underchat
/
ircu2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ircu2/ircd/s_auth.c

2891 lines
91 KiB
C
Raw Blame History

/************************************************************************
* IRC - Internet Relay Chat, src/s_auth.c
* Copyright (C) 1992 Darren Reed
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
* Changes:
* July 6, 1999 - Rewrote most of the code here. When a client connects
* to the server and passes initial socket validation checks, it
* is owned by this module (auth) which returns it to the rest of the
* server when dns and auth queries are finished. Until the client is
* released, the server does not know it exists and does not process
* any messages from it.
* --Bleep Thomas Helvey <tomh@inxpress.net>
*
* December 26, 2005 - Rewrite the flag handling and integrate that with
* an IRCnet-style IAuth protocol.
* -- Michael Poole
*/
/** @file
* @brief Implementation of DNS and ident lookups.
* @version $Id: s_auth.c 1934 2010-01-04 17:15:13Z klmitch $
*/
#include "config.h"
#include "s_auth.h"
#include "class.h"
#include "client.h"
#include "hash.h"
#include "IPcheck.h"
#include "ircd.h"
#include "ircd_alloc.h"
#include "ircd_chattr.h"
#include "ircd_events.h"
#include "ircd_features.h"
#include "ircd_geoip.h"
#include "ircd_log.h"
#include "ircd_osdep.h"
#include "ircd_reply.h"
#include "ircd_snprintf.h"
#include "ircd_string.h"
#include "list.h"
#include "mark.h"
#include "msg.h" /* for MAXPARA */
#include "numeric.h"
#include "numnicks.h"
#include "querycmds.h"
#include "random.h"
#include "res.h"
#include "s_bsd.h"
#include "s_conf.h"
#include "s_debug.h"
#include "s_misc.h"
#include "s_user.h"
#include "send.h"
#include "ssl.h"
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
/** Pending operations during registration. */
enum AuthRequestFlag {
AR_AUTH_PENDING, /**< ident connecting or waiting for response */
AR_DNS_PENDING, /**< dns request sent, waiting for response */
AR_CAP_PENDING, /**< in middle of CAP negotiations */
AR_NEEDS_PONG, /**< user has not PONGed */
AR_NEEDS_USER, /**< user must send USER command */
AR_NEEDS_NICK, /**< user must send NICK command */
AR_LAST_SCAN = AR_NEEDS_NICK, /**< maximum flag to scan through */
AR_IAUTH_PENDING, /**< iauth request sent, waiting for response */
AR_IAUTH_HURRY, /**< we told iauth to hurry up */
AR_IAUTH_USERNAME, /**< iauth sent a username (preferred or forced) */
AR_IAUTH_FUSERNAME, /**< iauth sent a forced username */
AR_IAUTH_SOFT_DONE, /**< iauth has no objection to client */
AR_PASSWORD_CHECKED, /**< client password already checked */
AR_LOC_DONE, /**< loc messages have been sent */
AR_NUM_FLAGS
};
DECLARE_FLAGSET(AuthRequestFlags, AR_NUM_FLAGS);
/** Stores registration state of a client. */
struct AuthRequest {
struct AuthRequest* next; /**< linked list node ptr */
struct AuthRequest* prev; /**< linked list node ptr */
struct Client* client; /**< pointer to client struct for request */
struct irc_sockaddr local; /**< local endpoint address */
struct irc_in_addr original; /**< original client IP address */
struct Socket socket; /**< socket descriptor for auth queries */
struct Timer timeout; /**< timeout timer for ident and dns queries */
struct Timer loctimeout; /**< timeout timer for Login On Connect */
struct AuthRequestFlags flags; /**< current state of request */
unsigned int cookie; /**< cookie the user must PONG */
unsigned short port; /**< client's remote port number */
};
/** Array of message text (with length) pairs for AUTH status
* messages. Indexed using #ReportType.
*/
static struct {
const char* message;
unsigned int length;
} HeaderMessages [] = {
#define MSG(STR) { STR, sizeof(STR) - 1 }
MSG("NOTICE * :*** Looking up your hostname\r\n"),
MSG("NOTICE * :*** Found your hostname\r\n"),
MSG("NOTICE * :*** Couldn't look up your hostname\r\n"),
MSG("NOTICE * :*** Checking Ident\r\n"),
MSG("NOTICE * :*** Got ident response\r\n"),
MSG("NOTICE * :*** No ident response\r\n"),
MSG("NOTICE * :*** \r\n"),
MSG("NOTICE * :*** Your forward and reverse DNS do not match, "
"ignoring hostname.\r\n"),
MSG("NOTICE * :*** Invalid hostname\r\n")
#undef MSG
};
/** Enum used to index messages in the HeaderMessages[] array. */
typedef enum {
REPORT_DO_DNS,
REPORT_FIN_DNS,
REPORT_FAIL_DNS,
REPORT_DO_ID,
REPORT_FIN_ID,
REPORT_FAIL_ID,
REPORT_FAIL_IAUTH,
REPORT_IP_MISMATCH,
REPORT_INVAL_DNS
} ReportType;
/** Sends response \a r (from #ReportType) to client \a c. */
#ifdef USE_SSL
#define sendheader(c, r) \
ssl_send(c, HeaderMessages[(r)].message, HeaderMessages[(r)].length)
#else
#define sendheader(c, r) \
send(cli_fd(c), HeaderMessages[(r)].message, HeaderMessages[(r)].length, 0)
#endif /* USE_SSL */
/** Enumeration of IAuth connection flags. */
enum IAuthFlag
{
IAUTH_BLOCKED, /**< socket buffer full */
IAUTH_CLOSING, /**< candidate to be disposed */
/* The following flags are controlled by iauth's "O" options command. */
IAUTH_ADDLINFO, /**< Send additional info
* (password and username). */
IAUTH_FIRST_OPTION = IAUTH_ADDLINFO, /**< First flag that is a policy option. */
IAUTH_REQUIRED, /**< IAuth completion required for registration. */
IAUTH_TIMEOUT, /**< Refuse new connections if IAuth is behind. */
IAUTH_EXTRAWAIT, /**< Give IAuth extra time to answer. */
IAUTH_UNDERNET, /**< Enable Undernet extensions. */
IAUTH_WEBIRC, /**< Enable Nefarious WEBIRC extensions. */
IAUTH_SSLFP, /**< Enable Nefarious SSL client certificate fingerprint notifcation. */
IAUTH_ACCOUNT, /**< Enable Nefarious SASL account notification. */
IAUTH_EVENTS, /**< Enable Nefarious Event notifications. */
IAUTH_SASL, /**< Enable SASL authentication handling in IAuth. */
IAUTH_LAST_FLAG /**< total number of flags */
};
/** Declare a bitset structure indexed by IAuthFlag. */
DECLARE_FLAGSET(IAuthFlags, IAUTH_LAST_FLAG);
/** Describes state of an IAuth connection. */
struct IAuth {
struct MsgQ i_sendQ; /**< messages queued to send */
struct Socket i_socket; /**< main socket to iauth */
struct Socket i_stderr; /**< error socket for iauth */
struct IAuthFlags i_flags; /**< connection state/status/flags */
uint64_t i_recvB; /**< bytes received */
uint64_t i_sendB; /**< bytes sent */
time_t started; /**< time that this instance was started */
unsigned int i_recvM; /**< messages received */
unsigned int i_sendM; /**< messages sent */
unsigned int i_count; /**< characters used in i_buffer */
unsigned int i_errcount; /**< characters used in i_errbuf */
int i_debug; /**< debug level */
char i_buffer[BUFSIZE+1]; /**< partial unprocessed line from server */
char i_errbuf[BUFSIZE+1]; /**< partial unprocessed error line */
char *i_version; /**< iauth version string */
struct SLink *i_config; /**< configuration string list */
struct SLink *i_stats; /**< statistics string list */
char **i_argv; /**< argument list */
int i_argc; /**< number of arguments in argument list */
};
/** Return whether flag \a flag is set on \a iauth. */
#define IAuthHas(iauth, flag) ((iauth) && FlagHas(&(iauth)->i_flags, flag))
/** Set flag \a flag on \a iauth. */
#define IAuthSet(iauth, flag) FlagSet(&(iauth)->i_flags, flag)
/** Clear flag \a flag from \a iauth. */
#define IAuthClr(iauth, flag) FlagClr(&(iauth)->i_flags, flag)
/** Get connected flag for \a iauth. */
#define i_GetConnected(iauth) ((iauth) && s_fd(i_socket(iauth)) > -1)
/** Return socket event generator for \a iauth. */
#define i_socket(iauth) (&(iauth)->i_socket)
/** Return stderr socket for \a iauth. */
#define i_stderr(iauth) (&(iauth)->i_stderr)
/** Return outbound message queue for \a iauth. */
#define i_sendQ(iauth) (&(iauth)->i_sendQ)
/** Return debug level for \a iauth. */
#define i_debug(iauth) ((iauth)->i_debug)
/** Active instance of IAuth. */
static struct IAuth *iauth;
/** Freelist of AuthRequest structures. */
static struct AuthRequest *auth_freelist;
static void iauth_sock_callback(struct Event *ev);
static void iauth_stderr_callback(struct Event *ev);
static int sendto_iauth(struct Client *cptr, const char *format, ...);
static int preregister_user(struct Client *cptr);
typedef int (*iauth_cmd_handler)(struct IAuth *iauth, struct Client *cli,
int parc, char **params);
/** Copies a username, cleaning it in the process.
*
* @param[out] dest Destination buffer for user name.
* @param[in] src Source buffer for user name. Must be distinct from
* \a dest.
*/
void clean_username(char *dest, const char *src)
{
int rlen = USERLEN;
char ch;
/* First character can be ~, later characters cannot. */
if (!IsCntrl(*src))
{
ch = *src++;
*dest++ = IsUserChar(ch) ? ch : '_';
rlen--;
}
while (rlen-- && !IsCntrl(ch = *src++))
{
*dest++ = (IsUserChar(ch) && (ch != '~')) ? ch : '_';
}
*dest = '\0';
}
/** Set username for user associated with \a auth.
* @param[in] auth Client authorization request to work on.
* @return Zero if client is kept, CPTR_KILLED if client rejected.
*/
static int auth_set_username(struct AuthRequest *auth)
{
struct Client *sptr = auth->client;
struct User *user = cli_user(sptr);
char *d;
char *s;
int killreason;
short upper = 0;
short lower = 0;
short leadcaps = 0;
short other = 0;
short digits = 0;
short digitgroups = 0;
char ch;
char last;
if (FlagHas(&auth->flags, AR_IAUTH_FUSERNAME))
{
ircd_strncpy(user->username, cli_username(sptr), USERLEN + 1);
}
else if (IsIdented(sptr))
{
clean_username(user->username, cli_username(sptr));
}
else if (HasFlag(sptr, FLAG_DOID))
{
/* Prepend ~ to user->username. */
s = user->username;
s[USERLEN-1] = '\0';
for (last = '~'; last != '\0'; )
{
ch = *s;
*s++ = last;
last = ch;
}
*s = '\0';
} /* else cleaned version of client-provided name is in place */
/* If username is empty or just ~, reject. */
if ((user->username[0] == '\0')
|| ((user->username[0] == '~') && (user->username[1] == '\0')))
return exit_client(sptr, sptr, &me, "USER: Bogus userid.");
/* Check for K-, G- or Z-line. */
killreason = find_kill(sptr);
if (killreason) {
ServerStats->is_ref++;
return exit_client(sptr, sptr, &me,
(killreason == -1 ? "K-lined" :
(killreason == -2 ? "G-lined" : "Z-lined")));
}
if (!FlagHas(&auth->flags, AR_IAUTH_FUSERNAME))
{
/* Check for mixed case usernames, meaning probably hacked. Jon2 3-94
* Explanations of rules moved to where it is checked Entrope 2-06
*/
s = d = user->username + (user->username[0] == '~');
for (last = '\0';
(ch = *d++) != '\0';
last = ch)
{
if (IsLower(ch))
{
lower++;
}
else if (IsUpper(ch))
{
upper++;
/* Accept caps as leading if we haven't seen lower case or digits yet. */
if ((leadcaps || last == '\0') && !lower && !digits)
leadcaps++;
}
else if (IsDigit(ch))
{
digits++;
if (!IsDigit(last))
{
digitgroups++;
/* If more than two groups of digits, reject. */
if (digitgroups > 2)
goto badid;
}
}
else if (ch == '-' || ch == '_' || ch == '.')
