#include "xline.h"
#include "typedefs.h"
#include "cull_list.h"
+#include "aes.h"
#ifdef GCC3
#define nspace __gnu_cxx
enum ServerState { LISTENER, CONNECTING, WAIT_AUTH_1, WAIT_AUTH_2, CONNECTED };
/* We need to import these from the core for use in netbursts */
-/*typedef nspace::hash_map<std::string, userrec*, nspace::hash<string>, irc::StrHashComp> user_hash;
-typedef nspace::hash_map<std::string, chanrec*, nspace::hash<string>, irc::StrHashComp> chan_hash;*/
extern user_hash clientlist;
extern chan_hash chanlist;
UserCount = OperCount = 0;
VersionString = Srv->GetVersion();
Route = NULL;
+ Socket = NULL; /* Fix by brain */
AddHashEntry();
}
std::string GetName()
{
- return this->ServerName;
+ return ServerName;
}
std::string GetDesc()
{
- return this->ServerDesc;
+ return ServerDesc;
}
std::string GetVersion()
{
- return this->VersionString;
+ return VersionString;
}
void SetNextPingTime(time_t t)
time_t NextPingTime()
{
- return this->NextPing;
+ return NextPing;
}
bool AnsweredLastPing()
int GetUserCount()
{
- return this->UserCount;
+ return UserCount;
}
int GetOperCount()
{
- return this->OperCount;
+ return OperCount;
}
TreeSocket* GetSocket()
{
- return this->Socket;
+ return Socket;
}
TreeServer* GetParent()
{
- return this->Parent;
+ return Parent;
}
void SetVersion(std::string Version)
std::string RecvPass;
unsigned long AutoConnect;
time_t NextConnectTime;
+ std::string EncryptionKey;
};
/* The usual stuff for inspircd modules,
time_t NextPing;
bool LastPingWasGood;
bool bursting;
+ AES* ctx;
+ unsigned int keylength;
public:
: InspSocket(newfd, ip)
{
this->LinkState = WAIT_AUTH_1;
+ this->SendCapabilities();
+ }
+
+ void InitAES(std::string key,std::string SName)
+ {
+ if (key == "")
+ return;
+
+ ctx = new AES();
+ log(DEBUG,"Initialized AES key %s",key.c_str());
+ // key must be 16, 24, 32 etc bytes (multiple of 8)
+ keylength = key.length();
+ if (!(keylength == 16 || keylength == 24 || keylength == 32))
+ {
+ WriteOpers("*** \2ERROR\2: Key length for encryptionkey is not 16, 24 or 32 bytes in length!");
+ log(DEBUG,"Key length not 16, 24 or 32 characters!");
+ }
+ else
+ {
+ WriteOpers("*** \2AES\2: Initialized %d bit encryption to server %s",keylength*8,SName.c_str());
+ ctx->MakeKey(key.c_str(), "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
+ \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", keylength, keylength);
+ }
}
/* When an outbound connection finishes connecting, we receive
{
if (x->Name == this->myhost)
{
+ this->SendCapabilities();
+ if (x->EncryptionKey != "")
+ {
+ if (!(x->EncryptionKey.length() == 16 || x->EncryptionKey.length() == 24 || x->EncryptionKey.length() == 32))
+ {
+ WriteOpers("\2WARNING\2: Your encryption key is NOT 16, 24 or 32 characters in length, encryption will \2NOT\2 be enabled.");
+ }
+ else
+ {
+ this->WriteLine("AES "+Srv->GetServerName());
+ this->InitAES(x->EncryptionKey,x->Name);
+ }
+ }
/* found who we're supposed to be connecting to, send the neccessary gubbins. */
this->WriteLine("SERVER "+Srv->GetServerName()+" "+x->SendPass+" 0 :"+Srv->GetServerDescription());
return true;
}
}
+ std::string MyCapabilities()
+ {
+ ServerConfig* Config = Srv->GetConfig();
+ std::vector<std::string> modlist;
+ std::string capabilities = "";
+
+ for (int i = 0; i <= MODCOUNT; i++)
+ {
+ if ((modules[i]->GetVersion().Flags & VF_STATIC) || (modules[i]->GetVersion().Flags & VF_COMMON))
+ modlist.push_back(Config->module_names[i]);
+ }
+ sort(modlist.begin(),modlist.end());
+ for (unsigned int i = 0; i < modlist.size(); i++)
+ {
+ if (i)
+ capabilities = capabilities + ",";
+ capabilities = capabilities + modlist[i];
+ }
+ return capabilities;
+ }
+
+ void SendCapabilities()
+ {
+ this->WriteLine("CAPAB "+MyCapabilities());
+ }
+
+ bool Capab(std::deque<std::string> params)
+ {
+ if (params.size() != 1)
+ {
+ this->WriteLine("ERROR :Invalid number of parameters for CAPAB");
+ return false;
+ }
+ if (params[0] != this->MyCapabilities())
+ {
+ std::string quitserver = this->myhost;
+ if (this->InboundServerName != "")
+ {
+ quitserver = this->InboundServerName;
+ }
+ WriteOpers("*** \2ERROR\2: Server '%s' does not have the same set of modules loaded, cannot link!",quitserver.c_str());
+ WriteOpers("*** Our networked module set is: '%s'",this->MyCapabilities().c_str());
+ WriteOpers("*** Other server's networked module set is: '%s'",params[0].c_str());
+ WriteOpers("*** These lists must match exactly on both servers. Please correct these errors, and try again.");
+ this->WriteLine("ERROR :CAPAB mismatch; My capabilities: '"+this->MyCapabilities()+"'");
+ return false;
+ }
+ return true;
+ }
+
/* This function forces this server to quit, removing this server
* and any users on it (and servers and users below that, etc etc).
