/* * m_samode * parv[0] = sender * parv[1] = channel * parv[2] = modes * -t */ DLLFUNC CMD_FUNC(m_samode) { aChannel *chptr; if (!IsPrivileged(cptr) || !IsSAdmin(sptr)) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (parc > 2) { chptr = find_channel(parv[1], NullChn); if (chptr == NullChn) return 0; } else { sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "SAMODE"); return 0; } opermode = 0; (void)do_mode(chptr, cptr, sptr, parc - 2, parv + 2, 0, 1); return 0; }
void IfConf (char *vifdev,char *vaddress,char *vnetmask,char *vbroadcast) { int sk, flags, metric, isnotsane = false; Verbose("Assumed interface name: %s %s %s\n",vifdev,vnetmask,vbroadcast); if (!IsPrivileged()) { printf("%s: Only root can configure the net interface.\n",VPREFIX); return; } if (vnetmask[0] == '\0') { CfLog(cferror,"Program does not define a subnetmask",""); return; } if (vbroadcast[0] == '\0') { CfLog(cferror,"Program does not define a broadcast mode for this host",""); return; } strcpy(IFR.ifr_name,vifdev); IFR.ifr_addr.sa_family = AF_INET; if ((sk = socket(AF_INET,SOCK_DGRAM,IPPROTO_IP)) == -1) { CfLog(cferror,"","socket"); FatalError("Error in IfConfig()"); } if (ioctl(sk,SIOCGIFFLAGS, (caddr_t) &IFR) == -1) /* Get the device status flags */ { CfLog(cferror,"No such network device","ioctl"); return; } flags = IFR.ifr_flags; strcpy(IFR.ifr_name,vifdev); /* copy this each time */ if (ioctl(sk,SIOCGIFMETRIC, (caddr_t) &IFR) == -1) /* Get the routing priority */ { CfLog(cferror,"","ioctl"); FatalError("Software error: error getting metric"); } metric = IFR.ifr_metric; isnotsane = GetIfStatus(sk,vifdev,vaddress,vnetmask,vbroadcast); if (! DONTDO && isnotsane) { SetIfStatus(sk,vifdev,vaddress,vnetmask,vbroadcast); GetIfStatus(sk,vifdev,vaddress,vnetmask,vbroadcast); } close(sk); }
ULONG SrvRegisterServicesProcess( IN OUT PCSR_API_MSG m, IN OUT PCSR_REPLY_STATUS ReplyStatus) { PRIVILEGE_SET psTcb = { 1, PRIVILEGE_SET_ALL_NECESSARY, { SE_TCB_PRIVILEGE, 0 } }; BEGIN_LPC_RECV(REGISTERSERVICESPROCESS); /* * Allow only one services process and then only if it has TCB * privilege. */ if (gdwServicesProcessId != 0 || !IsPrivileged(&psTcb)) { SetLastError(ERROR_ACCESS_DENIED); a->fSuccess = FALSE; } else { gdwServicesProcessId = a->dwProcessId; a->fSuccess = TRUE; } END_LPC_RECV(); }
/* * ms_rping - server message handler * -- by Run * * parv[0] = sender (sptr->name thus) * if sender is a person: (traveling towards start server) * parv[1] = pinged server[mask] * parv[2] = start server (current target) * parv[3] = optional remark * if sender is a server: (traveling towards pinged server) * parv[1] = pinged server (current target) * parv[2] = original sender (person) * parv[3] = start time in s * parv[4] = start time in us * parv[5] = the optional remark */ int ms_rping(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct Client* destination = 0; assert(0 != cptr); assert(0 != sptr); assert(IsServer(cptr)); /* * shouldn't happen */ if (!IsPrivileged(sptr)) return 0; if (IsServer(sptr)) { if (parc < 6) { /* * PROTOCOL ERROR */ return need_more_params(sptr, "RPING"); } if ((destination = FindNServer(parv[1]))) { /* * if it's not for me, pass it on */ if (IsMe(destination)) sendcmdto_one(&me, CMD_RPONG, sptr, "%s %s %s %s :%s", cli_name(sptr), parv[2], parv[3], parv[4], parv[5]); else sendcmdto_one(sptr, CMD_RPING, destination, "%C %s %s %s :%s", destination, parv[2], parv[3], parv[4], parv[5]); } } else { if (parc < 3) { return need_more_params(sptr, "RPING"); } /* * Haven't made it to the start server yet, if I'm not the start server * pass it on. */ if (hunt_server_cmd(sptr, CMD_RPING, cptr, 1, "%s %C :%s", 2, parc, parv) != HUNTED_ISME) return 0; /* * otherwise ping the destination from here */ if ((destination = find_match_server(parv[1]))) { assert(IsServer(destination) || IsMe(destination)); sendcmdto_one(&me, CMD_RPING, destination, "%C %C %s :%s", destination, sptr, militime(0, 0), parv[3]); } else send_reply(sptr, ERR_NOSUCHSERVER, parv[1]); } return 0; }
/// Get the current RTOS Kernel state. osKernelState_t osKernelGetState (void) { osKernelState_t state; if (IsPrivileged() || IsIrqMode() || IsIrqMasked()) { state = svcRtxKernelGetState(); } else { state = __svcKernelGetState(); } return state; }
/* ** m_zombies() by openglx ** ** m_ircops() By Claudio ** Rewritten by HAMLET ** Lists online IRCOps ** */ int m_zombies(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct Client *acptr; char buf[BUFSIZE]; int zombies = 0; if (!IsPrivileged(cptr)) { sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } strcpy(buf, "========================================================================================"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); strcpy(buf, "\2Nick Hostname Server\2"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); strcpy(buf, "----------------------------------------------------------------------------------------"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); for (acptr = GlobalClientList; acptr; acptr = acptr->next) { if (!IsService(acptr) && !IsStealth(acptr) && IsZombie(acptr)) { if (!acptr->user) continue; /* vlinks on /IRCops * code by openglx * idea to this by Midnight_Commander */ if (acptr->user && acptr->user->vlink) { ircsprintf(buf, "\2%-29s\2 %s@%s %s", acptr->name ? acptr->name : "<unknown>", acptr->username, acptr->realhost, acptr->user->vlink->name); } else { ircsprintf(buf, "\2%-29s\2 %-23s %s@%s", acptr->name ? acptr->name : "<unknown>", acptr->username, acptr->realhost, acptr->user->server); } /* end of the vlink support code */ sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], "-"); zombies++; } } ircsprintf(buf, "Total: \2%d\2 Zombie%s connected", zombies, zombies > 1 ? "s" : ""); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); strcpy(buf, "========================================================================================"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); sendto_one(sptr, form_str(RPL_ENDOFLISTS), me.name, parv[0], "ZOMBIES"); return 0; }
/// Get RTOS Kernel Information. osStatus_t osKernelGetInfo (osVersion_t *version, char *id_buf, uint32_t id_size) { osStatus_t status; EvrRtxKernelGetInfo(version, id_buf, id_size); if (IsPrivileged() || IsIrqMode() || IsIrqMasked()) { status = svcRtxKernelGetInfo(version, id_buf, id_size); } else { status = __svcKernelGetInfo(version, id_buf, id_size); } return status; }
void ActiveCmdAction::OnExecuteInThread() { // the file. auto szFile = File(); // join the two items together. std::vector<MYODD_STRING> argv; argv.push_back( _T("cmd") ); auto arguments = myodd::strings::Format(_T("/c %s %s"), szFile.c_str(), GetCommandLine()); argv.push_back(arguments); Execute(argv, IsPrivileged(), nullptr); }
