示例#1
0
/*! \brief OPER command handler
 *
 * \param source_p Pointer to allocated Client struct from which the message
 *                 originally comes from.  This can be a local or remote client.
 * \param parc     Integer holding the number of supplied arguments.
 * \param parv     Argument vector where parv[0] .. parv[parc-1] are non-NULL
 *                 pointers.
 * \note Valid arguments for this command are:
 *      - parv[0] = command
 *      - parv[1] = oper name
 *      - parv[2] = oper password
 */
static int
m_oper(struct Client *source_p, int parc, char *parv[])
{
  const char *const opername = parv[1];
  const char *const password = parv[2];

  if (EmptyString(password))
  {
    sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, "OPER");
    return 0;
  }

  struct MaskItem *conf;
  if ((conf = operator_find(source_p, opername)) == NULL)
  {
    sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);

    conf = operator_find(NULL, opername);
    failed_oper_notice(source_p, opername, conf ? "host mismatch" : "no operator {} block");
    return 0;
  }

  if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
  {
    sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
    failed_oper_notice(source_p, opername, "requires SSL/TLS");
    return 0;
  }

  if (!EmptyString(conf->certfp))
  {
    if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
    {
      sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
      failed_oper_notice(source_p, opername, "client certificate fingerprint mismatch");
      return 0;
    }
  }

  if (match_conf_password(password, conf) == true)
  {
    if (conf_attach(source_p, conf))
    {
      sendto_one_notice(source_p, &me, ":Can't attach conf!");
      failed_oper_notice(source_p, opername, "can't attach conf!");
      return 0;
    }

    oper_up(source_p, conf);
  }
  else
  {
    sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
    failed_oper_notice(source_p, opername, "password mismatch");
  }

  return 0;
}
示例#2
0
/*
** m_oper
**      parv[0] = sender prefix
**      parv[1] = oper name
**      parv[2] = oper password
*/
static void
m_oper(struct Client *client_p, struct Client *source_p,
       int parc, char *parv[])
{
  struct ConfItem *conf;
  struct AccessItem *aconf = NULL;
  const char *name = parv[1];
  const char *password = parv[2];

  if (EmptyString(password) && EmptyString(source_p->certfp))
  {
    sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS),
               me.name, source_p->name, "OPER");
    return;
  }

  /* end the grace period */
  if (!IsFloodDone(source_p))
    flood_endgrace(source_p);

  if ((conf = find_exact_name_conf(OPER_TYPE, source_p, name, NULL,
                                   NULL)) == NULL)
  {
    sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
    conf = find_exact_name_conf(OPER_TYPE, NULL, name, NULL, NULL);
    failed_oper_notice(source_p, name, (conf != NULL) ?
                       "host mismatch" : "no oper {} block");
    return;
  }

  aconf = (struct AccessItem *)map_to_conf(conf);

  if (match_conf_password(password, source_p->certfp, aconf))
  {
    if (attach_conf(source_p, conf) != 0)
    {
      sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!",
                 me.name, source_p->name);
      failed_oper_notice(source_p, name, "can't attach conf!");
      return;
    }

    oper_up(source_p);

    ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
         name, source_p->name, source_p->username, source_p->host);
  }
  else
  {
    sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name);
    failed_oper_notice(source_p, name, "password mismatch");
  }
}
示例#3
0
/*! \brief WEBIRC command handler
 *
 * \param source_p Pointer to allocated Client struct from which the message
 *                 originally comes from.  This can be a local or remote client.
 * \param parc     Integer holding the number of supplied arguments.
 * \param parv     Argument vector where parv[0] .. parv[parc-1] are non-NULL
 *                 pointers.
 * \note Valid arguments for this command are:
 *      - parv[0] = command
 *      - parv[1] = password
 *      - parv[2] = fake username (we ignore this)
 *      - parv[3] = fake hostname
 *      - parv[4] = fake ip
 */
static int
mr_webirc(struct Client *source_p, int parc, char *parv[])
{
  struct MaskItem *conf = NULL;
  struct addrinfo hints, *res;

  assert(MyConnect(source_p));

  if (!valid_hostname(parv[3]))
  {
    sendto_one_notice(source_p, &me, ":WEBIRC: Invalid hostname");
    return 0;
  }

  conf = find_address_conf(source_p->host,
                           IsGotId(source_p) ? source_p->username : "******",
                           &source_p->connection->ip,
                           source_p->connection->aftype, parv[1]);
  if (conf == NULL || !IsConfClient(conf))
    return 0;

  if (!IsConfWebIRC(conf))
  {
    sendto_one_notice(source_p, &me, ":Not a WEBIRC auth {} block");
    return 0;
  }

