/*
 *  ircd-ratbox: A slightly useful ircd.
 *  s_serv.c: Server related functions.
 *
 *  Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
 *  Copyright (C) 1996-2002 Hybrid Development Team
 *  Copyright (C) 2002-2005 ircd-ratbox development team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 */

#include "stdinc.h"

#ifdef HAVE_LIBCRYPTO
#include <openssl/rsa.h>
#endif

#include "s_serv.h"
#include "class.h"
#include "client.h"
#include "hash.h"
#include "match.h"
#include "ircd.h"
#include "ircd_defs.h"
#include "numeric.h"
#include "packet.h"
#include "s_conf.h"
#include "s_newconf.h"
#include "logger.h"
#include "s_stats.h"
#include "s_user.h"
#include "scache.h"
#include "send.h"
#include "client.h"
#include "channel.h"		/* chcap_usage_counts stuff... */
#include "hook.h"
#include "msg.h"
#include "reject.h"
#include "sslproc.h"
#include "capability.h"
#include "s_assert.h"

int MaxConnectionCount = 1;
int MaxClientCount = 1;
int refresh_user_links = 0;

static char buf[BUFSIZE];

/*
 * list of recognized server capabilities.  "TS" is not on the list
 * because all servers that we talk to already do TS, and the kludged
 * extra argument to "PASS" takes care of checking that.  -orabidoo
 */
struct CapabilityIndex *serv_capindex = NULL;
struct CapabilityIndex *cli_capindex = NULL;

unsigned int CAP_CAP;
unsigned int CAP_QS;
unsigned int CAP_EX;
unsigned int CAP_CHW;
unsigned int CAP_IE;
unsigned int CAP_KLN;
unsigned int CAP_KNOCK;
unsigned int CAP_TB;
unsigned int CAP_UNKLN;
unsigned int CAP_CLUSTER;
unsigned int CAP_ENCAP;
unsigned int CAP_TS6;
unsigned int CAP_SERVICE;
unsigned int CAP_RSFNC;
unsigned int CAP_SAVE;
unsigned int CAP_EUID;
unsigned int CAP_EOPMOD;
unsigned int CAP_BAN;
unsigned int CAP_MLOCK;

unsigned int CLICAP_MULTI_PREFIX;
unsigned int CLICAP_ACCOUNT_NOTIFY;
unsigned int CLICAP_EXTENDED_JOIN;
unsigned int CLICAP_AWAY_NOTIFY;
unsigned int CLICAP_USERHOST_IN_NAMES;
unsigned int CLICAP_CAP_NOTIFY;
unsigned int CLICAP_CHGHOST;
unsigned int CLICAP_ECHO_MESSAGE;

/*
 * initialize our builtin capability table. --nenolod
 */
void
init_builtin_capabs(void)
{
	static struct ClientCapability high_priority = {.flags = CLICAP_FLAGS_PRIORITY};
	serv_capindex = capability_index_create("server capabilities");

	/* These two are not set via CAPAB/GCAP keywords. */
	CAP_CAP = capability_put_anonymous(serv_capindex);
	CAP_TS6 = capability_put_anonymous(serv_capindex);

	CAP_QS = capability_put(serv_capindex, "QS", NULL);
	CAP_EX = capability_put(serv_capindex, "EX", NULL);
	CAP_CHW = capability_put(serv_capindex, "CHW", NULL);
	CAP_IE = capability_put(serv_capindex, "IE", NULL);
	CAP_KLN = capability_put(serv_capindex, "KLN", NULL);
	CAP_KNOCK = capability_put(serv_capindex, "KNOCK", NULL);
	CAP_TB = capability_put(serv_capindex, "TB", NULL);
	CAP_UNKLN = capability_put(serv_capindex, "UNKLN", NULL);
	CAP_CLUSTER = capability_put(serv_capindex, "CLUSTER", NULL);
	CAP_ENCAP = capability_put(serv_capindex, "ENCAP", NULL);
	CAP_SERVICE = capability_put(serv_capindex, "SERVICES", NULL);
	CAP_RSFNC = capability_put(serv_capindex, "RSFNC", NULL);
	CAP_SAVE = capability_put(serv_capindex, "SAVE", NULL);
	CAP_EUID = capability_put(serv_capindex, "EUID", NULL);
	CAP_EOPMOD = capability_put(serv_capindex, "EOPMOD", NULL);
	CAP_BAN = capability_put(serv_capindex, "BAN", NULL);
	CAP_MLOCK = capability_put(serv_capindex, "MLOCK", NULL);

	capability_require(serv_capindex, "QS");
	capability_require(serv_capindex, "EX");
	capability_require(serv_capindex, "IE");
	capability_require(serv_capindex, "ENCAP");

	cli_capindex = capability_index_create("client capabilities");

	CLICAP_MULTI_PREFIX = capability_put(cli_capindex, "multi-prefix", &high_priority);
	CLICAP_ACCOUNT_NOTIFY = capability_put(cli_capindex, "account-notify", &high_priority);
	CLICAP_EXTENDED_JOIN = capability_put(cli_capindex, "extended-join", &high_priority);
	CLICAP_AWAY_NOTIFY = capability_put(cli_capindex, "away-notify", &high_priority);
	CLICAP_USERHOST_IN_NAMES = capability_put(cli_capindex, "userhost-in-names", &high_priority);
	CLICAP_CAP_NOTIFY = capability_put(cli_capindex, "cap-notify", NULL);
	CLICAP_CHGHOST = capability_put(cli_capindex, "chghost", &high_priority);
	CLICAP_ECHO_MESSAGE = capability_put(cli_capindex, "echo-message", NULL);
}

static CNCB serv_connect_callback;
static CNCB serv_connect_ssl_callback;
static SSL_OPEN_CB serv_connect_ssl_open_callback;

