"Fossies" - the Fresh Open Source Software Archive

Member "ircd-hybrid-8.2.26/src/s_bsd.c" (31 May 2019, 16011 Bytes) of package /linux/privat/ircd-hybrid-8.2.26.tgz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "s_bsd.c" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 8.2.25_vs_8.2.26.

    1 /*
    2  *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
    3  *
    4  *  Copyright (c) 1997-2019 ircd-hybrid development team
    5  *
    6  *  This program is free software; you can redistribute it and/or modify
    7  *  it under the terms of the GNU General Public License as published by
    8  *  the Free Software Foundation; either version 2 of the License, or
    9  *  (at your option) any later version.
   10  *
   11  *  This program is distributed in the hope that it will be useful,
   12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
   13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   14  *  GNU General Public License for more details.
   15  *
   16  *  You should have received a copy of the GNU General Public License
   17  *  along with this program; if not, write to the Free Software
   18  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
   19  *  USA
   20  */
   21 
   22 /*! \file s_bsd.c
   23  * \brief Network functions.
   24  * \version $Id: s_bsd.c 9044 2019-05-31 09:51:38Z michael $
   25  */
   26 
   27 #include "stdinc.h"
   28 #include <netinet/in_systm.h>
   29 #include <netinet/ip.h>
   30 #include <netinet/tcp.h>
   31 #include "list.h"
   32 #include "fdlist.h"
   33 #include "s_bsd.h"
   34 #include "client.h"
   35 #include "dbuf.h"
   36 #include "event.h"
   37 #include "irc_string.h"
   38 #include "ircd.h"
   39 #include "listener.h"
   40 #include "numeric.h"
   41 #include "packet.h"
   42 #include "res.h"
   43 #include "restart.h"
   44 #include "conf.h"
   45 #include "log.h"
   46 #include "server.h"
   47 #include "send.h"
   48 #include "memory.h"
   49 #include "user.h"
   50 
   51 
   52 static const char *const comm_err_str[] =
   53 {
   54   [COMM_OK] = "Comm OK",
   55   [COMM_ERR_BIND] = "Error during bind()",
   56   [COMM_ERR_TIMEOUT] = "connect timeout",
   57   [COMM_ERR_CONNECT] = "Error during connect()",
   58   [COMM_ERROR] = "Comm Error"
   59 };
   60 
   61 static void comm_connect_callback(fde_t *, int);
   62 static void comm_connect_timeout(fde_t *, void *);
   63 static void comm_connect_tryconnect(fde_t *, void *);
   64 
   65 
   66 /* comm_get_sockerr - get the error value from the socket or the current errno
   67  *
   68  * Get the *real* error from the socket (well try to anyway..).
   69  * This may only work when SO_DEBUG is enabled but its worth the
   70  * gamble anyway.
   71  */
   72 int
   73 comm_get_sockerr(fde_t *F)
   74 {
   75   int errtmp = errno;
   76 #ifdef SO_ERROR
   77   int err = 0;
   78   socklen_t len = sizeof(err);
   79 
   80   assert(F);
   81   assert(F->flags.open == true);
   82 
   83   if (getsockopt(F->fd, SOL_SOCKET, SO_ERROR, &err, &len) == 0)
   84   {
   85     if (err)
   86       errtmp = err;
   87   }
   88 
   89   errno = errtmp;
   90 #endif
   91   return errtmp;
   92 }
   93 
   94 /*
   95  * report_error - report an error from an errno.
   96  * Record error to log and also send a copy to all *LOCAL* opers online.
   97  *
   98  *        text        is a *format* string for outputing error. It must
   99  *                contain only two '%s', the first will be replaced
  100  *                by the sockhost from the client_p, and the latter will
  101  *                be taken from sys_errlist[errno].
  102  *
  103  *        client_p        if not NULL, is the *LOCAL* client associated with
  104  *                the error.
  105  *
  106  * Cannot use perror() within daemon. stderr is closed in
  107  * ircd and cannot be used. And, worse yet, it might have
  108  * been reassigned to a normal connection...