* It's very slow and pretty clunky, but luckily unless your network
}
/* Now we've whacked the kids, whack self */
num_lost_servers++;
- quittingpeople = false;
for (user_hash::iterator u = clientlist.begin(); u != clientlist.end(); u++)
{
if (!strcasecmp(u->second->server,Current->GetName().c_str()))
*/
void Squit(TreeServer* Current,std::string reason)
{
- if (Current)
+ if ((Current) && (Current != TreeRoot))
{
std::deque<std::string> params;
params.push_back(Current->GetName());
/* Process this one, abort if it
* didnt return true.
*/
+ if (this->ctx)
+ {
+ char out[1024];
+ char result[1024];
+ log(DEBUG,"Original string '%s'",ret.c_str());
+ /* ERROR is still allowed unencryped */
+ if (ret.substr(0,7) != "ERROR :")
+ {
+ int nbytes = from64tobits(out, ret.c_str(), 1024);
+ log(DEBUG,"m_spanningtree: decrypt %d bytes",nbytes);
+ ctx->Decrypt(out, result, nbytes, 0);
+ for (int t = 0; t < nbytes; t++)
+ if (result[t] == '\7') result[t] = 0;
+ ret = result;
+ }
+ }
if (!this->ProcessLine(ret))
{
return false;
int WriteLine(std::string line)
{
log(DEBUG,"OUT: %s",line.c_str());
+ if (this->ctx)
+ {
+ log(DEBUG,"AES context");
+ char result[1024];
+ char result64[1024];
+ if (this->keylength)
+ {
+ while (line.length() % this->keylength != 0)
+ {
+ // pad it to be a multiple of the key length
+ line = line + "\7";
+ }
+ }
+ ctx->Encrypt(line.c_str(), result, line.length(),0);
+ to64frombits((unsigned char*)result64,
+ (unsigned char*)result,
+ line.length());
+ line = result64;
+ log(DEBUG,"Encrypted: %s",line.c_str());
+ //int from64tobits(char *out, const char *in, int maxlen);
+ }
return this->Write(line + "\r\n");
}
if (CheckDupe)
{
this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName());
return false;
}
TreeServer* Node = new TreeServer(servername,description,ParentOfThis,NULL);
if (hops)
{
this->WriteLine("ERROR :Server too far away for authentication");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, server is too far away for authentication");
return false;
}
std::string description = params[3];
if (CheckDupe)
{
this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName());
return false;
}
// Begin the sync here. this kickstarts the
}
}
this->WriteLine("ERROR :Invalid credentials");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, invalid link credentials");
return false;
}
if (hops)
{
this->WriteLine("ERROR :Server too far away for authentication");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, server is too far away for authentication");
return false;
}
std::string description = params[3];
if (CheckDupe)
{
this->WriteLine("ERROR :Server "+servername+" already exists on server "+CheckDupe->GetParent()->GetName()+"!");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName());
+ return false;
+ }
+ /* If the config says this link is encrypted, but the remote side
+ * hasnt bothered to send the AES command before SERVER, then we
+ * boot them off as we MUST have this connection encrypted.
+ */
+ if ((x->EncryptionKey != "") && (!this->ctx))
+ {
+ this->WriteLine("ERROR :This link requires AES encryption to be enabled. Plaintext connection refused.");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, remote server did not enable AES.");
return false;
}
Srv->SendOpers("*** Verified incoming server connection from \002"+servername+"\002["+this->GetIP()+"] ("+description+")");
}
}
this->WriteLine("ERROR :Invalid credentials");
+ Srv->SendOpers("*** Server connection from \2"+servername+"\2 denied, invalid link credentials");
return false;
}
line = l;
if (line == "")
return true;
- Srv->Log(DEBUG,"IN: '"+line+"'");
+ Srv->Log(DEBUG,"IN: "+line);
std::deque<std::string> params;
this->Split(line,true,params);
std::string command = "";
command = params[0];
params.pop_front();
}
-
+
+ if ((!this->ctx) && (command == "AES"))
+ {
+ std::string sserv = params[0];
+ for (std::vector<Link>::iterator x = LinkBlocks.begin(); x < LinkBlocks.end(); x++)
+ {
+ if ((x->EncryptionKey != "") && (x->Name == sserv))
+ {
+ this->InitAES(x->EncryptionKey,sserv);
+ }
+ }
+ return true;
+ }
+ else if ((this->ctx) && (command == "AES"))
+ {
+ WriteOpers("*** \2AES\2: Encryption already enabled on this connection yet %s is trying to enable it twice!",params[0].c_str());
+ }
+
switch (this->LinkState)
{
TreeServer* Node;
// replies with theirs if its happy, then if the initiator is happy,
// it starts to send its net sync, which starts the merge, otherwise
// it sends an ERROR.
