[solanum.git] / extensions / filter.c

/*
 *  ircd-ratbox: A slightly useful ircd.
 *  filter.c: Drop messages we don't like
 *
 *  Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
 *  Copyright (C) 1996-2002 Hybrid Development Team
 *  Copyright (C) 2002-2005 ircd-ratbox development team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
 *  $Id$
 */

#include "stdinc.h"
#include "channel.h"
#include "client.h"
#include "chmode.h"
#include "match.h"
#include "ircd.h"
#include "numeric.h"
#include "send.h"
#include "s_newconf.h"
#include "s_serv.h"
#include "s_user.h"
#include "msg.h"
#include "parse.h"
#include "modules.h"
#include "operhash.h"
#include "inline/stringops.h"
#include "msgbuf.h"

#include <hs_common.h>
#include <hs_runtime.h>

#define FILTER_NICK     0
#define FILTER_USER     0
#define FILTER_HOST     0

#define FILTER_EXIT_MSG "Connection closed"

static const char filter_desc[] = "Filter messages using a precompiled Hyperscan database";

static void filter_msg_user(void *data);
static void filter_msg_channel(void *data);
static void on_client_exit(void *data);

static void mo_setfilter(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
static void me_setfilter(struct MsgBuf *, struct Client *, struct Client *, int, const char **);

static char *filter_data = NULL;
static size_t filter_data_len = 0;
static hs_database_t *filter_db;
static hs_scratch_t *filter_scratch;

static int filter_enable = 1;

static const char *cmdname[MESSAGE_TYPE_COUNT] = {
	[MESSAGE_TYPE_PRIVMSG] = "PRIVMSG",
	[MESSAGE_TYPE_NOTICE] = "NOTICE",
};

enum filter_state {
	FILTER_EMPTY,
	FILTER_FILLING,
	FILTER_LOADED
};

#define ACT_DROP  (1 << 0)
#define ACT_KILL  (1 << 1)
#define ACT_ALARM (1 << 2)

static enum filter_state state = FILTER_EMPTY;
static char check_str[21] = "";

static unsigned filter_chmode, filter_umode;

mapi_hfn_list_av1 filter_hfnlist[] = {
	{ "privmsg_user", (hookfn) filter_msg_user },
	{ "privmsg_channel", (hookfn) filter_msg_channel },
	{ "client_exit", (hookfn) on_client_exit },
	{ NULL, NULL }
};


struct Message setfilter_msgtab = {
	"SETFILTER", 0, 0, 0, 0,
	{mg_unreg, mg_not_oper, mg_ignore, mg_ignore, {me_setfilter, 2}, {mo_setfilter, 2}}
};

static int
modinit(void)
{
	filter_umode = user_modes['u'] = find_umode_slot();
	construct_umodebuf();
	filter_chmode = cflag_add('u', chm_simple);
	return 0;
}

static void
moddeinit(void)
{
	if (filter_umode) {
		user_modes['u'] = 0;
		construct_umodebuf();
	}
	if (filter_chmode)
		cflag_orphan('u');
	if (filter_scratch)
		hs_free_scratch(filter_scratch);
	if (filter_db)
		hs_free_database(filter_db);
	if (filter_data)
		rb_free(filter_data);
}


mapi_clist_av1 filter_clist[] = { &setfilter_msgtab, NULL };

DECLARE_MODULE_AV2(filter, modinit, moddeinit, filter_clist, NULL, filter_hfnlist, NULL, "0.4", filter_desc);

static int
setfilter(const char *check, const char *data, const char **error)
{
	if (error) *error = "unknown";

	if (!strcasecmp(data, "disable")) {
		filter_enable = 0;
		sendto_realops_snomask(SNO_GENERAL, L_ALL | L_NETWIDE,
			"Filtering disabled.");
		return 0;
	}
	if (!strcasecmp(data, "enable")) {
		filter_enable = 1;
		sendto_realops_snomask(SNO_GENERAL, L_ALL | L_NETWIDE,
			"Filtering enabled.");
		return 0;
	}

