/*
* m_samode
* parv[0] = sender
* parv[1] = channel
* parv[2] = modes
* -t
*/
DLLFUNC CMD_FUNC(m_samode)
{
aChannel *chptr;
if (!IsPrivileged(cptr) || !IsSAdmin(sptr))
{
sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
if (parc > 2)
{
chptr = find_channel(parv[1], NullChn);
if (chptr == NullChn)
return 0;
}
else
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS),
me.name, parv[0], "SAMODE");
return 0;
}
opermode = 0;
(void)do_mode(chptr, cptr, sptr, parc - 2, parv + 2, 0, 1);
return 0;
}
void IfConf (char *vifdev,char *vaddress,char *vnetmask,char *vbroadcast)
{ int sk, flags, metric, isnotsane = false;
Verbose("Assumed interface name: %s %s %s\n",vifdev,vnetmask,vbroadcast);
if (!IsPrivileged())
{
printf("%s: Only root can configure the net interface.\n",VPREFIX);
return;
}
if (vnetmask[0] == '\0')
{
CfLog(cferror,"Program does not define a subnetmask","");
return;
}
if (vbroadcast[0] == '\0')
{
CfLog(cferror,"Program does not define a broadcast mode for this host","");
return;
}
strcpy(IFR.ifr_name,vifdev);
IFR.ifr_addr.sa_family = AF_INET;
if ((sk = socket(AF_INET,SOCK_DGRAM,IPPROTO_IP)) == -1)
{
CfLog(cferror,"","socket");
FatalError("Error in IfConfig()");
}
if (ioctl(sk,SIOCGIFFLAGS, (caddr_t) &IFR) == -1) /* Get the device status flags */
{
CfLog(cferror,"No such network device","ioctl");
return;
}
flags = IFR.ifr_flags;
strcpy(IFR.ifr_name,vifdev); /* copy this each time */
if (ioctl(sk,SIOCGIFMETRIC, (caddr_t) &IFR) == -1) /* Get the routing priority */
{
CfLog(cferror,"","ioctl");
FatalError("Software error: error getting metric");
}
metric = IFR.ifr_metric;
isnotsane = GetIfStatus(sk,vifdev,vaddress,vnetmask,vbroadcast);
if (! DONTDO && isnotsane)
{
SetIfStatus(sk,vifdev,vaddress,vnetmask,vbroadcast);
GetIfStatus(sk,vifdev,vaddress,vnetmask,vbroadcast);
}
close(sk);
}
ULONG
SrvRegisterServicesProcess(
IN OUT PCSR_API_MSG m,
IN OUT PCSR_REPLY_STATUS ReplyStatus)
{
PRIVILEGE_SET psTcb = { 1, PRIVILEGE_SET_ALL_NECESSARY,
{ SE_TCB_PRIVILEGE, 0 }
};
BEGIN_LPC_RECV(REGISTERSERVICESPROCESS);
/*
* Allow only one services process and then only if it has TCB
* privilege.
*/
if (gdwServicesProcessId != 0 || !IsPrivileged(&psTcb)) {
SetLastError(ERROR_ACCESS_DENIED);
a->fSuccess = FALSE;
} else {
gdwServicesProcessId = a->dwProcessId;
a->fSuccess = TRUE;
}
END_LPC_RECV();
}
/*
* ms_rping - server message handler
* -- by Run
*
* parv[0] = sender (sptr->name thus)
* if sender is a person: (traveling towards start server)
* parv[1] = pinged server[mask]
* parv[2] = start server (current target)
* parv[3] = optional remark
* if sender is a server: (traveling towards pinged server)
* parv[1] = pinged server (current target)
* parv[2] = original sender (person)
* parv[3] = start time in s
* parv[4] = start time in us
* parv[5] = the optional remark
*/
int ms_rping(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct Client* destination = 0;
assert(0 != cptr);
assert(0 != sptr);
assert(IsServer(cptr));
/*
* shouldn't happen
*/
if (!IsPrivileged(sptr))
return 0;
if (IsServer(sptr)) {
if (parc < 6) {
/*
* PROTOCOL ERROR
*/
return need_more_params(sptr, "RPING");
}
if ((destination = FindNServer(parv[1]))) {
/*
* if it's not for me, pass it on
*/
if (IsMe(destination))
sendcmdto_one(&me, CMD_RPONG, sptr, "%s %s %s %s :%s", cli_name(sptr),
parv[2], parv[3], parv[4], parv[5]);
else
sendcmdto_one(sptr, CMD_RPING, destination, "%C %s %s %s :%s",
destination, parv[2], parv[3], parv[4], parv[5]);
}
}
else {
if (parc < 3) {
return need_more_params(sptr, "RPING");
}
/*
* Haven't made it to the start server yet, if I'm not the start server
* pass it on.
*/
if (hunt_server_cmd(sptr, CMD_RPING, cptr, 1, "%s %C :%s", 2, parc, parv)
!= HUNTED_ISME)
return 0;
/*
* otherwise ping the destination from here
*/
if ((destination = find_match_server(parv[1]))) {
assert(IsServer(destination) || IsMe(destination));
sendcmdto_one(&me, CMD_RPING, destination, "%C %C %s :%s", destination,
sptr, militime(0, 0), parv[3]);
}
else
send_reply(sptr, ERR_NOSUCHSERVER, parv[1]);
}
return 0;
}
/// Get the current RTOS Kernel state.
osKernelState_t osKernelGetState (void) {
osKernelState_t state;
if (IsPrivileged() || IsIrqMode() || IsIrqMasked()) {
state = svcRtxKernelGetState();
} else {
state = __svcKernelGetState();
}
return state;
}
/*
** m_zombies() by openglx
**
** m_ircops() By Claudio
** Rewritten by HAMLET
** Lists online IRCOps
**
*/
int m_zombies(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct Client *acptr;
char buf[BUFSIZE];
int zombies = 0;
if (!IsPrivileged(cptr))
{
sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
strcpy(buf, "========================================================================================");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
strcpy(buf, "\2Nick Hostname Server\2");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
strcpy(buf, "----------------------------------------------------------------------------------------");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
for (acptr = GlobalClientList; acptr; acptr = acptr->next)
{
if (!IsService(acptr) && !IsStealth(acptr) && IsZombie(acptr)) {
if (!acptr->user) continue;
/* vlinks on /IRCops
* code by openglx
* idea to this by Midnight_Commander
*/
if (acptr->user && acptr->user->vlink)
{
ircsprintf(buf, "\2%-29s\2 %s@%s %s", acptr->name ? acptr->name : "<unknown>",
acptr->username, acptr->realhost, acptr->user->vlink->name);
}
else
{
ircsprintf(buf, "\2%-29s\2 %-23s %s@%s", acptr->name ? acptr->name : "<unknown>",
acptr->username, acptr->realhost, acptr->user->server);
}
/* end of the vlink support code */
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], "-");
zombies++;
}
}
ircsprintf(buf, "Total: \2%d\2 Zombie%s connected", zombies,
zombies > 1 ? "s" : "");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
strcpy(buf, "========================================================================================");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
sendto_one(sptr, form_str(RPL_ENDOFLISTS), me.name, parv[0], "ZOMBIES");
return 0;
}
/// Get RTOS Kernel Information.
osStatus_t osKernelGetInfo (osVersion_t *version, char *id_buf, uint32_t id_size) {
osStatus_t status;
EvrRtxKernelGetInfo(version, id_buf, id_size);
if (IsPrivileged() || IsIrqMode() || IsIrqMasked()) {
status = svcRtxKernelGetInfo(version, id_buf, id_size);
} else {
status = __svcKernelGetInfo(version, id_buf, id_size);
}
return status;
}
void ActiveCmdAction::OnExecuteInThread()
{
// the file.
auto szFile = File();
// join the two items together.