static void CheckAgentAccess(Rlist *list, const Rlist *input_files) { struct stat sb; uid_t uid; int access = false; uid = getuid(); for (const Rlist *rp = list; rp != NULL; rp = rp->next) { if (Str2Uid(rp->item, NULL, NULL) == uid) { return; } } for (const Rlist *rp = input_files; rp != NULL; rp = rp->next) { cfstat(rp->item, &sb); if (ACCESSLIST) { for (const Rlist *rp2 = ACCESSLIST; rp2 != NULL; rp2 = rp2->next) { if (Str2Uid(rp2->item, NULL, NULL) == sb.st_uid) { access = true; break; } } if (!access) { CfOut(cf_error, "", "File %s is not owned by an authorized user (security exception)", ScalarValue(rp)); exit(1); } } else if (CFPARANOID && IsPrivileged()) { if (sb.st_uid != getuid()) { CfOut(cf_error, "", "File %s is not owned by uid %ju (security exception)", ScalarValue(rp), (uintmax_t)getuid()); exit(1); } } } FatalError("You are denied access to run this policy"); }
/** Handle a STATS message from some connection. * * \a parv has the following elements: * \li \a parv[1] is the statistics selector * \li \a parv[2] (optional) is server to query * \li \a parv[3] (optional) is a mask to filter the results * * If \a parv[1] is "l" (or "links"), \a parv[3] is a mask of servers. * If \a parv[1] is "p" (or "P" or "ports"), \a parv[3] is a mask of * ports. If \a parv[1] is "k" (or "K" or "klines" or "i" or "I" or * "access"), \a parv[3] is a hostname with optional username@ prefix * (for opers, hostmasks are allowed). * * See @ref m_functions for discussion of the arguments. * @param[in] cptr Client that sent us the message. * @param[in] sptr Original source of message. * @param[in] parc Number of arguments. * @param[in] parv Argument vector. */ int m_stats(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { const struct StatDesc *sd; char *param; /* If we didn't find a descriptor, send them help */ if ((parc < 2) || !(sd = stats_find(parv[1]))) parv[1] = "*", sd = stats_find("*"); assert(sd != 0); /* Check whether the client can issue this command. If source is * not privileged (server or an operator), then the STAT_FLAG_OPERONLY * flag must not be set, and if the STAT_FLAG_OPERFEAT flag is set, * then the feature given by sd->sd_control must be off. * * This checks cptr rather than sptr so that a local oper may send * /stats queries to other servers. */ if (!IsPrivileged(cptr) && ((sd->sd_flags & STAT_FLAG_OPERONLY) || ((sd->sd_flags & STAT_FLAG_OPERFEAT) && feature_bool(sd->sd_control)))) return send_reply(sptr, ERR_NOPRIVILEGES); /* Check for extra parameter */ if ((sd->sd_flags & STAT_FLAG_VARPARAM) && parc > 3 && !EmptyString(parv[3])) param = parv[3]; else param = NULL; /* Ok, track down who's supposed to get this... */ if (hunt_server_cmd(sptr, CMD_STATS, cptr, feature_int(FEAT_HIS_REMOTE), param ? "%s %C :%s" : "%s :%C", 2, parc, parv) != HUNTED_ISME) return 0; /* Someone else--cool :) */ /* Check if they are a local user */ if ((sd->sd_flags & STAT_FLAG_LOCONLY) && !MyUser(sptr)) return send_reply(sptr, ERR_NOPRIVILEGES); assert(sd->sd_func != 0); /* Ok, dispatch the stats function */ (*sd->sd_func)(sptr, sd, param); /* Done sending them the stats */ return send_reply(sptr, RPL_ENDOFSTATS, parv[1]); }
void ActiveDefaultAction::OnExecuteInThread() { // we need to log that we are going to run this as a default. // we should always try and create an ActiveAction for each known extensions. // otherwise, who knows how this will run, (for example and swf extension might not be able to run). auto szFile = File(); auto szExt = myodd::files::GetExtension( szFile );; auto szCommand = Command(); myodd::log::LogWarning(_T("Will try and execute the command '%s' from file '%s'"), szExt.c_str(), szCommand.c_str()); // join the two items together. std::vector<MYODD_STRING> argv; argv.push_back( szFile); argv.push_back( GetCommandLine() ); Execute(argv, IsPrivileged(), nullptr ); }
/* * ms_clearmode - server message handler * * parv[0] = Send prefix * parv[1] = Channel name * parv[2] = Control string */ int ms_clearmode(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct Channel *chptr; if (parc < 3) return need_more_params(sptr, "CLEARMODE"); if (!IsPrivileged(sptr)) { protocol_violation(sptr,"No privileges on source for CLEARMODE, desync?"); return send_reply(sptr, ERR_NOPRIVILEGES); } if (!IsChannelName(parv[1]) || IsLocalChannel(parv[1]) || !(chptr = FindChannel(parv[1]))) return send_reply(sptr, ERR_NOSUCHCHANNEL, parv[1]); return do_clearmode(cptr, sptr, chptr, parv[2]); }
/* m_setname - for SETNAME command * allow users to change it's real name * -- openglx, on a boring 25/12/2003 */ int m_setname(struct Client *cptr, struct Client *sptr, int parc, char *parv[]) { struct Client *acptr = sptr; char *newname = parv[1]; char *mename = me.name; if(acptr->user && acptr->user->vlink) mename = acptr->user->vlink->name; if (!AllowSetNameToEveryone && !IsPrivileged(sptr)) { sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (parc<2 || EmptyString(parv[1])) { if(MyClient(sptr)) sendto_one(sptr, ":%s NOTICE %s :*** Syntax: /SETNAME <real name>", mename, parv[0]); return 0; } if (strlen(newname) > REALLEN) /* just to be sure */ { if(MyClient(sptr)) sendto_one(sptr, ":%s NOTICE %s :*** SETNAME: select a real name under %d chars", mename, acptr->name, REALLEN); return 0; } strcpy(acptr->info, newname); sendto_serv_butone(cptr, ":%s SETNAME :%s", parv[0], newname); if (MyClient(acptr)) sendto_one(acptr, ":%s NOTICE %s :*** New real name set: \2%s\2", mename, acptr->name, acptr->info); return 0; /* I wonder why shouldn't this be 1 */ }
/* ** m_lost() ** parv[0] = sender ** */ int m_lost(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct Client *acptr; char buf[BUFSIZE]; int lost = 0; if (!IsPrivileged(cptr)) { sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } strcpy(buf, "========================================================================================"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); strcpy(buf, "\2User\2"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); strcpy(buf, "----------------------------------------------------------------------------------------"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); for (acptr = GlobalClientList; acptr; acptr = acptr->next) { if (IsService(acptr) || IsStealth(acptr) || IsAnOper(acptr) || IsIdentified(acptr)) continue; if (!acptr->user || (acptr->user->channel != NULL)) continue; ircsprintf(buf, "\2%-29s\2 %-23s %s", acptr->name ? acptr->name : "<unknown>", acptr->user->away ? "(AWAY)" : "", acptr->user->server); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); lost++; } strcpy(buf, "========================================================================================"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); ircsprintf(buf, "Total: \2%d\2 Lost Users", lost); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); sendto_one(sptr, form_str(RPL_ENDOFLISTS), me.name, parv[0], "LOST."); return 0; }
