]>
Commit | Line | Data |
---|---|---|
35449aa5 CP |
1 | #include <stdio.h> |
2 | #include <string.h> | |
3 | #include "../control/control.h" | |
c4610da5 | 4 | #include "../lib/version.h" |
35449aa5 CP |
5 | #include "../lib/irc_string.h" |
6 | #include "../lib/strlfunc.h" | |
82a316e7 | 7 | #include "../core/config.h" |
caf2d02a | 8 | #include "../core/schedule.h" |
acd5f58f | 9 | #include "../irc/irc.h" |
2ab0a1e7 | 10 | #include "../lib/stringbuf.h" |
4a5ce902 GB |
11 | #include "../noperserv/noperserv.h" |
12 | #include "../noperserv/noperserv_policy.h" | |
35449aa5 CP |
13 | #include "trusts.h" |
14 | ||
c4610da5 GB |
15 | MODULE_VERSION(""); |
16 | ||
35449aa5 CP |
17 | static void registercommands(int, void *); |
18 | static void deregistercommands(int, void *); | |
19 | ||
e40626f0 | 20 | typedef int (*trustmodificationfn)(void *, char *arg, nick *, int); |
2ab0a1e7 CP |
21 | |
22 | struct trustmodification { | |
1d9ccd69 | 23 | char name[50]; |
2ab0a1e7 CP |
24 | trustmodificationfn fn; |
25 | }; | |
26 | ||
35449aa5 CP |
27 | static int trusts_cmdtrustadd(void *source, int cargc, char **cargv) { |
28 | trustgroup *tg; | |
29 | nick *sender = source; | |
30 | char *host; | |
6e6e98da GB |
31 | struct irc_in_addr ip; |
32 | unsigned char bits; | |
35449aa5 CP |
33 | trusthost *th, *superset, *subset; |
34 | ||
35 | if(cargc < 2) | |
36 | return CMD_USAGE; | |
37 | ||
38 | tg = tg_strtotg(cargv[0]); | |
39 | if(!tg) { | |
40 | controlreply(sender, "Couldn't look up trustgroup."); | |
41 | return CMD_ERROR; | |
42 | } | |
43 | ||
44 | host = cargv[1]; | |
6e6e98da | 45 | if(!ipmask_parse(host, &ip, &bits)) { |
35449aa5 CP |
46 | controlreply(sender, "Invalid host."); |
47 | return CMD_ERROR; | |
48 | } | |
49 | ||
3821b43e GB |
50 | if(!is_normalized_ipmask(&ip, bits)) { |
51 | controlreply(sender, "Invalid IP Mask."); | |
52 | return CMD_ERROR; | |
53 | } | |
54 | ||
e40626f0 GB |
55 | /* Don't allow non-developers to add trusts for large subnets or modify protected groups. */ |
56 | if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) { | |
57 | int minbits = irc_in_addr_is_ipv4(&ip)?TRUST_MIN_UNPRIVILEGED_BITS_IPV4:TRUST_MIN_UNPRIVILEGED_BITS_IPV6; | |
58 | if(bits < minbits) { | |
d6ff6878 | 59 | controlreply(sender, "You don't have the necessary privileges to add a subnet larger than /%d.", irc_bitlen(&ip, minbits)); |
e40626f0 GB |
60 | return CMD_ERROR; |
61 | } | |
62 | ||
63 | if(tg->flags & TRUST_PROTECTED) { | |
64 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
65 | return CMD_ERROR; | |
66 | } | |
67 | } | |
68 | ||
35449aa5 CP |
69 | /* OKAY! Lots of checking here! |
70 | * | |
71 | * Need to check: | |
72 | * - host isn't already covered by given group (reject if it is) | |
73 | * - host doesn't already exist exactly already (reject if it does) | |
74 | * - host is more specific than an existing one (warn if it is, fix up later) | |
75 | * - host is less specific than an existing one (warn if it is, don't need to do anything special) | |
76 | */ | |
77 | ||
78 | for(th=tg->hosts;th;th=th->next) { | |
6e6e98da | 79 | if(ipmask_check(&ip, &th->ip, th->bits)) { |
35449aa5 CP |
80 | controlreply(sender, "This host (or part of it) is already covered in the given group."); |
81 | return CMD_ERROR; | |
82 | } | |
83 | } | |
84 | ||
6e6e98da | 85 | if(th_getbyhostandmask(&ip, bits)) { |
35449aa5 CP |
86 | controlreply(sender, "This host already exists in another group with the same mask."); |
87 | return CMD_ERROR; | |
88 | } | |
89 | ||
90 | /* this function will set both to NULL if it's equal, hence the check above */ | |
6e6e98da | 91 | th_getsuperandsubsets(&ip, bits, &superset, &subset); |
35449aa5 CP |
92 | if(superset) { |
93 | /* a superset exists for us, we will be more specific than one existing host */ | |
94 | ||
f6944d47 | 95 | controlreply(sender, "Note: This host already exists in another group, but this new host will override it as it has a smaller prefix."); |
35449aa5 CP |
96 | } |
97 | if(subset) { | |
98 | /* a subset of us exists, we will be less specific than some existing hosts */ | |
99 | ||
f6944d47 | 100 | controlreply(sender, "Note: This host already exists in at least one other group, the new host has a larger prefix and therefore will not override those hosts."); |
35449aa5 | 101 | } |
35449aa5 CP |
102 | |
103 | th = th_new(tg, host); | |
104 | if(!th) { | |
105 | controlreply(sender, "An error occured adding the host to the group."); | |
106 | return CMD_ERROR; | |
107 | } | |
108 | ||
109 | controlreply(sender, "Host added."); | |
