]>
Commit | Line | Data |
---|---|---|
35449aa5 CP |
1 | #include <stdio.h> |
2 | #include <string.h> | |
3 | #include "../control/control.h" | |
c4610da5 | 4 | #include "../lib/version.h" |
35449aa5 CP |
5 | #include "../lib/irc_string.h" |
6 | #include "../lib/strlfunc.h" | |
82a316e7 | 7 | #include "../core/config.h" |
caf2d02a | 8 | #include "../core/schedule.h" |
acd5f58f | 9 | #include "../irc/irc.h" |
2ab0a1e7 | 10 | #include "../lib/stringbuf.h" |
4a5ce902 GB |
11 | #include "../noperserv/noperserv.h" |
12 | #include "../noperserv/noperserv_policy.h" | |
35449aa5 CP |
13 | #include "trusts.h" |
14 | ||
c4610da5 GB |
15 | MODULE_VERSION(""); |
16 | ||
35449aa5 CP |
17 | static void registercommands(int, void *); |
18 | static void deregistercommands(int, void *); | |
19 | ||
e40626f0 | 20 | typedef int (*trustmodificationfn)(void *, char *arg, nick *, int); |
2ab0a1e7 CP |
21 | |
22 | struct trustmodification { | |
1d9ccd69 | 23 | char name[50]; |
2ab0a1e7 CP |
24 | trustmodificationfn fn; |
25 | }; | |
26 | ||
35449aa5 CP |
27 | static int trusts_cmdtrustadd(void *source, int cargc, char **cargv) { |
28 | trustgroup *tg; | |
29 | nick *sender = source; | |
30 | char *host; | |
6e6e98da GB |
31 | struct irc_in_addr ip; |
32 | unsigned char bits; | |
35449aa5 CP |
33 | trusthost *th, *superset, *subset; |
34 | ||
35 | if(cargc < 2) | |
36 | return CMD_USAGE; | |
37 | ||
38 | tg = tg_strtotg(cargv[0]); | |
39 | if(!tg) { | |
40 | controlreply(sender, "Couldn't look up trustgroup."); | |
41 | return CMD_ERROR; | |
42 | } | |
43 | ||
44 | host = cargv[1]; | |
6e6e98da | 45 | if(!ipmask_parse(host, &ip, &bits)) { |
35449aa5 CP |
46 | controlreply(sender, "Invalid host."); |
47 | return CMD_ERROR; | |
48 | } | |
49 | ||
3821b43e GB |
50 | if(!is_normalized_ipmask(&ip, bits)) { |
51 | controlreply(sender, "Invalid IP Mask."); | |
52 | return CMD_ERROR; | |
53 | } | |
54 | ||
e40626f0 GB |
55 | /* Don't allow non-developers to add trusts for large subnets or modify protected groups. */ |
56 | if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) { | |
57 | int minbits = irc_in_addr_is_ipv4(&ip)?TRUST_MIN_UNPRIVILEGED_BITS_IPV4:TRUST_MIN_UNPRIVILEGED_BITS_IPV6; | |
58 | if(bits < minbits) { | |
d6ff6878 | 59 | controlreply(sender, "You don't have the necessary privileges to add a subnet larger than /%d.", irc_bitlen(&ip, minbits)); |
e40626f0 GB |
60 | return CMD_ERROR; |
61 | } | |
62 | ||
63 | if(tg->flags & TRUST_PROTECTED) { | |
64 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
65 | return CMD_ERROR; | |
66 | } | |
67 | } | |
68 | ||
35449aa5 CP |
69 | /* OKAY! Lots of checking here! |
70 | * | |
71 | * Need to check: | |
72 | * - host isn't already covered by given group (reject if it is) | |
73 | * - host doesn't already exist exactly already (reject if it does) | |
74 | * - host is more specific than an existing one (warn if it is, fix up later) | |
75 | * - host is less specific than an existing one (warn if it is, don't need to do anything special) | |
76 | */ | |
77 | ||
78 | for(th=tg->hosts;th;th=th->next) { | |
6e6e98da | 79 | if(ipmask_check(&ip, &th->ip, th->bits)) { |
35449aa5 CP |
80 | controlreply(sender, "This host (or part of it) is already covered in the given group."); |
81 | return CMD_ERROR; | |
82 | } | |
83 | } | |
84 | ||
6e6e98da | 85 | if(th_getbyhostandmask(&ip, bits)) { |
35449aa5 CP |
86 | controlreply(sender, "This host already exists in another group with the same mask."); |
87 | return CMD_ERROR; | |
88 | } | |
89 | ||
90 | /* this function will set both to NULL if it's equal, hence the check above */ | |
6e6e98da | 91 | th_getsuperandsubsets(&ip, bits, &superset, &subset); |
35449aa5 CP |
92 | if(superset) { |
93 | /* a superset exists for us, we will be more specific than one existing host */ | |
94 | ||
f6944d47 | 95 | controlreply(sender, "Note: This host already exists in another group, but this new host will override it as it has a smaller prefix."); |
35449aa5 CP |
96 | } |
97 | if(subset) { | |
98 | /* a subset of us exists, we will be less specific than some existing hosts */ | |
99 | ||
f6944d47 | 100 | controlreply(sender, "Note: This host already exists in at least one other group, the new host has a larger prefix and therefore will not override those hosts."); |
35449aa5 | 101 | } |
35449aa5 CP |
102 | |
103 | th = th_new(tg, host); | |
104 | if(!th) { | |
105 | controlreply(sender, "An error occured adding the host to the group."); | |
106 | return CMD_ERROR; | |
107 | } | |