static void MakeLog(Item *mess, enum cfreport level) { Item *ip; if (!IsPrivileged() || DONTDO) { return; } /* If we can't mutex it could be dangerous to proceed with threaded file descriptors */ if (!ThreadLock(cft_output)) { return; } for (ip = mess; ip != NULL; ip = ip->next) { switch (level) { case cf_inform: case cf_reporting: case cf_cmdout: syslog(LOG_NOTICE, " %s", ip->name); break; case cf_verbose: syslog(LOG_INFO, " %s", ip->name); break; case cf_error: syslog(LOG_ERR, " %s", ip->name); break; default: break; } } ThreadUnlock(cft_output); }
static void SystemLog(Item *mess, OutputLevel level) { Item *ip; if ((!IsPrivileged()) || DONTDO) { return; } /* If we can't mutex it could be dangerous to proceed with threaded file descriptors */ if (!ThreadLock(cft_output)) { return; } for (ip = mess; ip != NULL; ip = ip->next) { switch (level) { case OUTPUT_LEVEL_INFORM: case OUTPUT_LEVEL_REPORTING: case OUTPUT_LEVEL_CMDOUT: syslog(LOG_NOTICE, " %s", ip->name); break; case OUTPUT_LEVEL_VERBOSE: syslog(LOG_INFO, " %s", ip->name); break; case OUTPUT_LEVEL_ERROR: syslog(LOG_ERR, " %s", ip->name); break; default: break; } } ThreadUnlock(cft_output); }
/* * m_squit - SQUIT message handler * parv[0] = sender prefix * parv[1] = server name * parv[2] = comment */ int m_squit(struct Client *cptr, struct Client *sptr, int parc, char *parv[]) { struct ConfItem* aconf; char* server; struct Client* acptr; char *comment = (parc > 2 && parv[2]) ? parv[2] : cptr->name; if (!IsPrivileged(sptr)) { sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (parc > 1) { server = parv[1]; /* ** To accomodate host masking, a squit for a masked server ** name is expanded if the incoming mask is the same as ** the server name for that link to the name of link. */ while ((*server == '*') && IsServer(cptr)) { aconf = cptr->serv->nline; if (!aconf) break; if (!irccmp(server, my_name_for_link(me.name, aconf))) server = cptr->name; break; /* WARNING is normal here */ /* NOTREACHED */ } /* ** The following allows wild cards in SQUIT. Only useful ** when the command is issued by an oper. */ for (acptr = GlobalClientList; (acptr = next_client(acptr, server)); acptr = acptr->next) if (IsServer(acptr) || IsMe(acptr)) break; if (acptr && IsMe(acptr)) { acptr = cptr; server = cptr->name; } } else { /* ** This is actually protocol error. But, well, closing ** the link is very proper answer to that... ** ** Closing the client's connection probably wouldn't do much ** good.. any oper out there should know that the proper way ** to disconnect is /QUIT :) ** ** its still valid if its not a local client, its then ** a protocol error for sure -Dianora */ if(MyClient(sptr)) { sendto_one(sptr, form_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "SQUIT"); return 0; } else { server = cptr->host; acptr = cptr; } } /* ** SQUIT semantics is tricky, be careful... ** ** The old (irc2.2PL1 and earlier) code just cleans away the ** server client from the links (because it is never true ** "cptr == acptr". ** ** This logic here works the same way until "SQUIT host" hits ** the server having the target "host" as local link. Then it ** will do a real cleanup spewing SQUIT's and QUIT's to all ** directions, also to the link from which the orinal SQUIT ** came, generating one unnecessary "SQUIT host" back to that ** link. ** ** One may think that this could be implemented like ** "hunt_server" (e.g. just pass on "SQUIT" without doing ** nothing until the server having the link as local is ** reached). Unfortunately this wouldn't work in the real life, ** because either target may be unreachable or may not comply ** with the request. In either case it would leave target in ** links--no command to clear it away. So, it's better just ** clean out while going forward, just to be sure. ** ** ...of course, even better cleanout would be to QUIT/SQUIT ** dependant users/servers already on the way out, but ** currently there is not enough information about remote ** clients to do this... --msa */ if (!acptr) { sendto_one(sptr, form_str(ERR_NOSUCHSERVER), me.name, parv[0], server); return 0; } if (IsLocOp(sptr) && !MyConnect(acptr)) { sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (MyClient(sptr) && !IsOperRemote(sptr) && !MyConnect(acptr)) { sendto_one(sptr,":%s NOTICE %s :You have no R flag",me.name,parv[0]); return 0; } /* ** Notify all opers, if my local link is remotely squitted */ if (MyConnect(acptr) && !IsAnOper(cptr)) { sendto_ops_butone(NULL, &me, ":%s WALLOPS :Received SQUIT %s from %s (%s)", me.name, server, get_client_name(sptr,FALSE), comment); log(L_TRACE, "SQUIT From %s : %s (%s)", parv[0], server, comment); } else if (MyConnect(acptr)) sendto_ops("Received SQUIT %s from %s (%s)", acptr->name, get_client_name(sptr,FALSE), comment); return exit_client(cptr, acptr, sptr, comment); }
/* ** m_kill ** parv[0] = sender prefix ** parv[1] = kill victim(s) - comma separated list ** parv[2] = kill path */ DLLFUNC int m_kill(aClient *cptr, aClient *sptr, int parc, char *parv[]) { aClient *acptr; anUser *auser; char inpath[HOSTLEN * 2 + USERLEN + 5]; char *oinpath = get_client_name(cptr, FALSE); char *user, *path, *killer, *nick, *p, *s; int chasing = 0, kcount = 0; if (parc < 2 || *parv[1] == '\0') { sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "KILL"); return 0; } user = parv[1]; path = parv[2]; /* Either defined or NULL (parc >= 2!!) */ strlcpy(inpath, oinpath, sizeof inpath); #ifndef ROXnet if (IsServer(cptr) && (s = (char *)index(inpath, '.')) != NULL) *s = '\0'; /* Truncate at first "." */ #endif if (!IsPrivileged(cptr)) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (IsAnOper(cptr)) { if (BadPtr(path)) { sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "KILL"); return 0; } if (strlen(path) > (size_t)TOPICLEN) path[TOPICLEN] = '\0'; } if (MyClient(sptr)) user = (char *)canonize(user); for (p = NULL, nick = strtoken(&p, user, ","); nick; nick = strtoken(&p, NULL, ",")) { chasing = 0; if (!(acptr = find_client(nick, NULL))) { /* ** If the user has recently changed nick, we automaticly ** rewrite the KILL for this new nickname--this keeps ** servers in synch when nick change and kill collide */ if (!