2 * ircd-ratbox: A slightly useful ircd.
3 * filter.c: Drop messages we don't like
5 * Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
6 * Copyright (C) 1996-2002 Hybrid Development Team
7 * Copyright (C) 2002-2005 ircd-ratbox development team
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
35 #include "s_newconf.h"
42 #include "inline/stringops.h"
45 #include <hs_common.h>
46 #include <hs_runtime.h>
52 #define FILTER_EXIT_MSG "Connection closed"
54 static const char filter_desc
[] = "Filter messages using a precompiled Hyperscan database";
56 static void filter_msg_user(void *data
);
57 static void filter_msg_channel(void *data
);
58 static void on_client_exit(void *data
);
60 static void mo_setfilter(struct MsgBuf
*, struct Client
*, struct Client
*, int, const char **);
61 static void me_setfilter(struct MsgBuf
*, struct Client
*, struct Client
*, int, const char **);
63 static char *filter_data
= NULL
;
64 static size_t filter_data_len
= 0;
65 static hs_database_t
*filter_db
;
66 static hs_scratch_t
*filter_scratch
;
68 static int filter_enable
= 1;
70 static const char *cmdname
[MESSAGE_TYPE_COUNT
] = {
71 [MESSAGE_TYPE_PRIVMSG
] = "PRIVMSG",
72 [MESSAGE_TYPE_NOTICE
] = "NOTICE",
81 #define ACT_DROP (1 << 0)
82 #define ACT_KILL (1 << 1)
83 #define ACT_ALARM (1 << 2)
85 static enum filter_state state
= FILTER_EMPTY
;
86 static char check_str
[21] = "";
88 static unsigned filter_chmode
, filter_umode
;
90 mapi_hfn_list_av1 filter_hfnlist
[] = {
91 { "privmsg_user", (hookfn
) filter_msg_user
},
92 { "privmsg_channel", (hookfn
) filter_msg_channel
},
93 { "client_exit", (hookfn
) on_client_exit
},
98 struct Message setfilter_msgtab
= {
99 "SETFILTER", 0, 0, 0, 0,
100 {mg_unreg
, mg_not_oper
, mg_ignore
, mg_ignore
, {me_setfilter
, 2}, {mo_setfilter
, 2}}
106 filter_umode
= user_modes
['u'] = find_umode_slot();
107 construct_umodebuf();
108 filter_chmode
= cflag_add('u', chm_simple
);
117 construct_umodebuf();
122 hs_free_scratch(filter_scratch
);
124 hs_free_database(filter_db
);
126 rb_free(filter_data
);
130 mapi_clist_av1 filter_clist
[] = { &setfilter_msgtab
, NULL
};
132 DECLARE_MODULE_AV2(filter
, modinit
, moddeinit
, filter_clist
, NULL
, filter_hfnlist
, NULL
, "0.4", filter_desc
);
135 setfilter(const char *check
, const char *data
, const char **error
)
137 if (error
) *error
= "unknown";
139 if (!strcasecmp(data
, "disable")) {
141 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
142 "Filtering disabled.");
145 if (!strcasecmp(data
, "enable")) {
147 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
148 "Filtering enabled.");
152 if (strlen(check
) > sizeof check_str
- 1) {
153 if (error
) *error
= "check string too long";
157 if (!strcasecmp(data
, "new")) {
158 if (state
== FILTER_FILLING
) {
159 rb_free(filter_data
);
163 state
= FILTER_FILLING
;
164 strcpy(check_str
, check
);
168 if (!strcasecmp(data
, "drop")) {
170 if (error
) *error
= "no database to drop";
173 hs_free_database(filter_db
);
178 if (!strcasecmp(data
, "abort")) {
179 if (state
!= FILTER_FILLING
) {
180 if (error
) *error
= "not filling";
183 state
= filter_db
? FILTER_LOADED
: FILTER_EMPTY
;
184 rb_free(filter_data
);
190 if (strcmp(check
, check_str
) != 0) {
191 if (error
) *error
= "check strings don't match";
195 if (!strcasecmp(data
, "apply")) {
196 if (state
!= FILTER_FILLING
) {
197 if (error
) *error
= "not loading anything";
201 hs_error_t r
= hs_deserialize_database(filter_data
, filter_data_len
, &db
);
202 if (r
!= HS_SUCCESS
) {
203 if (error
) *error
= "couldn't deserialize db";
206 r
= hs_alloc_scratch(db
, &filter_scratch
);
207 if (r
!= HS_SUCCESS
) {
208 if (error
) *error
= "couldn't allocate scratch";
212 hs_free_database(filter_db
);
214 state
= FILTER_LOADED
;
216 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
217 "New filters loaded.");
218 rb_free(filter_data
);
225 if (error
) *error
= "unknown command or data doesn't start with +";
231 if (state
== FILTER_FILLING
) {
233 unsigned char *d
= rb_base64_decode((unsigned char *)data
, strlen(data
), &dl
);
235 if (error
) *error
= "invalid data";
238 if (filter_data_len
+ dl
> 10000000ul) {
239 if (error
) *error
= "data over size limit";
243 filter_data
= rb_realloc(filter_data
, filter_data_len
+ dl
);
244 memcpy(filter_data
+ filter_data_len
, d
, dl
);
246 filter_data_len
+= dl
;
248 if (error
) *error
= "send \"new\" first";
254 /* /SETFILTER [server-mask] <check> { NEW | APPLY | <data> }
255 * <check> must be the same for the entirety of a new...data...apply run,
