/*
** m_oper
** parv[0] = sender prefix
** parv[1] = oper name
** parv[2] = oper password
*/
static void
m_oper(struct Client *client_p, struct Client *source_p,
int parc, char *parv[])
{
struct ConfItem *conf;
struct AccessItem *aconf=NULL;
const char *name = parv[1];
const char *password = parv[2];
if (EmptyString(password))
{
sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS),
me.name, source_p->name, "OPER");
return;
}
/* end the grace period */
if (!IsFloodDone(source_p))
flood_endgrace(source_p);
if ((conf = find_password_conf(name,source_p)) == NULL)
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
conf = find_exact_name_conf(OPER_TYPE, name, NULL, NULL);
failed_oper_notice(source_p, name, (conf != NULL) ?
"host mismatch" : "no oper {} block");
log_failed_oper(source_p, name);
return;
}
aconf = (struct AccessItem *)map_to_conf(conf);
if (match_oper_password(password, aconf))
{
if (attach_conf(source_p, conf) != 0)
{
sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!",
me.name, source_p->name);
failed_oper_notice(source_p, name, "can't attach conf!");
log_failed_oper(source_p, name);
return;
}
oper_up(source_p);
ilog(L_TRACE, "OPER %s by %s!%s@%s",
name, source_p->name, source_p->username, source_p->host);
log_oper(source_p, name);
}
else
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, parv[0]);
failed_oper_notice(source_p, name, "password mismatch");
log_failed_oper(source_p, name);
}
}
/*
** m_oper
** parv[0] = sender prefix
** parv[1] = oper name
** parv[2] = oper password
*/
static void
m_oper(struct Client *client_p, struct Client *source_p,
int parc, char *parv[])
{
struct MaskItem *conf = NULL;
const char *name = parv[1];
const char *password = parv[2];
if (EmptyString(password))
{
sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS),
me.name, source_p->name, "OPER");
return;
}
/* end the grace period */
if (!IsFloodDone(source_p))
flood_endgrace(source_p);
if ((conf = find_exact_name_conf(CONF_OPER, source_p, name, NULL, NULL)) == NULL)
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
conf = find_exact_name_conf(CONF_OPER, NULL, name, NULL, NULL);
failed_oper_notice(source_p, name, (conf != NULL) ?
"host mismatch" : "no oper {} block");
return;
}
if (match_conf_password(password, conf))
{
if (attach_conf(source_p, conf) != 0)
{
sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!",
me.name, source_p->name);
failed_oper_notice(source_p, name, "can't attach conf!");
return;
}
++conf->count;
oper_up(source_p);
ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
name, source_p->name, source_p->username, source_p->host);
}
else
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name);
failed_oper_notice(source_p, name, "password mismatch");
}
}
/** Attach ConfItems to a client if the host passed matches that for
* the ConfItems or is an exact match for them.
* @param cptr Client getting the ConfItem attachments.
* @param host Filter to match ConfItem::host.
* @param statmask Filter to limit ConfItem::status.
* @return First ConfItem attached to \a cptr.
*/
struct ConfItem* attach_confs_byhost(struct Client* cptr, const char* host,
int statmask)
{
struct ConfItem* tmp;
struct ConfItem* first = 0;
assert(0 != host);
if (HOSTLEN < strlen(host))
return 0;
for (tmp = GlobalConfList; tmp; tmp = tmp->next) {
if (0 != (tmp->status & statmask) && !IsIllegal(tmp)) {
assert(0 != tmp->host);
if (0 == match(tmp->host, host) || 0 == ircd_strcmp(tmp->host, host)) {
if (ACR_OK == attach_conf(cptr, tmp) && !first)
first = tmp;
}
}
}
return first;
}
/** Find the first (best) Client block to attach.
* @param cptr Client for whom to check rules.
* @return Authorization check result.
*/
enum AuthorizationCheckResult attach_iline(struct Client* cptr)
{
struct ConfItem* aconf;
assert(0 != cptr);
for (aconf = GlobalConfList; aconf; aconf = aconf->next) {
if (aconf->status != CONF_CLIENT)
continue;
/* If you change any of this logic, please make corresponding
* changes in conf_debug_iline() below.
