#include "stdinc.h"
#include "client.h" /* client struct */
-#include "common.h"
#include "hash.h" /* add_to_client_hash */
#include "match.h"
#include "ircd.h" /* me */
int hop;
unsigned int required_mask;
const char *missing;
+ int ret;
name = parv[1];
hop = atoi(parv[2]);
if (IsHandshake(client_p) && irccmp(client_p->name, name))
{
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Server %s has unexpected name %s",
client_p->name, name);
ilog(L_SERVER, "Server %s has unexpected name %s",
*/
if(!DoesTS(client_p))
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL, "Link %s dropped, non-TS server",
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, non-TS server",
client_p->name);
exit_client(client_p, client_p, client_p, "Non-TS server");
return;
/* Now we just have to call check_server and everything should be
* check for us... -A1kmm. */
- switch (check_server(name, client_p))
+ ret = check_server(name, client_p);
+ switch (ret)
{
+ case 0:
+ /* success */
+ break;
case -1:
if(ConfigFileEntry.warn_no_nline)
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Unauthorised server connection attempt from %s: "
"No entry for servername %s",
"[@255.255.255.255]", name);
break;
case -2:
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Unauthorised server connection attempt from %s: "
"Bad credentials for server %s",
"[@255.255.255.255]", name);
break;
case -3:
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Unauthorised server connection attempt from %s: "
"Invalid host for server %s",
"[@255.255.255.255]", name);
/* servername is > HOSTLEN */
case -4:
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Invalid servername %s from %s",
name, "[@255.255.255.255]");
ilog(L_SERVER, "Access denied, invalid servername from %s",
/* NOT REACHED */
break;
case -5:
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Connection from servername %s requires SSL/TLS but is plaintext",
name);
ilog(L_SERVER, "Access denied, requires SSL/TLS but is plaintext from %s",
exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
return;
+ case -6:
+ if (client_p->certfp)
+ {
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Connection from servername %s has invalid certificate fingerprint %s",
+ name, client_p->certfp);
+ ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
+ client_p->certfp, log_client_name(client_p, SHOW_IP));
+ exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
+ }
+ else
+ {
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Connection from servername %s failed certificate validation",
+ name);
+ ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
+ log_client_name(client_p, SHOW_IP));
+ exit_client(client_p, client_p, client_p, "Invalid certificate.");
+ }
+
+ return;
+ case -7:
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Connection from servername %s rejected, no more connections allowed in class",
+ name);
+ ilog(L_SERVER, "Access denied, no more connections allowed in class for %s",
+ log_client_name(client_p, SHOW_IP));
+
+ exit_client(client_p, client_p, client_p, "Access denied, no more connections allowed in class");
+ return;
+ default:
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Connection from servername %s rejected, unknown error %d",
+ name, ret);
+ ilog(L_SERVER, "Access denied, unknown error %d for server %s%s", ret,
+ EmptyString(client_p->name) ? name : "",
+ log_client_name(client_p, SHOW_IP));
+
+ exit_client(client_p, client_p, client_p, "Unknown error.");
+ return;
}
/* require TS6 for direct links */
if(!IsCapable(client_p, CAP_TS6))
{
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s dropped, TS6 protocol is required", name);
exit_client(client_p, client_p, client_p, "Incompatible TS version");
return;
{
missing = capability_index_list(serv_capindex, required_mask &
~client_p->localClient->caps);
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s dropped, required CAPABs [%s] are missing",
name, missing);
ilog(L_SERVER, "Link %s%s dropped, required CAPABs [%s] are missing",
}
else
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Attempt to re-introduce server %s from %s",
name, "[@255.255.255.255]");
ilog(L_SERVER, "Attempt to re-introduce server %s from %s",
return;
}
- if(has_id(client_p) && (target_p = find_id(client_p->id)) != NULL)
- {
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
- "Attempt to re-introduce SID %s from %s%s (already in use by %s)",
- client_p->id,
- EmptyString(client_p->name) ? name : "",
- client_p->name, target_p->name);
- ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)",
- client_p->id,
- EmptyString(client_p->name) ? name : "",
- log_client_name(client_p, SHOW_IP),
- target_p->name);
-
- sendto_one(client_p, "ERROR :SID already exists.");
- exit_client(client_p, client_p, client_p, "SID Exists");
- return;
+ if (client_p->preClient && !EmptyString(client_p->preClient->id)) {
+ if ((target_p = find_id(client_p->preClient->id)) != NULL) {
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "Attempt to re-introduce SID %s from %s%s (already in use by %s)",
+ client_p->preClient->id,
+ EmptyString(client_p->name) ? name : "",
+ client_p->name, target_p->name);
+ ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)",
+ client_p->preClient->id,
+ EmptyString(client_p->name) ? name : "",
+ log_client_name(client_p, SHOW_IP),
+ target_p->name);
+
+ sendto_one(client_p, "ERROR :SID already exists.");
+ exit_client(client_p, client_p, client_p, "SID Exists");
+ return;
+ } else {
+ rb_strlcpy(client_p->id, client_p->preClient->id, sizeof(client_p->id));
+ }
}
/*
/* same size as in s_misc.c */
const char *name;
struct Client *target_p;
- struct remote_conf *hub_p;
hook_data_client hdata;
int hop;
- int hlined = 0;
- int llined = 0;
- rb_dlink_node *ptr;
char squitreason[160];
name = parv[1];
* for a while and servers to send stuff to the wrong place.
