]>
Commit | Line | Data |
---|---|---|
189935b1 | 1 | /* |
2 | * IRC - Internet Relay Chat, ircd/s_conf.c | |
3 | * Copyright (C) 1990 Jarkko Oikarinen and | |
4 | * University of Oulu, Computing Center | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License as published by | |
8 | * the Free Software Foundation; either version 1, or (at your option) | |
9 | * any later version. | |
10 | * | |
11 | * This program is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | * GNU General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License | |
17 | * along with this program; if not, write to the Free Software | |
18 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
19 | */ | |
20 | /** @file | |
21 | * @brief ircd configuration file driver | |
081bd606 | 22 | * @version $Id: s_conf.c,v 1.81.2.8 2007/04/05 01:52:39 entrope Exp $ |
189935b1 | 23 | */ |
24 | #include "config.h" | |
25 | ||
26 | #include "s_conf.h" | |
27 | #include "IPcheck.h" | |
28 | #include "class.h" | |
29 | #include "client.h" | |
30 | #include "crule.h" | |
31 | #include "ircd_features.h" | |
32 | #include "fileio.h" | |
33 | #include "gline.h" | |
34 | #include "hash.h" | |
35 | #include "ircd.h" | |
36 | #include "ircd_alloc.h" | |
189935b1 | 37 | #include "ircd_chattr.h" |
38 | #include "ircd_log.h" | |
39 | #include "ircd_reply.h" | |
40 | #include "ircd_snprintf.h" | |
41 | #include "ircd_string.h" | |
42 | #include "list.h" | |
43 | #include "listener.h" | |
44 | #include "match.h" | |
45 | #include "motd.h" | |
46 | #include "numeric.h" | |
47 | #include "numnicks.h" | |
48 | #include "opercmds.h" | |
49 | #include "parse.h" | |
50 | #include "res.h" | |
9f8856e9 | 51 | #include "s_auth.h" |
189935b1 | 52 | #include "s_bsd.h" |
53 | #include "s_debug.h" | |
54 | #include "s_misc.h" | |
55 | #include "send.h" | |
56 | #include "struct.h" | |
57 | #include "sys.h" | |
58 | ||
59 | /* #include <assert.h> -- Now using assert in ircd_log.h */ | |
60 | #include <errno.h> | |
61 | #include <fcntl.h> | |
62 | #include <netdb.h> | |
63 | #include <stdio.h> | |
64 | #include <stdlib.h> | |
65 | #include <string.h> | |
66 | #include <sys/stat.h> | |
67 | #include <unistd.h> | |
68 | ||
69 | /** Global list of all ConfItem structures. */ | |
70 | struct ConfItem *GlobalConfList; | |
71 | /** Count of items in #GlobalConfList. */ | |
72 | int GlobalConfCount; | |
73 | /** Global list of service mappings. */ | |
74 | struct s_map *GlobalServiceMapList; | |
75 | /** Global list of channel quarantines. */ | |
76 | struct qline *GlobalQuarantineList; | |
d8e74551 | 77 | /** Global list of spoofhosts. */ |
78 | struct sline *GlobalSList = 0; | |
189935b1 | 79 | |
80 | /** Current line number in scanner input. */ | |
81 | int lineno; | |
82 | ||
83 | /** Configuration information for #me. */ | |
84 | struct LocalConf localConf; | |
85 | /** Global list of connection rules. */ | |
86 | struct CRuleConf* cruleConfList; | |
87 | /** Global list of K-lines. */ | |
88 | struct DenyConf* denyConfList; | |
89 | ||
90 | /** Tell a user that they are banned, dumping the message from a file. | |
91 | * @param sptr Client being rejected | |
92 | * @param filename Send this file's contents to \a sptr | |
93 | */ | |
94 | static void killcomment(struct Client* sptr, const char* filename) | |
95 | { | |
96 | FBFILE* file = 0; | |
97 | char line[80]; | |
98 | struct stat sb; | |
99 | struct tm* tm; | |
100 | ||
101 | if (NULL == (file = fbopen(filename, "r"))) { | |
102 | send_reply(sptr, ERR_NOMOTD); | |
103 | send_reply(sptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, | |
104 | ":Connection from your host is refused on this server."); | |
105 | return; | |
106 | } | |
107 | fbstat(&sb, file); | |
108 | tm = localtime((time_t*) &sb.st_mtime); /* NetBSD needs cast */ | |
109 | while (fbgets(line, sizeof(line) - 1, file)) { | |
110 | char* end = line + strlen(line); | |
111 | while (end > line) { | |
112 | --end; | |
113 | if ('\n' == *end || '\r' == *end) | |
114 | *end = '\0'; | |
115 | else | |
116 | break; | |
117 | } | |
118 | send_reply(sptr, RPL_MOTD, line); | |
119 | } | |
120 | send_reply(sptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, | |
121 | ":Connection from your host is refused on this server."); | |
122 | fbclose(file); | |
123 | } | |
124 | ||
125 | /** Allocate a new struct ConfItem and link it to #GlobalConfList. | |
126 | * @return Newly allocated structure. | |
127 | */ | |
128 | struct ConfItem* make_conf(int type) | |
129 | { | |
130 | struct ConfItem* aconf; | |
131 | ||
132 | aconf = (struct ConfItem*) MyMalloc(sizeof(struct ConfItem)); | |
133 | assert(0 != aconf); | |
134 | ++GlobalConfCount; | |
135 | memset(aconf, 0, sizeof(struct ConfItem)); | |
136 | aconf->status = type; | |
137 | aconf->next = GlobalConfList; | |
138 | GlobalConfList = aconf; | |
139 | return aconf; | |
140 | } | |
141 | ||
142 | /** Free a struct ConfItem and any resources it owns. | |
143 | * @param aconf Item to free. | |
144 | */ | |
145 | void free_conf(struct ConfItem *aconf) | |
146 | { | |
147 | Debug((DEBUG_DEBUG, "free_conf: %s %s %d", | |
148 | aconf->host ? aconf->host : "*", | |
149 | aconf->name ? aconf->name : "*", | |
150 | aconf->address.port)); | |
151 | if (aconf->dns_pending) | |
152 | delete_resolver_queries(aconf); | |
153 | MyFree(aconf->username); | |
154 | MyFree(aconf->host); | |
155 | MyFree(aconf->origin_name); | |
156 | if (aconf->passwd) | |
157 | memset(aconf->passwd, 0, strlen(aconf->passwd)); | |
158 | MyFree(aconf->passwd); | |
159 | MyFree(aconf->name); | |
160 | MyFree(aconf->hub_limit); | |
161 | MyFree(aconf); | |
162 | --GlobalConfCount; | |
163 | } | |
164 | ||
