/** Count number of users who match \a mask. * @param[in] mask ip mask to check. * @param[in] flags Bitmask possibly containing the value ZLINE_LOCAL, to limit searches to this server. * @return Count of matching users. */ static int count_users(char *mask, int flags) { struct irc_in_addr ipmask; struct Client *acptr; int count = 0; int ipmask_valid; char ipbuf[SOCKIPLEN + 2]; unsigned char ipmask_len; ipmask_valid = ipmask_parse(mask, &ipmask, &ipmask_len); for (acptr = GlobalClientList; acptr; acptr = cli_next(acptr)) { if (!IsUser(acptr)) continue; if ((flags & ZLINE_LOCAL) && !MyConnect(acptr)) continue; ircd_snprintf(0, ipbuf, sizeof(ipbuf), "%s", ircd_ntoa(&cli_ip(acptr))); if (!match(mask, ipbuf) || (ipmask_valid && ipmask_check(&cli_ip(acptr), &ipmask, ipmask_len) && (irc_in_addr_type_cmp(&cli_ip(acptr), &ipmask) && ipmask_len))) count++; } return count; }
void start_auth(struct Client* client) { struct AuthRequest* auth = 0; assert(0 != client); if (conf_check_slines(client)) { sendheader(client, REPORT_USING_SLINE); SetSLined(client); release_auth_client(client); return; } auth = make_auth_request(client); assert(0 != auth); Debug((DEBUG_INFO, "Beginning auth request on client %p", client)); if (!feature_bool(FEAT_NODNS)) { if (LOOPBACK == inet_netof(cli_ip(client))) strcpy(cli_sockhost(client), cli_name(&me)); else { struct DNSQuery query; query.vptr = auth; query.callback = auth_dns_callback; if (IsUserPort(auth->client)) sendheader(client, REPORT_DO_DNS); cli_dns_reply(client) = gethost_byaddr((const char*) &(cli_ip(client)), &query); if (cli_dns_reply(client)) { ++(cli_dns_reply(client))->ref_count; ircd_strncpy(cli_sockhost(client), cli_dns_reply(client)->hp->h_name, HOSTLEN); if (IsUserPort(auth->client)) sendheader(client, REPORT_FIN_DNSC); Debug((DEBUG_LIST, "DNS entry for %p was cached", auth->client)); } else SetDNSPending(auth); } } if (start_auth_query(auth)) { Debug((DEBUG_LIST, "identd query for %p initiated successfully", auth->client)); link_auth_request(auth, &AuthPollList); } else if (IsDNSPending(auth)) { Debug((DEBUG_LIST, "identd query for %p not initiated successfully; " "waiting on DNS", auth->client)); link_auth_request(auth, &AuthIncompleteList); } else { Debug((DEBUG_LIST, "identd query for %p not initiated successfully; " "no DNS pending; releasing immediately", auth->client)); free_auth_request(auth); release_auth_client(client); } }
/** Find a matching Z-line for a user. * @param[in] cptr Client to compare against. * @param[in] flags Bitwise combination of ZLINE_GLOBAL and/or * ZLINE_LASTMOD to limit matches. * @return Matching Z-line, or NULL if none are found. */ struct Zline * zline_lookup(struct Client *cptr, unsigned int flags) { struct Zline *zline; struct Zline *szline; if (find_except_conf(cptr, EFLAG_ZLINE)) return 0; zliter(GlobalZlineList, zline, szline) { if ((flags & ZLINE_GLOBAL && zline->zl_flags & ZLINE_LOCAL) || (flags & ZLINE_LASTMOD && !zline->zl_lastmod)) continue; if (ZlineIsIpMask(zline)) { if (!irc_in_addr_type_cmp(&cli_ip(cptr), &zline->zl_addr) && zline->zl_bits) continue; if (!ipmask_check(&cli_ip(cptr), &zline->zl_addr, zline->zl_bits)) continue; } else { if (match(zline->zl_mask, cli_sock_ip(cptr)) != 0) continue; } if (ZlineIsActive(zline)) return zline; } /* * No Zlines matched */ return 0; }
/** Check local clients against a new Z-line. * If the Z-line is inactive, return immediately. * Otherwise, if any users match it, disconnect them. * @param[in] cptr Peer connect that sent the Z-line. * @param[in] sptr Client that originated the Z-line. * @param[in] zline New Z-line to check. * @return Zero, unless \a sptr Z-lined himself, in which case CPTR_KILLED. */ static int do_zline(struct Client *cptr, struct Client *sptr, struct Zline *zline) { struct Client *acptr; int fd, retval = 0, tval; if (feature_bool(FEAT_DISABLE_ZLINES)) return 0; /* Z-lines are disabled */ if (!ZlineIsActive(zline)) /* no action taken on inactive zlines */ return 0; for (fd = HighestFd; fd >= 0; --fd) { /* * get the users! */ if ((acptr = LocalClientArray[fd])) { if (!cli_user(acptr)) continue; if (find_except_conf(acptr, EFLAG_ZLINE)) continue; /* IP zline */ if (ZlineIsIpMask(zline)) { if (!irc_in_addr_type_cmp(&cli_ip(acptr), &zline->zl_addr) && zline->zl_bits) continue; if (!ipmask_check(&cli_ip(acptr), &zline->zl_addr, zline->zl_bits)) continue; } else { if (match(zline->zl_mask, cli_sock_ip(acptr)) != 0) continue; } /* ok, here's one that got Z-lined */ send_reply(acptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, ":%s", zline->zl_reason); /* let the ops know about it */ sendto_opmask_butone_global(&me, SNO_GLINE, "Z-line active for %s", get_client_name(acptr, SHOW_IP)); /* and get rid of him */ if ((tval = exit_client_msg(cptr, acptr, &me, "Z-lined%s%s%s", (!feature_bool(FEAT_HIS_ZLINE_REASON) ? " (" : ""), (!feature_bool(FEAT_HIS_ZLINE_REASON) ? zline->zl_reason : ""), (!feature_bool(FEAT_HIS_ZLINE_REASON) ? ")" : "")))) retval = tval; /* retain killed status */ } } return retval; }
/** Find a ConfItem that has the same name and user+host fields as * specified. Requires an exact match for \a name. * @param name Name to match * @param cptr Client to match against * @param statmask Filter for ConfItem::status * @return First found matching ConfItem. */ struct ConfItem* find_conf_exact(const char* name, struct Client *cptr, int statmask) { struct ConfItem *tmp; for (tmp = GlobalConfList; tmp; tmp = tmp->next) { if (!(tmp->status & statmask) || !tmp->name || !tmp->host || 0 != ircd_strcmp(tmp->name, name)) continue; if (tmp->username && (EmptyString(cli_username(cptr)) || match(tmp->username, cli_username(cptr)))) continue; if (tmp->addrbits < 0) { if (match(tmp->host, cli_sockhost(cptr))) continue; } else if (!ipmask_check(&cli_ip(cptr), &tmp->address.addr, tmp->addrbits)) continue; if ((tmp->status & CONF_OPERATOR) && (MaxLinks(tmp->conn_class) > 0) && (tmp->clients >= MaxLinks(tmp->conn_class))) continue; return tmp; } return 0; }
/** Find Except configuration for \a cptr with flags matching \a flags * @param[in] cptr Client to match an Except configuration against. * @param[in] mask Bitmask of EFLAG_* flags to test for exemption. * @return -1 if an exception was found, 0 otherwise. */ int find_except_conf(struct Client *cptr, int flags) { struct ExceptConf *econf; if (flags & EFLAG_IPCHECK) { if (IsIPCheckExempt(cptr)) return -1; if (IsNotIPCheckExempt(cptr)) return 0; } for(econf = exceptConfList; econf; econf = econf->next) { if (!(econf->flags & flags)) continue; if (econf->usermask && match(econf->usermask, cli_username(cptr))) continue; if (econf->bits > 0) { if (!ipmask_check(&cli_ip(cptr), &econf->address, econf->bits)) continue; } else if (econf->hostmask && match(econf->hostmask, cli_sockhost(cptr))) continue; if (econf->flags & EFLAG_IPCHECK) SetIPCheckExempt(cptr); return -1; } if (flags & EFLAG_IPCHECK) SetNotIPCheckExempt(cptr); return 0; }
/** Find Spoofhost configuration for \a cptr with spoof host matching host and * a password matching \a passwd * @param[in] cptr Client to match Spoofhost configuration against. * @param[in] host Spoofhost host to look for, if NULL look for an autoapply Spoofhost. * @param[in] passwd Password to compare against Spoofhost configuration. * @param[out] status 0 for Success, 1 for invalid password and 2 for no Spoofhost configuration. * @return SHostConf struct of matching Spoofhost configuration or 0 on error. */ struct SHostConf* find_shost_conf(struct Client *cptr, char *host, char *passwd, int *status) { struct SHostConf* sconf; char *crypted; int res = 0; *status = 2; for(sconf = shostConfList; sconf; sconf = sconf->next) { if ((host == NULL) && !(sconf->flags & SHFLAG_AUTOAPPLY)) continue; if (host != NULL) { if (!(sconf->flags & SHFLAG_ISMASK) && strcmp(sconf->spoofhost, host)) continue; if ((sconf->flags & SHFLAG_ISMASK) && match(sconf->spoofhost, host)) continue; } if (sconf->usermask) { if (match(sconf->usermask, cli_username(cptr)) && !((sconf->flags & SHFLAG_MATCHUSER) && !match(sconf->usermask, cli_user(cptr)->username))) continue; } if (sconf->bits > 0) { if (!ipmask_check(&cli_ip(cptr), &sconf->address, sconf->bits)) continue; } else if (sconf->hostmask && match(sconf->hostmask, cli_sockhost(cptr))) continue; *status = 1; res = 0; if ((host == NULL) && (sconf->flags & SHFLAG_AUTOAPPLY)) { *status = 0; return sconf; } if (EmptyString(passwd) && !EmptyString(sconf->passwd)) continue; if (!EmptyString(passwd) && EmptyString(sconf->passwd)) continue; if (!EmptyString(passwd) && !EmptyString(sconf->passwd)) { crypted = ircd_crypt(passwd, sconf->passwd); if (!crypted) continue; res = strcmp(crypted, sconf->passwd); MyFree(crypted); } if (0 == res) { *status = 0; return sconf; } } return 0; }
