X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Flistensocket.cpp;h=f14db773a2675a40cd970f28e23476d5653fcd07;hb=e0dc7691c4cff3a38bc12adf10b3709d8c4901ba;hp=0145f86d8cdf8f520a5d3450bf46551e8a74eff9;hpb=48045988a48a738a1ffa183fdc1e335a431312a8;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/listensocket.cpp b/src/listensocket.cpp index 0145f86d8..f14db773a 100644 --- a/src/listensocket.cpp +++ b/src/listensocket.cpp @@ -1,99 +1,170 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ +/* + * InspIRCd -- Internet Relay Chat Daemon * - * InspIRCd: (C) 2002-2009 InspIRCd Development Team - * See: http://wiki.inspircd.org/Credits + * Copyright (C) 2019-2020 Matt Schatz + * Copyright (C) 2013-2016 Attila Molnar + * Copyright (C) 2013, 2016-2020 Sadie Powell + * Copyright (C) 2013 Daniel Vassdal + * Copyright (C) 2013 Adam + * Copyright (C) 2012 Robby + * Copyright (C) 2012 ChrisTX + * Copyright (C) 2009-2010 Daniel De Graaf + * Copyright (C) 2009-2010 Craig Edwards + * Copyright (C) 2009 Uli Schlachter + * Copyright (C) 2008 Robin Burchell * - * This program is free but copyrighted software; see - * the file COPYING for details. + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. * - * --------------------------------------------------- + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ -/* $Core */ #include "inspircd.h" -#include "socket.h" -#include "socketengine.h" +#include "iohook.h" -/* Private static member data must be declared in this manner */ -irc::sockets::sockaddrs ListenSocketBase::client; -irc::sockets::sockaddrs ListenSocketBase::server; +#ifndef _WIN32 +#include +#endif -ListenSocketBase::ListenSocketBase(InspIRCd* Instance, int port, const std::string &addr) : ServerInstance(Instance), desc("plaintext") +ListenSocket::ListenSocket(ConfigTag* tag, const irc::sockets::sockaddrs& bind_to) + : bind_tag(tag) + , bind_sa(bind_to) { - irc::sockets::sockaddrs bind_to; + // Are we creating a UNIX socket? + if (bind_to.family() == AF_UNIX) + { + // Is 'replace' enabled? + const bool replace = tag->getBool("replace"); + if (replace && irc::sockets::isunix(bind_to.str())) + unlink(bind_to.str().c_str()); + } - bind_addr = addr; - bind_port = port; + fd = socket(bind_to.family(), SOCK_STREAM, 0); + if (!HasFd()) + return; + +#ifdef IPV6_V6ONLY + /* This OS supports IPv6 sockets that can also listen for IPv4 + * connections. If our address is "*" or empty, enable both v4 and v6 to + * allow for simpler configuration on dual-stack hosts. Otherwise, if it + * is "::" or an IPv6 address, disable support so that an IPv4 bind will + * work on the port (by us or another application). + */ + if (bind_to.family() == AF_INET6) + { + std::string addr = tag->getString("address"); + /* This must be >= sizeof(DWORD) on Windows */ + const int enable = (addr.empty() || addr == "*") ? 0 : 1; + /* This must be before bind() */ + setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, reinterpret_cast(&enable), sizeof(enable)); + // errors ignored intentionally + } +#endif + + if (tag->getBool("free")) + { + socklen_t enable = 1; +#if defined IP_FREEBIND // Linux 2.4+ + setsockopt(fd, SOL_IP, IP_FREEBIND, &enable, sizeof(enable)); +#elif defined IP_BINDANY // FreeBSD + setsockopt(fd, IPPROTO_IP, IP_BINDANY, &enable, sizeof(enable)); +#elif defined SO_BINDANY // NetBSD/OpenBSD + setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable, sizeof(enable)); +#else + (void)enable; +#endif + } - // canonicalize address if it is defined - if (!addr.empty() && irc::sockets::aptosa(addr.c_str(), port, &bind_to)) - irc::sockets::satoap(&bind_to, bind_addr, bind_port); + SocketEngine::SetReuse(fd); + int rv = SocketEngine::Bind(this->fd, bind_to); + if (rv >= 0) + rv = SocketEngine::Listen(this->fd, ServerInstance->Config->MaxConn); - this->SetFd(irc::sockets::OpenTCPSocket(bind_addr.c_str())); - if (this->GetFd() > -1) + if (bind_to.family() == AF_UNIX) { - if (!Instance->BindSocket(this->fd,port,bind_addr.c_str())) - this->fd = -1; - Instance->SE->AddFd(this); + const std::string permissionstr = tag->getString("permissions"); + unsigned int permissions = strtoul(permissionstr.c_str(), NULL, 8); + if (permissions && permissions <= 07777) + chmod(bind_to.str().c_str(), permissions); + } + + // Default defer to on for TLS listeners because in TLS the client always speaks first + unsigned int timeoutdef = tag->getString("sslprofile", tag->getString("ssl")).empty() ? 