165 | /** Disassociate configuration from the client. | |
166 | * @param cptr Client to operate on. | |
167 | * @param aconf ConfItem to detach. | |
168 | */ | |
169 | static void detach_conf(struct Client* cptr, struct ConfItem* aconf) | |
170 | { | |
171 | struct SLink** lp; | |
172 | struct SLink* tmp; | |
173 | ||
174 | assert(0 != aconf); | |
175 | assert(0 != cptr); | |
176 | assert(0 < aconf->clients); | |
177 | ||
178 | lp = &(cli_confs(cptr)); | |
179 | ||
180 | while (*lp) { | |
181 | if ((*lp)->value.aconf == aconf) { | |
182 | if (aconf->conn_class && (aconf->status & CONF_CLIENT_MASK) && ConfLinks(aconf) > 0) | |
183 | --ConfLinks(aconf); | |
184 | ||
185 | assert(0 < aconf->clients); | |
186 | if (0 == --aconf->clients && IsIllegal(aconf)) | |
187 | free_conf(aconf); | |
188 | tmp = *lp; | |
189 | *lp = tmp->next; | |
190 | free_link(tmp); | |
191 | return; | |
192 | } | |
193 | lp = &((*lp)->next); | |
194 | } | |
195 | } | |
196 | ||
197 | /** Parse a user\@host mask into username and host or IP parts. | |
198 | * If \a host contains no username part, set \a aconf->username to | |
199 | * NULL. If the host part of \a host looks like an IP mask, set \a | |
200 | * aconf->addrbits and \a aconf->address to match. Otherwise, set | |
201 | * \a aconf->host, and set \a aconf->addrbits to -1. | |
202 | * @param[in,out] aconf Configuration item to set. | |
203 | * @param[in] host user\@host mask to parse. | |
204 | */ | |
205 | void conf_parse_userhost(struct ConfItem *aconf, char *host) | |
206 | { | |
207 | char *host_part; | |
208 | unsigned char addrbits; | |
209 | ||
210 | MyFree(aconf->username); | |
211 | MyFree(aconf->host); | |
212 | host_part = strchr(host, '@'); | |
213 | if (host_part) { | |
214 | *host_part = '\0'; | |
215 | DupString(aconf->username, host); | |
216 | host_part++; | |
217 | } else { | |
218 | aconf->username = NULL; | |
219 | host_part = host; | |
220 | } | |
221 | DupString(aconf->host, host_part); | |
222 | if (ipmask_parse(aconf->host, &aconf->address.addr, &addrbits)) | |
223 | aconf->addrbits = addrbits; | |
224 | else | |
225 | aconf->addrbits = -1; | |
189935b1 | 226 | } |
227 | ||
228 | /** Copies a completed DNS query into its ConfItem. | |
229 | * @param vptr Pointer to struct ConfItem for the block. | |
230 | * @param hp DNS reply, or NULL if the lookup failed. | |
231 | */ | |
232 | static void conf_dns_callback(void* vptr, const struct irc_in_addr *addr, const char *h_name) | |
233 | { | |
234 | struct ConfItem* aconf = (struct ConfItem*) vptr; | |
235 | assert(aconf); | |
236 | aconf->dns_pending = 0; | |
237 | if (addr) | |
238 | memcpy(&aconf->address.addr, addr, sizeof(aconf->address.addr)); | |
239 | } | |
240 | ||
241 | /** Start a nameserver lookup of the conf host. If the conf entry is | |
242 | * currently doing a lookup, do nothing. | |
243 | * @param aconf ConfItem for which to start a request. | |
244 | */ | |
245 | static void conf_dns_lookup(struct ConfItem* aconf) | |
246 | { | |
247 | if (!aconf->dns_pending) { | |
248 | char buf[HOSTLEN + 1]; | |
249 | ||
250 | host_from_uh(buf, aconf->host, HOSTLEN); | |
251 | gethost_byname(buf, conf_dns_callback, aconf); | |
252 | aconf->dns_pending = 1; | |
253 | } | |
254 | } | |
255 | ||
256 | ||
257 | /** Start lookups of all addresses in the conf line. The origin must | |
258 | * be a numeric IP address. If the remote host field is not an IP | |
259 | * address, start a DNS lookup for it. | |
260 | * @param aconf Connection to do lookups for. | |
261 | */ | |
262 | void | |
263 | lookup_confhost(struct ConfItem *aconf) | |
264 | { | |
265 | if (EmptyString(aconf->host) || EmptyString(aconf->name)) { | |
266 | Debug((DEBUG_ERROR, "Host/server name error: (%s) (%s)", | |
267 | aconf->host, aconf->name)); | |
268 | return; | |
269 | } | |
270 | if (aconf->origin_name | |
271 | && !ircd_aton(&aconf->origin.addr, aconf->origin_name)) { | |
272 | Debug((DEBUG_ERROR, "Origin name error: (%s) (%s)", | |
273 | aconf->origin_name, aconf->name)); | |
274 | } | |
275 | /* | |
276 | * Do name lookup now on hostnames given and store the | |
277 | * ip numbers in conf structure. | |
278 | */ | |
279 | if (IsIP6Char(*aconf->host)) { | |
280 | if (!ircd_aton(&aconf->address.addr, aconf->host)) { | |
281 | Debug((DEBUG_ERROR, "Host/server name error: (%s) (%s)", | |
282 | aconf->host, aconf->name)); | |
283 | } | |
284 | } | |
285 | else | |
286 | conf_dns_lookup(aconf); | |
287 | } | |
288 | ||
289 | /** Find a server by name or hostname. | |
290 | * @param name Server name to find. | |
291 | * @return Pointer to the corresponding ConfItem, or NULL if none exists. | |
292 | */ | |
293 | struct ConfItem* conf_find_server(const char* name) | |
294 | { | |
295 | struct ConfItem* conf; | |
296 | assert(0 != name); | |
297 | ||
298 | for (conf = GlobalConfList; conf; conf = conf->next) { | |
299 | if (CONF_SERVER == conf->status) { | |
300 | /* | |
301 | * Check first servernames, then try hostnames. | |
302 | * XXX - match returns 0 if there _is_ a match... guess they | |
303 | * haven't decided what true is yet | |
304 | */ | |
305 | if (0 == match(name, conf->name)) | |
306 | return conf; | |
307 | } | |
308 | } | |
309 | return 0; | |
310 | } | |
311 | ||
312 | /** Evaluate connection rules. | |
313 | * @param name Name of server to check | |
314 | * @param mask Filter for CRule types (only consider if type & \a mask != 0). | |
315 | * @return Name of rule that forbids the connection; NULL if no prohibitions. | |
316 | */ | |
317 | const char* conf_eval_crule(const char* name, int mask) | |
318 | { | |
319 | struct CRuleConf* p = cruleConfList; | |
320 | assert(0 != name); | |
321 | ||
322 | for ( ; p; p = p->next) { | |
