/** Count number of users who match \a mask.
* @param[in] mask ip mask to check.
* @param[in] flags Bitmask possibly containing the value ZLINE_LOCAL, to limit searches to this server.
* @return Count of matching users.
*/
static int
count_users(char *mask, int flags)
{
struct irc_in_addr ipmask;
struct Client *acptr;
int count = 0;
int ipmask_valid;
char ipbuf[SOCKIPLEN + 2];
unsigned char ipmask_len;
ipmask_valid = ipmask_parse(mask, &ipmask, &ipmask_len);
for (acptr = GlobalClientList; acptr; acptr = cli_next(acptr)) {
if (!IsUser(acptr))
continue;
if ((flags & ZLINE_LOCAL) && !MyConnect(acptr))
continue;
ircd_snprintf(0, ipbuf, sizeof(ipbuf), "%s", ircd_ntoa(&cli_ip(acptr)));
if (!match(mask, ipbuf)
|| (ipmask_valid && ipmask_check(&cli_ip(acptr), &ipmask, ipmask_len)
&& (irc_in_addr_type_cmp(&cli_ip(acptr), &ipmask) && ipmask_len)))
count++;
}
return count;
}
void start_auth(struct Client* client)
{
struct AuthRequest* auth = 0;
assert(0 != client);
if (conf_check_slines(client)) {
sendheader(client, REPORT_USING_SLINE);
SetSLined(client);
release_auth_client(client);
return;
}
auth = make_auth_request(client);
assert(0 != auth);
Debug((DEBUG_INFO, "Beginning auth request on client %p", client));
if (!feature_bool(FEAT_NODNS)) {
if (LOOPBACK == inet_netof(cli_ip(client)))
strcpy(cli_sockhost(client), cli_name(&me));
else {
struct DNSQuery query;
query.vptr = auth;
query.callback = auth_dns_callback;
if (IsUserPort(auth->client))
sendheader(client, REPORT_DO_DNS);
cli_dns_reply(client) = gethost_byaddr((const char*) &(cli_ip(client)),
&query);
if (cli_dns_reply(client)) {
++(cli_dns_reply(client))->ref_count;
ircd_strncpy(cli_sockhost(client), cli_dns_reply(client)->hp->h_name,
HOSTLEN);
if (IsUserPort(auth->client))
sendheader(client, REPORT_FIN_DNSC);
Debug((DEBUG_LIST, "DNS entry for %p was cached", auth->client));
} else
SetDNSPending(auth);
}
}
if (start_auth_query(auth)) {
Debug((DEBUG_LIST, "identd query for %p initiated successfully",
auth->client));
link_auth_request(auth, &AuthPollList);
} else if (IsDNSPending(auth)) {
Debug((DEBUG_LIST, "identd query for %p not initiated successfully; "
"waiting on DNS", auth->client));
link_auth_request(auth, &AuthIncompleteList);
} else {
Debug((DEBUG_LIST, "identd query for %p not initiated successfully; "
"no DNS pending; releasing immediately", auth->client));
free_auth_request(auth);
release_auth_client(client);
}
}
/** Find a matching Z-line for a user.
* @param[in] cptr Client to compare against.
* @param[in] flags Bitwise combination of ZLINE_GLOBAL and/or
* ZLINE_LASTMOD to limit matches.
* @return Matching Z-line, or NULL if none are found.
*/
struct Zline *
zline_lookup(struct Client *cptr, unsigned int flags)
{
struct Zline *zline;
struct Zline *szline;
if (find_except_conf(cptr, EFLAG_ZLINE))
return 0;
zliter(GlobalZlineList, zline, szline) {
if ((flags & ZLINE_GLOBAL && zline->zl_flags & ZLINE_LOCAL) ||
(flags & ZLINE_LASTMOD && !zline->zl_lastmod))
continue;
if (ZlineIsIpMask(zline)) {
if (!irc_in_addr_type_cmp(&cli_ip(cptr), &zline->zl_addr) && zline->zl_bits)
continue;
if (!ipmask_check(&cli_ip(cptr), &zline->zl_addr, zline->zl_bits))
continue;
}
else {
if (match(zline->zl_mask, cli_sock_ip(cptr)) != 0)
continue;
}
if (ZlineIsActive(zline))
return zline;
}
/*
* No Zlines matched
*/
return 0;
}
/** Check local clients against a new Z-line.
* If the Z-line is inactive, return immediately.
* Otherwise, if any users match it, disconnect them.
* @param[in] cptr Peer connect that sent the Z-line.
* @param[in] sptr Client that originated the Z-line.
* @param[in] zline New Z-line to check.
* @return Zero, unless \a sptr Z-lined himself, in which case CPTR_KILLED.
*/
static int
do_zline(struct Client *cptr, struct Client *sptr, struct Zline *zline)
{
struct Client *acptr;
int fd, retval = 0, tval;
if (feature_bool(FEAT_DISABLE_ZLINES))
return 0; /* Z-lines are disabled */
if (!ZlineIsActive(zline)) /* no action taken on inactive zlines */
return 0;
for (fd = HighestFd; fd >= 0; --fd) {
/*
* get the users!
*/
if ((acptr = LocalClientArray[fd])) {
if (!cli_user(acptr))
continue;
if (find_except_conf(acptr, EFLAG_ZLINE))
continue;
/* IP zline */
if (ZlineIsIpMask(zline)) {
if (!irc_in_addr_type_cmp(&cli_ip(acptr), &zline->zl_addr) && zline->zl_bits)
continue;
if (!ipmask_check(&cli_ip(acptr), &zline->zl_addr, zline->zl_bits))
continue;
}
else {
if (match(zline->zl_mask, cli_sock_ip(acptr)) != 0)
continue;
}
/* ok, here's one that got Z-lined */
send_reply(acptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, ":%s",
zline->zl_reason);
/* let the ops know about it */
sendto_opmask_butone_global(&me, SNO_GLINE, "Z-line active for %s",
get_client_name(acptr, SHOW_IP));
/* and get rid of him */
if ((tval = exit_client_msg(cptr, acptr, &me, "Z-lined%s%s%s",
(!feature_bool(FEAT_HIS_ZLINE_REASON) ? " (" : ""),
(!feature_bool(FEAT_HIS_ZLINE_REASON) ? zline->zl_reason : ""),
(!feature_bool(FEAT_HIS_ZLINE_REASON) ? ")" : ""))))
retval = tval; /* retain killed status */
}
}
return retval;
}
/** Find a ConfItem that has the same name and user+host fields as
* specified. Requires an exact match for \a name.
* @param name Name to match
* @param cptr Client to match against
* @param statmask Filter for ConfItem::status
* @return First found matching ConfItem.
*/
struct ConfItem* find_conf_exact(const char* name, struct Client *cptr, int statmask)
{
struct ConfItem *tmp;
for (tmp = GlobalConfList; tmp; tmp = tmp->next) {
if (!(tmp->status & statmask) || !tmp->name || !tmp->host ||
0 != ircd_strcmp(tmp->name, name))
continue;
if (tmp->username
&& (EmptyString(cli_username(cptr))
|| match(tmp->username, cli_username(cptr))))
continue;
if (tmp->addrbits < 0)
{
if (match(tmp->host, cli_sockhost(cptr)))
continue;
}
else if (!ipmask_check(&cli_ip(cptr), &tmp->address.addr, tmp->addrbits))
continue;
if ((tmp->status & CONF_OPERATOR)
&& (MaxLinks(tmp->conn_class) > 0)
&& (tmp->clients >= MaxLinks(tmp->conn_class)))
continue;
return tmp;
}
return 0;
}
/** Find Except configuration for \a cptr with flags matching \a flags
* @param[in] cptr Client to match an Except configuration against.
* @param[in] mask Bitmask of EFLAG_* flags to test for exemption.
* @return -1 if an exception was found, 0 otherwise.
*/
int find_except_conf(struct Client *cptr, int flags)
{
struct ExceptConf *econf;
if (flags & EFLAG_IPCHECK) {
if (IsIPCheckExempt(cptr))
return -1;
if (IsNotIPCheckExempt(cptr))
return 0;
}
for(econf = exceptConfList; econf; econf = econf->next) {
if (!(econf->flags & flags))
continue;
if (econf->usermask && match(econf->usermask, cli_username(cptr)))
continue;
if (econf->bits > 0) {
if (!ipmask_check(&cli_ip(cptr), &econf->address, econf->bits))
continue;
} else if (econf->hostmask && match(econf->hostmask, cli_sockhost(cptr)))
continue;
if (econf->flags & EFLAG_IPCHECK)
SetIPCheckExempt(cptr);
return -1;
}
if (flags & EFLAG_IPCHECK)
SetNotIPCheckExempt(cptr);
return 0;
}
/** Find Spoofhost configuration for \a cptr with spoof host matching host and
* a password matching \a passwd
* @param[in] cptr Client to match Spoofhost configuration against.
* @param[in] host Spoofhost host to look for, if NULL look for an autoapply Spoofhost.
* @param[in] passwd Password to compare against Spoofhost configuration.
* @param[out] status 0 for Success, 1 for invalid password and 2 for no Spoofhost configuration.
* @return SHostConf struct of matching Spoofhost configuration or 0 on error.
*/
struct SHostConf* find_shost_conf(struct Client *cptr, char *host, char *passwd, int *status)
{
struct SHostConf* sconf;
char *crypted;
int res = 0;
*status = 2;
for(sconf = shostConfList; sconf; sconf = sconf->next) {
if ((host == NULL) && !(sconf->flags & SHFLAG_AUTOAPPLY))
continue;
if (host != NULL) {
if (!(sconf->flags & SHFLAG_ISMASK) && strcmp(sconf->spoofhost, host))
continue;
if ((sconf->flags & SHFLAG_ISMASK) && match(sconf->spoofhost, host))
continue;
}
if (sconf->usermask) {
if (match(sconf->usermask, cli_username(cptr)) &&
!((sconf->flags & SHFLAG_MATCHUSER) && !match(sconf->usermask, cli_user(cptr)->username)))
continue;
}
if (sconf->bits > 0) {
if (!ipmask_check(&cli_ip(cptr), &sconf->address, sconf->bits))
continue;
} else if (sconf->hostmask && match(sconf->hostmask, cli_sockhost(cptr)))
continue;
*status = 1;
res = 0;
if ((host == NULL) && (sconf->flags & SHFLAG_AUTOAPPLY)) {
*status = 0;
return sconf;
}
if (EmptyString(passwd) && !EmptyString(sconf->passwd))
continue;
if (!EmptyString(passwd) && EmptyString(sconf->passwd))
continue;
if (!EmptyString(passwd) && !EmptyString(sconf->passwd)) {
crypted = ircd_crypt(passwd, sconf->passwd);
if (!crypted)
continue;
res = strcmp(crypted, sconf->passwd);
MyFree(crypted);
}
if (0 == res) {
*status = 0;
return sconf;
}
}
return 0;
}
/** Check whether a connection from a remote client should be allowed.
* This is much more relaxed than ip_registry_check_local(): The only
* cause for rejection is when the IPRegistryEntry::connected counter
* would overflow.
* @param[in] cptr Client that has connected.
* @param[in] is_burst Non-zero if client was introduced during a burst.
* @return Non-zero if the client should be accepted, zero if they must be killed.
