/*
* kike.c: the experimental IRC daemon
*
* Copyright (c) 2014, Přemysl Janouch
* All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
*/
#define PROGRAM_NAME "kike"
#define PROGRAM_VERSION "alpha"
#include "common.c"
#include
// --- Configuration (application-specific) ------------------------------------
static struct config_item g_config_table[] =
{
{ "server_name", NULL, "Server name" },
{ "motd", NULL, "MOTD filename" },
{ "catalog", NULL, "catgets localization catalog" },
{ "bind_host", NULL, "Address of the IRC server" },
{ "bind_port", "6667", "Port of the IRC server" },
{ "ssl_cert", NULL, "Server SSL certificate (PEM)" },
{ "ssl_key", NULL, "Server SSL private key (PEM)" },
{ "max_connections", NULL, "Maximum client connections" },
{ NULL, NULL, NULL }
};
// --- Signals -----------------------------------------------------------------
static int g_signal_pipe[2]; ///< A pipe used to signal... signals
/// Program termination has been requested by a signal
static volatile sig_atomic_t g_termination_requested;
static void
sigterm_handler (int signum)
{
(void) signum;
g_termination_requested = true;
int original_errno = errno;
if (write (g_signal_pipe[1], "t", 1) == -1)
soft_assert (errno == EAGAIN);
errno = original_errno;
}
static void
setup_signal_handlers (void)
{
if (pipe (g_signal_pipe) == -1)
exit_fatal ("%s: %s", "pipe", strerror (errno));
set_cloexec (g_signal_pipe[0]);
set_cloexec (g_signal_pipe[1]);
// So that the pipe cannot overflow; it would make write() block within
// the signal handler, which is something we really don't want to happen.
// The same holds true for read().
set_blocking (g_signal_pipe[0], false);
set_blocking (g_signal_pipe[1], false);
signal (SIGPIPE, SIG_IGN);
struct sigaction sa;
sa.sa_flags = SA_RESTART;
sigemptyset (&sa.sa_mask);
sa.sa_handler = sigterm_handler;
if (sigaction (SIGINT, &sa, NULL) == -1
|| sigaction (SIGTERM, &sa, NULL) == -1)
exit_fatal ("%s: %s", "sigaction", strerror (errno));
}
// --- IRC token validation ----------------------------------------------------
// Use the enum only if applicable and a simple boolean isn't sufficient.
enum validation_result
{
VALIDATION_OK,
VALIDATION_ERROR_EMPTY,
VALIDATION_ERROR_TOO_LONG,
VALIDATION_ERROR_INVALID
};
// Everything as per RFC 2812
#define IRC_MAX_NICKNAME 9
#define IRC_MAX_HOSTNAME 63
#define IRC_MAX_MESSAGE_LENGTH 510
static bool
irc_regex_match (const char *regex, const char *s)
{
static struct str_map cache;
static bool initialized;
if (!initialized)
{
regex_cache_init (&cache);
initialized = true;
}
struct error *e = NULL;
bool result = regex_cache_match (&cache, regex,
REG_EXTENDED | REG_NOSUB, s, &e);
hard_assert (!e);
return result;
}
static const char *
irc_validate_to_str (enum validation_result result)
{
switch (result)
{
case VALIDATION_OK: return "success";
case VALIDATION_ERROR_EMPTY: return "the value is empty";
case VALIDATION_ERROR_INVALID: return "invalid format";
case VALIDATION_ERROR_TOO_LONG: return "the value is too long";
default: abort ();
}
}
// Anything to keep it as short as possible
#define SN "[0-9A-Za-z][-0-9A-Za-z]*[0-9A-Za-z]*"
#define N4 "[0-9]{1,3}"
#define N6 "[0-9ABCDEFabcdef]{1,}"
#define LE "A-Za-z"
#define SP "][\\\\`_^{|}"
static enum validation_result
irc_validate_hostname (const char *hostname)
{
if (!*hostname)
return VALIDATION_ERROR_EMPTY;
if (!irc_regex_match ("^" SN "(\\." SN ")*$", hostname))
return VALIDATION_ERROR_INVALID;
if (strlen (hostname) > IRC_MAX_HOSTNAME)
return VALIDATION_ERROR_TOO_LONG;
return VALIDATION_OK;
}
static bool
irc_is_valid_hostaddr (const char *hostaddr)
{
if (irc_regex_match ("^" N4 "\\." N4 "\\." N4 "\\." N4 "$", hostaddr)
|| irc_regex_match ("^" N6 ":" N6 ":" N6 ":" N6 ":"
N6 ":" N6 ":" N6 ":" N6 "$", hostaddr)
|| irc_regex_match ("^0:0:0:0:0:(0|[Ff]{4}):"
N4 "\\." N4 "\\." N4 "\\." N4 "$", hostaddr))
return true;
return false;
}
static bool
irc_is_valid_host (const char *host)
{
return irc_validate_hostname (host) == VALIDATION_OK
|| irc_is_valid_hostaddr (host);
}
static bool
irc_is_valid_user (const char *user)
{
return irc_regex_match ("^[^\r\n @]+$", user);
}
static bool
irc_validate_nickname (const char *nickname)
{
if (!*nickname)
return VALIDATION_ERROR_EMPTY;
if (!irc_regex_match ("^[" SP LE "][" SP LE "0-9-]*$", nickname))
return VALIDATION_ERROR_INVALID;
if (strlen (nickname) > IRC_MAX_NICKNAME)
return VALIDATION_ERROR_TOO_LONG;
return VALIDATION_OK;
}
#undef SN
#undef N4
#undef N6
#undef LE
#undef SP
// --- Application data --------------------------------------------------------
#define IRC_SUPPORTED_USER_MODES "aiwros"
enum
{
IRC_USER_MODE_INVISIBLE = (1 << 0),
IRC_USER_MODE_RX_WALLOPS = (1 << 1),
IRC_USER_MODE_RESTRICTED = (1 << 2),
IRC_USER_MODE_OPERATOR = (1 << 3),
IRC_USER_MODE_RX_SERVER_NOTICES = (1 << 4)
};
struct client
{
struct client *next; ///< The next link in a chain
struct client *prev; ///< The previous link in a chain
struct server_context *ctx; ///< Server context
int socket_fd; ///< The TCP socket
struct str read_buffer; ///< Unprocessed input
struct str write_buffer; ///< Output yet to be sent out
unsigned initialized : 1; ///< Has any data been received yet?
