underchat
/
ircu2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ircu2/ircd/s_conf.c

1673 lines
46 KiB
C
Raw Blame History

/*
* IRC - Internet Relay Chat, ircd/s_conf.c
* Copyright (C) 1990 Jarkko Oikarinen and
* University of Oulu, Computing Center
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
/** @file
* @brief ircd configuration file driver
* @version $Id: s_conf.c 1839 2007-10-30 02:13:09Z entrope $
*/
#include "config.h"
#include "s_conf.h"
#include "IPcheck.h"
#include "class.h"
#include "client.h"
#include "crule.h"
#include "ircd_crypt.h"
#include "ircd_features.h"
#include "ircd_geoip.h"
#include "fileio.h"
#include "gline.h"
#include "hash.h"
#include "ircd.h"
#include "ircd_alloc.h"
#include "ircd_chattr.h"
#include "ircd_features.h"
#include "ircd_log.h"
#include "ircd_reply.h"
#include "ircd_snprintf.h"
#include "ircd_string.h"
#include "list.h"
#include "listener.h"
#include "match.h"
#include "motd.h"
#include "numeric.h"
#include "numnicks.h"
#include "opercmds.h"
#include "parse.h"
#include "res.h"
#include "s_auth.h"
#include "s_bsd.h"
#include "s_debug.h"
#include "s_misc.h"
#include "send.h"
#include "struct.h"
#include "sys.h"
#include "zline.h"
/* #include <assert.h> -- Now using assert in ircd_log.h */
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
/** Global list of all ConfItem structures. */
struct ConfItem *GlobalConfList;
/** Count of items in #GlobalConfList. */
int GlobalConfCount;
/** Global list of service mappings. */
struct s_map *GlobalServiceMapList;
/** Global list of channel quarantines. */
struct qline *GlobalQuarantineList;
/** Current line number in scanner input. */
int lineno;
/** Current file in scanner input. */
char* linefile;
/** Configuration information for #me. */
struct LocalConf localConf;
/** Global list of connection rules. */
struct CRuleConf* cruleConfList;
/** Global list of K-lines. */
struct DenyConf* denyConfList;
/** Global list of WebIRC blocks. */
struct WebIRCConf* webircConfList;
/** Global list of SpoofHost blocks. */
struct SHostConf* shostConfList;
/** Global list of Except blocks. */
struct ExceptConf* exceptConfList;
/** Tell a user that they are banned, dumping the message from a file.
* @param sptr Client being rejected
* @param filename Send this file's contents to \a sptr
*/
static void killcomment(struct Client* sptr, const char* filename)
{
FBFILE* file = 0;
char line[80];
struct stat sb;
if (NULL == (file = fbopen(filename, "r"))) {
send_reply(sptr, ERR_NOMOTD);
send_reply(sptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP,
":Connection from your host is refused on this server.");
return;
}
fbstat(&sb, file);
while (fbgets(line, sizeof(line) - 1, file)) {
char* end = line + strlen(line);
while (end > line) {
--end;
if ('\n' == *end || '\r' == *end)
*end = '\0';
else
break;
}
send_reply(sptr, RPL_MOTD, line);
}
send_reply(sptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP,
":Connection from your host is refused on this server.");
fbclose(file);
}
/** Allocate a new struct ConfItem and link it to #GlobalConfList.
* @return Newly allocated structure.
*/
struct ConfItem* make_conf(int type)
{
struct ConfItem* aconf;
aconf = (struct ConfItem*) MyMalloc(sizeof(struct ConfItem));
assert(0 != aconf);
++GlobalConfCount;
memset(aconf, 0, sizeof(struct ConfItem));
aconf->status = type;
aconf->next = GlobalConfList;
GlobalConfList = aconf;
return aconf;
}
/** Free a struct ConfItem and any resources it owns.
* @param aconf Item to free.
*/
void free_conf(struct ConfItem *aconf)
{
Debug((DEBUG_DEBUG, "free_conf: %s %s %d",
aconf->host ? aconf->host : "*",
aconf->name ? aconf->name : "*",
aconf->address.port));
if (aconf->dns_pending)
delete_resolver_queries(aconf);
MyFree(aconf->username);
MyFree(aconf->host);
MyFree(aconf->from_host);
MyFree(aconf->origin_name);
if (aconf->passwd)
memset(aconf->passwd, 0, strlen(aconf->passwd));
MyFree(aconf->passwd);
MyFree(aconf->sslfp);
MyFree(aconf->sslciphers);
MyFree(aconf->name);
MyFree(aconf->hub_limit);
MyFree(aconf->countrymask);
MyFree(aconf->continentmask);
MyFree(aconf->redirserver);
MyFree(aconf->autojoinchan);
MyFree(aconf->autojoinnotice);
MyFree(aconf->swhois);
MyFree(aconf);
--GlobalConfCount;
}
/** Disassociate configuration from the client.
* @param cptr Client to operate on.
* @param aconf ConfItem to detach.
*/
static void detach_conf(struct Client* cptr, struct ConfItem* aconf)
{
struct SLink** lp;
struct SLink* tmp;
assert(0 != aconf);
assert(0 != cptr);
assert(0 < aconf->clients);
lp = &(cli_confs(cptr));
while (*lp) {
if ((*lp)->value.aconf == aconf) {
if (aconf->conn_class && (aconf->status & CONF_CLIENT_MASK) && ConfLinks(aconf) > 0)
--ConfLinks(aconf);
assert(0 < aconf->clients);
if (0 == --aconf->clients && IsIllegal(aconf))
free_conf(aconf);
tmp = *lp;
*lp = tmp->next;
free_link(tmp);
return;
}
lp = &((*lp)->next);
}
}
/** Parse a user\@host mask into username and host or IP parts.
* If \a host contains no username part, set \a aconf->username to
* NULL. If the host part of \a host looks like an IP mask, set \a
* aconf->addrbits and \a aconf->address to match. Otherwise, set
* \a aconf->host, and set \a aconf->addrbits to -1.
* @param[in,out] aconf Configuration item to set.
* @param[in] host user\@host mask to parse.