std::vector<MYODD_STRING> argv;
argv.push_back( _T("cmd") );
auto arguments = myodd::strings::Format(_T("/c %s %s"), szFile.c_str(), GetCommandLine());
argv.push_back(arguments);
Execute(argv, IsPrivileged(), nullptr);
}
static void CheckAgentAccess(Rlist *list, const Rlist *input_files)
{
struct stat sb;
uid_t uid;
int access = false;
uid = getuid();
for (const Rlist *rp = list; rp != NULL; rp = rp->next)
{
if (Str2Uid(rp->item, NULL, NULL) == uid)
{
return;
}
}
for (const Rlist *rp = input_files; rp != NULL; rp = rp->next)
{
cfstat(rp->item, &sb);
if (ACCESSLIST)
{
for (const Rlist *rp2 = ACCESSLIST; rp2 != NULL; rp2 = rp2->next)
{
if (Str2Uid(rp2->item, NULL, NULL) == sb.st_uid)
{
access = true;
break;
}
}
if (!access)
{
CfOut(cf_error, "", "File %s is not owned by an authorized user (security exception)",
ScalarValue(rp));
exit(1);
}
}
else if (CFPARANOID && IsPrivileged())
{
if (sb.st_uid != getuid())
{
CfOut(cf_error, "", "File %s is not owned by uid %ju (security exception)", ScalarValue(rp),
(uintmax_t)getuid());
exit(1);
}
}
}
FatalError("You are denied access to run this policy");
}
/** Handle a STATS message from some connection.
*
* \a parv has the following elements:
* \li \a parv[1] is the statistics selector
* \li \a parv[2] (optional) is server to query
* \li \a parv[3] (optional) is a mask to filter the results
*
* If \a parv[1] is "l" (or "links"), \a parv[3] is a mask of servers.
* If \a parv[1] is "p" (or "P" or "ports"), \a parv[3] is a mask of
* ports. If \a parv[1] is "k" (or "K" or "klines" or "i" or "I" or
* "access"), \a parv[3] is a hostname with optional username@ prefix
* (for opers, hostmasks are allowed).
*
* See @ref m_functions for discussion of the arguments.
* @param[in] cptr Client that sent us the message.
* @param[in] sptr Original source of message.
* @param[in] parc Number of arguments.
* @param[in] parv Argument vector.
*/
int
m_stats(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
const struct StatDesc *sd;
char *param;
/* If we didn't find a descriptor, send them help */
if ((parc < 2) || !(sd = stats_find(parv[1])))
parv[1] = "*", sd = stats_find("*");
assert(sd != 0);
/* Check whether the client can issue this command. If source is
* not privileged (server or an operator), then the STAT_FLAG_OPERONLY
* flag must not be set, and if the STAT_FLAG_OPERFEAT flag is set,
* then the feature given by sd->sd_control must be off.
*
* This checks cptr rather than sptr so that a local oper may send
* /stats queries to other servers.
*/
if (!IsPrivileged(cptr) &&
((sd->sd_flags & STAT_FLAG_OPERONLY) ||
((sd->sd_flags & STAT_FLAG_OPERFEAT) && feature_bool(sd->sd_control))))
return send_reply(sptr, ERR_NOPRIVILEGES);
/* Check for extra parameter */
if ((sd->sd_flags & STAT_FLAG_VARPARAM) && parc > 3 && !EmptyString(parv[3]))
param = parv[3];
else
param = NULL;
/* Ok, track down who's supposed to get this... */
if (hunt_server_cmd(sptr, CMD_STATS, cptr, feature_int(FEAT_HIS_REMOTE),
param ? "%s %C :%s" : "%s :%C", 2, parc, parv) !=
HUNTED_ISME)
return 0; /* Someone else--cool :) */
/* Check if they are a local user */
if ((sd->sd_flags & STAT_FLAG_LOCONLY) && !MyUser(sptr))
return send_reply(sptr, ERR_NOPRIVILEGES);
assert(sd->sd_func != 0);
/* Ok, dispatch the stats function */
(*sd->sd_func)(sptr, sd, param);
/* Done sending them the stats */
return send_reply(sptr, RPL_ENDOFSTATS, parv[1]);
}
void ActiveDefaultAction::OnExecuteInThread()
{
// we need to log that we are going to run this as a default.
// we should always try and create an ActiveAction for each known extensions.
// otherwise, who knows how this will run, (for example and swf extension might not be able to run).
auto szFile = File();
auto szExt = myodd::files::GetExtension( szFile );;
auto szCommand = Command();
myodd::log::LogWarning(_T("Will try and execute the command '%s' from file '%s'"), szExt.c_str(), szCommand.c_str());
// join the two items together.
std::vector<MYODD_STRING> argv;
argv.push_back( szFile);
argv.push_back( GetCommandLine() );
Execute(argv, IsPrivileged(), nullptr );
}
/*
* ms_clearmode - server message handler
*
* parv[0] = Send prefix
* parv[1] = Channel name
* parv[2] = Control string
*/
int
ms_clearmode(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct Channel *chptr;
if (parc < 3)
return need_more_params(sptr, "CLEARMODE");
if (!IsPrivileged(sptr)) {
protocol_violation(sptr,"No privileges on source for CLEARMODE, desync?");
return send_reply(sptr, ERR_NOPRIVILEGES);
}
if (!IsChannelName(parv[1]) || IsLocalChannel(parv[1]) ||
!(chptr = FindChannel(parv[1])))
return send_reply(sptr, ERR_NOSUCHCHANNEL, parv[1]);
return do_clearmode(cptr, sptr, chptr, parv[2]);
}
/* m_setname - for SETNAME command
* allow users to change it's real name
* -- openglx, on a boring 25/12/2003
*/
int m_setname(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
{
struct Client *acptr = sptr;
char *newname = parv[1];
char *mename = me.name;
if(acptr->user && acptr->user->vlink)
mename = acptr->user->vlink->name;
if (!AllowSetNameToEveryone && !IsPrivileged(sptr))
{
sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
if (parc<2 || EmptyString(parv[1]))
{
if(MyClient(sptr))
sendto_one(sptr, ":%s NOTICE %s :*** Syntax: /SETNAME <real name>", mename, parv[0]);
return 0;
}
if (strlen(newname) > REALLEN) /* just to be sure */
{
if(MyClient(sptr))
sendto_one(sptr, ":%s NOTICE %s :*** SETNAME: select a real name under %d chars",
mename, acptr->name, REALLEN);
return 0;
}
strcpy(acptr->info, newname);
sendto_serv_butone(cptr, ":%s SETNAME :%s", parv[0], newname);
if (MyClient(acptr))
sendto_one(acptr, ":%s NOTICE %s :*** New real name set: \2%s\2", mename, acptr->name,
acptr->info);
return 0; /* I wonder why shouldn't this be 1 */
}
/*
** m_lost()
** parv[0] = sender
**
*/
int m_lost(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct Client *acptr;
char buf[BUFSIZE];
int lost = 0;
if (!IsPrivileged(cptr))
{
sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
strcpy(buf, "========================================================================================");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
strcpy(buf, "\2User\2");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
strcpy(buf, "----------------------------------------------------------------------------------------");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
for (acptr = GlobalClientList; acptr; acptr = acptr->next)
{
if (IsService(acptr) || IsStealth(acptr) || IsAnOper(acptr) ||
IsIdentified(acptr))
continue;
if (!acptr->user || (acptr->user->channel != NULL))
continue;
ircsprintf(buf, "\2%-29s\2 %-23s %s", acptr->name ? acptr->name : "<unknown>",
acptr->user->away ? "(AWAY)" : "", acptr->user->server);
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
lost++;
}
strcpy(buf, "========================================================================================");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
ircsprintf(buf, "Total: \2%d\2 Lost Users", lost);
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
sendto_one(sptr, form_str(RPL_ENDOFLISTS), me.name, parv[0], "LOST.");
return 0;
}
static void MakeLog(Item *mess, enum cfreport level)
{
Item *ip;
if (!IsPrivileged() || DONTDO)
{
return;
}
/* If we can't mutex it could be dangerous to proceed with threaded file descriptors */
if (!ThreadLock(cft_output))
{
return;
}
for (ip = mess; ip != NULL; ip = ip->next)
{
switch (level)
{
case cf_inform:
case cf_reporting:
case cf_cmdout:
syslog(LOG_NOTICE, " %s", ip->name);
break;
case cf_verbose:
syslog(LOG_INFO, " %s", ip->name);
break;
case cf_error:
syslog(LOG_ERR, " %s", ip->name);
break;
default:
break;
}
}
ThreadUnlock(cft_output);
}
static void SystemLog(Item *mess, OutputLevel level)
{
Item *ip;
if ((!IsPrivileged()) || DONTDO)
{
return;
}
/* If we can't mutex it could be dangerous to proceed with threaded file descriptors */
if (!ThreadLock(cft_output))
{
return;
}
for (ip = mess; ip != NULL; ip = ip->next)
{
switch (level)
{
case OUTPUT_LEVEL_INFORM:
case OUTPUT_LEVEL_REPORTING:
case OUTPUT_LEVEL_CMDOUT:
syslog(LOG_NOTICE, " %s", ip->name);
break;
case OUTPUT_LEVEL_VERBOSE:
syslog(LOG_INFO, " %s", ip->name);
break;
case OUTPUT_LEVEL_ERROR:
syslog(LOG_ERR, " %s", ip->name);
break;
default:
break;
}
}
ThreadUnlock(cft_output);
}
/*
* m_squit - SQUIT message handler
* parv[0] = sender prefix
* parv[1] = server name
* parv[2] = comment
*/
int m_squit(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
{
struct ConfItem* aconf;
char* server;
struct Client* acptr;
char *comment = (parc > 2 && parv[2]) ? parv[2] : cptr->name;
if (!IsPrivileged(sptr))
{
sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
if (parc > 1)
{
server = parv[1];