*/
if (aconf->address.port && aconf->address.port != cli_listener(cptr)->addr.port)
continue;
if (aconf->username && match(aconf->username, cli_username(cptr)))
continue;
if (aconf->host && match(aconf->host, cli_sockhost(cptr)))
continue;
if (aconf->countrymask && match(aconf->countrymask, cli_countrycode(cptr)))
continue;
if (aconf->continentmask && match(aconf->continentmask, cli_continentcode(cptr)))
continue;
if ((aconf->addrbits >= 0)
&& !ipmask_check(&cli_ip(cptr), &aconf->address.addr, aconf->addrbits))
continue;
if (IPcheck_nr(cptr) > aconf->maximum)
return ACR_TOO_MANY_FROM_IP;
if (aconf->redirserver && !EmptyString(aconf->redirserver)) {
send_reply(cptr, RPL_BOUNCE, aconf->redirserver, aconf->redirport);
return ACR_NO_AUTHORIZATION;
}
if (aconf->username && !IsWebIRCUserIdent(cptr) && (aconf->flags & CONF_NOIDENTTILDE))
SetFlag(cptr, FLAG_DOID);
return attach_conf(cptr, aconf);
}
return ACR_NO_AUTHORIZATION;
}
/*
* m_challenge - generate RSA challenge for wouldbe oper
* parv[0] = sender prefix
* parv[1] = operator to challenge for, or +response
*
*/
static void
m_challenge(struct Client *client_p, struct Client *source_p, int parc, char *parv[])
{
char *challenge;
dlink_node *ptr;
struct ConfItem *aconf, *oconf;
if(!(source_p->user) || !source_p->localClient)
return;
/* if theyre an oper, reprint oper motd and ignore */
if(IsOper(source_p))
{
sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, parv[0]);
SendMessageFile(source_p, &ConfigFileEntry.opermotd);
return;
}
if(*parv[1] == '+')
{
/* Ignore it if we aren't expecting this... -A1kmm */
if(!source_p->user->response)
return;
if(irccmp(source_p->user->response, ++parv[1]))
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name);
log_foper(source_p, source_p->user->auth_oper);
if(ConfigFileEntry.failed_oper_notice)
sendto_realops_flags(UMODE_ALL, L_ALL,
"Failed OPER attempt by %s (%s@%s)",
source_p->name, source_p->username,
source_p->host);
return;
}
if((aconf = find_conf_by_name(source_p->user->auth_oper, CONF_OPERATOR)) == NULL)
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
log_foper(source_p, source_p->user->auth_oper);
if(ConfigFileEntry.failed_oper_notice)
sendto_realops_flags(UMODE_ALL, L_ALL,
"Failed CHALLENGE attempt - host mismatch by %s (%s@%s)",
source_p->name, source_p->username,
source_p->host);
return;
}
ptr = source_p->localClient->confs.head;
oconf = ptr->data;
detach_conf(source_p, oconf);
if(attach_conf(source_p, aconf) != 0)
{
sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!",
me.name, source_p->name);
sendto_realops_flags(UMODE_ALL, L_ALL,
"Failed CHALLENGE attempt by %s (%s@%s) can't attach conf!",
source_p->name, source_p->username, source_p->host);
log_foper(source_p, source_p->user->auth_oper);
attach_conf(source_p, oconf);
return;
}
oper_up(source_p, aconf);
ilog(L_TRACE, "OPER %s by %s!%s@%s",
source_p->user->auth_oper, source_p->name, source_p->username, source_p->host);
log_oper(source_p, source_p->user->auth_oper);
MyFree(source_p->user->response);
MyFree(source_p->user->auth_oper);
source_p->user->response = NULL;
source_p->user->auth_oper = NULL;
return;
}
MyFree(source_p->user->response);
MyFree(source_p->user->auth_oper);
source_p->user->response = NULL;
source_p->user->auth_oper = NULL;
if(!(aconf = find_conf_exact(parv[1], source_p->username, source_p->host,
CONF_OPERATOR)) &&
!(aconf = find_conf_exact(parv[1], source_p->username,
source_p->localClient->sockhost, CONF_OPERATOR)))
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
log_foper(source_p, parv[1]);
if(ConfigFileEntry.failed_oper_notice)
sendto_realops_flags(UMODE_ALL, L_ALL,
"Failed CHALLENGE attempt - host mismatch by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
return;
}
if(!aconf->rsa_public_key)
{
sendto_one(source_p, ":%s NOTICE %s :I'm sorry, PK authentication "
"is not enabled for your oper{} block.", me.name, parv[0]);
return;
}
if(!generate_challenge(&challenge, &(source_p->user->response), aconf->rsa_public_key))