0 : 3; + int timeout = tag->getDuration("defer", timeoutdef, 0, 60); + if (timeout && !rv) + { +#if defined TCP_DEFER_ACCEPT + setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &timeout, sizeof(timeout)); +#elif defined SO_ACCEPTFILTER + struct accept_filter_arg afa; + memset(&afa, 0, sizeof(afa)); + strcpy(afa.af_name, "dataready"); + setsockopt(fd, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa)); +#endif + } + + if (rv < 0) + { + int errstore = errno; + SocketEngine::Shutdown(this, 2); + SocketEngine::Close(this->GetFd()); + this->fd = -1; + errno = errstore; + } + else + { + SocketEngine::NonBlocking(this->fd); + SocketEngine::AddFd(this, FD_WANT_POLL_READ | FD_WANT_NO_WRITE); + + this->ResetIOHookProvider(); } } -ListenSocketBase::~ListenSocketBase() +ListenSocket::~ListenSocket() { - if (this->GetFd() > -1) + if (this->HasFd()) { - ServerInstance->SE->DelFd(this); - ServerInstance->Logs->Log("SOCKET", DEBUG,"Shut down listener on fd %d", this->fd); - if (ServerInstance->SE->Shutdown(this, 2) || ServerInstance->SE->Close(this)) - ServerInstance->Logs->Log("SOCKET", DEBUG,"Failed to cancel listener: %s", strerror(errno)); - this->fd = -1; + ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Shut down listener on fd %d", this->fd); + SocketEngine::Shutdown(this, 2); + + if (SocketEngine::Close(this) != 0) + ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to cancel listener: %s", strerror(errno)); + + if (bind_sa.family() == AF_UNIX && unlink(bind_sa.un.sun_path)) + ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to unlink UNIX socket: %s", strerror(errno)); } } -/* Just seperated into another func for tidiness really.. */ -void ListenSocketBase::AcceptInternal() +void ListenSocket::OnEventHandlerRead() { - ServerInstance->Logs->Log("SOCKET",DEBUG,"HandleEvent for Listensoket"); - int incomingSockfd; + irc::sockets::sockaddrs client; + irc::sockets::sockaddrs server(bind_sa); socklen_t length = sizeof(client); - incomingSockfd = ServerInstance->SE->Accept(this, &client.sa, &length); + int incomingSockfd = SocketEngine::Accept(this, &client.sa, &length); + ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Accepting connection on socket %s fd %d", bind_sa.str().c_str(), incomingSockfd); if (incomingSockfd < 0) { - ServerInstance->SE->Shutdown(incomingSockfd, 2); - ServerInstance->SE->Close(incomingSockfd); - ServerInstance->stats->statsRefused++; + ServerInstance->stats.Refused++; return; } socklen_t sz = sizeof(server); if (getsockname(incomingSockfd, &server.sa, &sz)) - ServerInstance->Logs->Log("SOCKET", DEBUG, "Can't get peername: %s", strerror(errno)); - - /* - * XXX - - * this is done as a safety check to keep the file descriptors within range of fd_ref_table. - * its a pretty big but for the moment valid assumption: - * file descriptors are handed out starting at 0, and are recycled as theyre freed. - * therefore if there is ever an fd over 65535, 65536 clients must be connected to the - * irc server at once (or the irc server otherwise initiating this many connections, files etc) - * which for the time being is a physical impossibility (even the largest networks dont have more - * than about 10,000 users on ONE server!) - */ - if (incomingSockfd >= ServerInstance->SE->GetMaxFds()) { - ServerInstance->Logs->Log("SOCKET", DEBUG, "Server