/*
- * charybdis: an advanced ircd.
+ * Solanum: a slightly advanced ircd
* client.c: Controls clients.
*
* Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
* Copyright (C) 1996-2002 Hybrid Development Team
* Copyright (C) 2002-2005 ircd-ratbox development team
- * Copyright (C) 2007 William Pitcock
+ * Copyright (C) 2007 Ariadne Conill <ariadne@dereferenced.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#include "ircd.h"
#include "numeric.h"
#include "packet.h"
-#include "s_auth.h"
+#include "authproc.h"
#include "s_conf.h"
#include "s_newconf.h"
#include "logger.h"
#include "hook.h"
#include "msg.h"
#include "monitor.h"
-#include "blacklist.h"
#include "reject.h"
#include "scache.h"
#include "rb_dictionary.h"
#include "sslproc.h"
+#include "wsproc.h"
#include "s_assert.h"
#define DEBUG_EXITED_CLIENTS
rb_dictionary *nd_dict = NULL;
-enum
-{
- D_LINED,
- K_LINED
-};
-
rb_dlink_list dead_list;
#ifdef DEBUG_EXITED_CLIENTS
static rb_dlink_list dead_remote_list;
uint32_t
connid_get(struct Client *client_p)
{
- s_assert(MyClient(client_p));
- if (!MyClient(client_p))
+ s_assert(MyConnect(client_p));
+ if (!MyConnect(client_p))
return 0;
/* find a connid that is available */
{
rb_dlink_node *ptr, *ptr2;
- s_assert(MyClient(client_p));
- if (!MyClient(client_p))
+ if (client_p->localClient->connids.head)
+ s_assert(MyConnect(client_p));
+
+ if (!MyConnect(client_p))
return;
RB_DLINK_FOREACH_SAFE(ptr, ptr2, client_p->localClient->connids.head)
}
SetUnknown(client_p);
- strcpy(client_p->username, "unknown");
+ rb_strlcpy(client_p->username, "unknown", sizeof(client_p->username));
return client_p;
}
void
free_pre_client(struct Client *client_p)
{
- struct Blacklist *blptr;
-
s_assert(NULL != client_p);
if(client_p->preClient == NULL)
return;
- blptr = client_p->preClient->dnsbl_listed;
- if (blptr != NULL)
- unref_blacklist(blptr);
- s_assert(rb_dlink_list_length(&client_p->preClient->dnsbl_queries) == 0);
+ s_assert(client_p->preClient->auth.cid == 0);
+
+ rb_free(client_p->preClient->auth.data);
+ rb_free(client_p->preClient->auth.reason);
rb_bh_free(pclient_heap, client_p->preClient);
client_p->preClient = NULL;
rb_free(client_p->localClient->auth_user);
rb_free(client_p->localClient->challenge);
rb_free(client_p->localClient->fullcaps);
- rb_free(client_p->localClient->opername);
rb_free(client_p->localClient->mangledhost);
- if (client_p->localClient->privset)
- privilegeset_unref(client_p->localClient->privset);
- if(IsSSL(client_p))
- ssld_decrement_clicount(client_p->localClient->ssl_ctl);
+ if (IsSSL(client_p))
+ ssld_decrement_clicount(client_p->localClient->ssl_ctl);
+
+ rb_free(client_p->localClient->cipher_string);
- if(IsCapable(client_p, CAP_ZIP))
- ssld_decrement_clicount(client_p->localClient->z_ctl);
+ if (client_p->localClient->ws_ctl != NULL)
+ wsockd_decrement_clicount(client_p->localClient->ws_ctl);
rb_bh_free(lclient_heap, client_p->localClient);
client_p->localClient = NULL;
}
-void
+static void
free_client(struct Client *client_p)
{
s_assert(NULL != client_p);
{
if(IsServer(client_p))
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"No response from %s, closing link",
client_p->name);
ilog(L_SERVER,
if(IsDead(client_p) || IsClosing(client_p))
continue;
- /* still has DNSbls to validate against */
- if(client_p->preClient != NULL &&
- rb_dlink_list_length(&client_p->preClient->dnsbl_queries) > 0)
+ /* Still querying with authd */
+ if(client_p->preClient != NULL && client_p->preClient->auth.cid != 0)
continue;
/*
{
if(IsAnyServer(client_p))
{
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"No response from %s, closing link",
client_p->name);
ilog(L_SERVER,
}
}
-static void
+void
notify_banned_client(struct Client *client_p, struct ConfItem *aconf, int ban)
{
static const char conn_closed[] = "Connection closed";
check_xlines();
}
-/* check_klines_event()
- *
- * inputs -
- * outputs -
- * side effects - check_klines() is called, kline_queued unset
- */
-void
-check_klines_event(void *unused)
-{
- kline_queued = false;
- check_klines();
-}
-
/* check_klines
*
* inputs -
{
if(IsExemptKline(client_p))
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"KLINE over-ruled for %s, client is kline_exempt [%s@%s]",
get_client_name(client_p, HIDE_IP),
aconf->user, aconf->host);
continue;
}
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "KLINE active for %s",
- get_client_name(client_p, HIDE_IP));
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "KLINE active for %s (%s@%s)",
+ get_client_name(client_p, HIDE_IP), aconf->user, aconf->host);
notify_banned_client(client_p, aconf, K_LINED);
continue;
}
}
+
+/* check_one_kline()
+ *
+ * This process needs to be kept in sync with find_kline() aka find_conf_by_address().
