X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_haproxy.cpp;h=cf551d5455cf19d385fd705c80401cbfb37d5593;hb=e2b0f3dc9ef4d56c71d7abda13e6139ca092e387;hp=f61a39fddadd72821ea2e73aad5aafb119f43128;hpb=98e90d6d682c9795ab486d730d636d5c6ec1c817;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_haproxy.cpp b/src/modules/m_haproxy.cpp index f61a39fdd..cf551d545 100644 --- a/src/modules/m_haproxy.cpp +++ b/src/modules/m_haproxy.cpp @@ -1,7 +1,9 @@ /* * InspIRCd -- Internet Relay Chat Daemon * - * Copyright (C) 2018 Peter Powell + * Copyright (C) 2019-2020 Matt Schatz + * Copyright (C) 2019 linuxdaemon + * Copyright (C) 2018-2019 Sadie Powell * * This file is part of InspIRCd. InspIRCd is free software: you can * redistribute it and/or modify it under the terms of the GNU General Public @@ -198,16 +200,16 @@ class HAProxyHook : public IOHookMiddle if (!sslapi) return true; - // If the client is not connecting via SSL the rest of this TLV is irrelevant. + // If the client is not connecting via TLS (SSL) the rest of this TLV is irrelevant. std::string& recvq = GetRecvQ(); if ((recvq[start_index] & PP2_CLIENT_SSL) == 0) return true; // Create a fake ssl_cert for the user. Ideally we should use the user's - // SSL client certificate here but as of 2018-10-16 this is not forwarded + // TLS (SSL) client certificate here but as of 2018-10-16 this is not forwarded // by HAProxy. ssl_cert* cert = new ssl_cert; - cert->error = "HAProxy does not forward client SSL certificates"; + cert->error = "HAProxy does not forward client TLS (SSL) certificates"; cert->invalid = true; cert->revoked = true; cert->trusted = false; @@ -219,7 +221,16 @@ class HAProxyHook : public IOHookMiddle return true; } - int ReadProxyAddress(StreamSocket* sock) + int ReadData(std::string& destrecvq) + { + // Once connected we handle no special data. + std::string& recvq = GetRecvQ(); + destrecvq.append(recvq); + recvq.clear(); + return 1; + } + + int ReadProxyAddress(StreamSocket* sock, std::string& destrecvq) { // Block until we have the entire address. std::string& recvq = GetRecvQ(); @@ -261,7 +272,8 @@ class HAProxyHook : public IOHookMiddle break; } - sock->OnSetEndPoint(server, client); + if (!sock->OnSetEndPoint(server, client)) + return -1; // Parse any available TLVs. while (tlv_index < address_length) @@ -275,14 +287,15 @@ class HAProxyHook : public IOHookMiddle // Erase the processed proxy information from the receive queue. recvq.erase(0, address_length); + break; } // We're done! state = HPS_CONNECTED; - return 1; + return ReadData(destrecvq); } - int ReadProxyHeader(StreamSocket* sock) + int ReadProxyHeader(StreamSocket* sock, std::string& destrecvq) { // Block until we have a header. std::string& recvq = GetRecvQ(); @@ -358,12 +371,13 @@ class HAProxyHook : public IOHookMiddle } state = HPS_WAITING_FOR_ADDRESS; - return ReadProxyAddress(sock); + return ReadProxyAddress(sock, destrecvq); } public: HAProxyHook(IOHookProvider* Prov, StreamSocket* sock, UserCertificateAPI& api) : IOHookMiddle(Prov) + , address_length(0) , sslapi(api) , state(HPS_WAITING_FOR_HEADER) { @@ -382,16 +396,13 @@ class HAProxyHook : public IOHookMiddle switch (state) { case HPS_WAITING_FOR_HEADER: - return ReadProxyHeader(sock); + return ReadProxyHeader(sock, destrecvq); case HPS_WAITING_FOR_ADDRESS: - return ReadProxyAddress(sock); + return ReadProxyAddress(sock, destrecvq); case HPS_CONNECTED: - std::string& recvq = GetRecvQ(); - destrecvq.append(recvq); - recvq.clear(); - return 1; + return ReadData(destrecvq); } // We should never reach this point. @@ -422,7 +433,7 @@ class ModuleHAProxy : public Module Version GetVersion() CXX11_OVERRIDE { - return Version("Provides support for the HAProxy PROXY protocol", VF_VENDOR); + return Version("Allows IRC connections to be made using reverse proxies that implement the HAProxy PROXY protocol.", VF_VENDOR); } };