/** Check whether a connection from a remote client should be allowed. * This is much more relaxed than ip_registry_check_local(): The only * cause for rejection is when the IPRegistryEntry::connected counter * would overflow. * @param[in] cptr Client that has connected. * @param[in] is_burst Non-zero if client was introduced during a burst. * @return Non-zero if the client should be accepted, zero if they must be killed. */ int ip_registry_check_remote(struct Client* cptr, int is_burst) { struct IPRegistryEntry* entry; /* * Mark that we did add/update an IPregistry entry */ SetIPChecked(cptr); if (!irc_in_addr_valid(&cli_ip(cptr))) { Debug((DEBUG_DNS, "IPcheck accepting remote connection from invalid %s.", ircd_ntoa(&cli_ip(cptr)))); return 1; } entry = ip_registry_find(&cli_ip(cptr)); if (0 == entry) { entry = ip_registry_new_entry(); ip_registry_canonicalize(&entry->addr, &cli_ip(cptr)); if (is_burst) entry->attempts = 0; ip_registry_add(entry); Debug((DEBUG_DNS, "IPcheck added new registry for remote connection from %s.", ircd_ntoa(&entry->addr))); return 1; } /* Avoid overflowing the connection counter. */ if (0 == ++entry->connected) { Debug((DEBUG_DNS, "IPcheck refusing remote connection from %s: counter overflow.", ircd_ntoa(&entry->addr))); return 0; } if (CONNECTED_SINCE(entry->last_connect) > IPCHECK_CLONE_PERIOD) entry->attempts = 0; if (!is_burst) { if (0 == ++entry->attempts) { /* * Check for overflow */ --entry->attempts; } ip_registry_update_free_targets(entry); entry->last_connect = NOW; } Debug((DEBUG_DNS, "IPcheck counting remote connection from %s.", ircd_ntoa(&entry->addr))); return 1; }
/** Apply GeoIP country data to a client. * @param[in] cptr Client to apply GeoIP country data to. */ void geoip_apply(struct Client* cptr) { #ifdef USE_GEOIP int gcid = 0; #endif /* USE_GEOIP */ #ifdef USE_GEOIP_GL GeoIPLookup gl; #endif /* USE_GEOIP_GL */ if (!feature_bool(FEAT_GEOIP_ENABLE)) return; if (!(cptr)) return; #ifdef USE_GEOIP if (irc_in_addr_is_ipv4(&cli_ip(cptr))) { /* User is IPv4 so use gi4. */ if (gi4 != NULL) #ifdef USE_GEOIP_GL gcid = GeoIP_id_by_addr_gl(gi4, cli_sock_ip(cptr), &gl); #else gcid = GeoIP_id_by_addr(gi4, cli_sock_ip(cptr)); #endif /* USE_GEOIP_GL */ } else { /* User is IPv6 so use gi6. */ if (gi6 != NULL) #ifdef USE_GEOIP_GL gcid = GeoIP_id_by_addr_v6_gl(gi6, cli_sock_ip(cptr), &gl); #else gcid = GeoIP_id_by_addr_v6(gi6, cli_sock_ip(cptr)); #endif /* USE_GEOIP_GL */ } #endif /* USE_GEOIP */ #ifdef USE_GEOIP if (gcid == 0) { #endif /* USE_GEOIP */ ircd_strncpy((char *)&cli_countrycode(cptr), "--", 3); ircd_strncpy((char *)&cli_countryname(cptr), "Unknown", 8); ircd_strncpy((char *)&cli_continentcode(cptr), "--", 3); ircd_strncpy((char *)&cli_continentname(cptr), "Unknown", 8); #ifdef USE_GEOIP } else { ircd_strncpy((char *)&cli_countrycode(cptr), GeoIP_code_by_id(gcid), 3); ircd_strncpy((char *)&cli_countryname(cptr), GeoIP_name_by_id(gcid), 256); ircd_strncpy((char *)&cli_continentcode(cptr), GeoIP_continent_by_id(gcid), 3); ircd_strncpy((char *)&cli_continentname(cptr), geoip_continent_name_by_code(GeoIP_continent_by_id(gcid)), 256); } #endif /* USE_GEOIP */ SetGeoIP(cptr); }
/** Check whether a client matches a target mask. * @param[in] from Client trying to send a message (ignored). * @param[in] one Client being considered as a target. * @param[in] mask Mask for matching against. * @param[in] addr IP address prefix to match against. * @param[in] nbits Number of bits in \a addr (> 128 if none valid). * @param[in] what Type of match (either MATCH_HOST or MATCH_SERVER). * @return Non-zero if \a one matches, zero if not. */ static int match_it(struct Client *from, struct Client *one, const char *mask, struct irc_in_addr *addr, unsigned char nbits, int what) { switch (what) { case MATCH_HOST: return ((nbits <= 128 && ipmask_check(&cli_ip(one), addr, nbits)) || match(mask, cli_user(one)->host) == 0 || (HasHiddenHost(one) && match(mask, cli_user(one)->realhost) == 0)); case MATCH_SERVER: default: return (match(mask, cli_name(cli_user(one)->server)) == 0); } }
static void userip_formatter(struct Client* cptr, struct Client *sptr, struct MsgBuf* mb) { assert(IsUser(cptr)); msgq_append(0, mb, "%s%s=%c%s@%s", cli_name(cptr), SeeOper(sptr,cptr) ? "*" : "", cli_user(cptr)->away ? '-' : '+', cli_user(cptr)->username, /* Do not *EVER* change this to give opers the real IP. * Too many scripts rely on this data and can inadvertently * publish the user's real IP, thus breaking the security * of +x. If an oper wants the real IP, he should go to * /whois to get it. */ HasHiddenHost(cptr) && (sptr != cptr) ? feature_str(FEAT_HIDDEN_IP) : ircd_ntoa(&cli_ip(cptr))); }
/** Handle a client that has successfully connected. * This copies free target information to \a cptr from his address's * registry entry and sends him a NOTICE describing the parameters for * the entry. * @param[in,out] cptr Client that has successfully connected. */ void ip_registry_connect_succeeded(struct Client *cptr) { const char* tr = ""; unsigned int free_targets = STARTTARGETS; struct IPRegistryEntry* entry = ip_registry_find(&cli_ip(cptr)); assert(entry); if (entry->target) { memcpy(cli_targets(cptr), entry->target->targets, MAXTARGETS); free_targets = entry->target->count; tr = " tr"; } Debug((DEBUG_DNS, "IPcheck noting local connection success for %s.", ircd_ntoa(&entry->addr))); sendcmdto_one(&me, CMD_NOTICE, cptr, "%C :on %u ca %u(%u) ft %u(%u)%s", cptr, entry->connected, entry->attempts, IPCHECK_CLONE_LIMIT, free_targets, STARTTARGETS, tr); }
/** Get all the exception flags that apply to the client \a cptr * @param[in] cptr Client to find the exception flags for. * @return Bitmask of all the exception flags found to apply to \a cptr */ int get_except_flags(struct Client *cptr) { int flags = 0; struct ExceptConf *econf; for(econf = exceptConfList; econf; econf = econf->next) { if (econf->usermask && match(econf->usermask, cli_username(cptr))) continue; if (econf->bits > 0) { if (!ipmask_check(&cli_ip(cptr), &econf->address, econf->bits)) continue; } else if (econf->hostmask && match(econf->hostmask, cli_sockhost(cptr))) continue; flags |= econf->flags; } return flags; }
/** Find WebIRC configuration for \a cptr with password matching \a passwd * @param[in] cptr Client to match WebIRC configuration against. * @param[in] passwd Password to compare against WebIRC configuration. * @param[out] status 0 for Success, 1 for invalid password and 2 for no WebIRC configuration. * @return WebIRCConf struct of matching WebIRC configuration or 0 on error. */ struct WebIRCConf* find_webirc_conf(struct Client *cptr, char *passwd, int* status) { struct WebIRCConf *wconf; char *crypted; int res; *status = 2; if (!passwd) return 0; for(wconf = webircConfList; wconf; wconf = wconf->next) { if (wconf->usermask && match(wconf->usermask, cli_username(cptr))) continue; if (wconf->bits > 0) { if (!ipmask_check(&cli_ip(cptr), &wconf->address, wconf->bits)) continue; } else if (wconf->hostmask && match(wconf->hostmask, cli_sockhost(cptr))) continue; *status = 1; if (!wconf->passwd) { *status = 0; return wconf; } crypted = ircd_crypt(passwd, wconf->passwd); if (!crypted) continue; res = strcmp(crypted, wconf->passwd); MyFree(crypted); if (0 == res) { *status = 0; return wconf; } } return 0; }
int count_users(char *mask) { struct Client *acptr; int count = 0; char namebuf[USERLEN + HOSTLEN + 2]; char ipbuf[USERLEN + 16 + 2]; for (acptr = GlobalClientList; acptr; acptr = cli_next(acptr)) { if (!IsUser(acptr)) continue; ircd_snprintf(0, namebuf, sizeof(namebuf), "%s@%s", cli_user(acptr)->username, cli_user(acptr)->realhost); ircd_snprintf(0, ipbuf, sizeof(ipbuf), "%s@%s", cli_user(acptr)->username, ircd_ntoa((const char *) &(cli_ip(acptr)))); if (!match(mask, namebuf) || !match(mask, ipbuf)) count++; } return count; }
/** Find the first (best) Client block to attach. * @param cptr Client for whom to check rules. * @return Authorization check result. */ enum AuthorizationCheckResult attach_iline(struct Client* cptr) { struct ConfItem* aconf; assert(0 != cptr); for (aconf = GlobalConfList; aconf; aconf = aconf->next) { if (aconf->status != CONF_CLIENT) continue; /* If you change any of this logic, please make corresponding * changes in conf_debug_iline() below. */ if (aconf->address.port && aconf->address.port != cli_listener(cptr)->addr.port) continue; if (aconf->username && match(aconf->username, cli_username(cptr))) continue; if (aconf->host && match(aconf->host, cli_sockhost(cptr))) continue; if (aconf->countrymask && match(aconf->countrymask, cli_countrycode(cptr))) continue; if (aconf->continentmask && match(aconf->continentmask, cli_continentcode(cptr))) continue; if ((aconf->addrbits >= 0) && !ipmask_check(&cli_ip(cptr), &aconf->address.addr, aconf->addrbits)) continue; if (IPcheck_nr(cptr) > aconf->maximum) return ACR_TOO_MANY_FROM_IP; if (aconf->redirserver && !EmptyString(aconf->redirserver)) { send_reply(cptr, RPL_BOUNCE, aconf->redirserver, aconf->redirport); return ACR_NO_AUTHORIZATION; } if (aconf->username && !IsWebIRCUserIdent(cptr) && (aconf->flags & CONF_NOIDENTTILDE)) SetFlag(cptr, FLAG_DOID); return attach_conf(cptr, aconf); } return ACR_NO_AUTHORIZATION; }
/** Find the first matching MOTD block for a user. * If the user is remote, always use remote MOTD. * Otherwise, if there is a hostmask- or class-based MOTD that matches * the user, use it. * Otherwise, use the local MOTD. * @param[in] cptr Client to find MOTD for. * @return Pointer to first matching MOTD for the client. */ static struct Motd * motd_lookup(struct Client *cptr) { struct Motd *ptr; char *c_class = NULL; assert(0 != cptr); if (!MyUser(cptr)) /* not my user, always return remote motd */ return MotdList.remote; c_class = get_client_class(cptr); assert(c_class != NULL); /* check the motd blocks first */ for (ptr = MotdList.other; ptr; ptr = ptr->next) { if (ptr->type == MOTD_CLASS && !match(ptr->hostmask, c_class)) return ptr; else if (ptr->type == MOTD_HOSTMASK && !match(ptr->hostmask, cli_sockhost(cptr))) return ptr; else if (ptr->type == MOTD_IPMASK && ipmask_check(&cli_ip(cptr), &ptr->address, ptr->addrbits)) return ptr; else if (ptr->type == MOTD_COUNTRY && !match(ptr->hostmask, cli_countrycode(cptr))) return ptr; else if (ptr->type == MOTD_CONTINENT && !match(ptr->hostmask, cli_continentcode(cptr))) return ptr; } return MotdList.local; /* Ok, return the default motd */ }