*/
void conf_parse_userhost(struct ConfItem *aconf, char *host)
{
char *host_part;
unsigned char addrbits;
MyFree(aconf->username);
MyFree(aconf->host);
host_part = strchr(host, '@');
if (host_part) {
*host_part = '\0';
DupString(aconf->username, host);
host_part++;
} else {
aconf->username = NULL;
host_part = host;
}
DupString(aconf->host, host_part);
if (ipmask_parse(aconf->host, &aconf->address.addr, &addrbits))
aconf->addrbits = addrbits;
else
aconf->addrbits = -1;
}
/** Copies a completed DNS query into its ConfItem.
* @param vptr Pointer to struct ConfItem for the block.
* @param hp DNS reply, or NULL if the lookup failed.
*/
static void conf_dns_callback(void* vptr, const struct irc_in_addr *addr, const char *h_name)
{
struct ConfItem* aconf = (struct ConfItem*) vptr;
assert(aconf);
aconf->dns_pending = 0;
if (addr)
memcpy(&aconf->address.addr, addr, sizeof(aconf->address.addr));
}
/** Start a nameserver lookup of the conf host. If the conf entry is
* currently doing a lookup, do nothing.
* @param aconf ConfItem for which to start a request.
*/
static void conf_dns_lookup(struct ConfItem* aconf)
{
if (!aconf->dns_pending) {
char buf[HOSTLEN + 1];
host_from_uh(buf, aconf->host, HOSTLEN);
gethost_byname(buf, conf_dns_callback, aconf);
aconf->dns_pending = 1;
}
}
/** Start lookups of all addresses in the conf line. The origin must
* be a numeric IP address. If the remote host field is not an IP
* address, start a DNS lookup for it.
* @param aconf Connection to do lookups for.
*/
void
lookup_confhost(struct ConfItem *aconf)
{
if (EmptyString(aconf->host) || EmptyString(aconf->name)) {
Debug((DEBUG_ERROR, "Host/server name error: (%s) (%s)",
aconf->host, aconf->name));
return;
}
if (aconf->origin_name
&& !ircd_aton(&aconf->origin.addr, aconf->origin_name)) {
Debug((DEBUG_ERROR, "Origin name error: (%s) (%s)",
aconf->origin_name, aconf->name));
}
/*
* Do name lookup now on hostnames given and store the
* ip numbers in conf structure.
*/
if (IsIP6Char(*aconf->host)) {
if (!ircd_aton(&aconf->address.addr, aconf->host)) {
Debug((DEBUG_ERROR, "Host/server name error: (%s) (%s)",
aconf->host, aconf->name));
}
}
else
conf_dns_lookup(aconf);
}
/** Find a server by name or hostname.
* @param name Server name to find.
* @return Pointer to the corresponding ConfItem, or NULL if none exists.
*/
struct ConfItem* conf_find_server(const char* name)
{
struct ConfItem* conf;
assert(0 != name);
for (conf = GlobalConfList; conf; conf = conf->next) {
if (CONF_SERVER == conf->status) {
/*
* Check first servernames, then try hostnames.
* XXX - match returns 0 if there _is_ a match... guess they
* haven't decided what true is yet
*/
if (0 == match(name, conf->name))
return conf;
}
}
return 0;
}
/** Evaluate connection rules.
* @param name Name of server to check
* @param mask Filter for CRule types (only consider if type & \a mask != 0).
* @return Name of rule that forbids the connection; NULL if no prohibitions.
*/
const char* conf_eval_crule(const char* name, int mask)
{
struct CRuleConf* p = cruleConfList;
assert(0 != name);
for ( ; p; p = p->next) {
if (0 != (p->type & mask) && 0 == match(p->hostmask, name)) {
if (crule_eval(p->node))
return p->rule;
}
}
return 0;
}
/** Remove all conf entries from the client except those which match
* the status field mask.
* @param cptr Client to operate on.
* @param mask ConfItem types to keep.
*/
void det_confs_butmask(struct Client* cptr, int mask)
{
struct SLink* link;
struct SLink* next;
assert(0 != cptr);
for (link = cli_confs(cptr); link; link = next) {
next = link->next;
if ((link->value.aconf->status & mask) == 0)
detach_conf(cptr, link->value.aconf);
}
}
/** Find the first (best) Client block to attach.
* @param cptr Client for whom to check rules.
* @return Authorization check result.
*/
enum AuthorizationCheckResult attach_iline(struct Client* cptr)
{
struct ConfItem* aconf;
assert(0 != cptr);
for (aconf = GlobalConfList; aconf; aconf = aconf->next) {
if (aconf->status != CONF_CLIENT)
continue;
/* If you change any of this logic, please make corresponding
* changes in conf_debug_iline() below.
*/
if (aconf->address.port && aconf->address.port != cli_listener(cptr)->addr.port)
continue;
if (aconf->username && match(aconf->username, cli_username(cptr)))
continue;
if (aconf->host && match(aconf->host, cli_sockhost(cptr)))
continue;
if (aconf->countrymask && match(aconf->countrymask, cli_countrycode(cptr)))
continue;
if (aconf->continentmask && match(aconf->continentmask, cli_continentcode(cptr)))
continue;
if ((aconf->addrbits >= 0)
&& !ipmask_check(&cli_ip(cptr), &aconf->address.addr, aconf->addrbits))
continue;
if (IPcheck_nr(cptr) > aconf->maximum)
return ACR_TOO_MANY_FROM_IP;
if (aconf->redirserver && !EmptyString(aconf->redirserver)) {
send_reply(cptr, RPL_BOUNCE, aconf->redirserver, aconf->redirport);
return ACR_NO_AUTHORIZATION;
}
if (aconf->username && !IsWebIRCUserIdent(cptr) && (aconf->flags & CONF_NOIDENTTILDE))
SetFlag(cptr, FLAG_DOID);
return attach_conf(cptr, aconf);
}
return ACR_NO_AUTHORIZATION;
}
/** Interpret \a client as a client specifier and show which Client
* block(s) match that client.
*
* The client specifier may contain an IP address, hostname, listener
* port, or a combination of those separated by commas. IP addresses
* and hostnamese may be preceded by "username@"; the last given
* username will be used for the match.
*
* @param[in] client Client specifier.
* @return Matching Client block structure.