is full"); - ServerInstance->SE->Shutdown(incomingSockfd, 2); - ServerInstance->SE->Close(incomingSockfd); - ServerInstance->stats->statsRefused++; - return; + ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Can't get peername: %s", strerror(errno)); } - if (client.sa.sa_family == AF_INET6) + if (client.family() == AF_INET6) { /* * This case is the be all and end all patch to catch and nuke 4in6 @@ -112,47 +183,68 @@ void ListenSocketBase::AcceptInternal() { // recreate as a sockaddr_in using the IPv4 IP uint16_t sport = client.in6.sin6_port; - uint32_t addr = *reinterpret_cast(client.in6.sin6_addr.s6_addr + 12); client.in4.sin_family = AF_INET; client.in4.sin_port = sport; - client.in4.sin_addr.s_addr = addr; + memcpy(&client.in4.sin_addr.s_addr, client.in6.sin6_addr.s6_addr + 12, sizeof(uint32_t)); sport = server.in6.sin6_port; - addr = *reinterpret_cast(server.in6.sin6_addr.s6_addr + 12); server.in4.sin_family = AF_INET; server.in4.sin_port = sport; - server.in4.sin_addr.s_addr = addr; + memcpy(&server.in4.sin_addr.s_addr, server.in6.sin6_addr.s6_addr + 12, sizeof(uint32_t)); } } + else if (client.family() == AF_UNIX) + { + // Clients connecting via UNIX sockets don't have paths so give them + // the server path as defined in RFC 1459 section 8.1.1. + // + // strcpy is safe here because sizeof(sockaddr_un.sun_path) is equal on both. + strcpy(client.un.sun_path, server.un.sun_path); + } - std::string server_addr; - std::string client_addr; - int dummy_port; - irc::sockets::satoap(&server, server_addr, dummy_port); - irc::sockets::satoap(&client, client_addr, dummy_port); + SocketEngine::NonBlocking(incomingSockfd); - ServerInstance->SE->NonBlocking(incomingSockfd); - ServerInstance->stats->statsAccept++; - this->OnAcceptReady(server_addr, incomingSockfd, client_addr); + ModResult res; + FIRST_MOD_RESULT(OnAcceptConnection, res, (incomingSockfd, this, &client, &server)); + if (res == MOD_RES_PASSTHRU) + { + const std::string type = bind_tag->getString("type", "clients", 1); + if (stdalgo::string::equalsci(type, "clients")) + { + ServerInstance->Users->AddUser(incomingSockfd, this, &client, &server); + res = MOD_RES_ALLOW; + } + } + if (res == MOD_RES_ALLOW) + { + ServerInstance->stats.Accept++; + } + else + { + ServerInstance->stats.Refused++; + ServerInstance->Logs->Log("SOCKET", LOG_DEFAULT, "Refusing connection on %s - %s", + bind_sa.str().c_str(), res == MOD_RES_DENY ? "Connection refused by module" : "Module for this port not found"); + SocketEngine::Close(incomingSockfd); + } } -void ListenSocketBase::HandleEvent(EventType e, int err) +void ListenSocket::ResetIOHookProvider() { - switch (e) - { - case EVENT_ERROR: - ServerInstance->Logs->Log("SOCKET",DEFAULT,"ListenSocket::HandleEvent() received a socket engine error event! well shit! '%s'", strerror(err)); - break; - case EVENT_WRITE: - ServerInstance->Logs->Log("SOCKET",DEBUG,"*** BUG *** ListenSocket::HandleEvent() got a WRITE event!!!"); - break; - case EVENT_READ: - this->AcceptInternal(); - break; + iohookprovs[0].SetProvider(bind_tag->getString("hook")); + + // Check that all non-last hooks support being in the middle + for (IOHookProvList::iterator i = iohookprovs.begin(); i != iohookprovs.end()-1; ++i) + { + IOHookProvRef& curr = *i; + // Ignore if cannot be in the middle + if ((curr) && (!curr->IsMiddle())) + curr.SetProvider(std::string()); } -} -void ClientListenSocket::OnAcceptReady(const std::string &ipconnectedto, int nfd, const std::string &incomingip) -{ - ServerInstance->Users->AddUser(ServerInstance, nfd, bind_port, false, &client.sa, ipconnectedto); + std::string provname = bind_tag->getString("sslprofile", bind_tag->getString("ssl")); + if (!provname.empty()) + provname.insert(0, "ssl/"); + + // TLS (SSL) should be the last + iohookprovs.back().SetProvider(provname); }