/*
 * hunt_server - Do the basic thing in delivering the message (command)
 *      across the relays to the specific server (server) for
 *      actions.
 *
 *      Note:   The command is a format string and *MUST* be
 *              of prefixed style (e.g. ":%s COMMAND %s ...").
 *              Command can have only max 8 parameters.
 *
 *      server  parv[server] is the parameter identifying the
 *              target server.
 *
 *      *WARNING*
 *              parv[server] is replaced with the pointer to the
 *              real servername from the matched client (I'm lazy
 *              now --msa).
 *
 *      returns: (see #defines)
 */
int
hunt_server(struct Client *client_p, struct Client *source_p,
	    const char *command, int server, int parc, const char *parv[])
{
	struct Client *target_p;
	int wilds;
	rb_dlink_node *ptr;
	const char *old;
	char *new;

	/*
	 * Assume it's me, if no server
	 */
	if(parc <= server || EmptyString(parv[server]) ||
	   match(parv[server], me.name) || (strcmp(parv[server], me.id) == 0))
		return (HUNTED_ISME);

	new = LOCAL_COPY(parv[server]);

	/*
	 * These are to pickup matches that would cause the following
	 * message to go in the wrong direction while doing quick fast
	 * non-matching lookups.
	 */
	if(MyClient(source_p))
		target_p = find_named_client(new);
	else
		target_p = find_client(new);

	if(target_p)
		if(target_p->from == source_p->from && !MyConnect(target_p))
			target_p = NULL;

	collapse(new);
	wilds = (strchr(new, '?') || strchr(new, '*'));

	/*
	 * Again, if there are no wild cards involved in the server
	 * name, use the hash lookup
	 */
	if(!target_p && wilds)
	{
		RB_DLINK_FOREACH(ptr, global_serv_list.head)
		{
			if(match(new, ((struct Client *) (ptr->data))->name))
			{
				target_p = ptr->data;
				break;
			}
		}
	}

	if(target_p && !IsRegistered(target_p))
		target_p = NULL;

	if(target_p)
	{
		if(IsMe(target_p) || MyClient(target_p))
			return HUNTED_ISME;

		old = parv[server];
		parv[server] = get_id(target_p, target_p);

		sendto_one(target_p, command, get_id(source_p, target_p),
			   parv[1], parv[2], parv[3], parv[4], parv[5], parv[6], parv[7], parv[8]);
		parv[server] = old;
		return (HUNTED_PASS);
	}

	if(MyClient(source_p) || !IsDigit(parv[server][0]))
		sendto_one_numeric(source_p, ERR_NOSUCHSERVER,
				   form_str(ERR_NOSUCHSERVER), parv[server]);
	return (HUNTED_NOSUCH);
}

/*
 * try_connections - scan through configuration and try new connections.
 * Returns the calendar time when the next call to this
 * function should be made latest. (No harm done if this
 * is called earlier or later...)
 */
void
try_connections(void *unused)
{
	struct Client *client_p;
	struct server_conf *server_p = NULL;
	struct server_conf *tmp_p;
	struct Class *cltmp;
	rb_dlink_node *ptr;
	bool connecting = false;
	int confrq = 0;
	time_t next = 0;

	RB_DLINK_FOREACH(ptr, server_conf_list.head)
	{
		tmp_p = ptr->data;

		if(ServerConfIllegal(tmp_p) || !ServerConfAutoconn(tmp_p))
			continue;

		/* don't allow ssl connections if ssl isn't setup */
		if(ServerConfSSL(tmp_p) && (!ircd_ssl_ok || !get_ssld_count()))
			continue;

		cltmp = tmp_p->class;

		/*
		 * Skip this entry if the use of it is still on hold until
		 * future. Otherwise handle this entry (and set it on hold
		 * until next time). Will reset only hold times, if already
		 * made one successfull connection... [this algorithm is
		 * a bit fuzzy... -- msa >;) ]
		 */
		if(tmp_p->hold > rb_current_time())
		{
			if(next > tmp_p->hold || next == 0)
				next = tmp_p->hold;
			continue;
		}

		confrq = get_con_freq(cltmp);
		tmp_p->hold = rb_current_time() + confrq;

		/*
		 * Found a CONNECT config with port specified, scan clients
		 * and see if this server is already connected?
		 */
		client_p = find_server(NULL, tmp_p->name);

		if(!client_p && (CurrUsers(cltmp) < MaxAutoconn(cltmp)) && !connecting)
		{
			server_p = tmp_p;

			/* We connect only one at time... */
			connecting = true;
		}

		if((next > tmp_p->hold) || (next == 0))
			next = tmp_p->hold;
	}

	/* TODO: change this to set active flag to 0 when added to event! --Habeeb */
	if(GlobalSetOptions.autoconn == 0)
		return;

	if(!connecting)
		return;

	/* move this connect entry to end.. */
	rb_dlinkDelete(&server_p->node, &server_conf_list);
	rb_dlinkAddTail(server_p, &server_p->node, &server_conf_list);

	/*
	 * We used to only print this if serv_connect() actually
	 * suceeded, but since rb_tcp_connect() can call the callback
	 * immediately if there is an error, we were getting error messages
	 * in the wrong order. SO, we just print out the activated line,
	 * and let serv_connect() / serv_connect_callback() print an
	 * error afterwards if it fails.
	 *   -- adrian
	 */
	sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
			"Connection to %s activated",
			server_p->name);

	serv_connect(server_p, 0);
}

int
check_server(const char *name, struct Client *client_p)
{
	struct server_conf *server_p = NULL;
	struct server_conf *tmp_p;
	rb_dlink_node *ptr;
	int error = -1;
	const char *encr;
	bool name_matched = false;
	bool host_matched = false;
	bool certfp_failed = false;

	s_assert(NULL != client_p);
	if(client_p == NULL)
		return error;

	if(!(client_p->localClient->passwd))
		return -2;

	if(strlen(name) > HOSTLEN)
		return -4;

