2 * ircd-ratbox: A slightly useful ircd.
3 * filter.c: Drop messages we don't like
5 * Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
6 * Copyright (C) 1996-2002 Hybrid Development Team
7 * Copyright (C) 2002-2005 ircd-ratbox development team
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
35 #include "s_newconf.h"
42 #include "inline/stringops.h"
45 #include <hs_common.h>
46 #include <hs_runtime.h>
52 #define FILTER_EXIT_MSG "Connection closed"
54 static void filter_msg_user(void *data
);
55 static void filter_msg_channel(void *data
);
56 static void on_client_exit(void *data
);
58 static void mo_setfilter(struct MsgBuf
*, struct Client
*, struct Client
*, int, const char **);
59 static void me_setfilter(struct MsgBuf
*, struct Client
*, struct Client
*, int, const char **);
61 static char *filter_data
= NULL
;
62 static size_t filter_data_len
= 0;
63 static hs_database_t
*filter_db
;
64 static hs_scratch_t
*filter_scratch
;
66 static int filter_enable
= 1;
68 static const char *cmdname
[MESSAGE_TYPE_COUNT
] = {
69 [MESSAGE_TYPE_PRIVMSG
] = "PRIVMSG",
70 [MESSAGE_TYPE_NOTICE
] = "NOTICE",
79 #define ACT_DROP (1 << 0)
80 #define ACT_KILL (1 << 1)
81 #define ACT_ALARM (1 << 2)
83 static enum filter_state state
= FILTER_EMPTY
;
84 static char check_str
[21] = "";
86 static unsigned filter_chmode
, filter_umode
;
88 mapi_hfn_list_av1 filter_hfnlist
[] = {
89 { "privmsg_user", (hookfn
) filter_msg_user
},
90 { "privmsg_channel", (hookfn
) filter_msg_channel
},
91 { "client_exit", (hookfn
) on_client_exit
},
96 struct Message setfilter_msgtab
= {
97 "SETFILTER", 0, 0, 0, 0,
98 {mg_unreg
, mg_not_oper
, mg_ignore
, mg_ignore
, {me_setfilter
, 2}, {mo_setfilter
, 2}}
104 filter_umode
= user_modes
['u'] = find_umode_slot();
105 construct_umodebuf();
106 filter_chmode
= cflag_add('u', chm_simple
);
114 construct_umodebuf();
119 hs_free_scratch(filter_scratch
);
121 hs_free_database(filter_db
);
123 rb_free(filter_data
);
127 mapi_clist_av1 filter_clist
[] = { &setfilter_msgtab
, NULL
};
129 DECLARE_MODULE_AV1(filter
, modinit
, moddeinit
, filter_clist
, NULL
, filter_hfnlist
, "0.3");
132 setfilter(const char *check
, const char *data
, const char **error
)
134 if (error
) *error
= "unknown";
136 if (!strcasecmp(data
, "disable")) {
138 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
139 "Filtering disabled.");
142 if (!strcasecmp(data
, "enable")) {
144 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
145 "Filtering enabled.");
149 if (strlen(check
) > sizeof check_str
- 1) {
150 if (error
) *error
= "check string too long";
154 if (!strcasecmp(data
, "new")) {
155 if (state
== FILTER_FILLING
) {
156 rb_free(filter_data
);
160 state
= FILTER_FILLING
;
161 strcpy(check_str
, check
);
165 if (strcmp(check
, check_str
) != 0) {
166 if (error
) *error
= "check strings don't match";
170 if (!strcasecmp(data
, "apply")) {
171 if (state
!= FILTER_FILLING
) {
172 if (error
) *error
= "not loading anything";
176 hs_error_t r
= hs_deserialize_database(filter_data
, filter_data_len
, &db
);
177 if (r
!= HS_SUCCESS
) {
178 if (error
) *error
= "couldn't deserialize db";
181 r
= hs_alloc_scratch(db
, &filter_scratch
);
182 if (r
!= HS_SUCCESS
) {
183 if (error
) *error
= "couldn't allocate scratch";
187 hs_free_database(filter_db
);
189 state
= FILTER_LOADED
;
191 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
192 "New filters loaded.");
193 rb_free(filter_data
);
199 if (state
== FILTER_FILLING
) {
201 unsigned char *d
= rb_base64_decode(data
, strlen(data
), &dl
);
203 if (error
) *error
= "invalid data";
206 if (filter_data_len
+ dl
> 10000000ul) {
207 if (error
) *error
= "data over size limit";
211 filter_data
= rb_realloc(filter_data
, filter_data_len
+ dl
);
212 memcpy(filter_data
+ filter_data_len
, d
, dl
);
214 filter_data_len
+= dl
;
216 if (error
) *error
= "send \"new\" first";
222 /* /SETFILTER [server-mask] <check> { NEW | APPLY | <data> }
223 * <check> must be the same for the entirety of a new...data...apply run,
224 * and exists just to ensure runs don't mix
225 * NEW prepares a buffer to receive a hyperscan database
226 * <data> is base64 encoded chunks of hyperscan database, which are decoded
227 * and appended to the buffer
