#include <stdio.h>
#include <string.h>
#include "../control/control.h"
+#include "../lib/version.h"
#include "../lib/irc_string.h"
#include "../lib/strlfunc.h"
#include "../core/config.h"
#include "../core/schedule.h"
#include "../irc/irc.h"
#include "../lib/stringbuf.h"
-#include "../noperserv/noperserv.h"
-#include "../noperserv/noperserv_policy.h"
+#include "../control/control.h"
+#include "../control/control_policy.h"
#include "trusts.h"
+MODULE_VERSION("");
+
static void registercommands(int, void *);
static void deregistercommands(int, void *);
return CMD_ERROR;
}
+ if(!is_normalized_ipmask(&ip, bits)) {
+ controlreply(sender, "Invalid IP Mask.");
+ return CMD_ERROR;
+ }
+
/* Don't allow non-developers to add trusts for large subnets or modify protected groups. */
if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) {
int minbits = irc_in_addr_is_ipv4(&ip)?TRUST_MIN_UNPRIVILEGED_BITS_IPV4:TRUST_MIN_UNPRIVILEGED_BITS_IPV6;
if(bits < minbits) {
- controlreply(sender, "You don't have the necessary privileges to add a subnet larger than /%d.", irc_in_addr_is_ipv4(&ip)?(minbits-96):minbits);
+ controlreply(sender, "You don't have the necessary privileges to add a subnet larger than /%d.", irc_bitlen(&ip, minbits));
return CMD_ERROR;
}
/* OKAY! Lots of checking here!
*
* Need to check:
- * - host isn't already covered by given group (reject if it is)
+ * - exact same host isn't already covered by given group (reject if it is)
* - host doesn't already exist exactly already (reject if it does)
* - host is more specific than an existing one (warn if it is, fix up later)
* - host is less specific than an existing one (warn if it is, don't need to do anything special)
*/
for(th=tg->hosts;th;th=th->next) {
- if(ipmask_check(&ip, &th->ip, th->bits)) {
+ if(ipmask_check(&ip, &th->ip, th->bits) && th->bits == bits) {
controlreply(sender, "This host (or part of it) is already covered in the given group.");
return CMD_ERROR;
}
if(superset) {
/* a superset exists for us, we will be more specific than one existing host */
- controlreply(sender, "Warning: this host already exists in another group, but this new host will override it as it has a smaller prefix.");
+ controlreply(sender, "Note: This host already exists in another group, but this new host will override it as it has a smaller prefix.");
}
if(subset) {
/* a subset of us exists, we will be less specific than some existing hosts */
- controlreply(sender, "Warning: this host already exists in at least one other group, the new host has a larger prefix and therefore will not override those hosts.");
+ controlreply(sender, "Note: This host already exists in at least one other group, the new host has a larger prefix and therefore will not override those hosts.");
}
- if(superset || subset)
- controlreply(sender, "Adding anyway...");
th = th_new(tg, host);
if(!th) {
static int trusts_cmdtrustgroupadd(void *source, int cargc, char **cargv) {
nick *sender = source;
char *name, *contact, *comment, createdby[ACCOUNTLEN + 2];
- unsigned int howmany, maxperident, enforceident;
- time_t howlong, expires;
+ long howmany, maxperident, enforceident;
trustgroup *tg, itg;
- int override;
+ int override, flags;
- if(cargc < 6)
+ if(cargc < 5)
return CMD_USAGE;
override = noperserv_policy_command_permitted(NO_DEVELOPER, sender);
name = cargv[0];
- howmany = strtoul(cargv[1], NULL, 10);
+ howmany = strtol(cargv[1], NULL, 10);