/*
** To accomodate host masking, a squit for a masked server
** name is expanded if the incoming mask is the same as
** the server name for that link to the name of link.
*/
while ((*server == '*') && IsServer(cptr))
{
aconf = cptr->serv->nline;
if (!aconf)
break;
if (!irccmp(server, my_name_for_link(me.name, aconf)))
server = cptr->name;
break; /* WARNING is normal here */
/* NOTREACHED */
}
/*
** The following allows wild cards in SQUIT. Only useful
** when the command is issued by an oper.
*/
for (acptr = GlobalClientList; (acptr = next_client(acptr, server));
acptr = acptr->next)
if (IsServer(acptr) || IsMe(acptr))
break;
if (acptr && IsMe(acptr))
{
acptr = cptr;
server = cptr->name;
}
}
else
{
/*
** This is actually protocol error. But, well, closing
** the link is very proper answer to that...
**
** Closing the client's connection probably wouldn't do much
** good.. any oper out there should know that the proper way
** to disconnect is /QUIT :)
**
** its still valid if its not a local client, its then
** a protocol error for sure -Dianora
*/
if(MyClient(sptr))
{
sendto_one(sptr, form_str(ERR_NEEDMOREPARAMS),
me.name, parv[0], "SQUIT");
return 0;
}
else
{
server = cptr->host;
acptr = cptr;
}
}
/*
** SQUIT semantics is tricky, be careful...
**
** The old (irc2.2PL1 and earlier) code just cleans away the
** server client from the links (because it is never true
** "cptr == acptr".
**
** This logic here works the same way until "SQUIT host" hits
** the server having the target "host" as local link. Then it
** will do a real cleanup spewing SQUIT's and QUIT's to all
** directions, also to the link from which the orinal SQUIT
** came, generating one unnecessary "SQUIT host" back to that
** link.
**
** One may think that this could be implemented like
** "hunt_server" (e.g. just pass on "SQUIT" without doing
** nothing until the server having the link as local is
** reached). Unfortunately this wouldn't work in the real life,
** because either target may be unreachable or may not comply
** with the request. In either case it would leave target in
** links--no command to clear it away. So, it's better just
** clean out while going forward, just to be sure.
**
** ...of course, even better cleanout would be to QUIT/SQUIT
** dependant users/servers already on the way out, but
** currently there is not enough information about remote
** clients to do this... --msa
*/
if (!acptr)
{
sendto_one(sptr, form_str(ERR_NOSUCHSERVER),
me.name, parv[0], server);
return 0;
}
if (IsLocOp(sptr) && !MyConnect(acptr))
{
sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
if (MyClient(sptr) && !IsOperRemote(sptr) && !MyConnect(acptr))
{
sendto_one(sptr,":%s NOTICE %s :You have no R flag",me.name,parv[0]);
return 0;
}
/*
** Notify all opers, if my local link is remotely squitted
*/
if (MyConnect(acptr) && !IsAnOper(cptr))
{
sendto_ops_butone(NULL, &me,
":%s WALLOPS :Received SQUIT %s from %s (%s)",
me.name, server, get_client_name(sptr,FALSE), comment);
log(L_TRACE, "SQUIT From %s : %s (%s)", parv[0], server, comment);
}
else if (MyConnect(acptr))
sendto_ops("Received SQUIT %s from %s (%s)",
acptr->name, get_client_name(sptr,FALSE), comment);
return exit_client(cptr, acptr, sptr, comment);
}
/*
** m_kill
** parv[0] = sender prefix
** parv[1] = kill victim(s) - comma separated list
** parv[2] = kill path
*/
DLLFUNC int m_kill(aClient *cptr, aClient *sptr, int parc, char *parv[])
{
aClient *acptr;
anUser *auser;
char inpath[HOSTLEN * 2 + USERLEN + 5];
char *oinpath = get_client_name(cptr, FALSE);
char *user, *path, *killer, *nick, *p, *s;
int chasing = 0, kcount = 0;
if (parc < 2 || *parv[1] == '\0')
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS),
me.name, parv[0], "KILL");
return 0;
}
user = parv[1];
path = parv[2]; /* Either defined or NULL (parc >= 2!!) */
strlcpy(inpath, oinpath, sizeof inpath);
#ifndef ROXnet
if (IsServer(cptr) && (s = (char *)index(inpath, '.')) != NULL)
*s = '\0'; /* Truncate at first "." */
#endif
if (!IsPrivileged(cptr))
{
sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
if (IsAnOper(cptr))
{
if (BadPtr(path))
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS),
me.name, parv[0], "KILL");
return 0;
}
if (strlen(path) > (size_t)TOPICLEN)
path[TOPICLEN] = '\0';
}
if (MyClient(sptr))
user = (char *)canonize(user);
for (p = NULL, nick = strtoken(&p, user, ","); nick;
nick = strtoken(&p, NULL, ","))
{
chasing = 0;
if (!(acptr = find_client(nick, NULL)))
{
/*
** If the user has recently changed nick, we automaticly
** rewrite the KILL for this new nickname--this keeps
** servers in synch when nick change and kill collide
*/
if (!(acptr =
get_history(nick, (long)KILLCHASETIMELIMIT)))
{
sendto_one(sptr, err_str(ERR_NOSUCHNICK),
me.name, parv[0], nick);
continue;
}
sendto_one(sptr,
":%s %s %s :*** KILL changed from %s to %s",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], nick, acptr->name);
chasing = 1;
}
if ((!MyConnect(acptr) && MyClient(cptr) && !OPCanGKill(cptr))
|| (MyConnect(acptr) && MyClient(cptr)
&& !OPCanLKill(cptr)))
{
sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name,
parv[0]);
continue;
}
if (IsServer(acptr) || IsMe(acptr))
{
sendto_one(sptr, err_str(ERR_CANTKILLSERVER),
me.name, parv[0]);
continue;
}
if (!IsPerson(acptr))
{
/* Nick exists but user is not registered yet: IOTW "doesn't exist". -- Syzop */
sendto_one(sptr, err_str(ERR_NOSUCHNICK),
me.name, parv[0], nick);
continue;
}
if (IsServices(acptr) && !(IsNetAdmin(sptr) || IsULine(sptr)))
{
sendto_one(sptr, err_str(ERR_KILLDENY), me.name,
parv[0], parv[1]);
return 0;
}
/* From here on, the kill is probably going to be successful. */
kcount++;
if (!IsServer(sptr) && (kcount > MAXKILLS))
{
sendto_one(sptr,
":%s %s %s :*** Too many targets, kill list was truncated. Maximum is %d.",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], MAXKILLS);
break;
}
if (!IsServer(cptr))
