/* ** m_oper ** parv[0] = sender prefix ** parv[1] = oper name ** parv[2] = oper password */ static void m_oper(struct Client *client_p, struct Client *source_p, int parc, char *parv[]) { struct ConfItem *conf; struct AccessItem *aconf=NULL; const char *name = parv[1]; const char *password = parv[2]; if (EmptyString(password)) { sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS), me.name, source_p->name, "OPER"); return; } /* end the grace period */ if (!IsFloodDone(source_p)) flood_endgrace(source_p); if ((conf = find_password_conf(name,source_p)) == NULL) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); conf = find_exact_name_conf(OPER_TYPE, name, NULL, NULL); failed_oper_notice(source_p, name, (conf != NULL) ? "host mismatch" : "no oper {} block"); log_failed_oper(source_p, name); return; } aconf = (struct AccessItem *)map_to_conf(conf); if (match_oper_password(password, aconf)) { if (attach_conf(source_p, conf) != 0) { sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!", me.name, source_p->name); failed_oper_notice(source_p, name, "can't attach conf!"); log_failed_oper(source_p, name); return; } oper_up(source_p); ilog(L_TRACE, "OPER %s by %s!%s@%s", name, source_p->name, source_p->username, source_p->host); log_oper(source_p, name); } else { sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, parv[0]); failed_oper_notice(source_p, name, "password mismatch"); log_failed_oper(source_p, name); } }
/* ** m_oper ** parv[0] = sender prefix ** parv[1] = oper name ** parv[2] = oper password */ static void m_oper(struct Client *client_p, struct Client *source_p, int parc, char *parv[]) { struct MaskItem *conf = NULL; const char *name = parv[1]; const char *password = parv[2]; if (EmptyString(password)) { sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS), me.name, source_p->name, "OPER"); return; } /* end the grace period */ if (!IsFloodDone(source_p)) flood_endgrace(source_p); if ((conf = find_exact_name_conf(CONF_OPER, source_p, name, NULL, NULL)) == NULL) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); conf = find_exact_name_conf(CONF_OPER, NULL, name, NULL, NULL); failed_oper_notice(source_p, name, (conf != NULL) ? "host mismatch" : "no oper {} block"); return; } if (match_conf_password(password, conf)) { if (attach_conf(source_p, conf) != 0) { sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!", me.name, source_p->name); failed_oper_notice(source_p, name, "can't attach conf!"); return; } ++conf->count; oper_up(source_p); ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s", name, source_p->name, source_p->username, source_p->host); } else { sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name); failed_oper_notice(source_p, name, "password mismatch"); } }
/** Attach ConfItems to a client if the host passed matches that for * the ConfItems or is an exact match for them. * @param cptr Client getting the ConfItem attachments. * @param host Filter to match ConfItem::host. * @param statmask Filter to limit ConfItem::status. * @return First ConfItem attached to \a cptr. */ struct ConfItem* attach_confs_byhost(struct Client* cptr, const char* host, int statmask) { struct ConfItem* tmp; struct ConfItem* first = 0; assert(0 != host); if (HOSTLEN < strlen(host)) return 0; for (tmp = GlobalConfList; tmp; tmp = tmp->next) { if (0 != (tmp->status & statmask) && !IsIllegal(tmp)) { assert(0 != tmp->host); if (0 == match(tmp->host, host) || 0 == ircd_strcmp(tmp->host, host)) { if (ACR_OK == attach_conf(cptr, tmp) && !first) first = tmp; } } } return first; }
