]>
Commit | Line | Data |
---|---|---|
212380e3 AC |
1 | /* |
2 | * ircd-ratbox: A slightly useful ircd. | |
3 | * m_webirc.c: Makes CGI:IRC users appear as coming from their real host | |
4 | * | |
5 | * Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center | |
6 | * Copyright (C) 1996-2002 Hybrid Development Team | |
7 | * Copyright (C) 2002-2006 ircd-ratbox development team | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or modify | |
10 | * it under the terms of the GNU General Public License as published by | |
11 | * the Free Software Foundation; either version 2 of the License, or | |
12 | * (at your option) any later version. | |
13 | * | |
14 | * This program is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | * GNU General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU General Public License | |
20 | * along with this program; if not, write to the Free Software | |
21 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 | |
22 | * USA | |
212380e3 AC |
23 | */ |
24 | /* Usage: | |
25 | * auth { | |
26 | * user = "webirc@<cgiirc ip>"; # if identd used, put ident username instead | |
27 | * password = "<password>"; # encryption possible | |
28 | * spoof = "webirc." | |
29 | * class = "users"; | |
30 | * }; | |
31 | * Possible flags: | |
32 | * encrypted - password is encrypted (recommended) | |
aae358c0 | 33 | * kline_exempt - klines on the cgiirc ip are ignored |
212380e3 | 34 | * dlines are checked on the cgiirc ip (of course). |
170703fe | 35 | * k/d/x lines, auth blocks, user limits, etc are checked using the |
212380e3 AC |
36 | * real host/ip. |
37 | * The password should be specified unencrypted in webirc_password in | |
38 | * cgiirc.config | |
39 | */ | |
40 | ||
41 | #include "stdinc.h" | |
42 | #include "client.h" /* client struct */ | |
4562c604 | 43 | #include "match.h" |
212380e3 AC |
44 | #include "hostmask.h" |
45 | #include "send.h" /* sendto_one */ | |
46 | #include "numeric.h" /* ERR_xxx */ | |
47 | #include "ircd.h" /* me */ | |
48 | #include "msg.h" | |
49 | #include "parse.h" | |
50 | #include "modules.h" | |
51 | #include "s_serv.h" | |
52 | #include "hash.h" | |
53 | #include "s_conf.h" | |
477bbce4 | 54 | #include "reject.h" |
212380e3 | 55 | |
eeabf33a EM |
56 | static const char webirc_desc[] = "Adds support for the WebIRC system"; |
57 | ||
3c7d6fcc | 58 | static void mr_webirc(struct MsgBuf *msgbuf_p, struct Client *, struct Client *, int, const char **); |
212380e3 AC |
59 | |
60 | struct Message webirc_msgtab = { | |
7baa37a9 | 61 | "WEBIRC", 0, 0, 0, 0, |
4636e5cb | 62 | {{mr_webirc, 5}, mg_reg, mg_ignore, mg_ignore, mg_ignore, mg_reg} |
212380e3 AC |
63 | }; |
64 | ||
65 | mapi_clist_av1 webirc_clist[] = { &webirc_msgtab, NULL }; | |
02369fa7 | 66 | |
8ffc5173 EK |
67 | static void new_local_user(void *data); |
68 | mapi_hfn_list_av1 webirc_hfnlist[] = { | |
c500b0bd EK |
69 | /* unintuitive but correct--we want to be called first */ |
70 | { "new_local_user", (hookfn) new_local_user, HOOK_LOWEST }, | |
8ffc5173 EK |
71 | { NULL, NULL } |
72 | }; | |
73 | ||
74 | DECLARE_MODULE_AV2(webirc, NULL, NULL, webirc_clist, NULL, webirc_hfnlist, NULL, NULL, webirc_desc); | |
212380e3 AC |
75 | |
76 | /* | |
06c3a319 | 77 | * mr_webirc - webirc message handler |
212380e3 AC |
78 | * parv[1] = password |
79 | * parv[2] = fake username (we ignore this) | |
55abcbb2 | 80 | * parv[3] = fake hostname |
212380e3 AC |
81 | * parv[4] = fake ip |
82 | */ | |
3c7d6fcc | 83 | static void |
760bafda | 84 | mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) |
212380e3 AC |
85 | { |
86 | struct ConfItem *aconf; | |
87 | const char *encr; | |
0391874c | 88 | struct rb_sockaddr_storage addr; |
212380e3 | 89 | |
d6c81378 EK |
90 | int secure = 0; |