int ms_challenge(struct Client *cptr, struct Client *sptr, int parc, char *parv[]) { #ifdef USE_SSL struct ConfItem *aconf; RSA *rsa_public_key; BIO *file = NULL; char *challenge = NULL; char *name; char *tmpname; char chan[CHANNELLEN-1]; char* join[2]; int nl; struct Client *acptr = NULL; char *privbuf; if (!IsServer(cptr)) return 0; /* if theyre an oper, reprint oper motd and ignore */ if (IsOper(sptr)) { send_reply(sptr, RPL_YOUREOPER); if (feature_bool(FEAT_OPERMOTD)) m_opermotd(sptr, sptr, 1, parv); } if (parc < 3) { return send_reply(sptr, ERR_NOOPERHOST); } if (!(acptr = FindNServer(parv[1]))) { return send_reply(sptr, ERR_NOOPERHOST); } else if (!IsMe(acptr)) { sendcmdto_one(sptr, CMD_CHALLENGE, acptr, "%C %s %s", acptr, parv[2], parv[3]); return 0; } if (*parv[2] == '+') { /* Ignore it if we aren't expecting this... -A1kmm */ if (cli_user(sptr)->response == NULL) return 0; if (ircd_strcmp(cli_user(sptr)->response, ++parv[2])) { send_reply(sptr, ERR_PASSWDMISMATCH); sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (Password Incorrect)", parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr)); tmpname = strdup(cli_user(sptr)->auth_oper); failed_challenge_notice(sptr, tmpname, "challenge failed"); return 0; } name = strdup(cli_user(sptr)->auth_oper); aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername, MyUser(sptr) ? cli_sockhost(sptr) : cli_user(sptr)->realhost, CONF_OPS); if (!aconf) aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername, ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS); if (!aconf) aconf = find_conf_cidr(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername, cli_ip(sptr), CONF_OPS); if (!aconf) { send_reply(sptr, ERR_NOOPERHOST); sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)", parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr)); return 0; } if (CONF_LOCOP == aconf->status) { ClearOper(sptr); SetLocOp(sptr); } else { /* This must be called before client_set_privs() */ SetRemoteOper(sptr); if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_WHOIS)) { OSetWhois(sptr); } if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_IDLE)) { OSetIdle(sptr); } if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_XTRAOP)) { OSetXtraop(sptr); } if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_HIDECHANS)) { OSetHideChans(sptr); } /* prevent someone from being both oper and local oper */ ClearLocOp(sptr); if (!feature_bool(FEAT_OPERFLAGS) || !(aconf->port & OFLAG_ADMIN)) { /* Global Oper */ ClearAdmin(sptr); OSetGlobal(sptr); SetOper(sptr); } else { /* Admin */ OSetGlobal(sptr); OSetAdmin(sptr); SetOper(sptr); SetAdmin(sptr); } /* Tell client_set_privs to send privileges to the user */ client_set_privs(sptr, aconf); ClearOper(sptr); ClearAdmin(sptr); ClearRemoteOper(sptr); privbuf = client_print_privs(sptr); sendcmdto_one(&me, CMD_PRIVS, sptr, "%C %s", sptr, privbuf); } sendcmdto_one(&me, CMD_MODE, sptr, "%s %s", cli_name(sptr), (OIsAdmin(sptr)) ? "+aoiwsg" : "+oiwsg"); send_reply(sptr, RPL_YOUREOPER); if (OIsAdmin(sptr)) { sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Administrator", parv[0], cli_user(sptr)->username, cli_sockhost(sptr)); /* Autojoin admins to admin channel and oper channel (if enabled) */ if (feature_bool(FEAT_AUTOJOIN_ADMIN)) { if (feature_bool(FEAT_AUTOJOIN_ADMIN_NOTICE)) sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_ADMIN_NOTICE_VALUE)); ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_ADMIN_CHANNEL), CHANNELLEN-1); join[0] = cli_name(sptr); join[1] = chan; m_join(sptr, sptr, 2, join); } if (feature_bool(FEAT_AUTOJOIN_OPER) && OIsGlobal(sptr)) { if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE)) sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE)); ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1); join[0] = cli_name(sptr); join[1] = chan; m_join(sptr, sptr, 2, join); } } else { sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Operator (%c)", parv[0], cli_user(sptr)->username, cli_sockhost(sptr), OIsGlobal(sptr) ? 'O' : 'o'); if (feature_bool(FEAT_AUTOJOIN_OPER) && OIsGlobal(sptr)) { if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE)) sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE)); ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1); join[0] = cli_name(sptr); join[1] = chan; m_join(sptr, sptr, 2, join); } } if (feature_bool(FEAT_OPERMOTD)) m_opermotd(sptr, sptr, 1, parv); log_write(LS_OPER, L_INFO, 0, "OPER (%s) by (%#C)", name, sptr); ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", ""); return 0; } ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", ""); ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN+1, "%s", ""); aconf = find_conf_exact(parv[2], cli_user(sptr)->realusername, cli_user(sptr)->realhost, CONF_OPS); if (!aconf) aconf = find_conf_exact(parv[2], cli_user(sptr)->realusername, ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS); if (!aconf) aconf = find_conf_cidr(parv[2], cli_user(sptr)->realusername, cli_ip(sptr), CONF_OPS); if (aconf == NULL) { send_reply(sptr, ERR_NOOPERHOST); failed_challenge_notice(sptr, parv[2], "No o:line"); sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)", parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr)); return 0; } if (!(aconf->port & OFLAG_REMOTE)) { send_reply(sptr, ERR_NOOPERHOST); sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (Remote Oper)", parv[0], cli_user(sptr)->realusername, cli_user(sptr)->realhost); return 0; } if (!(aconf->port & OFLAG_RSA)) { send_reply(sptr, RPL_NO_CHALL); return 0; } if (!verify_sslclifp(sptr, aconf)) { sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (SSL Fingerprint Missmatch)", parv[0], cli_user(sptr)->realusername, cli_user(sptr)->realhost); send_reply(sptr, ERR_SSLCLIFP); return 0; } if ((file = BIO_new_file(aconf->passwd, "r")) == NULL) { send_reply(sptr, RPL_NO_KEY); return 0; } rsa_public_key = (RSA *)PEM_read_bio_RSA_PUBKEY(file, NULL, 0, NULL); if (rsa_public_key == NULL) return send_reply(sptr, RPL_INVALID_KEY); if (!generate_challenge(&challenge, rsa_public_key, sptr)) { Debug((DEBUG_DEBUG, "generating challenge sum (%s)", challenge)); send_reply(sptr, RPL_RSACHALLENGE, challenge); ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN + 1, "%s", aconf->name); } nl = BIO_set_close(file, BIO_CLOSE); BIO_free(file); return 1; #else return 1; #endif }
/* * ms_nick - server message handler for nicks * parv[0] = sender prefix * parv[1] = nickname * * If from server, source is client: * parv[2] = timestamp * * Source is server: * parv[2] = hopcount * parv[3] = timestamp * parv[4] = username * parv[5] = hostname * parv[6] = umode (optional) * parv[parc-3] = IP# <- Only Protocol >= 10 * parv[parc-2] = YXX, numeric nick <- Only Protocol >= 10 * parv[parc-1] = info * parv[0] = server */ int ms_nick(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct Client* acptr; char nick[NICKLEN + 2]; time_t lastnick = 0; int differ = 1; int samelastnick = 0; assert(0 != cptr); assert(0 != sptr); assert(IsServer(cptr)); if ((IsServer(sptr) && parc < 8) || parc < 3) { sendto_opmask_butone(0, SNO_OLDSNO, "bad NICK param count for %s from %C", parv[1], cptr); return need_more_params(sptr, "NICK"); } ircd_strncpy(nick, parv[1], NICKLEN); nick[NICKLEN] = '\0'; if (IsServer(sptr)) { lastnick = atoi(parv[3]); if (lastnick > OLDEST_TS && !IsBurstOrBurstAck(sptr)) cli_serv(sptr)->lag = TStime() - lastnick; } else { lastnick = atoi(parv[2]); if (lastnick > OLDEST_TS && !IsBurstOrBurstAck(sptr)) cli_serv(cli_user(sptr)->server)->lag = TStime() - lastnick; } /* * If do_nick_name() returns a null name OR if the server sent a nick * name and do_nick_name() changed it in some way (due to rules of nick * creation) then reject it. If from a server and we reject it, * and KILL it. -avalon 4/4/92 */ if (0 == do_nick_name(nick) || 0 != strcmp(nick, parv[1])) { send_reply(sptr, ERR_ERRONEUSNICKNAME, parv[1]); ++ServerStats->is_kill; sendto_opmask_butone(0, SNO_OLDSNO, "Bad Nick: %s From: %s %C", parv[1], parv[0], cptr); sendcmdto_one(&me, CMD_KILL, cptr, "%s :%s (%s <- %s[%s])", IsServer(sptr) ? parv[parc - 2] : parv[0], cli_name(&me), parv[1], nick, cli_name(cptr)); if (!IsServer(sptr)) { /* * bad nick _change_ */ sendcmdto_serv_butone(&me, CMD_KILL, 0, "%s :%s (%s <- %s!