supernets/unrealircd
supernets
/
unrealircd
mirror of git://git.acid.vegas/unrealircd.git
4
Fork 0
Code Issues Activity
unrealircd/src/modules/nick.c

1440 lines
43 KiB
C
Raw Blame History

/*
* IRC - Internet Relay Chat, src/modules/nick.c
* (C) 1999-2005 The UnrealIRCd Team
*
* See file AUTHORS in IRC package for additional names of
* the programmers.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "unrealircd.h"
ModuleHeader MOD_HEADER
= {
"nick",
"5.0",
"command /nick",
"UnrealIRCd Team",
"unrealircd-5",
};
/* Forward declarations */
CMD_FUNC(cmd_nick);
CMD_FUNC(cmd_nick_local);
CMD_FUNC(cmd_nick_remote);
CMD_FUNC(cmd_uid);
int _register_user(Client *client, char *nick, char *username, char *umode, char *virthost, char *ip);
void nick_collision(Client *cptr, char *newnick, char *newid, Client *new, Client *existing, int type);
int AllowClient(Client *client, char *username);
MOD_TEST()
{
MARK_AS_OFFICIAL_MODULE(modinfo);
EfunctionAdd(modinfo->handle, EFUNC_REGISTER_USER, _register_user);
return MOD_SUCCESS;
}
MOD_INIT()
{
CommandAdd(modinfo->handle, "NICK", cmd_nick, MAXPARA, CMD_USER|CMD_SERVER|CMD_UNREGISTERED);
CommandAdd(modinfo->handle, "UID", cmd_uid, MAXPARA, CMD_SERVER);
MARK_AS_OFFICIAL_MODULE(modinfo);
return MOD_SUCCESS;
}
MOD_LOAD()
{
return MOD_SUCCESS;
}
MOD_UNLOAD()
{
return MOD_SUCCESS;
}
static char buf[BUFSIZE];
static char spamfilter_user[NICKLEN + USERLEN + HOSTLEN + REALLEN + 64];
#define NICKCOL_EQUAL 0
#define NICKCOL_NEW_WON 1
#define NICKCOL_EXISTING_WON 2
/* Assume that on collision a NICK is in flight and the other server will take
* the exact same decision we would do, and thus we don't send a KILL to cptr?
* This works great with this code, seems to kill the correct person and not
* cause desyncs even without UID/SID. HOWEVER.. who knows what code the other servers run?
* Should use UID/SID anyway, then this whole problem doesn't exist.
*/
#define ASSUME_NICK_IN_FLIGHT
/** The NICK command.
* In UnrealIRCd 4/5 this is only used in 2 cases:
* 1) A local user setting or changing the nick name ("NICK xyz")
* 2) A remote user changing their nick name (":<uid> NICK <newnick>")
*/
CMD_FUNC(cmd_nick_remote)
{
TKL *tklban;
int ishold;
Client *acptr;
char nick[NICKLEN + 2];
time_t lastnick = 0;
int differ = 1;
unsigned char removemoder = (client->umodes & UMODE_REGNICK) ? 1 : 0;
char *nickid = (IsUser(client) && *client->id) ? client->id : NULL;
Client *cptr = client->direction; /* Pending a complete overhaul... (TODO) */
MessageTag *mtags = NULL;
if ((parc < 2) || BadPtr(parv[1]))
{
sendnumeric(client, ERR_NONICKNAMEGIVEN);
return;
}
if (!IsUser(client))
{
/* Old NICK protocol for introducing users, not supported as you should use UID */
sendto_umode_global(UMODE_OPER, "Old NICK protocol detected from server %s, should use UID instead -- delinking",
client->name);
exit_client(cptr->direction, NULL, "Old NICK protocol detected, bad, use UID!");
return;
}
strlcpy(nick, parv[1], NICKLEN + 1);
if (parc > 2)
lastnick = atol(parv[2]);
if (!do_remote_nick_name(nick))
{
ircstats.is_kill++;
sendto_umode(UMODE_OPER, "Bad Nick: %s From: %s %s",
parv[1], client->name, get_client_name(cptr, FALSE));
mtags = NULL;
new_message(client, NULL, &mtags);
sendto_one(cptr, mtags, ":%s KILL %s :Illegal nick name", me.id, client->id);
SetKilled(client);
exit_client(client, mtags, "Illegal nick name");
free_message_tags(mtags);
mtags = NULL;
return;
}
if (!strcasecmp("ircd", nick) || !strcasecmp("irc", nick))
{
sendto_umode(UMODE_OPER, "Bad Reserved Nick: %s From: %s %s",
parv[1], client->name, get_client_name(cptr, FALSE));
mtags = NULL;
new_message(client, NULL, &mtags);
sendto_one(cptr, mtags, ":%s KILL %s :Reserved nick name", me.id, client->id);
SetKilled(client);
exit_client(client, mtags, "Reserved nick name");
free_message_tags(mtags);
mtags = NULL;
return;
}
/* Check Q-lines / ban nick */
if (!IsULine(client) && (tklban = find_qline(client, nick, &ishold)) && !ishold)
{
/* Remote user changing nick - warning only */
sendto_snomask(SNO_QLINE, "Q-Lined nick %s from %s on %s", nick,
client->name, client->srvptr ? client->srvptr->name : "<unknown>");
}
if ((acptr = find_client(nick, NULL)))
{
/* If existing nick is still in handshake, kill it */
if (IsUnknown(acptr) && MyConnect(acptr))
{
SetKilled(acptr);
exit_client(acptr, NULL, "Overridden");
} else
if (acptr == client)
{
/* 100% identical? Must be a bug, but ok */
if (!strcmp(acptr->name, nick))
return;
