X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_spanningtree%2Fserver.cpp;h=538479ca4b40b2f0e685ab43bed1bb35e0e68f15;hb=HEAD;hp=1b13fb2da60b243e23e37d37da8337b187d73436;hpb=553a8da754c8cd308bad2008018849714e70f9b7;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp index 1b13fb2da..538479ca4 100644 --- a/src/modules/m_spanningtree/server.cpp +++ b/src/modules/m_spanningtree/server.cpp @@ -1,7 +1,12 @@ /* * InspIRCd -- Internet Relay Chat Daemon * + * Copyright (C) 2013, 2017-2020 Sadie Powell + * Copyright (C) 2012-2016 Attila Molnar + * Copyright (C) 2012, 2019 Robby * Copyright (C) 2009-2010 Daniel De Graaf + * Copyright (C) 2009 Uli Schlachter + * Copyright (C) 2008-2010 Craig Edwards * Copyright (C) 2008 Robin Burchell * * This file is part of InspIRCd. InspIRCd is free software: you can @@ -19,136 +24,145 @@ #include "inspircd.h" -#include "socket.h" -#include "xline.h" -#include "socketengine.h" +#include "modules/ssl.h" #include "main.h" #include "utils.h" #include "link.h" #include "treeserver.h" #include "treesocket.h" - -/* $ModDep: m_spanningtree/main.h m_spanningtree/utils.h m_spanningtree/treeserver.h m_spanningtree/treesocket.h m_spanningtree/link.h */ +#include "commands.h" /* * Some server somewhere in the network introducing another server. * -- w */ -bool TreeSocket::RemoteServer(const std::string &prefix, parameterlist ¶ms) +CmdResult CommandServer::HandleServer(TreeServer* ParentOfThis, Params& params) { - if (params.size() < 5) - { - SendError("Protocol error - Not enough parameters for SERVER command"); - return false; - } + const std::string& servername = params[0]; + const std::string& sid = params[1]; + const std::string& description = params.back(); + TreeSocket* socket = ParentOfThis->GetSocket(); - std::string servername = params[0]; - // password is not used for a remote server - // hopcount is not used (ever) - std::string sid = params[3]; - std::string description = params[4]; - TreeServer* ParentOfThis = Utils->FindServer(prefix); - - if (!ParentOfThis) - { - this->SendError("Protocol error - Introduced remote server from unknown server "+prefix); - return false; - } - if (!ServerInstance->IsSID(sid)) + if (!InspIRCd::IsSID(sid)) { - this->SendError("Invalid format server ID: "+sid+"!"); - return false; + socket->SendError("Invalid format server ID: "+sid+"!"); + return CMD_FAILURE; } TreeServer* CheckDupe = Utils->FindServer(servername); if (CheckDupe) { - this->SendError("Server "+servername+" already exists!"); - ServerInstance->SNO->WriteToSnoMask('L', "Server \2"+CheckDupe->GetName()+"\2 being introduced from \2" + ParentOfThis->GetName() + "\2 denied, already exists. Closing link with " + ParentOfThis->GetName()); - return false; + socket->SendError("Server "+servername+" already exists!"); + ServerInstance->SNO->WriteToSnoMask('L', "Server \002"+CheckDupe->GetName()+"\002 being introduced from \002" + ParentOfThis->GetName() + "\002 denied, already exists. Closing link with " + ParentOfThis->GetName()); + return CMD_FAILURE; } CheckDupe = Utils->FindServer(sid); if (CheckDupe) { - this->SendError("Server ID "+sid+" already exists! You may want to specify the server ID for the server manually with so they do not conflict."); - ServerInstance->SNO->WriteToSnoMask('L', "Server \2"+servername+"\2 being introduced from \2" + ParentOfThis->GetName() + "\2 denied, server ID already exists on the network. Closing link with " + ParentOfThis->GetName()); - return false; + socket->SendError("Server ID "+sid+" already exists! You may want to specify the server ID for the server manually with so they do not conflict."); + ServerInstance->SNO->WriteToSnoMask('L', "Server \002"+servername+"\002 being introduced from \002" + ParentOfThis->GetName() + "\002 denied, server ID already exists on the network. Closing link with " + ParentOfThis->GetName()); + return