X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Firc-oper.c;h=e877213ef7629f14c0a10593e6c389d5b0bcd76d;hp=4ccc76a6d830fdc66ead9139ad316687ea2b050e;hb=HEAD;hpb=2798a12444bce91613388ceb7ab52d1e97787687

diff --git a/src/ngircd/irc-oper.c b/src/ngircd/irc-oper.c
index 4ccc76a6..df8e2269 100644
--- a/src/ngircd/irc-oper.c
+++ b/src/ngircd/irc-oper.c
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
- * Copyright (c)2001-2013 Alexander Barton (alex@barton.de) and Contributors.
+ * Copyright (c)2001-2015 Alexander Barton (alex@barton.de) and Contributors.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -16,12 +16,12 @@
  * IRC operator commands
  */
 
-#include "imp.h"
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <signal.h>
+#include <time.h>
 
 #include "ngircd.h"
 #include "conn-func.h"
@@ -38,7 +38,6 @@
 #include "messages.h"
 #include "op.h"
 
-#include <exp.h>
 #include "irc-oper.h"
 
 /**
@@ -48,9 +47,11 @@
 static bool
 Bad_OperPass(CLIENT *Client, char *errtoken, char *errmsg)
 {
-	Log(LOG_WARNING, "Got invalid OPER from \"%s\": \"%s\" -- %s",
+	Log(LOG_ERR|LOG_snotice, "Got invalid OPER from \"%s\": \"%s\" -- %s!",
 	    Client_Mask(Client), errtoken, errmsg);
-	return IRC_WriteErrClient(Client, ERR_PASSWDMISMATCH_MSG,
+	/* Increase penalty to slow down possible brute force attacks */
+	IRC_SetPenalty(Client, 10);
+	return IRC_WriteStrClient(Client, ERR_PASSWDMISMATCH_MSG,
 				  Client_ID(Client));
 } /* Bad_OperPass */
 
@@ -208,18 +209,14 @@ IRC_CONNECT(CLIENT * Client, REQUEST * Req)
 
 	/* Bad number of parameters? */
 	if (Req->argc != 1 && Req->argc != 2 && Req->argc != 3 &&
-	    Req->argc != 5 && Req->argc != 6) {
-		IRC_SetPenalty(Client, 2);
+	    Req->argc != 5 && Req->argc != 6)
 		return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG,
 					  Client_ID(Client), Req->command);
-	}
 
 	/* Invalid port number? */
-	if ((Req->argc > 1) && atoi(Req->argv[1]) < 1) {
-		IRC_SetPenalty(Client, 2);
+	if ((Req->argc > 1) && atoi(Req->argv[1]) < 1)
 		return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG,
 					  Client_ID(Client), Req->command);
-	}
 
 	if (Client_Type(Client) != CLIENT_SERVER
 	    && !Client_HasMode(Client, 'o'))
@@ -362,6 +359,7 @@ IRC_WALLOPS( CLIENT *Client, REQUEST *Req )
 		from = Client;
 		break;
 	case CLIENT_SERVER:
+		_IRC_REQUIRE_PREFIX_OR_RETURN_(Client, Req)
 		from = Client_Search(Req->prefix);
 		break;
 	default:
@@ -389,19 +387,27 @@ IRC_xLINE(CLIENT *Client, REQUEST *Req)
 	CLIENT *from, *c, *c_next;
 	char reason[COMMAND_LEN], class_c;
 	struct list_head *list;
+	time_t timeout;
 	int class;
 
 	assert(Client != NULL);
 	assert(Req != NULL);
 
 	/* Bad number of parameters? */
-	if (Req->argc != 1 && Req->argc != 3) {
-		IRC_SetPenalty(Client, 2);
+	if (Req->argc != 1 && Req->argc != 3)
 		return IRC_WriteErrClient(Client, ERR_NEEDMOREPARAMS_MSG,
 					  Client_ID(Client), Req->command);
-	}
 
-	from = Op_Check(Client, Req);
+	if (!Conf_AllowRemoteOper && Client_Type(Client) == CLIENT_SERVER) {
+		/* Explicitly forbid remote servers to modify "x-lines" when
+		 * the "AllowRemoteOper" configuration option isn't set, even
+		 * when the command seems to originate from the remote server
+		 * itself: this prevents GLINE's to become set during server
+		 * handshake in this case (what wouldn't be possible during
+		 * regular runtime when a remote IRC Op sends the command). */
+		from = NULL;
+	} else
+		from = Op_Check(Client, Req);
 	if (!from)
 		return Op_NoPrivileges(Client, Req);
 
@@ -435,13 +441,17 @@ IRC_xLINE(CLIENT *Client, REQUEST *Req)
 		}
 	} else {
 		/* Add new mask to list */
+		timeout = atol(Req->argv[1]);
+		if (timeout > 0)
+			timeout += time(NULL);
 		if (Class_AddMask(class, Req->argv[0],
-				  time(NULL) + atol(Req->argv[1]),
+				  timeout,
 				  Req->argv[2])) {
-			Log(LOG_NOTICE|LOG_snotice,
-			    "\"%s\" added \"%s\" to %c-Line list: \"%s\" (%ld seconds).",
-			    Client_Mask(from), Req->argv[0], class_c,
-			    Req->argv[2], atol(Req->argv[1]));
+			if (Client_Type(from) != CLIENT_SERVER)
+				Log(LOG_NOTICE|LOG_snotice,
+				    "\"%s\" added \"%s\" to %c-Line list: \"%s\" (%ld seconds).",
+				    Client_Mask(from), Req->argv[0], class_c,
+				    Req->argv[2], atol(Req->argv[1]));
 			if (class == CLASS_GLINE) {
 				/* Inform other servers */
 				IRC_WriteStrServersPrefix(Client, from,