static int
mr_starttls(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
#ifdef HAVE_LIBCRYPTO
ssl_ctl_t *ctl;
rb_fde_t *F[2];
if (!MyConnect(client_p))
return 0;
if (IsSSL(client_p))
{
sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "Nested TLS handshake not allowed");
return 1;
}
if (!ssl_ok || !get_ssld_count())
{
sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured");
return 1;
}
if (rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &F[0], &F[1], "STARTTLS ssld session") == -1)
{
ilog_error("error creating SSL/TLS socketpair for ssld slave");
sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "Unable to create SSL/TLS socketpair for ssld offload slave");
return 1;
}
s_assert(client_p->localClient != NULL);
/* clear out any remaining plaintext lines */
rb_linebuf_donebuf(&client_p->localClient->buf_recvq);
sendto_one_numeric(client_p, RPL_STARTTLS, form_str(RPL_STARTTLS));
send_queued(client_p);
ctl = start_ssld_accept(client_p->localClient->F, F[1], rb_get_fd(F[0]));
if (ctl != NULL)
{
client_p->localClient->F = F[0];
client_p->localClient->ssl_ctl = ctl;
SetSSL(client_p);
}
else
return 1;
#else
sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured");
#endif
return 0;
}
/*
* add_connection - creates a client which has just connected to us on
* the given fd. The sockhost field is initialized with the ip# of the host.
* The client is sent to the auth module for verification, and not put in
* any client list yet.
*/
static void
add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, struct sockaddr *lai)
{
struct Client *new_client;
s_assert(NULL != listener);
/*
* get the client socket name from the socket
* the client has already been checked out in accept_connection
*/
new_client = make_client(NULL);
if (listener->ssl)
{
rb_fde_t *xF[2];
if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Incoming ssld Connection") == -1)
{
free_client(new_client);
return;
}
new_client->localClient->ssl_ctl = start_ssld_accept(F, xF[1], new_client->localClient->connid); /* this will close F for us */
if(new_client->localClient->ssl_ctl == NULL)
{
free_client(new_client);
return;
}
F = xF[0];
SetSSL(new_client);
}
memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage));
memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage));
/*
* copy address to 'sockhost' as a string, copy it to host too
* so we have something valid to put into error messages...
*/
rb_inet_ntop_sock((struct sockaddr *)&new_client->localClient->ip, new_client->sockhost,
sizeof(new_client->sockhost));
rb_strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host));
new_client->localClient->F = F;
new_client->localClient->listener = listener;
++listener->ref_count;
start_auth(new_client);
}
/*
* add_connection - creates a client which has just connected to us on
* the given fd. The sockhost field is initialized with the ip# of the host.
* The client is sent to the auth module for verification, and not put in
* any client list yet.
*/
static void
add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, struct sockaddr *lai, void *ssl_ctl)
{
struct Client *new_client;
s_assert(NULL != listener);
/*
* get the client socket name from the socket
* the client has already been checked out in accept_connection
*/
new_client = make_client(NULL);
memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage));
memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage));
/*
* copy address to 'sockhost' as a string, copy it to host too
* so we have something valid to put into error messages...
*/
rb_inet_ntop_sock((struct sockaddr *)&new_client->localClient->ip, new_client->sockhost,
sizeof(new_client->sockhost));
rb_strlcpy(new_client->host, new_client->sockhost, sizeof(new_client->host));
new_client->localClient->F = F;
add_to_cli_fd_hash(new_client);
new_client->localClient->listener = listener;
new_client->localClient->ssl_ctl = ssl_ctl;
if(ssl_ctl != NULL || rb_fd_ssl(F))
SetSSL(new_client);
++listener->ref_count;
start_auth(new_client);
}
/** Attempt to send a sequence of bytes to the connection.
* As a side effect, updates \a cptr's FLAG_BLOCKED setting
* and sendB/sendK fields.
* @param cptr Client that should receive data.
* @param buf Message buffer to send to client.
