enum ServerState { LISTENER, CONNECTING, WAIT_AUTH_1, WAIT_AUTH_2, CONNECTED };
/* We need to import these from the core for use in netbursts */
-/*typedef nspace::hash_map<std::string, userrec*, nspace::hash<string>, irc::StrHashComp> user_hash;
-typedef nspace::hash_map<std::string, chanrec*, nspace::hash<string>, irc::StrHashComp> chan_hash;*/
extern user_hash clientlist;
extern chan_hash chanlist;
UserCount = OperCount = 0;
VersionString = Srv->GetVersion();
Route = NULL;
+ Socket = NULL; /* Fix by brain */
AddHashEntry();
}
std::string GetName()
{
- return this->ServerName;
+ return ServerName;
}
std::string GetDesc()
{
- return this->ServerDesc;
+ return ServerDesc;
}
std::string GetVersion()
{
- return this->VersionString;
+ return VersionString;
}
void SetNextPingTime(time_t t)
time_t NextPingTime()
{
- return this->NextPing;
+ return NextPing;
}
bool AnsweredLastPing()
int GetUserCount()
{
- return this->UserCount;
+ return UserCount;
}
int GetOperCount()
{
- return this->OperCount;
+ return OperCount;
}
TreeSocket* GetSocket()
{
- return this->Socket;
+ return Socket;
}
TreeServer* GetParent()
{
- return this->Parent;
+ return Parent;
}
void SetVersion(std::string Version)
: InspSocket(newfd, ip)
{
this->LinkState = WAIT_AUTH_1;
+ this->SendCapabilities();
}
- void InitAES(std::string key)
+ void InitAES(std::string key,std::string SName)
{
if (key == "")
return;
keylength = key.length();
if (!(keylength == 16 || keylength == 24 || keylength == 32))
{
+ WriteOpers("*** \2ERROR\2: Key length for encryptionkey is not 16, 24 or 32 bytes in length!");
log(DEBUG,"Key length not 16, 24 or 32 characters!");
}
else
{
+ WriteOpers("*** \2AES\2: Initialized %d bit encryption to server %s",keylength*8,SName.c_str());
ctx->MakeKey(key.c_str(), "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", keylength, keylength);
}
{
if (x->Name == this->myhost)
{
+ this->SendCapabilities();
+ if (x->EncryptionKey != "")
+ {
+ if (!(x->EncryptionKey.length() == 16 || x->EncryptionKey.length() == 24 || x->EncryptionKey.length() == 32))
+ {
+ WriteOpers("\2WARNING\2: Your encryption key is NOT 16, 24 or 32 characters in length, encryption will \2NOT\2 be enabled.");
+ }
+ else
+ {
+ this->WriteLine("AES "+Srv->GetServerName());
+ this->InitAES(x->EncryptionKey,x->Name);
+ }
+ }
/* found who we're supposed to be connecting to, send the neccessary gubbins. */
this->WriteLine("SERVER "+Srv->GetServerName()+" "+x->SendPass+" 0 :"+Srv->GetServerDescription());
return true;
}
}
+ std::string MyCapabilities()
+ {
+ ServerConfig* Config = Srv->GetConfig();
+ std::vector<std::string> modlist;
+ std::string capabilities = "";
+
+ for (int i = 0; i <= MODCOUNT; i++)
+ {
+ if ((modules[i]->GetVersion().Flags & VF_STATIC) || (modules[i]->GetVersion().Flags & VF_COMMON))
+ modlist.push_back(Config->module_names[i]);
+ }
+ sort(modlist.begin(),modlist.end());
+ for (unsigned int i = 0; i < modlist.size(); i++)
+ {
+ if (i)
+ capabilities = capabilities + ",";
+ capabilities = capabilities + modlist[i];
+ }
+ return capabilities;
+ }
+
+ void SendCapabilities()
+ {
+ this->WriteLine("CAPAB "+MyCapabilities());
+ }
+
+ bool Capab(std::deque<std::string> params)
+ {
+ if (params.size() != 1)
+ {
+ this->WriteLine("ERROR :Invalid number of parameters for CAPAB");
+ return false;
+ }
+ if (params[0] != this->MyCapabilities())
+ {
+ std::string quitserver = this->myhost;
+ if (this->InboundServerName != "")
+ {
+ quitserver = this->InboundServerName;
+ }
+ WriteOpers("*** \2ERROR\2: Server '%s' does not have the same set of modules loaded, cannot link!",quitserver.c_str());
+ WriteOpers("*** Our networked module set is: '%s'",this->MyCapabilities().c_str());
+ WriteOpers("*** Other server's networked module set is: '%s'",params[0].c_str());
+ WriteOpers("*** These lists must match exactly on both servers. Please correct these errors, and try again.");
+ this->WriteLine("ERROR :CAPAB mismatch; My capabilities: '"+this->MyCapabilities()+"'");
+ return false;
+ }
+ return true;
+ }
+
/* This function forces this server to quit, removing this server
* and any users on it (and servers and users below that, etc etc).