*/
struct ConfItem *conf_debug_iline(const char *client)
{
struct irc_in_addr address;
struct ConfItem *aconf;
struct DenyConf *deny;
char *sep;
unsigned short listener;
char username[USERLEN+1], hostname[HOSTLEN+1], realname[REALLEN+1];
/* Initialize variables. */
listener = 0;
memset(&address, 0, sizeof(address));
memset(&username, 0, sizeof(username));
memset(&hostname, 0, sizeof(hostname));
memset(&realname, 0, sizeof(realname));
/* Parse client specifier. */
while (*client) {
struct irc_in_addr tmpaddr;
long tmp;
/* Try to parse as listener port number first. */
tmp = strtol(client, &sep, 10);
if (tmp && (*sep == '\0' || *sep == ',')) {
listener = tmp;
client = sep + (*sep != '\0');
continue;
}
/* Maybe username@ before an IP address or hostname? */
tmp = strcspn(client, ",@");
if (client[tmp] == '@') {
if (tmp > USERLEN)
tmp = USERLEN;
ircd_strncpy(username, client, tmp + 1);
/* and fall through */
client += tmp + 1;
}
/* Looks like an IP address? */
tmp = ircd_aton(&tmpaddr, client);
if (tmp && (client[tmp] == '\0' || client[tmp] == ',')) {
memcpy(&address, &tmpaddr, sizeof(address));
client += tmp + (client[tmp] != '\0');
continue;
}
/* Realname? */
if (client[0] == '$' && client[1] == 'R') {
client += 2;
for (tmp = 0; *client != '\0' && *client != ',' && tmp < REALLEN; ++client, ++tmp) {
if (*client == '\\')
realname[tmp] = *++client;
else
realname[tmp] = *client;
}
continue;
}
/* Else must be a hostname. */
tmp = strcspn(client, ",");
if (tmp > HOSTLEN)
tmp = HOSTLEN;
ircd_strncpy(hostname, client, tmp + 1);
client += tmp + (client[tmp] != '\0');
}
/* Walk configuration to find matching Client block. */
for (aconf = GlobalConfList; aconf; aconf = aconf->next) {
if (aconf->status != CONF_CLIENT)
continue;
if (aconf->address.port && aconf->address.port != listener) {
fprintf(stdout, "Listener port mismatch: %u != %u\n", aconf->address.port, listener);
continue;
}
if (aconf->username && match(aconf->username, username)) {
fprintf(stdout, "Username mismatch: %s != %s\n", aconf->username, username);
continue;
}
if (aconf->host && match(aconf->host, hostname)) {
fprintf(stdout, "Hostname mismatch: %s != %s\n", aconf->host, hostname);
continue;
}
if ((aconf->addrbits >= 0)
&& !ipmask_check(&address, &aconf->address.addr, aconf->addrbits)) {
fprintf(stdout, "IP address mismatch: %s != %s\n", aconf->name, ircd_ntoa(&address));
continue;
}
fprintf(stdout, "Match! username=%s host=%s ip=%s class=%s maxlinks=%u password=%s\n",
(aconf->username ? aconf->username : "(null)"),
(aconf->host ? aconf->host : "(null)"),
(aconf->name ? aconf->name : "(null)"),
ConfClass(aconf), aconf->maximum,
(aconf->passwd ? aconf->passwd : "(null)"));
break;
}
/* If no authorization, say so and exit. */
if (!aconf)
{
fprintf(stdout, "No authorization found.\n");
return NULL;
}
/* Look for a Kill block with the user's name on it. */
for (deny = denyConfList; deny; deny = deny->next) {
if (deny->usermask && match(deny->usermask, username))
continue;
if (deny->realmask && match(deny->realmask, realname))
continue;
if (deny->bits > 0) {
if (!ipmask_check(&address, &deny->address, deny->bits))
continue;
} else if (deny->hostmask && match(deny->hostmask, hostname))
continue;
/* Looks like a match; report it. */
fprintf(stdout, "Denied! usermask=%s realmask=\"%s\" hostmask=%s (bits=%u)\n",
deny->usermask ? deny->usermask : "(null)",
deny->realmask ? deny->realmask : "(null)",
deny->hostmask ? deny->hostmask : "(null)",
deny->bits);
}
return aconf;
}
/** Check whether a particular ConfItem is already attached to a
* Client.
* @param aconf ConfItem to search for
* @param cptr Client to check
* @return Non-zero if \a aconf is attached to \a cptr, zero if not.
*/
static int is_attached(struct ConfItem *aconf, struct Client *cptr)
{
struct SLink *lp;
for (lp = cli_confs(cptr); lp; lp = lp->next) {
if (lp->value.aconf == aconf)
return 1;
}
return 0;
}
/** Associate a specific configuration entry to a *local* client (this
* is the one which used in accepting the connection). Note, that this
* automatically changes the attachment if there was an old one...
* @param cptr Client to attach \a aconf to
* @param aconf ConfItem to attach
* @return Authorization check result.
*/
enum AuthorizationCheckResult attach_conf(struct Client *cptr, struct ConfItem *aconf)
{
struct SLink *lp;
if (is_attached(aconf, cptr))
return ACR_ALREADY_AUTHORIZED;
if (IsIllegal(aconf))
return ACR_NO_AUTHORIZATION;
if ((aconf->status & (CONF_OPERATOR | CONF_CLIENT)) &&
ConfLinks(aconf) >= ConfMaxLinks(aconf) && ConfMaxLinks(aconf) > 0)
return ACR_TOO_MANY_IN_CLASS; /* Use this for printing error message */
lp = make_link();
lp->next = cli_confs(cptr);
lp->value.aconf = aconf;
cli_confs(cptr) = lp;
++aconf->clients;
if (aconf->status & CONF_CLIENT_MASK)
ConfLinks(aconf)++;
return ACR_OK;
}
/** Return our LocalConf configuration structure.
* @return A pointer to #localConf.
*/
const struct LocalConf* conf_get_local(void)
{
return &localConf;
}
/** Attach ConfItems to a client if the name passed matches that for
* the ConfItems or is an exact match for them.
* @param cptr Client getting the ConfItem attachments.
* @param name Filter to match ConfItem::name.
* @param statmask Filter to limit ConfItem::status.