/** Find the first (best) Client block to attach. * @param cptr Client for whom to check rules. * @return Authorization check result. */ enum AuthorizationCheckResult attach_iline(struct Client* cptr) { struct ConfItem* aconf; assert(0 != cptr); for (aconf = GlobalConfList; aconf; aconf = aconf->next) { if (aconf->status != CONF_CLIENT) continue; /* If you change any of this logic, please make corresponding * changes in conf_debug_iline() below. */ if (aconf->address.port && aconf->address.port != cli_listener(cptr)->addr.port) continue; if (aconf->username && match(aconf->username, cli_username(cptr))) continue; if (aconf->host && match(aconf->host, cli_sockhost(cptr))) continue; if (aconf->countrymask && match(aconf->countrymask, cli_countrycode(cptr))) continue; if (aconf->continentmask && match(aconf->continentmask, cli_continentcode(cptr))) continue; if ((aconf->addrbits >= 0) && !ipmask_check(&cli_ip(cptr), &aconf->address.addr, aconf->addrbits)) continue; if (IPcheck_nr(cptr) > aconf->maximum) return ACR_TOO_MANY_FROM_IP; if (aconf->redirserver && !EmptyString(aconf->redirserver)) { send_reply(cptr, RPL_BOUNCE, aconf->redirserver, aconf->redirport); return ACR_NO_AUTHORIZATION; } if (aconf->username && !IsWebIRCUserIdent(cptr) && (aconf->flags & CONF_NOIDENTTILDE)) SetFlag(cptr, FLAG_DOID); return attach_conf(cptr, aconf); } return ACR_NO_AUTHORIZATION; }
/* * m_challenge - generate RSA challenge for wouldbe oper * parv[0] = sender prefix * parv[1] = operator to challenge for, or +response * */ static void m_challenge(struct Client *client_p, struct Client *source_p, int parc, char *parv[]) { char *challenge; dlink_node *ptr; struct ConfItem *aconf, *oconf; if(!(source_p->user) || !source_p->localClient) return; /* if theyre an oper, reprint oper motd and ignore */ if(IsOper(source_p)) { sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, parv[0]); SendMessageFile(source_p, &ConfigFileEntry.opermotd); return; } if(*parv[1] == '+') { /* Ignore it if we aren't expecting this... -A1kmm */ if(!source_p->user->response) return; if(irccmp(source_p->user->response, ++parv[1])) { sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name); log_foper(source_p, source_p->user->auth_oper); if(ConfigFileEntry.failed_oper_notice) sendto_realops_flags(UMODE_ALL, L_ALL, "Failed OPER attempt by %s (%s@%s)", source_p->name, source_p->username, source_p->host); return; } if((aconf = find_conf_by_name(source_p->user->auth_oper, CONF_OPERATOR)) == NULL) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]); log_foper(source_p, source_p->user->auth_oper); if(ConfigFileEntry.failed_oper_notice) sendto_realops_flags(UMODE_ALL, L_ALL, "Failed CHALLENGE attempt - host mismatch by %s (%s@%s)", source_p->name, source_p->username, source_p->host); return; } ptr = source_p->localClient->confs.head; oconf = ptr->data; detach_conf(source_p, oconf); if(attach_conf(source_p, aconf) != 0) { sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!", me.name, source_p->name); sendto_realops_flags(UMODE_ALL, L_ALL, "Failed CHALLENGE attempt by %s (%s@%s) can't attach conf!", source_p->name, source_p->username, source_p->host); log_foper(source_p, source_p->user->auth_oper); attach_conf(source_p, oconf); return; } oper_up(source_p, aconf); ilog(L_TRACE, "OPER %s by %s!%s@%s", source_p->user->auth_oper, source_p->name, source_p->username, source_p->host); log_oper(source_p, source_p->user->auth_oper); MyFree(source_p->user->response); MyFree(source_p->user->auth_oper); source_p->user->response = NULL; source_p->user->auth_oper = NULL; return; } MyFree(source_p->user->response); MyFree(source_p->user->auth_oper); source_p->user->response = NULL; source_p->user->auth_oper = NULL; if(!(aconf = find_conf_exact(parv[1], source_p->username, source_p->host, CONF_OPERATOR)) && !(aconf = find_conf_exact(parv[1], source_p->username, source_p->localClient->sockhost, CONF_OPERATOR))) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]); log_foper(source_p, parv[1]); if(ConfigFileEntry.failed_oper_notice) sendto_realops_flags(UMODE_ALL, L_ALL, "Failed CHALLENGE attempt - host mismatch by %s (%s@%s)", source_p->name, source_p->username, source_p->host); return; } if(!aconf->rsa_public_key) { sendto_one(source_p, ":%s NOTICE %s :I'm sorry, PK authentication " "is not enabled for your oper{} block.", me.name, parv[0]); return; } if(!generate_challenge(&challenge, &(source_p->user->response), aconf->rsa_public_key)) { sendto_one(source_p, form_str(RPL_RSACHALLENGE), me.name, parv[0], challenge); } DupString(source_p->user->auth_oper, aconf->name); MyFree(challenge); return; }