{
other++;
/* If -_. exist at start, consecutively, or more than twice, reject. */
if (last == '\0' || last == '-' || last == '_' || last == '.' || other > 2)
goto badid;
}
else /* All other punctuation is rejected. */
goto badid;
}
/* If mixed case, first must be capital, but no more than three;
* but if three capitals, they must all be leading. */
if (lower && upper && (!leadcaps || leadcaps > 3 ||
(upper > 2 && upper > leadcaps)))
goto badid;
/* If two different groups of digits, one must be either at the
* start or end. */
if (digitgroups == 2 && !(IsDigit(s[0]) || IsDigit(ch)))
goto badid;
/* Must have at least one letter. */
if (!lower && !upper)
goto badid;
/* Final character must not be punctuation. */
if (!IsAlnum(last))
goto badid;
}
return 0;
badid:
/* If we confirmed their username, and it is what they claimed,
* accept it. */
if (IsIdented(sptr) && !strcmp(cli_username(sptr), user->username))
return 0;
if (!feature_bool(FEAT_STRICTUSERNAME))
return 0;
ServerStats->is_ref++;
send_reply(sptr, SND_EXPLICIT | ERR_INVALIDUSERNAME,
":Your username is invalid.");
send_reply(sptr, SND_EXPLICIT | ERR_INVALIDUSERNAME,
":Connect with your real username, in lowercase.");
send_reply(sptr, SND_EXPLICIT | ERR_INVALIDUSERNAME,
":If your mail address were foo@bar.com, your username "
"would be foo.");
return exit_client(sptr, sptr, &me, "USER: Bad username");
}
void auth_end_loc(struct AuthRequest *auth)
{
if (!auth)
return;
if (t_active(&auth->loctimeout))
timer_del(&auth->loctimeout);
}
/** Timeout a given auth request.
* @param[in] ev A timer event whose associated data is the expired
* struct AuthRequest.
*/
static void auth_loc_timeout_callback(struct Event* ev)
{
struct AuthRequest *auth;
struct Client *cptr;
assert(0 != ev_timer(ev));
assert(0 != t_data(ev_timer(ev)));
if (ev_type(ev) == ET_EXPIRE) {
auth = (struct AuthRequest*) t_data(ev_timer(ev));
cptr = auth->client;
if (!cli_loc(cptr))
return;
sendcmdto_one(&me, CMD_NOTICE, cptr, "%s :Service '%s' is not available (timeout)",
(cli_name(cptr) ? cli_name(cptr) : "*"), cli_loc(cptr)->service);
sendcmdto_one(&me, CMD_NOTICE, cptr, "%s :Type \002/QUOTE PASS\002 to "
"connect anyway", (cli_name(cptr) ? cli_name(cptr) : "*"));
}
}
static void auth_complete_sasl(struct Client *client)
{
if (IsSASLComplete(client) && cli_saslaccount(client)[0]) {
if (cli_saslacccreate(client))
cli_user(client)->acc_create = cli_saslacccreate(client);
ircd_strncpy(cli_user(client)->account, cli_saslaccount(client), ACCOUNTLEN + 1);
SetAccount(client);
}
abort_sasl(client, 0);
}
static void auth_do_loc(struct Client *client, struct Client *service)
{
/* If a cookie already exists, we're already doing LOC */
if (cli_loc(client)->cookie)
return;
/* the cookie is used to verify replies from the service, in case the
* client disconnects and the fd is reused
*/
do {
cli_loc(client)->cookie = ircrandom() & 0x7fffffff;
} while (!cli_loc(client)->cookie);
sendcmdto_one(&me, CMD_NOTICE, client, "%s :Attempting service login to %s",
(cli_name(client) ? cli_name(client) : "*"), cli_loc(client)->service);
if ( feature_bool(FEAT_LOC_SENDHOST) ) {
char realhost[HOSTLEN + 3];
char *hoststr = (cli_sockhost(client) ? cli_sockhost(client) : cli_sock_ip(client));
if (strchr(hoststr, ':') != NULL)
ircd_snprintf(0, realhost, sizeof(realhost), "[%s]", hoststr);
else
ircd_strncpy(realhost, hoststr, sizeof(realhost));
if (cli_sslclifp(client) && !EmptyString(cli_sslclifp(client)) && feature_bool(FEAT_LOC_SENDSSLFP)) {
sendcmdto_one(&me, CMD_ACCOUNT, service, "%C S .%u.%u %s@%s:%s %s %s :%s", service,
cli_fd(client), cli_loc(client)->cookie, cli_username(client),
realhost, cli_sock_ip(client), cli_sslclifp(client), cli_loc(client)->account,
cli_loc(client)->password);
} else {
sendcmdto_one(&me, CMD_ACCOUNT, service, "%C H .%u.%u %s@%s:%s %s :%s", service,
cli_fd(client), cli_loc(client)->cookie, cli_username(client),
realhost, cli_sock_ip(client), cli_loc(client)->account,
cli_loc(client)->password);
}
} else {
sendcmdto_one(&me, CMD_ACCOUNT, service, "%C C .%u.%u %s :%s", service,
cli_fd(client), cli_loc(client)->cookie,
cli_loc(client)->account, cli_loc(client)->password);
}
}
/** Check whether an authorization request is complete.
* This means that no flags from 0 to #AR_LAST_SCAN are set on \a auth.
* If #AR_IAUTH_PENDING is set, optionally go into "hurry" state. If
* 0 through #AR_LAST_SCAN and #AR_IAUTH_PENDING are all clear,
* destroy \a auth, clear the password, set the username, and register
* the client.
* @param[in] auth Authorization request to check.
* @return Zero if client is kept, CPTR_KILLED if client rejected.
*/
static int check_auth_finished(struct AuthRequest *auth)
{
enum AuthRequestFlag flag;
int res;
struct Client *acptr;
struct Client *cptr = auth->client;
/* Check non-iauth registration blocking flags. */
for (flag = 0; flag <= AR_LAST_SCAN; ++flag)
if (FlagHas(&auth->flags, flag))
{
Debug((DEBUG_INFO, "Auth %p [%d] still has flag %d", auth,
cli_fd(auth->client), flag));
return 0;
}
if (IsUserPort(cptr) && cli_loc(cptr)) {
if (FlagHas(&auth->flags, AR_LOC_DONE))
return 0;
FlagSet(&auth->flags, AR_LOC_DONE);
if ((acptr = FindUser(cli_loc(cptr)->service)) && IsChannelService(acptr)) {
timer_add(timer_init(&auth->loctimeout), auth_loc_timeout_callback, (void*) auth,
TT_RELATIVE, feature_int(FEAT_LOC_TIMEOUT));
auth_do_loc(cptr, acptr);
return 0;
} else {
sendcmdto_one(&me, CMD_NOTICE, cptr, "%s :Service '%s' is not available (%s)",
(cli_name(cptr) ? cli_name(cptr) : "*"), cli_loc(cptr)->service,
(acptr ? "not a service" : "no such service"));
sendcmdto_one(&me, CMD_NOTICE, cptr, "%s :Type \002/QUOTE PASS\002 to "
"connect anyway", (cli_name(cptr) ? cli_name(cptr) : "*"));
return 0;
}
}
/* Finish off SASL. */
if (IsUserPort(auth->client))
auth_complete_sasl(auth->client);
/* If appropriate, do preliminary assignment to connection class. */
if (IsUserPort(auth->client)
&& !FlagHas(&auth->flags, AR_IAUTH_HURRY)
&& preregister_user(auth->client))
return CPTR_KILLED;
/* If we have not done so, check client password. Do this as soon
* as possible so that iauth's challenge/response (which uses PASS
* for responses) is not confused with the client's password.
*/
if (IsUserPort(auth->client)
&& !FlagHas(&auth->flags, AR_PASSWORD_CHECKED))
{
struct ConfItem *aconf;
aconf = cli_confs(auth->client)->value.aconf;
if (!verify_sslclifp(auth->client, aconf))
{
ServerStats->is_ref++;
send_reply(auth->client, ERR_SSLCLIFP);
return exit_client(auth->client, auth->client, &me, "SSL fingerprint mismatch");
}
if (aconf
&& !EmptyString(aconf->passwd)
&& strcmp(cli_passwd(auth->client), aconf->passwd))
{
ServerStats->is_ref++;
send_reply(auth->client, ERR_PASSWDMISMATCH);
return exit_client(auth->client, auth->client, &me, "Bad Password");
}
FlagSet(&auth->flags, AR_PASSWORD_CHECKED);
}
/* Check if iauth is done. */
if (FlagHas(&auth->flags, AR_IAUTH_PENDING))
{
/* Switch auth request to hurry-up state. */
if (!FlagHas(&auth->flags, AR_IAUTH_HURRY))
{
/* Set "hurry" flag in auth request. */
FlagSet(&auth->flags, AR_IAUTH_HURRY);
/* If iauth wants it, send notification. */
if (IAuthHas(iauth, IAUTH_UNDERNET))
sendto_iauth(auth->client, "H %s", get_client_class(auth->client));
/* If iauth wants it, give client more time. */
if (IAuthHas(iauth, IAUTH_EXTRAWAIT))
cli_firsttime(auth->client) = CurrentTime;
}
Debug((DEBUG_INFO, "Auth %p [%d] still has flag %d", auth,
cli_fd(auth->client), AR_IAUTH_PENDING));
return 0;
}
else
FlagSet(&auth->flags, AR_IAUTH_HURRY);
if (IsUserPort(auth->client))
{
memset(cli_passwd(auth->client), 0, sizeof(cli_passwd(auth->client)));
res = auth_set_username(auth);
if (res == 0)
res = register_user(auth->client, auth->client);
}
else
res = 0;
if (res == 0)
destroy_auth_request(auth);
return res;
}
/** Verify that a hostname is valid, i.e., only contains characters
* valid for a hostname and that a hostname is not too long.
* @param host Hostname to check.
* @param maxlen Maximum length of hostname, not including NUL terminator.
* @return Non-zero if the hostname is valid.
*/
static int
auth_verify_hostname(const char *host, int maxlen)
{
int i;
/* Walk through the host name */
for (i = 0; host[i]; i++)
/* If it's not a hostname character or if it's too long, return false */
if (!IsHostChar(host[i]) || i >= maxlen)
return 0;
return 1; /* it's a valid hostname */
}
/** Check whether a client already has a CONF_CLIENT configuration
* item.
*
* @return A pointer to the client's first CONF_CLIENT, or NULL if
* there are none.
*/
static struct ConfItem *find_conf_client(struct Client *cptr)
{
struct SLink *list;
for (list = cli_confs(cptr); list != NULL; list = list->next) {
struct ConfItem *aconf;
aconf = list->value.aconf;
if (aconf->status & CONF_CLIENT)
return aconf;
}
return NULL;
}
/** Assign a client to a connection class.
* @param[in] cptr Client to assign to a class.
* @return Zero if client is kept, CPTR_KILLED if rejected.