%s@%s)", parv[0], cli_name(&me), cli_name(cptr), parv[0], cli_user(sptr) ? cli_username(sptr) : "", cli_user(sptr) ? cli_name(cli_user(sptr)->server) : cli_name(cptr)); } return 0; } /* * Check against nick name collisions. * * Put this 'if' here so that the nesting goes nicely on the screen :) * We check against server name list before determining if the nickname * is present in the nicklist (due to the way the below for loop is * constructed). -avalon */ assert(NULL == strchr(nick,'.')); acptr = FindClient(nick); if (!acptr) { /* * No collisions, all clear... */ return set_nick_name(cptr, sptr, nick, parc, parv); } assert(0 != acptr); /* * If acptr == sptr, then we have a client doing a nick * change between *equivalent* nicknames as far as server * is concerned (user is changing the case of his/her * nickname or somesuch) */ if (acptr == sptr) { if (strcmp(cli_name(acptr), nick) == 0) /* * This is just ':old NICK old' type thing. * Just forget the whole thing here. There is * no point forwarding it to anywhere, * especially since servers prior to this * version would treat it as nick collision. */ return 0; /* NICK Message ignored */ else /* * Allows change of case in his/her nick */ return set_nick_name(cptr, sptr, nick, parc, parv); } /* * Note: From this point forward it can be assumed that * acptr != sptr (point to different client structures). */ assert(acptr != sptr); /* * If the older one is "non-person", the new entry is just * allowed to overwrite it. Just silently drop non-person, * and proceed with the nick. This should take care of the * "dormant nick" way of generating collisions... */ if (IsUnknown(acptr) && MyConnect(acptr)) { ++ServerStats->is_ref; IPcheck_connect_fail(cli_ip(acptr)); exit_client(cptr, acptr, &me, "Overridden by other sign on"); return set_nick_name(cptr, sptr, nick, parc, parv); } /* * Decide, we really have a nick collision and deal with it */ /* * NICK was coming from a server connection. * This means we have a race condition (two users signing on * at the same time), or two net fragments reconnecting with the same nick. * The latter can happen because two different users connected * or because one and the same user switched server during a net break. * If the TimeStamps are equal, we kill both (or only 'new' * if it was a ":server NICK new ..."). * Otherwise we kill the youngest when user@host differ, * or the oldest when they are the same. * We treat user and ~user as different, because if it wasn't * a faked ~user the AUTH wouldn't have added the '~'. * --Run * */ if (IsServer(sptr)) { /* * A new NICK being introduced by a neighbouring * server (e.g. message type ":server NICK new ..." received) * * compare IP address and username */ differ = (cli_ip(acptr).s_addr != htonl(base64toint(parv[parc - 3]))) || (0 != ircd_strcmp(cli_user(acptr)->username, parv[4])); sendto_opmask_butone(0, SNO_OLDSNO, "Nick collision on %C (%C %Tu <- " "%C %Tu (%s user@host))", acptr, cli_from(acptr), cli_lastnick(acptr), cptr, lastnick, differ ? "Different" : "Same"); } else { /* * A NICK change has collided (e.g. message type ":old NICK new"). * * compare IP address and username */ differ = (cli_ip(acptr).s_addr != cli_ip(sptr).s_addr) || (0 != ircd_strcmp(cli_user(acptr)->username, cli_user(sptr)->username)); sendto_opmask_butone(0, SNO_OLDSNO, "Nick change collision from %C to " "%C (%C %Tu <- %C %Tu)", sptr, acptr, cli_from(acptr), cli_lastnick(acptr), cptr, lastnick); } /* * Now remove (kill) the nick on our side if it is the youngest. * If no timestamp was received, we ignore the incoming nick * (and expect a KILL for our legit nick soon ): * When the timestamps are equal we kill both nicks. --Run * acptr->from != cptr should *always* be true (?). * * This exits the client sending the NICK message */ if (cli_from(acptr) != cptr) { if ((differ && lastnick >= cli_lastnick(acptr)) || (!differ && lastnick <= cli_lastnick(acptr))) { if (!IsServer(sptr)) { ++ServerStats->is_kill; sendcmdto_serv_butone(&me, CMD_KILL, NULL, "%C :%s (Nick collision)", sptr, cli_name(&me)); assert(!MyConnect(sptr)); SetFlag(sptr, FLAG_KILLED); exit_client_msg(cptr, sptr, &me, "Killed (%s (Nick collision))", feature_str(FEAT_HIS_SERVERNAME)); sptr = 0; /* Make sure we don't use the dead client */ } else { /* We need to kill this incoming client, which hasn't been properly registered yet. * Send a KILL message upstream to the server it came from */ sendcmdto_one(&me, CMD_KILL, sptr, "%s :%s (Nick collision)", parv[parc-2], cli_name(&me)); } /* If the two have the same TS then we want to kill both sides, so * don't leave yet! */ if (lastnick != cli_lastnick(acptr)) return 0; /* Ignore the NICK */ } send_reply(acptr, ERR_NICKCOLLISION, nick); } ++ServerStats->is_kill; SetFlag(acptr, FLAG_KILLED); if (lastnick == cli_lastnick(acptr)) samelastnick = 1; /* * This exits the client we had before getting the NICK message */ if (differ) { sendcmdto_serv_butone(&me, CMD_KILL, NULL, "%C :%s (older nick " "overruled)", acptr, cli_name(&me)); if (MyConnect(acptr)) { sendcmdto_one(acptr, CMD_QUIT, cptr, ":Killed (%s (older " "nick overruled))", feature_str(FEAT_HIS_SERVERNAME)); sendcmdto_one(&me, CMD_KILL, acptr, "%C :%s (older nick " "overruled)", acptr, feature_str(FEAT_HIS_SERVERNAME)); } exit_client_msg(cptr, acptr, &me, "Killed (%s (older nick " "overruled))", feature_str(FEAT_HIS_SERVERNAME)); } else { sendcmdto_serv_butone(&me, CMD_KILL, NULL, "%C :%s (nick collision from " "same user@host)", acptr, cli_name(&me)); if (MyConnect(acptr)) { sendcmdto_one(acptr, CMD_QUIT, cptr, ":Killed (%s (nick " "collision from same user@host))", feature_str(FEAT_HIS_SERVERNAME)); sendcmdto_one(&me, CMD_KILL, acptr, "%C :%s (older nick " "overruled)", acptr, feature_str(FEAT_HIS_SERVERNAME)); } exit_client_msg(cptr, acptr, &me, "Killed (%s (nick collision from " "same user@host))", feature_str(FEAT_HIS_SERVERNAME)); } if (samelastnick) return 0; assert(0 != sptr); return set_nick_name(cptr, sptr, nick, parc, parv); }
/* * m_nick - message handler for local clients * parv[0] = sender prefix * parv[1] = nickname */ int m_nick(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct Client* acptr; char nick[NICKLEN + 2]; char* arg; char* s; const char* client_name; assert(0 != cptr); assert(cptr == sptr); /* * parv[0] will be empty for clients connecting for the first time */ client_name = (*(cli_name(sptr))) ? cli_name(sptr) : "*"; if (parc < 2) { send_reply(sptr, ERR_NONICKNAMEGIVEN); return 0; } /* * Don't let them send make us send back a really long string of * garbage */ arg = parv[1]; if (strlen(arg) > IRCD_MIN(NICKLEN, feature_int(FEAT_NICKLEN))) arg[IRCD_MIN(NICKLEN, feature_int(FEAT_NICKLEN))] = '\0'; if ((s = strchr(arg, '~'))) *s = '\0'; strcpy(nick, arg); /* * If do_nick_name() returns a null name then reject it. */ if (0 == do_nick_name(nick)) { send_reply(sptr, ERR_ERRONEUSNICKNAME, arg); return 0; } /* * Check if this is a LOCAL user trying to use a reserved (Juped) * nick, if so tell him that it's a nick in use... */ if (isNickJuped(nick)) { send_reply(sptr, ERR_NICKNAMEINUSE, nick); return 0; /* NICK message ignored */ } if (!(acptr = FindClient(nick))) { /* * No collisions, all clear... */ return set_nick_name(cptr, sptr, nick, parc, parv); } if (IsServer(acptr)) { send_reply(sptr, ERR_NICKNAMEINUSE, nick); return 0; /* NICK message ignored */ } /* * If acptr == sptr, then we have a client doing a nick * change between *equivalent* nicknames as far as server * is concerned (user is changing the case of his/her * nickname or somesuch) */ if (acptr == sptr) { /* * If acptr == sptr, then we have a client doing a nick * change between *equivalent* nicknames as far as server * is concerned (user is changing the case of his/her * nickname or somesuch) */ if (0 != strcmp(cli_name(acptr), nick)) { /* * Allows change of case in his/her nick */ return set_nick_name(cptr, sptr, nick, parc, parv); } /* * This is just ':old NICK old' type thing. * Just forget the whole thing here. There is * no point forwarding it to anywhere, * especially since servers prior to this * version would treat it as nick collision. */ return 0; } /* * Note: From this point forward it can be assumed that * acptr != sptr (point to different client structures). */ assert(acptr != sptr); /* * If the older one is "non-person", the new entry is just * allowed to overwrite it. Just silently drop non-person, * and proceed with the nick. This should take care of the * "dormant nick" way of generating collisions... * * XXX - hmmm can this happen after one is registered? * * Yes, client 1 connects to IRC and registers, client 2 connects and * sends "NICK foo" but doesn't send anything more. client 1 now does * /nick foo, they should succeed and client 2 gets disconnected with * the message below. */ if (IsUnknown(acptr) && MyConnect(acptr)) { ++ServerStats->is_ref; IPcheck_connect_fail(cli_ip(acptr)); exit_client(cptr, acptr, &me, "Overridden by other sign on"); return set_nick_name(cptr, sptr, nick, parc, parv); } /* * NICK is coming from local client connection. Just * send error reply and ignore the command. */ send_reply(sptr, ERR_NICKNAMEINUSE, nick); return 0; /* NICK message ignored */ }
