X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/715b28fefd0e9b923fd816ef130ab88f92aba47d..4859b814a5d8e99a85a951c21360c6b4922920a6:/src/s_serv.c diff --git a/src/s_serv.c b/src/s_serv.c index be25f8b..161dc81 100644 --- a/src/s_serv.c +++ b/src/s_serv.c @@ -21,7 +21,6 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA * - * $Id: s_serv.c 3550 2007-08-09 06:47:26Z nenolod $ */ #include "stdinc.h" @@ -54,17 +53,12 @@ #include "msg.h" #include "reject.h" #include "sslproc.h" - -extern char *crypt(); +#include "irc_dictionary.h" #ifndef INADDR_NONE #define INADDR_NONE ((unsigned int) 0xffffffff) #endif -#ifndef HAVE_SOCKETPAIR -static int inet_socketpair(int d, int type, int protocol, int sv[2]); -#endif - int MaxConnectionCount = 1; int MaxClientCount = 1; int refresh_user_links = 0; @@ -93,6 +87,9 @@ struct Capability captab[] = { { "RSFNC", CAP_RSFNC }, { "SAVE", CAP_SAVE }, { "EUID", CAP_EUID }, + { "EOPMOD", CAP_EOPMOD }, + { "BAN", CAP_BAN }, + { "MLOCK", CAP_MLOCK }, {0, 0} }; @@ -158,41 +155,23 @@ hunt_server(struct Client *client_p, struct Client *source_p, * Again, if there are no wild cards involved in the server * name, use the hash lookup */ - if(!target_p) + if(!target_p && wilds) { - if(!wilds) + RB_DLINK_FOREACH(ptr, global_serv_list.head) { - if(MyClient(source_p) || !IsDigit(parv[server][0])) - sendto_one_numeric(source_p, ERR_NOSUCHSERVER, - form_str(ERR_NOSUCHSERVER), - parv[server]); - return (HUNTED_NOSUCH); - } - else - { - target_p = NULL; - - RB_DLINK_FOREACH(ptr, global_client_list.head) + if(match(new, ((struct Client *) (ptr->data))->name)) { - if(match(new, ((struct Client *) (ptr->data))->name)) - { - target_p = ptr->data; - break; - } + target_p = ptr->data; + break; } } } + if(target_p && !IsRegistered(target_p)) + target_p = NULL; + if(target_p) { - if(!IsRegistered(target_p)) - { - sendto_one_numeric(source_p, ERR_NOSUCHSERVER, - form_str(ERR_NOSUCHSERVER), - parv[server]); - return HUNTED_NOSUCH; - } - if(IsMe(target_p) || MyClient(target_p)) return HUNTED_ISME; @@ -341,20 +320,31 @@ check_server(const char *name, struct Client *client_p) { error = -2; - if(ServerConfEncrypted(tmp_p)) + if(tmp_p->passwd) { - if(!strcmp(tmp_p->passwd, crypt(client_p->localClient->passwd, - tmp_p->passwd))) + if(ServerConfEncrypted(tmp_p)) { - server_p = tmp_p; - break; + if(!strcmp(tmp_p->passwd, rb_crypt(client_p->localClient->passwd, + tmp_p->passwd))) + { + server_p = tmp_p; + break; + } + else + continue; } + else if(strcmp(tmp_p->passwd, client_p->localClient->passwd)) + continue; } - else if(!strcmp(tmp_p->passwd, client_p->localClient->passwd)) + + if(tmp_p->certfp) { - server_p = tmp_p; - break; + if(!client_p->certfp || strcasecmp(tmp_p->certfp, client_p->certfp) != 0) + continue; } + + server_p = tmp_p; + break; } } @@ -414,6 +404,67 @@ send_capabilities(struct Client *client_p, int cap_can_send) sendto_one(client_p, "CAPAB :%s", msgbuf); } +static void +burst_ban(struct Client *client_p) +{ + rb_dlink_node *ptr; + struct ConfItem *aconf; + const char *type, *oper; + /* +5 for !,@,{,} and null */ + char operbuf[NICKLEN + USERLEN + HOSTLEN + HOSTLEN + 5]; + char *p; + size_t melen; + + melen = strlen(me.name); + RB_DLINK_FOREACH(ptr, prop_bans.head) + { + aconf = ptr->data; + + /* Skip expired stuff. */ + if(aconf->lifetime < rb_current_time()) + continue; + switch(aconf->status & ~CONF_ILLEGAL) + { + case CONF_KILL: type = "K"; break; + case CONF_DLINE: type = "D"; break; + case CONF_XLINE: type = "X"; break; + case CONF_RESV_NICK: type = "R"; break; + case CONF_RESV_CHANNEL: type = "R"; break; + default: + continue; + } + oper = aconf->info.oper; + if(aconf->flags & CONF_FLAGS_MYOPER) + { + /* Our operator{} names may not be meaningful + * to other servers, so rewrite to our server + * name. + */ + rb_strlcpy(operbuf, aconf->info.oper, sizeof buf); + p = strrchr(operbuf, '{'); + if (p != NULL && + operbuf + sizeof operbuf - p > (ptrdiff_t)(melen + 2)) + { + memcpy(p + 1, me.name, melen); + p[melen + 1] = '}'; + p[melen + 2] = '\0'; + oper = operbuf; + } + } + sendto_one(client_p, ":%s