X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/79435744c7b57fa830b8e4e7c7c8a9adf63f52b5..1548c140218b956485b3fd5c386447a2add59864:/modules/core/m_server.c diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 3f16888a..e0702bfd 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -77,6 +77,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc int hop; unsigned int required_mask; const char *missing; + int ret; name = parv[1]; hop = atoi(parv[2]); @@ -84,7 +85,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc if (IsHandshake(client_p) && irccmp(client_p->name, name)) { - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Server %s has unexpected name %s", client_p->name, name); ilog(L_SERVER, "Server %s has unexpected name %s", @@ -98,7 +99,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc */ if(!DoesTS(client_p)) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "Link %s dropped, non-TS server", + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, non-TS server", client_p->name); exit_client(client_p, client_p, client_p, "Non-TS server"); return; @@ -112,12 +113,16 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc /* Now we just have to call check_server and everything should be * check for us... -A1kmm. */ - switch (check_server(name, client_p)) + ret = check_server(name, client_p); + switch (ret) { + case 0: + /* success */ + break; case -1: if(ConfigFileEntry.warn_no_nline) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unauthorised server connection attempt from %s: " "No entry for servername %s", "[@255.255.255.255]", name); @@ -133,7 +138,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc break; case -2: - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unauthorised server connection attempt from %s: " "Bad credentials for server %s", "[@255.255.255.255]", name); @@ -148,7 +153,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc break; case -3: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unauthorised server connection attempt from %s: " "Invalid host for server %s", "[@255.255.255.255]", name); @@ -164,7 +169,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc /* servername is > HOSTLEN */ case -4: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Invalid servername %s from %s", name, "[@255.255.255.255]"); ilog(L_SERVER, "Access denied, invalid servername from %s", @@ -175,7 +180,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc /* NOT REACHED */ break; case -5: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Connection from servername %s requires SSL/TLS but is plaintext", name); ilog(L_SERVER, "Access denied, requires SSL/TLS but is plaintext from %s", @@ -183,12 +188,52 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext"); return; + case -6: + if (client_p->certfp) + { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s has invalid certificate fingerprint %s", + name, client_p->certfp); + ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s", + client_p->certfp, log_client_name(client_p, SHOW_IP)); + exit_client(client_p, client_p, client_p, "Invalid fingerprint."); + } + else + { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s failed certificate validation", + name); + ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s", + log_client_name(client_p, SHOW_IP)); + exit_client(client_p, client_p, client_p, "Invalid certificate."); + } + + return; + case -7: + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s rejected, no more connections allowed in class", + name); + ilog(L_SERVER, "Access denied, no more connections allowed in class for %s", + log_client_name(client_p, SHOW_IP)); + + exit_client(client_p, client_p, client_p, "Access denied, no more connections allowed in class"); + return; + default: + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s rejected, unknown error %d", + name, ret); + ilog(L_SERVER, "Access denied, unknown error %d for server %s%s", ret, + EmptyString(client_p->name) ? name : "", + log_client_name(client_p, SHOW_IP)); + + exit_client(client_p, client_p, client_p, "Unknown error."); + return; } /* require TS6 for direct links */ if(!IsCapable(client_p, CAP_TS6)) { - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, TS6 protocol is required", name); exit_client(client_p, client_p, client_p, "Incompatible TS version"); return; @@ -200,7 +245,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc { missing = capability_index_list(serv_capindex, required_mask & ~client_p->localClient->caps); - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, required CAPABs [%s] are missing", name, missing); ilog(L_SERVER, "Link %s%s dropped, required CAPABs [%s] are missing", @@ -239,7 +284,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc } else { - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Attempt to re-introduce server %s from %s", name, "[@255.255.255.255]"); ilog(L_SERVER, "Attempt to re-introduce server %s from %s", @@ -251,22 +296,25 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc return; } - if(has_id(client_p) && (target_p = find_id(client_p->id)) != NULL) - { - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, - "Attempt to re-introduce SID %s from %s%s (already in use by %s)", - client_p->id, - EmptyString(client_p->name) ? name : "", - client_p->name, target_p->name); - ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)", - client_p->id, - EmptyString(client_p->name) ? name : "", - log_client_name(client_p, SHOW_IP), - target_p->name); - - sendto_one(client_p, "ERROR :SID already exists."); - exit_client(client_p, client_p, client_p, "SID Exists"); - return; + if (client_p->preClient && !EmptyString(client_p->preClient->id)) { + if ((target_p = find_id(client_p->preClient->id)) != NULL) { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Attempt to re-introduce