  109  *
  110  * Actually stderr is still there IFF ircd was run with -s --Rodder
  111  */
  112 void
  113 report_error(int level, const char *text, const char *who, int error)
  114 {
  115   who = (who) ? who : "";
  116 
  117   sendto_realops_flags(UMODE_DEBUG, level, SEND_NOTICE,
  118                        text, who, strerror(error));
  119   ilog(LOG_TYPE_IRCD, text, who, strerror(error));
  120 }
  121 
  122 /*
  123  * setup_socket()
  124  *
  125  * Set the socket non-blocking, and other wonderful bits.
  126  */
  127 static void
  128 setup_socket(int fd)
  129 {
  130   int opt = 1;
  131 
  132   setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt));
  133 
  134 #ifdef IPTOS_LOWDELAY
  135   opt = IPTOS_LOWDELAY;
  136   setsockopt(fd, IPPROTO_IP, IP_TOS, &opt, sizeof(opt));
  137 #endif
  138 
  139   fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
  140 }
  141 
  142 /*
  143  * ssl_handshake - let OpenSSL initialize the protocol. Register for
  144  * read/write events if necessary.
  145  */
  146 static void
  147 ssl_handshake(fde_t *F, void *data)
  148 {
  149   struct Client *client_p = data;
  150 
  151   assert(client_p);
  152   assert(client_p->connection);
  153   assert(client_p->connection->fd);
  154   assert(client_p->connection->fd == F);
  155 
  156   tls_handshake_status_t ret = tls_handshake(&F->ssl, TLS_ROLE_SERVER, NULL);
  157   if (ret != TLS_HANDSHAKE_DONE)
  158   {
  159     if ((event_base->time.sec_monotonic - client_p->connection->created_monotonic) > TLS_HANDSHAKE_TIMEOUT)
  160     {
  161       exit_client(client_p, "Timeout during TLS handshake");
  162       return;
  163     }
  164 
  165     switch (ret)
  166     {
  167       case TLS_HANDSHAKE_WANT_WRITE:
  168         comm_setselect(F, COMM_SELECT_WRITE, ssl_handshake, client_p, TLS_HANDSHAKE_TIMEOUT);
  169         return;
  170       case TLS_HANDSHAKE_WANT_READ:
  171         comm_setselect(F, COMM_SELECT_READ, ssl_handshake, client_p, TLS_HANDSHAKE_TIMEOUT);
  172         return;
  173       default:
  174         exit_client(client_p, "Error during TLS handshake");
  175         return;
  176     }
  177   }
  178 
  179   comm_settimeout(F, 0, NULL, NULL);
  180 
  181   if (tls_verify_cert(&F->ssl, ConfigServerInfo.message_digest_algorithm, &client_p->certfp) == false)
  182     ilog(LOG_TYPE_IRCD, "Client %s!%s@%s gave bad TLS client certificate",
  183          client_p->name, client_p->username, client_p->host);
  184 
  185   auth_start(client_p);
  186 }
  187 
  188 /*
  189  * add_connection - creates a client which has just connected to us on
  190  * the given fd. The sockhost field is initialized with the ip# of the host.
  191  * An unique id is calculated now, in case it is needed for auth.
  192  * The client is sent to the auth module for verification, and not put in
  193  * any client list yet.
  194  */
  195 void
  196 add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd)
  197 {
  198   struct Client *client_p = client_make(NULL);
  199 
  200   client_p->connection->fd = fd_open(fd, true, (listener->flags & LISTENER_SSL) ?
  201                                      "Incoming SSL connection" : "Incoming connection");
  202 
  203   /*
  204    * copy address to 'sockhost' as a string, copy it to host too
  205    * so we have something valid to put into error messages...
  206    */
  207   client_p->ip = *irn;
  208 
  209   getnameinfo((const struct sockaddr *)&client_p->ip,
  210               client_p->ip.ss_len, client_p->sockhost,
  211               sizeof(client_p->sockhost), NULL, 0, NI_NUMERICHOST);
  212 
  213   if (client_p->sockhost[0] == ':')
  214   {
  215     client_p->sockhost[0] = '0';
  216     memmove(client_p->sockhost + 1, client_p->sockhost, sizeof(client_p->sockhost) - 1);
  217   }
  218 
  219   strlcpy(client_p->host, client_p->sockhost, sizeof(client_p->host));
  220 
  221   client_p->connection->listener = listener;
  222   ++listener->ref_count;
  223 
  224   if (listener->flags & LISTENER_SSL)
  225   {
  226     if (tls_new(&client_p->connection->fd->ssl, fd, TLS_ROLE_SERVER) == false)
  227     {
  228       SetDead(client_p);
  229       exit_client(client_p, "TLS context initialization failed");
  230       return;
  231     }
  232 
  233     AddFlag(client_p, FLAGS_SSL);
  234     ssl_handshake(client_p->connection->fd, client_p);
  235   }
  236   else
  237     auth_start(client_p);
  238 }
  239 
  240 /*
  241  * stolen from squid - its a neat (but overused! :) routine which we
  242  * can use to see whether we can ignore this errno or not. It is
  243  * generally useful for non-blocking network IO related errnos.