82a316e7 CP |
110 | triggerhook(HOOK_TRUSTS_ADDHOST, th); |
111 | ||
7e11a2c6 | 112 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTADD'ed host %s to group '%s'", controlid(sender), host, th->group->name->content); |
7db61652 | 113 | trustlog(tg, sender->authname, "Added host '%s'.", host); |
35449aa5 CP |
114 | |
115 | return CMD_OK; | |
116 | } | |
117 | ||
118 | static int trusts_cmdtrustgroupadd(void *source, int cargc, char **cargv) { | |
119 | nick *sender = source; | |
120 | char *name, *contact, *comment, createdby[ACCOUNTLEN + 2]; | |
6e1fa89e | 121 | long howmany, maxperident, enforceident; |
82a316e7 | 122 | trustgroup *tg, itg; |
3a8c35c9 | 123 | int override, flags; |
35449aa5 | 124 | |
3b09e86f | 125 | if(cargc < 5) |
35449aa5 CP |
126 | return CMD_USAGE; |
127 | ||
1c732bec GB |
128 | override = noperserv_policy_command_permitted(NO_DEVELOPER, sender); |
129 | ||
35449aa5 | 130 | name = cargv[0]; |
6e1fa89e | 131 | howmany = strtol(cargv[1], NULL, 10); |
1c732bec | 132 | if(!override && (!howmany || (howmany > MAXTRUSTEDFOR))) { |
35449aa5 CP |
133 | controlreply(sender, "Bad value maximum number of clients."); |
134 | return CMD_ERROR; | |
135 | } | |
136 | ||
6e1fa89e | 137 | maxperident = strtol(cargv[2], NULL, 10); |
1c732bec | 138 | if(maxperident < 0 || (maxperident > MAXPERIDENT)) { |
35449aa5 CP |
139 | controlreply(sender, "Bad value for max per ident."); |
140 | return CMD_ERROR; | |
141 | } | |
142 | ||
06d01a20 | 143 | if(cargv[3][0] != '1' && cargv[3][0] != '0') { |
35449aa5 CP |
144 | controlreply(sender, "Bad value for enforce ident (use 0 or 1)."); |
145 | return CMD_ERROR; | |
146 | } | |
a350e502 | 147 | enforceident = cargv[3][0] == '1'; |
35449aa5 | 148 | |
a350e502 | 149 | contact = cargv[4]; |
35449aa5 | 150 | |
a350e502 | 151 | if(cargc < 6) { |
35449aa5 CP |
152 | comment = "(no comment)"; |
153 | } else { | |
a350e502 | 154 | comment = cargv[5]; |
35449aa5 CP |
155 | } |
156 | ||
157 | /* don't allow #id or id forms */ | |
6e1fa89e | 158 | if((name[0] == '#') || strtol(name, NULL, 10)) { |
35449aa5 CP |
159 | controlreply(sender, "Invalid trustgroup name."); |
160 | return CMD_ERROR; | |
161 | } | |
162 | ||
163 | tg = tg_strtotg(name); | |
164 | if(tg) { | |
e40626f0 | 165 | controlreply(sender, "A group with that name already exists."); |
35449aa5 CP |
166 | return CMD_ERROR; |
167 | } | |
168 | ||
169 | snprintf(createdby, sizeof(createdby), "#%s", sender->authname); | |
170 | ||
3a8c35c9 GB |
171 | flags = 0; |
172 | ||
173 | if(maxperident > 0) | |
174 | flags |= TRUST_RELIABLE_USERNAME; | |
175 | ||
176 | if(enforceident) | |
177 | flags |= TRUST_ENFORCE_IDENT; | |
178 | ||
82a316e7 | 179 | itg.trustedfor = howmany; |
3a8c35c9 | 180 | itg.flags = flags; |
82a316e7 | 181 | itg.maxperident = maxperident; |
3b09e86f | 182 | itg.expires = 0; |
1f685425 | 183 | itg.createdby = getsstring(createdby, CREATEDBYLEN); |
82a316e7 CP |
184 | itg.contact = getsstring(contact, CONTACTLEN); |
185 | itg.comment = getsstring(comment, COMMENTLEN); | |
186 | itg.name = getsstring(name, TRUSTNAMELEN); | |
187 | ||
188 | if(itg.createdby && itg.contact && itg.comment && itg.name) { | |
189 | tg = tg_new(&itg); | |
190 | } else { | |
191 | tg = NULL; | |
192 | } | |
193 | ||
194 | freesstring(itg.createdby); | |
195 | freesstring(itg.comment); | |
196 | freesstring(itg.name); | |
197 | freesstring(itg.contact); | |
198 | ||
35449aa5 CP |
199 | if(!tg) { |
200 | controlreply(sender, "An error occured adding the trustgroup."); | |
201 | return CMD_ERROR; | |
202 | } | |
203 | ||
204 | controlreply(sender, "Group added."); | |
82a316e7 CP |
205 | triggerhook(HOOK_TRUSTS_ADDGROUP, tg); |
206 | ||
7e11a2c6 | 207 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTGROUPADD'ed '%s'", controlid(sender), tg->name->content); |
7db61652 | 208 | trustlog(tg, sender->authname, "Created trust group '%s' (ID #%d): howmany=%d, enforceident=%d, maxperident=%d, " |
3b09e86f GB |
209 | "createdby=%s, contact=%s, comment=%s", |
210 | tg->name->content, howmany, tg->id, enforceident, maxperident, createdby, contact, comment); | |
35449aa5 CP |
211 | |
212 | return CMD_OK; | |
213 | } | |
214 | ||
2ab0a1e7 CP |
215 | static int trusts_cmdtrustgroupdel(void *source, int cargc, char **cargv) { |
216 | trustgroup *tg; | |
217 | nick *sender = source; | |
218 | ||
219 | if(cargc < 1) | |
220 | return CMD_USAGE; | |
221 | ||
222 | tg = tg_strtotg(cargv[0]); | |
223 | if(!tg) { | |
224 | controlreply(sender, "Couldn't look up trustgroup."); | |
225 | return CMD_ERROR; | |