* It's very slow and pretty clunky, but luckily unless your network
*/
void Squit(TreeServer* Current,std::string reason)
{
- if (Current)
+ if ((Current) && (Current != TreeRoot))
{
std::deque<std::string> params;
params.push_back(Current->GetName());
char* data = this->Read();
if (data)
{
- Srv->Log(DEBUG,"m_spanningtree: READ");
this->in_buffer += data;
/* While there is at least one new line in the buffer,
* do something useful (we hope!) with it.
char out[1024];
char result[1024];
log(DEBUG,"Original string '%s'",ret.c_str());
- int nbytes = from64tobits(out, ret.c_str(), 1024);
- log(DEBUG,"m_spanningtree: decrypt %d bytes",nbytes);
- ctx->Decrypt(out, result, nbytes, 0);
- ret = result;
+ /* ERROR is still allowed unencryped */
+ if (ret.substr(0,7) != "ERROR :")
+ {
+ int nbytes = from64tobits(out, ret.c_str(), 1024);
+ log(DEBUG,"m_spanningtree: decrypt %d bytes",nbytes);
+ ctx->Decrypt(out, result, nbytes, 0);
+ for (int t = 0; t < nbytes; t++)
+ if (result[t] == '\7') result[t] = 0;
+ ret = result;
+ }
}
if (!this->ProcessLine(ret))
{
while (line.length() % this->keylength != 0)
{
// pad it to be a multiple of the key length
- line = line + "\n";
+ line = line + "\7";
}
}
ctx->Encrypt(line.c_str(), result, line.length(),0);
if (CheckDupe)
{
this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName());
return false;
}
TreeServer* Node = new TreeServer(servername,description,ParentOfThis,NULL);
if (hops)
{
this->WriteLine("ERROR :Server too far away for authentication");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, server is too far away for authentication");
return false;
}
std::string description = params[3];
if (CheckDupe)
{
this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName());
return false;
}
// Begin the sync here. this kickstarts the
}
}
this->WriteLine("ERROR :Invalid credentials");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, invalid link credentials");
return false;
}
if (hops)
{
this->WriteLine("ERROR :Server too far away for authentication");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, server is too far away for authentication");
return false;
}
std::string description = params[3];
if (CheckDupe)
{
this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName());
+ return false;
+ }
+ /* If the config says this link is encrypted, but the remote side
+ * hasnt bothered to send the AES command before SERVER, then we
+ * boot them off as we MUST have this connection encrypted.
+ */
+ if ((x->EncryptionKey != "") && (!this->ctx))
+ {
+ this->WriteLine("ERROR :This link requires AES encryption to be enabled. Plaintext connection refused.");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, remote server did not enable AES.");
return false;
}
Srv->SendOpers("*** Verified incoming server connection from \002"+servername+"\002["+this->GetIP()+"] ("+description+")");
}
}
this->WriteLine("ERROR :Invalid credentials");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, invalid link credentials");
return false;
}
command = params[0];
params.pop_front();
}
-
+
+ if ((!this->ctx) && (command == "AES"))
+ {
+ std::string sserv = params[0];
+ for (std::vector<Link>::iterator x = LinkBlocks.begin(); x < LinkBlocks.end(); x++)
+ {
+ if ((x->EncryptionKey != "") && (x->Name == sserv))
+ {
+ this->InitAES(x->EncryptionKey,sserv);
+ }
+ }
+ return true;
+ }
+ else if ((this->ctx) && (command == "AES"))
+ {
+ WriteOpers("*** \2AES\2: Encryption already enabled on this connection yet %s is trying to enable it twice!",params[0].c_str());
+ }
+
switch (this->LinkState)
{
TreeServer* Node;
// replies with theirs if its happy, then if the initiator is happy,
// it starts to send its net sync, which starts the merge, otherwise
// it sends an ERROR.