unsigned registered : 1; ///< The user has registered
unsigned ssl_rx_want_tx : 1; ///< SSL_read() wants to write
unsigned ssl_tx_want_rx : 1; ///< SSL_write() wants to read
SSL *ssl; ///< SSL connection
char *nickname; ///< IRC nickname (main identifier)
char *username; ///< IRC username
char *realname; ///< IRC realname (e-mail)
char *hostname; ///< Hostname shown to the network
unsigned mode; ///< User's mode
char *away_message; ///< Away message
};
static void
client_init (struct client *self)
{
memset (self, 0, sizeof *self);
self->socket_fd = -1;
str_init (&self->read_buffer);
str_init (&self->write_buffer);
}
static void
client_free (struct client *self)
{
if (!soft_assert (self->socket_fd == -1))
xclose (self->socket_fd);
if (self->ssl)
SSL_free (self->ssl);
str_free (&self->read_buffer);
str_free (&self->write_buffer);
free (self->nickname);
free (self->username);
free (self->realname);
free (self->hostname);
free (self->away_message);
}
static char *
client_get_mode (struct client *self)
{
struct str mode;
str_init (&mode);
if (self->away_message) str_append_c (&mode, 'a');
unsigned m = self->mode;
if (m & IRC_USER_MODE_INVISIBLE) str_append_c (&mode, 'i');
if (m & IRC_USER_MODE_RX_WALLOPS) str_append_c (&mode, 'w');
if (m & IRC_USER_MODE_RESTRICTED) str_append_c (&mode, 'r');
if (m & IRC_USER_MODE_OPERATOR) str_append_c (&mode, 'o');
if (m & IRC_USER_MODE_RX_SERVER_NOTICES) str_append_c (&mode, 's');
if (mode.len)
return str_steal (&mode);
str_free (&mode);
return NULL;
}
#define IRC_SUPPORTED_CHAN_MODES "ov" "imnqpst" "kl"
enum
{
IRC_CHAN_MODE_INVITE_ONLY = (1 << 0),
IRC_CHAN_MODE_MODERATED = (1 << 1),
IRC_CHAN_MODE_NO_OUTSIDE_MSGS = (1 << 2),
IRC_CHAN_MODE_QUIET = (1 << 3),
IRC_CHAN_MODE_PRIVATE = (1 << 4),
IRC_CHAN_MODE_SECRET = (1 << 5),
IRC_CHAN_MODE_PROTECTED_TOPIC = (1 << 6),
IRC_CHAN_MODE_OPERATOR = (1 << 7),
IRC_CHAN_MODE_VOICE = (1 << 8)
};
struct channel_user
{
struct channel_user *prev;
struct channel_user *next;
unsigned modes;
char nickname[];
};
struct channel
{
struct server_context *ctx; ///< Server context
char *name; ///< Channel name
unsigned modes; ///< Channel modes
char *key; ///< Channel key
long user_limit; ///< User limit or -1
struct channel_user *users; ///< Channel users
struct str_vector ban_list; ///< Ban list
struct str_vector exception_list; ///< Exceptions from bans
struct str_vector invite_list; ///< Exceptions from +I
};
static void
channel_init (struct channel *self)
{
memset (self, 0, sizeof *self);
str_vector_init (&self->ban_list);
str_vector_init (&self->exception_list);
str_vector_init (&self->invite_list);
}
static void
channel_free (struct channel *self)
{
free (self->name);
free (self->key);
struct channel_user *link, *tmp;
for (link = self->users; link; link = tmp)
{
tmp = link->next;
free (link);
}
str_vector_free (&self->ban_list);
str_vector_free (&self->exception_list);
str_vector_free (&self->invite_list);
}
struct server_context
{
struct str_map config; ///< Server configuration
int listen_fd; ///< Listening socket FD
struct client *clients; ///< Clients
SSL_CTX *ssl_ctx; ///< SSL context
char *server_name; ///< Our server name
struct str_map users; ///< Maps nicknames to clients
struct str_map channels; ///< Maps channel names to data
struct str_map handlers; ///< Message handlers
struct poller poller; ///< Manages polled description
bool quitting; ///< User requested quitting
bool polling; ///< The event loop is running
struct str_vector motd; ///< MOTD (none if empty)
nl_catd catalog; ///< Message catalog for server msgs
};
static void
server_context_init (struct server_context *self)
{
str_map_init (&self->config);
self->config.free = free;
load_config_defaults (&self->config, g_config_table);
self->listen_fd = -1;
self->clients = NULL;
self->server_name = NULL;
str_map_init (&self->users);
self->users.key_xfrm = irc_strxfrm;
// TODO: set channel_free() as the free function?
