X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/4606e8fc6c29342fe831541ea5fcd6617e4e372f..e8e3ef0dfb6fbe28c07e34599f0f48336792b4b3:/src/s_serv.c

diff --git a/src/s_serv.c b/src/s_serv.c
index 10c0fab..79a318c 100644
--- a/src/s_serv.c
+++ b/src/s_serv.c
@@ -21,7 +21,6 @@
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
  *  USA
  *
- *  $Id: s_serv.c 3550 2007-08-09 06:47:26Z nenolod $
  */
 
 #include "stdinc.h"
@@ -54,6 +53,7 @@
 #include "msg.h"
 #include "reject.h"
 #include "sslproc.h"
+#include "irc_dictionary.h"
 
 #ifndef INADDR_NONE
 #define INADDR_NONE ((unsigned int) 0xffffffff)
@@ -88,6 +88,8 @@ struct Capability captab[] = {
 	{ "SAVE",	CAP_SAVE },
 	{ "EUID",	CAP_EUID },
 	{ "EOPMOD",	CAP_EOPMOD },
+	{ "BAN",	CAP_BAN },
+	{ "MLOCK",	CAP_MLOCK },
 	{0, 0}
 };
 
@@ -318,20 +320,31 @@ check_server(const char *name, struct Client *client_p)
 		{
 			error = -2;
 
-			if(ServerConfEncrypted(tmp_p))
+			if(tmp_p->passwd)
 			{
-				if(!strcmp(tmp_p->passwd, rb_crypt(client_p->localClient->passwd,
-								tmp_p->passwd)))
+				if(ServerConfEncrypted(tmp_p))
 				{
-					server_p = tmp_p;
-					break;
+					if(!strcmp(tmp_p->passwd, rb_crypt(client_p->localClient->passwd,
+									tmp_p->passwd)))
+					{
+						server_p = tmp_p;
+						break;
+					}
+					else
+						continue;
 				}
+				else if(strcmp(tmp_p->passwd, client_p->localClient->passwd))
+					continue;
 			}
-			else if(!strcmp(tmp_p->passwd, client_p->localClient->passwd))
+
+			if(tmp_p->certfp)
 			{
-				server_p = tmp_p;
-				break;
+				if(!client_p->certfp || strcasecmp(tmp_p->certfp, client_p->certfp) != 0)
+					continue;
 			}
+
+			server_p = tmp_p;
+			break;
 		}
 	}
 
@@ -391,6 +404,67 @@ send_capabilities(struct Client *client_p, int cap_can_send)
 	sendto_one(client_p, "CAPAB :%s", msgbuf);
 }
 
+static void
+burst_ban(struct Client *client_p)
+{
+	rb_dlink_node *ptr;
+	struct ConfItem *aconf;
+	const char *type, *oper;
+	/* +5 for !,@,{,} and null */
+	char operbuf[NICKLEN + USERLEN + HOSTLEN + HOSTLEN + 5];
+	char *p;
+	size_t melen;
+
+	melen = strlen(me.name);
+	RB_DLINK_FOREACH(ptr, prop_bans.head)
+	{
+		aconf = ptr->data;
+
+		/* Skip expired stuff. */
+		if(aconf->lifetime < rb_current_time())
+			continue;
+		switch(aconf->status & ~CONF_ILLEGAL)
+		{
+			case CONF_KILL: type = "K"; break;
+			case CONF_DLINE: type = "D"; break;
+			case CONF_XLINE: type = "X"; break;
+			case CONF_RESV_NICK: type = "R"; break;
+			case CONF_RESV_CHANNEL: type = "R"; break;
+			default:
+				continue;
+		}
+		oper = aconf->info.oper;
+		if(aconf->flags & CONF_FLAGS_MYOPER)
+		{
+			/* Our operator{} names may not be meaningful
+			 * to other servers, so rewrite to our server
+			 * name.
+			 */
+			rb_strlcpy(operbuf, aconf->info.oper, sizeof buf);
+			p = strrchr(operbuf, '{');
+			if (p != NULL &&
+					operbuf + sizeof operbuf - p > (ptrdiff_t)(melen + 2))
+			{
+				memcpy(p + 1, me.name, melen);
+				p[melen + 1] = '}';
+				p[melen + 2] = '\0';
+				oper = operbuf;
+			}
+		}
+		sendto_one(client_p, ":%s BAN %s %s %s %lu %d %d %s :%s%s%s",
+				me.id,
+				type,
+				aconf->user ? aconf->user : "*", aconf->host,
+				(unsigned long)aconf->created,
+				(int)(aconf->hold - aconf->created),
+				(int)(aconf->lifetime - aconf->created),
+				oper,
+				aconf->passwd,
+				aconf->spasswd ? "|" : "",
+				aconf->spasswd ? aconf->spasswd : "");
+	}
+}
+
 /* burst_modes_TS6()
  *
  * input	- client to burst to, channel name, list to burst, mode flag
@@ -469,6 +543,8 @@ burst_TS6(struct Client *client_p)
 	char *t;
 	int tlen, mlen;
 	int cur_len = 0;
+	struct Metadata *md;
+	struct DictionaryIter iter;
 
 	hclientinfo.client = hchaninfo.client = client_p;
 