	RB_DLINK_FOREACH(ptr, server_conf_list.head)
	{
		struct rb_sockaddr_storage client_addr;

		tmp_p = ptr->data;

		if(ServerConfIllegal(tmp_p))
			continue;

		if(!match(tmp_p->name, name))
			continue;

		name_matched = true;

		if(rb_inet_pton_sock(client_p->sockhost, &client_addr) <= 0)
			SET_SS_FAMILY(&client_addr, AF_UNSPEC);

		if((tmp_p->connect_host && match(tmp_p->connect_host, client_p->host))
			|| (GET_SS_FAMILY(&client_addr) == GET_SS_FAMILY(&tmp_p->connect4)
				&& comp_with_mask_sock((struct sockaddr *)&client_addr,
					(struct sockaddr *)&tmp_p->connect4, 32))
			|| (GET_SS_FAMILY(&client_addr) == GET_SS_FAMILY(&tmp_p->connect6)
				&& comp_with_mask_sock((struct sockaddr *)&client_addr,
					(struct sockaddr *)&tmp_p->connect6, 128))
			)
		{
			host_matched = true;

			if(tmp_p->passwd)
			{
				if(ServerConfEncrypted(tmp_p))
				{
					encr = rb_crypt(client_p->localClient->passwd,
									tmp_p->passwd);
					if(encr != NULL && !strcmp(tmp_p->passwd, encr))
					{
						server_p = tmp_p;
						break;
					}
					else
						continue;
				}
				else if(strcmp(tmp_p->passwd, client_p->localClient->passwd))
					continue;
			}

			if(tmp_p->certfp)
			{
				if(!client_p->certfp || rb_strcasecmp(tmp_p->certfp, client_p->certfp) != 0) {
					certfp_failed = true;
					continue;
				}
			}

			server_p = tmp_p;
			break;
		}
	}

	if(server_p == NULL)
	{
		/* return the most specific error */
		if(certfp_failed)
			error = -6;
		else if(host_matched)
			error = -2;
		else if(name_matched)
			error = -3;

		return error;
	}

	if(ServerConfSSL(server_p) && client_p->localClient->ssl_ctl == NULL)
	{
		return -5;
	}

	if (client_p->localClient->att_sconf && client_p->localClient->att_sconf->class == server_p->class) {
		/* this is an outgoing connection that is already attached to the correct class */
	} else if (CurrUsers(server_p->class) >= MaxUsers(server_p->class)) {
		return -7;
	}
	attach_server_conf(client_p, server_p);

	/* clear TB if they support but we dont want it */
	if(!ServerConfTb(server_p))
		ClearCap(client_p, CAP_TB);

	return 0;
}

/*
 * send_capabilities
 *
 * inputs	- Client pointer to send to
 *		- int flag of capabilities that this server has
 * output	- NONE
 * side effects	- send the CAPAB line to a server  -orabidoo
 */
void
send_capabilities(struct Client *client_p, unsigned int cap_can_send)
{
	sendto_one(client_p, "CAPAB :%s", capability_index_list(serv_capindex, cap_can_send));
}

static void
burst_ban(struct Client *client_p)
{
	struct ConfItem *aconf;
	const char *type;
	rb_dictionary_iter state;

	RB_DICTIONARY_FOREACH(aconf, &state, prop_bans_dict)
	{
		/* Skip expired stuff. */
		if(aconf->lifetime < rb_current_time())
			continue;
		switch(aconf->status & ~CONF_ILLEGAL)
		{
			case CONF_KILL: type = "K"; break;
			case CONF_DLINE: type = "D"; break;
			case CONF_XLINE: type = "X"; break;
			case CONF_RESV_NICK: type = "R"; break;
			case CONF_RESV_CHANNEL: type = "R"; break;
			default:
				continue;
		}
		sendto_one(client_p, ":%s BAN %s %s %s %lu %d %d %s :%s%s%s",
				me.id,
				type,
				aconf->user ? aconf->user : "*", aconf->host,
				(unsigned long)aconf->created,
				(int)(aconf->hold - aconf->created),
				(int)(aconf->lifetime - aconf->created),
				aconf->info.oper,
				aconf->passwd,
				aconf->spasswd ? "|" : "",
				aconf->spasswd ? aconf->spasswd : "");
	}
}

/* burst_modes_TS6()
 *
 * input	- client to burst to, channel name, list to burst, mode flag
 * output	-
 * side effects - client is sent a list of +b, +e, or +I modes
 */
static void
burst_modes_TS6(struct Client *client_p, struct Channel *chptr,
		rb_dlink_list *list, char flag)
{
	rb_dlink_node *ptr;
	struct Ban *banptr;

	send_multiline_init(client_p, " ", ":%s BMASK %ld %s %c :",
			me.id,
			(long)chptr->channelts,
			chptr->chname,
			flag);

