#include "msg.h"
#include "reject.h"
#include "sslproc.h"
+#include "capability.h"
#ifndef INADDR_NONE
#define INADDR_NONE ((unsigned int) 0xffffffff)
#endif
-#ifndef HAVE_SOCKETPAIR
-static int inet_socketpair(int d, int type, int protocol, int sv[2]);
-#endif
-
int MaxConnectionCount = 1;
int MaxClientCount = 1;
int refresh_user_links = 0;
* because all servers that we talk to already do TS, and the kludged
* extra argument to "PASS" takes care of checking that. -orabidoo
*/
-struct Capability captab[] = {
-/* name cap */
- { "QS", CAP_QS },
- { "EX", CAP_EX },
- { "CHW", CAP_CHW},
- { "IE", CAP_IE},
- { "KLN", CAP_KLN},
- { "KNOCK", CAP_KNOCK},
- { "ZIP", CAP_ZIP},
- { "TB", CAP_TB},
- { "UNKLN", CAP_UNKLN},
- { "CLUSTER", CAP_CLUSTER},
- { "ENCAP", CAP_ENCAP },
- { "SERVICES", CAP_SERVICE },
- { "RSFNC", CAP_RSFNC },
- { "SAVE", CAP_SAVE },
- { "EUID", CAP_EUID },
- {0, 0}
-};
+struct CapabilityIndex *serv_capindex = NULL;
+
+unsigned int CAP_CAP;
+unsigned int CAP_QS;
+unsigned int CAP_EX;
+unsigned int CAP_CHW;
+unsigned int CAP_IE;
+unsigned int CAP_KLN;
+unsigned int CAP_ZIP;
+unsigned int CAP_KNOCK;
+unsigned int CAP_TB;
+unsigned int CAP_UNKLN;
+unsigned int CAP_CLUSTER;
+unsigned int CAP_ENCAP;
+unsigned int CAP_TS6;
+unsigned int CAP_SERVICE;
+unsigned int CAP_RSFNC;
+unsigned int CAP_SAVE;
+unsigned int CAP_EUID;
+unsigned int CAP_EOPMOD;
+unsigned int CAP_BAN;
+unsigned int CAP_MLOCK;
+
+/*
+ * initialize our builtin capability table. --nenolod
+ */
+void
+init_builtin_capabs(void)
+{
+ serv_capindex = capability_index_create("server capabilities");
+
+ /* These two are not set via CAPAB/GCAP keywords. */
+ CAP_CAP = capability_put_anonymous(serv_capindex);
+ CAP_TS6 = capability_put_anonymous(serv_capindex);
+
+ CAP_QS = capability_put(serv_capindex, "QS");
+ CAP_EX = capability_put(serv_capindex, "EX");
+ CAP_CHW = capability_put(serv_capindex, "CHW");
+ CAP_IE = capability_put(serv_capindex, "IE");
+ CAP_KLN = capability_put(serv_capindex, "KLN");
+ CAP_KNOCK = capability_put(serv_capindex, "KNOCK");
+ CAP_ZIP = capability_put(serv_capindex, "ZIP");
+ CAP_TB = capability_put(serv_capindex, "TB");
+ CAP_UNKLN = capability_put(serv_capindex, "UNKLN");
+ CAP_CLUSTER = capability_put(serv_capindex, "CLUSTER");
+ CAP_ENCAP = capability_put(serv_capindex, "ENCAP");
+ CAP_SERVICE = capability_put(serv_capindex, "SERVICES");
+ CAP_RSFNC = capability_put(serv_capindex, "RSFNC");
+ CAP_SAVE = capability_put(serv_capindex, "SAVE");
+ CAP_EUID = capability_put(serv_capindex, "EUID");
+ CAP_EOPMOD = capability_put(serv_capindex, "EOPMOD");
+ CAP_BAN = capability_put(serv_capindex, "BAN");
+ CAP_MLOCK = capability_put(serv_capindex, "MLOCK");
+
+ capability_require(serv_capindex, "QS");
+ capability_require(serv_capindex, "ENCAP");
+}
static CNCB serv_connect_callback;
static CNCB serv_connect_ssl_callback;
if(parc <= server || EmptyString(parv[server]) ||
match(parv[server], me.name) || (strcmp(parv[server], me.id) == 0))
return (HUNTED_ISME);
-
+
new = LOCAL_COPY(parv[server]);
/*
* Again, if there are no wild cards involved in the server
