class ModuleSpanningTree;
static ModuleSpanningTree* TreeProtocolModule;
+extern ServerConfig* Config;
+
extern std::vector<Module*> modules;
extern std::vector<ircd_module*> factory;
extern int MODCOUNT;
enum ServerState { LISTENER, CONNECTING, WAIT_AUTH_1, WAIT_AUTH_2, CONNECTED };
/* We need to import these from the core for use in netbursts */
-/*typedef nspace::hash_map<std::string, userrec*, nspace::hash<string>, irc::StrHashComp> user_hash;
-typedef nspace::hash_map<std::string, chanrec*, nspace::hash<string>, irc::StrHashComp> chan_hash;*/
extern user_hash clientlist;
extern chan_hash chanlist;
UserCount = OperCount = 0;
VersionString = Srv->GetVersion();
Route = NULL;
+ Socket = NULL; /* Fix by brain */
AddHashEntry();
}
std::string GetName()
{
- return this->ServerName;
+ return ServerName;
}
std::string GetDesc()
{
- return this->ServerDesc;
+ return ServerDesc;
}
std::string GetVersion()
{
- return this->VersionString;
+ return VersionString;
}
void SetNextPingTime(time_t t)
time_t NextPingTime()
{
- return this->NextPing;
+ return NextPing;
}
bool AnsweredLastPing()
int GetUserCount()
{
- return this->UserCount;
+ return UserCount;
}
int GetOperCount()
{
- return this->OperCount;
+ return OperCount;
}
TreeSocket* GetSocket()
{
- return this->Socket;
+ return Socket;
}
TreeServer* GetParent()
{
- return this->Parent;
+ return Parent;
}
void SetVersion(std::string Version)
{
myhost = host;
this->LinkState = LISTENER;
+ this->ctx = NULL;
}
TreeSocket(std::string host, int port, bool listening, unsigned long maxtime, std::string ServerName)
{
myhost = ServerName;
this->LinkState = CONNECTING;
+ this->ctx = NULL;
}
/* When a listening socket gives us a new file descriptor,
: InspSocket(newfd, ip)
{
this->LinkState = WAIT_AUTH_1;
+ this->ctx = NULL;
+ this->SendCapabilities();
+ }
+
+ ~TreeSocket()
+ {
+ if (ctx)
+ delete ctx;
}
void InitAES(std::string key,std::string SName)
keylength = key.length();
if (!(keylength == 16 || keylength == 24 || keylength == 32))
{
- WriteOpers("\2ERROR\2: Key length for encryptionkey is not 16, 24 or 32 bytes in length!");
+ WriteOpers("*** \2ERROR\2: Key length for encryptionkey is not 16, 24 or 32 bytes in length!");
log(DEBUG,"Key length not 16, 24 or 32 characters!");
}
else
{
- WriteOpers("\2AES\2: Initialized %d bit encryption to server %s",keylength*8,SName.c_str());
+ WriteOpers("*** \2AES\2: Initialized %d bit encryption to server %s",keylength*8,SName.c_str());
ctx->MakeKey(key.c_str(), "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", keylength, keylength);
}
{
if (x->Name == this->myhost)
{
+ this->SendCapabilities();
if (x->EncryptionKey != "")
{
if (!(x->EncryptionKey.length() == 16 || x->EncryptionKey.length() == 24 || x->EncryptionKey.length() == 32))
}
}
+ std::string MyCapabilities()
+ {
+ ServerConfig* Config = Srv->GetConfig();
+ std::vector<std::string> modlist;
+ std::string capabilities = "";
+
+ for (int i = 0; i <= MODCOUNT; i++)
+ {
+ if ((modules[i]->GetVersion().Flags & VF_STATIC) || (modules[i]->GetVersion().Flags & VF_COMMON))
+ modlist.push_back(Config->module_names[i]);
+ }
+ sort(modlist.begin(),modlist.end());
+ for (unsigned int i = 0; i < modlist.size(); i++)
+ {
+ if (i)
+ capabilities = capabilities + ",";
+ capabilities = capabilities + modlist[i];
+ }
+ return capabilities;
+ }
+
+ void SendCapabilities()
+ {
+ this->WriteLine("CAPAB "+MyCapabilities());
+ }
+
+ bool Capab(std::deque<std::string> params)
+ {
+ if (params.size() != 1)
+ {
+ this->WriteLine("ERROR :Invalid number of parameters for CAPAB");
+ return false;
+ }
+ if (params[0] != this->MyCapabilities())
+ {
+ std::string quitserver = this->myhost;
+ if (this->InboundServerName != "")
+ {
+ quitserver = this->InboundServerName;
+ }
+ WriteOpers("*** \2ERROR\2: Server '%s' does not have the same set of modules loaded, cannot link!",quitserver.c_str());
+ WriteOpers("*** Our networked module set is: '%s'",this->MyCapabilities().c_str());
+ WriteOpers("*** Other server's networked module set is: '%s'",params[0].c_str());
+ WriteOpers("*** These lists must match exactly on both servers. Please correct these errors, and try again.");
+ this->WriteLine("ERROR :CAPAB mismatch; My capabilities: '"+this->MyCapabilities()+"'");
+ return false;
+ }
+ return true;
+ }
+
/* This function forces this server to quit, removing this server
* and any users on it (and servers and users below that, etc etc).