* @return First ConfItem attached to \a cptr.
*/
struct ConfItem* attach_confs_byname(struct Client* cptr, const char* name,
int statmask)
{
struct ConfItem* tmp;
struct ConfItem* first = NULL;
assert(0 != name);
if (HOSTLEN < strlen(name))
return 0;
for (tmp = GlobalConfList; tmp; tmp = tmp->next) {
if (0 != (tmp->status & statmask) && !IsIllegal(tmp)) {
assert(0 != tmp->name);
if (0 == match(tmp->name, name) || 0 == ircd_strcmp(tmp->name, name)) {
if (ACR_OK == attach_conf(cptr, tmp) && !first)
first = tmp;
}
}
}
return first;
}
/** Attach ConfItems to a client if the host passed matches that for
* the ConfItems or is an exact match for them.
* @param cptr Client getting the ConfItem attachments.
* @param host Filter to match ConfItem::host.
* @param statmask Filter to limit ConfItem::status.
* @return First ConfItem attached to \a cptr.
*/
struct ConfItem* attach_confs_byhost(struct Client* cptr, const char* host,
int statmask)
{
struct ConfItem* tmp;
struct ConfItem* first = 0;
assert(0 != host);
if (HOSTLEN < strlen(host))
return 0;
for (tmp = GlobalConfList; tmp; tmp = tmp->next) {
if (0 != (tmp->status & statmask) && !IsIllegal(tmp)) {
/* For server connections, check from_host instead of host */
const char *check_host = ((tmp->status & CONF_SERVER) && tmp->from_host)
? tmp->from_host : tmp->host;
assert(0 != check_host);
if (0 == match(check_host, host) || 0 == ircd_strcmp(check_host, host)) {
if (ACR_OK == attach_conf(cptr, tmp) && !first)
first = tmp;
}
}
}
return first;
}
/** Find a ConfItem that has the same name and user+host fields as
* specified. Requires an exact match for \a name.
* @param name Name to match
* @param cptr Client to match against
* @param statmask Filter for ConfItem::status
* @return First found matching ConfItem.
*/
struct ConfItem* find_conf_exact(const char* name, struct Client *cptr, int statmask)
{
struct ConfItem *tmp;
for (tmp = GlobalConfList; tmp; tmp = tmp->next) {
if (!(tmp->status & statmask) || !tmp->name || !tmp->host ||
0 != ircd_strcmp(tmp->name, name))
continue;
if (tmp->username
&& (EmptyString(cli_username(cptr))
|| match(tmp->username, cli_username(cptr))))
continue;
if (tmp->addrbits < 0)
{
if ((statmask & CONF_OPERATOR) && cli_user(cptr))
{
if (match(tmp->host, cli_user(cptr)->realhost))
continue;
}
else
{
if (match(tmp->host, cli_sockhost(cptr)))
continue;
}
}
else if (!ipmask_check(&cli_ip(cptr), &tmp->address.addr, tmp->addrbits))
continue;
if ((tmp->status & CONF_OPERATOR)
&& (MaxLinks(tmp->conn_class) > 0)
&& (tmp->clients >= MaxLinks(tmp->conn_class)))
continue;
return tmp;
}
return 0;
}
/** Find a ConfItem from a list that has a name that matches \a name.
* @param lp List to search in.
* @param name Filter for ConfItem::name field; matches either exactly
* or as a glob.
* @param statmask Filter for ConfItem::status.
* @return First matching ConfItem from \a lp.
*/
struct ConfItem* find_conf_byname(struct SLink* lp, const char* name,
int statmask)
{
struct ConfItem* tmp;
assert(0 != name);
if (HOSTLEN < strlen(name))
return 0;
for (; lp; lp = lp->next) {
tmp = lp->value.aconf;
if (0 != (tmp->status & statmask)) {
assert(0 != tmp->name);
if (0 == ircd_strcmp(tmp->name, name) || 0 == match(tmp->name, name))
return tmp;
}
}
return 0;
}
/** Find a ConfItem from a list that has a host that matches \a host.
* @param lp List to search in.
* @param host Filter for ConfItem::host field; matches as a glob.
* @param statmask Filter for ConfItem::status.
* @return First matching ConfItem from \a lp.
*/
struct ConfItem* find_conf_byhost(struct SLink* lp, const char* host,
int statmask)
{
struct ConfItem* tmp = NULL;
assert(0 != host);
if (HOSTLEN < strlen(host))
return 0;
for (; lp; lp = lp->next) {
tmp = lp->value.aconf;
if (0 != (tmp->status & statmask)) {
/* For server connections, check from_host instead of host */
const char *check_host = ((tmp->status & CONF_SERVER) && tmp->from_host)
? tmp->from_host : tmp->host;
assert(0 != check_host);
if (0 == match(check_host, host))
return tmp;
}
}
return 0;
}
/** Find a ConfItem from a list that has an address equal to \a ip.
* @param lp List to search in.
* @param ip Filter for ConfItem::address field; matches exactly.
* @param statmask Filter for ConfItem::status.
* @return First matching ConfItem from \a lp.
*/
struct ConfItem* find_conf_byip(struct SLink* lp, const struct irc_in_addr* ip,
int statmask)
{
struct ConfItem* tmp;
for (; lp; lp = lp->next) {
tmp = lp->value.aconf;
if (0 != (tmp->status & statmask)) {
/* For server connections with from_host set, check from_address */
if ((tmp->status & CONF_SERVER) && tmp->from_host && tmp->from_addrbits >= 0) {
if (ipmask_check(ip, &tmp->from_address, tmp->from_addrbits))
return tmp;
} else {
if (!irc_in_addr_cmp(&tmp->address.addr, ip))
return tmp;
}
}
}
return 0;
}
/** Free all CRules from #cruleConfList. */
void conf_erase_crule_list(void)
{
struct CRuleConf* next;
struct CRuleConf* p = cruleConfList;
for ( ; p; p = next) {
next = p->next;
crule_free(&p->node);
MyFree(p->hostmask);
MyFree(p->rule);
MyFree(p);
}
cruleConfList = 0;
}
/** Return #cruleConfList.
