2 * IRC - Internet Relay Chat, ircd/m_svsnick.c
3 * Written by David Herrmann.
11 #include "ircd_alloc.h"
13 #include "ircd_reply.h"
14 #include "ircd_string.h"
15 #include "ircd_features.h"
16 #include "ircd_crypt.h"
32 /* Sends response \r (len: \l) to client \c. */
33 #define webirc_resp(c, r, l) \
34 ssl_send(cli_fd(c), cli_socket(c).ssl, r, l)
36 /* Buffer used in nick replacements. */
37 static char webirc_buf[513];
39 /* Returns 1 if the passwords are the same and 0 if not.
40 * \to_match is the password hash
41 * \passwd is the unhashed password in "$KIND$password" style
43 static unsigned int webirc_pwmatch(const char* to_match, const char* passwd) {
47 crypted = ircd_crypt(to_match, passwd);
50 res = strcmp(crypted, passwd);
55 /* Checks whether password/host/spoofed host/ip are allowed and returns the corresponding webirc block.
56 * Returns NULL if nothing found.
58 static struct webirc_block *webirc_match(const char *passwd, const char *real_host, const char *real_ip, const char *spoofed_host, const char *spoofed_ip) {
59 struct webirc_block *iter;
60 struct webirc_node *inode;
61 unsigned int matched = 0;
63 if(!GlobalWebIRCConf) {
67 iter = GlobalWebIRCConf;
72 /* first check for matching password */
74 /* it's a sorted list an passwords are stored first! */
76 if(inode->type != WEBIRC_PASS) break;
77 if(webirc_pwmatch(passwd, inode->content)) {
83 } while(inode != iter->list);
85 /* go to next entry */
88 /* check for matching real-host/ip */
91 /* fast-forward to hosts and then check the hosts */
93 /* everything greater than WEBIRC_HOSTS are the spoofed masks */
94 if(inode->type > WEBIRC_HOST) break;
96 if(inode->type == WEBIRC_HOST) {
98 if(match(inode->content, real_host) == 0 || match(inode->content, real_ip) == 0) {
103 else if(matched) /* do nothing */;
104 else if(match(inode->content, real_host) == 0 || match(inode->content, real_ip) == 0)
109 } while(inode != iter->list);
112 /* check for matching spoofed host/ip */
116 if(inode->type == WEBIRC_SPOOF) {
118 if(match(inode->content, spoofed_host) == 0 || match(inode->content, spoofed_ip) == 0) {
123 else if(matched) /* do nothing */;
124 else if(match(inode->content, spoofed_host) == 0 || match(inode->content, spoofed_ip) == 0)
129 } while(inode != iter->list);
132 if(matched) return iter;
134 /* nothing found, try next block */
137 } while(iter != GlobalWebIRCConf);
145 * parv[0] = sender prefix
147 * parv[2] = "cgiirc" (ignored)
151 int m_webirc(struct Client* cptr, struct Client* sptr, int parc, char* parv[]) {
152 struct webirc_block *block;
153 struct irc_in_addr addr;
154 const char *con_addr;
155 time_t next_target = 0;
158 const char *nick = (*(cli_name(sptr))) ? cli_name(sptr) : "AUTH";
159 unsigned int auth = (*(cli_name(sptr))) ? 0 : 1;
161 /* servers cannot spoof their ip */
162 if(IsServerPort(sptr)) {
163 /* If a server sends WEBIRC command it's a protocol violation so exit him and do not check FEAT_WEBIRC_REJECT. */
164 IPcheck_connect_fail(sptr);
165 return exit_client(cptr, sptr, &me, "WebIRC not supported on server ports");
168 /* all 4 parameters are required plus the prefix => 5 */
170 return need_more_params(sptr, "WEBIRC");
172 /* created ip in dotted notation */
173 con_addr = ircd_ntoa(&(cli_ip(sptr)));
174 if(0 == ipmask_parse(parv[4], &addr, NULL)) {
175 if(feature_bool(FEAT_WEBIRC_REJECT)) {
176 IPcheck_connect_fail(sptr);
177 return exit_client(cptr, sptr, &me, "WebIRC protocol violation (p4).");
180 /* bufferoverflow prevented with NICKLEN check above */
181 len = sprintf(webirc_buf, "NOTICE %s :%sWebIRC protocol violation (p4).\r\n", nick, auth ? "*** " : "");
182 webirc_resp(sptr, webirc_buf, len);
183 return 0; /* continue with normal authentication */
187 /* find matching webirc block */
188 block = webirc_match(parv[1], cli_sockhost(sptr), con_addr, parv[3], parv[4]);
190 if(feature_bool(FEAT_WEBIRC_REJECT)) {
191 IPcheck_connect_fail(sptr);
192 return exit_client(cptr, sptr, &me, "WebIRC client rejected, no match found.");
195 len = sprintf(webirc_buf, "NOTICE %s :%sWebIRC spoofing rejected, no match found.\r\n", nick, auth?"*** ":"");
196 webirc_resp(sptr, webirc_buf, len);
197 return 0; /* continue with normal authentication */
201 /* remove the WebIRC ip from the IPcheck entry, we will add the real one later */
202 IPcheck_connect_fail(sptr);
203 IPcheck_disconnect(sptr);
204 ClearIPChecked(sptr);
207 memcpy(cli_real_ip(sptr).in6_16, cli_ip(sptr).in6_16, 16);
208 memcpy(cli_ip(sptr).in6_16, addr.in6_16, 16);
210 /* spoof ip/host strings */
211 ircd_strncpy(cli_real_sock_ip(sptr), cli_sock_ip(sptr), SOCKIPLEN);
212 ircd_strncpy(cli_sock_ip(sptr), parv[4], SOCKIPLEN);
213 ircd_strncpy(cli_real_sockhost(sptr), cli_sockhost(sptr), HOSTLEN);
214 ircd_strncpy(cli_sockhost(sptr), parv[3], HOSTLEN);
215 ircd_strncpy(cli_webirc(sptr), block->name, NICKLEN);
217 /* add the real ip to the IPcheck */
218 if(!IPcheck_local_connect(&cli_ip(sptr), &next_target))
219 return exit_client(cptr, sptr, &me, "Too many connections from your host");
222 /* set WebIRC umode only if enabled */
223 if(feature_bool(FEAT_WEBIRC_UMODE))