summaryrefslogtreecommitdiff
path: root/src/modules
diff options
context:
space:
mode:
authorPeter Powell <petpow@saberuk.com>2017-07-12 14:25:28 +0100
committerGitHub <noreply@github.com>2017-07-12 14:25:28 +0100
commitf471083cd0519d47c7c7a09029813ede41994f7b (patch)
tree26d756d60526de438b501fd3da71bffe9e551455 /src/modules
parent2f64744dd81cd956780160e8568a42cf952df6c8 (diff)
parentc0aba5b728b0a921d95ec120aa638dab1520b42f (diff)
Merge pull request #1337 from SaberUK/master+merge
Merge v2.0.23 and v2.0.24 into master.
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/m_cgiirc.cpp10
-rw-r--r--src/modules/m_cloaking.cpp9
-rw-r--r--src/modules/m_dnsbl.cpp8
-rw-r--r--src/modules/m_hostcycle.cpp2
-rw-r--r--src/modules/m_httpd_stats.cpp2
-rw-r--r--src/modules/m_override.cpp3
-rw-r--r--src/modules/m_sasl.cpp61
7 files changed, 89 insertions, 6 deletions
diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp
index 09d6e5fdf..5eba5ce35 100644
--- a/src/modules/m_cgiirc.cpp
+++ b/src/modules/m_cgiirc.cpp
@@ -77,6 +77,7 @@ class CommandWebirc : public Command
realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator)
, realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator)
{
+ allow_empty_last_param = false;
works_before_reg = true;
this->syntax = "password client hostname ip";
}
@@ -85,6 +86,14 @@ class CommandWebirc : public Command
if(user->registered == REG_ALL)
return CMD_FAILURE;
+ irc::sockets::sockaddrs ipaddr;
+ if (!irc::sockets::aptosa(parameters[3], 0, ipaddr))
+ {
+ IS_LOCAL(user)->CommandFloodPenalty += 5000;
+ ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s tried to use WEBIRC but gave an invalid IP address.", user->GetFullRealHost().c_str());
+ return CMD_FAILURE;
+ }
+
for(CGIHostlist::iterator iter = Hosts.begin(); iter != Hosts.end(); iter++)
{
if(InspIRCd::Match(user->host, iter->hostmask, ascii_case_insensitive_map) || InspIRCd::MatchCIDR(user->GetIPString(), iter->hostmask, ascii_case_insensitive_map))
@@ -112,6 +121,7 @@ class CommandWebirc : public Command
}
}
+ IS_LOCAL(user)->CommandFloodPenalty += 5000;
ServerInstance->SNO->WriteGlobalSno('w', "Connecting user %s tried to use WEBIRC, but didn't match any configured webirc blocks.", user->GetFullRealHost().c_str());
return CMD_FAILURE;
}
diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp
index 890c799f2..5cedb5774 100644
--- a/src/modules/m_cloaking.cpp
+++ b/src/modules/m_cloaking.cpp
@@ -89,6 +89,10 @@ class CloakUser : public ModeHandler
if (adding)
{
+ // assume this is more correct
+ if (user->registered != REG_ALL && user->host != user->dhost)
+ return MODEACTION_DENY;
+
std::string* cloak = ext.get(user);
if (!cloak)
@@ -343,11 +347,14 @@ class ModuleCloaking : public Module
{
std::string chost;
+ irc::sockets::sockaddrs hostip;
+ bool host_is_ip = irc::sockets::aptosa(host, ip.port(), hostip) && hostip == ip;
+
switch (mode)
{
case MODE_HALF_CLOAK:
{
- if (ipstr != host)
+ if (!host_is_ip)
chost = prefix + SegmentCloak(host, 1, 6) + LastTwoDomainParts(host);
if (chost.empty() || chost.length() > 50)
chost = SegmentIP(ip, false);
diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp
index 73ecd02a6..7b0f06191 100644
--- a/src/modules/m_dnsbl.cpp
+++ b/src/modules/m_dnsbl.cpp
@@ -70,6 +70,14 @@ class DNSBLResolver : public DNS::Request
if (!ans_record)
return;
+ // All replies should be in 127.0.0.0/8
+ if (ans_record->rdata.compare(0, 4, "127.") != 0)
+ {
+ ServerInstance->SNO->WriteGlobalSno('a', "DNSBL: %s returned address outside of acceptable subnet 127.0.0.0/8: %s", ConfEntry->domain.c_str(), ans_record->rdata.c_str());
+ ConfEntry->stats_misses++;
+ return;
+ }
+
int i = countExt.get(them);
if (i)
countExt.set(them, i - 1);
diff --git a/src/modules/m_hostcycle.cpp b/src/modules/m_hostcycle.cpp
index b33c101ef..621f06a27 100644
--- a/src/modules/m_hostcycle.cpp
+++ b/src/modules/m_hostcycle.cpp
@@ -40,6 +40,8 @@ class ModuleHostCycle : public Module
FOREACH_MOD(OnBuildNeighborList, (user, include_chans, exceptions));
+ // Users shouldn't see themselves quitting when host cycling
+ exceptions.erase(user);
for (std::map<User*,bool>::iterator i = exceptions.begin(); i != exceptions.end(); ++i)
{
LocalUser* u = IS_LOCAL(i->first);
diff --git a/src/modules/m_httpd_stats.cpp b/src/modules/m_httpd_stats.cpp
index 11fad4b18..62ae0c204 100644
--- a/src/modules/m_httpd_stats.cpp
+++ b/src/modules/m_httpd_stats.cpp
@@ -211,7 +211,7 @@ class ModuleHttpStats : public Module, public HTTPRequestEventListener
data << "<server>";
data << "<servername>" << b->servername << "</servername>";
data << "<parentname>" << b->parentname << "</parentname>";
- data << "<gecos>" << b->gecos << "</gecos>";
+ data << "<gecos>" << Sanitize(b->gecos) << "</gecos>";
data << "<usercount>" << b->usercount << "</usercount>";
// This is currently not implemented, so, commented out.