if(!override && (!howmany || (howmany > MAXTRUSTEDFOR))) {
controlreply(sender, "Bad value maximum number of clients.");
return CMD_ERROR;
}
- howlong = durationtolong(cargv[2]);
- if((howlong < 0) || (howlong > MAXDURATION)) {
- controlreply(sender, "Invalid duration supplied.");
- return CMD_ERROR;
- }
-
- if(howlong)
- expires = howlong + getnettime();
- else
- expires = 0;
-
- maxperident = strtoul(cargv[3], NULL, 10);
+ maxperident = strtol(cargv[2], NULL, 10);
if(maxperident < 0 || (maxperident > MAXPERIDENT)) {
controlreply(sender, "Bad value for max per ident.");
return CMD_ERROR;
}
- if(cargv[4][0] != '1' && cargv[4][0] != '0') {
+ if(cargv[3][0] != '1' && cargv[3][0] != '0') {
controlreply(sender, "Bad value for enforce ident (use 0 or 1).");
return CMD_ERROR;
}
- enforceident = cargv[4][0] == '1';
+ enforceident = cargv[3][0] == '1';
- contact = cargv[5];
+ contact = cargv[4];
- if(cargc < 7) {
+ if(cargc < 6) {
comment = "(no comment)";
} else {
- comment = cargv[6];
+ comment = cargv[5];
}
/* don't allow #id or id forms */
- if((name[0] == '#') || strtoul(name, NULL, 10)) {
+ if((name[0] == '#') || strtol(name, NULL, 10)) {
controlreply(sender, "Invalid trustgroup name.");
return CMD_ERROR;
}
snprintf(createdby, sizeof(createdby), "#%s", sender->authname);
+ flags = 0;
+
+ if(maxperident > 0)
+ flags |= TRUST_RELIABLE_USERNAME;
+
+ if(enforceident)
+ flags |= TRUST_ENFORCE_IDENT;
+
itg.trustedfor = howmany;
- itg.flags = enforceident?TRUST_ENFORCE_IDENT:0;
+ itg.flags = flags;
itg.maxperident = maxperident;
- itg.expires = expires;
+ itg.expires = 0;
itg.createdby = getsstring(createdby, CREATEDBYLEN);
itg.contact = getsstring(contact, CONTACTLEN);
itg.comment = getsstring(comment, COMMENTLEN);
controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTGROUPADD'ed '%s'", controlid(sender), tg->name->content);
trustlog(tg, sender->authname, "Created trust group '%s' (ID #%d): howmany=%d, enforceident=%d, maxperident=%d, "
- "expires=%d, createdby=%s, contact=%s, comment=%s",
- tg->name->content, howmany, tg->id, enforceident, maxperident, expires, createdby, contact, comment);
+ "createdby=%s, contact=%s, comment=%s",
+ tg->name->content, tg->id, howmany, enforceident, maxperident, createdby, contact, comment);
return CMD_OK;
}
if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) {
int minbits = irc_in_addr_is_ipv4(&ip)?TRUST_MIN_UNPRIVILEGED_BITS_IPV4:TRUST_MIN_UNPRIVILEGED_BITS_IPV6;
if(bits < minbits) {
- controlreply(sender, "You don't have the necessary privileges to remove a subnet larger than /%d.", irc_in_addr_is_ipv4(&ip)?(minbits-96):minbits);
+ controlreply(sender, "You don't have the necessary privileges to remove a subnet larger than /%d.", irc_bitlen(&ip, minbits));
return CMD_ERROR;
}
static int modifytrustedfor(void *arg, char *num, nick *source, int override) {
trustgroup *tg = arg;
- unsigned int trustedfor = strtoul(num, NULL, 10);
+ long trustedfor = strtol(num, NULL, 10);
if(trustedfor < 0) {
controlreply(source, "The clone limit must not be negative.");
static int modifymaxperident(void *arg, char *num, nick *source, int override) {
trustgroup *tg = arg;
- unsigned int maxperident = strtoul(num, NULL, 10);
+ long maxperident = strtol(num, NULL, 10);
if(maxperident < 0) {
controlreply(source, "Ident limit must not be negative.");
return 1;
}
+static int modifyreliableusername(void *arg, char *num, nick *source, int override) {