* @return Negative on connection-fatal error; otherwise
* number of bytes sent.
*/
unsigned int deliver_it(struct Client *cptr, struct MsgQ *buf)
{
unsigned int bytes_written = 0;
unsigned int bytes_count = 0;
assert(0 != cptr);
#if defined(USE_SSL)
switch (client_sendv(cptr, buf, &bytes_count, &bytes_written)) {
#else
switch (os_sendv_nonb(cli_fd(cptr), buf, &bytes_count, &bytes_written)) {
#endif
case IO_SUCCESS:
ClrFlag(cptr, FLAG_BLOCKED);
cli_sendB(cptr) += bytes_written;
cli_sendB(&me) += bytes_written;
/* A partial write implies that future writes will block. */
if (bytes_written < bytes_count)
SetFlag(cptr, FLAG_BLOCKED);
break;
case IO_BLOCKED:
SetFlag(cptr, FLAG_BLOCKED);
break;
case IO_FAILURE:
cli_error(cptr) = errno;
SetFlag(cptr, FLAG_DEADSOCKET);
break;
}
return bytes_written;
}
/** Complete non-blocking connect()-sequence. Check access and
* terminate connection, if trouble detected.
* @param cptr Client to which we have connected, with all ConfItem structs attached.
* @return Zero on failure (caller should exit_client()), non-zero on success.
*/
static int completed_connection(struct Client* cptr)
{
struct ConfItem *aconf;
time_t newts;
struct Client *acptr;
int i;
#if defined(USE_SSL)
char *sslfp;
int r;
#endif
assert(0 != cptr);
/*
* get the socket status from the fd first to check if
* connection actually succeeded
*/
if ((cli_error(cptr) = os_get_sockerr(cli_fd(cptr)))) {
const char* msg = strerror(cli_error(cptr));
if (!msg)
msg = "Unknown error";
sendto_opmask(0, SNO_OLDSNO, "Connection failed to %s: %s",
cli_name(cptr), msg);
return 0;
}
if (!(aconf = find_conf_byname(cli_confs(cptr), cli_name(cptr), CONF_SERVER))) {
sendto_opmask(0, SNO_OLDSNO, "Lost Server Line for %s", cli_name(cptr));
return 0;
}
#if defined(USE_SSL)
if (aconf->flags & CONF_SSL) {
r = ssl_connect(&(cli_socket(cptr)));
if (r == -1) {
sendto_opmask(0, SNO_OLDSNO, "Connection failed to %s: SSL error",
cli_name(cptr));
return 0;
} else if (r == 0)
return 1;
sslfp = ssl_get_fingerprint(cli_socket(cptr).s_ssl);
if (sslfp)
ircd_strncpy(cli_sslclifp(cptr), sslfp, BUFSIZE+1);
SetSSL(cptr);
}
#endif
if (s_state(&(cli_socket(cptr))) == SS_CONNECTING)
socket_state(&(cli_socket(cptr)), SS_CONNECTED);
if (!EmptyString(aconf->passwd))
sendrawto_one(cptr, MSG_PASS " :%s", aconf->passwd);
/*
* Create a unique timestamp
*/
newts = TStime();
for (i = HighestFd; i > -1; --i) {
if ((acptr = LocalClientArray[i]) &&
(IsServer(acptr) || IsHandshake(acptr))) {
if (cli_serv(acptr)->timestamp >= newts)
newts = cli_serv(acptr)->timestamp + 1;
}
}
assert(0 != cli_serv(cptr));
cli_serv(cptr)->timestamp = newts;
SetHandshake(cptr);
/*
* Make us timeout after twice the timeout for DNS look ups
*/
cli_lasttime(cptr) = CurrentTime;
ClearPingSent(cptr);
/* TODO: NEGOCIACION
envia_config_req(cptr);
*/
sendrawto_one(cptr, MSG_SERVER " %s 1 %Tu %Tu J%s %s%s +%s6 :%s",
cli_name(&me), cli_serv(&me)->timestamp, newts,
MAJOR_PROTOCOL, NumServCap(&me),
feature_bool(FEAT_HUB) ? "h" : "", cli_info(&me));
#if defined(DDB)
ddb_burst(cptr);
#endif
return (IsDead(cptr)) ? 0 : 1;
}
/** Close the physical connection. Side effects: MyConnect(cptr)
* becomes false and cptr->from becomes NULL.