{
/*
** The kill originates from this server, initialize path.
** (In which case the 'path' may contain user suplied
** explanation ...or some nasty comment, sigh... >;-)
**
** ...!operhost!oper
** ...!operhost!oper (comment)
*/
strlcpy(inpath, GetHost(cptr), sizeof inpath);
if (kcount < 2) { /* Only check the path the first time
around, or it gets appended to itself. */
if (!BadPtr(path))
{
(void)ircsprintf(buf, "%s%s (%s)",
cptr->name,
IsOper(sptr) ? "" : "(L)", path);
path = buf;
}
else
path = cptr->name;
}
}
else if (BadPtr(path))
path = "*no-path*"; /* Bogus server sending??? */
/*
** Notify all *local* opers about the KILL (this includes the one
** originating the kill, if from this server--the special numeric
** reply message is not generated anymore).
**
** Note: "acptr->name" is used instead of "user" because we may
** have changed the target because of the nickname change.
*/
auser = acptr->user;
sendto_snomask_normal(SNO_KILLS,
"*** Notice -- Received KILL message for %s!%s@%s from %s Path: %s!%s",
acptr->name, auser->username,
IsHidden(acptr) ? auser->virthost : auser->realhost,
parv[0], inpath, path);
#if defined(USE_SYSLOG) && defined(SYSLOG_KILL)
if (IsOper(sptr))
syslog(LOG_DEBUG, "KILL From %s For %s Path %s!%s",
parv[0], acptr->name, inpath, path);
#endif
/*
* By otherguy
*/
ircd_log
(LOG_KILL, "KILL (%s) by %s(%s!%s)",
make_nick_user_host
(acptr->name, acptr->user->username, GetHost(acptr)),
parv[0],
inpath,
path);
/*
** And pass on the message to other servers. Note, that if KILL
** was changed, the message has to be sent to all links, also
** back.
** Suicide kills are NOT passed on --SRB
*/
if (!MyConnect(acptr) || !MyConnect(sptr) || !IsAnOper(sptr))
{
sendto_serv_butone(cptr, ":%s KILL %s :%s!%s",
parv[0], acptr->name, inpath, path);
if (chasing && IsServer(cptr))
sendto_one(cptr, ":%s KILL %s :%s!%s",
me.name, acptr->name, inpath, path);
acptr->flags |= FLAGS_KILLED;
}
/*
** Tell the victim she/he has been zapped, but *only* if
** the victim is on current server--no sense in sending the
** notification chasing the above kill, it won't get far
** anyway (as this user don't exist there any more either)
*/
if (MyConnect(acptr))
sendto_prefix_one(acptr, sptr, ":%s KILL %s :%s!%s",
parv[0], acptr->name, inpath, path);
/*
** Set FLAGS_KILLED. This prevents exit_one_client from sending
** the unnecessary QUIT for this. (This flag should never be
** set in any other place)
*/
if (MyConnect(acptr) && MyConnect(sptr) && IsAnOper(sptr))
(void)ircsprintf(buf2, "[%s] Local kill by %s (%s)",
me.name, sptr->name,
BadPtr(parv[2]) ? sptr->name : parv[2]);
else
{
if ((killer = index(path, ' ')))
{
while ((killer >= path) && *killer && *killer != '!')
killer--;
if (!*killer)
killer = path;
else
killer++;
}
else
killer = path;
(void)ircsprintf(buf2, "Killed (%s)", killer);
}
if (MyClient(sptr))
RunHook3(HOOKTYPE_LOCAL_KILL, sptr, acptr, parv[2]);
if (exit_client(cptr, acptr, sptr, buf2) == FLUSH_BUFFER)
return FLUSH_BUFFER;
}
return 0;
}
static int VerifyMountPromise(EvalContext *ctx, char *name, Attributes a, Promise *pp)
{
char *options;
char dir[CF_BUFSIZE];
int changes = 0;
CfOut(OUTPUT_LEVEL_VERBOSE, "", " -> Verifying mounted file systems on %s\n", name);
snprintf(dir, CF_BUFSIZE, "%s/.", name);
if (!IsPrivileged())
{
cfPS(ctx, OUTPUT_LEVEL_ERROR, PROMISE_RESULT_INTERRUPTED, "", pp, a, "Only root can mount filesystems.\n");
return false;
}
options = Rlist2String(a.mount.mount_options, ",");
if (!FileSystemMountedCorrectly(MOUNTEDFSLIST, name, options, a))
{
if (!a.mount.unmount)
{
if (!MakeParentDirectory(dir, a.move_obstructions))
{
}
if (a.mount.editfstab)
{
changes += VerifyInFstab(ctx, name, a, pp);
}
else
{
cfPS(ctx, OUTPUT_LEVEL_INFORM, PROMISE_RESULT_FAIL, "", pp, a,
" -> Filesystem %s was not mounted as promised, and no edits were promised in %s\n", name,
VFSTAB[VSYSTEMHARDCLASS]);
// Mount explicitly
VerifyMount(ctx, name, a, pp);
}
}
else
{
if (a.mount.editfstab)
{
changes += VerifyNotInFstab(ctx, name, a, pp);
}
}
if (changes)
{
CF_MOUNTALL = true;
}
}
else
{
if (a.mount.unmount)
{
VerifyUnmount(ctx, name, a, pp);
if (a.mount.editfstab)
{
VerifyNotInFstab(ctx, name, a, pp);
}
}
else
{
cfPS(ctx, OUTPUT_LEVEL_INFORM, PROMISE_RESULT_NOOP, "", pp, a, " -> Filesystem %s seems to be mounted as promised\n", name);
}
}
free(options);
return true;
}
/***********************************************************************
* m_connect() - Added by Jto 11 Feb 1989
***********************************************************************//*
** m_connect
** parv[0] = sender prefix
** parv[1] = servername
** parv[2] = port number
** parv[3] = remote server
*/
DLLFUNC CMD_FUNC(m_connect)
{
int port, tmpport, retval;
ConfigItem_link *aconf;
ConfigItem_deny_link *deny;
aClient *acptr;
if (!IsPrivileged(sptr))
{
sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return -1;
}
if (MyClient(sptr) && !OPCanGRoute(sptr) && parc > 3)
{ /* Only allow LocOps to make */
/* local CONNECTS --SRB */
sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
if (MyClient(sptr) && !OPCanLRoute(sptr) && parc <= 3)
{
sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
if (hunt_server_token(cptr, sptr, MSG_CONNECT, TOK_CONNECT, "%s %s :%s",
3, parc, parv) != HUNTED_ISME)
return 0;
if (parc < 2 || *parv[1] == '\0')
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS),
me.name, parv[0], "CONNECT");
return -1;
}
if ((acptr = find_server_quick(parv[1])))
{
sendto_one(sptr, ":%s %s %s :*** Connect: Server %s %s %s.",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], parv[1], "already exists from",
acptr->from->name);
return 0;
}
for (aconf = conf_link; aconf; aconf = (ConfigItem_link *) aconf->next)
if (!match(parv[1], aconf->servername))
break;
/* Checked first servernames, then try hostnames. */
if (!aconf)
{
sendto_one(sptr,
":%s %s %s :*** Connect: Server %s is not configured for linking", me.name,
IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], parv[1]);
return 0;