  244  *     -- adrian
  245  */
  246 bool
  247 comm_ignore_errno(int ierrno)
  248 {
  249   switch (ierrno)
  250   {
  251     case EINPROGRESS:
  252     case EWOULDBLOCK:
  253 #if EAGAIN != EWOULDBLOCK
  254     case EAGAIN:
  255 #endif
  256     case EALREADY:
  257     case EINTR:
  258 #ifdef ERESTART
  259     case ERESTART:
  260 #endif
  261       return true;
  262     default:
  263       return false;
  264   }
  265 }
  266 
  267 /*
  268  * comm_settimeout() - set the socket timeout
  269  *
  270  * Set the timeout for the fd
  271  */
  272 void
  273 comm_settimeout(fde_t *F, uintmax_t timeout, void (*callback)(fde_t *, void *), void *cbdata)
  274 {
  275   assert(F);
  276   assert(F->flags.open == true);
  277 
  278   F->timeout = event_base->time.sec_monotonic + timeout;
  279   F->timeout_handler = callback;
  280   F->timeout_data = cbdata;
  281 }
  282 
  283 /*
  284  * comm_setflush() - set a flush function
  285  *
  286  * A flush function is simply a function called if found during
  287  * comm_timeouts(). Its basically a second timeout, except in this case
  288  * I'm too lazy to implement multiple timeout functions! :-)
  289  * its kinda nice to have it separate, since this is designed for
  290  * flush functions, and when comm_close() is implemented correctly
  291  * with close functions, we _actually_ don't call comm_close() here ..
  292  * -- originally Adrian's notes
  293  * comm_close() is replaced with fd_close() in fdlist.c
  294  */
  295 void
  296 comm_setflush(fde_t *F, uintmax_t timeout, void (*callback)(fde_t *, void *), void *cbdata)
  297 {
  298   assert(F);
  299   assert(F->flags.open == true);
  300 
  301   F->flush_timeout = event_base->time.sec_monotonic + timeout;
  302   F->flush_handler = callback;
  303   F->flush_data = cbdata;
  304 }
  305 
  306 /*
  307  * comm_checktimeouts() - check the socket timeouts
  308  *
  309  * All this routine does is call the given callback/cbdata, without closing
  310  * down the file descriptor. When close handlers have been implemented,
  311  * this will happen.
  312  */
  313 void
  314 comm_checktimeouts(void *unused)
  315 {
  316   void (*hdl)(fde_t *, void *);
  317   void *data;
  318 
  319   for (int fd = 0; fd <= highest_fd; ++fd)
  320   {
  321     fde_t *F = &fd_table[fd];
  322 
  323     if (F->flags.open == false)
  324       continue;
  325 
  326     /* check flush functions */
  327     if (F->flush_handler && F->flush_timeout > 0 &&
  328         F->flush_timeout < event_base->time.sec_monotonic)
  329     {
  330       hdl = F->flush_handler;
  331       data = F->flush_data;
  332 
  333       comm_setflush(F, 0, NULL, NULL);
  334       hdl(F, data);
  335     }
  336 
  337     /* check timeouts */
  338     if (F->timeout_handler && F->timeout > 0 &&
  339         F->timeout < event_base->time.sec_monotonic)
  340     {
  341       /* Call timeout handler */
  342       hdl = F->timeout_handler;
  343       data = F->timeout_data;
  344 
  345       comm_settimeout(F, 0, NULL, NULL);
  346       hdl(F, data);
  347     }
  348   }
  349 }
  350 
  351 /*
  352  * void comm_connect_tcp(int fd, const char *host, unsigned short port,
  353  *                       struct sockaddr *clocal, int socklen,
  354  *                       CNCB *callback, void *data, int aftype, int timeout)
  355  * Input: An fd to connect with, a host and port to connect to,
  356  *        a local sockaddr to connect from + length(or NULL to use the
  357  *        default), a callback, the data to pass into the callback, the
  358  *        address family.