108 | ||
109 | controlreply(sender, "Host added."); | |
82a316e7 CP |
110 | triggerhook(HOOK_TRUSTS_ADDHOST, th); |
111 | ||
7e11a2c6 | 112 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTADD'ed host %s to group '%s'", controlid(sender), host, th->group->name->content); |
7db61652 | 113 | trustlog(tg, sender->authname, "Added host '%s'.", host); |
35449aa5 CP |
114 | |
115 | return CMD_OK; | |
116 | } | |
117 | ||
118 | static int trusts_cmdtrustgroupadd(void *source, int cargc, char **cargv) { | |
119 | nick *sender = source; | |
120 | char *name, *contact, *comment, createdby[ACCOUNTLEN + 2]; | |
6e1fa89e | 121 | long howmany, maxperident, enforceident; |
82a316e7 | 122 | trustgroup *tg, itg; |
3a8c35c9 | 123 | int override, flags; |
35449aa5 | 124 | |
3b09e86f | 125 | if(cargc < 5) |
35449aa5 CP |
126 | return CMD_USAGE; |
127 | ||
1c732bec GB |
128 | override = noperserv_policy_command_permitted(NO_DEVELOPER, sender); |
129 | ||
35449aa5 | 130 | name = cargv[0]; |
6e1fa89e | 131 | howmany = strtol(cargv[1], NULL, 10); |
1c732bec | 132 | if(!override && (!howmany || (howmany > MAXTRUSTEDFOR))) { |
35449aa5 CP |
133 | controlreply(sender, "Bad value maximum number of clients."); |
134 | return CMD_ERROR; | |
135 | } | |
136 | ||
6e1fa89e | 137 | maxperident = strtol(cargv[2], NULL, 10); |
1c732bec | 138 | if(maxperident < 0 || (maxperident > MAXPERIDENT)) { |
35449aa5 CP |
139 | controlreply(sender, "Bad value for max per ident."); |
140 | return CMD_ERROR; | |
141 | } | |
142 | ||
06d01a20 | 143 | if(cargv[3][0] != '1' && cargv[3][0] != '0') { |
35449aa5 CP |
144 | controlreply(sender, "Bad value for enforce ident (use 0 or 1)."); |
145 | return CMD_ERROR; | |
146 | } | |
a350e502 | 147 | enforceident = cargv[3][0] == '1'; |
35449aa5 | 148 | |
a350e502 | 149 | contact = cargv[4]; |
35449aa5 | 150 | |
a350e502 | 151 | if(cargc < 6) { |
35449aa5 CP |
152 | comment = "(no comment)"; |
153 | } else { | |
a350e502 | 154 | comment = cargv[5]; |
35449aa5 CP |
155 | } |
156 | ||
157 | /* don't allow #id or id forms */ | |
6e1fa89e | 158 | if((name[0] == '#') || strtol(name, NULL, 10)) { |
35449aa5 CP |
159 | controlreply(sender, "Invalid trustgroup name."); |
160 | return CMD_ERROR; | |
161 | } | |
162 | ||
163 | tg = tg_strtotg(name); | |
164 | if(tg) { | |
e40626f0 | 165 | controlreply(sender, "A group with that name already exists."); |
35449aa5 CP |
166 | return CMD_ERROR; |
167 | } | |
168 | ||
169 | snprintf(createdby, sizeof(createdby), "#%s", sender->authname); | |
170 | ||
3a8c35c9 GB |
171 | flags = 0; |
172 | ||
173 | if(maxperident > 0) | |
174 | flags |= TRUST_RELIABLE_USERNAME; | |
175 | ||
176 | if(enforceident) | |
177 | flags |= TRUST_ENFORCE_IDENT; | |
178 | ||
82a316e7 | 179 | itg.trustedfor = howmany; |
3a8c35c9 | 180 | itg.flags = flags; |
82a316e7 | 181 | itg.maxperident = maxperident; |
3b09e86f | 182 | itg.expires = 0; |
1f685425 | 183 | itg.createdby = getsstring(createdby, CREATEDBYLEN); |
82a316e7 CP |
184 | itg.contact = getsstring(contact, CONTACTLEN); |
185 | itg.comment = getsstring(comment, COMMENTLEN); | |
186 | itg.name = getsstring(name, TRUSTNAMELEN); | |
187 | ||
188 | if(itg.createdby && itg.contact && itg.comment && itg.name) { | |
189 | tg = tg_new(&itg); | |
190 | } else { | |
191 | tg = NULL; | |
192 | } | |
193 | ||
194 | freesstring(itg.createdby); | |
195 | freesstring(itg.comment); | |
196 | freesstring(itg.name); | |
197 | freesstring(itg.contact); | |
198 | ||
35449aa5 CP |
199 | if(!tg) { |
200 | controlreply(sender, "An error occured adding the trustgroup."); | |
201 | return CMD_ERROR; | |
202 | } | |
203 | ||
204 | controlreply(sender, "Group added."); | |
82a316e7 CP |
205 | triggerhook(HOOK_TRUSTS_ADDGROUP, tg); |
206 | ||
7e11a2c6 | 207 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTGROUPADD'ed '%s'", controlid(sender), tg->name->content); |
7db61652 | 208 | trustlog(tg, sender->authname, "Created trust group '%s' (ID #%d): howmany=%d, enforceident=%d, maxperident=%d, " |
3b09e86f GB |
209 | "createdby=%s, contact=%s, comment=%s", |
210 | tg->name->content, howmany, tg->id, enforceident, maxperident, createdby, contact, comment); | |
35449aa5 CP |
211 | |
212 | return CMD_OK; | |
213 | } | |
214 | ||
2ab0a1e7 CP |
215 | static int trusts_cmdtrustgroupdel(void *source, int cargc, char **cargv) { |
216 | trustgroup *tg; | |
217 | nick *sender = source; | |
218 | ||
219 | if(cargc < 1) | |
220 | return CMD_USAGE; | |
221 | ||
222 | tg = tg_strtotg(cargv[0]); | |
223 | if(!tg) { | |