/* Allows change of case in their nick */
removemoder = 0; /* don't set the user -r */
} else
{
/*
** A NICK change has collided (e.g. message type ":old NICK new").
*/
differ = (mycmp(acptr->user->username, client->user->username) ||
mycmp(acptr->user->realhost, client->user->realhost));
sendto_umode(UMODE_OPER, "Nick change collision from %s to %s (%s %lld <- %s %lld)",
client->name, acptr->name, acptr->direction->name,
(long long)acptr->lastnick,
client->direction->name, (long long)lastnick);
if (!(parc > 2) || lastnick == acptr->lastnick)
{
nick_collision(client, parv[1], nickid, client, acptr, NICKCOL_EQUAL);
return; /* Now that I killed them both, ignore the NICK */
} else
if ((differ && (acptr->lastnick > lastnick)) ||
(!differ && (acptr->lastnick < lastnick)))
{
nick_collision(client, parv[1], nickid, client, acptr, NICKCOL_NEW_WON);
/* fallthrough: their user won, continue and proceed with the nick change */
} else
if ((differ && (acptr->lastnick < lastnick)) ||
(!differ && (acptr->lastnick > lastnick)))
{
nick_collision(client, parv[1], nickid, client, acptr, NICKCOL_EXISTING_WON);
return; /* their user lost, ignore the NICK */
} else
{
return; /* just in case */
}
}
}
mtags = NULL;
/* Existing client nick-changing */
if (!IsULine(client))
sendto_snomask(SNO_FNICKCHANGE, "*** %s (%s@%s) has changed their nickname to %s",
client->name, client->user->username, client->user->realhost, nick);
RunHook2(HOOKTYPE_REMOTE_NICKCHANGE, client, nick);
client->lastnick = lastnick ? lastnick : TStime();
add_history(client, 1);
new_message(client, recv_mtags, &mtags);
sendto_server(client, 0, 0, mtags, ":%s NICK %s %lld",
client->id, nick, (long long)client->lastnick);
sendto_local_common_channels(client, client, 0, mtags, ":%s NICK :%s", client->name, nick);
free_message_tags(mtags);
if (removemoder)
client->umodes &= ~UMODE_REGNICK;
/* Finally set new nick name. */
del_from_client_hash_table(client->name, client);
hash_check_watch(client, RPL_LOGOFF);
strcpy(client->name, nick);
add_to_client_hash_table(nick, client);
hash_check_watch(client, RPL_LOGON);
}
CMD_FUNC(cmd_nick_local)
{
TKL *tklban;
int ishold;
Client *acptr;
char nick[NICKLEN + 2], descbuf[BUFSIZE];
Membership *mp;
long lastnick = 0l;
int differ = 1, update_watch = 1;
unsigned char removemoder = (client->umodes & UMODE_REGNICK) ? 1 : 0;
Hook *h;
int i = 0;
char *nickid = (IsUser(client) && *client->id) ? client->id : NULL;
Client *cptr = client->direction; /* Pending a complete overhaul... (TODO) */
if ((parc < 2) || BadPtr(parv[1]))
{
sendnumeric(client, ERR_NONICKNAMEGIVEN);
return;
}
/* Enforce minimum nick length */
if (iConf.min_nick_length && !IsOper(client) && !IsULine(client) && strlen(parv[1]) < iConf.min_nick_length)
{
snprintf(descbuf, sizeof descbuf, "A minimum length of %d chars is required", iConf.min_nick_length);
sendnumeric(client, ERR_ERRONEUSNICKNAME, parv[1], descbuf);
return;
}
/* Enforce maximum nick length */
strlcpy(nick, parv[1], iConf.nick_length + 1);
/* Check if this is a valid nick name */
if (!do_nick_name(nick))
{
sendnumeric(client, ERR_ERRONEUSNICKNAME, parv[1], "Illegal characters");
return;
}
/* set::anti-flood::nick-flood */
if (client->user && !ValidatePermissionsForPath("immune:nick-flood",client,NULL,NULL,NULL))
{
if ((client->user->flood.nick_c >= NICK_COUNT) &&
(TStime() - client->user->flood.nick_t < NICK_PERIOD))
{
/* Throttle... */
sendnumeric(client, ERR_NCHANGETOOFAST, nick,
(int)(NICK_PERIOD - (TStime() - client->user->flood.nick_t)));
return;
}
}
/* Check for collisions / in use */
if (!strcasecmp("ircd", nick) || !strcasecmp("irc", nick))
{
sendnumeric(client, ERR_ERRONEUSNICKNAME, nick, "Reserved for internal IRCd purposes");
return;
}
if (MyUser(client))
{
/* Local client changing nick: check spamfilter */
spamfilter_build_user_string(spamfilter_user, nick, client);
if (match_spamfilter(client, spamfilter_user, SPAMF_USER, NULL, 0, NULL))
return;
}
/* Check Q-lines / ban nick */
if (!IsULine(client) && (tklban = find_qline(client, nick, &ishold)))
{
if (ishold)
{
sendnumeric(client, ERR_ERRONEUSNICKNAME, nick, tklban->ptr.nameban->reason);
return;
}
if (!ValidatePermissionsForPath("immune:server-ban:ban-nick",client,NULL,NULL,nick))
{
client->local->since += 4; /* lag them up */
sendnumeric(client, ERR_ERRONEUSNICKNAME, nick, tklban->ptr.nameban->reason);
sendto_snomask(SNO_QLINE, "Forbidding Q-lined nick %s from %s (%s)",
nick, get_client_name(cptr, FALSE), tklban->ptr.nameban->reason);
return; /* NICK message ignored */
}
/* fallthrough for ircops that have sufficient privileges */
}
if (!ValidatePermissionsForPath("immune:nick-flood",client,NULL,NULL,NULL))
cptr->local->since += 3; /* Nick-flood prot. -Donwulff */
if ((acptr = find_client(nick, NULL)))
{
/* Shouldn't be possible since dot is disallowed: */
if (IsServer(acptr))
{
sendnumeric(client, ERR_NICKNAMEINUSE, nick);
return;
}
if (acptr == client)
{
/* New nick is exactly the same as the old nick? */
if (!strcmp(acptr->name, nick))
return;
/* Changing cAsE */
removemoder = 0;
} else
/* Collision with a nick of a session that is still in handshake */
if (IsUnknown(acptr) && MyConnect(acptr))
{
/* Kill the other connection that is still in progress */
SetKilled(acptr);
exit_client(acptr, NULL, "Overridden");
} else
{
sendnumeric(client, ERR_NICKNAMEINUSE, nick);
return; /* NICK message ignored */
}
}
/* New local client? */
if (!client->name[0])
{
if (iConf.ping_cookie)
{
/*
* Client setting NICK the first time.
