int secureonly_check_send (aClient *acptr, aChannel* chptr) { if (IsSecureOnly(chptr)) if (!IsSecure(acptr)) return HOOK_DENY; return HOOK_CONTINUE; }
int secureonly_check_sajoin (aClient *acptr, aChannel* chptr, aClient *sptr) { if (IsSecureOnly(chptr) && !IsSecure(acptr)) { sendnotice(sptr, "You cannot SAJOIN %s to %s because the channel is +z and the user is not connected via SSL", acptr->name, chptr->chname); return HOOK_DENY; } return HOOK_CONTINUE; }
QString Plugin::HandleBody (QString body) { QRegExp rx ("\\$\\$.+\\$\\$"); rx.setMinimal (true); int pos = 0; QMap<QString, QString> replaceMap; while (pos >= 0 && pos < body.size ()) { pos = rx.indexIn (body, pos); if (pos < 0) break; const QString& match = rx.cap (0); pos += rx.matchedLength (); QString formula = match; formula.remove ("$$"); formula = formula.trimmed (); if (formula.isEmpty () || !IsSecure (formula)) continue; formula.replace ("<", "<"); formula.replace (">", ">"); formula.replace (""", "\""); formula.replace ("&", "&"); const QImage& rendered = GetRenderedImage (formula); if (rendered.isNull ()) continue; replaceMap [match] = Util::GetAsBase64Src (rendered); } if (replaceMap.isEmpty ()) return body; Q_FOREACH (const QString& key, replaceMap.keys ()) { QString escFormula = key; escFormula.replace ('\"', """); escFormula.remove ("$$"); const QString img = QString ("<img src=\"%1\" alt=\"%2\" style=\"vertical-align: middle;\" />") .arg (replaceMap [key]) .arg (escFormula.trimmed ().simplified ()); body.replace (key, img); } return body; }
DLLFUNC CMD_FUNC(m_starttls) { if (!MyConnect(sptr) || !IsUnknown(sptr)) return 0; #ifndef USE_SSL /* sendnotice(sptr, "This server does not support SSL"); */ /* or numeric 691? */ /* actually... it's probably best to just act like we don't know this command...? */ sendto_one(sptr, err_str(ERR_NOTREGISTERED), me.name, "STARTTLS"); return 0; #else if (iConf.ssl_options & SSLFLAG_NOSTARTTLS) { sendto_one(sptr, err_str(ERR_NOTREGISTERED), me.name, "STARTTLS"); return 0; } if (IsSecure(sptr)) { sendto_one(sptr, err_str(ERR_STARTTLS), me.name, !BadPtr(sptr->name) ? sptr->name : "*", "STARTTLS failed. Already using TLS."); return 0; } dbuf_delete(&sptr->recvQ, 1000000); /* Clear up any remaining plaintext commands */ sendto_one(sptr, rpl_str(RPL_STARTTLS), me.name, !BadPtr(sptr->name) ? sptr->name : "*"); send_queued(sptr); SetSSLStartTLSHandshake(sptr); Debug((DEBUG_DEBUG, "Starting SSL handshake (due to STARTTLS) for %s", sptr->sockhost)); if ((sptr->ssl = SSL_new(ctx_server)) == NULL) goto fail; sptr->flags |= FLAGS_SSL; SSL_set_fd(sptr->ssl, sptr->fd); SSL_set_nonblocking(sptr->ssl); if (!ircd_SSL_accept(sptr, sptr->fd)) { Debug((DEBUG_DEBUG, "Failed SSL accept handshake in instance 1: %s", sptr->sockhost)); SSL_set_shutdown(sptr->ssl, SSL_RECEIVED_SHUTDOWN); SSL_smart_shutdown(sptr->ssl); SSL_free(sptr->ssl); goto fail; } /* HANDSHAKE IN PROGRESS */ return 0; fail: /* Failure */ sendto_one(sptr, err_str(ERR_STARTTLS), me.name, !BadPtr(sptr->name) ? sptr->name : "*", "STARTTLS failed"); sptr->ssl = NULL; sptr->flags &= ~FLAGS_SSL; SetUnknown(sptr); return 0; #endif }
static int do_jumpserver_exit_client(aClient *sptr) { #ifdef USE_SSL if (IsSecure(sptr) && jss->ssl_server) sendto_one(sptr, rpl_str(RPL_REDIR), me.name, BadPtr(sptr->name) ? "*" : sptr->name, jss->ssl_server, jss->ssl_port); else #endif sendto_one(sptr, rpl_str(RPL_REDIR), me.name, BadPtr(sptr->name) ? "*" : sptr->name, jss->server, jss->port); return exit_client(sptr, sptr, sptr, jss->reason); }
