X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_haproxy.cpp;h=cf551d5455cf19d385fd705c80401cbfb37d5593;hb=96befc58f073b4f96771b57d728b16742294c2fe;hp=e92c45686fb006612ac6e4a2ff0e3c4584824559;hpb=ae0ae8ea617a1a3a3d4f89f5a5e470e8aa262c9f;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_haproxy.cpp b/src/modules/m_haproxy.cpp
index e92c45686..cf551d545 100644
--- a/src/modules/m_haproxy.cpp
+++ b/src/modules/m_haproxy.cpp
@@ -1,7 +1,9 @@
 /*
  * InspIRCd -- Internet Relay Chat Daemon
  *
- *   Copyright (C) 2018 Peter Powell <petpow@saberuk.com>
+ *   Copyright (C) 2019-2020 Matt Schatz <genius3000@g3k.solutions>
+ *   Copyright (C) 2019 linuxdaemon <linuxdaemon.irc@gmail.com>
+ *   Copyright (C) 2018-2019 Sadie Powell <sadie@witchery.services>
  *
  * This file is part of InspIRCd.  InspIRCd is free software: you can
  * redistribute it and/or modify it under the terms of the GNU General Public
@@ -198,16 +200,16 @@ class HAProxyHook : public IOHookMiddle
 		if (!sslapi)
 			return true;
 
-		// If the client is not connecting via SSL the rest of this TLV is irrelevant.
+		// If the client is not connecting via TLS (SSL) the rest of this TLV is irrelevant.
 		std::string& recvq = GetRecvQ();
 		if ((recvq[start_index] & PP2_CLIENT_SSL) == 0)
 			return true;
 
 		// Create a fake ssl_cert for the user. Ideally we should use the user's
-		// SSL client certificate here but as of 2018-10-16 this is not forwarded
+		// TLS (SSL) client certificate here but as of 2018-10-16 this is not forwarded
 		// by HAProxy.
 		ssl_cert* cert = new ssl_cert;
-		cert->error = "HAProxy does not forward client SSL certificates";
+		cert->error = "HAProxy does not forward client TLS (SSL) certificates";
 		cert->invalid = true;
 		cert->revoked = true;
 		cert->trusted = false;
@@ -219,7 +221,16 @@ class HAProxyHook : public IOHookMiddle
 		return true;
 	}
 
-	int ReadProxyAddress(StreamSocket* sock)
+	int ReadData(std::string& destrecvq)
+	{
+		// Once connected we handle no special data.
+		std::string& recvq = GetRecvQ();
+		destrecvq.append(recvq);
+		recvq.clear();
+		return 1;
+	}
+
+	int ReadProxyAddress(StreamSocket* sock, std::string& destrecvq)
 	{
 		// Block until we have the entire address.
 		std::string& recvq = GetRecvQ();
@@ -240,7 +251,7 @@ class HAProxyHook : public IOHookMiddle
 				{
 					case AF_INET:
 						memcpy(&client.in4.sin_addr.s_addr, &recvq[0], 4);
-						memcpy(&server.in4.sin_addr.s_addr, &recvq[4], 8);
+						memcpy(&server.in4.sin_addr.s_addr, &recvq[4], 4);
 						memcpy(&client.in4.sin_port, &recvq[8], 2);
 						memcpy(&server.in4.sin_port, &recvq[10], 2);
 						tlv_index = 12;
@@ -256,12 +267,13 @@ class HAProxyHook : public IOHookMiddle
 
 					case AF_UNIX:
 						memcpy(client.un.sun_path, &recvq[0], 108);
-						memcpy(client.un.sun_path, &recvq[108], 108);
+						memcpy(server.un.sun_path, &recvq[108], 108);
 						tlv_index = 216;
 						break;
 				}
 
-				sock->OnSetEndPoint(server, client);
+				if (!sock->OnSetEndPoint(server, client))
+					return -1;
 
 				// Parse any available TLVs.
 				while (tlv_index < address_length)
@@ -275,14 +287,15 @@ class HAProxyHook : public IOHookMiddle
 
 				// Erase the processed proxy information from the receive queue.
 				recvq.erase(0, address_length);
+				break;
 		}
 
 		// We're done!
 		state = HPS_CONNECTED;
-		return 1;
+		return ReadData(destrecvq);
 	}
 
-	int ReadProxyHeader(StreamSocket* sock)
+	int ReadProxyHeader(StreamSocket* sock, std::string& destrecvq)
 	{
 		// Block until we have a header.
 		std::string& recvq = GetRecvQ();
@@ -358,12 +371,13 @@ class HAProxyHook : public IOHookMiddle
 		}
 
 		state = HPS_WAITING_FOR_ADDRESS;
-		return ReadProxyAddress(sock);
+		return ReadProxyAddress(sock, destrecvq);
 	}
 
  public:
 	HAProxyHook(IOHookProvider* Prov, StreamSocket* sock, UserCertificateAPI& api)
 		: IOHookMiddle(Prov)
+		, address_length(0)
 		, sslapi(api)
 		, state(HPS_WAITING_FOR_HEADER)
 	{
@@ -382,16 +396,13 @@ class HAProxyHook : public IOHookMiddle
 		switch (state)
 		{
 			case HPS_WAITING_FOR_HEADER:
-				return ReadProxyHeader(sock);
+				return ReadProxyHeader(sock, destrecvq);
 
 			case HPS_WAITING_FOR_ADDRESS:
-				return ReadProxyAddress(sock);
+				return ReadProxyAddress(sock, destrecvq);
 
 			case HPS_CONNECTED:
-				std::string& recvq = GetRecvQ();
-				destrecvq.append(recvq);
-				recvq.clear();
-				return 1;
+				return ReadData(destrecvq);
 		}
 
 		// We should never reach this point.
@@ -422,7 +433,7 @@ class ModuleHAProxy : public Module
 
 	Version GetVersion() CXX11_OVERRIDE
 	{
-		return Version("Provides support for the HAProxy PROXY protocol", VF_VENDOR);
+		return Version("Allows IRC connections to be made using reverse proxies that implement the HAProxy PROXY protocol.", VF_VENDOR);
 	}
 };