int secureonly_check_send (aClient *acptr, aChannel* chptr)
{
if (IsSecureOnly(chptr))
if (!IsSecure(acptr))
return HOOK_DENY;
return HOOK_CONTINUE;
}
int secureonly_check_sajoin (aClient *acptr, aChannel* chptr, aClient *sptr)
{
if (IsSecureOnly(chptr) && !IsSecure(acptr))
{
sendnotice(sptr, "You cannot SAJOIN %s to %s because the channel is +z and the user is not connected via SSL",
acptr->name, chptr->chname);
return HOOK_DENY;
}
return HOOK_CONTINUE;
}
QString Plugin::HandleBody (QString body)
{
QRegExp rx ("\\$\\$.+\\$\\$");
rx.setMinimal (true);
int pos = 0;
QMap<QString, QString> replaceMap;
while (pos >= 0 && pos < body.size ())
{
pos = rx.indexIn (body, pos);
if (pos < 0)
break;
const QString& match = rx.cap (0);
pos += rx.matchedLength ();
QString formula = match;
formula.remove ("$$");
formula = formula.trimmed ();
if (formula.isEmpty () || !IsSecure (formula))
continue;
formula.replace ("<", "<");
formula.replace (">", ">");
formula.replace (""", "\"");
formula.replace ("&", "&");
const QImage& rendered = GetRenderedImage (formula);
if (rendered.isNull ())
continue;
replaceMap [match] = Util::GetAsBase64Src (rendered);
}
if (replaceMap.isEmpty ())
return body;
Q_FOREACH (const QString& key, replaceMap.keys ())
{
QString escFormula = key;
escFormula.replace ('\"', """);
escFormula.remove ("$$");
const QString img = QString ("<img src=\"%1\" alt=\"%2\" style=\"vertical-align: middle;\" />")
.arg (replaceMap [key])
.arg (escFormula.trimmed ().simplified ());
body.replace (key, img);
}
return body;
}
DLLFUNC CMD_FUNC(m_starttls)
{
if (!MyConnect(sptr) || !IsUnknown(sptr))
return 0;
#ifndef USE_SSL
/* sendnotice(sptr, "This server does not support SSL"); */
/* or numeric 691? */
/* actually... it's probably best to just act like we don't know this command...? */
sendto_one(sptr, err_str(ERR_NOTREGISTERED), me.name, "STARTTLS");
return 0;
#else
if (iConf.ssl_options & SSLFLAG_NOSTARTTLS)
{
sendto_one(sptr, err_str(ERR_NOTREGISTERED), me.name, "STARTTLS");
return 0;
}
if (IsSecure(sptr))
{
sendto_one(sptr, err_str(ERR_STARTTLS), me.name, !BadPtr(sptr->name) ? sptr->name : "*", "STARTTLS failed. Already using TLS.");
return 0;
}
dbuf_delete(&sptr->recvQ, 1000000); /* Clear up any remaining plaintext commands */
sendto_one(sptr, rpl_str(RPL_STARTTLS), me.name, !BadPtr(sptr->name) ? sptr->name : "*");
send_queued(sptr);
SetSSLStartTLSHandshake(sptr);
Debug((DEBUG_DEBUG, "Starting SSL handshake (due to STARTTLS) for %s", sptr->sockhost));
if ((sptr->ssl = SSL_new(ctx_server)) == NULL)
goto fail;
sptr->flags |= FLAGS_SSL;
SSL_set_fd(sptr->ssl, sptr->fd);
SSL_set_nonblocking(sptr->ssl);
if (!ircd_SSL_accept(sptr, sptr->fd)) {
Debug((DEBUG_DEBUG, "Failed SSL accept handshake in instance 1: %s", sptr->sockhost));
SSL_set_shutdown(sptr->ssl, SSL_RECEIVED_SHUTDOWN);
SSL_smart_shutdown(sptr->ssl);
SSL_free(sptr->ssl);
goto fail;
}
/* HANDSHAKE IN PROGRESS */
return 0;
fail:
/* Failure */
sendto_one(sptr, err_str(ERR_STARTTLS), me.name, !BadPtr(sptr->name) ? sptr->name : "*", "STARTTLS failed");
sptr->ssl = NULL;
sptr->flags &= ~FLAGS_SSL;
SetUnknown(sptr);
return 0;
#endif
}
static int do_jumpserver_exit_client(aClient *sptr)
{
#ifdef USE_SSL
if (IsSecure(sptr) && jss->ssl_server)
sendto_one(sptr, rpl_str(RPL_REDIR), me.name,
BadPtr(sptr->name) ? "*" : sptr->name,
jss->ssl_server, jss->ssl_port);
else
#endif
sendto_one(sptr, rpl_str(RPL_REDIR), me.name,
BadPtr(sptr->name) ? "*" : sptr->name,
jss->server, jss->port);