*
* Generate a random string for them to pong with.
*/
client->local->nospoof = getrandom32();
sendto_one(client, NULL, "PING :%X", client->local->nospoof);
}
/* Copy password to the passwd field if it's given after NICK */
if ((parc > 2) && (strlen(parv[2]) <= PASSWDLEN))
safe_strdup(client->local->passwd, parv[2]);
/* This had to be copied here to avoid problems.. */
strlcpy(client->name, nick, sizeof(client->name));
/* Let's see if we can get online now... */
if (is_handshake_finished(client))
{
/* Send a CTCP VERSION */
if (!iConf.ping_cookie && USE_BAN_VERSION && MyConnect(client))
sendto_one(client, NULL, ":IRC!IRC@%s PRIVMSG %s :\1VERSION\1", me.name, nick);
client->lastnick = TStime();
if (!register_user(client, nick, client->user->username, NULL, NULL, NULL))
{
if (IsDead(client))
return;
/* ..otherwise.. fallthrough so we run the same code
* as in case of !is_handshake_finished()
*/
} else {
/* New user! */
update_watch = 0; /* already done in register_user() */
strlcpy(nick, client->name, sizeof(nick)); /* don't ask, but I need this. do not remove! -- Syzop */
}
}
} else
if (MyUser(client))
{
MessageTag *mtags = NULL;
/* Existing client nick-changing */
/*
** If the client belongs to me, then check to see
** if client is currently on any channels where it
** is currently banned. If so, do not allow the nick
** change to occur.
** Also set 'lastnick' to current time, if changed.
*/
for (mp = client->user->channel; mp; mp = mp->next)
{
if (!is_skochanop(client, mp->channel) && is_banned(client, mp->channel, BANCHK_NICK, NULL, NULL))
{
sendnumeric(client, ERR_BANNICKCHANGE,
mp->channel->chname);
return;
}
if (CHECK_TARGET_NICK_BANS && !is_skochanop(client, mp->channel) && is_banned_with_nick(client, mp->channel, BANCHK_NICK, nick, NULL, NULL))
{
sendnumeric(client, ERR_BANNICKCHANGE, mp->channel->chname);
return;
}
for (h = Hooks[HOOKTYPE_CHAN_PERMIT_NICK_CHANGE]; h; h = h->next)
{
i = (*(h->func.intfunc))(client,mp->channel);
if (i != HOOK_CONTINUE)
break;
}
if (i == HOOK_DENY)
{
sendnumeric(client, ERR_NONICKCHANGE,
mp->channel->chname);
return;
}
}
if (TStime() - client->user->flood.nick_t >= NICK_PERIOD)
{
client->user->flood.nick_t = TStime();
client->user->flood.nick_c = 1;
} else
client->user->flood.nick_c++;
sendto_snomask(SNO_NICKCHANGE, "*** %s (%s@%s) has changed their nickname to %s",
client->name, client->user->username, client->user->realhost, nick);
RunHook2(HOOKTYPE_LOCAL_NICKCHANGE, client, nick);
client->lastnick = TStime();
add_history(client, 1);
new_message(client, recv_mtags, &mtags);
sendto_server(client, 0, 0, mtags, ":%s NICK %s %lld",
client->id, nick, (long long)client->lastnick);
sendto_local_common_channels(client, client, 0, mtags, ":%s NICK :%s", client->name, nick);
sendto_one(client, mtags, ":%s NICK :%s", client->name, nick);
free_message_tags(mtags);
if (removemoder)
client->umodes &= ~UMODE_REGNICK;
} else
{
/* Someone changing nicks in the pre-registered phase */
}
del_from_client_hash_table(client->name, client);
if (update_watch && IsUser(client))
hash_check_watch(client, RPL_LOGOFF);
strlcpy(client->name, nick, sizeof(client->name));
add_to_client_hash_table(nick, client);
/* update fdlist --nenolod */
snprintf(descbuf, sizeof(descbuf), "Client: %s", nick);
fd_desc(client->local->fd, descbuf);
if (update_watch && IsUser(client))
hash_check_watch(client, RPL_LOGON);
if (removemoder && MyUser(client))
sendto_one(client, NULL, ":%s MODE %s :-r", me.name, client->name);
}
/*
** cmd_uid
** parv[1] = nickname
** parv[2] = hopcount
** parv[3] = timestamp
** parv[4] = username
** parv[5] = hostname
** parv[6] = UID
** parv[7] = servicestamp
** parv[8] = umodes
** parv[9] = virthost, * if none
** parv[10] = cloaked host, * if none
** parv[11] = ip
** parv[12] = info
**
** Technical documentation is available at:
** https://www.unrealircd.org/docs/Server_protocol:UID_command
*/
CMD_FUNC(cmd_uid)
{
TKL *tklban;
int ishold;
Client *acptr, *serv = NULL;
Client *acptrs;
char nick[NICKLEN + 1];
long lastnick = 0l;
int differ = 1;
char *hostname, *username, *sstamp, *umodes, *virthost, *ip, *realname;
if (parc < 13)
{
sendnumeric(client, ERR_NEEDMOREPARAMS, "UID");
return;
}
/* It's not just the directly attached client which must be a
* server. The source itself needs to be a server.
*/
if (!IsServer(client))
{
sendnumeric(client, ERR_NOTFORUSERS, "UID");
return;
}
strlcpy(nick, parv[1], sizeof(nick));
/* Do some *MINIMAL* nick name checking for remote nicknames.