(acptr = get_history(nick, (long)KILLCHASETIMELIMIT))) { sendto_one(sptr, err_str(ERR_NOSUCHNICK), me.name, parv[0], nick); continue; } sendto_one(sptr, ":%s %s %s :*** KILL changed from %s to %s", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], nick, acptr->name); chasing = 1; } if ((!MyConnect(acptr) && MyClient(cptr) && !OPCanGKill(cptr)) || (MyConnect(acptr) && MyClient(cptr) && !OPCanLKill(cptr))) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); continue; } if (IsServer(acptr) || IsMe(acptr)) { sendto_one(sptr, err_str(ERR_CANTKILLSERVER), me.name, parv[0]); continue; } if (!IsPerson(acptr)) { /* Nick exists but user is not registered yet: IOTW "doesn't exist". -- Syzop */ sendto_one(sptr, err_str(ERR_NOSUCHNICK), me.name, parv[0], nick); continue; } if (IsServices(acptr) && !(IsNetAdmin(sptr) || IsULine(sptr))) { sendto_one(sptr, err_str(ERR_KILLDENY), me.name, parv[0], parv[1]); return 0; } /* From here on, the kill is probably going to be successful. */ kcount++; if (!IsServer(sptr) && (kcount > MAXKILLS)) { sendto_one(sptr, ":%s %s %s :*** Too many targets, kill list was truncated. Maximum is %d.", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], MAXKILLS); break; } if (!IsServer(cptr)) { /* ** The kill originates from this server, initialize path. ** (In which case the 'path' may contain user suplied ** explanation ...or some nasty comment, sigh... >;-) ** ** ...!operhost!oper ** ...!operhost!oper (comment) */ strlcpy(inpath, GetHost(cptr), sizeof inpath); if (kcount < 2) { /* Only check the path the first time around, or it gets appended to itself. */ if (!BadPtr(path)) { (void)ircsprintf(buf, "%s%s (%s)", cptr->name, IsOper(sptr) ? "" : "(L)", path); path = buf; } else path = cptr->name; } } else if (BadPtr(path)) path = "*no-path*"; /* Bogus server sending??? */ /* ** Notify all *local* opers about the KILL (this includes the one ** originating the kill, if from this server--the special numeric ** reply message is not generated anymore). ** ** Note: "acptr->name" is used instead of "user" because we may ** have changed the target because of the nickname change. */ auser = acptr->user; sendto_snomask_normal(SNO_KILLS, "*** Notice -- Received KILL message for %s!%s@%s from %s Path: %s!%s", acptr->name, auser->username, IsHidden(acptr) ? auser->virthost : auser->realhost, parv[0], inpath, path); #if defined(USE_SYSLOG) && defined(SYSLOG_KILL) if (IsOper(sptr)) syslog(LOG_DEBUG, "KILL From %s For %s Path %s!%s", parv[0], acptr->name, inpath, path); #endif /* * By otherguy */ ircd_log (LOG_KILL, "KILL (%s) by %s(%s!%s)", make_nick_user_host (acptr->name, acptr->user->username, GetHost(acptr)), parv[0], inpath, path); /* ** And pass on the message to other servers. Note, that if KILL ** was changed, the message has to be sent to all links, also ** back. ** Suicide kills are NOT passed on --SRB */ if (!MyConnect(acptr) || !MyConnect(sptr) || !IsAnOper(sptr)) { sendto_serv_butone(cptr, ":%s KILL %s :%s!%s", parv[0], acptr->name, inpath, path); if (chasing && IsServer(cptr)) sendto_one(cptr, ":%s KILL %s :%s!%s", me.name, acptr->name, inpath, path); acptr->flags |= FLAGS_KILLED; } /* ** Tell the victim she/he has been zapped, but *only* if ** the victim is on current server--no sense in sending the ** notification chasing the above kill, it won't get far ** anyway (as this user don't exist there any more either) */ if (MyConnect(acptr)) sendto_prefix_one(acptr, sptr, ":%s KILL %s :%s!%s", parv[0], acptr->name, inpath, path); /* ** Set FLAGS_KILLED. This prevents exit_one_client from sending ** the unnecessary QUIT for this. (This flag should never be ** set in any other place) */ if (MyConnect(acptr) && MyConnect(sptr) && IsAnOper(sptr)) (void)ircsprintf(buf2, "[%s] Local kill by %s (%s)", me.name, sptr->name, BadPtr(parv[2]) ? sptr->name : parv[2]); else { if ((killer = index(path, ' '))) { while ((killer >= path) && *killer && *killer != '!') killer--; if (!*killer) killer = path; else killer++; } else killer = path; (void)ircsprintf(buf2, "Killed (%s)", killer); } if (MyClient(sptr)) RunHook3(HOOKTYPE_LOCAL_KILL, sptr, acptr, parv[2]); if (exit_client(cptr, acptr, sptr, buf2) == FLUSH_BUFFER) return FLUSH_BUFFER; } return 0; }
static int VerifyMountPromise(EvalContext *ctx, char *name, Attributes a, Promise *pp) { char *options; char dir[CF_BUFSIZE]; int changes = 0; CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> Verifying mounted file systems on %s\n", name); snprintf(dir, CF_BUFSIZE, "%s/.", name); if (!IsPrivileged()) { cfPS(ctx, OUTPUT_LEVEL_ERROR, PROMISE_RESULT_INTERRUPTED, "", pp, a, "Only root can mount filesystems.\n"); return false; } options = Rlist2String(a.mount.mount_options, ","); if (!FileSystemMountedCorrectly(MOUNTEDFSLIST, name, options, a)) { if (!a.mount.unmount) { if (!MakeParentDirectory(dir, a.move_obstructions)) { } if (a.mount.editfstab) { changes += VerifyInFstab(ctx, name, a, pp); } else { cfPS(ctx, OUTPUT_LEVEL_INFORM, PROMISE_RESULT_FAIL, "", pp, a, " -> Filesystem %s was not mounted as promised, and no edits were promised in %s\n", name, VFSTAB[VSYSTEMHARDCLASS]); // Mount explicitly VerifyMount(ctx, name, a, pp); } } else { if (a.mount.editfstab) { changes += VerifyNotInFstab(ctx, name, a, pp); } } if (changes) { CF_MOUNTALL = true; } } else { if (a.mount.unmount) { VerifyUnmount(ctx, name, a, pp); if (a.mount.editfstab) { VerifyNotInFstab(ctx, name, a, pp); } } else { cfPS(ctx, OUTPUT_LEVEL_INFORM, PROMISE_RESULT_NOOP, "", pp, a, " -> Filesystem %s seems to be mounted as promised\n", name); } } free(options); return true; }
/*********************************************************************** * m_connect() - Added by Jto 11 Feb 1989 ***********************************************************************//* ** m_connect ** parv[0] = sender prefix ** parv[1] = servername ** parv[2] = port number ** parv[3] = remote server */ DLLFUNC CMD_FUNC(m_connect) { int port, tmpport, retval; ConfigItem_link *aconf; ConfigItem_deny_link *deny; aClient *acptr; if (!IsPrivileged(sptr)) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); return -1; } if (MyClient(sptr) && !OPCanGRoute(sptr) && parc > 3) { /* Only allow LocOps to make */ /* local CONNECTS --SRB */ sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (MyClient(sptr) && !OPCanLRoute(sptr) && parc <= 3) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (hunt_server_token(cptr, sptr, MSG_CONNECT, TOK_CONNECT, "%s %s :%s", 3, parc, parv) != HUNTED_ISME) return 0; if (parc < 2 || *parv[1] == '\0') { sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "CONNECT"); return -1; } if ((acptr = find_server_quick(parv[1]))) { sendto_one(sptr, ":%s %s %s :*** Connect: Server %s %s %s.", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], parv[1], "already exists