+ trustgroup *tg = arg;
+
+ if(num[0] == '1') {
+ tg->flags |= TRUST_RELIABLE_USERNAME;
+ } else if(num[0] == '0') {
+ tg->flags &= ~TRUST_RELIABLE_USERNAME;
+ } else {
+ return 0;
+ }
+
+ return 1;
+}
+
+static int modifyunthrottle(void *arg, char *num, nick *source, int override) {
+ trustgroup *tg = arg;
+
+ if(num[0] == '1') {
+ tg->flags |= TRUST_UNTHROTTLE;
+ } else if(num[0] == '0') {
+ tg->flags &= ~TRUST_UNTHROTTLE;
+ } else {
+ return 0;
+ }
+
+ return 1;
+}
+
static int modifyexpires(void *arg, char *expires, nick *source, int override) {
trustgroup *tg = arg;
int howlong = durationtolong(expires);
- if((howlong < 0) || (howlong > MAXDURATION))
+ if((howlong < 0) || (howlong > MAXDURATION)) {
+ controlreply(source, "Duration cannot be negative or greater than %s (use 0 instead if you don't want the group to expire).", longtoduration(MAXDURATION, 0));
return 0;
+ }
if(howlong)
tg->expires = getnettime() + howlong;
return 0;
}
+ if(irc_in_addr_is_ipv4(&th->ip))
+ nodebits += 96;
+
+ if(nodebits > 128) {
+ controlreply(source, "Node bits is invalid.");
+ return 0;
+ }
+
if(!override) {
int minbits = irc_in_addr_is_ipv4(&th->ip)?TRUST_MIN_UNPRIVILEGED_NODEBITS_IPV4:TRUST_MIN_UNPRIVILEGED_NODEBITS_IPV6;
if(nodebits < minbits) {
- controlreply(source, "You don't have the necessary privileges to set node bits to a subnet larger than /%d.", irc_in_addr_is_ipv4(&th->ip)?(minbits-96):minbits);
+ controlreply(source, "You don't have the necessary privileges to set node bits to a subnet larger than /%d.", irc_bitlen(&th->ip, minbits));
return 0;
}
}
- if(irc_in_addr_is_ipv4(&th->ip))
- nodebits += 96;
-
if(nodebits<th->bits) {
- controlreply(source, "Node bits must be smaller than the trusted CIDR's subnet size.");
+ controlreply(source, "Node bits must be smaller or equal to the trusted CIDR's subnet size.");
return 0;
}
static int trusts_cmdtrustgroupmodify(void *source, int cargc, char **cargv) {
trustgroup *tg;
nick *sender = source;
- char *what, *to, validfields[512];
+ char *what, *to;
int i, override;
- StringBuf b;
if(cargc < 3)
return CMD_USAGE;
return CMD_ERROR;
}
- sbinit(&b, validfields, sizeof(validfields));
for(i=0;i<trustgroupmods_a.cursi;i++) {
if(!strcmp(what, trustgroupmods[i].name)) {
if(!(trustgroupmods[i].fn)(tg, to, sender, override)) {
}
break;
}
-
- if(i > 0)
- sbaddstr(&b, ", ");
- sbaddstr(&b, trustgroupmods[i].name);
}
- if(i == trustgroupmods_a.cursi) {
- sbterminate(&b);
- controlreply(sender, "No such field, valid fields are: %s", validfields);
- return CMD_ERROR;
- }
+ if(i == trustgroupmods_a.cursi)
+ return CMD_USAGE;
triggerhook(HOOK_TRUSTS_MODIFYGROUP, tg);
tg_update(tg);
trustgroup *tg;
trusthost *th;
nick *sender = source;
- char *what, *to, validfields[512];
+ char *what, *to;
int i, override;
- StringBuf b;
struct irc_in_addr ip;
unsigned char bits;
if (!noperserv_policy_command_permitted(NO_DEVELOPER, sender)) {
int minbits = irc_in_addr_is_ipv4(&ip)?TRUST_MIN_UNPRIVILEGED_BITS_IPV4:TRUST_MIN_UNPRIVILEGED_BITS_IPV6;
if(bits < minbits) {
- controlreply(sender, "You don't have the necessary privileges to modify a subnet larger than /%d.", irc_in_addr_is_ipv4(&ip)?(minbits-96):minbits);
+ controlreply(sender, "You don't have the necessary privileges to modify a subnet larger than /%d.", irc_bitlen(&ip, minbits));
return CMD_ERROR;
}
override = noperserv_policy_command_permitted(NO_DEVELOPER, sender);
