X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Fconn.c;h=a3960877d70723479dd59e37eed51fa781225894;hp=7d2c4c6adb212f2a58c1c78050997c704b3e9968;hb=3a3b3225d42ede7a062fa5e4403a7f445baf518b;hpb=f0831174c3500cefc4f93d1da823b96a961d6c81 diff --git a/src/ngircd/conn.c b/src/ngircd/conn.c index 7d2c4c6a..07f26f31 100644 --- a/src/ngircd/conn.c +++ b/src/ngircd/conn.c @@ -1,1301 +1,2526 @@ /* * ngIRCd -- The Next Generation IRC Daemon - * Copyright (c)2001,2002 by Alexander Barton (alex@barton.de) + * Copyright (c)2001-2012 Alexander Barton (alex@barton.de) and Contributors. * - * Dieses Programm ist freie Software. Sie koennen es unter den Bedingungen - * der GNU General Public License (GPL), wie von der Free Software Foundation - * herausgegeben, weitergeben und/oder modifizieren, entweder unter Version 2 - * der Lizenz oder (wenn Sie es wuenschen) jeder spaeteren Version. - * Naehere Informationen entnehmen Sie bitter der Datei COPYING. Eine Liste - * der an ngIRCd beteiligten Autoren finden Sie in der Datei AUTHORS. - * - * $Id: conn.c,v 1.62 2002/05/18 21:53:53 alex Exp $ - * - * connect.h: Verwaltung aller Netz-Verbindungen ("connections") + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * Please read the file COPYING, README and AUTHORS for more information. */ +#undef DEBUG_BUFFER + +#define CONN_MODULE #include "portab.h" +#include "conf-ssl.h" +#include "io.h" + +/** + * @file + * Connection management + */ #include "imp.h" #include -#include +#ifdef PROTOTYPES +# include +#else +# include +#endif #include #include #include #include -#include #include #include #include #include #include #include -#include -#ifdef HAVE_ARPA_INET_H -#include -#else -#define PF_INET AF_INET +#ifdef HAVE_NETINET_IP_H +# ifdef HAVE_NETINET_IN_SYSTM_H +# include +# endif +# include #endif -#ifdef HAVE_STDINT_H -#include /* u.a. fuer Mac OS X */ +#ifdef TCPWRAP +# include /* for TCP Wrappers */ #endif +#include "array.h" +#include "defines.h" + +#include "exp.h" +#include "conn.h" + +#include "imp.h" #include "ngircd.h" +#include "array.h" #include "client.h" +#include "class.h" #include "conf.h" +#include "conn-encoding.h" +#include "conn-ssl.h" +#include "conn-zip.h" +#include "conn-func.h" #include "log.h" +#include "ng_ipaddr.h" #include "parse.h" +#include "resolve.h" #include "tool.h" #include "exp.h" -#include "conn.h" #define SERVER_WAIT (NONE - 1) +#define MAX_COMMANDS 3 +#define MAX_COMMANDS_SERVER_MIN 10 +#define MAX_COMMANDS_SERVICE 10 + + +static bool Handle_Write PARAMS(( CONN_ID Idx )); +static bool Conn_Write PARAMS(( CONN_ID Idx, char *Data, size_t Len )); +static int New_Connection PARAMS(( int Sock, bool IsSSL )); +static CONN_ID Socket2Index PARAMS(( int Sock )); +static void Read_Request PARAMS(( CONN_ID Idx )); +static unsigned int Handle_Buffer PARAMS(( CONN_ID Idx )); +static void Check_Connections PARAMS(( void )); +static void Check_Servers PARAMS(( void )); +static void Init_Conn_Struct PARAMS(( CONN_ID Idx )); +static bool Init_Socket PARAMS(( int Sock )); +static void New_Server PARAMS(( int Server, ng_ipaddr_t *dest )); +static void Simple_Message PARAMS(( int Sock, const char *Msg )); +static int NewListener PARAMS(( const char *listen_addr, UINT16 Port )); +static void Account_Connection PARAMS((void)); + + +static array My_Listeners; +static array My_ConnArray; +static size_t NumConnections, NumConnectionsMax, NumConnectionsAccepted; + +#ifdef TCPWRAP +int allow_severity = LOG_INFO; +int deny_severity = LOG_ERR; +#endif + +static void server_login PARAMS((CONN_ID idx)); + +#ifdef SSL_SUPPORT +extern struct SSLOptions Conf_SSLOptions; +static void cb_connserver_login_ssl PARAMS((int sock, short what)); +static void cb_clientserver_ssl PARAMS((int sock, short what)); +#endif +static void cb_Read_Resolver_Result PARAMS((int sock, UNUSED short what)); +static void cb_Connect_to_Server PARAMS((int sock, UNUSED short what)); +static void cb_clientserver PARAMS((int sock, short what)); + -typedef struct _Connection +/** + * IO callback for listening sockets: handle new connections. This callback + * gets called when a new non-SSL connection should be accepted. + * + * @param sock Socket descriptor. + * @param irrelevant (ignored IO specification) + */ +static void +cb_listen(int sock, short irrelevant) { - INT sock; /* Socket Handle */ - struct sockaddr_in addr; /* Adresse des Client */ - RES_STAT *res_stat; /* "Resolver-Status", s.o. */ - CHAR host[HOST_LEN]; /* Hostname */ - CHAR rbuf[READBUFFER_LEN]; /* Lesepuffer */ - INT rdatalen; /* Laenge der Daten im Lesepuffer */ - CHAR wbuf[WRITEBUFFER_LEN]; /* Schreibpuffer */ - INT wdatalen; /* Laenge der Daten im Schreibpuffer */ - INT our_server; /* wenn von uns zu connectender Server: ID */ - time_t lastdata; /* Letzte Aktivitaet */ - time_t lastping; /* Letzter PING */ - time_t lastprivmsg; /* Letzte PRIVMSG */ -} CONNECTION; - - -LOCAL VOID Handle_Read( INT sock ); -LOCAL BOOLEAN Handle_Write( CONN_ID Idx ); -LOCAL VOID New_Connection( INT Sock ); -LOCAL CONN_ID Socket2Index( INT Sock ); -LOCAL VOID Read_Request( CONN_ID Idx ); -LOCAL BOOLEAN Try_Write( CONN_ID Idx ); -LOCAL VOID Handle_Buffer( CONN_ID Idx ); -LOCAL VOID Check_Connections( VOID ); -LOCAL VOID Check_Servers( VOID ); -LOCAL VOID Init_Conn_Struct( INT Idx ); -LOCAL BOOLEAN Init_Socket( INT Sock ); -LOCAL VOID New_Server( INT Server, CONN_ID Idx ); - -LOCAL RES_STAT *ResolveAddr( struct sockaddr_in *Addr ); -LOCAL RES_STAT *ResolveName( CHAR *Host ); -LOCAL VOID Do_ResolveAddr( struct sockaddr_in *Addr, INT w_fd ); -LOCAL VOID Do_ResolveName( CHAR *Host, INT w_fd ); -LOCAL VOID Read_Resolver_Result( INT r_fd ); - -#ifdef h_errno -LOCAL CHAR *Resolv_Error( INT H_Error ); + (void) irrelevant; + (void) New_Connection(sock, false); +} + + +#ifdef SSL_SUPPORT +/** + * IO callback for listening SSL sockets: handle new connections. This callback + * gets called when a new SSL-enabled connection should be accepted. + * + * @param sock Socket descriptor. + * @param irrelevant (ignored IO specification) + */ +static void +cb_listen_ssl(int sock, short irrelevant) +{ + int fd; + + (void) irrelevant; + fd = New_Connection(sock, true); + if (fd < 0) + return; + io_event_setcb(My_Connections[fd].sock, cb_clientserver_ssl); +} #endif -LOCAL fd_set My_Listeners; -LOCAL fd_set My_Sockets; -LOCAL fd_set My_Resolvers; -LOCAL fd_set My_Connects; +/** + * IO callback for new outgoing non-SSL server connections. + * + * @param sock Socket descriptor. + * @param what IO specification (IO_WANTREAD/IO_WANTWRITE/...). + */ +static void +cb_connserver(int sock, UNUSED short what) +{ + int res, err, server; + socklen_t sock_len; + CONN_ID idx = Socket2Index( sock ); -LOCAL INT My_Max_Fd; + if (idx <= NONE) { + LogDebug("cb_connserver wants to write on unknown socket?!"); + io_close(sock); + return; + } -LOCAL CONNECTION My_Connections[MAX_CONNECTIONS]; + assert(what & IO_WANTWRITE); + /* Make sure that the server is still configured; it could have been + * removed in the meantime! */ + server = Conf_GetServer(idx); + if (server < 0) { + Log(LOG_ERR, "Connection on socket %d to \"%s\" aborted!", + sock, My_Connections[idx].host); + Conn_Close(idx, "Connection aborted!", NULL, false); + return; + } + + /* connect() finished, get result. */ + sock_len = (socklen_t)sizeof(err); + res = getsockopt(My_Connections[idx].sock, SOL_SOCKET, SO_ERROR, + &err, &sock_len ); + assert(sock_len == sizeof(err)); + + /* Error while connecting? */ + if ((res != 0) || (err != 0)) { + if (res != 0) + Log(LOG_CRIT, "getsockopt (connection %d): %s!", + idx, strerror(errno)); + else + Log(LOG_CRIT, + "Can't connect socket to \"%s:%d\" (connection %d): %s!", + My_Connections[idx].host, Conf_Server[server].port, + idx, strerror(err)); + + Conn_Close(idx, "Can't connect", NULL, false); + + if (ng_ipaddr_af(&Conf_Server[server].dst_addr[0])) { + /* more addresses to try... */ + New_Server(server, &Conf_Server[server].dst_addr[0]); + /* connection to dst_addr[0] is now in progress, so + * remove this address... */ + Conf_Server[server].dst_addr[0] = + Conf_Server[server].dst_addr[1]; + memset(&Conf_Server[server].dst_addr[1], 0, + sizeof(Conf_Server[server].dst_addr[1])); + } + return; + } + + /* connect() succeeded, remove all additional addresses */ + memset(&Conf_Server[server].dst_addr, 0, + sizeof(Conf_Server[server].dst_addr)); + + Conn_OPTION_DEL( &My_Connections[idx], CONN_ISCONNECTING ); +#ifdef SSL_SUPPORT + if ( Conn_OPTION_ISSET( &My_Connections[idx], CONN_SSL_CONNECT )) { + io_event_setcb( sock, cb_connserver_login_ssl ); + io_event_add( sock, IO_WANTWRITE|IO_WANTREAD ); + return; + } +#endif + server_login(idx); +} -GLOBAL VOID Conn_Init( VOID ) + +/** + * Login to a remote server. + * + * @param idx Connection index. + */ +static void +server_login(CONN_ID idx) +{ + Log(LOG_INFO, + "Connection %d (socket %d) with \"%s:%d\" established. Now logging in ...", + idx, My_Connections[idx].sock, My_Connections[idx].host, + Conf_Server[Conf_GetServer(idx)].port); + + io_event_setcb( My_Connections[idx].sock, cb_clientserver); + io_event_add( My_Connections[idx].sock, IO_WANTREAD|IO_WANTWRITE); + + /* Send PASS and SERVER command to peer */ + Conn_WriteStr( idx, "PASS %s %s", Conf_Server[Conf_GetServer( idx )].pwd_out, NGIRCd_ProtoID ); + Conn_WriteStr( idx, "SERVER %s :%s", Conf_ServerName, Conf_ServerInfo ); +} + + +#ifdef SSL_SUPPORT +/** + * IO callback for new outgoing SSL-enabled server connections. + * + * @param sock Socket descriptor. + * @param unused (ignored IO specification) + */ +static void +cb_connserver_login_ssl(int sock, short unused) +{ + CONN_ID idx = Socket2Index(sock); + + assert(idx >= 0); + if (idx < 0) { + io_close(sock); + return; + } + (void) unused; + switch (ConnSSL_Connect( &My_Connections[idx])) { + case 1: break; + case 0: LogDebug("ConnSSL_Connect: not ready"); + return; + case -1: + Log(LOG_ERR, "SSL connection on socket %d failed!", sock); + Conn_Close(idx, "Can't connect", NULL, false); + return; + } + + Log( LOG_INFO, "SSL connection %d with \"%s:%d\" established.", idx, + My_Connections[idx].host, Conf_Server[Conf_GetServer( idx )].port ); + + server_login(idx); +} +#endif + + +/** + * IO callback for established non-SSL client and server connections. + * + * @param sock Socket descriptor. + * @param what IO specification (IO_WANTREAD/IO_WANTWRITE/...). + */ +static void +cb_clientserver(int sock, short what) { - /* Modul initialisieren: statische Strukturen "ausnullen". */ + CONN_ID idx = Socket2Index(sock); + + assert(idx >= 0); + + if (idx < 0) { + io_close(sock); + return; + } +#ifdef SSL_SUPPORT + if (what & IO_WANTREAD + || (Conn_OPTION_ISSET(&My_Connections[idx], CONN_SSL_WANT_WRITE))) { + /* if TLS layer needs to write additional data, call + * Read_Request() instead so that SSL/TLS can continue */ + Read_Request(idx); + } +#else + if (what & IO_WANTREAD) + Read_Request(idx); +#endif + if (what & IO_WANTWRITE) + Handle_Write(idx); +} + + +#ifdef SSL_SUPPORT +/** + * IO callback for established SSL-enabled client and server connections. + * + * @param sock Socket descriptor. + * @param what IO specification (IO_WANTREAD/IO_WANTWRITE/...). + */ +static void +cb_clientserver_ssl(int sock, short what) +{ + CONN_ID idx = Socket2Index(sock); + + assert(idx >= 0); + + if (idx < 0) { + io_close(sock); + return; + } + + switch (ConnSSL_Accept(&My_Connections[idx])) { + case 1: + break; /* OK */ + case 0: + return; /* EAGAIN: callback will be invoked again by IO layer */ + default: + Conn_Close(idx, "SSL accept error, closing socket", "SSL accept error", false); + return; + } + if (what & IO_WANTREAD) + Read_Request(idx); + if (what & IO_WANTWRITE) + Handle_Write(idx); + + io_event_setcb(sock, cb_clientserver); /* SSL handshake completed */ +} +#endif + + +/** + * Initialize connecion module. + */ +GLOBAL void +Conn_Init( void ) +{ CONN_ID i; - /* zu Beginn haben wir keine Verbindungen */ - FD_ZERO( &My_Listeners ); - FD_ZERO( &My_Sockets ); - FD_ZERO( &My_Resolvers ); - FD_ZERO( &My_Connects ); + /* Speicher fuer Verbindungs-Pool anfordern */ + Pool_Size = CONNECTION_POOL; + if ((Conf_MaxConnections > 0) && + (Pool_Size > Conf_MaxConnections)) + Pool_Size = Conf_MaxConnections; + + if (!array_alloc(&My_ConnArray, sizeof(CONNECTION), (size_t)Pool_Size)) { + Log(LOG_EMERG, "Can't allocate memory! [Conn_Init]"); + exit(1); + } + + /* FIXME: My_Connetions/Pool_Size is needed by other parts of the + * code; remove them! */ + My_Connections = (CONNECTION*) array_start(&My_ConnArray); + + LogDebug("Allocated connection pool for %d items (%ld