BAN %s %s %s %lu %d %d %s :%s%s%s", + me.id, + type, + aconf->user ? aconf->user : "*", aconf->host, + (unsigned long)aconf->created, + (int)(aconf->hold - aconf->created), + (int)(aconf->lifetime - aconf->created), + oper, + aconf->passwd, + aconf->spasswd ? "|" : "", + aconf->spasswd ? aconf->spasswd : ""); + } +} + /* burst_modes_TS6() * * input - client to burst to, channel name, list to burst, mode flag @@ -492,6 +543,8 @@ burst_TS6(struct Client *client_p) char *t; int tlen, mlen; int cur_len = 0; + struct Metadata *md; + struct DictionaryIter iter; hclientinfo.client = hchaninfo.client = client_p; @@ -509,7 +562,7 @@ burst_TS6(struct Client *client_p) ubuf[1] = '\0'; } - if(has_id(target_p) && IsCapable(client_p, CAP_EUID)) + if(IsCapable(client_p, CAP_EUID)) sendto_one(client_p, ":%s EUID %s %d %ld %s %s %s %s %s %s %s :%s", target_p->servptr->id, target_p->name, target_p->hopcount + 1, @@ -520,7 +573,7 @@ burst_TS6(struct Client *client_p) IsDynSpoof(target_p) ? target_p->orighost : "*", EmptyString(target_p->user->suser) ? "*" : target_p->user->suser, target_p->info); - else if(has_id(target_p)) + else sendto_one(client_p, ":%s UID %s %d %ld %s %s %s %s %s :%s", target_p->servptr->id, target_p->name, target_p->hopcount + 1, @@ -528,16 +581,12 @@ burst_TS6(struct Client *client_p) target_p->username, target_p->host, IsIPSpoof(target_p) ? "0" : target_p->sockhost, target_p->id, target_p->info); - else - sendto_one(client_p, "NICK %s %d %ld %s %s %s %s :%s", - target_p->name, - target_p->hopcount + 1, - (long) target_p->tsinfo, - ubuf, - target_p->username, target_p->host, - target_p->servptr->name, target_p->info); - - if(!has_id(target_p) || !IsCapable(client_p, CAP_EUID)) + + if(!EmptyString(target_p->certfp)) + sendto_one(client_p, ":%s ENCAP * CERTFP :%s", + use_id(target_p), target_p->certfp); + + if(!IsCapable(client_p, CAP_EUID)) { if(IsDynSpoof(target_p)) sendto_one(client_p, ":%s ENCAP * REALHOST %s", @@ -547,6 +596,12 @@ burst_TS6(struct Client *client_p) use_id(target_p), target_p->user->suser); } + DICTIONARY_FOREACH(md, &iter, target_p->user->metadata) + { + sendto_one(client_p, ":%s ENCAP * METADATA ADD %s %s :%s", + use_id(&me), use_id(target_p), md->name, md->value); + } + if(ConfigFileEntry.burst_away && !EmptyString(target_p->user->away)) sendto_one(client_p, ":%s AWAY :%s", use_id(target_p), @@ -574,8 +629,12 @@ burst_TS6(struct Client *client_p) msptr = uptr->data; tlen = strlen(use_id(msptr->client_p)) + 1; + if(is_admin(msptr)) + tlen++; if(is_chanop(msptr)) tlen++; + if(is_halfop(msptr)) + tlen++; if(is_voiced(msptr)) tlen++; @@ -601,6 +660,14 @@ burst_TS6(struct Client *client_p) } sendto_one(client_p, "%s", buf); + DICTIONARY_FOREACH(md, &iter, chptr->metadata) + { + /* don't bother bursting +J metadata */ + if(!(md->name[0] == 'K')) + sendto_one(client_p, ":%s ENCAP * METADATA ADD %s %s :%s", + use_id(&me), chptr->chname, md->name, md->value); + } + if(rb_dlink_list_length(&chptr->banlist) > 0) burst_modes_TS6(client_p, chptr, &chptr->banlist, 'b'); @@ -622,6 +689,11 @@ burst_TS6(struct Client *client_p) ConfigChannel.burst_topicwho ? " " : "", chptr->topic); + if(IsCapable(client_p, CAP_MLOCK)) + sendto_one(client_p, ":%s MLOCK %ld %s :%s", + me.id, (long) chptr->channelts, chptr->chname, + EmptyString(chptr->mode_lock) ? "" : chptr->mode_lock); + hchaninfo.chptr = chptr; call_hook(h_burst_channel, &hchaninfo); } @@ -720,15 +792,9 @@ server_estab(struct Client *client_p) if(IsUnknown(client_p)) { - /* - * jdc -- 1. Use EmptyString(), not [0] index reference. - * 2. Check ->spasswd, not ->passwd. - */ - if(!EmptyString(server_p->spasswd)) - { - sendto_one(client_p, "PASS %s TS %d :%s", - server_p->spasswd, TS_CURRENT, me.id); - } + /* the server may be linking based on certificate fingerprint now. --nenolod */ + sendto_one(client_p, "PASS %s TS %d :%s", + EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id); /* pass info to new server */ send_capabilities(client_p, default_server_capabs @@ -762,7 +828,6 @@ server_estab(struct Client *client_p) set_chcap_usage_counts(client_p); rb_dlinkAdd(client_p, &client_p->lnode, &me.serv->servers); - del_unknown_ip(client_p); rb_dlinkMoveNode(&client_p->localClient->tnode, &unknown_list, &serv_list); rb_dlinkAddTailAlloc(client_p, &global_serv_list); @@ -888,6 +953,9 @@ server_estab(struct Client *client_p) target_p->serv->fullcaps); } + if(IsCapable(client_p, CAP_BAN)) + burst_ban(client_p); + burst_TS6(client_p); /* Always send a PING after connect burst is done */ @@ -895,8 +963,7 @@ server_estab(struct Client *client_p) free_pre_client(client_p); - if (!IsCapable(client_p, CAP_ZIP)) - send_pop_queue(client_p); + send_pop_queue(client_p); return 0; } @@ -1178,32 +1245,32 @@ serv_connect(struct server_conf *server_p, struct Client *by) } } -static void -serv_connect_ev(void *data) -{ - struct Client *client_p = data; - serv_connect_callback(client_p->localClient->F, RB_OK, client_p); -} - static void serv_connect_ssl_callback(rb_fde_t *F, int status, void *data) { struct Client *client_p = data; rb_fde_t *xF[2]; + rb_connect_sockaddr(F, (struct sockaddr *)&client_p->localClient->ip, sizeof(client_p->localClient->ip)); if(status != RB_OK) { - /* XXX deal with failure */ + /* Print error message, just like non-SSL. */ + serv_connect_callback(F, status, data); return; } - rb_connect_sockaddr(F, (struct sockaddr *)&client_p->localClient->ip, sizeof(client_p->localClient->ip)); - rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Outgoing ssld connection"); + if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Outgoing ssld connection") == -1) + { + ilog_error("rb_socketpair failed for server"); + serv_connect_callback(F, RB_ERROR, data); + return; + + } del_from_cli_fd_hash(client_p); client_p->localClient->F = xF[0]; add_to_cli_fd_hash(client_p); client_p->localClient->ssl_ctl = start_ssld_connect(F, xF[1], rb_get_fd(xF[0])); SetSSL(client_p); - rb_event_addonce("serv_connect_ev", serv_connect_ev, client_p, 1); + serv_connect_callback(client_p->localClient->F, RB_OK, client_p); } /* @@ -1288,14 +1355,9 @@ serv_connect_callback(rb_fde_t *F, int status, void *data) /* Next, send the initial handshake */ SetHandshake(client_p); - /* kludge, if we're not using TS6, dont ever send - * ourselves as being TS6 capable. - */ - if(!EmptyString(server_p->spasswd)) - { - sendto_one(client_p, "PASS %s TS %d :%s", - server_p->spasswd, TS_CURRENT, me.id); - } + /* the server may be linking based on certificate fingerprint now. --nenolod */ + sendto_one(client_p, "PASS %s TS %d :%s", + EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id); /* pass my info to the new server */ send_capabilities(client_p, default_server_capabs @@ -1323,60 +1385,3 @@ serv_connect_callback(rb_fde_t *F, int status, void *data) /* If we get here, we're ok, so lets start reading some data */ read_packet(F, client_p); } - -#ifndef HAVE_SOCKETPAIR -static int -inet_socketpair(int d, int type, int protocol, int sv[2]) -{ - struct sockaddr_in addr1, addr2, addr3; - int addr3_len = sizeof(addr3); - int fd, rc; - int port_no = 20000; - - if(d != AF_INET || type != SOCK_STREAM || protocol) - { - errno = EAFNOSUPPORT; - return -1; - } - if(((sv[0] = socket(AF_INET, SOCK_STREAM, 0)) < 0) || ((sv[1] = socket(AF_INET, SOCK_STREAM, 0)) < 0)) - return -1; - - addr1.sin_port = htons(port_no); - addr1.sin_family = AF_INET; - addr1.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - while ((rc = bind (sv[0], (struct sockaddr *) &addr1, sizeof (addr1))) < 0 && errno == EADDRINUSE) - addr1.sin_port = htons(++port_no); - - if(rc < 0) - return -1; - - if(listen(sv[0], 1) < 0) - { - close(sv[0]); - close(sv[1]); - return -1; - } - - addr2.sin_port = htons(port_no); - addr2.sin_family = AF_INET; - addr2.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - if(connect (sv[1], (struct sockaddr *) &addr2, sizeof (addr2)) < 0) - { - close(sv[0]); - close(sv[1]); - return -1; - } - - if((fd = accept(sv[1], (struct sockaddr *) &addr3, &addr3_len)) < 0) - { - close(sv[0]); - close(sv[1]); - return -1; - } - close(sv[0]); - sv[0] = fd; - - return(0); - -} -#endif