	if (strlen(check) > sizeof check_str - 1) {
		if (error) *error = "check string too long";
		return -1;
	}

	if (!strcasecmp(data, "new")) {
		if (state == FILTER_FILLING) {
			rb_free(filter_data);
			filter_data = 0;
			filter_data_len = 0;
		}
		state = FILTER_FILLING;
		strcpy(check_str, check);
		return 0;
	}

	if (!strcasecmp(data, "drop")) {
		if (!filter_db) {
			if (error) *error = "no database to drop";
			return -1;
		}
		hs_free_database(filter_db);
		filter_db = 0;
		return 0;
	}

	if (!strcasecmp(data, "abort")) {
		if (state != FILTER_FILLING) {
			if (error) *error = "not filling";
			return -1;
		}
		state = filter_db ? FILTER_LOADED : FILTER_EMPTY;
		rb_free(filter_data);
		filter_data = 0;
		filter_data_len = 0;
		return 0;
	}

	if (strcmp(check, check_str) != 0) {
		if (error) *error = "check strings don't match";
		return -1;
	}

	if (!strcasecmp(data, "apply")) {
		if (state != FILTER_FILLING) {
			if (error) *error = "not loading anything";
			return -1;
		}
		hs_database_t *db;
		hs_error_t r = hs_deserialize_database(filter_data, filter_data_len, &db);
		if (r != HS_SUCCESS) {
			if (error) *error = "couldn't deserialize db";
			return -1;
		}
		r = hs_alloc_scratch(db, &filter_scratch);
		if (r != HS_SUCCESS) {
			if (error) *error = "couldn't allocate scratch";
			hs_free_database(db);
			return -1;
		}
		if (filter_db) {
			hs_free_database(filter_db);
		}
		state = FILTER_LOADED;
		filter_db = db;
		sendto_realops_snomask(SNO_GENERAL, L_ALL | L_NETWIDE,
			"New filters loaded.");
		rb_free(filter_data);
		filter_data = 0;
		filter_data_len = 0;
		return 0;
	}

	if (*data != '+') {
		if (error) *error = "unknown command or data doesn't start with +";
		return -1;
	}

	data += 1;

	if (state == FILTER_FILLING) {
		int dl;
		unsigned char *d = rb_base64_decode((unsigned char *)data, strlen(data), &dl);
		if (!d) {
			if (error) *error = "invalid data";
			return -1;
		}
		if (filter_data_len + dl > 10000000ul) {
			if (error) *error = "data over size limit";
			rb_free(d);
			return -1;
		}
		filter_data = rb_realloc(filter_data, filter_data_len + dl);
		memcpy(filter_data + filter_data_len, d, dl);
		rb_free(d);
		filter_data_len += dl;
	} else {
		if (error) *error = "send \"new\" first";
		return -1;
	}
	return 0;
}

/* /SETFILTER [server-mask] <check> { NEW | APPLY | <data> }
 * <check> must be the same for the entirety of a new...data...apply run,
 *   and exists just to ensure runs don't mix
 * NEW prepares a buffer to receive a hyperscan database
 * <data> is base64 encoded chunks of hyperscan database, which are decoded
 *   and appended to the buffer
 * APPLY deserialises the buffer and sets the resulting hyperscan database
 *   as the one to use for filtering */
static void
mo_setfilter(struct MsgBuf *msgbuf, struct Client *client_p, struct Client *source_p, int parc, const char **parv)
{
	int for_me = 0;
	const char *check;
	const char *data;
	if (!IsOperAdmin(source_p)) {
		sendto_one(source_p, form_str(ERR_NOPRIVS), me.name, source_p->name, "admin");
		return;
	}
	if (parc == 4) {
		check = parv[2];
		data = parv[3];
		if(match(parv[1], me.name)) {
			for_me = 1;
		}
		sendto_match_servs(source_p, parv[1],
			CAP_ENCAP, NOCAPS,
			"ENCAP %s SETFILTER %s :%s", parv[1], check, data);
	} else if (parc == 3) {
		check = parv[1];
		data = parv[2];
		for_me = 1;
	} else {
		sendto_one_notice(source_p, ":SETFILTER needs 2 or 3 params, have %d", parc - 1);
		return;
	}
	if (for_me) {
		const char *error;
		int r = setfilter(check, data, &error);
		if (r) {
			sendto_one_notice(source_p, ":SETFILTER failed: %s", error);
		} else {
			sendto_one_notice(source_p, ":SETFILTER ok");
		}
	}
}