* @return #cruleConfList
*/
const struct CRuleConf* conf_get_crule_list(void)
{
return cruleConfList;
}
/** Free all deny rules from #denyConfList. */
void conf_erase_deny_list(void)
{
struct DenyConf* next;
struct DenyConf* p = denyConfList;
for ( ; p; p = next) {
next = p->next;
MyFree(p->hostmask);
MyFree(p->usermask);
MyFree(p->message);
MyFree(p->realmask);
MyFree(p->countrymask);
MyFree(p->continentmask);
MyFree(p->version);
MyFree(p);
}
denyConfList = 0;
}
/** Return #denyConfList.
* @return #denyConfList
*/
const struct DenyConf* conf_get_deny_list(void)
{
return denyConfList;
}
/** Find WebIRC configuration for \a cptr with password matching \a passwd
* @param[in] cptr Client to match WebIRC configuration against.
* @param[in] passwd Password to compare against WebIRC configuration.
* @param[out] status 0 for Success, 1 for invalid password and 2 for no WebIRC configuration.
* @return WebIRCConf struct of matching WebIRC configuration or 0 on error.
*/
struct WebIRCConf* find_webirc_conf(struct Client *cptr, char *passwd, int* status)
{
struct WebIRCConf *wconf;
char *crypted;
int res;
*status = 2;
if (!passwd)
return 0;
for(wconf = webircConfList; wconf; wconf = wconf->next) {
if (wconf->usermask && match(wconf->usermask, cli_username(cptr)))
continue;
if (wconf->bits > 0) {
if (!ipmask_check(&cli_ip(cptr), &wconf->address, wconf->bits))
continue;
} else if (wconf->hostmask && match(wconf->hostmask, cli_sockhost(cptr)))
continue;
*status = 1;
if (!wconf->passwd) {
*status = 0;
return wconf;
}
crypted = ircd_crypt(passwd, wconf->passwd);
if (!crypted)
continue;
res = strcmp(crypted, wconf->passwd);
MyFree(crypted);
if (0 == res) {
*status = 0;
return wconf;
}
}
return 0;
}
/** Free all WebIRC configurations from #webircConfList. */
void conf_erase_webirc_list(void)
{
struct WebIRCConf* next;
struct WebIRCConf* p = webircConfList;
for ( ; p; p = next) {
next = p->next;
MyFree(p->hostmask);
MyFree(p->usermask);
MyFree(p->passwd);
MyFree(p->ident);
MyFree(p->description);
MyFree(p);
}
webircConfList = 0;
}
/** Return #webircConfList.
* @return #webircConfList
*/
const struct WebIRCConf* conf_get_webirc_list(void)
{
return webircConfList;
}
/** Find Spoofhost configuration for \a cptr with spoof host matching host and
* a password matching \a passwd
* @param[in] cptr Client to match Spoofhost configuration against.
* @param[in] host Spoofhost host to look for, if NULL look for an autoapply Spoofhost.
* @param[in] passwd Password to compare against Spoofhost configuration.
* @param[out] status 0 for Success, 1 for invalid password and 2 for no Spoofhost configuration.
* @return SHostConf struct of matching Spoofhost configuration or 0 on error.
*/
struct SHostConf* find_shost_conf(struct Client *cptr, char *host, char *passwd, int *status)
{
struct SHostConf* sconf;
char *crypted;
int res = 0;
*status = 2;
for(sconf = shostConfList; sconf; sconf = sconf->next) {
if ((host == NULL) && !(sconf->flags & SHFLAG_AUTOAPPLY))
continue;
if (host != NULL) {
if (!(sconf->flags & SHFLAG_ISMASK) && strcmp(sconf->spoofhost, host))
continue;
if ((sconf->flags & SHFLAG_ISMASK) && match(sconf->spoofhost, host))
continue;
}
if (sconf->usermask) {
if (match(sconf->usermask, cli_username(cptr)) &&
!((sconf->flags & SHFLAG_MATCHUSER) && !match(sconf->usermask, cli_user(cptr)->username)))
continue;
}
if (sconf->bits > 0) {
if (!ipmask_check(&cli_ip(cptr), &sconf->address, sconf->bits))
continue;
} else if (sconf->hostmask && match(sconf->hostmask, cli_sockhost(cptr)))
continue;
*status = 1;
res = 0;
if ((host == NULL) && (sconf->flags & SHFLAG_AUTOAPPLY)) {
*status = 0;
return sconf;
}
if (EmptyString(passwd) && !EmptyString(sconf->passwd))
continue;
if (!EmptyString(passwd) && EmptyString(sconf->passwd))
continue;
if (!EmptyString(passwd) && !EmptyString(sconf->passwd)) {
crypted = ircd_crypt(passwd, sconf->passwd);
if (!crypted)
continue;
res = strcmp(crypted, sconf->passwd);
MyFree(crypted);
}
if (0 == res) {
*status = 0;
return sconf;
}
}
return 0;
}
/** Free all SpoofHost configurations from #shostConfList. */
void conf_erase_shost_list(void)
{
struct SHostConf* next;
struct SHostConf* p = shostConfList;
for ( ; p; p = next) {
next = p->next;
MyFree(p->spoofhost);
MyFree(p->hostmask);
if (p->passwd != NULL)
MyFree(p->passwd);
MyFree(p);
}
shostConfList = 0;
}
/** Return #shostConfList.
* @return #shostConfList
*/
const struct SHostConf* conf_get_shost_list(void)
{
return shostConfList;
}
/** Get all the exception flags that apply to the client \a cptr
* @param[in] cptr Client to find the exception flags for.
* @return Bitmask of all the exception flags found to apply to \a cptr
*/
int get_except_flags(struct Client *cptr)
{
int flags = 0;
struct ExceptConf *econf;
for(econf = exceptConfList; econf; econf = econf->next) {
if (econf->usermask && match(econf->usermask, cli_username(cptr)))
continue;
if (econf->bits > 0) {
if (!ipmask_check(&cli_ip(cptr), &econf->address, econf->bits))
continue;
} else if (econf->hostmask && match(econf->hostmask, cli_sockhost(cptr)))
continue;
flags |= econf->flags;
}
return flags;
}
/** Find Except configuration for \a cptr with flags matching \a flags
* @param[in] cptr Client to match an Except configuration against.