*/
static int preregister_user(struct Client *cptr)
{
static time_t last_too_many1;
static time_t last_too_many2;
ircd_strncpy(cli_user(cptr)->host, cli_sockhost(cptr), HOSTLEN + 1);
ircd_strncpy(cli_user(cptr)->realhost, cli_sockhost(cptr), HOSTLEN + 1);
/* Set client's GeoIP data */
geoip_apply(cptr);
if (find_conf_client(cptr)) {
return 0;
}
switch (conf_check_client(cptr))
{
case ACR_OK:
break;
case ACR_NO_AUTHORIZATION:
sendto_opmask_butone(0, SNO_UNAUTH, "Unauthorized connection from %s.",
get_client_name(cptr, HIDE_IP));
++ServerStats->is_ref;
return exit_client(cptr, cptr, &me,
"No Authorization - use another server");
case ACR_TOO_MANY_IN_CLASS:
sendto_opmask_butone_ratelimited(0, SNO_TOOMANY, &last_too_many1,
"Too many connections in class %s for %s.",
get_client_class(cptr),
get_client_name(cptr, SHOW_IP));
++ServerStats->is_ref;
return exit_client(cptr, cptr, &me,
"Sorry, your connection class is full - try "
"again later or try another server");
case ACR_TOO_MANY_FROM_IP:
sendto_opmask_butone_ratelimited(0, SNO_TOOMANY, &last_too_many2,
"Too many connections from same IP for %s.",
get_client_name(cptr, SHOW_IP));
++ServerStats->is_ref;
return exit_client(cptr, cptr, &me,
"Too many connections from your host");
case ACR_ALREADY_AUTHORIZED:
/* Can this ever happen? */
case ACR_BAD_SOCKET:
++ServerStats->is_ref;
if (IsIPChecked(cptr))
IPcheck_connect_fail(cptr, 0);
return exit_client(cptr, cptr, &me, "Unknown error -- Try again");
}
return 0;
}
/** Send the ident server a query giving "theirport , ourport". The
* write is only attempted *once* so it is deemed to be a fail if the
* entire write doesn't write all the data given. This shouldn't be a
* problem since the socket should have a write buffer far greater
* than this message to store it in should problems arise. -avalon
* @param[in] auth The request to send.
*/
static void send_auth_query(struct AuthRequest* auth)
{
char authbuf[32];
unsigned int count;
assert(0 != auth);
ircd_snprintf(0, authbuf, sizeof(authbuf), "%hu , %hu\r\n",
auth->port, auth->local.port);
if (IO_SUCCESS != os_send_nonb(s_fd(&auth->socket), authbuf, strlen(authbuf), &count)) {
close(s_fd(&auth->socket));
socket_del(&auth->socket);
s_fd(&auth->socket) = -1;
++ServerStats->is_abad;
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FAIL_ID);
FlagClr(&auth->flags, AR_AUTH_PENDING);
check_auth_finished(auth);
}
}
/** Enum used to index ident reply fields in a human-readable way. */
enum IdentReplyFields {
IDENT_PORT_NUMBERS,
IDENT_REPLY_TYPE,
IDENT_OS_TYPE,
IDENT_INFO,
USERID_TOKEN_COUNT
};
/** Parse an ident reply line and extract the userid from it.
* @param[in] reply The ident reply line.
* @return The userid, or NULL on parse failure.
*/
static char* check_ident_reply(char* reply)
{
char* token;
char* end;
char* vector[USERID_TOKEN_COUNT];
int count = token_vector(reply, ':', vector, USERID_TOKEN_COUNT);
if (USERID_TOKEN_COUNT != count)
return 0;
/*
* second token is the reply type
*/
token = vector[IDENT_REPLY_TYPE];
if (EmptyString(token))
return 0;
while (IsSpace(*token))
++token;
if (0 != strncmp(token, "USERID", 6))
return 0;
/*
* third token is the os type
*/
token = vector[IDENT_OS_TYPE];
if (EmptyString(token))
return 0;
while (IsSpace(*token))
++token;
/*
* Unless "OTHER" is specified as the operating system
* type, the server is expected to return the "normal"
* user identification of the owner of this connection.
* "Normal" in this context may be taken to mean a string
* of characters which uniquely identifies the connection
* owner such as a user identifier assigned by the system
* administrator and used by such user as a mail
* identifier, or as the "user" part of a user/password
* pair used to gain access to system resources. When an
* operating system is specified (e.g., anything but
* "OTHER"), the user identifier is expected to be in a
* more or less immediately useful form - e.g., something
* that could be used as an argument to "finger" or as a
* mail address.
*/
if (0 == strncmp(token, "OTHER", 5))
return 0;
/*
* fourth token is the username
*/
token = vector[IDENT_INFO];
if (EmptyString(token))
return 0;
while (IsSpace(*token))
++token;
/*
* look for the end of the username, terminators are '\0, @, <SPACE>, :'
*/
for (end = token; *end; ++end) {
if (IsSpace(*end) || '@' == *end || ':' == *end)
break;
}
*end = '\0';
return token;
}
/** Read the reply (if any) from the ident server we connected to. We
* only give it one shot, if the reply isn't good the first time fail
* the authentication entirely. --Bleep
* @param[in] auth The request to read.
*/
static void read_auth_reply(struct AuthRequest* auth)
{
char* username = 0;
unsigned int len;
/*
* rfc1453 sez we MUST accept 512 bytes
*/
char buf[BUFSIZE + 1];
assert(0 != auth);
assert(0 != auth->client);
assert(auth == cli_auth(auth->client));
if (IO_SUCCESS == os_recv_nonb(s_fd(&auth->socket), buf, BUFSIZE, &len)) {
buf[len] = '\0';
Debug((DEBUG_INFO, "Auth %p [%d] reply: %s", auth, cli_fd(auth->client), buf));
username = check_ident_reply(buf);
Debug((DEBUG_INFO, "Username: %s", username));
}
Debug((DEBUG_INFO, "Deleting auth [%d] socket %p", auth, cli_fd(auth->client)));
close(s_fd(&auth->socket));
socket_del(&auth->socket);
s_fd(&auth->socket) = -1;
if (EmptyString(username)) {
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FAIL_ID);
++ServerStats->is_abad;
if (IAuthHas(iauth, IAUTH_UNDERNET))
sendto_iauth(auth->client, "u");
} else {
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FIN_ID);
++ServerStats->is_asuc;
if (!FlagHas(&auth->flags, AR_IAUTH_USERNAME)) {
ircd_strncpy(cli_username(auth->client), username, USERLEN + 1);
SetGotId(auth->client);
}
if (IAuthHas(iauth, IAUTH_UNDERNET))
sendto_iauth(auth->client, "u %s", username);
}
FlagClr(&auth->flags, AR_AUTH_PENDING);
check_auth_finished(auth);
}
/** Handle socket I/O activity.
* @param[in] ev A socket event whos associated data is the active
* struct AuthRequest.
*/
static void auth_sock_callback(struct Event* ev)
{
struct AuthRequest* auth;
assert(0 != ev_socket(ev));
assert(0 != s_data(ev_socket(ev)));
auth = (struct AuthRequest*) s_data(ev_socket(ev));
switch (ev_type(ev)) {
case ET_DESTROY: /* being destroyed */
break;
case ET_CONNECT: /* socket connection completed */
Debug((DEBUG_INFO, "Connection completed for auth %p [%d]; sending query",
auth, cli_fd(auth->client)));
socket_state(&auth->socket, SS_CONNECTED);
send_auth_query(auth);
break;
case ET_READ: /* socket is readable */
case ET_EOF: /* end of file on socket */
case ET_ERROR: /* error on socket */
Debug((DEBUG_INFO, "Auth socket %p [%p] readable", auth, ev_socket(ev)));
read_auth_reply(auth);
break;
default:
assert(0 && "Unrecognized event in auth_socket_callback().");
break;
}
}
/** Stop an auth request completely.
* @param[in] auth The struct AuthRequest to cancel.
*/
void destroy_auth_request(struct AuthRequest* auth)
{
Debug((DEBUG_INFO, "Deleting auth request for %p", auth->client));
if (FlagHas(&auth->flags, AR_DNS_PENDING)) {
delete_resolver_queries(auth);
}
if (-1 < s_fd(&auth->socket)) {
close(s_fd(&auth->socket));
socket_del(&auth->socket);
s_fd(&auth->socket) = -1;
}
if (t_active(&auth->timeout))
timer_del(&auth->timeout);
if (t_active(&auth->loctimeout))
timer_del(&auth->loctimeout);
cli_auth(auth->client) = NULL;
auth->next = auth_freelist;
auth_freelist = auth;
}
/** Handle a 'ping' (authorization) timeout for a client.
* @param[in] cptr The client whose session authorization has timed out.
* @return Zero if client is kept, CPTR_KILLED if client rejected.
*/
int auth_ping_timeout(struct Client *cptr)
{
struct AuthRequest *auth;
enum AuthRequestFlag flag;
auth = cli_auth(cptr);
/* Check whether the auth request is gone (more likely, it never
* existed, as in an outbound server connection). */
if (!auth || cli_loc(cptr))
return exit_client_msg(cptr, cptr, &me, "Registration Timeout");
/* Check for a user-controlled timeout. */
for (flag = 0; flag <= AR_LAST_SCAN; ++flag) {
if (FlagHas(&auth->flags, flag)) {
/* Display message if they have sent a NICK and a USER but no
* nospoof PONG.
*/
if (*(cli_name(cptr)) && cli_user(cptr) && *(cli_user(cptr))->username) {
send_reply(cptr, SND_EXPLICIT | ERR_BADPING,
":Your client may not be compatible with this server.");
send_reply(cptr, SND_EXPLICIT | ERR_BADPING,
":Compatible clients are available at %s",
feature_str(FEAT_URL_CLIENTS));
}
return exit_client_msg(cptr, cptr, &me, "Registration Timeout");
}
}
/* Check for iauth timeout. */
if (FlagHas(&auth->flags, AR_IAUTH_PENDING)) {
if (IAuthHas(iauth, IAUTH_REQUIRED)
&& !FlagHas(&auth->flags, AR_IAUTH_SOFT_DONE)) {
sendheader(cptr, REPORT_FAIL_IAUTH);
return exit_client_msg(cptr, cptr, &me, "Authorization Timeout");
}
sendto_iauth(cptr, "T");
FlagClr(&auth->flags, AR_IAUTH_PENDING);
return check_auth_finished(auth);
}
assert(0 && "Unexpectedly reached end of auth_ping_timeout()");
return 0;
}
/** Timeout a given auth request.
* @param[in] ev A timer event whose associated data is the expired
* struct AuthRequest.
*/
static void auth_timeout_callback(struct Event* ev)
{
struct AuthRequest* auth;
assert(0 != ev_timer(ev));
assert(0 != t_data(ev_timer(ev)));
auth = (struct AuthRequest*) t_data(ev_timer(ev));
if (ev_type(ev) == ET_EXPIRE) {
/* Report the timeout in the log. */
log_write(LS_RESOLVER, L_INFO, 0, "Registration timeout %s",
get_client_name(auth->client, HIDE_IP));
/* Notify client if ident lookup failed. */
if (FlagHas(&auth->flags, AR_AUTH_PENDING)) {
FlagClr(&auth->flags, AR_AUTH_PENDING);
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FAIL_ID);
}
/* Likewise if dns lookup failed. */
if (FlagHas(&auth->flags, AR_DNS_PENDING)) {
FlagClr(&auth->flags, AR_DNS_PENDING);
delete_resolver_queries(auth);
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FAIL_DNS);
}
/* Try to register the client. */
check_auth_finished(auth);
}
}
/** Handle a complete DNS lookup. Send the client on it's way to a
* connection completion, regardless of success or failure -- unless
* there was a mismatch and KILL_IPMISMATCH is set.
* @param[in] vptr The pending struct AuthRequest.
* @param[in] addr IP address being resolved.
* @param[in] h_name Resolved name, or NULL if lookup failed.