226 | } | |
227 | ||
e40626f0 GB |
228 | /* Don't allow non-developers to delete protected groups. */ |
229 | if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) { | |
230 | if(tg->flags & TRUST_PROTECTED) { | |
231 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
232 | return CMD_ERROR; | |
233 | } | |
234 | } | |
235 | ||
2ab0a1e7 CP |
236 | if(tg->hosts) { |
237 | controlreply(sender, "Delete all hosts before deleting the group."); | |
238 | return CMD_ERROR; | |
239 | } | |
240 | ||
7e11a2c6 | 241 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTGROUPDEL'ed '%s'.", controlid(sender), tg->name->content); |
7db61652 | 242 | trustlog(tg, sender->authname, "Deleted group '%s'.", tg->name->content); |
7e11a2c6 | 243 | |
2ab0a1e7 CP |
244 | triggerhook(HOOK_TRUSTS_DELGROUP, tg); |
245 | tg_delete(tg); | |
246 | controlreply(sender, "Group deleted."); | |
247 | ||
2ab0a1e7 CP |
248 | return CMD_OK; |
249 | } | |
250 | ||
251 | static int trusts_cmdtrustdel(void *source, int cargc, char **cargv) { | |
252 | trustgroup *tg; | |
253 | trusthost *th; | |
6e6e98da GB |
254 | struct irc_in_addr ip; |
255 | unsigned char bits; | |
2ab0a1e7 | 256 | nick *sender = source; |
7e11a2c6 | 257 | char *host; |
2ab0a1e7 CP |
258 | |
259 | if(cargc < 2) | |
260 | return CMD_USAGE; | |
261 | ||
262 | tg = tg_strtotg(cargv[0]); | |
263 | if(!tg) { | |
264 | controlreply(sender, "Couldn't look up trustgroup."); | |
265 | return CMD_ERROR; | |
266 | } | |
267 | ||
7e11a2c6 | 268 | host = cargv[1]; |
6e6e98da | 269 | if(!ipmask_parse(host, &ip, &bits)) { |
2ab0a1e7 CP |
270 | controlreply(sender, "Invalid IP/mask."); |
271 | return CMD_ERROR; | |
272 | } | |
273 | ||
e40626f0 GB |
274 | /* Don't allow non-developers to remove trusts for large subnets or modify protected groups. */ |
275 | if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) { | |
276 | int minbits = irc_in_addr_is_ipv4(&ip)?TRUST_MIN_UNPRIVILEGED_BITS_IPV4:TRUST_MIN_UNPRIVILEGED_BITS_IPV6; | |
277 | if(bits < minbits) { | |
d6ff6878 | 278 | controlreply(sender, "You don't have the necessary privileges to remove a subnet larger than /%d.", irc_bitlen(&ip, minbits)); |
e40626f0 GB |
279 | return CMD_ERROR; |
280 | } | |
281 | ||
282 | if(tg->flags & TRUST_PROTECTED) { | |
283 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
284 | return CMD_ERROR; | |
285 | } | |
286 | } | |
287 | ||
2ab0a1e7 | 288 | for(th=tg->hosts;th;th=th->next) |
6e6e98da | 289 | if(ipmask_check(&ip, &th->ip, th->bits) && th->bits == bits) |
2ab0a1e7 CP |
290 | break; |
291 | ||
292 | if(!th) { | |
293 | controlreply(sender, "Couldn't find that host in that group."); | |
294 | return CMD_ERROR; | |
295 | } | |
296 | ||
297 | triggerhook(HOOK_TRUSTS_DELHOST, th); | |
298 | th_delete(th); | |
299 | controlreply(sender, "Host deleted."); | |
300 | ||
7e11a2c6 | 301 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTDEL'ed %s from group '%s'.", controlid(sender), host, tg->name->content); |
7db61652 | 302 | trustlog(tg, sender->authname, "Removed host '%s'.", host); |
2ab0a1e7 | 303 | |
7e11a2c6 | 304 | return CMD_OK; |
2ab0a1e7 CP |
305 | } |
306 | ||
e40626f0 | 307 | static int modifycomment(void *arg, char *comment, nick *source, int override) { |
c1da06f9 | 308 | trustgroup *tg = arg; |
2ab0a1e7 CP |
309 | sstring *n = getsstring(comment, COMMENTLEN); |
310 | if(!n) | |
311 | return 0; | |
312 | ||
313 | freesstring(tg->comment); | |
314 | tg->comment = n; | |
315 | ||
316 | return 1; | |
317 | } | |
318 | ||
e40626f0 | 319 | static int modifycontact(void *arg, char *contact, nick *source, int override) { |
c1da06f9 | 320 | trustgroup *tg = arg; |
2ab0a1e7 CP |
321 | sstring *n = getsstring(contact, CONTACTLEN); |
322 | if(!n) | |
323 | return 0; | |
324 | ||
325 | freesstring(tg->contact); | |
326 | tg->contact = n; | |
327 | ||
328 | return 1; | |
329 | } | |
330 | ||
e40626f0 | 331 | static int modifytrustedfor(void *arg, char *num, nick *source, int override) { |
c1da06f9 | 332 | trustgroup *tg = arg; |
6e1fa89e | 333 | long trustedfor = strtol(num, NULL, 10); |
2ab0a1e7 | 334 | |
e40626f0 GB |
335 | if(trustedfor < 0) { |
336 | controlreply(source, "The clone limit must not be negative."); | |
2ab0a1e7 | 337 | return 0; |
e40626f0 GB |
338 | } |
339 | ||
340 | if(!override) { | |
341 | if (trustedfor == 0) { | |
342 | controlreply(source, "You don't have the necessary privileges to set an unlimited clone limit."); | |
343 | return 0; | |
344 | } | |
345 | ||
346 | if (trustedfor > MAXTRUSTEDFOR) { | |