91 | ||
55abcbb2 | 92 | aconf = find_address_conf(client_p->host, client_p->sockhost, |
bdbe991f | 93 | IsGotId(client_p) ? client_p->username : "webirc", |
212380e3 AC |
94 | IsGotId(client_p) ? client_p->username : "webirc", |
95 | (struct sockaddr *) &client_p->localClient->ip, | |
c0949eb0 | 96 | GET_SS_FAMILY(&client_p->localClient->ip), NULL); |
212380e3 | 97 | if (aconf == NULL || !(aconf->status & CONF_CLIENT)) |
3c7d6fcc | 98 | return; |
27f616dd | 99 | if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->info.name, "webirc.")) |
212380e3 AC |
100 | { |
101 | /* XXX */ | |
102 | sendto_one(source_p, "NOTICE * :Not a CGI:IRC auth block"); | |
3c7d6fcc | 103 | return; |
212380e3 AC |
104 | } |
105 | if (EmptyString(aconf->passwd)) | |
106 | { | |
107 | sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password"); | |
3c7d6fcc | 108 | return; |
212380e3 | 109 | } |
ab4420cb EK |
110 | if (!IsSSL(source_p) && aconf->flags & CONF_FLAGS_NEED_SSL) |
111 | { | |
cccda2ff | 112 | sendto_one(source_p, "NOTICE * :Your CGI:IRC block requires TLS"); |
ab4420cb EK |
113 | return; |
114 | } | |
212380e3 AC |
115 | |
116 | if (EmptyString(parv[1])) | |
117 | encr = ""; | |
118 | else if (IsConfEncrypted(aconf)) | |
f85a5a3f | 119 | encr = rb_crypt(parv[1], aconf->passwd); |
212380e3 AC |
120 | else |
121 | encr = parv[1]; | |
122 | ||
e69375f3 | 123 | if (encr == NULL || strcmp(encr, aconf->passwd)) |
212380e3 AC |
124 | { |
125 | sendto_one(source_p, "NOTICE * :CGI:IRC password incorrect"); | |
3c7d6fcc | 126 | return; |
212380e3 AC |
127 | } |
128 | ||
17809d2d | 129 | if (rb_inet_pton_sock(parv[4], &addr) <= 0) |
0391874c JT |
130 | { |
131 | sendto_one(source_p, "NOTICE * :Invalid IP"); | |
3c7d6fcc | 132 | return; |
0391874c | 133 | } |
bdbe991f | 134 | |
2355be38 SA |
135 | source_p->localClient->ip = addr; |
136 | ||
d6c81378 EK |
137 | if (parc >= 6) |
138 | { | |
a6b97b7d EK |
139 | const char *s; |
140 | for (s = parv[5]; s != NULL; (s = strchr(s, ' ')) && s++) | |
d6c81378 | 141 | { |
a6b97b7d | 142 | if (!ircncmp(s, "secure", 6) && (s[6] == '=' || s[6] == ' ' || s[6] == '\0')) |
d6c81378 EK |
143 | secure = 1; |
144 | } | |
145 | } | |
146 | ||
147 | if (secure && !IsSSL(source_p)) | |
148 | { | |
149 | sendto_one(source_p, "NOTICE * :CGI:IRC is not connected securely; marking you as insecure"); | |
11ef0e2b | 150 | secure = 0; |
d6c81378 EK |
151 | } |
152 | ||
153 | if (!secure) | |
154 | { | |
155 | SetInsecure(source_p); | |
156 | } | |
157 | ||
2355be38 SA |
158 | rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost)); |
159 | ||
212380e3 | 160 | if(strlen(parv[3]) <= HOSTLEN) |
f427c8b0 | 161 | rb_strlcpy(source_p->host, parv[3], sizeof(source_p->host)); |
212380e3 | 162 | else |
f427c8b0 | 163 | rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host)); |
0391874c | 164 | |
170703fe | 165 | /* Check dlines now, klines will be checked on registration */ |
55abcbb2 | 166 | if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip, |
c0949eb0 | 167 | GET_SS_FAMILY(&source_p->localClient->ip)))) |
212380e3 AC |
168 | { |
169 | if(!(aconf->status & CONF_EXEMPTDLINE)) | |
170 | { | |
171 | exit_client(client_p, source_p, &me, "D-lined"); | |
3c7d6fcc | 172 | return; |
212380e3 AC |
173 | } |
174 | } | |
175 | ||
176 | sendto_one(source_p, "NOTICE * :CGI:IRC host/IP set to %s %s", parv[3], parv[4]); | |
212380e3 | 177 | } |
8ffc5173 EK |
178 | |
179 | static void | |
180 | new_local_user(void *data) | |
181 | { | |
182 | struct Client *source_p = data; | |
183 | struct ConfItem *aconf = source_p->localClient->att_conf; | |
184 | ||
185 | if (!irccmp(aconf->info.name, "webirc.")) | |
186 | exit_client(source_p, source_p, &me, "Cannot log in using a WEBIRC block"); | |
187 | } |