Author: Kev <klmitch@mit.edu>

Log message:

Suppress key leaks during net junctions by making keys appear as "*".  Does
NOT affect normal user (or even server) /MODE commands.

This change to the trunk has NOT been tested.  The code implementing +A and
+u has been touched.  I *believe* the resulting code will work, but someone
should please sanity-check this--I don't have the facilities to verify this
change up front.

(pull-up from the u2_10_11 branch)

git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/trunk@689 c9e4aea6-c8fd-4c43-8297-357d70d61c8c

diff --git a/ChangeLog b/ChangeLog
index cc43a8c0f5d1795f6380aa59a85667ea3cb26f41..1b054e2f5cc6f1b9bd5b4e229762adeea39fae82 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 2002-03-27  Kevin L Mitchell  <klmitch@mit.edu>
 
+       * ircd/m_burst.c (ms_burst): use MODEBUF_DEST_NOKEY to suppress
+       sending of the key to the channel
+
+       * ircd/channel.c (modebuf_flush_int): when processing keys, only
+       include the actual key in the mode sent to the channel if
+       MODEBUF_DEST_NOKEY is not set
+
+       * include/channel.h: needed more bits for MODEBUF_DEST_*,
+       especially when adding MODEBUF_DEST_NOKEY to force keys in the
+       BURST to be reported as "*" to the channel
+
        * ircd/m_oper.c (m_oper): clear the new oper's sendq so it gets
        inherited from the class associated with the O-line
 

diff --git a/include/channel.h b/include/channel.h
index b4e31b83d6523cf15938a017dc3e4e9fb7f2f5bf..812ab74a448bd1196613a74bd83eb2aa7240ed2a 100644 (file)
--- a/include/channel.h
+++ b/include/channel.h
@@ -261,17 +261,19 @@ struct ModeBuf {
                                        /* A mode w/args */
 };
 
-#define MODEBUF_DEST_CHANNEL   0x0001  /* Mode is flushed to channel */
-#define MODEBUF_DEST_SERVER    0x0002  /* Mode is flushed to server */
+#define MODEBUF_DEST_CHANNEL   0x00001 /* Mode is flushed to channel */
+#define MODEBUF_DEST_SERVER    0x00002 /* Mode is flushed to server */
 
-#define MODEBUF_DEST_OPMODE    0x0100  /* Send server mode as OPMODE */
-#define MODEBUF_DEST_DEOP      0x0200  /* Deop the offender */
-#define MODEBUF_DEST_BOUNCE    0x0400  /* Bounce the modes */
-#define MODEBUF_DEST_LOG       0x0800  /* Log the mode changes to OPATH */
+#define MODEBUF_DEST_OPMODE    0x00100 /* Send server mode as OPMODE */
+#define MODEBUF_DEST_DEOP      0x00200 /* Deop the offender */
+#define MODEBUF_DEST_BOUNCE    0x00400 /* Bounce the modes */
+#define MODEBUF_DEST_LOG       0x00800 /* Log the mode changes to OPATH */
 
-#define MODEBUF_DEST_HACK2     0x2000  /* Send a HACK(2) notice, reverse */
-#define MODEBUF_DEST_HACK3     0x4000  /* Send a HACK(3) notice, TS == 0 */
-#define MODEBUF_DEST_HACK4     0x8000  /* Send a HACK(4) notice, TS == 0 */
+#define MODEBUF_DEST_HACK2     0x02000 /* Send a HACK(2) notice, reverse */
+#define MODEBUF_DEST_HACK3     0x04000 /* Send a HACK(3) notice, TS == 0 */
+#define MODEBUF_DEST_HACK4     0x08000 /* Send a HACK(4) notice, TS == 0 */
+
+#define MODEBUF_DEST_NOKEY     0x10000 /* Don't send the real key */
 
 #define MB_TYPE(mb, i)         ((mb)->mb_modeargs[(i)].mbm_type)
 #define MB_UINT(mb, i)         ((mb)->mb_modeargs[(i)].mbm_arg.mbma_uint)

diff --git a/ircd/channel.c b/ircd/channel.c
index 9cf805c9536b0780203de4abe7bc4b504ed0d492..87b35ce3af43905347f819a1e47d70749f77a675 100644 (file)
--- a/ircd/channel.c
+++ b/ircd/channel.c
@@ -1563,14 +1563,14 @@ modebuf_flush_int(struct ModeBuf *mbuf, int all)
        bufptr[(*bufptr_i)++] = MB_TYPE(mbuf, i) & MODE_CHANOP ? 'o' : 'v';
        totalbuflen -= IRCD_MAX(5, tmp) + 1;
       }
-    } else if (MB_TYPE(mbuf, i) & (MODE_KEY | MODE_BAN | MODE_APASS | MODE_UPASS)) {
+    } else if (MB_TYPE(mbuf, i) & (MODE_BAN | MODE_APASS | MODE_UPASS)) {
       tmp = strlen(MB_STRING(mbuf, i));
 
