2 * ircd-ratbox: A slightly useful ircd.
3 * filter.c: Drop messages we don't like
5 * Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
6 * Copyright (C) 1996-2002 Hybrid Development Team
7 * Copyright (C) 2002-2005 ircd-ratbox development team
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
35 #include "s_newconf.h"
42 #include "inline/stringops.h"
45 #include <hs_common.h>
46 #include <hs_runtime.h>
52 #define FILTER_EXIT_MSG "Connection closed"
54 static const char filter_desc
[] = "Filter messages using a precompiled Hyperscan database";
56 static void filter_msg_user(void *data
);
57 static void filter_msg_channel(void *data
);
58 static void on_client_exit(void *data
);
60 static void mo_setfilter(struct MsgBuf
*, struct Client
*, struct Client
*, int, const char **);
61 static void me_setfilter(struct MsgBuf
*, struct Client
*, struct Client
*, int, const char **);
63 static char *filter_data
= NULL
;
64 static size_t filter_data_len
= 0;
65 static hs_database_t
*filter_db
;
66 static hs_scratch_t
*filter_scratch
;
68 static int filter_enable
= 1;
70 static const char *cmdname
[MESSAGE_TYPE_COUNT
] = {
71 [MESSAGE_TYPE_PRIVMSG
] = "PRIVMSG",
72 [MESSAGE_TYPE_NOTICE
] = "NOTICE",
73 [MESSAGE_TYPE_PART
] = "PART",
82 #define ACT_DROP (1 << 0)
83 #define ACT_KILL (1 << 1)
84 #define ACT_ALARM (1 << 2)
86 static enum filter_state state
= FILTER_EMPTY
;
87 static char check_str
[21] = "";
89 static unsigned filter_chmode
, filter_umode
;
91 mapi_hfn_list_av1 filter_hfnlist
[] = {
92 { "privmsg_user", (hookfn
) filter_msg_user
},
93 { "privmsg_channel", (hookfn
) filter_msg_channel
},
94 { "client_exit", (hookfn
) on_client_exit
},
99 struct Message setfilter_msgtab
= {
100 "SETFILTER", 0, 0, 0, 0,
101 {mg_unreg
, mg_not_oper
, mg_ignore
, mg_ignore
, {me_setfilter
, 2}, {mo_setfilter
, 2}}
107 filter_umode
= user_modes
['u'] = find_umode_slot();
108 construct_umodebuf();
109 filter_chmode
= cflag_add('u', chm_simple
);
118 construct_umodebuf();
123 hs_free_scratch(filter_scratch
);
125 hs_free_database(filter_db
);
127 rb_free(filter_data
);
131 mapi_clist_av1 filter_clist
[] = { &setfilter_msgtab
, NULL
};
133 DECLARE_MODULE_AV2(filter
, modinit
, moddeinit
, filter_clist
, NULL
, filter_hfnlist
, NULL
, "0.4", filter_desc
);
136 setfilter(const char *check
, const char *data
, const char **error
)
138 if (error
) *error
= "unknown";
140 if (!strcasecmp(data
, "disable")) {
142 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
143 "Filtering disabled.");
146 if (!strcasecmp(data
, "enable")) {
148 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
149 "Filtering enabled.");
153 if (strlen(check
) > sizeof check_str
- 1) {
154 if (error
) *error
= "check string too long";
158 if (!strcasecmp(data
, "new")) {
159 if (state
== FILTER_FILLING
) {
160 rb_free(filter_data
);
164 state
= FILTER_FILLING
;
165 strcpy(check_str
, check
);
169 if (!strcasecmp(data
, "drop")) {
171 if (error
) *error
= "no database to drop";
174 hs_free_database(filter_db
);
179 if (!strcasecmp(data
, "abort")) {
180 if (state
!= FILTER_FILLING
) {
181 if (error
) *error
= "not filling";
184 state
= filter_db
? FILTER_LOADED
: FILTER_EMPTY
;
185 rb_free(filter_data
);
191 if (strcmp(check
, check_str
) != 0) {
192 if (error
) *error
= "check strings don't match";
196 if (!strcasecmp(data
, "apply")) {
197 if (state
!= FILTER_FILLING
) {
198 if (error
) *error
= "not loading anything";
202 hs_error_t r
= hs_deserialize_database(filter_data
, filter_data_len
, &db
);
203 if (r
!= HS_SUCCESS
) {
204 if (error
) *error
= "couldn't deserialize db";
207 r
= hs_alloc_scratch(db
, &filter_scratch
);
208 if (r
!= HS_SUCCESS
) {
209 if (error
) *error
= "couldn't allocate scratch";
210 hs_free_database(db
);
214 hs_free_database(filter_db
);
216 state
= FILTER_LOADED
;
218 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
219 "New filters loaded.");
220 rb_free(filter_data
);
227 if (error
) *error
= "unknown command or data doesn't start with +";
233 if (state
== FILTER_FILLING
) {
235 unsigned char *d
= rb_base64_decode((unsigned char *)data
, strlen(data
), &dl
);
237 if (error
) *error
= "invalid data";
240 if (filter_data_len
+ dl
> 10000000ul) {
241 if (error
) *error
= "data over size limit";
245 filter_data
= rb_realloc(filter_data
, filter_data_len
+ dl
);
246 memcpy(filter_data
+ filter_data_len
, d
, dl
);
248 filter_data_len
+= dl
;
250 if (error
) *error
= "send \"new\" first";
256 /* /SETFILTER [server-mask] <check> { NEW | APPLY | <data> }
257 * <check> must be the same for the entirety of a new...data...apply run,