347 | controlreply(source, "You don't have the necessary privileges to set the clone limit to a value higher than %d.", MAXTRUSTEDFOR); | |
348 | return 0; | |
349 | } | |
350 | } | |
2ab0a1e7 CP |
351 | |
352 | tg->trustedfor = trustedfor; | |
353 | ||
354 | return 1; | |
355 | } | |
356 | ||
e40626f0 | 357 | static int modifymaxperident(void *arg, char *num, nick *source, int override) { |
c1da06f9 | 358 | trustgroup *tg = arg; |
6e1fa89e | 359 | long maxperident = strtol(num, NULL, 10); |
2ab0a1e7 | 360 | |
e40626f0 GB |
361 | if(maxperident < 0) { |
362 | controlreply(source, "Ident limit must not be negative."); | |
2ab0a1e7 | 363 | return 0; |
e40626f0 GB |
364 | } |
365 | ||
366 | if(maxperident > MAXPERIDENT) { | |
367 | controlreply(source, "Ident limit must not be higher than %d. Consider setting it to 0 (unlimited) instead.", MAXPERIDENT); | |
368 | return 0; | |
369 | } | |
2ab0a1e7 | 370 | |
1f685425 | 371 | tg->maxperident = maxperident; |
2ab0a1e7 CP |
372 | |
373 | return 1; | |
374 | } | |
375 | ||
e40626f0 | 376 | static int modifyenforceident(void *arg, char *num, nick *source, int override) { |
c1da06f9 GB |
377 | trustgroup *tg = arg; |
378 | ||
2ab0a1e7 | 379 | if(num[0] == '1') { |
de723023 | 380 | tg->flags |= TRUST_ENFORCE_IDENT; |
2ab0a1e7 | 381 | } else if(num[0] == '0') { |
de723023 | 382 | tg->flags &= ~TRUST_ENFORCE_IDENT; |
2ab0a1e7 CP |
383 | } else { |
384 | return 0; | |
385 | } | |
386 | ||
387 | return 1; | |
388 | } | |
389 | ||
6ba5f655 GB |
390 | static int modifyreliableusername(void *arg, char *num, nick *source, int override) { |
391 | trustgroup *tg = arg; | |
392 | ||
393 | if(num[0] == '1') { | |
394 | tg->flags |= TRUST_RELIABLE_USERNAME; | |
395 | } else if(num[0] == '0') { | |
396 | tg->flags &= ~TRUST_RELIABLE_USERNAME; | |
397 | } else { | |
398 | return 0; | |
399 | } | |
400 | ||
401 | return 1; | |
402 | } | |
403 | ||
e40626f0 | 404 | static int modifyexpires(void *arg, char *expires, nick *source, int override) { |
c1da06f9 | 405 | trustgroup *tg = arg; |
2ab0a1e7 CP |
406 | int howlong = durationtolong(expires); |
407 | ||
1a760647 GB |
408 | if((howlong < 0) || (howlong > MAXDURATION)) { |
409 | controlreply(source, "Duration cannot be negative or greater than %s (use 0 instead if you don't want the group to expire).", longtoduration(MAXDURATION, 0)); | |
2ab0a1e7 | 410 | return 0; |
1a760647 | 411 | } |
2ab0a1e7 | 412 | |
ad3fd5ee | 413 | if(howlong) |
acd5f58f | 414 | tg->expires = getnettime() + howlong; |
ad3fd5ee GB |
415 | else |
416 | tg->expires = 0; /* never */ | |
2ab0a1e7 CP |
417 | |
418 | return 1; | |
419 | } | |
420 | ||
e40626f0 | 421 | static int modifycleanup(void *arg, char *num, nick *source, int override) { |
de723023 GB |
422 | trustgroup *tg = arg; |
423 | ||
b657ac19 GB |
424 | if(!override) { |
425 | controlreply(source, "You don't have the necessary privileges to modify this attribute."); | |
e40626f0 | 426 | return 0; |
b657ac19 | 427 | } |
e40626f0 | 428 | |
de723023 GB |
429 | if(num[0] == '1') { |
430 | tg->flags &= ~TRUST_NO_CLEANUP; | |
431 | } else if(num[0] == '0') { | |
432 | tg->flags |= TRUST_NO_CLEANUP; | |
433 | } else { | |
434 | return 0; | |
435 | } | |
436 | ||
437 | return 1; | |
438 | } | |
439 | ||
e40626f0 GB |
440 | static int modifyprotected(void *arg, char *num, nick *source, int override) { |
441 | trustgroup *tg = arg; | |
442 | ||
443 | if(!override) { | |
444 | controlreply(source, "You don't have the necessary privileges to modify this attribute."); | |
445 | return 0; | |
446 | } | |
447 | ||
448 | if(num[0] == '1') { | |
449 | tg->flags |= TRUST_PROTECTED; | |
450 | } else if(num[0] == '0') { | |
451 | tg->flags &= ~TRUST_PROTECTED; | |
452 | } else { | |
453 | return 0; | |
454 | } | |
455 | ||
456 | return 1; | |
457 | } | |
458 | ||
459 | static int modifymaxpernode(void *arg, char *num, nick *source, int override) { | |
c1da06f9 GB |
460 | trusthost *th = arg; |
461 | int maxpernode = strtol(num, NULL, 10); | |
e40626f0 GB |
462 | |
463 | if(maxpernode < 0) { | |
464 | controlreply(source, "Node limit must not be negative."); | |
465 | return 0; | |
466 | } | |
467 | ||
468 | if(maxpernode>MAXPERNODE) { | |
469 | controlreply(source, "Node limit must not be higher than %d. Consider setting it to 0 (unlimited) instead.", MAXPERNODE); | |
c1da06f9 | 470 | return 0; |
e40626f0 GB |
471 | } |
472 | ||
c1da06f9 GB |
473 | th->maxpernode = maxpernode; |
474 | ||
475 | return 1; | |
476 | } | |
477 | ||
e40626f0 | 478 | static int modifynodebits(void *arg, char *num, nick *source, int override) { |
c1da06f9 GB |