/** Handle a SERVER message from an unregistered connection. * * \a parv has the following elements: * \li \a parv[1] is the server name * \li \a parv[2] is the hop count to the server * \li \a parv[3] is the start timestamp for the server * \li \a parv[4] is the link timestamp * \li \a parv[5] is the protocol version (P10 or J10) * \li \a parv[6] is the numnick mask for the server * \li \a parv[7] is a string of flags like +hs to mark hubs and services * \li \a parv[\a parc - 1] is the server description * * See @ref m_functions for discussion of the arguments. * @param[in] cptr Client that sent us the message. * @param[in] sptr Original source of message. * @param[in] parc Number of arguments. * @param[in] parv Argument vector. */ int mr_server(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { char* host; struct ConfItem* aconf; struct Jupe* ajupe; unsigned int hop; int ret; unsigned short prot; time_t start_timestamp; time_t timestamp; time_t recv_time; time_t ghost; if (IsUserPort(cptr)) return exit_client_msg(cptr, cptr, &me, "Cannot connect a server to a user port"); if (parc < 8) { need_more_params(sptr, "SERVER"); return exit_client(cptr, cptr, &me, "Need more parameters"); } host = clean_servername(parv[1]); if (!host) { sendto_opmask(0, SNO_OLDSNO, "Bogus server name (%s) from %s", host, cli_name(cptr)); return exit_client_msg(cptr, cptr, &me, "Bogus server name (%s)", host); } if ((ajupe = jupe_find(host)) && JupeIsActive(ajupe)) return exit_client_msg(cptr, sptr, &me, "Juped: %s", JupeReason(ajupe)); /* check connection rules */ if (0 != conf_eval_crule(host, CRULE_ALL)) { ServerStats->is_ref++; sendto_opmask(0, SNO_OLDSNO, "Refused connection from %s.", cli_name(cptr)); return exit_client(cptr, cptr, &me, "Disallowed by connection rule"); } log_write(LS_NETWORK, L_NOTICE, LOG_NOSNOTICE, "SERVER: %s %s[%s]", host, cli_sockhost(cptr), cli_sock_ip(cptr)); /* * Detect protocol */ hop = atoi(parv[2]); start_timestamp = atoi(parv[3]); timestamp = atoi(parv[4]); prot = parse_protocol(parv[5]); if (!prot) return exit_client_msg(cptr, sptr, &me, "Bogus protocol (%s)", parv[5]); else if (prot < atoi(MINOR_PROTOCOL)) return exit_new_server(cptr, sptr, host, timestamp, "Incompatible protocol: %s", parv[5]); Debug((DEBUG_INFO, "Got SERVER %s with timestamp [%s] age %Tu (%Tu)", host, parv[4], start_timestamp, cli_serv(&me)->timestamp)); if (timestamp < OLDEST_TS || start_timestamp < OLDEST_TS) return exit_client_msg(cptr, sptr, &me, "Bogus timestamps (%s %s)", parv[3], parv[4]); /* If the server had a different name before, change it. */ if (!EmptyString(cli_name(cptr)) && (IsUnknown(cptr) || IsHandshake(cptr)) && 0 != ircd_strcmp(cli_name(cptr), host)) hChangeClient(cptr, host); ircd_strncpy(cli_name(cptr), host, HOSTLEN); ircd_strncpy(cli_info(cptr), parv[parc-1][0] ? parv[parc-1] : cli_name(&me), REALLEN); cli_hopcount(cptr) = hop; if (conf_check_server(cptr)) { ++ServerStats->is_ref; sendto_opmask(0, SNO_OLDSNO, "Received unauthorized connection from %s", cli_name(cptr)); log_write(LS_NETWORK, L_NOTICE, LOG_NOSNOTICE, "Received unauthorized " "connection from %C [%s]", cptr, ircd_ntoa(&cli_ip(cptr))); return exit_client(cptr, cptr, &me, "No Connect block"); } host = cli_name(cptr); update_load(); if (!(aconf = find_conf_byname(cli_confs(cptr), host, CONF_SERVER))) { ++ServerStats->is_ref; sendto_opmask(0, SNO_OLDSNO, "Access denied. No conf line for server %s", cli_name(cptr)); return exit_client_msg(cptr, cptr, &me, "Access denied. No conf line for server %s", cli_name(cptr)); } #if defined(USE_SSL) if (!verify_sslclifp(cptr, aconf)) { ++ServerStats->is_ref; sendto_opmask(0, SNO_OLDSNO, "Access denied (SSL fingerprint mismatch) %s", cli_name(cptr)); return exit_client_msg(cptr, cptr, &me, "No Access (SSL fingerprint mismatch) %s", cli_name(cptr)); } #endif if (*aconf->passwd && !!strcmp(aconf->passwd, cli_passwd(cptr))) { ++ServerStats->is_ref; sendto_opmask(0, SNO_OLDSNO, "Access denied (passwd mismatch) %s", cli_name(cptr)); return exit_client_msg(cptr, cptr, &me, "No Access (passwd mismatch) %s", cli_name(cptr)); } memset(cli_passwd(cptr), 0, sizeof(cli_passwd(cptr))); ret = check_loop_and_lh(cptr, sptr, &ghost, host, (parc > 7 ? parv[6] : NULL), timestamp, hop, 1); if (ret != 1) return ret; make_server(cptr); cli_serv(cptr)->timestamp = timestamp; cli_serv(cptr)->prot = prot; cli_serv(cptr)->ghost = ghost; memset(cli_privs(cptr), 255, sizeof(struct Privs)); ClrPriv(cptr, PRIV_SET); SetServerYXX(cptr, cptr, parv[6]); update_uworld_flags(cptr); if (*parv[7] == '+') set_server_flags(cptr, parv[7] + 1); recv_time = TStime(); check_start_timestamp(cptr, timestamp, start_timestamp, recv_time); ret = server_estab(cptr, aconf); if (feature_bool(FEAT_RELIABLE_CLOCK) && abs(cli_serv(cptr)->timestamp - recv_time) > 30) { sendto_opmask(0, SNO_OLDSNO, "Connected to a net with a " "timestamp-clock difference of %Td seconds! " "Used SETTIME to correct this.", timestamp - recv_time); sendcmdto_prio_one(&me, CMD_SETTIME, cptr, "%Tu :%s", TStime(), cli_name(&me)); } return ret; }
/** Handle a connection that has sent a valid PASS and SERVER. * @param cptr New peer server. * @param aconf Connect block for \a cptr. * @return Zero. */ int server_estab(struct Client *cptr, struct ConfItem *aconf) { struct Client* acptr = 0; const char* inpath; int i; assert(0 != cptr); assert(0 != cli_local(cptr)); inpath = cli_name(cptr); if (IsUnknown(cptr)) { if (aconf->passwd[0]) sendrawto_one(cptr, MSG_PASS " :%s", aconf->passwd); /* * Pass my info to the new server */ sendrawto_one(cptr, MSG_SERVER " %s 1 %Tu %Tu J%s %s%s +%s6 :%s", cli_name(&me), cli_serv(&me)->timestamp, cli_serv(cptr)->timestamp, MAJOR_PROTOCOL, NumServCap(&me), feature_bool(FEAT_HUB) ? "h" : "", *(cli_info(&me)) ? cli_info(&me) : "IRCers United"); } det_confs_butmask(cptr, CONF_SERVER); if (!IsHandshake(cptr)) hAddClient(cptr); SetServer(cptr); cli_handler(cptr) = SERVER_HANDLER; Count_unknownbecomesserver(UserStats); SetBurst(cptr); /* nextping = CurrentTime; */ /* * NOTE: check for acptr->user == cptr->serv->user is necessary to insure * that we got the same one... bleah */ if (cli_serv(cptr)->user && *(cli_serv(cptr))->by && (acptr = findNUser(cli_serv(cptr)->by))) { if (cli_user(acptr) == cli_serv(cptr)->user) { sendcmdto_one(&me, CMD_NOTICE, acptr, "%C :Link with %s established.", acptr, inpath); } else { /* * if not the same client, set by to empty string */ acptr = 0; *(cli_serv(cptr))->by = '\0'; } } sendto_opmask(acptr, SNO_OLDSNO, "Link with %s established.", inpath); cli_serv(cptr)->up = &me; cli_serv(cptr)->updown = add_dlink(&(cli_serv(&me))->down, cptr); sendto_opmask(0, SNO_NETWORK, "Net junction: %s %s", cli_name(&me), cli_name(cptr)); SetJunction(cptr); /* * Old sendto_serv_but_one() call removed because we now * need to send different names to different servers * (domain name matching) Send new server to other servers. */ for (i = 0; i <= HighestFd; i++) { if (!(acptr = LocalClientArray[i]) || !IsServer(acptr) || acptr == cptr || IsMe(acptr)) continue; if (!match(cli_name(&me), cli_name(cptr))) continue; sendcmdto_one(&me, CMD_SERVER, acptr, "%s 2 0 %Tu J%02u %s%s +%s%s%s :%s", cli_name(cptr), cli_serv(cptr)->timestamp, Protocol(cptr), NumServCap(cptr), IsHub(cptr) ? "h" : "", IsService(cptr) ? "s" : "", IsIPv6(cptr) ? "6" : "", cli_info(cptr)); } /* Send these as early as possible so that glined users/juped servers can * be removed from the network while the remote server is still chewing * our burst. */ gline_burst(cptr); jupe_burst(cptr); /* * Pass on my client information to the new server * * First, pass only servers (idea is that if the link gets * canceled because the server was already there, * there are no NICK's to be canceled...). Of course, * if cancellation occurs, all this info is sent anyway, * and I guess the link dies when a read is attempted...? --msa * * Note: Link cancellation to occur at this point means * that at least two servers from my fragment are building * up connection this other fragment at the same time, it's * a race condition, not the normal way of operation... */ for (acptr = &me; acptr; acptr = cli_prev(acptr)) { /* acptr->from == acptr for acptr == cptr */ if (cli_from(acptr) == cptr) continue; if (IsServer(acptr)) { const char* protocol_str; if (Protocol(acptr) > 9) protocol_str = IsBurst(acptr) ? "J" : "P"; else protocol_str = IsBurst(acptr) ? "J0" : "P0"; if (0 == match(cli_name(&me), cli_name(acptr))) continue; sendcmdto_one(cli_serv(acptr)->up, CMD_SERVER, cptr, "%s %d 0 %Tu %s%u %s%s +%s%s%s :%s", cli_name(acptr), cli_hopcount(acptr) + 1, cli_serv(acptr)->timestamp, protocol_str, Protocol(acptr), NumServCap(acptr), IsHub(acptr) ? "h" : "", IsService(acptr) ? "s" : "", IsIPv6(acptr) ? "6" : "", cli_info(acptr)); } } for (acptr = &me; acptr; acptr = cli_prev(acptr)) { /* acptr->from == acptr for acptr == cptr */ if (cli_from(acptr) == cptr) continue; if (IsUser(acptr)) { char xxx_buf[25]; char *s = umode_str(acptr); sendcmdto_one(cli_user(acptr)->server, CMD_NICK, cptr, "%s %d %Tu %s %s %s%s%s%s %s%s :%s", cli_name(acptr), cli_hopcount(acptr) + 1, cli_lastnick(acptr), cli_user(acptr)->username, cli_user(acptr)->realhost, *s ? "+" : "", s, *s ? " " : "", iptobase64(xxx_buf, &cli_ip(acptr), sizeof(xxx_buf), IsIPv6(cptr)), NumNick(acptr), cli_info(acptr)); } } /* * Last, send the BURST. * (Or for 2.9 servers: pass all channels plus statuses) */ { struct Channel *chptr; for (chptr = GlobalChannelList; chptr; chptr = chptr->next) send_channel_modes(cptr, chptr); } sendcmdto_one(&me, CMD_END_OF_BURST, cptr, ""); return 0; }