return exit_client(sptr, sptr, sptr, jss->reason);
}
NS_IMETHODIMP
nsDOMStorageItem::GetSecure(PRBool* aSecure)
{
if (!mStorage->CacheStoragePermissions() || !IsCallerSecure()) {
return NS_ERROR_DOM_INVALID_ACCESS_ERR;
}
if (mStorage->UseDB()) {
nsAutoString value;
return mStorage->GetDBValue(mKey, value, aSecure);
}
*aSecure = IsSecure();
return NS_OK;
}
template<class T, USHORT default_port> BOOL CHttpAgentT<T, default_port>::StartHttp(TSocketObj* pSocketObj)
{
if(!pSocketObj->HasConnected())
{
::SetLastError(ERROR_INVALID_STATE);
return FALSE;
}
CCriSecLock locallock(pSocketObj->csSend);
if(!TSocketObj::IsValid(pSocketObj))
{
::SetLastError(ERROR_OBJECT_NOT_FOUND);
return FALSE;
}
if(!pSocketObj->HasConnected())
{
::SetLastError(ERROR_INVALID_STATE);
return FALSE;
}
THttpObj* pHttpObj = FindHttpObj(pSocketObj);
if(pHttpObj != nullptr)
{
::SetLastError(ERROR_ALREADY_INITIALIZED);
return FALSE;
}
DoStartHttp(pSocketObj);
if(!IsSecure())
FireHandShake(pSocketObj);
else
{
#ifdef _SSL_SUPPORT
if(IsSSLAutoHandShake())
StartSSLHandShake(pSocketObj);
#endif
}
return TRUE;
}
/*
* deliver_it
* Attempt to send a sequence of bytes to the connection.
* Returns
*
* < 0 Some fatal error occurred, (but not EWOULDBLOCK).
* This return is a request to close the socket and
* clean up the link.
*
* >= 0 No real error occurred, returns the number of
* bytes actually transferred. EWOULDBLOCK and other
* possibly similar conditions should be mapped to
* zero return. Upper level routine will have to
* decide what to do with those unwritten bytes...
*
* *NOTE* alarm calls have been preserved, so this should
* work equally well whether blocking or non-blocking
* mode is used...
*/
int deliver_it(aClient* cptr, const char* str, int len)
{
int retval;
#ifdef HAVE_SSL
if(IsSecure(cptr))
retval = ircd_SSL_write(cptr, str, len);
else
retval = send(cptr->fd, str, len,0);
#else
retval = send(cptr->fd, str, len,0);
#endif
/*
** Convert WOULDBLOCK to a return of "0 bytes moved". This
** should occur only if socket was non-blocking. Note, that
** all is Ok, if the 'write' just returns '0' instead of an
** error and errno=EWOULDBLOCK.
**
*/
if (retval < 0 && (errno == EWOULDBLOCK || errno == EAGAIN ||
errno == ENOBUFS))
{
retval = 0;
cptr->flags |= FLAGS_BLOCKED;
return(retval); /* Just get out now... */
}
else if (retval > 0)
{
cptr->flags &= ~FLAGS_BLOCKED;
}
if (retval > 0)
{
cptr->sendB += retval;
me.sendB += retval;
if (cptr->sendB > 1023)
{
cptr->sendK += (cptr->sendB >> 10);
cptr->sendB &= 0x03ff; /* 2^10 = 1024, 3ff = 1023 */
}
NS_IMETHODIMP
nsDOMStorageItem::GetValue(nsAString& aValue)
{
if (!mStorage->CacheStoragePermissions())
return NS_ERROR_DOM_INVALID_ACCESS_ERR;
if (mStorage->UseDB()) {
// GetDBValue checks the secure state so no need to do it here
PRBool secure;
nsresult rv = mStorage->GetDBValue(mKey, aValue, &secure);
if (rv == NS_ERROR_DOM_NOT_FOUND_ERR)
return NS_OK;
return rv;
}
if (IsSecure() && !IsCallerSecure()) {
return NS_ERROR_DOM_SECURITY_ERR;
}
aValue = mValue;
return NS_OK;
}
NS_IMETHODIMP
nsDOMStorageItem::SetValue(const nsAString& aValue)
{
if (!mStorage->CacheStoragePermissions())
return NS_ERROR_DOM_INVALID_ACCESS_ERR;
PRBool secureCaller = IsCallerSecure();
if (mStorage->UseDB()) {
// SetDBValue() does the security checks for us.
return mStorage->SetDBValue(mKey, aValue, secureCaller);
}
PRBool secureItem = IsSecure();
if (!secureCaller && secureItem) {
// The item is secure, but the caller isn't. Throw.