bytes).", + array_length(&My_ConnArray, sizeof(CONNECTION)), + array_bytes(&My_ConnArray)); - My_Max_Fd = 0; + assert(array_length(&My_ConnArray, sizeof(CONNECTION)) >= (size_t)Pool_Size); + + array_free( &My_Listeners ); - /* Connection-Struktur initialisieren */ - for( i = 0; i < MAX_CONNECTIONS; i++ ) Init_Conn_Struct( i ); + for (i = 0; i < Pool_Size; i++) + Init_Conn_Struct(i); } /* Conn_Init */ -GLOBAL VOID Conn_Exit( VOID ) +/** + * Clean up connection module. + */ +GLOBAL void +Conn_Exit( void ) { - /* Modul abmelden: alle noch offenen Connections - * schliessen und freigeben. */ - CONN_ID idx; - INT i; - /* Sockets schliessen */ - Log( LOG_DEBUG, "Shutting down all connections ..." ); - for( i = 0; i < My_Max_Fd + 1; i++ ) - { - if( FD_ISSET( i, &My_Sockets )) - { - for( idx = 0; idx < MAX_CONNECTIONS; idx++ ) - { - if( My_Connections[idx].sock == i ) break; - } - if( FD_ISSET( i, &My_Listeners )) - { - close( i ); - Log( LOG_DEBUG, "Listening socket %d closed.", i ); - } - else if( FD_ISSET( i, &My_Connects )) - { - close( i ); - Log( LOG_DEBUG, "Connection %d closed during creation (socket %d).", idx, i ); - } - else if( idx < MAX_CONNECTIONS ) Conn_Close( idx, NULL, "Server going down", TRUE ); - else - { - Log( LOG_WARNING, "Closing unknown connection %d ...", i ); - close( i ); - } + Conn_ExitListeners(); + + LogDebug("Shutting down all connections ..." ); + for( idx = 0; idx < Pool_Size; idx++ ) { + if( My_Connections[idx].sock > NONE ) { + Conn_Close( idx, NULL, NGIRCd_SignalRestart ? + "Server going down (restarting)":"Server going down", true ); } } + + array_free(&My_ConnArray); + My_Connections = NULL; + Pool_Size = 0; + io_library_shutdown(); } /* Conn_Exit */ -GLOBAL BOOLEAN Conn_NewListener( CONST UINT Port ) +/** + * Close all sockets (file descriptors) of open connections. + * This is useful in forked child processes, for example, to make sure that + * they don't hold connections open that the main process wants to close. + */ +GLOBAL void +Conn_CloseAllSockets(int ExceptOf) { - /* Neuen Listen-Socket erzeugen: der Server wartet dann auf - * dem angegebenen Port auf Verbindungen. Kann der Listen- - * Socket nicht erteugt werden, so wird NULL geliefert.*/ - - struct sockaddr_in addr; - INT sock; - - /* Server-"Listen"-Socket initialisieren */ - memset( &addr, 0, sizeof( addr )); - addr.sin_family = AF_INET; - addr.sin_port = htons( Port ); - addr.sin_addr.s_addr = htonl( INADDR_ANY ); - - /* Socket erzeugen */ - sock = socket( PF_INET, SOCK_STREAM, 0); - if( sock < 0 ) - { - Log( LOG_CRIT, "Can't create socket: %s!", strerror( errno )); - return FALSE; + CONN_ID idx; + + for(idx = 0; idx < Pool_Size; idx++) { + if(My_Connections[idx].sock > NONE && + My_Connections[idx].sock != ExceptOf) + close(My_Connections[idx].sock); } +} - if( ! Init_Socket( sock )) return FALSE; - /* an Port binden */ - if( bind( sock, (struct sockaddr *)&addr, (socklen_t)sizeof( addr )) != 0 ) - { - Log( LOG_CRIT, "Can't bind socket: %s!", strerror( errno )); - close( sock ); - return FALSE; +/** + * Initialize listening ports. + * + * @param a Array containing the ports the daemon should listen on. + * @param listen_addr Address the socket should listen on (can be "0.0.0.0"). + * @param func IO callback function to register. + * @returns Number of listening sockets created. + */ +static unsigned int +ports_initlisteners(array *a, const char *listen_addr, void (*func)(int,short)) +{ + unsigned int created = 0; + size_t len; + int fd; + UINT16 *port; + + len = array_length(a, sizeof (UINT16)); + port = array_start(a); + while (len--) { + fd = NewListener(listen_addr, *port); + if (fd < 0) { + port++; + continue; + } + if (!io_event_create( fd, IO_WANTREAD, func )) { + Log( LOG_ERR, "io_event_create(): Could not add listening fd %d (port %u): %s!", + fd, (unsigned int) *port, strerror(errno)); + close(fd); + port++; + continue; + } + created++; + port++; } + return created; +} - /* in "listen mode" gehen :-) */ - if( listen( sock, 10 ) != 0 ) - { - Log( LOG_CRIT, "Can't listen on soecket: %s!", strerror( errno )); - close( sock ); - return FALSE; + +/** + * Initialize all listening sockets. + * + * @returns Number of created listening sockets + */ +GLOBAL unsigned int +Conn_InitListeners( void ) +{ + /* Initialize ports on which the server should accept connections */ + unsigned int created = 0; + char *copy, *listen_addr; + + assert(Conf_ListenAddress); + + /* can't use Conf_ListenAddress directly, see below */ + copy = strdup(Conf_ListenAddress); + if (!copy) { + Log(LOG_CRIT, "Cannot copy %s: %s", Conf_ListenAddress, strerror(errno)); + return 0; + } + listen_addr = strtok(copy, ","); + + while (listen_addr) { + ngt_TrimStr(listen_addr); + if (*listen_addr) { + created += ports_initlisteners(&Conf_ListenPorts, listen_addr, cb_listen); +#ifdef SSL_SUPPORT + created += ports_initlisteners(&Conf_SSLOptions.ListenPorts, listen_addr, cb_listen_ssl); +#endif + } + + listen_addr = strtok(NULL, ","); } - /* Neuen Listener in Strukturen einfuegen */ - FD_SET( sock, &My_Listeners ); - FD_SET( sock, &My_Sockets ); + /* Can't free() Conf_ListenAddress here: on REHASH, if the config file + * cannot be re-loaded, we'd end up with a NULL Conf_ListenAddress. + * Instead, free() takes place in conf.c, before the config file + * is being parsed. */ + free(copy); - if( sock > My_Max_Fd ) My_Max_Fd = sock; + return created; +} /* Conn_InitListeners */ - Log( LOG_INFO, "Now listening on port %d (socket %d).", Port, sock ); - return TRUE; -} /* Conn_NewListener */ +/** + * Shut down all listening sockets. + */ +GLOBAL void +Conn_ExitListeners( void ) +{ + /* Close down all listening sockets */ + int *fd; + size_t arraylen; + + arraylen = array_length(&My_Listeners, sizeof (int)); + Log(LOG_INFO, + "Shutting down all listening sockets (%d total) ...", arraylen); + fd = array_start(&My_Listeners); + while(arraylen--) { + assert(fd != NULL); + assert(*fd >= 0); + io_close(*fd); + LogDebug("Listening socket %d closed.", *fd ); + fd++; + } + array_free(&My_Listeners); +} /* Conn_ExitListeners */ -GLOBAL VOID Conn_Handler( INT Timeout ) +/** + * Bind a socket to a specific (source) address. + * + * @param addr Address structure. + * @param listen_addrstr Source address as string. + * @param Port Port number. + * @returns true on success, false otherwise. + */ +static bool +InitSinaddrListenAddr(ng_ipaddr_t *addr, const char *listen_addrstr, UINT16 Port) { - /* Aktive Verbindungen ueberwachen. Mindestens alle "Timeout" - * Sekunden wird die Funktion verlassen. Folgende Aktionen - * werden durchgefuehrt: - * - neue Verbindungen annehmen, - * - Server-Verbindungen aufbauen, - * - geschlossene Verbindungen loeschen, - * - volle Schreibpuffer versuchen zu schreiben, - * - volle Lesepuffer versuchen zu verarbeiten, - * - Antworten von Resolver Sub-Prozessen annehmen. - */ - - fd_set read_sockets, write_sockets; - struct timeval tv; - time_t start; - INT i; + bool ret; - start = time( NULL ); - while(( time( NULL ) - start < Timeout ) && ( ! NGIRCd_Quit )) - { - Check_Servers( ); + ret = ng_ipaddr_init(addr, listen_addrstr, Port); + if (!ret) { + assert(listen_addrstr); + Log(LOG_CRIT, "Can't bind to [%s]:%u: can't convert ip address \"%s\"!", + listen_addrstr, Port, listen_addrstr); + } + return ret; +} - Check_Connections( ); - /* Timeout initialisieren */ - tv.tv_sec = 0; - tv.tv_usec = 50000; +/** + * Set a socket to "IPv6 only". If the given socket doesn't belong to the + * AF_INET6 family, or the operating system doesn't support this functionality, + * this function retruns silently. + * + * @param af Address family of the socket. + * @param sock Socket handle. + */ +static void +set_v6_only(int af, int sock) +{ +#if defined(IPV6_V6ONLY) && defined(WANT_IPV6) + int on = 1; - /* noch volle Lese-Buffer suchen */ - for( i = 0; i < MAX_CONNECTIONS; i++ ) - { - if(( My_Connections[i].sock > NONE ) && ( My_Connections[i].rdatalen > 0 )) - { - /* Kann aus dem Buffer noch ein Befehl extrahiert werden? */ - Handle_Buffer( i ); - } - } + if (af != AF_INET6) + return; - /* noch volle Schreib-Puffer suchen */ - FD_ZERO( &write_sockets ); - for( i = 0; i < MAX_CONNECTIONS; i++ ) - { - if(( My_Connections[i].sock > NONE ) && ( My_Connections[i].wdatalen > 0 )) - { - /* Socket der Verbindung in Set aufnehmen */ - FD_SET( My_Connections[i].sock, &write_sockets ); + if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, (socklen_t)sizeof(on))) + Log(LOG_ERR, "Could not set IPV6_V6ONLY: %s", strerror(errno)); +#else + (void)af; + (void)sock; +#endif +} + + +/** + * Initialize new listening port. + * + * @param listen_addr Local address to bind the socet to (can be 0.0.0.0). + * @param Port Port number on which the new socket should be listening. + * @returns file descriptor of the socket or -1 on failure. + */ +static int +NewListener(const char *listen_addr, UINT16 Port) +{ + /* Create new listening socket on specified port */ + ng_ipaddr_t addr; + int sock, af; + + if (!InitSinaddrListenAddr(&addr, listen_addr, Port)) + return -1; + + af = ng_ipaddr_af(&addr); + sock = socket(af, SOCK_STREAM, 0); + if (sock < 0) { + Log(LOG_CRIT, "Can't create socket (af %d) : %s!", af, + strerror(errno)); + return -1; + } + + set_v6_only(af, sock); + + if (!Init_Socket(sock)) + return -1; + + if (bind(sock, (struct sockaddr *)&addr, ng_ipaddr_salen(&addr)) != 0) { + Log(LOG_CRIT, "Can't bind socket to address %s:%d - %s!", + ng_ipaddr_tostr(&addr), Port, strerror(errno)); + close(sock); + return -1; + } + + if (listen(sock, 10) != 0) { + Log(LOG_CRIT, "Can't listen on socket: %s!", strerror(errno)); + close(sock); + return -1; + } + + /* keep fd in list so we can close it when ngircd restarts/shuts down */ + if (!array_catb(&My_Listeners, (char *)&sock, sizeof(int))) { + Log(LOG_CRIT, "Can't add socket to My_Listeners array: %s!", + strerror(errno)); + close(sock); + return -1; + } + + Log(LOG_INFO, "Now listening on [%s]:%d (socket %d).", + ng_ipaddr_tostr(&addr), Port, sock); + return sock; +} /* NewListener */ + + +#ifdef SSL_SUPPORT + +/** + * Check if SSL library needs to read SSL-protocol related data. + * + * SSL/TLS connections require extra treatment: + * When either CONN_SSL_WANT_WRITE or CONN_SSL_WANT_READ is set, we + * need to take care of that first, before checking read/write buffers. + * For instance, while we might have data in our write buffer, the + * TLS/SSL protocol might need to read internal data first for TLS/SSL + * writes to succeed. + * + * If this function returns true, such a condition is met and we have + * to reverse the condition (check for read even if we've data to write, + * do not check for read but writeability even if write-buffer is empty). + * + * @param c Connection to check. + * @returns true if SSL-library has to read protocol data. + */ +static bool +SSL_WantRead(const CONNECTION *c) +{ + if (Conn_OPTION_ISSET(c, CONN_SSL_WANT_READ)) { + io_event_add(c->sock, IO_WANTREAD); + return true; + } + return false; +} + +/** + * Check if SSL library needs to write SSL-protocol related data. + * + * Please see description of SSL_WantRead() for full description! + * + * @param c Connection to check. + * @returns true if SSL-library has to write protocol data. + */ +static bool +SSL_WantWrite(const CONNECTION *c) +{ + if (Conn_OPTION_ISSET(c, CONN_SSL_WANT_WRITE)) { + io_event_add(c->sock, IO_WANTWRITE); + return true; + } + return false; +} + +#else + +static inline bool +SSL_WantRead(UNUSED const CONNECTION *c) +{ return false; } + +static inline bool +SSL_WantWrite(UNUSED const CONNECTION *c) +{ return false; } + +#endif + + +/** + * "Main Loop": Loop until shutdown or restart is signalled. + * + * This function loops until a shutdown or restart of ngIRCd is signalled and + * calls io_dispatch() to check for readable and writable sockets every second. + * It checks for status changes on pending connections (e. g. when a hostname + * has been resolved), checks for "penalties" and timeouts, and handles the + * input buffers. + */ +GLOBAL void +Conn_Handler(void) +{ + int i; + unsigned int wdatalen, bytes_processed; + struct timeval tv; + time_t t; + + while (!NGIRCd_SignalQuit && !NGIRCd_SignalRestart) { + t = time(NULL); + + /* Check configured servers and established links */ + Check_Servers(); + Check_Connections(); + + /* Expire outdated class/list items */ + Class_Expire(); + + /* Look for non-empty read buffers ... */ + for (i = 0; i < Pool_Size; i++) { + if ((My_Connections[i].sock > NONE) + && (array_bytes(&My_Connections[i].rbuf) > 0) + && (My_Connections[i].delaytime <= t)) { + /* ... and try to handle the received data */ + bytes_processed = Handle_Buffer(i); + /* if we processed data, and there might be + * more commands in the input buffer, do not + * try to read any more data now */ + if (bytes_processed && + array_bytes(&My_Connections[i].rbuf) > 2) { + LogDebug + ("Throttling connection %d: command limit reached!", + i); + Conn_SetPenalty(i, 1); + } } } - /* Sockets mit im Aufbau befindlichen ausgehenden Verbindungen suchen */ - for( i = 0; i < MAX_CONNECTIONS; i++ ) - { - if(( My_Connections[i].sock > NONE ) && ( FD_ISSET( My_Connections[i].sock, &My_Connects ))) FD_SET( My_Connections[i].sock, &write_sockets ); - } - /* von welchen Sockets koennte gelesen werden? */ - read_sockets = My_Sockets; - for( i = 0; i < MAX_CONNECTIONS; i++ ) - { - if(( My_Connections[i].sock > NONE ) && ( My_Connections[i].host[0] == '\0' )) - { - /* Hier muss noch auf den Resolver Sub-Prozess gewartet werden */ - FD_CLR( My_Connections[i].sock, &read_sockets ); - } - if(( My_Connections[i].sock > NONE ) && ( FD_ISSET( My_Connections[i].sock, &My_Connects ))) + /* Look for non-empty write buffers ... */ + for (i = 0; i < Pool_Size; i++) { + if (My_Connections[i].sock <= NONE) + continue; + + wdatalen = (unsigned int)array_bytes(&My_Connections[i].wbuf); +#ifdef ZLIB + if (wdatalen > 0 || + array_bytes(&My_Connections[i].zip.wbuf) > 0) +#else + if (wdatalen > 0) +#endif { - /* Hier laeuft noch ein asyncrones connect() */ - FD_CLR( My_Connections[i].sock, &read_sockets ); + if (SSL_WantRead(&My_Connections[i])) + continue; + io_event_add(My_Connections[i].sock, + IO_WANTWRITE); } } - for( i = 0; i < My_Max_Fd + 1; i++ ) - { - /* Pipes von Resolver Sub-Prozessen aufnehmen */ - if( FD_ISSET( i, &My_Resolvers )) - { - FD_SET( i, &read_sockets ); + + /* Check from which sockets we possibly could read ... */ + for (i = 0; i < Pool_Size; i++) { + if (My_Connections[i].sock <= NONE) + continue; +#ifdef SSL_SUPPORT + if (SSL_WantWrite(&My_Connections[i])) + continue; /* TLS/SSL layer needs to write data; deal with this first */ +#endif + if (Proc_InProgress(&My_Connections[i].proc_stat)) { + /* Wait for completion of forked subprocess + * and ignore the socket in the meantime ... */ + io_event_del(My_Connections[i].sock, + IO_WANTREAD); + continue; } - } - /* Auf Aktivitaet warten */ - if( select( My_Max_Fd + 1, &read_sockets, &write_sockets, NULL, &tv ) == -1 ) - { - if( errno != EINTR ) - { - Log( LOG_EMERG, "select(): %s!", strerror( errno )); - Log( LOG_ALERT, PACKAGE" exiting due to fatal errors!" ); - exit( 1 ); + if (Conn_OPTION_ISSET(&My_Connections[i], CONN_ISCONNECTING)) + /* Wait for completion of connect() ... */ + continue; + + if (My_Connections[i].delaytime > t) { + /* There is a "penalty time" set: ignore socket! */ + io_event_del(My_Connections[i].sock, + IO_WANTREAD); + continue; } - continue; - } - /* Koennen Daten geschrieben werden? */ - for( i = 0; i < My_Max_Fd + 1; i++ ) - { - if( FD_ISSET( i, &write_sockets )) Handle_Write( Socket2Index( i )); + io_event_add(My_Connections[i].sock, IO_WANTREAD); } - /* Daten zum Lesen vorhanden? */ - for( i = 0; i < My_Max_Fd + 1; i++ ) - { - if( FD_ISSET( i, &read_sockets )) Handle_Read( i ); + /* Set the timeout for reading from the network to 1 second, + * which is the granularity with witch we handle "penalty + * times" for example. + * Note: tv_sec/usec are undefined(!) after io_dispatch() + * returns, so we have to set it beforce each call to it! */ + tv.tv_usec = 0; + tv.tv_sec = 1; + + /* Wait for activity ... */ + i = io_dispatch(&tv); + if (i == -1 && errno != EINTR) { + Log(LOG_EMERG, "Conn_Handler(): io_dispatch(): %s!", + strerror(errno)); + Log(LOG_ALERT, "%s exiting due to fatal errors!", + PACKAGE_NAME); + exit(1); } } + + if (NGIRCd_SignalQuit) + Log(LOG_NOTICE | LOG_snotice, "Server going down NOW!"); + else if (NGIRCd_SignalRestart) + Log(LOG_NOTICE | LOG_snotice, "Server restarting NOW!"); } /* Conn_Handler */ -GLOBAL BOOLEAN Conn_WriteStr( CONN_ID Idx, CHAR *Format, ... ) +/** + * Write a text string into the socket of a connection. + * + * This function automatically appends CR+LF to the string and validates that + * the result is a valid IRC message (oversized messages are shortened, for + * example). Then it calls the Conn_Write() function to do the actual sending. + * + * @param Idx Index fo the connection. + * @param Format Format string, see printf(). + * @returns true on success, false otherwise. + */ +#ifdef PROTOTYPES +GLOBAL bool +Conn_WriteStr(CONN_ID Idx, const char *Format, ...) +#else +GLOBAL bool +Conn_WriteStr(Idx, Format, va_alist) +CONN_ID Idx; +const char *Format; +va_dcl +#endif { - /* String in Socket schreiben. CR+LF wird von dieser Funktion - * automatisch angehaengt. Im Fehlerfall wird dir Verbindung - * getrennt und FALSE geliefert. */ - - CHAR buffer[COMMAND_LEN]; - BOOLEAN ok; + char buffer[COMMAND_LEN]; +#ifdef ICONV + char *ptr, *message; +#endif + size_t len; + bool ok; va_list ap; - assert( Idx >= 0 ); - assert( My_Connections[Idx].sock > NONE ); + assert( Idx > NONE ); assert( Format != NULL ); - + +#ifdef PROTOTYPES va_start( ap, Format ); - if( vsnprintf( buffer, COMMAND_LEN - 2, Format, ap ) == COMMAND_LEN - 2 ) - { - Log( LOG_CRIT, "Text too long to send (connection %d)!", Idx ); - Conn_Close( Idx, "Text too long to send!", NULL, FALSE ); - return FALSE; +#else + va_start( ap ); +#endif + if (vsnprintf( buffer, COMMAND_LEN - 2, Format, ap ) >= COMMAND_LEN - 2 ) { + /* + * The string that should be written to the socket is longer + * than the allowed size of COMMAND_LEN bytes (including both + * the CR and LF characters). This can be caused by the + * IRC_WriteXXX() functions when the prefix of this server had + * to be added to an already "quite long" command line which + * has been received from a regular IRC client, for example. + * + * We are not allowed to send such "oversized" messages to + * other servers and clients, see RFC 2812 2.3 and 2813 3.3 + * ("these messages SHALL NOT exceed 512 characters in length, + * counting all characters including the trailing CR-LF"). + * + * So we have a big problem here: we should send more bytes + * to the network than we are allowed to and we don't know + * the originator (any more). The "old" behaviour of blaming + * the receiver ("next hop") is a bad idea (it could be just + * an other server only routing the message!), so the only + * option left is to shorten the string and to hope that the + * result is still somewhat useful ... + * -alex- + */ + + strcpy (buffer + sizeof(buffer) - strlen(CUT_TXTSUFFIX) - 2 - 1, + CUT_TXTSUFFIX); } +#ifdef ICONV + ptr = strchr(buffer + 1, ':'); + if (ptr) { + ptr++; + message = Conn_EncodingTo(Idx, ptr); + if (message != ptr) + strlcpy(ptr, message, sizeof(buffer) - (ptr - buffer)); + } +#endif + #ifdef SNIFFER - if( NGIRCd_Sniffer ) Log( LOG_DEBUG, " -> connection %d: '%s'.", Idx, buffer ); + if (NGIRCd_Sniffer) + Log(LOG_DEBUG, " -> connection %d: '%s'.", Idx, buffer); #endif - strcat( buffer, "\r\n" ); - ok = Conn_Write( Idx, buffer, strlen( buffer )); + len = strlcat( buffer, "\r\n", sizeof( buffer )); + ok = Conn_Write(Idx, buffer, len); + My_Connections[Idx].msg_out++; va_end( ap ); return ok; } /* Conn_WriteStr */ +GLOBAL char* +Conn_Password( CONN_ID Idx ) +{ + assert( Idx > NONE ); + if (My_Connections[Idx].pwd == NULL) + return (char*)"\0"; + else + return My_Connections[Idx].pwd; +} /* Conn_Password */ -GLOBAL BOOLEAN Conn_Write( CONN_ID Idx, CHAR *Data, INT Len ) +GLOBAL void +Conn_SetPassword( CONN_ID Idx, const char *Pwd ) { - /* Daten in Socket schreiben. Bei "fatalen" Fehlern wird - * der Client disconnectiert und FALSE geliefert. */ + assert( Idx > NONE ); - assert( Idx >= 0 ); - assert( My_Connections[Idx].sock > NONE ); + if (My_Connections[Idx].pwd) + free(My_Connections[Idx].pwd); + + My_Connections[Idx].pwd = strdup(Pwd); + if (My_Connections[Idx].pwd == NULL) { + Log(LOG_EMERG, "Can't allocate memory! [Conn_SetPassword]"); + exit(1); + } +} /* Conn_SetPassword */ + +/** + * Append Data to the outbound write buffer of a connection. + * + * @param Idx Index of the connection. + * @param Data pointer to the data. + * @param Len length of Data. + * @returns true on success, false otherwise. + */ +static bool +Conn_Write( CONN_ID Idx, char *Data, size_t Len ) +{ + CLIENT *c; + size_t writebuf_limit = WRITEBUFFER_MAX_LEN; + assert( Idx > NONE ); assert( Data != NULL ); assert( Len > 0 ); - /* pruefen, ob Daten im Schreibpuffer sind. Wenn ja, zunaechst - * pruefen, ob diese gesendet werden koennen */ - if( My_Connections[Idx].wdatalen > 0 ) - { - if( ! Try_Write( Idx )) return FALSE; + /* Is the socket still open? A previous call to Conn_Write() + * may have closed the connection due to a fatal error. + * In this case it is sufficient to return an error, as well. */ + if (My_Connections[Idx].sock <= NONE) { + LogDebug("Skipped write on closed socket (connection %d).", Idx); + return false; } - /* pruefen, ob im Schreibpuffer genuegend Platz ist */ - if( WRITEBUFFER_LEN - My_Connections[Idx].wdatalen - Len <= 0 ) - { - /* der Puffer ist dummerweise voll ... */ - Log( LOG_NOTICE, "Write buffer overflow (connection %d)!", Idx ); - Conn_Close( Idx, "Write buffer overflow!", NULL, FALSE ); - return FALSE; + /* Make sure that there still exists a CLIENT structure associated + * with this connection and check if this is a server or not: */ + c = Conn_GetClient(Idx); + if (c) { + /* Servers do get special write buffer limits, so they can + * generate all the messages that are required while peering. */ + if (Client_Type(c) == CLIENT_SERVER) + writebuf_limit = WRITEBUFFER_SLINK_LEN; + } else + LogDebug("Write on socket without client (connection %d)!?", Idx); + +#ifdef ZLIB + if ( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_ZIP )) { + /* Compressed link: + * Zip_Buffer() does all the dirty work for us: it flushes + * the (pre-)compression buffers if required and handles + * all error conditions. */ + if (!Zip_Buffer(Idx, Data, Len)) + return false; } + else +#endif + { + /* Uncompressed link: + * Check if outbound buffer has enough space for the data. */ + if (array_bytes(&My_Connections[Idx].wbuf) + Len >= + WRITEBUFFER_FLUSH_LEN) { + /* Buffer is full, flush it. Handle_Write deals with + * low-level errors, if any. */ + if (!Handle_Write(Idx)) + return false; + } + + /* When the write buffer is still too big after flushing it, + * the connection will be killed. */ + if (array_bytes(&My_Connections[Idx].wbuf) + Len >= + writebuf_limit) { + Log(LOG_NOTICE, + "Write buffer space exhausted (connection %d, limit is %lu bytes, %lu bytes new, %lu bytes pending)", + Idx, writebuf_limit, Len, + (unsigned long)array_bytes(&My_Connections[Idx].wbuf)); + Conn_Close(Idx, "Write buffer space exhausted", NULL, false); + return false; + } - /* Daten in Puffer kopieren */ - memcpy( My_Connections[Idx].wbuf + My_Connections[Idx].wdatalen, Data, Len ); - My_Connections[Idx].wdatalen += Len; + /* Copy data to write buffer */ + if (!array_catb(&My_Connections[Idx].wbuf, Data, Len)) + return false; - /* pruefen, on Daten vorhanden sind und geschrieben werden koennen */ - if( My_Connections[Idx].wdatalen > 0 ) - { - if( ! Try_Write( Idx )) return FALSE; + My_Connections[Idx].bytes_out += Len; } - return TRUE; + /* Adjust global write counter */ + WCounter += Len; + + return true; } /* Conn_Write */ -GLOBAL VOID Conn_Close( CONN_ID Idx, CHAR *LogMsg, CHAR *FwdMsg, BOOLEAN InformClient ) +/** + * Shut down a connection. + * + * @param Idx Connection index. + * @param LogMsg Message to write to the log or NULL. If no LogMsg + * is given, the FwdMsg is logged. + * @param FwdMsg Message to forward to remote servers. + * @param InformClient If true, inform the client on the connection which is + * to be shut down of the reason (FwdMsg) and send + * connection statistics before disconnecting it. + */ +GLOBAL void +Conn_Close( CONN_ID Idx, const char *LogMsg, const char *FwdMsg, bool InformClient ) { - /* Verbindung schliessen. Evtl. noch von Resolver - * Sub-Prozessen offene Pipes werden geschlossen. */ + /* Close connection. Open pipes of asynchronous resolver + * sub-processes are closed down. */ CLIENT *c; + double in_k, out_k; + UINT16 port; +#ifdef ZLIB + double in_z_k, out_z_k; + int in_p, out_p; +#endif + + assert( Idx > NONE ); + + /* Is this link already shutting down? */ + if( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_ISCLOSING )) { + /* Conn_Close() has been called recursively for this link; + * probabe reason: Handle_Write() failed -- see below. */ + LogDebug("Recursive request to close connection: %d", Idx ); + return; + } - assert( Idx >= 0 ); assert( My_Connections[Idx].sock > NONE ); - if( InformClient ) - { - if( FwdMsg ) Conn_WriteStr( Idx, "ERROR :%s", FwdMsg ); - else Conn_WriteStr( Idx, "ERROR :Closing connection." ); - if( My_Connections[Idx].sock == NONE ) return; + /* Mark link as "closing" */ + Conn_OPTION_ADD( &My_Connections[Idx], CONN_ISCLOSING ); + + port = ng_ipaddr_getport(&My_Connections[Idx].addr); + Log(LOG_INFO, "Shutting down connection %d (%s) with \"%s:%d\" ...", Idx, + LogMsg ? LogMsg : FwdMsg, My_Connections[Idx].host, port); + + /* Search client, if any */ + c = Conn_GetClient( Idx ); + + /* Should the client be informed? */ + if (InformClient) { +#ifndef STRICT_RFC + /* Send statistics to client if registered as user: */ + if ((c != NULL) && (Client_Type(c) == CLIENT_USER)) { + Conn_WriteStr( Idx, + ":%s NOTICE %s :%sConnection statistics: client %.1f kb, server %.1f kb.", + Client_ID(Client_ThisServer()), Client_ID(c), + NOTICE_TXTPREFIX, + (double)My_Connections[Idx].bytes_in / 1024, + (double)My_Connections[Idx].bytes_out / 1024); + } +#endif + /* Send ERROR to client (see RFC 2812, section 3.1.7) */ + if (FwdMsg) + Conn_WriteStr(Idx, "ERROR :%s", FwdMsg); + else + Conn_WriteStr(Idx, "ERROR :Closing connection"); } - if( close( My_Connections[Idx].sock ) != 0 ) - { - Log( LOG_ERR, "Error closing connection %d with %s:%d - %s!", Idx, inet_ntoa( My_Connections[Idx].addr.sin_addr ), ntohs( My_Connections[Idx].addr.sin_port), strerror( errno )); + /* Try to write out the write buffer. Note: Handle_Write() eventually + * removes the CLIENT structure associated with this connection if an + * error occurs! So we have to re-check if there is still an valid + * CLIENT structure after calling Handle_Write() ...