323 | if (0 != (p->type & mask) && 0 == match(p->hostmask, name)) { | |
324 | if (crule_eval(p->node)) | |
325 | return p->rule; | |
326 | } | |
327 | } | |
328 | return 0; | |
329 | } | |
330 | ||
331 | /** Remove all conf entries from the client except those which match | |
332 | * the status field mask. | |
333 | * @param cptr Client to operate on. | |
334 | * @param mask ConfItem types to keep. | |
335 | */ | |
336 | void det_confs_butmask(struct Client* cptr, int mask) | |
337 | { | |
338 | struct SLink* link; | |
339 | struct SLink* next; | |
340 | assert(0 != cptr); | |
341 | ||
342 | for (link = cli_confs(cptr); link; link = next) { | |
343 | next = link->next; | |
344 | if ((link->value.aconf->status & mask) == 0) | |
345 | detach_conf(cptr, link->value.aconf); | |
346 | } | |
347 | } | |
348 | ||
349 | /** Find the first (best) Client block to attach. | |
350 | * @param cptr Client for whom to check rules. | |
351 | * @return Authorization check result. | |
352 | */ | |
353 | enum AuthorizationCheckResult attach_iline(struct Client* cptr) | |
354 | { | |
355 | struct ConfItem* aconf; | |
356 | ||
357 | assert(0 != cptr); | |
358 | ||
359 | for (aconf = GlobalConfList; aconf; aconf = aconf->next) { | |
360 | if (aconf->status != CONF_CLIENT) | |
361 | continue; | |
362 | /* If you change any of this logic, please make corresponding | |
363 | * changes in conf_debug_iline() below. | |
364 | */ | |
365 | if (aconf->address.port && aconf->address.port != cli_listener(cptr)->addr.port) | |
366 | continue; | |
367 | if (aconf->username && match(aconf->username, cli_username(cptr))) | |
368 | continue; | |
369 | if (aconf->host && match(aconf->host, cli_sockhost(cptr))) | |
370 | continue; | |
371 | if ((aconf->addrbits >= 0) | |
372 | && !ipmask_check(&cli_ip(cptr), &aconf->address.addr, aconf->addrbits)) | |
373 | continue; | |
374 | if (IPcheck_nr(cptr) > aconf->maximum) | |
375 | return ACR_TOO_MANY_FROM_IP; | |
376 | if (aconf->username) | |
377 | SetFlag(cptr, FLAG_DOID); | |
378 | return attach_conf(cptr, aconf); | |
379 | } | |
380 | return ACR_NO_AUTHORIZATION; | |
381 | } | |
382 | ||
383 | /** Interpret \a client as a client specifier and show which Client | |
384 | * block(s) match that client. | |
385 | * | |
386 | * The client specifier may contain an IP address, hostname, listener | |
387 | * port, or a combination of those separated by commas. IP addresses | |
388 | * and hostnamese may be preceded by "username@"; the last given | |
389 | * username will be used for the match. | |
390 | * | |
391 | * @param[in] client Client specifier. | |
392 | * @return Matching Client block structure. | |
393 | */ | |
394 | struct ConfItem *conf_debug_iline(const char *client) | |
395 | { | |
396 | struct irc_in_addr address; | |
397 | struct ConfItem *aconf; | |
398 | struct DenyConf *deny; | |
399 | char *sep; | |
400 | unsigned short listener; | |
401 | char username[USERLEN+1], hostname[HOSTLEN+1], realname[REALLEN+1]; | |
402 | ||
403 | /* Initialize variables. */ | |
404 | listener = 0; | |
405 | memset(&address, 0, sizeof(address)); | |
406 | memset(&username, 0, sizeof(username)); | |
407 | memset(&hostname, 0, sizeof(hostname)); | |
408 | memset(&realname, 0, sizeof(realname)); | |
409 | ||
410 | /* Parse client specifier. */ | |
411 | while (*client) { | |
412 | struct irc_in_addr tmpaddr; | |
413 | long tmp; | |
414 | ||
415 | /* Try to parse as listener port number first. */ | |
416 | tmp = strtol(client, &sep, 10); | |
417 | if (tmp && (*sep == '\0' || *sep == ',')) { | |
418 | listener = tmp; | |
419 | client = sep + (*sep != '\0'); | |
420 | continue; | |
421 | } | |
422 | ||
423 | /* Maybe username@ before an IP address or hostname? */ | |
424 | tmp = strcspn(client, ",@"); | |
425 | if (client[tmp] == '@') { | |
426 | if (tmp > USERLEN) | |
427 | tmp = USERLEN; | |
428 | ircd_strncpy(username, client, tmp); | |
429 | /* and fall through */ | |
430 | client += tmp + 1; | |
431 | } | |
432 | ||
433 | /* Looks like an IP address? */ | |
434 | tmp = ircd_aton(&tmpaddr, client); | |
435 | if (tmp && (client[tmp] == '\0' || client[tmp] == ',')) { | |
436 | memcpy(&address, &tmpaddr, sizeof(address)); | |
437 | client += tmp + (client[tmp] != '\0'); | |
438 | continue; | |
439 | } | |
440 | ||
441 | /* Realname? */ | |
442 | if (client[0] == '$' && client[1] == 'R') { | |
443 | client += 2; | |
444 | for (tmp = 0; *client != '\0' && *client != ',' && tmp < REALLEN; ++client, ++tmp) { | |
445 | if (*client == '\\') | |
446 | realname[tmp] = *++client; | |
447 | else | |
448 | realname[tmp] = *client; | |
449 | } | |
450 | continue; | |
451 | } | |
452 | ||
453 | /* Else must be a hostname. */ | |
454 | tmp = strcspn(client, ","); | |
455 | if (tmp > HOSTLEN) | |
456 | tmp = HOSTLEN; | |
457 | ircd_strncpy(hostname, client, tmp); | |
458 | client += tmp + (client[tmp] != '\0'); | |
459 | } | |
460 | ||
461 | /* Walk configuration to find matching Client block. */ | |
462 | for (aconf = GlobalConfList; aconf; aconf = aconf->next) { | |
463 | if (aconf->status != CONF_CLIENT) | |
464 | continue; | |
465 | if (aconf->address.port && aconf->address.port != listener) { | |
466 | fprintf(stdout, "Listener port mismatch: %u != %u\n", aconf->address.port, listener); | |
467 | continue; | |
468 | } | |
469 | if (aconf->username && match(aconf->username, username)) { | |
470 | fprintf(stdout, "Username mismatch: %s != %s\n", aconf->username, username); | |
471 | continue; | |
472 | } | |
473 | if (aconf->host && match(aconf->host, hostname)) { | |
474 | fprintf(stdout, "Hostname mismatch: %s != %s\n", aconf->host, hostname); | |
475 | continue; | |
476 | } | |