256 * and exists just to ensure runs don't mix
257 * NEW prepares a buffer to receive a hyperscan database
258 * <data> is base64 encoded chunks of hyperscan database, which are decoded
259 * and appended to the buffer
260 * APPLY deserialises the buffer and sets the resulting hyperscan database
261 * as the one to use for filtering */
263 mo_setfilter(struct MsgBuf
*msgbuf
, struct Client
*client_p
, struct Client
*source_p
, int parc
, const char **parv
)
268 if (!IsOperAdmin(source_p
)) {
269 sendto_one(source_p
, form_str(ERR_NOPRIVS
), me
.name
, source_p
->name
, "admin");
275 if(match(parv
[1], me
.name
)) {
278 sendto_match_servs(source_p
, parv
[1],
280 "ENCAP %s SETFILTER %s :%s", parv
[1], check
, data
);
281 } else if (parc
== 3) {
286 sendto_one_notice(source_p
, ":SETFILTER needs 2 or 3 params, have %d", parc
- 1);
291 int r
= setfilter(check
, data
, &error
);
293 sendto_one_notice(source_p
, ":SETFILTER failed: %s", error
);
295 sendto_one_notice(source_p
, ":SETFILTER ok");
301 me_setfilter(struct MsgBuf
*msgbuf
, struct Client
*client_p
, struct Client
*source_p
, int parc
, const char **parv
)
303 if(!IsPerson(source_p
))
307 int r
= setfilter(parv
[1], parv
[2], &error
);
309 sendto_one_notice(source_p
, ":SETFILTER failed: %s", error
);
315 /* will be called for every match
316 * hyperscan provides us one piece of information about the expression
317 * matched, an integer ID. we're co-opting the lowest 3 bits of this
318 * as a flag set. conveniently, this means all we really need to do
319 * here is or the IDs together. */
320 int match_callback(unsigned id
,
321 unsigned long long from
,
322 unsigned long long to
,
326 unsigned *context
= context_
;
331 static char check_buffer
[2000];
332 static char clean_buffer
[BUFSIZE
];
334 unsigned match_message(const char *prefix
,
335 struct Client
*source
,
345 snprintf(check_buffer
, sizeof check_buffer
, "%s:%s!%s@%s#%c %s %s :%s",
362 source
->user
&& source
->user
->suser
[0] != '\0' ? '1' : '0',
365 hs_error_t r
= hs_scan(filter_db
, check_buffer
, strlen(check_buffer
), 0, filter_scratch
, match_callback
, &state
);
366 if (r
!= HS_SUCCESS
&& r
!= HS_SCAN_TERMINATED
)
372 filter_msg_user(void *data_
)
374 hook_data_privmsg_user
*data
= data_
;
375 struct Client
*s
= data
->source_p
;
376 /* we only need to filter once */
380 /* opers are immune to checking, for obvious reasons
381 * anything sent to an oper is also immune, because that should make it
382 * less impossible to deal with reports. */
383 if (IsOper(s
) || IsOper(data
->target_p
)) {
386 if (data
->target_p
->umodes
& filter_umode
) {
389 char *text
= strcpy(clean_buffer
, data
->text
);
391 strip_unprintable(text
);
392 unsigned r
= match_message("0", s
, cmdname
[data
->msgtype
], "0", data
->text
) |
393 match_message("1", s
, cmdname
[data
->msgtype
], "0", text
);
395 if (data
->msgtype
== MESSAGE_TYPE_PRIVMSG
) {
396 sendto_one_numeric(s
, ERR_CANNOTSENDTOCHAN
,
397 form_str(ERR_CANNOTSENDTOCHAN
),
398 data
->target_p
->name
);
403 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
404 "FILTER: %s!%s@%s [%s]",
405 s
->name
, s
->username
, s
->host
, s
->sockhost
);
409 exit_client(NULL
, s
, s
, FILTER_EXIT_MSG
);
414 filter_msg_channel(void *data_
)
416 hook_data_privmsg_channel
*data
= data_
;
417 struct Client
*s
= data
->source_p
;
418 /* we only need to filter once */
422 /* just normal oper immunity for channels. i'd like to have a mode that
423 * disables the filter per-channel, but that's for the future */
427 if (data
->chptr
->mode
.mode
& filter_chmode
) {
430 char *text
= strcpy(clean_buffer
, data
->text
);
432 strip_unprintable(text
);
433 unsigned r
= match_message("0", s
, cmdname
[data
->msgtype
], data
->chptr
->chname
, data
->text
) |
434 match_message("1", s
, cmdname
[data
->msgtype
], data
->chptr
->chname
, text
);
436 if (data
->msgtype
== MESSAGE_TYPE_PRIVMSG
) {
437 sendto_one_numeric(s
, ERR_CANNOTSENDTOCHAN
,
438 form_str(ERR_CANNOTSENDTOCHAN
),
439 data
->chptr
->chname
);
444 sendto_realops_snomask(SNO_GENERAL
, L_ALL
| L_NETWIDE
,
445 "FILTER: %s!%s@%s [%s]",
446 s
->name
, s
->username
, s
->host
, s
->sockhost
);
450 exit_client(NULL
, s
, s
, FILTER_EXIT_MSG
);
455 on_client_exit(void *data_
)
457 /* If we see a netsplit, abort the current FILTER_FILLING attempt */
458 hook_data_client_exit
*data
= data_
;
460 if (!IsServer(data
->target
)) return;
462 if (state
== FILTER_FILLING
) {
463 state
= filter_db
? FILTER_LOADED
: FILTER_EMPTY
;