[solanum.git] / modules / filter.c

/*
 *  ircd-ratbox: A slightly useful ircd.
 *  filter.c: Drop messages we don't like
 *
 *  Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
 *  Copyright (C) 1996-2002 Hybrid Development Team
 *  Copyright (C) 2002-2005 ircd-ratbox development team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
 *  $Id$
 */

#include "stdinc.h"
#include "channel.h"
#include "client.h"
#include "match.h"
#include "ircd.h"
#include "numeric.h"
#include "send.h"
#include "s_serv.h"
#include "s_newconf.h"
#include "msg.h"
#include "parse.h"
#include "modules.h"
#include "operhash.h"
#include "inline/stringops.h"
#include "msgbuf.h"

#include <hs_common.h>
#include <hs_runtime.h>

static void filter_msg_user(void *data);
static void filter_msg_channel(void *data);
static void on_client_exit(void *data);

static void mo_setfilter(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
static void me_setfilter(struct MsgBuf *, struct Client *, struct Client *, int, const char **);

static char *filter_data = NULL;
static size_t filter_data_len = 0;
static hs_database_t *filter_db;
static hs_scratch_t *filter_scratch;

static int filter_enable = 1;

static const char *cmdname[MESSAGE_TYPE_COUNT] = {
	[MESSAGE_TYPE_PRIVMSG] = "PRIVMSG",
	[MESSAGE_TYPE_NOTICE] = "NOTICE",
};

enum filter_state {
	FILTER_EMPTY,
	FILTER_FILLING,
	FILTER_LOADED
};

#define ACT_DROP  (1 << 0)
#define ACT_KILL  (1 << 1)
#define ACT_ALARM (1 << 2)

static enum filter_state state = FILTER_EMPTY;
static char check_str[21] = "";

mapi_hfn_list_av1 filter_hfnlist[] = {
	{ "privmsg_user", (hookfn) filter_msg_user },
	{ "privmsg_channel", (hookfn) filter_msg_channel },
	{ "client_exit", (hookfn) on_client_exit },
	{ NULL, NULL }
};


struct Message setfilter_msgtab = {
	"SETFILTER", 0, 0, 0, 0,
	{mg_unreg, mg_not_oper, mg_ignore, mg_ignore, {me_setfilter, 2}, {mo_setfilter, 2}}
};

static void
moddeinit(void)
{
	if (filter_scratch)
		hs_free_scratch(filter_scratch);
	if (filter_db)
		hs_free_database(filter_db);
	if (filter_data)
		rb_free(filter_data);
}


mapi_clist_av1 filter_clist[] = { &setfilter_msgtab, NULL };

DECLARE_MODULE_AV1(filter, NULL, moddeinit, filter_clist, NULL, filter_hfnlist, "$Revision$");

static int
setfilter(const char *check, const char *data, const char **error)
{
	if (error) *error = "unknown";

	if (!strcasecmp(data, "disable")) {
		filter_enable = 0;
		sendto_realops_snomask(SNO_GENERAL, L_ALL | L_NETWIDE,
			"Filtering disabled.");
		return 0;
	}
	if (!strcasecmp(data, "enable")) {
		filter_enable = 1;
		sendto_realops_snomask(SNO_GENERAL, L_ALL | L_NETWIDE,
			"Filtering enabled.");
		return 0;
	}

	if (strlen(check) > sizeof check_str - 1) {
		if (error) *error = "check string too long";
		return -1;
	}

	if (!strcasecmp(data, "new")) {
		if (state == FILTER_FILLING) {
			rb_free(filter_data);
			filter_data = 0;
			filter_data_len = 0;
		}
		state = FILTER_FILLING;
		strcpy(check_str, check);
		return 0;
	}

	if (strcmp(check, check_str) != 0) {
		if (error) *error = "check strings don't match";
		return -1;
	}

