]> jfr.im git - solanum.git/blob - modules/m_whois.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
whois: Fix UID leak.
[solanum.git] / modules / m_whois.c
1 /*
2 * ircd-ratbox: A slightly useful ircd.
3 * m_whois.c: Shows who a user is.
4 *
5 * Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
6 * Copyright (C) 1996-2002 Hybrid Development Team
7 * Copyright (C) 2002-2005 ircd-ratbox development team
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
22 * USA
23 *
24 * $Id: m_whois.c 3536 2007-07-14 21:50:21Z jilles $
25 */
26
27 #include "stdinc.h"
28 #include "common.h"
29 #include "client.h"
30 #include "hash.h"
31 #include "channel.h"
32 #include "hash.h"
33 #include "ircd.h"
34 #include "numeric.h"
35 #include "s_conf.h"
36 #include "s_serv.h"
37 #include "send.h"
38 #include "match.h"
39 #include "s_conf.h"
40 #include "logger.h"
41 #include "msg.h"
42 #include "parse.h"
43 #include "modules.h"
44 #include "hook.h"
45 #include "s_newconf.h"
46 #include "ipv4_from_ipv6.h"
47 #include "ratelimit.h"
48
49 static void do_whois(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
50 static void single_whois(struct Client *source_p, struct Client *target_p, int operspy);
51
52 static int m_whois(struct Client *, struct Client *, int, const char **);
53 static int ms_whois(struct Client *, struct Client *, int, const char **);
54
55 struct Message whois_msgtab = {
56 "WHOIS", 0, 0, 0, MFLG_SLOW,
57 {mg_unreg, {m_whois, 2}, {ms_whois, 2}, mg_ignore, mg_ignore, {m_whois, 2}}
58 };
59
60 int doing_whois_hook;
61 int doing_whois_global_hook;
62
63 mapi_clist_av1 whois_clist[] = { &whois_msgtab, NULL };
64 mapi_hlist_av1 whois_hlist[] = {
65 { "doing_whois", &doing_whois_hook },
66 { "doing_whois_global", &doing_whois_global_hook },
67 { NULL, NULL }
68 };
69
70 DECLARE_MODULE_AV1(whois, NULL, NULL, whois_clist, whois_hlist, NULL, "$Revision: 3536 $");
71
72 /*
73 * m_whois
74 * parv[1] = nickname masklist
75 */
76 static int
77 m_whois(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
78 {
79 static time_t last_used = 0;
80
81 if(parc > 2)
82 {
83 if(EmptyString(parv[2]))
84 {
85 sendto_one(source_p, form_str(ERR_NONICKNAMEGIVEN),
86 me.name, source_p->name);
87 return 0;
88 }
89
90 if(!IsOper(source_p))
91 {
92 /* seeing as this is going across servers, we should limit it */
93 if((last_used + ConfigFileEntry.pace_wait_simple) > rb_current_time() || !ratelimit_client(source_p, 2))
94 {
95 sendto_one(source_p, form_str(RPL_LOAD2HI),
96 me.name, source_p->name, "WHOIS");
97 sendto_one_numeric(source_p, RPL_ENDOFWHOIS,
98 form_str(RPL_ENDOFWHOIS), parv[2]);
99 return 0;
100 }
101 else
102 last_used = rb_current_time();
103 }
104
105 if(hunt_server(client_p, source_p, ":%s WHOIS %s :%s", 1, parc, parv) !=
106 HUNTED_ISME)
107 return 0;
108
109 parv[1] = parv[2];
110
111 }
112 do_whois(client_p, source_p, parc, parv);
113
114 return 0;
115 }
116
117 /*
118 * ms_whois
119 * parv[1] = server to reply
120 * parv[2] = nickname to whois
121 */
122 static int
123 ms_whois(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
124 {
125 struct Client *target_p;
126
127 /* note: early versions of ratbox allowed users to issue a remote
128 * whois with a blank parv[2], so we cannot treat it as a protocol
129 * violation. --anfl
130 */
131 if(parc < 3 || EmptyString(parv[2]))
132 {
133 sendto_one(source_p, form_str(ERR_NONICKNAMEGIVEN),
134 me.name, source_p->name);
135 return 0;
136 }
137
138 /* check if parv[1] exists */
139 if((target_p = find_client(parv[1])) == NULL)
140 {
141 sendto_one_numeric(source_p, ERR_NOSUCHSERVER,
142 form_str(ERR_NOSUCHSERVER),
143 IsDigit(parv[1][0]) ? "*" : parv[1]);
144 return 0;
145 }
146
147 /* if parv[1] isnt my client, or me, someone else is supposed
148 * to be handling the request.. so send it to them
149 */
150 if(!MyClient(target_p) && !IsMe(target_p))
151 {
152 sendto_one(target_p, ":%s WHOIS %s :%s",
153 get_id(source_p, target_p),
154 get_id(target_p, target_p), parv[2]);
155 return 0;
156 }
157
158 /* ok, the target is either us, or a client on our server, so perform the whois
159 * but first, parv[1] == server to perform the whois on, parv[2] == person
160 * to whois, so make parv[1] = parv[2] so do_whois is ok -- fl_
161 */
162 parv[1] = parv[2];
163 do_whois(client_p, source_p, parc, parv);
164
165 return 0;
166 }
167
168 /* do_whois
169 *
170 * inputs - pointer to
171 * output -
172 * side effects -
173 */
174 static void
175 do_whois(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
176 {
177 struct Client *target_p;
178 char *nick;
179 char *p = NULL;
180 int operspy = 0;
181
182 nick = LOCAL_COPY(parv[1]);
183 if((p = strchr(nick, ',')))
184 *p = '\0';
185
186 if(IsOperSpy(source_p) && *nick == '!')