NS_IMETHODIMP nsDOMStorageItem::GetSecure(PRBool* aSecure) { if (!mStorage->CacheStoragePermissions() || !IsCallerSecure()) { return NS_ERROR_DOM_INVALID_ACCESS_ERR; } if (mStorage->UseDB()) { nsAutoString value; return mStorage->GetDBValue(mKey, value, aSecure); } *aSecure = IsSecure(); return NS_OK; }
template<class T, USHORT default_port> BOOL CHttpAgentT<T, default_port>::StartHttp(TSocketObj* pSocketObj) { if(!pSocketObj->HasConnected()) { ::SetLastError(ERROR_INVALID_STATE); return FALSE; } CCriSecLock locallock(pSocketObj->csSend); if(!TSocketObj::IsValid(pSocketObj)) { ::SetLastError(ERROR_OBJECT_NOT_FOUND); return FALSE; } if(!pSocketObj->HasConnected()) { ::SetLastError(ERROR_INVALID_STATE); return FALSE; } THttpObj* pHttpObj = FindHttpObj(pSocketObj); if(pHttpObj != nullptr) { ::SetLastError(ERROR_ALREADY_INITIALIZED); return FALSE; } DoStartHttp(pSocketObj); if(!IsSecure()) FireHandShake(pSocketObj); else { #ifdef _SSL_SUPPORT if(IsSSLAutoHandShake()) StartSSLHandShake(pSocketObj); #endif } return TRUE; }
/* * deliver_it * Attempt to send a sequence of bytes to the connection. * Returns * * < 0 Some fatal error occurred, (but not EWOULDBLOCK). * This return is a request to close the socket and * clean up the link. * * >= 0 No real error occurred, returns the number of * bytes actually transferred. EWOULDBLOCK and other * possibly similar conditions should be mapped to * zero return. Upper level routine will have to * decide what to do with those unwritten bytes... * * *NOTE* alarm calls have been preserved, so this should * work equally well whether blocking or non-blocking * mode is used... */ int deliver_it(aClient* cptr, const char* str, int len) { int retval; #ifdef HAVE_SSL if(IsSecure(cptr)) retval = ircd_SSL_write(cptr, str, len); else retval = send(cptr->fd, str, len,0); #else retval = send(cptr->fd, str, len,0); #endif /* ** Convert WOULDBLOCK to a return of "0 bytes moved". This ** should occur only if socket was non-blocking. Note, that ** all is Ok, if the 'write' just returns '0' instead of an ** error and errno=EWOULDBLOCK. ** */ if (retval < 0 && (errno == EWOULDBLOCK || errno == EAGAIN || errno == ENOBUFS)) { retval = 0; cptr->flags |= FLAGS_BLOCKED; return(retval); /* Just get out now... */ } else if (retval > 0) { cptr->flags &= ~FLAGS_BLOCKED; } if (retval > 0) { cptr->sendB += retval; me.sendB += retval; if (cptr->sendB > 1023) { cptr->sendK += (cptr->sendB >> 10); cptr->sendB &= 0x03ff; /* 2^10 = 1024, 3ff = 1023 */ }
NS_IMETHODIMP nsDOMStorageItem::GetValue(nsAString& aValue) { if (!mStorage->CacheStoragePermissions()) return NS_ERROR_DOM_INVALID_ACCESS_ERR; if (mStorage->UseDB()) { // GetDBValue checks the secure state so no need to do it here PRBool secure; nsresult rv = mStorage->GetDBValue(mKey, aValue, &secure); if (rv == NS_ERROR_DOM_NOT_FOUND_ERR) return NS_OK; return rv; } if (IsSecure() && !IsCallerSecure()) { return NS_ERROR_DOM_SECURITY_ERR; } aValue = mValue; return NS_OK; }
NS_IMETHODIMP nsDOMStorageItem::SetValue(const nsAString& aValue) { if (!mStorage->CacheStoragePermissions()) return NS_ERROR_DOM_INVALID_ACCESS_ERR; PRBool secureCaller = IsCallerSecure(); if (mStorage->UseDB()) { // SetDBValue() does the security checks for us. return mStorage->SetDBValue(mKey, aValue, secureCaller); } PRBool secureItem = IsSecure(); if (!secureCaller && secureItem) { // The item is secure, but the caller isn't. Throw. return NS_ERROR_DOM_SECURITY_ERR; } mValue = aValue; mSecure = secureCaller; return NS_OK; }