* name, use the hash lookup
*/
- if(!target_p)
+ if(!target_p && wilds)
{
- if(!wilds)
+ RB_DLINK_FOREACH(ptr, global_serv_list.head)
{
- if(MyClient(source_p) || !IsDigit(parv[server][0]))
- sendto_one_numeric(source_p, ERR_NOSUCHSERVER,
- form_str(ERR_NOSUCHSERVER),
- parv[server]);
- return (HUNTED_NOSUCH);
- }
- else
- {
- target_p = NULL;
-
- RB_DLINK_FOREACH(ptr, global_client_list.head)
+ if(match(new, ((struct Client *) (ptr->data))->name))
{
- if(match(new, ((struct Client *) (ptr->data))->name))
- {
- target_p = ptr->data;
- break;
- }
+ target_p = ptr->data;
+ break;
}
}
}
+ if(target_p && !IsRegistered(target_p))
+ target_p = NULL;
+
if(target_p)
{
- if(!IsRegistered(target_p))
- {
- sendto_one_numeric(source_p, ERR_NOSUCHSERVER,
- form_str(ERR_NOSUCHSERVER),
- parv[server]);
- return HUNTED_NOSUCH;
- }
-
if(IsMe(target_p) || MyClient(target_p))
return HUNTED_ISME;
struct server_conf *tmp_p;
rb_dlink_node *ptr;
int error = -1;
+ const char *encr;
s_assert(NULL != client_p);
if(client_p == NULL)
{
error = -2;
- if(ServerConfEncrypted(tmp_p))
+ if(tmp_p->passwd)
{
- if(!strcmp(tmp_p->passwd, rb_crypt(client_p->localClient->passwd,
- tmp_p->passwd)))
+ if(ServerConfEncrypted(tmp_p))
{
- server_p = tmp_p;
- break;
+ encr = rb_crypt(client_p->localClient->passwd,
+ tmp_p->passwd);
+ if(encr != NULL && !strcmp(tmp_p->passwd, encr))
+ {
+ server_p = tmp_p;
+ break;
+ }
+ else
+ continue;
}
+ else if(strcmp(tmp_p->passwd, client_p->localClient->passwd))
+ continue;
}
- else if(!strcmp(tmp_p->passwd, client_p->localClient->passwd))
+
+ if(tmp_p->certfp)
{
- server_p = tmp_p;
- break;
+ if(!client_p->certfp || strcasecmp(tmp_p->certfp, client_p->certfp) != 0)
+ continue;
}
+
+ server_p = tmp_p;
+ break;
}
}
*
*/
void
-send_capabilities(struct Client *client_p, int cap_can_send)
+send_capabilities(struct Client *client_p, unsigned int cap_can_send)
{
- struct Capability *cap;
- char msgbuf[BUFSIZE];
- char *t;
- int tl;
-
- t = msgbuf;
+ sendto_one(client_p, "CAPAB :%s", capability_index_list(serv_capindex, cap_can_send));
+}
- for (cap = captab; cap->name; ++cap)
+static void
+burst_ban(struct Client *client_p)
+{
+ rb_dlink_node *ptr;
+ struct ConfItem *aconf;
+ const char *type, *oper;
+ /* +5 for !,@,{,} and null */
+ char operbuf[NICKLEN + USERLEN + HOSTLEN + HOSTLEN + 5];
+ char *p;
+ size_t melen;
+
+ melen = strlen(me.name);
+ RB_DLINK_FOREACH(ptr, prop_bans.head)
{
- if(cap->cap & cap_can_send)
+ aconf = ptr->data;
+
+ /* Skip expired stuff. */
+ if(aconf->lifetime < rb_current_time())
+ continue;
+ switch(aconf->status & ~CONF_ILLEGAL)
{
- tl = rb_sprintf(t, "%s ", cap->name);
- t += tl;
+ case CONF_KILL: type = "K"; break;
+ case CONF_DLINE: type = "D"; break;
+ case CONF_XLINE: type = "X"; break;
+ case CONF_RESV_NICK: type = "R"; break;
+ case CONF_RESV_CHANNEL: type = "R"; break;
+ default:
+ continue;
}
+ oper = aconf->info.oper;
+ if(aconf->flags & CONF_FLAGS_MYOPER)
+ {
+ /* Our operator{} names may not be meaningful
+ * to other servers, so rewrite to our server
+ * name.