477 | if ((aconf->addrbits >= 0) | |
478 | && !ipmask_check(&address, &aconf->address.addr, aconf->addrbits)) { | |
479 | fprintf(stdout, "IP address mismatch: %s != %s\n", aconf->name, ircd_ntoa(&address)); | |
480 | continue; | |
481 | } | |
482 | fprintf(stdout, "Match! username=%s host=%s ip=%s class=%s maxlinks=%u password=%s\n", | |
483 | (aconf->username ? aconf->username : "(null)"), | |
484 | (aconf->host ? aconf->host : "(null)"), | |
485 | (aconf->name ? aconf->name : "(null)"), | |
052b069e | 486 | ConfClass(aconf), aconf->maximum, |
487 | (aconf->passwd ? aconf->passwd : "(null)")); | |
189935b1 | 488 | break; |
489 | } | |
490 | ||
491 | /* If no authorization, say so and exit. */ | |
492 | if (!aconf) | |
493 | { | |
494 | fprintf(stdout, "No authorization found.\n"); | |
495 | return NULL; | |
496 | } | |
497 | ||
498 | /* Look for a Kill block with the user's name on it. */ | |
499 | for (deny = denyConfList; deny; deny = deny->next) { | |
500 | if (deny->usermask && match(deny->usermask, username)) | |
501 | continue; | |
502 | if (deny->realmask && match(deny->realmask, realname)) | |
503 | continue; | |
504 | if (deny->bits > 0) { | |
505 | if (!ipmask_check(&address, &deny->address, deny->bits)) | |
506 | continue; | |
507 | } else if (deny->hostmask && match(deny->hostmask, hostname)) | |
508 | continue; | |
509 | ||
510 | /* Looks like a match; report it. */ | |
511 | fprintf(stdout, "Denied! usermask=%s realmask=\"%s\" hostmask=%s (bits=%u)\n", | |
512 | deny->usermask ? deny->usermask : "(null)", | |
513 | deny->realmask ? deny->realmask : "(null)", | |
514 | deny->hostmask ? deny->hostmask : "(null)", | |
515 | deny->bits); | |
516 | } | |
517 | ||
518 | return aconf; | |
519 | } | |
520 | ||
521 | /** Check whether a particular ConfItem is already attached to a | |
522 | * Client. | |
523 | * @param aconf ConfItem to search for | |
524 | * @param cptr Client to check | |
525 | * @return Non-zero if \a aconf is attached to \a cptr, zero if not. | |
526 | */ | |
527 | static int is_attached(struct ConfItem *aconf, struct Client *cptr) | |
528 | { | |
529 | struct SLink *lp; | |
530 | ||
531 | for (lp = cli_confs(cptr); lp; lp = lp->next) { | |
532 | if (lp->value.aconf == aconf) | |
533 | return 1; | |
534 | } | |
535 | return 0; | |
536 | } | |
537 | ||
538 | /** Associate a specific configuration entry to a *local* client (this | |
539 | * is the one which used in accepting the connection). Note, that this | |
540 | * automatically changes the attachment if there was an old one... | |
541 | * @param cptr Client to attach \a aconf to | |
542 | * @param aconf ConfItem to attach | |
543 | * @return Authorization check result. | |
544 | */ | |
545 | enum AuthorizationCheckResult attach_conf(struct Client *cptr, struct ConfItem *aconf) | |
546 | { | |
547 | struct SLink *lp; | |
548 | ||
549 | if (is_attached(aconf, cptr)) | |
550 | return ACR_ALREADY_AUTHORIZED; | |
551 | if (IsIllegal(aconf)) | |
552 | return ACR_NO_AUTHORIZATION; | |
553 | if ((aconf->status & (CONF_OPERATOR | CONF_CLIENT)) && | |
554 | ConfLinks(aconf) >= ConfMaxLinks(aconf) && ConfMaxLinks(aconf) > 0) | |
555 | return ACR_TOO_MANY_IN_CLASS; /* Use this for printing error message */ | |
556 | lp = make_link(); | |
557 | lp->next = cli_confs(cptr); | |
558 | lp->value.aconf = aconf; | |
559 | cli_confs(cptr) = lp; | |
560 | ++aconf->clients; | |
561 | if (aconf->status & CONF_CLIENT_MASK) | |
562 | ConfLinks(aconf)++; | |
563 | return ACR_OK; | |
564 | } | |
565 | ||
566 | /** Return our LocalConf configuration structure. | |
567 | * @return A pointer to #localConf. | |
568 | */ | |
569 | const struct LocalConf* conf_get_local(void) | |
570 | { | |
571 | return &localConf; | |
572 | } | |
573 | ||
574 | /** Attach ConfItems to a client if the name passed matches that for | |
575 | * the ConfItems or is an exact match for them. | |
576 | * @param cptr Client getting the ConfItem attachments. | |
577 | * @param name Filter to match ConfItem::name. | |
578 | * @param statmask Filter to limit ConfItem::status. | |
579 | * @return First ConfItem attached to \a cptr. | |
580 | */ | |
581 | struct ConfItem* attach_confs_byname(struct Client* cptr, const char* name, | |
582 | int statmask) | |
583 | { | |
584 | struct ConfItem* tmp; | |
585 | struct ConfItem* first = NULL; | |
586 | ||
587 | assert(0 != name); | |
588 | ||
589 | if (HOSTLEN < strlen(name)) | |
590 | return 0; | |
591 | ||
592 | for (tmp = GlobalConfList; tmp; tmp = tmp->next) { | |
593 | if (0 != (tmp->status & statmask) && !IsIllegal(tmp)) { | |
594 | assert(0 != tmp->name); | |
595 | if (0 == match(tmp->name, name) || 0 == ircd_strcmp(tmp->name, name)) { | |
596 | if (ACR_OK == attach_conf(cptr, tmp) && !first) | |
597 | first = tmp; | |
598 | } | |
599 | } | |
600 | } | |
601 | return first; | |
602 | } | |
603 | ||
604 | /** Attach ConfItems to a client if the host passed matches that for | |
605 | * the ConfItems or is an exact match for them. | |
606 | * @param cptr Client getting the ConfItem attachments. | |
607 | * @param host Filter to match ConfItem::host. | |
608 | * @param statmask Filter to limit ConfItem::status. | |
609 | * @return First ConfItem attached to \a cptr. | |
610 | */ | |
611 | struct ConfItem* attach_confs_byhost(struct Client* cptr, const char* host, | |
612 | int statmask) | |
613 | { | |
614 | struct ConfItem* tmp; | |
615 | struct ConfItem* first = 0; | |
616 | ||
617 | assert(0 != host); | |
618 | if (HOSTLEN < strlen(host)) | |
619 | return 0; | |
620 | ||
621 | for (tmp = GlobalConfList; tmp; tmp = tmp->next) { | |
622 | if (0 != (tmp->status & statmask) && !IsIllegal(tmp)) { | |
623 | assert(0 != tmp->host); | |