*/
static void auth_dns_callback(void* vptr, const struct irc_in_addr *addr, const char *h_name)
{
struct AuthRequest* auth = (struct AuthRequest*) vptr;
assert(0 != auth);
FlagClr(&auth->flags, AR_DNS_PENDING);
if (!addr) {
/* DNS entry was missing for the IP. */
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FAIL_DNS);
sendto_iauth(auth->client, "d");
} else if (!irc_in_addr_valid(addr)
|| (irc_in_addr_cmp(&cli_ip(auth->client), addr)
&& irc_in_addr_cmp(&auth->original, addr))) {
/* IP for hostname did not match client's IP. */
sendto_opmask_butone(0, SNO_IPMISMATCH, "IP# Mismatch: %s != %s[%s]",
cli_sock_ip(auth->client), h_name,
ircd_ntoa(addr));
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_IP_MISMATCH);
if (feature_bool(FEAT_KILL_IPMISMATCH)) {
exit_client(auth->client, auth->client, &me, "IP mismatch");
return;
}
} else if (!auth_verify_hostname(h_name, HOSTLEN)) {
/* Hostname did not look valid. */
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_INVAL_DNS);
sendto_iauth(auth->client, "d");
} else {
/* Hostname and mappings checked out. */
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FIN_DNS);
if (IsIPSpoofed(auth->client))
ircd_strncpy(cli_connecthost(auth->client), h_name, HOSTLEN + 1);
else
ircd_strncpy(cli_sockhost(auth->client), h_name, HOSTLEN + 1);
sendto_iauth(auth->client, "N %s", h_name);
}
check_auth_finished(auth);
}
/** Flag the client to show an attempt to contact the ident server on
* the client's host. Should the connect or any later phase of the
* identifying process fail, it is aborted and the user is given a
* username of "unknown".
* @param[in] auth The request for which to start the ident lookup.
*/
static void start_auth_query(struct AuthRequest* auth)
{
struct irc_sockaddr remote_addr;
struct irc_sockaddr local_addr;
int fd;
IOResult result;
assert(0 != auth);
assert(0 != auth->client);
if (feature_bool(FEAT_NOIDENT) || find_except_conf(auth->client, EFLAG_IDENT))
return;
/*
* get the local address of the client and bind to that to
* make the auth request. This used to be done only for
* ifdef VIRTUAL_HOST, but needs to be done for all clients
* since the ident request must originate from that same address--
* and machines with multiple IP addresses are common now
*/
memcpy(&local_addr, &auth->local, sizeof(local_addr));
local_addr.port = 0;
memcpy(&remote_addr.addr, &cli_ip(auth->client), sizeof(remote_addr.addr));
remote_addr.port = 113;
fd = os_socket(&local_addr, SOCK_STREAM, "auth query", 0);
if (fd < 0) {
++ServerStats->is_abad;
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FAIL_ID);
return;
}
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_DO_ID);
if ((result = os_connect_nonb(fd, &remote_addr)) == IO_FAILURE ||
!socket_add(&auth->socket, auth_sock_callback, (void*) auth,
result == IO_SUCCESS ? SS_CONNECTED : SS_CONNECTING,
SOCK_EVENT_READABLE, fd)) {
++ServerStats->is_abad;
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FAIL_ID);
close(fd);
return;
}
FlagSet(&auth->flags, AR_AUTH_PENDING);
if (result == IO_SUCCESS)
send_auth_query(auth);
}
/** Initiate DNS lookup for a client.
* @param[in] auth The auth request for which to start the DNS lookup.
*/
static void start_dns_query(struct AuthRequest *auth)
{
if (feature_bool(FEAT_NODNS) || find_except_conf(auth->client, EFLAG_RDNS)) {
sendto_iauth(auth->client, "d");
return;
}
if (irc_in_addr_is_loopback(&cli_ip(auth->client))) {
strcpy(cli_sockhost(auth->client), cli_name(&me));
sendto_iauth(auth->client, "N %s", cli_sockhost(auth->client));
return;
}
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_DO_DNS);
FlagSet(&auth->flags, AR_DNS_PENDING);
gethost_byaddr(&cli_ip(auth->client), auth_dns_callback, auth);
}
/** Initiate IAuth check for a client.
* @param[in] auth The auth request for which to star the IAuth check.
*/
static void start_iauth_query(struct AuthRequest *auth)
{
FlagSet(&auth->flags, AR_IAUTH_PENDING);
if (!sendto_iauth(auth->client, "C %s %hu %s %hu",
cli_sock_ip(auth->client), auth->port,
ircd_ntoa(&auth->local.addr), auth->local.port)) {
FlagClr(&auth->flags, AR_IAUTH_PENDING);
return;
}
if (IAuthHas(iauth, IAUTH_SSLFP) && cli_sslclifp(auth->client) && !EmptyString(cli_sslclifp(auth->client)))
sendto_iauth(auth->client, "F %s", cli_sslclifp(auth->client));
}
/** Starts auth (identd) and dns queries for a client.
* @param[in] client The client for which to start queries.
*/
void start_auth(struct Client* client)
{
struct irc_sockaddr remote;
struct AuthRequest* auth;
assert(0 != client);
Debug((DEBUG_INFO, "Beginning auth request on client %p", client));
/* Register with event handlers. */
cli_lasttime(client) = CurrentTime;
cli_since(client) = CurrentTime;
if (cli_fd(client) > HighestFd)
HighestFd = cli_fd(client);
LocalClientArray[cli_fd(client)] = client;
socket_events(&(cli_socket(client)), SOCK_ACTION_SET | SOCK_EVENT_READABLE);
/* Allocate the AuthRequest. */
auth = auth_freelist;
if (auth)
auth_freelist = auth->next;
else
auth = MyMalloc(sizeof(*auth));
assert(0 != auth);
memset(auth, 0, sizeof(*auth));
auth->client = client;
cli_auth(client) = auth;
s_fd(&auth->socket) = -1;
timer_add(timer_init(&auth->timeout), auth_timeout_callback, (void*) auth,
TT_RELATIVE, feature_int(FEAT_AUTH_TIMEOUT));
/* Try to get socket endpoint addresses. */
if (!os_get_sockname(cli_fd(client), &auth->local)
|| !os_get_peername(cli_fd(client), &remote)) {
++ServerStats->is_abad;
if (IsUserPort(auth->client))
sendheader(auth->client, REPORT_FAIL_ID);
exit_client(auth->client, auth->client, &me, "Socket local/peer lookup failed");
return;
}
auth->port = remote.port;
/* Set required client inputs for users. */
if (IsUserPort(client)) {
cli_user(client) = make_user(client);
cli_user(client)->server = &me;
FlagSet(&auth->flags, AR_NEEDS_USER);
FlagSet(&auth->flags, AR_NEEDS_NICK);
/* Try to start iauth lookup. */
start_iauth_query(auth);
}
/* Try to start DNS lookup. */
start_dns_query(auth);
/* Try to start ident lookup. */
start_auth_query(auth);
/* Add client to GlobalClientList. */
add_client_to_list(client);
/* Check which auth events remain pending. */
check_auth_finished(auth);
}
/** Mark that a user has PONGed while unregistered.
* @param[in] auth Authorization request for client.
* @param[in] cookie PONG cookie value sent by client.
* @return Zero if client should be kept, CPTR_KILLED if rejected.
*/
int auth_set_pong(struct AuthRequest *auth, unsigned int cookie)
{
assert(auth != NULL);
if (!FlagHas(&auth->flags, AR_NEEDS_PONG))
return 0;
if (cookie != auth->cookie)
{
send_reply(auth->client, SND_EXPLICIT | ERR_BADPING,
":To connect, type /QUOTE PONG %u", auth->cookie);
return 0;
}
cli_lasttime(auth->client) = CurrentTime;
FlagClr(&auth->flags, AR_NEEDS_PONG);
return check_auth_finished(auth);
}
/** Record a user's claimed username and userinfo.
* @param[in] auth Authorization request for client.
* @param[in] username Client's asserted username.
* @param[in] hostname Third argument of USER command (client's
* hostname, per RFC 1459).
* @param[in] servername Fourth argument of USER command (server's
* name, per RFC 1459).
* @param[in] userinfo Client's asserted self-description.
* @return Zero if client should be kept, CPTR_KILLED if rejected.
*/
int auth_set_user(struct AuthRequest *auth, const char *username, const char *hostname, const char *servername, const char *userinfo)
{
struct Client *cptr;
assert(auth != NULL);
if (FlagHas(&auth->flags, AR_IAUTH_HURRY))
return 0;
FlagClr(&auth->flags, AR_NEEDS_USER);
cptr = auth->client;
ircd_strncpy(cli_info(cptr), userinfo, REALLEN + 1);
clean_username(cli_user(cptr)->username, username);
ircd_strncpy(cli_user(cptr)->host, cli_sockhost(cptr), HOSTLEN + 1);
if (IAuthHas(iauth, IAUTH_UNDERNET))
sendto_iauth(cptr, "U %s %s %s :%s", cli_user(cptr)->username, hostname, servername, userinfo);
else if (IAuthHas(iauth, IAUTH_ADDLINFO))
sendto_iauth(cptr, "U %s", username);
return check_auth_finished(auth);
}
/** Handle authorization-related aspects of initial nickname selection.
* This is called after verifying that the nickname is available.
* @param[in] auth Authorization request for client.
* @param[in] nickname Client's requested nickname.
* @return Zero if client should be kept, CPTR_KILLED if rejected.
*/
int auth_set_nick(struct AuthRequest *auth, const char *nickname)
{
assert(auth != NULL);
FlagClr(&auth->flags, AR_NEEDS_NICK);
/*
* If the client hasn't gotten a cookie-ping yet,
* choose a cookie and send it. -record!jegelhof@cloud9.net
*/
if (!auth->cookie) {
do {
auth->cookie = ircrandom();
} while (!auth->cookie);
sendrawto_one(auth->client, "PING :%u", auth->cookie);
FlagSet(&auth->flags, AR_NEEDS_PONG);
}
if (IAuthHas(iauth, IAUTH_UNDERNET))
sendto_iauth(auth->client, "n %s", nickname);
return check_auth_finished(auth);
}
/** Record a user's password.
* @param[in] auth Authorization request for client.
* @param[in] password Client's password.
* @return Zero if client should be kept, CPTR_KILLED if rejected.
*/
int auth_set_password(struct AuthRequest *auth, const char *password)
{
assert(auth != NULL);
if (IAuthHas(iauth, IAUTH_ADDLINFO))
sendto_iauth(auth->client, "P :%s", password);
return check_auth_finished(auth);
}
/** Forward a clients WEBIRC request.
* @param[in] auth Authorization request for client.
* @param[in] password Password supplied in the WEBIRC message.
* @param[in] username User name supplied in the WEBIRC message.
* @param[in] hostname Host name supplied in the WEBIRC message.
* @param[in] ip IP address supplied in the WEBIRC message.
* @return Zero if client should be kept, -1 if not forwarded.
*/
int auth_set_webirc(struct AuthRequest *auth, const char *password, const char *username, const char *hostname, const char *ip, const char *opts)
{
assert(auth != NULL);
if (IAuthHas(iauth, IAUTH_WEBIRC))
{
if (opts != NULL)
sendto_iauth(auth->client, "W %s %s %s %s :%s", password, username, hostname, ip, opts);
else
sendto_iauth(auth->client, "W %s %s %s %s", password, username, hostname, ip);
return 0;
}
return -1;
}
/** Forward a clients SASL/LOC account name.
* @param[in] auth Authorization request for client.
* @param[in] account Account name applied to the client.
* @return Zero if client should be kept, -1 if not forwarded.
*/
int auth_set_account(struct AuthRequest *auth, const char *account)
{
assert(auth != NULL);
if (IAuthHas(iauth, IAUTH_ACCOUNT))
sendto_iauth(auth->client, "R %s", account);
return check_auth_finished(auth);
}
/** Updates a client's original IP.