- sbinit(&b, validfields, sizeof(validfields));
for(i=0;i<trusthostmods_a.cursi;i++) {
if(!strcmp(what, trusthostmods[i].name)) {
if(!(trusthostmods[i].fn)(th, to, sender, override)) {
}
break;
}
-
- if(i > 0)
- sbaddstr(&b, ", ");
- sbaddstr(&b, trusthostmods[i].name);
}
- if(i == trusthostmods_a.cursi) {
- sbterminate(&b);
- controlreply(sender, "No such field, valid fields are: %s", validfields);
- return CMD_ERROR;
- }
+ if(i == trusthostmods_a.cursi)
+ return CMD_USAGE;
triggerhook(HOOK_TRUSTS_MODIFYHOST, th);
th_update(th);
controlreply(sender, "Host modified.");
- controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTMODIFIED'ed host '%s' in group '%s' (field: %s, value: %s)", controlid(sender), trusts_cidr2str(&ip, bits), tg->name->content, what, to);
- trustlog(tg, sender->authname, "Modified %s for host '%s': %s", what, tg->name->content, to);
+ controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTMODIFIED'ed host '%s' in group '%s' (field: %s, value: %s)", controlid(sender), CIDRtostr(ip, bits), tg->name->content, what, to);
+ trustlog(tg, sender->authname, "Modified %s for host '%s': %s", what, CIDRtostr(ip, bits), to);
return CMD_OK;
}
nick *sender = source;
char *name;
int groupid;
- int limit = 0;
+ long limit = 0;
if(cargc < 1)
return CMD_USAGE;
if(cargc>1)
- limit = strtoul(cargv[1], NULL, 10);
+ limit = strtol(cargv[1], NULL, 10);
if(limit==0)
limit = 100;
name = cargv[0];
if (name[0] == '#') {
- groupid = strtoul(name + 1, NULL, 10);
+ groupid = strtol(name + 1, NULL, 10);
trustlogspewid(sender, groupid, limit);
} else {
trustlogspewname(sender, name, limit);
static int trusts_cmdtrustloggrep(void *source, int cargc, char **cargv) {
nick *sender = source;
char *pattern;
- int limit = 0;
+ long limit = 0;
if(cargc < 1)
return CMD_USAGE;
pattern = cargv[0];
if(cargc>1)
- limit = strtoul(cargv[1], NULL, 10);
+ limit = strtol(cargv[1], NULL, 10);
if(limit==0)
limit = 100;
name = cargv[0];
comment = cargv[1];
+ if(strlen(comment)>TRUSTLOGLEN) {
+ controlreply(sender, "Your comment is too long (max: %d characters).", TRUSTLOGLEN);
+ return CMD_OK;
+ }
+
tg = tg_strtotg(name);
if(!tg) {
return CMD_OK;
}
- controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTCOMMENT'ed group '%s': %s", controlid(sender), tg->name->content, comment);
+ controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTCOMMENT'ed group '%s': %s", controlid(sender), tg->name->content, comment);
trustlog(tg, sender->authname, "Comment: %s", comment);
return CMD_OK;
static int commandsregistered;
static void registercommands(int hooknum, void *arg) {
+ static char tgmhelp[512], thmhelp[512];
+ char validfields[512];
+ StringBuf b;
+ int i;
+
if(commandsregistered)
return;
commandsregistered = 1;
- registercontrolhelpcmd("trustgroupadd", NO_OPER, 7, trusts_cmdtrustgroupadd, "Usage: trustgroupadd <name> <howmany> <howlong> <maxperident> <enforceident> <contact> ?comment?");
+ registercontrolhelpcmd("trustgroupadd", NO_OPER, 6, trusts_cmdtrustgroupadd, "Usage: trustgroupadd <name> <howmany> <maxperident> <enforceident> <contact> ?comment?");
registercontrolhelpcmd("trustadd", NO_OPER, 2, trusts_cmdtrustadd, "Usage: trustadd <#id|name|id> <host>");
registercontrolhelpcmd("trustgroupdel", NO_OPER, 1, trusts_cmdtrustgroupdel, "Usage: trustgroupdel <#id|name|id>");
registercontrolhelpcmd("trustdel", NO_OPER, 2, trusts_cmdtrustdel, "Usage: trustdel <#id|name|id> <ip/mask>");
