X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsocket.cpp;h=693685428bb3340b219cffe20a15b0dd6e624a6f;hb=eb28eaea35d9d109a0b7b890de9d957d562da675;hp=c4129f67cfeff4316dcca72a19901a4f1a327eb8;hpb=1c86154cab44e718e9b37ccf857b19d5a9fc955b;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/socket.cpp b/src/socket.cpp index c4129f67c..693685428 100644 --- a/src/socket.cpp +++ b/src/socket.cpp @@ -21,59 +21,250 @@ #include "inspstring.h" #include "helperfuncs.h" #include "socketengine.h" +#include "wildcard.h" #include "message.h" extern InspIRCd* ServerInstance; -extern ServerConfig* Config; extern time_t TIME; -extern int openSockfd[MAX_DESCRIPTORS]; -/** This will bind a socket to a port. It works for UDP/TCP. - * If a hostname is given to bind to, the function will first - * attempt to resolve the hostname, then bind to the IP the - * hostname resolves to. This is a blocking lookup blocking for - * a maximum of one second before it times out, using the DNS - * server specified in the configuration file. - */ -bool BindSocket(int sockfd, insp_sockaddr client, insp_sockaddr server, int port, char* addr) +/* Used when comparing CIDR masks for the modulus bits left over. + * A lot of ircd's seem to do this: + * ((-1) << (8 - (mask % 8))) + * But imho, it sucks in comparison to a nice neat lookup table. + */ +const char inverted_bits[8] = { 0x00, /* 00000000 - 0 bits - never actually used */ + 0x80, /* 10000000 - 1 bits */ + 0xC0, /* 11000000 - 2 bits */ + 0xE0, /* 11100000 - 3 bits */ + 0xF0, /* 11110000 - 4 bits */ + 0xF8, /* 11111000 - 5 bits */ + 0xFC, /* 11111100 - 6 bits */ + 0xFE /* 11111110 - 7 bits */ +}; + +/* Match raw bytes using CIDR bit matching, used by higher level MatchCIDR() */ +bool MatchCIDRBits(unsigned char* address, unsigned char* mask, unsigned int mask_bits) { - memset(&server,0,sizeof(server)); - insp_inaddr addy; - bool resolved = false; - char resolved_addr[128]; + unsigned int modulus = mask_bits % 8; /* Number of whole bytes in the mask */ + unsigned int divisor = mask_bits / 8; /* Remaining bits in the mask after whole bytes are dealt with */ - if (*addr == '*') - *addr = 0; + /* First compare the whole bytes, if they dont match, return false */ + if (memcmp(address, mask, divisor)) + return false; + + /* Now if there are any remainder bits, we compare them with logic AND */ + if (modulus) + if ((address[divisor] & inverted_bits[modulus]) != (mask[divisor] & inverted_bits[modulus])) + /* If they dont match, return false */ + return false; + + /* The address matches the mask, to mask_bits bits of mask */ + return true; +} + +/* Match CIDR, but dont attempt to match() against leading *!*@ sections */ +bool MatchCIDR(const char* address, const char* cidr_mask) +{ + return MatchCIDR(address, cidr_mask, false); +} - if (*addr && !inet_aton(addr,&addy)) +/* Match CIDR strings, e.g. 127.0.0.1 to 127.0.0.0/8 or 3ffe:1:5:6::8 to 3ffe:1::0/32 + * If you have a lot of hosts to match, youre probably better off building your mask once + * and then using the lower level MatchCIDRBits directly. + * + * This will also attempt to match any leading usernames or nicknames on the mask, using + * match(), when match_with_username is true. + */ +bool MatchCIDR(const char* address, const char* cidr_mask, bool match_with_username) +{ + unsigned char addr_raw[16]; + unsigned char mask_raw[16]; + unsigned int bits = 0; + char* mask = NULL; + + /* The caller is trying to match ident@/bits. + * Chop off the ident@ portion, use match() on it + * seperately. + */ + if (match_with_username) { - /* If they gave a hostname, bind to the IP it resolves to */ - if (CleanAndResolve(resolved_addr, addr, true)) + /* Duplicate the strings, and try to find the position + * of the @ symbol in each */ + char* address_dupe = strdup(address); + char* cidr_dupe = strdup(cidr_mask); + + /* Use strchr not strrchr, because its going to be nearer to the left */ + char* username_mask_pos = strrchr(cidr_dupe, '@'); + char* username_addr_pos = strrchr(address_dupe, '@'); + + /* Both strings have an @ symbol in them */ + if (username_mask_pos && username_addr_pos) { - inet_aton(resolved_addr,&addy); - log(DEFAULT,"Resolved binding '%s' -> '%s'",addr,resolved_addr); - server.sin_addr = addy; - resolved = true; + /* Zero out the location of the @ symbol */ + *username_mask_pos = *username_addr_pos = 0; + + /* Try and match() the strings before the @ + * symbols, and recursively call MatchCIDR without + * username matching enabled to match the host part. + */ + bool result = (match(address_dupe, cidr_dupe) && MatchCIDR(username_addr_pos + 1, username_mask_pos + 1, false)); + + /* Free the stuff we created */ + free(address_dupe); + free(cidr_dupe); + + /* Return a result */ + return result; } else { - log(DEFAULT,"WARNING: Could not resolve '%s' to an IP for binding to on port %d",addr,port); + /* One or both didnt have an @ in, + * just match as CIDR + */ + free(address_dupe); + free(cidr_dupe); + mask = strdup(cidr_mask); + } + } + else + { + /* Make a copy of the cidr mask string, + * we're going to change it + */ + mask = strdup(cidr_mask); + } + + in_addr address_in4; + in_addr mask_in4; + + + /* Use strrchr for this, its nearer to the right */ + char* bits_chars = strrchr(mask,'/'); + + if (bits_chars) + { + bits = atoi(bits_chars + 1); + *bits_chars = 0; + } + else + { + /* No 'number of bits' field! */ + return false; + } + +#ifdef SUPPORT_IP6LINKS + in6_addr address_in6; + in6_addr mask_in6; + + if (inet_pton(AF_INET6, address, &address_in6) > 0) + { + if (inet_pton(AF_INET6, mask, &mask_in6) > 0) + { + memcpy(&addr_raw, &address_in6.s6_addr, 16); + memcpy(&mask_raw, &mask_in6.s6_addr, 16); + + if (bits > 128) + bits = 128; + } + else + { + /* The address was valid ipv6, but the mask + * that goes with it wasnt. + */ + free(mask); return false; } } - server.sin_family = AF_INET; - if (!resolved) + else +#endif + if (inet_pton(AF_INET, address, &address_in4) > 0) { - if (!*addr) + if (inet_pton(AF_INET, mask, &mask_in4) > 0) { - server.sin_addr.s_addr = htonl(INADDR_ANY); + memcpy(&addr_raw, &address_in4.s_addr, 4); + memcpy(&mask_raw, &mask_in4.s_addr, 4); + + if (bits > 32) + bits = 32; } else { - server.sin_addr = addy; + /* The address was valid ipv4, + * but the mask that went with it wasnt. + */ + free(mask); + return false; } } + else + { + /* The address was neither ipv4 or ipv6 */ + free(mask); + return false; + } + + /* Low-level-match the bits in the raw data */ + free(mask); + return MatchCIDRBits(addr_raw, mask_raw, bits); +} + +inline void Blocking(int s) +{ + int flags = fcntl(s, F_GETFL, 0); + fcntl(s, F_SETFL, flags ^ O_NONBLOCK); +} + +inline void NonBlocking(int s) +{ + int flags = fcntl(s, F_GETFL, 0); + fcntl(s, F_SETFL, flags | O_NONBLOCK); +} + + +/** This will bind a socket to a port. It works for UDP/TCP. + * It can only bind to IP addresses, if you wish to bind to hostnames + * you should first resolve them using class 'Resolver'. + */ +bool BindSocket(int sockfd, insp_sockaddr client, insp_sockaddr server, int port, char* addr) +{ + memset(&server,0,sizeof(server)); + insp_inaddr addy; + + if (*addr == '*') + *addr = 0; + + if ((*addr) && (insp_aton(addr,&addy) < 1)) + { + log(DEBUG,"Invalid IP '%s' given to BindSocket()", addr); + return false;; + } + +#ifdef IPV6 + server.sin6_family = AF_FAMILY; +#else + server.sin_family = AF_FAMILY; +#endif + if (!*addr) + { +#ifdef IPV6 + memcpy(&addy, &server.sin6_addr, sizeof(in6_addr)); +#else + server.sin_addr.s_addr = htonl(INADDR_ANY); +#endif + } + else + { +#ifdef IPV6 + memcpy(&addy, &server.sin6_addr, sizeof(in6_addr)); +#else + server.sin_addr = addy; +#endif + } +#ifdef IPV6 + server.sin6_port = htons(port); +#else server.sin_port = htons(port); +#endif if (bind(sockfd,(struct sockaddr*)&server,sizeof(server)) < 0) { return false; @@ -81,7 +272,7 @@ bool BindSocket(int sockfd, insp_sockaddr client, insp_sockaddr server, int port else { log(DEBUG,"Bound port %s:%d",*addr ? addr : "*",port); - if (listen(sockfd, Config->MaxConn) == -1) + if (listen(sockfd, ServerInstance->Config->MaxConn) == -1) { log(DEFAULT,"ERROR