X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/40c1fd479952f47b9f3f5c4de660cd94ddd1a89a..1608b0e70eccd97485af83cf5c80b4e09e95ba93:/extensions/m_webirc.c diff --git a/extensions/m_webirc.c b/extensions/m_webirc.c index 735be1ed..f999996c 100644 --- a/extensions/m_webirc.c +++ b/extensions/m_webirc.c @@ -20,8 +20,6 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA - * - * $Id: m_webirc.c 3458 2007-05-18 19:51:22Z jilles $ */ /* Usage: * auth { @@ -55,90 +53,147 @@ #include "s_conf.h" #include "reject.h" -static int mr_webirc(struct Client *, struct Client *, int, const char **); +static const char webirc_desc[] = "Adds support for the WebIRC system"; + +static void mr_webirc(struct MsgBuf *msgbuf_p, struct Client *, struct Client *, int, const char **); struct Message webirc_msgtab = { - "WEBIRC", 0, 0, 0, MFLG_SLOW | MFLG_UNREG, + "WEBIRC", 0, 0, 0, 0, {{mr_webirc, 5}, mg_reg, mg_ignore, mg_ignore, mg_ignore, mg_reg} }; mapi_clist_av1 webirc_clist[] = { &webirc_msgtab, NULL }; -DECLARE_MODULE_AV1(webirc, NULL, NULL, webirc_clist, NULL, NULL, "$Revision: 20702 $"); + +static void new_local_user(void *data); +mapi_hfn_list_av1 webirc_hfnlist[] = { + /* unintuitive but correct--we want to be called first */ + { "new_local_user", new_local_user, HOOK_LOWEST }, + { NULL, NULL } +}; + +DECLARE_MODULE_AV2(webirc, NULL, NULL, webirc_clist, NULL, webirc_hfnlist, NULL, NULL, webirc_desc); /* * mr_webirc - webirc message handler - * parv[0] = sender prefix - * parv[1] = password - * parv[2] = fake username (we ignore this) - * parv[3] = fake hostname + * parv[1] = password + * parv[2] = fake username (we ignore this) + * parv[3] = fake hostname * parv[4] = fake ip */ -static int -mr_webirc(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) +static void +mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { struct ConfItem *aconf; const char *encr; + struct rb_sockaddr_storage addr; + + int secure = 0; - if (!strchr(parv[4], '.') && !strchr(parv[4], ':')) + if (source_p->flags & FLAGS_SENTUSER || !EmptyString(source_p->name)) { - sendto_one(source_p, "NOTICE * :Invalid IP"); - return 0; + exit_client(client_p, source_p, &me, "WEBIRC may not follow NICK/USER"); } - aconf = find_address_conf(client_p->host, client_p->sockhost, + aconf = find_address_conf(client_p->host, client_p->sockhost, IsGotId(client_p) ? client_p->username : "webirc", IsGotId(client_p) ? client_p->username : "webirc", (struct sockaddr *) &client_p->localClient->ip, - client_p->localClient->ip.ss_family, NULL); + GET_SS_FAMILY(&client_p->localClient->ip), NULL); + if (aconf == NULL || !(aconf->status & CONF_CLIENT)) - return 0; - if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->name, "webirc.")) + return; + + if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->info.name, "webirc.")) { /* XXX */ - sendto_one(source_p, "NOTICE * :Not a CGI:IRC auth block"); - return 0; + exit_client(client_p, source_p, &me, "Not a CGI:IRC auth block"); + return; } if (EmptyString(aconf->passwd)) { - sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password"); - return 0; + exit_client(client_p, source_p, &me, "CGI:IRC auth blocks must have a password"); + return; + } + if (!IsSecure(source_p) && aconf->flags & CONF_FLAGS_NEED_SSL) + { + exit_client(client_p, source_p, &me, "Your CGI:IRC block requires TLS"); + return; } if (EmptyString(parv[1])) encr = ""; else if (IsConfEncrypted(aconf)) - encr = crypt(parv[1], aconf->passwd); + encr = rb_crypt(parv[1], aconf->passwd); else encr = parv[1]; - if (strcmp(encr, aconf->passwd)) + if (encr == NULL || strcmp(encr, aconf->passwd)) { - sendto_one(source_p, "NOTICE * :CGI:IRC password incorrect"); - return 0; + exit_client(client_p, source_p, &me, "CGI:IRC password incorrect"); + return; } + if (rb_inet_pton_sock(parv[4], &addr) <= 0) + { + exit_client(client_p, source_p, &me, "Invalid IP"); + return; + } - rb_strlcpy(source_p->sockhost, parv[4], sizeof(source_p->sockhost)); + source_p->localClient->ip = addr; + source_p->username[0] = '\0'; + ClearGotId(source_p); + + if (parc >= 6) + { + const char *s; + for (s = parv[5]; s != NULL; (s = strchr(s, ' ')) && s++) + { + if (!ircncmp(s, "secure", 6) && (s[6] == '=' || s[6] == ' ' || s[6] == '\0')) + secure = 1; + } + } + + if (secure && !IsSecure(source_p)) + { + sendto_one(source_p, "NOTICE * :CGI:IRC is not connected securely; marking you as insecure"); + secure = 0; + } + + if (!secure) + { + ClearSecure(source_p); + } + + rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost)); if(strlen(parv[3]) <= HOSTLEN) rb_strlcpy(source_p->host, parv[3], sizeof(source_p->host)); else rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host)); - - del_unknown_ip(source_p); - rb_inet_pton_sock(parv[4], (struct sockaddr *)&source_p->localClient->ip); /* Check dlines now, klines will be checked on registration */ - if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip, - source_p->localClient->ip.ss_family))) + if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip, + GET_SS_FAMILY(&source_p->localClient->ip)))) { if(!(aconf->status & CONF_EXEMPTDLINE)) { exit_client(client_p, source_p, &me, "D-lined"); - return 0; + return; } } sendto_one(source_p, "NOTICE * :CGI:IRC host/IP set to %s %s", parv[3], parv[4]); - return 0; +} + +static void +new_local_user(void *data) +{ + struct Client *source_p = data; + struct ConfItem *aconf = source_p->localClient->att_conf; + + if (aconf == NULL) + return; + + if (!irccmp(aconf->info.name, "webirc.")) + exit_client(source_p, source_p, &me, "Cannot log in using a WEBIRC block"); }