  if (EmptyString(conf->passwd))
  {
    sendto_one_notice(source_p, &me, ":WEBIRC auth {} blocks must have a password");
    return 0;
  }

  if (!match_conf_password(parv[1], conf))
  {
    sendto_one_notice(source_p, &me, ":WEBIRC password incorrect");
    return 0;
  }

  memset(&hints, 0, sizeof(hints));

  hints.ai_family   = AF_UNSPEC;
  hints.ai_socktype = SOCK_STREAM;
  hints.ai_flags    = AI_PASSIVE | AI_NUMERICHOST;

  if (getaddrinfo(parv[4], NULL, &hints, &res))
  {
    sendto_one_notice(source_p, &me, ":Invalid WEBIRC IP %s", parv[4]);
    return 0;
  }

  assert(res);

  memcpy(&source_p->connection->ip, res->ai_addr, res->ai_addrlen);
  source_p->connection->ip.ss_len = res->ai_addrlen;
  source_p->connection->ip.ss.ss_family = res->ai_family;
  source_p->connection->aftype = res->ai_family;
  freeaddrinfo(res);

  strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost));
  strlcpy(source_p->host, parv[3], sizeof(source_p->host));

  /* Check dlines now, k-lines will be checked on registration */
  if ((conf = find_dline_conf(&source_p->connection->ip,
                               source_p->connection->aftype)))
  {
    if (!(conf->type == CONF_EXEMPT))
    {
      exit_client(source_p, "D-lined");
      return 0;
    }
  }

  AddUMode(source_p, UMODE_WEBIRC);
  sendto_one_notice(source_p, &me, ":WEBIRC host/IP set to %s %s",
                    parv[3], parv[4]);
  return 0;
}
示例#4
0
/*
 * mr_webirc
 *      parv[0] = sender prefix
 *      parv[1] = password
 *      parv[2] = fake username (we ignore this)
 *      parv[3] = fake hostname
 *      parv[4] = fake ip
 */
static void
mr_webirc(struct Client *client_p, struct Client *source_p, int parc,
          char *parv[])
{
  struct AccessItem *aconf = NULL;
  struct ConfItem *conf = NULL;
  char original_sockhost[HOSTIPLEN + 1];

  assert(source_p == client_p);

  if (invalid_hostname(parv[4]))
    return;

  aconf = find_address_conf(source_p->host,
                            IsGotId(source_p) ? source_p->username : "******",
                            &source_p->ip,
                            source_p->ip.ss_family, parv[1],
                            source_p->certfp);

  if (aconf == NULL || !IsConfClient(aconf))
    return;

  conf = unmap_conf_item(aconf);

  if (!IsConfDoSpoofIp(aconf) || irccmp(conf->name, "webirc."))
  {
    sendto_realops_flags(UMODE_UNAUTH, L_ALL, "Not a CGI:IRC auth block: %s",
                         source_p->sockhost);
    return;
  }

  if (EmptyString(aconf->passwd))
  {
    sendto_realops_flags(UMODE_UNAUTH, L_ALL,
                         "CGI:IRC auth blocks must have a password");
    return;
  }

  if (!match_conf_password(parv[1], NULL, aconf))
  {
    sendto_realops_flags(UMODE_UNAUTH, L_ALL, "CGI:IRC password incorrect");
    return;
  }

  string_to_ip(parv[4], 0, &source_p->ip);

  strlcpy(original_sockhost, source_p->sockhost, sizeof(original_sockhost));
  strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost));

  if (strlen(parv[3]) <= HOSTLEN)
    strlcpy(source_p->host, parv[3], sizeof(source_p->host));
  else
    strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));

  /* Check dlines now, klines will be checked on registration */
  if ((aconf = find_dline_conf(&client_p->ip,
                               client_p->ip.ss_family)))
  {
    if (!(aconf->status & CONF_EXEMPTDLINE))
    {
      exit_client(client_p, &me, "D-lined");
      return;
    }
  }

  sendto_realops_flags(UMODE_CCONN, L_ALL,
                       "CGI:IRC host/IP set %s to %s (%s)", original_sockhost,
                       parv[3], parv[4]);
}
示例#5
0
/*
 * mr_webirc
 *      parv[0] = sender prefix
 *      parv[1] = password
 *      parv[2] = fake username (we ignore this)
 *      parv[3] = fake hostname 
 *      parv[4] = fake ip
 */
static void
mr_webirc(struct Client *client_p, struct Client *source_p, int parc, char *parv[])
{
  struct AccessItem *aconf = NULL;
  struct ConfItem *conf = NULL;
  struct addrinfo hints, *res;
  char original_sockhost[HOSTIPLEN + 1];

  assert(source_p == client_p);

  if (invalid_hostname(parv[4]))
    return;