from", acptr->from->name); return 0; } for (aconf = conf_link; aconf; aconf = (ConfigItem_link *) aconf->next) if (!match(parv[1], aconf->servername)) break; /* Checked first servernames, then try hostnames. */ if (!aconf) { sendto_one(sptr, ":%s %s %s :*** Connect: Server %s is not configured for linking", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], parv[1]); return 0; } /* ** Get port number from user, if given. If not specified, ** use the default form configuration structure. If missing ** from there, then use the precompiled default. */ tmpport = port = aconf->port; if (parc > 2 && !BadPtr(parv[2])) { if ((port = atoi(parv[2])) <= 0) { sendto_one(sptr, ":%s %s %s :*** Connect: Illegal port number", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0]); return 0; } } else if (port <= 0 && (port = PORTNUM) <= 0) { sendto_one(sptr, ":%s %s %s :*** Connect: missing port number", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0]); return 0; } /* Evaluate deny link */ for (deny = conf_deny_link; deny; deny = (ConfigItem_deny_link *) deny->next) { if (deny->flag.type == CRULE_ALL && !match(deny->mask, aconf->servername) && crule_eval(deny->rule)) { sendto_one(sptr, ":%s %s %s :*** Connect: Disallowed by connection rule", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0]); return 0; } } if (strchr(aconf->hostname, '*') != NULL || strchr(aconf->hostname, '?') != NULL) { sendto_one(sptr, ":%s %s %s :*** Connect: You cannot connect to a server with wildcards (* and ?) in the hostname", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0]); return 0; } /* ** Notify all operators about remote connect requests */ if (!IsAnOper(cptr)) { sendto_serv_butone(&me, ":%s GLOBOPS :Remote CONNECT %s %s from %s", me.name, parv[1], parv[2] ? parv[2] : "", get_client_name(sptr, FALSE)); } /* Interesting */ aconf->port = port; switch (retval = connect_server(aconf, sptr, NULL)) { case 0: sendto_one(sptr, ":%s %s %s :*** Connecting to %s[%s].", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], aconf->servername, aconf->hostname); break; case -1: sendto_one(sptr, ":%s %s %s :*** Couldn't connect to %s.", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], aconf->servername); break; case -2: sendto_one(sptr, ":%s %s %s :*** Resolving hostname '%s'...", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], aconf->hostname); break; default: sendto_one(sptr, ":%s %s %s :*** Connection to %s failed: %s", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], aconf->servername, STRERROR(retval)); } aconf->port = tmpport; return 0; }
static int VerifyMountPromise(char *name, Attributes a, Promise *pp, const ReportContext *report_context) { char *options; char dir[CF_BUFSIZE]; int changes = 0; CfOut(cf_verbose, "", " -> Verifying mounted file systems on %s\n", name); snprintf(dir, CF_BUFSIZE, "%s/.", name); if (!IsPrivileged()) { cfPS(cf_error, CF_INTERPT, "", pp, a, "Only root can mount filesystems.\n"); return false; } options = Rlist2String(a.mount.mount_options, ","); if (!FileSystemMountedCorrectly(MOUNTEDFSLIST, name, options, a, pp)) { if (!a.mount.unmount) { if (!MakeParentDirectory(dir, a.move_obstructions, report_context)) { } if (a.mount.editfstab) { changes += VerifyInFstab(name, a, pp); } else { cfPS(cf_inform, CF_FAIL, "", pp, a, " -> Filesystem %s was not mounted as promised, and no edits were promised in %s\n", name, VFSTAB[VSYSTEMHARDCLASS]); // Mount explicitly VerifyMount(name, a, pp); } } else { if (a.mount.editfstab) { changes += VerifyNotInFstab(name, a, pp); } } if (changes) { CF_MOUNTALL = true; } } else { if (a.mount.unmount) { VerifyUnmount(name, a, pp); if (a.mount.editfstab) { VerifyNotInFstab(name, a, pp); } } else { cfPS(cf_inform, CF_NOP, "", pp, a, " -> Filesystem %s seems to be mounted as promised\n", name); } } free(options); return true; }
NTSTATUS InitiateShutdown( PETHREAD Thread, PULONG lpdwFlags) { static PRIVILEGE_SET psShutdown = { 1, PRIVILEGE_SET_ALL_NECESSARY, { SE_SHUTDOWN_PRIVILEGE, 0 } }; PEPROCESS Process; LUID luidCaller; LUID luidSystem = SYSTEM_LUID; PPROCESSINFO ppi; PWINDOWSTATION pwinsta; HWINSTA hwinsta; PTHREADINFO ptiClient; NTSTATUS Status; DWORD dwFlags; /* * Find out the callers sid. Only want to shutdown processes in the * callers sid. */ Process = THREAD_TO_PROCESS(Thread); ptiClient = PtiFromThread(Thread); Status = GetProcessLuid(Thread, &luidCaller); if (!NT_SUCCESS(Status)) { return Status; } /* * Set the system flag if the caller is a system process. * Winlogon uses this to determine in which context to perform * a shutdown operation. */ dwFlags = *lpdwFlags; if (RtlEqualLuid(&luidCaller, &luidSystem)) { dwFlags |= EWX_SYSTEM_CALLER; } else { dwFlags &= ~EWX_SYSTEM_CALLER; } /* * Find a windowstation. If the process does not have one * assigned, use the standard one. */ ppi = PpiFromProcess(Process); if (ppi == NULL) { /* * We ran into a case where the thread was terminated and had already * been cleaned up by USER. Thus, the ppi and ptiClient was NULL. */ return STATUS_INVALID_HANDLE; } pwinsta = ppi->rpwinsta; hwinsta = ppi->hwinsta; /* * If we're not being called by Winlogon, validate the call and * notify the logon process to do the actual shutdown. */ if (Thread->Cid.UniqueProcess != gpidLogon) { dwFlags &= ~EWX_WINLOGON_CALLER; *lpdwFlags = dwFlags; if (pwinsta == NULL) { #ifndef LATER return STATUS_INVALID_HANDLE; #else hwinsta = ppi->pOpenObjectTable[HI_WINDOWSTATION].h; if (hwinsta == NULL) { return STATUS_INVALID_HANDLE; } pwinsta = (PWINDOWSTATION)ppi->pOpenObjectTable[HI_WINDOWSTATION].phead; #endif } /* * Check security first - does this thread have access? */ if (!RtlAreAllAccessesGranted(ppi->amwinsta, WINSTA_EXITWINDOWS)) { return STATUS_ACCESS_DENIED; } /* * If the client requested shutdown, reboot, or poweroff they must have * the shutdown privilege. */ if (dwFlags & EWX_SHUTDOWN) { if (!IsPrivileged(&psShutdown) ) { return STATUS_PRIVILEGE_NOT_HELD; } } else { /* * If this is a non-IO windowstation and we are not shutting down, * fail the call. */ if (pwinsta->dwFlags & WSF_NOIO) { return STATUS_INVALID_DEVICE_REQUEST; } } } /* * Is there a shutdown already in progress? */ if (dwThreadEndSession != 0) { DWORD dwNew; /* * Calculate new flags */ dwNew = dwFlags & OPTIONMASK & (~gdwShutdownFlags); /* * Should we override the other shutdown? Make sure * winlogon does not recurse. */ if (dwNew && (DWORD)PsGetCurrentThread()->Cid.UniqueThread != dwThreadEndSession) { /* * Only one windowstation can be logged off at a time. */ if (!