/* handle_special() * * inputs - client pointer * - nick stuff to grok for opers * - text to send if grok * output - none * side effects - old style username@server is handled here for non opers * opers are allowed username%hostname@server * all the traditional oper type messages are also parsed here. * i.e. "/msg #some.host." * However, syntax has been changed. * previous syntax "/msg #some.host.mask" * now becomes "/msg $#some.host.mask" * previous syntax of: "/msg $some.server.mask" remains * This disambiguates the syntax. * * XXX N.B. dalnet changed it to nick@server as have other servers. * we will stick with tradition for now. * - Dianora */ static void handle_special(int p_or_n, struct Client *source_p, const char *nick, const char *text) { struct Client *target_p = NULL; const char *server = NULL, *s = NULL; /* * user[%host]@server addressed? */ if ((server = strchr(nick, '@'))) { if ((target_p = hash_find_server(server + 1)) == NULL) { sendto_one_numeric(source_p, &me, ERR_NOSUCHSERVER, server + 1); return; } if (!HasUMode(source_p, UMODE_OPER) && strchr(nick, '%')) { sendto_one_numeric(source_p, &me, ERR_NOSUCHNICK, nick); return; } if (!IsMe(target_p)) { sendto_one(target_p, ":%s %s %s :%s", source_p->id, command[p_or_n], nick, text); return; } sendto_one_numeric(source_p, &me, ERR_NOSUCHNICK, nick); return; } if (!HasUMode(source_p, UMODE_OPER)) { sendto_one_numeric(source_p, &me, ERR_NOPRIVILEGES); return; } /* * The following two cases allow masks in NOTICEs * (for OPERs only) * * Armin, 8Jun90 ([email protected]) */ if (*nick == '$') { if (*(nick + 1) == '$' || *(nick + 1) == '#') ++nick; else if (MyClient(source_p)) { sendto_one_notice(source_p, &me, ":The command %s %s is no longer supported, please use $%s", command[p_or_n], nick, nick); return; } if ((s = strrchr(nick, '.')) == NULL) { sendto_one_numeric(source_p, &me, ERR_NOTOPLEVEL, nick); return; } while (*++s) if (*s == '.' || *s == '*' || *s == '?') break; if (*s == '*' || *s == '?') { sendto_one_numeric(source_p, &me, ERR_WILDTOPLEVEL, nick); return; } sendto_match_butone(IsServer(source_p->from) ? source_p->from : NULL, source_p, nick + 1, (*nick == '#') ? MATCH_HOST : MATCH_SERVER, "%s $%s :%s", command[p_or_n], nick, text); } }
/*! \brief OPER command handler * * \param source_p Pointer to allocated Client struct from which the message * originally comes from. This can be a local or remote client. * \param parc Integer holding the number of supplied arguments. * \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL * pointers. * \note Valid arguments for this command are: * - parv[0] = command * - parv[1] = oper name * - parv[2] = oper password */ static int m_oper(struct Client *source_p, int parc, char *parv[]) { struct MaskItem *conf = NULL; const char *const opername = parv[1]; const char *const password = parv[2]; if (EmptyString(password)) { sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, "OPER"); return 0; } /* end the grace period */ if (!IsFloodDone(source_p)) flood_endgrace(source_p); if ((conf = find_exact_name_conf(CONF_OPER, source_p, opername, NULL, NULL)) == NULL) { sendto_one_numeric(source_p, &me, ERR_NOOPERHOST); conf = find_exact_name_conf(CONF_OPER, NULL, opername, NULL, NULL); failed_oper_notice(source_p, opername, (conf != NULL) ? "host mismatch" : "no operator {} block"); return 0; } if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL)) { sendto_one_numeric(source_p, &me, ERR_NOOPERHOST); failed_oper_notice(source_p, opername, "requires SSL/TLS"); return 0; } if (!EmptyString(conf->certfp)) { if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp)) { sendto_one_numeric(source_p, &me, ERR_NOOPERHOST); failed_oper_notice(source_p, opername, "client certificate fingerprint mismatch"); return 0; } } if (match_conf_password(password, conf)) { if (attach_conf(source_p, conf)) { sendto_one_notice(source_p, &me, ":Can't attach conf!"); failed_oper_notice(source_p, opername, "can't attach conf!"); return 0; } user_oper_up(source_p); ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s", opername, source_p->name, source_p->username, source_p->host); } else { sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH); failed_oper_notice(source_p, opername, "password mismatch"); } return 0; }
