auth(new_client);
}
void auth_update( fd_set *in_set, fd_set *out_set, fd_set *exc_set )
{
struct auth_data *auth;
struct auth_data *a_next;
for ( auth = first_auth; auth; auth = a_next )
{
a_next = auth->next;
/* if ( FD_ISSET(auth->auth_fd, exc_set) )
{
FD_CLR(auth->auth_fd, in_set );
FD_CLR(auth->auth_fd, out_set);
close(auth->auth_fd);
free_string(auth->d->user);
auth->d->user = str_dup("(fd exception)");
UNLINK(auth, first_auth, last_auth, next, prev);
PUT_FREE(auth, auth_free);
continue;
}*/
switch(auth->auth_state)
{
case AUTH_UNSENT:
if ( FD_ISSET(auth->auth_fd, out_set) )
send_auth(auth);
break;
case AUTH_SENT:
if ( FD_ISSET(auth->auth_fd, in_set ) )
read_auth(auth);
break;
case AUTH_RETRY:
if ( !start_auth(auth->d) )
{
UNLINK(auth, first_auth, last_auth, next, prev);
/* PUT_FREE(auth, auth_free);*/
continue;
}
break;
}
}
return;
}
/*
* add_connection - creates a client which has just connected to us on
* the given fd. The sockhost field is initialized with the ip# of the host.
* The client is sent to the auth module for verification, and not put in
* any client list yet.
*/
static void
add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, struct sockaddr *lai, void *ssl_ctl)
{
struct Client *new_client;
s_assert(NULL != listener);
/*
* get the client socket name from the socket
* the client has already been checked out in accept_connection
*/
new_client = make_client(NULL);
memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage));
memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage));
/*
* copy address to 'sockhost' as a string, copy it to host too
* so we have something valid to put into error messages...
*/
rb_inet_ntop_sock((struct sockaddr *)&new_client->localClient->ip, new_client->sockhost,
sizeof(new_client->sockhost));
rb_strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host));
new_client->localClient->F = F;
add_to_cli_fd_hash(new_client);
new_client->localClient->listener = listener;
new_client->localClient->ssl_ctl = ssl_ctl;
if(ssl_ctl != NULL || rb_fd_ssl(F))
SetSSL(new_client);
++listener->ref_count;
start_auth(new_client);
}
main(int argc, char *argv[])
{
char ipaddr[80], filename[127];
int oport, iport;
int return_code = 0;
char buf[80];
struct hostent *h;
struct in_addr in;
/* initialize these now in case the 20 second timer runs out */
strcpy(Output[0], "no_port");
strcpy(Output[1], "UNKNOWN");
if(argc != 4) {
fprintf(stderr, "auth v6.2\n");
fprintf(stderr, "Syntax: %s ip_address oport iport\n", argv[0]);
exit(0);
}
init_sockets();
set_abort_timer(20);
sprintf(filename, "%s/auth/lookup.%d", get_log_path(), getpid());
fp = fopen(filename, "w");
strcpy(ipaddr, argv[1]);
oport = atoi(argv[2]);
iport = atoi(argv[3]);
in.s_addr = inet_addr(ipaddr);
/* Perform the host name lookup on the IP address*/
h = gethostbyaddr((char *)&in, sizeof(in), AF_INET);
if(!h)
strcpy(Output[1], "UNKNOWN");
else
strcpy(Output[1], h->h_name);
if( strncmp(ipaddr, "127.0", 5)) {
if(check_proxies(ipaddr, 1080)) {
proxies = 1;
}
else if(check_proxies(ipaddr, 8088)) {
proxies = 1;
}
else if(check_proxies(ipaddr, 23)) {
proxies = 1;
}
}
/* Begin the user id lookup */
if(proxies != 1) {
if(start_auth(&in, oport, iport, buf))
strcpy(Output[0], buf);
else
strcpy(Output[0], "no_port");
}
/* Save the results to a file so frp can look them up */
if(fp)
{
fprintf(fp, "%s\n%s\n%d\n", Output[0], Output[1], proxies);
fclose(fp);
}
else
{
return_code = -1;
}
#ifdef WIN32
timeKillEvent(mmID);
#endif
cleanup_sockets();
return(return_code);
}
void add_connection(struct Listener* listener, int fd, void *ssl) {
#else
void add_connection(struct Listener* listener, int fd) {
#endif
struct irc_sockaddr addr;
struct Client *new_client;
time_t next_target = 0;
#if defined(USE_SSL)
char *sslfp;
#endif
const char* const throttle_message =
"ERROR :Your host is trying to (re)connect too fast -- throttled\r\n";
/* 12345678901234567890123456789012345679012345678901234567890123456 */
const char* const register_message =
"ERROR :Unable to complete your registration\r\n";
assert(0 != listener);
/*
* Removed preliminary access check. Full check is performed in m_server and
* m_user instead. Also connection time out help to get rid of unwanted
* connections.
*/
if (!os_get_peername(fd, &addr) || !os_set_nonblocking(fd)) {
++ServerStats->is_ref;
#if defined(USE_SSL)
ssl_murder(ssl, fd, NULL);
#else
close(fd);
#endif
return;
}
/*
* Disable IP (*not* TCP) options. In particular, this makes it impossible
* to use source routing to connect to the server. If we didn't do this
* (and if intermediate networks didn't drop source-routed packets), an
* attacker could successfully IP spoof us...and even return the anti-spoof
* ping, because the options would cause the packet to be routed back to
* the spoofer's machine. When we disable the IP options, we delete the
* source route, and the normal routing takes over.