@@ -506,6 +582,10 @@ burst_TS6(struct Client *client_p)
 				   IsIPSpoof(target_p) ? "0" : target_p->sockhost,
 				   target_p->id, target_p->info);
 
+		if(!EmptyString(target_p->certfp))
+			sendto_one(client_p, ":%s ENCAP * CERTFP :%s",
+					use_id(target_p), target_p->certfp);
+
 		if(!IsCapable(client_p, CAP_EUID))
 		{
 			if(IsDynSpoof(target_p))
@@ -516,6 +596,12 @@ burst_TS6(struct Client *client_p)
 						use_id(target_p), target_p->user->suser);
 		}
 
+		DICTIONARY_FOREACH(md, &iter, target_p->user->metadata)
+		{
+			sendto_one(client_p, ":%s ENCAP * METADATA ADD %s %s :%s",
+				   use_id(&me), use_id(target_p), md->name, md->value);
+		}
+
 		if(ConfigFileEntry.burst_away && !EmptyString(target_p->user->away))
 			sendto_one(client_p, ":%s AWAY :%s",
 				   use_id(target_p),
@@ -543,8 +629,12 @@ burst_TS6(struct Client *client_p)
 			msptr = uptr->data;
 
 			tlen = strlen(use_id(msptr->client_p)) + 1;
+			if(is_admin(msptr))
+				tlen++;
 			if(is_chanop(msptr))
 				tlen++;
+			if(is_halfop(msptr))
+				tlen++;
 			if(is_voiced(msptr))
 				tlen++;
 
@@ -570,6 +660,14 @@ burst_TS6(struct Client *client_p)
 		}
 		sendto_one(client_p, "%s", buf);
 
+		DICTIONARY_FOREACH(md, &iter, chptr->metadata)
+		{
+			/* don't bother bursting +J metadata */
+			if(!(md->name[0] == 'K'))
+				sendto_one(client_p, ":%s ENCAP * METADATA ADD %s %s :%s",
+					   use_id(&me), chptr->chname, md->name, md->value);
+		}
+
 		if(rb_dlink_list_length(&chptr->banlist) > 0)
 			burst_modes_TS6(client_p, chptr, &chptr->banlist, 'b');
 
@@ -591,6 +689,11 @@ burst_TS6(struct Client *client_p)
 				   ConfigChannel.burst_topicwho ? " " : "",
 				   chptr->topic);
 
+		if(IsCapable(client_p, CAP_MLOCK))
+			sendto_one(client_p, ":%s MLOCK %ld %s :%s",
+				   me.id, (long) chptr->channelts, chptr->chname,
+				   EmptyString(chptr->mode_lock) ? "" : chptr->mode_lock);
+
 		hchaninfo.chptr = chptr;
 		call_hook(h_burst_channel, &hchaninfo);
 	}
@@ -689,15 +792,9 @@ server_estab(struct Client *client_p)
 
 	if(IsUnknown(client_p))
 	{
-		/*
-		 * jdc -- 1.  Use EmptyString(), not [0] index reference.
-		 *        2.  Check ->spasswd, not ->passwd.
-		 */
-		if(!EmptyString(server_p->spasswd))
-		{
-			sendto_one(client_p, "PASS %s TS %d :%s", 
-				   server_p->spasswd, TS_CURRENT, me.id);
-		}
+		/* the server may be linking based on certificate fingerprint now. --nenolod */
+		sendto_one(client_p, "PASS %s TS %d :%s", 
+			   EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);
 
 		/* pass info to new server */
 		send_capabilities(client_p, default_server_capabs
@@ -856,6 +953,9 @@ server_estab(struct Client *client_p)
 					target_p->serv->fullcaps);
 	}
 
+	if(IsCapable(client_p, CAP_BAN))
+		burst_ban(client_p);
+
 	burst_TS6(client_p);
 
 	/* Always send a PING after connect burst is done */
@@ -1255,11 +1355,9 @@ serv_connect_callback(rb_fde_t *F, int status, void *data)
 	/* Next, send the initial handshake */
 	SetHandshake(client_p);
 
-	if(!EmptyString(server_p->spasswd))
-	{
-		sendto_one(client_p, "PASS %s TS %d :%s", 
-			   server_p->spasswd, TS_CURRENT, me.id);
-	}
+	/* the server may be linking based on certificate fingerprint now. --nenolod */
+	sendto_one(client_p, "PASS %s TS %d :%s", 
+		   EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);
 
 	/* pass my info to the new server */
 	send_capabilities(client_p, default_server_capabs