From 74fafb7f11b06747f69f182ad5e3769b665eea7a Mon Sep 17 00:00:00 2001 From: Adam Date: Fri, 2 Sep 2016 22:57:03 -0400 Subject: m_sasl: don't allow AUTHENTICATE with mechanisms with a space --- src/modules/m_sasl.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 9cb5592d1..16a15357f 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -189,6 +189,7 @@ class CommandAuthenticate : public Command : Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap) { works_before_reg = true; + allow_empty_last_param = false; } CmdResult Handle (const std::vector& parameters, User *user) @@ -199,6 +200,9 @@ class CommandAuthenticate : public Command if (!cap.ext.get(user)) return CMD_FAILURE; + if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':') + return CMD_FAILURE; + SaslAuthenticator *sasl = authExt.get(user); if (!sasl) authExt.set(user, new SaslAuthenticator(user, parameters[0])); -- cgit v1.2.3 From ef23e4c07320fbbbf9d142878aae05a3e87eff0f Mon Sep 17 00:00:00 2001 From: Adam Date: Sat, 3 Sep 2016 10:51:50 -0400 Subject: Release v2.0.23 --- src/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/version.sh b/src/version.sh index 5e2b31314..74a583759 100755 --- a/src/version.sh +++ b/src/version.sh @@ -1,2 +1,2 @@ #!/bin/sh -echo "InspIRCd-2.0.22" +echo "InspIRCd-2.0.23" -- cgit v1.2.3 From 27b5df44ec546f9b9f3b2783a7505c920f101aad Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 5 Sep 2016 22:26:33 -0400 Subject: m_sasl: really abort sasl session on register --- src/modules/m_sasl.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 16a15357f..649c21809 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -268,7 +268,7 @@ class ModuleSASL : public Module void init() { OnRehash(NULL); - Implementation eventlist[] = { I_OnEvent, I_OnUserRegister, I_OnRehash }; + Implementation eventlist[] = { I_OnEvent, I_OnUserConnect, I_OnRehash }; ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); ServiceProvider* providelist[] = { &auth, &sasl, &authExt }; @@ -283,7 +283,7 @@ class ModuleSASL : public Module sasl_target = ServerInstance->Config->ConfValue("sasl")->getString("target", "*"); } - ModResult OnUserRegister(LocalUser *user) + void OnUserConnect(LocalUser *user) { SaslAuthenticator *sasl_ = authExt.get(user); if (sasl_) @@ -291,8 +291,6 @@ class ModuleSASL : public Module sasl_->Abort(); authExt.unset(user); } - - return MOD_RES_PASSTHRU; } Version GetVersion() -- cgit v1.2.3 From d3b82b2f7f75f56c318830ad0cc0c6e3d3b4a7c6 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Sun, 25 Sep 2016 21:41:05 +0100 Subject: Invalidate the caches properly when User::SetClientIP is called. --- src/users.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/users.cpp b/src/users.cpp index 418f2c9aa..685ef9743 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -837,6 +837,7 @@ void LocalUser::FullConnect() void User::InvalidateCache() { /* Invalidate cache */ + cachedip.clear(); cached_fullhost.clear(); cached_hostip.clear(); cached_makehost.clear(); @@ -1001,8 +1002,7 @@ irc::sockets::cidr_mask User::GetCIDRMask() bool User::SetClientIP(const char* sip, bool recheck_eline) { - cachedip.clear(); - cached_hostip.clear(); + this->InvalidateCache(); return irc::sockets::aptosa(sip, 0, client_sa); } -- cgit v1.2.3 From 9172e9dea822a04fbaf26b420c160558730dce15 Mon Sep 17 00:00:00 2001 From: Anatole Denis Date: Sun, 9 Oct 2016 18:19:23 +0200 Subject: m_httpd_stats: Also sanitize other server gecos --- src/modules/m_httpd_stats.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/modules/m_httpd_stats.cpp b/src/modules/m_httpd_stats.cpp index 2fc7ca7de..e17bf514f 100644 --- a/src/modules/m_httpd_stats.cpp +++ b/src/modules/m_httpd_stats.cpp @@ -213,7 +213,7 @@ class ModuleHttpStats : public Module data << ""; data << "" << b->servername << ""; data << "" << b->parentname << ""; - data << "" << b->gecos << ""; + data << "" << Sanitize(b->gecos) << ""; data << "" << b->usercount << ""; // This is currently not implemented, so, commented out. // data << "" << b->opercount << ""; -- cgit v1.2.3 From 0c78ad71d32e4062827f2ebac927bdbf43c091ba Mon Sep 17 00:00:00 2001 From: Adam Date: Sat, 12 Nov 2016 18:55:26 -0500 Subject: m_cloaking: fix host/ip comparisons #1249 --- src/modules/m_cloaking.