whois: Fix UID leak.

[solanum.git] / modules / m_whois.c

diff --git a/modules/m_whois.c b/modules/m_whois.c
index 085e4d64d00a73556310a07d88d20514fdb1408e..65b169b0f2169bbca787b1426a6f56460c89d04e 100644 (file)
--- a/modules/m_whois.c
+++ b/modules/m_whois.c
@@ -43,6 +43,8 @@
 #include "modules.h"
 #include "hook.h"
 #include "s_newconf.h"
+#include "ipv4_from_ipv6.h"
+#include "ratelimit.h"
 
 static void do_whois(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
 static void single_whois(struct Client *source_p, struct Client *target_p, int operspy);
@@ -69,7 +71,6 @@ DECLARE_MODULE_AV1(whois, NULL, NULL, whois_clist, whois_hlist, NULL, "$Revision
 
 /*
  * m_whois
- *      parv[0] = sender prefix
  *      parv[1] = nickname masklist
  */
 static int
@@ -89,7 +90,7 @@ m_whois(struct Client *client_p, struct Client *source_p, int parc, const char *
                if(!IsOper(source_p))
                {
                        /* seeing as this is going across servers, we should limit it */
-                       if((last_used + ConfigFileEntry.pace_wait_simple) > rb_current_time())
+                       if((last_used + ConfigFileEntry.pace_wait_simple) > rb_current_time() || !ratelimit_client(source_p, 2))
                        {
                                sendto_one(source_p, form_str(RPL_LOAD2HI),
                                           me.name, source_p->name, "WHOIS");
@@ -115,7 +116,6 @@ m_whois(struct Client *client_p, struct Client *source_p, int parc, const char *
 
 /*
  * ms_whois
- *      parv[0] = sender prefix
  *      parv[1] = server to reply
  *      parv[2] = nickname to whois
  */
@@ -189,11 +189,7 @@ do_whois(struct Client *client_p, struct Client *source_p, int parc, const char
                nick++;
        }
 
-       if(MyClient(source_p))
-               target_p = find_named_person(nick);
-       else
-               target_p = find_person(nick);
-
+       target_p = find_named_person(nick);
        if(target_p != NULL)
        {
                if(operspy)
@@ -241,6 +237,9 @@ single_whois(struct Client *source_p, struct Client *target_p, int operspy)
        hook_data_client hdata;
        int visible;
        int extra_space = 0;
+#ifdef RB_IPV6
+       struct sockaddr_in ip4;
+#endif
 
        if(target_p->user == NULL)
        {
@@ -322,6 +321,11 @@ single_whois(struct Client *source_p, struct Client *target_p, int operspy)
        if(IsSSLClient(target_p))
                sendto_one_numeric(source_p, RPL_WHOISSECURE, form_str(RPL_WHOISSECURE),
                                   target_p->name);
+       if((source_p == target_p || IsOper(source_p)) &&
+                       target_p->certfp != NULL)
+               sendto_one_numeric(source_p, RPL_WHOISCERTFP,
+                               form_str(RPL_WHOISCERTFP),
+                               target_p->name, target_p->certfp);
 
        if(MyClient(target_p))
        {
@@ -342,6 +346,20 @@ single_whois(struct Client *source_p, struct Client *target_p, int operspy)
                                           form_str(RPL_WHOISACTUALLY),
                                           target_p->name, target_p->sockhost);
 
+#ifdef RB_IPV6
+               if (target_p->localClient->ip.ss_family == AF_INET6 &&
+                               (show_ip(source_p, target_p) ||
+                                (source_p == target_p && !IsIPSpoof(target_p))) &&
+                               ipv4_from_ipv6((struct sockaddr_in6 *)&target_p->localClient->ip, &ip4))
+               {
+                       rb_inet_ntop_sock((struct sockaddr *)&ip4,
+                                       buf, sizeof buf);
+                       sendto_one_numeric(source_p, RPL_WHOISTEXT,
+                                       "%s :Underlying IPv4 is %s",
+                                       target_p->name, buf);
+               }
+#endif /* RB_IPV6 */
+
                sendto_one_numeric(source_p, RPL_WHOISIDLE, form_str(RPL_WHOISIDLE),
                                   target_p->name, 
                                   rb_current_time() - target_p->localClient->last,