- registercontrolhelpcmd("trustgroupmodify", NO_OPER, 3, trusts_cmdtrustgroupmodify, "Usage: trustgroupmodify <#id|name|id> <field> <new value>");
- registercontrolhelpcmd("trusthostmodify", NO_OPER, 4, trusts_cmdtrusthostmodify, "Usage: trusthostmodify <#id|name|id> <host> <field> <new value>");
+
+ sbinit(&b, validfields, sizeof(validfields));
+ for(i=0;i<trustgroupmods_a.cursi;i++) {
+ if(i > 0)
+ sbaddstr(&b, ", ");
+ sbaddstr(&b, trustgroupmods[i].name);
+ }
+ sbterminate(&b);
+
+ snprintf(tgmhelp, sizeof(tgmhelp), "Usage: trustgroupmodify <#id|name|id> <field> <new value>\nModifies a trust group.\nValid fields: %s", validfields);
+ registercontrolhelpcmd("trustgroupmodify", NO_OPER, 3, trusts_cmdtrustgroupmodify, tgmhelp);
+
+ sbinit(&b, validfields, sizeof(validfields));
+ for(i=0;i<trusthostmods_a.cursi;i++) {
+ if(i > 0)
+ sbaddstr(&b, ", ");
+ sbaddstr(&b, trusthostmods[i].name);
+ }
+ sbterminate(&b);
+
+ snprintf(thmhelp, sizeof(thmhelp), "Usage: trusthostmodify <#id|name|id> <host> <field> <new value>\nModifies a trust host\nValid fields: %s", validfields);
+ registercontrolhelpcmd("trusthostmodify", NO_OPER, 4, trusts_cmdtrusthostmodify, thmhelp);
+
registercontrolhelpcmd("trustlog", NO_OPER, 2, trusts_cmdtrustlog, "Usage: trustlog <#id|name> ?limit?\nShows log for the specified trust group.");
registercontrolhelpcmd("trustloggrep", NO_OPER, 2, trusts_cmdtrustloggrep, "Usage trustloggrep <pattern> ?limit?\nShows maching log entries.");
registercontrolhelpcmd("trustcomment", NO_OPER, 2, trusts_cmdtrustcomment, "Usage: trustcomment <#id|name> <comment>\nLogs a comment for a trust.");
static void setupmods(void) {
MSGROUP(expires);
MSGROUP(enforceident);
+ MSGROUP(reliableusername);
MSGROUP(maxperident);
MSGROUP(contact);
MSGROUP(comment);
MSGROUP(trustedfor);
MSGROUP(cleanup);
MSGROUP(protected);
+ MSGROUP(unthrottle);
MSHOST(maxpernode);
MSHOST(nodebits);
trusthost *th;
int thcount = 0, tgcount = 0;
int i;
+ flag_t noticelevel;
array expiredths, expiredtgs;
now = getnettime();
to_age = now - (CLEANUP_TH_INACTIVE * 3600 * 24);
if(np) {
- controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: Manually started by %s.", np->nick);
+ noticelevel = NL_TRUSTS;
+ controlwall(NO_OPER, noticelevel, "CLEANUPTRUSTS: Manually started by %s.", np->nick);
} else {
- controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: Automatically started.");
+ noticelevel = NL_CLEANUP;
+ controlwall(NO_OPER, noticelevel, "CLEANUPTRUSTS: Automatically started.");
}
if (cleanuptrusts_active) {
}
for(i=0;i<expiredths.cursi;i++) {
- char *cidrstr;
+ const char *cidrstr;
th = ((trusthost **)(expiredths.content))[i];
triggerhook(HOOK_TRUSTS_DELHOST, th);
- th_delete(th);
- cidrstr = trusts_cidr2str(&th->ip, th->bits);
+ cidrstr = CIDRtostr(th->ip, th->bits);
trustlog(tg, "cleanuptrusts", "Removed host '%s' because it was unused for %d days.", cidrstr, CLEANUP_TH_INACTIVE);
+ th_delete(th);
+
thcount++;
}
tgcount++;
}
- controlwall(NO_OPER, NL_TRUSTS, "CLEANUPTRUSTS: Removed %d trust hosts (inactive for %d days) and %d empty trust groups.", thcount, CLEANUP_TH_INACTIVE, tgcount);
+ controlwall(NO_OPER, noticelevel, "CLEANUPTRUSTS: Removed %d trust hosts (inactive for %d days) and %d empty trust groups.", thcount, CLEANUP_TH_INACTIVE, tgcount);
cleanuptrusts_active=0;
}
projects / irc / quakenet / newserv.git / blobdiff