187 {
188 operspy = 1;
189 nick++;
190 }
191
192 target_p = find_named_person(nick);
193 if(target_p != NULL)
194 {
195 if(operspy)
196 {
197 char buffer[BUFSIZE];
198
199 rb_snprintf(buffer, sizeof(buffer), "%s!%s@%s %s",
200 target_p->name, target_p->username,
201 target_p->host, target_p->servptr->name);
202 report_operspy(source_p, "WHOIS", buffer);
203 }
204
205 single_whois(source_p, target_p, operspy);
206 }
207 else
208 sendto_one_numeric(source_p, ERR_NOSUCHNICK,
209 form_str(ERR_NOSUCHNICK),
210 nick);
211
212 sendto_one_numeric(source_p, RPL_ENDOFWHOIS,
213 form_str(RPL_ENDOFWHOIS), parv[1]);
214 return;
215 }
216
217 /*
218 * single_whois()
219 *
220 * Inputs - source_p client to report to
221 * - target_p client to report on
222 * Output - if found return 1
223 * Side Effects - do a single whois on given client
224 * writing results to source_p
225 */
226 static void
227 single_whois(struct Client *source_p, struct Client *target_p, int operspy)
228 {
229 char buf[BUFSIZE];
230 rb_dlink_node *ptr;
231 struct membership *msptr;
232 struct Channel *chptr;
233 int cur_len = 0;
234 int mlen;
235 char *t;
236 int tlen;
237 hook_data_client hdata;
238 int visible;
239 int extra_space = 0;
240 #ifdef RB_IPV6
241 struct sockaddr_in ip4;
242 #endif
243
244 if(target_p->user == NULL)
245 {
246 s_assert(0);
247 return;
248 }
249
250 sendto_one_numeric(source_p, RPL_WHOISUSER, form_str(RPL_WHOISUSER),
251 target_p->name, target_p->username,
252 target_p->host, target_p->info);
253
254 cur_len = mlen = rb_sprintf(buf, form_str(RPL_WHOISCHANNELS),
255 get_id(&me, source_p), get_id(source_p, source_p),
256 target_p->name);
257
258 /* Make sure it won't overflow when sending it to the client
259 * in full names; note that serverhiding may require more space
260 * for a different server name (not done here) -- jilles
261 */
262 if (!MyConnect(source_p))
263 {
264 extra_space = strlen(source_p->name) - 9;
265 if (extra_space < 0)
266 extra_space = 0;
267 extra_space += strlen(me.name) - 2; /* make sure >= 0 */
268 cur_len += extra_space;
269 }
270
271 t = buf + mlen;
272
273 if (!IsService(target_p))
274 {
275 RB_DLINK_FOREACH(ptr, target_p->user->channel.head)
276 {
277 msptr = ptr->data;
278 chptr = msptr->chptr;
279
280 visible = ShowChannel(source_p, chptr);
281
282 if(visible || operspy)
283 {
284 if((cur_len + strlen(chptr->chname) + 3) > (BUFSIZE - 5))
285 {
286 sendto_one(source_p, "%s", buf);
287 cur_len = mlen + extra_space;
288 t = buf + mlen;
289 }
290
291 tlen = rb_sprintf(t, "%s%s%s ",
292 visible ? "" : "!",
293 find_channel_status(msptr, 1),
294 chptr->chname);
295 t += tlen;
296 cur_len += tlen;
297 }
298 }
299 }
300
301 if(cur_len > mlen + extra_space)
302 sendto_one(source_p, "%s", buf);
303
304 sendto_one_numeric(source_p, RPL_WHOISSERVER, form_str(RPL_WHOISSERVER),
305 target_p->name, target_p->servptr->name,
306 target_p->servptr->info);
307
308 if(target_p->user->away)
309 sendto_one_numeric(source_p, RPL_AWAY, form_str(RPL_AWAY),
310 target_p->name, target_p->user->away);
311
312 if(IsOper(target_p))
313 {
314 sendto_one_numeric(source_p, RPL_WHOISOPERATOR, form_str(RPL_WHOISOPERATOR),