* @param cptr Client to disconnect.
*/
void close_connection(struct Client *cptr)
{
struct ConfItem* aconf;
if (IsServer(cptr)) {
ServerStats->is_sv++;
ServerStats->is_sbs += cli_sendB(cptr);
ServerStats->is_sbr += cli_receiveB(cptr);
ServerStats->is_sti += CurrentTime - cli_firsttime(cptr);
/*
* If the connection has been up for a long amount of time, schedule
* a 'quick' reconnect, else reset the next-connect cycle.
*/
if ((aconf = find_conf_exact(cli_name(cptr), cptr, CONF_SERVER))) {
/*
* Reschedule a faster reconnect, if this was a automatically
* connected configuration entry. (Note that if we have had
* a rehash in between, the status has been changed to
* CONF_ILLEGAL). But only do this if it was a "good" link.
*/
aconf->hold = CurrentTime;
aconf->hold += ((aconf->hold - cli_since(cptr) >
feature_int(FEAT_HANGONGOODLINK)) ?
feature_int(FEAT_HANGONRETRYDELAY) : ConfConFreq(aconf));
/* if (nextconnect > aconf->hold) */
/* nextconnect = aconf->hold; */
}
}
else if (IsUser(cptr)) {
ServerStats->is_cl++;
ServerStats->is_cbs += cli_sendB(cptr);
ServerStats->is_cbr += cli_receiveB(cptr);
ServerStats->is_cti += CurrentTime - cli_firsttime(cptr);
}
else
ServerStats->is_ni++;
#if defined(USE_ZLIB)
/*
* Siempre es una conexion nuestra
*/
if (cli_connect(cptr)->zlib_negociation & ZLIB_IN) {
inflateEnd(cli_connect(cptr)->comp_in);
MyFree(cli_connect(cptr)->comp_in);
}
if (cli_connect(cptr)->zlib_negociation & ZLIB_OUT) {
deflateEnd(cli_connect(cptr)->comp_out);
MyFree(cli_connect(cptr)->comp_out);
}
#endif
if (-1 < cli_fd(cptr)) {
flush_connections(cptr);
LocalClientArray[cli_fd(cptr)] = 0;
close(cli_fd(cptr));
socket_del(&(cli_socket(cptr))); /* queue a socket delete */
cli_fd(cptr) = -1;
cli_freeflag(cptr) &= ~FREEFLAG_SOCKET;
}
SetFlag(cptr, FLAG_DEADSOCKET);
MsgQClear(&(cli_sendQ(cptr)));
client_drop_sendq(cli_connect(cptr));
DBufClear(&(cli_recvQ(cptr)));
memset(cli_passwd(cptr), 0, sizeof(cli_passwd(cptr)));
set_snomask(cptr, 0, SNO_SET);
det_confs_butmask(cptr, 0);
if (cli_listener(cptr)) {
release_listener(cli_listener(cptr));
cli_listener(cptr) = 0;
}
for ( ; HighestFd > 0; --HighestFd) {
if (LocalClientArray[HighestFd])
break;
}
}
/** Close all unregistered connections.
* @param source Oper who requested the close.
* @return Number of closed connections.
*/
int net_close_unregistered_connections(struct Client* source)
{
int i;
struct Client* cptr;
int count = 0;
assert(0 != source);
for (i = HighestFd; i > 0; --i) {
if ((cptr = LocalClientArray[i]) && !IsRegistered(cptr)) {
send_reply(source, RPL_CLOSING, get_client_name(source, HIDE_IP));
exit_client(source, cptr, &me, "Oper Closing");
++count;
}
}
return count;
}