static void
me_setfilter(struct MsgBuf *msgbuf, struct Client *client_p, struct Client *source_p, int parc, const char **parv)
{
	if(!IsPerson(source_p))
		return;

	const char *error;
	int r = setfilter(parv[1], parv[2], &error);
	if (r) {
		sendto_one_notice(source_p, ":SETFILTER failed: %s", error);
	}

	return;
}

/* will be called for every match
 * hyperscan provides us one piece of information about the expression
 * matched, an integer ID. we're co-opting the lowest 3 bits of this
 * as a flag set. conveniently, this means all we really need to do
 * here is or the IDs together. */
int match_callback(unsigned id,
                   unsigned long long from,
                   unsigned long long to,
                   unsigned flags,
                   void *context_)
{
	unsigned *context = context_;
	*context |= id;
	return 0;
}

static char check_buffer[2000];
static char clean_buffer[BUFSIZE];

unsigned match_message(const char *prefix,
                       struct Client *source,
                       const char *command,
                       const char *target,
                       const char *msg)
{
	unsigned state = 0;
	if (!filter_enable)
		return 0;
	if (!filter_db)
		return 0;
	snprintf(check_buffer, sizeof check_buffer, "%s:%s!%s@%s#%c %s %s :%s",
	         prefix,
#if FILTER_NICK
	         source->name,
#else
	         "*",
#endif
#if FILTER_USER
	         source->username,
#else
	         "*",
#endif
#if FILTER_HOST
	         source->host,
#else
	         "*",
#endif
	         source->user && source->user->suser[0] != '\0' ? '1' : '0',
	         command, target,
	         msg);
	hs_error_t r = hs_scan(filter_db, check_buffer, strlen(check_buffer), 0, filter_scratch, match_callback, &state);
	if (r != HS_SUCCESS && r != HS_SCAN_TERMINATED)
		return 0;
	return state;
}

void
filter_msg_user(void *data_)
{
	hook_data_privmsg_user *data = data_;
	struct Client *s = data->source_p;
	/* we only need to filter once */
	if (!MyClient(s)) {
		return;
	}
	/* opers are immune to checking, for obvious reasons
	 * anything sent to an oper is also immune, because that should make it
	 * less impossible to deal with reports. */
	if (IsOper(s) || IsOper(data->target_p)) {
		return;
	}
	if (data->target_p->umodes & filter_umode) {
		return;
	}
	char *text = strcpy(clean_buffer, data->text);
	strip_colour(text);
	strip_unprintable(text);
	unsigned r = match_message("0", s, cmdname[data->msgtype], "0", data->text) |
	             match_message("1", s, cmdname[data->msgtype], "0", text);
	if (r & ACT_DROP) {
		if (data->msgtype == MESSAGE_TYPE_PRIVMSG) {
			sendto_one_numeric(s, ERR_CANNOTSENDTOCHAN,
			                   form_str(ERR_CANNOTSENDTOCHAN),
			                   data->target_p->name);
		}
		data->approved = 1;
	}
	if (r & ACT_ALARM) {
		sendto_realops_snomask(SNO_GENERAL, L_ALL | L_NETWIDE,
			"FILTER: %s!%s@%s [%s]",
			s->name, s->username, s->host, s->sockhost);
	}
	if (r & ACT_KILL) {
		data->approved = 1;
		exit_client(NULL, s, s, FILTER_EXIT_MSG);
	}
}

