/*
* InspIRCd -- Internet Relay Chat Daemon
*
- * Copyright (C) 2018 Peter Powell <petpow@saberuk.com>
+ * Copyright (C) 2019-2020 Matt Schatz <genius3000@g3k.solutions>
+ * Copyright (C) 2019 linuxdaemon <linuxdaemon.irc@gmail.com>
+ * Copyright (C) 2018-2019 Sadie Powell <sadie@witchery.services>
*
* This file is part of InspIRCd. InspIRCd is free software: you can
* redistribute it and/or modify it under the terms of the GNU General Public
if (!sslapi)
return true;
- // If the client is not connecting via SSL the rest of this TLV is irrelevant.
+ // If the client is not connecting via TLS (SSL) the rest of this TLV is irrelevant.
std::string& recvq = GetRecvQ();
if ((recvq[start_index] & PP2_CLIENT_SSL) == 0)
return true;
// Create a fake ssl_cert for the user. Ideally we should use the user's
- // SSL client certificate here but as of 2018-10-16 this is not forwarded
+ // TLS (SSL) client certificate here but as of 2018-10-16 this is not forwarded
// by HAProxy.
ssl_cert* cert = new ssl_cert;
- cert->error = "HAProxy does not forward client SSL certificates";
+ cert->error = "HAProxy does not forward client TLS (SSL) certificates";
cert->invalid = true;
cert->revoked = true;
cert->trusted = false;
return true;
}
- int ReadProxyAddress(StreamSocket* sock)
+ int ReadData(std::string& destrecvq)
+ {
+ // Once connected we handle no special data.
+ std::string& recvq = GetRecvQ();
+ destrecvq.append(recvq);
+ recvq.clear();
+ return 1;
+ }
+
+ int ReadProxyAddress(StreamSocket* sock, std::string& destrecvq)
{
// Block until we have the entire address.
std::string& recvq = GetRecvQ();
// Erase the processed proxy information from the receive queue.
recvq.erase(0, address_length);
+ break;
}
// We're done!
state = HPS_CONNECTED;
- return 1;
+ return ReadData(destrecvq);
}
- int ReadProxyHeader(StreamSocket* sock)
+ int ReadProxyHeader(StreamSocket* sock, std::string& destrecvq)
{
// Block until we have a header.
std::string& recvq = GetRecvQ();
}
state = HPS_WAITING_FOR_ADDRESS;
- return ReadProxyAddress(sock);
+ return ReadProxyAddress(sock, destrecvq);
}
public:
HAProxyHook(IOHookProvider* Prov, StreamSocket* sock, UserCertificateAPI& api)
: IOHookMiddle(Prov)
+ , address_length(0)
, sslapi(api)
, state(HPS_WAITING_FOR_HEADER)
{
switch (state)
{
case HPS_WAITING_FOR_HEADER:
- return ReadProxyHeader(sock);
+ return ReadProxyHeader(sock, destrecvq);
case HPS_WAITING_FOR_ADDRESS:
- return ReadProxyAddress(sock);
+ return ReadProxyAddress(sock, destrecvq);
case HPS_CONNECTED:
- std::string& recvq = GetRecvQ();
- destrecvq.append(recvq);
- recvq.clear();
- return 1;
+ return ReadData(destrecvq);
}
// We should never reach this point.
Version GetVersion() CXX11_OVERRIDE
{
- return Version("Provides support for the HAProxy PROXY protocol", VF_VENDOR);
+ return Version("Allows IRC connections to be made using reverse proxies that implement the HAProxy PROXY protocol.", VF_VENDOR);
}
};