* @param[in] mask Bitmask of EFLAG_* flags to test for exemption.
* @return -1 if an exception was found, 0 otherwise.
*/
int find_except_conf(struct Client *cptr, int flags)
{
struct ExceptConf *econf;
if (flags & EFLAG_IPCHECK) {
if (IsIPCheckExempt(cptr))
return -1;
if (IsNotIPCheckExempt(cptr))
return 0;
}
for(econf = exceptConfList; econf; econf = econf->next) {
if (!(econf->flags & flags))
continue;
if (econf->usermask && match(econf->usermask, cli_username(cptr)))
continue;
if (econf->bits > 0) {
if (!ipmask_check(&cli_ip(cptr), &econf->address, econf->bits))
continue;
} else if (econf->hostmask && match(econf->hostmask, cli_sockhost(cptr)))
continue;
if (econf->flags & EFLAG_IPCHECK)
SetIPCheckExempt(cptr);
return -1;
}
if (flags & EFLAG_IPCHECK)
SetNotIPCheckExempt(cptr);
return 0;
}
/** Find Except configuration for \a addr with flags matching \a flags
* @param[in] addr IP Address to match an Except configuration against.
* @param[in] mask Bitmask of EFLAG_* flags to test for exemption.
* @return -1 if an exception was found, 0 otherwise.
*/
int find_except_conf_by_ip(const struct irc_in_addr *addr, int flags)
{
struct ExceptConf *econf;
char ipbuf[SOCKIPLEN];
ircd_ntoa_r(ipbuf, addr);
for(econf = exceptConfList; econf; econf = econf->next) {
if (!(econf->flags & flags))
continue;
/* Attempt to match usermask against "%nobody" to ensure this isn't
* an Except that requires a user name to match.
*/
if (econf->usermask && match(econf->usermask, "%nobody"))
continue;
if (econf->bits > 0) {
if (!ipmask_check(addr, &econf->address, econf->bits))
continue;
} else if (econf->hostmask && match(econf->hostmask, ipbuf))
continue;
return -1;
}
return 0;
}
/** Free all Except configurations from #exceptConfList. */
void conf_erase_except_list(void)
{
struct ExceptConf* next;
struct ExceptConf* p = exceptConfList;
for ( ; p; p = next) {
next = p->next;
MyFree(p->hostmask);
MyFree(p->usermask);
MyFree(p);
}
exceptConfList = 0;
}
/** Return #exceptConfList.
* @return #exceptConfList
*/
const struct ExceptConf* conf_get_except_list(void)
{
return exceptConfList;
}
/** Find any existing quarantine for the named channel.
* @param chname Channel name to search for.
* @return Reason for channel's quarantine, or NULL if none exists.
*/
const char*
find_quarantine(const char *chname)
{
struct qline *qline;
for (qline = GlobalQuarantineList; qline; qline = qline->next)
if (!ircd_strcmp(qline->chname, chname))
return qline->reason;
return NULL;
}
/** Free all qline structs from #GlobalQuarantineList. */
void clear_quarantines(void)
{
struct qline *qline;
while ((qline = GlobalQuarantineList))
{
GlobalQuarantineList = qline->next;
MyFree(qline->reason);
MyFree(qline->chname);
MyFree(qline);
}
}
/** When non-zero, indicates that a configuration error has been seen in this pass. */
static int conf_error;
/** When non-zero, indicates that the configuration file was loaded at least once. */
static int conf_already_read;
extern void yyparse(void);
extern int init_lexer(void);
extern void deinit_lexer(void);
/** Read configuration file.
* @return Zero on failure, non-zero on success. */
int read_configuration_file(void)
{
conf_error = 0;
feature_unmark(); /* unmark all features for resetting later */
clear_nameservers(); /* clear previous list of DNS servers */
if (!init_lexer())
return 0;
yyparse();
deinit_lexer();
feature_mark(); /* reset unmarked features */
conf_already_read = 1;
return 1;
}
/** Report an error message about the configuration file.
* @param msg The error to report.
*/
void
yyerror(const char *msg)
{
sendto_opmask_butone(0, SNO_ALL, "Config parse error in file %s on line %d: %s",
linefile, lineno, msg);
log_write(LS_CONFIG, L_ERROR, 0, "Config parse error in file %s on line %d: %s",
linefile, lineno, msg);
if (!conf_already_read)
fprintf(stderr, "Config parse error in file %s on line %d: %s\n", linefile, lineno, msg);
conf_error = 1;
}
/** Attach CONF_UWORLD items to a server and everything attached to it. */
static void
attach_conf_uworld(struct Client *cptr)
{
struct DLink *lp;
attach_confs_byhost(cptr, cli_name(cptr), CONF_UWORLD);
for (lp = cli_serv(cptr)->down; lp; lp = lp->next)
attach_conf_uworld(lp->value.cptr);
}
/** Free all memory associated with service mapping \a smap.
* @param smap[in] The mapping to free.
*/
void free_mapping(struct s_map *smap)
{
struct nick_host *nh, *next;
for (nh = smap->services; nh; nh = next)
{
next = nh->next;
MyFree(nh);
}
MyFree(smap->name);
MyFree(smap->command);
MyFree(smap->prepend);
MyFree(smap->defaulttext);
MyFree(smap);
}
/** Unregister and free all current service mappings. */
static void close_mappings(void)
{
struct s_map *map, *next;
for (map = GlobalServiceMapList; map; map = next) {
next = map->next;
unregister_mapping(map);
free_mapping(map);
}
GlobalServiceMapList = NULL;
}
/** Reload the configuration file.
* @param cptr Client that requested rehash (if a signal, &me).
* @param sig Type of rehash (0 = oper-requested, 1 = signal, 2 =
* oper-requested but do not restart resolver)
* @return CPTR_KILLED if any client was K/G-lined because of the
* rehash; otherwise 0.
*/
int rehash(struct Client *cptr, int sig)
{
struct ConfItem** tmp = &GlobalConfList;
struct ConfItem* tmp2;
struct Client* acptr;
int i;
int ret = 0;
int found_g = 0;
if (1 == sig)
sendto_opmask_butone(0, SNO_OLDSNO,
"Got signal SIGHUP, reloading ircd conf. file");
while ((tmp2 = *tmp)) {
if (tmp2->clients) {
/*
* Configuration entry is still in use by some
* local clients, cannot delete it--mark it so
* that it will be deleted when the last client
* exits...
