3 /* Written by David Herrmann.
4 * Dedicated to the Public Domain.
7 * The IAuth collects all information from the ircd and when it thinks it has a complete
8 * set of information, it starts this script with all information as parameters. This
9 * script has to check the database for a dataset and return the values it wants to change
10 * or return nothing if it wants to reject the client.
12 * The data from the IAuth is passed in the array $argv. If a value is not available, it is
13 * an empty string. If a value is available it must be a string between 1 and IAUTH_DATALEN
14 * characters, whereas IAUTH_DATALEN is defined in iauth.h.
15 * - Name of the script:
16 * $argv[0] = ./iauth.php
17 * - The IP of the remote socket endpoint:
18 * $argv[1] = 85.214.49.253
19 * - The port of the remote socket endpoint:
21 * - The ip of the local socket endpoint:
22 * $argv[3] = 127.0.0.1
23 * - The port of the local socket endpoint:
25 * - The resolved hostname of the remote socket:
26 * $argv[5] = p3EE37393.dip.t-dialin.net
27 * - The hostname the user passed to USER:
28 * $argv[6] = localhost
29 * - The servername the user passed to USER:
30 * $argv[7] = irc.ogn.net
31 * - The nick which the user passed:
32 * $argv[8] = some_weird_nick
33 * - The username the user passed to USER:
35 * - The realname the user passed to USER:
36 * $argv[10] = realname
37 * - The account[:timestamp] which was proofed by LOC: (The :timestamp is optional)
38 * $argv[11] = some_account:124206424
39 * - The fakehost which was set by LOC:
40 * $argv[12] = cool.1337.fakehost
41 * - The class that the server would assign to the user if iauth would not be there:
42 * $argv[13] = some_server_class
43 * - The last PASS line the user sent:
44 * $argv[14] = some_password
45 * - The ident we got from the user's ident server:
47 * - The name of the server we are connected to:
48 * $argv[16] = devnull.xy.net
50 * The response of the script is sent to STDOUT. If the script wants to reject the request, it can
51 * simply exit without sending anything.
52 * If you want to accept the client, you have to pass several parameters to STDOUT. Each parameter
53 * is separated by a space. If you want to skip a parameter, simply put "$" in there.
54 * Every value which is not "$" is forced on the user before he gets assigned to a class.
55 * Each value is limited again to IAUTH_DATALEN, however, the ircd itself may limit the data again,
56 * therefore, it is recommended to use short values. '\0' characters are not allowed in a reply and
57 * the IAuth parser will reject the query.
59 * - The class which is assigned to the user:
61 * - The ident which should be forced on the user:
63 * - The host which should be forced on the user:
64 * echo "forced.host.on.user ";
65 * - The ip which should be forced on the user:
66 * echo "127.244.12.110 ";
67 * - A mode striing which is set on the user. This can include fakehosts/accounts/operators/etc.
68 * echo "+wogsfr 131071 fake.host.net account:124653295"
69 * The last parameter "mode" can have as many spaces as you want.
72 /* These constants are defined to access $argv more easily. */
73 define("ARG_REMOTEIP", $argv[1]);
74 define("ARG_REMOTEPORT", $argv[2]);
75 define("ARG_LOCALIP", $argv[3]);
76 define("ARG_LOCALPORT", $argv[4]);
77 define("ARG_HOSTNAME", $argv[5]);
78 define("ARG_USER_HOST", $argv[6]);
79 define("ARG_USER_SERV", $argv[7]);
80 define("ARG_NICK", $argv[8]);
81 define("ARG_USERNAME", $argv[9]);
82 define("ARG_REALNAME", $argv[10]);
83 define("ARG_TS_ACCOUNT", $argv[11]);
84 define("ARG_ACCOUNT", preg_replace('/^(.*?)(:\d+)?$/', '$1', $argv[11]));
85 define("ARG_FAKEHOST", $argv[12]);
86 define("ARG_CLASS", $argv[13]);
87 define("ARG_PASS", $argv[14]);
88 define("ARG_IDENT", $argv[15]);
89 define("ARG_SERVER", $argv[16]);
91 /* This function can be used to return a result. */
92 function iauth_return($class = NULL, $ident = NULL, $host = NULL, $ip = NULL, $mode = NULL) {
93 $class = trim($class);
94 $ident = trim($ident);
96 $ip = trim((substr($ip, 0, 1) == ":") ? "0".$ip : $ip);
98 if($class === NULL || strlen($class) == 0) $class = "$";
99 if($ident === NULL || strlen($ident) == 0) $ident = "$";
100 if($host === NULL || strlen($host) == 0) $host = "$";
101 if($ip === NULL || strlen($ip) == 0) $ip = "$";
102 if($mode === NULL || strlen($mode) == 0) $mode = "$";
103 echo "$class $ident $host $ip $mode";
107 /* This rejects the client. */
108 function iauth_reject() {
112 /* Validate the input now and return the right result.
113 * REMEMBER: SOME VALUES MIGHT BE AN EMPTY STRING AND NOT SET!
117 /****************************************************/
118 /****************************************************/
119 /* Following three example ways to handle a client. */
120 /****************************************************/
121 /****************************************************/
123 /* Simply allow the client to connect the normal way. */
124 /* iauth_return(); */
126 /* Or as an example return only a class and a mode change. */
127 /* iauth_return("class", NULL, NULL, NULL, "+rf account:14314789 fake.host.net"); */
129 /* Or reject the client. */
130 /* iauth_reject(); */
132 /* our real implementation */