*/
os_disable_options(fd);
if (listener_server(listener))
{
new_client = make_client(0, STAT_UNKNOWN_SERVER);
}
else
{
/*
* Add this local client to the IPcheck registry.
*
* If they're throttled, murder them, but tell them why first.
*/
if (!IPcheck_local_connect(&addr.addr, &next_target))
{
++ServerStats->is_ref;
#if defined(USE_SSL)
ssl_murder(ssl, fd, throttle_message);
#else
write(fd, throttle_message, strlen(throttle_message));
close(fd);
#endif
return;
}
new_client = make_client(0, STAT_UNKNOWN_USER);
SetIPChecked(new_client);
}
/*
* Copy ascii address to 'sockhost' just in case. Then we have something
* valid to put into error messages...
*/
ircd_ntoa_r(cli_sock_ip(new_client), &addr.addr);
strcpy(cli_sockhost(new_client), cli_sock_ip(new_client));
memcpy(&cli_ip(new_client), &addr.addr, sizeof(cli_ip(new_client)));
if (next_target)
cli_nexttarget(new_client) = next_target;
cli_fd(new_client) = fd;
if (!socket_add(&(cli_socket(new_client)), client_sock_callback,
(void*) cli_connect(new_client), SS_CONNECTED, 0, fd)) {
++ServerStats->is_ref;
#if defined(USE_SSL)
ssl_murder(ssl, fd, register_message);
#else
write(fd, register_message, strlen(register_message));
close(fd);
#endif
cli_fd(new_client) = -1;
return;
}
#if defined(USE_SSL)
if (ssl) {
cli_socket(new_client).s_ssl = ssl;
sslfp = ssl_get_fingerprint(ssl);
if (sslfp)
ircd_strncpy(cli_sslclifp(new_client), sslfp, BUFSIZE+1);
}
#endif
cli_freeflag(new_client) |= FREEFLAG_SOCKET;
cli_listener(new_client) = listener;
++listener->ref_count;
Count_newunknown(UserStats);
/* if we've made it this far we can put the client on the auth query pile */
start_auth(new_client);
}
/** Determines whether to tell the events engine we're interested in
* writable events.
* @param cptr Client for which to decide this.
*/
void update_write(struct Client* cptr)
{
/* If there are messages that need to be sent along, or if the client
* is in the middle of a /list, then we need to tell the engine that
* we're interested in writable events--otherwise, we need to drop
* that interest.
*/
socket_events(&(cli_socket(cptr)),
((MsgQLength(&cli_sendQ(cptr)) || cli_listing(cptr)) ?
SOCK_ACTION_ADD : SOCK_ACTION_DEL) | SOCK_EVENT_WRITABLE);
}
/** Creates a client which has just connected to us on the given fd.
* The sockhost field is initialized with the ip# of the host.
* The client is not added to the linked list of clients, it is
* passed off to the auth handler for dns and ident queries.
* @param listener Listening socket that received the connection.
* @param fd File descriptor of new connection.
*/
void add_connection(struct Listener* listener, int fd) {
struct irc_sockaddr addr;
struct Client *new_client;
time_t next_target = 0;
const char* const throttle_message =
"ERROR :Your host is trying to (re)connect too fast -- throttled\r\n";
/* 12345678901234567890123456789012345679012345678901234567890123456 */
const char* const register_message =
"ERROR :Unable to complete your registration\r\n";
assert(0 != listener);
/*
* Removed preliminary access check. Full check is performed in m_server and
* m_user instead. Also connection time out help to get rid of unwanted
* connections.
*/
if (!os_get_peername(fd, &addr) || !os_set_nonblocking(fd)) {
++ServerStats->is_ref;
close(fd);
return;
}
/*
* Disable IP (*not* TCP) options. In particular, this makes it impossible
* to use source routing to connect to the server. If we didn't do this
* (and if intermediate networks didn't drop source-routed packets), an
* attacker could successfully IP spoof us...and even return the anti-spoof
* ping, because the options would cause the packet to be routed back to
* the spoofer's machine. When we disable the IP options, we delete the
* source route, and the normal routing takes over.
*/
os_disable_options(fd);
if (listener_server(listener))
{
new_client = make_client(0, STAT_UNKNOWN_SERVER);
}
else
{
/*
* Add this local client to the IPcheck registry.
*
* If they're throttled, murder them, but tell them why first.
*/
if (!IPcheck_local_connect(&addr.addr, &next_target))
{
++ServerStats->is_ref;
write(fd, throttle_message, strlen(throttle_message));
close(fd);
return;
}
new_client = make_client(0, STAT_UNKNOWN_USER);
SetIPChecked(new_client);
}
/*
* Copy ascii address to 'sockhost' just in case. Then we have something
* valid to put into error messages...
*/
ircd_ntoa_r(cli_sock_ip(new_client), &addr.addr);
strcpy(cli_sockhost(new_client), cli_sock_ip(new_client));
memcpy(&cli_ip(new_client), &addr.addr, sizeof(cli_ip(new_client)));
if (next_target)
cli_nexttarget(new_client) = next_target;
cli_fd(new_client) = fd;
if (!socket_add(&(cli_socket(new_client)), client_sock_callback,
(void*) cli_connect(new_client), SS_CONNECTED, 0, fd)) {
++ServerStats->is_ref;
write(fd, register_message, strlen(register_message));
close(fd);
cli_fd(new_client) = -1;
return;
}
cli_freeflag(new_client) |= FREEFLAG_SOCKET;
cli_listener(new_client) = listener;
++listener->ref_count;
Count_newunknown(UserStats);
/* if we've made it this far we can put the client on the auth query pile */
start_auth(new_client);
}