{
sendto_one(source_p, form_str(RPL_RSACHALLENGE), me.name, parv[0], challenge);
}
DupString(source_p->user->auth_oper, aconf->name);
MyFree(challenge);
return;
}
/*
* m_challenge - generate RSA challenge for wouldbe oper
* parv[0] = sender prefix
* parv[1] = operator to challenge for, or +response
*
*/
static void
m_challenge(struct Client *client_p, struct Client *source_p, int parc, char *parv[])
{
char *challenge = NULL;
struct ConfItem *conf = NULL;
struct AccessItem *aconf = NULL;
/* if theyre an oper, reprint oper motd and ignore */
if(IsOper(source_p))
{
sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, parv[0]);
send_message_file(source_p, &ConfigFileEntry.opermotd);
return;
}
if(*parv[1] == '+')
{
/* Ignore it if we aren't expecting this... -A1kmm */
if(source_p->localClient->response == NULL)
return;
if(svsnoop)
{
sendto_one(source_p,
":%s NOTICE %s :*** This server is in NOOP mode, you cannot /oper",
me.name, source_p->name);
failed_challenge_notice(source_p, source_p->localClient->auth_oper,
"This server is in NOOP mode");
log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n",
source_p->localClient->auth_oper);
return;
}
if(irccmp(source_p->localClient->response, ++parv[1]))
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name);
failed_challenge_notice(source_p, source_p->localClient->auth_oper,
"challenge failed");
return;
}
conf = find_exact_name_conf(OPER_TYPE,
source_p->localClient->auth_oper,
source_p->username, source_p->host);
if(conf == NULL)
conf = find_exact_name_conf(OPER_TYPE,
source_p->localClient->auth_oper,
source_p->username, source_p->realhost);
if(conf == NULL)
conf = find_exact_name_conf(OPER_TYPE,
source_p->localClient->auth_oper,
source_p->username, source_p->sockhost);
if(conf == NULL)
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n",
source_p->localClient->auth_oper);
return;
}
if(attach_conf(source_p, conf) != 0)
{
sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!",
me.name, source_p->name);
failed_challenge_notice(source_p, conf->name, "can't attach conf!");
log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n",
source_p->localClient->auth_oper);
return;
}
oper_up(source_p);
ilog(L_TRACE, "OPER %s by %s!%s@%s",
source_p->localClient->auth_oper, source_p->name, source_p->username,
source_p->realhost);
log_oper_action(LOG_OPER_TYPE, source_p, "%s\n", source_p->localClient->auth_oper);
MyFree(source_p->localClient->response);
MyFree(source_p->localClient->auth_oper);
source_p->localClient->response = NULL;
source_p->localClient->auth_oper = NULL;
return;
}
MyFree(source_p->localClient->response);
MyFree(source_p->localClient->auth_oper);
source_p->localClient->response = NULL;
source_p->localClient->auth_oper = NULL;
if((conf = find_conf_exact(OPER_TYPE, parv[1], source_p->username, source_p->host)) != NULL)
aconf = map_to_conf(conf);
else if((conf = find_conf_exact(OPER_TYPE,
parv[1], source_p->username, source_p->realhost)) != NULL)
aconf = map_to_conf(conf);
else if((conf = find_conf_exact(OPER_TYPE,
parv[1], source_p->username, source_p->sockhost)) != NULL)
aconf = map_to_conf(conf);
if(aconf == NULL)
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
conf = find_exact_name_conf(OPER_TYPE, parv[1], NULL, NULL);
failed_challenge_notice(source_p, parv[1], (conf != NULL)
? "host mismatch" : "no oper {} block");
log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n", parv[1]);
return;
}
if(aconf->rsa_public_key == NULL)
{
sendto_one(source_p, ":%s NOTICE %s :I'm sorry, PK authentication "
"is not enabled for your oper{} block.", me.name, parv[0]);
return;
}
if(!generate_challenge(&challenge, &(source_p->localClient->response),
aconf->rsa_public_key))
sendto_one(source_p, form_str(RPL_RSACHALLENGE), me.name, parv[0], challenge);
DupString(source_p->localClient->auth_oper, conf->name);
MyFree(challenge);
}
/*
** m_oper
** parv[0] = sender prefix
** parv[1] = oper name
** parv[2] = oper password
*/