479 | trusthost *th = arg; |
480 | int nodebits = strtol(num, NULL, 10); | |
481 | ||
e40626f0 GB |
482 | if(nodebits < 0) { |
483 | controlreply(source, "Node bits must not be negative."); | |
c1da06f9 | 484 | return 0; |
e40626f0 GB |
485 | } |
486 | ||
1a760647 GB |
487 | if(irc_in_addr_is_ipv4(&th->ip)) |
488 | nodebits += 96; | |
489 | ||
c2e27ec8 GB |
490 | if(nodebits > 128) { |
491 | controlreply(source, "Node bits is invalid."); | |
492 | return 0; | |
493 | } | |
494 | ||
e40626f0 GB |
495 | if(!override) { |
496 | int minbits = irc_in_addr_is_ipv4(&th->ip)?TRUST_MIN_UNPRIVILEGED_NODEBITS_IPV4:TRUST_MIN_UNPRIVILEGED_NODEBITS_IPV6; | |
497 | ||
498 | if(nodebits < minbits) { | |
d6ff6878 | 499 | controlreply(source, "You don't have the necessary privileges to set node bits to a subnet larger than /%d.", irc_bitlen(&th->ip, minbits)); |
e40626f0 GB |
500 | return 0; |
501 | } | |
502 | } | |
c1da06f9 | 503 | |
e40626f0 | 504 | if(nodebits<th->bits) { |
1a760647 | 505 | controlreply(source, "Node bits must be smaller or equal to the trusted CIDR's subnet size."); |
80cf3d8e | 506 | return 0; |
e40626f0 | 507 | } |
80cf3d8e | 508 | |
c1da06f9 GB |
509 | th->nodebits = nodebits; |
510 | ||
511 | return 1; | |
512 | } | |
513 | ||
514 | static array trustgroupmods_a; | |
515 | static struct trustmodification *trustgroupmods; | |
516 | static array trusthostmods_a; | |
517 | static struct trustmodification *trusthostmods; | |
2ab0a1e7 CP |
518 | |
519 | static int trusts_cmdtrustgroupmodify(void *source, int cargc, char **cargv) { | |
520 | trustgroup *tg; | |
521 | nick *sender = source; | |
f6ecfee9 | 522 | char *what, *to; |
4a5ce902 | 523 | int i, override; |
2ab0a1e7 CP |
524 | |
525 | if(cargc < 3) | |
526 | return CMD_USAGE; | |
527 | ||
528 | tg = tg_strtotg(cargv[0]); | |
529 | if(!tg) { | |
530 | controlreply(sender, "Couldn't look up trustgroup."); | |
531 | return CMD_ERROR; | |
532 | } | |
533 | ||
534 | what = cargv[1]; | |
535 | to = cargv[2]; | |
536 | ||
4a5ce902 GB |
537 | override = noperserv_policy_command_permitted(NO_DEVELOPER, sender); |
538 | ||
e40626f0 GB |
539 | /* Don't allow non-developers to modify protected groups. */ |
540 | if (!override && tg->flags & TRUST_PROTECTED) { | |
541 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
542 | return CMD_ERROR; | |
543 | } | |
544 | ||
c1da06f9 GB |
545 | for(i=0;i<trustgroupmods_a.cursi;i++) { |
546 | if(!strcmp(what, trustgroupmods[i].name)) { | |
e40626f0 | 547 | if(!(trustgroupmods[i].fn)(tg, to, sender, override)) { |
2ab0a1e7 CP |
548 | controlreply(sender, "An error occured changing that property, check the syntax."); |
549 | return CMD_ERROR; | |
550 | } | |
551 | break; | |
552 | } | |
2ab0a1e7 CP |
553 | } |
554 | ||
f6ecfee9 GB |
555 | if(i == trustgroupmods_a.cursi) |
556 | return CMD_USAGE; | |
2ab0a1e7 CP |
557 | |
558 | triggerhook(HOOK_TRUSTS_MODIFYGROUP, tg); | |
559 | tg_update(tg); | |
560 | controlreply(sender, "Group modified."); | |
561 | ||
7e11a2c6 | 562 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTMODIFIED'ed group '%s' (field: %s, value: %s)", controlid(sender), tg->name->content, what, to); |
7db61652 | 563 | trustlog(tg, sender->authname, "Modified %s: %s", what, to); |
7e11a2c6 | 564 | |
2ab0a1e7 CP |
565 | return CMD_OK; |
566 | } | |
567 | ||
c1da06f9 GB |
568 | static int trusts_cmdtrusthostmodify(void *source, int cargc, char **cargv) { |
569 | trustgroup *tg; | |
570 | trusthost *th; | |
571 | nick *sender = source; | |
f6ecfee9 | 572 | char *what, *to; |
4a5ce902 | 573 | int i, override; |
c1da06f9 GB |
574 | struct irc_in_addr ip; |
575 | unsigned char bits; | |
576 | ||
577 | if(cargc < 4) | |
578 | return CMD_USAGE; | |
579 | ||
580 | tg = tg_strtotg(cargv[0]); | |
581 | if(!tg) { | |
582 | controlreply(sender, "Couldn't look up trustgroup."); | |
583 | return CMD_ERROR; | |
584 | } | |
585 | ||
586 | if(!ipmask_parse(cargv[1], &ip, &bits)) { | |
587 | controlreply(sender, "Invalid host."); | |
588 | return CMD_ERROR; | |
589 | } | |
590 | ||
e40626f0 GB |
591 | /* Don't allow non-developers to modify trusts for large subnets or modify protected groups. */ |
592 | if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) { | |
593 | int minbits = irc_in_addr_is_ipv4(&ip)?TRUST_MIN_UNPRIVILEGED_BITS_IPV4:TRUST_MIN_UNPRIVILEGED_BITS_IPV6; | |
594 | if(bits < minbits) { | |
d6ff6878 | 595 | controlreply(sender, "You don't have the necessary privileges to modify a subnet larger than /%d.", irc_bitlen(&ip, minbits)); |
e40626f0 GB |
596 | return CMD_ERROR; |
