* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
- *
- * $Id: m_webirc.c 2757 2006-11-10 22:58:15Z jilles $
*/
/* Usage:
* auth {
* };
* Possible flags:
* encrypted - password is encrypted (recommended)
- * kline_exempt - k/g lines on the cgiirc ip are ignored
- * gline_exempt - glines on the cgiirc ip are ignored
+ * kline_exempt - klines on the cgiirc ip are ignored
* dlines are checked on the cgiirc ip (of course).
- * k/d/g/x lines, auth blocks, user limits, etc are checked using the
+ * k/d/x lines, auth blocks, user limits, etc are checked using the
* real host/ip.
* The password should be specified unencrypted in webirc_password in
* cgiirc.config
#include "stdinc.h"
#include "client.h" /* client struct */
-#include "irc_string.h"
+#include "match.h"
#include "hostmask.h"
#include "send.h" /* sendto_one */
#include "numeric.h" /* ERR_xxx */
#include "s_serv.h"
#include "hash.h"
#include "s_conf.h"
+#include "reject.h"
+
+static const char webirc_desc[] = "Adds support for the WebIRC system";
-static int mr_webirc(struct Client *, struct Client *, int, const char **);
+static void mr_webirc(struct MsgBuf *msgbuf_p, struct Client *, struct Client *, int, const char **);
struct Message webirc_msgtab = {
- "WEBIRC", 0, 0, 0, MFLG_SLOW | MFLG_UNREG,
- {{mr_webirc, 4}, mg_reg, mg_ignore, mg_ignore, mg_ignore, mg_reg}
+ "WEBIRC", 0, 0, 0, 0,
+ {{mr_webirc, 5}, mg_reg, mg_ignore, mg_ignore, mg_ignore, mg_reg}
};
mapi_clist_av1 webirc_clist[] = { &webirc_msgtab, NULL };
-DECLARE_MODULE_AV1(webirc, NULL, NULL, webirc_clist, NULL, NULL, "$Revision: 20702 $");
+
+static void new_local_user(void *data);
+mapi_hfn_list_av1 webirc_hfnlist[] = {
+ /* unintuitive but correct--we want to be called first */
+ { "new_local_user", new_local_user, HOOK_LOWEST },
+ { NULL, NULL }
+};
+
+DECLARE_MODULE_AV2(webirc, NULL, NULL, webirc_clist, NULL, webirc_hfnlist, NULL, NULL, webirc_desc);
/*
* mr_webirc - webirc message handler
- * parv[0] = sender prefix
- * parv[1] = password
- * parv[2] = fake username (we ignore this)
- * parv[3] = fake hostname
+ * parv[1] = password
+ * parv[2] = fake username (we ignore this)
+ * parv[3] = fake hostname
* parv[4] = fake ip
*/
-static int
-mr_webirc(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
+static void
+mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
struct ConfItem *aconf;
const char *encr;
+ struct rb_sockaddr_storage addr;
+
+ int secure = 0;
- if (!strchr(parv[4], '.') && !strchr(parv[4], ':'))
+ if (source_p->flags & FLAGS_SENTUSER || !EmptyString(source_p->name))
{
- sendto_one(source_p, "NOTICE * :Invalid IP");
- return 0;
+ exit_client(client_p, source_p, &me, "WEBIRC may not follow NICK/USER");
}
- aconf = find_address_conf(client_p->host, client_p->sockhost,
+ aconf = find_address_conf(client_p->host, client_p->sockhost,
IsGotId(client_p) ? client_p->username : "webirc",
IsGotId(client_p) ? client_p->username : "webirc",
(struct sockaddr *) &client_p->localClient->ip,
- client_p->localClient->ip.ss_family);
+ GET_SS_FAMILY(&client_p->localClient->ip), NULL);
+
if (aconf == NULL || !(aconf->status & CONF_CLIENT))
- return 0;
- if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->name, "webirc."))
+ return;
+
+ if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->info.name, "webirc."))
{
/* XXX */
- sendto_one(source_p, "NOTICE * :Not a CGI:IRC auth block");
- return 0;
+ exit_client(client_p, source_p, &me, "Not a CGI:IRC auth block");
+ return;
}
if (EmptyString(aconf->passwd))
{
- sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password");
- return 0;
+ exit_client(client_p, source_p, &me, "CGI:IRC auth blocks must have a password");
+ return;
+ }
+ if (!IsSecure(source_p) && aconf->flags & CONF_FLAGS_NEED_SSL)
+ {
+ exit_client(client_p, source_p, &me, "Your CGI:IRC block requires TLS");
+ return;
}
if (EmptyString(parv[1]))
encr = "";
else if (IsConfEncrypted(aconf))
- encr = crypt(parv[1], aconf->passwd);
+ encr = rb_crypt(parv[1], aconf->passwd);
else
encr = parv[1];
- if (strcmp(encr, aconf->passwd))
+ if (encr == NULL || strcmp(encr, aconf->passwd))
{
- sendto_one(source_p, "NOTICE * :CGI:IRC password incorrect");
- return 0;
+ exit_client(client_p, source_p, &me, "CGI:IRC password incorrect");
+ return;
}
+ if (rb_inet_pton_sock(parv[4], &addr) <= 0)
+ {
+ exit_client(client_p, source_p, &me, "Invalid IP");
+ return;
+ }
- strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost));
+ source_p->localClient->ip = addr;
+ source_p->username[0] = '\0';
+ ClearGotId(source_p);
+
+ if (parc >= 6)
+ {
+ const char *s;
+ for (s = parv[5]; s != NULL; (s = strchr(s, ' ')) && s++)
+ {
+ if (!ircncmp(s, "secure", 6) && (s[6] == '=' || s[6] == ' ' || s[6] == '\0'))
+ secure = 1;
+ }
+ }
+
+ if (secure && !IsSecure(source_p))
+ {
+ sendto_one(source_p, "NOTICE * :CGI:IRC is not connected securely; marking you as insecure");
+ secure = 0;
+ }
+
+ if (!secure)
+ {
+ ClearSecure(source_p);
+ }
+
+ rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost));
if(strlen(parv[3]) <= HOSTLEN)
- strlcpy(source_p->host, parv[3], sizeof(source_p->host));
+ rb_strlcpy(source_p->host, parv[3], sizeof(source_p->host));
else
- strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));
-
- inetpton_sock(parv[4], (struct sockaddr *)&source_p->localClient->ip);
+ rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));
- /* Check dlines now, k/glines will be checked on registration */
- if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip,
- source_p->localClient->ip.ss_family)))
+ /* Check dlines now, klines will be checked on registration */
+ if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip,
+ GET_SS_FAMILY(&source_p->localClient->ip))))
{
if(!(aconf->status & CONF_EXEMPTDLINE))
{
exit_client(client_p, source_p, &me, "D-lined");
- return 0;
+ return;
}
}
sendto_one(source_p, "NOTICE * :CGI:IRC host/IP set to %s %s", parv[3], parv[4]);
- return 0;
+}
+
+static void
+new_local_user(void *data)
+{
+ struct Client *source_p = data;
+ struct ConfItem *aconf = source_p->localClient->att_conf;
+
+ if (aconf == NULL)
+ return;
+
+ if (!irccmp(aconf->info.name, "webirc."))
+ exit_client(source_p, source_p, &me, "Cannot log in using a WEBIRC block");
}
projects / solanum.git / blobdiff