static void
m_oper(struct Client *client_p, struct Client *source_p, int parc, char *parv[])
{
struct ConfItem *aconf;
struct ConfItem *oconf = NULL;
char *name;
char *password;
dlink_node *ptr;
name = parv[1];
password = parv[2];
if(EmptyString(password))
{
sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS), me.name, source_p->name, "OPER");
return;
}
/* end the grace period */
if(!IsFloodDone(source_p))
flood_endgrace(source_p);
if((aconf = find_password_aconf(name, source_p)) == NULL)
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
log_foper(source_p, name);
if(ConfigFileEntry.failed_oper_notice)
{
sendto_realops_flags(UMODE_ALL, L_ALL,
"Failed OPER attempt - host mismatch by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
return;
}
if(match_oper_password(password, aconf))
{
/*
20001216:
detach old iline
-einride
*/
ptr = source_p->localClient->confs.head;
if(ptr)
{
oconf = ptr->data;
detach_conf(source_p, oconf);
}
if(attach_conf(source_p, aconf) != 0)
{
sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!",
me.name, source_p->name);
sendto_realops_flags(UMODE_ALL, L_ALL,
"Failed OPER attempt by %s (%s@%s) can't attach conf!",
source_p->name, source_p->username, source_p->host);
log_foper(source_p, name);
/*
20001216:
Reattach old iline
-einride
*/
attach_conf(source_p, oconf);
return;
}
oper_up(source_p, aconf);
ilog(L_TRACE, "OPER %s by %s!%s@%s",
name, source_p->name, source_p->username, source_p->host);
log_oper(source_p, name);
return;
}
else
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, parv[0]);
log_foper(source_p, name);
if(ConfigFileEntry.failed_oper_notice)
{
sendto_realops_flags(UMODE_ALL, L_ALL,
"Failed OPER attempt by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
}
}
/*
* m_oper - generic message handler
*/
int m_oper(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct ConfItem* aconf;
char* name;
char* password;
assert(0 != cptr);
assert(cptr == sptr);
name = parc > 1 ? parv[1] : 0;
password = parc > 2 ? parv[2] : 0;
if (EmptyString(name) || EmptyString(password))
return need_more_params(sptr, "OPER");
aconf = find_conf_exact(name, sptr, CONF_OPERATOR);
if (!aconf || IsIllegal(aconf))
{
send_reply(sptr, ERR_NOOPERHOST);
sendto_opmask_butone(0, SNO_OLDREALOP, "Failed staff authentication attempt by %s (%s@%s)",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr));
return 0;
}
assert(0 != (aconf->status & CONF_OPERATOR));
if (oper_password_match(password, aconf->passwd))
{
struct Flags old_mode = cli_flags(sptr);
if (ACR_OK != attach_conf(sptr, aconf)) {
send_reply(sptr, ERR_NOOPERHOST);
sendto_opmask_butone(0, SNO_OLDREALOP, "Failed staff authentication attempt by %s "
"(%s@%s)", parv[0], cli_user(sptr)->username,
cli_sockhost(sptr));
return 0;
}
SetLocOp(sptr);
client_set_privs(sptr, aconf);
if (HasPriv(sptr, PRIV_PROPAGATE))
{
ClearLocOp(sptr);
SetOper(sptr);
++UserStats.opers;
}
cli_handler(cptr) = OPER_HANDLER;
SetFlag(sptr, FLAG_WALLOP);
SetFlag(sptr, FLAG_SERVNOTICE);
SetFlag(sptr, FLAG_DEBUG);
set_snomask(sptr, SNO_OPERDEFAULT, SNO_ADD);
cli_max_sendq(sptr) = 0; /* Get the sendq from the oper's class */
send_umode_out(cptr, sptr, &old_mode, HasPriv(sptr, PRIV_PROPAGATE));
send_reply(sptr, RPL_YOUREOPER);
sendto_opmask_butone(0, SNO_OLDSNO, "%s (%s@%s) has authenticated as staff",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr));
log_write(LS_OPER, L_INFO, 0, "OPER (%s) by (%#C)", name, sptr);
}
else
{
send_reply(sptr, ERR_PASSWDMISMATCH);
sendto_opmask_butone(0, SNO_OLDREALOP, "Failed staff authentication attempt by %s (%s@%s)",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr));
}
return 0;
}
/*
* m_challenge - generate RSA challenge for wouldbe oper
* parv[0] = sender prefix
* parv[1] = operator to challenge for, or +response
*
*/
static void
m_challenge(struct Client *client_p, struct Client *source_p,
int parc, char *parv[])
{
char *challenge = NULL;
struct MaskItem *conf = NULL;
if (*parv[1] == '+')
{