597 | } | |
598 | ||
599 | if(tg->flags & TRUST_PROTECTED) { | |
600 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
601 | return CMD_ERROR; | |
602 | } | |
603 | } | |
604 | ||
c1da06f9 GB |
605 | th = th_getbyhostandmask(&ip, bits); |
606 | ||
4c585540 | 607 | if(!th || th->group != tg) { |
c1da06f9 GB |
608 | controlreply(sender, "Host does not belong to the specified group."); |
609 | return CMD_ERROR; | |
610 | } | |
611 | ||
612 | what = cargv[2]; | |
613 | to = cargv[3]; | |
614 | ||
4a5ce902 GB |
615 | override = noperserv_policy_command_permitted(NO_DEVELOPER, sender); |
616 | ||
c1da06f9 GB |
617 | for(i=0;i<trusthostmods_a.cursi;i++) { |
618 | if(!strcmp(what, trusthostmods[i].name)) { | |
e40626f0 | 619 | if(!(trusthostmods[i].fn)(th, to, sender, override)) { |
c1da06f9 GB |
620 | controlreply(sender, "An error occured changing that property, check the syntax."); |
621 | return CMD_ERROR; | |
622 | } | |
623 | break; | |
624 | } | |
c1da06f9 GB |
625 | } |
626 | ||
f6ecfee9 GB |
627 | if(i == trusthostmods_a.cursi) |
628 | return CMD_USAGE; | |
c1da06f9 GB |
629 | |
630 | triggerhook(HOOK_TRUSTS_MODIFYHOST, th); | |
631 | th_update(th); | |
632 | controlreply(sender, "Host modified."); | |
633 | ||
3898f973 GB |
634 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTMODIFIED'ed host '%s' in group '%s' (field: %s, value: %s)", controlid(sender), CIDRtostr(ip, bits), tg->name->content, what, to); |
635 | trustlog(tg, sender->authname, "Modified %s for host '%s': %s", what, CIDRtostr(ip, bits), to); | |
c1da06f9 GB |
636 | |
637 | return CMD_OK; | |
638 | } | |
639 | ||
e5c0bccf | 640 | static int trusts_cmdtrustlog(void *source, int cargc, char **cargv) { |
01bd21d3 | 641 | nick *sender = source; |
01bd21d3 GB |
642 | char *name; |
643 | int groupid; | |
6e1fa89e | 644 | long limit = 0; |
01bd21d3 GB |
645 | |
646 | if(cargc < 1) | |
647 | return CMD_USAGE; | |
648 | ||
01bd21d3 | 649 | if(cargc>1) |
6e1fa89e | 650 | limit = strtol(cargv[1], NULL, 10); |
01bd21d3 GB |
651 | |
652 | if(limit==0) | |
653 | limit = 100; | |
654 | ||
1467e9a4 GB |
655 | name = cargv[0]; |
656 | ||
657 | if (name[0] == '#') { | |
6e1fa89e | 658 | groupid = strtol(name + 1, NULL, 10); |
1467e9a4 GB |
659 | trustlogspewid(sender, groupid, limit); |
660 | } else { | |
661 | trustlogspewname(sender, name, limit); | |
662 | } | |
01bd21d3 GB |
663 | |
664 | return CMD_OK; | |
665 | } | |
666 | ||
667 | static int trusts_cmdtrustloggrep(void *source, int cargc, char **cargv) { | |
668 | nick *sender = source; | |
669 | char *pattern; | |
6e1fa89e | 670 | long limit = 0; |
01bd21d3 GB |
671 | |
672 | if(cargc < 1) | |
673 | return CMD_USAGE; | |
674 | ||
675 | pattern = cargv[0]; | |
676 | ||
677 | if(cargc>1) | |
6e1fa89e | 678 | limit = strtol(cargv[1], NULL, 10); |
01bd21d3 GB |
679 | |
680 | if(limit==0) | |
681 | limit = 100; | |
682 | ||
683 | trustloggrep(sender, pattern, limit); | |
684 | ||
685 | return CMD_OK; | |
686 | } | |
687 | ||
688 | static int trusts_cmdtrustcomment(void *source, int cargc, char **cargv) { | |
689 | nick *sender = source; | |
690 | trustgroup *tg = NULL; | |
691 | char *name, *comment; | |
692 | ||
693 | if(cargc < 2) | |
694 | return CMD_USAGE; | |
695 | ||
696 | name = cargv[0]; | |
697 | comment = cargv[1]; | |
698 | ||
1a760647 GB |
699 | if(strlen(comment)>TRUSTLOGLEN) { |
700 | controlreply(sender, "Your comment is too long (max: %d characters).", TRUSTLOGLEN); | |
701 | return CMD_OK; | |
702 | } | |
703 | ||
01bd21d3 GB |
704 | tg = tg_strtotg(name); |
705 | ||
706 | if(!tg) { | |
707 | controlreply(sender, "Invalid trust group name or ID."); | |
708 | return CMD_OK; | |
709 | } | |
710 | ||
1a760647 | 711 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTCOMMENT'ed group '%s': %s", controlid(sender), tg->name->content, comment); |
7db61652 | 712 | trustlog(tg, sender->authname, "Comment: %s", comment); |
01bd21d3 GB |
713 | |
714 | return CMD_OK; | |
715 | } | |
716 | ||
caf2d02a GB |
717 | static void cleanuptrusts(void *arg); |
718 | ||
719 | static int trusts_cmdtrustcleanup(void *source, int cargc, char **cargv) { | |
720 | cleanuptrusts(source); | |
721 | ||
722 | controlreply(source, "Done."); | |
723 | ||
724 | return CMD_OK; | |
725 | } | |
726 | ||
01bd21d3 | 727 | |
35449aa5 CP |
728 | static int commandsregistered; |
729 | ||
730 | static void registercommands(int hooknum, void *arg) { | |
f6ecfee9 GB |
731 | static char tgmhelp[512], thmhelp[512]; |
732 | char validfields[512]; | |
733 | StringBuf b; | |
734 | int i; | |
735 | ||