  359  * Output: None.
  360  * Side-effects: A non-blocking connection to the host is started, and
  361  *               if necessary, set up for selection. The callback given
  362  *               may be called now, or it may be called later.
  363  */
  364 void
  365 comm_connect_tcp(fde_t *F, const struct irc_ssaddr *caddr, unsigned short port, const struct irc_ssaddr *baddr,
  366                  void (*callback)(fde_t *, int, void *), void *data, uintmax_t timeout)
  367 {
  368   assert(callback);
  369 
  370   F->connect.hostaddr = *caddr;
  371   /* The cast is hacky, but safe - port offset is same on v4 and v6 */
  372   ((struct sockaddr_in *)&F->connect.hostaddr)->sin_port = htons(port);
  373   F->connect.callback = callback;
  374   F->connect.data = data;
  375 
  376   /* Note that we're using a passed sockaddr here. This is because
  377    * generally you'll be bind()ing to a sockaddr grabbed from
  378    * getsockname(), so this makes things easier.
  379    * XXX If NULL is passed as local, we should later on bind() to the
  380    * virtual host IP, for completeness.
  381    *   -- adrian
  382    */
  383   if (baddr && bind(F->fd, (const struct sockaddr *)baddr, baddr->ss_len) < 0)
  384   {
  385     /* Failure, call the callback with COMM_ERR_BIND */
  386     comm_connect_callback(F, COMM_ERR_BIND);
  387     return;  /* ... and quit */
  388   }
  389 
  390   comm_settimeout(F, timeout, comm_connect_timeout, NULL);
  391   comm_connect_tryconnect(F, NULL);
  392 }
  393 
  394 /*
  395  * comm_connect_callback() - call the callback, and continue with life
  396  */
  397 static void
  398 comm_connect_callback(fde_t *F, int status)
  399 {
  400   void (*hdl)(fde_t *, int, void *);
  401 
  402   /* This check is gross..but probably necessary */
  403   if (F->connect.callback == NULL)
  404     return;
  405 
  406   /* Clear the connect flag + handler */
  407   hdl = F->connect.callback;
  408   F->connect.callback = NULL;
  409 
  410   /* Clear the timeout handler */
  411   comm_settimeout(F, 0, NULL, NULL);
  412 
  413   /* Call the handler */
  414   hdl(F, status, F->connect.data);
  415 }
  416 
  417 /*
  418  * comm_connect_timeout() - this gets called when the socket connection
  419  * times out. This *only* can be called once connect() is initially
  420  * called ..
  421  */
  422 static void
  423 comm_connect_timeout(fde_t *F, void *unused)
  424 {
  425   /* error! */
  426   comm_connect_callback(F, COMM_ERR_TIMEOUT);
  427 }
  428 
  429 /* static void comm_connect_tryconnect(fde_t *fd, void *unused)
  430  * Input: The fd, the handler data(unused).
  431  * Output: None.
  432  * Side-effects: Try and connect with pending connect data for the FD. If
  433  *               we succeed or get a fatal error, call the callback.
  434  *               Otherwise, it is still blocking or something, so register
  435  *               to select for a write event on this FD.
  436  */
  437 static void
  438 comm_connect_tryconnect(fde_t *F, void *unused)
  439 {
  440   /* This check is needed or re-entrant s_bsd_* like sigio break it. */
  441   if (F->connect.callback == NULL)
  442     return;
  443 
  444   /* Try the connect() */
  445   int retval = connect(F->fd, (struct sockaddr *)&F->connect.hostaddr, F->connect.hostaddr.ss_len);
  446 
  447   /* Error? */
  448   if (retval < 0)
  449   {
  450     /*
  451      * If we get EISCONN, then we've already connect()ed the socket,
  452      * which is a good thing.