str_map_init (&self->channels);
self->channels.key_xfrm = irc_strxfrm;
str_map_init (&self->handlers);
self->handlers.key_xfrm = irc_strxfrm;
poller_init (&self->poller);
self->quitting = false;
self->polling = false;
str_vector_init (&self->motd);
self->catalog = (nl_catd) -1;
}
static void
server_context_free (struct server_context *self)
{
str_map_free (&self->config);
if (self->listen_fd != -1)
xclose (self->listen_fd);
if (self->ssl_ctx)
SSL_CTX_free (self->ssl_ctx);
// TODO: terminate the connections properly before this is called
struct client *link, *tmp;
for (link = self->clients; link; link = tmp)
{
tmp = link->next;
client_free (link);
free (link);
}
free (self->server_name);
str_map_free (&self->users);
str_map_free (&self->channels);
str_map_free (&self->handlers);
poller_free (&self->poller);
str_vector_free (&self->motd);
if (self->catalog != (nl_catd) -1)
catclose (self->catalog);
}
// --- Main program ------------------------------------------------------------
static void
client_kill (struct client *c, const char *reason)
{
// TODO: multicast a QUIT message with `reason' || "Client exited"
(void) reason;
// TODO: do further cleanup if the client has successfully registered etc.
struct server_context *ctx = c->ctx;
ssize_t i = poller_find_by_fd (&ctx->poller, c->socket_fd);
if (i != -1)
poller_remove_at_index (&ctx->poller, i);
xclose (c->socket_fd);
c->socket_fd = -1;
client_free (c);
LIST_UNLINK (ctx->clients, c);
free (c);
}
static void
irc_send_str (struct client *c, const struct str *s)
{
// TODO: kill the connection above some "SendQ" threshold (careful!)
str_append_data (&c->write_buffer, s->str,
s->len > IRC_MAX_MESSAGE_LENGTH ? IRC_MAX_MESSAGE_LENGTH : s->len);
str_append (&c->write_buffer, "\r\n");
}
static void irc_send (struct client *c,
const char *format, ...) ATTRIBUTE_PRINTF (2, 3);
static void
irc_send (struct client *c, const char *format, ...)
{
struct str tmp;
str_init (&tmp);
va_list ap;
va_start (ap, format);
str_append_vprintf (&tmp, format, ap);
va_end (ap);
irc_send_str (c, &tmp);
str_free (&tmp);
}
static const char *
irc_get_text (struct server_context *ctx, int id, const char *def)
{
if (!soft_assert (def != NULL))
def = "";
if (ctx->catalog == (nl_catd) -1)
return def;
return catgets (ctx->catalog, 1, id, def);
}
// --- IRC command handling ----------------------------------------------------
enum
{
IRC_RPL_WELCOME = 1,
IRC_RPL_YOURHOST = 2,
IRC_RPL_CREATED = 3,
IRC_RPL_MYINFO = 4,
IRC_RPL_MOTD = 372,
IRC_RPL_MOTDSTART = 375,
IRC_RPL_ENDOFMOTD = 376,
IRC_ERR_NOORIGIN = 409,
IRC_ERR_UNKNOWNCOMMAND = 421,
IRC_ERR_NOMOTD = 422,
IRC_ERR_NONICKNAMEGIVEN = 431,
IRC_ERR_ERRONEOUSNICKNAME = 432,
IRC_ERR_NICKNAMEINUSE = 433,
IRC_ERR_NOTREGISTERED = 451,
IRC_ERR_NEEDMOREPARAMS = 461,
IRC_ERR_ALREADYREGISTERED = 462
};
static const char *g_default_replies[] =
{
[IRC_RPL_WELCOME] = ":Welcome to the Internet Relay Network %s!%s@%s",
[IRC_RPL_YOURHOST] = ":Your host is %s, running version %s",
[IRC_RPL_CREATED] = ":This server was created %s",
[IRC_RPL_MYINFO] = "%s %s %s %s",
[IRC_RPL_MOTD] = ":- %s",
[IRC_RPL_MOTDSTART] = ":- %s Message of the day - ",
[IRC_RPL_ENDOFMOTD] = ":End of MOTD command",
[IRC_ERR_NOORIGIN] = ":No origin specified",
[IRC_ERR_UNKNOWNCOMMAND] = "%s: Unknown command",
[IRC_ERR_NOMOTD] = ":MOTD File is missing",
[IRC_ERR_NONICKNAMEGIVEN] = ":No nickname given",
[IRC_ERR_ERRONEOUSNICKNAME] = "%s :Erroneous nickname",
[IRC_ERR_NICKNAMEINUSE] = "%s :Nickname is already in use",
[IRC_ERR_NOTREGISTERED] = "%s :You have not registered",
[IRC_ERR_NEEDMOREPARAMS] = "%s :Not enough parameters",
[IRC_ERR_ALREADYREGISTERED] = ":Unauthorized command (already registered)",
};
// XXX: this way we cannot typecheck the arguments, so we must be careful
static void
irc_send_reply (struct client *c, int id, ...)