35449aa5 CP |
736 | if(commandsregistered) |
737 | return; | |
738 | commandsregistered = 1; | |
739 | ||
a825c59a | 740 | registercontrolhelpcmd("trustgroupadd", NO_OPER, 6, trusts_cmdtrustgroupadd, "Usage: trustgroupadd <name> <howmany> <maxperident> <enforceident> <contact> ?comment?"); |
35449aa5 | 741 | registercontrolhelpcmd("trustadd", NO_OPER, 2, trusts_cmdtrustadd, "Usage: trustadd <#id|name|id> <host>"); |
2ab0a1e7 CP |
742 | registercontrolhelpcmd("trustgroupdel", NO_OPER, 1, trusts_cmdtrustgroupdel, "Usage: trustgroupdel <#id|name|id>"); |
743 | registercontrolhelpcmd("trustdel", NO_OPER, 2, trusts_cmdtrustdel, "Usage: trustdel <#id|name|id> <ip/mask>"); | |
f6ecfee9 GB |
744 | |
745 | sbinit(&b, validfields, sizeof(validfields)); | |
746 | for(i=0;i<trustgroupmods_a.cursi;i++) { | |
747 | if(i > 0) | |
748 | sbaddstr(&b, ", "); | |
749 | sbaddstr(&b, trustgroupmods[i].name); | |
750 | } | |
751 | sbterminate(&b); | |
752 | ||
753 | snprintf(tgmhelp, sizeof(tgmhelp), "Usage: trustgroupmodify <#id|name|id> <field> <new value>\nModifies a trust group.\nValid fields: %s", validfields); | |
754 | registercontrolhelpcmd("trustgroupmodify", NO_OPER, 3, trusts_cmdtrustgroupmodify, tgmhelp); | |
755 | ||
756 | sbinit(&b, validfields, sizeof(validfields)); | |
757 | for(i=0;i<trusthostmods_a.cursi;i++) { | |
758 | if(i > 0) | |
759 | sbaddstr(&b, ", "); | |
760 | sbaddstr(&b, trusthostmods[i].name); | |
761 | } | |
762 | sbterminate(&b); | |
763 | ||
764 | snprintf(thmhelp, sizeof(thmhelp), "Usage: trusthostmodify <#id|name|id> <host> <field> <new value>\nModifies a trust host\nValid fields: %s", validfields); | |
765 | registercontrolhelpcmd("trusthostmodify", NO_OPER, 4, trusts_cmdtrusthostmodify, thmhelp); | |
766 | ||
e5c0bccf | 767 | registercontrolhelpcmd("trustlog", NO_OPER, 2, trusts_cmdtrustlog, "Usage: trustlog <#id|name> ?limit?\nShows log for the specified trust group."); |
35c3513c | 768 | registercontrolhelpcmd("trustloggrep", NO_OPER, 2, trusts_cmdtrustloggrep, "Usage trustloggrep <pattern> ?limit?\nShows maching log entries."); |
01bd21d3 | 769 | registercontrolhelpcmd("trustcomment", NO_OPER, 2, trusts_cmdtrustcomment, "Usage: trustcomment <#id|name> <comment>\nLogs a comment for a trust."); |
caf2d02a | 770 | registercontrolhelpcmd("trustcleanup", NO_DEVELOPER, 0, trusts_cmdtrustcleanup, "Usage: trustcleanup\nCleans up unused trusts."); |
35449aa5 CP |
771 | } |
772 | ||
773 | static void deregistercommands(int hooknum, void *arg) { | |
774 | if(!commandsregistered) | |
775 | return; | |
776 | commandsregistered = 0; | |
777 | ||
778 | deregistercontrolcmd("trustgroupadd", trusts_cmdtrustgroupadd); | |
779 | deregistercontrolcmd("trustadd", trusts_cmdtrustadd); | |
2ab0a1e7 CP |
780 | deregistercontrolcmd("trustgroupdel", trusts_cmdtrustgroupdel); |
781 | deregistercontrolcmd("trustdel", trusts_cmdtrustdel); | |
782 | deregistercontrolcmd("trustgroupmodify", trusts_cmdtrustgroupmodify); | |
c1da06f9 | 783 | deregistercontrolcmd("trusthostmodify", trusts_cmdtrusthostmodify); |
e5c0bccf | 784 | deregistercontrolcmd("trustlog", trusts_cmdtrustlog); |
01bd21d3 GB |
785 | deregistercontrolcmd("trustloggrep", trusts_cmdtrustloggrep); |
786 | deregistercontrolcmd("trustcomment", trusts_cmdtrustcomment); | |
caf2d02a | 787 | deregistercontrolcmd("trustcleanup", trusts_cmdtrustcleanup); |
35449aa5 CP |
788 | } |
789 | ||
82a316e7 CP |
790 | static int loaded; |
791 | ||
1d9ccd69 | 792 | #define _ms_(x) (struct trustmodification){ .name = # x, .fn = modify ## x } |
c1da06f9 GB |
793 | #define MSGROUP(x) { int slot = array_getfreeslot(&trustgroupmods_a); trustgroupmods = (struct trustmodification *)trustgroupmods_a.content; memcpy(&trustgroupmods[slot], &_ms_(x), sizeof(struct trustmodification)); } |
794 | #define MSHOST(x) { int slot = array_getfreeslot(&trusthostmods_a); trusthostmods = (struct trustmodification *)trusthostmods_a.content; memcpy(&trusthostmods[slot], &_ms_(x), sizeof(struct trustmodification)); } | |
1d9ccd69 CP |
795 | |
796 | static void setupmods(void) { | |
c1da06f9 GB |
797 | MSGROUP(expires); |
798 | MSGROUP(enforceident); | |
6ba5f655 | 799 | MSGROUP(reliableusername); |
c1da06f9 GB |
800 | MSGROUP(maxperident); |
801 | MSGROUP(contact); | |
802 | MSGROUP(comment); | |
803 | MSGROUP(trustedfor); | |
de723023 | 804 | MSGROUP(cleanup); |
e40626f0 | 805 | MSGROUP(protected); |
c1da06f9 GB |
806 | |
807 | MSHOST(maxpernode); | |
808 | MSHOST(nodebits); | |
1d9ccd69 CP |
809 | } |
810 | ||
caf2d02a GB |
811 | static int cleanuptrusts_active; |
812 | ||