624 | if (0 == match(tmp->host, host) || 0 == ircd_strcmp(tmp->host, host)) { | |
625 | if (ACR_OK == attach_conf(cptr, tmp) && !first) | |
626 | first = tmp; | |
627 | } | |
628 | } | |
629 | } | |
630 | return first; | |
631 | } | |
632 | ||
633 | /** Find a ConfItem that has the same name and user+host fields as | |
634 | * specified. Requires an exact match for \a name. | |
635 | * @param name Name to match | |
636 | * @param cptr Client to match against | |
637 | * @param statmask Filter for ConfItem::status | |
638 | * @return First found matching ConfItem. | |
639 | */ | |
640 | struct ConfItem* find_conf_exact(const char* name, struct Client *cptr, int statmask) | |
641 | { | |
642 | struct ConfItem *tmp; | |
643 | ||
644 | for (tmp = GlobalConfList; tmp; tmp = tmp->next) { | |
645 | if (!(tmp->status & statmask) || !tmp->name || !tmp->host || | |
646 | 0 != ircd_strcmp(tmp->name, name)) | |
647 | continue; | |
648 | if (tmp->username | |
649 | && (EmptyString(cli_username(cptr)) | |
650 | || match(tmp->username, cli_username(cptr)))) | |
651 | continue; | |
652 | if (tmp->addrbits < 0) | |
653 | { | |
654 | if (match(tmp->host, cli_sockhost(cptr))) | |
655 | continue; | |
656 | } | |
657 | else if (!ipmask_check(&cli_ip(cptr), &tmp->address.addr, tmp->addrbits)) | |
658 | continue; | |
659 | if ((tmp->status & CONF_OPERATOR) | |
081bd606 | 660 | && (MaxLinks(tmp->conn_class) > 0) |
189935b1 | 661 | && (tmp->clients >= MaxLinks(tmp->conn_class))) |
662 | continue; | |
663 | return tmp; | |
664 | } | |
665 | return 0; | |
666 | } | |
667 | ||
668 | /** Find a ConfItem from a list that has a name that matches \a name. | |
669 | * @param lp List to search in. | |
670 | * @param name Filter for ConfItem::name field; matches either exactly | |
671 | * or as a glob. | |
672 | * @param statmask Filter for ConfItem::status. | |
673 | * @return First matching ConfItem from \a lp. | |
674 | */ | |
675 | struct ConfItem* find_conf_byname(struct SLink* lp, const char* name, | |
676 | int statmask) | |
677 | { | |
678 | struct ConfItem* tmp; | |
679 | assert(0 != name); | |
680 | ||
681 | if (HOSTLEN < strlen(name)) | |
682 | return 0; | |
683 | ||
684 | for (; lp; lp = lp->next) { | |
685 | tmp = lp->value.aconf; | |
686 | if (0 != (tmp->status & statmask)) { | |
687 | assert(0 != tmp->name); | |
688 | if (0 == ircd_strcmp(tmp->name, name) || 0 == match(tmp->name, name)) | |
689 | return tmp; | |
690 | } | |
691 | } | |
692 | return 0; | |
693 | } | |
694 | ||
695 | /** Find a ConfItem from a list that has a host that matches \a host. | |
696 | * @param lp List to search in. | |
697 | * @param host Filter for ConfItem::host field; matches as a glob. | |
698 | * @param statmask Filter for ConfItem::status. | |
699 | * @return First matching ConfItem from \a lp. | |
700 | */ | |
701 | struct ConfItem* find_conf_byhost(struct SLink* lp, const char* host, | |
702 | int statmask) | |
703 | { | |
704 | struct ConfItem* tmp = NULL; | |
705 | assert(0 != host); | |
706 | ||
707 | if (HOSTLEN < strlen(host)) | |
708 | return 0; | |
709 | ||
710 | for (; lp; lp = lp->next) { | |
711 | tmp = lp->value.aconf; | |
712 | if (0 != (tmp->status & statmask)) { | |
713 | assert(0 != tmp->host); | |
714 | if (0 == match(tmp->host, host)) | |
715 | return tmp; | |
716 | } | |
717 | } | |
718 | return 0; | |
719 | } | |
720 | ||
721 | /** Find a ConfItem from a list that has an address equal to \a ip. | |
722 | * @param lp List to search in. | |
723 | * @param ip Filter for ConfItem::address field; matches exactly. | |
724 | * @param statmask Filter for ConfItem::status. | |
725 | * @return First matching ConfItem from \a lp. | |
726 | */ | |
727 | struct ConfItem* find_conf_byip(struct SLink* lp, const struct irc_in_addr* ip, | |
728 | int statmask) | |
729 | { | |
730 | struct ConfItem* tmp; | |
731 | ||
732 | for (; lp; lp = lp->next) { | |
733 | tmp = lp->value.aconf; | |
734 | if (0 != (tmp->status & statmask) | |
735 | && !irc_in_addr_cmp(&tmp->address.addr, ip)) | |
736 | return tmp; | |
737 | } | |
738 | return 0; | |
739 | } | |
740 | ||
741 | /** Free all CRules from #cruleConfList. */ | |
742 | void conf_erase_crule_list(void) | |
743 | { | |
744 | struct CRuleConf* next; | |
745 | struct CRuleConf* p = cruleConfList; | |
746 | ||
747 | for ( ; p; p = next) { | |
748 | next = p->next; | |
749 | crule_free(&p->node); | |
750 | MyFree(p->hostmask); | |
751 | MyFree(p->rule); | |
752 | MyFree(p); | |
753 | } | |
754 | cruleConfList = 0; | |
755 | } | |
756 | ||
757 | /** Return #cruleConfList. | |
758 | * @return #cruleConfList | |
759 | */ | |
760 | const struct CRuleConf* conf_get_crule_list(void) | |
761 | { | |
762 | return cruleConfList; | |
763 | } | |
764 | ||
765 | /** Free all deny rules from #denyConfList. */ | |
766 | void conf_erase_deny_list(void) | |
767 | { | |
768 | struct DenyConf* next; | |
769 | struct DenyConf* p = denyConfList; | |
770 | for ( ; p; p = next) { | |
771 | next = p->next; | |
772 | MyFree(p->hostmask); | |
773 | MyFree(p->usermask); | |
774 | MyFree(p->message); | |
775 | MyFree(p->realmask); | |
776 | MyFree(p); | |
777 | } | |
778 | denyConfList = 0; | |
779 | } | |
780 | ||
781 | /** Return #denyConfList. | |
782 | * @return #denyConfList | |
783 | */ | |
784 | const struct DenyConf* conf_get_deny_list(void) | |
785 | { | |
786 | return denyConfList; | |
787 | } | |
788 | ||
789 | /** Find any existing quarantine for the named channel. | |
790 | * @param chname Channel name to search for. | |
791 | * @return Reason for channel's quarantine, or NULL if none exists. | |
792 | */ | |
793 | const char* | |
794 | find_quarantine(const char *chname) | |
795 | { | |