}
/*
** Get port number from user, if given. If not specified,
** use the default form configuration structure. If missing
** from there, then use the precompiled default.
*/
tmpport = port = aconf->port;
if (parc > 2 && !BadPtr(parv[2]))
{
if ((port = atoi(parv[2])) <= 0)
{
sendto_one(sptr,
":%s %s %s :*** Connect: Illegal port number", me.name,
IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0]);
return 0;
}
}
else if (port <= 0 && (port = PORTNUM) <= 0)
{
sendto_one(sptr, ":%s %s %s :*** Connect: missing port number",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0]);
return 0;
}
/* Evaluate deny link */
for (deny = conf_deny_link; deny; deny = (ConfigItem_deny_link *) deny->next) {
if (deny->flag.type == CRULE_ALL && !match(deny->mask, aconf->servername)
&& crule_eval(deny->rule)) {
sendto_one(sptr,
":%s %s %s :*** Connect: Disallowed by connection rule",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0]);
return 0;
}
}
if (strchr(aconf->hostname, '*') != NULL || strchr(aconf->hostname, '?') != NULL)
{
sendto_one(sptr,
":%s %s %s :*** Connect: You cannot connect to a server with wildcards (* and ?) in the hostname",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0]);
return 0;
}
/*
** Notify all operators about remote connect requests
*/
if (!IsAnOper(cptr))
{
sendto_serv_butone(&me,
":%s GLOBOPS :Remote CONNECT %s %s from %s",
me.name, parv[1], parv[2] ? parv[2] : "",
get_client_name(sptr, FALSE));
}
/* Interesting */
aconf->port = port;
switch (retval = connect_server(aconf, sptr, NULL))
{
case 0:
sendto_one(sptr,
":%s %s %s :*** Connecting to %s[%s].",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], aconf->servername, aconf->hostname);
break;
case -1:
sendto_one(sptr, ":%s %s %s :*** Couldn't connect to %s.",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], aconf->servername);
break;
case -2:
sendto_one(sptr, ":%s %s %s :*** Resolving hostname '%s'...",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], aconf->hostname);
break;
default:
sendto_one(sptr,
":%s %s %s :*** Connection to %s failed: %s",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], aconf->servername, STRERROR(retval));
}
aconf->port = tmpport;
return 0;
}
static int VerifyMountPromise(char *name, Attributes a, Promise *pp, const ReportContext *report_context)
{
char *options;
char dir[CF_BUFSIZE];
int changes = 0;
CfOut(cf_verbose, "", " -> Verifying mounted file systems on %s\n", name);
snprintf(dir, CF_BUFSIZE, "%s/.", name);
if (!IsPrivileged())
{
cfPS(cf_error, CF_INTERPT, "", pp, a, "Only root can mount filesystems.\n");
return false;
}
options = Rlist2String(a.mount.mount_options, ",");
if (!FileSystemMountedCorrectly(MOUNTEDFSLIST, name, options, a, pp))
{
if (!a.mount.unmount)
{
if (!MakeParentDirectory(dir, a.move_obstructions, report_context))
{
}
if (a.mount.editfstab)
{
changes += VerifyInFstab(name, a, pp);
}
else
{
cfPS(cf_inform, CF_FAIL, "", pp, a,
" -> Filesystem %s was not mounted as promised, and no edits were promised in %s\n", name,
VFSTAB[VSYSTEMHARDCLASS]);
// Mount explicitly
VerifyMount(name, a, pp);
}
}
else
{
if (a.mount.editfstab)
{
changes += VerifyNotInFstab(name, a, pp);
}
}
if (changes)
{
CF_MOUNTALL = true;
}
}
else
{
if (a.mount.unmount)
{
VerifyUnmount(name, a, pp);
if (a.mount.editfstab)
{
VerifyNotInFstab(name, a, pp);
}
}
else
{
cfPS(cf_inform, CF_NOP, "", pp, a, " -> Filesystem %s seems to be mounted as promised\n", name);
}
}
free(options);
return true;
}
NTSTATUS InitiateShutdown(
PETHREAD Thread,
PULONG lpdwFlags)
{
static PRIVILEGE_SET psShutdown = {
1, PRIVILEGE_SET_ALL_NECESSARY, { SE_SHUTDOWN_PRIVILEGE, 0 }
};
PEPROCESS Process;
LUID luidCaller;
LUID luidSystem = SYSTEM_LUID;
PPROCESSINFO ppi;
PWINDOWSTATION pwinsta;
HWINSTA hwinsta;
PTHREADINFO ptiClient;
NTSTATUS Status;
DWORD dwFlags;
/*
* Find out the callers sid. Only want to shutdown processes in the
* callers sid.
*/
Process = THREAD_TO_PROCESS(Thread);
ptiClient = PtiFromThread(Thread);
Status = GetProcessLuid(Thread, &luidCaller);
if (!NT_SUCCESS(Status)) {
return Status;
}
/*
* Set the system flag if the caller is a system process.
* Winlogon uses this to determine in which context to perform
* a shutdown operation.
*/
dwFlags = *lpdwFlags;
if (RtlEqualLuid(&luidCaller, &luidSystem)) {
dwFlags |= EWX_SYSTEM_CALLER;
} else {
dwFlags &= ~EWX_SYSTEM_CALLER;
}
/*
* Find a windowstation. If the process does not have one
* assigned, use the standard one.
*/
ppi = PpiFromProcess(Process);
if (ppi == NULL) {
/*
* We ran into a case where the thread was terminated and had already
* been cleaned up by USER. Thus, the ppi and ptiClient was NULL.
*/
return STATUS_INVALID_HANDLE;
}
pwinsta = ppi->rpwinsta;
hwinsta = ppi->hwinsta;
/*
* If we're not being called by Winlogon, validate the call and
* notify the logon process to do the actual shutdown.
*/
if (Thread->Cid.UniqueProcess != gpidLogon) {
dwFlags &= ~EWX_WINLOGON_CALLER;
*lpdwFlags = dwFlags;
if (pwinsta == NULL) {
#ifndef LATER
return STATUS_INVALID_HANDLE;
#else
hwinsta = ppi->pOpenObjectTable[HI_WINDOWSTATION].h;
if (hwinsta == NULL) {
return STATUS_INVALID_HANDLE;
}
pwinsta = (PWINDOWSTATION)ppi->pOpenObjectTable[HI_WINDOWSTATION].phead;
#endif
}
/*
* Check security first - does this thread have access?
*/
if (!RtlAreAllAccessesGranted(ppi->amwinsta, WINSTA_EXITWINDOWS)) {
return STATUS_ACCESS_DENIED;
}
/*
* If the client requested shutdown, reboot, or poweroff they must have
* the shutdown privilege.
*/
if (dwFlags & EWX_SHUTDOWN) {
if (!IsPrivileged(&psShutdown) ) {
return STATUS_PRIVILEGE_NOT_HELD;
}
} else {
/*
* If this is a non-IO windowstation and we are not shutting down,
* fail the call.
*/
if (pwinsta->dwFlags & WSF_NOIO) {
return STATUS_INVALID_DEVICE_REQUEST;
}
}
}
/*
* Is there a shutdown already in progress?
*/
if (dwThreadEndSession != 0) {
DWORD dwNew;
/*
* Calculate new flags
*/
dwNew = dwFlags & OPTIONMASK & (~gdwShutdownFlags);
/*
* Should we override the other shutdown? Make sure
* winlogon does not recurse.
*/
if (dwNew && (DWORD)PsGetCurrentThread()->Cid.UniqueThread !=
dwThreadEndSession) {
/*
* Only one windowstation can be logged off at a time.
*/
if (!(dwFlags & EWX_SHUTDOWN) &&
pwinsta != gpwinstaLogoff) {
return STATUS_DEVICE_BUSY;
}
/*
* Set the new flags
*/
gdwShutdownFlags = dwFlags;
if (dwNew & EWX_FORCE) {
return STATUS_RETRY;
} else {
return STATUS_PENDING;
}
} else {
/*
* Don't override
*/
return STATUS_PENDING;
}
}
/*
* If the caller is not winlogon, signal winlogon to start
* the real shutdown.
*/
if (Thread->Cid.UniqueProcess != gpidLogon) {
if (dwFlags & EWX_NOTIFY) {
if (ptiClient && ptiClient->TIF_flags & TIF_16BIT)
gptiShutdownNotify = ptiClient;
dwFlags &= ~EWX_NOTIFY;
*lpdwFlags = dwFlags;
}
if (NotifyLogon(pwinsta, &luidCaller, dwFlags))
return STATUS_PENDING;
else if (ptiClient && ptiClient->cWindows)
return STATUS_CANT_WAIT;
}
/*
* Mark this thread as the one that is currently processing
* exit windows, and set the global saying someone is exiting
*/
dwFlags |= EWX_WINLOGON_CALLER;
*lpdwFlags = dwFlags;
gdwShutdownFlags = dwFlags;
dwThreadEndSession = (DWORD)PsGetCurrentThread()->Cid.UniqueThread;
gpwinstaLogoff = pwinsta;
pwinsta->luidEndSession = luidCaller;
/*
* Lock the windowstation to prevent apps from starting
* while we're doing shutdown processing.
