-/* +------------------------------------+
- * | Inspire Internet Relay Chat Daemon |
- * +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
*
- * InspIRCd: (C) 2002-2008 InspIRCd Development Team
- * See: http://www.inspircd.org/wiki/index.php/Credits
+ * Copyright (C) 2019 Matt Schatz <genius3000@g3k.solutions>
+ * Copyright (C) 2013-2016 Attila Molnar <attilamolnar@hush.com>
+ * Copyright (C) 2013, 2016-2019 Sadie Powell <sadie@witchery.services>
+ * Copyright (C) 2013 Daniel Vassdal <shutter@canternet.org>
+ * Copyright (C) 2013 Adam <Adam@anope.org>
+ * Copyright (C) 2012 Robby <robby@chatbelgie.be>
+ * Copyright (C) 2012 ChrisTX <xpipe@hotmail.de>
+ * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ * Copyright (C) 2009-2010 Craig Edwards <brain@inspircd.org>
+ * Copyright (C) 2009 Uli Schlachter <psychon@inspircd.org>
+ * Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
*
- * This program is free but copyrighted software; see
- * the file COPYING for details.
+ * This file is part of InspIRCd. InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
*
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-/* $Core */
#include "inspircd.h"
-#include "socket.h"
-#include "socketengine.h"
-
+#include "iohook.h"
-/* Private static member data must be initialized in this manner */
-unsigned int ListenSocket::socketcount = 0;
-sockaddr* ListenSocket::sock_us = NULL;
-sockaddr* ListenSocket::client = NULL;
-sockaddr* ListenSocket::raddr = NULL;
+#ifndef _WIN32
+#include <netinet/tcp.h>
+#endif
-ListenSocket::ListenSocket(InspIRCd* Instance, int port, char* addr) : ServerInstance(Instance), desc("plaintext"), bind_addr(addr), bind_port(port)
+ListenSocket::ListenSocket(ConfigTag* tag, const irc::sockets::sockaddrs& bind_to)
+ : bind_tag(tag)
+ , bind_sa(bind_to)
{
- this->SetFd(irc::sockets::OpenTCPSocket(addr));
- if (this->GetFd() > -1)
- {
- if (!Instance->BindSocket(this->fd,port,addr))
- this->fd = -1;
-#ifdef IPV6
- if ((!*addr) || (strchr(addr,':')))
- this->family = AF_INET6;
- else
+ // Are we creating a UNIX socket?
+ if (bind_to.family() == AF_UNIX)
+ {
+ // Is 'replace' enabled?
+ const bool replace = tag->getBool("replace");
+ if (replace && irc::sockets::isunix(bind_to.str()))
+ unlink(bind_to.str().c_str());
+ }
+
+ fd = socket(bind_to.family(), SOCK_STREAM, 0);
+ if (!HasFd())
+ return;
+
+#ifdef IPV6_V6ONLY
+ /* This OS supports IPv6 sockets that can also listen for IPv4
+ * connections. If our address is "*" or empty, enable both v4 and v6 to
+ * allow for simpler configuration on dual-stack hosts. Otherwise, if it
+ * is "::" or an IPv6 address, disable support so that an IPv4 bind will
+ * work on the port (by us or another application).
+ */
+ if (bind_to.family() == AF_INET6)
+ {
+ std::string addr = tag->getString("address");
+ /* This must be >= sizeof(DWORD) on Windows */
+ const int enable = (addr.empty() || addr == "*") ? 0 : 1;
+ /* This must be before bind() */
+ setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, reinterpret_cast<const char *>(&enable), sizeof(enable));
+ // errors ignored intentionally
+ }
+#endif
+
+ if (tag->getBool("free"))
+ {
+ socklen_t enable = 1;
+#if defined IP_FREEBIND // Linux 2.4+
+ setsockopt(fd, SOL_IP, IP_FREEBIND, &enable, sizeof(enable));
+#elif defined IP_BINDANY // FreeBSD
+ setsockopt(fd, IPPROTO_IP, IP_BINDANY, &enable, sizeof(enable));
+#elif defined SO_BINDANY // NetBSD/OpenBSD
+ setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable, sizeof(enable));
+#else
+ (void)enable;
#endif
- this->family = AF_INET;
- Instance->SE->AddFd(this);
}
- /* Saves needless allocations */
- if (socketcount == 0)
+
+ SocketEngine::SetReuse(fd);
+ int rv = SocketEngine::Bind(this->fd, bind_to);
+ if (rv >= 0)
+ rv = SocketEngine::Listen(this->fd, ServerInstance->Config->MaxConn);
+