SID %s from %s%s (already in use by %s)", + client_p->preClient->id, + EmptyString(client_p->name) ? name : "", + client_p->name, target_p->name); + ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)", + client_p->preClient->id, + EmptyString(client_p->name) ? name : "", + log_client_name(client_p, SHOW_IP), + target_p->name); + + sendto_one(client_p, "ERROR :SID already exists."); + exit_client(client_p, client_p, client_p, "SID Exists"); + return; + } else { + rb_strlcpy(client_p->id, client_p->preClient->id, sizeof(client_p->id)); + } } /* @@ -293,12 +341,8 @@ ms_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc /* same size as in s_misc.c */ const char *name; struct Client *target_p; - struct remote_conf *hub_p; hook_data_client hdata; int hop; - int hlined = 0; - int llined = 0; - rb_dlink_node *ptr; char squitreason[160]; name = parv[1]; @@ -347,7 +391,7 @@ ms_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc * for a while and servers to send stuff to the wrong place. */ sendto_one(client_p, "ERROR :Nickname %s already exists!", name); - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s cancelled: Server/nick collision on %s", client_p->name, name); ilog(L_SERVER, "Link %s cancelled: Server/nick collision on %s", @@ -364,85 +408,9 @@ ms_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc * server links... */ - /* - * See if the newly found server is behind a guaranteed - * leaf. If so, close the link. - * - */ - RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head) - { - hub_p = ptr->data; - - if(match(hub_p->server, client_p->name) && match(hub_p->host, name)) - { - if(hub_p->flags & CONF_HUB) - hlined++; - else - llined++; - } - } - - /* Ok, this way this works is - * - * A server can have a CONF_HUB allowing it to introduce servers - * behind it. - * - * connect { - * name = "irc.bighub.net"; - * hub_mask="*"; - * ... - * - * That would allow "irc.bighub.net" to introduce anything it wanted.. - * - * However - * - * connect { - * name = "irc.somehub.fi"; - * hub_mask="*"; - * leaf_mask="*.edu"; - *... - * Would allow this server in finland to hub anything but - * .edu's - */ - - /* Ok, check client_p can hub the new server */ - if(!hlined) - { - /* OOOPs nope can't HUB */ - sendto_realops_snomask(SNO_GENERAL, L_ALL, "Non-Hub link %s introduced %s.", - client_p->name, name); - ilog(L_SERVER, "Non-Hub link %s introduced %s.", - client_p->name, name); - - snprintf(squitreason, sizeof squitreason, - "No matching hub_mask for %s", - name); - exit_client(NULL, client_p, &me, squitreason); - return; - } - - /* Check for the new server being leafed behind this HUB */ - if(llined) - { - /* OOOPs nope can't HUB this leaf */ - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s introduced leafed server %s.", - client_p->name, name); - ilog(L_SERVER, "Link %s introduced leafed server %s.", - client_p->name, name); - - snprintf(squitreason, sizeof squitreason, - "Matching leaf_mask for %s", - name); - exit_client(NULL, client_p, &me, squitreason); - return; - } - - - if(strlen(name) > HOSTLEN) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s introduced server with invalid servername %s", client_p->name, name); ilog(L_SERVER, "Link %s introduced server with invalid servername %s", @@ -491,11 +459,7 @@ static void ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { struct Client *target_p; - struct remote_conf *hub_p; hook_data_client hdata; - rb_dlink_node *ptr; - int hlined = 0; - int llined = 0; char squitreason[160]; /* collision on the name? */ @@ -533,7 +497,7 @@ ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p if(bogus_host(parv[1]) || strlen(parv[1]) > HOSTLEN) { sendto_one(client_p, "ERROR :Invalid servername"); - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s cancelled, servername %s invalid", client_p->name, parv[1]); ilog(L_SERVER, "Link %s cancelled, servername %s invalid", @@ -547,7 +511,7 @@ ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p !IsIdChar(parv[3][2]) || parv[3][3] != '\0') { sendto_one(client_p, "ERROR :Invalid SID"); - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s cancelled, SID %s invalid", client_p->name, parv[3]); ilog(L_SERVER, "Link %s cancelled, SID %s invalid", @@ -557,62 +521,13 @@ ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p return; } - /* for the directly connected server: - * H: allows it to introduce a server matching that mask - * L: disallows it introducing a server matching that mask - */ - RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head) - { - hub_p = ptr->data; - - if(match(hub_p->server, client_p->name) && match(hub_p->host, parv[1])) - { - if(hub_p->flags & CONF_HUB) - hlined++; - else - llined++; - } - } - - /* no matching hub_mask */ - if(!hlined) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Non-Hub link %s introduced %s.", - client_p->name, parv[1]); - ilog(L_SERVER, "Non-Hub link %s introduced %s.", - client_p->name, parv[1]); - - snprintf(squitreason, sizeof squitreason, - "No matching hub_mask for %s", - parv[1]); - exit_client(NULL, client_p, &me, squitreason); - return; - } - - /* matching leaf_mask */ - if(llined) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s introduced leafed server %s.", - client_p->name, parv[1]); - ilog(L_SERVER, "Link %s introduced leafed server %s.", - client_p->name, parv[1]); - - snprintf(squitreason, sizeof squitreason, - "Matching leaf_mask for %s", - parv[1]); - exit_client(NULL, client_p, &me, squitreason); - return; - } - /* ok, alls good */ target_p = make_client(client_p); make_server(target_p); rb_strlcpy(target_p->name, parv[1], sizeof(target_p->name)); target_p->hopcount = atoi(parv[2]); - strcpy(target_p->id, parv[3]); + rb_strlcpy(target_p->id, parv[3], sizeof(target_p->id)); set_server_gecos(target_p, parv[4]); target_p->servptr = source_p;