*/
gdwLocks = pwinsta->dwFlags & (WSF_SWITCHLOCK | WSF_OPENLOCK);
pwinsta->dwFlags |= (WSF_OPENLOCK | WSF_SHUTDOWN);
return STATUS_SUCCESS;
}
/*
* m_connect - CONNECT command handler
*
* Added by Jto 11 Feb 1989
*
* m_connect
* parv[0] = sender prefix
* parv[1] = servername
* parv[2] = port number
* parv[3] = remote server
*/
int m_connect(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
int port;
int tmpport;
struct ConfItem* aconf;
struct Client* acptr;
if (!IsPrivileged(sptr))
{
sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return -1;
}
if (IsLocOp(sptr) && parc > 3) {
/*
* Only allow LocOps to make local CONNECTS --SRB
*/
return 0;
}
if (MyConnect(sptr) && !IsOperRemote(sptr) && parc > 3)
{
sendto_one(sptr,":%s NOTICE %s :You have no R flag", me.name, parv[0]);
return 0;
}
if (hunt_server(cptr, sptr,
":%s CONNECT %s %s :%s", 3, parc, parv) != HUNTED_ISME)
return 0;
if (parc < 2 || *parv[1] == '\0')
{
sendto_one(sptr, form_str(ERR_NEEDMOREPARAMS),
me.name, parv[0], "CONNECT");
return -1;
}
if ((acptr = find_server(parv[1])))
{
sendto_one(sptr, ":%s NOTICE %s :Connect: Server %s %s %s.",
me.name, parv[0], parv[1], "already exists from",
acptr->from->name);
return 0;
}
/*
* try to find the name, then host, if both fail notify ops and bail
*/
if (!(aconf = find_conf_by_name(parv[1], CONF_CONNECT_SERVER))) {
#ifndef HIDE_SERVERS_IPS
if (!(aconf = find_conf_by_host(parv[1], CONF_CONNECT_SERVER))) {
#endif
sendto_one(sptr,
"NOTICE %s :Connect: Host %s not listed in ircd.conf",
parv[0], parv[1]);
return 0;
#ifndef HIDE_SERVERS_IPS
}
#endif
}
assert(0 != aconf);
/*
* Get port number from user, if given. If not specified,
* use the default form configuration structure. If missing
* from there, then use the precompiled default.
*/
tmpport = port = aconf->port;
if (parc > 2 && !EmptyString(parv[2]))
{
#ifdef NEG_PORT
if ((port = atoi(parv[2])) < 0)
#else
if ((port = atoi(parv[2])) <= 0)
#endif
{
sendto_one(sptr, "NOTICE %s :Connect: Illegal port number",
parv[0]);
return 0;
}
}
#ifdef NEG_PORT
else if (port < 0 && (port = PORTNUM) <= 0)
#else
else if (port <= 0 && (port = PORTNUM) <= 0)
#endif
{
sendto_one(sptr, ":%s NOTICE %s :Connect: missing port number",
me.name, parv[0]);
return 0;
}
#ifdef NEG_PORT
if (port == 0)
port = tmpport; /* From conf */
if (port == 0)
port = PORTNUM; /* Default if there wasn't one set in conf */
#endif
/*
* Notify all operators about remote connect requests
*/
if (!IsAnOper(cptr))
{
sendto_ops_butone(NULL, &me,
":%s WALLOPS :Remote CONNECT %s %s from %s",
me.name, parv[1], parv[2] ? parv[2] : "",
get_client_name(sptr, FALSE));
irclog(L_TRACE, "CONNECT From %s : %s %s",
parv[0], parv[1], parv[2] ? parv[2] : "");
}
aconf->port = port;
/*
* at this point we should be calling connect_server with a valid
* C:line and a valid port in the C:line
*/
if (connect_server(aconf, sptr, 0))
#if (defined SERVERHIDE) || (defined HIDE_SERVERS_IPS)
sendto_one(sptr, ":%s NOTICE %s :*** Connecting to %s[%s].%d",
me.name, parv[0], "255.255.255.255", aconf->name, aconf->port);
else
sendto_one(sptr, ":%s NOTICE %s :*** Couldn't connect to %s.%d",
me.name, parv[0], "255.255.255.255",aconf->port);
#else
sendto_one(sptr, ":%s NOTICE %s :*** Connecting to %s[%s].%d",
me.name, parv[0], aconf->host, aconf->name, aconf->port);
else
void SetDefaultRoute()
{ int sk, defaultokay = 1;
struct sockaddr_in sindst,singw;
char oldroute[INET_ADDRSTRLEN];
char routefmt[CF_MAXVARSIZE];
/* These OSes have these structs defined but use the route command */
# if defined DARWIN || defined FREEBSD || defined OPENBSD || defined SOLARIS
# undef HAVE_RTENTRY
# undef HAVE_ORTENTRY
# endif
# ifdef HAVE_ORTENTRY
struct ortentry route;
# else
# if HAVE_RTENTRY
struct rtentry route;
# endif
# endif
FILE *pp;
Verbose("Looking for a default route...\n");
if (!IsPrivileged())
{
snprintf(OUTPUT,CF_BUFSIZE*2,"Only root can set a default route.");
CfLog(cfinform,OUTPUT,"");
return;
}
if (VDEFAULTROUTE == NULL)
{
Verbose("cfengine: No default route is defined. Ignoring the routing tables.\n");
return;
}
if ((pp = cfpopen(VNETSTAT[VSYSTEMHARDCLASS],"r")) == NULL)
{
snprintf(OUTPUT,CF_BUFSIZE*2,"Failed to open pipe from %s\n",VNETSTAT[VSYSTEMHARDCLASS]);
CfLog(cferror,OUTPUT,"popen");
return;
}
while (!feof(pp))
{
ReadLine(VBUFF,CF_BUFSIZE,pp);
Debug("LINE: %s = %s?\n",VBUFF,VDEFAULTROUTE->name);
if ((strncmp(VBUFF,"default",7) == 0)||(strncmp(VBUFF,"0.0.0.0",7) == 0))
{
/* extract the default route */
/* format: default|0.0.0.0 <whitespace> route <whitespace> etc */
if ((sscanf(VBUFF, "%*[default0. ]%s%*[ ]", &oldroute)) == 1)
{
if ((strncmp(VDEFAULTROUTE->name, oldroute, INET_ADDRSTRLEN)) == 0)
{
Verbose("cfengine: default route is already set to %s\n",VDEFAULTROUTE->name);
defaultokay = 1;
break;
}
else
{
Verbose("cfengine: default route is set to %s, but should be %s.\n",oldroute,VDEFAULTROUTE->name);
defaultokay = 2;
break;
}
}
}
else
{
Debug("No default route is yet registered\n");
defaultokay = 0;
}
}
cfpclose(pp);
if (defaultokay == 1)
{
Verbose("Default route is set and agrees with conditional policy\n");
return;
}
if (defaultokay == 0)
{
AddMultipleClasses("no_default_route");
}
if (IsExcluded(VDEFAULTROUTE->classes))
{
Verbose("cfengine: No default route is applicable. Ignoring the routing tables.\n");
return;
}
CfLog(cferror,"The default route is incorrect, trying to correct\n","");
if ( strcmp(VROUTE[VSYSTEMHARDCLASS], "-") != 0 )
{
Debug ("Using route shell commands to set default route\n");
if (defaultokay == 2)
{
if (! DONTDO)
{
/* get the route command and the format for the delete argument */
snprintf(routefmt,CF_MAXVARSIZE,"%s %s",VROUTE[VSYSTEMHARDCLASS],VROUTEDELFMT[VSYSTEMHARDCLASS]);
snprintf(VBUFF,CF_MAXVARSIZE,routefmt,"default",VDEFAULTROUTE->name);
if (ShellCommandReturnsZero(VBUFF,false))
{
CfLog(cfinform,"Removing old default route","");
CfLog(cfinform,VBUFF,"");
}
else
{
CfLog(cferror,"Error removing route","");