* @param[in] auth Authorization request for client.
* @param[in] addr Original address to set.
*/
void auth_set_originalip(struct AuthRequest *auth, const struct irc_in_addr addr)
{
assert(auth != NULL);
if (!irc_in_addr_valid(&auth->original))
memcpy(&auth->original, &addr, sizeof(auth->original));
}
/** Forward a clients WEBIRC request.
* @param[in] auth Authorization request for client.
* @param[in] password Password supplied in the WEBIRC message.
* @param[in] username User name supplied in the WEBIRC message.
* @param[in] hostname Host name supplied in the WEBIRC message.
* @param[in] ip IP address supplied in the WEBIRC message.
* @return Zero if client should be kept, CPTR_KILLED if rejected.
*/
int auth_set_webirc_trusted(struct AuthRequest *auth, const char *password, const char *username, const char *hostname, const char *ip, const char *opts)
{
assert(auth != NULL);
if (IAuthHas(iauth, IAUTH_WEBIRC)) {
if (opts != NULL)
sendto_iauth(auth->client, "w %s %s %s %s :%s", password, username, hostname, ip, opts);
else
sendto_iauth(auth->client, "w %s %s %s %s", password, username, hostname, ip);
}
return 0;
}
void auth_send_event(const char *event, const char *paramstring)
{
if (IAuthHas(iauth, IAUTH_EVENTS))
sendto_iauth(NULL, "e %s%s%s", event, (paramstring ? " :" : ""), (paramstring ? paramstring : ""));
}
/** Send exit notification for \a cptr to iauth.
* @param[in] cptr Client who is exiting.
*/
void auth_send_exit(struct Client *cptr)
{
sendto_iauth(cptr, "D");
}
/** Forward an XREPLY on to iauth.
* @param[in] sptr Source of the XREPLY.
* @param[in] routing Routing information for the original XQUERY.
* @param[in] reply Contents of the reply.
*/
void auth_send_xreply(struct Client *sptr, const char *routing,
const char *reply)
{
sendto_iauth(NULL, "X %#C %s :%s", sptr, routing, reply);
}
/** Mark that a user has started capabilities negotiation.
* This blocks authorization until auth_cap_done() is called.
* @param[in] auth Authorization request for client.
* @return Zero if client should be kept, CPTR_KILLED if rejected.
*/
int auth_cap_start(struct AuthRequest *auth)
{
assert(auth != NULL);
FlagSet(&auth->flags, AR_CAP_PENDING);
return 0;
}
/** Mark that a user has completed capabilities negotiation.
* This unblocks authorization if auth_cap_start() was called.
* @param[in] auth Authorization request for client.
* @return Zero if client should be kept, CPTR_KILLED if rejected.
*/
int auth_cap_done(struct AuthRequest *auth)
{
assert(auth != NULL);
FlagClr(&auth->flags, AR_CAP_PENDING);
return check_auth_finished(auth);
}
/** Check if IAuth is configured to handle SASL authentication.
* @return Non-zero if IAuth handles SASL, zero otherwise.
*/
int auth_iauth_handles_sasl(void)
{
return IAuthHas(iauth, IAUTH_SASL);
}
/** Send SASL authentication start to IAuth.
* @param[in] cptr Client starting SASL.
* @param[in] mechanism SASL mechanism name.
* @param[in] certfp SSL certificate fingerprint (may be NULL).
* @return Non-zero on success, zero on failure.
*/
int auth_send_sasl_start(struct Client *cptr, const char *mechanism, const char *certfp)
{
if (!IAuthHas(iauth, IAUTH_SASL))
return 0;
if (!EmptyString(certfp))
return sendto_iauth(cptr, "A S %s :%s", mechanism, certfp);
else
return sendto_iauth(cptr, "A S :%s", mechanism);
}
/** Send SASL host information to IAuth.
* @param[in] cptr Client authenticating.
* @param[in] username Client's username.
* @param[in] host Client's hostname.
* @param[in] ip Client's IP address.
* @return Non-zero on success, zero on failure.
*/
int auth_send_sasl_host(struct Client *cptr, const char *username, const char *host, const char *ip)
{
if (!IAuthHas(iauth, IAUTH_SASL))
return 0;
return sendto_iauth(cptr, "A H :%s@%s:%s", username, host, ip);
}
/** Send SASL authentication data to IAuth.
* @param[in] cptr Client authenticating.
* @param[in] data Base64-encoded SASL data.
* @return Non-zero on success, zero on failure.
*/
int auth_send_sasl_data(struct Client *cptr, const char *data)
{
if (!IAuthHas(iauth, IAUTH_SASL))
return 0;
return sendto_iauth(cptr, "a :%s", data);
}
/** Attempt to spawn the process for an IAuth instance.
* @param[in] iauth IAuth descriptor.
* @param[in] automatic If non-zero, apply sanity checks against
* excessive automatic restarts.
* @return 0 on success, non-zero on failure.
*/
int iauth_do_spawn(struct IAuth *iauth, int automatic)
{
pid_t cpid;
int s_io[2];
int s_err[2];
int res;
if (automatic && CurrentTime - iauth->started < 5)
{
sendto_opmask_butone(NULL, SNO_AUTH, "IAuth crashed fast, leaving it dead.");
return -1;
}
/* Record time we tried to spawn the iauth process. */
iauth->started = CurrentTime;
/* Attempt to allocate a pair of sockets. */
res = os_socketpair(s_io);
if (res) {
res = errno;
Debug((DEBUG_INFO, "Unable to create IAuth socketpair: %s", strerror(res)));
return res;
}
/* Mark the parent's side of the pair (element 0) as non-blocking. */
res = os_set_nonblocking(s_io[0]);
if (!res) {
res = errno;
Debug((DEBUG_INFO, "Unable to make IAuth socket non-blocking: %s", strerror(res)));
close(s_io[1]);
close(s_io[0]);
return res;
}
/* Initialize the socket structure to talk to the child. */
res = socket_add(i_socket(iauth), iauth_sock_callback, iauth,
SS_CONNECTED, SOCK_EVENT_READABLE, s_io[0]);
if (!res) {
res = errno;
Debug((DEBUG_INFO, "Unable to register IAuth socket: %s", strerror(res)));
close(s_io[1]);
close(s_io[0]);
return res;
}
/* Allocate another pair for stderr. */
res = os_socketpair(s_err);
if (res) {
res = errno;
Debug((DEBUG_INFO, "Unable to create IAuth stderr: %s", strerror(res)));
socket_del(i_socket(iauth));
close(s_io[1]);
close(s_io[0]);
return res;
}
/* Mark parent side of this pair non-blocking, too. */
res = os_set_nonblocking(s_err[0]);
if (!res) {
res = errno;
Debug((DEBUG_INFO, "Unable to make IAuth stderr non-blocking: %s", strerror(res)));
close(s_err[1]);
close(s_err[0]);
socket_del(i_socket(iauth));
close(s_io[1]);
close(s_io[0]);
return res;
}
/* And set up i_stderr(iauth). */
res = socket_add(i_stderr(iauth), iauth_stderr_callback, iauth,
SS_CONNECTED, SOCK_EVENT_READABLE, s_err[0]);
if (!res) {
res = errno;
Debug((DEBUG_INFO, "Unable to register IAuth stderr: %s", strerror(res)));
close(s_err[1]);
close(s_err[0]);
socket_del(i_socket(iauth));
close(s_io[1]);
close(s_io[0]);
return res;
}
/* Attempt to fork a child process. */
cpid = fork();
if (cpid < 0) {
/* Error forking the child, still in parent. */
res = errno;
Debug((DEBUG_INFO, "Unable to fork IAuth child: %s", strerror(res)));
socket_del(i_stderr(iauth));
close(s_err[1]);
close(s_err[0]);
socket_del(i_socket(iauth));
close(s_io[1]);
close(s_io[0]);
return res;
}
if (cpid > 0) {
/* We are the parent process. Close the child's sockets. */
close(s_io[1]);
close(s_err[1]);
/* Send our server name (supposedly for proxy checking purposes)
* and maximum number of connections (for allocation hints).
* Need to use conf_get_local() since &me may not be fully
* initialized the first time we run.
*/
sendto_iauth(NULL, "M %s %d", conf_get_local()->name, MAXCONNECTIONS);
/* Indicate success (until the child dies). */
return 0;
}
/* We are the child process.
* Duplicate our end of the socket to stdin, stdout and stderr.
* Then close all the higher-numbered FDs and exec the process.
*/
if (dup2(s_io[1], 0) == 0
&& dup2(s_io[1], 1) == 1
&& dup2(s_err[1], 2) == 2) {
close_connections(0);
execvp(iauth->i_argv[0], iauth->i_argv);
}
/* If we got here, something was seriously wrong. */
exit(EXIT_FAILURE);
}
/** Restart an %IAuth program.
* @return 0 on failure, 1 on success, 2 on no IAuth program.
*/
int auth_restart(void)
{
static struct IAuth *iauthnew;
int ii;
if (!iauth)
return 2;
/* Need to initialize a new connection. */
iauthnew = MyCalloc(1, sizeof(*iauthnew));
msgq_init(i_sendQ(iauthnew));
/* Populate iauth's argv array. */
iauthnew->i_argv = MyCalloc(iauth->i_argc + 1, sizeof(iauthnew->i_argv[0]));
for (ii = 0; ii < iauth->i_argc; ++ii)
DupString(iauthnew->i_argv[ii], iauth->i_argv[ii]);
iauthnew->i_argv[ii] = NULL;
auth_close_unused();
iauth = iauthnew;
/* Try to spawn it, and handle the results. */
if (iauth_do_spawn(iauth, 0))
return 0;
IAuthClr(iauth, IAUTH_CLOSING);
return 1;
}
/** See if an %IAuth program must be spawned.
* If a process is already running with the specified options, keep it.
* Otherwise spawn a new child process to perform the %IAuth function.
* @param[in] argc Number of parameters to use when starting process.
* @param[in] argv Array of parameters to start process.
* @return 0 on failure, 1 on new process, 2 on reuse of existing process.
*/
int auth_spawn(int argc, char *argv[])
{
int ii;
if (iauth) {
int same = 1;
/* Check that incoming arguments all match pre-existing arguments. */
for (ii = 0; same && (ii < argc); ++ii) {
if (NULL == iauth->i_argv[ii]
|| 0 != strcmp(iauth->i_argv[ii], argv[ii]))
same = 0;
}
/* Check that we have no more pre-existing arguments. */
if (same && iauth->i_argv[ii])
same = 0;
/* If they are the same and still connected, clear the "closing" flag and exit. */
if (same && i_GetConnected(iauth)) {
Debug((DEBUG_INFO, "Reusing existing IAuth process"));
IAuthClr(iauth, IAUTH_CLOSING);
return 2;
}
auth_close_unused();
}
/* Need to initialize a new connection. */
iauth = MyCalloc(1, sizeof(*iauth));
msgq_init(i_sendQ(iauth));
/* Populate iauth's argv array. */
iauth->i_argv = MyCalloc(argc + 1, sizeof(iauth->i_argv[0]));
for (ii = 0; ii < argc; ++ii)
DupString(iauth->i_argv[ii], argv[ii]);
iauth->i_argv[ii] = NULL;
iauth->i_argc = argc;
/* Try to spawn it, and handle the results. */
if (iauth_do_spawn(iauth, 0))
return 0;
IAuthClr(iauth, IAUTH_CLOSING);
return 1;
}
/** Mark all %IAuth connections as closing. */
void auth_mark_closing(void)
{
if (iauth)
IAuthSet(iauth, IAUTH_CLOSING);
}
/** Complete disconnection of an %IAuth connection.
* @param[in] iauth %Connection to fully close.