	RB_DLINK_FOREACH_PREV(ptr, list->tail)
	{
		banptr = ptr->data;

		if (banptr->forward)
			send_multiline_item(client_p, "%s$%s",
					banptr->banstr,
					banptr->forward);
		else
			send_multiline_item(client_p, "%s", banptr->banstr);
	}

	send_multiline_fini(client_p, NULL);
}

/*
 * burst_TS6
 *
 * inputs	- client (server) to send nick towards
 * 		- client to send nick for
 * output	- NONE
 * side effects	- NICK message is sent towards given client_p
 */
static void
burst_TS6(struct Client *client_p)
{
	char ubuf[BUFSIZE];
	struct Client *target_p;
	struct Channel *chptr;
	struct membership *msptr;
	hook_data_client hclientinfo;
	hook_data_channel hchaninfo;
	rb_dlink_node *ptr;
	rb_dlink_node *uptr;
	char *t;
	int tlen, mlen;
	int cur_len = 0;

	hclientinfo.client = hchaninfo.client = client_p;

	RB_DLINK_FOREACH(ptr, global_client_list.head)
	{
		target_p = ptr->data;

		if(!IsPerson(target_p))
			continue;

		if(MyClient(target_p->from) && target_p->localClient->att_sconf != NULL && ServerConfNoExport(target_p->localClient->att_sconf))
			continue;

		send_umode(NULL, target_p, 0, ubuf);
		if(!*ubuf)
		{
			ubuf[0] = '+';
			ubuf[1] = '\0';
		}

		if(IsCapable(client_p, CAP_EUID))
			sendto_one(client_p, ":%s EUID %s %d %ld %s %s %s %s %s %s %s :%s",
				   target_p->servptr->id, target_p->name,
				   target_p->hopcount + 1,
				   (long) target_p->tsinfo, ubuf,
				   target_p->username, target_p->host,
				   IsIPSpoof(target_p) ? "0" : target_p->sockhost,
				   target_p->id,
				   IsDynSpoof(target_p) ? target_p->orighost : "*",
				   EmptyString(target_p->user->suser) ? "*" : target_p->user->suser,
				   target_p->info);
		else
			sendto_one(client_p, ":%s UID %s %d %ld %s %s %s %s %s :%s",
				   target_p->servptr->id, target_p->name,
				   target_p->hopcount + 1,
				   (long) target_p->tsinfo, ubuf,
				   target_p->username, target_p->host,
				   IsIPSpoof(target_p) ? "0" : target_p->sockhost,
				   target_p->id, target_p->info);

		if(!EmptyString(target_p->certfp))
			sendto_one(client_p, ":%s ENCAP * CERTFP :%s",
					use_id(target_p), target_p->certfp);

		if(!IsCapable(client_p, CAP_EUID))
		{
			if(IsDynSpoof(target_p))
				sendto_one(client_p, ":%s ENCAP * REALHOST %s",
						use_id(target_p), target_p->orighost);
			if(!EmptyString(target_p->user->suser))
				sendto_one(client_p, ":%s ENCAP * LOGIN %s",
						use_id(target_p), target_p->user->suser);
		}

		if(ConfigFileEntry.burst_away && !EmptyString(target_p->user->away))
			sendto_one(client_p, ":%s AWAY :%s",
				   use_id(target_p),
				   target_p->user->away);

		if (IsOper(target_p) && target_p->user && target_p->user->opername)
		{
			if (target_p->user->privset)
				sendto_one(client_p, ":%s OPER %s %s",
						use_id(target_p),
						target_p->user->opername,
						target_p->user->privset->name);
			else
				sendto_one(client_p, ":%s OPER %s",
						use_id(target_p),
						target_p->user->opername);
		}

		hclientinfo.target = target_p;
		call_hook(h_burst_client, &hclientinfo);
	}

	RB_DLINK_FOREACH(ptr, global_channel_list.head)
	{
		chptr = ptr->data;

		if(*chptr->chname != '#')
			continue;

		cur_len = mlen = sprintf(buf, ":%s SJOIN %ld %s %s :", me.id,
				(long) chptr->channelts, chptr->chname,
				channel_modes(chptr, client_p));

		t = buf + mlen;

		RB_DLINK_FOREACH(uptr, chptr->members.head)
		{
			msptr = uptr->data;

			tlen = strlen(use_id(msptr->client_p)) + 1;
			if(is_chanop(msptr))
				tlen++;
			if(is_voiced(msptr))
				tlen++;

			if(cur_len + tlen >= BUFSIZE - 3)
			{
				*(t-1) = '\0';
				sendto_one(client_p, "%s", buf);
				cur_len = mlen;
				t = buf + mlen;
			}

			sprintf(t, "%s%s ", find_channel_status(msptr, 1),
				   use_id(msptr->client_p));

			cur_len += tlen;
			t += tlen;
		}

		if (rb_dlink_list_length(&chptr->members) > 0)
		{
			/* remove trailing space */
			*(t-1) = '\0';
		}
		sendto_one(client_p, "%s", buf);

		if(rb_dlink_list_length(&chptr->banlist) > 0)
			burst_modes_TS6(client_p, chptr, &chptr->banlist, 'b');

		if(IsCapable(client_p, CAP_EX) &&
		   rb_dlink_list_length(&chptr->exceptlist) > 0)
			burst_modes_TS6(client_p, chptr, &chptr->exceptlist, 'e');

		if(IsCapable(client_p, CAP_IE) &&
		   rb_dlink_list_length(&chptr->invexlist) > 0)
			burst_modes_TS6(client_p, chptr, &chptr->invexlist, 'I');

		if(rb_dlink_list_length(&chptr->quietlist) > 0)
			burst_modes_TS6(client_p, chptr, &chptr->quietlist, 'q');

		if(IsCapable(client_p, CAP_TB) && chptr->topic != NULL)
			sendto_one(client_p, ":%s TB %s %ld %s%s:%s",
				   me.id, chptr->chname, (long) chptr->topic_time,
				   ConfigChannel.burst_topicwho ? chptr->topic_info : "",
				   ConfigChannel.burst_topicwho ? " " : "",
				   chptr->topic);