*/ + (void)Handle_Write( Idx ); + + /* Search client, if any (re-check!) */ + c = Conn_GetClient( Idx ); +#ifdef SSL_SUPPORT + if ( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_SSL )) { + Log(LOG_INFO, "SSL connection %d shutting down ...", Idx); + ConnSSL_Free(&My_Connections[Idx]); } - else - { - Log( LOG_INFO, "Connection %d with %s:%d closed.", Idx, inet_ntoa( My_Connections[Idx].addr.sin_addr ), ntohs( My_Connections[Idx].addr.sin_port )); +#endif + /* Shut down socket */ + if (! io_close(My_Connections[Idx].sock)) { + /* Oops, we can't close the socket!? This is ... ugly! */ + Log(LOG_CRIT, + "Error closing connection %d (socket %d) with %s:%d - %s! (ignored)", + Idx, My_Connections[Idx].sock, My_Connections[Idx].host, + port, strerror(errno)); } - c = Client_GetFromConn( Idx ); - if( c ) Client_Destroy( c, LogMsg, FwdMsg, TRUE ); + /* Mark socket as invalid: */ + My_Connections[Idx].sock = NONE; - if( My_Connections[Idx].res_stat ) + /* If there is still a client, unregister it now */ + if (c) + Client_Destroy(c, LogMsg, FwdMsg, true); + + /* Calculate statistics and log information */ + in_k = (double)My_Connections[Idx].bytes_in / 1024; + out_k = (double)My_Connections[Idx].bytes_out / 1024; +#ifdef ZLIB + if (Conn_OPTION_ISSET( &My_Connections[Idx], CONN_ZIP)) { + in_z_k = (double)My_Connections[Idx].zip.bytes_in / 1024; + out_z_k = (double)My_Connections[Idx].zip.bytes_out / 1024; + /* Make sure that no division by zero can occur during + * the calculation of in_p and out_p: in_z_k and out_z_k + * are non-zero, that's guaranteed by the protocol until + * compression can be enabled. */ + if (! in_z_k) + in_z_k = in_k; + if (! out_z_k) + out_z_k = out_k; + in_p = (int)(( in_k * 100 ) / in_z_k ); + out_p = (int)(( out_k * 100 ) / out_z_k ); + Log(LOG_INFO, + "Connection %d with \"%s:%d\" closed (in: %.1fk/%.1fk/%d%%, out: %.1fk/%.1fk/%d%%).", + Idx, My_Connections[Idx].host, port, + in_k, in_z_k, in_p, out_k, out_z_k, out_p); + } + else +#endif { - /* Resolver-Strukturen freigeben, wenn noch nicht geschehen */ - FD_CLR( My_Connections[Idx].res_stat->pipe[0], &My_Resolvers ); - close( My_Connections[Idx].res_stat->pipe[0] ); - close( My_Connections[Idx].res_stat->pipe[1] ); - free( My_Connections[Idx].res_stat ); + Log(LOG_INFO, + "Connection %d with \"%s:%d\" closed (in: %.1fk, out: %.1fk).", + Idx, My_Connections[Idx].host, port, + in_k, out_k); } - /* Bei Server-Verbindungen lasttry-Zeitpunkt so setzen, dass - * der naechste Verbindungsversuch in RECONNECT_DELAY Sekunden - * gestartet wird. */ - if(( My_Connections[Idx].our_server >= 0 ) && ( Conf_Server[My_Connections[Idx].our_server].lasttry < time( NULL ))) - { - /* Okay, die Verbindung stand schon "genuegend lange" */ - Conf_Server[My_Connections[Idx].our_server].lasttry = time( NULL ) - Conf_ConnectRetry + RECONNECT_DELAY; + /* Servers: Modify time of next connect attempt? */ + Conf_UnsetServer( Idx ); + +#ifdef ZLIB + /* Clean up zlib, if link was compressed */ + if ( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_ZIP )) { + inflateEnd( &My_Connections[Idx].zip.in ); + deflateEnd( &My_Connections[Idx].zip.out ); + array_free(&My_Connections[Idx].zip.rbuf); + array_free(&My_Connections[Idx].zip.wbuf); } +#endif - FD_CLR( My_Connections[Idx].sock, &My_Sockets ); - FD_CLR( My_Connections[Idx].sock, &My_Connects ); - My_Connections[Idx].sock = NONE; + array_free(&My_Connections[Idx].rbuf); + array_free(&My_Connections[Idx].wbuf); + if (My_Connections[Idx].pwd != NULL) + free(My_Connections[Idx].pwd); + + /* Clean up connection structure (=free it) */ + Init_Conn_Struct( Idx ); + + assert(NumConnections > 0); + if (NumConnections) + NumConnections--; + LogDebug("Shutdown of connection %d completed, %ld connection%s left.", + Idx, NumConnections, NumConnections != 1 ? "s" : ""); } /* Conn_Close */ -GLOBAL VOID Conn_UpdateIdle( CONN_ID Idx ) +/** + * Get current number of connections. + * + * @returns Number of current connections. + */ +GLOBAL long +Conn_Count(void) { - /* Idle-Timer zuruecksetzen */ - - assert( Idx >= 0 ); - My_Connections[Idx].lastprivmsg = time( NULL ); -} + return NumConnections; +} /* Conn_Count */ -GLOBAL time_t Conn_GetIdle( CONN_ID Idx ) +/** + * Get number of maximum simultaneous connections. + * + * @returns Number of maximum simultaneous connections. + */ +GLOBAL long +Conn_CountMax(void) { - /* Idle-Time einer Verbindung liefern (in Sekunden) */ + return NumConnectionsMax; +} /* Conn_CountMax */ - assert( Idx >= 0 ); - return time( NULL ) - My_Connections[Idx].lastprivmsg; -} /* Conn_GetIdle */ - -GLOBAL time_t Conn_LastPing( CONN_ID Idx ) +/** + * Get number of connections accepted since the daemon startet. + * + * @returns Number of connections accepted. + */ +GLOBAL long +Conn_CountAccepted(void) { - /* Zeitpunkt des letzten PING liefern */ + return NumConnectionsAccepted; +} /* Conn_CountAccepted */ - assert( Idx >= 0 ); - return My_Connections[Idx].lastping; -} /* Conn_LastPing */ - -LOCAL BOOLEAN Try_Write( CONN_ID Idx ) +/** + * Synchronize established connections and configured server structures + * after a configuration update and store the correct connection IDs, if any. + */ +GLOBAL void +Conn_SyncServerStruct(void) { - /* Versuchen, Daten aus dem Schreib-Puffer in den - * Socket zu schreiben. */ + CLIENT *client; + CONN_ID i; + int c; - fd_set write_socket; + for (i = 0; i < Pool_Size; i++) { + if (My_Connections[i].sock == NONE) + continue; - assert( Idx >= 0 ); - assert( My_Connections[Idx].sock > NONE ); - assert( My_Connections[Idx].wdatalen > 0 ); + /* Server link? */ + client = Conn_GetClient(i); + if (!client || Client_Type(client) != CLIENT_SERVER) + continue; - FD_ZERO( &write_socket ); - FD_SET( My_Connections[Idx].sock, &write_socket ); - if( select( My_Connections[Idx].sock + 1, NULL, &write_socket, NULL, 0 ) == -1 ) - { - /* Fehler! */ - if( errno != EINTR ) - { - Log( LOG_ALERT, "select() failed: %s!", strerror( errno )); - Conn_Close( Idx, "Server error!", NULL, FALSE ); - return FALSE; + for (c = 0; c < MAX_SERVERS; c++) { + /* Configured server? */ + if (!Conf_Server[c].host[0]) + continue; + + if (strcasecmp(Conf_Server[c].name, Client_ID(client)) == 0) + Conf_Server[c].conn_id = i; } } +} /* SyncServerStruct */ - if( FD_ISSET( My_Connections[Idx].sock, &write_socket )) return Handle_Write( Idx ); - else return TRUE; -} /* Try_Write */ - -LOCAL VOID Handle_Read( INT Sock ) +/** + * Get IP address string of a connection. + * + * @param Idx Connection index. + * @return Pointer to a global buffer containing the IP address as string. + */ +GLOBAL const char * +Conn_GetIPAInfo(CONN_ID Idx) { - /* Aktivitaet auf einem Socket verarbeiten: - * - neue Clients annehmen, - * - Daten von Clients verarbeiten, - * - Resolver-Rueckmeldungen annehmen. */ - - CONN_ID idx; - - assert( Sock >= 0 ); + assert(Idx > NONE); + return ng_ipaddr_tostr(&My_Connections[Idx].addr); +} - if( FD_ISSET( Sock, &My_Listeners )) - { - /* es ist einer unserer Listener-Sockets: es soll - * also eine neue Verbindung aufgebaut werden. */ - New_Connection( Sock ); - } - else if( FD_ISSET( Sock, &My_Resolvers )) - { - /* Rueckmeldung von einem Resolver Sub-Prozess */ +/** + * Send out data of write buffer; connect new sockets. + * + * @param Idx Connection index. + * @returns true on success, false otherwise. + */ +static bool +Handle_Write( CONN_ID Idx ) +{ + ssize_t len; + size_t wdatalen; - Read_Resolver_Result( Sock ); + assert( Idx > NONE ); + if ( My_Connections[Idx].sock < 0 ) { + LogDebug("Handle_Write() on closed socket, connection %d", Idx); + return false; } - else - { - /* Ein Client Socket: entweder ein User oder Server */ + assert( My_Connections[Idx].sock > NONE ); - idx = Socket2Index( Sock ); - Read_Request( idx ); - } -} /* Handle_Read */ + wdatalen = array_bytes(&My_Connections[Idx].wbuf ); +#ifdef ZLIB + if (wdatalen == 0) { + /* Write buffer is empty, so we try to flush the compression + * buffer and get some data to work with from there :-) */ + if (!Zip_Flush(Idx)) + return false; -LOCAL BOOLEAN Handle_Write( CONN_ID Idx ) -{ - /* Daten aus Schreibpuffer versenden bzw. Connection aufbauen */ + /* Now the write buffer most probably has changed: */ + wdatalen = array_bytes(&My_Connections[Idx].wbuf); + } +#endif - INT len, res, err; + if (wdatalen == 0) { + /* Still no data, fine. */ + io_event_del(My_Connections[Idx].sock, IO_WANTWRITE ); + return true; + } - assert( Idx >= 0 ); - assert( My_Connections[Idx].sock > NONE ); +#ifdef DEBUG_BUFFER + LogDebug + ("Handle_Write() called for connection %d, %ld bytes pending ...", + Idx, wdatalen); +#endif - if( FD_ISSET( My_Connections[Idx].sock, &My_Connects )) +#ifdef SSL_SUPPORT + if ( Conn_OPTION_ISSET( &My_Connections[Idx], CONN_SSL )) { + len = ConnSSL_Write(&My_Connections[Idx], array_start(&My_Connections[Idx].wbuf), wdatalen); + } else +#endif { - /* es soll nichts geschrieben werden, sondern ein - * connect() hat ein Ergebnis geliefert */ + len = write(My_Connections[Idx].sock, + array_start(&My_Connections[Idx].wbuf), wdatalen ); + } + if( len < 0 ) { + if (errno == EAGAIN || errno == EINTR) + return true; + + Log(LOG_ERR, "Write error on connection %d (socket %d): %s!", + Idx, My_Connections[Idx].sock, strerror(errno)); + Conn_Close(Idx, "Write error!", NULL, false); + return false; + } - FD_CLR( My_Connections[Idx].sock, &My_Connects ); + /* move any data not yet written to beginning */ + array_moveleft(&My_Connections[Idx].wbuf, 1, (size_t)len); - /* Ergebnis des connect() ermitteln */ - len = sizeof( err ); - res = getsockopt( My_Connections[Idx].sock, SOL_SOCKET, SO_ERROR, &err, &len ); - assert( len == sizeof( err )); + return true; +} /* Handle_Write */ - /* Fehler aufgetreten? */ - if(( res != 0 ) || ( err != 0 )) - { - /* Fehler! */ - if( res != 0 ) Log( LOG_CRIT, "getsockopt (connection %d): %s!", Idx, strerror( errno )); - else Log( LOG_CRIT, "Can't connect socket to \"%s:%d\" (connection %d): %s!", My_Connections[Idx].host, Conf_Server[My_Connections[Idx].our_server].port, Idx, strerror( err )); - /* Socket etc. pp. aufraeumen */ - FD_CLR( My_Connections[Idx].sock, &My_Sockets ); - close( My_Connections[Idx].sock ); - Init_Conn_Struct( Idx ); +/** + * Count established connections to a specific IP address. + * + * @returns Number of established connections. + */ +static int +Count_Connections(ng_ipaddr_t *a) +{ + int i, cnt; - /* Bei Server-Verbindungen lasttry-Zeitpunkt auf "jetzt" setzen */ - Conf_Server[My_Connections[Idx].our_server].lasttry = time( NULL ); + cnt = 0; + for (i = 0; i < Pool_Size; i++) { + if (My_Connections[i].sock <= NONE) + continue; + if (ng_ipaddr_ipequal(&My_Connections[i].addr, a)) + cnt++; + } + return cnt; +} /* Count_Connections */ - return