+ *
+ * inputs - pointer to kline to check
+ * outputs -
+ * side effects - all clients will be checked against given kline
+ */
+void
+check_one_kline(struct ConfItem *kline)
+{
+ struct Client *client_p;
+ rb_dlink_node *ptr;
+ rb_dlink_node *next_ptr;
+ int masktype;
+ int bits;
+ struct rb_sockaddr_storage sockaddr;
+ struct sockaddr_in ip4;
+
+ masktype = parse_netmask(kline->host, (struct sockaddr_storage *)&sockaddr, &bits);
+
+ RB_DLINK_FOREACH_SAFE(ptr, next_ptr, lclient_list.head)
+ {
+ int matched = 0;
+
+ client_p = ptr->data;
+
+ if(IsMe(client_p) || !IsPerson(client_p))
+ continue;
+
+ if(!match(kline->user, client_p->username))
+ continue;
+
+ /* match one kline */
+ switch (masktype) {
+ case HM_IPV4:
+ case HM_IPV6:
+ if (IsConfDoSpoofIp(client_p->localClient->att_conf) &&
+ IsConfKlineSpoof(client_p->localClient->att_conf))
+ continue;
+ if (client_p->localClient->ip.ss_family == AF_INET6 && sockaddr.ss_family == AF_INET &&
+ rb_ipv4_from_ipv6((struct sockaddr_in6 *)&client_p->localClient->ip, &ip4)
+ && comp_with_mask_sock((struct sockaddr *)&ip4, (struct sockaddr *)&sockaddr, bits))
+ matched = 1;
+ else if (client_p->localClient->ip.ss_family == sockaddr.ss_family &&
+ comp_with_mask_sock((struct sockaddr *)&client_p->localClient->ip,
+ (struct sockaddr *)&sockaddr, bits))
+ matched = 1;
+ break;
+ case HM_HOST:
+ if (match(kline->host, client_p->orighost))
+ matched = 1;
+ if (IsConfDoSpoofIp(client_p->localClient->att_conf) &&
+ IsConfKlineSpoof(client_p->localClient->att_conf))
+ continue;
+ if (match(kline->host, client_p->sockhost))
+ matched = 1;
+ break;
+ }
+
+ if (!matched)
+ continue;
+
+ if(IsExemptKline(client_p))
+ {
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "KLINE over-ruled for %s, client is kline_exempt [%s@%s]",
+ get_client_name(client_p, HIDE_IP),
+ kline->user, kline->host);
+ continue;
+ }
+
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "KLINE active for %s (%s@%s)",
+ get_client_name(client_p, HIDE_IP), kline->user, kline->host);
+
+ notify_banned_client(client_p, kline, K_LINED);
+ }
+}
+
+
/* check_dlines()
*
* inputs -
if(aconf->status & CONF_EXEMPTDLINE)
continue;
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "DLINE active for %s",
- get_client_name(client_p, HIDE_IP));
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "DLINE active for %s (%s)",
+ get_client_name(client_p, HIDE_IP), aconf->host);
notify_banned_client(client_p, aconf, D_LINED);
continue;
{
if(IsExemptKline(client_p))
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"XLINE over-ruled for %s, client is kline_exempt [%s]",
get_client_name(client_p, HIDE_IP),
aconf->host);
continue;
}
- sendto_realops_snomask(SNO_GENERAL, L_ALL, "XLINE active for %s",
- get_client_name(client_p, HIDE_IP));
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "XLINE active for %s (%s)",
+ get_client_name(client_p, HIDE_IP), aconf->host);
(void) exit_client(client_p, client_p, &me, "Bad user info");
continue;
nick = client_p->id;
/* Tell opers. */
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"RESV forced nick change for %s!%s@%s to %s; nick matched [%s] (%s)",
client_p->name, client_p->username, client_p->host, nick, mask, reason);
- sendto_realops_snomask(SNO_NCHANGE, L_ALL,
+ sendto_realops_snomask(SNO_NCHANGE, L_NETWIDE,
"Nick change: From %s to %s [%s@%s]",
client_p->name, nick, client_p->username, client_p->host);
{
s_assert(0);
sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "On abort_list: %s stat: %u flags: %u/%u handler: %c",
+ "On abort_list: %s stat: %u flags: %llu handler: %c",
target_p->name, (unsigned int) target_p->status,
- target_p->flags, target_p->flags2, target_p->handler);
+ (unsigned long long)target_p->flags, target_p->handler);
sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "Please report this to the charybdis developers!");
+ "Please report this to the solanum developers!");
found++;
}
}
{
s_assert(0);
sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "On dead_list: %s stat: %u flags: %u/%u handler: %c",
+ "On dead_list: %s stat: %u flags: %llu handler: %c",
abt->client->name, (unsigned int) abt->client->status,
- abt->client->flags, abt->client->flags2, abt->client->handler);
+ (unsigned long long)abt->client->flags, abt->client->handler);
sendto_realops_snomask(SNO_GENERAL, L_ALL,
- "Please report this to the charybdis developers!");
+ "Please report this to the solanum developers!");
continue;
}
}
rb_dlinkDelete(ptr, &abort_list);
if(IsAnyServer(abt->client))
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Closing link to %s: %s",
abt->client->name, abt->notice);
*/
static int
-exit_unknown_client(struct Client *client_p, struct Client *source_p, struct Client *from,
- const char *comment)
+exit_unknown_client(struct Client *client_p, /* The local client originating the
+ * exit or NULL, if this exit is
+ * generated by this server for
+ * internal reasons.