		if(IsCapable(client_p, CAP_MLOCK))
			sendto_one(client_p, ":%s MLOCK %ld %s :%s",
				   me.id, (long) chptr->channelts, chptr->chname,
				   EmptyString(chptr->mode_lock) ? "" : chptr->mode_lock);

		hchaninfo.chptr = chptr;
		call_hook(h_burst_channel, &hchaninfo);
	}

	hclientinfo.target = NULL;
	call_hook(h_burst_finished, &hclientinfo);
}

/*
 * show_capabilities - show current server capabilities
 *
 * inputs       - pointer to an struct Client
 * output       - pointer to static string
 * side effects - build up string representing capabilities of server listed
 */
const char *
show_capabilities(struct Client *target_p)
{
	static char msgbuf[BUFSIZE];

	*msgbuf = '\0';

	if(has_id(target_p))
		rb_strlcpy(msgbuf, " TS6", sizeof(msgbuf));

	if(IsSSL(target_p))
		rb_strlcat(msgbuf, " SSL", sizeof(msgbuf));

	if(!IsServer(target_p) || !target_p->serv->caps)	/* short circuit if no caps */
		return msgbuf + 1;

	rb_strlcat(msgbuf, " ", sizeof(msgbuf));
	rb_strlcat(msgbuf, capability_index_list(serv_capindex, target_p->serv->caps), sizeof(msgbuf));

	return msgbuf + 1;
}

/*
 * server_estab
 *
 * inputs       - pointer to a struct Client
 * output       -
 * side effects -
 */
int
server_estab(struct Client *client_p)
{
	struct Client *target_p;
	struct server_conf *server_p;
	hook_data_client hdata;
	char *host;
	rb_dlink_node *ptr;
	char note[HOSTLEN + 15];

	s_assert(NULL != client_p);
	if(client_p == NULL)
		return -1;

	host = client_p->name;

	if((server_p = client_p->localClient->att_sconf) == NULL)
	{
		/* This shouldn't happen, better tell the ops... -A1kmm */
		sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
				     "Warning: Lost connect{} block for server %s!", host);
		return exit_client(client_p, client_p, client_p, "Lost connect{} block!");
	}

	/* We shouldn't have to check this, it should already done before
	 * server_estab is called. -A1kmm
	 */
	if(client_p->localClient->passwd)
	{
		memset(client_p->localClient->passwd, 0, strlen(client_p->localClient->passwd));
		rb_free(client_p->localClient->passwd);
		client_p->localClient->passwd = NULL;
	}

	/* Its got identd , since its a server */
	SetGotId(client_p);

	if(IsUnknown(client_p))
	{
		/* the server may be linking based on certificate fingerprint now. --nenolod */
		sendto_one(client_p, "PASS %s TS %d :%s",
			   EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);

		/* pass info to new server */
		send_capabilities(client_p, default_server_capabs | CAP_MASK
				  | (ServerConfTb(server_p) ? CAP_TB : 0));

		sendto_one(client_p, "SERVER %s 1 :%s%s",
			   me.name,
			   ConfigServerHide.hidden ? "(H) " : "",
			   (me.info[0]) ? (me.info) : "IRCers United");
	}

	if(!rb_set_buffers(client_p->localClient->F, READBUF_SIZE))
		ilog_error("rb_set_buffers failed for server");

	client_p->servptr = &me;

	if(IsAnyDead(client_p))
		return CLIENT_EXITED;

	sendto_one(client_p, "SVINFO %d %d 0 :%ld", TS_CURRENT, TS_MIN, (long int)rb_current_time());

	rb_dlinkAdd(client_p, &client_p->lnode, &me.serv->servers);
	rb_dlinkMoveNode(&client_p->localClient->tnode, &unknown_list, &serv_list);
	rb_dlinkAddTailAlloc(client_p, &global_serv_list);

	if(has_id(client_p))
		add_to_id_hash(client_p->id, client_p);

	add_to_client_hash(client_p->name, client_p);
	/* doesnt duplicate client_p->serv if allocated this struct already */
	make_server(client_p);
	SetServer(client_p);

	client_p->serv->caps = client_p->localClient->caps;

	if(client_p->localClient->fullcaps)
	{
		client_p->serv->fullcaps = rb_strdup(client_p->localClient->fullcaps);
		rb_free(client_p->localClient->fullcaps);
		client_p->localClient->fullcaps = NULL;
	}

	client_p->serv->nameinfo = scache_connect(client_p->name, client_p->info, IsHidden(client_p));
	client_p->localClient->firsttime = rb_current_time();
	/* fixing eob timings.. -gnp */

	if((rb_dlink_list_length(&lclient_list) + rb_dlink_list_length(&serv_list)) >
	   (unsigned long)MaxConnectionCount)
		MaxConnectionCount = rb_dlink_list_length(&lclient_list) +
					rb_dlink_list_length(&serv_list);

	/* Show the real host/IP to admins */
	sendto_realops_snomask(SNO_GENERAL, L_ALL,
			"Link with %s established: (%s) link",
			client_p->name,
			show_capabilities(client_p));

	ilog(L_SERVER, "Link with %s established: (%s) link",
	     log_client_name(client_p, SHOW_IP), show_capabilities(client_p));

	hdata.client = &me;
	hdata.target = client_p;
	call_hook(h_server_introduced, &hdata);

	snprintf(note, sizeof(note), "Server: %s", client_p->name);
	rb_note(client_p->localClient->F, note);