/* Ignore it if we aren't expecting this... -A1kmm */
if (source_p->localClient->response == NULL)
return;
if (irccmp(source_p->localClient->response, ++parv[1]))
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name,
source_p->name);
failed_challenge_notice(source_p, source_p->localClient->auth_oper,
"challenge failed");
return;
}
conf = find_exact_name_conf(CONF_OPER, source_p,
source_p->localClient->auth_oper, NULL, NULL);
if (conf == NULL)
{
/* XXX: logging */
sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
return;
}
if (attach_conf(source_p, conf) != 0)
{
sendto_one(source_p,":%s NOTICE %s :Can't attach conf!",
me.name, source_p->name);
failed_challenge_notice(source_p, conf->name, "can't attach conf!");
return;
}
++conf->count;
oper_up(source_p);
ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
source_p->localClient->auth_oper, source_p->name, source_p->username,
source_p->host);
MyFree(source_p->localClient->response);
MyFree(source_p->localClient->auth_oper);
source_p->localClient->response = NULL;
source_p->localClient->auth_oper = NULL;
return;
}
MyFree(source_p->localClient->response);
MyFree(source_p->localClient->auth_oper);
source_p->localClient->response = NULL;
source_p->localClient->auth_oper = NULL;
conf = find_exact_name_conf(CONF_OPER, source_p, parv[1], NULL, NULL);
if (!conf)
{
sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
conf = find_exact_name_conf(CONF_OPER, NULL, parv[1], NULL, NULL);
failed_challenge_notice(source_p, parv[1], (conf != NULL)
? "host mismatch" : "no oper {} block");
return;
}
if (conf->rsa_public_key == NULL)
{
sendto_one (source_p, ":%s NOTICE %s :I'm sorry, PK authentication "
"is not enabled for your oper{} block.", me.name,
source_p->name);
return;
}
if (!generate_challenge(&challenge, &(source_p->localClient->response),
conf->rsa_public_key))
sendto_one(source_p, form_str(RPL_RSACHALLENGE),
me.name, source_p->name, challenge);
source_p->localClient->auth_oper = xstrdup(conf->name);
MyFree(challenge);
}
int can_oper(struct Client *cptr, struct Client *sptr, char *name,
char *password, struct ConfItem **_aconf)
{
struct ConfItem *aconf;
aconf = find_conf_exact(name, sptr, CONF_OPERATOR);
if (!aconf || IsIllegal(aconf))
{
send_reply(sptr, ERR_NOOPERHOST);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s (%s@%s) "
"(no operator block)", (!MyUser(sptr) ? "remote " : ""),
cli_name(sptr), cli_user(sptr)->username, cli_user(sptr)->realhost);
return 0;
}
assert(0 != (aconf->status & CONF_OPERATOR));
if (!MyUser(sptr)) {
if (FlagHas(&aconf->privs, PRIV_REMOTE)) {
} else if (aconf->conn_class && FlagHas(&aconf->conn_class->privs, PRIV_REMOTE)) {
} else {
send_reply(sptr, ERR_NOOPERHOST);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s (%s@%s) "
"(no remote oper priv)", (!MyUser(sptr) ? "remote " : ""),
cli_name(sptr), cli_user(sptr)->username, cli_user(sptr)->realhost);
return 0;
}
}
if (!verify_sslclifp(sptr, aconf))
{
send_reply(sptr, ERR_SSLCLIFP);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s "
"(%s@%s) (SSL fingerprint mismatch)",
(!MyUser(sptr) ? "remote " : ""), cli_name(sptr),
cli_user(sptr)->username, cli_user(sptr)->realhost);
return 0;
}
if (oper_password_match(password, aconf->passwd))
{
if (MyUser(sptr))
{
int attach_result = attach_conf(sptr, aconf);
if ((ACR_OK != attach_result) && (ACR_ALREADY_AUTHORIZED != attach_result)) {
send_reply(sptr, ERR_NOOPERHOST);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s "
"(%s@%s) (no operator block)",
(!MyUser(sptr) ? "remote " : ""), cli_name(sptr),
cli_user(sptr)->username, cli_user(sptr)->realhost);
return 0;
}
}
*_aconf = aconf;
return -1;
}
else
{
send_reply(sptr, ERR_PASSWDMISMATCH);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s (%s@%s) "
"(password mis-match)", (!MyUser(sptr) ? "remote " : ""),
cli_name(sptr), cli_user(sptr)->username,
cli_user(sptr)->realhost);
return 0;
}
}
/** Check access for a server given its name (passed in cptr struct).