(dwFlags & EWX_SHUTDOWN) && pwinsta != gpwinstaLogoff) { return STATUS_DEVICE_BUSY; } /* * Set the new flags */ gdwShutdownFlags = dwFlags; if (dwNew & EWX_FORCE) { return STATUS_RETRY; } else { return STATUS_PENDING; } } else { /* * Don't override */ return STATUS_PENDING; } } /* * If the caller is not winlogon, signal winlogon to start * the real shutdown. */ if (Thread->Cid.UniqueProcess != gpidLogon) { if (dwFlags & EWX_NOTIFY) { if (ptiClient && ptiClient->TIF_flags & TIF_16BIT) gptiShutdownNotify = ptiClient; dwFlags &= ~EWX_NOTIFY; *lpdwFlags = dwFlags; } if (NotifyLogon(pwinsta, &luidCaller, dwFlags)) return STATUS_PENDING; else if (ptiClient && ptiClient->cWindows) return STATUS_CANT_WAIT; } /* * Mark this thread as the one that is currently processing * exit windows, and set the global saying someone is exiting */ dwFlags |= EWX_WINLOGON_CALLER; *lpdwFlags = dwFlags; gdwShutdownFlags = dwFlags; dwThreadEndSession = (DWORD)PsGetCurrentThread()->Cid.UniqueThread; gpwinstaLogoff = pwinsta; pwinsta->luidEndSession = luidCaller; /* * Lock the windowstation to prevent apps from starting * while we're doing shutdown processing. */ gdwLocks = pwinsta->dwFlags & (WSF_SWITCHLOCK | WSF_OPENLOCK); pwinsta->dwFlags |= (WSF_OPENLOCK | WSF_SHUTDOWN); return STATUS_SUCCESS; }
/* * m_connect - CONNECT command handler * * Added by Jto 11 Feb 1989 * * m_connect * parv[0] = sender prefix * parv[1] = servername * parv[2] = port number * parv[3] = remote server */ int m_connect(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { int port; int tmpport; struct ConfItem* aconf; struct Client* acptr; if (!IsPrivileged(sptr)) { sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]); return -1; } if (IsLocOp(sptr) && parc > 3) { /* * Only allow LocOps to make local CONNECTS --SRB */ return 0; } if (MyConnect(sptr) && !IsOperRemote(sptr) && parc > 3) { sendto_one(sptr,":%s NOTICE %s :You have no R flag", me.name, parv[0]); return 0; } if (hunt_server(cptr, sptr, ":%s CONNECT %s %s :%s", 3, parc, parv) != HUNTED_ISME) return 0; if (parc < 2 || *parv[1] == '\0') { sendto_one(sptr, form_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "CONNECT"); return -1; } if ((acptr = find_server(parv[1]))) { sendto_one(sptr, ":%s NOTICE %s :Connect: Server %s %s %s.", me.name, parv[0], parv[1], "already exists from", acptr->from->name); return 0; } /* * try to find the name, then host, if both fail notify ops and bail */ if (!(aconf = find_conf_by_name(parv[1], CONF_CONNECT_SERVER))) { #ifndef HIDE_SERVERS_IPS if (!(aconf = find_conf_by_host(parv[1], CONF_CONNECT_SERVER))) { #endif sendto_one(sptr, "NOTICE %s :Connect: Host %s not listed in ircd.conf", parv[0], parv[1]); return 0; #ifndef HIDE_SERVERS_IPS } #endif } assert(0 != aconf); /* * Get port number from user, if given. If not specified, * use the default form configuration structure. If missing * from there, then use the precompiled default. */ tmpport = port = aconf->port; if (parc > 2 && !EmptyString(parv[2])) { #ifdef NEG_PORT if ((port = atoi(parv[2])) < 0) #else if ((port = atoi(parv[2])) <= 0) #endif { sendto_one(sptr, "NOTICE %s :Connect: Illegal port number", parv[0]); return 0; } } #ifdef NEG_PORT else if (port < 0 && (port = PORTNUM) <= 0) #else else if (port <= 0 && (port = PORTNUM) <= 0) #endif { sendto_one(sptr, ":%s NOTICE %s :Connect: missing port number", me.name, parv[0]); return 0; } #ifdef NEG_PORT if (port == 0) port = tmpport; /* From conf */ if (port == 0) port = PORTNUM; /* Default if there wasn't one set in conf */ #endif /* * Notify all operators about remote connect requests */ if (!IsAnOper(cptr)) { sendto_ops_butone(NULL, &me, ":%s WALLOPS :Remote CONNECT %s %s from %s", me.name, parv[1], parv[2] ? parv[2] : "", get_client_name(sptr, FALSE)); irclog(L_TRACE, "CONNECT From %s : %s %s", parv[0], parv[1], parv[2] ? parv[2] : ""); } aconf->port = port; /* * at this point we should be calling connect_server with a valid * C:line and a valid port in the C:line */ if (connect_server(aconf, sptr, 0)) #if (defined SERVERHIDE) || (defined HIDE_SERVERS_IPS) sendto_one(sptr, ":%s NOTICE %s :*** Connecting to %s[%s].%d", me.name, parv[0], "255.255.255.255", aconf->name, aconf->port); else sendto_one(sptr, ":%s NOTICE %s :*** Couldn't connect to %s.%d", me.name, parv[0], "255.255.255.255",aconf->port); #else sendto_one(sptr, ":%s NOTICE %s :*** Connecting to %s[%s].%d", me.name, parv[0], aconf->host, aconf->name, aconf->port); else
void SetDefaultRoute() { int sk, defaultokay = 1; struct sockaddr_in sindst,singw; char oldroute[INET_ADDRSTRLEN]; char routefmt[CF_MAXVARSIZE]; /* These OSes have these structs defined but use the route command */ # if defined DARWIN || defined FREEBSD || defined OPENBSD || defined SOLARIS # undef HAVE_RTENTRY # undef HAVE_ORTENTRY # endif # ifdef HAVE_ORTENTRY struct ortentry route; # else # if HAVE_RTENTRY struct rtentry route; # endif # endif FILE *pp; Verbose("Looking for a default route...\n"); if (!IsPrivileged()) { snprintf(OUTPUT,CF_BUFSIZE*2,"Only root can set a default route."); CfLog(cfinform,OUTPUT,""); return; } if (VDEFAULTROUTE == NULL) { Verbose("cfengine: No default route is defined. Ignoring the routing tables.\n"); return; } if ((pp = cfpopen(VNETSTAT[VSYSTEMHARDCLASS],"r")) == NULL) { snprintf(OUTPUT,CF_BUFSIZE*2,"Failed to open pipe from %s\n",VNETSTAT[VSYSTEMHARDCLASS]); CfLog(cferror,OUTPUT,"popen"); return; } while (!feof(pp)) { ReadLine(VBUFF,CF_BUFSIZE,pp); Debug("LINE: %s = %s?\n",VBUFF,VDEFAULTROUTE->name); if ((strncmp(VBUFF,"default",7) == 0)||(strncmp(VBUFF,"0.0.0.0",7) == 0)) { /* extract the default route */ /* format: default|0.0.0.0 <whitespace> route <whitespace> etc */ if ((sscanf(VBUFF, "%*[default0. ]%s%*[ ]", &oldroute)) == 1) { if ((strncmp(VDEFAULTROUTE->name, oldroute, INET_ADDRSTRLEN)) == 0) { Verbose("cfengine: default route is already set to %s\n",VDEFAULTROUTE->name); defaultokay = 1; break; } else { Verbose("cfengine: default route is set to %s, but should be %s.\n",oldroute,VDEFAULTROUTE->name); defaultokay = 2; break; } } } else { Debug("No default route is yet registered\n"); defaultokay = 0; } } cfpclose(pp); if (defaultokay == 1) { Verbose("Default route is set and agrees with conditional policy\n"); return; } if (defaultokay == 0) { AddMultipleClasses("no_default_route"); } if (IsExcluded(VDEFAULTROUTE->classes)) { Verbose("cfengine: No default route is applicable. Ignoring the routing tables.