* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
- *
- * $Id: m_server.c 3291 2007-03-28 14:30:10Z jilles $
*/
#include "stdinc.h"
#include "client.h" /* client struct */
-#include "common.h" /* TRUE bleah */
#include "hash.h" /* add_to_client_hash */
#include "match.h"
#include "ircd.h" /* me */
#include "parse.h"
#include "modules.h"
-static int mr_server(struct Client *, struct Client *, int, const char **);
-static int ms_server(struct Client *, struct Client *, int, const char **);
-static int ms_sid(struct Client *, struct Client *, int, const char **);
+static const char server_desc[] =
+ "Provides the TS6 commands to introduce a new server to the network";
+
+static void mr_server(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
+static void ms_server(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
+static void ms_sid(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
+
+static bool bogus_host(const char *host);
+static void set_server_gecos(struct Client *, const char *);
struct Message server_msgtab = {
- "SERVER", 0, 0, 0, MFLG_SLOW | MFLG_UNREG,
+ "SERVER", 0, 0, 0, 0,
{{mr_server, 4}, mg_reg, mg_ignore, {ms_server, 4}, mg_ignore, mg_reg}
};
struct Message sid_msgtab = {
- "SID", 0, 0, 0, MFLG_SLOW,
+ "SID", 0, 0, 0, 0,
{mg_ignore, mg_reg, mg_ignore, {ms_sid, 5}, mg_ignore, mg_reg}
};
mapi_clist_av1 server_clist[] = { &server_msgtab, &sid_msgtab, NULL };
-DECLARE_MODULE_AV1(server, NULL, NULL, server_clist, NULL, NULL, "$Revision: 3291 $");
-
-int bogus_host(const char *host);
-static int set_server_gecos(struct Client *, const char *);
+DECLARE_MODULE_AV2(server, NULL, NULL, server_clist, NULL, NULL, NULL, NULL, server_desc);
/*
* mr_server - SERVER message handler
* parv[2] = serverinfo/hopcount
* parv[3] = serverinfo
*/
-static int
-mr_server(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
+static void
+mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
char info[REALLEN + 1];
const char *name;
struct Client *target_p;
int hop;
+ unsigned int required_mask;
+ const char *missing;
+ int ret;
name = parv[1];
hop = atoi(parv[2]);
if (IsHandshake(client_p) && irccmp(client_p->name, name))
{
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Server %s has unexpected name %s",
client_p->name, name);
ilog(L_SERVER, "Server %s has unexpected name %s",
log_client_name(client_p, SHOW_IP), name);
exit_client(client_p, client_p, client_p, "Server name mismatch");
- return 0;
+ return;
}
- /*
+ /*
* Reject a direct nonTS server connection if we're TS_ONLY -orabidoo
*/
if(!DoesTS(client_p))
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL, "Link %s dropped, non-TS server",
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, non-TS server",
client_p->name);
exit_client(client_p, client_p, client_p, "Non-TS server");
- return 0;
+ return;
}
if(bogus_host(name))
{
exit_client(client_p, client_p, client_p, "Bogus server name");
- return 0;
+ return;
}
/* Now we just have to call check_server and everything should be
* check for us... -A1kmm. */
- switch (check_server(name, client_p))
+ ret = check_server(name, client_p);
+ switch (ret)
{
+ case 0:
+ /* success */
+ break;
case -1:
if(ConfigFileEntry.warn_no_nline)
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Unauthorised server connection attempt from %s: "
"No entry for servername %s",
"[@255.255.255.255]", name);
}
exit_client(client_p, client_p, client_p, "Invalid servername.");
- return 0;
+ return;
/* NOT REACHED */
break;
case -2:
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Unauthorised server connection attempt from %s: "
- "Bad password for server %s",
+ "Bad credentials for server %s",
"[@255.255.255.255]", name);
- ilog(L_SERVER, "Access denied, invalid password for server %s%s",
+ ilog(L_SERVER, "Access denied, invalid credentials for server %s%s",
EmptyString(client_p->name) ? name : "",
log_client_name(client_p, SHOW_IP));
- exit_client(client_p, client_p, client_p, "Invalid password.");
- return 0;
+ exit_client(client_p, client_p, client_p, "Invalid credentials.");
+ return;
/* NOT REACHED */
break;
case -3:
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Unauthorised server connection attempt from %s: "
"Invalid host for server %s",
"[@255.255.255.255]", name);
log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Invalid host.");
- return 0;
+ return;
/* NOT REACHED */
break;
/* servername is > HOSTLEN */
case -4:
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Invalid servername %s from %s",
name, "[@255.255.255.255]");
ilog(L_SERVER, "Access denied, invalid servername from %s",
log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Invalid servername.");
- return 0;
+ return;
/* NOT REACHED */
break;
case -5:
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Connection from servername %s requires SSL/TLS but is plaintext",
name);
- ilog(L_SERVER, "Access denied, requires SSL/TLS but is plaintext from %s",
+ ilog(L_SERVER, "Access denied, requires SSL/TLS but is plaintext from %s",
log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
- return 0;
+ return;
+ case -6:
+ if (client_p->certfp)
+ {
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Connection from servername %s has invalid certificate fingerprint %s",
+ name, client_p->certfp);
+ ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
+ client_p->certfp, log_client_name(client_p, SHOW_IP));
+ exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
+ }
+ else
+ {
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Connection from servername %s failed certificate validation",
+ name);
+ ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
+ log_client_name(client_p, SHOW_IP));
+ exit_client(client_p, client_p, client_p, "Invalid certificate.");
+ }
+
+ return;
+ case -7:
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Connection from servername %s rejected, no more connections allowed in class",
+ name);
+ ilog(L_SERVER, "Access denied, no more connections allowed in class for %s",
+ log_client_name(client_p, SHOW_IP));
+
+ exit_client(client_p, client_p, client_p, "Access denied, no more connections allowed in class");
+ return;
+ default:
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Connection from servername %s rejected, unknown error %d",
+ name, ret);
+ ilog(L_SERVER, "Access denied, unknown error %d for server %s%s", ret,
+ EmptyString(client_p->name) ? name : "",
+ log_client_name(client_p, SHOW_IP));
+
+ exit_client(client_p, client_p, client_p, "Unknown error.");
+ return;
}
/* require TS6 for direct links */
if(!IsCapable(client_p, CAP_TS6))
{
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s dropped, TS6 protocol is required", name);
exit_client(client_p, client_p, client_p, "Incompatible TS version");
- return 0;
+ return;
+ }
+
+ /* check to ensure any "required" caps are set. --nenolod */
+ required_mask = capability_index_get_required(serv_capindex);
+ if (!IsCapable(client_p, required_mask))
+ {
+ missing = capability_index_list(serv_capindex, required_mask &
+ ~client_p->localClient->caps);
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Link %s dropped, required CAPABs [%s] are missing",
+ name, missing);
+ ilog(L_SERVER, "Link %s%s dropped, required CAPABs [%s] are missing",
+ EmptyString(client_p->name) ? name : "",
+ log_client_name(client_p, SHOW_IP), missing);
+ /* Do not use '[' in the below message because it would cause
+ * it to be considered potentially unsafe (might disclose IP
+ * addresses)
+ */
+ sendto_one(client_p, "ERROR :Missing required CAPABs (%s)", missing);
+ exit_client(client_p, client_p, client_p, "Missing required CAPABs");
+
+ return;
}
if((target_p = find_server(NULL, name)))
}
else
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Attempt to re-introduce server %s from %s",
name, "[@255.255.255.255]");
ilog(L_SERVER, "Attempt to re-introduce server %s from %s",
sendto_one(client_p, "ERROR :Server already exists.");
}
exit_client(client_p, client_p, client_p, "Server Exists");
- return 0;
+ return;
}
- if(has_id(client_p) && (target_p = find_id(client_p->id)) != NULL)
- {
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
- "Attempt to re-introduce SID %s from %s%s (already in use by %s)",
- client_p->id,
- EmptyString(client_p->name) ? name : "",
- client_p->name, target_p->name);
- ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)",
- client_p->id,
- EmptyString(client_p->name) ? name : "",
- log_client_name(client_p, SHOW_IP),
- target_p->name);
-
- sendto_one(client_p, "ERROR :SID already exists.");
- exit_client(client_p, client_p, client_p, "SID Exists");
- return 0;
+ if (client_p->preClient && !EmptyString(client_p->preClient->id)) {
+ if ((target_p = find_id(client_p->preClient->id)) != NULL) {
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Attempt to re-introduce SID %s from %s%s (already in use by %s)",
+ client_p->preClient->id,
+ EmptyString(client_p->name) ? name : "",
+ client_p->name, target_p->name);
+ ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)",
+ client_p->preClient->id,
+ EmptyString(client_p->name) ? name : "",
+ log_client_name(client_p, SHOW_IP),
+ target_p->name);
+
+ sendto_one(client_p, "ERROR :SID already exists.");
+ exit_client(client_p, client_p, client_p, "SID Exists");
+ return;
+ } else {
+ rb_strlcpy(client_p->id, client_p->preClient->id, sizeof(client_p->id));
+ }
}
/*
set_server_gecos(client_p, info);
client_p->hopcount = hop;
server_estab(client_p);
-
- return 0;
}
/*
* parv[2] = serverinfo/hopcount
* parv[3] = serverinfo
*/
-static int
-ms_server(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
+static void
+ms_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
char info[REALLEN + 1];
/* same size as in s_misc.c */
const char *name;
struct Client *target_p;
- struct remote_conf *hub_p;
hook_data_client hdata;
int hop;
- int hlined = 0;
- int llined = 0;
- rb_dlink_node *ptr;
char squitreason[160];
name = parv[1];
hop = atoi(parv[2]);
rb_strlcpy(info, parv[3], sizeof(info));
- if((target_p = find_server(NULL, name)))
+ if(find_server(NULL, name))
{
/*
* This link is trying feed me a server that I already have
* that already exists, then sends you a client burst, you squit the
* server, but you keep getting the burst of clients on a server that
* doesnt exist, although ircd can handle it, its not a realistic
- * solution.. --fl_
+ * solution.. --fl_
*/
ilog(L_SERVER, "Link %s cancelled, server %s already exists",
client_p->name, name);
- rb_snprintf(squitreason, sizeof squitreason,
+ snprintf(squitreason, sizeof squitreason,
"Server %s already exists",
name);
exit_client(client_p, client_p, &me, squitreason);
- return 0;
+ return;
}
- /*
+ /*
* User nicks never have '.' in them and server names
* must always have '.' in them.