NS_IMETHODIMP nsCookie::GetIsSecure(bool *aIsSecure) { *aIsSecure = IsSecure(); return NS_OK; }
/* m_sajoin() - Lamego - Wed Jul 21 20:04:48 1999 Copied off PTlink IRCd (C) PTlink coders team. Coded for Sadmin by Stskeeps also Modified by NiQuiL ([email protected]) parv[0] - sender parv[1] - nick to make join parv[2] - channel(s) to join */ DLLFUNC CMD_FUNC(m_sajoin) { aClient *acptr; char jbuf[BUFSIZE]; int did_anything = 0; if (!IsSAdmin(sptr) && !IsULine(sptr)) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, parv[0]); return 0; } if (parc < 3) { sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "SAJOIN"); return 0; } if (!(acptr = find_person(parv[1], NULL))) { sendto_one(sptr, err_str(ERR_NOSUCHNICK), me.name, parv[0], parv[1]); return 0; } if (MyClient(acptr)) { char *name, *p = NULL; int i, parted = 0; *jbuf = 0; /* Now works like m_join */ for (i = 0, name = strtoken(&p, parv[2], ","); name; name = strtoken(&p, NULL, ",")) { aChannel *chptr; Membership *lp; if (strlen(name) > CHANNELLEN) name[CHANNELLEN] = 0; clean_channelname(name); if (*name == '0' && !atoi(name)) { (void)strcpy(jbuf, "0"); i = 1; parted = 1; continue; } if (check_channelmask(sptr, cptr, name) == -1 || *name == '0' || !IsChannelName(name)) { sendto_one(sptr, err_str(ERR_NOSUCHCHANNEL), me.name, parv[0], name); continue; } chptr = get_channel(acptr, name, 0); if (!parted && chptr && (lp = find_membership_link(acptr->user->channel, chptr))) { sendto_one(sptr, err_str(ERR_USERONCHANNEL), me.name, parv[0], parv[1], name); continue; } if (*jbuf) (void)strlcat(jbuf, ",", sizeof jbuf); (void)strlncat(jbuf, name, sizeof jbuf, sizeof(jbuf) - i - 1); i += strlen(name) + 1; } if (!*jbuf) return -1; i = 0; strcpy(parv[2], jbuf); *jbuf = 0; for (name = strtoken(&p, parv[2], ","); name; name = strtoken(&p, NULL, ",")) { int flags; aChannel *chptr; Membership *lp; if (*name == '0' && !atoi(name)) { did_anything = 1; while ((lp = acptr->user->channel)) { chptr = lp->chptr; sendto_channel_butserv(chptr, acptr, ":%s PART %s :%s", acptr->name, chptr->chname, "Left all channels"); if (MyConnect(acptr)) RunHook4(HOOKTYPE_LOCAL_PART, acptr, acptr, chptr, "Left all channels"); remove_user_from_channel(acptr, chptr); } sendto_serv_butone_token(acptr, acptr->name, MSG_JOIN, TOK_JOIN, "0"); strcpy(jbuf, "0"); i = 1; continue; } flags = (ChannelExists(name)) ? CHFL_DEOPPED : CHFL_CHANOP; chptr = get_channel(acptr, name, CREATE); if (chptr && (lp = find_membership_link(acptr->user->channel, chptr))) continue; if ((chptr->mode.mode & MODE_ONLYSECURE) && !IsSecure(acptr)) { sendnotice(sptr, "You cannot SAJOIN %s to %s because the channel is +z and the user is not connected via SSL", acptr->name, chptr->chname); continue; } join_channel(chptr, acptr, acptr, flags); did_anything = 1; if (*jbuf) (void)strlcat(jbuf, ",", sizeof jbuf); (void)strlncat(jbuf, name, sizeof jbuf, sizeof(jbuf) - i - 1); i += strlen(name) + 1; } if (did_anything) { sendnotice(acptr, "*** You were forced to join %s", jbuf); sendto_realops("%s used SAJOIN to make %s join %s", sptr->name, acptr->name, jbuf); sendto_serv_butone(&me, ":%s GLOBOPS :%s used SAJOIN to make %s join %s", me.name, sptr->name, acptr->name, jbuf); /* Logging function added by XeRXeS */ ircd_log(LOG_SACMDS,"SAJOIN: %s used SAJOIN to make %s join %s", sptr->name, parv[1], jbuf); } } else { sendto_one(acptr, ":%s SAJOIN %s %s", parv[0], parv[1], parv[2]); /* Logging function added by XeRXeS */ ircd_log(LOG_SACMDS,"SAJOIN: %s used SAJOIN to make %s join %s", sptr->name, parv[1], parv[2]); } return 0; }