	if (!strcasecmp(data, "apply")) {
		if (state != FILTER_FILLING) {
			if (error) *error = "not loading anything";
			return -1;
		}
		hs_database_t *db;
		hs_error_t r = hs_deserialize_database(filter_data, filter_data_len, &db);
		if (r != HS_SUCCESS) {
			if (error) *error = "couldn't deserialize db";
			return -1;
		}
		r = hs_alloc_scratch(db, &filter_scratch);
		if (r != HS_SUCCESS) {
			if (error) *error = "couldn't allocate scratch";
			return -1;
		}
		if (filter_db) {
			hs_free_database(filter_db);
		}
		state = FILTER_LOADED;
		filter_db = db;
		sendto_realops_snomask(SNO_GENERAL, L_ALL | L_NETWIDE,
			"New filters loaded.");
		rb_free(filter_data);
		filter_data = 0;
		filter_data_len = 0;
		return 0;
	}

	if (state == FILTER_FILLING) {
		int dl;
		unsigned char *d = rb_base64_decode(data, strlen(data), &dl);
		if (!d) {
			if (error) *error = "invalid data";
			return -1;
		}
		if (filter_data_len + dl > 10000000ul) {
			if (error) *error = "data over size limit";
			rb_free(d);
			return -1;
		}
		filter_data = rb_realloc(filter_data, filter_data_len + dl);
		memcpy(filter_data + filter_data_len, d, dl);
		rb_free(d);
		filter_data_len += dl;
	} else {
		if (error) *error = "send \"new\" first";
		return -1;
	}
	return 0;
}

/* /SETFILTER [server-mask] <check> { NEW | APPLY | <data> }
 * <check> must be the same for the entirety of a new...data...apply run,
 *   and exists just to ensure runs don't mix
 * NEW prepares a buffer to receive a hyperscan database
 * <data> is base64 encoded chunks of hyperscan database, which are decoded
 *   and appended to the buffer
 * APPLY deserialises the buffer and sets the resulting hyperscan database
 *   as the one to use for filtering */
static void
mo_setfilter(struct MsgBuf *msgbuf, struct Client *client_p, struct Client *source_p, int parc, const char **parv)
{
	int for_me = 0;
	const char *check;
	const char *data;
	if (!IsOperAdmin(source_p)) {
		sendto_one(source_p, form_str(ERR_NOPRIVS), me.name, source_p->name, "admin");
		return;
	}
	if (parc == 4) {
		check = parv[2];
		data = parv[3];
		if(match(parv[1], me.name)) {
			for_me = 1;
		}
		sendto_match_servs(source_p, parv[1],
			CAP_ENCAP, NOCAPS,
			"ENCAP %s SETFILTER %s :%s", parv[1], check, data);
	} else if (parc == 3) {
		check = parv[1];
		data = parv[2];
		for_me = 1;
	} else {
		sendto_one_notice(source_p, ":SETFILTER needs 2 or 3 params, have %d", parc - 1);
		return;
	}
	if (for_me) {
		const char *error;
		int r = setfilter(check, data, &error);
		if (r) {
			sendto_one_notice(source_p, ":SETFILTER failed: %s", error);
		} else {
			sendto_one_notice(source_p, ":SETFILTER ok");
		}
	}
}

static void
me_setfilter(struct MsgBuf *msgbuf, struct Client *client_p, struct Client *source_p, int parc, const char **parv)
{
	if(!IsPerson(source_p))
		return;

	const char *error;
	int r = setfilter(parv[1], parv[2], &error);
	if (r) {
		sendto_one_notice(source_p, ":SETFILTER failed: %s", error);
	}

	return;
}

/* will be called for every match
 * hyperscan provides us one piece of information about the expression
 * matched, an integer ID. we're co-opting the lowest 3 bits of this
 * as a flag set. conveniently, this means all we really need to do
 * here is or the IDs together. */
int match_callback(unsigned id,
                   unsigned long long from,
                   unsigned long long to,
                   unsigned flags,
                   void *context_)
{
	unsigned *context = context_;
	*context |= id;
	return 0;
}