CMD_FAILURE; } + TreeServer* route = ParentOfThis->GetRoute(); + Link* lnk = Utils->FindLink(route->GetName()); + TreeServer* Node = new TreeServer(servername, description, sid, ParentOfThis, ParentOfThis->GetSocket(), lnk ? lnk->Hidden : false); - Link* lnk = Utils->FindLink(servername); + HandleExtra(Node, params); - TreeServer *Node = new TreeServer(Utils, servername, description, sid, ParentOfThis,NULL, lnk ? lnk->Hidden : false); - - ParentOfThis->AddChild(Node); - params[4] = ":" + params[4]; - Utils->DoOneToAllButSender(prefix,"SERVER",params,prefix); ServerInstance->SNO->WriteToSnoMask('L', "Server \002"+ParentOfThis->GetName()+"\002 introduced server \002"+servername+"\002 ("+description+")"); - return true; + return CMD_SUCCESS; } +void CommandServer::HandleExtra(TreeServer* newserver, Params& params) +{ + for (CommandBase::Params::const_iterator i = params.begin() + 2; i != params.end() - 1; ++i) + { + const std::string& prop = *i; + std::string::size_type p = prop.find('='); -/* - * This is used after the other side of a connection has accepted our credentials. - * They are then introducing themselves to us, BEFORE either of us burst. -- w - */ -bool TreeSocket::Outbound_Reply_Server(parameterlist ¶ms) + std::string key = prop; + std::string val; + if (p != std::string::npos) + { + key.erase(p); + val.assign(prop, p+1, std::string::npos); + } + + if (irc::equals(key, "burst")) + newserver->BeginBurst(ConvToNum(val)); + else if (irc::equals(key, "hidden")) + newserver->Hidden = ConvToNum(val); + } +} + +Link* TreeSocket::AuthRemote(const CommandBase::Params& params) { if (params.size() < 5) { SendError("Protocol error - Not enough parameters for SERVER command"); - return false; + return NULL; } - irc::string servername = params[0].c_str(); - std::string sname = params[0]; - std::string password = params[1]; - std::string sid = params[3]; - std::string description = params[4]; - int hops = atoi(params[2].c_str()); + const std::string& sname = params[0]; + const std::string& password = params[1]; + const std::string& sid = params[3]; + const std::string& description = params.back(); this->SendCapabilities(2); - if (hops) - { - this->SendError("Server too far away for authentication"); - ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, server is too far away for authentication"); - return false; - } - if (!ServerInstance->IsSID(sid)) { this->SendError("Invalid format server ID: "+sid+"!"); - return false; + return NULL; } for (std::vector >::iterator i = Utils->LinkBlocks.begin(); i < Utils->LinkBlocks.end(); i++) { Link* x = *i; - if (x->Name != servername && x->Name != "*") // open link allowance + if (!InspIRCd::Match(sname, x->Name)) continue; if (!ComparePass(*x, password)) { - ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); + ServerInstance->SNO->WriteToSnoMask('l', "Invalid password on link: %s", x->Name.c_str()); continue; } - TreeServer* CheckDupe = Utils->FindServer(sname); - if (CheckDupe) + if (!CheckDuplicate(sname, sid)) + return NULL; + + ServerInstance->SNO->WriteToSnoMask('l', "Verified server connection " + linkID + " ("+description+")"); + + const SSLIOHook* const ssliohook = SSLIOHook::IsSSL(this); + if (ssliohook) { - this->SendError("Server "+sname+" already exists on server "+CheckDupe->GetParent()->GetName()+"!"); - ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, already exists on server "+CheckDupe->GetParent()->GetName()); - return false; + std::string ciphersuite; + ssliohook->GetCiphersuite(ciphersuite); + ServerInstance->SNO->WriteToSnoMask('l', "Negotiated ciphersuite %s on link %s", ciphersuite.c_str(), x->Name.c_str()); } - CheckDupe = Utils->FindServer(sid); - if (CheckDupe) + else if (!irc::sockets::cidr_mask("127.0.0.0/8").match(capab->remotesa) && !irc::sockets::cidr_mask("::1/128").match(capab->remotesa)) { - this->SendError("Server