*/
* for a while and servers to send stuff to the wrong place.
*/
sendto_one(client_p, "ERROR :Nickname %s already exists!", name);
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s cancelled: Server/nick collision on %s",
client_p->name, name);
ilog(L_SERVER, "Link %s cancelled: Server/nick collision on %s",
client_p->name, name);
exit_client(client_p, client_p, client_p, "Nick as Server");
- return 0;
+ return;
}
/*
* server links...
*/
- /*
- * See if the newly found server is behind a guaranteed
- * leaf. If so, close the link.
- *
- */
- RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head)
- {
- hub_p = ptr->data;
-
- if(match(hub_p->server, client_p->name) && match(hub_p->host, name))
- {
- if(hub_p->flags & CONF_HUB)
- hlined++;
- else
- llined++;
- }
- }
-
- /* Ok, this way this works is
- *
- * A server can have a CONF_HUB allowing it to introduce servers
- * behind it.
- *
- * connect {
- * name = "irc.bighub.net";
- * hub_mask="*";
- * ...
- *
- * That would allow "irc.bighub.net" to introduce anything it wanted..
- *
- * However
- *
- * connect {
- * name = "irc.somehub.fi";
- * hub_mask="*";
- * leaf_mask="*.edu";
- *...
- * Would allow this server in finland to hub anything but
- * .edu's
- */
-
- /* Ok, check client_p can hub the new server */
- if(!hlined)
- {
- /* OOOPs nope can't HUB */
- sendto_realops_snomask(SNO_GENERAL, L_ALL, "Non-Hub link %s introduced %s.",
- client_p->name, name);
- ilog(L_SERVER, "Non-Hub link %s introduced %s.",
- client_p->name, name);
-
- rb_snprintf(squitreason, sizeof squitreason,
- "No matching hub_mask for %s",
- name);
- exit_client(NULL, client_p, &me, squitreason);
- return 0;
- }
-
- /* Check for the new server being leafed behind this HUB */
- if(llined)
- {
- /* OOOPs nope can't HUB this leaf */
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "Link %s introduced leafed server %s.",
- client_p->name, name);
- ilog(L_SERVER, "Link %s introduced leafed server %s.",
- client_p->name, name);
-
- rb_snprintf(squitreason, sizeof squitreason,
- "Matching leaf_mask for %s",
- name);
- exit_client(NULL, client_p, &me, squitreason);
- return 0;
- }
-
-
-
if(strlen(name) > HOSTLEN)
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s introduced server with invalid servername %s",
client_p->name, name);
ilog(L_SERVER, "Link %s introduced server with invalid servername %s",
client_p->name, name);
exit_client(NULL, client_p, &me, "Invalid servername introduced.");
- return 0;
+ return;
}
target_p = make_client(client_p);
hdata.client = source_p;
hdata.target = target_p;
call_hook(h_server_introduced, &hdata);
-
- return 0;
}
-static int
-ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
+static void
+ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
struct Client *target_p;
- struct remote_conf *hub_p;
hook_data_client hdata;
- rb_dlink_node *ptr;
- int hop;
- int hlined = 0;
- int llined = 0;
char squitreason[160];
- hop = atoi(parv[2]);
-
/* collision on the name? */
- if((target_p = find_server(NULL, parv[1])) != NULL)
+ if(find_server(NULL, parv[1]) != NULL)
{
ilog(L_SERVER, "Link %s cancelled, server %s already exists",
client_p->name, parv[1]);
- rb_snprintf(squitreason, sizeof squitreason,
+ snprintf(squitreason, sizeof squitreason,
"Server %s already exists",
parv[1]);
exit_client(NULL, client_p, &me, squitreason);
- return 0;
+ return;
}
/* collision on the SID? */
ilog(L_SERVER, "Link %s cancelled, SID %s for server %s already in use by %s",
client_p->name, parv[3], parv[1], target_p->name);
- rb_snprintf(squitreason, sizeof squitreason,
+ snprintf(squitreason, sizeof squitreason,
