extensions/m_webirc.c

   1 /*
   2  *  ircd-ratbox: A slightly useful ircd.
   3  *  m_webirc.c: Makes CGI:IRC users appear as coming from their real host
   4  *
   5  *  Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
   6  *  Copyright (C) 1996-2002 Hybrid Development Team
   7  *  Copyright (C) 2002-2006 ircd-ratbox development team
   8  *
   9  *  This program is free software; you can redistribute it and/or modify
  10  *  it under the terms of the GNU General Public License as published by
  11  *  the Free Software Foundation; either version 2 of the License, or
  12  *  (at your option) any later version.
  13  *
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program; if not, write to the Free Software
  21  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
  22  *  USA
  23  */
  24 /* Usage:
  25  * auth {
  26  *   user = "webirc@<cgiirc ip>"; # if identd used, put ident username instead
  27  *   password = "<password>"; # encryption possible
  28  *   spoof = "webirc."
  29  *   class = "users";
  30  * };
  31  * Possible flags:
  32  *   encrypted - password is encrypted (recommended)
  33  *   kline_exempt - klines on the cgiirc ip are ignored
  34  * dlines are checked on the cgiirc ip (of course).
  35  * k/d/x lines, auth blocks, user limits, etc are checked using the
  36  * real host/ip.
  37  * The password should be specified unencrypted in webirc_password in
  38  * cgiirc.config
  39  */
  40
  41 #include "stdinc.h"
  42 #include "client.h"             /* client struct */
  43 #include "match.h"
  44 #include "hostmask.h"
  45 #include "send.h"               /* sendto_one */
  46 #include "numeric.h"            /* ERR_xxx */
  47 #include "ircd.h"               /* me */
  48 #include "msg.h"
  49 #include "parse.h"
  50 #include "modules.h"
  51 #include "s_serv.h"
  52 #include "hash.h"
  53 #include "s_conf.h"
  54 #include "reject.h"
  55
  56 static const char webirc_desc[] = "Adds support for the WebIRC system";
  57
  58 static void mr_webirc(struct MsgBuf *msgbuf_p, struct Client *, struct Client *, int, const char **);
  59
  60 struct Message webirc_msgtab = {
  61         "WEBIRC", 0, 0, 0, 0,
  62         {{mr_webirc, 5}, mg_reg, mg_ignore, mg_ignore, mg_ignore, mg_reg}
  63 };
  64
  65 mapi_clist_av1 webirc_clist[] = { &webirc_msgtab, NULL };
  66
  67 static void new_local_user(void *data);
  68 mapi_hfn_list_av1 webirc_hfnlist[] = {
  69         /* unintuitive but correct--we want to be called first */
  70         { "new_local_user", (hookfn) new_local_user, HOOK_LOWEST },
  71         { NULL, NULL }
  72 };
  73
  74 DECLARE_MODULE_AV2(webirc, NULL, NULL, webirc_clist, NULL, webirc_hfnlist, NULL, NULL, webirc_desc);
  75
  76 /*
  77  * mr_webirc - webirc message handler
  78  *      parv[1] = password
  79  *      parv[2] = fake username (we ignore this)
  80  *      parv[3] = fake hostname
  81  *      parv[4] = fake ip
  82  */
  83 static void
  84 mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
  85 {
  86         struct ConfItem *aconf;
  87         const char *encr;
  88         struct rb_sockaddr_storage addr;
  89
  90         int secure = 0;
  91
  92         aconf = find_address_conf(client_p->host, client_p->sockhost,
  93                                 IsGotId(client_p) ? client_p->username : "webirc",
  94                                 IsGotId(client_p) ? client_p->username : "webirc",
  95                                 (struct sockaddr *) &client_p->localClient->ip,
  96                                 GET_SS_FAMILY(&client_p->localClient->ip), NULL);
  97         if (aconf == NULL || !(aconf->status & CONF_CLIENT))
  98                 return;
  99         if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->info.name, "webirc."))
 100         {
 101                 /* XXX */
 102                 sendto_one(source_p, "NOTICE * :Not a CGI:IRC auth block");
 103                 return;
 104         }
 105         if (EmptyString(aconf->passwd))
 106         {
 107                 sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password");
 108                 return;
 109         }
 110         if (!IsSSL(source_p) && aconf->flags & CONF_FLAGS_NEED_SSL)
 111         {
 112                 sendto_one(source_p, "NOTICE * :Your CGI:IRC block requires TLS");
 113                 return;
 114         }
 115
 116         if (EmptyString(parv[1]))
 117                 encr = "";
 118         else if (IsConfEncrypted(aconf))
 119                 encr = rb_crypt(parv[1], aconf->passwd);
 120         else
 121                 encr = parv[1];
 122
 123         if (encr == NULL || strcmp(encr, aconf->passwd))
 124         {
 125                 sendto_one(source_p, "NOTICE * :CGI:IRC password incorrect");
 126                 return;
 127         }
 128
 129         if (rb_inet_pton_sock(parv[4], &addr) <= 0)
 130         {
 131                 sendto_one(source_p, "NOTICE * :Invalid IP");
 132                 return;
 133         }
 134
 135         source_p->localClient->ip = addr;
 136
 137         if (parc >= 6)
 138         {
 139                 const char *s;
 140                 for (s = parv[5]; s != NULL; (s = strchr(s, ' ')) && s++)
 141                 {
 142                         if (!ircncmp(s, "secure", 6) && (s[6] == '=' || s[6] == ' ' || s[6] == '\0'))
 143                                 secure = 1;
 144                 }
 145         }
 146
 147         if (secure && !IsSSL(source_p))
 148         {
 149                 sendto_one(source_p, "NOTICE * :CGI:IRC is not connected securely; marking you as insecure");
 150                 secure = 0;
 151         }
 152
 153         if (!secure)
 154         {
 155                 SetInsecure(source_p);
 156         }
 157
 158         rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost));
 159
 160         if(strlen(parv[3]) <= HOSTLEN)
 161                 rb_strlcpy(source_p->host, parv[3], sizeof(source_p->host));
 162         else
 163                 rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));
 164
 165         /* Check dlines now, klines will be checked on registration */
 166         if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip,
 167                                GET_SS_FAMILY(&source_p->localClient->ip))))
 168         {
 169                 if(!(aconf->status & CONF_EXEMPTDLINE))
 170                 {
 171                         exit_client(client_p, source_p, &me, "D-lined");
 172                         return;
 173                 }
 174         }
 175
 176         sendto_one(source_p, "NOTICE * :CGI:IRC host/IP set to %s %s", parv[3], parv[4]);
 177 }
 178
 179 static void
 180 new_local_user(void *data)
 181 {
 182         struct Client *source_p = data;
 183         struct ConfItem *aconf = source_p->localClient->att_conf;
 184
 185         if (!irccmp(aconf->info.name, "webirc."))
 186                 exit_client(source_p, source_p, &me, "Cannot log in using a WEBIRC block");
 187 }