/*! \brief OPER command handler
*
* \param source_p Pointer to allocated Client struct from which the message
* originally comes from. This can be a local or remote client.
* \param parc Integer holding the number of supplied arguments.
* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
* pointers.
* \note Valid arguments for this command are:
* - parv[0] = command
* - parv[1] = oper name
* - parv[2] = oper password
*/
static int
m_oper(struct Client *source_p, int parc, char *parv[])
{
const char *const opername = parv[1];
const char *const password = parv[2];
if (EmptyString(password))
{
sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, "OPER");
return 0;
}
struct MaskItem *conf;
if ((conf = operator_find(source_p, opername)) == NULL)
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
conf = operator_find(NULL, opername);
failed_oper_notice(source_p, opername, conf ? "host mismatch" : "no operator {} block");
return 0;
}
if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "requires SSL/TLS");
return 0;
}
if (!EmptyString(conf->certfp))
{
if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "client certificate fingerprint mismatch");
return 0;
}
}
if (match_conf_password(password, conf) == true)
{
if (conf_attach(source_p, conf))
{
sendto_one_notice(source_p, &me, ":Can't attach conf!");
failed_oper_notice(source_p, opername, "can't attach conf!");
return 0;
}
oper_up(source_p, conf);
}
else
{
sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
failed_oper_notice(source_p, opername, "password mismatch");
}
return 0;
}
/*
** m_oper
** parv[0] = sender prefix
** parv[1] = oper name
** parv[2] = oper password
*/
static void
m_oper(struct Client *client_p, struct Client *source_p,
int parc, char *parv[])
{
struct ConfItem *conf;
struct AccessItem *aconf = NULL;
const char *name = parv[1];
const char *password = parv[2];
if (EmptyString(password) && EmptyString(source_p->certfp))
{
sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS),
me.name, source_p->name, "OPER");
return;
}
/* end the grace period */
if (!IsFloodDone(source_p))
flood_endgrace(source_p);
if ((conf = find_exact_name_conf(OPER_TYPE, source_p, name, NULL,
NULL)) == NULL)
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
conf = find_exact_name_conf(OPER_TYPE, NULL, name, NULL, NULL);
failed_oper_notice(source_p, name, (conf != NULL) ?
"host mismatch" : "no oper {} block");
return;
}
aconf = (struct AccessItem *)map_to_conf(conf);
if (match_conf_password(password, source_p->certfp, aconf))
{
if (attach_conf(source_p, conf) != 0)
{
sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!",
me.name, source_p->name);
failed_oper_notice(source_p, name, "can't attach conf!");
return;
}
oper_up(source_p);
ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
name, source_p->name, source_p->username, source_p->host);
}
else
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name);
failed_oper_notice(source_p, name, "password mismatch");
}
}
/*! \brief WEBIRC command handler
*
* \param source_p Pointer to allocated Client struct from which the message
* originally comes from. This can be a local or remote client.
* \param parc Integer holding the number of supplied arguments.
* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
* pointers.