  aconf = find_address_conf(source_p->host,
                            IsGotId(source_p) ? source_p->username : "******",
                            &source_p->ip,
                            source_p->aftype, parv[1],
                            source_p->certfp);
  if (aconf == NULL || !IsConfClient(aconf))
    return;

  conf = unmap_conf_item(aconf);

  if (!IsConfDoSpoofIp(aconf) || irccmp(conf->name, "webirc."))
  {
    sendto_gnotice_flags(UMODE_UNAUTH, L_ALL, me.name, &me, NULL, "Not a CGI:IRC auth block: %s", source_p->sockhost);
    return;
  }

  if (EmptyString(aconf->passwd))
  {
    sendto_gnotice_flags(UMODE_UNAUTH, L_ALL, me.name, &me, NULL, "CGI:IRC auth blocks must have a password");
    return;
  }

  if (!match_conf_password(parv[1], aconf))
  {
    sendto_gnotice_flags(UMODE_UNAUTH, L_ALL, me.name, &me, NULL, "CGI:IRC password incorrect");
    return;
  }

  memset(&hints, 0, sizeof(hints));

  hints.ai_family   = AF_UNSPEC;
  hints.ai_socktype = SOCK_STREAM;
  hints.ai_flags    = AI_PASSIVE | AI_NUMERICHOST;

  if (getaddrinfo(parv[4], NULL, &hints, &res))
  {
    sendto_gnotice_flags(UMODE_UNAUTH, L_ALL, me.name, &me, NULL, "Inavlid CGI:IRC IP %s", parv[4]);
    return;
  }

  assert(res != NULL);

  memcpy(&source_p->ip, res->ai_addr, res->ai_addrlen);
  source_p->ip.ss_len = res->ai_addrlen;
  source_p->ip.ss.ss_family = res->ai_family;
  source_p->aftype = res->ai_family;
  freeaddrinfo(res);

  strlcpy(original_sockhost, source_p->sockhost, sizeof(original_sockhost));
  strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost));

  if (strlen(parv[3]) <= HOSTLEN)
    strlcpy(source_p->host, parv[3], sizeof(source_p->host));
  else
    strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));

  /* Check dlines now, k/glines will be checked on registration */
  if ((aconf = find_dline_conf(&client_p->ip,
                                client_p->aftype)))
  {
    if (!(aconf->status & CONF_EXEMPTDLINE))
    {
      exit_client(client_p, &me, "D-lined");
      return;
    }
  }

  sendto_gnotice_flags(UMODE_CCONN, L_ALL, me.name, &me, NULL,
                       "CGI:IRC host/IP set %s to %s (%s)", original_sockhost,
                       parv[3], parv[4]);
}
示例#6
0
/*! \brief OPER command handler
 *
 * \param source_p Pointer to allocated Client struct from which the message
 *                 originally comes from.  This can be a local or remote client.
 * \param parc     Integer holding the number of supplied arguments.
 * \param parv     Argument vector where parv[0] .. parv[parc-1] are non-NULL
 *                 pointers.
 * \note Valid arguments for this command are:
 *      - parv[0] = command
 *      - parv[1] = oper name
 *      - parv[2] = oper password
 */
static int
m_oper(struct Client *source_p, int parc, char *parv[])
{
  struct MaskItem *conf = NULL;
  const char *const opername = parv[1];
  const char *const password = parv[2];

  if (EmptyString(password))
  {
    sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, "OPER");
    return 0;
  }

  /* end the grace period */
  if (!IsFloodDone(source_p))
    flood_endgrace(source_p);

  if ((conf = find_exact_name_conf(CONF_OPER, source_p, opername, NULL, NULL)) == NULL)
  {
    sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
    conf = find_exact_name_conf(CONF_OPER, NULL, opername, NULL, NULL);
    failed_oper_notice(source_p, opername, (conf != NULL) ?
                       "host mismatch" : "no operator {} block");
    return 0;
  }

  if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
  {
    sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
    failed_oper_notice(source_p, opername, "requires SSL/TLS");
    return 0;
  }

  if (!EmptyString(conf->certfp))
  {
    if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
    {
      sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
      failed_oper_notice(source_p, opername, "client certificate fingerprint mismatch");
      return 0;
    }
  }

  if (match_conf_password(password, conf))
  {
    if (attach_conf(source_p, conf))
    {
      sendto_one_notice(source_p, &me, ":Can't attach conf!");
      failed_oper_notice(source_p, opername, "can't attach conf!");
      return 0;
    }

    user_oper_up(source_p);

    ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s", opername, source_p->name,
         source_p->username, source_p->host);
  }
  else
  {
    sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
    failed_oper_notice(source_p, opername, "password mismatch");
  }

  return 0;
}