*/
int ip_registry_check_remote(struct Client* cptr, int is_burst)
{
struct IPRegistryEntry* entry;
/*
* Mark that we did add/update an IPregistry entry
*/
SetIPChecked(cptr);
if (!irc_in_addr_valid(&cli_ip(cptr))) {
Debug((DEBUG_DNS, "IPcheck accepting remote connection from invalid %s.", ircd_ntoa(&cli_ip(cptr))));
return 1;
}
entry = ip_registry_find(&cli_ip(cptr));
if (0 == entry) {
entry = ip_registry_new_entry();
ip_registry_canonicalize(&entry->addr, &cli_ip(cptr));
if (is_burst)
entry->attempts = 0;
ip_registry_add(entry);
Debug((DEBUG_DNS, "IPcheck added new registry for remote connection from %s.", ircd_ntoa(&entry->addr)));
return 1;
}
/* Avoid overflowing the connection counter. */
if (0 == ++entry->connected) {
Debug((DEBUG_DNS, "IPcheck refusing remote connection from %s: counter overflow.", ircd_ntoa(&entry->addr)));
return 0;
}
if (CONNECTED_SINCE(entry->last_connect) > IPCHECK_CLONE_PERIOD)
entry->attempts = 0;
if (!is_burst) {
if (0 == ++entry->attempts) {
/*
* Check for overflow
*/
--entry->attempts;
}
ip_registry_update_free_targets(entry);
entry->last_connect = NOW;
}
Debug((DEBUG_DNS, "IPcheck counting remote connection from %s.", ircd_ntoa(&entry->addr)));
return 1;
}
/** Apply GeoIP country data to a client.
* @param[in] cptr Client to apply GeoIP country data to.
*/
void geoip_apply(struct Client* cptr)
{
#ifdef USE_GEOIP
int gcid = 0;
#endif /* USE_GEOIP */
#ifdef USE_GEOIP_GL
GeoIPLookup gl;
#endif /* USE_GEOIP_GL */
if (!feature_bool(FEAT_GEOIP_ENABLE))
return;
if (!(cptr))
return;
#ifdef USE_GEOIP
if (irc_in_addr_is_ipv4(&cli_ip(cptr))) {
/* User is IPv4 so use gi4. */
if (gi4 != NULL)
#ifdef USE_GEOIP_GL
gcid = GeoIP_id_by_addr_gl(gi4, cli_sock_ip(cptr), &gl);
#else
gcid = GeoIP_id_by_addr(gi4, cli_sock_ip(cptr));
#endif /* USE_GEOIP_GL */
} else {
/* User is IPv6 so use gi6. */
if (gi6 != NULL)
#ifdef USE_GEOIP_GL
gcid = GeoIP_id_by_addr_v6_gl(gi6, cli_sock_ip(cptr), &gl);
#else
gcid = GeoIP_id_by_addr_v6(gi6, cli_sock_ip(cptr));
#endif /* USE_GEOIP_GL */
}
#endif /* USE_GEOIP */
#ifdef USE_GEOIP
if (gcid == 0) {
#endif /* USE_GEOIP */
ircd_strncpy((char *)&cli_countrycode(cptr), "--", 3);
ircd_strncpy((char *)&cli_countryname(cptr), "Unknown", 8);
ircd_strncpy((char *)&cli_continentcode(cptr), "--", 3);
ircd_strncpy((char *)&cli_continentname(cptr), "Unknown", 8);
#ifdef USE_GEOIP
} else {
ircd_strncpy((char *)&cli_countrycode(cptr), GeoIP_code_by_id(gcid), 3);
ircd_strncpy((char *)&cli_countryname(cptr), GeoIP_name_by_id(gcid), 256);
ircd_strncpy((char *)&cli_continentcode(cptr), GeoIP_continent_by_id(gcid), 3);
ircd_strncpy((char *)&cli_continentname(cptr), geoip_continent_name_by_code(GeoIP_continent_by_id(gcid)), 256);
}
#endif /* USE_GEOIP */
SetGeoIP(cptr);
}
/** Check whether a client matches a target mask.
* @param[in] from Client trying to send a message (ignored).
* @param[in] one Client being considered as a target.
* @param[in] mask Mask for matching against.
* @param[in] addr IP address prefix to match against.
* @param[in] nbits Number of bits in \a addr (> 128 if none valid).
* @param[in] what Type of match (either MATCH_HOST or MATCH_SERVER).
* @return Non-zero if \a one matches, zero if not.
*/
static int match_it(struct Client *from, struct Client *one, const char *mask,
struct irc_in_addr *addr, unsigned char nbits, int what)
{
switch (what)
{
case MATCH_HOST:
return ((nbits <= 128 && ipmask_check(&cli_ip(one), addr, nbits)) ||
match(mask, cli_user(one)->host) == 0 ||
(HasHiddenHost(one) && match(mask, cli_user(one)->realhost) == 0));
case MATCH_SERVER:
default:
return (match(mask, cli_name(cli_user(one)->server)) == 0);
}
}
static void userip_formatter(struct Client* cptr, struct Client *sptr, struct MsgBuf* mb)
{
assert(IsUser(cptr));
msgq_append(0, mb, "%s%s=%c%s@%s", cli_name(cptr),
SeeOper(sptr,cptr) ? "*" : "",
cli_user(cptr)->away ? '-' : '+', cli_user(cptr)->username,
/* Do not *EVER* change this to give opers the real IP.
* Too many scripts rely on this data and can inadvertently
* publish the user's real IP, thus breaking the security
* of +x. If an oper wants the real IP, he should go to
* /whois to get it.
*/
HasHiddenHost(cptr) && (sptr != cptr) ?
feature_str(FEAT_HIDDEN_IP) :
ircd_ntoa(&cli_ip(cptr)));
}
/** Handle a client that has successfully connected.
* This copies free target information to \a cptr from his address's
* registry entry and sends him a NOTICE describing the parameters for
* the entry.
* @param[in,out] cptr Client that has successfully connected.
*/
void ip_registry_connect_succeeded(struct Client *cptr)
{
const char* tr = "";
unsigned int free_targets = STARTTARGETS;
struct IPRegistryEntry* entry = ip_registry_find(&cli_ip(cptr));
assert(entry);
if (entry->target) {
memcpy(cli_targets(cptr), entry->target->targets, MAXTARGETS);
free_targets = entry->target->count;
tr = " tr";
}
Debug((DEBUG_DNS, "IPcheck noting local connection success for %s.", ircd_ntoa(&entry->addr)));
sendcmdto_one(&me, CMD_NOTICE, cptr, "%C :on %u ca %u(%u) ft %u(%u)%s",
cptr, entry->connected, entry->attempts, IPCHECK_CLONE_LIMIT,
free_targets, STARTTARGETS, tr);
}
/** Get all the exception flags that apply to the client \a cptr
* @param[in] cptr Client to find the exception flags for.
* @return Bitmask of all the exception flags found to apply to \a cptr
*/
int get_except_flags(struct Client *cptr)
{
int flags = 0;
struct ExceptConf *econf;
for(econf = exceptConfList; econf; econf = econf->next) {
if (econf->usermask && match(econf->usermask, cli_username(cptr)))
continue;
if (econf->bits > 0) {
if (!ipmask_check(&cli_ip(cptr), &econf->address, econf->bits))
continue;
} else if (econf->hostmask && match(econf->hostmask, cli_sockhost(cptr)))
continue;
flags |= econf->flags;
}
return flags;
}
/** Find WebIRC configuration for \a cptr with password matching \a passwd
* @param[in] cptr Client to match WebIRC configuration against.
* @param[in] passwd Password to compare against WebIRC configuration.
* @param[out] status 0 for Success, 1 for invalid password and 2 for no WebIRC configuration.
* @return WebIRCConf struct of matching WebIRC configuration or 0 on error.
*/
struct WebIRCConf* find_webirc_conf(struct Client *cptr, char *passwd, int* status)
{
struct WebIRCConf *wconf;
char *crypted;
int res;
*status = 2;
if (!passwd)
return 0;
for(wconf = webircConfList; wconf; wconf = wconf->next) {
if (wconf->usermask && match(wconf->usermask, cli_username(cptr)))
continue;
if (wconf->bits > 0) {
if (!ipmask_check(&cli_ip(cptr), &wconf->address, wconf->bits))
continue;
} else if (wconf->hostmask && match(wconf->hostmask, cli_sockhost(cptr)))
continue;
*status = 1;
if (!wconf->passwd) {
*status = 0;
return wconf;
}
crypted = ircd_crypt(passwd, wconf->passwd);
if (!crypted)
continue;
res = strcmp(crypted, wconf->passwd);
MyFree(crypted);
if (0 == res) {
*status = 0;
return wconf;
}
}
return 0;
}
int
count_users(char *mask)
{
struct Client *acptr;
int count = 0;
char namebuf[USERLEN + HOSTLEN + 2];
char ipbuf[USERLEN + 16 + 2];
for (acptr = GlobalClientList; acptr; acptr = cli_next(acptr)) {
if (!IsUser(acptr))
continue;
ircd_snprintf(0, namebuf, sizeof(namebuf), "%s@%s",
cli_user(acptr)->username, cli_user(acptr)->realhost);
ircd_snprintf(0, ipbuf, sizeof(ipbuf), "%s@%s", cli_user(acptr)->username,
ircd_ntoa((const char *) &(cli_ip(acptr))));
if (!match(mask, namebuf) || !match(mask, ipbuf))
count++;
}
return count;
}
/** Find the first (best) Client block to attach.
* @param cptr Client for whom to check rules.
* @return Authorization check result.
*/
enum AuthorizationCheckResult attach_iline(struct Client* cptr)
{
struct ConfItem* aconf;
assert(0 != cptr);
for (aconf = GlobalConfList; aconf; aconf = aconf->next) {
if (aconf->status != CONF_CLIENT)
continue;
/* If you change any of this logic, please make corresponding
* changes in conf_debug_iline() below.
*/
if (aconf->address.port && aconf->address.port != cli_listener(cptr)->addr.port)
continue;
if (aconf->username && match(aconf->username, cli_username(cptr)))
continue;
if (aconf->host && match(aconf->host, cli_sockhost(cptr)))
continue;
if (aconf->countrymask && match(aconf->countrymask, cli_countrycode(cptr)))
continue;
if (aconf->continentmask && match(aconf->continentmask, cli_continentcode(cptr)))
continue;
if ((aconf->addrbits >= 0)
&& !ipmask_check(&cli_ip(cptr), &aconf->address.addr, aconf->addrbits))
continue;
if (IPcheck_nr(cptr) > aconf->maximum)
return ACR_TOO_MANY_FROM_IP;
if (aconf->redirserver && !EmptyString(aconf->redirserver)) {
send_reply(cptr, RPL_BOUNCE, aconf->redirserver, aconf->redirport);
return ACR_NO_AUTHORIZATION;
}
if (aconf->username && !IsWebIRCUserIdent(cptr) && (aconf->flags & CONF_NOIDENTTILDE))
SetFlag(cptr, FLAG_DOID);
return attach_conf(cptr, aconf);
}
return ACR_NO_AUTHORIZATION;
}
/** Find the first matching MOTD block for a user.
* If the user is remote, always use remote MOTD.
* Otherwise, if there is a hostmask- or class-based MOTD that matches
* the user, use it.
* Otherwise, use the local MOTD.
* @param[in] cptr Client to find MOTD for.
* @return Pointer to first matching MOTD for the client.