*/
if (CONF_CLIENT == (tmp2->status & CONF_CLIENT))
tmp = &tmp2->next;
else {
*tmp = tmp2->next;
tmp2->next = 0;
}
tmp2->status |= CONF_ILLEGAL;
}
else {
*tmp = tmp2->next;
free_conf(tmp2);
}
}
conf_erase_crule_list();
conf_erase_deny_list();
conf_erase_webirc_list();
conf_erase_shost_list();
conf_erase_except_list();
motd_clear();
/*
* delete the juped nicks list
*/
clearNickJupes();
clear_quarantines();
class_mark_delete();
mark_listeners_closing();
auth_mark_closing();
close_mappings();
read_configuration_file();
if (sig != 2)
restart_resolver();
log_reopen(); /* reopen log files */
auth_close_unused();
close_listeners();
class_delete_marked(); /* unless it fails */
/*
* Flush out deleted I and P lines although still in use.
*/
for (tmp = &GlobalConfList; (tmp2 = *tmp);) {
if (CONF_ILLEGAL == (tmp2->status & CONF_ILLEGAL)) {
*tmp = tmp2->next;
tmp2->next = NULL;
if (!tmp2->clients)
free_conf(tmp2);
}
else
tmp = &tmp2->next;
}
for (i = 0; i <= HighestFd; i++) {
if ((acptr = LocalClientArray[i])) {
assert(!IsMe(acptr));
if (IsServer(acptr))
det_confs_butmask(acptr, ~(CONF_UWORLD | CONF_ILLEGAL));
/* Because admin's are getting so uppity about people managing to
* get past K/G's etc, we'll "fix" the bug by actually explaining
* whats going on.
*/
if ((found_g = find_kill(acptr))) {
sendto_opmask_butone(0, found_g > -1 ? SNO_GLINE : SNO_OPERKILL,
found_g == -2 ? "G-line active for %s%s" :
(found_g == -3 ? "Z-line active for %s%s" :
"K-line active for %s%s"),
IsUnknown(acptr) ? "Unregistered Client ":"",
get_client_name(acptr, SHOW_IP));
if (exit_client(cptr, acptr, &me, found_g == -2 ? "G-lined" :
(found_g == -3 ? "Z-lined" : "K-lined")) == CPTR_KILLED)
ret = CPTR_KILLED;
}
}
}
attach_conf_uworld(&me);
geoip_init();
/* If I am still NOOP'ed, mark all O:Lines as illegal */
if (IsServerNoop(&me)) {
for(tmp2 = GlobalConfList; tmp2; tmp2 = tmp2->next) {
if (tmp2->status & CONF_OPERATOR)
tmp2->status |= CONF_ILLEGAL;
}
}
auth_send_event("rehash", NULL);
return ret;
}
/** Read configuration file for the very first time.
* @return Non-zero on success, zero on failure.
*/
int init_conf(void)
{
if (read_configuration_file()) {
/*
* make sure we're sane to start if the config
* file read didn't get everything we need.
* XXX - should any of these abort the server?
* TODO: add warning messages
*/
if (0 == localConf.name || 0 == localConf.numeric)
return 0;
if (conf_error)
return 0;
if (0 == localConf.location1)
DupString(localConf.location1, "");
if (0 == localConf.location2)
DupString(localConf.location2, "");
if (0 == localConf.contact)
DupString(localConf.contact, "");
return 1;
}
return 0;
}
/** Searches for a K/G-line for a client. If one is found, notify the
* user and disconnect them.
* @param cptr Client to search for.
* @return 0 if client is accepted; -1 if client was locally denied
* (K-line); -2 if client was globally denied (G-line); -3 if client
* was globally IP denied (Z-line).
*/
int find_kill(struct Client *cptr)
{
const char* host;
const char* name;
const char* realname;
const char* country;
const char* continent;
const char* version;
struct DenyConf* deny;
struct Gline* agline = NULL;
struct Zline* azline = NULL;
assert(0 != cptr);
if (!cli_user(cptr))
return 0;
host = cli_sockhost(cptr);
name = cli_user(cptr)->username;
realname = cli_info(cptr);
country = cli_countrycode(cptr);
continent = cli_continentcode(cptr);
version = cli_version(cptr);
assert(strlen(host) <= HOSTLEN);
assert((name ? strlen(name) : 0) <= HOSTLEN);
assert((realname ? strlen(realname) : 0) <= REALLEN);
assert((country ? strlen(country) : 0) <= 3);
assert((continent ? strlen(continent) : 0) <= 3);
assert((version ? strlen(version) : 0) <= VERSIONLEN);
/* 2000-07-14: Rewrote this loop for massive speed increases.
* -- Isomer
*/
if (!find_except_conf(cptr, EFLAG_KLINE)) {
for (deny = denyConfList; deny; deny = deny->next) {
if (deny->usermask && match(deny->usermask, name))
continue;
if (deny->realmask && match(deny->realmask, realname))
continue;
if (deny->countrymask && country && match(deny->countrymask, country))
continue;
if (deny->continentmask && continent && match(deny->continentmask, continent))
continue;
if (feature_bool(FEAT_CTCP_VERSIONING) && feature_bool(FEAT_CTCP_VERSIONING_KILL)) {
if (deny->version && version && match(deny->version, version))
continue;
}
if (deny->bits > 0) {
if (!ipmask_check(&cli_ip(cptr), &deny->address, deny->bits))
continue;
} else if (deny->hostmask && match(deny->hostmask, host))
continue;
if ((deny->flags & DENY_FLAGS_AUTHEX) && IsAccount(cptr)) {
if (!EmptyString(deny->mark) && EmptyString(cli_killmark(cptr)))
ircd_strncpy(cli_killmark(cptr), deny->mark, BUFSIZE + 1);
continue;
}
if (EmptyString(deny->message))
send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP,
":Connection from your host is refused on this server.");
else {
if (deny->flags & DENY_FLAGS_FILE)
killcomment(cptr, deny->message);
else
send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, ":%s.", deny->message);
}
return -1;
}
}
/* Check Zlines here just in case a spoofed IP matches */
if (!feature_bool(FEAT_DISABLE_ZLINES) && (azline = zline_lookup(cptr, 0))) {
/*
* find active zlines
* added a check against the user's IP address to find_zline()
*/
send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, ":%s.", ZlineReason(azline));
return -3;
}
/* Don't need to do an except lookup here as it's done in gline_lookup() */
if (!feature_bool(FEAT_DISABLE_GLINES) && (agline = gline_lookup(cptr, 0))) {
/*
* find active glines
* added a check against the user's IP address to find_gline() -Kev
*/
send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, ":%s.", GlineReason(agline));
return -2;
}
return 0;
}
/** Attempt to attach Client blocks to \a cptr. If attach_iline()
* fails for the client, emit a debugging message.
