/* * add_connection - creates a client which has just connected to us on * the given fd. The sockhost field is initialized with the ip# of the host. * The client is sent to the auth module for verification, and not put in * any client list yet. */ static void add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, struct sockaddr *lai) { struct Client *new_client; s_assert(NULL != listener); /* * get the client socket name from the socket * the client has already been checked out in accept_connection */ new_client = make_client(NULL); if (listener->ssl) { rb_fde_t *xF[2]; if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Incoming ssld Connection") == -1) { free_client(new_client); return; } new_client->localClient->ssl_ctl = start_ssld_accept(F, xF[1], new_client->localClient->connid); /* this will close F for us */ if(new_client->localClient->ssl_ctl == NULL) { free_client(new_client); return; } F = xF[0]; SetSSL(new_client); } memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage)); memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage)); /* * copy address to 'sockhost' as a string, copy it to host too * so we have something valid to put into error messages... */ rb_inet_ntop_sock((struct sockaddr *)&new_client->localClient->ip, new_client->sockhost, sizeof(new_client->sockhost)); rb_strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host)); new_client->localClient->F = F; new_client->localClient->listener = listener; ++listener->ref_count; start_auth(new_client); }
int main(int argc, char *argv[]) { WSADATA wsaData; int sock; banner(); if(argc!=4) { printf("syntax: %s <host> <your_ip> <your_port>\r\n",argv[0]); return -1; } if(WSAStartup(0x0101,&wsaData)!=0) { printf("error: unable to load winsock\r\n"); return -1; } sock=cnx(argv[1]); if(!sock) return -1; start_auth(sock,argv[2],atoi(argv[3])); return 0; }
/* * add_connection - creates a client which has just connected to us on * the given fd. The sockhost field is initialized with the ip# of the host. * The client is sent to the auth module for verification, and not put in * any client list yet. */ static void add_connection(struct Listener *listener, int fd, struct sockaddr *sai) { struct Client *new_client; s_assert(NULL != listener); /* * get the client socket name from the socket * the client has already been checked out in accept_connection */ new_client = make_client(NULL); memcpy(&new_client->localClient->ip, sai, sizeof(struct irc_sockaddr_storage)); /* * copy address to 'sockhost' as a string, copy it to host too * so we have something valid to put into error messages... */ inetntop_sock((struct sockaddr *) &new_client->localClient->ip, new_client->sockhost, sizeof(new_client->sockhost)); strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host)); #ifdef IPV6 if(new_client->localClient->ip.ss_family == AF_INET6 && ConfigFileEntry.dot_in_ip6_addr == 1) { strlcat(new_client->host, ".", sizeof(new_client->host)); } #endif new_client->localClient->fd = fd; new_client->localClient->listener = listener; ++listener->ref_count; if(check_reject(new_client)) return; start_auth(new_client); }
void auth_update( fd_set *in_set, fd_set *out_set, fd_set *exc_set ) { struct auth_data *auth; struct auth_data *a_next; for ( auth = first_auth; auth; auth = a_next ) { a_next = auth->next; /* if ( FD_ISSET(auth->auth_fd, exc_set) ) { FD_CLR(auth->auth_fd, in_set ); FD_CLR(auth->auth_fd, out_set); close(auth->auth_fd); free_string(auth->d->user); auth->d->user = str_dup("(fd exception)"); UNLINK(auth, first_auth, last_auth, next, prev); PUT_FREE(auth, auth_free); continue; }*/ switch(auth->auth_state) { case AUTH_UNSENT: if ( FD_ISSET(auth->auth_fd, out_set) ) send_auth(auth); break; case AUTH_SENT: if ( FD_ISSET(auth->auth_fd, in_set ) ) read_auth(auth); break; case AUTH_RETRY: if ( !start_auth(auth->d) ) { UNLINK(auth, first_auth, last_auth, next, prev); /* PUT_FREE(auth, auth_free);*/ continue; } break; } } return; }