	/*
	 ** Old sendto_serv_but_one() call removed because we now
	 ** need to send different names to different servers
	 ** (domain name matching) Send new server to other servers.
	 */
	RB_DLINK_FOREACH(ptr, serv_list.head)
	{
		target_p = ptr->data;

		if(target_p == client_p)
			continue;

		if(target_p->localClient->att_sconf != NULL && ServerConfNoExport(target_p->localClient->att_sconf))
			continue;

		if(has_id(target_p) && has_id(client_p))
		{
			sendto_one(target_p, ":%s SID %s 2 %s :%s%s",
				   me.id, client_p->name, client_p->id,
				   IsHidden(client_p) ? "(H) " : "", client_p->info);

			if(!EmptyString(client_p->serv->fullcaps))
				sendto_one(target_p, ":%s ENCAP * GCAP :%s",
					client_p->id, client_p->serv->fullcaps);
		}
		else
		{
			sendto_one(target_p, ":%s SERVER %s 2 :%s%s",
				   me.name, client_p->name,
				   IsHidden(client_p) ? "(H) " : "", client_p->info);

			if(!EmptyString(client_p->serv->fullcaps))
				sendto_one(target_p, ":%s ENCAP * GCAP :%s",
					client_p->name, client_p->serv->fullcaps);
		}
	}

	/*
	 ** Pass on my client information to the new server
	 **
	 ** First, pass only servers (idea is that if the link gets
	 ** cancelled beacause the server was already there,
	 ** there are no NICK's to be cancelled...). Of course,
	 ** if cancellation occurs, all this info is sent anyway,
	 ** and I guess the link dies when a read is attempted...? --msa
	 **
	 ** Note: Link cancellation to occur at this point means
	 ** that at least two servers from my fragment are building
	 ** up connection this other fragment at the same time, it's
	 ** a race condition, not the normal way of operation...
	 **
	 ** ALSO NOTE: using the get_client_name for server names--
	 **    see previous *WARNING*!!! (Also, original inpath
	 **    is destroyed...)
	 */
	RB_DLINK_FOREACH(ptr, global_serv_list.head)
	{
		target_p = ptr->data;

		/* target_p->from == target_p for target_p == client_p */
		if(IsMe(target_p) || target_p->from == client_p)
			continue;

		/* don't distribute downstream leaves of servers that are no-export */
		if(MyClient(target_p->from) && target_p->from->localClient->att_sconf != NULL && ServerConfNoExport(target_p->from->localClient->att_sconf))
			continue;

		/* presumption, if target has an id, so does its uplink */
		if(has_id(client_p) && has_id(target_p))
			sendto_one(client_p, ":%s SID %s %d %s :%s%s",
				   target_p->servptr->id, target_p->name,
				   target_p->hopcount + 1, target_p->id,
				   IsHidden(target_p) ? "(H) " : "", target_p->info);
		else
			sendto_one(client_p, ":%s SERVER %s %d :%s%s",
				   target_p->servptr->name,
				   target_p->name, target_p->hopcount + 1,
				   IsHidden(target_p) ? "(H) " : "", target_p->info);

		if(!EmptyString(target_p->serv->fullcaps))
			sendto_one(client_p, ":%s ENCAP * GCAP :%s",
					get_id(target_p, client_p),
					target_p->serv->fullcaps);
	}

	if(IsCapable(client_p, CAP_BAN))
		burst_ban(client_p);

	burst_TS6(client_p);

	/* Always send a PING after connect burst is done */
	sendto_one(client_p, "PING :%s", get_id(&me, client_p));

	free_pre_client(client_p);

	send_pop_queue(client_p);

	return 0;
}

/*
 * New server connection code
 * Based upon the stuff floating about in s_bsd.c
 *   -- adrian
 */

/*
 * serv_connect() - initiate a server connection
 *
 * inputs	- pointer to conf
 *		- pointer to client doing the connet
 * output	-
 * side effects	-
 *
 * This code initiates a connection to a server. It first checks to make
 * sure the given server exists. If this is the case, it creates a socket,
 * creates a client, saves the socket information in the client, and
 * initiates a connection to the server through rb_connect_tcp(). The
 * completion of this goes through serv_completed_connection().
 *
 * We return 1 if the connection is attempted, since we don't know whether
 * it suceeded or not, and 0 if it fails in here somewhere.
 */
int
serv_connect(struct server_conf *server_p, struct Client *by)
{
	struct Client *client_p;
	struct sockaddr_storage sa_connect[2];
	struct sockaddr_storage sa_bind[ARRAY_SIZE(sa_connect)];
	char note[HOSTLEN + 10];
	rb_fde_t *F;

	s_assert(server_p != NULL);
	if(server_p == NULL)
		return 0;

	for (int i = 0; i < ARRAY_SIZE(sa_connect); i++) {
		SET_SS_FAMILY(&sa_connect[i], AF_UNSPEC);
		SET_SS_FAMILY(&sa_bind[i], AF_UNSPEC);
	}

	if(server_p->aftype == AF_UNSPEC
		&& GET_SS_FAMILY(&server_p->connect4) == AF_INET
		&& GET_SS_FAMILY(&server_p->connect6) == AF_INET6)
	{
		if(rand() % 2 == 0)
		{
			sa_connect[0] = server_p->connect4;
			sa_connect[1] = server_p->connect6;
			sa_bind[0] = server_p->bind4;
			sa_bind[1] = server_p->bind6;
		}
		else
		{
			sa_connect[0] = server_p->connect6;
			sa_connect[1] = server_p->connect4;
			sa_bind[0] = server_p->bind6;
			sa_bind[1] = server_p->bind4;
		}
	}
	else if(server_p->aftype == AF_INET || GET_SS_FAMILY(&server_p->connect4) == AF_INET)
	{
		sa_connect[0] = server_p->connect4;
		sa_bind[0] = server_p->bind4;
	}
	else if(server_p->aftype == AF_INET6 || GET_SS_FAMILY(&server_p->connect6) == AF_INET6)
	{
		sa_connect[0] = server_p->connect6;
		sa_bind[0] = server_p->bind6;
	}