* @param cptr Client to check for access.
* @return Access check result.
*/
enum AuthorizationCheckResult conf_check_client(struct Client *cptr)
{
enum AuthorizationCheckResult acr = ACR_OK;
if ((acr = attach_iline(cptr))) {
Debug((DEBUG_DNS, "ch_cl: access denied: %s[%s]",
cli_name(cptr), cli_sockhost(cptr)));
return acr;
}
return ACR_OK;
}
/** Check access for a server given its name (passed in cptr struct).
* Must check for all C/N lines which have a name which matches the
* name given and a host which matches. A host alias which is the
* same as the server name is also acceptable in the host field of a
* C/N line.
* @param cptr Peer server to check.
* @return 0 if accepted, -1 if access denied.
*/
int conf_check_server(struct Client *cptr)
{
struct ConfItem* c_conf = NULL;
struct SLink* lp;
Debug((DEBUG_DNS, "sv_cl: check access for %s[%s]",
cli_name(cptr), cli_sockhost(cptr)));
if (IsUnknown(cptr) && !attach_confs_byname(cptr, cli_name(cptr), CONF_SERVER)) {
Debug((DEBUG_DNS, "No C/N lines for %s", cli_sockhost(cptr)));
return -1;
}
lp = cli_confs(cptr);
/*
* We initiated this connection so the client should have a C and N
* line already attached after passing through the connect_server()
* function earlier.
*/
if (IsConnecting(cptr) || IsHandshake(cptr)) {
c_conf = find_conf_byname(lp, cli_name(cptr), CONF_SERVER);
if (!c_conf) {
sendto_opmask_butone(0, SNO_OLDSNO,
"Connect Error: lost Connect block for %s",
cli_name(cptr));
det_confs_butmask(cptr, 0);
return -1;
}
}
/* Try finding the Connect block by DNS name and IP next. */
if (!c_conf && !(c_conf = find_conf_byhost(lp, cli_sockhost(cptr), CONF_SERVER)))
c_conf = find_conf_byip(lp, &cli_ip(cptr), CONF_SERVER);
/*
* Attach by IP# only if all other checks have failed.
* It is quite possible to get here with the strange things that can
* happen when using DNS in the way the irc server does. -avalon
*/
if (!c_conf)
c_conf = find_conf_byip(lp, &cli_ip(cptr), CONF_SERVER);
/*
* detach all conf lines that got attached by attach_confs()
*/
det_confs_butmask(cptr, 0);
/*
* if no Connect block, then deny access
*/
if (!c_conf) {
Debug((DEBUG_DNS, "sv_cl: access denied: %s[%s@%s]",
cli_name(cptr), cli_username(cptr), cli_sockhost(cptr)));
return -1;
}
/*
* attach the Connect block to the client structure for later use.
*/
attach_conf(cptr, c_conf);
if (!irc_in_addr_valid(&c_conf->address.addr))
memcpy(&c_conf->address.addr, &cli_ip(cptr), sizeof(c_conf->address.addr));
Debug((DEBUG_DNS, "sv_cl: access ok: %s[%s]",
cli_name(cptr), cli_sockhost(cptr)));
return 0;
}
int verify_sslclifp(struct Client* cptr, struct ConfItem* aconf)
{
if (!(aconf->sslfp))
return 1;
if (!cli_sslclifp(cptr))
return 0;
if (ircd_strcmp(aconf->sslfp, cli_sslclifp(cptr)) != 0)
return 0;
return 1;
}
int find_mark(struct Client* sptr, const char* mark)
{
struct SLink *lp;
for (lp = cli_marks(sptr); lp; lp = lp->next) {
if (!ircd_strcmp(lp->value.cp, mark))
return 1;
}
return 0;
}
int find_mark_match(struct Client* sptr, const char* mask)
{
struct SLink *lp;
for (lp = cli_marks(sptr); lp; lp = lp->next) {
if (!match(mask, lp->value.cp))
return 1;
}
return 0;
}
int add_mark(struct Client* sptr, const char* mark)
{
struct SLink *lp;
if (!find_mark(sptr, mark)) {
lp = make_link();
memset(lp, 0, sizeof(struct SLink));
lp->next = cli_marks(sptr);
lp->value.cp = (char*) MyMalloc(strlen(mark) + 1);
assert(0 != lp->value.cp);
strcpy(lp->value.cp, mark);
cli_marks(sptr) = lp;
}
return 0;
}
int del_marks(struct Client* sptr)
{
int count = 0;
struct SLink **lp;
struct SLink *tmp;
for (lp = &(cli_marks(sptr)); *lp;) {
tmp = *lp;
*lp = tmp->next;
MyFree(tmp->value.cp);
free_link(tmp);
count++;
}
return count;
}
/** Get client config structure for a particular client.
* @param[in] acptr Client to check.
* @return Pointer to the ConfItem to which \a acptr belongs.
*/
struct ConfItem*
get_client_conf(struct Client *acptr)
{
struct SLink *tmp;
/* Return the most recent(first on LL) client class... */
if (acptr && !IsMe(acptr) && (cli_confs(acptr)))
for (tmp = cli_confs(acptr); tmp; tmp = tmp->next)
{
if (tmp->value.aconf && (tmp->value.aconf->status & CONF_CLIENT))
return tmp->value.aconf;
}
return NULL;
}
Reference in New Issue View Git Blame Copy Permalink