2 * IRC - Internet Relay Chat, ircd/m_svsnick.c
3 * Written by David Herrmann.
11 #include "ircd_alloc.h"
13 #include "ircd_reply.h"
14 #include "ircd_string.h"
15 #include "ircd_features.h"
16 #include "ircd_crypt.h"
32 /* Sends response \r (len: \l) to client \c. */
33 #define webirc_resp(c, r, l) \
34 ssl_send(cli_fd(c), cli_socket(c).ssl, r, l)
36 /* Buffer used in nick replacements. */
37 static char webirc_buf[513];
39 /* Returns 1 if the passwords are the same and 0 if not.
40 * \to_match is the password hash
41 * \passwd is the unhashed password in "$KIND$password" style
43 static unsigned int webirc_pwmatch(const char* to_match, const char* passwd) {
47 crypted = ircd_crypt(to_match, passwd);
50 res = strcmp(crypted, passwd);
55 /* Checks whether password/host/spoofed host/ip are allowed and returns the corresponding webirc block.
56 * Returns NULL if nothing found.
58 static struct webirc_block *webirc_match(const char *passwd, const char *real_host, const char *real_ip, const char *spoofed_host, const char *spoofed_ip) {
59 struct webirc_block *iter;
60 struct webirc_node *inode;
61 unsigned int matched = 0;
63 if(!GlobalWebIRCConf) {
67 iter = GlobalWebIRCConf;
72 /* first check for matching password */
74 /* it's a sorted list an passwords are stored first! */
76 if(inode->type != WEBIRC_PASS) break;
77 if(webirc_pwmatch(passwd, inode->content)) {
83 } while(inode != iter->list);
85 /* go to next entry */
88 /* check for matching real-host/ip */
91 /* fast-forward to hosts and then check the hosts */
93 /* everything greater than WEBIRC_HOSTS are the spoofed masks */
94 if(inode->type > WEBIRC_HOST) break;
96 if(inode->type == WEBIRC_HOST) {
98 if(match(inode->content, real_host) == 0 || match(inode->content, real_ip) == 0) {
103 else if(matched) /* do nothing */;
104 else if(match(inode->content, real_host) == 0 || match(inode->content, real_ip) == 0)
109 } while(inode != iter->list);
112 /* check for matching spoofed host/ip */
116 if(inode->type == WEBIRC_SPOOF) {
118 if(match(inode->content, spoofed_host) == 0 || match(inode->content, spoofed_ip) == 0) {
123 else if(matched) /* do nothing */;
124 else if(match(inode->content, spoofed_host) == 0 || match(inode->content, spoofed_ip) == 0)
129 } while(inode != iter->list);
132 if(matched) return iter;
134 /* nothing found, try next block */
137 } while(iter != GlobalWebIRCConf);
145 * parv[0] = sender prefix
151 int m_webirc(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) {
152 struct webirc_block *block;
153 struct irc_in_addr addr;
154 const char *con_addr;
155 time_t next_target = 0;
158 const char *nick = (*(cli_name(sptr))) ? cli_name(sptr) : "AUTH";
159 unsigned int auth = (*(cli_name(sptr))) ? 0 : 1;
161 /* servers cannot spoof their ip */
162 if(IsServerPort(sptr)) {
163 /* If a server sends WEBIRC command it's a protocol violation so exit him and do not check FEAT_WEBIRC_REJECT. */
164 IPcheck_connect_fail(sptr);
165 return exit_client(cptr, sptr, &me, "WebIRC not supported on server ports");
168 /* all 4 parameters are required plus the prefix => 5 */
170 return need_more_params(sptr, "WEBIRC");
172 if(strcmp(parv[2], "cgiirc")) {
173 if(feature_bool(FEAT_WEBIRC_REJECT)) {
174 IPcheck_connect_fail(sptr);
175 return exit_client(cptr, sptr, &me, "WebIRC protocol violation (p2).");
178 len = sprintf(webirc_buf, "NOTICE %s :%sWebIRC protocol violation (p2).\r\n", nick, auth ? "*** " : "");
179 webirc_resp(sptr, webirc_buf, len);
180 return 0; /* continue with normal authentication */
184 /* created ip in dotted notation */
185 con_addr = ircd_ntoa(&(cli_ip(sptr)));
186 if(0 == ipmask_parse(parv[4], &addr, NULL)) {
187 if(feature_bool(FEAT_WEBIRC_REJECT)) {
188 IPcheck_connect_fail(sptr);
189 return exit_client(cptr, sptr, &me, "WebIRC protocol violation (p4).");
192 /* bufferoverflow prevented with NICKLEN check above */
193 len = sprintf(webirc_buf, "NOTICE %s :%sWebIRC protocol violation (p4).\r\n", nick, auth ? "*** " : "");
194 webirc_resp(sptr, webirc_buf, len);
195 return 0; /* continue with normal authentication */
199 /* find matching webirc block */
200 block = webirc_match(parv[1], cli_sockhost(sptr), con_addr, parv[3], parv[4]);
202 if(feature_bool(FEAT_WEBIRC_REJECT)) {
203 IPcheck_connect_fail(sptr);
204 return exit_client(cptr, sptr, &me, "WebIRC client rejected, no match found.");
207 len = sprintf(webirc_buf, "NOTICE %s :%sWebIRC spoofing rejected, no match found.\r\n", nick, auth?"*** ":"");
208 webirc_resp(sptr, webirc_buf, len);
209 return 0; /* continue with normal authentication */
213 /* remove the WebIRC ip from the IPcheck entry, we will add the real one later */
214 IPcheck_connect_fail(sptr);
215 IPcheck_disconnect(sptr);
216 ClearIPChecked(sptr);
219 memcpy(cli_real_ip(sptr).in6_16, cli_ip(sptr).in6_16, 16);
220 memcpy(cli_ip(sptr).in6_16, addr.in6_16, 16);
222 /* spoof ip/host strings */
223 ircd_strncpy(cli_real_sock_ip(sptr), cli_sock_ip(sptr), SOCKIPLEN);
224 ircd_strncpy(cli_sock_ip(sptr), parv[4], SOCKIPLEN);
225 ircd_strncpy(cli_real_sockhost(sptr), cli_sockhost(sptr), HOSTLEN);
226 ircd_strncpy(cli_sockhost(sptr), parv[3], HOSTLEN);
227 ircd_strncpy(cli_webirc(sptr), block->name, NICKLEN);
229 /* add the real ip to the IPcheck */
230 if(!IPcheck_local_connect(&cli_ip(sptr), &next_target))
231 return exit_client(cptr, sptr, &me, "Too many connections from your host");
234 /* set WebIRC umode only if enabled */
235 if(feature_bool(FEAT_WEBIRC_UMODE))