{
struct str tmp;
str_init (&tmp);
va_list ap;
va_start (ap, id);
str_append_printf (&tmp, ":%s %03d %s ",
c->ctx->server_name, id, c->nickname ? c->nickname : "");
str_append_vprintf (&tmp,
irc_get_text (c->ctx, id, g_default_replies[id]), ap);
va_end (ap);
irc_send_str (c, &tmp);
str_free (&tmp);
}
static void
irc_send_motd (struct client *c)
{
struct server_context *ctx = c->ctx;
if (!ctx->motd.len)
{
irc_send_reply (c, IRC_ERR_NOMOTD);
return;
}
irc_send_reply (c, IRC_RPL_MOTDSTART, ctx->server_name);
for (size_t i = 0; i < ctx->motd.len; i++)
irc_send_reply (c, IRC_RPL_MOTD, ctx->motd.vector[i]);
irc_send_reply (c, IRC_RPL_ENDOFMOTD);
}
static void
irc_try_finish_registration (struct client *c)
{
struct server_context *ctx = c->ctx;
if (!c->nickname || !c->username || !c->realname)
return;
c->registered = true;
irc_send_reply (c, IRC_RPL_WELCOME, c->nickname, c->username, c->hostname);
irc_send_reply (c, IRC_RPL_YOURHOST, ctx->server_name, PROGRAM_VERSION);
// The purpose of this message eludes me
irc_send_reply (c, IRC_RPL_CREATED, __DATE__);
irc_send_reply (c, IRC_RPL_MYINFO, ctx->server_name, PROGRAM_VERSION,
IRC_SUPPORTED_USER_MODES, IRC_SUPPORTED_CHAN_MODES);
// Although not strictly required, bots often need this to work
irc_send_motd (c);
char *mode = client_get_mode (c);
if (mode)
irc_send (c, ":%s MODE %s :+%s", c->nickname, c->nickname, mode);
free (mode);
}
static void
irc_handle_pass (const struct irc_message *msg, struct client *c)
{
if (c->registered)
irc_send_reply (c, IRC_ERR_ALREADYREGISTERED);
else if (msg->params.len < 1)
irc_send_reply (c, IRC_ERR_NEEDMOREPARAMS, msg->command);
// We have SSL client certificates for this purpose; ignoring
}
static void
irc_handle_nick (const struct irc_message *msg, struct client *c)
{
struct server_context *ctx = c->ctx;
if (c->registered)
{
irc_send_reply (c, IRC_ERR_ALREADYREGISTERED);
return;
}
if (msg->params.len < 1)
{
irc_send_reply (c, IRC_ERR_NONICKNAMEGIVEN);
return;
}
const char *nickname = msg->params.vector[0];
if (irc_validate_nickname (nickname) != VALIDATION_OK)
{
irc_send_reply (c, IRC_ERR_ERRONEOUSNICKNAME, nickname);
return;
}
if (c->nickname)
{
str_map_set (&ctx->users, c->nickname, NULL);
free (c->nickname);
}
if (str_map_find (&ctx->users, nickname))
{
irc_send_reply (c, IRC_ERR_NICKNAMEINUSE, nickname);
return;
}
// Allocate the nickname
c->nickname = xstrdup (nickname);
str_map_set (&ctx->users, nickname, c);
irc_try_finish_registration (c);
}
static void
irc_handle_user (const struct irc_message *msg, struct client *c)
{
if (c->registered)
{
irc_send_reply (c, IRC_ERR_ALREADYREGISTERED);
return;
}
if (msg->params.len < 4)
{
irc_send_reply (c, IRC_ERR_NEEDMOREPARAMS, msg->command);
return;
}
const char *username = msg->params.vector[0];
const char *mode = msg->params.vector[1];
const char *realname = msg->params.vector[3];
// Unfortunately the protocol doesn't give us any means of rejecting it
if (!irc_is_valid_user (username))
username = "xxx";
free (c->username);
c->username = xstrdup (username);
free (c->realname);
c->realname = xstrdup (realname);
unsigned long m;
if (xstrtoul (&m, mode, 10))
{
if (m & 4) c->mode |= IRC_USER_MODE_RX_WALLOPS;
if (m & 8) c->mode |= IRC_USER_MODE_INVISIBLE;
}
irc_try_finish_registration (c);
}
static void
irc_handle_ping (const struct irc_message *msg, struct client *c)
{
// XXX: the RFC is pretty incomprehensible about the exact usage
if (msg->params.len < 1)
irc_send_reply (c, IRC_ERR_NOORIGIN);
else
irc_send (c, ":%s PONG :%s",
c->ctx->server_name, msg->params.vector[0]);
}
// -----------------------------------------------------------------------------
struct irc_command
{
const char *name;
bool requires_registration;
void (*handler) (const struct irc_message *, struct client *);
};
static void
irc_register_handlers (struct server_context *ctx)
{
static const struct irc_command message_handlers[] =
{
{ "PASS", false, irc_handle_pass },
{ "NICK", false, irc_handle_nick },
{ "USER", false, irc_handle_user },
{ "PING", true, irc_handle_ping }
};
for (size_t i = 0; i < N_ELEMENTS (message_handlers); i++)
{
const struct irc_command *cmd = &message_handlers[i];
str_map_set (&ctx->handlers, cmd->name, (void *) cmd);
}
}
static void
irc_process_message (const struct irc_message *msg,
const char *raw, void *user_data)
{
(void) raw;
// XXX: we may want to discard everything following a QUIT etc.