* This will only catch things that severely break things. -- Syzop
*/
if (!do_remote_nick_name(nick))
{
sendnumeric(client, ERR_ERRONEUSNICKNAME, parv[1], "Illegal characters");
ircstats.is_kill++;
sendto_umode(UMODE_OPER, "Bad Nick: %s From: %s %s",
parv[1], client->name, get_client_name(client, FALSE));
/* Send kill to uplink only, hasn't been broadcasted to the rest, anyway */
sendto_one(client, NULL, ":%s KILL %s :Bad nick", me.id, parv[1]);
return;
}
/* Kill quarantined opers early... */
if (IsQuarantined(client->direction) && strchr(parv[8], 'o'))
{
ircstats.is_kill++;
/* Send kill to uplink only, hasn't been broadcasted to the rest, anyway */
sendto_one(client, NULL, ":%s KILL %s :Quarantined: no oper privileges allowed",
me.id, parv[1]);
sendto_umode_global(UMODE_OPER, "QUARANTINE: Oper %s on server %s killed, due to quarantine",
parv[1], client->name);
return;
}
/* This one is never allowed, even from remotes */
if (!strcasecmp("ircd", nick) || !strcasecmp("irc", nick))
{
sendnumeric(client, ERR_ERRONEUSNICKNAME, nick, "Reserved for internal IRCd purposes");
sendto_one(client, NULL, ":%s KILL %s :Bad reserved nick", me.id, parv[1]);
return;
}
if (!IsULine(client) && (tklban = find_qline(client, nick, &ishold)))
{
if (IsServer(client) && !ishold) /* server introducing new client */
{
acptrs = find_server(client->user == NULL ? parv[6] : client->user->server, NULL);
/* (NEW: no unregistered Q-Line msgs anymore during linking) */
if (!acptrs || (acptrs->serv && acptrs->serv->flags.synced))
sendto_snomask(SNO_QLINE, "Q-Lined nick %s from %s on %s", nick,
(*client->name != 0
&& !IsServer(client) ? client->name : "<unregistered>"),
acptrs ? acptrs->name : "unknown server");
}
}
/* Now check if 'nick' already exists - first, collisions with server names/ids (extremely rare) */
if ((acptr = find_server(nick, NULL)) != NULL)
{
sendto_umode(UMODE_OPER, "Nick collision on %s(%s <- %s)",
client->name, acptr->direction->name,
get_client_name(client, FALSE));
ircstats.is_kill++;
sendto_one(client, NULL, ":%s KILL %s :Nick-server-collision", me.id, parv[1]);
return;
}
/* Now check if 'nick' already exists - collision with a user (or still in handshake, unknown) */
if ((acptr = find_client(nick, NULL)) != NULL)
{
/* If there's a collision with a user that is still in handshake, on our side,
* then we can just kill our client and continue.
*/
if (MyConnect(acptr) && IsUnknown(acptr))
{
SetKilled(acptr);
exit_client(acptr, NULL, "Overridden");
goto nickkill2done;
}
lastnick = atol(parv[3]);
differ = (mycmp(acptr->user->username, parv[4]) || mycmp(acptr->user->realhost, parv[5]));
sendto_umode(UMODE_OPER, "Nick collision on %s (%s %lld <- %s %lld)",
acptr->name, acptr->direction->name, (long long)acptr->lastnick,
client->direction->name, (long long)lastnick);
/*
** I'm putting the KILL handling here just to make it easier
** to read, it's hard to follow it the way it used to be.
** Basically, this is what it will do. It will kill both
** users if no timestamp is given, or they are equal. It will
** kill the user on our side if the other server is "correct"
** (user@host differ and their user is older, or user@host are
** the same and their user is younger), otherwise just kill the
** user an reintroduce our correct user.
** The old code just sat there and "hoped" the other server
** would kill their user. Not anymore.
** -- binary
*/
if (acptr->lastnick == lastnick)
{
nick_collision(client, parv[1], parv[6], NULL, acptr, NICKCOL_EQUAL);
return; /* We killed both users, now stop the process. */
}
if ((differ && (acptr->lastnick > lastnick)) ||
(!differ && (acptr->lastnick < lastnick)) || acptr->direction == client->direction) /* we missed a QUIT somewhere ? */
{
nick_collision(client, parv[1], parv[6], NULL, acptr, NICKCOL_NEW_WON);
/* We got rid of the "wrong" user. Introduce the correct one. */
/* ^^ hmm.. why was this absent in nenolod's code, resulting in a 'return 0'? seems wrong. */
goto nickkill2done;
}
if ((differ && (acptr->lastnick < lastnick)) || (!differ && (acptr->lastnick > lastnick)))
{
nick_collision(client, parv[1], parv[6], NULL, acptr, NICKCOL_EXISTING_WON);
return; /* Ignore the NICK */
}
return; /* just in case */
}
nickkill2done:
/* Proceed with introducing the new client, change source (replace client) */
serv = client;
client = make_client(serv->direction, serv);
strlcpy(client->id, parv[6], IDLEN);
add_client_to_list(client);
add_to_id_hash_table(client->id, client);
client->lastnick = atol(parv[3]);
strlcpy(client->name, nick, NICKLEN+1);
add_to_client_hash_table(nick, client);
make_user(client);
hostname = parv[5];
sstamp = parv[7];
username = parv[4];
umodes = parv[8];
virthost = parv[9];
ip = parv[11];
realname = parv[12];
/* Note that cloaked host aka parv[10] is unused */
client->user->server = find_or_add(client->srvptr->name);
strlcpy(client->user->realhost, hostname, sizeof(client->user->realhost));
// FIXME: some validation would be nice ^
if (*sstamp != '*')
strlcpy(client->user->svid, sstamp, sizeof(client->user->svid));
strlcpy(client->info, realname, sizeof(client->info));
strlcpy(client->user->username, username, USERLEN + 1);
register_user(client, client->name, username, umodes, virthost, ip);
if (IsDead(client))
return;
if (!IsULine(serv) && IsSynched(serv))
sendto_fconnectnotice(client, 0, NULL);
if (client->user->svid[0] != '0')
user_account_login(recv_mtags, client);
RunHook(HOOKTYPE_REMOTE_CONNECT, client);
}
/** The NICK command.
* In UnrealIRCd 4/5 this is only used in 2 cases:
* 1) A local user setting or changing the nick name ("NICK xyz")
* 2) A remote user changing their nick name (":<uid> NICK <newnick>")
*/
CMD_FUNC(cmd_nick)
{
if (MyConnect(client) && !IsServer(client))
cmd_nick_local(client, recv_mtags, parc, parv);
else
cmd_nick_remote(client, recv_mtags, parc, parv);
}
/** Register the connection as a User.