void
filter_msg_channel(void *data_)
{
	hook_data_privmsg_channel *data = data_;
	struct Client *s = data->source_p;
	/* we only need to filter once */
	if (!MyClient(s)) {
		return;
	}
	/* just normal oper immunity for channels. i'd like to have a mode that
	 * disables the filter per-channel, but that's for the future */
	if (IsOper(s)) {
		return;
	}
	if (data->chptr->mode.mode & filter_chmode) {
		return;
	}
	char *text = strcpy(clean_buffer, data->text);
	strip_colour(text);
	strip_unprintable(text);
	unsigned r = match_message("0", s, cmdname[data->msgtype], data->chptr->chname, data->text) |
	             match_message("1", s, cmdname[data->msgtype], data->chptr->chname, text);
	if (r & ACT_DROP) {
		if (data->msgtype == MESSAGE_TYPE_PRIVMSG) {
			sendto_one_numeric(s, ERR_CANNOTSENDTOCHAN,
			                   form_str(ERR_CANNOTSENDTOCHAN),
			                   data->chptr->chname);
		}
		data->approved = 1;
	}
	if (r & ACT_ALARM) {
		sendto_realops_snomask(SNO_GENERAL, L_ALL | L_NETWIDE,
			"FILTER: %s!%s@%s [%s]",
			s->name, s->username, s->host, s->sockhost);
	}
	if (r & ACT_KILL) {
		data->approved = 1;
		exit_client(NULL, s, s, FILTER_EXIT_MSG);
	}
}

void
on_client_exit(void *data_)
{
	/* If we see a netsplit, abort the current FILTER_FILLING attempt */
	hook_data_client_exit *data = data_;

	if (!IsServer(data->target)) return;