*/
static struct Motd *
motd_lookup(struct Client *cptr)
{
struct Motd *ptr;
char *c_class = NULL;
assert(0 != cptr);
if (!MyUser(cptr)) /* not my user, always return remote motd */
return MotdList.remote;
c_class = get_client_class(cptr);
assert(c_class != NULL);
/* check the motd blocks first */
for (ptr = MotdList.other; ptr; ptr = ptr->next)
{
if (ptr->type == MOTD_CLASS
&& !match(ptr->hostmask, c_class))
return ptr;
else if (ptr->type == MOTD_HOSTMASK
&& !match(ptr->hostmask, cli_sockhost(cptr)))
return ptr;
else if (ptr->type == MOTD_IPMASK
&& ipmask_check(&cli_ip(cptr), &ptr->address, ptr->addrbits))
return ptr;
else if (ptr->type == MOTD_COUNTRY
&& !match(ptr->hostmask, cli_countrycode(cptr)))
return ptr;
else if (ptr->type == MOTD_CONTINENT
&& !match(ptr->hostmask, cli_continentcode(cptr)))
return ptr;
}
return MotdList.local; /* Ok, return the default motd */
}
int ms_challenge(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
{
#ifdef USE_SSL
struct ConfItem *aconf;
RSA *rsa_public_key;
BIO *file = NULL;
char *challenge = NULL;
char *name;
char *tmpname;
char chan[CHANNELLEN-1];
char* join[2];
int nl;
struct Client *acptr = NULL;
char *privbuf;
if (!IsServer(cptr))
return 0;
/* if theyre an oper, reprint oper motd and ignore */
if (IsOper(sptr))
{
send_reply(sptr, RPL_YOUREOPER);
if (feature_bool(FEAT_OPERMOTD))
m_opermotd(sptr, sptr, 1, parv);
}
if (parc < 3) {
return send_reply(sptr, ERR_NOOPERHOST);
}
if (!(acptr = FindNServer(parv[1]))) {
return send_reply(sptr, ERR_NOOPERHOST);
} else if (!IsMe(acptr)) {
sendcmdto_one(sptr, CMD_CHALLENGE, acptr, "%C %s %s", acptr, parv[2],
parv[3]);
return 0;
}
if (*parv[2] == '+')
{
/* Ignore it if we aren't expecting this... -A1kmm */
if (cli_user(sptr)->response == NULL)
return 0;
if (ircd_strcmp(cli_user(sptr)->response, ++parv[2]))
{
send_reply(sptr, ERR_PASSWDMISMATCH);
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (Password Incorrect)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
tmpname = strdup(cli_user(sptr)->auth_oper);
failed_challenge_notice(sptr, tmpname, "challenge failed");
return 0;
}
name = strdup(cli_user(sptr)->auth_oper);
aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
MyUser(sptr) ? cli_sockhost(sptr) :
cli_user(sptr)->realhost, CONF_OPS);
if (!aconf)
aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS);
if (!aconf)
aconf = find_conf_cidr(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
cli_ip(sptr), CONF_OPS);
if (!aconf)
{
send_reply(sptr, ERR_NOOPERHOST);
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
return 0;
}
if (CONF_LOCOP == aconf->status) {
ClearOper(sptr);
SetLocOp(sptr);
}
else {
/* This must be called before client_set_privs() */
SetRemoteOper(sptr);
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_WHOIS)) {
OSetWhois(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_IDLE)) {
OSetIdle(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_XTRAOP)) {
OSetXtraop(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_HIDECHANS)) {
OSetHideChans(sptr);
}
/* prevent someone from being both oper and local oper */
ClearLocOp(sptr);
if (!feature_bool(FEAT_OPERFLAGS) || !(aconf->port & OFLAG_ADMIN)) {
/* Global Oper */
ClearAdmin(sptr);
OSetGlobal(sptr);
SetOper(sptr);
} else {
/* Admin */
OSetGlobal(sptr);
OSetAdmin(sptr);
SetOper(sptr);
SetAdmin(sptr);
}
/* Tell client_set_privs to send privileges to the user */
client_set_privs(sptr, aconf);
ClearOper(sptr);
ClearAdmin(sptr);
ClearRemoteOper(sptr);
privbuf = client_print_privs(sptr);
sendcmdto_one(&me, CMD_PRIVS, sptr, "%C %s", sptr, privbuf);
}
sendcmdto_one(&me, CMD_MODE, sptr, "%s %s", cli_name(sptr),
(OIsAdmin(sptr)) ? "+aoiwsg" : "+oiwsg");
send_reply(sptr, RPL_YOUREOPER);
if (OIsAdmin(sptr)) {
sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Administrator",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr));
/* Autojoin admins to admin channel and oper channel (if enabled) */
if (feature_bool(FEAT_AUTOJOIN_ADMIN)) {
if (feature_bool(FEAT_AUTOJOIN_ADMIN_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_ADMIN_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_ADMIN_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
if (feature_bool(FEAT_AUTOJOIN_OPER) && OIsGlobal(sptr)) {
if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
} else {
sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Operator (%c)",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr),
OIsGlobal(sptr) ? 'O' : 'o');
if (feature_bool(FEAT_AUTOJOIN_OPER) && OIsGlobal(sptr)) {
if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
}
if (feature_bool(FEAT_OPERMOTD))
m_opermotd(sptr, sptr, 1, parv);
log_write(LS_OPER, L_INFO, 0, "OPER (%s) by (%#C)", name, sptr);
ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", "");
return 0;
}
ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", "");
ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN+1, "%s", "");
aconf = find_conf_exact(parv[2], cli_user(sptr)->realusername,
cli_user(sptr)->realhost, CONF_OPS);
if (!aconf)
aconf = find_conf_exact(parv[2], cli_user(sptr)->realusername,
ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS);
if (!aconf)
aconf = find_conf_cidr(parv[2], cli_user(sptr)->realusername,
cli_ip(sptr), CONF_OPS);
if (aconf == NULL)
{
send_reply(sptr, ERR_NOOPERHOST);
failed_challenge_notice(sptr, parv[2], "No o:line");
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
return 0;
}
if (!(aconf->port & OFLAG_REMOTE)) {
send_reply(sptr, ERR_NOOPERHOST);
sendto_allops(&me, SNO_OLDREALOP,
"Failed OPER attempt by %s (%s@%s) (Remote Oper)", parv[0],
cli_user(sptr)->realusername, cli_user(sptr)->realhost);
return 0;
}
if (!(aconf->port & OFLAG_RSA))
{
send_reply(sptr, RPL_NO_CHALL);
return 0;
}
if (!verify_sslclifp(sptr, aconf))
{
sendto_allops(&me, SNO_OLDREALOP,
"Failed OPER attempt by %s (%s@%s) (SSL Fingerprint Missmatch)",
parv[0], cli_user(sptr)->realusername,
cli_user(sptr)->realhost);
send_reply(sptr, ERR_SSLCLIFP);
return 0;
}
if ((file = BIO_new_file(aconf->passwd, "r")) == NULL)
{
send_reply(sptr, RPL_NO_KEY);
return 0;
}
rsa_public_key = (RSA *)PEM_read_bio_RSA_PUBKEY(file, NULL, 0, NULL);
if (rsa_public_key == NULL)
return send_reply(sptr, RPL_INVALID_KEY);
if (!generate_challenge(&challenge, rsa_public_key, sptr)) {
Debug((DEBUG_DEBUG, "generating challenge sum (%s)", challenge));
send_reply(sptr, RPL_RSACHALLENGE, challenge);
ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN + 1, "%s", aconf->name);
}
nl = BIO_set_close(file, BIO_CLOSE);
BIO_free(file);
return 1;
#else
return 1;
#endif
}
/*
* ms_nick - server message handler for nicks
* parv[0] = sender prefix
* parv[1] = nickname
*
* If from server, source is client:
* parv[2] = timestamp
*
* Source is server:
* parv[2] = hopcount
* parv[3] = timestamp
* parv[4] = username
* parv[5] = hostname
* parv[6] = umode (optional)
* parv[parc-3] = IP# <- Only Protocol >= 10
* parv[parc-2] = YXX, numeric nick <- Only Protocol >= 10
* parv[parc-1] = info
* parv[0] = server
*/
int ms_nick(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct Client* acptr;
char nick[NICKLEN + 2];
time_t lastnick = 0;
int differ = 1;
int samelastnick = 0;
assert(0 != cptr);
assert(0 != sptr);
assert(IsServer(cptr));
if ((IsServer(sptr) && parc < 8) || parc < 3) {
sendto_opmask_butone(0, SNO_OLDSNO, "bad NICK param count for %s from %C",
parv[1], cptr);
return need_more_params(sptr, "NICK");
}
ircd_strncpy(nick, parv[1], NICKLEN);
nick[NICKLEN] = '\0';
if (IsServer(sptr)) {
lastnick = atoi(parv[3]);
if (lastnick > OLDEST_TS && !IsBurstOrBurstAck(sptr))
cli_serv(sptr)->lag = TStime() - lastnick;
}
else {
lastnick = atoi(parv[2]);
if (lastnick > OLDEST_TS && !IsBurstOrBurstAck(sptr))
cli_serv(cli_user(sptr)->server)->lag = TStime() - lastnick;
}
/*
* If do_nick_name() returns a null name OR if the server sent a nick
* name and do_nick_name() changed it in some way (due to rules of nick
* creation) then reject it. If from a server and we reject it,
* and KILL it. -avalon 4/4/92
*/
if (0 == do_nick_name(nick) || 0 != strcmp(nick, parv[1])) {
send_reply(sptr, ERR_ERRONEUSNICKNAME, parv[1]);
++ServerStats->is_kill;
sendto_opmask_butone(0, SNO_OLDSNO, "Bad Nick: %s From: %s %C", parv[1],
parv[0], cptr);
sendcmdto_one(&me, CMD_KILL, cptr, "%s :%s (%s <- %s[%s])",
IsServer(sptr) ? parv[parc - 2] : parv[0],
cli_name(&me), parv[1], nick, cli_name(cptr));
if (!IsServer(sptr)) {
/*
* bad nick _change_
*/
sendcmdto_serv_butone(&me, CMD_KILL, 0, "%s :%s (%s <- %s!%s@%s)",
parv[0], cli_name(&me), cli_name(cptr), parv[0],
cli_user(sptr) ? cli_username(sptr) : "",
cli_user(sptr) ? cli_name(cli_user(sptr)->server) :
cli_name(cptr));
}
return 0;
}
/*
* Check against nick name collisions.
*
* Put this 'if' here so that the nesting goes nicely on the screen :)
* We check against server name list before determining if the nickname
* is present in the nicklist (due to the way the below for loop is
* constructed). -avalon
*/
assert(NULL == strchr(nick,'.'));
acptr = FindClient(nick);
if (!acptr) {
/*
* No collisions, all clear...
*/
return set_nick_name(cptr, sptr, nick, parc, parv);
}
assert(0 != acptr);
/*
* If acptr == sptr, then we have a client doing a nick
* change between *equivalent* nicknames as far as server
* is concerned (user is changing the case of his/her
* nickname or somesuch)
*/
if (acptr == sptr) {
if (strcmp(cli_name(acptr), nick) == 0)
/*
* This is just ':old NICK old' type thing.
* Just forget the whole thing here. There is
* no point forwarding it to anywhere,
* especially since servers prior to this
* version would treat it as nick collision.
