]> jfr.im git - solanum.git/blob - modules/m_services.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix potential buffer-overflow from malformed RSFNC request.
[solanum.git] / modules / m_services.c
1 /* modules/m_services.c
2 * Copyright (C) 2005 Lee Hardy <lee -at- leeh.co.uk>
3 * Copyright (C) 2005 ircd-ratbox development team
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 *
9 * 1.Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * 2.Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3.The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
21 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 *
29 * $Id: m_services.c 1907 2006-08-29 19:18:15Z jilles $
30 */
31
32 #include "stdinc.h"
33
34 #include "send.h"
35 #include "channel.h"
36 #include "client.h"
37 #include "common.h"
38 #include "config.h"
39 #include "ircd.h"
40 #include "numeric.h"
41 #include "s_conf.h"
42 #include "s_newconf.h"
43 #include "s_serv.h"
44 #include "hash.h"
45 #include "msg.h"
46 #include "parse.h"
47 #include "modules.h"
48 #include "whowas.h"
49 #include "monitor.h"
50
51 static int me_su(struct Client *, struct Client *, int, const char **);
52 static int me_login(struct Client *, struct Client *, int, const char **);
53 static int me_rsfnc(struct Client *, struct Client *, int, const char **);
54 static int me_nickdelay(struct Client *, struct Client *, int, const char **);
55
56 static void h_svc_server_introduced(hook_data_client *);
57 static void h_svc_whois(hook_data_client *);
58 static void h_svc_stats(hook_data_int *);
59
60 struct Message su_msgtab = {
61 "SU", 0, 0, 0, MFLG_SLOW,
62 {mg_ignore, mg_ignore, mg_ignore, mg_ignore, {me_su, 2}, mg_ignore}
63 };
64 struct Message login_msgtab = {
65 "LOGIN", 0, 0, 0, MFLG_SLOW,
66 {mg_ignore, mg_ignore, mg_ignore, mg_ignore, {me_login, 2}, mg_ignore}
67 };
68 struct Message rsfnc_msgtab = {
69 "RSFNC", 0, 0, 0, MFLG_SLOW,
70 {mg_ignore, mg_ignore, mg_ignore, mg_ignore, {me_rsfnc, 4}, mg_ignore}
71 };
72 struct Message nickdelay_msgtab = {
73 "NICKDELAY", 0, 0, 0, MFLG_SLOW,
74 {mg_unreg, mg_ignore, mg_ignore, mg_ignore, {me_nickdelay, 3}, mg_ignore}
75 };
76
77 mapi_clist_av1 services_clist[] = {
78 &su_msgtab, &login_msgtab, &rsfnc_msgtab, &nickdelay_msgtab, NULL
79 };
80 mapi_hfn_list_av1 services_hfnlist[] = {
81 { "doing_stats", (hookfn) h_svc_stats },
82 { "doing_whois", (hookfn) h_svc_whois },
83 { "doing_whois_global", (hookfn) h_svc_whois },
84 { "server_introduced", (hookfn) h_svc_server_introduced },
85 { NULL, NULL }
86 };
87
88 DECLARE_MODULE_AV1(services, NULL, NULL, services_clist, NULL, services_hfnlist, "$Revision: 1907 $");
89
90 static int
91 me_su(struct Client *client_p, struct Client *source_p,
92 int parc, const char *parv[])
93 {
94 struct Client *target_p;
95
96 if(!(source_p->flags & FLAGS_SERVICE))
97 return 0;
98
99 if((target_p = find_client(parv[1])) == NULL)
100 return 0;
101
102 if(!target_p->user)
103 return 0;
104
105 if(EmptyString(parv[2]))
106 target_p->user->suser[0] = '\0';
107 else
108 rb_strlcpy(target_p->user->suser, parv[2], sizeof(target_p->user->suser));
109
110 sendto_common_channels_local_butone(target_p, CLICAP_ACCOUNT_NOTIFY, ":%s!%s@%s ACCOUNT %s",
111 target_p->name, target_p->username, target_p->host,
112 EmptyString(target_p->user->suser) ? "*" : target_p->user->suser);
113
114 invalidate_bancache_user(target_p);
115
116 return 0;
117 }
118
119 static int
120 me_login(struct Client *client_p, struct Client *source_p,
121 int parc, const char *parv[])
122 {
123 if(!IsPerson(source_p))
124 return 0;
125
126 rb_strlcpy(source_p->user->suser, parv[1], sizeof(source_p->user->suser));
127 return 0;
128 }
129
130 static int
131 clean_nick(const char *nick)
132 {
133 int len = 0;
134
135 if(EmptyString(nick) || *nick == '-' || IsDigit(*nick))
136 return 0;
137
138 for(; *nick; nick++)
139 {
140 len++;
141 if(!IsNickChar(*nick))
142 return 0;
143 }
144
145 if(len >= NICKLEN)
146 return 0;
147
148 return 1;
149 }
150
151 static int
152 me_rsfnc(struct Client *client_p, struct Client *source_p,
153 int parc, const char *parv[])
154 {
155 struct Client *target_p;
156 struct Client *exist_p;
157 time_t newts, curts;
158 char note[NICKLEN + 10];
159
160 if(!(source_p->flags & FLAGS_SERVICE))
161 return 0;
162
163 if((target_p = find_person(parv[1])) == NULL)
164 return 0;
165
166 if(!MyClient(target_p))