*/
static void iauth_disconnect(struct IAuth *iauth)
{
if (iauth == NULL)
return;
/* Close error socket. */
if (s_fd(i_stderr(iauth)) != -1) {
close(s_fd(i_stderr(iauth)));
socket_del(i_stderr(iauth));
s_fd(i_stderr(iauth)) = -1;
}
/* Close main socket. */
if (s_fd(i_socket(iauth)) != -1) {
close(s_fd(i_socket(iauth)));
socket_del(i_socket(iauth));
s_fd(i_socket(iauth)) = -1;
}
}
/** Close all %IAuth connections marked as closing. */
void auth_close_unused(void)
{
if (IAuthHas(iauth, IAUTH_CLOSING)) {
int ii;
iauth_disconnect(iauth);
if (iauth->i_argv) {
for (ii = 0; iauth->i_argv[ii]; ++ii)
MyFree(iauth->i_argv[ii]);
MyFree(iauth->i_argv);
}
MyFree(iauth);
}
}
/** Send queued output to \a iauth.
* @param[in] iauth Writable connection with queued data.
*/
static void iauth_write(struct IAuth *iauth)
{
unsigned int bytes_tried, bytes_sent;
IOResult iores;
if (IAuthHas(iauth, IAUTH_BLOCKED))
return;
while (MsgQLength(i_sendQ(iauth)) > 0) {
iores = os_sendv_nonb(s_fd(i_socket(iauth)), i_sendQ(iauth), &bytes_tried, &bytes_sent);
switch (iores) {
case IO_SUCCESS:
msgq_delete(i_sendQ(iauth), bytes_sent);
iauth->i_sendB += bytes_sent;
if (bytes_tried == bytes_sent)
break;
/* If bytes_sent < bytes_tried, fall through to IO_BLOCKED. */
case IO_BLOCKED:
IAuthSet(iauth, IAUTH_BLOCKED);
socket_events(i_socket(iauth), SOCK_ACTION_ADD | SOCK_EVENT_WRITABLE);
return;
case IO_FAILURE:
iauth_disconnect(iauth);
return;
}
}
/* We were able to flush all events, so remove notification. */
socket_events(i_socket(iauth), SOCK_ACTION_DEL | SOCK_EVENT_WRITABLE);
}
/** Send a message to iauth.
* @param[in] cptr Optional client context for message.
* @param[in] format Format string for message.
* @return Non-zero on successful send or buffering, zero on failure.
*/
static int sendto_iauth(struct Client *cptr, const char *format, ...)
{
struct VarData vd;
struct MsgBuf *mb;
/* Do not send requests when we have no iauth. */
if (!i_GetConnected(iauth))
return 0;
/* Do not send for clients in the NORMAL state. */
if (cptr
&& (format[0] != 'D')
&& (!cli_auth(cptr) || !FlagHas(&cli_auth(cptr)->flags, AR_IAUTH_PENDING)))
return 0;
/* Build the message buffer. */
vd.vd_format = format;
va_start(vd.vd_args, format);
if (0 == cptr)
mb = msgq_make(NULL, "-1 %v", &vd);
else
mb = msgq_make(NULL, "%d %v", cli_fd(cptr), &vd);
va_end(vd.vd_args);
/* Tack it onto the iauth sendq and try to write it. */
++iauth->i_sendM;
msgq_add(i_sendQ(iauth), mb, 0);
msgq_clean(mb);
iauth_write(iauth);
return 1;
}
/** Send text to interested operators (SNO_AUTH server notice).
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Text to send.
* @return Zero.
*/
static int iauth_cmd_snotice(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
sendto_opmask_butone(NULL, SNO_AUTH, "%s", params[0]);
return 0;
}
/** Set the debug level for the session.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params String starting with an integer.
* @return Zero.
*/
static int iauth_cmd_debuglevel(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
int new_level;
new_level = parc > 0 ? atoi(params[0]) : 0;
if (i_debug(iauth) > 0 || new_level > 0) {
/* The "ia_dbg" name is borrowed from (IRCnet) ircd. */
sendto_opmask_butone(NULL, SNO_AUTH, "ia_dbg = %d", new_level);
}
i_debug(iauth) = new_level;
return 0;
}
/** Set policy options for the session.
* Old policy is forgotten, and any of the following characters in \a
* params enable the corresponding policy:
* \li A IAUTH_ADDLINFO
* \li R IAUTH_REQUIRED
* \li T IAUTH_TIMEOUT
* \li W IAUTH_EXTRAWAIT
* \li U IAUTH_UNDERNET
*
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Zero or more policy options.
* @return Zero.
*/
static int iauth_cmd_policy(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
enum IAuthFlag flag;
char *p;
/* Erase old policy first. */
for (flag = IAUTH_FIRST_OPTION; flag < IAUTH_LAST_FLAG; ++flag)
IAuthClr(iauth, flag);
if (parc > 0) /* only try to parse if we were given a policy string */
/* Parse new policy set. */
for (p = params[0]; *p; p++) switch (*p) {
case 'A': IAuthSet(iauth, IAUTH_ADDLINFO); break;
case 'R': IAuthSet(iauth, IAUTH_REQUIRED); break;
case 'T': IAuthSet(iauth, IAUTH_TIMEOUT); break;
case 'W': IAuthSet(iauth, IAUTH_EXTRAWAIT); break;
case 'U': IAuthSet(iauth, IAUTH_UNDERNET); break;
case 'w': IAuthSet(iauth, IAUTH_WEBIRC); break;
case 'F': IAuthSet(iauth, IAUTH_SSLFP); break;
case 'r': IAuthSet(iauth, IAUTH_ACCOUNT); break;
case 'e': IAuthSet(iauth, IAUTH_EVENTS); break;
case 'S': IAuthSet(iauth, IAUTH_SASL); break;
}
/* Optionally notify operators. */
if (i_debug(iauth) > 0)
sendto_opmask_butone(NULL, SNO_AUTH, "iauth options: %s", params[0]);
return 0;
}
/** Set the iauth program version number.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Version number or name.
* @return Zero.
*/
static int iauth_cmd_version(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
MyFree(iauth->i_version);
DupString(iauth->i_version, parc > 0 ? params[0] : "<NONE>");
sendto_opmask_butone(NULL, SNO_AUTH, "iauth version %s running.",
iauth->i_version);
return 0;
}
/** Paste a parameter list together into a single string.
* @param[in] parc Number of parameters.
* @param[in] params Parameter list to paste together.
* @return Pasted parameter list.
*/
static char *paste_params(int parc, char **params)
{
char *str, *tmp;
int len = 0, lengths[MAXPARA], i;
/* Compute the length... */
for (i = 0; i < parc; i++)
len += lengths[i] = strlen(params[i]);
/* Allocate memory, accounting for string lengths, spaces (parc - 1), a
* sentinel, and the trailing \0
*/
str = MyMalloc(len + parc + 1);
/* Build the pasted string */
for (tmp = str, i = 0; i < parc; i++) {
if (i) /* add space separator... */
*(tmp++) = ' ';
if (i == parc - 1) /* add colon sentinel */
*(tmp++) = ':';
/* Copy string component... */
memcpy(tmp, params[i], lengths[i]);
tmp += lengths[i]; /* move to end of string */
}
/* terminate the string... */
*tmp = '\0';
return str; /* return the pasted string */
}
/** Clear cached iauth configuration information.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (0).
* @param[in] params Parameter list (ignored).
* @return Zero.
*/
static int iauth_cmd_newconfig(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
struct SLink *head;
struct SLink *next;
head = iauth->i_config;
iauth->i_config = NULL;
for (; head; head = next) {
next = head->next;
MyFree(head->value.cp);
free_link(head);
}
sendto_opmask_butone(NULL, SNO_AUTH, "New iauth configuration.");
return 0;
}
/** Append iauth configuration information.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters.
* @param[in] params Description of configuration element.
* @return Zero.
*/
static int iauth_cmd_config(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
struct SLink *node;
if (iauth->i_config) {
for (node = iauth->i_config; node->next; node = node->next) ;
node = node->next = make_link();
} else {
node = iauth->i_config = make_link();
}
node->value.cp = paste_params(parc, params);
node->next = 0; /* must be explicitly cleared */
return 0;
}
/** Clear cached iauth configuration information.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (0).
* @param[in] params Parameter list (ignored).
* @return Zero.
*/
static int iauth_cmd_newstats(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
struct SLink *head;
struct SLink *next;
head = iauth->i_stats;
iauth->i_stats = NULL;
for (; head; head = next) {
next = head->next;
MyFree(head->value.cp);
free_link(head);
}
sendto_opmask_butone(NULL, SNO_AUTH, "New iauth statistics.");
return 0;
}
/** Append iauth statistics information.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters.
* @param[in] params Statistics element.
* @return Zero.
*/
static int iauth_cmd_stats(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
struct SLink *node;
if (iauth->i_stats) {
for (node = iauth->i_stats; node->next; node = node->next) ;
node = node->next = make_link();
} else {
node = iauth->i_stats = make_link();
}
node->value.cp = paste_params(parc, params);
node->next = 0; /* must be explicitly cleared */
return 0;
}
/** Set client's username to a trusted string even if it breaks the rules.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Forced username.
* @return One.
*/
static int iauth_cmd_username_forced(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
assert(cli_auth(cli) != NULL);
FlagClr(&cli_auth(cli)->flags, AR_AUTH_PENDING);
if (!EmptyString(params[0])) {
ircd_strncpy(cli_username(cli), params[0], USERLEN + 1);
SetGotId(cli);
FlagSet(&cli_auth(cli)->flags, AR_IAUTH_USERNAME);
FlagSet(&cli_auth(cli)->flags, AR_IAUTH_FUSERNAME);
}
return 1;
}
/** Set client's username to a trusted string.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Trusted username.
* @return One.
*/
static int iauth_cmd_username_good(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
assert(cli_auth(cli) != NULL);
FlagClr(&cli_auth(cli)->flags, AR_AUTH_PENDING);
if (!EmptyString(params[0])) {
ircd_strncpy(cli_username(cli), params[0], USERLEN + 1);
SetGotId(cli);
FlagSet(&cli_auth(cli)->flags, AR_IAUTH_USERNAME);
}
return 1;
}
/** Set client's username to an untrusted string.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Untrusted username.
* @return One.
*/
static int iauth_cmd_username_bad(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
assert(cli_auth(cli) != NULL);
FlagClr(&cli_auth(cli)->flags, AR_AUTH_PENDING);
if (!EmptyString(params[0]))
ircd_strncpy(cli_user(cli)->username, params[0], USERLEN + 1);
return 1;
}
/** Set client's hostname.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params New hostname for client.
* @return Non-zero if \a cli authorization should be checked for completion.
*/
static int iauth_cmd_hostname(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
struct AuthRequest *auth;
if (EmptyString(params[0])) {
sendto_iauth(cli, "E Missing :Missing hostname parameter");
return 0;
}
auth = cli_auth(cli);
assert(auth != NULL);
/* If a DNS request is pending, abort it. */
if (FlagHas(&auth->flags, AR_DNS_PENDING)) {
FlagClr(&auth->flags, AR_DNS_PENDING);
delete_resolver_queries(auth);
if (IsUserPort(cli))
sendheader(cli, REPORT_FIN_DNS);
}
/* Copy old details to cli_connectip and cli_connecthost. */
if (!IsIPSpoofed(cli)) {
memcpy(&cli_connectip(cli), &cli_ip(cli), sizeof(cli_ip(cli)));
ircd_strncpy(cli_connecthost(cli), cli_sockhost(cli), HOSTLEN + 1);
SetIPSpoofed(cli);
}
/* Set hostname from params. */
ircd_strncpy(cli_sockhost(cli), params[0], HOSTLEN + 1);
/* If we have gotten here, the user is in a "hurry" state and has
* been pre-registered. Their hostname was set during that, and
* needs to be overwritten now.