* \note Valid arguments for this command are:
* - parv[0] = command
* - parv[1] = password
* - parv[2] = fake username (we ignore this)
* - parv[3] = fake hostname
* - parv[4] = fake ip
*/
static int
mr_webirc(struct Client *source_p, int parc, char *parv[])
{
struct MaskItem *conf = NULL;
struct addrinfo hints, *res;
assert(MyConnect(source_p));
if (!valid_hostname(parv[3]))
{
sendto_one_notice(source_p, &me, ":WEBIRC: Invalid hostname");
return 0;
}
conf = find_address_conf(source_p->host,
IsGotId(source_p) ? source_p->username : "******",
&source_p->connection->ip,
source_p->connection->aftype, parv[1]);
if (conf == NULL || !IsConfClient(conf))
return 0;
if (!IsConfWebIRC(conf))
{
sendto_one_notice(source_p, &me, ":Not a WEBIRC auth {} block");
return 0;
}
if (EmptyString(conf->passwd))
{
sendto_one_notice(source_p, &me, ":WEBIRC auth {} blocks must have a password");
return 0;
}
if (!match_conf_password(parv[1], conf))
{
sendto_one_notice(source_p, &me, ":WEBIRC password incorrect");
return 0;
}
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
if (getaddrinfo(parv[4], NULL, &hints, &res))
{
sendto_one_notice(source_p, &me, ":Invalid WEBIRC IP %s", parv[4]);
return 0;
}
assert(res);
memcpy(&source_p->connection->ip, res->ai_addr, res->ai_addrlen);
source_p->connection->ip.ss_len = res->ai_addrlen;
source_p->connection->ip.ss.ss_family = res->ai_family;
source_p->connection->aftype = res->ai_family;
freeaddrinfo(res);
strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost));
strlcpy(source_p->host, parv[3], sizeof(source_p->host));
/* Check dlines now, k-lines will be checked on registration */
if ((conf = find_dline_conf(&source_p->connection->ip,
source_p->connection->aftype)))
{
if (!(conf->type == CONF_EXEMPT))
{
exit_client(source_p, "D-lined");
return 0;
}
}
AddUMode(source_p, UMODE_WEBIRC);
sendto_one_notice(source_p, &me, ":WEBIRC host/IP set to %s %s",
parv[3], parv[4]);
return 0;
}
/*
* mr_webirc
* parv[0] = sender prefix
* parv[1] = password
* parv[2] = fake username (we ignore this)
* parv[3] = fake hostname
* parv[4] = fake ip
*/
static void
mr_webirc(struct Client *client_p, struct Client *source_p, int parc,
char *parv[])
{
struct AccessItem *aconf = NULL;
struct ConfItem *conf = NULL;
char original_sockhost[HOSTIPLEN + 1];
assert(source_p == client_p);
if (invalid_hostname(parv[4]))
return;
aconf = find_address_conf(source_p->host,
IsGotId(source_p) ? source_p->username : "******",
&source_p->ip,
source_p->ip.ss_family, parv[1],
source_p->certfp);
if (aconf == NULL || !IsConfClient(aconf))
return;
conf = unmap_conf_item(aconf);
if (!IsConfDoSpoofIp(aconf) || irccmp(conf->name, "webirc."))
{
sendto_realops_flags(UMODE_UNAUTH, L_ALL, "Not a CGI:IRC auth block: %s",
source_p->sockhost);
return;
}
if (EmptyString(aconf->passwd))
{
sendto_realops_flags(UMODE_UNAUTH, L_ALL,
"CGI:IRC auth blocks must have a password");
return;
}
if (!match_conf_password(parv[1], NULL, aconf))
{
sendto_realops_flags(UMODE_UNAUTH, L_ALL, "CGI:IRC password incorrect");
return;
}
string_to_ip(parv[4], 0, &source_p->ip);
strlcpy(original_sockhost, source_p->sockhost, sizeof(original_sockhost));
strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost));
if (strlen(parv[3]) <= HOSTLEN)
strlcpy(source_p->host, parv[3], sizeof(source_p->host));
else
strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));
/* Check dlines now, klines will be checked on registration */
if ((aconf = find_dline_conf(&client_p->ip,
client_p->ip.ss_family)))
{
if (!(aconf->status & CONF_EXEMPTDLINE))
{
exit_client(client_p, &me, "D-lined");
return;
}
}
sendto_realops_flags(UMODE_CCONN, L_ALL,
"CGI:IRC host/IP set %s to %s (%s)", original_sockhost,
parv[3], parv[4]);
}
/*
* mr_webirc
* parv[0] = sender prefix
* parv[1] = password
* parv[2] = fake username (we ignore this)
* parv[3] = fake hostname
* parv[4] = fake ip
*/
static void
mr_webirc(struct Client *client_p, struct Client *source_p, int parc, char *parv[])
{
struct AccessItem *aconf = NULL;
struct ConfItem *conf = NULL;
struct addrinfo hints, *res;
char original_sockhost[HOSTIPLEN + 1];
assert(source_p == client_p);
if (invalid_hostname(parv[4]))
return;
aconf = find_address_conf(source_p->host,
IsGotId(source_p) ? source_p->username : "******",
&source_p->ip,
source_p->aftype, parv[1],
source_p->certfp);
if (aconf == NULL || !IsConfClient(aconf))
return;
conf = unmap_conf_item(aconf);
if (!IsConfDoSpoofIp(aconf) || irccmp(conf->name, "webirc."))