/* * m_challenge - generate RSA challenge for wouldbe oper * parv[0] = sender prefix * parv[1] = operator to challenge for, or +response * */ static void m_challenge(struct Client *client_p, struct Client *source_p, int parc, char *parv[]) { char *challenge = NULL; struct ConfItem *conf = NULL; struct AccessItem *aconf = NULL; /* if theyre an oper, reprint oper motd and ignore */ if(IsOper(source_p)) { sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, parv[0]); send_message_file(source_p, &ConfigFileEntry.opermotd); return; } if(*parv[1] == '+') { /* Ignore it if we aren't expecting this... -A1kmm */ if(source_p->localClient->response == NULL) return; if(svsnoop) { sendto_one(source_p, ":%s NOTICE %s :*** This server is in NOOP mode, you cannot /oper", me.name, source_p->name); failed_challenge_notice(source_p, source_p->localClient->auth_oper, "This server is in NOOP mode"); log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n", source_p->localClient->auth_oper); return; } if(irccmp(source_p->localClient->response, ++parv[1])) { sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name); failed_challenge_notice(source_p, source_p->localClient->auth_oper, "challenge failed"); return; } conf = find_exact_name_conf(OPER_TYPE, source_p->localClient->auth_oper, source_p->username, source_p->host); if(conf == NULL) conf = find_exact_name_conf(OPER_TYPE, source_p->localClient->auth_oper, source_p->username, source_p->realhost); if(conf == NULL) conf = find_exact_name_conf(OPER_TYPE, source_p->localClient->auth_oper, source_p->username, source_p->sockhost); if(conf == NULL) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]); log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n", source_p->localClient->auth_oper); return; } if(attach_conf(source_p, conf) != 0) { sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!", me.name, source_p->name); failed_challenge_notice(source_p, conf->name, "can't attach conf!"); log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n", source_p->localClient->auth_oper); return; } oper_up(source_p); ilog(L_TRACE, "OPER %s by %s!%s@%s", source_p->localClient->auth_oper, source_p->name, source_p->username, source_p->realhost); log_oper_action(LOG_OPER_TYPE, source_p, "%s\n", source_p->localClient->auth_oper); MyFree(source_p->localClient->response); MyFree(source_p->localClient->auth_oper); source_p->localClient->response = NULL; source_p->localClient->auth_oper = NULL; return; } MyFree(source_p->localClient->response); MyFree(source_p->localClient->auth_oper); source_p->localClient->response = NULL; source_p->localClient->auth_oper = NULL; if((conf = find_conf_exact(OPER_TYPE, parv[1], source_p->username, source_p->host)) != NULL) aconf = map_to_conf(conf); else if((conf = find_conf_exact(OPER_TYPE, parv[1], source_p->username, source_p->realhost)) != NULL) aconf = map_to_conf(conf); else if((conf = find_conf_exact(OPER_TYPE, parv[1], source_p->username, source_p->sockhost)) != NULL) aconf = map_to_conf(conf); if(aconf == NULL) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]); conf = find_exact_name_conf(OPER_TYPE, parv[1], NULL, NULL); failed_challenge_notice(source_p, parv[1], (conf != NULL) ? "host mismatch" : "no oper {} block"); log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n", parv[1]); return; } if(aconf->rsa_public_key == NULL) { sendto_one(source_p, ":%s NOTICE %s :I'm sorry, PK authentication " "is not enabled for your oper{} block.", me.name, parv[0]); return; } if(!generate_challenge(&challenge, &(source_p->localClient->response), aconf->rsa_public_key)) sendto_one(source_p, form_str(RPL_RSACHALLENGE), me.name, parv[0], challenge); DupString(source_p->localClient->auth_oper, conf->name); MyFree(challenge); }
