void room::send_server_message_to_all(const char* message,
network::connection exclude) const
{
simple_wml::document doc;
send_server_message(message, 0, &doc);
send_data(doc, exclude, "message");
}
int
main (int argc, char *argv[])
{
puts ("eMule/xMule/LMule OP_SERVERMESSAGE "
"Format String Vulnerabilitytion Vulnerability\n"
"proof of concept code\n"
"Copyright (C) 2003 Rémi Denis-Courmont "
"<*****@*****.**>\n");
if (argc > 3)
return usage (argv[0]);
else
{
int listenfd;
const char *host, *port;
port = (argc < 2) ? "4661" : argv[2];
host = (argc < 3) ? NULL : argv[3];
printf ("Binding to [%s]:%s ...\n",
(host != NULL) ? host : "any", port);
listenfd = socket_listen (host, port);
if (listenfd == -1)
{
gai_perror (host);
return 1;
}
while (1)
{
int clientfd;
fputs ("Waiting for a client to connect ... ", stdout);
clientfd = accept (listenfd, NULL, 0);
if (clientfd == -1)
{
puts ("");
perror ("Error");
continue;
}
puts ("OK");
fputs ("Sending server message ... ", stdout);
if (send_server_message (clientfd))
{
puts ("");
perror ("Error");
}
else
puts ("Done");
close (clientfd);
}
}
return 0; /* dead code */
}
// A handler for the /authorize endpoint.
// Login page form sends user name and password to this endpoint.
static void authorize(struct mg_connection *conn,
const struct mg_request_info *request_info) {
char user[MAX_USER_LEN], password[MAX_USER_LEN];
struct session *session;
// Fetch user name and password.
get_qsvar(request_info, "user", user, sizeof(user));
get_qsvar(request_info, "password", password, sizeof(password));
if (check_password(user, password) && (session = new_session()) != NULL) {
// Authentication success:
// 1. create new session
// 2. set session ID token in the cookie
// 3. remove original_url from the cookie - not needed anymore
// 4. redirect client back to the original URL
//
// The most secure way is to stay HTTPS all the time. However, just to
// show the technique, we redirect to HTTP after the successful
// authentication. The danger of doing this is that session cookie can
// be stolen and an attacker may impersonate the user.
// Secure application must use HTTPS all the time.
my_strlcpy(session->user, user, sizeof(session->user));
snprintf(session->random, sizeof(session->random), "%d", rand());
generate_session_id(session->session_id, session->random, session->user);
send_server_message("<%s> joined", session->user);
mg_printf(conn, "HTTP/1.1 302 Found\r\n"
"Set-Cookie: session=%s; max-age=3600; http-only\r\n" // Session ID
"Set-Cookie: user=%s\r\n" // Set user, needed by Javascript code
"Set-Cookie: original_url=/; max-age=0\r\n" // Delete original_url
"Location: /\r\n\r\n",
session->session_id, session->user);
} else {
// Authentication failure, redirect to login.
redirect_to_login(conn, request_info);
}
}
void send_server_message(const std::string& message, network::connection sock,
simple_wml::document* docptr = NULL) const
{
send_server_message(message.c_str(), sock, docptr);
}
/*
** DoNumeric (replacement for the old do_numeric)
**
** parc number of arguments ('sender' counted as one!)
** parv[0] pointer to 'sender' (may point to empty string) (not used)
** parv[1]..parv[parc-1]
** pointers to additional parameters, this is a NULL
** terminated list (parv[parc] == NULL).
**
** *WARNING*
** Numerics are mostly error reports. If there is something
** wrong with the message, just *DROP* it! Don't even think of
** sending back a neat error message -- big danger of creating
** a ping pong error message...
*/
int do_numeric(int numeric, aClient *cptr, aClient *sptr, int parc, char *parv[])
{
aClient *acptr;
aChannel *chptr;
char *nick, *p;
int i;
/* Is this an outgoing connect, and we get a numeric 451 (not registered) back for the
* magic command __PANGPANG__ and we did not send a SERVER message yet?
* Then this means we are dealing with an Unreal server <3.2.9 and we should send the
* SERVER command right now.
*/
if (!IsServer(sptr) && !IsPerson(sptr) && (numeric == 451) && (parc > 2) && strstr(parv[1], "__PANGPANG__") &&
IsHandshake(cptr) && sptr->serv && !IsServerSent(sptr))
{
send_server_message(sptr);
return 0;
}
if (parc < 1 || !IsServer(sptr))
return 0;
/* Remap low number numerics. */
if (numeric < 100)
numeric += 100;
/*
** Prepare the parameter portion of the message into 'buffer'.
** (Because the buffer is twice as large as the message buffer
** for the socket, no overflow can occur here... ...on current
** assumptions--bets are off, if these are changed --msa)
** Note: if buffer is non-empty, it will begin with SPACE.
*/
buffer[0] = '\0';
if (parc > 2)
{
/*
* For strlcat nazis, please read above
*/
for (i = 2; i < (parc - 1); i++)
{
(void)strcat(buffer, " ");
(void)strcat(buffer, parv[i]);
}
(void)strcat(buffer, " :");
(void)strcat(buffer, parv[parc - 1]);
}
else
sendto_realops("do_numeric( %i, %s, %s, %i, { %s, %s } )!",
numeric, cptr->name, sptr->name, parc,
parv[0], parv[1] ? parv[1] : "<null>");
for (; (nick = strtoken(&p, parv[1], ",")); parv[1] = NULL)
{
if ((acptr = find_client(nick, (aClient *)NULL)))
{
/*
** Drop to bit bucket if for me...
** ...one might consider sendto_ops
** here... --msa
** And so it was done. -avalon
** And regretted. Dont do it that way. Make sure
** it goes only to non-servers. -avalon
** Check added to make sure servers don't try to loop
** with numerics which can happen with nick collisions.
** - Avalon
*/
if (!IsMe(acptr) && IsPerson(acptr))
{
/* Added for .U3.2. drop remote 'You are not on
** that channel', we should be synced anyway,
** and this is an annoying message with TSpre7
** still on the net; would result in numeric 442 for
** every KICK... Can be removed when TSpre7 is gone.
** --Run
if (numeric==ERR_NOTONCHANNEL) return 0;
*/
sendto_prefix_one(acptr, sptr, ":%s %d %s%s",
parv[0], numeric, nick, buffer);
}
else if (IsServer(acptr) && acptr->from != cptr)
sendto_prefix_one(acptr, sptr, ":%s %d %s%s",
parv[0], numeric, nick, buffer);
}
else if ((acptr = find_server_quick(nick)))
{
if (!IsMe(acptr) && acptr->from != cptr)
sendto_prefix_one(acptr, sptr, ":%s %d %s%s",
parv[0], numeric, nick, buffer);
}
else if ((chptr = find_channel(nick, (aChannel *)NULL)))
sendto_channel_butone(cptr, sptr, chptr, ":%s %d %s%s",
parv[0], numeric, chptr->chname, buffer);
}
return 0;
}
void send_server_message(const std::string& message, socket_ptr sock=socket_ptr(), simple_wml::document* doc=nullptr) const
{
send_server_message(message.c_str(), sock, doc);
}
