X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_spanningtree%2Fserver.cpp;h=536c4424d98b2081a9169d1dd732cab8c2dd5afc;hb=e1ebec0e7255ad500cba6b9f79f318366a00a13a;hp=da44452bad6e89dbb9f986645f2ca1894c77597c;hpb=63041954b1cfda4aaf1e89d4b16fb6d1411caa3e;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp index da44452ba..536c4424d 100644 --- a/src/modules/m_spanningtree/server.cpp +++ b/src/modules/m_spanningtree/server.cpp @@ -1,154 +1,168 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ +/* + * InspIRCd -- Internet Relay Chat Daemon + * + * Copyright (C) 2013, 2017-2019 Sadie Powell + * Copyright (C) 2012-2016 Attila Molnar + * Copyright (C) 2012, 2019 Robby + * Copyright (C) 2009-2010 Daniel De Graaf + * Copyright (C) 2009 Uli Schlachter + * Copyright (C) 2008-2010 Craig Edwards + * Copyright (C) 2008 Robin Burchell * - * InspIRCd: (C) 2002-2009 InspIRCd Development Team - * See: http://www.inspircd.org/wiki/index.php/Credits + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. * - * This program is free but copyrighted software; see - * the file COPYING for details. + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * --------------------------------------------------- + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ -#include "inspircd.h" -#include "commands/cmd_whois.h" -#include "commands/cmd_stats.h" -#include "socket.h" -#include "xline.h" -#include "transport.h" -#include "socketengine.h" -#include "m_spanningtree/main.h" -#include "m_spanningtree/utils.h" -#include "m_spanningtree/link.h" -#include "m_spanningtree/treeserver.h" -#include "m_spanningtree/treesocket.h" +#include "inspircd.h" +#include "modules/ssl.h" -/* $ModDep: m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/treesocket.h m_spanningtree/link.h */ +#include "main.h" +#include "utils.h" +#include "link.h" +#include "treeserver.h" +#include "treesocket.h" +#include "commands.h" /* * Some server somewhere in the network introducing another server. * -- w */ -bool TreeSocket::RemoteServer(const std::string &prefix, std::deque ¶ms) +CmdResult CommandServer::HandleServer(TreeServer* ParentOfThis, Params& params) { - if (params.size() < 5) - { - SendError("Protocol error - Not enough parameters for SERVER command"); - return false; - } + const std::string& servername = params[0]; + const std::string& sid = params[1]; + const std::string& description = params.back(); + TreeSocket* socket = ParentOfThis->GetSocket(); - std::string servername = params[0]; - // password is not used for a remote server - // hopcount is not used (ever) - std::string sid = params[3]; - std::string description = params[4]; - TreeServer* ParentOfThis = Utils->FindServer(prefix); - - if (!ParentOfThis) - { - this->SendError("Protocol error - Introduced remote server from unknown server "+ParentOfThis->GetName()); - return false; - } - if (!this->ServerInstance->IsSID(sid)) + if (!InspIRCd::IsSID(sid)) { - this->SendError("Invalid format server ID: "+sid+"!"); - return false; + socket->SendError("Invalid format server ID: "+sid+"!"); + return CMD_FAILURE; } TreeServer* CheckDupe = Utils->FindServer(servername); if (CheckDupe) { - this->SendError("Server "+servername+" already exists!"); - this->ServerInstance->SNO->WriteToSnoMask('L', "Server \2"+CheckDupe->GetName()+"\2 being introduced from \2" + ParentOfThis->GetName() + "\2 denied, already exists. Closing link with " + ParentOfThis->GetName()); - return false; + socket->SendError("Server "+servername+" already exists!"); + ServerInstance->SNO->WriteToSnoMask('L', "Server \002"+CheckDupe->GetName()+"\002 being introduced from \002" + ParentOfThis->GetName() + "\002 denied, already exists. Closing link with " + ParentOfThis->GetName()); + return CMD_FAILURE; } CheckDupe = Utils->FindServer(sid); if (CheckDupe) { - this->SendError("Server ID "+sid+" already exists! You may want to specify the server ID for the server manually with so they do not conflict."); - this->ServerInstance->SNO->WriteToSnoMask('L', "Server \2"+servername+"\2 being introduced from \2" + ParentOfThis->GetName() + "\2 denied, server ID already exists on the network. Closing link with " + ParentOfThis->GetName()); - return false; + socket->SendError("Server ID "+sid+" already exists! You may want to specify the server ID for the server manually with so they do not conflict."); + ServerInstance->SNO->WriteToSnoMask('L', "Server \002"+servername+"\002 being introduced from \002" + ParentOfThis->GetName() + "\002 denied, server ID already exists on the network. Closing link with " + ParentOfThis->GetName()); + return CMD_FAILURE; } + TreeServer* route = ParentOfThis->GetRoute(); + Link* lnk = Utils->FindLink(route->GetName()); + TreeServer* Node = new TreeServer(servername, description, sid, ParentOfThis, ParentOfThis->GetSocket(), lnk ? lnk->Hidden : false); - Link* lnk = Utils->FindLink(servername); - - TreeServer *Node = new TreeServer(this->Utils, this->ServerInstance, servername, description, sid, ParentOfThis,NULL, lnk ? lnk->Hidden : false); + HandleExtra(Node, params); - ParentOfThis->AddChild(Node); - params[4] = ":" + params[4]; - Utils->DoOneToAllButSender(prefix,"SERVER",params,prefix); - this->ServerInstance->SNO->WriteToSnoMask('L', "Server \002"+ParentOfThis->GetName()+"\002 introduced server \002"+servername+"\002 ("+description+")"); - return true; + ServerInstance->SNO->WriteToSnoMask('L', "Server \002"+ParentOfThis->GetName()+"\002 introduced server \002"+servername+"\002 ("+description+")"); + return CMD_SUCCESS; } +void CommandServer::HandleExtra(TreeServer* newserver, Params& params) +{ + for (CommandBase::Params::const_iterator i = params.begin() + 2; i != params.end() - 1; ++i) + { + const std::string& prop = *i; + std::string::size_type p = prop.find('='); -/* - * This is used after the other side of a connection has accepted our credentials. - * They are then introducing themselves to us, BEFORE either of us burst. -- w - */ -bool TreeSocket::Outbound_Reply_Server(std::deque ¶ms) + std::string key = prop; + std::string val; + if (p != std::string::npos) + { + key.erase(p); + val.assign(prop, p+1, std::string::npos); + } + + if (irc::equals(key, "burst")) + newserver->BeginBurst(ConvToNum(val)); + else if (irc::equals(key, "hidden")) + newserver->Hidden = ConvToNum(val); + } +} + +Link* TreeSocket::AuthRemote(const CommandBase::Params& params) { if (params.size() < 5) { SendError("Protocol error - Not enough parameters for SERVER command"); - return false; + return NULL; } - irc::string servername = params[0].c_str(); - std::string sname = params[0]; - std::string password = params[1]; - std::string sid = params[3]; - std::string description = params[4]; - int hops = atoi(params[2].c_str()); - - this->InboundServerName = sname; - this->InboundDescription = description; - this->InboundSID = sid; + const std::string& sname = params[0]; + const std::string& password = params[1]; + const std::string& sid = params[3]; + const std::string& description = params.back(); - if (!sentcapab) - this->SendCapabilities(); + this->SendCapabilities(2); - if (hops) - { - this->SendError("Server too far away for authentication"); - this->ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, server is too far away for authentication"); - return false; - } - - if (!this->ServerInstance->IsSID(sid)) + if (!ServerInstance->IsSID(sid)) { this->SendError("Invalid format server ID: "+sid+"!"); - return false; + return NULL; } - for (std::vector::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++) + for (std::vector >::iterator i = Utils->LinkBlocks.begin(); i < Utils->LinkBlocks.end(); i++) { - if (x->Name != servername && x->Name != "*") // open link allowance + Link* x = *i; + if (!InspIRCd::Match(sname, x->Name)) continue; - if (!ComparePass(x->RecvPass, password)) + if (!ComparePass(*x, password)) { - this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); + ServerInstance->SNO->WriteToSnoMask('l', "Invalid password on link: %s", x->Name.c_str()); continue; } - TreeServer* CheckDupe = Utils->FindServer(sname); - if (CheckDupe) + if (!CheckDuplicate(sname, sid)) + return NULL; + + ServerInstance->SNO->WriteToSnoMask('l', "Verified server connection " + linkID + " ("+description+")"); + + const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(this); + if (ssliohook) { - this->SendError("Server "+sname+" already exists on server "+CheckDupe->GetParent()->GetName()+"!"); - this->ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName()); - return false; + std::string ciphersuite; + ssliohook->GetCiphersuite(ciphersuite); + ServerInstance->SNO->WriteToSnoMask('l', "Negotiated ciphersuite %s on link %s", ciphersuite.c_str(), x->Name.c_str()); } - CheckDupe = Utils->FindServer(sid); - if (CheckDupe) + else if (!irc::sockets::cidr_mask("127.0.0.0/8").match(capab->remotesa) && !irc::sockets::cidr_mask("::1/128").match(capab->remotesa)) { - this->SendError("Server ID "+sid+" already exists on the network! You may want to specify the server ID for the server manually with so they do not conflict."); - this->ServerInstance->SNO->WriteToSnoMask('l',"Server \2"+assign(servername)+"\2 being introduced denied, server ID already exists on the network. Closing link."); - return false; + ServerInstance->SNO->WriteGlobalSno('l', "Server connection to %s is not using SSL (TLS). This is VERY INSECURE and will not be allowed in the next major version of InspIRCd.", x->Name.c_str()); } + return x; + } + + this->SendError("Mismatched server name or password (check the other server's snomask output for details - e.g. user mode +s +Ll)"); + ServerInstance->SNO->WriteToSnoMask('l', "Server connection from \002"+sname+"\002 denied, invalid link credentials"); + return NULL; +} + +/* + * This is used after the other side of a connection has accepted our credentials. + * They are then introducing themselves to us, BEFORE either of us burst. -- w + */ +bool TreeSocket::Outbound_Reply_Server(CommandBase::Params& params) +{ + const Link* x = AuthRemote(params); + if (x) + { /* * They're in WAIT_AUTH_2 (having accepted our credentials). * Set our state to CONNECTED (since everything's peachy so far) and send our @@ -157,120 +171,75 @@ bool TreeSocket::Outbound_Reply_Server(std::deque ¶ms) * While we're at it, create a treeserver object so we know about them. * -- w */ - this->LinkState = CONNECTED; - - Utils->timeoutlist.erase(this); - - TreeServer *Node = new TreeServer(this->Utils, this->ServerInstance, sname, description, sid, Utils->TreeRoot, this, x->Hidden); - - Utils->TreeRoot->AddChild(Node); - params[4] = ":" + params[4]; + FinishAuth(params[0], params[3], params.back(), x->Hidden); - - /* IMPORTANT: Take password/hmac hash OUT of here before we broadcast the introduction! */ - params[1] = "*"; - Utils->DoOneToAllButSender(ServerInstance->Config->GetSID(),"SERVER",params,sname); - - Node->bursting = true; - this->DoBurst(Node); return true; } - this->SendError("Invalid credentials (check the other server's linking snomask for more information)"); - this->ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, invalid link credentials"); return false; } -/* - * Someone else is attempting to connect to us if this is called. Validate their credentials etc. - * -- w - */ -bool TreeSocket::Inbound_Server(std::deque ¶ms) +bool TreeSocket::CheckDuplicate(const std::string& sname, const std::string& sid) { - if (params.size() < 5) + // Check if the server name is not in use by a server that's already fully connected + TreeServer* CheckDupe = Utils->FindServer(sname); + if (CheckDupe) { - SendError("Protocol error - Missing SID"); + std::string pname = CheckDupe->GetParent() ? CheckDupe->GetParent()->GetName() : ""; + SendError("Server "+sname+" already exists on server "+pname+"!"); + ServerInstance->SNO->WriteToSnoMask('l', "Server connection from \002"+sname+"\002 denied, already exists on server "+pname); return false; } - irc::string servername = params[0].c_str(); - std::string sname = params[0]; - std::string password = params[1]; - std::string sid = params[3]; - std::string description = params[4]; - int hops = atoi(params[2].c_str()); - - this->InboundServerName = sname; - this->InboundDescription = description; - this->InboundSID = sid; + // Check if the id is not in use by a server that's already fully connected + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Looking for dupe SID %s", sid.c_str()); + CheckDupe = Utils->FindServerID(sid); - if (!sentcapab) - this->SendCapabilities(); - - if (hops) + if (CheckDupe) { - this->SendError("Server too far away for authentication"); - this->ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, server is too far away for authentication"); + this->SendError("Server ID "+CheckDupe->GetId()+" already exists on server "+CheckDupe->GetName()+"! You may want to specify the server ID for the server manually with so they do not conflict."); + ServerInstance->SNO->WriteToSnoMask('l', "Server connection from \002"+sname+"\002 denied, server ID '"+CheckDupe->GetId()+ + "' already exists on server "+CheckDupe->GetName()); return false; } - if (!this->ServerInstance->IsSID(sid)) - { - this->SendError("Invalid format server ID: "+sid+"!"); - return false; - } + return true; +} - for (std::vector::iterator x = Utils->LinkBlocks.begin(); x < Utils->LinkBlocks.end(); x++) +/* + * Someone else is attempting to connect to us if this is called. Validate their credentials etc. + * -- w + */ +bool TreeSocket::Inbound_Server(CommandBase::Params& params) +{ + const Link* x = AuthRemote(params); + if (x) { - if (x->Name != servername && x->Name != "*") // open link allowance - continue; - - if (!ComparePass(x->RecvPass, password)) - { - this->ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); - continue; - } - - /* Now check for fully initialized ServerInstances of the server by name */ - TreeServer* CheckDupe = Utils->FindServer(sname); - if (CheckDupe) - { - this->SendError("Server "+sname+" already exists on server "+CheckDupe->GetParent()->GetName()+"!"); - this->ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName()); - return false; - } + // Save these for later, so when they accept our credentials (indicated by BURST) we remember them + this->capab->hidden = x->Hidden; + this->capab->sid = params[3]; + this->capab->description = params.back(); + this->capab->name = params[0]; - /* Check for fully initialized instances of the server by id */ - ServerInstance->Logs->Log("m_spanningtree",DEBUG,"Looking for dupe SID %s", sid.c_str()); - CheckDupe = Utils->FindServerID(sid); - - if (CheckDupe) - { - this->SendError("Server ID "+CheckDupe->GetID()+" already exists on server "+CheckDupe->GetName()+"! You may want to specify the server ID for the server manually with so they do not conflict."); - this->ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, server ID '"+CheckDupe->GetID()+ - "' already exists on server "+CheckDupe->GetName()); - return false; - } - - - this->ServerInstance->SNO->WriteToSnoMask('l',"Verified incoming server connection from \002"+sname+"\002["+(x->HiddenFromStats ? "" : this->GetIP())+"] ("+description+")"); - if (this->Hook) - { - std::string name = BufferedSocketNameRequest((Module*)Utils->Creator, this->Hook).Send(); - this->ServerInstance->SNO->WriteToSnoMask('l',"Connection from \2"+sname+"\2["+(x->HiddenFromStats ? "" : this->GetIP())+"] using transport \2"+name+"\2"); - } - - // this is good. Send our details: Our server name and description and hopcount of 0, + // Send our details: Our server name and description and hopcount of 0, // along with the sendpass from this block. - this->SendCapabilities(); - this->WriteLine(std::string("SERVER ")+this->ServerInstance->Config->ServerName+" "+this->MakePass(x->SendPass, this->GetTheirChallenge())+" 0 "+ServerInstance->Config->GetSID()+" :"+this->ServerInstance->Config->ServerDesc); + this->WriteLine("SERVER "+ServerInstance->Config->ServerName+" "+this->MakePass(x->SendPass, this->GetTheirChallenge())+" 0 "+ServerInstance->Config->GetSID()+" :"+ServerInstance->Config->ServerDesc); + // move to the next state, we are now waiting for THEM. this->LinkState = WAIT_AUTH_2; return true; } - this->SendError("Invalid credentials"); - this->ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, invalid link credentials"); return false; } +CommandServer::Builder::Builder(TreeServer* server) + : CmdBuilder(server->GetParent(), "SERVER") +{ + push(server->GetName()); + push(server->GetId()); + if (server->IsBursting()) + push_property("burst", ConvToStr(server->StartBurst)); + push_property("hidden", ConvToStr(server->Hidden)); + push_last(server->GetDesc()); +}