224 | controlreply(sender, "Couldn't look up trustgroup."); | |
225 | return CMD_ERROR; | |
226 | } | |
227 | ||
e40626f0 GB |
228 | /* Don't allow non-developers to delete protected groups. */ |
229 | if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) { | |
230 | if(tg->flags & TRUST_PROTECTED) { | |
231 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
232 | return CMD_ERROR; | |
233 | } | |
234 | } | |
235 | ||
2ab0a1e7 CP |
236 | if(tg->hosts) { |
237 | controlreply(sender, "Delete all hosts before deleting the group."); | |
238 | return CMD_ERROR; | |
239 | } | |
240 | ||
7e11a2c6 | 241 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTGROUPDEL'ed '%s'.", controlid(sender), tg->name->content); |
7db61652 | 242 | trustlog(tg, sender->authname, "Deleted group '%s'.", tg->name->content); |
7e11a2c6 | 243 | |
2ab0a1e7 CP |
244 | triggerhook(HOOK_TRUSTS_DELGROUP, tg); |
245 | tg_delete(tg); | |
246 | controlreply(sender, "Group deleted."); | |
247 | ||
2ab0a1e7 CP |
248 | return CMD_OK; |
249 | } | |
250 | ||
251 | static int trusts_cmdtrustdel(void *source, int cargc, char **cargv) { | |
252 | trustgroup *tg; | |
253 | trusthost *th; | |
6e6e98da GB |
254 | struct irc_in_addr ip; |
255 | unsigned char bits; | |
2ab0a1e7 | 256 | nick *sender = source; |
7e11a2c6 | 257 | char *host; |
2ab0a1e7 CP |
258 | |
259 | if(cargc < 2) | |
260 | return CMD_USAGE; | |
261 | ||
262 | tg = tg_strtotg(cargv[0]); | |
263 | if(!tg) { | |
264 | controlreply(sender, "Couldn't look up trustgroup."); | |
265 | return CMD_ERROR; | |
266 | } | |
267 | ||
7e11a2c6 | 268 | host = cargv[1]; |
6e6e98da | 269 | if(!ipmask_parse(host, &ip, &bits)) { |
2ab0a1e7 CP |
270 | controlreply(sender, "Invalid IP/mask."); |
271 | return CMD_ERROR; | |
272 | } | |
273 | ||
e40626f0 GB |
274 | /* Don't allow non-developers to remove trusts for large subnets or modify protected groups. */ |
275 | if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) { | |
276 | int minbits = irc_in_addr_is_ipv4(&ip)?TRUST_MIN_UNPRIVILEGED_BITS_IPV4:TRUST_MIN_UNPRIVILEGED_BITS_IPV6; | |
277 | if(bits < minbits) { | |
d6ff6878 | 278 | controlreply(sender, "You don't have the necessary privileges to remove a subnet larger than /%d.", irc_bitlen(&ip, minbits)); |
e40626f0 GB |
279 | return CMD_ERROR; |
280 | } | |
281 | ||
282 | if(tg->flags & TRUST_PROTECTED) { | |
283 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
284 | return CMD_ERROR; | |
285 | } | |
286 | } | |
287 | ||
2ab0a1e7 | 288 | for(th=tg->hosts;th;th=th->next) |
6e6e98da | 289 | if(ipmask_check(&ip, &th->ip, th->bits) && th->bits == bits) |
2ab0a1e7 CP |
290 | break; |
291 | ||
292 | if(!th) { | |
293 | controlreply(sender, "Couldn't find that host in that group."); | |
294 | return CMD_ERROR; | |
295 | } | |
296 | ||
297 | triggerhook(HOOK_TRUSTS_DELHOST, th); | |
298 | th_delete(th); | |
299 | controlreply(sender, "Host deleted."); | |
300 | ||
7e11a2c6 | 301 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTDEL'ed %s from group '%s'.", controlid(sender), host, tg->name->content); |
7db61652 | 302 | trustlog(tg, sender->authname, "Removed host '%s'.", host); |
2ab0a1e7 | 303 | |
7e11a2c6 | 304 | return CMD_OK; |
2ab0a1e7 CP |
305 | } |
306 | ||
e40626f0 | 307 | static int modifycomment(void *arg, char *comment, nick *source, int override) { |
c1da06f9 | 308 | trustgroup *tg = arg; |
2ab0a1e7 CP |
309 | sstring *n = getsstring(comment, COMMENTLEN); |
310 | if(!n) | |
311 | return 0; | |
312 | ||
313 | freesstring(tg->comment); | |
314 | tg->comment = n; | |
315 | ||
316 | return 1; | |
317 | } | |
318 | ||
e40626f0 | 319 | static int modifycontact(void *arg, char *contact, nick *source, int override) { |
c1da06f9 | 320 | trustgroup *tg = arg; |
2ab0a1e7 CP |
321 | sstring *n = getsstring(contact, CONTACTLEN); |
322 | if(!n) | |
323 | return 0; | |
324 | ||
325 | freesstring(tg->contact); | |
326 | tg->contact = n; | |
327 | ||
328 | return 1; | |
329 | } | |
330 | ||
e40626f0 | 331 | static int modifytrustedfor(void *arg, char *num, nick *source, int override) { |
c1da06f9 | 332 | trustgroup *tg = arg; |
6e1fa89e | 333 | long trustedfor = strtol(num, NULL, 10); |
2ab0a1e7 | 334 | |
e40626f0 GB |
335 | if(trustedfor < 0) { |
336 | controlreply(source, "The clone limit must not be negative."); | |
2ab0a1e7 | 337 | return 0; |
e40626f0 GB |
338 | } |
339 | ||
340 | if(!override) { | |
341 | if (trustedfor == 0) { | |
342 | controlreply(source, "You don't have the necessary privileges to set an unlimited clone limit."); | |