unsigned match_message(const char *msg)
{
	unsigned state = 0;
	if (!filter_enable)
		return 0;
	if (!filter_db)
		return 0;
	hs_error_t r = hs_scan(filter_db, msg, strlen(msg), 0, filter_scratch, match_callback, &state);
	if (r != HS_SUCCESS && r != HS_SCAN_TERMINATED)
		return 0;
	return state;
}

static char check_buffer[2000];

void
filter_msg_user(void *data_)
{
	hook_data_privmsg_user *data = data_;
	struct Client *s = data->source_p;
	/* opers are immune to checking, for obvious reasons
	 * anything sent to an oper is also immune, because that should make it
	 * less impossible to deal with reports. */
	if (IsOper(s) || IsOper(data->target_p)) {
		return;
	}
	char *text = rb_strdup(data->text);
	strip_colour(text);
	strip_unprintable(text);
	snprintf(check_buffer, sizeof check_buffer, ":%s!%s@%s %s %s :%s",
	         s->name, s->username, s->host,
	         cmdname[data->msgtype],
	         data->target_p->name,
	         text);
	unsigned r = match_message(check_buffer);
	rb_free(text);
	if (r & ACT_DROP) {
		data->approved = 1;
	}
	if (r & ACT_KILL) {
		exit_client(NULL, s, s, "Excess flood");
	}
	if (MyClient(s) && r & ACT_ALARM) {
		sendto_realops_snomask_from(SNO_GENERAL, L_ALL | L_NETWIDE, s->servptr,
			"FILTER: %s!%s@%s [%s]",
			s->name, s->username, s->host, s->sockhost);
	}
}

void
filter_msg_channel(void *data_)
{
	hook_data_privmsg_channel *data = data_;
	struct Client *s = data->source_p;
	/* just normal oper immunity for channels. i'd like to have a mode that
	 * disables the filter per-channel, but that's for the future */
	if (IsOper(s)) {
		return;
	}
	char *text = rb_strdup(data->text);
	strip_colour(text);
	strip_unprintable(text);
	snprintf(check_buffer, sizeof check_buffer, ":%s!%s@%s %s %s :%s",
	         s->name, s->username, s->host,
	         cmdname[data->msgtype],
	         data->chptr->chname,
	         text);
	unsigned r = match_message(check_buffer);
	rb_free(text);
	if (r & ACT_DROP) {
		data->approved = 1;
	}
	if (r & ACT_KILL) {
		exit_client(NULL, s, s, "Excess flood");
	}
	if (MyClient(s) && r & ACT_ALARM) {
		sendto_realops_snomask_from(SNO_GENERAL, L_ALL | L_NETWIDE, s->servptr,
			"FILTER: %s!%s@%s [%s]",
			s->name, s->username, s->host, s->sockhost);
	}
}

void
on_client_exit(void *data_)
{
	/* If we see a netsplit, abort the current FILTER_FILLING attempt */
	hook_data_client_exit *data = data_;

	if (!IsServer(data->target)) return;