  453      *   -- adrian
  454      */
  455     if (errno == EISCONN)
  456       comm_connect_callback(F, COMM_OK);
  457     else if (comm_ignore_errno(errno))
  458       /* Ignore error? Reschedule */
  459       comm_setselect(F, COMM_SELECT_WRITE, comm_connect_tryconnect, NULL, 0);
  460     else
  461       /* Error? Fail with COMM_ERR_CONNECT */
  462       comm_connect_callback(F, COMM_ERR_CONNECT);
  463     return;
  464   }
  465 
  466   /* If we get here, we've suceeded, so call with COMM_OK */
  467   comm_connect_callback(F, COMM_OK);
  468 }
  469 
  470 /*
  471  * comm_errorstr() - return an error string for the given error condition
  472  */
  473 const char *
  474 comm_errstr(int error)
  475 {
  476   if (error < 0 || error >= COMM_ERR_MAX)
  477     return "Invalid error number!";
  478   return comm_err_str[error];
  479 }
  480 
  481 /*
  482  * comm_open() - open a socket
  483  *
  484  * This is a highly highly cut down version of squid's comm_open() which
  485  * for the most part emulates socket(), *EXCEPT* it fails if we're about
  486  * to run out of file descriptors.
  487  */
  488 int
  489 comm_socket(int family, int sock_type, int proto)
  490 {
  491   /* First, make sure we aren't going to run out of file descriptors */
  492   if (number_fd >= hard_fdlimit)
  493   {
  494     errno = ENFILE;
  495     return -1;
  496   }
  497 
  498   /*
  499    * Next, we try to open the socket. We *should* drop the reserved FD
  500    * limit if/when we get an error, but we can deal with that later.
  501    * XXX !!! -- adrian
  502    */
  503   int fd = socket(family, sock_type, proto);
  504   if (fd < 0)
  505     return -1; /* errno will be passed through, yay.. */
  506 
  507   setup_socket(fd);
  508 
  509   return fd;
  510 }
  511 
  512 /*
  513  * comm_accept() - accept an incoming connection
  514  *
  515  * This is a simple wrapper for accept() which enforces FD limits like
  516  * comm_open() does. Returned fd must be either closed or tagged with
  517  * fd_open (this function no longer does it).
  518  */
  519 int
  520 comm_accept(fde_t *F, struct irc_ssaddr *addr)
  521 {
  522   socklen_t addrlen = sizeof(struct irc_ssaddr);
  523 
  524   if (number_fd >= hard_fdlimit)
  525   {
  526     errno = ENFILE;
  527     return -1;
  528   }
  529 
  530   memset(addr, 0, sizeof(*addr));
  531 
  532   /*
  533    * Next, do the accept(). if we get an error, we should drop the
  534    * reserved fd limit, but we can deal with that when comm_open()
  535    * also does it. XXX -- adrian
  536    */
  537   int fd = accept(F->fd, (struct sockaddr *)addr, &addrlen);
  538   if (fd < 0)
  539     return -1;
  540 
  541   remove_ipv6_mapping(addr);
  542 
  543   setup_socket(fd);
  544 
  545   /* .. and return */
  546   return fd;
  547 }
  548 
  549 /*
  550  * remove_ipv6_mapping() - Removes IPv4-In-IPv6 mapping from an address
  551  * OSes with IPv6 mapping listening on both
  552  * AF_INET and AF_INET6 map AF_INET connections inside AF_INET6 structures
  553  *
  554  */
  555 void
  556 remove_ipv6_mapping(struct irc_ssaddr *addr)
  557 {
  558   if (addr->ss.ss_family == AF_INET6)
  559   {
  560     if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)addr)->sin6_addr))
  561     {
  562       struct sockaddr_in6 v6;
  563       struct sockaddr_in *v4 = (struct sockaddr_in *)addr;
  564 
  565       memcpy(&v6, addr, sizeof(v6));
  566       memset(v4, 0, sizeof(struct sockaddr_in));
  567       memcpy(&v4->sin_addr, &v6.sin6_addr.s6_addr[12], sizeof(v4->sin_addr));
  568 
  569       addr->ss.ss_family = AF_INET;
  570       addr->ss_len = sizeof(struct sockaddr_in);
  571     }
  572     else
  573       addr->ss_len = sizeof(struct sockaddr_in6);
  574   }
  575   else
  576     addr->ss_len = sizeof(struct sockaddr_in);
  577 }