// We can set a flag within the client object.
// TODO: see RFC 2812 :!
struct client *c = user_data;
struct irc_command *cmd = str_map_find (&c->ctx->handlers, msg->command);
if (!cmd)
irc_send_reply (c, IRC_ERR_UNKNOWNCOMMAND, msg->command);
else if (cmd->requires_registration && !c->registered)
irc_send_reply (c, IRC_ERR_NOTREGISTERED);
else
cmd->handler (msg, c);
}
// --- Network I/O -------------------------------------------------------------
static bool
irc_try_read (struct client *c)
{
struct str *buf = &c->read_buffer;
ssize_t n_read;
while (true)
{
str_ensure_space (buf, 512);
n_read = recv (c->socket_fd, buf->str + buf->len,
buf->alloc - buf->len - 1 /* null byte */, 0);
if (n_read > 0)
{
buf->str[buf->len += n_read] = '\0';
// TODO: discard characters above the 512 character limit
irc_process_buffer (buf, irc_process_message, c);
continue;
}
if (n_read == 0)
{
client_kill (c, NULL);
return false;
}
if (errno == EAGAIN)
return true;
if (errno == EINTR)
continue;
print_debug ("%s: %s: %s", __func__, "recv", strerror (errno));
client_kill (c, strerror (errno));
return false;
}
}
static bool
irc_try_read_ssl (struct client *c)
{
if (c->ssl_tx_want_rx)
return true;
struct str *buf = &c->read_buffer;
c->ssl_rx_want_tx = false;
while (true)
{
str_ensure_space (buf, 512);
int n_read = SSL_read (c->ssl, buf->str + buf->len,
buf->alloc - buf->len - 1 /* null byte */);
const char *error_info = NULL;
switch (xssl_get_error (c->ssl, n_read, &error_info))
{
case SSL_ERROR_NONE:
buf->str[buf->len += n_read] = '\0';
// TODO: discard characters above the 512 character limit
irc_process_buffer (buf, irc_process_message, c);
continue;
case SSL_ERROR_ZERO_RETURN:
client_kill (c, NULL);
return false;
case SSL_ERROR_WANT_READ:
return true;
case SSL_ERROR_WANT_WRITE:
c->ssl_rx_want_tx = true;
return true;
case XSSL_ERROR_TRY_AGAIN:
continue;
default:
print_debug ("%s: %s: %s", __func__, "SSL_read", error_info);
client_kill (c, error_info);
return false;
}
}
}
static bool
irc_try_write (struct client *c)
{
struct str *buf = &c->write_buffer;
ssize_t n_written;
while (buf->len)
{
n_written = send (c->socket_fd, buf->str, buf->len, 0);
if (n_written >= 0)
{
str_remove_slice (buf, 0, n_written);
continue;
}
if (errno == EAGAIN)
return true;
if (errno == EINTR)
continue;
print_debug ("%s: %s: %s", __func__, "send", strerror (errno));
client_kill (c, strerror (errno));
return false;
}
return true;
}
static bool
irc_try_write_ssl (struct client *c)
{
if (c->ssl_rx_want_tx)
return true;
struct str *buf = &c->write_buffer;
c->ssl_tx_want_rx = false;
while (buf->len)
{
int n_written = SSL_write (c->ssl, buf->str, buf->len);
const char *error_info = NULL;
switch (xssl_get_error (c->ssl, n_written, &error_info))
{
case SSL_ERROR_NONE:
str_remove_slice (buf, 0, n_written);
continue;
case SSL_ERROR_ZERO_RETURN:
client_kill (c, NULL);
return false;
case SSL_ERROR_WANT_WRITE:
return true;
case SSL_ERROR_WANT_READ:
c->ssl_tx_want_rx = true;
return true;
case XSSL_ERROR_TRY_AGAIN:
continue;
default:
print_debug ("%s: %s: %s", __func__, "SSL_write", error_info);
client_kill (c, error_info);
return false;
}
}
return true;
}
static bool
irc_autodetect_ssl (struct client *c)
{
// Trivial SSL/TLS autodetection. The first block of data returned by
// recv() must be at least three bytes long for this to work reliably,
// but that should not pose a problem in practice.