	if (state == FILTER_FILLING) {
		state = filter_db ? FILTER_LOADED : FILTER_EMPTY;
	}
}
Commit	Line	Data
a2d9c494 EK	1	/*
	2	* ircd-ratbox: A slightly useful ircd.
	3	* filter.c: Drop messages we don't like
	4	*
	5	* Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
	6	* Copyright (C) 1996-2002 Hybrid Development Team
	7	* Copyright (C) 2002-2005 ircd-ratbox development team
	8	*
	9	* This program is free software; you can redistribute it and/or modify
	10	* it under the terms of the GNU General Public License as published by
	11	* the Free Software Foundation; either version 2 of the License, or
	12	* (at your option) any later version.
	13	*
	14	* This program is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	* GNU General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU General Public License
	20	* along with this program; if not, write to the Free Software
	21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
	22	* USA
	23	*
	24	* $Id$
	25	*/
	26
	27	#include "stdinc.h"
	28	#include "channel.h"
	29	#include "client.h"
8692240f	30	#include "chmode.h"
a2d9c494 EK	31	#include "match.h"
	32	#include "ircd.h"
	33	#include "numeric.h"
	34	#include "send.h"
a2d9c494	35	#include "s_newconf.h"
8692240f EK	36	#include "s_serv.h"
8692240f EK	37	#include "s_user.h"
a2d9c494 EK	38	#include "msg.h"
	39	#include "parse.h"
	40	#include "modules.h"
	41	#include "operhash.h"
	42	#include "inline/stringops.h"
	43	#include "msgbuf.h"
	44
	45	#include <hs_common.h>
	46	#include <hs_runtime.h>
	47
81e41406 EK	48	#define FILTER_NICK 0
	49	#define FILTER_USER 0
	50	#define FILTER_HOST 0
	51
649bda6d EK	52	#define FILTER_EXIT_MSG "Connection closed"
649bda6d EK	53
a8f402e9 EK	54	static const char filter_desc[] = "Filter messages using a precompiled Hyperscan database";
a8f402e9 EK	55
a2d9c494 EK	56	static void filter_msg_user(void *data);
	57	static void filter_msg_channel(void *data);
	58	static void on_client_exit(void *data);
	59
	60	static void mo_setfilter(struct MsgBuf , struct Client , struct Client , int, const char *);
	61	static void me_setfilter(struct MsgBuf , struct Client , struct Client , int, const char *);
	62
	63	static char *filter_data = NULL;
	64	static size_t filter_data_len = 0;
	65	static hs_database_t *filter_db;
	66	static hs_scratch_t *filter_scratch;
	67
	68	static int filter_enable = 1;
	69
	70	static const char *cmdname[MESSAGE_TYPE_COUNT] = {
	71	[MESSAGE_TYPE_PRIVMSG] = "PRIVMSG",
	72	[MESSAGE_TYPE_NOTICE] = "NOTICE",
	73	};
	74
	75	enum filter_state {
	76	FILTER_EMPTY,
	77	FILTER_FILLING,
	78	FILTER_LOADED
	79	};
	80
	81	#define ACT_DROP (1 << 0)
	82	#define ACT_KILL (1 << 1)
	83	#define ACT_ALARM (1 << 2)
	84
	85	static enum filter_state state = FILTER_EMPTY;
	86	static char check_str[21] = "";
	87
8692240f EK	88	static unsigned filter_chmode, filter_umode;
8692240f EK	89
a2d9c494 EK	90	mapi_hfn_list_av1 filter_hfnlist[] = {
	91	{ "privmsg_user", (hookfn) filter_msg_user },
	92	{ "privmsg_channel", (hookfn) filter_msg_channel },
	93	{ "client_exit", (hookfn) on_client_exit },
	94	{ NULL, NULL }
	95	};
	96
	97
	98	struct Message setfilter_msgtab = {
	99	"SETFILTER", 0, 0, 0, 0,
	100	{mg_unreg, mg_not_oper, mg_ignore, mg_ignore, {me_setfilter, 2}, {mo_setfilter, 2}}
	101	};
	102
eb06afc3	103	static int
8692240f EK	104	modinit(void)
	105	{
	106	filter_umode = user_modes['u'] = find_umode_slot();
	107	construct_umodebuf();
	108	filter_chmode = cflag_add('u', chm_simple);
eb06afc3	109	return 0;
8692240f EK	110	}
8692240f EK	111