// data << "<opercount>" << b->opercount << "</opercount>";
diff --git a/src/modules/m_override.cpp b/src/modules/m_override.cpp
index 9cfc3aed0..fd09dd6ec 100644
--- a/src/modules/m_override.cpp
+++ b/src/modules/m_override.cpp
@@ -121,7 +121,8 @@ class ModuleOverride : public Module
if (source->IsOper() && CanOverride(source,"KICK"))
{
// If the kicker's status is less than the target's, or the kicker's status is less than or equal to voice
- if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE))
+ if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE) ||
+ (memb->chan->GetPrefixValue(source) == HALFOP_VALUE && memb->getRank() == HALFOP_VALUE))
{
ServerInstance->SNO->WriteGlobalSno('v',source->nick+" used oper override to kick "+memb->user->nick+" on "+memb->chan->name+" ("+reason+")");
return MOD_RES_ALLOW;
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 2b247a198..9f7e1527b 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -153,10 +153,63 @@ class SaslAuthenticator
SaslResult result;
bool state_announced;
+ /* taken from m_services_account */
+ static bool ReadCGIIRCExt(const char* extname, User* user, std::string& out)
+ {
+ ExtensionItem* wiext = ServerInstance->Extensions.GetItem(extname);
+ if (!wiext)
+ return false;
+
+ if (wiext->creator->ModuleSourceFile != "m_cgiirc.so")
+ return false;
+
+ StringExtItem* stringext = static_cast<StringExtItem*>(wiext);
+ std::string* addr = stringext->get(user);
+ if (!addr)
+ return false;
+
+ out = *addr;
+ return true;
+ }
+
+
+ void SendHostIP()
+ {
+ std::string host, ip;
+
+ if (!ReadCGIIRCExt("cgiirc_webirc_hostname", user, host))
+ {
+ host = user->host;
+ }
+ if (!ReadCGIIRCExt("cgiirc_webirc_ip", user, ip))
+ {
+ ip = user->GetIPString();
+ }
+ else
+ {
+ /* IP addresses starting with a : on irc are a Bad Thing (tm) */
+ if (ip.c_str()[0] == ':')
+ ip.insert(ip.begin(),1,'0');
+ }
+
+ parameterlist params;
+ params.push_back(sasl_target);
+ params.push_back("SASL");
+ params.push_back(user->uuid);
+ params.push_back("*");
+ params.push_back("H");
+ params.push_back(host);
+ params.push_back(ip);
+
+ SendSASL(params);
+ }
+
public:
SaslAuthenticator(User* user_, const std::string& method)
: user(user_), state(SASL_INIT), state_announced(false)
{
+ SendHostIP();
+
parameterlist params;
params.push_back(user->uuid);
params.push_back("*");
@@ -287,6 +340,7 @@ class CommandAuthenticate : public Command
: Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
{
works_before_reg = true;
+ allow_empty_last_param = false;
}
CmdResult Handle (const std::vector<std::string>& parameters, User *user)
@@ -295,6 +349,9 @@ class CommandAuthenticate : public Command
if (!cap.get(user))
return CMD_FAILURE;
+ if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
+ return CMD_FAILURE;
+
SaslAuthenticator *sasl = authExt.get(user);
if (!sasl)
authExt.set(user, new SaslAuthenticator(user, parameters[0]));
@@ -378,7 +435,7 @@ class ModuleSASL : public Module
servertracker.Reset();
}
- ModResult OnUserRegister(LocalUser *user) CXX11_OVERRIDE
+ void OnUserConnect(LocalUser *user) CXX11_OVERRIDE
{
SaslAuthenticator *sasl_ = authExt.get(user);
if (sasl_)
@@ -386,8 +443,6 @@ class ModuleSASL : public Module
sasl_->Abort();
authExt.unset(user);
}
-
- return MOD_RES_PASSTHRU;
}
void OnDecodeMetaData(Extensible* target, const std::string& extname, const std::string& extdata) CXX11_OVERRIDE
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-04 11:56:45 +0000