+ if (bind_to.family() == AF_UNIX)
{
- /* All instances of ListenSocket share these, so reference count it */
- ServerInstance->Logs->Log("SOCKET", DEBUG,"Allocate sockaddr structures");
- sock_us = new sockaddr[2];
- client = new sockaddr[2];
- raddr = new sockaddr[2];
+ const std::string permissionstr = tag->getString("permissions");
+ unsigned int permissions = strtoul(permissionstr.c_str(), NULL, 8);
+ if (permissions && permissions <= 07777)
+ chmod(bind_to.str().c_str(), permissions);
}
- socketcount++;
-}
-ListenSocket::~ListenSocket()
-{
- if (this->GetFd() > -1)
+ // Default defer to on for TLS listeners because in TLS the client always speaks first
+ int timeout = tag->getDuration("defer", (tag->getString("ssl").empty() ? 0 : 3));
+ if (timeout && !rv)
+ {
+#if defined TCP_DEFER_ACCEPT
+ setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &timeout, sizeof(timeout));
+#elif defined SO_ACCEPTFILTER
+ struct accept_filter_arg afa;
+ memset(&afa, 0, sizeof(afa));
+ strcpy(afa.af_name, "dataready");
+ setsockopt(fd, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa));
+#endif
+ }
+
+ if (rv < 0)
{
- ServerInstance->SE->DelFd(this);
- ServerInstance->Logs->Log("SOCKET", DEBUG,"Shut down listener on fd %d", this->fd);
- if (ServerInstance->SE->Shutdown(this, 2) || ServerInstance->SE->Close(this))
- ServerInstance->Logs->Log("SOCKET", DEBUG,"Failed to cancel listener: %s", strerror(errno));
+ int errstore = errno;
+ SocketEngine::Shutdown(this, 2);
+ SocketEngine::Close(this->GetFd());
this->fd = -1;
+ errno = errstore;
}
- socketcount--;
- if (socketcount == 0)
+ else
{
- delete[] sock_us;
- delete[] client;
- delete[] raddr;
+ SocketEngine::NonBlocking(this->fd);
+ SocketEngine::AddFd(this, FD_WANT_POLL_READ | FD_WANT_NO_WRITE);
+
+ this->ResetIOHookProvider();
}
}
-void ListenSocket::HandleEvent(EventType e, int err)
+ListenSocket::~ListenSocket()
{
- switch (e)
- {
- case EVENT_ERROR:
- ServerInstance->Logs->Log("SOCKET",DEFAULT,"ListenSocket::HandleEvent() received a socket engine error event! well shit! '%s'", strerror(err));
- break;
- case EVENT_WRITE:
- ServerInstance->Logs->Log("SOCKET",DEBUG,"*** BUG *** ListenSocket::HandleEvent() got a WRITE event!!!");
- break;
- case EVENT_READ:
+ if (this->HasFd())
+ {
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Shut down listener on fd %d", this->fd);
+ SocketEngine::Shutdown(this, 2);
+
+ if (SocketEngine::Close(this) != 0)
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to cancel listener: %s", strerror(errno));
+
+ if (bind_sa.family() == AF_UNIX && unlink(bind_sa.un.sun_path))
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to unlink UNIX socket: %s", strerror(errno));
+ }
+}
+
+void ListenSocket::OnEventHandlerRead()
+{
+ irc::sockets::sockaddrs client;
+ irc::sockets::sockaddrs server(bind_sa);
+
+ socklen_t length = sizeof(client);
+ int incomingSockfd = SocketEngine::Accept(this, &client.sa, &length);
+
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Accepting connection on socket %s fd %d", bind_sa.str().c_str(), incomingSockfd);
+ if (incomingSockfd < 0)
+ {
+ ServerInstance->stats.Refused++;
+ return;
+ }
+
+ socklen_t sz = sizeof(server);
+ if (getsockname(incomingSockfd, &server.sa, &sz))
+ {
+ ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Can't get peername: %s", strerror(errno));
+ }
+
+ if (client.family() == AF_INET6)
+ {
+ /*
+ * This case is the be all and end all patch to catch and nuke 4in6
+ * instead of special-casing shit all over the place and wreaking merry
+ * havoc with crap, instead, we just recreate sockaddr and strip ::ffff: prefix
+ * if it's a 4in6 IP.
+ *
+ * This is, of course, much improved over the older way of handling this
+ * (pretend it doesn't exist + hack around it -- yes, both were done!)
+ *
+ * Big, big thanks to danieldg for his work on this.