343 | return 0; | |
344 | } | |
345 | ||
346 | if (trustedfor > MAXTRUSTEDFOR) { | |
347 | controlreply(source, "You don't have the necessary privileges to set the clone limit to a value higher than %d.", MAXTRUSTEDFOR); | |
348 | return 0; | |
349 | } | |
350 | } | |
2ab0a1e7 CP |
351 | |
352 | tg->trustedfor = trustedfor; | |
353 | ||
354 | return 1; | |
355 | } | |
356 | ||
e40626f0 | 357 | static int modifymaxperident(void *arg, char *num, nick *source, int override) { |
c1da06f9 | 358 | trustgroup *tg = arg; |
6e1fa89e | 359 | long maxperident = strtol(num, NULL, 10); |
2ab0a1e7 | 360 | |
e40626f0 GB |
361 | if(maxperident < 0) { |
362 | controlreply(source, "Ident limit must not be negative."); | |
2ab0a1e7 | 363 | return 0; |
e40626f0 GB |
364 | } |
365 | ||
366 | if(maxperident > MAXPERIDENT) { | |
367 | controlreply(source, "Ident limit must not be higher than %d. Consider setting it to 0 (unlimited) instead.", MAXPERIDENT); | |
368 | return 0; | |
369 | } | |
2ab0a1e7 | 370 | |
1f685425 | 371 | tg->maxperident = maxperident; |
2ab0a1e7 CP |
372 | |
373 | return 1; | |
374 | } | |
375 | ||
e40626f0 | 376 | static int modifyenforceident(void *arg, char *num, nick *source, int override) { |
c1da06f9 GB |
377 | trustgroup *tg = arg; |
378 | ||
2ab0a1e7 | 379 | if(num[0] == '1') { |
de723023 | 380 | tg->flags |= TRUST_ENFORCE_IDENT; |
2ab0a1e7 | 381 | } else if(num[0] == '0') { |
de723023 | 382 | tg->flags &= ~TRUST_ENFORCE_IDENT; |
2ab0a1e7 CP |
383 | } else { |
384 | return 0; | |
385 | } | |
386 | ||
387 | return 1; | |
388 | } | |
389 | ||
6ba5f655 GB |
390 | static int modifyreliableusername(void *arg, char *num, nick *source, int override) { |
391 | trustgroup *tg = arg; | |
392 | ||
393 | if(num[0] == '1') { | |
394 | tg->flags |= TRUST_RELIABLE_USERNAME; | |
395 | } else if(num[0] == '0') { | |
396 | tg->flags &= ~TRUST_RELIABLE_USERNAME; | |
397 | } else { | |
398 | return 0; | |
399 | } | |
400 | ||
401 | return 1; | |
402 | } | |
403 | ||
e40626f0 | 404 | static int modifyexpires(void *arg, char *expires, nick *source, int override) { |
c1da06f9 | 405 | trustgroup *tg = arg; |
2ab0a1e7 CP |
406 | int howlong = durationtolong(expires); |
407 | ||
1a760647 GB |
408 | if((howlong < 0) || (howlong > MAXDURATION)) { |
409 | controlreply(source, "Duration cannot be negative or greater than %s (use 0 instead if you don't want the group to expire).", longtoduration(MAXDURATION, 0)); | |
2ab0a1e7 | 410 | return 0; |
1a760647 | 411 | } |
2ab0a1e7 | 412 | |
ad3fd5ee | 413 | if(howlong) |
acd5f58f | 414 | tg->expires = getnettime() + howlong; |
ad3fd5ee GB |
415 | else |
416 | tg->expires = 0; /* never */ | |
2ab0a1e7 CP |
417 | |
418 | return 1; | |
419 | } | |
420 | ||
e40626f0 | 421 | static int modifycleanup(void *arg, char *num, nick *source, int override) { |
de723023 GB |
422 | trustgroup *tg = arg; |
423 | ||
b657ac19 GB |
424 | if(!override) { |
425 | controlreply(source, "You don't have the necessary privileges to modify this attribute."); | |
e40626f0 | 426 | return 0; |
b657ac19 | 427 | } |
e40626f0 | 428 | |
de723023 GB |
429 | if(num[0] == '1') { |
430 | tg->flags &= ~TRUST_NO_CLEANUP; | |
431 | } else if(num[0] == '0') { | |
432 | tg->flags |= TRUST_NO_CLEANUP; | |
433 | } else { | |
434 | return 0; | |
435 | } | |
436 | ||
437 | return 1; | |
438 | } | |
439 | ||
e40626f0 GB |
440 | static int modifyprotected(void *arg, char *num, nick *source, int override) { |
441 | trustgroup *tg = arg; | |
442 | ||
443 | if(!override) { | |
444 | controlreply(source, "You don't have the necessary privileges to modify this attribute."); | |
445 | return 0; | |
446 | } | |
447 | ||
448 | if(num[0] == '1') { | |
449 | tg->flags |= TRUST_PROTECTED; | |
450 | } else if(num[0] == '0') { | |
451 | tg->flags &= ~TRUST_PROTECTED; | |
452 | } else { | |
453 | return 0; | |
454 | } | |
455 | ||
456 | return 1; | |
457 | } | |
458 | ||
459 | static int modifymaxpernode(void *arg, char *num, nick *source, int override) { | |
c1da06f9 GB |
460 | trusthost *th = arg; |
461 | int maxpernode = strtol(num, NULL, 10); | |
e40626f0 GB |
462 | |
463 | if(maxpernode < 0) { | |
464 | controlreply(source, "Node limit must not be negative."); | |
465 | return 0; | |
466 | } | |
467 | ||
468 | if(maxpernode>MAXPERNODE) { | |
469 | controlreply(source, "Node limit must not be higher than %d. Consider setting it to 0 (unlimited) instead.", MAXPERNODE); | |
c1da06f9 | 470 | return 0; |
e40626f0 GB |
471 | } |
472 | ||
c1da06f9 GB |