a2d9c494 EK	112	static void
	113	moddeinit(void)
	114	{
8692240f EK	115	if (filter_umode) {
	116	user_modes['u'] = 0;
	117	construct_umodebuf();
	118	}
	119	if (filter_chmode)
	120	cflag_orphan('u');
a2d9c494 EK	121	if (filter_scratch)
	122	hs_free_scratch(filter_scratch);
	123	if (filter_db)
	124	hs_free_database(filter_db);
	125	if (filter_data)
	126	rb_free(filter_data);
	127	}
	128
	129
	130	mapi_clist_av1 filter_clist[] = { &setfilter_msgtab, NULL };
	131
a8f402e9	132	DECLARE_MODULE_AV2(filter, modinit, moddeinit, filter_clist, NULL, filter_hfnlist, NULL, "0.4", filter_desc);
a2d9c494 EK	133
	134	static int
	135	setfilter(const char check, const char data, const char **error)
	136	{
	137	if (error) *error = "unknown";
	138
	139	if (!strcasecmp(data, "disable")) {
	140	filter_enable = 0;
	141	sendto_realops_snomask(SNO_GENERAL, L_ALL \| L_NETWIDE,
	142	"Filtering disabled.");
	143	return 0;
	144	}
	145	if (!strcasecmp(data, "enable")) {
	146	filter_enable = 1;
	147	sendto_realops_snomask(SNO_GENERAL, L_ALL \| L_NETWIDE,
	148	"Filtering enabled.");
	149	return 0;
	150	}
	151
	152	if (strlen(check) > sizeof check_str - 1) {
	153	if (error) *error = "check string too long";
	154	return -1;
	155	}
	156
	157	if (!strcasecmp(data, "new")) {
	158	if (state == FILTER_FILLING) {
	159	rb_free(filter_data);
	160	filter_data = 0;
	161	filter_data_len = 0;
	162	}
	163	state = FILTER_FILLING;
	164	strcpy(check_str, check);
	165	return 0;
	166	}
	167
344af24c EK	168	if (!strcasecmp(data, "drop")) {
	169	if (!filter_db) {
	170	if (error) *error = "no database to drop";
	171	return -1;
	172	}
	173	hs_free_database(filter_db);
	174	filter_db = 0;
	175	return 0;
	176	}
	177
	178	if (!strcasecmp(data, "abort")) {
	179	if (state != FILTER_FILLING) {
	180	if (error) *error = "not filling";
	181	return -1;
	182	}
	183	state = filter_db ? FILTER_LOADED : FILTER_EMPTY;
	184	rb_free(filter_data);
	185	filter_data = 0;
	186	filter_data_len = 0;
	187	return 0;
	188	}
	189
a2d9c494 EK	190	if (strcmp(check, check_str) != 0) {
	191	if (error) *error = "check strings don't match";
	192	return -1;
	193	}
	194
	195	if (!strcasecmp(data, "apply")) {
	196	if (state != FILTER_FILLING) {
	197	if (error) *error = "not loading anything";
	198	return -1;
	199	}
	200	hs_database_t *db;
	201	hs_error_t r = hs_deserialize_database(filter_data, filter_data_len, &db);
	202	if (r != HS_SUCCESS) {
	203	if (error) *error = "couldn't deserialize db";
	204	return -1;
	205	}
	206	r = hs_alloc_scratch(db, &filter_scratch);
	207	if (r != HS_SUCCESS) {
	208	if (error) *error = "couldn't allocate scratch";
09784400	209	hs_free_database(db);
a2d9c494 EK	210	return -1;
	211	}
	212	if (filter_db) {
	213	hs_free_database(filter_db);
	214	}
	215	state = FILTER_LOADED;
	216	filter_db = db;
	217	sendto_realops_snomask(SNO_GENERAL, L_ALL \| L_NETWIDE,
	218	"New filters loaded.");
	219	rb_free(filter_data);
	220	filter_data = 0;
	221	filter_data_len = 0;
	222	return 0;
	223	}
	224
dc141aad EK	225	if (*data != '+') {
	226	if (error) *error = "unknown command or data doesn't start with +";
	227	return -1;
	228	}
	229
	230	data += 1;
	231
a2d9c494 EK	232	if (state == FILTER_FILLING) {
a2d9c494 EK	233	int dl;
0cbb1ba9	234	unsigned char d = rb_base64_decode((unsigned char )data, strlen(data), &dl);
a2d9c494 EK	235	if (!d) {
	236	if (error) *error = "invalid data";
	237	return -1;
	238	}
	239	if (filter_data_len + dl > 10000000ul) {
	240	if (error) *error = "data over size limit";
	241	rb_free(d);
	242	return -1;
	243	}