+ */
+ rb_strlcpy(operbuf, aconf->info.oper, sizeof buf);
+ p = strrchr(operbuf, '{');
+ if (p != NULL &&
+ operbuf + sizeof operbuf - p > (ptrdiff_t)(melen + 2))
+ {
+ memcpy(p + 1, me.name, melen);
+ p[melen + 1] = '}';
+ p[melen + 2] = '\0';
+ oper = operbuf;
+ }
+ }
+ sendto_one(client_p, ":%s BAN %s %s %s %lu %d %d %s :%s%s%s",
+ me.id,
+ type,
+ aconf->user ? aconf->user : "*", aconf->host,
+ (unsigned long)aconf->created,
+ (int)(aconf->hold - aconf->created),
+ (int)(aconf->lifetime - aconf->created),
+ oper,
+ aconf->passwd,
+ aconf->spasswd ? "|" : "",
+ aconf->spasswd ? aconf->spasswd : "");
}
-
- t--;
- *t = '\0';
-
- sendto_one(client_p, "CAPAB :%s", msgbuf);
}
/* burst_modes_TS6()
{
banptr = ptr->data;
- tlen = strlen(banptr->banstr) + 1;
+ tlen = strlen(banptr->banstr) + (banptr->forward ? strlen(banptr->forward) + 1 : 0) + 1;
/* uh oh */
if(cur_len + tlen > BUFSIZE - 3)
t = buf + mlen;
}
- rb_sprintf(t, "%s ", banptr->banstr);
+ if (banptr->forward)
+ rb_sprintf(t, "%s$%s ", banptr->banstr, banptr->forward);
+ else
+ rb_sprintf(t, "%s ", banptr->banstr);
t += tlen;
cur_len += tlen;
}
ubuf[1] = '\0';
}
- if(has_id(target_p) && IsCapable(client_p, CAP_EUID))
+ if(IsCapable(client_p, CAP_EUID))
sendto_one(client_p, ":%s EUID %s %d %ld %s %s %s %s %s %s %s :%s",
target_p->servptr->id, target_p->name,
target_p->hopcount + 1,
IsDynSpoof(target_p) ? target_p->orighost : "*",
EmptyString(target_p->user->suser) ? "*" : target_p->user->suser,
target_p->info);
- else if(has_id(target_p))
+ else
sendto_one(client_p, ":%s UID %s %d %ld %s %s %s %s %s :%s",
target_p->servptr->id, target_p->name,
target_p->hopcount + 1,
target_p->username, target_p->host,
IsIPSpoof(target_p) ? "0" : target_p->sockhost,
target_p->id, target_p->info);
- else
- sendto_one(client_p, "NICK %s %d %ld %s %s %s %s :%s",
- target_p->name,
- target_p->hopcount + 1,
- (long) target_p->tsinfo,
- ubuf,
- target_p->username, target_p->host,
- target_p->servptr->name, target_p->info);
-
- if(!has_id(target_p) || !IsCapable(client_p, CAP_EUID))
+
+ if(!EmptyString(target_p->certfp))
+ sendto_one(client_p, ":%s ENCAP * CERTFP :%s",
+ use_id(target_p), target_p->certfp);
+
+ if(!IsCapable(client_p, CAP_EUID))
{
if(IsDynSpoof(target_p))
sendto_one(client_p, ":%s ENCAP * REALHOST %s",
ConfigChannel.burst_topicwho ? " " : "",
chptr->topic);
+ if(IsCapable(client_p, CAP_MLOCK))
+ sendto_one(client_p, ":%s MLOCK %ld %s :%s",
+ me.id, (long) chptr->channelts, chptr->chname,
+ EmptyString(chptr->mode_lock) ? "" : chptr->mode_lock);
+
hchaninfo.chptr = chptr;
call_hook(h_burst_channel, &hchaninfo);
}
show_capabilities(struct Client *target_p)
{
static char msgbuf[BUFSIZE];
- struct Capability *cap;
+
+ *msgbuf = '\0';
if(has_id(target_p))
rb_strlcpy(msgbuf, " TS6", sizeof(msgbuf));
if(!IsServer(target_p) || !target_p->serv->caps) /* short circuit if no caps */
return msgbuf + 1;
- for (cap = captab; cap->cap; ++cap)
- {
- if(cap->cap & target_p->serv->caps)
- rb_snprintf_append(msgbuf, sizeof(msgbuf), " %s", cap->name);
- }
+ rb_strlcat(msgbuf, " ", sizeof(msgbuf));
+ rb_strlcat(msgbuf, capability_index_list(serv_capindex, target_p->serv->caps), sizeof(msgbuf));
return msgbuf + 1;
}
if(IsUnknown(client_p))
{
- /*
- * jdc -- 1. Use EmptyString(), not [0] index reference.
- * 2. Check ->spasswd, not ->passwd.