- if (command == "SERVER")
+ if (command == "PASS")
+ {
+ /* Silently ignored */
+ }
+ else if (command == "SERVER")
{
return this->Inbound_Server(params);
}
{
return this->Error(params);
}
+ else if (command == "USER")
+ {
+ this->WriteLine("ERROR :Client connections to this port are prohibited.");
+ return false;
+ }
+ else if (command == "CAPAB")
+ {
+ return this->Capab(params);
+ }
+ else
+ {
+ this->WriteLine("ERROR :Invalid command in negotiation phase.");
+ return false;
+ }
break;
case WAIT_AUTH_2:
// Waiting for start of other side's netmerge to say they liked our
{
return this->Error(params);
}
+ else if (command == "CAPAB")
+ {
+ return this->Capab(params);
+ }
break;
case LISTENER:
{
if (route_back_again)
{
- WriteOpers("Protocol violation: Fake direction in command '%s' from connection '%s'",line.c_str(),this->GetName().c_str());
+ WriteOpers("*** Protocol violation: Fake direction in command '%s' from connection '%s'",line.c_str(),this->GetName().c_str());
}
else
{
- WriteOpers("Protocol violation: Invalid source '%s' in command '%s' from connection '%s'",direction.c_str(),line.c_str(),this->GetName().c_str());
+ WriteOpers("*** Protocol violation: Invalid source '%s' in command '%s' from connection '%s'",direction.c_str(),line.c_str(),this->GetName().c_str());
}
return true;
else if (command == "ENDBURST")
{
this->bursting = false;
- std::string sserv = this->myhost;
- if (this->InboundServerName != "")
- sserv = this->InboundServerName;
- for (std::vector<Link>::iterator x = LinkBlocks.begin(); x < LinkBlocks.end(); x++)
- {
- if ((x->EncryptionKey != "") && (x->Name == sserv))
- {
- this->InitAES(x->EncryptionKey);
- }
- }
return true;
}
else
{
Squit(s,"Remote host closed the connection");
}
+ WriteOpers("Server '\2%s\2[%s]' closed the connection.",quitserver.c_str(),this->GetIP().c_str());
}
virtual int OnIncomingConnection(int newsock, char* ip)
TreeServer* s = FindServerMask(parameters[0]);
if (s)
{
+ if (s == TreeRoot)
+ {
+ WriteServ(user->fd,"NOTICE %s :*** SQUIT: Foolish mortal, you cannot make a server SQUIT itself! (%s matches local server name)",user->nick,parameters[0]);
+ return 1;
+ }
TreeSocket* sock = s->GetSocket();
if (sock)
{
+ log(DEBUG,"Splitting server %s",s->GetName().c_str());
WriteOpers("*** SQUIT: Server \002%s\002 removed from network by %s",parameters[0],user->nick);
sock->Squit(s,"Server quit by "+std::string(user->nick)+"!"+std::string(user->ident)+"@"+std::string(user->host));
sock->Close();
{
for (unsigned int i = 0; i < LinkBlocks.size(); i++)
{
- WriteServ(user->fd,"213 %s C *@%s * %s %d 0 M",user->nick,LinkBlocks[i].IPAddr.c_str(),LinkBlocks[i].Name.c_str(),LinkBlocks[i].Port);
+ WriteServ(user->fd,"213 %s C *@%s * %s %d 0 %s",user->nick,LinkBlocks[i].IPAddr.c_str(),LinkBlocks[i].Name.c_str(),LinkBlocks[i].Port,(LinkBlocks[i].EncryptionKey != "" ? "es" : " s"));
WriteServ(user->fd,"244 %s H * * %s",user->nick,LinkBlocks[i].Name.c_str());
}
WriteServ(user->fd,"219 %s %s :End of /STATS report",user->nick,parameters[0]);
projects / user / henk / code / inspircd.git / blobdiff