X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/ab4420cbbe6c1a41f473cb81adedc81182448781..1608b0e70eccd97485af83cf5c80b4e09e95ba93:/extensions/m_webirc.c diff --git a/extensions/m_webirc.c b/extensions/m_webirc.c index 1b48e3cb..f999996c 100644 --- a/extensions/m_webirc.c +++ b/extensions/m_webirc.c @@ -64,12 +64,19 @@ struct Message webirc_msgtab = { mapi_clist_av1 webirc_clist[] = { &webirc_msgtab, NULL }; -DECLARE_MODULE_AV2(webirc, NULL, NULL, webirc_clist, NULL, NULL, NULL, NULL, webirc_desc); +static void new_local_user(void *data); +mapi_hfn_list_av1 webirc_hfnlist[] = { + /* unintuitive but correct--we want to be called first */ + { "new_local_user", new_local_user, HOOK_LOWEST }, + { NULL, NULL } +}; + +DECLARE_MODULE_AV2(webirc, NULL, NULL, webirc_clist, NULL, webirc_hfnlist, NULL, NULL, webirc_desc); /* * mr_webirc - webirc message handler - * parv[1] = password - * parv[2] = fake username (we ignore this) + * parv[1] = password + * parv[2] = fake username (we ignore this) * parv[3] = fake hostname * parv[4] = fake ip */ @@ -80,27 +87,36 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc const char *encr; struct rb_sockaddr_storage addr; + int secure = 0; + + if (source_p->flags & FLAGS_SENTUSER || !EmptyString(source_p->name)) + { + exit_client(client_p, source_p, &me, "WEBIRC may not follow NICK/USER"); + } + aconf = find_address_conf(client_p->host, client_p->sockhost, IsGotId(client_p) ? client_p->username : "webirc", IsGotId(client_p) ? client_p->username : "webirc", (struct sockaddr *) &client_p->localClient->ip, GET_SS_FAMILY(&client_p->localClient->ip), NULL); + if (aconf == NULL || !(aconf->status & CONF_CLIENT)) return; + if (!IsConfDoSpoofIp(aconf) || irccmp(aconf->info.name, "webirc.")) { /* XXX */ - sendto_one(source_p, "NOTICE * :Not a CGI:IRC auth block"); + exit_client(client_p, source_p, &me, "Not a CGI:IRC auth block"); return; } if (EmptyString(aconf->passwd)) { - sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password"); + exit_client(client_p, source_p, &me, "CGI:IRC auth blocks must have a password"); return; } - if (!IsSSL(source_p) && aconf->flags & CONF_FLAGS_NEED_SSL) + if (!IsSecure(source_p) && aconf->flags & CONF_FLAGS_NEED_SSL) { - sendto_one(source_p, "NOTICE * :Your CGI:IRC block requires SSL"); + exit_client(client_p, source_p, &me, "Your CGI:IRC block requires TLS"); return; } @@ -113,17 +129,40 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc if (encr == NULL || strcmp(encr, aconf->passwd)) { - sendto_one(source_p, "NOTICE * :CGI:IRC password incorrect"); + exit_client(client_p, source_p, &me, "CGI:IRC password incorrect"); return; } if (rb_inet_pton_sock(parv[4], &addr) <= 0) { - sendto_one(source_p, "NOTICE * :Invalid IP"); + exit_client(client_p, source_p, &me, "Invalid IP"); return; } source_p->localClient->ip = addr; + source_p->username[0] = '\0'; + ClearGotId(source_p); + + if (parc >= 6) + { + const char *s; + for (s = parv[5]; s != NULL; (s = strchr(s, ' ')) && s++) + { + if (!ircncmp(s, "secure", 6) && (s[6] == '=' || s[6] == ' ' || s[6] == '\0')) + secure = 1; + } + } + + if (secure && !IsSecure(source_p)) + { + sendto_one(source_p, "NOTICE * :CGI:IRC is not connected securely; marking you as insecure"); + secure = 0; + } + + if (!secure) + { + ClearSecure(source_p); + } rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost)); @@ -145,3 +184,16 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc sendto_one(source_p, "NOTICE * :CGI:IRC host/IP set to %s %s", parv[3], parv[4]); } + +static void +new_local_user(void *data) +{ + struct Client *source_p = data; + struct ConfItem *aconf = source_p->localClient->att_conf; + + if (aconf == NULL) + return; + + if (!irccmp(aconf->info.name, "webirc.")) + exit_client(source_p, source_p, &me, "Cannot log in using a WEBIRC block"); +}