	244	filter_data = rb_realloc(filter_data, filter_data_len + dl);
	245	memcpy(filter_data + filter_data_len, d, dl);
	246	rb_free(d);
	247	filter_data_len += dl;
	248	} else {
	249	if (error) *error = "send \"new\" first";
	250	return -1;
	251	}
	252	return 0;
	253	}
	254
	255	/* /SETFILTER [server-mask] <check> { NEW \| APPLY \| <data> }
	256	* <check> must be the same for the entirety of a new...data...apply run,
	257	* and exists just to ensure runs don't mix
	258	* NEW prepares a buffer to receive a hyperscan database
	259	* <data> is base64 encoded chunks of hyperscan database, which are decoded
	260	* and appended to the buffer
	261	* APPLY deserialises the buffer and sets the resulting hyperscan database
	262	* as the one to use for filtering */
	263	static void
	264	mo_setfilter(struct MsgBuf msgbuf, struct Client client_p, struct Client source_p, int parc, const char *parv)
	265	{
	266	int for_me = 0;
	267	const char *check;
	268	const char *data;
	269	if (!IsOperAdmin(source_p)) {
	270	sendto_one(source_p, form_str(ERR_NOPRIVS), me.name, source_p->name, "admin");
	271	return;
	272	}
	273	if (parc == 4) {
	274	check = parv[2];
	275	data = parv[3];
	276	if(match(parv[1], me.name)) {
	277	for_me = 1;
	278	}
	279	sendto_match_servs(source_p, parv[1],
	280	CAP_ENCAP, NOCAPS,
	281	"ENCAP %s SETFILTER %s :%s", parv[1], check, data);
	282	} else if (parc == 3) {
	283	check = parv[1];
	284	data = parv[2];
	285	for_me = 1;
	286	} else {
	287	sendto_one_notice(source_p, ":SETFILTER needs 2 or 3 params, have %d", parc - 1);
	288	return;
	289	}
	290	if (for_me) {
	291	const char *error;
	292	int r = setfilter(check, data, &error);
	293	if (r) {
	294	sendto_one_notice(source_p, ":SETFILTER failed: %s", error);
	295	} else {
	296	sendto_one_notice(source_p, ":SETFILTER ok");
	297	}
	298	}
299	}
300
301	static void
302	me_setfilter(struct MsgBuf msgbuf, struct Client client_p, struct Client source_p, int parc, const char *parv)
303	{
304	if(!IsPerson(source_p))
305	return;
306
307	const char *error;
308	int r = setfilter(parv[1], parv[2], &error);
309	if (r) {
310	sendto_one_notice(source_p, ":SETFILTER failed: %s", error);
311	}
312
313	return;
314	}
315
316	/* will be called for every match
317	* hyperscan provides us one piece of information about the expression
318	* matched, an integer ID. we're co-opting the lowest 3 bits of this
319	* as a flag set. conveniently, this means all we really need to do
320	* here is or the IDs together. */
321	int match_callback(unsigned id,
322	unsigned long long from,
323	unsigned long long to,
324	unsigned flags,
325	void *context_)
326	{
327	unsigned *context = context_;
328	*context \|= id;
329	return 0;
330	}
331
744ac308 EK	332	static char check_buffer[2000];
744ac308 EK	333	static char clean_buffer[BUFSIZE];
a2d9c494	334
744ac308 EK	335	unsigned match_message(const char *prefix,
	336	struct Client *source,
	337	const char *command,
	338	const char *target,
	339	const char *msg)
a2d9c494 EK	340	{
	341	unsigned state = 0;
	342	if (!filter_enable)
	343	return 0;
	344	if (!filter_db)
	345	return 0;
744ac308 EK	346	snprintf(check_buffer, sizeof check_buffer, "%s:%s!%s@%s#%c %s %s :%s",
	347	prefix,
	348	#if FILTER_NICK
	349	source->name,
	350	#else
	351	"*",
	352	#endif
	353	#if FILTER_USER
	354	source->username,
	355	#else
	356	"*",
	357	#endif
	358	#if FILTER_HOST
	359	source->host,
	360	#else
	361	"*",
	362	#endif
	363	source->user && source->user->suser[0] != '\0' ? '1' : '0',
	364	command, target,
	365	msg);