* This is called after NICK + USER (in no particular order)
* and possibly other protocol messages as well (eg CAP).
* @param client Client to be made a user.
* @param nick Nick name
* @param username Username
* @param umode User modes
* @param virthost Virtual host (can be NULL)
* @param ip IP address string (can be NULL)
* @returns 1 if successfully registered, 0 if not (client might be killed).
*/
int _register_user(Client *client, char *nick, char *username, char *umode, char *virthost, char *ip)
{
ConfigItem_ban *bconf;
char *tmpstr;
char stripuser[USERLEN + 1], *u1 = stripuser, *u2, olduser[USERLEN + 1],
userbad[USERLEN * 2 + 1], *ubad = userbad, noident = 0;
int i, xx;
Hook *h;
ClientUser *user = client->user;
char *tkllayer[9] = {
me.name, /*0 server.name */
"+", /*1 +|- */
"z", /*2 G */
"*", /*3 user */
NULL, /*4 host */
NULL,
NULL, /*6 expire_at */
NULL, /*7 set_at */
NULL /*8 reason */
};
TKL *savetkl = NULL;
ConfigItem_tld *tlds;
nick = client->name; /* <- The data is always the same, but the pointer is sometimes not,
* I need this for one of my modules, so do not remove! ;) -- Syzop */
if (MyConnect(client))
{
char temp[USERLEN + 1];
if (!AllowClient(client, username))
{
ircstats.is_ref++;
/* For safety, we have an extra kill here */
if (!IsDead(client))
exit_client(client, NULL, "Rejected");
return 0;
}
if (client->local->hostp)
{
/* reject ASCII < 32 and ASCII >= 127 (note: upper resolver might be even more strict). */
for (tmpstr = client->local->sockhost; *tmpstr > ' ' && *tmpstr < 127; tmpstr++);
/* if host contained invalid ASCII _OR_ the DNS reply is an IP-like reply
* (like: 1.2.3.4 or ::ffff:1.2.3.4), then reject it and use IP instead.
*/
if (*tmpstr || !*user->realhost || (isdigit(*client->local->sockhost) && (client->local->sockhost > tmpstr && isdigit(*(tmpstr - 1))) )
|| (client->local->sockhost[0] == ':'))
strlcpy(client->local->sockhost, client->ip, sizeof(client->local->sockhost));
}
if (client->local->sockhost[0])
{
strlcpy(user->realhost, client->local->sockhost, sizeof(client->local->sockhost)); /* SET HOSTNAME */
} else {
sendto_realops("[HOSTNAME BUG] client->local->sockhost is empty for user %s (%s, %s)",
client->name, client->ip ? client->ip : "<null>", user->realhost);
ircd_log(LOG_ERROR, "[HOSTNAME BUG] client->local->sockhost is empty for user %s (%s, %s)",
client->name, client->ip ? client->ip : "<null>", user->realhost);
}
/*
* I do not consider *, ~ or ! 'hostile' in usernames,
* as it is easy to differentiate them (Use \*, \? and \\)
* with the possible?
* exception of !. With mIRC etc. ident is easy to fake
* to contain @ though, so if that is found use non-ident
* username. -Donwulff
*
* I do, We only allow a-z A-Z 0-9 _ - and . now so the
* !strchr(client->ident, '@') check is out of date. -Cabal95
*
* Moved the noident stuff here. -OnyxDragon
*/
/* because username may point to user->username */
strlcpy(temp, username, USERLEN + 1);
if (!IsUseIdent(client))
strlcpy(user->username, temp, USERLEN + 1);
else if (IsIdentSuccess(client))
strlcpy(user->username, client->ident, USERLEN+1);
else
{
if (IDENT_CHECK == 0) {
strlcpy(user->username, temp, USERLEN+1);
}
else {
*user->username = '~';
strlcpy((user->username + 1), temp, sizeof(user->username)-1);
noident = 1;
}
}
/*
* Limit usernames to just 0-9 a-z A-Z _ - and .
* It strips the "bad" chars out, and if nothing is left
* changes the username to the first 8 characters of their
* nickname. After the MOTD is displayed it sends numeric
* 455 to the user telling them what(if anything) happened.
* -Cabal95
*
* Moved the noident thing to the right place - see above
* -OnyxDragon
*
* No longer use nickname if the entire ident is invalid,
* if thats the case, it is likely the user is trying to cause
* problems so just ban them. (Using the nick could introduce
* hostile chars) -- codemastr
*/
for (u2 = user->username + noident; *u2; u2++)
{
if (isallowed(*u2))
*u1++ = *u2;
else if (*u2 < 32)
{
/*
* Make sure they can read what control
* characters were in their username.
*/
*ubad++ = '^';
*ubad++ = *u2 + '@';
}
else
*ubad++ = *u2;
}
*u1 = '\0';
*ubad = '\0';
if (strlen(stripuser) != strlen(user->username + noident))
{
if (stripuser[0] == '\0')
{
exit_client(client, NULL, "Hostile username. Please use only 0-9 a-z A-Z _ - and . in your username.");
return 0;
}
strlcpy(olduser, user->username + noident, USERLEN+1);
strlcpy(user->username + 1, stripuser, sizeof(user->username)-1);
user->username[0] = '~';
user->username[USERLEN] = '\0';
}
else
u1 = NULL;
/* Check ban realname { } blocks */
if ((bconf = find_ban(NULL, client->info, CONF_BAN_REALNAME)))
{
ircstats.is_ref++;
banned_client(client, "realname", bconf->reason?bconf->reason:"", 0, 0);
return 0;
}
/* Check G/Z lines before shuns -- kill before quite -- codemastr */
if (find_tkline_match(client, 0))
{
if (!IsDead(client) && client->local->class)
{
/* Fix client count bug, in case that it was a hold such as via authprompt */
client->local->class->clients--;
client->local->class = NULL;
}
ircstats.is_ref++;
return 0;
}
find_shun(client);
spamfilter_build_user_string(spamfilter_user, client->name, client);
if (match_spamfilter(client, spamfilter_user, SPAMF_USER, NULL, 0, &savetkl))
{
if (savetkl && ((savetkl->ptr.spamfilter->action == BAN_ACT_VIRUSCHAN) ||
(savetkl->ptr.spamfilter->action == BAN_ACT_SOFT_VIRUSCHAN)))
{
/* 'viruschan' action:
* Continue with registering the client, and at the end
* of this function we will do the actual joining to the
* virus channel.