796 | struct qline *qline; | |
797 | ||
798 | for (qline = GlobalQuarantineList; qline; qline = qline->next) | |
799 | if (!ircd_strcmp(qline->chname, chname)) | |
800 | return qline->reason; | |
801 | return NULL; | |
802 | } | |
803 | ||
804 | /** Free all qline structs from #GlobalQuarantineList. */ | |
805 | void clear_quarantines(void) | |
806 | { | |
807 | struct qline *qline; | |
808 | while ((qline = GlobalQuarantineList)) | |
809 | { | |
810 | GlobalQuarantineList = qline->next; | |
811 | MyFree(qline->reason); | |
812 | MyFree(qline->chname); | |
813 | MyFree(qline); | |
814 | } | |
815 | } | |
816 | ||
817 | /** When non-zero, indicates that a configuration error has been seen in this pass. */ | |
818 | static int conf_error; | |
819 | /** When non-zero, indicates that the configuration file was loaded at least once. */ | |
820 | static int conf_already_read; | |
821 | extern FILE *yyin; | |
822 | extern void yyparse(void); | |
823 | extern void init_lexer(void); | |
824 | ||
825 | /** Read configuration file. | |
826 | * @return Zero on failure, non-zero on success. */ | |
827 | int read_configuration_file(void) | |
828 | { | |
829 | conf_error = 0; | |
830 | feature_unmark(); /* unmark all features for resetting later */ | |
951d56c0 | 831 | clear_nameservers(); /* clear previous list of DNS servers */ |
189935b1 | 832 | /* Now just open an fd. The buffering isn't really needed... */ |
833 | init_lexer(); | |
834 | yyparse(); | |
835 | fclose(yyin); | |
836 | yyin = NULL; | |
837 | feature_mark(); /* reset unmarked features */ | |
838 | conf_already_read = 1; | |
839 | return 1; | |
840 | } | |
841 | ||
842 | /** Report an error message about the configuration file. | |
843 | * @param msg The error to report. | |
844 | */ | |
845 | void | |
846 | yyerror(const char *msg) | |
847 | { | |
848 | sendto_opmask_butone(0, SNO_ALL, "Config file parse error line %d: %s", | |
849 | lineno, msg); | |
850 | log_write(LS_CONFIG, L_ERROR, 0, "Config file parse error line %d: %s", | |
851 | lineno, msg); | |
852 | if (!conf_already_read) | |
853 | fprintf(stderr, "Config file parse error line %d: %s\n", lineno, msg); | |
854 | conf_error = 1; | |
855 | } | |
856 | ||
857 | /** Attach CONF_UWORLD items to a server and everything attached to it. */ | |
858 | static void | |
859 | attach_conf_uworld(struct Client *cptr) | |
860 | { | |
861 | struct DLink *lp; | |
862 | ||
863 | attach_confs_byhost(cptr, cli_name(cptr), CONF_UWORLD); | |
864 | for (lp = cli_serv(cptr)->down; lp; lp = lp->next) | |
865 | attach_conf_uworld(lp->value.cptr); | |
866 | } | |
867 | ||
868 | /** Free all memory associated with service mapping \a smap. | |
869 | * @param smap[in] The mapping to free. | |
870 | */ | |
871 | void free_mapping(struct s_map *smap) | |
872 | { | |
873 | struct nick_host *nh, *next; | |
874 | for (nh = smap->services; nh; nh = next) | |
875 | { | |
876 | next = nh->next; | |
877 | MyFree(nh); | |
878 | } | |
879 | MyFree(smap->name); | |
880 | MyFree(smap->command); | |
881 | MyFree(smap->prepend); | |
882 | MyFree(smap); | |
883 | } | |
884 | ||
885 | /** Unregister and free all current service mappings. */ | |
886 | static void close_mappings(void) | |
887 | { | |
888 | struct s_map *map, *next; | |
889 | ||
890 | for (map = GlobalServiceMapList; map; map = next) { | |
891 | next = map->next; | |
892 | unregister_mapping(map); | |
893 | free_mapping(map); | |
894 | } | |
895 | GlobalServiceMapList = NULL; | |
896 | } | |
897 | ||
898 | /** Reload the configuration file. | |
899 | * @param cptr Client that requested rehash (if a signal, &me). | |
900 | * @param sig Type of rehash (0 = oper-requested, 1 = signal, 2 = | |
901 | * oper-requested but do not restart resolver) | |
902 | * @return CPTR_KILLED if any client was K/G-lined because of the | |
903 | * rehash; otherwise 0. | |
904 | */ | |
905 | int rehash(struct Client *cptr, int sig) | |
906 | { | |
907 | struct ConfItem** tmp = &GlobalConfList; | |
908 | struct ConfItem* tmp2; | |
909 | struct Client* acptr; | |
910 | int i; | |
911 | int ret = 0; | |
912 | int found_g = 0; | |
913 | ||
914 | if (1 == sig) | |
915 | sendto_opmask_butone(0, SNO_OLDSNO, | |
916 | "Got signal SIGHUP, reloading ircd conf. file"); | |
917 | ||
918 | while ((tmp2 = *tmp)) { | |
919 | if (tmp2->clients) { | |
920 | /* | |
921 | * Configuration entry is still in use by some | |
922 | * local clients, cannot delete it--mark it so | |
923 | * that it will be deleted when the last client | |
924 | * exits... | |
925 | */ | |
926 | if (CONF_CLIENT == (tmp2->status & CONF_CLIENT)) | |
927 | tmp = &tmp2->next; | |
928 | else { | |
929 | *tmp = tmp2->next; | |
930 | tmp2->next = 0; | |
931 | } | |
932 | tmp2->status |= CONF_ILLEGAL; | |
933 | } | |
934 | else { | |
935 | *tmp = tmp2->next; | |
936 | free_conf(tmp2); | |
937 | } | |
938 | } | |
939 | conf_erase_crule_list(); | |
940 | conf_erase_deny_list(); | |
941 | motd_clear(); | |
942 | ||
943 | /* | |
944 | * delete the juped nicks list | |
945 | */ | |
946 | clearNickJupes(); | |
947 | ||
948 | clear_quarantines(); | |
d8e74551 | 949 | clear_slines(); |
189935b1 | 950 | |
189935b1 | 951 | class_mark_delete(); |
952 | mark_listeners_closing(); | |
9f8856e9 | 953 | auth_mark_closing(); |
189935b1 | 954 | close_mappings(); |
955 | ||
956 | read_configuration_file(); | |
957 | ||
6697742c | 958 | if (sig != 2) |
959 | restart_resolver(); | |
960 | ||
189935b1 | 961 | log_reopen(); /* reopen log files */ |
962 | ||
9f8856e9 | 963 | auth_close_unused(); |
189935b1 | 964 | close_listeners(); |
965 | class_delete_marked(); /* unless it fails */ | |
966 | ||
967 | /* | |
968 | * Flush out deleted I and P lines although still in use. | |