FALSE; - } - Log( LOG_DEBUG, "Connection %d with \"%s:%d\" established, now sendig PASS and SERVER ...", Idx, My_Connections[Idx].host, Conf_Server[My_Connections[Idx].our_server].port ); - /* PASS und SERVER verschicken */ - Conn_WriteStr( Idx, "PASS %s "PASSSERVERADD, Conf_Server[My_Connections[Idx].our_server].pwd ); - Conn_WriteStr( Idx, "SERVER %s :%s", Conf_ServerName, Conf_ServerInfo ); +/** + * Initialize new client connection on a listening socket. + * + * @param Sock Listening socket descriptor. + * @param IsSSL true if this socket expects SSL-encrypted data. + * @returns Accepted socket descriptor or -1 on error. + */ +static int +New_Connection(int Sock, UNUSED bool IsSSL) +{ +#ifdef TCPWRAP + struct request_info req; +#endif + ng_ipaddr_t new_addr; + char ip_str[NG_INET_ADDRSTRLEN]; + int new_sock, new_sock_len; + CLIENT *c; + long cnt; - return TRUE; - } + assert(Sock > NONE); - assert( My_Connections[Idx].wdatalen > 0 ); + LogDebug("Accepting new connection on socket %d ...", Sock); - /* Daten schreiben */ - len = send( My_Connections[Idx].sock, My_Connections[Idx].wbuf, My_Connections[Idx].wdatalen, 0 ); - if( len < 0 ) - { - /* Oops, ein Fehler! */ - Log( LOG_ERR, "Write error (buffer) on connection %d: %s!", Idx, strerror( errno )); - Conn_Close( Idx, "Write error (buffer)!", NULL, FALSE ); - return FALSE; + new_sock_len = (int)sizeof(new_addr); + new_sock = accept(Sock, (struct sockaddr *)&new_addr, + (socklen_t *)&new_sock_len); + if (new_sock < 0) { + Log(LOG_CRIT, "Can't accept connection: %s!", strerror(errno)); + return -1; } + NumConnectionsAccepted++; - /* Puffer anpassen */ - My_Connections[Idx].wdatalen -= len; - memmove( My_Connections[Idx].wbuf, My_Connections[Idx].wbuf + len, My_Connections[Idx].wdatalen ); - - return TRUE; -} /* Handle_Write */ - + if (!ng_ipaddr_tostr_r(&new_addr, ip_str)) { + Log(LOG_CRIT, "fd %d: Can't convert IP address!", new_sock); + Simple_Message(new_sock, "ERROR :Internal Server Error"); + close(new_sock); + return -1; + } -LOCAL VOID New_Connection( INT Sock ) -{ - /* Neue Client-Verbindung von Listen-Socket annehmen und - * CLIENT-Struktur anlegen. */ +#ifdef TCPWRAP + /* Validate socket using TCP Wrappers */ + request_init(&req, RQ_DAEMON, PACKAGE_NAME, RQ_FILE, new_sock, + RQ_CLIENT_SIN, &new_addr, NULL); + fromhost(&req); + if (!hosts_access(&req)) { + Log(deny_severity, + "Refused connection from %s (by TCP Wrappers)!", ip_str); + Simple_Message(new_sock, "ERROR :Connection refused"); + close(new_sock); + return -1; + } +#endif - struct sockaddr_in new_addr; - INT new_sock, new_sock_len; - RES_STAT *s; - CONN_ID idx; + if (!Init_Socket(new_sock)) + return -1; + + /* Check global connection limit */ + if ((Conf_MaxConnections > 0) && + (NumConnections >= (size_t) Conf_MaxConnections)) { + Log(LOG_ALERT, "Can't accept connection: limit (%d) reached!", + Conf_MaxConnections); + Simple_Message(new_sock, "ERROR :Connection limit reached"); + close(new_sock); + return -1; + } - assert( Sock >= 0 ); + /* Check IP-based connection limit */ + cnt = Count_Connections(&new_addr); + if ((Conf_MaxConnectionsIP > 0) && (cnt >= Conf_MaxConnectionsIP)) { + /* Access denied, too many connections from this IP address! */ + Log(LOG_ERR, + "Refused connection from %s: too may connections (%ld) from this IP address!", + ip_str, cnt); + Simple_Message(new_sock, + "ERROR :Connection refused, too many connections from your IP address"); + close(new_sock); + return -1; + } - new_sock_len = sizeof( new_addr ); - new_sock = accept( Sock, (struct sockaddr *)&new_addr, (socklen_t *)&new_sock_len ); - if( new_sock < 0 ) - { - Log( LOG_CRIT, "Can't accept connection: %s!", strerror( errno )); - return; + if (new_sock >= Pool_Size) { + if (!array_alloc(&My_ConnArray, sizeof(CONNECTION), + (size_t) new_sock)) { + Log(LOG_EMERG, + "Can't allocate memory! [New_Connection]"); + Simple_Message(new_sock, "ERROR: Internal error"); + close(new_sock); + return -1; + } + LogDebug("Bumped connection pool to %ld items (internal: %ld items, %ld bytes)", + new_sock, array_length(&My_ConnArray, + sizeof(CONNECTION)), array_bytes(&My_ConnArray)); + + /* Adjust pointer to new block */ + My_Connections = array_start(&My_ConnArray); + while (Pool_Size <= new_sock) + Init_Conn_Struct(Pool_Size++); } - /* Freie Connection-Struktur suschen */ - for( idx = 0; idx < MAX_CONNECTIONS; idx++ ) if( My_Connections[idx].sock == NONE ) break; - if( idx >= MAX_CONNECTIONS ) - { - Log( LOG_ALERT, "Can't accept connection: limit reached (%d)!", MAX_CONNECTIONS ); - close( new_sock ); - return; + /* register callback */ + if (!io_event_create(new_sock, IO_WANTREAD, cb_clientserver)) { + Log(LOG_ALERT, + "Can't accept connection: io_event_create failed!"); + Simple_Message(new_sock, "ERROR :Internal error"); + close(new_sock); + return -1; } - /* Client-Struktur initialisieren */ - if( ! Client_NewLocal( idx, inet_ntoa( new_addr.sin_addr ), CLIENT_UNKNOWN, FALSE )) - { - Log( LOG_ALERT, "Can't accept connection: can't create client structure!" ); - close( new_sock ); - return; + c = Client_NewLocal(new_sock, NULL, CLIENT_UNKNOWN, false); + if (!c) { + Log(LOG_ALERT, + "Can't accept connection: can't create client structure!"); + Simple_Message(new_sock, "ERROR :Internal error"); + io_close(new_sock); + return -1; } - /* Verbindung registrieren */ - Init_Conn_Struct( idx ); - My_Connections[idx].sock = new_sock; - My_Connections[idx].addr = new_addr; + Init_Conn_Struct(new_sock); + My_Connections[new_sock].sock = new_sock; + My_Connections[new_sock].addr = new_addr; + My_Connections[new_sock].client = c; + + /* Set initial hostname to IP address. This becomes overwritten when + * the DNS lookup is enabled and succeeds, but is used otherwise. */ + if (ng_ipaddr_af(&new_addr) != AF_INET) + snprintf(My_Connections[new_sock].host, + sizeof(My_Connections[new_sock].host), "[%s]", ip_str); + else + strlcpy(My_Connections[new_sock].host, ip_str, + sizeof(My_Connections[new_sock].host)); + + Client_SetHostname(c, My_Connections[new_sock].host); - /* Neuen Socket registrieren */ - FD_SET( new_sock, &My_Sockets ); - if( new_sock > My_Max_Fd ) My_Max_Fd = new_sock; + Log(LOG_INFO, "Accepted connection %d from \"%s:%d\" on socket %d.", + new_sock, My_Connections[new_sock].host, + ng_ipaddr_getport(&new_addr), Sock); + Account_Connection(); - Log( LOG_INFO, "Accepted connection %d from %s:%d on socket %d.", idx, inet_ntoa( new_addr.sin_addr ), ntohs( new_addr.sin_port), Sock ); +#ifdef SSL_SUPPORT + /* Delay connection initalization until SSL handshake is finished */ + if (!IsSSL) +#endif + Conn_StartLogin(new_sock); - /* Hostnamen ermitteln */ - s = ResolveAddr( &new_addr ); - if( s ) - { - /* Sub-Prozess wurde asyncron gestartet */ - My_Connections[idx].res_stat = s; - } - else - { - /* kann Namen nicht aufloesen */ - strcpy( My_Connections[idx].host, inet_ntoa( new_addr.sin_addr )); - } + return new_sock; } /* New_Connection */ -LOCAL CONN_ID Socket2Index( INT Sock ) +/** + * Finish connection initialization, start resolver subprocess. + * + * @param Idx Connection index. + */ +GLOBAL void +Conn_StartLogin(CONN_ID Idx) { - /* zum Socket passende Connection suchen */ + int ident_sock = -1; - CONN_ID idx; + assert(Idx >= 0); - assert( Sock >= 0 ); + /* Nothing to do if DNS (and resolver subprocess) is disabled */ + if (!Conf_DNS) + return; - for( idx = 0; idx < MAX_CONNECTIONS; idx++ ) if( My_Connections[idx].sock == Sock ) break; +#ifdef IDENTAUTH + /* Should we make an IDENT request? */ + if (Conf_Ident) + ident_sock = My_Connections[Idx].sock; +#endif + + if (Conf_NoticeAuth) { + /* Send "NOTICE AUTH" messages to the client */ +#ifdef IDENTAUTH + if (Conf_Ident) + (void)Conn_WriteStr(Idx, + "NOTICE AUTH :*** Looking up your hostname and checking ident"); + else +#endif + (void)Conn_WriteStr(Idx, + "NOTICE AUTH :*** Looking up your hostname"); + (void)Handle_Write(Idx); + } + + Resolve_Addr(&My_Connections[Idx].proc_stat, &My_Connections[Idx].addr, + ident_sock, cb_Read_Resolver_Result); +} - assert( idx < MAX_CONNECTIONS ); - return idx; -} /* Socket2Index */ +/** + * Update global connection counters. + */ +static void +Account_Connection(void) +{ + NumConnections++; + if (NumConnections > NumConnectionsMax) + NumConnectionsMax = NumConnections; + LogDebug("Total number of connections now %lu (max %lu).", + NumConnections, NumConnectionsMax); +} /* Account_Connection */ -LOCAL VOID Read_Request( CONN_ID Idx ) + +/** + * Translate socket handle into connection index. + * + * @param Sock Socket handle. + * @returns Connecion index or NONE, if no connection could be found. + */ +static CONN_ID +Socket2Index( int Sock ) { - /* Daten von Socket einlesen und entsprechend behandeln. - * Tritt ein Fehler auf, so wird der Socket geschlossen. */ + assert( Sock >= 0 ); + + if( Sock >= Pool_Size || My_Connections[Sock].sock != Sock ) { + /* the Connection was already closed again, likely due to + * an error. */ + LogDebug("Socket2Index: can't get connection for socket %d!", Sock); + return NONE; + } + return Sock; +} /* Socket2Index */ - INT len; - assert( Idx >= 0 ); +/** + * Read data from the network to the read buffer. If an error occures, + * the socket of this connection will be shut down. + * + * @param Idx Connection index. + */ +static void +Read_Request( CONN_ID Idx ) +{ + ssize_t len; + static const unsigned int maxbps = COMMAND_LEN / 2; + char readbuf[READBUFFER_LEN]; + time_t t; + CLIENT *c; + assert( Idx > NONE ); assert( My_Connections[Idx].sock > NONE ); - if( READBUFFER_LEN - My_Connections[Idx].rdatalen - 2 < 0 ) +#ifdef ZLIB + if ((array_bytes(&My_Connections[Idx].rbuf) >= READBUFFER_LEN) || + (array_bytes(&My_Connections[Idx].zip.rbuf) >= READBUFFER_LEN)) +#else + if (array_bytes(&My_Connections[Idx].rbuf) >= READBUFFER_LEN) +#endif { - /* Der Lesepuffer ist voll */ - Log( LOG_ERR, "Read buffer overflow (connection %d): %d bytes!", Idx, My_Connections[Idx].rdatalen ); - Conn_Close( Idx, "Read buffer overflow!", NULL, FALSE ); + /* Read buffer is full */ + Log(LOG_ERR, + "Receive buffer space exhausted (connection %d): %d bytes", + Idx, array_bytes(&My_Connections[Idx].rbuf)); + Conn_Close(Idx, "Receive buffer space exhausted", NULL, false); return; } - len = recv( My_Connections[Idx].sock, My_Connections[Idx].rbuf + My_Connections[Idx].rdatalen, READBUFFER_LEN - My_Connections[Idx].rdatalen - 2, 0 ); - - if( len == 0 ) - { - /* Socket wurde geschlossen */ - Log( LOG_INFO, "%s:%d is closing the connection ...", inet_ntoa( My_Connections[Idx].addr.sin_addr ), ntohs( My_Connections[Idx].addr.sin_port)); - Conn_Close( Idx, "Socket closed!", "Client closed connection", FALSE ); +#ifdef SSL_SUPPORT + if (Conn_OPTION_ISSET(&My_Connections[Idx], CONN_SSL)) + len = ConnSSL_Read( &My_Connections[Idx], readbuf, sizeof(readbuf)); + else +#endif + len = read(My_Connections[Idx].sock, readbuf, sizeof(readbuf)); + if (len == 0) { + LogDebug("Client \"%s:%u\" is closing connection %d ...", + My_Connections[Idx].host, + ng_ipaddr_tostr(&My_Connections[Idx].addr), Idx); + Conn_Close(Idx, NULL, "Client closed connection", false); return; } - if( len < 0 ) - { - /* Fehler beim Lesen */ - Log( LOG_ERR, "Read error on connection %d: %s!", Idx, strerror( errno )); - Conn_Close( Idx, "Read error!", "Client closed connection", FALSE ); + if (len < 0) { + if( errno == EAGAIN ) return; + Log(LOG_ERR, "Read error on connection %d (socket %d): %s!", + Idx, My_Connections[Idx].sock, strerror(errno)); + Conn_Close(Idx, "Read error", "Client closed connection", + false); return; } +#ifdef ZLIB + if (Conn_OPTION_ISSET(&My_Connections[Idx], CONN_ZIP)) { + if (!array_catb(&My_Connections[Idx].zip.rbuf, readbuf, + (size_t) len)) { + Log(LOG_ERR, + "Could not append received data to zip input buffer (connection %d): %d bytes!", + Idx, len); + Conn_Close(Idx, "Receive buffer space exhausted", NULL, + false); + return; + } + } else +#endif + { + if (!array_catb( &My_Connections[Idx].rbuf, readbuf, len)) { + Log(LOG_ERR, + "Could not append received data to input buffer (connection %d): %d bytes!", + Idx, len); + Conn_Close(Idx, "Receive buffer space exhausted", NULL, false ); + } + } - /* Lesebuffer updaten */ - My_Connections[Idx].rdatalen += len; - assert( My_Connections[Idx].rdatalen < READBUFFER_LEN ); - My_Connections[Idx].rbuf[My_Connections[Idx].rdatalen] = '\0'; + /* Update connection statistics */ + My_Connections[Idx].bytes_in += len; + My_Connections[Idx].bps += Handle_Buffer(Idx); + + /* Make sure that there is still a valid client registered */ + c = Conn_GetClient(Idx); + if (!c) + return; - /* Timestamp