*/
sendto_one(client_p, "ERROR :Nickname %s already exists!", name);
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s cancelled: Server/nick collision on %s",
client_p->name, name);
ilog(L_SERVER, "Link %s cancelled: Server/nick collision on %s",
* server links...
*/
- /*
- * See if the newly found server is behind a guaranteed
- * leaf. If so, close the link.
- *
- */
- RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head)
- {
- hub_p = ptr->data;
-
- if(match(hub_p->server, client_p->name) && match(hub_p->host, name))
- {
- if(hub_p->flags & CONF_HUB)
- hlined++;
- else
- llined++;
- }
- }
-
- /* Ok, this way this works is
- *
- * A server can have a CONF_HUB allowing it to introduce servers
- * behind it.
- *
- * connect {
- * name = "irc.bighub.net";
- * hub_mask="*";
- * ...
- *
- * That would allow "irc.bighub.net" to introduce anything it wanted..
- *
- * However
- *
- * connect {
- * name = "irc.somehub.fi";
- * hub_mask="*";
- * leaf_mask="*.edu";
- *...
- * Would allow this server in finland to hub anything but
- * .edu's
- */
-
- /* Ok, check client_p can hub the new server */
- if(!hlined)
- {
- /* OOOPs nope can't HUB */
- sendto_realops_snomask(SNO_GENERAL, L_ALL, "Non-Hub link %s introduced %s.",
- client_p->name, name);
- ilog(L_SERVER, "Non-Hub link %s introduced %s.",
- client_p->name, name);
-
- snprintf(squitreason, sizeof squitreason,
- "No matching hub_mask for %s",
- name);
- exit_client(NULL, client_p, &me, squitreason);
- return;
- }
-
- /* Check for the new server being leafed behind this HUB */
- if(llined)
- {
- /* OOOPs nope can't HUB this leaf */
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "Link %s introduced leafed server %s.",
- client_p->name, name);
- ilog(L_SERVER, "Link %s introduced leafed server %s.",
- client_p->name, name);
-
- snprintf(squitreason, sizeof squitreason,
- "Matching leaf_mask for %s",
- name);
- exit_client(NULL, client_p, &me, squitreason);
- return;
- }
-
-
-
if(strlen(name) > HOSTLEN)
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s introduced server with invalid servername %s",
client_p->name, name);
ilog(L_SERVER, "Link %s introduced server with invalid servername %s",
ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
struct Client *target_p;
- struct remote_conf *hub_p;
hook_data_client hdata;
- rb_dlink_node *ptr;
- int hlined = 0;
- int llined = 0;
char squitreason[160];
/* collision on the name? */
if(bogus_host(parv[1]) || strlen(parv[1]) > HOSTLEN)
{
sendto_one(client_p, "ERROR :Invalid servername");
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s cancelled, servername %s invalid",
client_p->name, parv[1]);
ilog(L_SERVER, "Link %s cancelled, servername %s invalid",
!IsIdChar(parv[3][2]) || parv[3][3] != '\0')
{
sendto_one(client_p, "ERROR :Invalid SID");
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Link %s cancelled, SID %s invalid",
client_p->name, parv[3]);
ilog(L_SERVER, "Link %s cancelled, SID %s invalid",
return;
}
- /* for the directly connected server:
- * H: allows it to introduce a server matching that mask
- * L: disallows it introducing a server matching that mask
- */
- RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head)
- {
- hub_p = ptr->data;
-
- if(match(hub_p->server, client_p->name) && match(hub_p->host, parv[1]))
- {
- if(hub_p->flags & CONF_HUB)
- hlined++;
- else
- llined++;
- }
- }
-
- /* no matching hub_mask */
- if(!hlined)
- {
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "Non-Hub link %s introduced %s.",
- client_p->name, parv[1]);
- ilog(L_SERVER, "Non-Hub link %s introduced %s.",
- client_p->name, parv[1]);
-
- snprintf(squitreason, sizeof squitreason,
- "No matching hub_mask for %s",
- parv[1]);
- exit_client(NULL, client_p, &me, squitreason);
- return;
- }
-
- /* matching leaf_mask */
- if(llined)
- {
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "Link %s introduced leafed server %s.",
- client_p->name, parv[1]);
- ilog(L_SERVER, "Link %s introduced leafed server %s.",
- client_p->name, parv[1]);
-
- snprintf(squitreason, sizeof squitreason,
- "Matching leaf_mask for %s",
- parv[1]);
- exit_client(NULL, client_p, &me, squitreason);
- return;
- }
-
/* ok, alls good */
target_p = make_client(client_p);
make_server(target_p);
rb_strlcpy(target_p->name, parv[1], sizeof(target_p->name));
target_p->hopcount = atoi(parv[2]);
- strcpy(target_p->id, parv[3]);
+ rb_strlcpy(target_p->id, parv[3], sizeof(target_p->id));
set_server_gecos(target_p, parv[4]);
target_p->servptr = source_p;