	/* log */
#ifdef HAVE_LIBSCTP
	if (ServerConfSCTP(server_p) && GET_SS_FAMILY(&sa_connect[1]) != AF_UNSPEC) {
		char buf2[HOSTLEN + 1];

		buf[0] = 0;
		buf2[0] = 0;
		rb_inet_ntop_sock((struct sockaddr *)&sa_connect[0], buf, sizeof(buf));
		rb_inet_ntop_sock((struct sockaddr *)&sa_connect[1], buf2, sizeof(buf2));
		ilog(L_SERVER, "Connect to *[%s] @%s&%s", server_p->name, buf, buf2);
	} else {
#else
	{
#endif
		buf[0] = 0;
		rb_inet_ntop_sock((struct sockaddr *)&sa_connect[0], buf, sizeof(buf));
		ilog(L_SERVER, "Connect to *[%s] @%s", server_p->name, buf);
	}

	/*
	 * Make sure this server isn't already connected
	 */
	if((client_p = find_server(NULL, server_p->name)))
	{
		sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
				     "Server %s already present from %s",
				     server_p->name, client_p->name);
		if(by && IsPerson(by) && !MyClient(by))
			sendto_one_notice(by, ":Server %s already present from %s",
					  server_p->name, client_p->name);
		return 0;
	}

	if (CurrUsers(server_p->class) >= MaxUsers(server_p->class)) {
		sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
				     "No more connections allowed in class \"%s\" for server %s",
				     server_p->class->class_name, server_p->name);
		if(by && IsPerson(by) && !MyClient(by))
			sendto_one_notice(by, ":No more connections allowed in class \"%s\" for server %s",
				     server_p->class->class_name, server_p->name);
		return 0;
	}

	/* create a socket for the server connection */
	if(GET_SS_FAMILY(&sa_connect[0]) == AF_UNSPEC) {
		ilog_error("unspecified socket address family");
		return 0;
#ifdef HAVE_LIBSCTP
	} else if (ServerConfSCTP(server_p)) {
		if ((F = rb_socket(AF_INET6, SOCK_STREAM, IPPROTO_SCTP, NULL)) == NULL) {
			ilog_error("opening a stream socket");
			return 0;
		}
#endif
	} else if ((F = rb_socket(GET_SS_FAMILY(&sa_connect[0]), SOCK_STREAM, IPPROTO_TCP, NULL)) == NULL) {
		ilog_error("opening a stream socket");
		return 0;
	}

	/* servernames are always guaranteed under HOSTLEN chars */
	snprintf(note, sizeof(note), "Server: %s", server_p->name);
	rb_note(F, note);

	/* Create a local client */
	client_p = make_client(NULL);

	/* Copy in the server, hostname, fd */
	rb_strlcpy(client_p->name, server_p->name, sizeof(client_p->name));
	if(server_p->connect_host)
		rb_strlcpy(client_p->host, server_p->connect_host, sizeof(client_p->host));
	else
		rb_strlcpy(client_p->host, buf, sizeof(client_p->host));
	rb_strlcpy(client_p->sockhost, buf, sizeof(client_p->sockhost));
	client_p->localClient->F = F;
	/* shove the port number into the sockaddr */
	SET_SS_PORT(&sa_connect[0], htons(server_p->port));
	SET_SS_PORT(&sa_connect[1], htons(server_p->port));

	/*
	 * Set up the initial server evilness, ripped straight from
	 * connect_server(), so don't blame me for it being evil.
	 *   -- adrian
	 */

	if(!rb_set_buffers(client_p->localClient->F, READBUF_SIZE))
	{
		ilog_error("setting the buffer size for a server connection");
	}

	/*
	 * Attach config entries to client here rather than in
	 * serv_connect_callback(). This to avoid null pointer references.
	 */
	attach_server_conf(client_p, server_p);

	/*
	 * at this point we have a connection in progress and C/N lines
	 * attached to the client, the socket info should be saved in the
	 * client and it should either be resolved or have a valid address.
	 *
	 * The socket has been connected or connect is in progress.
	 */
	make_server(client_p);
	if(by && IsClient(by))
		rb_strlcpy(client_p->serv->by, by->name, sizeof(client_p->serv->by));
	else
		strcpy(client_p->serv->by, "AutoConn.");

	SetConnecting(client_p);
	rb_dlinkAddTail(client_p, &client_p->node, &global_client_list);

	for (int i = 0; i < ARRAY_SIZE(sa_connect); i++) {
		if (GET_SS_FAMILY(&sa_bind[i]) == AF_UNSPEC) {
			if (GET_SS_FAMILY(&sa_connect[i]) == GET_SS_FAMILY(&ServerInfo.bind4))
				sa_bind[i] = ServerInfo.bind4;
			if (GET_SS_FAMILY(&sa_connect[i]) == GET_SS_FAMILY(&ServerInfo.bind6))
				sa_bind[i] = ServerInfo.bind6;
		}
	}