*/
} else {
/* Client is either dead or blocked (will hang, on purpose, and timeout) */
return 0;
}
}
for (h = Hooks[HOOKTYPE_PRE_LOCAL_CONNECT]; h; h = h->next)
{
i = (*(h->func.intfunc))(client);
if (i == HOOK_DENY)
{
if (!IsDead(client) && client->local->class)
{
/* Fix client count bug, in case that
* the HOOK_DENY was only meant temporarily.
*/
client->local->class->clients--;
client->local->class = NULL;
}
return 0;
}
if (i == HOOK_ALLOW)
break;
}
}
else
{
strlcpy(user->username, username, USERLEN+1);
}
SetUser(client);
irccounts.clients++;
if (client->srvptr && client->srvptr->serv)
client->srvptr->serv->users++;
make_cloakedhost(client, user->realhost, user->cloakedhost, sizeof(user->cloakedhost));
safe_strdup(user->virthost, user->cloakedhost);
if (MyConnect(client))
{
char descbuf[BUFSIZE];
int i;
snprintf(descbuf, sizeof descbuf, "Client: %s", nick);
fd_desc(client->local->fd, descbuf);
list_move(&client->lclient_node, &lclient_list);
irccounts.unknown--;
irccounts.me_clients++;
if (IsSecure(client))
{
client->umodes |= UMODE_SECURE;
RunHook(HOOKTYPE_SECURE_CONNECT, client);
}
if (IsHidden(client))
ircd_log(LOG_CLIENT, "Connect - %s!%s@%s [VHOST %s]", nick,
user->username, user->realhost, user->virthost);
else
ircd_log(LOG_CLIENT, "Connect - %s!%s@%s", nick, user->username,
user->realhost);
RunHook2(HOOKTYPE_WELCOME, client, 0);
sendnumeric(client, RPL_WELCOME, ircnetwork, nick, user->username, user->realhost);
RunHook2(HOOKTYPE_WELCOME, client, 1);
sendnumeric(client, RPL_YOURHOST, me.name, version);
RunHook2(HOOKTYPE_WELCOME, client, 2);
sendnumeric(client, RPL_CREATED, creation);
RunHook2(HOOKTYPE_WELCOME, client, 3);
sendnumeric(client, RPL_MYINFO, me.name, version, umodestring, cmodestring);
RunHook2(HOOKTYPE_WELCOME, client, 4);
for (i = 0; ISupportStrings[i]; i++)
sendnumeric(client, RPL_ISUPPORT, ISupportStrings[i]);
RunHook2(HOOKTYPE_WELCOME, client, 5);
if (IsHidden(client))
{
sendnumeric(client, RPL_HOSTHIDDEN, user->virthost);
RunHook2(HOOKTYPE_WELCOME, client, 396);
}
if (IsSecureConnect(client))
{
if (client->local->ssl && !iConf.no_connect_tls_info)
{
sendnotice(client, "*** You are connected to %s with %s",
me.name, tls_get_cipher(client->local->ssl));
}
}
{
char *parv[2];
parv[0] = client->name;
parv[1] = NULL;
do_cmd(client, NULL, "LUSERS", 1, parv);
if (IsDead(client))
return 0;
}
RunHook2(HOOKTYPE_WELCOME, client, 266);
short_motd(client);
RunHook2(HOOKTYPE_WELCOME, client, 376);
#ifdef EXPERIMENTAL
sendnotice(client,
"*** \2NOTE:\2 This server is running experimental IRC server software (UnrealIRCd %s). "
"If you find any bugs or problems, please report them at https://bugs.unrealircd.org/",
VERSIONONLY);
#endif
/*
* Now send a numeric to the user telling them what, if
* anything, happened.
*/
if (u1)
sendnumeric(client, ERR_HOSTILENAME, olduser, userbad, stripuser);
}
else
{
Client *acptr;
/* Remote client */
/* The following two cases probably cannot happen anymore? at all? */
if (!(acptr = find_server_quick(user->server)))
{
sendto_ops("Bad USER [%s] :%s USER %s %s : No such server",
client->name, nick, user->username, user->server);
sendto_one(client, NULL, ":%s KILL %s :No such server: %s",
me.id, client->id, user->server);
SetKilled(client);
exit_client(client, NULL, "USER without prefix(2.8) or wrong prefix");
return 0;
}
else if (acptr->direction != client->direction)
{
sendto_ops("Bad User [%s] :%s USER %s %s, != %s[%s]",
client->name, nick, user->username, user->server,
acptr->name, acptr->direction->name);
sendto_one(client, NULL, ":%s KILL %s :Wrong user-server-direction",
me.id, client->id);
SetKilled(client);
exit_client(client, NULL, "USER server wrong direction");
return 0;
} else
{
client->flags |= acptr->flags;
}
if (IsULine(client->srvptr))
SetULine(client);
}
if (client->umodes & UMODE_INVISIBLE)
{
irccounts.invisible++;
}
if (virthost && umode)
{
/* Set the IP address first */
if (ip && (*ip != '*'))
{
char *ipstring = decode_ip(ip);
if (!ipstring)
{
sendto_ops("USER with invalid IP (%s) (%s) -- "
"IP must be base64 encoded binary representation of either IPv4 or IPv6",
client->name, ip);
exit_client(client, NULL, "USER with invalid IP");
return 0;
}
safe_strdup(client->ip, ipstring);
}
/* For remote clients we recalculate the cloakedhost here because
* it may depend on the IP address (bug #5064).