/** * Exits a client of *any* type (user, server, etc) * from this server. Also, this generates all necessary prototol * messages that this exit may cause. * * This function implicitly exits all other clients depending on * this connection. * * For convenience, this function returns a suitable value for * m_function return value: * * CPTR_KILLED if (cptr == bcptr) * 0 if (cptr != bcptr) * * This function can be called in two ways: * 1) From before or in parse(), exiting the 'cptr', in which case it was * invoked as exit_client(cptr, cptr, &me,...), causing it to always * return CPTR_KILLED. * 2) Via parse from a m_function call, in which case it was invoked as * exit_client(cptr, acptr, sptr, ...). Here 'sptr' is known; the client * that generated the message in a way that we can assume he already * did remove acptr from memory himself (or in other cases we don't mind * because he will be delinked.) Or invoked as: * exit_client(cptr, acptr/sptr, &me, ...) when WE decide this one should * be removed. * In general: No generated SQUIT or QUIT should be sent to source link * sptr->from. And CPTR_KILLED should be returned if cptr got removed (too). * * --Run * @param cptr Connection currently being handled by read_message. * @param victim Client being killed. * @param killer Client that made the decision to remove \a victim. * @param comment Reason for the exit. * @return CPTR_KILLED if cptr == bcptr, else 0. */ int exit_client(struct Client *cptr, struct Client* victim, struct Client* killer, const char* comment) { struct Client* acptr = 0; struct DLink *dlp; time_t on_for; char comment1[HOSTLEN + HOSTLEN + 2]; assert(killer); if (MyConnect(victim)) { SetFlag(victim, FLAG_CLOSING); if (feature_bool(FEAT_CONNEXIT_NOTICES) && IsUser(victim)) sendto_opmask_butone(0, SNO_CONNEXIT, "Client exiting: %s (%s@%s) [%s] [%s] <%s%s>", cli_name(victim), cli_user(victim)->username, cli_user(victim)->host, comment, ircd_ntoa(&cli_ip(victim)), NumNick(victim) /* two %s's */); update_load(); on_for = CurrentTime - cli_firsttime(victim); if (IsUser(victim) || IsUserPort(victim)) auth_send_exit(victim); if (IsUser(victim)) log_write(LS_USER, L_TRACE, 0, "%Tu %i %s@%s %s %s %s%s %s :%s", cli_firsttime(victim), on_for, cli_user(victim)->username, cli_sockhost(victim), ircd_ntoa(&cli_ip(victim)), IsAccount(victim) ? cli_username(victim) : "0", NumNick(victim), /* two %s's */ cli_name(victim), cli_info(victim)); if (victim != cli_from(killer) /* The source knows already */ && IsClient(victim)) /* Not a Ping struct or Log file */ { if (IsServer(victim) || IsHandshake(victim)) sendcmdto_one(killer, CMD_SQUIT, victim, "%s 0 :%s", cli_name(&me), comment); else if (!IsConnecting(victim)) { if (!IsDead(victim)) { if (IsServer(victim)) sendcmdto_one(killer, CMD_ERROR, victim, ":Closing Link: %s by %s (%s)", cli_name(victim), cli_name(killer), comment); else sendrawto_one(victim, MSG_ERROR " :Closing Link: %s by %s (%s)", cli_name(victim), cli_name(IsServer(killer) ? &his : killer), comment); } } if ((IsServer(victim) || IsHandshake(victim) || IsConnecting(victim)) && (killer == &me || (IsServer(killer) && (strncmp(comment, "Leaf-only link", 14) || strncmp(comment, "Non-Hub link", 12))))) { /* * Note: check user == user needed to make sure we have the same * client */ if (cli_serv(victim)->user && *(cli_serv(victim))->by && (acptr = findNUser(cli_serv(victim)->by))) { if (cli_user(acptr) == cli_serv(victim)->user) { sendcmdto_one(&me, CMD_NOTICE, acptr, "%C :Link with %s canceled: %s", acptr, cli_name(victim), comment); } else { /* * not right client, set by to empty string */ acptr = 0; *(cli_serv(victim))->by = '\0'; } } if (killer == &me) sendto_opmask_butone(acptr, SNO_OLDSNO, "Link with %s canceled: %s", cli_name(victim), comment); } } /* * Close the Client connection first. */ close_connection(victim); } if (IsServer(victim)) { if (feature_bool(FEAT_HIS_NETSPLIT)) strcpy(comment1, "*.net *.split"); else { strcpy(comment1, cli_name(cli_serv(victim)->up)); strcat(comment1, " "); strcat(comment1, cli_name(victim)); } if (IsUser(killer)) sendto_opmask_butone(killer, SNO_OLDSNO, "%s SQUIT by %s [%s]:", (cli_user(killer)->server == victim || cli_user(killer)->server == cli_serv(victim)->up) ? "Local" : "Remote", get_client_name(killer, HIDE_IP), cli_name(cli_user(killer)->server)); else if (killer != &me && cli_serv(victim)->up != killer) sendto_opmask_butone(0, SNO_OLDSNO, "Received SQUIT %s from %s :", cli_name(victim), IsServer(killer) ? cli_name(killer) : get_client_name(killer, HIDE_IP)); sendto_opmask_butone(0, SNO_NETWORK, "Net break: %C %C (%s)", cli_serv(victim)->up, victim, comment); } /* * First generate the needed protocol for the other server links * except the source: */ for (dlp = cli_serv(&me)->down; dlp; dlp = dlp->next) { if (dlp->value.cptr != cli_from(killer) && dlp->value.cptr != victim) { if (IsServer(victim)) sendcmdto_one(killer, CMD_SQUIT, dlp->value.cptr, "%s %Tu :%s", cli_name(victim), cli_serv(victim)->timestamp, comment); else if (IsUser(victim) && !HasFlag(victim, FLAG_KILLED)) sendcmdto_one(victim, CMD_QUIT, dlp->value.cptr, ":%s", comment); } } /* Then remove the client structures */ if (IsServer(victim)) exit_downlinks(victim, killer, comment1); exit_one_client(victim, comment); /* * cptr can only have been killed if it was cptr itself that got killed here, * because cptr can never have been a dependent of victim --Run */ return (cptr == victim) ? CPTR_KILLED : 0; }
/** Find number of clones of a client. * @param[in] cptr Client whose address to look up. * @return Number of clients known to be connected from that address. */ unsigned short IPcheck_nr(struct Client *cptr) { assert(0 != cptr); return ip_registry_count(&cli_ip(cptr)); }
/** Handle a client being rejected during connection through no fault * of their own. This "undoes" the effect of ip_registry_check_local() * so the client's address is not penalized for the failure. * @param[in] cptr Client who has been rejected. */ void IPcheck_connect_fail(const struct Client *cptr) { assert(IsIPChecked(cptr)); ip_registry_connect_fail(&cli_ip(cptr)); }
/** Handle a client that decided to disconnect (or was killed after * completing his connection). This updates the free target * information for his IP registry entry. * @param[in] cptr Client that has exited. */ void ip_registry_disconnect(struct Client *cptr) { struct IPRegistryEntry* entry = ip_registry_find(&cli_ip(cptr)); if (!irc_in_addr_valid(&cli_ip(cptr))) { Debug((DEBUG_DNS, "IPcheck noting dicconnect from invalid %s.", ircd_ntoa(&cli_ip(cptr)))); return; } assert(entry); assert(entry->connected > 0); Debug((DEBUG_DNS, "IPcheck noting disconnect from %s.", ircd_ntoa(&entry->addr))); /* * If this was the last one, set `last_connect' to disconnect time (used for expiration) */ if (0 == --entry->connected) { if (CONNECTED_SINCE(entry->last_connect) > IPCHECK_CLONE_LIMIT * IPCHECK_CLONE_PERIOD) { /* * Otherwise we'd penalize for this old value if the client reconnects within 20 seconds */ entry->attempts = 0; } ip_registry_update_free_targets(entry); entry->last_connect = NOW; } if (MyConnect(cptr)) { unsigned int free_targets; /* * Copy the clients targets */ if (0 == entry->target) { entry->target = (struct IPTargetEntry*) MyMalloc(sizeof(struct IPTargetEntry)); entry->target->count = STARTTARGETS; } assert(0 != entry->target); memcpy(entry->target->targets, cli_targets(cptr), MAXTARGETS); /* * This calculation can be pretty unfair towards large multi-user hosts, but * there is "nothing" we can do without also allowing spam bots to send more * messages or by drastically increasing the amount of memory used in the IPregistry. * * The problem is that when a client disconnects, leaving no free targets, then * the next client from that IP number has to pay for it (getting no free targets). * But ALSO the next client, and the next client, and the next client etc - until * another client disconnects that DOES leave free targets. The reason for this * is that if there are 10 SPAM bots, and they all disconnect at once, then they * ALL should get no free targets when reconnecting. We'd need to store an entry * per client (instead of per IP number) to avoid this. */ if (cli_nexttarget(cptr) < CurrentTime) { /* * Number of free targets */ free_targets = (CurrentTime - cli_nexttarget(cptr)) / TARGET_DELAY + 1; } else free_targets = 0; /* * Add bonus, this is pretty fuzzy, but it will help in some cases. */ if ((CurrentTime - cli_firsttime(cptr)) > 600) /* * Was longer then 10 minutes online? */ free_targets += (CurrentTime - cli_firsttime(cptr) - 600) / TARGET_DELAY; /* * Finally, store smallest value for Judgment Day */ if (free_targets < entry->target->count) entry->target->count = free_targets; } }
signed int checkHostmask(struct Client *sptr, char *hoststr, int flags) { struct Client *acptr; struct Channel *chptr; struct Membership *lp; int count = 0, found = 0, cidr_check_bits = 0; char outbuf[BUFSIZE]; char targhost[NICKLEN + USERLEN + HOSTLEN + 3], curhost[NICKLEN + USERLEN + HOSTLEN + 3]; char nickm[NICKLEN + 1], userm[USERLEN + 1], hostm[HOSTLEN + 1]; char *p = NULL; struct in_addr cidr_check; strcpy(nickm,"*"); strcpy(userm,"*"); strcpy(hostm,"*"); if (!strchr(hoststr, '!') && !strchr(hoststr, '@')) ircd_strncpy(hostm,hoststr,HOSTLEN); else { if ((p = strchr(hoststr, '@'))) { *p++ = '\0'; if (*p) ircd_strncpy(hostm,p, HOSTLEN); } /* Get the nick!user mask */ if ((p = strchr(hoststr, '!'))) { *p++ = '\0'; if (*p) ircd_strncpy(userm,p,USERLEN); if (*hoststr) ircd_strncpy(nickm,hoststr,NICKLEN); } else if (*hoststr) { /* Durz: We should only do the following *IF* the hoststr has not already been * copied into hostm (ie. neither ! or @ specified).. otherwise, when we do * /quote check *.barrysworld.com - we end up with targhost as: *!*.barryswo@*.barrysworld.com */ ircd_strncpy(userm,hoststr,USERLEN); } } if ((p = strchr(hostm, '/')) || inet_aton(hostm, &cidr_check)) { if (p) *p = '\0'; if (inet_aton(hostm, &cidr_check)) { cidr_check_bits = p ? atoi(p + 1) : 32; if ((cidr_check_bits >= 0) && (cidr_check_bits <= 32)) { flags |= CHECK_CIDRMASK; cidr_check.s_addr &= NETMASK(cidr_check_bits); } } if (p) *p = '/'; } /* Copy formatted string into "targhost" buffer */ ircd_snprintf(0, targhost, sizeof(targhost), "%s!