* It's very slow and pretty clunky, but luckily unless your network
*/
void Squit(TreeServer* Current,std::string reason)
{
- if (Current)
+ if ((Current) && (Current != TreeRoot))
{
std::deque<std::string> params;
params.push_back(Current->GetName());
snprintf(data,MAXBUF,":%s FMODE %s +b %s",Srv->GetServerName().c_str(),c->second->name,b->data);
this->WriteLine(data);
}
- FOREACH_MOD OnSyncChannel(c->second,(Module*)TreeProtocolModule,(void*)this);
+ FOREACH_MOD(I_OnSyncChannel,OnSyncChannel(c->second,(Module*)TreeProtocolModule,(void*)this));
list.clear();
c->second->GetExtList(list);
for (unsigned int j = 0; j < list.size(); j++)
{
- FOREACH_MOD OnSyncChannelMetaData(c->second,(Module*)TreeProtocolModule,(void*)this,list[j]);
+ FOREACH_MOD(I_OnSyncChannelMetaData,OnSyncChannelMetaData(c->second,(Module*)TreeProtocolModule,(void*)this,list[j]));
}
}
}
{
this->WriteLine(":"+std::string(u->second->nick)+" OPERTYPE "+std::string(u->second->oper));
}
- FOREACH_MOD OnSyncUser(u->second,(Module*)TreeProtocolModule,(void*)this);
+ FOREACH_MOD(I_OnSyncUser,OnSyncUser(u->second,(Module*)TreeProtocolModule,(void*)this));
list.clear();
u->second->GetExtList(list);
for (unsigned int j = 0; j < list.size(); j++)
{
- FOREACH_MOD OnSyncUserMetaData(u->second,(Module*)TreeProtocolModule,(void*)this,list[j]);
+ FOREACH_MOD(I_OnSyncUserMetaData,OnSyncUserMetaData(u->second,(Module*)TreeProtocolModule,(void*)this,list[j]));
}
}
}
{
char out[1024];
char result[1024];
+ memset(result,0,1024);
+ memset(out,0,1024);
log(DEBUG,"Original string '%s'",ret.c_str());
- int nbytes = from64tobits(out, ret.c_str(), 1024);
- log(DEBUG,"m_spanningtree: decrypt %d bytes",nbytes);
- ctx->Decrypt(out, result, nbytes, 0);
- for (int t = 0; t < nbytes; t++)
- if (result[t] == '\7') result[t] = 0;
- ret = result;
+ /* ERROR + CAPAB is still allowed unencryped */
+ if ((ret.substr(0,7) != "ERROR :") && (ret.substr(0,6) != "CAPAB "))
+ {
+ int nbytes = from64tobits(out, ret.c_str(), 1024);
+ log(DEBUG,"m_spanningtree: decrypt %d bytes",nbytes);
+ ctx->Decrypt(out, result, nbytes, 0);
+ for (int t = 0; t < nbytes; t++)
+ if (result[t] == '\7') result[t] = 0;
+ ret = result;
+ }
}
if (!this->ProcessLine(ret))
{
if (this->ctx)
{
log(DEBUG,"AES context");
- char result[1024];
- char result64[1024];
+ char result[10240];
+ char result64[10240];
if (this->keylength)
{
while (line.length() % this->keylength != 0)
line = line + "\7";
}
}
- ctx->Encrypt(line.c_str(), result, line.length(),0);
+ unsigned int ll = line.length();
+ log(DEBUG,"Plaintext line with padding = %d chars",ll);
+ ctx->Encrypt(line.c_str(), result, ll, 0);
+ log(DEBUG,"Encrypted.");
to64frombits((unsigned char*)result64,
(unsigned char*)result,
- line.length());
+ ll);
line = result64;
log(DEBUG,"Encrypted: %s",line.c_str());
//int from64tobits(char *out, const char *in, int maxlen);
chanrec* c = Srv->FindChannel(params[0]);
if (c)
{
- FOREACH_MOD OnDecodeMetaData(TYPE_CHANNEL,c,params[1],params[2]);
+ FOREACH_MOD(I_OnDecodeMetaData,OnDecodeMetaData(TYPE_CHANNEL,c,params[1],params[2]));
}
}
else
userrec* u = Srv->FindNick(params[0]);
if (u)
{
- FOREACH_MOD OnDecodeMetaData(TYPE_USER,u,params[1],params[2]);
+ FOREACH_MOD(I_OnDecodeMetaData,OnDecodeMetaData(TYPE_USER,u,params[1],params[2]));
}
}
}
if (CheckDupe)
{
this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName());
return false;
}
TreeServer* Node = new TreeServer(servername,description,ParentOfThis,NULL);
if (hops)
{
this->WriteLine("ERROR :Server too far away for authentication");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, server is too far away for authentication");
return false;
}
std::string description = params[3];
if (CheckDupe)
{
this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName());
return false;
}
// Begin the sync here. this kickstarts the
}
}
this->WriteLine("ERROR :Invalid credentials");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, invalid link credentials");
return false;
}
if (hops)
{
this->WriteLine("ERROR :Server too far away for authentication");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, server is too far away for authentication");
return false;
}
std::string description = params[3];
if (CheckDupe)
{
this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName());
return false;
}
/* If the config says this link is encrypted, but the remote side
if ((x->EncryptionKey != "") && (!this->ctx))
{
this->WriteLine("ERROR :This link requires AES encryption to be enabled. Plaintext connection refused.");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, remote server did not enable AES.");
return false;
}
Srv->SendOpers("*** Verified incoming server connection from \002"+servername+"\002["+this->GetIP()+"] ("+description+")");
}
}
this->WriteLine("ERROR :Invalid credentials");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, invalid link credentials");
return false;
}
}
else if ((this->ctx) && (command == "AES"))
{
- WriteOpers("\2AES\2: Encryption already enabled on this connection yet %s is trying to enable it twice!",params[0].c_str());
+ WriteOpers("*** \2AES\2: Encryption already enabled on this connection yet %s is trying to enable it twice!",params[0].c_str());
}
switch (this->LinkState)
// replies with theirs if its happy, then if the initiator is happy,
// it starts to send its net sync, which starts the merge, otherwise
// it sends an ERROR.