- */
- if(!EmptyString(server_p->spasswd))
- {
- sendto_one(client_p, "PASS %s TS %d :%s",
- server_p->spasswd, TS_CURRENT, me.id);
- }
+ /* the server may be linking based on certificate fingerprint now. --nenolod */
+ sendto_one(client_p, "PASS %s TS %d :%s",
+ EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);
/* pass info to new server */
send_capabilities(client_p, default_server_capabs
SetServer(client_p);
- /* Update the capability combination usage counts */
- set_chcap_usage_counts(client_p);
-
rb_dlinkAdd(client_p, &client_p->lnode, &me.serv->servers);
rb_dlinkMoveNode(&client_p->localClient->tnode, &unknown_list, &serv_list);
rb_dlinkAddTailAlloc(client_p, &global_serv_list);
me.id, client_p->name, client_p->id,
IsHidden(client_p) ? "(H) " : "", client_p->info);
- if(IsCapable(target_p, CAP_ENCAP) &&
- !EmptyString(client_p->serv->fullcaps))
+ if(!EmptyString(client_p->serv->fullcaps))
sendto_one(target_p, ":%s ENCAP * GCAP :%s",
client_p->id, client_p->serv->fullcaps);
}
me.name, client_p->name,
IsHidden(client_p) ? "(H) " : "", client_p->info);
- if(IsCapable(target_p, CAP_ENCAP) &&
- !EmptyString(client_p->serv->fullcaps))
+ if(!EmptyString(client_p->serv->fullcaps))
sendto_one(target_p, ":%s ENCAP * GCAP :%s",
client_p->name, client_p->serv->fullcaps);
}
target_p->name, target_p->hopcount + 1,
IsHidden(target_p) ? "(H) " : "", target_p->info);
- if(IsCapable(client_p, CAP_ENCAP) &&
- !EmptyString(target_p->serv->fullcaps))
+ if(!EmptyString(target_p->serv->fullcaps))
sendto_one(client_p, ":%s ENCAP * GCAP :%s",
get_id(target_p, client_p),
target_p->serv->fullcaps);
}
+ if(IsCapable(client_p, CAP_BAN))
+ burst_ban(client_p);
+
burst_TS6(client_p);
/* Always send a PING after connect burst is done */
free_pre_client(client_p);
- if (!IsCapable(client_p, CAP_ZIP))
- send_pop_queue(client_p);
+ send_pop_queue(client_p);
return 0;
}
serv_connect_callback(F, status, data);
return;
}
- rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Outgoing ssld connection");
+ if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Outgoing ssld connection") == -1)
+ {
+ ilog_error("rb_socketpair failed for server");
+ serv_connect_callback(F, RB_ERROR, data);
+ return;
+
+ }
del_from_cli_fd_hash(client_p);
client_p->localClient->F = xF[0];
add_to_cli_fd_hash(client_p);
/* Next, send the initial handshake */
SetHandshake(client_p);
- /* kludge, if we're not using TS6, dont ever send
- * ourselves as being TS6 capable.
- */
- if(!EmptyString(server_p->spasswd))
- {
- sendto_one(client_p, "PASS %s TS %d :%s",
- server_p->spasswd, TS_CURRENT, me.id);
- }
+ /* the server may be linking based on certificate fingerprint now. --nenolod */
+ sendto_one(client_p, "PASS %s TS %d :%s",
+ EmptyString(server_p->spasswd) ? "*" : server_p->spasswd, TS_CURRENT, me.id);
/* pass my info to the new server */
send_capabilities(client_p, default_server_capabs
/* If we get here, we're ok, so lets start reading some data */
read_packet(F, client_p);
}
-
-#ifndef HAVE_SOCKETPAIR
-static int
-inet_socketpair(int d, int type, int protocol, int sv[2])
-{
- struct sockaddr_in addr1, addr2, addr3;
- int addr3_len = sizeof(addr3);
- int fd, rc;
- int port_no = 20000;
-
- if(d != AF_INET || type != SOCK_STREAM || protocol)
- {
- errno = EAFNOSUPPORT;
- return -1;
- }
- if(((sv[0] = socket(AF_INET, SOCK_STREAM, 0)) < 0) || ((sv[1] = socket(AF_INET, SOCK_STREAM, 0)) < 0))
- return -1;
-
- addr1.sin_port = htons(port_no);
- addr1.sin_family = AF_INET;
- addr1.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- while ((rc = bind (sv[0], (struct sockaddr *) &addr1, sizeof (addr1))) < 0 && errno == EADDRINUSE)
- addr1.sin_port = htons(++port_no);
-
- if(rc < 0)
- return -1;
-
- if(listen(sv[0], 1) < 0)
- {
- close(sv[0]);
- close(sv[1]);
- return -1;
- }
-
- addr2.sin_port = htons(port_no);
- addr2.sin_family = AF_INET;
- addr2.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- if(connect (sv[1], (struct sockaddr *) &addr2, sizeof (addr2)) < 0)
- {
- close(sv[0]);
- close(sv[1]);
- return -1;
- }
-
- if((fd = accept(sv[1], (struct sockaddr *) &addr3, &addr3_len)) < 0)
- {
- close(sv[0]);
- close(sv[1]);
- return -1;
- }
- close(sv[0]);
- sv[0] = fd;
-
- return(0);
-
-}
-#endif