X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/7d4287591f9abc80a268f89a0f964e4ea05d959d..1548c140218b956485b3fd5c386447a2add59864:/modules/core/m_server.c diff --git a/modules/core/m_server.c b/modules/core/m_server.c index d2c40a93..e0702bfd 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -20,13 +20,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 * USA - * - * $Id: m_server.c 3291 2007-03-28 14:30:10Z jilles $ */ #include "stdinc.h" #include "client.h" /* client struct */ -#include "common.h" /* TRUE bleah */ #include "hash.h" /* add_to_client_hash */ #include "match.h" #include "ircd.h" /* me */ @@ -42,40 +39,45 @@ #include "parse.h" #include "modules.h" -static int mr_server(struct Client *, struct Client *, int, const char **); -static int ms_server(struct Client *, struct Client *, int, const char **); -static int ms_sid(struct Client *, struct Client *, int, const char **); +static const char server_desc[] = + "Provides the TS6 commands to introduce a new server to the network"; + +static void mr_server(struct MsgBuf *, struct Client *, struct Client *, int, const char **); +static void ms_server(struct MsgBuf *, struct Client *, struct Client *, int, const char **); +static void ms_sid(struct MsgBuf *, struct Client *, struct Client *, int, const char **); + +static bool bogus_host(const char *host); +static void set_server_gecos(struct Client *, const char *); struct Message server_msgtab = { - "SERVER", 0, 0, 0, MFLG_SLOW | MFLG_UNREG, + "SERVER", 0, 0, 0, 0, {{mr_server, 4}, mg_reg, mg_ignore, {ms_server, 4}, mg_ignore, mg_reg} }; struct Message sid_msgtab = { - "SID", 0, 0, 0, MFLG_SLOW, + "SID", 0, 0, 0, 0, {mg_ignore, mg_reg, mg_ignore, {ms_sid, 5}, mg_ignore, mg_reg} }; mapi_clist_av1 server_clist[] = { &server_msgtab, &sid_msgtab, NULL }; -DECLARE_MODULE_AV1(server, NULL, NULL, server_clist, NULL, NULL, "$Revision: 3291 $"); - -int bogus_host(const char *host); -static int set_server_gecos(struct Client *, const char *); +DECLARE_MODULE_AV2(server, NULL, NULL, server_clist, NULL, NULL, NULL, NULL, server_desc); /* * mr_server - SERVER message handler - * parv[0] = sender prefix * parv[1] = servername * parv[2] = serverinfo/hopcount * parv[3] = serverinfo */ -static int -mr_server(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) +static void +mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { char info[REALLEN + 1]; const char *name; struct Client *target_p; int hop; + unsigned int required_mask; + const char *missing; + int ret; name = parv[1]; hop = atoi(parv[2]); @@ -83,43 +85,47 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char if (IsHandshake(client_p) && irccmp(client_p->name, name)) { - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Server %s has unexpected name %s", client_p->name, name); ilog(L_SERVER, "Server %s has unexpected name %s", log_client_name(client_p, SHOW_IP), name); exit_client(client_p, client_p, client_p, "Server name mismatch"); - return 0; + return; } - /* + /* * Reject a direct nonTS server connection if we're TS_ONLY -orabidoo */ if(!DoesTS(client_p)) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "Link %s dropped, non-TS server", + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, non-TS server", client_p->name); exit_client(client_p, client_p, client_p, "Non-TS server"); - return 0; + return; } if(bogus_host(name)) { exit_client(client_p, client_p, client_p, "Bogus server name"); - return 0; + return; } /* Now we just have to call check_server and everything should be * check for us... -A1kmm. */ - switch (check_server(name, client_p)) + ret = check_server(name, client_p); + switch (ret) { + case 0: + /* success */ + break; case -1: if(ConfigFileEntry.warn_no_nline) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unauthorised server connection attempt from %s: " "No entry for servername %s", - client_p->name, name); + "[@255.255.255.255]", name); ilog(L_SERVER, "Access denied, no connect block for server %s%s", EmptyString(client_p->name) ? name : "", @@ -127,70 +133,132 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char } exit_client(client_p, client_p, client_p, "Invalid servername."); - return 0; + return; /* NOT REACHED */ break; case -2: - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unauthorised server connection attempt from %s: " - "Bad password for server %s", - client_p->name, name); + "Bad credentials for server %s", + "[@255.255.255.255]", name); - ilog(L_SERVER, "Access denied, invalid password for server %s%s", + ilog(L_SERVER, "Access denied, invalid credentials for server %s%s", EmptyString(client_p->name) ? name : "", log_client_name(client_p, SHOW_IP)); - exit_client(client_p, client_p, client_p, "Invalid password."); - return 0; + exit_client(client_p, client_p, client_p, "Invalid credentials."); + return; /* NOT REACHED */ break; case -3: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unauthorised server connection attempt from %s: " "Invalid host for server %s", - client_p->name, name); + "[@255.255.255.255]", name); ilog(L_SERVER, "Access denied, invalid host for server %s%s", EmptyString(client_p->name) ? name : "", log_client_name(client_p, SHOW_IP)); exit_client(client_p, client_p, client_p, "Invalid host."); - return 0; + return; /* NOT REACHED */ break; /* servername is > HOSTLEN */ case -4: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Invalid servername %s from %s", - name, client_p->name); + name, "[@255.255.255.255]"); ilog(L_SERVER, "Access denied, invalid servername from %s", log_client_name(client_p, SHOW_IP)); exit_client(client_p, client_p, client_p, "Invalid servername."); - return 0; + return; /* NOT REACHED */ break; case -5: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Connection from servername %s requires SSL/TLS but is plaintext", name); - ilog(L_SERVER, "Access denied, requires SSL/TLS but is plaintext from %s", + ilog(L_SERVER, "Access denied, requires SSL/TLS but is plaintext from %s", log_client_name(client_p, SHOW_IP)); exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext"); - return 0; + return; + case -6: + if (client_p->certfp) + { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s has invalid certificate fingerprint %s", + name, client_p->certfp); + ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s", + client_p->certfp, log_client_name(client_p, SHOW_IP)); + exit_client(client_p, client_p, client_p, "Invalid fingerprint."); + } + else + { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s failed certificate validation", + name); + ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s", + log_client_name(client_p, SHOW_IP)); + exit_client(client_p, client_p, client_p, "Invalid certificate."); + } + + return; + case -7: + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s rejected, no more connections allowed in class", + name); + ilog(L_SERVER, "Access denied, no more connections allowed in class for %s", + log_client_name(client_p, SHOW_IP)); + + exit_client(client_p, client_p, client_p, "Access denied, no more connections allowed in class"); + return; + default: + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s rejected, unknown error %d", + name, ret); + ilog(L_SERVER, "Access denied, unknown error %d for server %s%s", ret, + EmptyString(client_p->name) ? name : "", + log_client_name(client_p, SHOW_IP)); + + exit_client(client_p, client_p, client_p, "Unknown error."); + return; } /* require TS6 for direct links */ if(!IsCapable(client_p, CAP_TS6)) { - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, TS6 protocol is required", name); exit_client(client_p, client_p, client_p, "Incompatible TS version"); - return 0; + return; + } + + /* check to ensure any "required" caps are set. --nenolod */ + required_mask = capability_index_get_required(serv_capindex); + if (!IsCapable(client_p, required_mask)) + { + missing = capability_index_list(serv_capindex, required_mask & + ~client_p->localClient->caps); + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Link %s dropped, required CAPABs [%s] are missing", + name, missing); + ilog(L_SERVER, "Link %s%s dropped, required CAPABs [%s] are