/* * add_connection - creates a client which has just connected to us on * the given fd. The sockhost field is initialized with the ip# of the host. * The client is sent to the auth module for verification, and not put in * any client list yet. */ static void add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, struct sockaddr *lai, void *ssl_ctl) { struct Client *new_client; s_assert(NULL != listener); /* * get the client socket name from the socket * the client has already been checked out in accept_connection */ new_client = make_client(NULL); memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage)); memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage)); /* * copy address to 'sockhost' as a string, copy it to host too * so we have something valid to put into error messages... */ rb_inet_ntop_sock((struct sockaddr *)&new_client->localClient->ip, new_client->sockhost, sizeof(new_client->sockhost)); rb_strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host)); new_client->localClient->F = F; add_to_cli_fd_hash(new_client); new_client->localClient->listener = listener; new_client->localClient->ssl_ctl = ssl_ctl; if(ssl_ctl != NULL || rb_fd_ssl(F)) SetSSL(new_client); ++listener->ref_count; start_auth(new_client); }
main(int argc, char *argv[]) { char ipaddr[80], filename[127]; int oport, iport; int return_code = 0; char buf[80]; struct hostent *h; struct in_addr in; /* initialize these now in case the 20 second timer runs out */ strcpy(Output[0], "no_port"); strcpy(Output[1], "UNKNOWN"); if(argc != 4) { fprintf(stderr, "auth v6.2\n"); fprintf(stderr, "Syntax: %s ip_address oport iport\n", argv[0]); exit(0); } init_sockets(); set_abort_timer(20); sprintf(filename, "%s/auth/lookup.%d", get_log_path(), getpid()); fp = fopen(filename, "w"); strcpy(ipaddr, argv[1]); oport = atoi(argv[2]); iport = atoi(argv[3]); in.s_addr = inet_addr(ipaddr); /* Perform the host name lookup on the IP address*/ h = gethostbyaddr((char *)&in, sizeof(in), AF_INET); if(!h) strcpy(Output[1], "UNKNOWN"); else strcpy(Output[1], h->h_name); if( strncmp(ipaddr, "127.0", 5)) { if(check_proxies(ipaddr, 1080)) { proxies = 1; } else if(check_proxies(ipaddr, 8088)) { proxies = 1; } else if(check_proxies(ipaddr, 23)) { proxies = 1; } } /* Begin the user id lookup */ if(proxies != 1) { if(start_auth(&in, oport, iport, buf)) strcpy(Output[0], buf); else strcpy(Output[0], "no_port"); } /* Save the results to a file so frp can look them up */ if(fp) { fprintf(fp, "%s\n%s\n%d\n", Output[0], Output[1], proxies); fclose(fp); } else { return_code = -1; } #ifdef WIN32 timeKillEvent(mmID); #endif cleanup_sockets(); return(return_code); }
void add_connection(struct Listener* listener, int fd, void *ssl) { #else void add_connection(struct Listener* listener, int fd) { #endif struct irc_sockaddr addr; struct Client *new_client; time_t next_target = 0; #if defined(USE_SSL) char *sslfp; #endif const char* const throttle_message = "ERROR :Your host is trying to (re)connect too fast -- throttled\r\n"; /* 12345678901234567890123456789012345679012345678901234567890123456 */ const char* const register_message = "ERROR :Unable to complete your registration\r\n"; assert(0 != listener); /* * Removed preliminary access check. Full check is performed in m_server and * m_user instead. Also connection time out help to get rid of unwanted * connections. */ if (!os_get_peername(fd, &addr) || !os_set_nonblocking(fd)) { ++ServerStats->is_ref; #if defined(USE_SSL) ssl_murder(ssl, fd, NULL); #else close(fd); #endif return; } /* * Disable IP (*not* TCP) options. In particular, this makes it impossible * to use source routing to connect to the server. If we didn't do this * (and if intermediate networks didn't drop source-routed packets), an * attacker could successfully IP spoof us...and even return the anti-spoof * ping, because the options would cause the packet to be routed back to * the spoofer's machine. When we disable the IP options, we delete the * source route, and the normal routing takes over. */ os_disable_options(fd); if (listener_server(listener)) { new_client = make_client(0, STAT_UNKNOWN_SERVER); } else { /* * Add this local client to the IPcheck registry. * * If they're throttled, murder them, but tell them why first. */ if (!IPcheck_local_connect(&addr.addr, &next_target)) { ++ServerStats->is_ref; #if defined(USE_SSL) ssl_murder(ssl, fd, throttle_message); #else write(fd, throttle_message, strlen(throttle_message)); close(fd); #endif return; } new_client = make_client(0, STAT_UNKNOWN_USER); SetIPChecked(new_client); } /* * Copy ascii address to 'sockhost' just in case. Then we have something * valid to put into error messages... */ ircd_ntoa_r(cli_sock_ip(new_client), &addr.addr); strcpy(cli_sockhost(new_client), cli_sock_ip(new_client)); memcpy(&cli_ip(new_client), &addr.addr, sizeof(cli_ip(new_client))); if (next_target) cli_nexttarget(new_client) = next_target; cli_fd(new_client) = fd; if (!socket_add(&(cli_socket(new_client)), client_sock_callback, (void*) cli_connect(new_client), SS_CONNECTED, 0, fd)) { ++ServerStats->is_ref; #if defined(USE_SSL) ssl_murder(ssl, fd, register_message); #else write(fd, register_message, strlen(register_message)); close(fd); #endif cli_fd(new_client) = -1; return; } #if defined(USE_SSL) if (ssl) { cli_socket(new_client).s_ssl = ssl; sslfp = ssl_get_fingerprint(ssl); if (sslfp) ircd_strncpy(cli_sslclifp(new_client), sslfp, BUFSIZE+1); } #endif cli_freeflag(new_client) |= FREEFLAG_SOCKET; cli_listener(new_client) = listener; ++listener->ref_count; Count_newunknown(UserStats); /* if we've made it this far we can put the client on the auth query pile */ start_auth(new_client); } /** Determines whether to tell the events engine we're interested in * writable events. * @param cptr Client for which to decide this. */ void update_write(struct Client* cptr) { /* If there are messages that need to be sent along, or if the client * is in the middle of a /list, then we need to tell the engine that * we're interested in writable events--otherwise, we need to drop * that interest. */ socket_events(&(cli_socket(cptr)), ((MsgQLength(&cli_sendQ(cptr)) || cli_listing(cptr)) ? SOCK_ACTION_ADD : SOCK_ACTION_DEL) | SOCK_EVENT_WRITABLE); }
/** Creates a client which has just connected to us on the given fd. * The sockhost field is initialized with the ip# of the host. * The client is not added to the linked list of clients, it is * passed off to the auth handler for dns and ident queries. * @param listener Listening socket that received the connection. * @param fd File descriptor of new connection. */ void add_connection(struct Listener* listener, int fd) { struct irc_sockaddr addr; struct Client *new_client; time_t next_target = 0; const char* const throttle_message = "ERROR :Your host is trying to (re)connect too fast -- throttled\r\n"; /* 12345678901234567890123456789012345679012345678901234567890123456 */ const char* const register_message = "ERROR :Unable to complete your registration\r\n"; assert(0 != listener); /* * Removed preliminary access check. Full check is performed in m_server and * m_user instead. Also connection time out help to get rid of unwanted * connections. */ if (!os_get_peername(fd, &addr) || !os_set_nonblocking(fd)) { ++ServerStats->is_ref; close(fd); return; } /* * Disable IP (*not* TCP) options. In particular, this makes it impossible * to use source routing to connect to the server. If we didn't do this * (and if intermediate networks didn't drop source-routed packets), an * attacker could successfully IP spoof us...and even return the anti-spoof * ping, because the options would cause the packet to be routed back to * the spoofer's machine. When we disable the IP options, we delete the * source route, and the normal routing takes over. */ os_disable_options(fd); if (listener_server(listener)) { new_client = make_client(0, STAT_UNKNOWN_SERVER); } else { /* * Add this local client to the IPcheck registry. * * If they're throttled, murder them, but tell them why first. */ if (!IPcheck_local_connect(&addr.addr, &next_target)) { ++ServerStats->is_ref; write(fd, throttle_message, strlen(throttle_message)); close(fd); return; } new_client = make_client(0, STAT_UNKNOWN_USER); SetIPChecked(new_client); } /* * Copy ascii address to 'sockhost' just in case. Then we have something * valid to put into error messages... */ ircd_ntoa_r(cli_sock_ip(new_client), &addr.addr); strcpy(cli_sockhost(new_client), cli_sock_ip(new_client)); memcpy(&cli_ip(new_client), &addr.addr, sizeof(cli_ip(new_client))); if (next_target) cli_nexttarget(new_client) = next_target; cli_fd(new_client) = fd; if (!socket_add(&(cli_socket(new_client)), client_sock_callback, (void*) cli_connect(new_client), SS_CONNECTED, 0, fd)) { ++ServerStats->is_ref; write(fd, register_message, strlen(register_message)); close(fd); cli_fd(new_client) = -1; return; } cli_freeflag(new_client) |= FREEFLAG_SOCKET; cli_listener(new_client) = listener; ++listener->ref_count; Count_newunknown(UserStats); /* if we've made it this far we can put the client on the auth query pile */ start_auth(new_client); }