X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Flistensocket.cpp;h=f14db773a2675a40cd970f28e23476d5653fcd07;hb=e0dc7691c4cff3a38bc12adf10b3709d8c4901ba;hp=cb4bfd2db4a01bd06fa6f177bce17e4b8e4e2ef3;hpb=30fec322809582f91be70cc1bb16c9678180db76;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/listensocket.cpp b/src/listensocket.cpp index cb4bfd2db..f14db773a 100644 --- a/src/listensocket.cpp +++ b/src/listensocket.cpp @@ -1,7 +1,16 @@ /* * InspIRCd -- Internet Relay Chat Daemon * + * Copyright (C) 2019-2020 Matt Schatz + * Copyright (C) 2013-2016 Attila Molnar + * Copyright (C) 2013, 2016-2020 Sadie Powell + * Copyright (C) 2013 Daniel Vassdal + * Copyright (C) 2013 Adam + * Copyright (C) 2012 Robby + * Copyright (C) 2012 ChrisTX * Copyright (C) 2009-2010 Daniel De Graaf + * Copyright (C) 2009-2010 Craig Edwards + * Copyright (C) 2009 Uli Schlachter * Copyright (C) 2008 Robin Burchell * * This file is part of InspIRCd. InspIRCd is free software: you can @@ -19,8 +28,7 @@ #include "inspircd.h" -#include "socket.h" -#include "socketengine.h" +#include "iohook.h" #ifndef _WIN32 #include @@ -28,14 +36,19 @@ ListenSocket::ListenSocket(ConfigTag* tag, const irc::sockets::sockaddrs& bind_to) : bind_tag(tag) - , iohookprov(NULL, std::string()) + , bind_sa(bind_to) { - irc::sockets::satoap(bind_to, bind_addr, bind_port); - bind_desc = bind_to.str(); - - fd = socket(bind_to.sa.sa_family, SOCK_STREAM, 0); + // Are we creating a UNIX socket? + if (bind_to.family() == AF_UNIX) + { + // Is 'replace' enabled? + const bool replace = tag->getBool("replace"); + if (replace && irc::sockets::isunix(bind_to.str())) + unlink(bind_to.str().c_str()); + } - if (this->fd == -1) + fd = socket(bind_to.family(), SOCK_STREAM, 0); + if (!HasFd()) return; #ifdef IPV6_V6ONLY @@ -45,7 +58,7 @@ ListenSocket::ListenSocket(ConfigTag* tag, const irc::sockets::sockaddrs& bind_t * is "::" or an IPv6 address, disable support so that an IPv4 bind will * work on the port (by us or another application). */ - if (bind_to.sa.sa_family == AF_INET6) + if (bind_to.family() == AF_INET6) { std::string addr = tag->getString("address"); /* This must be >= sizeof(DWORD) on Windows */ @@ -56,12 +69,36 @@ ListenSocket::ListenSocket(ConfigTag* tag, const irc::sockets::sockaddrs& bind_t } #endif + if (tag->getBool("free")) + { + socklen_t enable = 1; +#if defined IP_FREEBIND // Linux 2.4+ + setsockopt(fd, SOL_IP, IP_FREEBIND, &enable, sizeof(enable)); +#elif defined IP_BINDANY // FreeBSD + setsockopt(fd, IPPROTO_IP, IP_BINDANY, &enable, sizeof(enable)); +#elif defined SO_BINDANY // NetBSD/OpenBSD + setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable, sizeof(enable)); +#else + (void)enable; +#endif + } + SocketEngine::SetReuse(fd); int rv = SocketEngine::Bind(this->fd, bind_to); if (rv >= 0) rv = SocketEngine::Listen(this->fd, ServerInstance->Config->MaxConn); - int timeout = tag->getInt("defer", 0); + if (bind_to.family() == AF_UNIX) + { + const std::string permissionstr = tag->getString("permissions"); + unsigned int permissions = strtoul(permissionstr.c_str(), NULL, 8); + if (permissions && permissions <= 07777) + chmod(bind_to.str().c_str(), permissions); + } + + // Default defer to on for TLS listeners because in TLS the client always speaks first + unsigned int timeoutdef = tag->getString("sslprofile", tag->getString("ssl")).empty() ? 0 : 3; + int timeout = tag->getDuration("defer", timeoutdef, 0, 60); if (timeout && !rv) { #if defined TCP_DEFER_ACCEPT @@ -93,28 +130,31 @@ ListenSocket::ListenSocket(ConfigTag* tag, const irc::sockets::sockaddrs& bind_t ListenSocket::~ListenSocket() { - if (this->GetFd() > -1) + if (this->HasFd()) { ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Shut down listener on fd %d", this->fd); SocketEngine::Shutdown(this, 2); + if (SocketEngine::Close(this) != 0) ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to cancel listener: %s", strerror(errno)); + + if (bind_sa.family() == AF_UNIX && unlink(bind_sa.un.sun_path)) + ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Failed to unlink UNIX socket: %s", strerror(errno)); } } -/* Just