- if (command == "SERVER")
+ if (command == "PASS")
+ {
+ /* Silently ignored */
+ }
+ else if (command == "SERVER")
{
return this->Inbound_Server(params);
}
{
return this->Error(params);
}
+ else if (command == "USER")
+ {
+ this->WriteLine("ERROR :Client connections to this port are prohibited.");
+ return false;
+ }
+ else if (command == "CAPAB")
+ {
+ return this->Capab(params);
+ }
+ else
+ {
+ this->WriteLine("ERROR :Invalid command in negotiation phase.");
+ return false;
+ }
break;
case WAIT_AUTH_2:
// Waiting for start of other side's netmerge to say they liked our
{
return this->Error(params);
}
+ else if (command == "CAPAB")
+ {
+ return this->Capab(params);
+ }
break;
case LISTENER:
{
if (route_back_again)
{
- WriteOpers("Protocol violation: Fake direction in command '%s' from connection '%s'",line.c_str(),this->GetName().c_str());
+ WriteOpers("*** Protocol violation: Fake direction in command '%s' from connection '%s'",line.c_str(),this->GetName().c_str());
}
else
{
- WriteOpers("Protocol violation: Invalid source '%s' in command '%s' from connection '%s'",direction.c_str(),line.c_str(),this->GetName().c_str());
+ WriteOpers("*** Protocol violation: Invalid source '%s' in command '%s' from connection '%s'",direction.c_str(),line.c_str(),this->GetName().c_str());
}
return true;
{
Squit(s,"Remote host closed the connection");
}
+ WriteOpers("Server '\2%s\2[%s]' closed the connection.",quitserver.c_str(),this->GetIP().c_str());
}
virtual int OnIncomingConnection(int newsock, char* ip)
L.SendPass = Conf->ReadValue("link","sendpass",j);
L.RecvPass = Conf->ReadValue("link","recvpass",j);
L.AutoConnect = Conf->ReadInteger("link","autoconnect",j,true);
+ L.EncryptionKey = Conf->ReadValue("link","encryptionkey",j);
L.NextConnectTime = time(NULL) + L.AutoConnect;
- LinkBlocks.push_back(L);
- log(DEBUG,"m_spanningtree: Read server %s with host %s:%d",L.Name.c_str(),L.IPAddr.c_str(),L.Port);
+ /* Bugfix by brain, do not allow people to enter bad configurations */
+ if ((L.RecvPass != "") && (L.SendPass != "") && (L.Name != "") && (L.Port))
+ {
+ LinkBlocks.push_back(L);
+ log(DEBUG,"m_spanningtree: Read server %s with host %s:%d",L.Name.c_str(),L.IPAddr.c_str(),L.Port);
+ }
+ else
+ {
+ log(DEFAULT,"m_spanningtree: Invalid configuration for server '%s', ignored!",L.Name.c_str());
+ }
}
delete Conf;
}
TreeServer* s = FindServerMask(parameters[0]);
if (s)
{
+ if (s == TreeRoot)
+ {
+ WriteServ(user->fd,"NOTICE %s :*** SQUIT: Foolish mortal, you cannot make a server SQUIT itself! (%s matches local server name)",user->nick,parameters[0]);
+ return 1;
+ }
TreeSocket* sock = s->GetSocket();
if (sock)
{
+ log(DEBUG,"Splitting server %s",s->GetName().c_str());
WriteOpers("*** SQUIT: Server \002%s\002 removed from network by %s",parameters[0],user->nick);
sock->Squit(s,"Server quit by "+std::string(user->nick)+"!"+std::string(user->ident)+"@"+std::string(user->host));
sock->Close();
{
for (unsigned int i = 0; i < LinkBlocks.size(); i++)
{
- WriteServ(user->fd,"213 %s C *@%s * %s %d 0 M",user->nick,LinkBlocks[i].IPAddr.c_str(),LinkBlocks[i].Name.c_str(),LinkBlocks[i].Port);
+ WriteServ(user->fd,"213 %s C *@%s * %s %d 0 %s",user->nick,LinkBlocks[i].IPAddr.c_str(),LinkBlocks[i].Name.c_str(),LinkBlocks[i].Port,(LinkBlocks[i].EncryptionKey != "" ? "es" : " s"));
WriteServ(user->fd,"244 %s H * * %s",user->nick,LinkBlocks[i].Name.c_str());
}
WriteServ(user->fd,"219 %s %s :End of /STATS report",user->nick,parameters[0]);
projects / user / henk / code / inspircd.git / blobdiff