ID "+sid+" already exists on the network! You may want to specify the server ID for the server manually with so they do not conflict."); - ServerInstance->SNO->WriteToSnoMask('l',"Server \2"+assign(servername)+"\2 being introduced denied, server ID already exists on the network. Closing link."); - return false; + ServerInstance->SNO->WriteGlobalSno('l', "Server connection to %s is not using SSL (TLS). This is VERY INSECURE and will not be allowed in the next major version of InspIRCd.", x->Name.c_str()); } + return x; + } + + this->SendError("Mismatched server name or password (check the other server's snomask output for details - e.g. user mode +s +Ll)"); + ServerInstance->SNO->WriteToSnoMask('l', "Server connection from \002"+sname+"\002 denied, invalid link credentials"); + return NULL; +} + +/* + * This is used after the other side of a connection has accepted our credentials. + * They are then introducing themselves to us, BEFORE either of us burst. -- w + */ +bool TreeSocket::Outbound_Reply_Server(CommandBase::Params& params) +{ + const Link* x = AuthRemote(params); + if (x) + { /* * They're in WAIT_AUTH_2 (having accepted our credentials). * Set our state to CONNECTED (since everything's peachy so far) and send our @@ -157,118 +171,75 @@ bool TreeSocket::Outbound_Reply_Server(parameterlist ¶ms) * While we're at it, create a treeserver object so we know about them. * -- w */ - this->LinkState = CONNECTED; + FinishAuth(params[0], params[3], params.back(), x->Hidden); - Utils->timeoutlist.erase(this); - linkID = sname; - - MyRoot = new TreeServer(Utils, sname, description, sid, Utils->TreeRoot, this, x->Hidden); - - Utils->TreeRoot->AddChild(MyRoot); - params[4] = ":" + params[4]; - - /* IMPORTANT: Take password/hmac hash OUT of here before we broadcast the introduction! */ - params[1] = "*"; - Utils->DoOneToAllButSender(ServerInstance->Config->GetSID(),"SERVER",params,sname); - - this->DoBurst(MyRoot); return true; } - this->SendError("Invalid credentials (check the other server's linking snomask for more information)"); - ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, invalid link credentials"); return false; } -/* - * Someone else is attempting to connect to us if this is called. Validate their credentials etc. - * -- w - */ -bool TreeSocket::Inbound_Server(parameterlist ¶ms) +bool TreeSocket::CheckDuplicate(const std::string& sname, const std::string& sid) { - if (params.size() < 5) + // Check if the server name is not in use by a server that's already fully connected + TreeServer* CheckDupe = Utils->FindServer(sname); + if (CheckDupe) { - SendError("Protocol error - Missing SID"); + std::string pname = CheckDupe->GetParent() ? CheckDupe->GetParent()->GetName() : ""; + SendError("Server "+sname+" already exists on server "+pname+"!"); + ServerInstance->SNO->WriteToSnoMask('l', "Server connection from \002"+sname+"\002 denied, already exists on server "+pname); return false; } - irc::string servername = params[0].c_str(); - std::string sname = params[0]; - std::string password = params[1]; - std::string sid = params[3]; - std::string description = params[4]; - int hops = atoi(params[2].c_str()); - - this->SendCapabilities(2); + // Check if the id is not in use by a server that's already fully connected + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Looking for dupe SID %s", sid.c_str()); + CheckDupe = Utils->FindServerID(sid); - if (hops) + if (CheckDupe) { - this->SendError("Server too far away for authentication"); - ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, server is too far away for authentication"); + this->SendError("Server ID "+CheckDupe->GetId()+" already exists on server "+CheckDupe->GetName()+"! You may want to specify the server ID for the server manually with so they do not conflict."); + ServerInstance->SNO->WriteToSnoMask('l', "Server