X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Firc-oper.c;h=ae333b1018d1156f74414ee6c41ae7971ec32b10;hb=0d503945cb527e275ef6644a234a6876ff61322b;hp=29953a110606090d7abf9799543e5e6ba21e1a27;hpb=771e539c18669d6c20b557be79675b94ca191c59;p=ngircd-alex.git diff --git a/src/ngircd/irc-oper.c b/src/ngircd/irc-oper.c index 29953a11..ae333b10 100644 --- a/src/ngircd/irc-oper.c +++ b/src/ngircd/irc-oper.c @@ -1,6 +1,6 @@ /* * ngIRCd -- The Next Generation IRC Daemon - * Copyright (c)2001-2011 Alexander Barton (alex@barton.de) and Contributors. + * Copyright (c)2001-2015 Alexander Barton (alex@barton.de) and Contributors. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,26 +16,28 @@ * IRC operator commands */ -#include "imp.h" #include #include #include #include #include +#include #include "ngircd.h" #include "conn-func.h" #include "conf.h" #include "channel.h" #include "class.h" +#include "parse.h" +#include "irc.h" +#include "irc-macros.h" #include "irc-write.h" +#include "lists.h" #include "log.h" #include "match.h" #include "messages.h" -#include "parse.h" #include "op.h" -#include #include "irc-oper.h" /** @@ -45,9 +47,10 @@ static bool Bad_OperPass(CLIENT *Client, char *errtoken, char *errmsg) { - Log(LOG_WARNING, "Got invalid OPER from \"%s\": \"%s\" -- %s", + Log(LOG_ERR|LOG_snotice, "Got invalid OPER from \"%s\": \"%s\" -- %s!", Client_Mask(Client), errtoken, errmsg); - IRC_SetPenalty(Client, 3); + /* Increase penalty to slow down possible brute force attacks */ + IRC_SetPenalty(Client, 10); return IRC_WriteStrClient(Client, ERR_PASSWDMISMATCH_MSG, Client_ID(Client)); } /* Bad_OperPass */ @@ -55,8 +58,6 @@ Bad_OperPass(CLIENT *Client, char *errtoken, char *errmsg) /** * Handler for the IRC "OPER" command. * - * See RFC 2812, 3.1.4 "Oper message". - * * @param Client The client from which this command has been received. * @param Req Request structure with prefix and all parameters. * @return CONNECTED or DISCONNECTED. @@ -70,10 +71,6 @@ IRC_OPER( CLIENT *Client, REQUEST *Req ) assert( Client != NULL ); assert( Req != NULL ); - if (Req->argc != 2) - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, - Client_ID(Client), Req->command); - len = array_length(&Conf_Opers, sizeof(*op)); op = array_start(&Conf_Opers); for (i = 0; i < len && strcmp(op[i].name, Req->argv[0]); i++) @@ -96,20 +93,16 @@ IRC_OPER( CLIENT *Client, REQUEST *Req ) Client_ID(Client)); } - if (!Client_OperByMe(Client)) - Log(LOG_NOTICE|LOG_snotice, - "Got valid OPER for \"%s\" from \"%s\", user is an IRC operator now.", - Req->argv[0], Client_Mask(Client)); + Log(LOG_NOTICE|LOG_snotice, + "Got valid OPER for \"%s\" from \"%s\", user is an IRC operator now.", + Req->argv[0], Client_Mask(Client)); - Client_SetOperByMe(Client, true); return IRC_WriteStrClient(Client, RPL_YOUREOPER_MSG, Client_ID(Client)); } /* IRC_OPER */ /** * Handler for the IRC "DIE" command. * - * See RFC 2812, 4.3 "Die message". - * * @param Client The client from which this command has been received. * @param Req Request structure with prefix and all parameters. * @return CONNECTED or DISCONNECTED. @@ -128,15 +121,6 @@ IRC_DIE(CLIENT * Client, REQUEST * Req) if (!Op_Check(Client, Req)) return Op_NoPrivileges(Client, Req); - /* Bad number of parameters? */ -#ifdef STRICT_RFC - if (Req->argc != 0) -#else - if (Req->argc > 1) -#endif - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, - Client_ID(Client), Req->command); - /* Is a message given? */ if (Req->argc > 0) { c = Conn_First(); @@ -159,8 +143,6 @@ IRC_DIE(CLIENT * Client, REQUEST * Req) /** * Handler for the IRC "REHASH" command. * - * See RFC 2812, 4.2 "Rehash message". - * * @param Client The client from which this command has been received. * @param Req Request structure with prefix and all parameters. * @return CONNECTED or DISCONNECTED. @@ -176,11 +158,6 @@ IRC_REHASH( CLIENT *Client, REQUEST *Req ) if (!Op_Check(Client, Req)) return Op_NoPrivileges(Client, Req); - /* Bad number of parameters? */ - if (Req->argc != 0) - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, - Client_ID(Client), Req->command ); - Log(LOG_NOTICE|LOG_snotice, "Got REHASH command from \"%s\" ...", Client_Mask(Client)); IRC_WriteStrClient(Client, RPL_REHASHING_MSG, Client_ID(Client)); @@ -193,8 +170,6 @@ IRC_REHASH( CLIENT *Client, REQUEST *Req ) /** * Handler for the IRC "RESTART" command. * - * See RFC 2812, 4.4 "Restart message". - * * @param Client The client from which this command has been received. * @param Req Request structure with prefix and all parameters. * @return CONNECTED or DISCONNECTED. @@ -210,11 +185,6 @@ IRC_RESTART( CLIENT *Client, REQUEST *Req ) if (!Op_Check(Client, Req)) return Op_NoPrivileges(Client, Req); - /* Bad number of parameters? */ - if (Req->argc != 0) - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, - Client_ID(Client), Req->command); - Log(LOG_NOTICE|LOG_snotice, "Got RESTART command from \"%s\" ...", Client_Mask(Client)); NGIRCd_SignalRestart = true; @@ -225,8 +195,6 @@ IRC_RESTART( CLIENT *Client, REQUEST *Req ) /** * Handler for the IRC "CONNECT" command. * - * See RFC 2812, 3.4.7 "Connect message". - * * @param Client The client from which this command has been received. * @param Req Request structure with prefix and all parameters. * @return CONNECTED or DISCONNECTED. @@ -239,21 +207,21 @@ IRC_CONNECT(CLIENT * Client, REQUEST * Req) assert(Client != NULL); assert(Req != NULL); - if (Client_Type(Client) != CLIENT_SERVER - && !Client_HasMode(Client, 'o')) - return Op_NoPrivileges(Client, Req); - /* Bad number of parameters? */ if (Req->argc != 1 && Req->argc != 2 && Req->argc != 3 && Req->argc != 5 && Req->argc != 6) - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, + return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG, Client_ID(Client), Req->command); /* Invalid port number? */ if ((Req->argc > 1) && atoi(Req->argv[1]) < 1) - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, + return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG, Client_ID(Client), Req->command); + if (Client_Type(Client) != CLIENT_SERVER + && !Client_HasMode(Client, 'o')) + return Op_NoPrivileges(Client, Req); + from = Client; target = Client_ThisServer(); @@ -262,14 +230,14 @@ IRC_CONNECT(CLIENT * Client, REQUEST * Req) if (Client_Type(Client) == CLIENT_SERVER && Req->prefix) from = Client_Search(Req->prefix); if (! from) - return IRC_WriteStrClient(Client, ERR_NOSUCHNICK_MSG, - Client_ID(Client), Req->prefix); + return IRC_WriteErrClient(Client, ERR_NOSUCHNICK_MSG, + Client_ID(Client), Req->prefix); target = (Req->argc == 3) ? Client_Search(Req->argv[2]) : Client_Search(Req->argv[5]); if (! target || Client_Type(target) != CLIENT_SERVER) - return IRC_WriteStrClient(from, ERR_NOSUCHSERVER_MSG, - Client_ID(from), Req->argv[0]); + return IRC_WriteErrClient(from, ERR_NOSUCHSERVER_MSG, + Client_ID(from), Req->argv[0]); } if (target != Client_ThisServer()) { @@ -292,7 +260,7 @@ IRC_CONNECT(CLIENT * Client, REQUEST * Req) switch (Req->argc) { case 1: if (!Conf_EnablePassiveServer(Req->argv[0])) - return IRC_WriteStrClient(from, ERR_NOSUCHSERVER_MSG, + return IRC_WriteErrClient(from, ERR_NOSUCHSERVER_MSG, Client_ID(from), Req->argv[0]); break; @@ -301,7 +269,7 @@ IRC_CONNECT(CLIENT * Client, REQUEST * Req) /* Connect configured server */ if (!Conf_EnableServer (Req->argv[0], (UINT16) atoi(Req->argv[1]))) - return IRC_WriteStrClient(from, ERR_NOSUCHSERVER_MSG, + return IRC_WriteErrClient(from, ERR_NOSUCHSERVER_MSG, Client_ID(from), Req->argv[0]); break; @@ -310,7 +278,7 @@ IRC_CONNECT(CLIENT * Client, REQUEST * Req) if (!Conf_AddServer (Req->argv[0], (UINT16) atoi(Req->argv[1]), Req->argv[2], Req->argv[3], Req->argv[4])) - return IRC_WriteStrClient(from, ERR_NOSUCHSERVER_MSG, + return IRC_WriteErrClient(from, ERR_NOSUCHSERVER_MSG, Client_ID(from), Req->argv[0]); } @@ -346,11 +314,6 @@ IRC_DISCONNECT(CLIENT * Client, REQUEST * Req) if (!Op_Check(Client, Req)) return Op_NoPrivileges(Client, Req); - /* Bad number of parameters? */ - if (Req->argc != 1) - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, - Client_ID(Client), Req->command); - IRC_SendWallops(Client_ThisServer(), Client_ThisServer(), "Received DISCONNECT %s