in listen(): %s",strerror(errno)); return false; @@ -102,7 +293,7 @@ int OpenTCPSocket() int on = 1; struct linger linger = { 0 }; - if ((sockfd = socket (AF_INET, SOCK_STREAM, 0)) < 0) + if ((sockfd = socket (AF_FAMILY, SOCK_STREAM, 0)) < 0) { log(DEFAULT,"Error creating TCP socket: %s",strerror(errno)); return (ERROR); @@ -120,7 +311,8 @@ int OpenTCPSocket() bool HasPort(int port, char* addr) { - for (int count = 0; count < ServerInstance->stats->BoundPortCount; count++) + ServerConfig* Config = ServerInstance->Config; + for (unsigned long count = 0; count < ServerInstance->stats->BoundPortCount; count++) { if ((port == Config->ports[count]) && (!strcasecmp(Config->addrs[count],addr))) { @@ -136,6 +328,7 @@ int BindPorts(bool bail) insp_sockaddr client, server; int clientportcount = 0; int BoundPortCount = 0; + ServerConfig* Config = ServerInstance->Config; if (!bail) { @@ -165,20 +358,31 @@ int BindPorts(bool bail) { for (int count = InitialPortCount; count < InitialPortCount + PortCount; count++) { - if ((openSockfd[count] = OpenTCPSocket()) == ERROR) + if ((Config->openSockfd[count] = OpenTCPSocket()) == ERROR) { - log(DEBUG,"Bad fd %d binding port [%s:%d]",openSockfd[count],Config->addrs[count],Config->ports[count]); - return ERROR; - } - if (!BindSocket(openSockfd[count],client,server,Config->ports[count],Config->addrs[count])) - { - log(DEFAULT,"Failed to bind port [%s:%d]: %s",Config->addrs[count],Config->ports[count],strerror(errno)); + log(DEBUG,"Bad fd %d binding port [%s:%d]",Config->openSockfd[count],Config->addrs[count],Config->ports[count]); } else { - /* Associate the new open port with a slot in the socket engine */ - ServerInstance->SE->AddFd(openSockfd[count],true,X_LISTEN); - BoundPortCount++; + if (!BindSocket(Config->openSockfd[count],client,server,Config->ports[count],Config->addrs[count])) + { + log(DEFAULT,"Failed to bind port [%s:%d]: %s",Config->addrs[count],Config->ports[count],strerror(errno)); + } + else + { + /* Associate the new open port with a slot in the socket engine */ + if (Config->openSockfd[count] > -1) + { + if (!ServerInstance->SE->AddFd(Config->openSockfd[count],true,X_LISTEN)) + { + log(DEFAULT,"ERK! Failed to add listening port to socket engine!"); + shutdown(Config->openSockfd[count],2); + close(Config->openSockfd[count]); + } + else + BoundPortCount++; + } + } } } return InitialPortCount + BoundPortCount; @@ -218,30 +422,35 @@ int BindPorts(bool bail) for (int count = 0; count < PortCount; count++) { - if ((openSockfd[BoundPortCount] = OpenTCPSocket()) == ERROR) - { - log(DEBUG,"Bad fd %d binding port [%s:%d]",openSockfd[BoundPortCount],Config->addrs[count],Config->ports[count]); - return ERROR; - } - - if (!BindSocket(openSockfd[BoundPortCount],client,server,Config->ports[count],Config->addrs[count])) + if ((Config->openSockfd[BoundPortCount] = OpenTCPSocket()) == ERROR) { - log(DEFAULT,"Failed to bind port [%s:%d]: %s",Config->addrs[count],Config->ports[count],strerror(errno)); + log(DEBUG,"Bad fd %d binding port [%s:%d]",Config->openSockfd[BoundPortCount],Config->addrs[count],Config->ports[count]); } else { - /* well we at least bound to one socket so we'll continue */ - BoundPortCount++; + if (!BindSocket(Config->openSockfd[BoundPortCount],client,server,Config->ports[count],Config->addrs[count])) + { + log(DEFAULT,"Failed to bind port [%s:%d]: %s",Config->addrs[count],Config->ports[count],strerror(errno)); + } + else + { + /* well we at least bound to one socket so we'll continue */ + BoundPortCount++; + } } } + return BoundPortCount; +} - /* if we didn't bind to anything then abort */ - if (!BoundPortCount) - { - log(DEFAULT,"No ports bound, bailing!"); - printf("\nERROR: Could not bind any of %d ports! Please check your configuration.\n\n", PortCount); - return ERROR; - } +const char* insp_ntoa(insp_inaddr n) +{ + static char buf[1024]; + inet_ntop(AF_FAMILY, &n, buf, sizeof(buf)); + return buf; +} - return BoundPortCount; +int insp_aton(const char* a, insp_inaddr* n) +{ + return inet_pton(AF_FAMILY, a, n); } +