	if (state == FILTER_FILLING) {
		state = filter_db ? FILTER_LOADED : FILTER_EMPTY;
	}
}
Commit	Line	Data
a2d9c494 EK	1	/*
	2	* ircd-ratbox: A slightly useful ircd.
	3	* filter.c: Drop messages we don't like
	4	*
	5	* Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
	6	* Copyright (C) 1996-2002 Hybrid Development Team
	7	* Copyright (C) 2002-2005 ircd-ratbox development team
	8	*
	9	* This program is free software; you can redistribute it and/or modify
	10	* it under the terms of the GNU General Public License as published by
	11	* the Free Software Foundation; either version 2 of the License, or
	12	* (at your option) any later version.
	13	*
	14	* This program is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	* GNU General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU General Public License
	20	* along with this program; if not, write to the Free Software
	21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
	22	* USA
	23	*
	24	* $Id$
	25	*/
	26
	27	#include "stdinc.h"
	28	#include "channel.h"
	29	#include "client.h"
	30	#include "match.h"
	31	#include "ircd.h"
	32	#include "numeric.h"
	33	#include "send.h"
	34	#include "s_serv.h"
	35	#include "s_newconf.h"
	36	#include "msg.h"
	37	#include "parse.h"
	38	#include "modules.h"
	39	#include "operhash.h"
	40	#include "inline/stringops.h"
	41	#include "msgbuf.h"
	42
	43	#include <hs_common.h>
	44	#include <hs_runtime.h>
	45
	46	static void filter_msg_user(void *data);
	47	static void filter_msg_channel(void *data);
	48	static void on_client_exit(void *data);
	49
	50	static void mo_setfilter(struct MsgBuf , struct Client , struct Client , int, const char *);
	51	static void me_setfilter(struct MsgBuf , struct Client , struct Client , int, const char *);
	52
	53	static char *filter_data = NULL;
	54	static size_t filter_data_len = 0;
	55	static hs_database_t *filter_db;
	56	static hs_scratch_t *filter_scratch;
	57
	58	static int filter_enable = 1;
	59
	60	static const char *cmdname[MESSAGE_TYPE_COUNT] = {
	61	[MESSAGE_TYPE_PRIVMSG] = "PRIVMSG",
	62	[MESSAGE_TYPE_NOTICE] = "NOTICE",
	63	};
	64
65	enum filter_state {
66	FILTER_EMPTY,
67	FILTER_FILLING,
68	FILTER_LOADED
69	};
70
71	#define ACT_DROP (1 << 0)
72	#define ACT_KILL (1 << 1)
73	#define ACT_ALARM (1 << 2)
74
75	static enum filter_state state = FILTER_EMPTY;
76	static char check_str[21] = "";
77
78	mapi_hfn_list_av1 filter_hfnlist[] = {
79	{ "privmsg_user", (hookfn) filter_msg_user },
80	{ "privmsg_channel", (hookfn) filter_msg_channel },
81	{ "client_exit", (hookfn) on_client_exit },
82	{ NULL, NULL }
83	};
84
85
86	struct Message setfilter_msgtab = {
87	"SETFILTER", 0, 0, 0, 0,
88	{mg_unreg, mg_not_oper, mg_ignore, mg_ignore, {me_setfilter, 2}, {mo_setfilter, 2}}
89	};
90
91	static void
92	moddeinit(void)
93	{
94	if (filter_scratch)
95	hs_free_scratch(filter_scratch);
96	if (filter_db)
97	hs_free_database(filter_db);
98	if (filter_data)
99	rb_free(filter_data);
100	}
101
102
103	mapi_clist_av1 filter_clist[] = { &setfilter_msgtab, NULL };
104
105	DECLARE_MODULE_AV1(filter, NULL, moddeinit, filter_clist, NULL, filter_hfnlist, "$Revision$");
106
107	static int
108	setfilter(const char check, const char data, const char **error)
109	{
110	if (error) *error = "unknown";
111
112	if (!strcasecmp(data, "disable")) {
113	filter_enable = 0;
114	sendto_realops_snomask(SNO_GENERAL, L_ALL \| L_NETWIDE,
115	"Filtering disabled.");
116	return 0;
117	}
118	if (!strcasecmp(data, "enable")) {
119	filter_enable = 1;