*/
return 0; /* NICK Message ignored */
else
/*
* Allows change of case in his/her nick
*/
return set_nick_name(cptr, sptr, nick, parc, parv);
}
/*
* Note: From this point forward it can be assumed that
* acptr != sptr (point to different client structures).
*/
assert(acptr != sptr);
/*
* If the older one is "non-person", the new entry is just
* allowed to overwrite it. Just silently drop non-person,
* and proceed with the nick. This should take care of the
* "dormant nick" way of generating collisions...
*/
if (IsUnknown(acptr) && MyConnect(acptr)) {
++ServerStats->is_ref;
IPcheck_connect_fail(cli_ip(acptr));
exit_client(cptr, acptr, &me, "Overridden by other sign on");
return set_nick_name(cptr, sptr, nick, parc, parv);
}
/*
* Decide, we really have a nick collision and deal with it
*/
/*
* NICK was coming from a server connection.
* This means we have a race condition (two users signing on
* at the same time), or two net fragments reconnecting with the same nick.
* The latter can happen because two different users connected
* or because one and the same user switched server during a net break.
* If the TimeStamps are equal, we kill both (or only 'new'
* if it was a ":server NICK new ...").
* Otherwise we kill the youngest when user@host differ,
* or the oldest when they are the same.
* We treat user and ~user as different, because if it wasn't
* a faked ~user the AUTH wouldn't have added the '~'.
* --Run
*
*/
if (IsServer(sptr)) {
/*
* A new NICK being introduced by a neighbouring
* server (e.g. message type ":server NICK new ..." received)
*
* compare IP address and username
*/
differ = (cli_ip(acptr).s_addr != htonl(base64toint(parv[parc - 3]))) ||
(0 != ircd_strcmp(cli_user(acptr)->username, parv[4]));
sendto_opmask_butone(0, SNO_OLDSNO, "Nick collision on %C (%C %Tu <- "
"%C %Tu (%s user@host))", acptr, cli_from(acptr),
cli_lastnick(acptr), cptr, lastnick,
differ ? "Different" : "Same");
}
else {
/*
* A NICK change has collided (e.g. message type ":old NICK new").
*
* compare IP address and username
*/
differ = (cli_ip(acptr).s_addr != cli_ip(sptr).s_addr) ||
(0 != ircd_strcmp(cli_user(acptr)->username, cli_user(sptr)->username));
sendto_opmask_butone(0, SNO_OLDSNO, "Nick change collision from %C to "
"%C (%C %Tu <- %C %Tu)", sptr, acptr, cli_from(acptr),
cli_lastnick(acptr), cptr, lastnick);
}
/*
* Now remove (kill) the nick on our side if it is the youngest.
* If no timestamp was received, we ignore the incoming nick
* (and expect a KILL for our legit nick soon ):
* When the timestamps are equal we kill both nicks. --Run
* acptr->from != cptr should *always* be true (?).
*
* This exits the client sending the NICK message
*/
if (cli_from(acptr) != cptr) {
if ((differ && lastnick >= cli_lastnick(acptr)) ||
(!differ && lastnick <= cli_lastnick(acptr))) {
if (!IsServer(sptr)) {
++ServerStats->is_kill;
sendcmdto_serv_butone(&me, CMD_KILL, NULL, "%C :%s (Nick collision)",
sptr, cli_name(&me));
assert(!MyConnect(sptr));
SetFlag(sptr, FLAG_KILLED);
exit_client_msg(cptr, sptr, &me,
"Killed (%s (Nick collision))",
feature_str(FEAT_HIS_SERVERNAME));
sptr = 0; /* Make sure we don't use the dead client */
} else {
/* We need to kill this incoming client, which hasn't been properly registered yet.
* Send a KILL message upstream to the server it came from */
sendcmdto_one(&me, CMD_KILL, sptr, "%s :%s (Nick collision)", parv[parc-2], cli_name(&me));
}
/* If the two have the same TS then we want to kill both sides, so
* don't leave yet!
*/
if (lastnick != cli_lastnick(acptr))
return 0; /* Ignore the NICK */
}
send_reply(acptr, ERR_NICKCOLLISION, nick);
}
++ServerStats->is_kill;
SetFlag(acptr, FLAG_KILLED);
if (lastnick == cli_lastnick(acptr))
samelastnick = 1;
/*
* This exits the client we had before getting the NICK message
*/
if (differ) {
sendcmdto_serv_butone(&me, CMD_KILL, NULL, "%C :%s (older nick "
"overruled)", acptr, cli_name(&me));
if (MyConnect(acptr)) {
sendcmdto_one(acptr, CMD_QUIT, cptr, ":Killed (%s (older "
"nick overruled))", feature_str(FEAT_HIS_SERVERNAME));
sendcmdto_one(&me, CMD_KILL, acptr, "%C :%s (older nick "
"overruled)", acptr, feature_str(FEAT_HIS_SERVERNAME));
}
exit_client_msg(cptr, acptr, &me, "Killed (%s (older nick "
"overruled))", feature_str(FEAT_HIS_SERVERNAME));
}
else {
sendcmdto_serv_butone(&me, CMD_KILL, NULL, "%C :%s (nick collision from "
"same user@host)", acptr, cli_name(&me));
if (MyConnect(acptr)) {
sendcmdto_one(acptr, CMD_QUIT, cptr, ":Killed (%s (nick "
"collision from same user@host))",
feature_str(FEAT_HIS_SERVERNAME));
sendcmdto_one(&me, CMD_KILL, acptr, "%C :%s (older nick "
"overruled)", acptr, feature_str(FEAT_HIS_SERVERNAME));
}
exit_client_msg(cptr, acptr, &me, "Killed (%s (nick collision from "
"same user@host))", feature_str(FEAT_HIS_SERVERNAME));
}
if (samelastnick)
return 0;
assert(0 != sptr);
return set_nick_name(cptr, sptr, nick, parc, parv);
}
/*
* m_nick - message handler for local clients
* parv[0] = sender prefix
* parv[1] = nickname
*/
int m_nick(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct Client* acptr;
char nick[NICKLEN + 2];
char* arg;
char* s;
const char* client_name;
assert(0 != cptr);
assert(cptr == sptr);
/*
* parv[0] will be empty for clients connecting for the first time
*/
client_name = (*(cli_name(sptr))) ? cli_name(sptr) : "*";
if (parc < 2) {
send_reply(sptr, ERR_NONICKNAMEGIVEN);
return 0;
}
/*
* Don't let them send make us send back a really long string of
* garbage
*/
arg = parv[1];
if (strlen(arg) > IRCD_MIN(NICKLEN, feature_int(FEAT_NICKLEN)))
arg[IRCD_MIN(NICKLEN, feature_int(FEAT_NICKLEN))] = '\0';
if ((s = strchr(arg, '~')))
*s = '\0';
strcpy(nick, arg);
/*
* If do_nick_name() returns a null name then reject it.
*/
if (0 == do_nick_name(nick)) {
send_reply(sptr, ERR_ERRONEUSNICKNAME, arg);
return 0;
}
/*
* Check if this is a LOCAL user trying to use a reserved (Juped)
* nick, if so tell him that it's a nick in use...
*/
if (isNickJuped(nick)) {
send_reply(sptr, ERR_NICKNAMEINUSE, nick);
return 0; /* NICK message ignored */
}
if (!(acptr = FindClient(nick))) {
/*
* No collisions, all clear...
*/
return set_nick_name(cptr, sptr, nick, parc, parv);
}
if (IsServer(acptr)) {
send_reply(sptr, ERR_NICKNAMEINUSE, nick);
return 0; /* NICK message ignored */
}
/*
* If acptr == sptr, then we have a client doing a nick
* change between *equivalent* nicknames as far as server
* is concerned (user is changing the case of his/her
* nickname or somesuch)
*/
if (acptr == sptr) {
/*
* If acptr == sptr, then we have a client doing a nick
* change between *equivalent* nicknames as far as server
* is concerned (user is changing the case of his/her
* nickname or somesuch)
*/
if (0 != strcmp(cli_name(acptr), nick)) {
/*
* Allows change of case in his/her nick
*/
return set_nick_name(cptr, sptr, nick, parc, parv);
}
/*
* This is just ':old NICK old' type thing.
* Just forget the whole thing here. There is
* no point forwarding it to anywhere,
* especially since servers prior to this
* version would treat it as nick collision.
*/
return 0;
}
/*
* Note: From this point forward it can be assumed that
* acptr != sptr (point to different client structures).
*/
assert(acptr != sptr);
/*
* If the older one is "non-person", the new entry is just
* allowed to overwrite it. Just silently drop non-person,
* and proceed with the nick. This should take care of the
* "dormant nick" way of generating collisions...
*
* XXX - hmmm can this happen after one is registered?
*
* Yes, client 1 connects to IRC and registers, client 2 connects and
* sends "NICK foo" but doesn't send anything more. client 1 now does
* /nick foo, they should succeed and client 2 gets disconnected with
* the message below.
*/
if (IsUnknown(acptr) && MyConnect(acptr)) {
++ServerStats->is_ref;
IPcheck_connect_fail(cli_ip(acptr));
exit_client(cptr, acptr, &me, "Overridden by other sign on");
return set_nick_name(cptr, sptr, nick, parc, parv);
}
/*
* NICK is coming from local client connection. Just
* send error reply and ignore the command.
*/
send_reply(sptr, ERR_NICKNAMEINUSE, nick);
return 0; /* NICK message ignored */
}
/** Handle a SERVER message from an unregistered connection.
*
* \a parv has the following elements:
* \li \a parv[1] is the server name
* \li \a parv[2] is the hop count to the server
* \li \a parv[3] is the start timestamp for the server
* \li \a parv[4] is the link timestamp
* \li \a parv[5] is the protocol version (P10 or J10)
* \li \a parv[6] is the numnick mask for the server
* \li \a parv[7] is a string of flags like +hs to mark hubs and services
* \li \a parv[\a parc - 1] is the server description
*
* See @ref m_functions for discussion of the arguments.
* @param[in] cptr Client that sent us the message.
* @param[in] sptr Original source of message.
* @param[in] parc Number of arguments.
* @param[in] parv Argument vector.