258 * and exists just to ensure runs don't mix
259 * NEW prepares a buffer to receive a hyperscan database
260 * <data> is base64 encoded chunks of hyperscan database, which are decoded
261 * and appended to the buffer
262 * APPLY deserialises the buffer and sets the resulting hyperscan database
263 * as the one to use for filtering */
265 mo_setfilter(struct MsgBuf
*msgbuf
, struct Client
*client_p
, struct Client
*source_p
, int parc
, const char **parv
)
270 if (!IsOperAdmin(source_p
)) {
271 sendto_one(source_p
, form_str(ERR_NOPRIVS
), me
.name
, source_p
->name
, "admin");
277 if(match(parv
[1], me
.name
)) {
280 sendto_match_servs(source_p
, parv
[1],
282 "ENCAP %s SETFILTER %s :%s", parv
[1], check
, data
);
283 } else if (parc
== 3) {
288 sendto_one_notice(source_p
, ":SETFILTER needs 2 or 3 params, have %d", parc
- 1);
293 int r
= setfilter(check
, data
, &error
);
295 sendto_one_notice(source_p
, ":SETFILTER failed: %s", error
);
297 sendto_one_notice(source_p
, ":SETFILTER ok");
303 me_setfilter(struct MsgBuf
*msgbuf
, struct Client
*client_p
, struct Client
*source_p
, int parc
, const char **parv
)
305 if(!IsPerson(source_p
))
309 int r
= setfilter(parv
[1], parv
[2], &error
);
311 sendto_one_notice(source_p
, ":SETFILTER failed: %s", error
);
317 /* will be called for every match
318 * hyperscan provides us one piece of information about the expression
319 * matched, an integer ID. we're co-opting the lowest 3 bits of this
320 * as a flag set. conveniently, this means all we really need to do
321 * here is or the IDs together. */
322 int match_callback(unsigned id
,
323 unsigned long long from
,
324 unsigned long long to
,
328 unsigned *context
= context_
;
333 static char check_buffer
[2000];
334 static char clean_buffer
[BUFSIZE
];
336 unsigned match_message(const char *prefix
,
337 struct Client
*source
,
349 snprintf(check_buffer
, sizeof check_buffer
, "%s:%s!%s@%s#%c %s %s :%s",
366 source
->user
&& source
->user
->suser
[0] != '\0' ? '1' : '0',
367 command
, target
, msg
);
368 hs_error_t r
= hs_scan(filter_db
, check_buffer
, strlen(check_buffer
), 0, filter_scratch
, match_callback
, &state
);
369 if (r
!= HS_SUCCESS
&& r
!= HS_SCAN_TERMINATED
)
375 filter_msg_user(void *data_
)
377 hook_data_privmsg_user
*data
= data_
;
378 struct Client
*s
= data
->source_p
;
379 /* we only need to filter once */
383 /* opers are immune to checking, for obvious reasons
384 * anything sent to an oper is also immune, because that should make it
385 * less impossible to deal with reports. */
386 if (IsOper(s
) || IsOper(data
->target_p
)) {
389 if (data
->target_p
->umodes
& filter_umode
) {
392 char *text
= strcpy(clean_buffer
, data
->text
);
394 strip_unprintable(text
);
395 unsigned r
= match_message("0", s
, cmdname
[data
->msgtype
], "0", data
->text
) |
396 match_message("1", s
, cmdname
[data
->msgtype
], "0", text
);
398 if (data
->msgtype
== MESSAGE_TYPE_PRIVMSG
) {
399 sendto_one_numeric(s
, ERR_CANNOTSENDTOCHAN
,
400 form_str(ERR_CANNOTSENDTOCHAN
),
401 data
->target_p
->name
);
406 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
407 "FILTER: %s!%s@%s [%s]",
408 s
->name
, s
->username
, s
->host
, s
->sockhost
);
412 exit_client(NULL
, s
, s
, FILTER_EXIT_MSG
);
417 filter_msg_channel(void *data_
)
419 hook_data_privmsg_channel
*data
= data_
;
420 struct Client
*s
= data
->source_p
;
421 /* we only need to filter once */
425 /* just normal oper immunity for channels. i'd like to have a mode that
426 * disables the filter per-channel, but that's for the future */
430 if (data
->chptr
->mode
.mode
& filter_chmode
) {
433 char *text
= strcpy(clean_buffer
, data
->text
);
435 strip_unprintable(text
);
436 unsigned r
= match_message("0", s
, cmdname
[data
->msgtype
], data
->chptr
->chname
, data
->text
) |
437 match_message("1", s
, cmdname
[data
->msgtype
], data
->chptr
->chname
, text
);
439 if (data
->msgtype
== MESSAGE_TYPE_PRIVMSG
) {
440 sendto_one_numeric(s
, ERR_CANNOTSENDTOCHAN
,
441 form_str(ERR_CANNOTSENDTOCHAN
),
442 data
->chptr
->chname
);
447 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
448 "FILTER: %s!%s@%s [%s]",
449 s
->name
, s
->username
, s
->host
, s
->sockhost
);
453 exit_client(NULL
, s
, s
, FILTER_EXIT_MSG
);
458 on_client_exit(void *data_
)
460 /* If we see a netsplit, abort the current FILTER_FILLING attempt */
461 hook_data_client_exit
*data
= data_
;
463 if (!IsServer(data
->target
)) return;
465 if (state
== FILTER_FILLING
) {
466 state
= filter_db
? FILTER_LOADED
: FILTER_EMPTY
;