473 | th->maxpernode = maxpernode; |
474 | ||
475 | return 1; | |
476 | } | |
477 | ||
e40626f0 | 478 | static int modifynodebits(void *arg, char *num, nick *source, int override) { |
c1da06f9 GB |
479 | trusthost *th = arg; |
480 | int nodebits = strtol(num, NULL, 10); | |
481 | ||
e40626f0 GB |
482 | if(nodebits < 0) { |
483 | controlreply(source, "Node bits must not be negative."); | |
c1da06f9 | 484 | return 0; |
e40626f0 GB |
485 | } |
486 | ||
1a760647 GB |
487 | if(irc_in_addr_is_ipv4(&th->ip)) |
488 | nodebits += 96; | |
489 | ||
e40626f0 GB |
490 | if(!override) { |
491 | int minbits = irc_in_addr_is_ipv4(&th->ip)?TRUST_MIN_UNPRIVILEGED_NODEBITS_IPV4:TRUST_MIN_UNPRIVILEGED_NODEBITS_IPV6; | |
492 | ||
493 | if(nodebits < minbits) { | |
d6ff6878 | 494 | controlreply(source, "You don't have the necessary privileges to set node bits to a subnet larger than /%d.", irc_bitlen(&th->ip, minbits)); |
e40626f0 GB |
495 | return 0; |
496 | } | |
497 | } | |
c1da06f9 | 498 | |
e40626f0 | 499 | if(nodebits<th->bits) { |
1a760647 | 500 | controlreply(source, "Node bits must be smaller or equal to the trusted CIDR's subnet size."); |
80cf3d8e | 501 | return 0; |
e40626f0 | 502 | } |
80cf3d8e | 503 | |
c1da06f9 GB |
504 | th->nodebits = nodebits; |
505 | ||
506 | return 1; | |
507 | } | |
508 | ||
509 | static array trustgroupmods_a; | |
510 | static struct trustmodification *trustgroupmods; | |
511 | static array trusthostmods_a; | |
512 | static struct trustmodification *trusthostmods; | |
2ab0a1e7 CP |
513 | |
514 | static int trusts_cmdtrustgroupmodify(void *source, int cargc, char **cargv) { | |
515 | trustgroup *tg; | |
516 | nick *sender = source; | |
517 | char *what, *to, validfields[512]; | |
4a5ce902 | 518 | int i, override; |
2ab0a1e7 | 519 | StringBuf b; |
2ab0a1e7 CP |
520 | |
521 | if(cargc < 3) | |
522 | return CMD_USAGE; | |
523 | ||
524 | tg = tg_strtotg(cargv[0]); | |
525 | if(!tg) { | |
526 | controlreply(sender, "Couldn't look up trustgroup."); | |
527 | return CMD_ERROR; | |
528 | } | |
529 | ||
530 | what = cargv[1]; | |
531 | to = cargv[2]; | |
532 | ||
4a5ce902 GB |
533 | override = noperserv_policy_command_permitted(NO_DEVELOPER, sender); |
534 | ||
e40626f0 GB |
535 | /* Don't allow non-developers to modify protected groups. */ |
536 | if (!override && tg->flags & TRUST_PROTECTED) { | |
537 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
538 | return CMD_ERROR; | |
539 | } | |
540 | ||
2ab0a1e7 | 541 | sbinit(&b, validfields, sizeof(validfields)); |
c1da06f9 GB |
542 | for(i=0;i<trustgroupmods_a.cursi;i++) { |
543 | if(!strcmp(what, trustgroupmods[i].name)) { | |
e40626f0 | 544 | if(!(trustgroupmods[i].fn)(tg, to, sender, override)) { |
2ab0a1e7 CP |
545 | controlreply(sender, "An error occured changing that property, check the syntax."); |
546 | return CMD_ERROR; | |
547 | } | |
548 | break; | |
549 | } | |
550 | ||
551 | if(i > 0) | |
552 | sbaddstr(&b, ", "); | |
c1da06f9 | 553 | sbaddstr(&b, trustgroupmods[i].name); |
2ab0a1e7 CP |
554 | } |
555 | ||
c1da06f9 | 556 | if(i == trustgroupmods_a.cursi) { |
2ab0a1e7 CP |
557 | sbterminate(&b); |
558 | controlreply(sender, "No such field, valid fields are: %s", validfields); | |
559 | return CMD_ERROR; | |
560 | } | |
561 | ||
562 | triggerhook(HOOK_TRUSTS_MODIFYGROUP, tg); | |
563 | tg_update(tg); | |
564 | controlreply(sender, "Group modified."); | |
565 | ||
7e11a2c6 | 566 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTMODIFIED'ed group '%s' (field: %s, value: %s)", controlid(sender), tg->name->content, what, to); |
7db61652 | 567 | trustlog(tg, sender->authname, "Modified %s: %s", what, to); |
7e11a2c6 | 568 | |
2ab0a1e7 CP |
569 | return CMD_OK; |
570 | } | |
571 | ||
c1da06f9 GB |
572 | static int trusts_cmdtrusthostmodify(void *source, int cargc, char **cargv) { |
573 | trustgroup *tg; | |
574 | trusthost *th; | |
575 | nick *sender = source; | |
576 | char *what, *to, validfields[512]; | |
4a5ce902 | 577 | int i, override; |
c1da06f9 GB |
578 | StringBuf b; |
579 | struct irc_in_addr ip; | |
580 | unsigned char bits; | |
581 | ||
582 | if(cargc < 4) | |
583 | return CMD_USAGE; | |
584 | ||
585 | tg = tg_strtotg(cargv[0]); | |
586 | if(!tg) { | |
587 | controlreply(sender, "Couldn't look up trustgroup."); | |
588 | return CMD_ERROR; | |
589 | } | |
590 | ||
591 | if(!ipmask_parse(cargv[1], &ip, &bits)) { | |
592 | controlreply(sender, "Invalid host."); | |
593 | return CMD_ERROR; | |
594 | } | |
595 | ||
e40626f0 GB |