aktualisieren */ - My_Connections[Idx].lastdata = time( NULL ); + /* Update timestamp of last data received if this connection is + * registered as a user, server or service connection. Don't update + * otherwise, so users have at least Conf_PongTimeout seconds time to + * register with the IRC server -- see Check_Connections(). + * Update "lastping", too, if time shifted backwards ... */ + if (Client_Type(c) == CLIENT_USER + || Client_Type(c) == CLIENT_SERVER + || Client_Type(c) == CLIENT_SERVICE) { + t = time(NULL); + if (My_Connections[Idx].lastdata != t) + My_Connections[Idx].bps = 0; + + My_Connections[Idx].lastdata = t; + if (My_Connections[Idx].lastping > t) + My_Connections[Idx].lastping = t; + } - Handle_Buffer( Idx ); + /* Look at the data in the (read-) buffer of this connection */ + if (Client_Type(c) != CLIENT_SERVER + && Client_Type(c) != CLIENT_UNKNOWNSERVER + && Client_Type(c) != CLIENT_SERVICE + && My_Connections[Idx].bps >= maxbps) { + LogDebug("Throttling connection %d: BPS exceeded! (%u >= %u)", + Idx, My_Connections[Idx].bps, maxbps); + Conn_SetPenalty(Idx, 1); + } } /* Read_Request */ -LOCAL VOID Handle_Buffer( CONN_ID Idx ) +/** + * Handle all data in the connection read-buffer. + * + * Data is processed until no complete command is left in the read buffer, + * or MAX_COMMANDS[_SERVER|_SERVICE] commands were processed. + * When a fatal error occurs, the connection is shut down. + * + * @param Idx Index of the connection. + * @returns Number of bytes processed. + */ +static unsigned int +Handle_Buffer(CONN_ID Idx) { - /* Daten im Lese-Puffer einer Verbindung verarbeiten. */ +#ifndef STRICT_RFC + char *ptr1, *ptr2, *first_eol; +#endif + char *ptr; + size_t len, delta; + time_t starttime; +#ifdef ZLIB + bool old_z; +#endif + unsigned int i, maxcmd = MAX_COMMANDS, len_processed = 0; + CLIENT *c; + + c = Conn_GetClient(Idx); + starttime = time(NULL); + + assert(c != NULL); + + /* Servers get special command limits that depend on the user count */ + switch (Client_Type(c)) { + case CLIENT_SERVER: + maxcmd = (int)(Client_UserCount() / 5) + + MAX_COMMANDS_SERVER_MIN; + /* Allow servers to handle even more commands while peering + * to speed up server login and network synchronisation. */ + if (Conn_LastPing(Idx) == 0) + maxcmd *= 5; + break; + case CLIENT_SERVICE: + maxcmd = MAX_COMMANDS_SERVICE; break; + } + + for (i=0; i < maxcmd; i++) { + /* Check penalty */ + if (My_Connections[Idx].delaytime > starttime) + return 0; +#ifdef ZLIB + /* Unpack compressed data, if compression is in use */ + if (Conn_OPTION_ISSET(&My_Connections[Idx], CONN_ZIP)) { + /* When unzipping fails, Unzip_Buffer() shuts + * down the connection itself */ + if (!Unzip_Buffer(Idx)) + return 0; + } +#endif - CHAR *ptr, *ptr1, *ptr2; - INT len, delta; + if (0 == array_bytes(&My_Connections[Idx].rbuf)) + break; + + /* Make sure that the buffer is NULL terminated */ + if (!array_cat0_temporary(&My_Connections[Idx].rbuf)) { + Conn_Close(Idx, NULL, + "Can't allocate memory [Handle_Buffer]", + true); + return 0; + } - /* Eine komplette Anfrage muss mit CR+LF enden, vgl. - * RFC 2812. Haben wir eine? */ - ptr = strstr( My_Connections[Idx].rbuf, "\r\n" ); + /* RFC 2812, section "2.3 Messages", 5th paragraph: + * "IRC messages are always lines of characters terminated + * with a CR-LF (Carriage Return - Line Feed) pair [...]". */ + delta = 2; + ptr = strstr(array_start(&My_Connections[Idx].rbuf), "\r\n"); - if( ptr ) delta = 2; #ifndef STRICT_RFC - else - { - /* Nicht RFC-konforme Anfrage mit nur CR oder LF? Leider - * machen soetwas viele Clients, u.a. "mIRC" :-( */ - ptr1 = strchr( My_Connections[Idx].rbuf, '\r' ); - ptr2 = strchr( My_Connections[Idx].rbuf, '\n' ); - delta = 1; - if( ptr1 && ptr2 ) ptr = ptr1 > ptr2 ? ptr2 : ptr1; - else if( ptr1 ) ptr = ptr1; - else if( ptr2 ) ptr = ptr2; - } + /* Check for non-RFC-compliant request (only CR or LF)? + * Unfortunately, there are quite a few clients out there + * that do this -- e. g. mIRC, BitchX, and Trillian :-( */ + ptr1 = strchr(array_start(&My_Connections[Idx].rbuf), '\r'); + ptr2 = strchr(array_start(&My_Connections[Idx].rbuf), '\n'); + if (ptr) { + /* Check if there is a single CR or LF _before_ the + * corerct CR+LF line terminator: */ + first_eol = ptr1 < ptr2 ? ptr1 : ptr2; + if (first_eol < ptr) { + /* Single CR or LF before CR+LF found */ + ptr = first_eol; + delta = 1; + } + } else if (ptr1 || ptr2) { + /* No CR+LF terminated command found, but single + * CR or LF found ... */ + if (ptr1 && ptr2) + ptr = ptr1 < ptr2 ? ptr1 : ptr2; + else + ptr = ptr1 ? ptr1 : ptr2; + delta = 1; + } #endif - if( ptr ) - { - /* Ende der Anfrage wurde gefunden */ + if (!ptr) + break; + + /* Complete (=line terminated) request found, handle it! */ *ptr = '\0'; - len = ( ptr - My_Connections[Idx].rbuf ) + delta; - if( len > COMMAND_LEN ) - { - /* Eine Anfrage darf(!) nicht laenger als 512 Zeichen - * (incl. CR+LF!) werden; vgl. RFC 2812. Wenn soetwas - * empfangen wird, wird der Client disconnectiert. */ - Log( LOG_ERR, "Request too long (connection %d): %d bytes!", Idx, My_Connections[Idx].rdatalen ); - Conn_Close( Idx, NULL, "Request too long", TRUE ); - return; + + len = ptr - (char *)array_start(&My_Connections[Idx].rbuf) + delta; + + if (len > (COMMAND_LEN - 1)) { + /* Request must not exceed 512 chars (incl. CR+LF!), + * see RFC 2812. Disconnect Client if this happens. */ + Log(LOG_ERR, + "Request too long (connection %d): %d bytes (max. %d expected)!", + Idx, array_bytes(&My_Connections[Idx].rbuf), + COMMAND_LEN - 1); + Conn_Close(Idx, NULL, "Request too long", true); + return 0; } - if( len > delta ) - { - /* Es wurde ein Request gelesen */ - if( ! Parse_Request( Idx, My_Connections[Idx].rbuf )) return; + len_processed += (unsigned int)len; + if (len <= delta) { + /* Request is empty (only '\r\n', '\r' or '\n'); + * delta is 2 ('\r\n') or 1 ('\r' or '\n'), see above */ + array_moveleft(&My_Connections[Idx].rbuf, 1, len); + continue; } +#ifdef ZLIB + /* remember if stream is already compressed */ + old_z = My_Connections[Idx].options & CONN_ZIP; +#endif + + My_Connections[Idx].msg_in++; + if (!Parse_Request + (Idx, (char *)array_start(&My_Connections[Idx].rbuf))) + return 0; /* error -> connection has been closed */ + + array_moveleft(&My_Connections[Idx].rbuf, 1, len); +#ifdef DEBUG_BUFFER + LogDebug("Connection %d: %d bytes left in read buffer.", + Idx, array_bytes(&My_Connections[Idx].rbuf)); +#endif +#ifdef ZLIB + if ((!old_z) && (My_Connections[Idx].options & CONN_ZIP) && + (array_bytes(&My_Connections[Idx].rbuf) > 0)) { + /* The last command activated socket compression. + * Data that was read after that needs to be copied + * to the unzip buffer for decompression: */ + if (!array_copy + (&My_Connections[Idx].zip.rbuf, + &My_Connections[Idx].rbuf)) { + Conn_Close(Idx, NULL, + "Can't allocate memory [Handle_Buffer]", + true); + return 0; + } - /* Puffer anpassen */ - My_Connections[Idx].rdatalen -= len; - memmove( My_Connections[Idx].rbuf, My_Connections[Idx].rbuf + len, My_Connections[Idx].rdatalen ); + array_trunc(&My_Connections[Idx].rbuf); + LogDebug + ("Moved already received data (%u bytes) to uncompression buffer.", + array_bytes(&My_Connections[Idx].zip.rbuf)); + } +#endif } + return len_processed; } /* Handle_Buffer */ -LOCAL VOID Check_Connections( VOID ) +/** + * Check whether established connections are still alive or not. + * If not, play PING-PONG first; and if that doesn't help either, + * disconnect the respective peer. + */ +static void +Check_Connections(void) { - /* Pruefen, ob Verbindungen noch "alive" sind. Ist dies - * nicht der Fall, zunaechst PING-PONG spielen und, wenn - * auch das nicht "hilft", Client disconnectieren. */ - CLIENT *c; - INT i; + CONN_ID i; + char msg[64]; - for( i = 0; i < MAX_CONNECTIONS; i++ ) - { - if( My_Connections[i].sock == NONE ) continue; + for (i = 0; i < Pool_Size; i++) { + if (My_Connections[i].sock < 0) + continue; - c = Client_GetFromConn( i ); - if( c && (( Client_Type( c ) == CLIENT_USER ) || ( Client_Type( c ) == CLIENT_SERVER ) || ( Client_Type( c ) == CLIENT_SERVICE ))) - { - /* verbundener User, Server oder Service */ - if( My_Connections[i].lastping > My_Connections[i].lastdata ) - { - /* es wurde bereits ein PING gesendet */ - if( My_Connections[i].lastping < time( NULL ) - Conf_PongTimeout ) - { + c = Conn_GetClient(i); + if (c && ((Client_Type(c) == CLIENT_USER) + || (Client_Type(c) == CLIENT_SERVER) + || (Client_Type(c) == CLIENT_SERVICE))) { + /* connected User, Server or Service */ + if (My_Connections[i].lastping > + My_Connections[i].lastdata) { + /* We already sent a ping */ + if (My_Connections[i].lastping < + time(NULL) - Conf_PongTimeout) { /* Timeout */ - Log( LOG_DEBUG, "Connection %d: Ping timeout: %d seconds.", i, Conf_PongTimeout ); - Conn_Close( i, NULL, "Ping timeout", TRUE ); + snprintf(msg, sizeof(msg), + "Ping timeout: %d seconds", + Conf_PongTimeout); + LogDebug("Connection %d: %s.", i, msg); + Conn_Close(i, NULL, msg, true); } + } else if (My_Connections[i].lastdata < + time(NULL) - Conf_PingTimeout) { + /* We need to send a PING ... */ + LogDebug("Connection %d: sending PING ...", i); + Conn_UpdatePing(i); + Conn_WriteStr(i, "PING :%s", + Client_ID(Client_ThisServer())); } - else if( My_Connections[i].lastdata < time( NULL ) - Conf_PingTimeout ) - { - /* es muss ein PING gesendet werden */ - Log( LOG_DEBUG, "Connection %d: sending PING ...", i ); - My_Connections[i].lastping = time( NULL ); - Conn_WriteStr( i, "PING :%s", Client_ID( Client_ThisServer( ))); - } - } - else - { - /* noch nicht vollstaendig aufgebaute Verbindung */ - if( My_Connections[i].lastdata < time( NULL ) - Conf_PingTimeout ) - { - /* Timeout */ - Log( LOG_DEBUG, "Connection %d timed out ...", i ); - Conn_Close( i, NULL, "Timeout", FALSE ); + } else { + /* The connection is not fully established yet, so + * we don't do the PING-PONG game here but instead + * disconnect the client after "a short time" if it's + * still not registered. */ + + if (My_Connections[i].lastdata < + time(NULL) - Conf_PongTimeout) { + LogDebug + ("Unregistered connection %d timed out ...", + i); + Conn_Close(i, NULL, "Timeout", false); } } } } /* Check_Connections */ -LOCAL VOID Check_Servers( VOID ) +/** + * Check if further server links should be established. + */ +static void +Check_Servers(void) { - /* Pruefen, ob Server-Verbindungen aufgebaut werden - * muessen bzw. koennen */ - - INT idx, i, n; - RES_STAT *s; - - /* Wenn "Passive-Mode" aktiv: nicht verbinden */ - if( NGIRCd_Passive ) return; - - for( i = 0; i < Conf_Server_Count; i++ ) - { - /* Ist ein Hostname und Port definiert? */ - if(( ! Conf_Server[i].host[0] ) || ( ! Conf_Server[i].port > 0 )) continue; - - /* Haben wir schon eine Verbindung? */ - for( n = 0; n < MAX_CONNECTIONS; n++ ) - { - if( My_Connections[n].sock == NONE ) continue; - - /* Verbindung zu diesem Server? */ - if( My_Connections[n].our_server == i ) - { - /* Komplett aufgebaute Verbindung? */ - if( My_Connections[n].sock > NONE ) break; - - /* IP schon aufgeloest? */ - if( My_Connections[n].res_stat == NULL ) New_Server( i, n ); - } - - /* Verbindung in dieser Server-Gruppe? */ - if(( My_Connections[n].our_server != NONE ) && ( Conf_Server[i].group != NONE )) - { - if( Conf_Server[My_Connections[n].our_server].group == Conf_Server[i].group ) break; + int i, n; + time_t time_now; + + time_now = time(NULL); + + /* Check all configured servers */ + for (i = 0; i < MAX_SERVERS; i++) { + if (Conf_Server[i].conn_id != NONE) + continue; /* Already establishing or connected */ + if (!Conf_Server[i].host[0] || !Conf_Server[i].port > 0) + continue; /* No host and/or port configured */ + if (Conf_Server[i].flags & CONF_SFLAG_DISABLED) + continue; /* Disabled configuration entry */ + if (Conf_Server[i].lasttry > (time_now - Conf_ConnectRetry)) + continue; /* We have to wait a little bit ... */ + + /* Is there already a connection in this group? */ + if (Conf_Server[i].group > NONE) { + for (n = 0; n < MAX_SERVERS; n++) { + if (n == i) + continue; + if ((Conf_Server[n].conn_id != NONE) && + (Conf_Server[n].group == Conf_Server[i].group)) + break; } + if (n < MAX_SERVERS) + continue; } - if( n < MAX_CONNECTIONS ) continue; - - /* Wann war der letzte Connect-Versuch? */ - if( Conf_Server[i].lasttry > time( NULL ) - Conf_ConnectRetry ) continue; - /* Okay, Verbindungsaufbau versuchen */ - Conf_Server[i].lasttry = time( NULL ); - - /* Freie Connection-Struktur suschen */ - for( idx = 0; idx < MAX_CONNECTIONS; idx++ ) if( My_Connections[idx].sock == NONE ) break; - if( idx >= MAX_CONNECTIONS ) - { - Log( LOG_ALERT, "Can't establist server connection: connection limit reached (%d)!", MAX_CONNECTIONS ); - return; - } - Log( LOG_DEBUG, "Preparing connection %d for \"%s\" ...", idx, Conf_Server[i].host ); - - /* Verbindungs-Struktur initialisieren */ - Init_Conn_Struct( idx ); - My_Connections[idx].sock = SERVER_WAIT; - My_Connections[idx].our_server = i; - - /* Hostnamen in IP aufloesen */ - s = ResolveName( Conf_Server[i].host ); - if( s ) - { - /* Sub-Prozess wurde asyncron gestartet */ - My_Connections[idx].res_stat = s; - } - else - { - /* kann Namen nicht aufloesen: Connection-Struktur freigeben */ - Init_Conn_Struct( idx ); - } + /* Okay, try to connect now */ + Log(LOG_NOTICE, + "Preparing to establish a new server link for \"%s\" ...", + Conf_Server[i].name); + Conf_Server[i].lasttry = time_now; + Conf_Server[i].conn_id = SERVER_WAIT; + assert(Proc_GetPipeFd(&Conf_Server[i].res_stat) < 0); + Resolve_Name(&Conf_Server[i].res_stat, Conf_Server[i].host, + cb_Connect_to_Server); } } /* Check_Servers */ -LOCAL VOID New_Server( INT Server, CONN_ID Idx ) +/** + * Establish a new outgoing server connection. + * + * @param Server Configuration index of the server. + * @param dest Destination IP address to connect to. + */ +static void +New_Server( int Server , ng_ipaddr_t *dest) { - /* Neue Server-Verbindung aufbauen */ - - struct sockaddr_in new_addr; - struct in_addr inaddr; - INT new_sock; + /* Establish new server link */ + char ip_str[NG_INET_ADDRSTRLEN]; + int af_dest, res, new_sock; CLIENT *c; - assert( Server >= 0 ); - assert( Idx >= 0 ); + assert( Server > NONE ); - /* Wurde eine gueltige IP-Adresse gefunden? */ - if( ! Conf_Server[Server].ip[0] ) - { - /* Nein. Verbindung wieder freigeben: */ - Init_Conn_Struct( Idx ); - Log( LOG_ERR, "Can't connect to \"%s\" (connection %d): ip address unknown!", Conf_Server[Server].host, Idx ); + /* Make sure that the remote server hasn't re-linked to this server + * asynchronously on its own */ + if (Conf_Server[Server].conn_id > NONE) { + Log(LOG_INFO, + "Connection to \"%s\" meanwhile re-established, aborting preparation."); return; } - Log( LOG_INFO, "Establishing connection to \"%s\", %s, port %d (connection %d) ... ", Conf_Server[Server].host, Conf_Server[Server].ip, Conf_Server[Server].port, Idx ); - - if( inet_aton( Conf_Server[Server].ip, &inaddr ) == 0 ) - { - /* Konnte Adresse nicht konvertieren */ - Init_Conn_Struct( Idx ); - Log( LOG_ERR, "Can't connect to \"%s\" (connection %d): can't convert ip address %s!", Conf_Server[Server].host, Idx, Conf_Server[Server].ip ); + if (!ng_ipaddr_tostr_r(dest, ip_str)) { + Log(LOG_WARNING, "New_Server: Could not convert IP to string"); return; } - memset( &new_addr, 0, sizeof( new_addr )); - new_addr.sin_family = AF_INET; - new_addr.sin_addr = inaddr; - new_addr.sin_port = htons( Conf_Server[Server].port ); + af_dest = ng_ipaddr_af(dest); + new_sock = socket(af_dest, SOCK_STREAM, 0); - new_sock = socket( PF_INET, SOCK_STREAM, 0 ); - if ( new_sock < 0 ) - { - Init_Conn_Struct( Idx ); - Log( LOG_CRIT, "Can't create socket: %s!", strerror( errno )); + Log(LOG_INFO, + "Establishing connection for \"%s\" to \"%s:%d\" (%s), socket %d ...", + Conf_Server[Server].name, Conf_Server[Server].host, + Conf_Server[Server].port, ip_str, new_sock); + + if (new_sock < 0) { + Log(LOG_CRIT, "Can't create socket (af %d): %s!", + af_dest, strerror(errno)); return; } - if( ! Init_Socket( new_sock )) return; + if (!Init_Socket(new_sock)) + return; - connect( new_sock, (struct sockaddr *)&new_addr, sizeof( new_addr )); - if( errno != EINPROGRESS ) + /* is a bind address configured? */ + res = ng_ipaddr_af(&Conf_Server[Server].bind_addr); + /* if yes, bind now. If it fails, warn and let connect() pick a source address */ + if (res && bind(new_sock, (struct sockaddr *) &Conf_Server[Server].bind_addr, + ng_ipaddr_salen(&Conf_Server[Server].bind_addr))) { - - close( new_sock ); - Init_Conn_Struct( Idx ); + ng_ipaddr_tostr_r(&Conf_Server[Server].bind_addr, ip_str); + Log(LOG_WARNING, "Can't bind socket to %s: %s!", ip_str, strerror(errno)); + } + ng_ipaddr_setport(dest, Conf_Server[Server].port); + res = connect(new_sock, (struct sockaddr *) dest, ng_ipaddr_salen(dest)); + if(( res != 0 ) && ( errno != EINPROGRESS )) { Log( LOG_CRIT, "Can't connect socket: %s!", strerror( errno )); + close( new_sock ); return; } - /* Client-Struktur initialisieren */ - c = Client_NewLocal( Idx, inet_ntoa( new_addr.sin_addr ), CLIENT_UNKNOWNSERVER, FALSE ); - if( ! c ) - { + if (!array_alloc(&My_ConnArray, sizeof(CONNECTION), (size_t)new_sock)) { + Log(LOG_ALERT, + "Cannot allocate memory for server connection (socket %d)", + new_sock); close( new_sock ); - Init_Conn_Struct( Idx ); + return; + } + + if (!io_event_create( new_sock, IO_WANTWRITE, cb_connserver)) { + Log(LOG_ALERT, "io_event_create(): could not add fd %d", strerror(errno)); + close(new_sock); + return; + } + + My_Connections = array_start(&My_ConnArray); + + assert(My_Connections[new_sock].sock <= 0); + + Init_Conn_Struct(new_sock); + + ng_ipaddr_tostr_r(dest, ip_str); + c = Client_NewLocal(new_sock, ip_str, CLIENT_UNKNOWNSERVER, false); + if (!c) { Log( LOG_ALERT, "Can't establish connection: can't create client structure!" ); + io_close(new_sock); return; } + + /* Conn_Close() decrements this counter again */ + Account_Connection(); Client_SetIntroducer( c, c ); Client_SetToken( c, TOKEN_OUTBOUND ); - /* Verbindung registrieren */ - My_Connections[Idx].sock = new_sock; - My_Connections[Idx].addr = new_addr; - strcpy( My_Connections[Idx].host, Conf_Server[Server].host ); - - /* Neuen Socket registrieren */ - FD_SET( new_sock, &My_Sockets ); - FD_SET( new_sock, &My_Connects ); - if( new_sock > My_Max_Fd ) My_Max_Fd = new_sock; + /* Register connection */ + if (!Conf_SetServer(Server, new_sock)) + return; + My_Connections[new_sock].sock = new_sock; + My_Connections[new_sock].addr = *dest; + My_Connections[new_sock].client = c; + strlcpy( My_Connections[new_sock].host, Conf_Server[Server].host, + sizeof(My_Connections[new_sock].host )); + +#ifdef SSL_SUPPORT + if (Conf_Server[Server].SSLConnect && !ConnSSL_PrepareConnect( &My_Connections[new_sock], + &Conf_Server[Server] )) + { + Log(LOG_ALERT, "Could not initialize SSL for outgoing connection"); + Conn_Close( new_sock, "Could not initialize SSL for outgoing connection", NULL, false ); + Init_Conn_Struct( new_sock ); + Conf_Server[Server].conn_id = NONE; + return; + } +#endif + LogDebug("Registered new connection %d on socket %d (%ld in total).", + new_sock, My_Connections[new_sock].sock, NumConnections); + Conn_OPTION_ADD( &My_Connections[new_sock], CONN_ISCONNECTING ); } /* New_Server */ -LOCAL VOID Init_Conn_Struct( INT Idx ) +/** + * Initialize connection structure. + * + * @param Idx Connection index. + */ +static void +Init_Conn_Struct(CONN_ID Idx) { - /* Connection-Struktur initialisieren */ - - My_Connections[Idx].sock = NONE; - My_Connections[Idx].res_stat = NULL; - My_Connections[Idx].host[0] = '\0'; - My_Connections[Idx].rbuf[0] = '\0'; - My_Connections[Idx].rdatalen = 0; - My_Connections[Idx].wbuf[0] = '\0'; - My_Connections[Idx].wdatalen = 0; - My_Connections[Idx].our_server = NONE; - My_Connections[Idx].lastdata = time( NULL ); - My_Connections[Idx].lastping = 0; - My_Connections[Idx].lastprivmsg = time( NULL ); + time_t now = time(NULL); + + memset(&My_Connections[Idx], 0, sizeof(CONNECTION)); + My_Connections[Idx].sock = -1; + My_Connections[Idx].signon = now; + My_Connections[Idx].lastdata = now; + My_Connections[Idx].lastprivmsg = now; + Proc_InitStruct(&My_Connections[Idx].proc_stat); + +#ifdef ICONV + My_Connections[Idx].iconv_from = (iconv_t)(-1); + My_Connections[Idx].iconv_to = (iconv_t)(-1); +#endif } /* Init_Conn_Struct */ -LOCAL BOOLEAN Init_Socket( INT Sock ) +/** + * Initialize options of a new socket. + * + * For example, we try to set socket options SO_REUSEADDR and IPTOS_LOWDELAY. + * The socket is automatically closed if a fatal error is encountered. + * + * @param Sock Socket handle. + * @returns false if socket was closed due to fatal error. + */ +static bool +Init_Socket( int Sock ) { - /* Socket-Optionen setzen */ + int value; - INT on = 1; - -#ifdef O_NONBLOCK /* A/UX kennt das nicht? */ - if( fcntl( Sock, F_SETFL, O_NONBLOCK ) != 0 ) - { - Log( LOG_CRIT, "Can't enable non-blocking mode: %s!", strerror( errno )); + if (!io_setnonblock(Sock)) { + Log( LOG_CRIT, "Can't enable non-blocking mode for socket: %s!", strerror( errno )); close( Sock ); - return FALSE; + return false; } -#endif - if( setsockopt( Sock, SOL_SOCKET, SO_REUSEADDR, &on, (socklen_t)sizeof( on )) != 0) + + /* Don't block this port after socket shutdown */ + value = 1; + if( setsockopt( Sock, SOL_SOCKET, SO_REUSEADDR, &value, (socklen_t)sizeof( value )) != 0 ) { - Log( LOG_ERR, "Can't set socket options: %s!", strerror( errno )); - /* dieser Fehler kann ignoriert werden. */ + Log( LOG_ERR, "Can't set socket option SO_REUSEADDR: %s!", strerror( errno )); + /* ignore this error */ } - return TRUE; + /* Set type of service (TOS) */ +#if defined(IPPROTO_IP) && defined(IPTOS_LOWDELAY) + value = IPTOS_LOWDELAY; + if (setsockopt(Sock, IPPROTO_IP, IP_TOS, &value, + (socklen_t) sizeof(value))) { + LogDebug("Can't set socket option IP_TOS: %s!", + strerror(errno)); + /* ignore this error */ + } else + LogDebug("IP_TOS on socket %d has been set to IPTOS_LOWDELAY.", + Sock); +#endif + + return true; } /* Init_Socket */ -LOCAL RES_STAT *ResolveAddr( struct sockaddr_in *Addr ) +/** + * Read results of a resolver sub-process and try to initiate a new server + * connection. + * + * @param fd File descriptor of the pipe to the sub-process. + * @param events (ignored IO specification) + */ +static void +cb_Connect_to_Server(int fd, UNUSED short events) { - /* IP (asyncron!) aufloesen. Bei Fehler, z.B. wenn der - * Child-Prozess nicht erzeugt werden kann, wird NULL geliefert. - * Der Host kann dann nicht aufgeloest werden. */ - - RES_STAT *s; - INT pid; - - /* Speicher anfordern */ - s = malloc( sizeof( RES_STAT )); - if( ! s ) - { - Log( LOG_EMERG, "Resolver: Can't allocate memory!" ); - return NULL; + /* Read result of resolver sub-process from pipe and start connection */ + int i; + size_t len; + ng_ipaddr_t dest_addrs[4]; /* we can handle at most 3; but we read up to + four so we can log the 'more than we can handle' + condition. First result is tried immediately, rest + is saved for later if needed. */ + + LogDebug("Resolver: Got forward lookup callback on fd %d, events %d", fd, events); + + for (i=0; i < MAX_SERVERS; i++) { + if (Proc_GetPipeFd(&Conf_Server[i].res_stat) == fd ) + break; } - /* Pipe fuer Antwort initialisieren */ - if( pipe( s->pipe ) != 0 ) - { - free( s ); - Log( LOG_ALERT, "Resolver: Can't create output pipe: %s!", strerror( errno )); - return NULL; + if( i >= MAX_SERVERS) { + /* Ops, no matching server found?! */ + io_close( fd ); + LogDebug("Resolver: Got Forward Lookup callback for unknown server!?"); + return; } - /* Sub-Prozess erzeugen */ - pid = fork( ); - if( pid > 0 ) - { - /* Haupt-Prozess */ - Log( LOG_DEBUG, "Resolver for %s created (PID %d).", inet_ntoa( Addr->sin_addr ), pid ); - FD_SET( s->pipe[0], &My_Resolvers ); - if( s->pipe[0] > My_Max_Fd ) My_Max_Fd = s->pipe[0]; - s->pid = pid; - return s; - } - else if( pid == 0 ) - { - /* Sub-Prozess */ - Log_Init_Resolver( ); - Do_ResolveAddr( Addr, s->pipe[1] ); - Log_Exit_Resolver( ); - exit( 0 ); - } - else - { - /* Fehler */ - free( s ); - Log( LOG_CRIT, "Resolver: Can't fork: %s!", strerror( errno )); - return NULL; + /* Read result from pipe */ + len = Proc_Read(&Conf_Server[i].res_stat, dest_addrs, sizeof(dest_addrs)); + Proc_Close(&Conf_Server[i].res_stat); + if (len == 0) { + /* Error resolving hostname: reset server structure */ + Conf_Server[i].conn_id = NONE; + return; } -} /* ResolveAddr */ - -LOCAL RES_STAT *ResolveName( CHAR *Host ) -{ - /* Hostnamen (asyncron!) aufloesen. Bei Fehler, z.B. wenn der - * Child-Prozess nicht erzeugt werden kann, wird NULL geliefert. - * Der Host kann dann nicht aufgeloest werden. */ + assert((len % sizeof(ng_ipaddr_t)) == 0); - RES_STAT *s; - INT pid; + LogDebug("Got result from resolver: %u structs (%u bytes).", len/sizeof(ng_ipaddr_t), len); - /* Speicher anfordern */ - s = malloc( sizeof( RES_STAT )); - if( ! s ) - { - Log( LOG_EMERG, "Resolver: Can't allocate memory!" ); - return NULL; + memset(&Conf_Server[i].dst_addr, 0, sizeof(Conf_Server[i].dst_addr)); + if (len > sizeof(ng_ipaddr_t)) { + /* more than one address for this hostname, remember them + * in