120	sendto_realops_snomask(SNO_GENERAL, L_ALL \| L_NETWIDE,
121	"Filtering enabled.");
122	return 0;
123	}
124
125	if (strlen(check) > sizeof check_str - 1) {
126	if (error) *error = "check string too long";
127	return -1;
128	}
129
130	if (!strcasecmp(data, "new")) {
131	if (state == FILTER_FILLING) {
132	rb_free(filter_data);
133	filter_data = 0;
134	filter_data_len = 0;
135	}
136	state = FILTER_FILLING;
137	strcpy(check_str, check);
138	return 0;
139	}
140
141	if (strcmp(check, check_str) != 0) {
142	if (error) *error = "check strings don't match";
143	return -1;
144	}
145
146	if (!strcasecmp(data, "apply")) {
147	if (state != FILTER_FILLING) {
148	if (error) *error = "not loading anything";
149	return -1;
150	}
151	hs_database_t *db;
152	hs_error_t r = hs_deserialize_database(filter_data, filter_data_len, &db);
153	if (r != HS_SUCCESS) {
154	if (error) *error = "couldn't deserialize db";
155	return -1;
156	}
157	r = hs_alloc_scratch(db, &filter_scratch);
158	if (r != HS_SUCCESS) {
159	if (error) *error = "couldn't allocate scratch";
160	return -1;
161	}
162	if (filter_db) {
163	hs_free_database(filter_db);
164	}
165	state = FILTER_LOADED;
166	filter_db = db;
167	sendto_realops_snomask(SNO_GENERAL, L_ALL \| L_NETWIDE,
168	"New filters loaded.");
169	rb_free(filter_data);
170	filter_data = 0;
171	filter_data_len = 0;
172	return 0;
173	}
174
175	if (state == FILTER_FILLING) {
176	int dl;
177	unsigned char *d = rb_base64_decode(data, strlen(data), &dl);
178	if (!d) {
179	if (error) *error = "invalid data";
180	return -1;
181	}
182	if (filter_data_len + dl > 10000000ul) {
183	if (error) *error = "data over size limit";
184	rb_free(d);
185	return -1;
186	}
187	filter_data = rb_realloc(filter_data, filter_data_len + dl);
188	memcpy(filter_data + filter_data_len, d, dl);
189	rb_free(d);
190	filter_data_len += dl;
191	} else {
192	if (error) *error = "send \"new\" first";
193	return -1;
194	}
195	return 0;
196	}
197
198	/* /SETFILTER [server-mask] <check> { NEW \| APPLY \| <data> }
199	* <check> must be the same for the entirety of a new...data...apply run,
200	* and exists just to ensure runs don't mix
201	* NEW prepares a buffer to receive a hyperscan database
202	* <data> is base64 encoded chunks of hyperscan database, which are decoded
203	* and appended to the buffer
204	* APPLY deserialises the buffer and sets the resulting hyperscan database
205	* as the one to use for filtering */
206	static void
207	mo_setfilter(struct MsgBuf msgbuf, struct Client client_p, struct Client source_p, int parc, const char *parv)
208	{
209	int for_me = 0;
210	const char *check;
211	const char *data;
212	if (!IsOperAdmin(source_p)) {
213	sendto_one(source_p, form_str(ERR_NOPRIVS), me.name, source_p->name, "admin");
214	return;
215	}
216	if (parc == 4) {
217	check = parv[2];
218	data = parv[3];
219	if(match(parv[1], me.name)) {
220	for_me = 1;
221	}
222	sendto_match_servs(source_p, parv[1],
223	CAP_ENCAP, NOCAPS,
224	"ENCAP %s SETFILTER %s :%s", parv[1], check, data);
225	} else if (parc == 3) {
226	check = parv[1];
227	data = parv[2];
228	for_me = 1;
229	} else {
230	sendto_one_notice(source_p, ":SETFILTER needs 2 or 3 params, have %d", parc - 1);
231	return;
232	}
233	if (for_me) {
234	const char *error;
235	int r = setfilter(check, data, &error);
236	if (r) {
237	sendto_one_notice(source_p, ":SETFILTER failed: %s", error);
238	} else {
239	sendto_one_notice(source_p, ":SETFILTER ok");
240	}
241	}
242	}
243
244	static void
245	me_setfilter(struct MsgBuf msgbuf, struct Client client_p, struct Client source_p, int parc, const char *parv)