228 * APPLY deserialises the buffer and sets the resulting hyperscan database
229 * as the one to use for filtering */
231 mo_setfilter(struct MsgBuf
*msgbuf
, struct Client
*client_p
, struct Client
*source_p
, int parc
, const char **parv
)
236 if (!IsOperAdmin(source_p
)) {
237 sendto_one(source_p
, form_str(ERR_NOPRIVS
), me
.name
, source_p
->name
, "admin");
243 if(match(parv
[1], me
.name
)) {
246 sendto_match_servs(source_p
, parv
[1],
248 "ENCAP %s SETFILTER %s :%s", parv
[1], check
, data
);
249 } else if (parc
== 3) {
254 sendto_one_notice(source_p
, ":SETFILTER needs 2 or 3 params, have %d", parc
- 1);
259 int r
= setfilter(check
, data
, &error
);
261 sendto_one_notice(source_p
, ":SETFILTER failed: %s", error
);
263 sendto_one_notice(source_p
, ":SETFILTER ok");
269 me_setfilter(struct MsgBuf
*msgbuf
, struct Client
*client_p
, struct Client
*source_p
, int parc
, const char **parv
)
271 if(!IsPerson(source_p
))
275 int r
= setfilter(parv
[1], parv
[2], &error
);
277 sendto_one_notice(source_p
, ":SETFILTER failed: %s", error
);
283 /* will be called for every match
284 * hyperscan provides us one piece of information about the expression
285 * matched, an integer ID. we're co-opting the lowest 3 bits of this
286 * as a flag set. conveniently, this means all we really need to do
287 * here is or the IDs together. */
288 int match_callback(unsigned id
,
289 unsigned long long from
,
290 unsigned long long to
,
294 unsigned *context
= context_
;
299 static char check_buffer
[2000];
300 static char clean_buffer
[BUFSIZE
];
302 unsigned match_message(const char *prefix
,
303 struct Client
*source
,
313 snprintf(check_buffer
, sizeof check_buffer
, "%s:%s!%s@%s#%c %s %s :%s",
330 source
->user
&& source
->user
->suser
[0] != '\0' ? '1' : '0',
333 hs_error_t r
= hs_scan(filter_db
, check_buffer
, strlen(check_buffer
), 0, filter_scratch
, match_callback
, &state
);
334 if (r
!= HS_SUCCESS
&& r
!= HS_SCAN_TERMINATED
)
340 filter_msg_user(void *data_
)
342 hook_data_privmsg_user
*data
= data_
;
343 struct Client
*s
= data
->source_p
;
344 /* we only need to filter once */
348 /* opers are immune to checking, for obvious reasons
349 * anything sent to an oper is also immune, because that should make it
350 * less impossible to deal with reports. */
351 if (IsOper(s
) || IsOper(data
->target_p
)) {
354 if (data
->target_p
->umodes
& filter_umode
) {
357 char *text
= strcpy(clean_buffer
, data
->text
);
359 strip_unprintable(text
);
360 unsigned r
= match_message("0", s
, cmdname
[data
->msgtype
], "0", data
->text
) |
361 match_message("1", s
, cmdname
[data
->msgtype
], "0", text
);
363 if (data
->msgtype
== MESSAGE_TYPE_PRIVMSG
) {
364 sendto_one_numeric(s
, ERR_CANNOTSENDTOCHAN
,
365 form_str(ERR_CANNOTSENDTOCHAN
),
366 data
->target_p
->name
);
371 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
372 "FILTER: %s!%s@%s [%s]",
373 s
->name
, s
->username
, s
->host
, s
->sockhost
);
377 exit_client(NULL
, s
, s
, FILTER_EXIT_MSG
);
382 filter_msg_channel(void *data_
)
384 hook_data_privmsg_channel
*data
= data_
;
385 struct Client
*s
= data
->source_p
;
386 /* we only need to filter once */
390 /* just normal oper immunity for channels. i'd like to have a mode that
391 * disables the filter per-channel, but that's for the future */
395 if (data
->chptr
->mode
.mode
& filter_chmode
) {
398 char *text
= strcpy(clean_buffer
, data
->text
);
400 strip_unprintable(text
);
401 unsigned r
= match_message("0", s
, cmdname
[data
->msgtype
], data
->chptr
->chname
, data
->text
) |
402 match_message("1", s
, cmdname
[data
->msgtype
], data
->chptr
->chname
, text
);
404 if (data
->msgtype
== MESSAGE_TYPE_PRIVMSG
) {
405 sendto_one_numeric(s
, ERR_CANNOTSENDTOCHAN
,
406 form_str(ERR_CANNOTSENDTOCHAN
),
407 data
->chptr
->chname
);
412 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
413 "FILTER: %s!%s@%s [%s]",
414 s
->name
, s
->username
, s
->host
, s
->sockhost
);
418 exit_client(NULL
, s
, s
, FILTER_EXIT_MSG
);
423 on_client_exit(void *data_
)
425 /* If we see a netsplit, abort the current FILTER_FILLING attempt */
426 hook_data_client_exit
*data
= data_
;
428 if (!IsServer(data
->target
)) return;
430 if (state
== FILTER_FILLING
) {
431 state
= filter_db
? FILTER_LOADED
: FILTER_EMPTY
;