RPL_WHOISGATEWAY = 350
};
-// We need this method up here so that it can be accessed from anywhere
-static void ChangeIP(LocalUser* user, const irc::sockets::sockaddrs& sa)
-{
- // Set the users IP address and make sure they are in the right clone pool.
- ServerInstance->Users->RemoveCloneCounts(user);
- user->SetClientIP(sa);
- ServerInstance->Users->AddClone(user);
- if (user->quitting)
- return;
-
- // Recheck the connect class.
- user->MyClass = NULL;
- user->SetClass();
- user->CheckClass();
- if (user->quitting)
- return;
-
- // Check if this user matches any XLines.
- user->CheckLines(true);
- if (user->quitting)
- return;
-}
-
// Encapsulates information about an ident host.
class IdentHost
{
{
}
- bool Matches(LocalUser* user, const std::string& pass) const
+ bool Matches(LocalUser* user, const std::string& pass, UserCertificateAPI& sslapi) const
{
// Did the user send a valid password?
if (!password.empty() && !ServerInstance->PassCompare(user, password, pass, passhash))
return false;
// Does the user have a valid fingerprint?
- const std::string fp = SSLClientCert::GetFingerprint(&user->eh);
- if (!fingerprint.empty() && fp != fingerprint)
+ const std::string fp = sslapi ? sslapi->GetFingerprint(user) : "";
+ if (!fingerprint.empty() && !InspIRCd::TimingSafeCompare(fp, fingerprint))
return false;
// Does the user's hostname match our hostmask?
StringExtItem gateway;
StringExtItem realhost;
StringExtItem realip;
+ UserCertificateAPI sslapi;
Events::ModuleEventProvider webircevprov;
CommandWebIRC(Module* Creator)
, gateway("cgiirc_gateway", ExtensionItem::EXT_USER, Creator)
, realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator)
, realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator)
+ , sslapi(Creator)
, webircevprov(Creator, "event/webirc")
{
allow_empty_last_param = false;
works_before_reg = true;
- this->syntax = "<password> <gateway> <hostname> <ip> [flags]";
+ this->syntax = "<password> <gateway> <hostname> <ip> [<flags>]";
}
CmdResult HandleLocal(LocalUser* user, const Params& parameters) CXX11_OVERRIDE
if (user->registered == REG_ALL || realhost.get(user))
return CMD_FAILURE;
- irc::sockets::sockaddrs ipaddr;
- if (!irc::sockets::aptosa(parameters[3], user->client_sa.port(), ipaddr))
- {
- user->CommandFloodPenalty += 5000;
- WriteLog("Connecting user %s (%s) tried to use WEBIRC but gave an invalid IP address.",
- user->uuid.c_str(), user->GetIPString().c_str());
- return CMD_FAILURE;
- }
-
for (std::vector<WebIRCHost>::const_iterator iter = hosts.begin(); iter != hosts.end(); ++iter)
{
// If we don't match the host then skip to the next host.
- if (!iter->Matches(user, parameters[0]))
+ if (!iter->Matches(user, parameters[0], sslapi))
continue;
+ irc::sockets::sockaddrs ipaddr;
+ if (!irc::sockets::aptosa(parameters[3], user->client_sa.port(), ipaddr))
+ {
+ WriteLog("Connecting user %s (%s) tried to use WEBIRC but gave an invalid IP address.",
+ user->uuid.c_str(), user->GetIPString().c_str());
+ ServerInstance->Users->QuitUser(user, "WEBIRC: IP address is invalid: " + parameters[3]);
+ return CMD_FAILURE;
+ }
+
// The user matched a WebIRC block!
gateway.set(user, parameters[1]);
realhost.set(user, user->GetRealHost());
// Set the IP address sent via WEBIRC. We ignore the hostname and lookup
// instead do our own DNS lookups because of unreliable gateways.
- ChangeIP(user, ipaddr);
+ user->SetClientIP(ipaddr);
return CMD_SUCCESS;
}
- user->CommandFloodPenalty += 5000;
WriteLog("Connecting user %s (%s) tried to use WEBIRC but didn't match any configured WebIRC hosts.",
user->uuid.c_str(), user->GetIPString().c_str());
+ ServerInstance->Users->QuitUser(user, "WEBIRC: you don't match any configured WebIRC hosts.");
return CMD_FAILURE;
}
}
else
{
- throw ModuleException(type + " is an invalid <cgihost:mask> type, at " + tag->getTagLocation());
+ throw ModuleException(type + " is an invalid <cgihost:mask> type, at " + tag->getTagLocation());
}
}
user->uuid.c_str(), user->GetIPString().c_str(), address.addr().c_str(), user->ident.c_str(), newident.c_str());
user->ChangeIdent(newident);
- ChangeIP(user, address);
- break;
+ user->SetClientIP(address);
+ break;
}
return MOD_RES_PASSTHRU;
}