167 return 0;
168
169 if(!clean_nick(parv[2]))
170 return 0;
171
172 curts = atol(parv[4]);
173
174 /* if tsinfo is different from what it was when services issued the
175 * RSFNC, then we ignore it. This can happen when a client changes
176 * nicknames before the RSFNC arrives.. --anfl
177 */
178 if(target_p->tsinfo != curts)
179 return 0;
180
181 if((exist_p = find_named_client(parv[2])))
182 {
183 char buf[BUFSIZE];
184
185 /* this would be one hell of a race condition to trigger
186 * this one given the tsinfo check above, but its here for
187 * safety --anfl
188 */
189 if(target_p == exist_p)
190 goto doit;
191
192 if(MyClient(exist_p))
193 sendto_one(exist_p, ":%s KILL %s :(Nickname regained by services)",
194 me.name, exist_p->name);
195
196 exist_p->flags |= FLAGS_KILLED;
197 /* Do not send kills to servers for unknowns -- jilles */
198 if(IsClient(exist_p))
199 {
200 kill_client_serv_butone(NULL, exist_p, "%s (Nickname regained by services)",
201 me.name);
202 sendto_realops_snomask(SNO_SKILL, L_ALL,
203 "Nick collision due to services forced nick change on %s",
204 parv[2]);
205 }
206
207 rb_snprintf(buf, sizeof(buf), "Killed (%s (Nickname regained by services))",
208 me.name);
209 exit_client(NULL, exist_p, &me, buf);
210 }
211
212 doit:
213 newts = atol(parv[3]);
214
215 /* timestamp is older than 15mins, ignore it */
216 if(newts < (rb_current_time() - 900))
217 newts = rb_current_time() - 900;
218
219 target_p->tsinfo = newts;
220
221 monitor_signoff(target_p);
222
223 invalidate_bancache_user(target_p);
224
225 sendto_realops_snomask(SNO_NCHANGE, L_ALL,
226 "Nick change: From %s to %s [%s@%s]",
227 target_p->name, parv[2], target_p->username,
228 target_p->host);
229
230 sendto_common_channels_local(target_p, NOCAPS, ":%s!%s@%s NICK :%s",
231 target_p->name, target_p->username,
232 target_p->host, parv[2]);
233
234 add_history(target_p, 1);
235 sendto_server(NULL, NULL, CAP_TS6, NOCAPS, ":%s NICK %s :%ld",
236 use_id(target_p), parv[2], (long) target_p->tsinfo);
237
238 del_from_client_hash(target_p->name, target_p);
239 rb_strlcpy(target_p->name, parv[2], NICKLEN);
240 add_to_client_hash(target_p->name, target_p);
241
242 monitor_signon(target_p);
243
244 del_all_accepts(target_p);
245
246 rb_snprintf(note, NICKLEN + 10, "Nick: %s", target_p->name);
247 rb_note(target_p->localClient->F, note);
248 return 0;
249 }
250
251 /*
252 ** me_nickdelay
253 ** parv[1] = duration in seconds (0 to remove)
254 ** parv[2] = nick
255 */
256 static int
257 me_nickdelay(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
258 {
259 int duration;
260 struct nd_entry *nd;
261
262 if(!(source_p->flags & FLAGS_SERVICE))
263 return 0;
264
265 duration = atoi(parv[1]);
266 if (duration <= 0)
267 {
268 nd = irc_dictionary_retrieve(nd_dict, parv[2]);
269 if (nd != NULL)
270 free_nd_entry(nd);
271 }
272 else
273 {
274 if (duration > 86400)
275 duration = 86400;
276 add_nd_entry(parv[2]);
277 nd = irc_dictionary_retrieve(nd_dict, parv[2]);
278 if (nd != NULL)
279 nd->expire = rb_current_time() + duration;
280 }
281
282 return 0;
283 }
284
285 static void
286 h_svc_server_introduced(hook_data_client *hdata)
287 {
288 rb_dlink_node *ptr;
289
290 RB_DLINK_FOREACH(ptr, service_list.head)
291 {
292 if(!irccmp((const char *) ptr->data, hdata->target->name))
293 {
294 hdata->target->flags |= FLAGS_SERVICE;
295 return;
296 }
297 }
298 }
299
300 static void
301 h_svc_whois(hook_data_client *data)
302 {
303 char *p = data->target->user->suser;
304 if(!EmptyString(p))
305 {
306 /* Try to strip off any leading digits as this may be used to
307 * store both an ID number and an account name in one field.
308 * If only digits are present, leave as is.
309 */
310 while(IsDigit(*p))
311 p++;
312 if(*p == '\0')
313 p = data->target->user->suser;
314
315 sendto_one_numeric(data->client, RPL_WHOISLOGGEDIN,
316 form_str(RPL_WHOISLOGGEDIN),
317 data->target->name, p);
318 }
319 }
320
321 static void
322 h_svc_stats(hook_data_int *data)
323 {
324 char statchar = (char) data->arg2;
325 rb_dlink_node *ptr;
326
327 if (statchar == 'U' && IsOper(data->client))
328 {
329 RB_DLINK_FOREACH(ptr, service_list.head)
330 {
331 sendto_one_numeric(data->client, RPL_STATSULINE,
332 form_str(RPL_STATSULINE),
333 (const char *)ptr->data, "*", "*", "s");
334 }
335 }
336 }
Fork of solanum ircd, history is rebased regularly