*/
int mr_server(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
char* host;
struct ConfItem* aconf;
struct Jupe* ajupe;
unsigned int hop;
int ret;
unsigned short prot;
time_t start_timestamp;
time_t timestamp;
time_t recv_time;
time_t ghost;
if (IsUserPort(cptr))
return exit_client_msg(cptr, cptr, &me,
"Cannot connect a server to a user port");
if (parc < 8)
{
need_more_params(sptr, "SERVER");
return exit_client(cptr, cptr, &me, "Need more parameters");
}
host = clean_servername(parv[1]);
if (!host)
{
sendto_opmask(0, SNO_OLDSNO, "Bogus server name (%s) from %s",
host, cli_name(cptr));
return exit_client_msg(cptr, cptr, &me, "Bogus server name (%s)", host);
}
if ((ajupe = jupe_find(host)) && JupeIsActive(ajupe))
return exit_client_msg(cptr, sptr, &me, "Juped: %s", JupeReason(ajupe));
/* check connection rules */
if (0 != conf_eval_crule(host, CRULE_ALL)) {
ServerStats->is_ref++;
sendto_opmask(0, SNO_OLDSNO, "Refused connection from %s.", cli_name(cptr));
return exit_client(cptr, cptr, &me, "Disallowed by connection rule");
}
log_write(LS_NETWORK, L_NOTICE, LOG_NOSNOTICE, "SERVER: %s %s[%s]", host,
cli_sockhost(cptr), cli_sock_ip(cptr));
/*
* Detect protocol
*/
hop = atoi(parv[2]);
start_timestamp = atoi(parv[3]);
timestamp = atoi(parv[4]);
prot = parse_protocol(parv[5]);
if (!prot)
return exit_client_msg(cptr, sptr, &me, "Bogus protocol (%s)", parv[5]);
else if (prot < atoi(MINOR_PROTOCOL))
return exit_new_server(cptr, sptr, host, timestamp,
"Incompatible protocol: %s", parv[5]);
Debug((DEBUG_INFO, "Got SERVER %s with timestamp [%s] age %Tu (%Tu)",
host, parv[4], start_timestamp, cli_serv(&me)->timestamp));
if (timestamp < OLDEST_TS || start_timestamp < OLDEST_TS)
return exit_client_msg(cptr, sptr, &me,
"Bogus timestamps (%s %s)", parv[3], parv[4]);
/* If the server had a different name before, change it. */
if (!EmptyString(cli_name(cptr)) &&
(IsUnknown(cptr) || IsHandshake(cptr)) &&
0 != ircd_strcmp(cli_name(cptr), host))
hChangeClient(cptr, host);
ircd_strncpy(cli_name(cptr), host, HOSTLEN);
ircd_strncpy(cli_info(cptr), parv[parc-1][0] ? parv[parc-1] : cli_name(&me), REALLEN);
cli_hopcount(cptr) = hop;
if (conf_check_server(cptr)) {
++ServerStats->is_ref;
sendto_opmask(0, SNO_OLDSNO, "Received unauthorized connection from %s",
cli_name(cptr));
log_write(LS_NETWORK, L_NOTICE, LOG_NOSNOTICE, "Received unauthorized "
"connection from %C [%s]", cptr,
ircd_ntoa(&cli_ip(cptr)));
return exit_client(cptr, cptr, &me, "No Connect block");
}
host = cli_name(cptr);
update_load();
if (!(aconf = find_conf_byname(cli_confs(cptr), host, CONF_SERVER))) {
++ServerStats->is_ref;
sendto_opmask(0, SNO_OLDSNO, "Access denied. No conf line for server %s",
cli_name(cptr));
return exit_client_msg(cptr, cptr, &me,
"Access denied. No conf line for server %s", cli_name(cptr));
}
#if defined(USE_SSL)
if (!verify_sslclifp(cptr, aconf)) {
++ServerStats->is_ref;
sendto_opmask(0, SNO_OLDSNO, "Access denied (SSL fingerprint mismatch) %s",
cli_name(cptr));
return exit_client_msg(cptr, cptr, &me,
"No Access (SSL fingerprint mismatch) %s", cli_name(cptr));
}
#endif
if (*aconf->passwd && !!strcmp(aconf->passwd, cli_passwd(cptr))) {
++ServerStats->is_ref;
sendto_opmask(0, SNO_OLDSNO, "Access denied (passwd mismatch) %s",
cli_name(cptr));
return exit_client_msg(cptr, cptr, &me,
"No Access (passwd mismatch) %s", cli_name(cptr));
}
memset(cli_passwd(cptr), 0, sizeof(cli_passwd(cptr)));
ret = check_loop_and_lh(cptr, sptr, &ghost, host, (parc > 7 ? parv[6] : NULL), timestamp, hop, 1);
if (ret != 1)
return ret;
make_server(cptr);
cli_serv(cptr)->timestamp = timestamp;
cli_serv(cptr)->prot = prot;
cli_serv(cptr)->ghost = ghost;
memset(cli_privs(cptr), 255, sizeof(struct Privs));
ClrPriv(cptr, PRIV_SET);
SetServerYXX(cptr, cptr, parv[6]);
update_uworld_flags(cptr);
if (*parv[7] == '+')
set_server_flags(cptr, parv[7] + 1);
recv_time = TStime();
check_start_timestamp(cptr, timestamp, start_timestamp, recv_time);
ret = server_estab(cptr, aconf);
if (feature_bool(FEAT_RELIABLE_CLOCK) &&
abs(cli_serv(cptr)->timestamp - recv_time) > 30) {
sendto_opmask(0, SNO_OLDSNO, "Connected to a net with a "
"timestamp-clock difference of %Td seconds! "
"Used SETTIME to correct this.",
timestamp - recv_time);
sendcmdto_prio_one(&me, CMD_SETTIME, cptr, "%Tu :%s", TStime(),
cli_name(&me));
}
return ret;
}
/** Handle a connection that has sent a valid PASS and SERVER.
* @param cptr New peer server.
* @param aconf Connect block for \a cptr.
* @return Zero.
*/
int server_estab(struct Client *cptr, struct ConfItem *aconf)
{
struct Client* acptr = 0;
const char* inpath;
int i;
assert(0 != cptr);
assert(0 != cli_local(cptr));
inpath = cli_name(cptr);
if (IsUnknown(cptr)) {
if (aconf->passwd[0])
sendrawto_one(cptr, MSG_PASS " :%s", aconf->passwd);
/*
* Pass my info to the new server
*/
sendrawto_one(cptr, MSG_SERVER " %s 1 %Tu %Tu J%s %s%s +%s6 :%s",
cli_name(&me), cli_serv(&me)->timestamp,
cli_serv(cptr)->timestamp, MAJOR_PROTOCOL, NumServCap(&me),
feature_bool(FEAT_HUB) ? "h" : "",
*(cli_info(&me)) ? cli_info(&me) : "IRCers United");
}
det_confs_butmask(cptr, CONF_SERVER);
if (!IsHandshake(cptr))
hAddClient(cptr);
SetServer(cptr);
cli_handler(cptr) = SERVER_HANDLER;
Count_unknownbecomesserver(UserStats);
SetBurst(cptr);
/* nextping = CurrentTime; */
/*
* NOTE: check for acptr->user == cptr->serv->user is necessary to insure
* that we got the same one... bleah
*/
if (cli_serv(cptr)->user && *(cli_serv(cptr))->by &&
(acptr = findNUser(cli_serv(cptr)->by))) {
if (cli_user(acptr) == cli_serv(cptr)->user) {
sendcmdto_one(&me, CMD_NOTICE, acptr, "%C :Link with %s established.",
acptr, inpath);
}
else {
/*
* if not the same client, set by to empty string
*/
acptr = 0;
*(cli_serv(cptr))->by = '\0';
}
}
sendto_opmask(acptr, SNO_OLDSNO, "Link with %s established.", inpath);
cli_serv(cptr)->up = &me;
cli_serv(cptr)->updown = add_dlink(&(cli_serv(&me))->down, cptr);
sendto_opmask(0, SNO_NETWORK, "Net junction: %s %s", cli_name(&me),
cli_name(cptr));
SetJunction(cptr);
/*
* Old sendto_serv_but_one() call removed because we now
* need to send different names to different servers
* (domain name matching) Send new server to other servers.
*/
for (i = 0; i <= HighestFd; i++)
{
if (!(acptr = LocalClientArray[i]) || !IsServer(acptr) ||
acptr == cptr || IsMe(acptr))
continue;
if (!match(cli_name(&me), cli_name(cptr)))
continue;
sendcmdto_one(&me, CMD_SERVER, acptr,
"%s 2 0 %Tu J%02u %s%s +%s%s%s :%s", cli_name(cptr),
cli_serv(cptr)->timestamp, Protocol(cptr), NumServCap(cptr),
IsHub(cptr) ? "h" : "", IsService(cptr) ? "s" : "",
IsIPv6(cptr) ? "6" : "", cli_info(cptr));
}
/* Send these as early as possible so that glined users/juped servers can
* be removed from the network while the remote server is still chewing
* our burst.
*/
gline_burst(cptr);
jupe_burst(cptr);
/*
* Pass on my client information to the new server
*
* First, pass only servers (idea is that if the link gets
* canceled because the server was already there,
* there are no NICK's to be canceled...). Of course,
* if cancellation occurs, all this info is sent anyway,
* and I guess the link dies when a read is attempted...? --msa
*
* Note: Link cancellation to occur at this point means
* that at least two servers from my fragment are building
* up connection this other fragment at the same time, it's
* a race condition, not the normal way of operation...
*/
for (acptr = &me; acptr; acptr = cli_prev(acptr)) {
/* acptr->from == acptr for acptr == cptr */
if (cli_from(acptr) == cptr)
continue;
if (IsServer(acptr)) {
const char* protocol_str;
if (Protocol(acptr) > 9)
protocol_str = IsBurst(acptr) ? "J" : "P";
else
protocol_str = IsBurst(acptr) ? "J0" : "P0";
if (0 == match(cli_name(&me), cli_name(acptr)))
continue;
sendcmdto_one(cli_serv(acptr)->up, CMD_SERVER, cptr,
"%s %d 0 %Tu %s%u %s%s +%s%s%s :%s", cli_name(acptr),
cli_hopcount(acptr) + 1, cli_serv(acptr)->timestamp,
protocol_str, Protocol(acptr), NumServCap(acptr),
IsHub(acptr) ? "h" : "", IsService(acptr) ? "s" : "",
IsIPv6(acptr) ? "6" : "", cli_info(acptr));
}
}
for (acptr = &me; acptr; acptr = cli_prev(acptr))
{
/* acptr->from == acptr for acptr == cptr */
if (cli_from(acptr) == cptr)
continue;
if (IsUser(acptr))
{
char xxx_buf[25];
char *s = umode_str(acptr);
sendcmdto_one(cli_user(acptr)->server, CMD_NICK, cptr,
"%s %d %Tu %s %s %s%s%s%s %s%s :%s",
cli_name(acptr), cli_hopcount(acptr) + 1, cli_lastnick(acptr),
cli_user(acptr)->username, cli_user(acptr)->realhost,
*s ? "+" : "", s, *s ? " " : "",
iptobase64(xxx_buf, &cli_ip(acptr), sizeof(xxx_buf), IsIPv6(cptr)),
NumNick(acptr), cli_info(acptr));
}
}
/*
* Last, send the BURST.
* (Or for 2.9 servers: pass all channels plus statuses)
*/
{
struct Channel *chptr;
for (chptr = GlobalChannelList; chptr; chptr = chptr->next)
send_channel_modes(cptr, chptr);
}
sendcmdto_one(&me, CMD_END_OF_BURST, cptr, "");
return 0;
}
/**
* Exits a client of *any* type (user, server, etc)
* from this server. Also, this generates all necessary prototol
* messages that this exit may cause.
*
* This function implicitly exits all other clients depending on
* this connection.
*
* For convenience, this function returns a suitable value for
* m_function return value:
*
* CPTR_KILLED if (cptr == bcptr)
* 0 if (cptr != bcptr)
*
* This function can be called in two ways:
* 1) From before or in parse(), exiting the 'cptr', in which case it was
* invoked as exit_client(cptr, cptr, &me,...), causing it to always
* return CPTR_KILLED.
* 2) Via parse from a m_function call, in which case it was invoked as
* exit_client(cptr, acptr, sptr, ...). Here 'sptr' is known; the client
* that generated the message in a way that we can assume he already
* did remove acptr from memory himself (or in other cases we don't mind
* because he will be delinked.) Or invoked as:
* exit_client(cptr, acptr/sptr, &me, ...) when WE decide this one should
* be removed.
* In general: No generated SQUIT or QUIT should be sent to source link
* sptr->from. And CPTR_KILLED should be returned if cptr got removed (too).