596 | /* Don't allow non-developers to modify trusts for large subnets or modify protected groups. */ |
597 | if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) { | |
598 | int minbits = irc_in_addr_is_ipv4(&ip)?TRUST_MIN_UNPRIVILEGED_BITS_IPV4:TRUST_MIN_UNPRIVILEGED_BITS_IPV6; | |
599 | if(bits < minbits) { | |
d6ff6878 | 600 | controlreply(sender, "You don't have the necessary privileges to modify a subnet larger than /%d.", irc_bitlen(&ip, minbits)); |
e40626f0 GB |
601 | return CMD_ERROR; |
602 | } | |
603 | ||
604 | if(tg->flags & TRUST_PROTECTED) { | |
605 | controlreply(sender, "You don't have the necessary privileges to modify a protected trust group."); | |
606 | return CMD_ERROR; | |
607 | } | |
608 | } | |
609 | ||
c1da06f9 GB |
610 | th = th_getbyhostandmask(&ip, bits); |
611 | ||
4c585540 | 612 | if(!th || th->group != tg) { |
c1da06f9 GB |
613 | controlreply(sender, "Host does not belong to the specified group."); |
614 | return CMD_ERROR; | |
615 | } | |
616 | ||
617 | what = cargv[2]; | |
618 | to = cargv[3]; | |
619 | ||
4a5ce902 GB |
620 | override = noperserv_policy_command_permitted(NO_DEVELOPER, sender); |
621 | ||
c1da06f9 GB |
622 | sbinit(&b, validfields, sizeof(validfields)); |
623 | for(i=0;i<trusthostmods_a.cursi;i++) { | |
624 | if(!strcmp(what, trusthostmods[i].name)) { | |
e40626f0 | 625 | if(!(trusthostmods[i].fn)(th, to, sender, override)) { |
c1da06f9 GB |
626 | controlreply(sender, "An error occured changing that property, check the syntax."); |
627 | return CMD_ERROR; | |
628 | } | |
629 | break; | |
630 | } | |
631 | ||
632 | if(i > 0) | |
633 | sbaddstr(&b, ", "); | |
634 | sbaddstr(&b, trusthostmods[i].name); | |
635 | } | |
636 | ||
637 | if(i == trusthostmods_a.cursi) { | |
638 | sbterminate(&b); | |
639 | controlreply(sender, "No such field, valid fields are: %s", validfields); | |
640 | return CMD_ERROR; | |
641 | } | |
642 | ||
643 | triggerhook(HOOK_TRUSTS_MODIFYHOST, th); | |
644 | th_update(th); | |
645 | controlreply(sender, "Host modified."); | |
646 | ||
3898f973 GB |
647 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTMODIFIED'ed host '%s' in group '%s' (field: %s, value: %s)", controlid(sender), CIDRtostr(ip, bits), tg->name->content, what, to); |
648 | trustlog(tg, sender->authname, "Modified %s for host '%s': %s", what, CIDRtostr(ip, bits), to); | |
c1da06f9 GB |
649 | |
650 | return CMD_OK; | |
651 | } | |
652 | ||
e5c0bccf | 653 | static int trusts_cmdtrustlog(void *source, int cargc, char **cargv) { |
01bd21d3 | 654 | nick *sender = source; |
01bd21d3 GB |
655 | char *name; |
656 | int groupid; | |
6e1fa89e | 657 | long limit = 0; |
01bd21d3 GB |
658 | |
659 | if(cargc < 1) | |
660 | return CMD_USAGE; | |
661 | ||
01bd21d3 | 662 | if(cargc>1) |
6e1fa89e | 663 | limit = strtol(cargv[1], NULL, 10); |
01bd21d3 GB |
664 | |
665 | if(limit==0) | |
666 | limit = 100; | |
667 | ||
1467e9a4 GB |
668 | name = cargv[0]; |
669 | ||
670 | if (name[0] == '#') { | |
6e1fa89e | 671 | groupid = strtol(name + 1, NULL, 10); |
1467e9a4 GB |
672 | trustlogspewid(sender, groupid, limit); |
673 | } else { | |
674 | trustlogspewname(sender, name, limit); | |
675 | } | |
01bd21d3 GB |
676 | |
677 | return CMD_OK; | |
678 | } | |
679 | ||
680 | static int trusts_cmdtrustloggrep(void *source, int cargc, char **cargv) { | |
681 | nick *sender = source; | |
682 | char *pattern; | |
6e1fa89e | 683 | long limit = 0; |
01bd21d3 GB |
684 | |
685 | if(cargc < 1) | |
686 | return CMD_USAGE; | |
687 | ||
688 | pattern = cargv[0]; | |
689 | ||
690 | if(cargc>1) | |
6e1fa89e | 691 | limit = strtol(cargv[1], NULL, 10); |
01bd21d3 GB |
692 | |
693 | if(limit==0) | |
694 | limit = 100; | |
695 | ||
696 | trustloggrep(sender, pattern, limit); | |
697 | ||
698 | return CMD_OK; | |
699 | } | |
700 | ||
701 | static int trusts_cmdtrustcomment(void *source, int cargc, char **cargv) { | |
702 | nick *sender = source; | |
703 | trustgroup *tg = NULL; | |
704 | char *name, *comment; | |
705 | ||
706 | if(cargc < 2) | |
707 | return CMD_USAGE; | |
708 | ||
709 | name = cargv[0]; | |
710 | comment = cargv[1]; | |
711 | ||
1a760647 GB |
712 | if(strlen(comment)>TRUSTLOGLEN) { |
713 | controlreply(sender, "Your comment is too long (max: %d characters).", TRUSTLOGLEN); | |
714 | return CMD_OK; | |
715 | } | |
716 | ||
01bd21d3 GB |
717 | tg = tg_strtotg(name); |
718 | ||
719 | if(!tg) { | |
720 | controlreply(sender, "Invalid trust group name or ID."); | |
721 | return CMD_OK; | |
722 | } | |
723 | ||