\n"); return; } CfLog(cferror,"The default route is incorrect, trying to correct\n",""); if ( strcmp(VROUTE[VSYSTEMHARDCLASS], "-") != 0 ) { Debug ("Using route shell commands to set default route\n"); if (defaultokay == 2) { if (! DONTDO) { /* get the route command and the format for the delete argument */ snprintf(routefmt,CF_MAXVARSIZE,"%s %s",VROUTE[VSYSTEMHARDCLASS],VROUTEDELFMT[VSYSTEMHARDCLASS]); snprintf(VBUFF,CF_MAXVARSIZE,routefmt,"default",VDEFAULTROUTE->name); if (ShellCommandReturnsZero(VBUFF,false)) { CfLog(cfinform,"Removing old default route",""); CfLog(cfinform,VBUFF,""); } else { CfLog(cferror,"Error removing route",""); } } } if (! DONTDO) { snprintf(routefmt,CF_MAXVARSIZE,"%s %s",VROUTE[VSYSTEMHARDCLASS],VROUTEADDFMT[VSYSTEMHARDCLASS]); snprintf(VBUFF,CF_MAXVARSIZE,routefmt,"default",VDEFAULTROUTE->name); if (ShellCommandReturnsZero(VBUFF,false)) { CfLog(cfinform,"Setting default route",""); CfLog(cfinform,VBUFF,""); } else { CfLog(cferror,"Error setting route",""); } } return; } else { #if defined HAVE_RTENTRY || defined HAVE_ORTENTRY Debug ("Using route ioctl to set default route\n"); if ((sk = socket(AF_INET,SOCK_RAW,0)) == -1) { CfLog(cferror,"System class: ", CLASSTEXT[VSYSTEMHARDCLASS]); CfLog(cferror,"","Error in SetDefaultRoute():"); perror("cfengine: socket"); } else { sindst.sin_family = AF_INET; singw.sin_family = AF_INET; sindst.sin_addr.s_addr = INADDR_ANY; singw.sin_addr.s_addr = inet_addr(VDEFAULTROUTE->name); route.rt_dst = *(struct sockaddr *)&sindst; /* This disgusting method is necessary */ route.rt_gateway = *(struct sockaddr *)&singw; route.rt_flags = RTF_GATEWAY; if (! DONTDO) { if (ioctl(sk,SIOCADDRT, (caddr_t) &route) == -1) /* Get the device status flags */ { CfLog(cferror,"Error setting route:",""); perror("cfengine: ioctl SIOCADDRT:"); } else { CfLog(cferror,"Setting default route.\n",""); snprintf(OUTPUT,CF_BUFSIZE*2,"I'm setting it to %s\n",VDEFAULTROUTE->name); CfLog(cferror,OUTPUT,""); } } } #else /* Socket routing - don't really know how to do this yet */ Verbose("Sorry don't know how to do routing on this platform\n"); #endif } }
/* * m_gline * Add a local user@host ban. * * parv[0] = sender * parv[1] = duration (optional) * parv[2] = nick or user@host mask * parv[3] = reason (optional) */ int m_gline(aClient *cptr, aClient *sptr, int parc, char *parv[]) { char rbuf[512]; char *target; char *user; char *host; char *reason = "<no reason>"; int tgminutes = DEFAULT_GLINE_TIME; int tgseconds; long lval; struct userBan *ban; struct userBan *existing; if (!IsPrivileged(sptr)) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (parc < 2) { sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "gline"); return 0; } lval = strtol(parv[1], &target, 10); if (*target != 0) { target = parv[1]; if (parc > 2) reason = parv[2]; } else { /* valid expiration time */ tgminutes = lval; if (parc < 3) { sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "Gline"); return 0; } target = parv[2]; if (parc > 3) reason = parv[3]; } /* negative times, or times greater than a year, are permanent */ if (tgminutes < 0 || tgminutes > (365 * 24 * 60)) tgminutes = 0; tgseconds = tgminutes * 60; if ((host = strchr(target, '@'))) { *host++ = 0; user = target; } else { user = "******"; host = target; } if (!match(user, "akjhfkahfasfjd") && !match(host, "ldksjfl.kss...kdjfd.jfklsjf")) { sendto_one(sptr, ":%s NOTICE %s :gline: %s@%s mask is too wide", me.name, parv[0], user, host); return 0; } /* * XXX: nick target support to be re-added */ if (!(ban = make_hostbased_ban(user, host))) { sendto_one(sptr, ":%s NOTICE %s :gline: invalid ban mask %s@%s", me.name, parv[0], user, host); return 0; } ban->flags |= UBAN_GLINE; /* only looks for duplicate glines, not akills */ if ((existing = find_userban_exact(ban, UBAN_GLINE))) { if (!IsServer(sptr)) sendto_one(sptr, ":%s NOTICE %s :gline: %s@%s is already %s: %s", me.name, parv[0], user, host, NETWORK_GLINE_NAME, existing->reason ? existing->reason : "<no reason>"); userban_free(ban); return 0; } if (MyClient(sptr) && user_match_ban(sptr, ban)) { sendto_one(sptr, ":%s NOTICE %s :gline: %s@%s matches you, rejected", me.name, parv[0], user, host); userban_free(ban); return 0; } if (!IsServer(sptr)) ircsnprintf(rbuf, sizeof(rbuf), "%s (%s)", reason, smalldate(0)); else ircsnprintf(rbuf, sizeof(rbuf), "%s", reason); ban->reason = MyMalloc(strlen(rbuf) + 1); strcpy(ban->reason, rbuf); if (tgseconds) { ban->flags |= UBAN_TEMPORARY; ban->timeset = NOW; ban->duration = tgseconds; } add_hostbased_userban(ban); if (!tgminutes || tgminutes >= GLINE_MIN_STORE_TIME) glinestore_add(ban); userban_sweep(ban); host = get_userban_host(ban, rbuf, sizeof(rbuf)); sendto_serv_butone(MyConnect(sptr) ? NULL : cptr, ":%s GLINE %l %s@%s :%s", sptr->name, tgseconds, user, host, reason); if (tgminutes) sendto_realops("%s added temporary %d min. "NETWORK_GLINE_NAME" for" " [%s@%s] [%s]", parv[0], tgminutes, user, host, reason); else sendto_realops("%s added "NETWORK_GLINE_NAME" for [%s@%s] [%s]", parv[0], user, host, reason); return 0; }
/* * m_ungline * Remove a local user@host ban. * * parv[0] = sender * parv[1] = user@host mask */ int m_ungline(aClient *cptr, aClient *sptr, int parc, char *parv[]) { char hbuf[512]; char *user; char *host; struct userBan *ban; struct userBan *existing; if (!IsPrivileged(sptr)) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (parc < 2) { sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "UNGline"); return 0; } if ((host = strchr(parv[1], '@'))) { *host++ = 0; user = parv[1]; } else { user = "******"; host = parv[1]; } if (!(ban = make_hostbased_ban(user, host))) { sendto_one(sptr, ":%s NOTICE %s :UNGline: No such ban %s@%s", me.name, parv[0], user, host); return 0; } ban->flags |= UBAN_GLINE; existing = find_userban_exact(ban, UBAN_GLINE); host = get_userban_host(ban, hbuf, sizeof(hbuf)); userban_free(ban); if (!existing) { sendto_one(sptr, ":%s NOTICE %s :UNGLINE: No such ban %s@%s", me.name, parv[0], user, host); return 0; } if (existing->flags & UBAN_CONF) { sendto_one(sptr, ":%s NOTICE %s :UNGLINE: %s@%s is specified in the" " configuration file and cannot be removed online", me.name, parv[0], user, host); return 0; } remove_userban(existing); glinestore_remove(existing); userban_free(existing); sendto_ops("%s has removed the G-Line for: [%s@%s]", sptr->name, user, host); sendto_serv_butone(MyConnect(sptr) ? NULL : cptr, ":%s UNGLINE %s@%s", sptr->name, user, host); return 0; }