case first address is unreachable/not available */ + len -= sizeof(ng_ipaddr_t); + if (len > sizeof(Conf_Server[i].dst_addr)) { + len = sizeof(Conf_Server[i].dst_addr); + Log(LOG_NOTICE, + "Notice: Resolver returned more IP Addresses for host than we can handle, additional addresses dropped."); + } + memcpy(&Conf_Server[i].dst_addr, &dest_addrs[1], len); } + /* connect() */ + New_Server(i, dest_addrs); +} /* cb_Read_Forward_Lookup */ - /* Pipe fuer Antwort initialisieren */ - if( pipe( s->pipe ) != 0 ) - { - free( s ); - Log( LOG_ALERT, "Resolver: Can't create output pipe: %s!", strerror( errno )); - return NULL; - } - /* Sub-Prozess erzeugen */ - pid = fork( ); - if( pid > 0 ) - { - /* Haupt-Prozess */ - Log( LOG_DEBUG, "Resolver for \"%s\" created (PID %d).", Host, pid ); - FD_SET( s->pipe[0], &My_Resolvers ); - if( s->pipe[0] > My_Max_Fd ) My_Max_Fd = s->pipe[0]; - s->pid = pid; - return s; - } - else if( pid == 0 ) - { - /* Sub-Prozess */ - Log_Init_Resolver( ); - Do_ResolveName( Host, s->pipe[1] ); - Log_Exit_Resolver( ); - exit( 0 ); - } - else - { - /* Fehler */ - free( s ); - Log( LOG_CRIT, "Resolver: Can't fork: %s!", strerror( errno )); - return NULL; +/** + * Read results of a resolver sub-process from the pipe and update the + * apropriate connection/client structure(s): hostname and/or IDENT user name. + * + * @param r_fd File descriptor of the pipe to the sub-process. + * @param events (ignored IO specification) + */ +static void +cb_Read_Resolver_Result( int r_fd, UNUSED short events ) +{ + CLIENT *c; + CONN_ID i; + size_t len; + char *identptr; +#ifdef IDENTAUTH + char readbuf[HOST_LEN + 2 + CLIENT_USER_LEN]; + char *ptr; +#else + char readbuf[HOST_LEN + 1]; +#endif + + LogDebug("Resolver: Got callback on fd %d, events %d", r_fd, events ); + i = Conn_GetFromProc(r_fd); + if (i == NONE) { + /* Ops, none found? Probably the connection has already + * been closed!? We'll ignore that ... */ + io_close( r_fd ); + LogDebug("Resolver: Got callback for unknown connection!?"); + return; } -} /* ResolveName */ + /* Read result from pipe */ + len = Proc_Read(&My_Connections[i].proc_stat, readbuf, sizeof readbuf -1); + Proc_Close(&My_Connections[i].proc_stat); + if (len == 0) + return; -LOCAL VOID Do_ResolveAddr( struct sockaddr_in *Addr, INT w_fd ) -{ - /* Resolver Sub-Prozess: IP aufloesen und Ergebnis in Pipe schreiben. */ + readbuf[len] = '\0'; + identptr = strchr(readbuf, '\n'); + assert(identptr != NULL); + if (!identptr) { + Log( LOG_CRIT, "Resolver: Got malformed result!"); + return; + } - CHAR hostname[HOST_LEN]; - struct hostent *h; + *identptr = '\0'; + LogDebug("Got result from resolver: \"%s\" (%u bytes read).", readbuf, len); + /* Okay, we got a complete result: this is a host name for outgoing + * connections and a host name and IDENT user name (if enabled) for + * incoming connections.*/ + assert ( My_Connections[i].sock >= 0 ); + /* Incoming connection. Search client ... */ + c = Conn_GetClient( i ); + assert( c != NULL ); + + /* Only update client information of unregistered clients. + * Note: user commands (e. g. WEBIRC) are always read _after_ reading + * the resolver results, so we don't have to worry to override settings + * from these commands here. */ + if(Client_Type(c) == CLIENT_UNKNOWN) { + strlcpy(My_Connections[i].host, readbuf, + sizeof(My_Connections[i].host)); + Client_SetHostname(c, readbuf); + if (Conf_NoticeAuth) + (void)Conn_WriteStr(i, + "NOTICE AUTH :*** Found your hostname: %s", + My_Connections[i].host); +#ifdef IDENTAUTH + ++identptr; + if (*identptr) { + ptr = identptr; + while (*ptr) { + if ((*ptr < '0' || *ptr > '9') && + (*ptr < 'A' || *ptr > 'Z') && + (*ptr < 'a' || *ptr > 'z')) + break; + ptr++; + } + if (*ptr) { + /* Erroneous IDENT reply */ + Log(LOG_NOTICE, + "Got invalid IDENT reply for connection %d! Ignored.", + i); + } else { + Log(LOG_INFO, + "IDENT lookup for connection %d: \"%s\".", + i, identptr); + Client_SetUser(c, identptr, true); + } + if (Conf_NoticeAuth) { + (void)Conn_WriteStr(i, + "NOTICE AUTH :*** Got %sident response%s%s", + *ptr ? "invalid " : "", + *ptr ? "" : ": ", + *ptr ? "" : identptr); + } + } else { + Log(LOG_INFO, "IDENT lookup for connection %d: no result.", i); + if (Conf_NoticeAuth && Conf_Ident) + (void)Conn_WriteStr(i, + "NOTICE AUTH :*** No ident response"); + } +#endif - Log_Resolver( LOG_DEBUG, "Now resolving %s ...", inet_ntoa( Addr->sin_addr )); + if (Conf_NoticeAuth) + (void)Handle_Write(i); - /* Namen aufloesen */ - h = gethostbyaddr( (CHAR *)&Addr->sin_addr, sizeof( Addr->sin_addr ), AF_INET ); - if( h ) strcpy( hostname, h->h_name ); - else - { -#ifdef h_errno - Log_Resolver( LOG_WARNING, "Can't resolve address \"%s\": %s!", inet_ntoa( Addr->sin_addr ), Resolv_Error( h_errno )); -#else - Log_Resolver( LOG_WARNING, "Can't resolve address \"%s\"!", inet_ntoa( Addr->sin_addr )); -#endif - strcpy( hostname, inet_ntoa( Addr->sin_addr )); + Class_HandleServerBans(c); } +#ifdef DEBUG + else Log( LOG_DEBUG, "Resolver: discarding result for already registered connection %d.", i ); +#endif +} /* cb_Read_Resolver_Result */ - /* Antwort an Parent schreiben */ - if( write( w_fd, hostname, strlen( hostname ) + 1 ) != ( strlen( hostname ) + 1 )) - { - Log_Resolver( LOG_CRIT, "Resolver: Can't write to parent: %s!", strerror( errno )); - close( w_fd ); + +/** + * Write a "simple" (error) message to a socket. + * + * The message is sent without using the connection write buffers, without + * compression/encryption, and even without any error reporting. It is + * designed for error messages of e.g. New_Connection(). + * + * @param Sock Socket handle. + * @param Msg Message string to send. + */ +static void +Simple_Message(int Sock, const char *Msg) +{ + char buf[COMMAND_LEN]; + size_t len; + + assert(Sock > NONE); + assert(Msg != NULL); + + strlcpy(buf, Msg, sizeof buf - 2); + len = strlcat(buf, "\r\n", sizeof buf); + if (write(Sock, buf, len) < 0) { + /* Because this function most probably got called to log + * an error message, any write error is ignored here to + * avoid an endless loop. But casting the result of write() + * to "void" doesn't satisfy the GNU C code attribute + * "warn_unused_result" which is used by some versions of + * glibc (e.g. 2.11.1), therefore this silly error + * "handling" code here :-( */ return; } +} /* Simple_Error */ - Log_Resolver( LOG_DEBUG, "Ok, translated %s to \"%s\".", inet_ntoa( Addr->sin_addr ), hostname ); -} /* Do_ResolveAddr */ +/** + * Get CLIENT structure that belongs to a local connection identified by its + * index number. Each connection belongs to a client by definition, so it is + * not required that the caller checks for NULL return values. + * + * @param Idx Connection index number. + * @returns Pointer to CLIENT structure. + */ +GLOBAL CLIENT * +Conn_GetClient( CONN_ID Idx ) +{ + CONNECTION *c; + + assert(Idx >= 0); + c = array_get(&My_ConnArray, sizeof (CONNECTION), (size_t)Idx); + assert(c != NULL); + return c ? c->client : NULL; +} -LOCAL VOID Do_ResolveName( CHAR *Host, INT w_fd ) +/** + * Get PROC_STAT sub-process structure of a connection. + * + * @param Idx Connection index number. + * @returns PROC_STAT structure. + */ +GLOBAL PROC_STAT * +Conn_GetProcStat(CONN_ID Idx) { - /* Resolver Sub-Prozess: Name aufloesen und Ergebnis in Pipe schreiben. */ + CONNECTION *c; - CHAR ip[16]; - struct hostent *h; - struct in_addr *addr; + assert(Idx >= 0); + c = array_get(&My_ConnArray, sizeof (CONNECTION), (size_t)Idx); + assert(c != NULL); + return &c->proc_stat; +} /* Conn_GetProcStat */ - Log_Resolver( LOG_DEBUG, "Now resolving \"%s\" ...", Host ); - /* Namen aufloesen */ - h = gethostbyname( Host ); - if( h ) - { - addr = (struct in_addr *)h->h_addr; - strcpy( ip, inet_ntoa( *addr )); - } - else - { -#ifdef h_errno - Log_Resolver( LOG_WARNING, "Can't resolve \"%s\": %s!", Host, Resolv_Error( h_errno )); -#else - Log_Resolver( LOG_WARNING, "Can't resolve \"%s\"!", Host ); -#endif - strcpy( ip, "" ); - } +/** + * Get CONN_ID from file descriptor associated to a subprocess structure. + * + * @param fd File descriptor. + * @returns CONN_ID or NONE (-1). + */ +GLOBAL CONN_ID +Conn_GetFromProc(int fd) +{ + int i; - /* Antwort an Parent schreiben */ - if( write( w_fd, ip, strlen( ip ) + 1 ) != ( strlen( ip ) + 1 )) - { - Log_Resolver( LOG_CRIT, "Resolver: Can't write to parent: %s!", strerror( errno )); - close( w_fd ); - return; + assert(fd > 0); + for (i = 0; i < Pool_Size; i++) { + if ((My_Connections[i].sock != NONE) + && (Proc_GetPipeFd(&My_Connections[i].proc_stat) == fd)) + return i; } + return NONE; +} /* Conn_GetFromProc */ - if( ip[0] ) Log_Resolver( LOG_DEBUG, "Ok, translated \"%s\" to %s.", Host, ip ); -} /* Do_ResolveName */ +#ifndef STRICT_RFC -LOCAL VOID Read_Resolver_Result( INT r_fd ) +GLOBAL long +Conn_GetAuthPing(CONN_ID Idx) { - /* Ergebnis von Resolver Sub-Prozess aus Pipe lesen - * und entsprechende Connection aktualisieren */ + assert (Idx != NONE); + return My_Connections[Idx].auth_ping; +} /* Conn_GetAuthPing */ - CHAR result[HOST_LEN]; - CLIENT *c; - INT len, i; +GLOBAL void +Conn_SetAuthPing(CONN_ID Idx, long ID) +{ + assert (Idx != NONE); + My_Connections[Idx].auth_ping = ID; +} /* Conn_SetAuthPing */ - FD_CLR( r_fd, &My_Resolvers ); +#endif - /* Anfrage vom Parent lesen */ - len = read( r_fd, result, HOST_LEN); - if( len < 0 ) - { - /* Fehler beim Lesen aus der Pipe */ - close( r_fd ); - Log( LOG_CRIT, "Resolver: Can't read result: %s!", strerror( errno )); - return; - } - result[len] = '\0'; - /* zugehoerige Connection suchen */ - for( i = 0; i < MAX_CONNECTIONS; i++ ) - { - if(( My_Connections[i].sock != NONE ) && ( My_Connections[i].res_stat ) && ( My_Connections[i].res_stat->pipe[0] == r_fd )) break; - } - if( i >= MAX_CONNECTIONS ) - { - /* Opsa! Keine passende Connection gefunden!? Vermutlich - * wurde sie schon wieder geschlossen. */ - close( r_fd ); - Log( LOG_DEBUG, "Resolver: Got result for unknown connection!?" ); - return; - } +#ifdef SSL_SUPPORT + +/** + * Get information about used SSL chiper. + * + * @param Idx Connection index number. + * @param buf Buffer for returned information text. + * @param len Size of return buffer "buf". + * @returns true on success, false otherwise. + */ +GLOBAL bool +Conn_GetCipherInfo(CONN_ID Idx, char *buf, size_t len) +{ + if (Idx < 0) + return false; + assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION))); + return ConnSSL_GetCipherInfo(&My_Connections[Idx], buf, len); +} - /* Aufraeumen */ - close( My_Connections[i].res_stat->pipe[0] ); - close( My_Connections[i].res_stat->pipe[1] ); - free( My_Connections[i].res_stat ); - My_Connections[i].res_stat = NULL; - if( My_Connections[i].sock > NONE ) - { - /* Eingehende Verbindung: Hostnamen setzen */ - c = Client_GetFromConn( i ); - assert( c != NULL ); - strcpy( My_Connections[i].host, result ); - Client_SetHostname( c, result ); - } - else - { - /* Ausgehende Verbindung (=Server): IP setzen */ - assert( My_Connections[i].our_server >= 0 ); - strcpy( Conf_Server[My_Connections[i].our_server].ip, result ); - } -} /* Read_Resolver_Result */ +/** + * Check if a connection is SSL-enabled or not. + * + * @param Idx Connection index number. + * @return true if connection is SSL-enabled, false otherwise. + */ +GLOBAL bool +Conn_UsesSSL(CONN_ID Idx) +{ + if (Idx < 0) + return false; + assert(Idx < (int) array_length(&My_ConnArray, sizeof(CONNECTION))); + return Conn_OPTION_ISSET(&My_Connections[Idx], CONN_SSL); +} +#endif -#ifdef h_errno +#ifdef DEBUG -LOCAL CHAR *Resolv_Error( INT H_Error ) +/** + * Dump internal state of the "connection module". + */ +GLOBAL void +Conn_DebugDump(void) { - /* Fehlerbeschreibung fuer H_Error liefern */ + int i; - switch( H_Error ) - { - case HOST_NOT_FOUND: - return "host not found"; - case NO_DATA: - return "name valid but no IP address defined"; - case NO_RECOVERY: - return "name server error"; - case TRY_AGAIN: - return "name server temporary not available"; - default: - return "unknown error"; - } -} /* Resolv_Error */ + Log(LOG_DEBUG, "Connection status:"); + for (i = 0; i < Pool_Size; i++) { + if (My_Connections[i].sock == NONE) + continue; + Log(LOG_DEBUG, + " - %d: host=%s, lastdata=%ld, lastping=%ld, delaytime=%ld, flag=%d, options=%d, bps=%d, client=%s", + My_Connections[i].sock, My_Connections[i].host, + My_Connections[i].lastdata, My_Connections[i].lastping, + My_Connections[i].delaytime, My_Connections[i].flag, + My_Connections[i].options, My_Connections[i].bps, + My_Connections[i].client ? Client_ID(My_Connections[i].client) : "-"); + } +} /* Conn_DumpClients */ #endif