//
// SSL2: 1xxx xxxx | xxxx xxxx | <1>
// (message length) (client hello)
// SSL3/TLS: <22> | <3> | xxxx xxxx
// (handshake)| (protocol version)
//
// Such byte sequences should never occur at the beginning of regular IRC
// communication, which usually begins with USER/NICK/PASS/SERVICE.
char buf[3];
start:
switch (recv (c->socket_fd, buf, sizeof buf, MSG_PEEK))
{
case 3:
if ((buf[0] & 0x80) && buf[2] == 1)
return true;
case 2:
if (buf[0] == 22 && buf[1] == 3)
return true;
break;
case 1:
if (buf[0] == 22)
return true;
break;
case 0:
break;
default:
if (errno == EINTR)
goto start;
}
return false;
}
static bool
client_initialize_ssl (struct client *c)
{
// SSL support not enabled
if (!c->ctx->ssl_ctx)
return false;
c->ssl = SSL_new (c->ctx->ssl_ctx);
if (!c->ssl)
goto error_ssl_1;
if (!SSL_set_fd (c->ssl, c->socket_fd))
goto error_ssl_2;
SSL_set_accept_state (c->ssl);
return true;
error_ssl_2:
SSL_free (c->ssl);
c->ssl = NULL;
error_ssl_1:
// XXX: these error strings are really nasty; also there could be
// multiple errors on the OpenSSL stack.
print_debug ("%s: %s: %s", "could not initialize SSL",
c->hostname, ERR_error_string (ERR_get_error (), NULL));
return false;
}
static void
on_irc_client_ready (const struct pollfd *pfd, void *user_data)
{
struct client *c = user_data;
if (!c->initialized)
{
hard_assert (pfd->events == POLLIN);
if (irc_autodetect_ssl (c) && !client_initialize_ssl (c))
{
client_kill (c, NULL);
return;
}
c->initialized = true;
}
int new_events = 0;
if (c->ssl)
{
// Reads may want to write, writes may want to read, poll() may
// return unexpected things in `revents'... let's try both
if (!irc_try_read_ssl (c) || !irc_try_write_ssl (c))
return;
new_events |= POLLIN;
if (c->write_buffer.len || c->ssl_rx_want_tx)
new_events |= POLLOUT;
// While we're waiting for an opposite event, we ignore the original
if (c->ssl_rx_want_tx) new_events &= ~POLLIN;
if (c->ssl_tx_want_rx) new_events &= ~POLLOUT;
}
else
{
if (!irc_try_read (c) || !irc_try_write (c))
return;
new_events |= POLLIN;
if (c->write_buffer.len)
new_events |= POLLOUT;
}
hard_assert (new_events != 0);
if (pfd->events != new_events)
poller_set (&c->ctx->poller, c->socket_fd, new_events,
(poller_dispatcher_func) on_irc_client_ready, c);
}
static void
on_irc_client_available (const struct pollfd *pfd, void *user_data)
{
(void) pfd;
struct server_context *ctx = user_data;
// TODO: stop accepting new connections when `max_connections' is reached
while (true)
{
// XXX: `struct sockaddr_storage' is not the most portable thing
struct sockaddr_storage peer;
socklen_t peer_len = sizeof peer;
int fd = accept (ctx->listen_fd, (struct sockaddr *) &peer, &peer_len);
if (fd == -1)
{
if (errno == EAGAIN)
break;
if (errno == EINTR)
continue;
if (errno == ECONNABORTED)
continue;
// TODO: handle resource exhaustion (EMFILE, ENFILE) specially
// (stop accepting new connections and wait until we close some).
// FIXME: handle this better, bring the server down cleanly.
exit_fatal ("%s: %s", "accept", strerror (errno));
}
char host[NI_MAXHOST] = "unknown", port[NI_MAXSERV] = "unknown";
int err = getnameinfo ((struct sockaddr *) &peer, peer_len,
host, sizeof host, port, sizeof port, NI_NUMERICSERV);
if (err)
print_debug ("%s: %s", "getnameinfo", gai_strerror (err));
print_debug ("accepted connection from %s:%s", host, port);
struct client *c = xmalloc (sizeof *c);
client_init (c);
c->ctx = ctx;
c->socket_fd = fd;
c->hostname = xstrdup (host);
LIST_PREPEND (ctx->clients, c);
// TODO: set a timeout on the socket, something like 3 minutes, then we
// should terminate the connection.
set_blocking (fd, false);
poller_set (&ctx->poller, fd, POLLIN,
(poller_dispatcher_func) on_irc_client_ready, c);
}
}
// -----------------------------------------------------------------------------
static int
irc_ssl_verify_callback (int verify_ok, X509_STORE_CTX *ctx)
{
(void) verify_ok;
(void) ctx;
// We only want to provide additional privileges based on the client's
// certificate, so let's not terminate the connection because of a failure.
return 1;
}
static bool
irc_initialize_ssl (struct server_context *ctx, struct error **e)
{
const char *ssl_cert = str_map_find (&ctx->config, "ssl_cert");
const char *ssl_key = str_map_find (&ctx->config, "ssl_key");
// Only try to enable SSL support if the user configures it; it is not
// a failure if no one has requested it.
if (!ssl_cert && !ssl_key)
return true;
if (!ssl_cert)
error_set (e, "no SSL certificate set");
else if (!ssl_key)
error_set (e, "no SSL private key set");
if (!ssl_cert || !ssl_key)
return false;
char *cert_path = resolve_config_filename (ssl_cert);
char *key_path = resolve_config_filename (ssl_key);
if (!cert_path)
error_set (e, "%s: %s", "cannot open file", ssl_cert);
else if (!key_path)
error_set (e, "%s: %s", "cannot open file", ssl_key);
if (!cert_path || !key_path)
return false;
ctx->ssl_ctx = SSL_CTX_new (SSLv23_server_method ());
if (!ctx->ssl_ctx)
{
// XXX: these error strings are really nasty; also there could be
// multiple errors on the OpenSSL stack.