"SID %s for %s already in use by %s",
parv[3], parv[1], target_p->name);
exit_client(NULL, client_p, &me, squitreason);
- return 0;
+ return;
}
if(bogus_host(parv[1]) || strlen(parv[1]) > HOSTLEN)
{
sendto_one(client_p, "ERROR :Invalid servername");
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s cancelled, servername %s invalid",
client_p->name, parv[1]);
ilog(L_SERVER, "Link %s cancelled, servername %s invalid",
client_p->name, parv[1]);
exit_client(NULL, client_p, &me, "Bogus server name");
- return 0;
+ return;
}
if(!IsDigit(parv[3][0]) || !IsIdChar(parv[3][1]) ||
!IsIdChar(parv[3][2]) || parv[3][3] != '\0')
{
sendto_one(client_p, "ERROR :Invalid SID");
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s cancelled, SID %s invalid",
client_p->name, parv[3]);
ilog(L_SERVER, "Link %s cancelled, SID %s invalid",
client_p->name, parv[3]);
exit_client(NULL, client_p, &me, "Bogus SID");
- return 0;
- }
-
- /* for the directly connected server:
- * H: allows it to introduce a server matching that mask
- * L: disallows it introducing a server matching that mask
- */
- RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head)
- {
- hub_p = ptr->data;
-
- if(match(hub_p->server, client_p->name) && match(hub_p->host, parv[1]))
- {
- if(hub_p->flags & CONF_HUB)
- hlined++;
- else
- llined++;
- }
- }
-
- /* no matching hub_mask */
- if(!hlined)
- {
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "Non-Hub link %s introduced %s.",
- client_p->name, parv[1]);
- ilog(L_SERVER, "Non-Hub link %s introduced %s.",
- client_p->name, parv[1]);
-
- rb_snprintf(squitreason, sizeof squitreason,
- "No matching hub_mask for %s",
- parv[1]);
- exit_client(NULL, client_p, &me, squitreason);
- return 0;
- }
-
- /* matching leaf_mask */
- if(llined)
- {
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "Link %s introduced leafed server %s.",
- client_p->name, parv[1]);
- ilog(L_SERVER, "Link %s introduced leafed server %s.",
- client_p->name, parv[1]);
-
- rb_snprintf(squitreason, sizeof squitreason,
- "Matching leaf_mask for %s",
- parv[1]);
- exit_client(NULL, client_p, &me, squitreason);
- return 0;
+ return;
}
/* ok, alls good */
rb_strlcpy(target_p->name, parv[1], sizeof(target_p->name));
target_p->hopcount = atoi(parv[2]);
- strcpy(target_p->id, parv[3]);
+ rb_strlcpy(target_p->id, parv[3], sizeof(target_p->id));
set_server_gecos(target_p, parv[4]);
target_p->servptr = source_p;
hdata.client = source_p;
hdata.target = target_p;
call_hook(h_server_introduced, &hdata);
-
- return 0;
}
/* set_server_gecos()
* output - none
* side effects - servers gecos field is set
*/
-static int
+static void
set_server_gecos(struct Client *client_p, const char *info)
{
/* check the info for [IP] */
{
char *p;
char *s;
- char *t;
s = LOCAL_COPY(info);
*p = '\0';
/* check for a ] which would symbolise an [IP] */
- if((t = strchr(s, ']')))
+ if(strchr(s, ']'))
{
/* set s to after the first space */
if(p)
if(s && (*s != '\0'))
{
rb_strlcpy(client_p->info, s, sizeof(client_p->info));
- return 1;
+ return;
}
}
}
rb_strlcpy(client_p->info, "(Unknown Location)", sizeof(client_p->info));
-
- return 1;
}
/*
* bogus_host
*
* inputs - hostname
- * output - 1 if a bogus hostname input, 0 if its valid
+ * output - true if a bogus hostname input, false if its valid
* side effects - none
*/
-int
+static bool
bogus_host(const char *host)
{
- int bogus_server = 0;
+ bool bogus_server = false;
const char *s;
int dots = 0;
{
if(!IsServChar(*s))
{
- bogus_server = 1;
+ bogus_server = true;
break;
}
if('.' == *s)
}
if(!dots || bogus_server)
- return 1;
+ return true;
- return 0;
+ return false;
}