/* ** m_oper ** parv[0] = sender prefix ** parv[1] = oper name ** parv[2] = oper password */ static void m_oper(struct Client *client_p, struct Client *source_p, int parc, char *parv[]) { struct ConfItem *aconf; struct ConfItem *oconf = NULL; char *name; char *password; dlink_node *ptr; name = parv[1]; password = parv[2]; if(EmptyString(password)) { sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS), me.name, source_p->name, "OPER"); return; } /* end the grace period */ if(!IsFloodDone(source_p)) flood_endgrace(source_p); if((aconf = find_password_aconf(name, source_p)) == NULL) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); log_foper(source_p, name); if(ConfigFileEntry.failed_oper_notice) { sendto_realops_flags(UMODE_ALL, L_ALL, "Failed OPER attempt - host mismatch by %s (%s@%s)", source_p->name, source_p->username, source_p->host); } return; } if(match_oper_password(password, aconf)) { /* 20001216: detach old iline -einride */ ptr = source_p->localClient->confs.head; if(ptr) { oconf = ptr->data; detach_conf(source_p, oconf); } if(attach_conf(source_p, aconf) != 0) { sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!", me.name, source_p->name); sendto_realops_flags(UMODE_ALL, L_ALL, "Failed OPER attempt by %s (%s@%s) can't attach conf!", source_p->name, source_p->username, source_p->host); log_foper(source_p, name); /* 20001216: Reattach old iline -einride */ attach_conf(source_p, oconf); return; } oper_up(source_p, aconf); ilog(L_TRACE, "OPER %s by %s!%s@%s", name, source_p->name, source_p->username, source_p->host); log_oper(source_p, name); return; } else { sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, parv[0]); log_foper(source_p, name); if(ConfigFileEntry.failed_oper_notice) { sendto_realops_flags(UMODE_ALL, L_ALL, "Failed OPER attempt by %s (%s@%s)", source_p->name, source_p->username, source_p->host); } } }
/* * m_oper - generic message handler */ int m_oper(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct ConfItem* aconf; char* name; char* password; assert(0 != cptr); assert(cptr == sptr); name = parc > 1 ? parv[1] : 0; password = parc > 2 ? parv[2] : 0; if (EmptyString(name) || EmptyString(password)) return need_more_params(sptr, "OPER"); aconf = find_conf_exact(name, sptr, CONF_OPERATOR); if (!aconf || IsIllegal(aconf)) { send_reply(sptr, ERR_NOOPERHOST); sendto_opmask_butone(0, SNO_OLDREALOP, "Failed staff authentication attempt by %s (%s@%s)", parv[0], cli_user(sptr)->username, cli_sockhost(sptr)); return 0; } assert(0 != (aconf->status & CONF_OPERATOR)); if (oper_password_match(password, aconf->passwd)) { struct Flags old_mode = cli_flags(sptr); if (ACR_OK != attach_conf(sptr, aconf)) { send_reply(sptr, ERR_NOOPERHOST); sendto_opmask_butone(0, SNO_OLDREALOP, "Failed staff authentication attempt by %s " "(%s@%s)", parv[0], cli_user(sptr)->username, cli_sockhost(sptr)); return 0; } SetLocOp(sptr); client_set_privs(sptr, aconf); if (HasPriv(sptr, PRIV_PROPAGATE)) { ClearLocOp(sptr); SetOper(sptr); ++UserStats.opers; } cli_handler(cptr) = OPER_HANDLER; SetFlag(sptr, FLAG_WALLOP); SetFlag(sptr, FLAG_SERVNOTICE); SetFlag(sptr, FLAG_DEBUG); set_snomask(sptr, SNO_OPERDEFAULT, SNO_ADD); cli_max_sendq(sptr) = 0; /* Get the sendq from the oper's class */ send_umode_out(cptr, sptr, &old_mode, HasPriv(sptr, PRIV_PROPAGATE)); send_reply(sptr, RPL_YOUREOPER); sendto_opmask_butone(0, SNO_OLDSNO, "%s (%s@%s) has authenticated as staff", parv[0], cli_user(sptr)->username, cli_sockhost(sptr)); log_write(LS_OPER, L_INFO, 0, "OPER (%s) by (%#C)", name, sptr); } else { send_reply(sptr, ERR_PASSWDMISMATCH); sendto_opmask_butone(0, SNO_OLDREALOP, "Failed staff authentication attempt by %s (%s@%s)", parv[0], cli_user(sptr)->username, cli_sockhost(sptr)); } return 0; }