{
sendto_gnotice_flags(UMODE_UNAUTH, L_ALL, me.name, &me, NULL, "Not a CGI:IRC auth block: %s", source_p->sockhost);
return;
}
if (EmptyString(aconf->passwd))
{
sendto_gnotice_flags(UMODE_UNAUTH, L_ALL, me.name, &me, NULL, "CGI:IRC auth blocks must have a password");
return;
}
if (!match_conf_password(parv[1], aconf))
{
sendto_gnotice_flags(UMODE_UNAUTH, L_ALL, me.name, &me, NULL, "CGI:IRC password incorrect");
return;
}
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
if (getaddrinfo(parv[4], NULL, &hints, &res))
{
sendto_gnotice_flags(UMODE_UNAUTH, L_ALL, me.name, &me, NULL, "Inavlid CGI:IRC IP %s", parv[4]);
return;
}
assert(res != NULL);
memcpy(&source_p->ip, res->ai_addr, res->ai_addrlen);
source_p->ip.ss_len = res->ai_addrlen;
source_p->ip.ss.ss_family = res->ai_family;
source_p->aftype = res->ai_family;
freeaddrinfo(res);
strlcpy(original_sockhost, source_p->sockhost, sizeof(original_sockhost));
strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost));
if (strlen(parv[3]) <= HOSTLEN)
strlcpy(source_p->host, parv[3], sizeof(source_p->host));
else
strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));
/* Check dlines now, k/glines will be checked on registration */
if ((aconf = find_dline_conf(&client_p->ip,
client_p->aftype)))
{
if (!(aconf->status & CONF_EXEMPTDLINE))
{
exit_client(client_p, &me, "D-lined");
return;
}
}
sendto_gnotice_flags(UMODE_CCONN, L_ALL, me.name, &me, NULL,
"CGI:IRC host/IP set %s to %s (%s)", original_sockhost,
parv[3], parv[4]);
}
/*! \brief OPER command handler
*
* \param source_p Pointer to allocated Client struct from which the message
* originally comes from. This can be a local or remote client.
* \param parc Integer holding the number of supplied arguments.
* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
* pointers.
* \note Valid arguments for this command are:
* - parv[0] = command
* - parv[1] = oper name
* - parv[2] = oper password
*/
static int
m_oper(struct Client *source_p, int parc, char *parv[])
{
struct MaskItem *conf = NULL;
const char *const opername = parv[1];
const char *const password = parv[2];
if (EmptyString(password))
{
sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, "OPER");
return 0;
}
/* end the grace period */
if (!IsFloodDone(source_p))
flood_endgrace(source_p);
if ((conf = find_exact_name_conf(CONF_OPER, source_p, opername, NULL, NULL)) == NULL)
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
conf = find_exact_name_conf(CONF_OPER, NULL, opername, NULL, NULL);
failed_oper_notice(source_p, opername, (conf != NULL) ?
"host mismatch" : "no operator {} block");
return 0;
}
if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "requires SSL/TLS");
return 0;
}
if (!EmptyString(conf->certfp))
{
if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "client certificate fingerprint mismatch");
return 0;
}
}
if (match_conf_password(password, conf))
{
if (attach_conf(source_p, conf))
{
sendto_one_notice(source_p, &me, ":Can't attach conf!");
failed_oper_notice(source_p, opername, "can't attach conf!");
return 0;
}
user_oper_up(source_p);
ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s", opername, source_p->name,
source_p->username, source_p->host);
}
else
{
sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
failed_oper_notice(source_p, opername, "password mismatch");
}
return 0;
}