315 target_p->name,
316 IsService(target_p) ? ConfigFileEntry.servicestring :
317 (IsAdmin(target_p) ? GlobalSetOptions.adminstring :
318 GlobalSetOptions.operstring));
319 }
320
321 if(IsSSLClient(target_p))
322 sendto_one_numeric(source_p, RPL_WHOISSECURE, form_str(RPL_WHOISSECURE),
323 target_p->name);
324 if((source_p == target_p || IsOper(source_p)) &&
325 target_p->certfp != NULL)
326 sendto_one_numeric(source_p, RPL_WHOISCERTFP,
327 form_str(RPL_WHOISCERTFP),
328 target_p->name, target_p->certfp);
329
330 if(MyClient(target_p))
331 {
332 if (IsDynSpoof(target_p) && (IsOper(source_p) || source_p == target_p))
333 {
334 /* trick here: show a nonoper their own IP if
335 * dynamic spoofed but not if auth{} spoofed
336 * -- jilles */
337 ClearDynSpoof(target_p);
338 sendto_one_numeric(source_p, RPL_WHOISHOST,
339 form_str(RPL_WHOISHOST),
340 target_p->name, target_p->orighost,
341 show_ip(source_p, target_p) ? target_p->sockhost : "255.255.255.255");
342 SetDynSpoof(target_p);
343 }
344 else if(ConfigFileEntry.use_whois_actually && show_ip(source_p, target_p))
345 sendto_one_numeric(source_p, RPL_WHOISACTUALLY,
346 form_str(RPL_WHOISACTUALLY),
347 target_p->name, target_p->sockhost);
348
349 #ifdef RB_IPV6
350 if (target_p->localClient->ip.ss_family == AF_INET6 &&
351 (show_ip(source_p, target_p) ||
352 (source_p == target_p && !IsIPSpoof(target_p))) &&
353 ipv4_from_ipv6((struct sockaddr_in6 *)&target_p->localClient->ip, &ip4))
354 {
355 rb_inet_ntop_sock((struct sockaddr *)&ip4,
356 buf, sizeof buf);
357 sendto_one_numeric(source_p, RPL_WHOISTEXT,
358 "%s :Underlying IPv4 is %s",
359 target_p->name, buf);
360 }
361 #endif /* RB_IPV6 */
362
363 sendto_one_numeric(source_p, RPL_WHOISIDLE, form_str(RPL_WHOISIDLE),
364 target_p->name,
365 rb_current_time() - target_p->localClient->last,
366 target_p->localClient->firsttime);
367 }
368 else
369 {
370 if (IsDynSpoof(target_p) && (IsOper(source_p) || source_p == target_p))
371 {
372 ClearDynSpoof(target_p);
373 sendto_one_numeric(source_p, RPL_WHOISHOST,
374 form_str(RPL_WHOISHOST),
375 target_p->name, target_p->orighost,
376 show_ip(source_p, target_p) && !EmptyString(target_p->sockhost) && strcmp(target_p->sockhost, "0")? target_p->sockhost : "255.255.255.255");
377 SetDynSpoof(target_p);
378 }
379 else if(ConfigFileEntry.use_whois_actually && show_ip(source_p, target_p) &&
380 !EmptyString(target_p->sockhost) && strcmp(target_p->sockhost, "0"))
381 {
382 sendto_one_numeric(source_p, RPL_WHOISACTUALLY,
383 form_str(RPL_WHOISACTUALLY),
384 target_p->name, target_p->sockhost);
385
386 }
387 }
388
389 hdata.client = source_p;
390 hdata.target = target_p;
391
392 /* doing_whois_hook must only be called for local clients,
393 * doing_whois_global_hook must only be called for local targets
394 */
395 /* it is important that these are called *before* RPL_ENDOFWHOIS is
396 * sent, services compatibility code depends on it. --anfl
397 */
398 if(MyClient(source_p))
399 call_hook(doing_whois_hook, &hdata);
400 else
401 call_hook(doing_whois_global_hook, &hdata);
402
403 return;
404 }
405
Fork of solanum ircd, history is rebased regularly