%s@%s", nickm, userm, hostm); targhost[sizeof(targhost) - 1] = '\0'; /* Note: we have to exclude the last client struct as it is not a real client * structure, and therefore any attempt to access elements in it would cause * a segfault. */ for (acptr = GlobalClientList; acptr; acptr = cli_next(acptr)) { /* Dont process if acptr is a unregistered client, a server or a ping */ if (!IsRegistered(acptr) || IsServer(acptr)) continue; if (IsMe(acptr)) /* Always the last acptr record */ break; if(count > feature_int(FEAT_MAX_CHECK_OUTPUT)) { /* sanity stuff */ ircd_snprintf(0, outbuf, sizeof(outbuf), "More than %d results, truncating...", count); send_reply(sptr, RPL_DATASTR, outbuf); send_reply(sptr, RPL_ENDOFCHECK, " "); break; } /* Copy host info into buffer */ curhost[0] = '\0'; ircd_snprintf(0, curhost, sizeof(curhost), "%s!%s@%s", acptr->cli_name, acptr->cli_user->realusername, acptr->cli_user->realhost); if (flags & CHECK_CIDRMASK) { if (((cli_ip(acptr).s_addr & NETMASK(cidr_check_bits)) == cidr_check.s_addr) && !match(nickm, acptr->cli_name) && (!match(userm, acptr->cli_user->realusername) || !match(userm, acptr->cli_user->username))) found = 1; } else { if(match((const char*)targhost,(const char*)curhost) == 0) found = 1; else { curhost[0] = '\0'; ircd_snprintf(0, curhost, sizeof(curhost), "%s!%s@%s", acptr->cli_name, acptr->cli_user->username, acptr->cli_user->host); if(match((const char*)targhost,(const char*)curhost) == 0) found = 1; } } if (found == 1) { found = 0; /* reset that so it doesn't get crazy go nuts */ /* Show header if we've found at least 1 record */ if (count == 0) { /* Output header */ send_reply(sptr, RPL_DATASTR, " "); send_reply(sptr, RPL_CHKHEAD, "host", targhost); send_reply(sptr, RPL_DATASTR, " "); ircd_snprintf(0, outbuf, sizeof(outbuf), "%s %-*s%-*s%s", "No.", (NICKLEN + 2 ), "Nick", (USERLEN + 2), "User", "Host"); send_reply(sptr, RPL_DATASTR, outbuf); } ircd_snprintf(0, outbuf, sizeof(outbuf), "%-4d %-*s%-*s%s", (count+1), (NICKLEN + 2), acptr->cli_name, (USERLEN + 2), acptr->cli_user->realusername, (flags & CHECK_SHOWIPS) ? ircd_ntoa((const char*)&(cli_ip(acptr))) : acptr->cli_user->realhost); send_reply(sptr, RPL_DATASTR, outbuf); /* Show channel output (if applicable) - the 50 channel limit sanity check * is specifically to prevent coredumping when someone lamely tries to /check * Q or some other channel service... */ if (flags & CHECK_CHECKCHAN) { if (acptr->cli_user->joined > 0 && acptr->cli_user->joined <= 50) { char chntext[BUFSIZE]; int len = strlen(" on channels: "); int mlen = strlen(me.cli_name) + len + strlen(sptr->cli_name); *chntext = '\0'; strcpy(chntext, " on channels: "); for (lp = acptr->cli_user->channel; lp; lp = lp->next_channel) { chptr = lp->channel; if (len + strlen(chptr->chname) + mlen > BUFSIZE - 5) { send_reply(sptr, RPL_DATASTR, chntext); *chntext = '\0'; strcpy(chntext, " on channels: "); len = strlen(chntext); } if (IsDeaf(acptr)) *(chntext + len++) = '-'; if (is_chan_op(acptr, chptr)) *(chntext + len++) = '@'; if (is_half_op(acptr, chptr)) *(chntext + len++) = '%'; if (IsOper(sptr) && !ShowChannel(sptr,chptr)) *(chntext + len++) = '*'; else if (has_voice(acptr, chptr)) *(chntext + len++) = '+'; else if (IsZombie(lp)) *(chntext + len++) = '!'; if (len) *(chntext + len) = '\0'; strcpy(chntext + len, chptr->chname); len += strlen(chptr->chname); strcat(chntext + len, " "); len++; } if (chntext[0] != '\0') send_reply(sptr, RPL_DATASTR, chntext); send_reply(sptr, RPL_DATASTR, " "); } } count++; } } if (count > 0) { send_reply(sptr, RPL_DATASTR, " "); ircd_snprintf(0, outbuf, sizeof(outbuf), "Matching records found:: %d", count); send_reply(sptr, RPL_DATASTR, outbuf); send_reply(sptr, RPL_ENDOFCHECK, " "); } return count; }
int m_challenge(struct Client *cptr, struct Client *sptr, int parc, char *parv[]) { #ifdef USE_SSL struct ConfItem *aconf; RSA *rsa_public_key; BIO *file = NULL; char *challenge = NULL; char *name; char *tmpname; char chan[CHANNELLEN-1]; char* join[2]; int nl; struct Flags old_mode = cli_flags(sptr); if (!MyUser(sptr)) return 0; if (parc < 2) return need_more_params(sptr, "CHALLENGE"); if (parc > 2) { /* This is a remote OPER Request */ struct Client *srv; if (!string_has_wildcards(parv[1])) srv = FindServer(parv[1]); else srv = find_match_server(parv[1]); if (!feature_bool(FEAT_REMOTE_OPER)) return send_reply(sptr, ERR_NOOPERHOST); if (!srv) return send_reply(sptr, ERR_NOOPERHOST); if (IsMe(srv)) { parv[1] = parv[2]; } else { sendcmdto_one(sptr, CMD_CHALLENGE, srv, "%C %s", srv, parv[2]); return 0; } } /* if theyre an oper, reprint oper motd and ignore */ if (IsOper(sptr)) { send_reply(sptr, RPL_YOUREOPER); if (feature_bool(FEAT_OPERMOTD)) m_opermotd(sptr, sptr, 1, parv); } if (*parv[1] == '+') { /* Ignore it if we aren't expecting this... -A1kmm */ if (cli_user(sptr)->response == NULL) return 0; if (ircd_strcmp(cli_user(sptr)->response, ++parv[1])) { send_reply(sptr, ERR_PASSWDMISMATCH); sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (Password Incorrect)", parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr)); tmpname = strdup(cli_user(sptr)->auth_oper); failed_challenge_notice(sptr, tmpname, "challenge failed"); return 0; } name = strdup(cli_user(sptr)->auth_oper); aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername, MyUser(sptr) ? cli_sockhost(sptr) : cli_user(sptr)->realhost, CONF_OPS); if (!aconf) aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername, ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS); if (!aconf) aconf = find_conf_cidr(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername, cli_ip(sptr), CONF_OPS); if (!aconf) { send_reply(sptr, ERR_NOOPERHOST); sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)", parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr)); return 0; } if (CONF_LOCOP == aconf->status) { ClearOper(sptr); SetLocOp(sptr); } else { /* * prevent someone from being both oper and local oper */ ClearLocOp(sptr); if (!feature_bool(FEAT_OPERFLAGS) || !(aconf->port & OFLAG_ADMIN)) { /* Global Oper */ SetOper(sptr); ClearAdmin(sptr); } else { /* Admin */ SetOper(sptr); OSetGlobal(sptr); SetAdmin(sptr); } ++UserStats.opers; } cli_handler(cptr) = OPER_HANDLER; if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_WHOIS)) { OSetWhois(sptr); } if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_IDLE)) { OSetIdle(sptr); } if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_XTRAOP)) { OSetXtraop(sptr); } if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_HIDECHANS)) { OSetHideChans(sptr); } SetFlag(sptr, FLAG_WALLOP); SetFlag(sptr, FLAG_SERVNOTICE); SetFlag(sptr, FLAG_DEBUG); if (!IsAdmin(sptr)) cli_oflags(sptr) = aconf->port; set_snomask(sptr, SNO_OPERDEFAULT, SNO_ADD); client_set_privs(sptr, aconf); cli_max_sendq(sptr) = 0; /* Get the sendq from the oper's class */ send_umode_out(cptr, sptr, &old_mode, HasPriv(sptr, PRIV_PROPAGATE)); send_reply(sptr, RPL_YOUREOPER); if (IsAdmin(sptr)) { sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Administrator", parv[0], cli_user(sptr)->username, cli_sockhost(sptr)); /* Autojoin admins to admin channel and oper channel (if enabled) */ if (feature_bool(FEAT_AUTOJOIN_ADMIN)) { if (feature_bool(FEAT_AUTOJOIN_ADMIN_NOTICE)) sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_ADMIN_NOTICE_VALUE)); ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_ADMIN_CHANNEL), CHANNELLEN-1); join[0] = cli_name(sptr); join[1] = chan; m_join(sptr, sptr, 2, join); } if (feature_bool(FEAT_AUTOJOIN_OPER) && IsOper(sptr)) { if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE)) sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE)); ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1); join[0] = cli_name(sptr); join[1] = chan; m_join(sptr, sptr, 2, join); } } else { sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Operator (%c)", parv[0], cli_user(sptr)->username, cli_sockhost(sptr), IsOper(sptr) ? 'O' : 'o'); if (feature_bool(FEAT_AUTOJOIN_OPER) && IsOper(sptr)) { if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE)) sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE)); ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1); join[0] = cli_name(sptr); join[1] = chan; m_join(sptr, sptr, 2, join); } } if (feature_bool(FEAT_OPERMOTD)) m_opermotd(sptr, sptr, 1, parv); log_write(LS_OPER, L_INFO, 0, "OPER (%s) by (%#C)", name, sptr); ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", ""); return 0; } ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", ""); ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN+1, "%s", ""); aconf = find_conf_exact(parv[1], cli_user(sptr)->realusername, cli_user(sptr)->realhost, CONF_OPS); if (!aconf) aconf = find_conf_exact(parv[1], cli_user(sptr)->realusername, ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS); if (!aconf) aconf = find_conf_cidr(parv[1], cli_user(sptr)->realusername, cli_ip(sptr), CONF_OPS); if (aconf == NULL) { send_reply(sptr, ERR_NOOPERHOST); failed_challenge_notice(sptr, parv[1], "No o:line"); sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)", parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr)); return 0; } if (!(aconf->port & OFLAG_RSA)) { send_reply(sptr, RPL_NO_CHALL); return 0; } if (!verify_sslclifp(sptr, aconf)) { sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (SSL Fingerprint Missmatch)", parv[0], cli_user(sptr)->realusername, cli_user(sptr)->realhost); send_reply(sptr, ERR_SSLCLIFP); return 0; } if ((file = BIO_new_file(aconf->passwd, "r")) == NULL) { send_reply(sptr, RPL_NO_KEY); return 0; } rsa_public_key = (RSA *)PEM_read_bio_RSA_PUBKEY(file, NULL, 0, NULL); if (rsa_public_key == NULL) return send_reply(sptr, RPL_INVALID_KEY); if (!generate_challenge(&challenge, rsa_public_key, sptr)) { Debug((DEBUG_DEBUG, "generating challenge sum (%s)", challenge)); send_reply(sptr, RPL_RSACHALLENGE, challenge); ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN + 1, "%s", aconf->name); } nl = BIO_set_close(file, BIO_CLOSE); BIO_free(file); return 1; #else return 1; #endif }
