diff options
-rw-r--r-- | include/modules/webirc.h | 42 | ||||
-rw-r--r-- | src/modules/m_cgiirc.cpp | 100 | ||||
-rw-r--r-- | src/modules/m_sslinfo.cpp | 46 |
3 files changed, 183 insertions, 5 deletions
diff --git a/include/modules/webirc.h b/include/modules/webirc.h new file mode 100644 index 000000000..4ca3b0730 --- /dev/null +++ b/include/modules/webirc.h @@ -0,0 +1,42 @@ +/* + * InspIRCd -- Internet Relay Chat Daemon + * + * Copyright (C) 2016-2017 Peter Powell <petpow@saberuk.com> + * + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + + +#pragma once + +#include "event.h" + +namespace WebIRC +{ + class EventListener; + + typedef insp::flat_map<std::string, std::string, irc::insensitive_swo> FlagMap; +} + +class WebIRC::EventListener + : public Events::ModuleEventListener +{ + protected: + EventListener(Module* mod) + : ModuleEventListener(mod, "event/webirc") + { + } + + public: + virtual void OnWebIRCAuth(LocalUser* user, const FlagMap* flags) = 0; +}; diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index 8d911a5b4..d67b09c39 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -25,6 +25,7 @@ #include "inspircd.h" #include "modules/ssl.h" +#include "modules/webirc.h" #include "modules/whois.h" enum @@ -141,16 +142,18 @@ class CommandWebIRC : public SplitCommand StringExtItem gateway; StringExtItem realhost; StringExtItem realip; + Events::ModuleEventProvider webircevprov; CommandWebIRC(Module* Creator) : SplitCommand(Creator, "WEBIRC", 4) , gateway("cgiirc_gateway", ExtensionItem::EXT_USER, Creator) , realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator) , realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator) + , webircevprov(Creator, "event/webirc") { allow_empty_last_param = false; works_before_reg = true; - this->syntax = "password gateway hostname ip"; + this->syntax = "<password> <gateway> <hostname> <ip> [flags]"; } CmdResult HandleLocal(LocalUser* user, const Params& parameters) CXX11_OVERRIDE @@ -181,6 +184,33 @@ class CommandWebIRC : public SplitCommand WriteLog("Connecting user %s is using a WebIRC gateway; changing their IP from %s to %s.", user->uuid.c_str(), user->GetIPString().c_str(), parameters[3].c_str()); + // If we have custom flags then deal with them. + WebIRC::FlagMap flags; + const bool hasflags = (parameters.size() > 4); + if (hasflags) + { + // Parse the flags. + irc::spacesepstream flagstream(parameters[4]); + for (std::string flag; flagstream.GetToken(flag); ) + { + // Does this flag have a value? + const size_t separator = flag.find('='); + if (separator == std::string::npos) + { + flags[flag]; + continue; + } + + // The flag has a value! + const std::string key = flag.substr(0, separator); + const std::string value = flag.substr(separator + 1); + flags[key] = value; + } + } + + // Inform modules about the WebIRC attempt. + FOREACH_MOD_CUSTOM(webircevprov, WebIRC::EventListener, OnWebIRCAuth, (user, (hasflags ? &flags : NULL))); + // Set the IP address sent via WEBIRC. We ignore the hostname and lookup // instead do our own DNS lookups because of unreliable gateways. ChangeIP(user, ipaddr); @@ -207,7 +237,10 @@ class CommandWebIRC : public SplitCommand } }; -class ModuleCgiIRC : public Module, public Whois::EventListener +class ModuleCgiIRC + : public Module + , public WebIRC::EventListener + , public Whois::EventListener { private: CommandWebIRC cmd; @@ -251,7 +284,8 @@ class ModuleCgiIRC : public Module, public Whois::EventListener public: ModuleCgiIRC() - : Whois::EventListener(this) + : WebIRC::EventListener(this) + , Whois::EventListener(this) , cmd(this) { } @@ -361,6 +395,66 @@ class ModuleCgiIRC : public Module, public Whois::EventListener return MOD_RES_PASSTHRU; } + void OnWebIRCAuth(LocalUser* user, const WebIRC::FlagMap* flags) CXX11_OVERRIDE + { + // We are only interested in connection flags. If none have been + // given then we have nothing to do. + if (!flags) + return; + + WebIRC::FlagMap::const_iterator cport = flags->find("remote-port"); + if (cport == flags->end()) + { + // If we can't parse the port then just give up. + uint16_t port = ConvToNum<uint16_t>(cport->second); + if (port) + { + switch (user->client_sa.family()) + { + case AF_INET: + user->client_sa.in4.sin_port = htons(port); + break; + + case AF_INET6: + user->client_sa.in6.sin6_port = htons(port); + break; + + default: + // If we have reached this point then we have encountered a bug. + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "BUG: OnWebIRCAuth(%s): socket type %d is unknown!", + user->uuid.c_str(), user->client_sa.family()); + return; + } + } + } + + WebIRC::FlagMap::const_iterator sport = flags->find("local-port"); + if (sport == flags->end()) + { + // If we can't parse the port then just give up. + uint16_t port = ConvToNum<uint16_t>(sport->second); + if (port) + { + switch (user->server_sa.family()) + { + case AF_INET: + user->server_sa.in4.sin_port = htons(port); + break; + + case AF_INET6: + user->server_sa.in6.sin6_port = htons(port); + break; + + default: + // If we have reached this point then we have encountered a bug. + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "BUG: OnWebIRCAuth(%s): socket type %d is unknown!", + user->uuid.c_str(), user->server_sa.family()); + return; + } + } + } + } + void OnWhois(Whois::Context& whois) CXX11_OVERRIDE { if (!whois.IsSelfWhois() && !whois.GetSource()->HasPrivPermission("users/auspex")) diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 25415095c..a258c35a5 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -19,6 +19,7 @@ #include "inspircd.h" #include "modules/ssl.h" +#include "modules/webirc.h" #include "modules/whois.h" enum @@ -49,6 +50,12 @@ class SSLCertExt : public ExtensionItem { delete old; } + void unset(Extensible* container) + { + void* old = unset_raw(container); + delete static_cast<std::string*>(old); + } + std::string serialize(SerializeFormat format, const Extensible* container, void* item) const CXX11_OVERRIDE { return static_cast<ssl_cert*>(item)->GetMetaLine(); @@ -154,14 +161,18 @@ class UserCertificateAPIImpl : public UserCertificateAPIBase } }; -class ModuleSSLInfo : public Module, public Whois::EventListener +class ModuleSSLInfo + : public Module + , public WebIRC::EventListener + , public Whois::EventListener { CommandSSLInfo cmd; UserCertificateAPIImpl APIImpl; public: ModuleSSLInfo() - : Whois::EventListener(this) + : WebIRC::EventListener(this) + , Whois::EventListener(this) , cmd(this) , APIImpl(this, cmd.CertExt) { @@ -277,6 +288,37 @@ class ModuleSSLInfo : public Module, public Whois::EventListener return MOD_RES_DENY; return MOD_RES_PASSTHRU; } + + void OnWebIRCAuth(LocalUser* user, const WebIRC::FlagMap* flags) CXX11_OVERRIDE + { + // We are only interested in connection flags. If none have been + // given then we have nothing to do. + if (!flags) + return; + + // We only care about the tls connection flag if the connection + // between the gateway and the server is secure. + if (!cmd.CertExt.get(user)) + return; + + WebIRC::FlagMap::const_iterator iter = flags->find("secure"); + if (iter == flags->end()) + { + // If this is not set then the connection between the client and + // the gateway is not secure. + cmd.CertExt.unset(user); + return; + } + + // Create a fake ssl_cert for the user. + ssl_cert* cert = new ssl_cert; + cert->error = "WebIRC users can not specify valid certs yet"; + cert->invalid = true; + cert->revoked = true; + cert->trusted = false; + cert->unknownsigner = true; + cmd.CertExt.set(user, cert); + } }; MODULE_INIT(ModuleSSLInfo) |