#ifdef HAVE_LIBSCTP
	if (ServerConfSCTP(server_p)) {
		rb_connect_sctp(client_p->localClient->F,
			sa_connect, ARRAY_SIZE(sa_connect), sa_bind, ARRAY_SIZE(sa_bind),
			ServerConfSSL(server_p) ? serv_connect_ssl_callback : serv_connect_callback,
			client_p, ConfigFileEntry.connect_timeout);
	} else {
#else
	{
#endif
		rb_connect_tcp(client_p->localClient->F,
			(struct sockaddr *)&sa_connect[0],
			GET_SS_FAMILY(&sa_bind[0]) == AF_UNSPEC ? NULL : (struct sockaddr *)&sa_bind[0],
			ServerConfSSL(server_p) ? serv_connect_ssl_callback : serv_connect_callback,
			client_p, ConfigFileEntry.connect_timeout);
	}
	return 1;
}

static void
serv_connect_ssl_callback(rb_fde_t *F, int status, void *data)
{
	struct Client *client_p = data;
	rb_fde_t *xF[2];
	rb_connect_sockaddr(F, (struct sockaddr *)&client_p->localClient->ip, sizeof(client_p->localClient->ip));
	if(status != RB_OK)
	{
		/* Print error message, just like non-SSL. */
		serv_connect_callback(F, status, data);
		return;
	}
	if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Outgoing ssld connection") == -1)
	{
                ilog_error("rb_socketpair failed for server");
		serv_connect_callback(F, RB_ERROR, data);
		return;

	}
	client_p->localClient->F = xF[0];
	client_p->localClient->ssl_callback = serv_connect_ssl_open_callback;

	client_p->localClient->ssl_ctl = start_ssld_connect(F, xF[1], connid_get(client_p));
	if(!client_p->localClient->ssl_ctl)
	{
		serv_connect_callback(client_p->localClient->F, RB_ERROR, data);
		return;
	}
	SetSSL(client_p);
}

static int
serv_connect_ssl_open_callback(struct Client *client_p, int status)
{
	serv_connect_callback(client_p->localClient->F, status, client_p);
	return 1; /* suppress default exit_client handler for status != RB_OK */
}

/*
 * serv_connect_callback() - complete a server connection.
 *
 * This routine is called after the server connection attempt has
 * completed. If unsucessful, an error is sent to ops and the client
 * is closed. If sucessful, it goes through the initialisation/check
 * procedures, the capabilities are sent, and the socket is then
 * marked for reading.
 */
static void
serv_connect_callback(rb_fde_t *F, int status, void *data)
{
	struct Client *client_p = data;
	struct server_conf *server_p;
	char *errstr;

	/* First, make sure its a real client! */
	s_assert(client_p != NULL);
	s_assert(client_p->localClient->F == F);

	if(client_p == NULL)
		return;

	/* while we were waiting for the callback, its possible this already
	 * linked in.. --fl
	 */
	if(find_server(NULL, client_p->name) != NULL)
	{
		exit_client(client_p, client_p, &me, "Server Exists");
		return;
	}

	if(client_p->localClient->ssl_ctl == NULL)
		rb_connect_sockaddr(F, (struct sockaddr *)&client_p->localClient->ip, sizeof(client_p->localClient->ip));

	/* Check the status */
	if(status != RB_OK)
	{
		/* COMM_ERR_TIMEOUT wont have an errno associated with it,
		 * the others will.. --fl
		 */
		if(status == RB_ERR_TIMEOUT || status == RB_ERROR_SSL)
		{
			sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
					"Error connecting to %s[%s]: %s",
					client_p->name,
					"255.255.255.255",
					rb_errstr(status));
			ilog(L_SERVER, "Error connecting to %s[%s]: %s",
				client_p->name, client_p->sockhost,
				rb_errstr(status));
		}
		else
		{
			errstr = strerror(rb_get_sockerr(F));
			sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
					"Error connecting to %s[%s]: %s (%s)",
					client_p->name,
					"255.255.255.255",
					rb_errstr(status), errstr);
			ilog(L_SERVER, "Error connecting to %s[%s]: %s (%s)",
				client_p->name, client_p->sockhost,
				rb_errstr(status), errstr);
		}

		exit_client(client_p, client_p, &me, rb_errstr(status));
		return;
	}

	/* COMM_OK, so continue the connection procedure */
	/* Get the C/N lines */
	if((server_p = client_p->localClient->att_sconf) == NULL)
	{
		sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Lost connect{} block for %s",
				client_p->name);
		exit_client(client_p, client_p, &me, "Lost connect{} block");
		return;
	}

	if(server_p->certfp && (!client_p->certfp || rb_strcasecmp(server_p->certfp, client_p->certfp) != 0))
	{
		sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
		     "Connection to %s has invalid certificate fingerprint %s",
		     client_p->name, client_p->certfp);
		ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
		     client_p->certfp, log_client_name(client_p, SHOW_IP));

		exit_client(client_p, client_p, &me, "Invalid fingerprint.");
		return;
	}

	/* Next, send the initial handshake */
	SetHandshake(client_p);

	/* the server may be linking based on certificate fingerprint now. --nenolod */
	sendto_one(client_p, "PASS %s TS %d :%s",
		   EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);

	/* pass my info to the new server */
	send_capabilities(client_p, default_server_capabs | CAP_MASK
			  | (ServerConfTb(server_p) ? CAP_TB : 0));

	sendto_one(client_p, "SERVER %s 1 :%s%s",
		   me.name,
		   ConfigServerHide.hidden ? "(H) " : "", me.info);

	/*
	 * If we've been marked dead because a send failed, just exit
	 * here now and save everyone the trouble of us ever existing.
	 */
	if(IsAnyDead(client_p))
	{
		sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
				     "%s went dead during handshake", client_p->name);
		exit_client(client_p, client_p, &me, "Went dead during handshake");
		return;
	}

	/* don't move to serv_list yet -- we haven't sent a burst! */

	/* If we get here, we're ok, so lets start reading some data */
	read_packet(F, client_p);
}