*
* --Run
* @param cptr Connection currently being handled by read_message.
* @param victim Client being killed.
* @param killer Client that made the decision to remove \a victim.
* @param comment Reason for the exit.
* @return CPTR_KILLED if cptr == bcptr, else 0.
*/
int exit_client(struct Client *cptr,
struct Client* victim,
struct Client* killer,
const char* comment)
{
struct Client* acptr = 0;
struct DLink *dlp;
time_t on_for;
char comment1[HOSTLEN + HOSTLEN + 2];
assert(killer);
if (MyConnect(victim))
{
SetFlag(victim, FLAG_CLOSING);
if (feature_bool(FEAT_CONNEXIT_NOTICES) && IsUser(victim))
sendto_opmask_butone(0, SNO_CONNEXIT,
"Client exiting: %s (%s@%s) [%s] [%s] <%s%s>",
cli_name(victim), cli_user(victim)->username,
cli_user(victim)->host, comment,
ircd_ntoa(&cli_ip(victim)),
NumNick(victim) /* two %s's */);
update_load();
on_for = CurrentTime - cli_firsttime(victim);
if (IsUser(victim) || IsUserPort(victim))
auth_send_exit(victim);
if (IsUser(victim))
log_write(LS_USER, L_TRACE, 0, "%Tu %i %s@%s %s %s %s%s %s :%s",
cli_firsttime(victim), on_for,
cli_user(victim)->username, cli_sockhost(victim),
ircd_ntoa(&cli_ip(victim)),
IsAccount(victim) ? cli_username(victim) : "0",
NumNick(victim), /* two %s's */
cli_name(victim), cli_info(victim));
if (victim != cli_from(killer) /* The source knows already */
&& IsClient(victim)) /* Not a Ping struct or Log file */
{
if (IsServer(victim) || IsHandshake(victim))
sendcmdto_one(killer, CMD_SQUIT, victim, "%s 0 :%s", cli_name(&me), comment);
else if (!IsConnecting(victim)) {
if (!IsDead(victim)) {
if (IsServer(victim))
sendcmdto_one(killer, CMD_ERROR, victim,
":Closing Link: %s by %s (%s)", cli_name(victim),
cli_name(killer), comment);
else
sendrawto_one(victim, MSG_ERROR " :Closing Link: %s by %s (%s)",
cli_name(victim),
cli_name(IsServer(killer) ? &his : killer),
comment);
}
}
if ((IsServer(victim) || IsHandshake(victim) || IsConnecting(victim)) &&
(killer == &me || (IsServer(killer) &&
(strncmp(comment, "Leaf-only link", 14) ||
strncmp(comment, "Non-Hub link", 12)))))
{
/*
* Note: check user == user needed to make sure we have the same
* client
*/
if (cli_serv(victim)->user && *(cli_serv(victim))->by &&
(acptr = findNUser(cli_serv(victim)->by))) {
if (cli_user(acptr) == cli_serv(victim)->user) {
sendcmdto_one(&me, CMD_NOTICE, acptr,
"%C :Link with %s canceled: %s", acptr,
cli_name(victim), comment);
}
else {
/*
* not right client, set by to empty string
*/
acptr = 0;
*(cli_serv(victim))->by = '\0';
}
}
if (killer == &me)
sendto_opmask_butone(acptr, SNO_OLDSNO, "Link with %s canceled: %s",
cli_name(victim), comment);
}
}
/*
* Close the Client connection first.
*/
close_connection(victim);
}
if (IsServer(victim))
{
if (feature_bool(FEAT_HIS_NETSPLIT))
strcpy(comment1, "*.net *.split");
else
{
strcpy(comment1, cli_name(cli_serv(victim)->up));
strcat(comment1, " ");
strcat(comment1, cli_name(victim));
}
if (IsUser(killer))
sendto_opmask_butone(killer, SNO_OLDSNO, "%s SQUIT by %s [%s]:",
(cli_user(killer)->server == victim ||
cli_user(killer)->server == cli_serv(victim)->up) ?
"Local" : "Remote",
get_client_name(killer, HIDE_IP),
cli_name(cli_user(killer)->server));
else if (killer != &me && cli_serv(victim)->up != killer)
sendto_opmask_butone(0, SNO_OLDSNO, "Received SQUIT %s from %s :",
cli_name(victim), IsServer(killer) ? cli_name(killer) :
get_client_name(killer, HIDE_IP));
sendto_opmask_butone(0, SNO_NETWORK, "Net break: %C %C (%s)",
cli_serv(victim)->up, victim, comment);
}
/*
* First generate the needed protocol for the other server links
* except the source:
*/
for (dlp = cli_serv(&me)->down; dlp; dlp = dlp->next) {
if (dlp->value.cptr != cli_from(killer) && dlp->value.cptr != victim)
{
if (IsServer(victim))
sendcmdto_one(killer, CMD_SQUIT, dlp->value.cptr, "%s %Tu :%s",
cli_name(victim), cli_serv(victim)->timestamp, comment);
else if (IsUser(victim) && !HasFlag(victim, FLAG_KILLED))
sendcmdto_one(victim, CMD_QUIT, dlp->value.cptr, ":%s", comment);
}
}
/* Then remove the client structures */
if (IsServer(victim))
exit_downlinks(victim, killer, comment1);
exit_one_client(victim, comment);
/*
* cptr can only have been killed if it was cptr itself that got killed here,
* because cptr can never have been a dependent of victim --Run
*/
return (cptr == victim) ? CPTR_KILLED : 0;
}
/** Find number of clones of a client.
* @param[in] cptr Client whose address to look up.
* @return Number of clients known to be connected from that address.
*/
unsigned short IPcheck_nr(struct Client *cptr)
{
assert(0 != cptr);
return ip_registry_count(&cli_ip(cptr));
}
/** Handle a client being rejected during connection through no fault
* of their own. This "undoes" the effect of ip_registry_check_local()
* so the client's address is not penalized for the failure.
* @param[in] cptr Client who has been rejected.
*/
void IPcheck_connect_fail(const struct Client *cptr)
{
assert(IsIPChecked(cptr));
ip_registry_connect_fail(&cli_ip(cptr));
}
/** Handle a client that decided to disconnect (or was killed after
* completing his connection). This updates the free target
* information for his IP registry entry.
* @param[in] cptr Client that has exited.
*/
void ip_registry_disconnect(struct Client *cptr)
{
struct IPRegistryEntry* entry = ip_registry_find(&cli_ip(cptr));
if (!irc_in_addr_valid(&cli_ip(cptr))) {
Debug((DEBUG_DNS, "IPcheck noting dicconnect from invalid %s.", ircd_ntoa(&cli_ip(cptr))));
return;
}
assert(entry);
assert(entry->connected > 0);
Debug((DEBUG_DNS, "IPcheck noting disconnect from %s.", ircd_ntoa(&entry->addr)));
/*
* If this was the last one, set `last_connect' to disconnect time (used for expiration)
*/
if (0 == --entry->connected) {
if (CONNECTED_SINCE(entry->last_connect) > IPCHECK_CLONE_LIMIT * IPCHECK_CLONE_PERIOD) {
/*
* Otherwise we'd penalize for this old value if the client reconnects within 20 seconds
*/
entry->attempts = 0;
}
ip_registry_update_free_targets(entry);
entry->last_connect = NOW;
}
if (MyConnect(cptr)) {
unsigned int free_targets;
/*
* Copy the clients targets
*/
if (0 == entry->target) {
entry->target = (struct IPTargetEntry*) MyMalloc(sizeof(struct IPTargetEntry));
entry->target->count = STARTTARGETS;
}
assert(0 != entry->target);
memcpy(entry->target->targets, cli_targets(cptr), MAXTARGETS);
/*
* This calculation can be pretty unfair towards large multi-user hosts, but
* there is "nothing" we can do without also allowing spam bots to send more
* messages or by drastically increasing the amount of memory used in the IPregistry.
*
* The problem is that when a client disconnects, leaving no free targets, then
* the next client from that IP number has to pay for it (getting no free targets).
* But ALSO the next client, and the next client, and the next client etc - until
* another client disconnects that DOES leave free targets. The reason for this
* is that if there are 10 SPAM bots, and they all disconnect at once, then they
* ALL should get no free targets when reconnecting. We'd need to store an entry
* per client (instead of per IP number) to avoid this.
*/
if (cli_nexttarget(cptr) < CurrentTime) {
/*
* Number of free targets
*/
free_targets = (CurrentTime - cli_nexttarget(cptr)) / TARGET_DELAY + 1;
}
else
free_targets = 0;
/*
* Add bonus, this is pretty fuzzy, but it will help in some cases.
*/
if ((CurrentTime - cli_firsttime(cptr)) > 600)
/*
* Was longer then 10 minutes online?
*/
free_targets += (CurrentTime - cli_firsttime(cptr) - 600) / TARGET_DELAY;
/*
* Finally, store smallest value for Judgment Day
*/
if (free_targets < entry->target->count)
entry->target->count = free_targets;
}
}
signed int checkHostmask(struct Client *sptr, char *hoststr, int flags) {
struct Client *acptr;
struct Channel *chptr;
struct Membership *lp;
int count = 0, found = 0, cidr_check_bits = 0;
char outbuf[BUFSIZE];
char targhost[NICKLEN + USERLEN + HOSTLEN + 3], curhost[NICKLEN + USERLEN + HOSTLEN + 3];
char nickm[NICKLEN + 1], userm[USERLEN + 1], hostm[HOSTLEN + 1];
char *p = NULL;
struct in_addr cidr_check;
strcpy(nickm,"*");
strcpy(userm,"*");
strcpy(hostm,"*");
if (!strchr(hoststr, '!') && !strchr(hoststr, '@'))
ircd_strncpy(hostm,hoststr,HOSTLEN);
else {
if ((p = strchr(hoststr, '@'))) {
*p++ = '\0';
if (*p) ircd_strncpy(hostm,p, HOSTLEN);
}
/* Get the nick!user mask */
if ((p = strchr(hoststr, '!'))) {
*p++ = '\0';
if (*p) ircd_strncpy(userm,p,USERLEN);
if (*hoststr) ircd_strncpy(nickm,hoststr,NICKLEN);
}
else if (*hoststr) {
/* Durz: We should only do the following *IF* the hoststr has not already been
* copied into hostm (ie. neither ! or @ specified).. otherwise, when we do
* /quote check *.barrysworld.com - we end up with targhost as: *!*.barryswo@*.barrysworld.com
*/
ircd_strncpy(userm,hoststr,USERLEN);
}
}
if ((p = strchr(hostm, '/')) || inet_aton(hostm, &cidr_check)) {
if (p)
*p = '\0';
if (inet_aton(hostm, &cidr_check)) {
cidr_check_bits = p ? atoi(p + 1) : 32;
if ((cidr_check_bits >= 0) && (cidr_check_bits <= 32)) {
flags |= CHECK_CIDRMASK;
cidr_check.s_addr &= NETMASK(cidr_check_bits);
}
}
if (p)
*p = '/';
}
/* Copy formatted string into "targhost" buffer */
ircd_snprintf(0, targhost, sizeof(targhost), "%s!%s@%s", nickm, userm, hostm);
targhost[sizeof(targhost) - 1] = '\0';
/* Note: we have to exclude the last client struct as it is not a real client
* structure, and therefore any attempt to access elements in it would cause
* a segfault.