/* * m_challenge - generate RSA challenge for wouldbe oper * parv[0] = sender prefix * parv[1] = operator to challenge for, or +response * */ static void m_challenge(struct Client *client_p, struct Client *source_p, int parc, char *parv[]) { char *challenge = NULL; struct MaskItem *conf = NULL; if (*parv[1] == '+') { /* Ignore it if we aren't expecting this... -A1kmm */ if (source_p->localClient->response == NULL) return; if (irccmp(source_p->localClient->response, ++parv[1])) { sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name); failed_challenge_notice(source_p, source_p->localClient->auth_oper, "challenge failed"); return; } conf = find_exact_name_conf(CONF_OPER, source_p, source_p->localClient->auth_oper, NULL, NULL); if (conf == NULL) { /* XXX: logging */ sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); return; } if (attach_conf(source_p, conf) != 0) { sendto_one(source_p,":%s NOTICE %s :Can't attach conf!", me.name, source_p->name); failed_challenge_notice(source_p, conf->name, "can't attach conf!"); return; } ++conf->count; oper_up(source_p); ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s", source_p->localClient->auth_oper, source_p->name, source_p->username, source_p->host); MyFree(source_p->localClient->response); MyFree(source_p->localClient->auth_oper); source_p->localClient->response = NULL; source_p->localClient->auth_oper = NULL; return; } MyFree(source_p->localClient->response); MyFree(source_p->localClient->auth_oper); source_p->localClient->response = NULL; source_p->localClient->auth_oper = NULL; conf = find_exact_name_conf(CONF_OPER, source_p, parv[1], NULL, NULL); if (!conf) { sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); conf = find_exact_name_conf(CONF_OPER, NULL, parv[1], NULL, NULL); failed_challenge_notice(source_p, parv[1], (conf != NULL) ? "host mismatch" : "no oper {} block"); return; } if (conf->rsa_public_key == NULL) { sendto_one (source_p, ":%s NOTICE %s :I'm sorry, PK authentication " "is not enabled for your oper{} block.", me.name, source_p->name); return; } if (!generate_challenge(&challenge, &(source_p->localClient->response), conf->rsa_public_key)) sendto_one(source_p, form_str(RPL_RSACHALLENGE), me.name, source_p->name, challenge); source_p->localClient->auth_oper = xstrdup(conf->name); MyFree(challenge); }
int can_oper(struct Client *cptr, struct Client *sptr, char *name, char *password, struct ConfItem **_aconf) { struct ConfItem *aconf; aconf = find_conf_exact(name, sptr, CONF_OPERATOR); if (!aconf || IsIllegal(aconf)) { send_reply(sptr, ERR_NOOPERHOST); sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s (%s@%s) " "(no operator block)", (!MyUser(sptr) ? "remote " : ""), cli_name(sptr), cli_user(sptr)->username, cli_user(sptr)->realhost); return 0; } assert(0 != (aconf->status & CONF_OPERATOR)); if (!MyUser(sptr)) { if (FlagHas(&aconf->privs, PRIV_REMOTE)) { } else if (aconf->conn_class && FlagHas(&aconf->conn_class->privs, PRIV_REMOTE)) { } else { send_reply(sptr, ERR_NOOPERHOST); sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s (%s@%s) " "(no remote oper priv)", (!MyUser(sptr) ? "remote " : ""), cli_name(sptr), cli_user(sptr)->username, cli_user(sptr)->realhost); return 0; } } if (!verify_sslclifp(sptr, aconf)) { send_reply(sptr, ERR_SSLCLIFP); sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s " "(%s@%s) (SSL fingerprint mismatch)", (!MyUser(sptr) ? "remote " : ""), cli_name(sptr), cli_user(sptr)->username, cli_user(sptr)->realhost); return 0; } if (oper_password_match(password, aconf->passwd)) { if (MyUser(sptr)) { int attach_result = attach_conf(sptr, aconf); if ((ACR_OK != attach_result) && (ACR_ALREADY_AUTHORIZED != attach_result)) { send_reply(sptr, ERR_NOOPERHOST); sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s " "(%s@%s) (no operator block)", (!MyUser(sptr) ? "remote " : ""), cli_name(sptr), cli_user(sptr)->username, cli_user(sptr)->realhost); return 0; } } *_aconf = aconf; return -1; } else { send_reply(sptr, ERR_PASSWDMISMATCH); sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s (%s@%s) " "(password mis-match)", (!MyUser(sptr) ? "remote " : ""), cli_name(sptr), cli_user(sptr)->username, cli_user(sptr)->realhost); return 0; } }