1a760647 | 724 | controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTCOMMENT'ed group '%s': %s", controlid(sender), tg->name->content, comment); |
7db61652 | 725 | trustlog(tg, sender->authname, "Comment: %s", comment); |
01bd21d3 GB |
726 | |
727 | return CMD_OK; | |
728 | } | |
729 | ||
caf2d02a GB |
730 | static void cleanuptrusts(void *arg); |
731 | ||
732 | static int trusts_cmdtrustcleanup(void *source, int cargc, char **cargv) { | |
733 | cleanuptrusts(source); | |
734 | ||
735 | controlreply(source, "Done."); | |
736 | ||
737 | return CMD_OK; | |
738 | } | |
739 | ||
01bd21d3 | 740 | |
35449aa5 CP |
741 | static int commandsregistered; |
742 | ||
743 | static void registercommands(int hooknum, void *arg) { | |
744 | if(commandsregistered) | |
745 | return; | |
746 | commandsregistered = 1; | |
747 | ||
a825c59a | 748 | registercontrolhelpcmd("trustgroupadd", NO_OPER, 6, trusts_cmdtrustgroupadd, "Usage: trustgroupadd <name> <howmany> <maxperident> <enforceident> <contact> ?comment?"); |
35449aa5 | 749 | registercontrolhelpcmd("trustadd", NO_OPER, 2, trusts_cmdtrustadd, "Usage: trustadd <#id|name|id> <host>"); |
2ab0a1e7 CP |
750 | registercontrolhelpcmd("trustgroupdel", NO_OPER, 1, trusts_cmdtrustgroupdel, "Usage: trustgroupdel <#id|name|id>"); |
751 | registercontrolhelpcmd("trustdel", NO_OPER, 2, trusts_cmdtrustdel, "Usage: trustdel <#id|name|id> <ip/mask>"); | |
752 | registercontrolhelpcmd("trustgroupmodify", NO_OPER, 3, trusts_cmdtrustgroupmodify, "Usage: trustgroupmodify <#id|name|id> <field> <new value>"); | |
c1da06f9 | 753 | registercontrolhelpcmd("trusthostmodify", NO_OPER, 4, trusts_cmdtrusthostmodify, "Usage: trusthostmodify <#id|name|id> <host> <field> <new value>"); |
e5c0bccf | 754 | registercontrolhelpcmd("trustlog", NO_OPER, 2, trusts_cmdtrustlog, "Usage: trustlog <#id|name> ?limit?\nShows log for the specified trust group."); |
35c3513c | 755 | registercontrolhelpcmd("trustloggrep", NO_OPER, 2, trusts_cmdtrustloggrep, "Usage trustloggrep <pattern> ?limit?\nShows maching log entries."); |
01bd21d3 | 756 | registercontrolhelpcmd("trustcomment", NO_OPER, 2, trusts_cmdtrustcomment, "Usage: trustcomment <#id|name> <comment>\nLogs a comment for a trust."); |
caf2d02a | 757 | registercontrolhelpcmd("trustcleanup", NO_DEVELOPER, 0, trusts_cmdtrustcleanup, "Usage: trustcleanup\nCleans up unused trusts."); |
35449aa5 CP |
758 | } |
759 | ||
760 | static void deregistercommands(int hooknum, void *arg) { | |
761 | if(!commandsregistered) | |
762 | return; | |
763 | commandsregistered = 0; | |
764 | ||
765 | deregistercontrolcmd("trustgroupadd", trusts_cmdtrustgroupadd); | |
766 | deregistercontrolcmd("trustadd", trusts_cmdtrustadd); | |
2ab0a1e7 CP |
767 | deregistercontrolcmd("trustgroupdel", trusts_cmdtrustgroupdel); |
768 | deregistercontrolcmd("trustdel", trusts_cmdtrustdel); | |
769 | deregistercontrolcmd("trustgroupmodify", trusts_cmdtrustgroupmodify); | |
c1da06f9 | 770 | deregistercontrolcmd("trusthostmodify", trusts_cmdtrusthostmodify); |
e5c0bccf | 771 | deregistercontrolcmd("trustlog", trusts_cmdtrustlog); |
01bd21d3 GB |
772 | deregistercontrolcmd("trustloggrep", trusts_cmdtrustloggrep); |
773 | deregistercontrolcmd("trustcomment", trusts_cmdtrustcomment); | |
caf2d02a | 774 | deregistercontrolcmd("trustcleanup", trusts_cmdtrustcleanup); |
35449aa5 CP |
775 | } |
776 | ||
82a316e7 CP |
777 | static int loaded; |
778 | ||
1d9ccd69 | 779 | #define _ms_(x) (struct trustmodification){ .name = # x, .fn = modify ## x } |
c1da06f9 GB |
780 | #define MSGROUP(x) { int slot = array_getfreeslot(&trustgroupmods_a); trustgroupmods = (struct trustmodification *)trustgroupmods_a.content; memcpy(&trustgroupmods[slot], &_ms_(x), sizeof(struct trustmodification)); } |
781 | #define MSHOST(x) { int slot = array_getfreeslot(&trusthostmods_a); trusthostmods = (struct trustmodification *)trusthostmods_a.content; memcpy(&trusthostmods[slot], &_ms_(x), sizeof(struct trustmodification)); } | |
1d9ccd69 CP |
782 | |
783 | static void setupmods(void) { | |
c1da06f9 GB |
784 | MSGROUP(expires); |
785 | MSGROUP(enforceident); | |
6ba5f655 | 786 | MSGROUP(reliableusername); |
c1da06f9 GB |
787 | MSGROUP(maxperident); |
788 | MSGROUP(contact); | |
789 | MSGROUP(comment); | |
790 | MSGROUP(trustedfor); | |
de723023 | 791 | MSGROUP(cleanup); |
e40626f0 | 792 | MSGROUP(protected); |
c1da06f9 GB |
793 | |
794 | MSHOST(maxpernode); | |
795 | MSHOST(nodebits); | |
1d9ccd69 CP |
796 | } |
797 | ||
caf2d02a GB |
798 | static int cleanuptrusts_active; |
799 | ||
