diff options
Diffstat (limited to 'src/modules')
| -rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 2 | ||||
| -rw-r--r-- | src/modules/m_cloaking.cpp | 18 | ||||
| -rw-r--r-- | src/modules/m_sasl.cpp | 125 |
3 files changed, 52 insertions, 93 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index c1ffdfb4c..8b414230a 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -29,7 +29,7 @@ /// $PackageInfo: require_system("centos") gnutls-devel pkgconfig /// $PackageInfo: require_system("darwin") gnutls pkg-config /// $PackageInfo: require_system("ubuntu" "1.0" "13.10") libgcrypt11-dev -/// $PackageInfo: require_system("ubuntu" "14.04") gnutls-bin libgnutls-dev pkg-config +/// $PackageInfo: require_system("ubuntu") gnutls-bin libgnutls-dev pkg-config #include "inspircd.h" #include "modules/ssl.h" diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index cb3fdac1a..7e9c78b31 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -143,6 +143,7 @@ class ModuleCloaking : public Module std::string prefix; std::string suffix; std::string key; + unsigned int domainparts; dynamic_reference<HashProvider> Hash; ModuleCloaking() : cu(this), mode(MODE_OPAQUE), ck(this), Hash(this, "hash/md5") @@ -160,7 +161,7 @@ class ModuleCloaking : public Module */ std::string LastTwoDomainParts(const std::string &host) { - int dots = 0; + unsigned int dots = 0; std::string::size_type splitdot = host.length(); for (std::string::size_type x = host.length() - 1; x; --x) @@ -170,7 +171,7 @@ class ModuleCloaking : public Module splitdot = x; dots++; } - if (dots >= 3) + if (dots >= domainparts) break; } @@ -314,7 +315,15 @@ class ModuleCloaking : public Module switch (mode) { case MODE_HALF_CLOAK: - testcloak = prefix + SegmentCloak("*", 3, 8) + suffix; + // Use old cloaking verification to stay compatible with 2.0 + // But verify domainparts when use 3.0-only features + if (domainparts == 3) + testcloak = prefix + SegmentCloak("*", 3, 8) + suffix; + else + { + irc::sockets::sockaddrs sa; + testcloak = GenCloak(sa, "", testcloak + ConvToStr(domainparts)); + } break; case MODE_OPAQUE: testcloak = prefix + SegmentCloak("*", 4, 8) + suffix; @@ -331,7 +340,10 @@ class ModuleCloaking : public Module std::string modestr = tag->getString("mode"); if (modestr == "half") + { mode = MODE_HALF_CLOAK; + domainparts = tag->getInt("domainparts", 3, 1, 10); + } else if (modestr == "full") mode = MODE_OPAQUE; else diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 9272efe0e..fe1438ccf 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -30,6 +30,7 @@ enum // From IRCv3 sasl-3.1 RPL_SASLSUCCESS = 903, ERR_SASLFAIL = 904, + ERR_SASLTOOLONG = 905, ERR_SASLABORTED = 906, RPL_SASLMECHS = 908 }; @@ -142,8 +143,14 @@ enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT }; static Events::ModuleEventProvider* saslevprov; -static void SendSASL(const parameterlist& params) +static void SendSASL(LocalUser* user, const std::string& agent, char mode, const parameterlist& parameters) { + parameterlist params(parameters.size() + 3); + params.push_back(user->uuid); + params.push_back(agent); + params.push_back(ConvToStr(mode)); + params.insert(params.end(), parameters.begin(), parameters.end()); + if (!ServerInstance->PI->SendEncapsulatedData(sasl_target, "SASL", params)) { FOREACH_MOD_CUSTOM(*saslevprov, SASLEventListener, OnSASLAuth, (params)); @@ -157,84 +164,34 @@ class SaslAuthenticator { private: std::string agent; - User *user; + LocalUser* user; SaslState state; SaslResult result; bool state_announced; - /* taken from m_services_account */ - static bool ReadCGIIRCExt(const char* extname, User* user, std::string& out) - { - ExtensionItem* wiext = ServerInstance->Extensions.GetItem(extname); - if (!wiext) - return false; - - if (wiext->creator->ModuleSourceFile != "m_cgiirc.so") - return false; - - StringExtItem* stringext = static_cast<StringExtItem*>(wiext); - std::string* addr = stringext->get(user); - if (!addr) - return false; - - out = *addr; - return true; - } - - void SendHostIP() { - std::string host, ip; - - if (!ReadCGIIRCExt("cgiirc_webirc_hostname", user, host)) - { - host = user->host; - } - if (!ReadCGIIRCExt("cgiirc_webirc_ip", user, ip)) - { - ip = user->GetIPString(); - } - else - { - /* IP addresses starting with a : on irc are a Bad Thing (tm) */ - if (ip.c_str()[0] == ':') - ip.insert(ip.begin(),1,'0'); - } - parameterlist params; - params.push_back(sasl_target); - params.push_back("SASL"); - params.push_back(user->uuid); - params.push_back("*"); - params.push_back("H"); - params.push_back(host); - params.push_back(ip); - - SendSASL(params); + params.push_back(user->host); + params.push_back(user->GetIPString()); + + SendSASL(user, "*", 'H', params); } public: - SaslAuthenticator(User* user_, const std::string& method) + SaslAuthenticator(LocalUser* user_, const std::string& method) : user(user_), state(SASL_INIT), state_announced(false) { SendHostIP(); parameterlist params; - params.push_back(user->uuid); - params.push_back("*"); - params.push_back("S"); params.push_back(method); - LocalUser* localuser = IS_LOCAL(user); - if (localuser) - { - std::string fp = SSLClientCert::GetFingerprint(&localuser->eh); - - if (fp.size()) - params.push_back(fp); - } + const std::string fp = SSLClientCert::GetFingerprint(&user->eh); + if (fp.size()) + params.push_back(fp); - SendSASL(params); + SendSASL(user, "*", 'S', params); } SaslResult GetSaslResult(const std::string &result_) @@ -287,29 +244,17 @@ class SaslAuthenticator return this->state; } - void Abort(void) - { - this->state = SASL_DONE; - this->result = SASL_ABORT; - } - bool SendClientMessage(const std::vector<std::string>& parameters) { if (this->state != SASL_COMM) return true; - parameterlist params; - params.push_back(this->user->uuid); - params.push_back(this->agent); - params.push_back("C"); - - params.insert(params.end(), parameters.begin(), parameters.end()); - - SendSASL(params); + SendSASL(this->user, this->agent, 'C', parameters); if (parameters[0].c_str()[0] == '*') { - this->Abort(); + this->state = SASL_DONE; + this->result = SASL_ABORT; return false; } @@ -340,19 +285,25 @@ class SaslAuthenticator } }; -class CommandAuthenticate : public Command +class CommandAuthenticate : public SplitCommand { + private: + // The maximum length of an AUTHENTICATE request. + static const size_t MAX_AUTHENTICATE_SIZE = 400; + public: SimpleExtItem<SaslAuthenticator>& authExt; Cap::Capability& cap; CommandAuthenticate(Module* Creator, SimpleExtItem<SaslAuthenticator>& ext, Cap::Capability& Cap) - : Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap) + : SplitCommand(Creator, "AUTHENTICATE", 1) + , authExt(ext) + , cap(Cap) { works_before_reg = true; allow_empty_last_param = false; } - CmdResult Handle (const std::vector<std::string>& parameters, User *user) + CmdResult HandleLocal(const std::vector<std::string>& parameters, LocalUser* user) { { if (!cap.get(user)) @@ -361,6 +312,12 @@ class CommandAuthenticate : public Command if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':') return CMD_FAILURE; + if (parameters[0].length() > MAX_AUTHENTICATE_SIZE) + { + user->WriteNumeric(ERR_SASLTOOLONG, "SASL message too long"); + return CMD_FAILURE; + } + SaslAuthenticator *sasl = authExt.get(user); if (!sasl) authExt.set(user, new SaslAuthenticator(user, parameters[0])); @@ -444,16 +401,6 @@ class ModuleSASL : public Module servertracker.Reset(); } - void OnUserConnect(LocalUser *user) CXX11_OVERRIDE - { - SaslAuthenticator *sasl_ = authExt.get(user); - if (sasl_) - { - sasl_->Abort(); - authExt.unset(user); - } - } - void OnDecodeMetaData(Extensible* target, const std::string& extname, const std::string& extdata) CXX11_OVERRIDE { if ((target == NULL) && (extname == "saslmechlist")) |