*/
make_cloakedhost(client, user->realhost, user->cloakedhost, sizeof(user->cloakedhost));
safe_strdup(user->virthost, user->cloakedhost);
/* Set the umodes */
tkllayer[0] = nick;
tkllayer[1] = nick;
tkllayer[2] = umode;
tkllayer[3] = NULL;
dontspread = 1;
do_cmd(client, NULL, "MODE", 3, tkllayer);
dontspread = 0;
/* Set the vhost */
if (virthost && *virthost != '*')
safe_strdup(client->user->virthost, virthost);
}
hash_check_watch(client, RPL_LOGON); /* Uglier hack */
build_umode_string(client, 0, SEND_UMODES|UMODE_SERVNOTICE, buf);
sendto_serv_butone_nickcmd(client->direction, client, (*buf == '\0' ? "+" : buf));
if (MyConnect(client))
{
broadcast_moddata_client(client);
sendto_connectnotice(client, 0, NULL); /* moved down, for modules. */
if (buf[0] != '\0' && buf[1] != '\0')
sendto_one(client, NULL, ":%s MODE %s :%s", client->name,
client->name, buf);
if (user->snomask)
sendnumeric(client, RPL_SNOMASK, get_snomask_string_raw(user->snomask));
if (!IsSecure(client) && !IsLocalhost(client) && (iConf.plaintext_policy_user == POLICY_WARN))
sendnotice_multiline(client, iConf.plaintext_policy_user_message);
if (IsSecure(client) && (iConf.outdated_tls_policy_user == POLICY_WARN) && outdated_tls_client(client))
sendnotice(client, "%s", outdated_tls_client_build_string(iConf.outdated_tls_policy_user_message, client));
/* Make creation time the real 'online since' time, excluding registration time.
* Otherwise things like set::anti-spam-quit-messagetime 10s could mean
* 1 second in practice (#2174).
*/
client->local->firsttime = TStime();
client->local->last = TStime();
/* Give the user a fresh start as far as fake-lag is concerned.
* Otherwise the user could be lagged up already due to all the CAP stuff.
*/
client->local->since = TStime();
RunHook2(HOOKTYPE_WELCOME, client, 999);
/* NOTE: Code after this 'if (savetkl)' will not be executed for quarantined-
* virus-users. So be carefull with the order. -- Syzop
*/
// FIXME: verify if this works, trace code path upstream!!!!
if (savetkl)
return join_viruschan(client, savetkl, SPAMF_USER); /* [RETURN!] */
/* Force the user to join the given chans -- codemastr */
tlds = find_tld(client);
if (tlds && !BadPtr(tlds->channel))
{
char *chans = strdup(tlds->channel);
char *args[3] = {
client->name,
chans,
NULL
};
do_cmd(client, NULL, "JOIN", 3, args);
safe_free(chans);
if (IsDead(client))
return 0;
}
else if (!BadPtr(AUTO_JOIN_CHANS) && strcmp(AUTO_JOIN_CHANS, "0"))
{
char *chans = strdup(AUTO_JOIN_CHANS);
char *args[3] = {
client->name,
chans,
NULL
};
do_cmd(client, NULL, "JOIN", 3, args);
safe_free(chans);
if (IsDead(client))
return 0;
}
/* NOTE: If you add something here.. be sure to check the 'if (savetkl)' note above */
}
if (MyConnect(client) && !BadPtr(client->local->passwd))
{
safe_free(client->local->passwd);
client->local->passwd = NULL;
}
/* User successfully registered */
return 1;
}
/** Nick collission detected. A winner has been decided upstream. Deal with killing.
* I moved this all to a single routine here rather than having all code duplicated
* due to SID vs NICK and some code quadruplicated.
*/
void nick_collision(Client *cptr, char *newnick, char *newid, Client *new, Client *existing, int type)
{
char comment[512];
char *new_server, *existing_server;
ircd_log(LOG_ERROR, "Nick collision: %s[%s]@%s (new) vs %s[%s]@%s (existing). Winner: %s. Type: %s",
newnick, newid, cptr->name,
existing->name, existing->id, existing->srvptr->name,
(type == NICKCOL_EQUAL) ? "None (equal)" : ((type == NICKCOL_NEW_WON) ? "New won" : "Existing won"),
new ? "nick-change" : "new user connecting");
new_server = cptr->name;
existing_server = (existing == existing->direction) ? me.name : existing->direction->name;
if (type == NICKCOL_EXISTING_WON)
snprintf(comment, sizeof(comment), "Nick collision: %s <- %s", new_server, existing_server);
else if (type == NICKCOL_NEW_WON)
snprintf(comment, sizeof(comment), "Nick collision: %s <- %s", existing_server, new_server);
else
snprintf(comment, sizeof(comment), "Nick collision: %s <-> %s", existing_server, new_server);
/* We only care about the direction from this point, not about the originally sending server */
cptr = cptr->direction;
if ((type == NICKCOL_EQUAL) || (type == NICKCOL_EXISTING_WON))
{
/* Kill 'new':
* - 'new' is known by the cptr-side as 'newnick' already
* - if not nick-changing then the other servers don't know this user
* - if nick-changing, then the the other servers know the user as new->name
*/
/* cptr case first... this side knows the user by newnick/newid */
/* SID server can kill 'new' by ID */
sendto_one(cptr, NULL, ":%s KILL %s :%s", me.id, newid, comment);
/* non-cptr case... only necessary if nick-changing. */
if (new)
{
MessageTag *mtags = NULL;
new_message(new, NULL, &mtags);
/* non-cptr side knows this user by their old nick name */
sendto_server(cptr, 0, 0, mtags, ":%s KILL %s :%s", me.id, new->id, comment);
/* Exit the client */
ircstats.is_kill++;
SetKilled(new);
exit_client(new, mtags, comment);
free_message_tags(mtags);
}
}
if ((type == NICKCOL_EQUAL) || (type == NICKCOL_NEW_WON))
{
MessageTag *mtags = NULL;
new_message(existing, NULL, &mtags);
/* Now let's kill 'existing' */
sendto_server(NULL, 0, 0, mtags, ":%s KILL %s :%s", me.id, existing->id, comment);
/* Exit the client */
ircstats.is_kill++;
SetKilled(existing);
exit_client(existing, mtags, comment);
free_message_tags(mtags);
}
}
/* This used to initialize the various name strings used to store hostnames.
