X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/271ddd99d7ee2b091f385401688a2d1f1063b6d0..6cac5cce0fedf3f0ed0de91d51539c8b8629fd9f:/extensions/sasl_usercloak.c diff --git a/extensions/sasl_usercloak.c b/extensions/sasl_usercloak.c index d627b200..c70b0812 100644 --- a/extensions/sasl_usercloak.c +++ b/extensions/sasl_usercloak.c @@ -2,6 +2,7 @@ #include "modules.h" #include "hook.h" #include "client.h" +#include "hostmask.h" #include "ircd.h" #include "send.h" #include "hash.h" @@ -12,14 +13,15 @@ #include +static const char sasl_usercloak_desc[] = + "Insert the SASL account name into certain iline spoofed hosts"; + static void check_new_user(void *data); mapi_hfn_list_av1 sasl_usercloak_hfnlist[] = { - { "new_local_user", (hookfn) check_new_user }, + { "new_local_user", check_new_user }, { NULL, NULL } }; -DECLARE_MODULE_AV1(sasl_usercloak, NULL, NULL, NULL, NULL, - sasl_usercloak_hfnlist, "$Revision: 3526 $"); unsigned int fnv_hash_string(char *str) { @@ -36,7 +38,7 @@ unsigned int fnv_hash_string(char *str) static void check_new_user(void *vdata) { - struct Client *source_p = (void *)vdata; + struct Client *source_p = vdata; if (!IsIPSpoof(source_p)) return; @@ -44,31 +46,33 @@ check_new_user(void *vdata) if (EmptyString(source_p->user->suser)) return; - char *accountpart = strstr(source_p->host, "account"); - if (!accountpart) + char *accountpart = strstr(source_p->orighost, "/account"); + if (!accountpart || accountpart[8] != '\0') return; + accountpart += 1; + char buf[HOSTLEN]; memset(buf, 0, sizeof(buf)); char *dst = buf; - strncpy(buf, source_p->host, accountpart - source_p->host); - dst += accountpart - source_p->host; + strncpy(buf, source_p->orighost, accountpart - source_p->orighost); + dst += accountpart - source_p->orighost; int needhash = 0; for (char *src = source_p->user->suser; *src ; src++ ) { - if (dst > buf + sizeof(buf)) + if (dst >= buf + sizeof(buf)) { /* Doesn't fit. Warn opers and bail. */ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Couldn't fit account name part %s in hostname for %s!%s@%s", - source_p->user->suser, source_p->name, source_p->username, source_p->host); + source_p->user->suser, source_p->name, source_p->username, source_p->orighost); return; } - char c = ToLower(*src); + char c = tolower(*src); if (IsHostChar(c)) *dst++ = c; @@ -83,7 +87,7 @@ check_new_user(void *vdata) /* Doesn't fit. Warn opers and bail. */ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Couldn't fit account name part %s in hostname for %s!%s@%s", - source_p->user->suser, source_p->name, source_p->user, source_p->host); + source_p->user->suser, source_p->name, source_p->username, source_p->orighost); return; } @@ -93,11 +97,40 @@ check_new_user(void *vdata) unsigned int hashval = fnv_hash_string(source_p->user->suser); hashval %= 100000000; // eight digits only please. - snprintf(dst, 9, "%08ud", hashval); + snprintf(dst, 9, "%08u", hashval); } /* just in case */ buf[HOSTLEN-1] = '\0'; - change_nick_user_host(source_p, source_p->name, source_p->username, buf, 0, "Changing host"); + /* If hostname has been changed already (probably by services cloak on SASL login), then + * leave it intact. If not, change it. In either case, update the original hostname. + */ + if (0 == irccmp(source_p->host, source_p->orighost)) + change_nick_user_host(source_p, source_p->name, source_p->username, buf, 0, "Changing host"); + strncpy(source_p->orighost, buf, HOSTLEN); + + { + struct ConfItem *aconf = find_kline(source_p); + + if(aconf == NULL) + return; + + if(IsExemptKline(source_p)) + { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "KLINE over-ruled for %s, client is kline_exempt [%s@%s]", + get_client_name(source_p, HIDE_IP), + aconf->user, aconf->host); + return; + } + + sendto_realops_snomask(SNO_GENERAL, L_ALL, + "KLINE active for %s", + get_client_name(source_p, HIDE_IP)); + + notify_banned_client(source_p, aconf, K_LINED); + } } + +DECLARE_MODULE_AV2(sasl_usercloak, NULL, NULL, NULL, NULL, sasl_usercloak_hfnlist, NULL, NULL, sasl_usercloak_desc);