/** Handle a CONNECT message from a server. * * \a parv has the following elements: * \li \a parv[1] is the server that should initiate the connection * \li \a parv[2] is the port number to connect on (zero for the default) * \li \a parv[3] is the server to connect to * * See @ref m_functions for discussion of the arguments. * @param[in] cptr Client that sent us the message. * @param[in] sptr Original source of message. * @param[in] parc Number of arguments. * @param[in] parv Argument vector. */ int ms_connect(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { unsigned short port; unsigned short tmpport; const char* rule; struct ConfItem* aconf; struct Client* acptr; struct Jupe* ajupe; assert(0 != cptr); assert(0 != sptr); if (!IsPrivileged(sptr)) return send_reply(sptr, ERR_NOPRIVILEGES); if (parc < 4) { /* * this is coming from a server which should have already * checked it's args, if we don't have parc == 4, something * isn't right. */ protocol_violation(sptr, "Too few parameters to connect"); return need_more_params(sptr, "CONNECT"); } if (hunt_server_cmd(sptr, CMD_CONNECT, cptr, 1, "%s %s :%C", 3, parc, parv) != HUNTED_ISME) return 0; /* * need to find the conf entry first so we can use the server name from * the conf entry instead of parv[1] to find out if the server is already * present below. --Bleep */ if (0 == (aconf = conf_find_server(parv[1]))) { sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :Connect: Host %s not listed " "in ircd.conf", sptr, parv[1]); return 0; } /* * use aconf->name to look up the server */ if ((acptr = FindServer(aconf->name))) { sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :Connect: Server %s already " "exists from %s", sptr, parv[1], cli_name(cli_from(acptr))); return 0; } /* * Evaluate connection rules... If no rules found, allow the * connect. Otherwise stop with the first true rule (ie: rules * are ored together. Oper connects are effected only by D * lines (CRULEALL) not d lines (CRULEAUTO). */ if ((rule = conf_eval_crule(aconf->name, CRULE_ALL))) { sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :Connect: Disallowed by rule: %s", sptr, rule); return 0; } /* * Check to see if the server is juped; if it is, disallow the connect */ if ((ajupe = jupe_find(aconf->name)) && JupeIsActive(ajupe)) { sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :Connect: Server %s is juped: %s", sptr, JupeServer(ajupe), JupeReason(ajupe)); return 0; } /* * Allow opers to /connect foo.* 0 bah.* to connect foo and bah * using the conf's configured port */ port = atoi(parv[2]); /* * save the old port */ tmpport = aconf->address.port; if (port) aconf->address.port = port; else port = aconf->address.port; /* * Notify all operators about remote connect requests */ sendwallto_group(&me, WALL_WALLOPS, 0, "Remote CONNECT %s %s from %s", parv[1], parv[2] ? parv[2] : "", get_client_name(sptr, HIDE_IP)); log_write(LS_NETWORK, L_INFO, 0, "CONNECT From %C : %s %s", sptr, parv[1], parv[2] ? parv[2] : ""); if (connect_server(aconf, sptr)) { sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :*** Connecting to %s.", sptr, aconf->name); } else { sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :*** Connection to %s failed", sptr, aconf->name); } aconf->address.port = tmpport; return 0; }
static PromiseResult VerifyMountPromise(EvalContext *ctx, char *name, Attributes a, Promise *pp) { char *options; char dir[CF_BUFSIZE]; int changes = 0; Log(LOG_LEVEL_VERBOSE, "Verifying mounted file systems on '%s'", name); snprintf(dir, CF_BUFSIZE, "%s/.", name); if (!IsPrivileged()) { cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_INTERRUPTED, pp, a, "Only root can mount filesystems"); return PROMISE_RESULT_INTERRUPTED; } options = Rlist2String(a.mount.mount_options, ","); PromiseResult result = PROMISE_RESULT_NOOP; if (!FileSystemMountedCorrectly(GetGlobalMountedFSList(), name, a)) { if (!a.mount.unmount) { if (!MakeParentDirectory(dir, a.move_obstructions)) { } if (a.mount.editfstab) { changes += VerifyInFstab(ctx, name, a, pp, &result); } else { cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_FAIL, pp, a, "Filesystem '%s' was not mounted as promised, and no edits were promised in '%s'", name, VFSTAB[VSYSTEMHARDCLASS]); result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL); // Mount explicitly result = PromiseResultUpdate(result, VerifyMount(ctx, name, a, pp)); } } else { if (a.mount.editfstab) { changes += VerifyNotInFstab(ctx, name, a, pp, &result); } } if (changes) { CF_MOUNTALL = true; } } else { if (a.mount.unmount) { VerifyUnmount(ctx, name, a, pp); if (a.mount.editfstab) { VerifyNotInFstab(ctx, name, a, pp, &result); } } else { cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_NOOP, pp, a, "Filesystem '%s' seems to be mounted as promised", name); } } free(options); return result; }
bool BootstrapAllowed(void) { return IsPrivileged(); }
/* ** m_ircops() By Claudio ** Rewritten by HAMLET ** Lists online IRCOps ** */ int m_ircops(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct Client *acptr; char *status; char buf[BUFSIZE]; int locals = 0, globals = 0; if (!IRCopsForAll && !IsPrivileged(cptr)) { sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } strcpy(buf, "========================================================================================"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); strcpy(buf, "\2Nick Status Server\2"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); strcpy(buf, "----------------------------------------------------------------------------------------"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); for (acptr = GlobalClientList; acptr; acptr = acptr->next) { if (!IsService(acptr) && !IsStealth(acptr) && IsAnOper(acptr) && (!IsHideOper(acptr) || IsAnOper(sptr)) ) { if (!acptr->user) continue; if (IsTechAdmin(acptr)) status = "Technical Administrator"; else if (IsNetAdmin(acptr)) status = "Network Administrator"; else if (IsSAdmin(acptr)) status = "Services Administrator"; else if (IsAdmin(acptr)) status = "Server Administrator"; else if(IsOper(acptr)) status = "Global IRC Operator"; else status = "Local IRC Operator"; /* vlinks on /IRCops * code by openglx * idea to this by Midnight_Commander */ if (acptr->user && acptr->user->vlink) { ircsprintf(buf, "\2%-29s\2 %-23s %-6s %s", acptr->name ? acptr->name : "<unknown>", status, acptr->user->away ? "(AWAY)" : "", acptr->user->vlink->name); } else { ircsprintf(buf, "\2%-29s\2 %-23s %-6s %s", acptr->name ? acptr->name : "<unknown>", status, acptr->user->away ? "(AWAY)" : "", acptr->user->server); } /* end of the vlink support code */ sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], "-"); if (IsOper(acptr)) globals++; else locals++; } } ircsprintf(buf, "Total: \2%d\2 IRCOp%s connected - \2%d\2 Globa%s, \2%d\2 Loca%s", globals+locals, (globals+locals) > 1 ? "s" : "", globals, globals > 1 ? "ls" : "l", locals, locals > 1 ? "ls" : "l"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); strcpy(buf, "========================================================================================"); sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf); sendto_one(sptr, form_str(RPL_ENDOFLISTS), me.name, parv[0], "IRCOPS"); return 0; }