969 | */ | |
970 | for (tmp = &GlobalConfList; (tmp2 = *tmp);) { | |
971 | if (CONF_ILLEGAL == (tmp2->status & CONF_ILLEGAL)) { | |
972 | *tmp = tmp2->next; | |
973 | tmp2->next = NULL; | |
974 | if (!tmp2->clients) | |
975 | free_conf(tmp2); | |
976 | } | |
977 | else | |
978 | tmp = &tmp2->next; | |
979 | } | |
980 | ||
981 | for (i = 0; i <= HighestFd; i++) { | |
982 | if ((acptr = LocalClientArray[i])) { | |
983 | assert(!IsMe(acptr)); | |
984 | if (IsServer(acptr)) | |
985 | det_confs_butmask(acptr, ~(CONF_UWORLD | CONF_ILLEGAL)); | |
986 | /* Because admin's are getting so uppity about people managing to | |
987 | * get past K/G's etc, we'll "fix" the bug by actually explaining | |
988 | * whats going on. | |
989 | */ | |
d8e74551 | 990 | if ((found_g = find_kill(acptr, 0))) { |
189935b1 | 991 | sendto_opmask_butone(0, found_g == -2 ? SNO_GLINE : SNO_OPERKILL, |
992 | found_g == -2 ? "G-line active for %s%s" : | |
993 | "K-line active for %s%s", | |
994 | IsUnknown(acptr) ? "Unregistered Client ":"", | |
995 | get_client_name(acptr, SHOW_IP)); | |
996 | if (exit_client(cptr, acptr, &me, found_g == -2 ? "G-lined" : | |
997 | "K-lined") == CPTR_KILLED) | |
998 | ret = CPTR_KILLED; | |
999 | } | |
1000 | } | |
1001 | } | |
1002 | ||
1003 | attach_conf_uworld(&me); | |
1004 | ||
1005 | return ret; | |
1006 | } | |
1007 | ||
1008 | /** Read configuration file for the very first time. | |
1009 | * @return Non-zero on success, zero on failure. | |
1010 | */ | |
1011 | ||
1012 | int init_conf(void) | |
1013 | { | |
1014 | if (read_configuration_file()) { | |
1015 | /* | |
1016 | * make sure we're sane to start if the config | |
1017 | * file read didn't get everything we need. | |
1018 | * XXX - should any of these abort the server? | |
1019 | * TODO: add warning messages | |
1020 | */ | |
1021 | if (0 == localConf.name || 0 == localConf.numeric) | |
1022 | return 0; | |
1023 | if (conf_error) | |
1024 | return 0; | |
1025 | ||
1026 | if (0 == localConf.location1) | |
1027 | DupString(localConf.location1, ""); | |
1028 | if (0 == localConf.location2) | |
1029 | DupString(localConf.location2, ""); | |
1030 | if (0 == localConf.contact) | |
1031 | DupString(localConf.contact, ""); | |
1032 | ||
1033 | return 1; | |
1034 | } | |
1035 | return 0; | |
1036 | } | |
1037 | ||
1038 | /** Searches for a K/G-line for a client. If one is found, notify the | |
1039 | * user and disconnect them. | |
1040 | * @param cptr Client to search for. | |
d8e74551 | 1041 | * @param glinecheck Whether we check for glines. |
189935b1 | 1042 | * @return 0 if client is accepted; -1 if client was locally denied |
1043 | * (K-line); -2 if client was globally denied (G-line). | |
1044 | */ | |
d8e74551 | 1045 | int find_kill(struct Client *cptr, int glinecheck) |
189935b1 | 1046 | { |
1047 | const char* host; | |
1048 | const char* name; | |
1049 | const char* realname; | |
1050 | struct DenyConf* deny; | |
1051 | struct Gline* agline = NULL; | |
1052 | ||
1053 | assert(0 != cptr); | |
1054 | ||
1055 | if (!cli_user(cptr)) | |
1056 | return 0; | |
1057 | ||
1058 | host = cli_sockhost(cptr); | |
1059 | name = cli_user(cptr)->username; | |
1060 | realname = cli_info(cptr); | |
1061 | ||
1062 | assert(strlen(host) <= HOSTLEN); | |
1063 | assert((name ? strlen(name) : 0) <= HOSTLEN); | |
1064 | assert((realname ? strlen(realname) : 0) <= REALLEN); | |
1065 | ||
1066 | /* 2000-07-14: Rewrote this loop for massive speed increases. | |
1067 | * -- Isomer | |
1068 | */ | |
1069 | for (deny = denyConfList; deny; deny = deny->next) { | |
1070 | if (deny->usermask && match(deny->usermask, name)) | |
1071 | continue; | |
1072 | if (deny->realmask && match(deny->realmask, realname)) | |
1073 | continue; | |
1074 | if (deny->bits > 0) { | |
1075 | if (!ipmask_check(&cli_ip(cptr), &deny->address, deny->bits)) | |
1076 | continue; | |
1077 | } else if (deny->hostmask && match(deny->hostmask, host)) | |
1078 | continue; | |
1079 | ||
1080 | if (EmptyString(deny->message)) | |
1081 | send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, | |
1082 | ":Connection from your host is refused on this server."); | |
1083 | else { | |
1084 | if (deny->flags & DENY_FLAGS_FILE) | |
1085 | killcomment(cptr, deny->message); | |
1086 | else | |
1087 | send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, ":%s.", deny->message); | |
1088 | } | |
1089 | return -1; | |
1090 | } | |
1091 | ||
d8e74551 | 1092 | /* added glinecheck to define if we check for glines too, shouldn't happen |
1093 | * when rehashing as it is causing problems with big servers and lots of glines. | |
1094 | * Think of a 18000 user leaf with 18000 glines present, this will probably | |
1095 | * cause the server to split from the net. | |
1096 | * -skater_x | |
1097 | */ | |
1098 | if (glinecheck && (agline = gline_lookup(cptr, 0)) && GlineIsActive(agline)) { | |
189935b1 | 1099 | /* |
1100 | * find active glines | |
1101 | * added a check against the user's IP address to find_gline() -Kev | |
1102 | */ | |
1103 | send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, ":%s.", GlineReason(agline)); | |
1104 | return -2; | |
1105 | } | |
1106 | ||
1107 | return 0; | |
1108 | } | |
1109 | ||
1110 | /** Attempt to attach Client blocks to \a cptr. If attach_iline() | |
1111 | * fails for the client, emit a debugging message. | |
1112 | * @param cptr Client to check for access. | |
1113 | * @return Access check result. | |
1114 | */ | |
1115 | enum AuthorizationCheckResult conf_check_client(struct Client *cptr) | |
1116 | { | |
1117 | enum AuthorizationCheckResult acr = ACR_OK; | |
1118 | ||
1119 | if ((acr = attach_iline(cptr))) { | |