+ * This will not get any of the
+ * generated messages. */
+ struct Client *source_p, /* Client exiting */
+ struct Client *from, /* Client firing off this Exit,
+ * never NULL! */
+ const char *comment)
{
- delete_auth_queries(source_p);
- abort_blacklist_queries(source_p);
+ authd_abort_client(source_p);
rb_dlinkDelete(&source_p->localClient->tnode, &unknown_list);
if(!IsIOError(source_p))
del_from_id_hash(source_p->id, source_p);
del_from_hostname_hash(source_p->host, source_p);
- del_from_client_hash(source_p->name, source_p);
+ if (!IsAnyServer(source_p))
+ del_from_client_hash(source_p->name, source_p);
remove_client_from_list(source_p);
SetDead(source_p);
rb_dlinkAddAlloc(source_p, &dead_list);
snprintf(newcomment, sizeof(newcomment), "by %s: %s",
from->name, comment);
- if(source_p->serv != NULL)
- remove_dependents(client_p, source_p, from, IsPerson(from) ? newcomment : comment, comment1);
+ remove_dependents(client_p, source_p, from, IsPerson(from) ? newcomment : comment, comment1);
- if(source_p->servptr && source_p->servptr->serv)
- rb_dlinkDelete(&source_p->lnode, &source_p->servptr->serv->servers);
- else
- s_assert(0);
+ rb_dlinkDelete(&source_p->lnode, &source_p->servptr->serv->servers);
rb_dlinkFindDestroy(source_p, &global_serv_list);
target_p = source_p->from;
del_from_client_hash(source_p->name, source_p);
remove_client_from_list(source_p);
+
scache_split(source_p->serv->nameinfo);
SetDead(source_p);
const char *comment /* Reason for the exit */
)
{
+ int ret = -1;
+
hook_data_client_exit hdata;
if(IsClosing(source_p))
return -1;
{
/* Local clients of various types */
if(IsPerson(source_p))
- return exit_local_client(client_p, source_p, from, comment);
+ ret = exit_local_client(client_p, source_p, from, comment);
else if(IsServer(source_p))
- return exit_local_server(client_p, source_p, from, comment);
+ ret = exit_local_server(client_p, source_p, from, comment);
/* IsUnknown || IsConnecting || IsHandShake */
else if(!IsReject(source_p))
- return exit_unknown_client(client_p, source_p, from, comment);
+ ret = exit_unknown_client(client_p, source_p, from, comment);
}
else
{
/* Remotes */
if(IsPerson(source_p))
- return exit_remote_client(client_p, source_p, from, comment);
+ ret = exit_remote_client(client_p, source_p, from, comment);
else if(IsServer(source_p))
- return exit_remote_server(client_p, source_p, from, comment);
+ ret = exit_remote_server(client_p, source_p, from, comment);
}
- return -1;
+ call_hook(h_after_client_exit, NULL);
+
+ return ret;
}
/*
* to local opers.
*/
if(!ConfigFileEntry.hide_spoof_ips &&
- (source_p == NULL || MyOper(source_p)))
+ (source_p == NULL || HasPrivilege(source_p, "auspex:hostname")))
return 1;
return 0;
}
- else if(IsDynSpoof(target_p) && (source_p != NULL && !IsOper(source_p)))
+ else if(IsDynSpoof(target_p) && (source_p != NULL && !HasPrivilege(source_p, "auspex:hostname")))
return 0;
else
return 1;
{
if(user->away)
rb_free((char *) user->away);
+ rb_free(user->opername);
+ if (user->privset)
+ privilegeset_unref(user->privset);
/*
* sanity check
*/
{
if(error == 0)
{
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) && !IsServer(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Server %s closed the connection",
client_p->name);
}
else
{
- sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) && !IsServer(client_p) ? L_NETWIDE : L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Lost connection to %s: %s",
client_p->name, strerror(current_error));
ilog(L_SERVER, "Lost connection to %s: %s",