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index 105d68833..1bf99f919 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -493,11 +493,14 @@ class ModuleCloaking : public Module { std::string chost; + irc::sockets::sockaddrs hostip; + bool host_is_ip = irc::sockets::aptosa(host, ip.port(), hostip) && hostip == ip; + switch (mode) { case MODE_COMPAT_HOST: { - if (ipstr != host) + if (!host_is_ip) { std::string tail = LastTwoDomainParts(host); @@ -520,7 +523,7 @@ class ModuleCloaking : public Module break; case MODE_HALF_CLOAK: { - if (ipstr != host) + if (!host_is_ip) chost = prefix + SegmentCloak(host, 1, 6) + LastTwoDomainParts(host); if (chost.empty() || chost.length() > 50) chost = SegmentIP(ip, false); -- cgit v1.2.3 From 7ddef68f44ecb01f891e55a680078f7857fb866f Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 21 Nov 2016 20:56:39 -0500 Subject: socketengine_epoll: use getrlimit not ulimit --- src/socketengines/socketengine_epoll.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/socketengines/socketengine_epoll.cpp b/src/socketengines/socketengine_epoll.cpp index f2837777a..d5f017347 100644 --- a/src/socketengines/socketengine_epoll.cpp +++ b/src/socketengines/socketengine_epoll.cpp @@ -25,7 +25,7 @@ #include "exitcodes.h" #include "socketengine.h" #include -#include +#include #include #define EP_DELAY 5 @@ -55,10 +55,11 @@ public: EPollEngine::EPollEngine() { CurrentSetSize = 0; - int max = ulimit(4, 0); - if (max > 0) + + struct rlimit limit; + if (!getrlimit(RLIMIT_NOFILE, &limit)) { - MAX_DESCRIPTORS = max; + MAX_DESCRIPTORS = limit.rlim_cur; } else { -- cgit v1.2.3 From c165759fbe0dc1c1632cd5369dd1550f28f45a3b Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 5 Dec 2016 11:37:08 +0100 Subject: Fix users receiving a QUIT with themselves as source when host cycling in certain cases The OnBuildNeighborList handler in m_auditorium can add the cycling user to the exceptions as an always send exception. To fix, remove the user from the exceptions before processing them. Reported by @genius3000 on IRC --- src/users.cpp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/users.cpp b/src/users.cpp index 418f2c9aa..af0e15f65 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -1398,6 +1398,8 @@ void User::DoHostCycle(const std::string &quitline) FOREACH_MOD(I_OnBuildNeighborList,OnBuildNeighborList(this, include_c, exceptions)); + // Users shouldn't see themselves quitting when host cycling + exceptions.erase(this); for (std::map::iterator i = exceptions.begin(); i != exceptions.end(); ++i) { LocalUser* u = IS_LOCAL(i->first); -- cgit v1.2.3 From d494c188245e1c80c9556a6a7efafd6fe8f4f6de Mon Sep 17 00:00:00 2001 From: genius3000 Date: Mon, 21 Nov 2016 11:44:18 -0700 Subject: Fix SpanningTreeProtocolInterface::SendChannelPrivmsg() and SendChannelNotice() sending statusmsgs to whole channel --- src/modules/m_spanningtree/protocolinterface.cpp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/modules/m_spanningtree/protocolinterface.cpp b/src/modules/m_spanningtree/protocolinterface.cpp index 3ab5dae9d..ca4147fea 100644 --- a/src/modules/m_spanningtree/protocolinterface.cpp +++ b/src/modules/m_spanningtree/protocolinterface.cpp @@ -137,9 +137,6 @@ void SpanningTreeProtocolInterface::PushToClient(User* target, const std::string void SpanningTreeProtocolInterface::SendChannel(Channel* target, char status, const std::string &text) { - std::string cname = target->name; - if (status) - cname = status + cname; TreeServerList list; CUList exempt_list; Utils->GetListOfServersForChannel(target,list,status,exempt_list); @@ -154,12 +151,20 @@ void SpanningTreeProtocolInterface::SendChannel(Channel* target, char status, co void SpanningTreeProtocolInterface::SendChannelPrivmsg(Channel* target, char status, const std::string &text) { - SendChannel(target, status, ":" + ServerInstance->Config->GetSID()+" PRIVMSG "+target->name+" :"+text); + std::string cname = target->name; + if (status) + cname.insert(0, 1, status); + + SendChannel(target, status, ":" + ServerInstance->Config->GetSID()+" PRIVMSG "+cname+" :"+text); } void SpanningTreeProtocolInterface::SendChannelNotice(Channel* target, char status, const std::string &text) { - SendChannel(target, status, ":" + ServerInstance->Config->GetSID()+" NOTICE "+target->name+" :"+text); + std::string cname = target->name; + if (status) + cname.insert(0, 1, status); + + SendChannel(target, status, ":" + ServerInstance->Config->GetSID()+" NOTICE "+cname+" :"+text); } void SpanningTreeProtocolInterface::SendUserPrivmsg(User* target, const std::string &text) -- cgit v1.2.3 From 60f150653a066cda7f52e9478b0646628facbefa Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Sat, 10 Dec 2016 22:25:43 +0100 Subject: fix channel rank issue --- src/modules/m_override.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/modules/m_override.cpp b/src/modules/m_override.cpp index 3e42c4f79..2c2d6a3a2 100644 --- a/src/modules/m_override.cpp +++ b/src/modules/m_override.cpp @@ -101,7 +101,8 @@ class ModuleOverride : public Module if (IS_OPER(source) && CanOverride(source,"KICK")) { // If the kicker's status is less than the target's, or the kicker's status is less than or equal to voice - if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE)) + if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE) || + (memb->chan->GetPrefixValue(source) == HALFOP_VALUE) && (memb->getRank() == HALFOP_VALUE)) { ServerInstance->SNO->WriteGlobalSno('v',source->nick+" used oper override to kick "+memb->user->nick+" on "+memb->chan->name+" ("+reason+")"); return MOD_RES_ALLOW; -- cgit v1.2.3 From d0cd749a70646f2c2bbd616a9934fada22ad1ffd Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 19 Dec 2016 19:13:24 -0500 Subject: m_sasl: send host/ip info --- src/modules/m_sasl.cpp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'src') diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 649c21809..db96f9dfa 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -51,10 +51,26 @@ class SaslAuthenticator SaslResult result; bool state_announced; + void SendHostIP() + { + parameterlist params; + params.push_back(sasl_target); + params.push_back("SASL"); + params.push_back(user->uuid); + params.push_back("*"); + params.push_back("H"); + params.push_back(user->host); + params.push_back(user->GetIPString()); + + SendSASL(params); + } + public: SaslAuthenticator(User* user_, const std::string& method) : user(user_), state(SASL_INIT), state_announced(false) { + SendHostIP(); + parameterlist params; params.push_back(sasl_target); params.push_back("SASL"); -- cgit v1.2.3 From 0904978757187d40a7fd5a098887890d0b002700 Mon Sep 17 00:00:00 2001 From: Adam Date: Sun, 8 Jan 2017 14:18:24 -0500 Subject: m_dnsbl: check returned results are in 127.0.0.0/8 --- src/modules/m_dnsbl.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp index d4101686a..3dea080ce 100644 --- a/src/modules/m_dnsbl.cpp +++ b/src/modules/m_dnsbl.cpp @@ -70,8 +70,8 @@ class DNSBLResolver : public Resolver int i = countExt.get(them); if (i) countExt.set(them, i - 1); - // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d - if(result.length()) + // All replies should be in 127.0.0.0/8 + if (result.compare(0, 4, "127.") == 0) { unsigned int bitmask = 0, record = 0; bool match = false; @@ -82,6 +82,7 @@ class DNSBLResolver : public Resolver switch (ConfEntry->type) { case DNSBLConfEntry::A_BITMASK: + // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d bitmask = resultip.s_addr >> 24; /* Last octet (network byte order) */ bitmask &= ConfEntry->bitmask; match = (bitmask != 0); @@ -196,7 +197,11 @@ class DNSBLResolver : public Resolver ConfEntry->stats_misses++; } else + { + if (!result.empty()) + ServerInstance->SNO->WriteGlobalSno('a', "DNSBL: %s returned address outside of acceptable subnet 127.0.0.0/8: %s", ConfEntry->domain.c_str(), result.c_str()); ConfEntry->stats_misses++; + } } } -- cgit v1.2.3 From fc46f1790f17414536c4a0f4c8417079317ae5db Mon Sep 17 00:00:00 2001 From: Adam Date: Sun, 26 Feb 2017 16:59:16 -0500 Subject: m_sasl: use host/ip from m_cgiirc if applicable --- src/modules/m_sasl.cpp | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index db96f9dfa..5afab9502 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -51,16 +51,53 @@ class SaslAuthenticator SaslResult result; bool state_announced; + /* taken from m_services_account */ + static bool ReadCGIIRCExt(const char* extname, User* user, std::string& out) + { + ExtensionItem* wiext = ServerInstance->Extensions.GetItem(extname); + if (!wiext) + return false; + + if (wiext->creator->ModuleSourceFile != "m_cgiirc.so") + return false; + + StringExtItem* stringext = static_cast(wiext); + std::string* addr = stringext->get(user); + if (!addr) + return false; + + out = *addr; + return true; + } + + void SendHostIP() { + std::string host, ip; + + if (!ReadCGIIRCExt("cgiirc_webirc_hostname", user, host)) + { + host = user->host; + } + if (!ReadCGIIRCExt("cgiirc_webirc_ip", user, ip)) + { + ip = user->GetIPString(); + } + else + { + /* IP addresses starting with a : on irc are a Bad Thing (tm) */ + if (ip.c_str()[0] == ':') + ip.insert(ip.begin(),1,'0'); + } + parameterlist params; params.push_back(sasl_target); params.push_back("SASL"); params.push_back(user->uuid); params.push_back("*"); params.push_back("H"); - params.push_back(user->host); - params.push_back(user->GetIPString()); + params.push_back(host); + params.push_back(ip); SendSASL(params); } -- cgit v1.2.3 From 032077534232a4fa97736595bdfcfe3c8b9beb58 Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 20 Mar 2017 07:59:48 -0400 Subject: cmd_who: don't show +p channels or channels hidden with m_hidechans Fixes #1276 --- src/commands/cmd_who.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/commands/cmd_who.cpp b/src/commands/cmd_who.cpp index 90c26a974..8438f8cdd 100644 --- a/src/commands/cmd_who.cpp +++ b/src/commands/cmd_who.cpp @@ -58,13 +58,15 @@ class CommandWho : public Command }; -static Channel* get_first_visible_channel(User *u) +static Channel* get_first_visible_channel(User *source, User *u) { UCListIter i = u->chans.begin(); while (i != u->chans.end()) { Channel* c = *i++; - if (!c->IsModeSet('s')) + + /* XXX move the +I check into m_hidechans */ + if (source == u || !(c->IsModeSet('s') || c->IsModeSet('p') || u->IsModeSet('I')) || c->HasUser(source)) return c; } return NULL; @@ -189,7 +191,7 @@ bool CommandWho::CanView(Channel* chan, User* user) void CommandWho::SendWhoLine(User* user, const std::vector& parms, const std::string &initial, Channel* ch, User* u, std::vector &whoresults) { if (!ch) - ch = get_first_visible_channel(u); + ch = get_first_visible_channel(user, u); std::string wholine = initial + (ch ? ch->name : "*") + " " + u->ident + " " + (opt_showrealhost ? u->host : u->dhost) + " "; -- cgit v1.2.3 From 3f1eb79c7fa82737fda9c9a712724ba2f27651e9 Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 20 Mar 2017 09:35:13 -0400 Subject: m_ldapauth: fix providing username in PASS This has never worked because it never prepended attribute= to the search string. It also would prefer matching nick/ident over the user string provided which is inconsistent, since your ability to authenticate using PASS would depend on a ldap entry not existing with your current nick/ident. Instead, use username provided in PASS and then fallback to nick/ident. --- src/modules/extra/m_ldapauth.cpp | 47 +++++++++++++++------------------------- 1 file changed, 18 insertions(+), 29 deletions(-) (limited to 'src') diff --git a/src/modules/extra/m_ldapauth.cpp b/src/modules/extra/m_ldapauth.cpp index 6c765fb2e..405bab082 100644 --- a/src/modules/extra/m_ldapauth.cpp +++ b/src/modules/extra/m_ldapauth.cpp @@ -310,36 +310,25 @@ public: } RAIILDAPMessage msg; - std::string what = (attribute + "=" + (useusername ? user->ident : user->nick)); - if ((res = ldap_search_ext_s(conn, base.c_str(), searchscope, what.