1120 | Debug((DEBUG_DNS, "ch_cl: access denied: %s[%s]", | |
1121 | cli_name(cptr), cli_sockhost(cptr))); | |
1122 | return acr; | |
1123 | } | |
1124 | return ACR_OK; | |
1125 | } | |
1126 | ||
1127 | /** Check access for a server given its name (passed in cptr struct). | |
1128 | * Must check for all C/N lines which have a name which matches the | |
1129 | * name given and a host which matches. A host alias which is the | |
1130 | * same as the server name is also acceptable in the host field of a | |
1131 | * C/N line. | |
1132 | * @param cptr Peer server to check. | |
1133 | * @return 0 if accepted, -1 if access denied. | |
1134 | */ | |
1135 | int conf_check_server(struct Client *cptr) | |
1136 | { | |
1137 | struct ConfItem* c_conf = NULL; | |
1138 | struct SLink* lp; | |
1139 | ||
1140 | Debug((DEBUG_DNS, "sv_cl: check access for %s[%s]", | |
1141 | cli_name(cptr), cli_sockhost(cptr))); | |
1142 | ||
1143 | if (IsUnknown(cptr) && !attach_confs_byname(cptr, cli_name(cptr), CONF_SERVER)) { | |
1144 | Debug((DEBUG_DNS, "No C/N lines for %s", cli_sockhost(cptr))); | |
1145 | return -1; | |
1146 | } | |
1147 | lp = cli_confs(cptr); | |
1148 | /* | |
1149 | * We initiated this connection so the client should have a C and N | |
1150 | * line already attached after passing through the connect_server() | |
1151 | * function earlier. | |
1152 | */ | |
1153 | if (IsConnecting(cptr) || IsHandshake(cptr)) { | |
1154 | c_conf = find_conf_byname(lp, cli_name(cptr), CONF_SERVER); | |
1155 | if (!c_conf) { | |
1156 | sendto_opmask_butone(0, SNO_OLDSNO, | |
1157 | "Connect Error: lost Connect block for %s", | |
1158 | cli_name(cptr)); | |
1159 | det_confs_butmask(cptr, 0); | |
1160 | return -1; | |
1161 | } | |
1162 | } | |
1163 | ||
1164 | /* Try finding the Connect block by DNS name and IP next. */ | |
1165 | if (!c_conf && !(c_conf = find_conf_byhost(lp, cli_sockhost(cptr), CONF_SERVER))) | |
1166 | c_conf = find_conf_byip(lp, &cli_ip(cptr), CONF_SERVER); | |
1167 | ||
1168 | /* | |
1169 | * Attach by IP# only if all other checks have failed. | |
1170 | * It is quite possible to get here with the strange things that can | |
1171 | * happen when using DNS in the way the irc server does. -avalon | |
1172 | */ | |
1173 | if (!c_conf) | |
1174 | c_conf = find_conf_byip(lp, &cli_ip(cptr), CONF_SERVER); | |
1175 | /* | |
1176 | * detach all conf lines that got attached by attach_confs() | |
1177 | */ | |
1178 | det_confs_butmask(cptr, 0); | |
1179 | /* | |
1180 | * if no Connect block, then deny access | |
1181 | */ | |
1182 | if (!c_conf) { | |
1183 | Debug((DEBUG_DNS, "sv_cl: access denied: %s[%s@%s]", | |
1184 | cli_name(cptr), cli_username(cptr), cli_sockhost(cptr))); | |
1185 | return -1; | |
1186 | } | |
1187 | /* | |
1188 | * attach the Connect block to the client structure for later use. | |
1189 | */ | |
1190 | attach_conf(cptr, c_conf); | |
1191 | ||
1192 | if (!irc_in_addr_valid(&c_conf->address.addr)) | |
1193 | memcpy(&c_conf->address.addr, &cli_ip(cptr), sizeof(c_conf->address.addr)); | |
1194 | ||
1195 | Debug((DEBUG_DNS, "sv_cl: access ok: %s[%s]", | |
1196 | cli_name(cptr), cli_sockhost(cptr))); | |
1197 | return 0; | |
1198 | } | |
1199 | ||
d8e74551 | 1200 | void clear_slines(void) |
1201 | { | |
1202 | struct sline *sline; | |
1203 | while ((sline = GlobalSList)) { | |
1204 | GlobalSList = sline->next; | |
1205 | MyFree(sline->spoofhost); | |
1206 | if (!EmptyString(sline->passwd)) | |
1207 | MyFree(sline->passwd); | |
1208 | if (!EmptyString(sline->realhost)) | |
1209 | MyFree(sline->realhost); | |
1210 | if (!EmptyString(sline->username)) | |
1211 | MyFree(sline->username); | |
1212 | MyFree(sline); | |
1213 | } | |
1214 | } | |
1215 | ||
1216 | /* | |
1217 | * conf_check_slines() | |
1218 | * | |
1219 | * Check S lines for the specified client, passed in cptr struct. | |
1220 | * If the client's IP is S-lined, process the substitution here. | |
1221 | * | |
1222 | * Precondition | |
1223 | * cptr != NULL | |
1224 | * | |
1225 | * Returns | |
1226 | * 0 = No S-line found | |
1227 | * 1 = S-line found and substitution done. | |
1228 | * | |
1229 | * -mbuna 9/2001 | |
1230 | * -froo 1/2003 | |
1231 | * | |
1232 | */ | |
1233 | ||
1234 | int | |
1235 | conf_check_slines(struct Client *cptr) | |
1236 | { | |
1237 | struct sline *sconf; | |
1238 | char *hostonly; | |
1239 | ||
1240 | for (sconf = GlobalSList; sconf; sconf = sconf->next) { | |
1241 | if (sconf->flags == SLINE_FLAGS_IP) { | |
1242 | if (!ipmask_check(&(cli_ip(cptr)), &(sconf->address), sconf->bits)) | |
1243 | continue; | |
1244 | } else if (sconf->flags == SLINE_FLAGS_HOSTNAME) { | |
1245 | if ((match(sconf->realhost, cli_sockhost(cptr)) != 0) && | |
1246 | (match(sconf->realhost, cli_sock_ip(cptr)) != 0)) /* wildcarded IP address */ | |
1247 | continue; | |
1248 | } else { | |
1249 | continue; | |
1250 | } | |
1251 | ||
1252 | if (match(sconf->username, cli_user(cptr)->username) == 0) { | |
1253 | /* Ignore user part if u@h. */ | |
1254 | if ((hostonly = strchr(sconf->spoofhost, '@'))) | |
1255 | hostonly++; | |
1256 | else | |
1257 | hostonly = sconf->spoofhost; | |
1258 | ||
1259 | if(!*hostonly) | |
1260 | continue; | |
1261 | ||
1262 | ircd_strncpy(cli_user(cptr)->host, hostonly, HOSTLEN); | |
1263 | log_write(LS_USER, L_INFO, LOG_NOSNOTICE, "S-Line (%s@%s) by (%#R)", | |
1264 | cli_user(cptr)->username, hostonly, cptr); | |
1265 | return 1; | |
1266 | } | |
1267 | } | |
1268 | return 0; | |
1269 | } | |
1270 | ||
1271 | void free_spoofhost(struct sline *spoof) { | |
1272 | MyFree(spoof->spoofhost); | |
1273 | MyFree(spoof->passwd); | |
1274 | MyFree(spoof->realhost); | |
1275 | MyFree(spoof->username); | |
1276 | MyFree(spoof); | |
1277 | } |