813 | static void cleanuptrusts(void *arg) { | |
814 | unsigned int now, to_age; | |
815 | nick *np = (nick *)arg; | |
816 | trustgroup *tg; | |
817 | trusthost *th; | |
818 | int thcount = 0, tgcount = 0; | |
819 | int i; | |
820 | array expiredths, expiredtgs; | |
821 | ||
acd5f58f | 822 | now = getnettime(); |
caf2d02a GB |
823 | to_age = now - (CLEANUP_TH_INACTIVE * 3600 * 24); |
824 | ||
825 | if(np) { | |
826 | controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: Manually started by %s.", np->nick); | |
827 | } else { | |
828 | controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: Automatically started."); | |
829 | } | |
830 | ||
831 | if (cleanuptrusts_active) { | |
832 | controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: ABORTED! Cleanup already in progress! BUG BUG BUG!"); | |
833 | return; | |
834 | } | |
835 | ||
836 | cleanuptrusts_active=1; | |
837 | ||
838 | array_init(&expiredtgs, sizeof(trustgroup *)); | |
839 | ||
840 | for(tg=tglist;tg;tg=tg->next) { | |
841 | array_init(&expiredths, sizeof(trusthost *)); | |
842 | ||
de723023 GB |
843 | if(tg->flags & TRUST_NO_CLEANUP) |
844 | continue; | |
845 | ||
caf2d02a GB |
846 | for(th=tg->hosts;th;th=th->next) { |
847 | if((th->count == 0 && th->created < to_age && th->lastseen < to_age) || (tg->expires && tg->expires < now)) { | |
848 | int pos = array_getfreeslot(&expiredths); | |
849 | ((trusthost **)(expiredths.content))[pos] = th; | |
850 | } | |
851 | } | |
852 | ||
853 | for(i=0;i<expiredths.cursi;i++) { | |
4dcce883 | 854 | const char *cidrstr; |
caf2d02a GB |
855 | |
856 | th = ((trusthost **)(expiredths.content))[i]; | |
857 | triggerhook(HOOK_TRUSTS_DELHOST, th); | |
caf2d02a | 858 | |
3898f973 | 859 | cidrstr = CIDRtostr(th->ip, th->bits); |
caf2d02a GB |
860 | trustlog(tg, "cleanuptrusts", "Removed host '%s' because it was unused for %d days.", cidrstr, CLEANUP_TH_INACTIVE); |
861 | ||
3898f973 GB |
862 | th_delete(th); |
863 | ||
caf2d02a GB |
864 | thcount++; |
865 | } | |
866 | ||
867 | if(!tg->hosts) { | |
868 | int pos = array_getfreeslot(&expiredtgs); | |
869 | ((trustgroup **)(expiredtgs.content))[pos] = tg; | |
870 | } | |
871 | } | |
872 | ||
873 | for(i=0;i<expiredtgs.cursi;i++) { | |
874 | tg = ((trustgroup **)(expiredtgs.content))[i]; | |
875 | triggerhook(HOOK_TRUSTS_DELGROUP, tg); | |
876 | trustlog(tg, "cleanuptrusts", "Deleted group '%s' because it had no hosts left.", tg->name->content); | |
877 | tg_delete(tg); | |
878 | tgcount++; | |
879 | } | |
880 | ||
d601b830 | 881 | controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: Removed %d trust hosts (inactive for %d days) and %d empty trust groups.", thcount, CLEANUP_TH_INACTIVE, tgcount); |
caf2d02a GB |
882 | |
883 | cleanuptrusts_active=0; | |
884 | } | |
885 | ||
886 | static void schedulecleanup(int hooknum, void *arg) { | |
887 | /* run at 1am but only if we're more than 15m away from it, otherwise run tomorrow */ | |
888 | ||
889 | time_t t = time(NULL); | |
890 | time_t next_run = ((t / 86400) * 86400 + 86400) + 3600; | |
891 | if(next_run - t < 900) | |
892 | next_run+=86400; | |
893 | ||
894 | schedulerecurring(next_run,0,86400,cleanuptrusts,NULL); | |
895 | } | |
896 | ||
35449aa5 | 897 | void _init(void) { |
82a316e7 CP |
898 | sstring *m; |
899 | ||
c1da06f9 GB |
900 | array_init(&trustgroupmods_a, sizeof(struct trustmodification)); |
901 | array_init(&trusthostmods_a, sizeof(struct trustmodification)); | |
1d9ccd69 CP |
902 | setupmods(); |
903 | ||
82a316e7 CP |
904 | m = getconfigitem("trusts", "master"); |
905 | if(!m || (atoi(m->content) != 1)) { | |
906 | Error("trusts_management", ERR_ERROR, "Not a master server, not loaded."); | |
907 | return; | |
908 | } | |
909 | ||
910 | loaded = 1; | |
911 | ||
35449aa5 | 912 | registerhook(HOOK_TRUSTS_DB_LOADED, registercommands); |
caf2d02a | 913 | registerhook(HOOK_TRUSTS_DB_LOADED, schedulecleanup); |
35449aa5 CP |
914 | registerhook(HOOK_TRUSTS_DB_CLOSED, deregistercommands); |
915 | ||
916 | if(trustsdbloaded) | |
917 | registercommands(0, NULL); | |
918 | } | |
919 | ||
920 | void _fini(void) { | |
c1da06f9 GB |
921 | array_free(&trustgroupmods_a); |
922 | array_free(&trusthostmods_a); | |
1d9ccd69 | 923 | |
82a316e7 CP |
924 | if(!loaded) |
925 | return; | |
926 | ||
35449aa5 CP |
927 | deregisterhook(HOOK_TRUSTS_DB_LOADED, registercommands); |
928 | deregisterhook(HOOK_TRUSTS_DB_CLOSED, deregistercommands); | |
929 | ||
930 | deregistercommands(0, NULL); | |
caf2d02a GB |
931 | |
932 | deleteallschedules(cleanuptrusts); | |
35449aa5 | 933 | } |