/* * ms_nick - server message handler for nicks * parv[0] = sender prefix * parv[1] = nickname * * If from server, source is client: * parv[2] = timestamp * * Source is server: * parv[2] = hopcount * parv[3] = timestamp * parv[4] = username * parv[5] = hostname * parv[6] = umode (optional) * parv[parc-3] = IP# <- Only Protocol >= 10 * parv[parc-2] = YXX, numeric nick <- Only Protocol >= 10 * parv[parc-1] = info * parv[0] = server */ int ms_nick(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) { struct Client *acptr; char nick[NICKLEN + 2]; time_t lastnick = 0; int differ = 1; const char *type; assert(0 != cptr); assert(0 != sptr); assert(IsServer(cptr)); if ((IsServer(sptr) && parc < 8) || parc < 3) { sendto_opmask_butone(0, SNO_OLDSNO, "bad NICK param count for %s from %C", parv[1], cptr); return need_more_params(sptr, "NICK"); } ircd_strncpy(nick, parv[1], NICKLEN); nick[NICKLEN] = '\0'; if (IsServer(sptr)) { lastnick = atoi(parv[3]); if (lastnick > OLDEST_TS && !IsBurstOrBurstAck(sptr)) cli_serv(sptr)->lag = TStime() - lastnick; } else { lastnick = atoi(parv[2]); if (lastnick > OLDEST_TS && !IsBurstOrBurstAck(sptr)) cli_serv(cli_user(sptr)->server)->lag = TStime() - lastnick; } /* * If do_nick_name() returns a null name OR if the server sent a nick * name and do_nick_name() changed it in some way (due to rules of nick * creation) then reject it. If from a server and we reject it, * and KILL it. -avalon 4/4/92 */ if (!do_nick_name(nick) || strcmp(nick, parv[1])) { send_reply(sptr, ERR_ERRONEUSNICKNAME, parv[1]); ++ServerStats->is_kill; sendto_opmask_butone(0, SNO_OLDSNO, "Bad Nick: %s From: %s %C", parv[1], parv[0], cptr); sendcmdto_one(&me, CMD_KILL, cptr, "%s :%s (%s <- %s[%s])", IsServer(sptr) ? parv[parc - 2] : parv[0], cli_name(&me), parv[1], nick, cli_name(cptr)); if (!IsServer(sptr)) { /* * bad nick _change_ */ sendcmdto_serv_butone(&me, CMD_KILL, 0, "%s :%s (%s <- %s!%s@%s)", parv[0], cli_name(&me), cli_name(cptr), parv[0], cli_user(sptr) ? cli_username(sptr) : "", cli_user(sptr) ? cli_name(cli_user(sptr)->server) : cli_name(cptr)); } return 0; } /* Check against nick name collisions. */ if ((acptr = FindClient(nick)) == NULL) /* No collisions, all clear... */ return set_nick_name(cptr, sptr, nick, parc, parv); /* * If acptr == sptr, then we have a client doing a nick * change between *equivalent* nicknames as far as server * is concerned (user is changing the case of his/her * nickname or somesuch) */ if (acptr == sptr) { if (strcmp(cli_name(acptr), nick) != 0) /* Allows change of case in his/her nick */ return set_nick_name(cptr, sptr, nick, parc, parv); else /* Setting their nick to what it already is? Ignore it. */ return 0; } /* now we know we have a real collision. */ /* * Note: From this point forward it can be assumed that * acptr != sptr (point to different client structures). */ assert(acptr != sptr); /* * If the older one is "non-person", the new entry is just * allowed to overwrite it. Just silently drop non-person, * and proceed with the nick. This should take care of the * "dormant nick" way of generating collisions... */ if (IsUnknown(acptr) && MyConnect(acptr)) { ServerStats->is_ref++; IPcheck_connect_fail(acptr); exit_client(cptr, acptr, &me, "Overridden by other sign on"); return set_nick_name(cptr, sptr, nick, parc, parv); } /* * Decide, we really have a nick collision and deal with it */ /* * NICK was coming from a server connection. * This means we have a race condition (two users signing on * at the same time), or two net fragments reconnecting with the same nick. * The latter can happen because two different users connected * or because one and the same user switched server during a net break. * If the TimeStamps are equal, we kill both (or only 'new' * if it was a ":server NICK new ..."). * Otherwise we kill the youngest when user@host differ, * or the oldest when they are the same. * We treat user and ~user as different, because if it wasn't * a faked ~user the AUTH wouldn't have added the '~'. * --Run * */ if (IsServer(sptr)) { struct irc_in_addr ip; /* * A new NICK being introduced by a neighbouring * server (e.g. message type ":server NICK new ..." received) * * compare IP address and username */ base64toip(parv[parc - 3], &ip); differ = (0 != memcmp(&cli_ip(acptr), &ip, sizeof(cli_ip(acptr)))) || (0 != ircd_strcmp(cli_user(acptr)->username, parv[4])); sendto_opmask_butone(0, SNO_OLDSNO, "Nick collision on %C (%C %Tu <- " "%C %Tu (%s user@host))", acptr, cli_from(acptr), cli_lastnick(acptr), cptr, lastnick, differ ? "Different" : "Same"); } else { /* * A NICK change has collided (e.g. message type ":old NICK new"). * * compare IP address and username */ differ = (0 != memcmp(&cli_ip(acptr), &cli_ip(sptr), sizeof(cli_ip(acptr)))) || (0 != ircd_strcmp(cli_user(acptr)->username, cli_user(sptr)->username)); sendto_opmask_butone(0, SNO_OLDSNO, "Nick change collision from %C to " "%C (%C %Tu <- %C %Tu)", sptr, acptr, cli_from(acptr), cli_lastnick(acptr), cptr, lastnick); } type = differ ? "overruled by older nick" : "nick collision from same user@host"; /* * Now remove (kill) the nick on our side if it is the youngest. * If no timestamp was received, we ignore the incoming nick * (and expect a KILL for our legit nick soon ): * When the timestamps are equal we kill both nicks. --Run * acptr->from != cptr should *always* be true (?). * * This exits the client sending the NICK message */ if ((differ && lastnick >= cli_lastnick(acptr)) || (!differ && lastnick <= cli_lastnick(acptr))) { ServerStats->is_kill++; if (!IsServer(sptr)) { /* If this was a nick change and not a nick introduction, we * need to ensure that we remove our record of the client, and * send a KILL to the whole network. */ assert(!MyConnect(sptr)); /* Inform the rest of the net... */ sendcmdto_serv_butone(&me, CMD_KILL, 0, "%C :%s (%s)", sptr, cli_name(&me), type); /* Don't go sending off a QUIT message... */ SetFlag(sptr, FLAG_KILLED); /* Remove them locally. */ exit_client_msg(cptr, sptr, &me, "Killed (%s (%s))", feature_str(FEAT_HIS_SERVERNAME), type); } else { /* If the origin is a server, this was a new client, so we only * send the KILL in the direction it came from. We have no * client record that we would have to clean up. */ sendcmdto_one(&me, CMD_KILL, cptr, "%s :%s (%s)", parv[parc - 2], cli_name(&me), type); } /* If the timestamps differ and we just killed sptr, we don't need to kill * acptr as well. */ if (lastnick != cli_lastnick(acptr)) return 0; } /* Tell acptr why we are killing it. */ send_reply(acptr, ERR_NICKCOLLISION, nick); ServerStats->is_kill++; SetFlag(acptr, FLAG_KILLED); /* * This exits the client we had before getting the NICK message */ sendcmdto_serv_butone(&me, CMD_KILL, NULL, "%C :%s (%s)", acptr, feature_str(FEAT_HIS_SERVERNAME), type); exit_client_msg(cptr, acptr, &me, "Killed (%s (%s))", feature_str(FEAT_HIS_SERVERNAME), type); if (lastnick == cli_lastnick(acptr)) return 0; if (sptr == NULL) return 0; return set_nick_name(cptr, sptr, nick, parc, parv); }
int get_eflags(struct Client *sptr, struct Client *acptr) { struct eline *eline; unsigned int e_flag = 0; int found = 0; char outbuf[BUFSIZE]; char i_host[SOCKIPLEN + USERLEN + 2]; char s_host[HOSTLEN + USERLEN + 2]; ircd_snprintf(0, i_host, USERLEN+SOCKIPLEN+2, "%s@%s", cli_username(acptr), ircd_ntoa((const char*) &(cli_ip(acptr)))); ircd_snprintf(0, s_host, USERLEN+HOSTLEN+2, "%s@%s", cli_username(acptr), cli_sockhost(acptr)); for (eline = GlobalEList; eline; eline = eline->next) { char* ip_start; char* cidr_start; in_addr_t cli_addr = 0; *outbuf = '\0'; e_flag = eflagstr(eline->flags); if (s_host) { if ((match(eline->mask, s_host) == 0) || (match(eline->mask, i_host) == 0)) { found = 1; } } if ((ip_start = strrchr(i_host, '@'))) cli_addr = inet_addr(ip_start + 1); if ((ip_start = strrchr(eline->mask, '@')) && (cidr_start = strchr(ip_start + 1, '/'))) { int bits = atoi(cidr_start + 1); char* p = strchr(i_host, '@'); if (p) { *p = *ip_start = 0; if (match(eline->mask, i_host) == 0) { if ((bits > 0) && (bits < 33)) { in_addr_t ban_addr; *cidr_start = 0; ban_addr = inet_addr(ip_start + 1); *cidr_start = '/'; if ((NETMASK(bits) & cli_addr) == ban_addr) { *p = *ip_start = '@'; found = 1; } } } *p = *ip_start = '@'; } } if (found) { strcat(outbuf, " Exemptions:: "); if (e_flag & EFLAG_KLINE) { if (strlen(outbuf) > 21) strcat(outbuf, ", "); strcat(outbuf, "K:Lines"); } if (e_flag & EFLAG_GLINE) { if (strlen(outbuf) > 21) strcat(outbuf, ", "); strcat(outbuf, "G:Lines"); } if (e_flag & EFLAG_SHUN) { if (strlen(outbuf) > 21) strcat(outbuf, ", "); strcat(outbuf, "Shuns"); } if (e_flag & EFLAG_ZLINE) { if (strlen(outbuf) > 21) strcat(outbuf, ", "); strcat(outbuf, "Z:Lines"); } if (e_flag & EFLAG_SFILTER) { if (strlen(outbuf) > 21) strcat(outbuf, ", "); strcat(outbuf, "Spamfilters"); } if (e_flag & EFLAG_LIST) { if (strlen(outbuf) > 21) strcat(outbuf, ", "); strcat(outbuf, "List Delays"); } if (e_flag & EFLAG_IDENT) { if (strlen(outbuf) > 21) strcat(outbuf, ", "); strcat(outbuf, "Ident Prompts"); } if ((e_flag & EFLAG_IPCHECK) && IsIPCheckExempted(acptr)) { if (strlen(outbuf) > 21) strcat(outbuf, ", "); strcat(outbuf, "IPCheck"); } if (strlen(outbuf) > 18) send_reply(sptr, RPL_DATASTR, outbuf); } found = 0; } return 0; }