error_set (e, "%s: %s", "could not initialize SSL",
ERR_error_string (ERR_get_error (), NULL));
goto error_ssl_1;
}
SSL_CTX_set_verify (ctx->ssl_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, irc_ssl_verify_callback);
// XXX: maybe we should call SSL_CTX_set_options() for some workarounds
// XXX: perhaps we should read the files ourselves for better messages
if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path))
{
error_set (e, "%s: %s", "setting the SSL client certificate failed",
ERR_error_string (ERR_get_error (), NULL));
goto error_ssl_2;
}
if (!SSL_CTX_use_PrivateKey_file (ctx->ssl_ctx, key_path, SSL_FILETYPE_PEM))
{
error_set (e, "%s: %s", "setting the SSL private key failed",
ERR_error_string (ERR_get_error (), NULL));
goto error_ssl_2;
}
// TODO: SSL_CTX_check_private_key()? It has probably already been checked
// by SSL_CTX_use_PrivateKey_file() above.
// Gah, spare me your awkward semantics, I just want to push data!
// XXX: do we want SSL_MODE_AUTO_RETRY as well? I guess not.
SSL_CTX_set_mode (ctx->ssl_ctx,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);
return true;
error_ssl_2:
SSL_CTX_free (ctx->ssl_ctx);
ctx->ssl_ctx = NULL;
error_ssl_1:
return false;
}
static bool
irc_initialize_catalog (struct server_context *ctx, struct error **e)
{
hard_assert (ctx->catalog == (nl_catd) -1);
const char *catalog = str_map_find (&ctx->config, "catalog");
if (!catalog)
return true;
char *path = resolve_config_filename (catalog);
if (!path)
{
error_set (e, "%s: %s", "cannot open file", catalog);
return false;
}
ctx->catalog = catopen (path, NL_CAT_LOCALE);
free (path);
if (ctx->catalog == (nl_catd) -1)
{
error_set (e, "%s: %s",
"failed reading the message catalog file", strerror (errno));
return false;
}
return true;
}
static bool
irc_initialize_motd (struct server_context *ctx, struct error **e)
{
hard_assert (ctx->motd.len == 0);
const char *motd = str_map_find (&ctx->config, "motd");
if (!motd)
return true;
char *path = resolve_config_filename (motd);
if (!path)
{
error_set (e, "%s: %s", "cannot open file", motd);
return false;
}
FILE *fp = fopen (path, "r");
free (path);
if (!fp)
{
error_set (e, "%s: %s",
"failed reading the MOTD file", strerror (errno));
return false;
}
struct str line;
str_init (&line);
while (read_line (fp, &line))
str_vector_add_owned (&ctx->motd, str_steal (&line));
str_free (&line);
fclose (fp);
return true;
}
static bool
irc_initialize_server_name (struct server_context *ctx, struct error **e)
{
enum validation_result res;
const char *server_name = str_map_find (&ctx->config, "server_name");
if (server_name)
{
res = irc_validate_hostname (server_name);
if (res != VALIDATION_OK)
{
error_set (e, "invalid configuration value for `%s': %s",
"server_name", irc_validate_to_str (res));
return false;
}
ctx->server_name = xstrdup (server_name);
}
else
{
char hostname[HOST_NAME_MAX];
if (gethostname (hostname, sizeof hostname))
{
error_set (e, "%s: %s",
"getting the hostname failed", strerror (errno));
return false;
}
res = irc_validate_hostname (hostname);
if (res != VALIDATION_OK)
{
error_set (e,
"`%s' is not set and the hostname (`%s') cannot be used: %s",
"server_name", hostname, irc_validate_to_str (res));
return false;
}
ctx->server_name = xstrdup (hostname);
}
return true;
}
static bool
irc_listen (struct server_context *ctx, struct error **e)
{
const char *bind_host = str_map_find (&ctx->config, "bind_host");
const char *bind_port = str_map_find (&ctx->config, "bind_port");
hard_assert (bind_port != NULL); // We have a default value for this
struct addrinfo gai_hints, *gai_result, *gai_iter;
memset (&gai_hints, 0, sizeof gai_hints);
gai_hints.ai_socktype = SOCK_STREAM;
gai_hints.ai_flags = AI_PASSIVE;
int err = getaddrinfo (bind_host, bind_port, &gai_hints, &gai_result);
if (err)
{
error_set (e, "%s: %s: %s",
"network setup failed", "getaddrinfo", gai_strerror (err));
return false;
}
int sockfd;
char real_host[NI_MAXHOST], real_port[NI_MAXSERV];
for (gai_iter = gai_result; gai_iter; gai_iter = gai_iter->ai_next)
{
sockfd = socket (gai_iter->ai_family,
gai_iter->ai_socktype, gai_iter->ai_protocol);
if (sockfd == -1)
continue;
set_cloexec (sockfd);
int yes = 1;
soft_assert (setsockopt (sockfd, SOL_SOCKET, SO_KEEPALIVE,
&yes, sizeof yes) != -1);
soft_assert (setsockopt (sockfd, SOL_SOCKET, SO_REUSEADDR,
&yes, sizeof yes) != -1);
real_host[0] = real_port[0] = '\0';
err = getnameinfo (gai_iter->ai_addr, gai_iter->ai_addrlen,
real_host, sizeof real_host, real_port, sizeof real_port,
NI_NUMERICHOST | NI_NUMERICSERV);
if (err)
print_debug ("%s: %s", "getnameinfo", gai_strerror (err));
if (bind (sockfd, gai_iter->ai_addr, gai_iter->ai_addrlen))
print_error ("bind to %s:%s failed: %s",
real_host, real_port, strerror (errno));
else if (listen (sockfd, 16 /* arbitrary number */))
print_error ("listen at %s:%s failed: %s",
real_host, real_port, strerror (errno));
else
break;
xclose (sockfd);
}
freeaddrinfo (gai_result);
if (!gai_iter)
{
error_set (e, "network setup failed");
return false;
}
set_blocking (sockfd, false);
ctx->listen_fd = sockfd;
poller_set (&ctx->poller, ctx->listen_fd, POLLIN,
(poller_dispatcher_func) on_irc_client_available, ctx);
print_status ("listening at %s:%s", real_host, real_port);
return true;
}
static void
on_signal_pipe_readable (const struct pollfd *fd, struct server_context *ctx)
{
char *dummy;
(void) read (fd->fd, &dummy, 1);
// TODO: send ERROR messages to anyone, wait for the messages to get
// dispatched for a few seconds, RST the rest and quit.
