X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/b49efe577caa7b9f1d6cbac0d801421e1478646b..1548c140218b956485b3fd5c386447a2add59864:/modules/core/m_server.c diff --git a/modules/core/m_server.c b/modules/core/m_server.c index f4e922bb..e0702bfd 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -85,7 +85,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc if (IsHandshake(client_p) && irccmp(client_p->name, name)) { - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Server %s has unexpected name %s", client_p->name, name); ilog(L_SERVER, "Server %s has unexpected name %s", @@ -99,7 +99,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc */ if(!DoesTS(client_p)) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "Link %s dropped, non-TS server", + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, non-TS server", client_p->name); exit_client(client_p, client_p, client_p, "Non-TS server"); return; @@ -122,7 +122,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc case -1: if(ConfigFileEntry.warn_no_nline) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unauthorised server connection attempt from %s: " "No entry for servername %s", "[@255.255.255.255]", name); @@ -138,7 +138,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc break; case -2: - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unauthorised server connection attempt from %s: " "Bad credentials for server %s", "[@255.255.255.255]", name); @@ -153,7 +153,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc break; case -3: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unauthorised server connection attempt from %s: " "Invalid host for server %s", "[@255.255.255.255]", name); @@ -169,7 +169,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc /* servername is > HOSTLEN */ case -4: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Invalid servername %s from %s", name, "[@255.255.255.255]"); ilog(L_SERVER, "Access denied, invalid servername from %s", @@ -180,7 +180,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc /* NOT REACHED */ break; case -5: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Connection from servername %s requires SSL/TLS but is plaintext", name); ilog(L_SERVER, "Access denied, requires SSL/TLS but is plaintext from %s", @@ -188,8 +188,38 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext"); return; + case -6: + if (client_p->certfp) + { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s has invalid certificate fingerprint %s", + name, client_p->certfp); + ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s", + client_p->certfp, log_client_name(client_p, SHOW_IP)); + exit_client(client_p, client_p, client_p, "Invalid fingerprint."); + } + else + { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s failed certificate validation", + name); + ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s", + log_client_name(client_p, SHOW_IP)); + exit_client(client_p, client_p, client_p, "Invalid certificate."); + } + + return; + case -7: + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Connection from servername %s rejected, no more connections allowed in class", + name); + ilog(L_SERVER, "Access denied, no more connections allowed in class for %s", + log_client_name(client_p, SHOW_IP)); + + exit_client(client_p, client_p, client_p, "Access denied, no more connections allowed in class"); + return; default: - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Connection from servername %s rejected, unknown error %d", name, ret); ilog(L_SERVER, "Access denied, unknown error %d for server %s%s", ret, @@ -203,7 +233,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc /* require TS6 for direct links */ if(!IsCapable(client_p, CAP_TS6)) { - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, TS6 protocol is required", name); exit_client(client_p, client_p, client_p, "Incompatible TS version"); return; @@ -215,7 +245,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc { missing = capability_index_list(serv_capindex, required_mask & ~client_p->localClient->caps); - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s dropped, required CAPABs [%s] are missing", name, missing); ilog(L_SERVER, "Link %s%s dropped, required CAPABs [%s] are missing", @@ -254,7 +284,7 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc } else { - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Attempt to re-introduce server %s from %s", name, "[@255.255.255.255]"); ilog(L_SERVER, "Attempt to re-introduce server %s from %s", @@ -266,22 +296,25 @@ mr_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc return; } - if(has_id(client_p) && (target_p = find_id(client_p->id)) != NULL) - { - sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, - "Attempt to re-introduce SID %s from %s%s (already in use by %s)", - client_p->id, - EmptyString(client_p->name) ? name : "", - client_p->name, target_p->name); - ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)", - client_p->id, - EmptyString(client_p->name) ? name : "", - log_client_name(client_p, SHOW_IP), - target_p->name); - - sendto_one(client_p, "ERROR :SID already exists."); - exit_client(client_p, client_p, client_p, "SID Exists"); - return; + if (client_p->preClient && !EmptyString(client_p->preClient->id)) { + if ((target_p = find_id(client_p->preClient->id)) != NULL) { + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, + "Attempt to re-introduce SID %s from %s%s (already in use by %s)", + client_p->preClient->id, + EmptyString(client_p->name) ? name : "", + client_p->name, target_p->name); + ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)", + client_p->preClient->id, + EmptyString(client_p->name) ? name : "", + log_client_name(client_p, SHOW_IP), + target_p->name); + + sendto_one(client_p, "ERROR :SID already exists."); + exit_client(client_p, client_p, client_p, "SID Exists"); + return; + } else { + rb_strlcpy(client_p->id, client_p->preClient->id, sizeof(client_p->id)); + } } /* @@ -308,12 +341,8 @@ ms_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc /* same size as in s_misc.c */ const char *name; struct Client *target_p; - struct remote_conf *hub_p; hook_data_client hdata; int hop; - int hlined = 0; - int llined = 0; - rb_dlink_node *ptr; char squitreason[160]; name = parv[1]; @@ -362,7 +391,7 @@ ms_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc * for a while and servers to send stuff to the wrong place. */ sendto_one(client_p, "ERROR :Nickname %s already exists!", name); - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s cancelled: Server/nick collision on %s", client_p->name, name); ilog(L_SERVER, "Link %s cancelled: Server/nick collision on %s", @@ -379,85 +408,9 @@ ms_server(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc * server links... */ - /* - * See if the newly found server is behind a guaranteed - * leaf. If so, close the link. - * - */ - RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head) - { - hub_p = ptr->data; - - if(match(hub_p->server, client_p->name) && match(hub_p->host, name)) - { - if(hub_p->flags & CONF_HUB) - hlined++; - else - llined++; - } - } - - /* Ok, this way this works is - * - * A server can have a CONF_HUB allowing it to introduce servers - * behind it. - * - * connect { - * name = "irc.bighub.net"; - * hub_mask="*"; - * ... - * - * That would allow "irc.bighub.net" to introduce anything it wanted.. - * - * However - * - * connect { - * name = "irc.somehub.fi"; - * hub_mask="*"; - * leaf_mask="*.edu"; - *... - * Would allow this server in finland to hub anything but - * .edu's - */ - - /* Ok, check client_p can hub the new server */ - if(!hlined) - { - /* OOOPs nope can't HUB */ - sendto_realops_snomask(SNO_GENERAL, L_ALL, "Non-Hub link %s introduced %s.", - client_p->name, name); - ilog(L_SERVER, "Non-Hub link %s introduced %s.", - client_p->name, name); - - snprintf(squitreason, sizeof squitreason, - "No matching hub_mask for %s", - name); - exit_client(NULL, client_p, &me, squitreason); - return; - } - - /* Check for the new server being leafed behind this HUB */ - if(llined) - { - /* OOOPs nope can't HUB this leaf */ - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s introduced leafed server %s.", - client_p->name, name); - ilog(L_SERVER, "Link %s introduced leafed server %s.", - client_p->name, name); - - snprintf(squitreason, sizeof squitreason, - "Matching leaf_mask for %s", - name); - exit_client(NULL, client_p, &me, squitreason); - return; - } - - - if(strlen(name) > HOSTLEN) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s introduced server with invalid servername %s", client_p->name, name); ilog(L_SERVER, "Link %s introduced server with invalid servername %s", @@ -506,11 +459,7 @@ static void ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { struct Client *target_p; - struct remote_conf *hub_p; hook_data_client hdata; - rb_dlink_node *ptr; - int hlined = 0; - int llined = 0; char squitreason[160]; /* collision on the name? */ @@ -548,7 +497,7 @@ ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p if(bogus_host(parv[1]) || strlen(parv[1]) > HOSTLEN) { sendto_one(client_p, "ERROR :Invalid servername"); - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s cancelled, servername %s invalid", client_p->name, parv[1]); ilog(L_SERVER, "Link %s cancelled, servername %s invalid", @@ -562,7 +511,7 @@ ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p !IsIdChar(parv[3][2]) || parv[3][3] != '\0') { sendto_one(client_p, "ERROR :Invalid SID"); - sendto_realops_snomask(SNO_GENERAL, L_ALL, + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Link %s cancelled, SID %s invalid", client_p->name, parv[3]); ilog(L_SERVER, "Link %s cancelled, SID %s invalid", @@ -572,62 +521,13 @@ ms_sid(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p return; } - /* for the directly connected server: - * H: allows it to introduce a server matching that mask - * L: disallows it introducing a server matching that mask - */ - RB_DLINK_FOREACH(ptr, hubleaf_conf_list.head) - { - hub_p = ptr->data; - - if(match(hub_p->server, client_p->name) && match(hub_p->host, parv[1])) - { - if(hub_p->flags & CONF_HUB) - hlined++; - else - llined++; - } - } - - /* no matching hub_mask */ - if(!hlined) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Non-Hub link %s introduced %s.", - client_p->name, parv[1]); - ilog(L_SERVER, "Non-Hub link %s introduced %s.", - client_p->name, parv[1]); - - snprintf(squitreason, sizeof squitreason, - "No matching hub_mask for %s", - parv[1]); - exit_client(NULL, client_p, &me, squitreason); - return; - } - - /* matching leaf_mask */ - if(llined) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s introduced leafed server %s.", - client_p->name, parv[1]); - ilog(L_SERVER, "Link %s introduced leafed server %s.", - client_p->name, parv[1]); - - snprintf(squitreason, sizeof squitreason, - "Matching leaf_mask for %s", - parv[1]); - exit_client(NULL, client_p, &me, squitreason); - return; - } - /* ok, alls good */ target_p = make_client(client_p); make_server(target_p); rb_strlcpy(target_p->name, parv[1], sizeof(target_p->name)); target_p->hopcount = atoi(parv[2]); - strcpy(target_p->id, parv[3]); + rb_strlcpy(target_p->id, parv[3], sizeof(target_p->id)); set_server_gecos(target_p, parv[4]); target_p->servptr = source_p;