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg)) != LDAP_SUCCESS) + std::string what; + std::string::size_type pos = user->password.find(':'); + // If a username is provided in PASS, use it, othewrise user their nick or ident + if (pos != std::string::npos) { - // Do a second search, based on password, if it contains a : - // That is, PASS : will work. - size_t pos = user->password.find(":"); - if (pos != std::string::npos) - { - // manpage says we must deallocate regardless of success or failure - // since we're about to do another query (and reset msg), first - // free the old one. - msg.dealloc(); - - std::string cutpassword = user->password.substr(0, pos); - res = ldap_search_ext_s(conn, base.c_str(), searchscope, cutpassword.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg); - - if (res == LDAP_SUCCESS) - { - // Trim the user: prefix, leaving just 'pass' for later password check - user->password = user->password.substr(pos + 1); - } - } + what = (attribute + "=" + user->password.substr(0, pos)); - // It may have found based on user:pass check above. - if (res != LDAP_SUCCESS) - { - if (verbose) - ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (LDAP search failed: %s)", user->GetFullRealHost().c_str(), ldap_err2string(res)); - return false; - } + // Trim the user: prefix, leaving just 'pass' for later password check + user->password = user->password.substr(pos + 1); + } + else + { + what = (attribute + "=" + (useusername ? user->ident : user->nick)); + } + if ((res = ldap_search_ext_s(conn, base.c_str(), searchscope, what.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg)) != LDAP_SUCCESS) + { + if (verbose) + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (LDAP search failed: %s)", user->GetFullRealHost().c_str(), ldap_err2string(res)); + return false; } if (ldap_count_entries(conn, msg) > 1) { @@ -404,7 +393,7 @@ public: std::string dnPart; while (stream.GetToken(dnPart)) { - std::string::size_type pos = dnPart.find('='); + pos = dnPart.find('='); if (pos == std::string::npos) // malformed continue; -- cgit v1.2.3 From 5c6143a56378cdd7f4e342fa815a038f4c2fa6af Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Fri, 14 Apr 2017 15:40:24 +0100 Subject: Warn when a user configures a permanent channel without +P. --- src/modules/m_permchannels.cpp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src') diff --git a/src/modules/m_permchannels.cpp b/src/modules/m_permchannels.cpp index e86b3cbf6..74a798356 100644 --- a/src/modules/m_permchannels.cpp +++ b/src/modules/m_permchannels.cpp @@ -298,6 +298,12 @@ public: ServerInstance->Logs->Log("m_permchannels", DEBUG, "Added %s with topic %s", channel.c_str(), topic.c_str()); + if (modes.find('P') == std::string::npos) + { + ServerInstance->Logs->Log("m_permchannels", DEFAULT, "%s (%s) does not have +P set in ; it will be deleted when empty!", + c->name.c_str(), tag->getTagLocation().c_str()); + } + if (modes.empty()) continue; -- cgit v1.2.3 From 78b691e113e7e48fca0eb918591a17437fa0b96d Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Thu, 27 Apr 2017 02:52:51 +0100 Subject: Fix WEBIRC not rejecting invalid IP addresses. --- src/modules/m_cgiirc.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src') diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index cce2e7855..d26c0bca1 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -73,6 +73,7 @@ class CommandWebirc : public Command realhost("cgiirc_realhost", Creator), realip("cgiirc_realip", Creator), webirc_hostname("cgiirc_webirc_hostname", Creator), webirc_ip("cgiirc_webirc_ip", Creator) { + allow_empty_last_param = false; works_before_reg = true; this->syntax = "password client hostname ip"; } @@ -81,6 +82,13 @@ class CommandWebirc : public Command if(user->registered == REG_ALL) return CMD_FAILURE; + irc::sockets::sockaddrs ipaddr; + if (!irc::sockets::aptosa(parameters[3], 0, ipaddr)) + { + ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s tried to use WEBIRC but gave an invalid IP address.", user->GetFullRealHost().c_str()); + return CMD_FAILURE; + } + for(CGIHostlist::iterator iter = Hosts.begin(); iter != Hosts.end(); iter++) { if(InspIRCd::Match(user->host, iter->hostmask, ascii_case_insensitive_map) || InspIRCd::MatchCIDR(user->GetIPString(), iter->hostmask, ascii_case_insensitive_map)) -- cgit v1.2.3 