}
}
}
if (! DONTDO)
{
snprintf(routefmt,CF_MAXVARSIZE,"%s %s",VROUTE[VSYSTEMHARDCLASS],VROUTEADDFMT[VSYSTEMHARDCLASS]);
snprintf(VBUFF,CF_MAXVARSIZE,routefmt,"default",VDEFAULTROUTE->name);
if (ShellCommandReturnsZero(VBUFF,false))
{
CfLog(cfinform,"Setting default route","");
CfLog(cfinform,VBUFF,"");
}
else
{
CfLog(cferror,"Error setting route","");
}
}
return;
}
else
{
#if defined HAVE_RTENTRY || defined HAVE_ORTENTRY
Debug ("Using route ioctl to set default route\n");
if ((sk = socket(AF_INET,SOCK_RAW,0)) == -1)
{
CfLog(cferror,"System class: ", CLASSTEXT[VSYSTEMHARDCLASS]);
CfLog(cferror,"","Error in SetDefaultRoute():");
perror("cfengine: socket");
}
else
{
sindst.sin_family = AF_INET;
singw.sin_family = AF_INET;
sindst.sin_addr.s_addr = INADDR_ANY;
singw.sin_addr.s_addr = inet_addr(VDEFAULTROUTE->name);
route.rt_dst = *(struct sockaddr *)&sindst; /* This disgusting method is necessary */
route.rt_gateway = *(struct sockaddr *)&singw;
route.rt_flags = RTF_GATEWAY;
if (! DONTDO)
{
if (ioctl(sk,SIOCADDRT, (caddr_t) &route) == -1) /* Get the device status flags */
{
CfLog(cferror,"Error setting route:","");
perror("cfengine: ioctl SIOCADDRT:");
}
else
{
CfLog(cferror,"Setting default route.\n","");
snprintf(OUTPUT,CF_BUFSIZE*2,"I'm setting it to %s\n",VDEFAULTROUTE->name);
CfLog(cferror,OUTPUT,"");
}
}
}
#else
/* Socket routing - don't really know how to do this yet */
Verbose("Sorry don't know how to do routing on this platform\n");
#endif
}
}
/*
* m_gline
* Add a local user@host ban.
*
* parv[0] = sender
* parv[1] = duration (optional)
* parv[2] = nick or user@host mask
* parv[3] = reason (optional)
*/
int
m_gline(aClient *cptr, aClient *sptr, int parc, char *parv[])
{
char rbuf[512];
char *target;
char *user;
char *host;
char *reason = "<no reason>";
int tgminutes = DEFAULT_GLINE_TIME;
int tgseconds;
long lval;
struct userBan *ban;
struct userBan *existing;
if (!IsPrivileged(sptr))
{
sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
if (parc < 2)
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0],
"gline");
return 0;
}
lval = strtol(parv[1], &target, 10);
if (*target != 0)
{
target = parv[1];
if (parc > 2)
reason = parv[2];
}
else
{
/* valid expiration time */
tgminutes = lval;
if (parc < 3)
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0],
"Gline");
return 0;
}
target = parv[2];
if (parc > 3)
reason = parv[3];
}
/* negative times, or times greater than a year, are permanent */
if (tgminutes < 0 || tgminutes > (365 * 24 * 60))
tgminutes = 0;
tgseconds = tgminutes * 60;
if ((host = strchr(target, '@')))
{
*host++ = 0;
user = target;
}
else
{
user = "******";
host = target;
}
if (!match(user, "akjhfkahfasfjd") &&
!match(host, "ldksjfl.kss...kdjfd.jfklsjf"))
{
sendto_one(sptr, ":%s NOTICE %s :gline: %s@%s mask is too wide",
me.name, parv[0], user, host);
return 0;
}
/*
* XXX: nick target support to be re-added
*/
if (!(ban = make_hostbased_ban(user, host)))
{
sendto_one(sptr, ":%s NOTICE %s :gline: invalid ban mask %s@%s",
me.name, parv[0], user, host);
return 0;
}
ban->flags |= UBAN_GLINE;
/* only looks for duplicate glines, not akills */
if ((existing = find_userban_exact(ban, UBAN_GLINE)))
{
if (!IsServer(sptr))
sendto_one(sptr, ":%s NOTICE %s :gline: %s@%s is already %s: %s",
me.name, parv[0], user, host, NETWORK_GLINE_NAME,
existing->reason ? existing->reason : "<no reason>");
userban_free(ban);
return 0;
}
if (MyClient(sptr) && user_match_ban(sptr, ban))
{
sendto_one(sptr, ":%s NOTICE %s :gline: %s@%s matches you, rejected",
me.name, parv[0], user, host);
userban_free(ban);
return 0;
}
if (!IsServer(sptr))
ircsnprintf(rbuf, sizeof(rbuf), "%s (%s)", reason, smalldate(0));
else
ircsnprintf(rbuf, sizeof(rbuf), "%s", reason);
ban->reason = MyMalloc(strlen(rbuf) + 1);
strcpy(ban->reason, rbuf);
if (tgseconds)
{
ban->flags |= UBAN_TEMPORARY;
ban->timeset = NOW;
ban->duration = tgseconds;
}
add_hostbased_userban(ban);
if (!tgminutes || tgminutes >= GLINE_MIN_STORE_TIME)
glinestore_add(ban);
userban_sweep(ban);
host = get_userban_host(ban, rbuf, sizeof(rbuf));
sendto_serv_butone(MyConnect(sptr) ? NULL : cptr, ":%s GLINE %l %s@%s :%s", sptr->name, tgseconds, user, host, reason);
if (tgminutes)
sendto_realops("%s added temporary %d min. "NETWORK_GLINE_NAME" for"
" [%s@%s] [%s]", parv[0], tgminutes, user, host,
reason);
else
sendto_realops("%s added "NETWORK_GLINE_NAME" for [%s@%s] [%s]", parv[0],
user, host, reason);
return 0;
}
/*
* m_ungline
* Remove a local user@host ban.
*
* parv[0] = sender
* parv[1] = user@host mask
*/
int m_ungline(aClient *cptr, aClient *sptr, int parc, char *parv[])
{
char hbuf[512];
char *user;
char *host;
struct userBan *ban;
struct userBan *existing;
if (!IsPrivileged(sptr))
{
sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
if (parc < 2)
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0],
"UNGline");
return 0;
}
if ((host = strchr(parv[1], '@')))
{
*host++ = 0;
user = parv[1];
}
else
{
user = "******";
host = parv[1];
}
if (!(ban = make_hostbased_ban(user, host)))
{
sendto_one(sptr, ":%s NOTICE %s :UNGline: No such ban %s@%s", me.name,
parv[0], user, host);
return 0;
}
ban->flags |= UBAN_GLINE;
existing = find_userban_exact(ban, UBAN_GLINE);
host = get_userban_host(ban, hbuf, sizeof(hbuf));
userban_free(ban);
if (!existing)
{
sendto_one(sptr, ":%s NOTICE %s :UNGLINE: No such ban %s@%s", me.name,
parv[0], user, host);
return 0;
}
if (existing->flags & UBAN_CONF)
{
sendto_one(sptr, ":%s NOTICE %s :UNGLINE: %s@%s is specified in the"
" configuration file and cannot be removed online", me.name,
parv[0], user, host);
return 0;
}
remove_userban(existing);
glinestore_remove(existing);
userban_free(existing);
sendto_ops("%s has removed the G-Line for: [%s@%s]", sptr->name, user, host);
sendto_serv_butone(MyConnect(sptr) ? NULL : cptr, ":%s UNGLINE %s@%s", sptr->name, user, host);
return 0;
}
/** Handle a CONNECT message from a server.