return NS_ERROR_DOM_SECURITY_ERR;
}
mValue = aValue;
mSecure = secureCaller;
return NS_OK;
}
NS_IMETHODIMP nsCookie::GetIsSecure(bool *aIsSecure) { *aIsSecure = IsSecure(); return NS_OK; }
/* m_sajoin() - Lamego - Wed Jul 21 20:04:48 1999 Copied off PTlink IRCd (C) PTlink coders team. Coded for Sadmin by Stskeeps also Modified by NiQuiL ([email protected]) parv[0] - sender parv[1] - nick to make join parv[2] - channel(s) to join */ DLLFUNC CMD_FUNC(m_sajoin) { aClient *acptr; char jbuf[BUFSIZE]; int did_anything = 0; if (!IsSAdmin(sptr) && !IsULine(sptr)) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (parc < 3) { sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "SAJOIN"); return 0; } if (!(acptr = find_person(parv[1], NULL))) { sendto_one(sptr, err_str(ERR_NOSUCHNICK), me.name, parv[0], parv[1]); return 0; } if (MyClient(acptr)) { char *name, *p = NULL; int i, parted = 0; *jbuf = 0; /* Now works like m_join */ for (i = 0, name = strtoken(&p, parv[2], ","); name; name = strtoken(&p, NULL, ",")) { aChannel *chptr; Membership *lp; if (strlen(name) > CHANNELLEN) name[CHANNELLEN] = 0; clean_channelname(name); if (*name == '0' && !atoi(name)) { (void)strcpy(jbuf, "0"); i = 1; parted = 1; continue; } if (check_channelmask(sptr, cptr, name) == -1 || *name == '0' || !IsChannelName(name)) { sendto_one(sptr, err_str(ERR_NOSUCHCHANNEL), me.name, parv[0], name); continue; } chptr = get_channel(acptr, name, 0); if (!parted && chptr && (lp = find_membership_link(acptr->user->channel, chptr))) { sendto_one(sptr, err_str(ERR_USERONCHANNEL), me.name, parv[0], parv[1], name); continue; } if (*jbuf) (void)strlcat(jbuf, ",", sizeof jbuf); (void)strlncat(jbuf, name, sizeof jbuf, sizeof(jbuf) - i - 1); i += strlen(name) + 1; } if (!*jbuf) return -1; i = 0; strcpy(parv[2], jbuf); *jbuf = 0; for (name = strtoken(&p, parv[2], ","); name; name = strtoken(&p, NULL, ",")) { int flags; aChannel *chptr; Membership *lp; if (*name == '0' && !atoi(name)) { did_anything = 1; while ((lp = acptr->user->channel)) { chptr = lp->chptr; sendto_channel_butserv(chptr, acptr, ":%s PART %s :%s", acptr->name, chptr->chname, "Left all channels"); if (MyConnect(acptr)) RunHook4(HOOKTYPE_LOCAL_PART, acptr, acptr, chptr, "Left all channels"); remove_user_from_channel(acptr, chptr); } sendto_serv_butone_token(acptr, acptr->name, MSG_JOIN, TOK_JOIN, "0"); strcpy(jbuf, "0"); i = 1; continue; } flags = (ChannelExists(name)) ? CHFL_DEOPPED : CHFL_CHANOP; chptr = get_channel(acptr, name, CREATE); if (chptr && (lp = find_membership_link(acptr->user->channel, chptr))) continue; if ((chptr->mode.mode & MODE_ONLYSECURE) && !IsSecure(acptr)) { sendnotice(sptr, "You cannot SAJOIN %s to %s because the channel is +z and the user is not connected via SSL", acptr->name, chptr->chname); continue; } join_channel(chptr, acptr, acptr, flags); did_anything = 1; if (*jbuf) (void)strlcat(jbuf, ",", sizeof jbuf); (void)strlncat(jbuf, name, sizeof jbuf, sizeof(jbuf) - i - 1); i += strlen(name) + 1; } if (did_anything) { sendnotice(acptr, "*** You were forced to join %s", jbuf); sendto_realops("%s used SAJOIN to make %s join %s", sptr->name, acptr->name, jbuf); sendto_serv_butone(&me, ":%s GLOBOPS :%s used SAJOIN to make %s join %s", me.name, sptr->name, acptr->name, jbuf); /* Logging function added by XeRXeS */ ircd_log(LOG_SACMDS,"SAJOIN: %s used SAJOIN to make %s join %s", sptr->name, parv[1], jbuf); } } else { sendto_one(acptr, ":%s SAJOIN %s %s", parv[0], parv[1], parv[2]); /* Logging function added by XeRXeS */ ircd_log(LOG_SACMDS,"SAJOIN: %s used SAJOIN to make %s join %s", sptr->name, parv[1], parv[2]); } return 0; }