*/
if (FlagHas(&auth->flags, AR_IAUTH_HURRY)) {
ircd_strncpy(cli_user(cli)->host, cli_sockhost(cli), HOSTLEN + 1);
ircd_strncpy(cli_user(cli)->realhost, cli_sockhost(cli), HOSTLEN + 1);
}
return 1;
}
/** Set client's IP address.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params New IP address for client in dotted quad or
* standard IPv6 format.
* @return Zero.
*/
static int iauth_cmd_ip_address(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
struct irc_in_addr addr;
struct AuthRequest *auth;
if (EmptyString(params[0])) {
sendto_iauth(cli, "E Missing :Missing IP address parameter");
return 0;
}
/* Get AuthRequest for client. */
auth = cli_auth(cli);
assert(auth != NULL);
/* Parse the client's new IP address. */
if (!ircd_aton(&addr, params[0])) {
sendto_iauth(cli, "E Invalid :Unable to parse IP address [%s]", params[0]);
return 0;
}
/* Copy old details to cli_connectip and cli_connecthost. */
if (!IsIPSpoofed(cli)) {
memcpy(&cli_connectip(cli), &cli_ip(cli), sizeof(cli_ip(cli)));
ircd_strncpy(cli_connecthost(cli), cli_sockhost(cli), HOSTLEN + 1);
SetIPSpoofed(cli);
}
/* If this is the first IP override, save the client's original
* address in case we get a DNS response later.
*/
if (!irc_in_addr_valid(&auth->original))
memcpy(&auth->original, &cli_ip(cli), sizeof(auth->original));
/* Undo original IP connection in IPcheck. */
if (IsIPChecked(cli)) {
IPcheck_connect_fail(cli, 1);
ClearIPChecked(cli);
}
/* Update the IP and charge them as a remote connect. */
memcpy(&cli_ip(cli), &addr, sizeof(cli_ip(cli)));
if (!find_except_conf(cli, EFLAG_IPCHECK))
IPcheck_remote_connect(cli, 0);
return 0;
}
/** Find a ConfItem structure for a named connection class.
* @param[in] class_name Name of configuration class to find.
* @return A ConfItem of type CONF_CLIENT for the class, or NULL on failure.
*/
static struct ConfItem *auth_find_class_conf(const char *class_name)
{
static struct ConfItem *aconf_list;
struct ConnectionClass *class;
struct ConfItem *aconf;
/* Make sure the configuration class is valid. */
class = find_class(class_name);
if (!class || !class->valid)
return NULL;
/* Look for an existing ConfItem for the class. */
for (aconf = aconf_list; aconf; aconf = aconf->next)
if (aconf->conn_class == class)
break;
/* If no ConfItem, create one. */
if (!aconf) {
aconf = make_conf(CONF_CLIENT);
if (!aconf) {
sendto_opmask_butone(NULL, SNO_AUTH,
"Unable to allocate ConfItem for class %s!",
ConClass(class));
return NULL;
}
/* make_conf() "helpfully" links the conf into GlobalConfList,
* which we do not want, so undo that. (Ugh.)
*/
if (aconf == GlobalConfList) {
GlobalConfList = aconf->next;
}
/* Back to business as usual. */
aconf->conn_class = class;
aconf->next = aconf_list;
aconf_list = aconf;
}
return aconf;
}
/** Tentatively accept a client in IAuth.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters.
* @param[in] params Optional class name for client.
* @return Negative (CPTR_KILLED) if the connection is refused, one otherwise.
*/
static int iauth_cmd_soft_done(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
/* Clear iauth pending flag. */
assert(cli_auth(cli) != NULL);
FlagSet(&cli_auth(cli)->flags, AR_IAUTH_SOFT_DONE);
return 1;
}
/** Accept a client in IAuth.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters.
* @param[in] params Optional class name for client.
* @return Negative (CPTR_KILLED) if the connection is refused, one otherwise.
*/
static int iauth_cmd_done_client(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
static time_t warn_time;
/* Clear iauth pending flag. */
assert(cli_auth(cli) != NULL);
FlagClr(&cli_auth(cli)->flags, AR_IAUTH_PENDING);
/* If a connection class was specified (and usable), assign the client to it. */
if (!EmptyString(params[0])) {
struct ConfItem *aconf;
aconf = auth_find_class_conf(params[0]);
if (aconf) {
enum AuthorizationCheckResult acr;
acr = attach_conf(cli, aconf);
switch (acr) {
case ACR_OK:
/* There should maybe be some way to set FLAG_DOID here.. */
break;
case ACR_TOO_MANY_IN_CLASS:
++ServerStats->is_ref;
return exit_client(cli, cli, &me,
"Sorry, your connection class is full - try "
"again later or try another server");
default:
log_write(LS_IAUTH, L_ERROR, 0, "IAuth: Unexpected AuthorizationCheckResult %d from attach_conf()", acr);
break;
}
} else
sendto_opmask_butone_ratelimited(NULL, SNO_AUTH, &warn_time,
"iauth tried to use undefined class [%s]",
params[0]);
}
return 1;
}
/** Accept a client in IAuth and assign them to an account.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters.
* @param[in] params Account name and optional class name for client.
* @return Negative if the connection is refused, otherwise non-zero
* if \a cli authorization should be checked for completion.
*/
static int iauth_cmd_done_account(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
size_t len;
/* Sanity check. */
if (EmptyString(params[0])) {
sendto_iauth(cli, "E Missing :Missing account parameter");
return 0;
}
/* Check length of account name. */
len = strcspn(params[0], ": ");
if (len > ACCOUNTLEN) {
sendto_iauth(cli, "E Invalid :Account parameter too long");
return 0;
}
/* If account has a creation timestamp, use it. */
assert(cli_user(cli) != NULL);
if (params[0][len] == ':') {
cli_user(cli)->acc_create = strtoul(params[0] + len + 1, NULL, 10);
params[0][len] = '\0';
}
/* Copy account name to User structure. */
ircd_strncpy(cli_user(cli)->account, params[0], ACCOUNTLEN + 1);
SetAccount(cli);
/* Fall through to the normal "done" handler. */
return iauth_cmd_done_client(iauth, cli, parc - 1, params + 1);
}
/** Reject a client's connection.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Optional kill message.
* @return Zero.
*/
static int iauth_cmd_kill(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
if (cli_auth(cli))
FlagClr(&cli_auth(cli)->flags, AR_IAUTH_PENDING);
if (EmptyString(params[0]))
params[0] = "Access denied";
exit_client(cli, cli, &me, params[0]);
return 0;
}
/** Change a client's usermode.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (at least one).
* @param[in] params Usermode arguments for client.
* @return Zero.
*/
static int iauth_cmd_mark(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
if ((parc < 2) || EmptyString(params[0])) {
sendto_iauth(cli, "E Missing :Missing mark parameter");
return 0;
}
/* params[0] == type, params[1] == data */
if (!ircd_strcmp(params[0], MARK_WEBIRC)) {
ircd_strncpy(cli_webirc(cli), params[1], BUFSIZE + 1);
} else if (!ircd_strcmp(params[0], MARK_GEOIP)) {
if ((parc < 3) || EmptyString(params[1]) || EmptyString(params[2])) {
sendto_iauth(cli, "E Missing :Missing mark geoip parameter");
return 0;
}
geoip_apply_mark(cli, params[1], params[2], (parc > 3 ? params[3] : NULL));
} else if (!ircd_strcmp(params[0], MARK_CVERSION)) {
ircd_strncpy(cli_version(cli), params[1], VERSIONLEN + 1);
} else if (!ircd_strcmp(params[0], MARK_SSLCLIFP)) {
ircd_strncpy(cli_sslclifp(cli), params[1], BUFSIZE + 1);
} else if (!ircd_strcmp(params[0], MARK_KILL)) {
ircd_strncpy(cli_killmark(cli), params[1], BUFSIZE + 1);
} else if (!ircd_strcmp(params[0], MARK_MARK) || !ircd_strcmp(params[0], MARK_DNSBL_DATA)) {
add_mark(cli, params[1]);
SetMarked(cli);
} else {
sendto_iauth(cli, "E Invalid :Invalid mark type");
}
return 0;
}
/** Change a client's usermode.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (at least one).
* @param[in] params Usermode arguments for client (with the first
* starting with '+').
* @return Zero.
*/
static int iauth_cmd_usermode(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
if (params[0][0] == '+')
{
set_user_mode(cli, cli, parc + 2, params - 2, ALLOWMODES_ANY);
}
return 0;
}
/** Send a challenge string to the client.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Challenge message for client.
* @return Zero.
*/
static int iauth_cmd_challenge(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
if (!EmptyString(params[0]))
sendrawto_one(cli, "NOTICE * :*** %s", params[0]);
return 0;
}
/** Send an extension query to a specified remote server.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (3).
* @param[in] params Remote server, routing information, and query.
* @return Zero.
*/
static int iauth_cmd_xquery(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
char *serv;
const char *routing;
const char *query;
struct Client *acptr;
/* Process parameters */
if (EmptyString(params[0])) {
sendto_iauth(cli, "E Missing :Missing server parameter");
return 0;
} else
serv = params[0];
if (EmptyString(params[1])) {
sendto_iauth(cli, "E Missing :Missing routing parameter");
return 0;
} else
routing = params[1];
if (EmptyString(params[2])) {
sendto_iauth(cli, "E Missing :Missing query parameter");
return 0;
} else
query = params[2];
/* Try to find the specified server */
if (!(acptr = find_match_server(serv))) {
sendto_iauth(cli, "x %s %s :Server not online", serv, routing);
return 0;
}
/* If it's to us, do nothing; otherwise, forward the query */
if (!IsMe(acptr))
/* The "iauth:" prefix helps ircu route the reply to iauth */
sendcmdto_one(&me, CMD_XQUERY, acptr, "%C iauth:%s :%s", acptr, routing,
query);
return 0;
}
/** Handle SASL challenge from IAuth.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Challenge data (base64).
* @return Zero.
*/
static int iauth_cmd_sasl_challenge(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
if (EmptyString(params[0]))
return 0;
/* Forward challenge to client */
sendrawto_one(cli, "AUTHENTICATE %s", params[0]);
return 0;
}
/** Handle SASL login success from IAuth.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1+).
* @param[in] params Account name.
* @return Non-zero to check auth completion.
*/
static int iauth_cmd_sasl_loggedin(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
size_t len;
if (EmptyString(params[0])) {
sendto_iauth(cli, "E Missing :Missing account parameter");
return 0;
}
/* Check length of account name. */
len = strcspn(params[0], ": ");
if (len > ACCOUNTLEN) {
sendto_iauth(cli, "E Invalid :Account parameter too long");
return 0;
}
/* Store account in SASL fields */
ircd_strncpy(cli_saslaccount(cli), params[0], ACCOUNTLEN + 1);
/* If account has a creation timestamp, use it. */
if (params[0][len] == ':') {
cli_saslacccreate(cli) = strtoul(params[0] + len + 1, NULL, 10);
}
/* Send RPL_LOGGEDIN to client */
send_reply(cli, RPL_LOGGEDIN, cli_name(cli), cli_user(cli) ? cli_user(cli)->username : "*",
cli_user(cli) ? cli_user(cli)->host : "*", cli_saslaccount(cli), cli_saslaccount(cli));
return 0;
}
/** Handle SASL authentication failure from IAuth.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters.
* @param[in] params Unused.
* @return Zero.
*/
static int iauth_cmd_sasl_fail(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
send_reply(cli, ERR_SASLFAIL, EmptyString(params[0]) ? "" : params[0]);
return 0;
}
/** Handle SASL mechanism list from IAuth.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters (1).
* @param[in] params Mechanism list.
* @return Zero.