From fefb6235cd8398408f92f93b9009718b6bed4cd7 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Thu, 27 Apr 2017 02:56:59 +0100 Subject: Penalise clients that use WEBIRC incorrectly. --- src/modules/m_cgiirc.cpp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index d26c0bca1..09f6a4659 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -85,6 +85,7 @@ class CommandWebirc : public Command irc::sockets::sockaddrs ipaddr; if (!irc::sockets::aptosa(parameters[3], 0, ipaddr)) { + IS_LOCAL(user)->CommandFloodPenalty += 5000; ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s tried to use WEBIRC but gave an invalid IP address.", user->GetFullRealHost().c_str()); return CMD_FAILURE; } @@ -116,6 +117,7 @@ class CommandWebirc : public Command } } + IS_LOCAL(user)->CommandFloodPenalty += 5000; ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s tried to use WEBIRC, but didn't match any configured webirc blocks.", user->GetFullRealHost().c_str()); return CMD_FAILURE; } -- cgit v1.2.3 From 0c66cc2c71ea9f2f5c926d8aeb2a8eb8e94c1c10 Mon Sep 17 00:00:00 2001 From: Adam Date: Thu, 11 May 2017 08:47:46 -0400 Subject: m_sakick: remove unused "Unable to kick" notice This has never worked due to the channel lookup using the user's nick --- src/modules/m_sakick.cpp | 8 -------- 1 file changed, 8 deletions(-) (limited to 'src') diff --git a/src/modules/m_sakick.cpp b/src/modules/m_sakick.cpp index 7dfcd8904..afca49e25 100644 --- a/src/modules/m_sakick.cpp +++ b/src/modules/m_sakick.cpp @@ -63,14 +63,6 @@ class CommandSakick : public Command if (IS_LOCAL(dest)) { channel->KickUser(ServerInstance->FakeClient, dest, reason); - - Channel *n = ServerInstance->FindChan(parameters[1]); - if (n && n->HasUser(dest)) - { - /* Sort-of-bug: If the command was issued remotely, this message won't be sent */ - user->WriteServ("NOTICE %s :*** Unable to kick %s from %s", user->nick.c_str(), dest->nick.c_str(), parameters[0].c_str()); - return CMD_FAILURE; - } } if (IS_LOCAL(user)) -- cgit v1.2.3 From 692865acd58c9a475db1fdf4d419188325cd2182 Mon Sep 17 00:00:00 2001 From: Adam Date: Wed, 7 Sep 2016 16:08:28 -0400 Subject: m_cloaking: don't apply cloak to already cloaked users during registration This can happen if services set a vhost during registration (like with SASL) --- src/modules/m_cloaking.cpp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index 1bf99f919..f4cfdb54f 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -96,6 +96,10 @@ class CloakUser : public ModeHandler if (adding) { + // assume this is more correct + if (user->registered != REG_ALL && user->host != user->dhost) + return MODEACTION_DENY; + std::string* cloak = ext.get(user); if (!cloak) -- cgit v1.2.3 From a92b6b7af463135ed5f84f0ed640b9416db684ef Mon Sep 17 00:00:00 2001 From: Adam Date: Wed, 17 May 2017 20:10:51 -0400 Subject: m_override: fix parentheses compiler warning --- src/modules/m_override.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/modules/m_override.cpp b/src/modules/m_override.cpp index 2c2d6a3a2..3266d3eb0 100644 --- a/src/modules/m_override.cpp +++ b/src/modules/m_override.cpp @@ -102,7 +102,7 @@ class ModuleOverride : public Module { // If the kicker's status is less than the target's, or the kicker's status is less than or equal to voice if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE) || - (memb->chan->GetPrefixValue(source) == HALFOP_VALUE) && (memb->getRank() == HALFOP_VALUE)) + (memb->chan->GetPrefixValue(source) == HALFOP_VALUE && memb->getRank() == HALFOP_VALUE)) { ServerInstance->SNO->WriteGlobalSno('v',source->nick+" used oper override to kick "+memb->user->nick+" on "+memb->chan->name+" ("+reason+")"); return MOD_RES_ALLOW; -- cgit v1.2.3 From b7facc2474ff5fb229c66ed130ed67207620f55d Mon Sep 17 00:00:00 2001 From: Adam Date: Thu, 18 May 2017 08:35:22 -0400 Subject: Release v2.0.24 --- src/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/version.sh b/src/version.sh index 74a583759..2025a4810 100755 --- a/src/version.sh +++ b/src/version.sh @@ -1,2 +1,2 @@ #!/bin/sh -echo "InspIRCd-2.0.23" +echo "InspIRCd-2.0.24" -- cgit v1.2.3