*
* \a parv has the following elements:
* \li \a parv[1] is the server that should initiate the connection
* \li \a parv[2] is the port number to connect on (zero for the default)
* \li \a parv[3] is the server to connect to
*
* See @ref m_functions for discussion of the arguments.
* @param[in] cptr Client that sent us the message.
* @param[in] sptr Original source of message.
* @param[in] parc Number of arguments.
* @param[in] parv Argument vector.
*/
int ms_connect(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
unsigned short port;
unsigned short tmpport;
const char* rule;
struct ConfItem* aconf;
struct Client* acptr;
struct Jupe* ajupe;
assert(0 != cptr);
assert(0 != sptr);
if (!IsPrivileged(sptr))
return send_reply(sptr, ERR_NOPRIVILEGES);
if (parc < 4) {
/*
* this is coming from a server which should have already
* checked it's args, if we don't have parc == 4, something
* isn't right.
*/
protocol_violation(sptr, "Too few parameters to connect");
return need_more_params(sptr, "CONNECT");
}
if (hunt_server_cmd(sptr, CMD_CONNECT, cptr, 1, "%s %s :%C", 3, parc, parv)
!= HUNTED_ISME)
return 0;
/*
* need to find the conf entry first so we can use the server name from
* the conf entry instead of parv[1] to find out if the server is already
* present below. --Bleep
*/
if (0 == (aconf = conf_find_server(parv[1]))) {
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :Connect: Host %s not listed "
"in ircd.conf", sptr, parv[1]);
return 0;
}
/*
* use aconf->name to look up the server
*/
if ((acptr = FindServer(aconf->name))) {
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :Connect: Server %s already "
"exists from %s", sptr, parv[1], cli_name(cli_from(acptr)));
return 0;
}
/*
* Evaluate connection rules... If no rules found, allow the
* connect. Otherwise stop with the first true rule (ie: rules
* are ored together. Oper connects are effected only by D
* lines (CRULEALL) not d lines (CRULEAUTO).
*/
if ((rule = conf_eval_crule(aconf->name, CRULE_ALL))) {
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :Connect: Disallowed by rule: %s", sptr, rule);
return 0;
}
/*
* Check to see if the server is juped; if it is, disallow the connect
*/
if ((ajupe = jupe_find(aconf->name)) && JupeIsActive(ajupe)) {
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :Connect: Server %s is juped: %s",
sptr, JupeServer(ajupe), JupeReason(ajupe));
return 0;
}
/*
* Allow opers to /connect foo.* 0 bah.* to connect foo and bah
* using the conf's configured port
*/
port = atoi(parv[2]);
/*
* save the old port
*/
tmpport = aconf->address.port;
if (port)
aconf->address.port = port;
else
port = aconf->address.port;
/*
* Notify all operators about remote connect requests
*/
sendwallto_group(&me, WALL_WALLOPS, 0,
"Remote CONNECT %s %s from %s", parv[1],
parv[2] ? parv[2] : "",
get_client_name(sptr, HIDE_IP));
log_write(LS_NETWORK, L_INFO, 0, "CONNECT From %C : %s %s", sptr, parv[1],
parv[2] ? parv[2] : "");
if (connect_server(aconf, sptr)) {
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :*** Connecting to %s.", sptr,
aconf->name);
}
else {
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :*** Connection to %s failed",
sptr, aconf->name);
}
aconf->address.port = tmpport;
return 0;
}
static PromiseResult VerifyMountPromise(EvalContext *ctx, char *name, Attributes a, Promise *pp)
{
char *options;
char dir[CF_BUFSIZE];
int changes = 0;
Log(LOG_LEVEL_VERBOSE, "Verifying mounted file systems on '%s'", name);
snprintf(dir, CF_BUFSIZE, "%s/.", name);
if (!IsPrivileged())
{
cfPS(ctx, LOG_LEVEL_ERR, PROMISE_RESULT_INTERRUPTED, pp, a, "Only root can mount filesystems");
return PROMISE_RESULT_INTERRUPTED;
}
options = Rlist2String(a.mount.mount_options, ",");
PromiseResult result = PROMISE_RESULT_NOOP;
if (!FileSystemMountedCorrectly(GetGlobalMountedFSList(), name, a))
{
if (!a.mount.unmount)
{
if (!MakeParentDirectory(dir, a.move_obstructions))
{
}
if (a.mount.editfstab)
{
changes += VerifyInFstab(ctx, name, a, pp, &result);
}
else
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_FAIL, pp, a,
"Filesystem '%s' was not mounted as promised, and no edits were promised in '%s'", name,
VFSTAB[VSYSTEMHARDCLASS]);
result = PromiseResultUpdate(result, PROMISE_RESULT_FAIL);
// Mount explicitly
result = PromiseResultUpdate(result, VerifyMount(ctx, name, a, pp));
}
}
else
{
if (a.mount.editfstab)
{
changes += VerifyNotInFstab(ctx, name, a, pp, &result);
}
}
if (changes)
{
CF_MOUNTALL = true;
}
}
else
{
if (a.mount.unmount)
{
VerifyUnmount(ctx, name, a, pp);
if (a.mount.editfstab)
{
VerifyNotInFstab(ctx, name, a, pp, &result);
}
}
else
{
cfPS(ctx, LOG_LEVEL_INFO, PROMISE_RESULT_NOOP, pp, a, "Filesystem '%s' seems to be mounted as promised", name);
}
}
free(options);
return result;
}
bool BootstrapAllowed(void)
{
return IsPrivileged();
}
/*
** m_ircops() By Claudio
** Rewritten by HAMLET
** Lists online IRCOps
**
*/
int m_ircops(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct Client *acptr;
char *status;
char buf[BUFSIZE];
int locals = 0, globals = 0;
if (!IRCopsForAll && !IsPrivileged(cptr))
{
sendto_one(sptr, form_str(ERR_NOPRIVILEGES), me.name, parv[0]);
return 0;
}
strcpy(buf, "========================================================================================");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
strcpy(buf, "\2Nick Status Server\2");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
strcpy(buf, "----------------------------------------------------------------------------------------");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
for (acptr = GlobalClientList; acptr; acptr = acptr->next)
{
if (!IsService(acptr) && !IsStealth(acptr) && IsAnOper(acptr)
&& (!IsHideOper(acptr) || IsAnOper(sptr)) ) {
if (!acptr->user) continue;
if (IsTechAdmin(acptr))
status = "Technical Administrator";
else if (IsNetAdmin(acptr))
status = "Network Administrator";
else if (IsSAdmin(acptr))
status = "Services Administrator";
else if (IsAdmin(acptr))
status = "Server Administrator";
else if(IsOper(acptr))
status = "Global IRC Operator";
else
status = "Local IRC Operator";
/* vlinks on /IRCops
* code by openglx
* idea to this by Midnight_Commander
*/
if (acptr->user && acptr->user->vlink)
{
ircsprintf(buf, "\2%-29s\2 %-23s %-6s %s", acptr->name ? acptr->name : "<unknown>", status,
acptr->user->away ? "(AWAY)" : "", acptr->user->vlink->name);
}
else
{
ircsprintf(buf, "\2%-29s\2 %-23s %-6s %s", acptr->name ? acptr->name : "<unknown>", status,
acptr->user->away ? "(AWAY)" : "", acptr->user->server);
}
/* end of the vlink support code */
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], "-");
if (IsOper(acptr)) globals++;
else locals++;
}
}
ircsprintf(buf, "Total: \2%d\2 IRCOp%s connected - \2%d\2 Globa%s, \2%d\2 Loca%s", globals+locals,
(globals+locals) > 1 ? "s" : "",
globals, globals > 1 ? "ls" : "l", locals, locals > 1 ? "ls" : "l");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
strcpy(buf, "========================================================================================");
sendto_one(sptr, form_str(RPL_LISTS), me.name, parv[0], buf);
sendto_one(sptr, form_str(RPL_ENDOFLISTS), me.name, parv[0], "IRCOPS");
return 0;
}