- if (command == "SERVER")
+ if (command == "PASS")
+ {
+ /* Silently ignored */
+ }
+ else if (command == "SERVER")
{
return this->Inbound_Server(params);
}
{
return this->Error(params);
}
+ else if (command == "USER")
+ {
+ this->WriteLine("ERROR :Client connections to this port are prohibited.");
+ return false;
+ }
+ else if (command == "CAPAB")
+ {
+ return this->Capab(params);
+ }
+ else
+ {
+ this->WriteLine("ERROR :Invalid command in negotiation phase.");
+ return false;
+ }
break;
case WAIT_AUTH_2:
// Waiting for start of other side's netmerge to say they liked our
{
return this->Error(params);
}
+ else if (command == "CAPAB")
+ {
+ return this->Capab(params);
+ }
break;
case LISTENER:
{
if (route_back_again)
{
- WriteOpers("Protocol violation: Fake direction in command '%s' from connection '%s'",line.c_str(),this->GetName().c_str());
+ WriteOpers("*** Protocol violation: Fake direction in command '%s' from connection '%s'",line.c_str(),this->GetName().c_str());
}
else
{
- WriteOpers("Protocol violation: Invalid source '%s' in command '%s' from connection '%s'",direction.c_str(),line.c_str(),this->GetName().c_str());
+ WriteOpers("*** Protocol violation: Invalid source '%s' in command '%s' from connection '%s'",direction.c_str(),line.c_str(),this->GetName().c_str());
}
return true;
{
Squit(s,"Remote host closed the connection");
}
+ WriteOpers("Server '\2%s\2[%s]' closed the connection.",quitserver.c_str(),this->GetIP().c_str());
}
virtual int OnIncomingConnection(int newsock, char* ip)
TreeServer* s = FindServerMask(parameters[0]);
if (s)
{
+ if (s == TreeRoot)
+ {
+ WriteServ(user->fd,"NOTICE %s :*** SQUIT: Foolish mortal, you cannot make a server SQUIT itself! (%s matches local server name)",user->nick,parameters[0]);
+ return 1;
+ }
TreeSocket* sock = s->GetSocket();
if (sock)
{
+ log(DEBUG,"Splitting server %s",s->GetName().c_str());
WriteOpers("*** SQUIT: Server \002%s\002 removed from network by %s",parameters[0],user->nick);
sock->Squit(s,"Server quit by "+std::string(user->nick)+"!"+std::string(user->ident)+"@"+std::string(user->host));
sock->Close();
{
for (unsigned int i = 0; i < LinkBlocks.size(); i++)
{
- WriteServ(user->fd,"213 %s C *@%s * %s %d 0 M",user->nick,LinkBlocks[i].IPAddr.c_str(),LinkBlocks[i].Name.c_str(),LinkBlocks[i].Port);
+ WriteServ(user->fd,"213 %s C *@%s * %s %d 0 %s",user->nick,LinkBlocks[i].IPAddr.c_str(),LinkBlocks[i].Name.c_str(),LinkBlocks[i].Port,(LinkBlocks[i].EncryptionKey != "" ? "es" : " s"));
WriteServ(user->fd,"244 %s H * * %s",user->nick,LinkBlocks[i].Name.c_str());
}
WriteServ(user->fd,"219 %s %s :End of /STATS report",user->nick,parameters[0]);
return false;
}
- virtual int OnPreCommand(std::string command, char **parameters, int pcnt, userrec *user)
+ virtual int OnPreCommand(std::string command, char **parameters, int pcnt, userrec *user, bool validated)
{
+ /* If the command doesnt appear to be valid, we dont want to mess with it. */
+ if (!validated)
+ return 0;
+
if (command == "CONNECT")
{
return this->HandleConnect(parameters,pcnt,user);
projects / user / henk / code / inspircd.git / blobdiff