* But nowadays this takes place much earlier (in add_connection?).
* It's mainly used for "localhost" and WEBIRC magic only now...
*/
int check_init(Client *client, char *sockn, size_t size)
{
strlcpy(sockn, client->local->sockhost, HOSTLEN);
RunHookReturnInt3(HOOKTYPE_CHECK_INIT, client, sockn, size, !=0);
/* Some silly hack to convert 127.0.0.1 and such into 'localhost' */
if (!strcmp(GetIP(client), "127.0.0.1") ||
!strcmp(GetIP(client), "0:0:0:0:0:0:0:1") ||
!strcmp(GetIP(client), "0:0:0:0:0:ffff:127.0.0.1"))
{
if (client->local->hostp)
{
unreal_free_hostent(client->local->hostp);
client->local->hostp = NULL;
}
strlcpy(sockn, "localhost", HOSTLEN);
}
return 1;
}
/** Returns 1 if allow::maxperip is exceeded by 'client' */
int exceeds_maxperip(Client *client, ConfigItem_allow *aconf)
{
Client *acptr;
int cnt = 1;
if (find_tkl_exception(TKL_MAXPERIP, client))
return 0; /* exempt */
list_for_each_entry(acptr, &lclient_list, lclient_node)
{
if (IsUser(acptr) && !strcmp(GetIP(acptr), GetIP(client)))
{
cnt++;
if (cnt > aconf->maxperip)
return 1;
}
}
return 0;
}
/** Allow or reject the client based on allow { } blocks and all other restrictions.
* @param client Client to check (local)
* @param username Username, for some reason...
* @returns 1 if OK, 0 if client is rejected (likely killed too)
*/
int AllowClient(Client *client, char *username)
{
static char sockhost[HOSTLEN + 1];
struct hostent *hp = NULL;
int i;
ConfigItem_allow *aconf;
char *hname;
static char uhost[HOSTLEN + USERLEN + 3];
static char fullname[HOSTLEN + 1];
Debug((DEBUG_DNS, "ch_cl: check access for %s[%s]", client->name, client->local->sockhost));
if (!check_init(client, sockhost, sizeof(sockhost)))
return 0;
hp = client->local->hostp;
if (!IsSecure(client) && !IsLocalhost(client) && (iConf.plaintext_policy_user == POLICY_DENY))
{
exit_client(client, NULL, iConf.plaintext_policy_user_message->line);
return 0;
}
if (IsSecure(client) && (iConf.outdated_tls_policy_user == POLICY_DENY) && outdated_tls_client(client))
{
char *msg = outdated_tls_client_build_string(iConf.outdated_tls_policy_user_message, client);
exit_client(client, NULL, msg);
return 0;
}
for (aconf = conf_allow; aconf; aconf = aconf->next)
{
if (aconf->flags.tls && !IsSecure(client))
continue;
if (hp && hp->h_name)
{
hname = hp->h_name;
strlcpy(fullname, hname, sizeof(fullname));
Debug((DEBUG_DNS, "a_il: %s->%s", sockhost, fullname));
if (strchr(aconf->hostname, '@'))
{
if (aconf->flags.noident)
strlcpy(uhost, username, sizeof(uhost));
else
strlcpy(uhost, client->ident, sizeof(uhost));
strlcat(uhost, "@", sizeof(uhost));
}
else
*uhost = '\0';
strlcat(uhost, fullname, sizeof(uhost));
if (match_simple(aconf->hostname, uhost))
goto attach;
}
if (strchr(aconf->ip, '@'))
{
if (aconf->flags.noident)
strlcpy(uhost, username, sizeof(uhost));
else
strlcpy(uhost, client->ident, sizeof(uhost));
strlcat(uhost, "@", sizeof(uhost));
}
else
*uhost = '\0';
strlcat(uhost, sockhost, sizeof(uhost));
/* Check the IP */
if (match_user(aconf->ip, client, MATCH_CHECK_IP))
goto attach;
/* Hmm, localhost is a special case, hp == NULL and sockhost contains
* 'localhost' instead of an ip... -- Syzop. */
if (!strcmp(sockhost, "localhost"))
{
if (strchr(aconf->hostname, '@'))
{
if (aconf->flags.noident)
strlcpy(uhost, username, sizeof(uhost));
else
strlcpy(uhost, client->ident, sizeof(uhost));
strlcat(uhost, "@localhost", sizeof(uhost));
}
else
strcpy(uhost, "localhost");
if (match_simple(aconf->hostname, uhost))
goto attach;
}
continue; /* No match */
attach:
/* Check authentication */
if (aconf->auth && !Auth_Check(client, aconf->auth, client->local->passwd))
{
/* Incorrect password/authentication - but was is it required? */
if (aconf->flags.reject_on_auth_failure)
{
exit_client(client, NULL, iConf.reject_message_unauthorized);
return 0;
} else {
continue; /* Continue (this is the default behavior) */
}
}
if (!aconf->flags.noident)
SetUseIdent(client);
if (!aconf->flags.useip && hp)
strlcpy(uhost, fullname, sizeof(uhost));
else
strlcpy(uhost, sockhost, sizeof(uhost));
set_sockhost(client, uhost);
if (aconf->maxperip && exceeds_maxperip(client, aconf))
{
/* Already got too many with that ip# */
exit_client(client, NULL, iConf.reject_message_too_many_connections);
return 0;
}
if (!((aconf->class->clients + 1) > aconf->class->maxclients))
{
client->local->class = aconf->class;
client->local->class->clients++;
}
else
{
/* Class is full */
sendnumeric(client, RPL_REDIR, aconf->server ? aconf->server : defserv, aconf->port ? aconf->port : 6667);
exit_client(client, NULL, iConf.reject_message_server_full);
return 0;
}
return 1;
}
/* User did not match any allow { } blocks: */
exit_client(client, NULL, iConf.reject_message_unauthorized);
return 0;
}
Reference in New Issue View Git Blame Copy Permalink