*/
static int iauth_cmd_sasl_mechs(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
if (EmptyString(params[0]))
return 0;
send_reply(cli, ERR_SASLMECHS, params[0]);
return 0;
}
/** Handle SASL authentication success (done) from IAuth.
* @param[in] iauth Active IAuth session.
* @param[in] cli Client referenced by command.
* @param[in] parc Number of parameters.
* @param[in] params Unused.
* @return Zero.
*/
static int iauth_cmd_sasl_done(struct IAuth *iauth, struct Client *cli,
int parc, char **params)
{
/* Mark SASL as complete */
SetFlag(cli, FLAG_SASLCOMPLETE);
/* Send success to client */
send_reply(cli, RPL_SASLSUCCESS);
/* Cancel SASL timeout */
if (t_active(&cli_sasltimeout(cli)))
timer_del(&cli_sasltimeout(cli));
return 0;
}
/** Parse a \a message from \a iauth.
* @param[in] iauth Active IAuth session.
* @param[in] message Message to be parsed.
*/
static void iauth_parse(struct IAuth *iauth, char *message)
{
char *params[MAXPARA + 1]; /* leave space for NULL */
int parc = 0;
iauth_cmd_handler handler;
struct AuthRequest *auth;
struct Client *cli;
int has_cli;
int id;
/* Find command handler... */
switch (*(message++)) {
case '>': handler = iauth_cmd_snotice; has_cli = 0; break;
case 'G': handler = iauth_cmd_debuglevel; has_cli = 0; break;
case 'O': handler = iauth_cmd_policy; has_cli = 0; break;
case 'V': handler = iauth_cmd_version; has_cli = 0; break;
case 'a': handler = iauth_cmd_newconfig; has_cli = 0; break;
case 'A': handler = iauth_cmd_config; has_cli = 0; break;
case 's': handler = iauth_cmd_newstats; has_cli = 0; break;
case 'S': handler = iauth_cmd_stats; has_cli = 0; break;
case 'X': handler = iauth_cmd_xquery; has_cli = 0; break;
case 'o': handler = iauth_cmd_username_forced; has_cli = 1; break;
case 'U': handler = iauth_cmd_username_good; has_cli = 1; break;
case 'u': handler = iauth_cmd_username_bad; has_cli = 1; break;
case 'N': handler = iauth_cmd_hostname; has_cli = 1; break;
case 'I': handler = iauth_cmd_ip_address; has_cli = 1; break;
case 'm': handler = iauth_cmd_mark; has_cli = 1; break;
case 'M': handler = iauth_cmd_usermode; has_cli = 1; break;
case 'C': handler = iauth_cmd_challenge; has_cli = 1; break;
case 'd': handler = iauth_cmd_soft_done; has_cli = 1; break;
case 'D': handler = iauth_cmd_done_client; has_cli = 1; break;
case 'R': handler = iauth_cmd_done_account; has_cli = 1; break;
case 'k': /* The 'k' command indicates the user should be booted
* off without telling opers. There is no way to
* signal that to exit_client(), so we fall through to
* the case that we do implement.
*/
case 'K': handler = iauth_cmd_kill; has_cli = 2; break;
case 'r': /* we handle termination directly */ return;
/* SASL-related commands from IAuth */
case 'c': handler = iauth_cmd_sasl_challenge; has_cli = 2; break;
case 'L': handler = iauth_cmd_sasl_loggedin; has_cli = 2; break;
case 'f': handler = iauth_cmd_sasl_fail; has_cli = 2; break;
case 'l': handler = iauth_cmd_sasl_mechs; has_cli = 2; break;
case 'Z': handler = iauth_cmd_sasl_done; has_cli = 2; break;
default: sendto_iauth(NULL, "E Garbage :[%s]", message); return;
}
while (parc < MAXPARA) {
while (IsSpace(*message)) /* skip leading whitespace */
message++;
if (!*message) /* hit the end of the string, break out */
break;
if (*message == ':') { /* found sentinel... */
params[parc++] = message + 1;
break; /* it's the last parameter anyway */
}
params[parc++] = message; /* save the parameter */
while (*message && !IsSpace(*message))
message++; /* find the end of the parameter */
if (*message) /* terminate the parameter */
*(message++) = '\0';
}
params[parc] = NULL; /* terminate the parameter list */
/* Check to see if the command specifies a client... */
if (!has_cli) {
/* Handler does not need a client. */
handler(iauth, NULL, parc, params);
} else {
/* Try to find the client associated with the request. */
id = strtol(params[0], NULL, 10);
if (parc < 3)
sendto_iauth(NULL, "E Missing :Need <id> <ip> <port>");
else if (id < 0 || id > HighestFd || !(cli = LocalClientArray[id]))
/* Client no longer exists (or never existed). */
sendto_iauth(NULL, "E Gone :[%s %s %s]", params[0], params[1],
params[2]);
else if ((!(auth = cli_auth(cli)) ||
!FlagHas(&auth->flags, AR_IAUTH_PENDING)) &&
has_cli == 1)
/* Client is done with IAuth checks. */
sendto_iauth(cli, "E Done :[%s %s %s]", params[0], params[1], params[2]);
else {
struct irc_sockaddr addr;
int res;
/* Parse IP address and port number from parameters */
res = ipmask_parse(params[1], &addr.addr, NULL);
addr.port = strtol(params[2], NULL, 10);
/* Check IP address and port number against expected. */
if (0 == res ||
(irc_in_addr_cmp(&addr.addr, &cli_ip(cli)) &&
irc_in_addr_cmp(&addr.addr, &cli_connectip(cli))) ||
(auth && addr.port != auth->port))
/* Report mismatch to iauth. */
sendto_iauth(cli, "E Mismatch :[%s] != [%s]", params[1],
ircd_ntoa(&cli_ip(cli)));
else if (handler(iauth, cli, parc - 3, params + 3) > 0)
/* Handler indicated a possible state change. */
check_auth_finished(auth);
}
}
}
/** Read input from \a iauth.
* Reads up to SERVER_TCP_WINDOW bytes per pass.
* @param[in] iauth Readable connection.
*/
static void iauth_read(struct IAuth *iauth)
{
static char readbuf[SERVER_TCP_WINDOW];
unsigned int length, count;
char *sol;
char *eol;
/* Copy partial data to readbuf, append new data. */
length = iauth->i_count;
memcpy(readbuf, iauth->i_buffer, length);
if (IO_SUCCESS != os_recv_nonb(s_fd(i_socket(iauth)),
readbuf + length,
sizeof(readbuf) - length - 1,
&count))
return;
readbuf[length += count] = '\0';
/* Parse each complete line. */
for (sol = readbuf; (eol = strchr(sol, '\n')) != NULL; sol = eol + 1) {
*eol = '\0';
if (*(eol - 1) == '\r') /* take out carriage returns, too... */
*(eol - 1) = '\0';
/* If spammy debug, send the message to opers. */
if (i_debug(iauth) > 1)
sendto_opmask_butone(NULL, SNO_AUTH, "Parsing: \"%s\"", sol);
/* Parse the line... */
iauth_parse(iauth, sol);
}
/* Put unused data back into connection's buffer. */
iauth->i_count = strlen(sol);
if (iauth->i_count > BUFSIZE)
iauth->i_count = BUFSIZE;
memcpy(iauth->i_buffer, sol, iauth->i_count);
}
/** Handle socket activity for an %IAuth connection.
* @param[in] ev &Socket event; the IAuth connection is the user data
* pointer for the socket.
*/
static void iauth_sock_callback(struct Event *ev)
{
struct IAuth *iauth;
assert(0 != ev_socket(ev));
iauth = (struct IAuth*) s_data(ev_socket(ev));
assert(0 != iauth);
switch (ev_type(ev)) {
case ET_DESTROY:
if (!IAuthHas(iauth, IAUTH_CLOSING) && !s_active(i_stderr(iauth)))
iauth_do_spawn(iauth, 1);
break;
case ET_READ:
iauth_read(iauth);
break;
case ET_WRITE:
IAuthClr(iauth, IAUTH_BLOCKED);
iauth_write(iauth);
break;
case ET_ERROR:
log_write(LS_IAUTH, L_ERROR, 0, "IAuth socket error: %s", strerror(ev_data(ev)));
/* and fall through to the ET_EOF case */
case ET_EOF:
iauth_disconnect(iauth);
break;
default:
assert(0 && "Unrecognized event type");
break;
}
}
/** Read error input from \a iauth.
* @param[in] iauth Readable connection.
*/
static void iauth_read_stderr(struct IAuth *iauth)
{
static char readbuf[SERVER_TCP_WINDOW];
unsigned int length, count;
char *sol;
char *eol;
/* Copy partial data to readbuf, append new data. */
length = iauth->i_errcount;
memcpy(readbuf, iauth->i_errbuf, length);
if (IO_SUCCESS != os_recv_nonb(s_fd(i_stderr(iauth)),
readbuf + length,
sizeof(readbuf) - length - 1,
&count))
return;
readbuf[length += count] = '\0';
/* Send each complete line to SNO_AUTH. */
for (sol = readbuf; (eol = strchr(sol, '\n')) != NULL; sol = eol + 1) {
*eol = '\0';
if (*(eol - 1) == '\r') /* take out carriage returns, too... */
*(eol - 1) = '\0';
Debug((DEBUG_ERROR, "IAuth error: %s", sol));
log_write(LS_IAUTH, L_ERROR, 0, "IAuth error: %s", sol);
sendto_opmask_butone(NULL, SNO_AUTH, "%s", sol);
}
/* Put unused data back into connection's buffer. */
iauth->i_errcount = strlen(sol);
if (iauth->i_errcount > BUFSIZE)
iauth->i_errcount = BUFSIZE;
memcpy(iauth->i_errbuf, sol, iauth->i_errcount);
}
/** Handle error socket activity for an %IAuth connection.
* @param[in] ev &Socket event; the IAuth connection is the user data
* pointer for the socket.
*/
static void iauth_stderr_callback(struct Event *ev)
{
struct IAuth *iauth;
assert(0 != ev_socket(ev));
iauth = (struct IAuth*) s_data(ev_socket(ev));
assert(0 != iauth);
switch (ev_type(ev)) {
case ET_DESTROY:
if (!IAuthHas(iauth, IAUTH_CLOSING) && !s_active(i_socket(iauth)))
iauth_do_spawn(iauth, 1);
break;
case ET_READ:
iauth_read_stderr(iauth);
break;
case ET_ERROR:
log_write(LS_IAUTH, L_ERROR, 0, "IAuth stderr error: %s", strerror(ev_data(ev)));
/* and fall through to the ET_EOF case */
case ET_EOF:
iauth_disconnect(iauth);
break;
default:
assert(0 && "Unrecognized event type");
break;
}
}
/** Report active iauth's configuration to \a cptr.
* @param[in] cptr Client requesting statistics.
* @param[in] sd Stats descriptor for request.
* @param[in] param Extra parameter from user (may be NULL).
*/
void report_iauth_conf(struct Client *cptr, const struct StatDesc *sd, char *param)
{
struct SLink *link;
if (iauth) for (link = iauth->i_config; link; link = link->next)
{
send_reply(cptr, SND_EXPLICIT | RPL_STATSDEBUG, ":%s",
link->value.cp);
}
}
/** Report active iauth's statistics to \a cptr.
* @param[in] cptr Client requesting statistics.
* @param[in] sd Stats descriptor for request.
* @param[in] param Extra parameter from user (may be NULL).
*/
void report_iauth_stats(struct Client *cptr, const struct StatDesc *sd, char *param)
{
struct SLink *link;
if (iauth) for (link = iauth->i_stats; link; link = link->next)
{
send_reply(cptr, SND_EXPLICIT | RPL_STATSDEBUG, ":%s",
link->value.cp);
}
}
Reference in New Issue View Git Blame Copy Permalink