* Must check for all C/N lines which have a name which matches the
* name given and a host which matches. A host alias which is the
* same as the server name is also acceptable in the host field of a
* C/N line.
* @param cptr Peer server to check.
* @return 0 if accepted, -1 if access denied.
*/
int conf_check_server(struct Client *cptr)
{
struct ConfItem* c_conf = NULL;
struct SLink* lp;
Debug((DEBUG_DNS, "sv_cl: check access for %s[%s]",
cli_name(cptr), cli_sockhost(cptr)));
if (IsUnknown(cptr) && !attach_confs_byname(cptr, cli_name(cptr), CONF_SERVER)) {
Debug((DEBUG_DNS, "No C/N lines for %s", cli_sockhost(cptr)));
return -1;
}
lp = cli_confs(cptr);
/*
* We initiated this connection so the client should have a C and N
* line already attached after passing through the connect_server()
* function earlier.
*/
if (IsConnecting(cptr) || IsHandshake(cptr)) {
c_conf = find_conf_byname(lp, cli_name(cptr), CONF_SERVER);
if (!c_conf) {
sendto_opmask_butone(0, SNO_OLDSNO,
"Connect Error: lost Connect block for %s",
cli_name(cptr));
det_confs_butmask(cptr, 0);
return -1;
}
}
/* Try finding the Connect block by DNS name and IP next. */
if (!c_conf && !(c_conf = find_conf_byhost(lp, cli_sockhost(cptr), CONF_SERVER)))
c_conf = find_conf_byip(lp, &cli_ip(cptr), CONF_SERVER);
/*
* Attach by IP# only if all other checks have failed.
* It is quite possible to get here with the strange things that can
* happen when using DNS in the way the irc server does. -avalon
*/
if (!c_conf)
c_conf = find_conf_byip(lp, &cli_ip(cptr), CONF_SERVER);
/*
* detach all conf lines that got attached by attach_confs()
*/
det_confs_butmask(cptr, 0);
/*
* if no Connect block, then deny access
*/
if (!c_conf) {
Debug((DEBUG_DNS, "sv_cl: access denied: %s[%s@%s]",
cli_name(cptr), cli_username(cptr), cli_sockhost(cptr)));
return -1;
}
/*
* attach the Connect block to the client structure for later use.
*/
attach_conf(cptr, c_conf);
if (!irc_in_addr_valid(&c_conf->address.addr))
memcpy(&c_conf->address.addr, &cli_ip(cptr), sizeof(c_conf->address.addr));
Debug((DEBUG_DNS, "sv_cl: access ok: %s[%s]",
cli_name(cptr), cli_sockhost(cptr)));
return 0;
}
/*! \brief OPER command handler
*
* \param source_p Pointer to allocated Client struct from which the message
* originally comes from. This can be a local or remote client.
* \param parc Integer holding the number of supplied arguments.
* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
* pointers.
* \note Valid arguments for this command are:
* - parv[0] = command
* - parv[1] = oper name
* - parv[2] = oper password
*/
static int
m_oper(struct Client *source_p, int parc, char *parv[])
{
struct MaskItem *conf = NULL;
const char *const opername = parv[1];
const char *const password = parv[2];
if (EmptyString(password))
{
sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, "OPER");
return 0;
}
/* end the grace period */
if (!IsFloodDone(source_p))
flood_endgrace(source_p);
if ((conf = find_exact_name_conf(CONF_OPER, source_p, opername, NULL, NULL)) == NULL)
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
conf = find_exact_name_conf(CONF_OPER, NULL, opername, NULL, NULL);
failed_oper_notice(source_p, opername, (conf != NULL) ?
"host mismatch" : "no operator {} block");
return 0;
}
if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "requires SSL/TLS");
return 0;
}
if (!EmptyString(conf->certfp))
{
if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "client certificate fingerprint mismatch");
return 0;
}
}
if (match_conf_password(password, conf))
{
if (attach_conf(source_p, conf))
{
sendto_one_notice(source_p, &me, ":Can't attach conf!");
failed_oper_notice(source_p, opername, "can't attach conf!");
return 0;
}
user_oper_up(source_p);
ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s", opername, source_p->name,
source_p->username, source_p->host);
}
else
{
sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
failed_oper_notice(source_p, opername, "password mismatch");
}
return 0;
}