missing", + EmptyString(client_p->name) ? name : "", + log_client_name(client_p, SHOW_IP), missing); + /* Do not use '[' in the below message because it would cause + * it to be considered potentially unsafe (might disclose IP + * addresses) + */ + sendto_one(client_p, "ERROR :Missing required CAPABs (%s)", missing); + exit_client(client_p, client_p, client_p, "Missing required CAPABs"); + + return; } if((target_p = find_server(NULL, name))) @@ -206,33 +274,47 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char * Definitely don't do that here. This is from an unregistered * connect - A1kmm. */ - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Attempt to re-introduce server %s from %s", - name, client_p->name); - ilog(L_SERVER, "Attempt to re-introduce server %s from %s", - name, log_client_name(client_p, SHOW_IP)); + if (target_p->servptr->flags & FLAGS_SERVICE) + { + /* Assume any servers introduced by services + * are jupes. + * -- jilles + */ + sendto_one(client_p, "ERROR :Server juped."); + } + else + { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Attempt to re-introduce server %s from %s", + name, "[@255.255.255.255]"); + ilog(L_SERVER, "Attempt to re-introduce server %s from %s", + name, log_client_name(client_p, SHOW_IP)); - sendto_one(client_p, "ERROR :Server already exists."); + sendto_one(client_p, "ERROR :Server already exists."); + } exit_client(client_p, client_p, client_p, "Server Exists"); - return 0; + return; } - if(has_id(client_p) && (target_p = find_id(client_p->id)) != NULL) - { - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, - "Attempt to re-introduce SID %s from %s%s (already in use by %s)", - client_p->id, - EmptyString(client_p->name) ? name : "", - client_p->name, target_p->name); - ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)", - client_p->id, - EmptyString(client_p->name) ? name : "", - log_client_name(client_p, SHOW_IP), - target_p->name); - - sendto_one(client_p, "ERROR :SID already exists."); - exit_client(client_p, client_p, client_p, "SID Exists"); - return 0; + if (client_p->preClient && !EmptyString(client_p->preClient->id)) { + if ((target_p = find_id(client_p->preClient->id)) != NULL) { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Attempt to re-introduce SID %s from %s%s (already in use by %s)", + client_p->preClient->id, + EmptyString(client_p->name) ? name : "", + client_p->name, target_p->name); + ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)", + client_p->preClient->id, + EmptyString(client_p->name) ? name : "", + log_client_name(client_p, SHOW_IP), + target_p->name); + + sendto_one(client_p, "ERROR :SID already exists."); + exit_client(client_p, client_p, client_p, "SID Exists"); + return; + } else { + rb_strlcpy(client_p->id, client_p->preClient->id, sizeof(client_p->id)); + } } /* @@ -244,37 +326,30 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char set_server_gecos(client_p, info); client_p->hopcount = hop; server_estab(client_p); - - return 0; } /* * ms_server - SERVER message handler - * parv[0] = sender prefix * parv[1] = servername * parv[2] = serverinfo/hopcount * parv[3] = serverinfo */ -static int -ms_server(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) +static void +ms_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { char info[REALLEN + 1]; /* same size as in s_misc.c */ const char *name; struct Client *target_p; - struct remote_conf *hub_p; hook_data_client hdata; int hop; - int hlined = 0; - int llined = 0; - rb_dlink_node *ptr; char squitreason[160]; name = parv[1]; hop = atoi(parv[2]); rb_strlcpy(info, parv[3], sizeof(info)); - if((target_p = find_server(NULL, name))) + if(find_server(NULL, name)) { /* * This link is trying feed me a server that I already have @@ -292,7 +367,7 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * that already exists, then sends you a client burst, you squit the * server, but you keep getting the burst of clients on a server that * doesnt exist, although ircd can handle it, its not a realistic - * solution.. --fl_ + * solution.. --fl_ */ ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, name); @@ -301,10 +376,10 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char "Server %s already exists", name); exit_client(client_p, client_p, &me, squitreason); - return 0; + return; } - /* + /* * User nicks never have '.' in them and server names * must always have '.' in them. */ @@ -316,14 +391,14 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * for a while and servers to send stuff to the wrong place. */ sendto_one(client_p, "ERROR :Nickname %s already exists!", name); - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s cancelled: Server/nick collision on %s", client_p->name, name); ilog(L_SERVER, "Link %s cancelled: Server/nick collision on %s", client_p->name, name); exit_client(client_p, client_p, client_p, "Nick as Server"); - return 0; + return; } /* @@ -332,92 +407,17 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * add it to list and propagate word to my other * server links... */ - if(parc == 1 || EmptyString(info)) - { - sendto_one(client_p, "ERROR :No server info specified for %s", name); - return 0; - } - - /* - * See if the newly found server is behind a guaranteed - * leaf. If so, close the link. - * - */ - RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head) - { - hub_p = ptr->data; - - if(match(hub_p->server, client_p->name) && match(hub_p->host, name)) - { - if(hub_p->flags & CONF_HUB) - hlined++; - else - llined++; - } - } - - /* Ok, this way this works is - * - * A server can have a CONF_HUB allowing it to introduce servers - * behind it. - * - * connect { - * name = "irc.bighub.net"; - * hub_mask="*"; - * ... - * - * That would allow "irc.bighub.net" to introduce anything it wanted.. - * - * However - * - * connect { - * name = "irc.somehub.fi"; - * hub_mask="*"; - * leaf_mask="*.edu"; - *... - * Would allow this server in finland to hub anything but - * .edu's - */ - - /* Ok, check client_p can hub the new server, and make sure it's not a LL */ - if(!hlined) - { - /* OOOPs nope can't HUB */ - sendto_realops_snomask(SNO_GENERAL, L_ALL, "Non-Hub link %s introduced %s.", - client_p->name, name); - ilog(L_SERVER, "Non-Hub link %s introduced %s.", - client_p->name, name); - - exit_client(NULL, client_p, &me, "No matching hub_mask."); - return 0; - } - - /* Check for the new server being leafed behind this HUB */ - if(llined) - { - /* OOOPs nope can't HUB this leaf */ - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s introduced leafed server %s.", - client_p->name, name); - ilog(L_SERVER, "Link %s introduced leafed server %s.", - client_p->name, name); - - exit_client(NULL, client_p, &me, "Leafed Server."); - return 0; - } - - if(strlen(name) > HOSTLEN) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s introduced server with invalid servername %s", client_p->name, name); ilog(L_SERVER, "Link %s introduced server with invalid servername %s", client_p->name, name); exit_client(NULL, client_p, &me, "Invalid servername introduced."); - return 0; + return; } target_p = make_client(client_p); @@ -453,26 +453,17 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char hdata.client = source_p; hdata.target = target_p; call_hook(h_server_introduced, &hdata); - - return 0; } -static int -ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) +static void +ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { struct Client *target_p; - struct remote_conf *hub_p; hook_data_client hdata; - rb_dlink_node *ptr; - int hop; - int hlined = 0; - int llined = 0; char squitreason[160]; - hop = atoi(parv[2]); - /* collision on the name? */ - if((target_p = find_server(NULL, parv[1])) != NULL) + if(find_server(NULL, parv[1]) != NULL) { ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, parv[1]); @@ -481,7 +472,7 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p "Server %s already exists", parv[1]); exit_client(NULL, client_p, &me, squitreason); - return 0; + return; } /* collision on the SID? */ @@ -500,77 +491,34 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p "SID %s for %s already in use by %s", parv[3], parv[1], target_p->name); exit_client(NULL, client_p, &me, squitreason); - return 0; + return; } if(bogus_host(parv[1]) || strlen(parv[1]) > HOSTLEN) { sendto_one(client_p, "ERROR :Invalid servername"); - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s cancelled, servername %s invalid", client_p->name, parv[1]); ilog(L_SERVER, "Link %s cancelled, servername %s invalid", client_p->name, parv[1]); exit_client(NULL, client_p, &me, "Bogus server name"); - return 0; + return; } if(!IsDigit(parv[3][0]) || !IsIdChar(parv[3][1]) || !IsIdChar(parv[3][2]) || parv[3][3] != '\0') { sendto_one(client_p, "ERROR :Invalid SID"); - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s cancelled, SID %s invalid", client_p->name, parv[3]); ilog(L_SERVER, "Link %s cancelled, SID %s invalid", client_p->name, parv[3]); exit_client(NULL, client_p, &me, "Bogus SID"); - return 0; - } - - /* for the directly connected server: - * H: allows it to introduce a server matching that mask - * L: disallows it introducing a server matching that mask - */ - RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head) - { - hub_p = ptr->data; - - if(match(hub_p->server, client_p->name) && match(hub_p->host, parv[1])) - { - if(hub_p->flags & CONF_HUB) - hlined++; - else - llined++; - } - } - - /* no matching hub_mask */ - if(!hlined) - { - sendto_one(client_p, "ERROR :No matching hub_mask"); - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Non-Hub link %s introduced %s.", - client_p->name, parv[1]); - ilog(L_SERVER, "Non-Hub link %s introduced %s.", - client_p->name, parv[1]); - exit_client(NULL, client_p, &me, "No matching hub_mask."); - return 0; - } - - /* matching leaf_mask */ - if(llined) - { - sendto_one(client_p, "ERROR :Matching leaf_mask"); - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s introduced leafed server %s.", - client_p->name, parv[1]); - ilog(L_SERVER, "Link %s introduced leafed server %s.", - client_p->name, parv[1]); - exit_client(NULL, client_p, &me, "Leafed Server."); - return 0; + return; } /* ok, alls good */ @@ -579,7 +527,7 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p rb_strlcpy(target_p->name, parv[1], sizeof(target_p->name)); target_p->hopcount = atoi(parv[2]); - strcpy(target_p->id, parv[3]); + rb_strlcpy(target_p->id, parv[3], sizeof(target_p->id)); set_server_gecos(target_p, parv[4]); target_p->servptr = source_p; @@ -608,8 +556,6 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p hdata.client = source_p; hdata.target = target_p; call_hook(h_server_introduced, &hdata); - - return 0; } /* set_server_gecos() @@ -618,7 +564,7 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p * output - none * side effects - servers gecos field is set */ -static int +static void set_server_gecos(struct Client *client_p, const char *info) { /* check the info for [IP] */ @@ -626,7 +572,6 @@ set_server_gecos(struct Client *client_p, const char *info) { char *p; char *s; - char *t; s = LOCAL_COPY(info); @@ -635,7 +580,7 @@ set_server_gecos(struct Client *client_p, const char *info) *p = '\0'; /* check for a ] which would symbolise an [IP] */ - if((t = strchr(s, ']'))) + if(strchr(s, ']')) { /* set s to after the first space */ if(p) @@ -673,27 +618,25 @@ set_server_gecos(struct Client *client_p, const char *info) if(s && (*s != '\0')) { rb_strlcpy(client_p->info, s, sizeof(client_p->info)); - return 1; + return; } } } rb_strlcpy(client_p->info, "(Unknown Location)", sizeof(client_p->info)); - - return 1; } /* * bogus_host * * inputs - hostname - * output - 1 if a bogus hostname input, 0 if its valid + * output - true if a bogus hostname input, false if its valid * side effects - none */ -int +static bool bogus_host(const char *host) { - int bogus_server = 0; + bool bogus_server = false; const char *s; int dots = 0; @@ -701,7 +644,7 @@ bogus_host(const char *host) { if(!IsServChar(*s)) { - bogus_server = 1; + bogus_server = true; break; } if('.' == *s) @@ -709,7 +652,7 @@ bogus_host(const char *host) } if(!dots || bogus_server) - return 1; + return true; - return 0; + return false; }