if (g_termination_requested && !ctx->quitting)
{
#if 0
initiate_quit (ctx);
#endif
}
}
static void
daemonize (void)
{
// TODO: create and lock a PID file?
print_status ("daemonizing...");
if (chdir ("/"))
exit_fatal ("%s: %s", "chdir", strerror (errno));
pid_t pid;
if ((pid = fork ()) < 0)
exit_fatal ("%s: %s", "fork", strerror (errno));
else if (pid)
exit (EXIT_SUCCESS);
setsid ();
signal (SIGHUP, SIG_IGN);
if ((pid = fork ()) < 0)
exit_fatal ("%s: %s", "fork", strerror (errno));
else if (pid)
exit (EXIT_SUCCESS);
openlog (PROGRAM_NAME, LOG_NDELAY | LOG_NOWAIT | LOG_PID, 0);
g_log_message_real = log_message_syslog;
// XXX: we may close our own descriptors this way, crippling ourselves
for (int i = 0; i < 3; i++)
xclose (i);
int tty = open ("/dev/null", O_RDWR);
if (tty != 0 || dup (0) != 1 || dup (0) != 2)
exit_fatal ("failed to reopen FD's: %s", strerror (errno));
}
static void
print_usage (const char *program_name)
{
fprintf (stderr,
"Usage: %s [OPTION]...\n"
"Experimental IRC server.\n"
"\n"
" -d, --debug run in debug mode (do not daemonize)\n"
" -h, --help display this help and exit\n"
" -V, --version output version information and exit\n"
" --write-default-cfg [filename]\n"
" write a default configuration file and exit\n",
program_name);
}
int
main (int argc, char *argv[])
{
const char *invocation_name = argv[0];
static struct option opts[] =
{
{ "debug", no_argument, NULL, 'd' },
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, 'V' },
{ "write-default-cfg", optional_argument, NULL, 'w' },
{ NULL, 0, NULL, 0 }
};
while (1)
{
int c, opt_index;
c = getopt_long (argc, argv, "dhV", opts, &opt_index);
if (c == -1)
break;
switch (c)
{
case 'd':
g_debug_mode = true;
break;
case 'h':
print_usage (invocation_name);
exit (EXIT_SUCCESS);
case 'V':
printf (PROGRAM_NAME " " PROGRAM_VERSION "\n");
exit (EXIT_SUCCESS);
case 'w':
call_write_default_config (optarg, g_config_table);
exit (EXIT_SUCCESS);
default:
print_error ("wrong options");
exit (EXIT_FAILURE);
}
}
print_status (PROGRAM_NAME " " PROGRAM_VERSION " starting");
setup_signal_handlers ();
SSL_library_init ();
atexit (EVP_cleanup);
SSL_load_error_strings ();
// XXX: ERR_load_BIO_strings()? Anything else?
atexit (ERR_free_strings);
struct server_context ctx;
server_context_init (&ctx);
irc_register_handlers (&ctx);
struct error *e = NULL;
if (!read_config_file (&ctx.config, &e))
{
print_error ("error loading configuration: %s", e->message);
error_free (e);
exit (EXIT_FAILURE);
}
poller_set (&ctx.poller, g_signal_pipe[0], POLLIN,
(poller_dispatcher_func) on_signal_pipe_readable, &ctx);
if (!irc_initialize_ssl (&ctx, &e)
|| !irc_initialize_server_name (&ctx, &e)
|| !irc_initialize_motd (&ctx, &e)
|| !irc_initialize_catalog (&ctx, &e)
|| !irc_listen (&ctx, &e))
{
print_error ("%s", e->message);
error_free (e);
exit (EXIT_FAILURE);
}
if (!g_debug_mode)
daemonize ();
ctx.polling = true;
while (ctx.polling)
poller_run (&ctx.poller);
server_context_free (&ctx);
return EXIT_SUCCESS;
}