+ * -- w00t
+ */
+ static const unsigned char prefix4in6[12] = { 0,0,0,0, 0,0,0,0, 0,0,0xFF,0xFF };
+ if (!memcmp(prefix4in6, &client.in6.sin6_addr, 12))
{
- ServerInstance->Logs->Log("SOCKET",DEBUG,"HandleEvent for Listensoket");
- socklen_t uslen, length; // length of our port number
- int incomingSockfd, in_port;
-
-#ifdef IPV6
- if (this->family == AF_INET6)
- {
- uslen = sizeof(sockaddr_in6);
- length = sizeof(sockaddr_in6);
- }
- else
-#endif
- {
- uslen = sizeof(sockaddr_in);
- length = sizeof(sockaddr_in);
- }
-
- incomingSockfd = ServerInstance->SE->Accept(this, (sockaddr*)client, &length);
-
- if ((incomingSockfd > -1) && (!ServerInstance->SE->GetSockName(this, sock_us, &uslen)))
- {
- char buf[MAXBUF];
- char target[MAXBUF];
-
- *target = *buf = '\0';
-
-#ifdef IPV6
- if (this->family == AF_INET6)
- {
- in_port = ntohs(((sockaddr_in6*)sock_us)->sin6_port);
- inet_ntop(AF_INET6, &((const sockaddr_in6*)client)->sin6_addr, buf, sizeof(buf));
- socklen_t raddrsz = sizeof(sockaddr_in6);
- if (getsockname(incomingSockfd, (sockaddr*) raddr, &raddrsz) == 0)
- inet_ntop(AF_INET6, &((const sockaddr_in6*)raddr)->sin6_addr, target, sizeof(target));
- else
- ServerInstance->Logs->Log("SOCKET", DEBUG, "Can't get peername: %s", strerror(errno));
- }
- else
-#endif
- {
- inet_ntop(AF_INET, &((const sockaddr_in*)client)->sin_addr, buf, sizeof(buf));
- in_port = ntohs(((sockaddr_in*)sock_us)->sin_port);
- socklen_t raddrsz = sizeof(sockaddr_in);
- if (getsockname(incomingSockfd, (sockaddr*) raddr, &raddrsz) == 0)
- inet_ntop(AF_INET, &((const sockaddr_in*)raddr)->sin_addr, target, sizeof(target));
- else
- ServerInstance->Logs->Log("SOCKET", DEBUG, "Can't get peername: %s", strerror(errno));
- }
- ServerInstance->SE->NonBlocking(incomingSockfd);
- ServerInstance->stats->statsAccept++;
- ServerInstance->Users->AddUser(ServerInstance, incomingSockfd, in_port, false, this->family, client, target);
- }
- else
- {
- ServerInstance->SE->Shutdown(incomingSockfd, 2);
- ServerInstance->SE->Close(incomingSockfd);
- ServerInstance->stats->statsRefused++;
- }
+ // recreate as a sockaddr_in using the IPv4 IP
+ uint16_t sport = client.in6.sin6_port;
+ client.in4.sin_family = AF_INET;
+ client.in4.sin_port = sport;
+ memcpy(&client.in4.sin_addr.s_addr, client.in6.sin6_addr.s6_addr + 12, sizeof(uint32_t));
+
+ sport = server.in6.sin6_port;
+ server.in4.sin_family = AF_INET;
+ server.in4.sin_port = sport;
+ memcpy(&server.in4.sin_addr.s_addr, server.in6.sin6_addr.s6_addr + 12, sizeof(uint32_t));
}
- break;
}
+ else if (client.family() == AF_UNIX)
+ {
+ // Clients connecting via UNIX sockets don't have paths so give them
+ // the server path as defined in RFC 1459 section 8.1.1.
+ //
+ // strcpy is safe here because sizeof(sockaddr_un.sun_path) is equal on both.
+ strcpy(client.un.sun_path, server.un.sun_path);
+ }
+
+ SocketEngine::NonBlocking(incomingSockfd);
+
+ ModResult res;
+ FIRST_MOD_RESULT(OnAcceptConnection, res, (incomingSockfd, this, &client, &server));
+ if (res == MOD_RES_PASSTHRU)
+ {
+ const std::string type = bind_tag->getString("type", "clients", 1);
+ if (stdalgo::string::equalsci(type, "clients"))
+ {
+ ServerInstance->Users->AddUser(incomingSockfd, this, &client, &server);
+ res = MOD_RES_ALLOW;
+ }
+ }
+ if (res == MOD_RES_ALLOW)
+ {
+ ServerInstance->stats.Accept++;
+ }
+ else
+ {
+ ServerInstance->stats.Refused++;
+ ServerInstance->Logs->Log("SOCKET", LOG_DEFAULT, "Refusing connection on %s - %s",
+ bind_sa.str().c_str(), res == MOD_RES_DENY ? "Connection refused by module" : "Module for this port not found");
+ SocketEngine::Close(incomingSockfd);
+ }
+}
+
+void ListenSocket::ResetIOHookProvider()
+{
+ iohookprovs[0].SetProvider(bind_tag->getString("hook"));
+
+ // Check that all non-last hooks support being in the middle
+ for (IOHookProvList::iterator i = iohookprovs.begin(); i != iohookprovs.end()-1; ++i)
+ {
+ IOHookProvRef& curr = *i;
+ // Ignore if cannot be in the middle
+ if ((curr) && (!curr->IsMiddle()))
+ curr.SetProvider(std::string());
+ }
+
+ std::string provname = bind_tag->getString("ssl");
+ if (!provname.empty())
+ provname.insert(0, "ssl/");
+
+ // TLS (SSL) should be the last
+ iohookprovs.back().SetProvider(provname);
}