800 | static void cleanuptrusts(void *arg) { | |
801 | unsigned int now, to_age; | |
802 | nick *np = (nick *)arg; | |
803 | trustgroup *tg; | |
804 | trusthost *th; | |
805 | int thcount = 0, tgcount = 0; | |
806 | int i; | |
807 | array expiredths, expiredtgs; | |
808 | ||
acd5f58f | 809 | now = getnettime(); |
caf2d02a GB |
810 | to_age = now - (CLEANUP_TH_INACTIVE * 3600 * 24); |
811 | ||
812 | if(np) { | |
813 | controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: Manually started by %s.", np->nick); | |
814 | } else { | |
815 | controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: Automatically started."); | |
816 | } | |
817 | ||
818 | if (cleanuptrusts_active) { | |
819 | controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: ABORTED! Cleanup already in progress! BUG BUG BUG!"); | |
820 | return; | |
821 | } | |
822 | ||
823 | cleanuptrusts_active=1; | |
824 | ||
825 | array_init(&expiredtgs, sizeof(trustgroup *)); | |
826 | ||
827 | for(tg=tglist;tg;tg=tg->next) { | |
828 | array_init(&expiredths, sizeof(trusthost *)); | |
829 | ||
de723023 GB |
830 | if(tg->flags & TRUST_NO_CLEANUP) |
831 | continue; | |
832 | ||
caf2d02a GB |
833 | for(th=tg->hosts;th;th=th->next) { |
834 | if((th->count == 0 && th->created < to_age && th->lastseen < to_age) || (tg->expires && tg->expires < now)) { | |
835 | int pos = array_getfreeslot(&expiredths); | |
836 | ((trusthost **)(expiredths.content))[pos] = th; | |
837 | } | |
838 | } | |
839 | ||
840 | for(i=0;i<expiredths.cursi;i++) { | |
841 | char *cidrstr; | |
842 | ||
843 | th = ((trusthost **)(expiredths.content))[i]; | |
844 | triggerhook(HOOK_TRUSTS_DELHOST, th); | |
caf2d02a | 845 | |
3898f973 | 846 | cidrstr = CIDRtostr(th->ip, th->bits); |
caf2d02a GB |
847 | trustlog(tg, "cleanuptrusts", "Removed host '%s' because it was unused for %d days.", cidrstr, CLEANUP_TH_INACTIVE); |
848 | ||
3898f973 GB |
849 | th_delete(th); |
850 | ||
caf2d02a GB |
851 | thcount++; |
852 | } | |
853 | ||
854 | if(!tg->hosts) { | |
855 | int pos = array_getfreeslot(&expiredtgs); | |
856 | ((trustgroup **)(expiredtgs.content))[pos] = tg; | |
857 | } | |
858 | } | |
859 | ||
860 | for(i=0;i<expiredtgs.cursi;i++) { | |
861 | tg = ((trustgroup **)(expiredtgs.content))[i]; | |
862 | triggerhook(HOOK_TRUSTS_DELGROUP, tg); | |
863 | trustlog(tg, "cleanuptrusts", "Deleted group '%s' because it had no hosts left.", tg->name->content); | |
864 | tg_delete(tg); | |
865 | tgcount++; | |
866 | } | |
867 | ||
d601b830 | 868 | controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: Removed %d trust hosts (inactive for %d days) and %d empty trust groups.", thcount, CLEANUP_TH_INACTIVE, tgcount); |
caf2d02a GB |
869 | |
870 | cleanuptrusts_active=0; | |
871 | } | |
872 | ||
873 | static void schedulecleanup(int hooknum, void *arg) { | |
874 | /* run at 1am but only if we're more than 15m away from it, otherwise run tomorrow */ | |
875 | ||
876 | time_t t = time(NULL); | |
877 | time_t next_run = ((t / 86400) * 86400 + 86400) + 3600; | |
878 | if(next_run - t < 900) | |
879 | next_run+=86400; | |
880 | ||
881 | schedulerecurring(next_run,0,86400,cleanuptrusts,NULL); | |
882 | } | |
883 | ||
35449aa5 | 884 | void _init(void) { |
82a316e7 CP |
885 | sstring *m; |
886 | ||
c1da06f9 GB |
887 | array_init(&trustgroupmods_a, sizeof(struct trustmodification)); |
888 | array_init(&trusthostmods_a, sizeof(struct trustmodification)); | |
1d9ccd69 CP |
889 | setupmods(); |
890 | ||
82a316e7 CP |
891 | m = getconfigitem("trusts", "master"); |
892 | if(!m || (atoi(m->content) != 1)) { | |
893 | Error("trusts_management", ERR_ERROR, "Not a master server, not loaded."); | |
894 | return; | |
895 | } | |
896 | ||
897 | loaded = 1; | |
898 | ||
35449aa5 | 899 | registerhook(HOOK_TRUSTS_DB_LOADED, registercommands); |
caf2d02a | 900 | registerhook(HOOK_TRUSTS_DB_LOADED, schedulecleanup); |
35449aa5 CP |
901 | registerhook(HOOK_TRUSTS_DB_CLOSED, deregistercommands); |
902 | ||
903 | if(trustsdbloaded) | |
904 | registercommands(0, NULL); | |
905 | } | |
906 | ||
907 | void _fini(void) { | |
c1da06f9 GB |
908 | array_free(&trustgroupmods_a); |
909 | array_free(&trusthostmods_a); | |
1d9ccd69 | 910 | |
82a316e7 CP |
911 | if(!loaded) |
912 | return; | |
913 | ||
35449aa5 CP |
914 | deregisterhook(HOOK_TRUSTS_DB_LOADED, registercommands); |
915 | deregisterhook(HOOK_TRUSTS_DB_CLOSED, deregistercommands); | |
916 | ||
917 | deregistercommands(0, NULL); | |
caf2d02a GB |
918 | |
919 | deleteallschedules(cleanuptrusts); | |
35449aa5 | 920 | } |