diff options
author | Luke Bratch <luke@bratch.co.uk> | 2020-01-05 22:25:22 +0000 |
---|---|---|
committer | Luke Bratch <luke@bratch.co.uk> | 2020-01-05 22:25:22 +0000 |
commit | 82ab48d41bfef30ab51b407b48dfcda9ebc5f7e7 (patch) | |
tree | 28a87fe7d5c0af50aaf1abc4717c9e7cb93a24a5 /blabouncer.c | |
parent | d0c2d49cc63cf14a094f3bb168ffdd18e2ea5ff3 (diff) |
Fix some situations where the remote IP of a connecting/disconnecting client is wrong in the debug log and NOTICEs.
Diffstat (limited to 'blabouncer.c')
-rw-r--r-- | blabouncer.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/blabouncer.c b/blabouncer.c index 5ee48b5..c4e92ed 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -758,12 +758,24 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) { if (newfd > fdmax) { // keep track of the max fdmax = newfd; } + + // If openssl_accept fails later on, this is the message we'll append to the usual connection announcement + char opensslfailmsg[] = ", but was disconnected due to a failure in SSL_accept()"; + // Store the client's IP address for now, since we may need to refer to it after disconnecting + // them (thus clearing the array entry that the IP is read from) if something goes wrong + char remoteip[INET6_ADDRSTRLEN]; + strncpy(remoteip, inet_ntop(remoteaddr.ss_family, get_in_addr((struct sockaddr*)&remoteaddr), remoteIP, INET6_ADDRSTRLEN), INET6_ADDRSTRLEN); + // Find a free element in the clients array and set to new fd value (plus start SSL_accept() if using client TLS) for (int j = 0; j < MAXCLIENTS; j++) { if (clients[j].fd == 0) { clients[j].fd = newfd; // Ensure its authentication status is set to 0 clients[j].authed = 0; + + // Record the remote IP address of this client in the clients array + strncpy(clients[j].remoteip, remoteip, INET6_ADDRSTRLEN); + // If using TLS then... if (settings->clienttls) { // ...set as OpenSSL FD and SSL_accept it @@ -776,27 +788,28 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) { debugprint(DEBUG_CRIT, "fd_toggle_blocking on failed for fd %d: %s.\n", clients[j].fd, strerror(errno)); disconnectclient(clients[j].fd, clients, &ircdstate, settings, clientcodes); } - // Try to SSL_accept(), not interested in return code here since openssl_accept() does the right thing. - openssl_accept(clients[j].fd, clients, &ircdstate, settings, clientcodes); + // Try to SSL_accept() + if (openssl_accept(clients[j].fd, clients, &ircdstate, settings, clientcodes)) { + // It succeeded, so clear the failure message + opensslfailmsg[0] = '\0'; + } } else { // If not using TLS then cast newfd to SSL* even though it will just be the original newfd int really clients[j].ssl = (SSL*)(long int)newfd; + // There can't be an openssl_accept failure if we're not using TLS + opensslfailmsg[0] = '\0'; } - // Record the remote IP address of this client in the clients array - strncpy(clients[j].remoteip, inet_ntop(remoteaddr.ss_family, get_in_addr((struct sockaddr*)&remoteaddr), remoteIP, INET6_ADDRSTRLEN), INET6_ADDRSTRLEN); - break; } } // TODO - Handle the "find a free element" loop not finding a free element - debugprint(DEBUG_FULL, "bouncer-client: new connection from %s on socket %d\n", - clients[arrindex(clients, newfd)].remoteip, newfd); + debugprint(DEBUG_FULL, "bouncer-client: new connection from %s on socket %d%s\n", remoteip, newfd, opensslfailmsg); // Alert other clients about the new connection char alertmsg[MAXDATASIZE]; - if (!snprintf(alertmsg, MAXDATASIZE, "NOTICE %s :blabouncer: new client connected from %s.", ircdstate.ircnick, - clients[arrindex(clients, newfd)].remoteip)) { + if (!snprintf(alertmsg, MAXDATASIZE, "NOTICE %s :blabouncer: new client connected from %s%s.", ircdstate.ircnick, + remoteip, opensslfailmsg)) { fprintf(stderr, "Error while preparing new client connection NOTICE!\n"); debugprint(DEBUG_CRIT, "Error while preparing new client connection NOTICE!\n"); alertmsg[0] = '\0'; |