seperated into another func for tidiness really.. */ -void ListenSocket::AcceptInternal() +void ListenSocket::OnEventHandlerRead() { irc::sockets::sockaddrs client; - irc::sockets::sockaddrs server; + irc::sockets::sockaddrs server(bind_sa); socklen_t length = sizeof(client); int incomingSockfd = SocketEngine::Accept(this, &client.sa, &length); - ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "HandleEvent for Listensocket %s nfd=%d", bind_desc.c_str(), incomingSockfd); + ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Accepting connection on socket %s fd %d", bind_sa.str().c_str(), incomingSockfd); if (incomingSockfd < 0) { - ServerInstance->stats->statsRefused++; + ServerInstance->stats.Refused++; return; } @@ -122,10 +162,9 @@ void ListenSocket::AcceptInternal() if (getsockname(incomingSockfd, &server.sa, &sz)) { ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "Can't get peername: %s", strerror(errno)); - irc::sockets::aptosa(bind_addr, bind_port, server); } - if (client.sa.sa_family == AF_INET6) + if (client.family() == AF_INET6) { /* * This case is the be all and end all patch to catch and nuke 4in6 @@ -154,6 +193,14 @@ void ListenSocket::AcceptInternal() memcpy(&server.in4.sin_addr.s_addr, server.in6.sin6_addr.s6_addr + 12, sizeof(uint32_t)); } } + else if (client.family() == AF_UNIX) + { + // Clients connecting via UNIX sockets don't have paths so give them + // the server path as defined in RFC 1459 section 8.1.1. + // + // strcpy is safe here because sizeof(sockaddr_un.sun_path) is equal on both. + strcpy(client.un.sun_path, server.un.sun_path); + } SocketEngine::NonBlocking(incomingSockfd); @@ -161,8 +208,8 @@ void ListenSocket::AcceptInternal() FIRST_MOD_RESULT(OnAcceptConnection, res, (incomingSockfd, this, &client, &server)); if (res == MOD_RES_PASSTHRU) { - std::string type = bind_tag->getString("type", "clients"); - if (type == "clients") + const std::string type = bind_tag->getString("type", "clients", 1); + if (stdalgo::string::equalsci(type, "clients")) { ServerInstance->Users->AddUser(incomingSockfd, this, &client, &server); res = MOD_RES_ALLOW; @@ -170,42 +217,34 @@ void ListenSocket::AcceptInternal() } if (res == MOD_RES_ALLOW) { - ServerInstance->stats->statsAccept++; + ServerInstance->stats.Accept++; } else { - ServerInstance->stats->statsRefused++; + ServerInstance->stats.Refused++; ServerInstance->Logs->Log("SOCKET", LOG_DEFAULT, "Refusing connection on %s - %s", - bind_desc.c_str(), res == MOD_RES_DENY ? "Connection refused by module" : "Module for this port not found"); + bind_sa.str().c_str(), res == MOD_RES_DENY ? "Connection refused by module" : "Module for this port not found"); SocketEngine::Close(incomingSockfd); } } -void ListenSocket::HandleEvent(EventType e, int err) +void ListenSocket::ResetIOHookProvider() { - switch (e) - { - case EVENT_ERROR: - ServerInstance->Logs->Log("SOCKET", LOG_DEFAULT, "ListenSocket::HandleEvent() received a socket engine error event! well shit! '%s'", strerror(err)); - break; - case EVENT_WRITE: - ServerInstance->Logs->Log("SOCKET", LOG_DEBUG, "*** BUG *** ListenSocket::HandleEvent() got a WRITE event!!!"); - break; - case EVENT_READ: - this->AcceptInternal(); - break; + iohookprovs[0].SetProvider(bind_tag->getString("hook")); + + // Check that all non-last hooks support being in the middle + for (IOHookProvList::iterator i = iohookprovs.begin(); i != iohookprovs.end()-1; ++i) + { + IOHookProvRef& curr = *i; + // Ignore if cannot be in the middle + if ((curr) && (!curr->IsMiddle())) + curr.SetProvider(std::string()); } -} -bool ListenSocket::ResetIOHookProvider() -{ - std::string provname = bind_tag->getString("ssl"); + std::string provname = bind_tag->getString("sslprofile", bind_tag->getString("ssl")); if (!provname.empty()) provname.insert(0, "ssl/"); - // Set the new provider name, dynref handles the rest - iohookprov.SetProvider(provname); - - // Return true if no provider was set, or one was set and it was also found - return (provname.empty() || iohookprov); + // TLS (SSL) should be the last + iohookprovs.back().SetProvider(provname); }