connection from \002"+sname+"\002 denied, server ID '"+CheckDupe->GetId()+ + "' already exists on server "+CheckDupe->GetName()); return false; } - if (!ServerInstance->IsSID(sid)) - { - this->SendError("Invalid format server ID: "+sid+"!"); - return false; - } + return true; +} - for (std::vector >::iterator i = Utils->LinkBlocks.begin(); i < Utils->LinkBlocks.end(); i++) +/* + * Someone else is attempting to connect to us if this is called. Validate their credentials etc. + * -- w + */ +bool TreeSocket::Inbound_Server(CommandBase::Params& params) +{ + const Link* x = AuthRemote(params); + if (x) { - Link* x = *i; - if (x->Name != servername && x->Name != "*") // open link allowance - continue; - - if (!ComparePass(*x, password)) - { - ServerInstance->SNO->WriteToSnoMask('l',"Invalid password on link: %s", x->Name.c_str()); - continue; - } + // Save these for later, so when they accept our credentials (indicated by BURST) we remember them + this->capab->hidden = x->Hidden; + this->capab->sid = params[3]; + this->capab->description = params.back(); + this->capab->name = params[0]; - /* Now check for fully initialized ServerInstances of the server by name */ - TreeServer* CheckDupe = Utils->FindServer(sname); - if (CheckDupe) - { - std::string pname = CheckDupe->GetParent() ? CheckDupe->GetParent()->GetName() : ""; - SendError("Server "+sname+" already exists on server "+pname+"!"); - ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, already exists on server "+pname); - return false; - } - - /* Check for fully initialized instances of the server by id */ - ServerInstance->Logs->Log("m_spanningtree",DEBUG,"Looking for dupe SID %s", sid.c_str()); - CheckDupe = Utils->FindServerID(sid); - - if (CheckDupe) - { - this->SendError("Server ID "+CheckDupe->GetID()+" already exists on server "+CheckDupe->GetName()+"! You may want to specify the server ID for the server manually with so they do not conflict."); - ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, server ID '"+CheckDupe->GetID()+ - "' already exists on server "+CheckDupe->GetName()); - return false; - } - - ServerInstance->SNO->WriteToSnoMask('l',"Verified incoming server connection " + linkID + " ("+description+")"); - linkID = sname; - - // this is good. Send our details: Our server name and description and hopcount of 0, + // Send our details: Our server name and description and hopcount of 0, // along with the sendpass from this block. - this->SendCapabilities(2); - this->WriteLine(std::string("SERVER ")+ServerInstance->Config->ServerName+" "+this->MakePass(x->SendPass, this->GetTheirChallenge())+" 0 "+ServerInstance->Config->GetSID()+" :"+ServerInstance->Config->ServerDesc); - // move to the next state, we are now waiting for THEM. - MyRoot = new TreeServer(Utils, sname, description, sid, Utils->TreeRoot, this, x->Hidden); - Utils->TreeRoot->AddChild(MyRoot); - - params[1] = "*"; - params[4] = ":" + params[4]; - Utils->DoOneToAllButSender(ServerInstance->Config->GetSID(),"SERVER",params,sname); + this->WriteLine("SERVER "+ServerInstance->Config->ServerName+" "+this->MakePass(x->SendPass, this->GetTheirChallenge())+" 0 "+ServerInstance->Config->GetSID()+" :"+ServerInstance->Config->ServerDesc); + // move to the next state, we are now waiting for THEM. this->LinkState = WAIT_AUTH_2; return true; } - this->SendError("Invalid credentials"); - ServerInstance->SNO->WriteToSnoMask('l',"Server connection from \2"+sname+"\2 denied, invalid link credentials"); return false; } +CommandServer::Builder::Builder(TreeServer* server) + : CmdBuilder(server->GetParent(), "SERVER") +{ + push(server->GetName()); + push(server->GetId()); + if (server->IsBursting()) + push_property("burst", ConvToStr(server->StartBurst)); + push_property("hidden", ConvToStr(server->Hidden)); + push_last(server->GetDesc()); +}