246	{
247	if(!IsPerson(source_p))
248	return;
249
250	const char *error;
251	int r = setfilter(parv[1], parv[2], &error);
252	if (r) {
253	sendto_one_notice(source_p, ":SETFILTER failed: %s", error);
254	}
255
256	return;
257	}
258
259	/* will be called for every match
260	* hyperscan provides us one piece of information about the expression
261	* matched, an integer ID. we're co-opting the lowest 3 bits of this
262	* as a flag set. conveniently, this means all we really need to do
263	* here is or the IDs together. */
264	int match_callback(unsigned id,
265	unsigned long long from,
266	unsigned long long to,
267	unsigned flags,
268	void *context_)
269	{
270	unsigned *context = context_;
271	*context \|= id;
272	return 0;
273	}
274
275
276	unsigned match_message(const char *msg)
277	{
278	unsigned state = 0;
279	if (!filter_enable)
280	return 0;
281	if (!filter_db)
282	return 0;
283	hs_error_t r = hs_scan(filter_db, msg, strlen(msg), 0, filter_scratch, match_callback, &state);
284	if (r != HS_SUCCESS && r != HS_SCAN_TERMINATED)
285	return 0;
286	return state;
287	}
288
289	static char check_buffer[2000];
290
291	void
292	filter_msg_user(void *data_)
293	{
294	hook_data_privmsg_user *data = data_;
295	struct Client *s = data->source_p;
296	/* opers are immune to checking, for obvious reasons
297	* anything sent to an oper is also immune, because that should make it
298	* less impossible to deal with reports. */
299	if (IsOper(s) \|\| IsOper(data->target_p)) {
300	return;
301	}
302	char *text = rb_strdup(data->text);
303	strip_colour(text);
304	strip_unprintable(text);
305	snprintf(check_buffer, sizeof check_buffer, ":%s!%s@%s %s %s :%s",
306	s->name, s->username, s->host,
307	cmdname[data->msgtype],
308	data->target_p->name,
309	text);
310	unsigned r = match_message(check_buffer);
311	rb_free(text);
312	if (r & ACT_DROP) {
313	data->approved = 1;
314	}
315	if (r & ACT_KILL) {
316	exit_client(NULL, s, s, "Excess flood");
317	}
318	if (MyClient(s) && r & ACT_ALARM) {
319	sendto_realops_snomask_from(SNO_GENERAL, L_ALL \| L_NETWIDE, s->servptr,
320	"FILTER: %s!%s@%s [%s]",
321	s->name, s->username, s->host, s->sockhost);
322	}
323	}
324
325	void
326	filter_msg_channel(void *data_)
327	{
328	hook_data_privmsg_channel *data = data_;
329	struct Client *s = data->source_p;
330	/* just normal oper immunity for channels. i'd like to have a mode that
331	* disables the filter per-channel, but that's for the future */
332	if (IsOper(s)) {
333	return;
334	}
335	char *text = rb_strdup(data->text);
336	strip_colour(text);
337	strip_unprintable(text);
338	snprintf(check_buffer, sizeof check_buffer, ":%s!%s@%s %s %s :%s",
339	s->name, s->username, s->host,
340	cmdname[data->msgtype],
341	data->chptr->chname,
342	text);
343	unsigned r = match_message(check_buffer);
344	rb_free(text);
345	if (r & ACT_DROP) {
346	data->approved = 1;
347	}
348	if (r & ACT_KILL) {
349	exit_client(NULL, s, s, "Excess flood");
350	}
351	if (MyClient(s) && r & ACT_ALARM) {
352	sendto_realops_snomask_from(SNO_GENERAL, L_ALL \| L_NETWIDE, s->servptr,
353	"FILTER: %s!%s@%s [%s]",
354	s->name, s->username, s->host, s->sockhost);
355	}
356	}
357
358	void
359	on_client_exit(void *data_)
360	{
361	/* If we see a netsplit, abort the current FILTER_FILLING attempt */
362	hook_data_client_exit *data = data_;
363
364	if (!IsServer(data->target)) return;
365
366	if (state == FILTER_FILLING) {
367	state = filter_db ? FILTER_LOADED : FILTER_EMPTY;
368	}
369	}
370