/* * m_challenge - generate RSA challenge for wouldbe oper * parv[0] = sender prefix * parv[1] = operator to challenge for, or +response * */ static void m_challenge(struct Client *client_p, struct Client *source_p, int parc, char *parv[]) { char *challenge = NULL; struct MaskItem *conf = NULL; if (*parv[1] == '+') { /* Ignore it if we aren't expecting this... -A1kmm */ if (source_p->localClient->response == NULL) return; if (irccmp(source_p->localClient->response, ++parv[1])) { sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name); failed_challenge_notice(source_p, source_p->localClient->auth_oper, "challenge failed"); return; } conf = find_exact_name_conf(CONF_OPER, source_p, source_p->localClient->auth_oper, NULL, NULL); if (conf == NULL) { /* XXX: logging */ sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); return; } if (attach_conf(source_p, conf) != 0) { sendto_one(source_p,":%s NOTICE %s :Can't attach conf!", me.name, source_p->name); failed_challenge_notice(source_p, conf->name, "can't attach conf!"); return; } ++conf->count; oper_up(source_p); ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s", source_p->localClient->auth_oper, source_p->name, source_p->username, source_p->host); MyFree(source_p->localClient->response); MyFree(source_p->localClient->auth_oper); source_p->localClient->response = NULL; source_p->localClient->auth_oper = NULL; return; } MyFree(source_p->localClient->response); MyFree(source_p->localClient->auth_oper); source_p->localClient->response = NULL; source_p->localClient->auth_oper = NULL; conf = find_exact_name_conf(CONF_OPER, source_p, parv[1], NULL, NULL); if (!conf) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); conf = find_exact_name_conf(CONF_OPER, NULL, parv[1], NULL, NULL); failed_challenge_notice(source_p, parv[1], (conf != NULL) ? "host mismatch" : "no oper {} block"); return; } if (conf->rsa_public_key == NULL) { sendto_one(source_p, ":%s NOTICE %s :I'm sorry, PK authentication " "is not enabled for your oper{} block.", me.name, source_p->name); return; } if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL)) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); failed_challenge_notice(source_p, conf->name, "requires SSL/TLS"); return; } if (!EmptyString(conf->certfp)) { if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp)) { sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); failed_challenge_notice(source_p, conf->name, "client certificate fingerprint mismatch"); return; } } if (!generate_challenge(&challenge, &(source_p->localClient->response), conf->rsa_public_key)) sendto_one(source_p, form_str(RPL_RSACHALLENGE), me.name, source_p->name, challenge); source_p->localClient->auth_oper = xstrdup(conf->name); MyFree(challenge); }
static void mo_chgident(struct Client *client_p, struct Client *source_p, int parc, char *parv[]) { struct Client *target_p = NULL; if (MyClient(source_p) && !HasUMode(source_p, UMODE_ADMIN)) { sendto_one(source_p, form_str(ERR_NOPRIVS), me.name, source_p->name, "CHGIDENT"); return; } if (EmptyString(parv[2])) { parv[2] = parv[1]; target_p = source_p; if (!IsClient(target_p)) return; } else { target_p = hash_find_client(parv[1]); if (target_p == NULL || !IsClient(target_p)) { sendto_one(source_p, form_str(ERR_NOSUCHNICK), me.name, source_p->name, parv[1]); return; } } if (strlen(parv[2]) > USERLEN || !*parv[2] || !valid_username(parv[2])) { sendto_one(source_p, ":%s NOTICE %s :Invalid username", me.name, source_p->name); return; } if (IsUserHostIp(target_p)) delete_user_host(target_p->username, target_p->host, !MyConnect(target_p)); strlcpy(target_p->username, parv[2], sizeof(target_p->username)); add_user_host(target_p->username, target_p->host, !MyConnect(target_p)); SetUserHost(target_p); if (MyClient(source_p)) { sendto_server(client_p, NOCAPS, NOCAPS, ":%s ENCAP * CHGIDENT %s %s", source_p->name, target_p->name, parv[2]); sendto_one(source_p, ":%s NOTICE %s :%s changed to %s@%s", me.name, source_p->name, target_p->name, target_p->username, target_p->host); } if (MyClient(target_p)) { if (IsClient(source_p)) sendto_one(target_p, ":%s NOTICE %s :You are now %s@%s", me.name, target_p->name, target_p->username, target_p->host); clear_ban_cache_client(target_p); } }