*/
for (acptr = GlobalClientList; acptr; acptr = cli_next(acptr)) {
/* Dont process if acptr is a unregistered client, a server or a ping */
if (!IsRegistered(acptr) || IsServer(acptr))
continue;
if (IsMe(acptr)) /* Always the last acptr record */
break;
if(count > feature_int(FEAT_MAX_CHECK_OUTPUT)) { /* sanity stuff */
ircd_snprintf(0, outbuf, sizeof(outbuf), "More than %d results, truncating...", count);
send_reply(sptr, RPL_DATASTR, outbuf);
send_reply(sptr, RPL_ENDOFCHECK, " ");
break;
}
/* Copy host info into buffer */
curhost[0] = '\0';
ircd_snprintf(0, curhost, sizeof(curhost), "%s!%s@%s", acptr->cli_name, acptr->cli_user->realusername, acptr->cli_user->realhost);
if (flags & CHECK_CIDRMASK) {
if (((cli_ip(acptr).s_addr & NETMASK(cidr_check_bits)) == cidr_check.s_addr) && !match(nickm, acptr->cli_name)
&& (!match(userm, acptr->cli_user->realusername) || !match(userm, acptr->cli_user->username)))
found = 1;
}
else {
if(match((const char*)targhost,(const char*)curhost) == 0)
found = 1;
else {
curhost[0] = '\0';
ircd_snprintf(0, curhost, sizeof(curhost), "%s!%s@%s", acptr->cli_name, acptr->cli_user->username, acptr->cli_user->host);
if(match((const char*)targhost,(const char*)curhost) == 0)
found = 1;
}
}
if (found == 1) {
found = 0; /* reset that so it doesn't get crazy go nuts */
/* Show header if we've found at least 1 record */
if (count == 0) {
/* Output header */
send_reply(sptr, RPL_DATASTR, " ");
send_reply(sptr, RPL_CHKHEAD, "host", targhost);
send_reply(sptr, RPL_DATASTR, " ");
ircd_snprintf(0, outbuf, sizeof(outbuf), "%s %-*s%-*s%s", "No.", (NICKLEN + 2 ), "Nick",
(USERLEN + 2), "User", "Host");
send_reply(sptr, RPL_DATASTR, outbuf);
}
ircd_snprintf(0, outbuf, sizeof(outbuf), "%-4d %-*s%-*s%s", (count+1), (NICKLEN + 2),
acptr->cli_name, (USERLEN + 2), acptr->cli_user->realusername,
(flags & CHECK_SHOWIPS) ? ircd_ntoa((const char*)&(cli_ip(acptr))) : acptr->cli_user->realhost);
send_reply(sptr, RPL_DATASTR, outbuf);
/* Show channel output (if applicable) - the 50 channel limit sanity check
* is specifically to prevent coredumping when someone lamely tries to /check
* Q or some other channel service...
*/
if (flags & CHECK_CHECKCHAN) {
if (acptr->cli_user->joined > 0 && acptr->cli_user->joined <= 50) {
char chntext[BUFSIZE];
int len = strlen(" on channels: ");
int mlen = strlen(me.cli_name) + len + strlen(sptr->cli_name);
*chntext = '\0';
strcpy(chntext, " on channels: ");
for (lp = acptr->cli_user->channel; lp; lp = lp->next_channel) {
chptr = lp->channel;
if (len + strlen(chptr->chname) + mlen > BUFSIZE - 5) {
send_reply(sptr, RPL_DATASTR, chntext);
*chntext = '\0';
strcpy(chntext, " on channels: ");
len = strlen(chntext);
}
if (IsDeaf(acptr))
*(chntext + len++) = '-';
if (is_chan_op(acptr, chptr))
*(chntext + len++) = '@';
if (is_half_op(acptr, chptr))
*(chntext + len++) = '%';
if (IsOper(sptr) && !ShowChannel(sptr,chptr))
*(chntext + len++) = '*';
else if (has_voice(acptr, chptr))
*(chntext + len++) = '+';
else if (IsZombie(lp))
*(chntext + len++) = '!';
if (len)
*(chntext + len) = '\0';
strcpy(chntext + len, chptr->chname);
len += strlen(chptr->chname);
strcat(chntext + len, " ");
len++;
}
if (chntext[0] != '\0')
send_reply(sptr, RPL_DATASTR, chntext);
send_reply(sptr, RPL_DATASTR, " ");
}
}
count++;
}
}
if (count > 0) {
send_reply(sptr, RPL_DATASTR, " ");
ircd_snprintf(0, outbuf, sizeof(outbuf), "Matching records found:: %d", count);
send_reply(sptr, RPL_DATASTR, outbuf);
send_reply(sptr, RPL_ENDOFCHECK, " ");
}
return count;
}
int m_challenge(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
{
#ifdef USE_SSL
struct ConfItem *aconf;
RSA *rsa_public_key;
BIO *file = NULL;
char *challenge = NULL;
char *name;
char *tmpname;
char chan[CHANNELLEN-1];
char* join[2];
int nl;
struct Flags old_mode = cli_flags(sptr);
if (!MyUser(sptr))
return 0;
if (parc < 2)
return need_more_params(sptr, "CHALLENGE");
if (parc > 2) { /* This is a remote OPER Request */
struct Client *srv;
if (!string_has_wildcards(parv[1]))
srv = FindServer(parv[1]);
else
srv = find_match_server(parv[1]);
if (!feature_bool(FEAT_REMOTE_OPER))
return send_reply(sptr, ERR_NOOPERHOST);
if (!srv)
return send_reply(sptr, ERR_NOOPERHOST);
if (IsMe(srv)) {
parv[1] = parv[2];
} else {
sendcmdto_one(sptr, CMD_CHALLENGE, srv, "%C %s", srv, parv[2]);
return 0;
}
}
/* if theyre an oper, reprint oper motd and ignore */
if (IsOper(sptr))
{
send_reply(sptr, RPL_YOUREOPER);
if (feature_bool(FEAT_OPERMOTD))
m_opermotd(sptr, sptr, 1, parv);
}
if (*parv[1] == '+')
{
/* Ignore it if we aren't expecting this... -A1kmm */
if (cli_user(sptr)->response == NULL)
return 0;
if (ircd_strcmp(cli_user(sptr)->response, ++parv[1]))
{
send_reply(sptr, ERR_PASSWDMISMATCH);
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (Password Incorrect)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
tmpname = strdup(cli_user(sptr)->auth_oper);
failed_challenge_notice(sptr, tmpname, "challenge failed");
return 0;
}
name = strdup(cli_user(sptr)->auth_oper);
aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
MyUser(sptr) ? cli_sockhost(sptr) :
cli_user(sptr)->realhost, CONF_OPS);
if (!aconf)
aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS);
if (!aconf)
aconf = find_conf_cidr(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
cli_ip(sptr), CONF_OPS);
if (!aconf)
{
send_reply(sptr, ERR_NOOPERHOST);
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
return 0;
}
if (CONF_LOCOP == aconf->status) {
ClearOper(sptr);
SetLocOp(sptr);
}
else {
/*
* prevent someone from being both oper and local oper
*/
ClearLocOp(sptr);
if (!feature_bool(FEAT_OPERFLAGS) || !(aconf->port & OFLAG_ADMIN)) {
/* Global Oper */
SetOper(sptr);
ClearAdmin(sptr);
} else {
/* Admin */
SetOper(sptr);
OSetGlobal(sptr);
SetAdmin(sptr);
}
++UserStats.opers;
}
cli_handler(cptr) = OPER_HANDLER;
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_WHOIS)) {
OSetWhois(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_IDLE)) {
OSetIdle(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_XTRAOP)) {
OSetXtraop(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_HIDECHANS)) {
OSetHideChans(sptr);
}
SetFlag(sptr, FLAG_WALLOP);
SetFlag(sptr, FLAG_SERVNOTICE);
SetFlag(sptr, FLAG_DEBUG);
if (!IsAdmin(sptr))
cli_oflags(sptr) = aconf->port;
set_snomask(sptr, SNO_OPERDEFAULT, SNO_ADD);
client_set_privs(sptr, aconf);
cli_max_sendq(sptr) = 0; /* Get the sendq from the oper's class */
send_umode_out(cptr, sptr, &old_mode, HasPriv(sptr, PRIV_PROPAGATE));
send_reply(sptr, RPL_YOUREOPER);
if (IsAdmin(sptr)) {
sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Administrator",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr));
/* Autojoin admins to admin channel and oper channel (if enabled) */
if (feature_bool(FEAT_AUTOJOIN_ADMIN)) {
if (feature_bool(FEAT_AUTOJOIN_ADMIN_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_ADMIN_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_ADMIN_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
if (feature_bool(FEAT_AUTOJOIN_OPER) && IsOper(sptr)) {
if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
} else {
sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Operator (%c)",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr),
IsOper(sptr) ? 'O' : 'o');
if (feature_bool(FEAT_AUTOJOIN_OPER) && IsOper(sptr)) {
if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
}
if (feature_bool(FEAT_OPERMOTD))
m_opermotd(sptr, sptr, 1, parv);
log_write(LS_OPER, L_INFO, 0, "OPER (%s) by (%#C)", name, sptr);
ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", "");
return 0;
}
ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", "");
ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN+1, "%s", "");
aconf = find_conf_exact(parv[1], cli_user(sptr)->realusername,
cli_user(sptr)->realhost, CONF_OPS);
if (!aconf)
aconf = find_conf_exact(parv[1], cli_user(sptr)->realusername,
ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS);
if (!aconf)
aconf = find_conf_cidr(parv[1], cli_user(sptr)->realusername,
cli_ip(sptr), CONF_OPS);
if (aconf == NULL)
{
send_reply(sptr, ERR_NOOPERHOST);
failed_challenge_notice(sptr, parv[1], "No o:line");
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
return 0;
}
if (!(aconf->port & OFLAG_RSA))
{
send_reply(sptr, RPL_NO_CHALL);
return 0;
}
if (!verify_sslclifp(sptr, aconf))
{
sendto_allops(&me, SNO_OLDREALOP,
"Failed OPER attempt by %s (%s@%s) (SSL Fingerprint Missmatch)",
parv[0], cli_user(sptr)->realusername,
cli_user(sptr)->realhost);
send_reply(sptr, ERR_SSLCLIFP);
return 0;
}
if ((file = BIO_new_file(aconf->passwd, "r")) == NULL)
{
send_reply(sptr, RPL_NO_KEY);
return 0;
}
rsa_public_key = (RSA *)PEM_read_bio_RSA_PUBKEY(file, NULL, 0, NULL);
if (rsa_public_key == NULL)
return send_reply(sptr, RPL_INVALID_KEY);
if (!generate_challenge(&challenge, rsa_public_key, sptr)) {
Debug((DEBUG_DEBUG, "generating challenge sum (%s)", challenge));
send_reply(sptr, RPL_RSACHALLENGE, challenge);
ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN + 1, "%s", aconf->name);
}
nl = BIO_set_close(file, BIO_CLOSE);
BIO_free(file);
return 1;
#else
return 1;
#endif
}
/*
* ms_nick - server message handler for nicks
* parv[0] = sender prefix
* parv[1] = nickname
*
* If from server, source is client:
* parv[2] = timestamp
*
* Source is server:
* parv[2] = hopcount
* parv[3] = timestamp
* parv[4] = username
* parv[5] = hostname
* parv[6] = umode (optional)
* parv[parc-3] = IP# <- Only Protocol >= 10
* parv[parc-2] = YXX, numeric nick <- Only Protocol >= 10
* parv[parc-1] = info
* parv[0] = server
*/
int ms_nick(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct Client *acptr;
char nick[NICKLEN + 2];
time_t lastnick = 0;
int differ = 1;
const char *type;
assert(0 != cptr);
assert(0 != sptr);
assert(IsServer(cptr));
if ((IsServer(sptr) && parc < 8) || parc < 3)
{
sendto_opmask_butone(0, SNO_OLDSNO, "bad NICK param count for %s from %C",
parv[1], cptr);
return need_more_params(sptr, "NICK");
}
ircd_strncpy(nick, parv[1], NICKLEN);
nick[NICKLEN] = '\0';
if (IsServer(sptr))
{
lastnick = atoi(parv[3]);
if (lastnick > OLDEST_TS && !IsBurstOrBurstAck(sptr))
cli_serv(sptr)->lag = TStime() - lastnick;
}
else
{
lastnick = atoi(parv[2]);
if (lastnick > OLDEST_TS && !IsBurstOrBurstAck(sptr))
cli_serv(cli_user(sptr)->server)->lag = TStime() - lastnick;
}
/*
* If do_nick_name() returns a null name OR if the server sent a nick
* name and do_nick_name() changed it in some way (due to rules of nick
* creation) then reject it. If from a server and we reject it,
* and KILL it. -avalon 4/4/92
*/
if (!do_nick_name(nick) || strcmp(nick, parv[1]))
{
send_reply(sptr, ERR_ERRONEUSNICKNAME, parv[1]);
++ServerStats->is_kill;
sendto_opmask_butone(0, SNO_OLDSNO, "Bad Nick: %s From: %s %C", parv[1],
parv[0], cptr);
sendcmdto_one(&me, CMD_KILL, cptr, "%s :%s (%s <- %s[%s])",
IsServer(sptr) ? parv[parc - 2] : parv[0], cli_name(&me), parv[1],
nick, cli_name(cptr));
if (!IsServer(sptr))
{
/*
* bad nick _change_
*/
sendcmdto_serv_butone(&me, CMD_KILL, 0, "%s :%s (%s <- %s!%s@%s)",
parv[0], cli_name(&me), cli_name(cptr), parv[0],
cli_user(sptr) ? cli_username(sptr) : "",
cli_user(sptr) ? cli_name(cli_user(sptr)->server) :
cli_name(cptr));
}
return 0;
}
/* Check against nick name collisions. */
if ((acptr = FindClient(nick)) == NULL)
/* No collisions, all clear... */
return set_nick_name(cptr, sptr, nick, parc, parv);
/*
* If acptr == sptr, then we have a client doing a nick
* change between *equivalent* nicknames as far as server
* is concerned (user is changing the case of his/her
* nickname or somesuch)
*/
if (acptr == sptr)
{
if (strcmp(cli_name(acptr), nick) != 0)
/* Allows change of case in his/her nick */
return set_nick_name(cptr, sptr, nick, parc, parv);
else
/* Setting their nick to what it already is? Ignore it. */
return 0;
}
/* now we know we have a real collision. */
/*
* Note: From this point forward it can be assumed that
* acptr != sptr (point to different client structures).