	366	hs_error_t r = hs_scan(filter_db, check_buffer, strlen(check_buffer), 0, filter_scratch, match_callback, &state);
a2d9c494 EK	367	if (r != HS_SUCCESS && r != HS_SCAN_TERMINATED)
	368	return 0;
	369	return state;
	370	}
	371
a2d9c494 EK	372	void
	373	filter_msg_user(void *data_)
	374	{
	375	hook_data_privmsg_user *data = data_;
	376	struct Client *s = data->source_p;
86ee00db EK	377	/* we only need to filter once */
	378	if (!MyClient(s)) {
	379	return;
	380	}
a2d9c494 EK	381	/* opers are immune to checking, for obvious reasons
	382	* anything sent to an oper is also immune, because that should make it
	383	* less impossible to deal with reports. */
	384	if (IsOper(s) \|\| IsOper(data->target_p)) {
	385	return;
	386	}
8692240f EK	387	if (data->target_p->umodes & filter_umode) {
	388	return;
	389	}
f982238e	390	char *text = strcpy(clean_buffer, data->text);
a2d9c494 EK	391	strip_colour(text);
a2d9c494 EK	392	strip_unprintable(text);
744ac308 EK	393	unsigned r = match_message("0", s, cmdname[data->msgtype], "0", data->text) \|
744ac308 EK	394	match_message("1", s, cmdname[data->msgtype], "0", text);
7bb7f899	395	if (r & ACT_DROP) {
d928bc7a EK	396	if (data->msgtype == MESSAGE_TYPE_PRIVMSG) {
	397	sendto_one_numeric(s, ERR_CANNOTSENDTOCHAN,
	398	form_str(ERR_CANNOTSENDTOCHAN),
	399	data->target_p->name);
	400	}
a2d9c494 EK	401	data->approved = 1;
a2d9c494 EK	402	}
86ee00db	403	if (r & ACT_ALARM) {
6a14bf78	404	sendto_realops_snomask(SNO_GENERAL, L_ALL \| L_NETWIDE,
a2d9c494 EK	405	"FILTER: %s!%s@%s [%s]",
	406	s->name, s->username, s->host, s->sockhost);
	407	}
6a14bf78	408	if (r & ACT_KILL) {
7bb7f899	409	data->approved = 1;
649bda6d	410	exit_client(NULL, s, s, FILTER_EXIT_MSG);
6a14bf78	411	}
a2d9c494 EK	412	}
	413
	414	void
	415	filter_msg_channel(void *data_)
	416	{
	417	hook_data_privmsg_channel *data = data_;
	418	struct Client *s = data->source_p;
86ee00db EK	419	/* we only need to filter once */
	420	if (!MyClient(s)) {
	421	return;
	422	}
a2d9c494 EK	423	/* just normal oper immunity for channels. i'd like to have a mode that
	424	* disables the filter per-channel, but that's for the future */
	425	if (IsOper(s)) {
	426	return;
	427	}
8692240f EK	428	if (data->chptr->mode.mode & filter_chmode) {
	429	return;
	430	}
f982238e	431	char *text = strcpy(clean_buffer, data->text);
a2d9c494 EK	432	strip_colour(text);
a2d9c494 EK	433	strip_unprintable(text);
744ac308 EK	434	unsigned r = match_message("0", s, cmdname[data->msgtype], data->chptr->chname, data->text) \|
744ac308 EK	435	match_message("1", s, cmdname[data->msgtype], data->chptr->chname, text);
7bb7f899	436	if (r & ACT_DROP) {
d928bc7a EK	437	if (data->msgtype == MESSAGE_TYPE_PRIVMSG) {
	438	sendto_one_numeric(s, ERR_CANNOTSENDTOCHAN,
	439	form_str(ERR_CANNOTSENDTOCHAN),
	440	data->chptr->chname);
	441	}
a2d9c494 EK	442	data->approved = 1;
a2d9c494 EK	443	}
86ee00db	444	if (r & ACT_ALARM) {
6a14bf78	445	sendto_realops_snomask(SNO_GENERAL, L_ALL \| L_NETWIDE,
a2d9c494 EK	446	"FILTER: %s!%s@%s [%s]",
	447	s->name, s->username, s->host, s->sockhost);
	448	}
6a14bf78	449	if (r & ACT_KILL) {
7bb7f899	450	data->approved = 1;
649bda6d	451	exit_client(NULL, s, s, FILTER_EXIT_MSG);
6a14bf78	452	}
a2d9c494 EK	453	}
	454
	455	void
	456	on_client_exit(void *data_)
	457	{
	458	/* If we see a netsplit, abort the current FILTER_FILLING attempt */
	459	hook_data_client_exit *data = data_;
	460
	461	if (!IsServer(data->target)) return;
	462
	463	if (state == FILTER_FILLING) {
	464	state = filter_db ? FILTER_LOADED : FILTER_EMPTY;
	465	}
	466	}
	467