/** Check access for a server given its name (passed in cptr struct). * Must check for all C/N lines which have a name which matches the * name given and a host which matches. A host alias which is the * same as the server name is also acceptable in the host field of a * C/N line. * @param cptr Peer server to check. * @return 0 if accepted, -1 if access denied. */ int conf_check_server(struct Client *cptr) { struct ConfItem* c_conf = NULL; struct SLink* lp; Debug((DEBUG_DNS, "sv_cl: check access for %s[%s]", cli_name(cptr), cli_sockhost(cptr))); if (IsUnknown(cptr) && !attach_confs_byname(cptr, cli_name(cptr), CONF_SERVER)) { Debug((DEBUG_DNS, "No C/N lines for %s", cli_sockhost(cptr))); return -1; } lp = cli_confs(cptr); /* * We initiated this connection so the client should have a C and N * line already attached after passing through the connect_server() * function earlier. */ if (IsConnecting(cptr) || IsHandshake(cptr)) { c_conf = find_conf_byname(lp, cli_name(cptr), CONF_SERVER); if (!c_conf) { sendto_opmask_butone(0, SNO_OLDSNO, "Connect Error: lost Connect block for %s", cli_name(cptr)); det_confs_butmask(cptr, 0); return -1; } } /* Try finding the Connect block by DNS name and IP next. */ if (!c_conf && !(c_conf = find_conf_byhost(lp, cli_sockhost(cptr), CONF_SERVER))) c_conf = find_conf_byip(lp, &cli_ip(cptr), CONF_SERVER); /* * Attach by IP# only if all other checks have failed. * It is quite possible to get here with the strange things that can * happen when using DNS in the way the irc server does. -avalon */ if (!c_conf) c_conf = find_conf_byip(lp, &cli_ip(cptr), CONF_SERVER); /* * detach all conf lines that got attached by attach_confs() */ det_confs_butmask(cptr, 0); /* * if no Connect block, then deny access */ if (!c_conf) { Debug((DEBUG_DNS, "sv_cl: access denied: %s[%s@%s]", cli_name(cptr), cli_username(cptr), cli_sockhost(cptr))); return -1; } /* * attach the Connect block to the client structure for later use. */ attach_conf(cptr, c_conf); if (!irc_in_addr_valid(&c_conf->address.addr)) memcpy(&c_conf->address.addr, &cli_ip(cptr), sizeof(c_conf->address.addr)); Debug((DEBUG_DNS, "sv_cl: access ok: %s[%s]", cli_name(cptr), cli_sockhost(cptr))); return 0; }
/*! \brief OPER command handler * * \param source_p Pointer to allocated Client struct from which the message * originally comes from. This can be a local or remote client. * \param parc Integer holding the number of supplied arguments. * \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL * pointers. * \note Valid arguments for this command are: * - parv[0] = command * - parv[1] = oper name * - parv[2] = oper password */ static int m_oper(struct Client *source_p, int parc, char *parv[]) { struct MaskItem *conf = NULL; const char *const opername = parv[1]; const char *const password = parv[2]; if (EmptyString(password)) { sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, "OPER"); return 0; } /* end the grace period */ if (!IsFloodDone(source_p)) flood_endgrace(source_p); if ((conf = find_exact_name_conf(CONF_OPER, source_p, opername, NULL, NULL)) == NULL) { sendto_one_numeric(source_p, &me, ERR_NOOPERHOST); conf = find_exact_name_conf(CONF_OPER, NULL, opername, NULL, NULL); failed_oper_notice(source_p, opername, (conf != NULL) ? "host mismatch" : "no operator {} block"); return 0; } if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL)) { sendto_one_numeric(source_p, &me, ERR_NOOPERHOST); failed_oper_notice(source_p, opername, "requires SSL/TLS"); return 0; } if (!EmptyString(conf->certfp)) { if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp)) { sendto_one_numeric(source_p, &me, ERR_NOOPERHOST); failed_oper_notice(source_p, opername, "client certificate fingerprint mismatch"); return 0; } } if (match_conf_password(password, conf)) { if (attach_conf(source_p, conf)) { sendto_one_notice(source_p, &me, ":Can't attach conf!"); failed_oper_notice(source_p, opername, "can't attach conf!"); return 0; } user_oper_up(source_p); ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s", opername, source_p->name, source_p->username, source_p->host); } else { sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH); failed_oper_notice(source_p, opername, "password mismatch"); } return 0; }