       if ((totalbuflen - tmp) <= 0) /* don't overflow buffer */
        MB_TYPE(mbuf, i) |= MODE_SAVE; /* save for later */
       else {
        char mode_char;
-       switch(MB_TYPE(mbuf, i) & (MODE_KEY | MODE_BAN | MODE_APASS | MODE_UPASS))
+       switch(MB_TYPE(mbuf, i) & (MODE_BAN | MODE_APASS | MODE_UPASS))
        {
          case MODE_APASS:
            mode_char = 'A';
@@ -1578,9 +1578,6 @@ modebuf_flush_int(struct ModeBuf *mbuf, int all)
          case MODE_UPASS:
            mode_char = 'u';
            break;
-         case MODE_KEY:
-           mode_char = 'k';
-           break;
          default:
            mode_char = 'b';
            break;
@@ -1588,6 +1585,16 @@ modebuf_flush_int(struct ModeBuf *mbuf, int all)
        bufptr[(*bufptr_i)++] = mode_char;
        totalbuflen -= tmp + 1;
       }
+    } else if (MB_TYPE(mbuf, i) & MODE_KEY) {
+      tmp = (mbuf->mb_dest & MODEBUF_DEST_NOKEY ? 1 :
+            strlen(MB_STRING(mbuf, i)));
+
+      if ((totalbuflen - tmp) <= 0) /* don't overflow buffer */
+       MB_TYPE(mbuf, i) |= MODE_SAVE; /* save for later */
+      else {
+       bufptr[(*bufptr_i)++] = 'k';
+       totalbuflen -= tmp + 1;
+      }
     } else if (MB_TYPE(mbuf, i) & MODE_LIMIT) {
       /* if it's a limit, we also format the number */
       ircd_snprintf(0, limitbuf, sizeof(limitbuf), "%u", MB_UINT(mbuf, i));
@@ -1633,10 +1640,15 @@ modebuf_flush_int(struct ModeBuf *mbuf, int all)
       if (MB_TYPE(mbuf, i) & (MODE_CHANOP | MODE_VOICE))
        build_string(strptr, strptr_i, cli_name(MB_CLIENT(mbuf, i)), 0, ' ');
 
-      /* deal with strings... */
-      else if (MB_TYPE(mbuf, i) & (MODE_KEY | MODE_BAN))
+      /* deal with bans... */
+      else if (MB_TYPE(mbuf, i) & MODE_BAN)
        build_string(strptr, strptr_i, MB_STRING(mbuf, i), 0, ' ');
 
+      /* deal with keys... */
+      else if (MB_TYPE(mbuf, i) & MODE_KEY)
+       build_string(strptr, strptr_i, mbuf->mb_dest & MODEBUF_DEST_NOKEY ?
+                    "*" : MB_STRING(mbuf, i), 0, ' ');
+
       /* deal with invisible passwords */
       else if (MB_TYPE(mbuf, i) & (MODE_APASS | MODE_UPASS))
        build_string(strptr, strptr_i, "*", 0, ' ');

diff --git a/ircd/m_burst.c b/ircd/m_burst.c
index e253acb57170dbe146e3708cc77b5ade704e6350..5b70eabd5d029f2a70f45781d70dc97ff199c5ad 100644 (file)
--- a/ircd/m_burst.c
+++ b/ircd/m_burst.c
@@ -203,7 +203,8 @@ int ms_burst(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
   if (!chptr->creationtime || chptr->creationtime > timestamp) {
     chptr->creationtime = timestamp;
 
-    modebuf_init(mbuf = &modebuf, &me, cptr, chptr, MODEBUF_DEST_CHANNEL);
+    modebuf_init(mbuf = &modebuf, &me, cptr, chptr,
+                MODEBUF_DEST_CHANNEL | MODEBUF_DEST_NOKEY);
     modebuf_mode(mbuf, MODE_DEL | chptr->mode.mode); /* wipeout modes */
     chptr->mode.mode &= ~(MODE_ADD | MODE_DEL | MODE_PRIVATE | MODE_SECRET |
                          MODE_MODERATED | MODE_TOPICLIMIT | MODE_INVITEONLY |
@@ -215,7 +216,8 @@ int ms_burst(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
     for (lp = chptr->banlist; lp; lp = lp->next)
       lp->flags |= CHFL_BURST_BAN_WIPEOUT;
   } else if (chptr->creationtime == timestamp) {
-    modebuf_init(mbuf = &modebuf, &me, cptr, chptr, MODEBUF_DEST_CHANNEL);
+    modebuf_init(mbuf = &modebuf, &me, cptr, chptr,
+                MODEBUF_DEST_CHANNEL | MODEBUF_DEST_NOKEY);
 
     parse_flags |= MODE_PARSE_SET; /* set new modes */
   }