*/
assert(acptr != sptr);
/*
* If the older one is "non-person", the new entry is just
* allowed to overwrite it. Just silently drop non-person,
* and proceed with the nick. This should take care of the
* "dormant nick" way of generating collisions...
*/
if (IsUnknown(acptr) && MyConnect(acptr))
{
ServerStats->is_ref++;
IPcheck_connect_fail(acptr);
exit_client(cptr, acptr, &me, "Overridden by other sign on");
return set_nick_name(cptr, sptr, nick, parc, parv);
}
/*
* Decide, we really have a nick collision and deal with it
*/
/*
* NICK was coming from a server connection.
* This means we have a race condition (two users signing on
* at the same time), or two net fragments reconnecting with the same nick.
* The latter can happen because two different users connected
* or because one and the same user switched server during a net break.
* If the TimeStamps are equal, we kill both (or only 'new'
* if it was a ":server NICK new ...").
* Otherwise we kill the youngest when user@host differ,
* or the oldest when they are the same.
* We treat user and ~user as different, because if it wasn't
* a faked ~user the AUTH wouldn't have added the '~'.
* --Run
*
*/
if (IsServer(sptr))
{
struct irc_in_addr ip;
/*
* A new NICK being introduced by a neighbouring
* server (e.g. message type ":server NICK new ..." received)
*
* compare IP address and username
*/
base64toip(parv[parc - 3], &ip);
differ = (0 != memcmp(&cli_ip(acptr), &ip, sizeof(cli_ip(acptr)))) ||
(0 != ircd_strcmp(cli_user(acptr)->username, parv[4]));
sendto_opmask_butone(0, SNO_OLDSNO, "Nick collision on %C (%C %Tu <- "
"%C %Tu (%s user@host))", acptr, cli_from(acptr),
cli_lastnick(acptr), cptr, lastnick,
differ ? "Different" : "Same");
}
else
{
/*
* A NICK change has collided (e.g. message type ":old NICK new").
*
* compare IP address and username
*/
differ = (0 != memcmp(&cli_ip(acptr), &cli_ip(sptr), sizeof(cli_ip(acptr)))) ||
(0 != ircd_strcmp(cli_user(acptr)->username, cli_user(sptr)->username));
sendto_opmask_butone(0, SNO_OLDSNO, "Nick change collision from %C to "
"%C (%C %Tu <- %C %Tu)", sptr, acptr, cli_from(acptr),
cli_lastnick(acptr), cptr, lastnick);
}
type = differ ? "overruled by older nick" : "nick collision from same user@host";
/*
* Now remove (kill) the nick on our side if it is the youngest.
* If no timestamp was received, we ignore the incoming nick
* (and expect a KILL for our legit nick soon ):
* When the timestamps are equal we kill both nicks. --Run
* acptr->from != cptr should *always* be true (?).
*
* This exits the client sending the NICK message
*/
if ((differ && lastnick >= cli_lastnick(acptr)) ||
(!differ && lastnick <= cli_lastnick(acptr)))
{
ServerStats->is_kill++;
if (!IsServer(sptr))
{
/* If this was a nick change and not a nick introduction, we
* need to ensure that we remove our record of the client, and
* send a KILL to the whole network.
*/
assert(!MyConnect(sptr));
/* Inform the rest of the net... */
sendcmdto_serv_butone(&me, CMD_KILL, 0, "%C :%s (%s)",
sptr, cli_name(&me), type);
/* Don't go sending off a QUIT message... */
SetFlag(sptr, FLAG_KILLED);
/* Remove them locally. */
exit_client_msg(cptr, sptr, &me,
"Killed (%s (%s))",
feature_str(FEAT_HIS_SERVERNAME), type);
}
else
{
/* If the origin is a server, this was a new client, so we only
* send the KILL in the direction it came from. We have no
* client record that we would have to clean up.
*/
sendcmdto_one(&me, CMD_KILL, cptr, "%s :%s (%s)",
parv[parc - 2], cli_name(&me), type);
}
/* If the timestamps differ and we just killed sptr, we don't need to kill
* acptr as well.
*/
if (lastnick != cli_lastnick(acptr))
return 0;
}
/* Tell acptr why we are killing it. */
send_reply(acptr, ERR_NICKCOLLISION, nick);
ServerStats->is_kill++;
SetFlag(acptr, FLAG_KILLED);
/*
* This exits the client we had before getting the NICK message
*/
sendcmdto_serv_butone(&me, CMD_KILL, NULL, "%C :%s (%s)",
acptr, feature_str(FEAT_HIS_SERVERNAME),
type);
exit_client_msg(cptr, acptr, &me, "Killed (%s (%s))",
feature_str(FEAT_HIS_SERVERNAME), type);
if (lastnick == cli_lastnick(acptr))
return 0;
if (sptr == NULL)
return 0;
return set_nick_name(cptr, sptr, nick, parc, parv);
}
int get_eflags(struct Client *sptr, struct Client *acptr) {
struct eline *eline;
unsigned int e_flag = 0;
int found = 0;
char outbuf[BUFSIZE];
char i_host[SOCKIPLEN + USERLEN + 2];
char s_host[HOSTLEN + USERLEN + 2];
ircd_snprintf(0, i_host, USERLEN+SOCKIPLEN+2, "%s@%s", cli_username(acptr), ircd_ntoa((const char*) &(cli_ip(acptr))));
ircd_snprintf(0, s_host, USERLEN+HOSTLEN+2, "%s@%s", cli_username(acptr), cli_sockhost(acptr));
for (eline = GlobalEList; eline; eline = eline->next) {
char* ip_start;
char* cidr_start;
in_addr_t cli_addr = 0;
*outbuf = '\0';
e_flag = eflagstr(eline->flags);
if (s_host) {
if ((match(eline->mask, s_host) == 0) || (match(eline->mask, i_host) == 0)) {
found = 1;
}
}
if ((ip_start = strrchr(i_host, '@')))
cli_addr = inet_addr(ip_start + 1);
if ((ip_start = strrchr(eline->mask, '@')) && (cidr_start = strchr(ip_start + 1, '/'))) {
int bits = atoi(cidr_start + 1);
char* p = strchr(i_host, '@');
if (p) {
*p = *ip_start = 0;
if (match(eline->mask, i_host) == 0) {
if ((bits > 0) && (bits < 33)) {
in_addr_t ban_addr;
*cidr_start = 0;
ban_addr = inet_addr(ip_start + 1);
*cidr_start = '/';
if ((NETMASK(bits) & cli_addr) == ban_addr) {
*p = *ip_start = '@';
found = 1;
}
}
}
*p = *ip_start = '@';
}
}
if (found) {
strcat(outbuf, " Exemptions:: ");
if (e_flag & EFLAG_KLINE) {
if (strlen(outbuf) > 21)
strcat(outbuf, ", ");
strcat(outbuf, "K:Lines");
}
if (e_flag & EFLAG_GLINE) {
if (strlen(outbuf) > 21)
strcat(outbuf, ", ");
strcat(outbuf, "G:Lines");
}
if (e_flag & EFLAG_SHUN) {
if (strlen(outbuf) > 21)
strcat(outbuf, ", ");
strcat(outbuf, "Shuns");
}
if (e_flag & EFLAG_ZLINE) {
if (strlen(outbuf) > 21)
strcat(outbuf, ", ");
strcat(outbuf, "Z:Lines");
}
if (e_flag & EFLAG_SFILTER) {
if (strlen(outbuf) > 21)
strcat(outbuf, ", ");
strcat(outbuf, "Spamfilters");
}
if (e_flag & EFLAG_LIST) {
if (strlen(outbuf) > 21)
strcat(outbuf, ", ");
strcat(outbuf, "List Delays");
}
if (e_flag & EFLAG_IDENT) {
if (strlen(outbuf) > 21)
strcat(outbuf, ", ");
strcat(outbuf, "Ident Prompts");
}
if ((e_flag & EFLAG_IPCHECK) && IsIPCheckExempted(acptr)) {
if (strlen(outbuf) > 21)
strcat(outbuf, ", ");
strcat(outbuf, "IPCheck");
}
if (strlen(outbuf) > 18)
send_reply(sptr, RPL_DATASTR, outbuf);
}
found = 0;
}
return 0;
}