from %s", Req->argv[0], Client_ID(Client)); @@ -364,7 +327,7 @@ IRC_DISCONNECT(CLIENT * Client, REQUEST * Req) /* Disconnect configured server */ if (!Conf_DisableServer(Req->argv[0])) - return IRC_WriteStrClient(Client, ERR_NOSUCHSERVER_MSG, + return IRC_WriteErrClient(Client, ERR_NOSUCHSERVER_MSG, Client_ID(Client), Req->argv[0]); /* Are we still connected or were we killed, too? */ @@ -377,8 +340,6 @@ IRC_DISCONNECT(CLIENT * Client, REQUEST * Req) /** * Handler for the IRC "WALLOPS" command. * - * See RFC 2812, 4.7 "Operwall message". - * * @param Client The client from which this command has been received. * @param Req Request structure with prefix and all parameters. * @return CONNECTED or DISCONNECTED. @@ -391,18 +352,14 @@ IRC_WALLOPS( CLIENT *Client, REQUEST *Req ) assert( Client != NULL ); assert( Req != NULL ); - if (Req->argc != 1) - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, - Client_ID(Client), Req->command); - switch (Client_Type(Client)) { case CLIENT_USER: - if (!Client_OperByMe(Client)) - return IRC_WriteStrClient(Client, ERR_NOPRIVILEGES_MSG, - Client_ID(Client)); + if (!Op_Check(Client, Req)) + return Op_NoPrivileges(Client, Req); from = Client; break; case CLIENT_SERVER: + _IRC_REQUIRE_PREFIX_OR_RETURN_(Client, Req) from = Client_Search(Req->prefix); break; default: @@ -410,7 +367,7 @@ IRC_WALLOPS( CLIENT *Client, REQUEST *Req ) } if (!from) - return IRC_WriteStrClient(Client, ERR_NOSUCHNICK_MSG, + return IRC_WriteErrClient(Client, ERR_NOSUCHNICK_MSG, Client_ID(Client), Req->prefix); IRC_SendWallops(Client, from, "%s", Req->argv[0]); @@ -427,22 +384,33 @@ IRC_WALLOPS( CLIENT *Client, REQUEST *Req ) GLOBAL bool IRC_xLINE(CLIENT *Client, REQUEST *Req) { - CLIENT *from; + CLIENT *from, *c, *c_next; + char reason[COMMAND_LEN], class_c; + struct list_head *list; + time_t timeout; int class; - char class_c; assert(Client != NULL); assert(Req != NULL); - from = Op_Check(Client, Req); - if (!from) - return Op_NoPrivileges(Client, Req); - /* Bad number of parameters? */ if (Req->argc != 1 && Req->argc != 3) - return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, + return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG, Client_ID(Client), Req->command); + if (!Conf_AllowRemoteOper && Client_Type(Client) == CLIENT_SERVER) { + /* Explicitely forbid remote servers to modify "x-lines" when + * the "AllowRemoteOper" configuration option isn't set, even + * when the command seems to originate from the remote server + * itself: this prevents GLINE's to become set during server + * handshake in this case (what wouldn't be possible during + * regular runtime when a remote IRC Op sends the command). */ + from = NULL; + } else + from = Op_Check(Client, Req); + if (!from) + return Op_NoPrivileges(Client, Req); + switch(Req->command[0]) { case 'g': case 'G': @@ -473,13 +441,17 @@ IRC_xLINE(CLIENT *Client, REQUEST *Req) } } else { /* Add new mask to list */ + timeout = atol(Req->argv[1]); + if (timeout > 0) + timeout += time(NULL); if (Class_AddMask(class, Req->argv[0], - time(NULL) + atol(Req->argv[1]), + timeout, Req->argv[2])) { - Log(LOG_NOTICE|LOG_snotice, - "\"%s\" added \"%s\" to %c-Line list: \"%s\" (%ld seconds).", - Client_Mask(from), Req->argv[0], class_c, - Req->argv[2], atol(Req->argv[1])); + if (Client_Type(from) != CLIENT_SERVER) + Log(LOG_NOTICE|LOG_snotice, + "\"%s\" added \"%s\" to %c-Line list: \"%s\" (%ld seconds).", + Client_Mask(from), Req->argv[0], class_c, + Req->argv[2], atol(Req->argv[1])); if (class == CLASS_GLINE) { /* Inform other servers */ IRC_WriteStrServersPrefix(Client, from, @@ -487,6 +459,20 @@ IRC_xLINE(CLIENT *Client, REQUEST *Req) Req->argv[0], Req->argv[1], Req->argv[2]); } + + /* Check currently connected clients */ + snprintf(reason, sizeof(reason), "%c-Line by \"%s\": \"%s\"", + class_c, Client_ID(from), Req->argv[2]); + list = Class_GetList(class); + c = Client_First(); + while (c) { + c_next = Client_Next(c); + if ((class == CLASS_GLINE || Client_Conn(c) > NONE) + && Lists_Check(list, c)) + IRC_KillClient(Client, NULL, + Client_ID(c), reason); + c = c_next; + } } }