/[cvs]/eggdrop1.8/src/dcc.c
ViewVC logotype

Diff of /eggdrop1.8/src/dcc.c

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.3 by pseudo, Tue Aug 31 18:21:47 2010 UTC revision 1.4 by pseudo, Tue Oct 19 12:13:33 2010 UTC
# Line 44  extern int egg_numver, connect_timeout, Line 44  extern int egg_numver, connect_timeout,
44             par_telnet_flood;             par_telnet_flood;
45    
46  struct dcc_t *dcc = NULL;       /* DCC list                                */  struct dcc_t *dcc = NULL;       /* DCC list                                */
47    #ifdef TLS
48    int tls_vfyclients = 0;     /* Certificate validation mode for clients    */
49    int tls_vfydcc = 0;             /* Verify DCC chat/send user certificates     */
50    int tls_auth = 0;               /* Allow certificate authentication           */
51    #endif
52  int dcc_total = 0;              /* Total dcc's                             */  int dcc_total = 0;              /* Total dcc's                             */
 char tempdir[121] = "";         /* Temporary directory  
                                  * (default: current directory)            */  
53  int require_p = 0;              /* Require 'p' access to get on the  int require_p = 0;              /* Require 'p' access to get on the
54                                   * party line?                             */                                   * party line?                             */
55  int allow_new_telnets = 0;      /* Allow people to introduce themselves  int allow_new_telnets = 0;      /* Allow people to introduce themselves
56                                   * via telnet                              */                                   * via telnet                              */
57  int stealth_telnets = 0;        /* Be paranoid? <cybah>                    */  int stealth_telnets = 0;        /* Be paranoid? <cybah>                    */
58  int use_telnet_banner = 0;      /* Display telnet banner?                  */  int use_telnet_banner = 0;      /* Display telnet banner?                  */
 char network[41] = "unknown-net";       /* Name of the IRC network you're on  */  
59  int password_timeout = 180;     /* Time to wait for a password from a user */  int password_timeout = 180;     /* Time to wait for a password from a user */
60  int bot_timeout = 60;           /* Bot timeout value                       */  int bot_timeout = 60;           /* Bot timeout value                       */
61  int identtimeout = 5;           /* Timeout value for ident lookups         */  int identtimeout = 5;           /* Timeout value for ident lookups         */
# Line 62  int protect_telnet = 1;         /* Even Line 64  int protect_telnet = 1;         /* Even
64  int flood_telnet_thr = 5;       /* Number of telnet connections to be  int flood_telnet_thr = 5;       /* Number of telnet connections to be
65                                   * considered a flood                      */                                   * considered a flood                      */
66  int flood_telnet_time = 60;     /* In how many seconds?                    */  int flood_telnet_time = 60;     /* In how many seconds?                    */
67    char tempdir[121] = "";         /* Temporary directory (default: current dir) */
68    char network[41] = "unknown-net";      /* Name of the IRC network you're on   */
69  char bannerfile[121] = "text/banner";   /* File displayed on telnet login */  char bannerfile[121] = "text/banner";   /* File displayed on telnet login */
70    
71  static void dcc_telnet_hostresolved(int);  static void dcc_telnet_hostresolved(int);
# Line 245  static void bot_version(int idx, char *p Line 249  static void bot_version(int idx, char *p
249    egg_snprintf(x, sizeof x, "v %d", dcc[idx].u.bot->numver);    egg_snprintf(x, sizeof x, "v %d", dcc[idx].u.bot->numver);
250    bot_share(idx, x);    bot_share(idx, x);
251    dprintf(idx, "el\n");    dprintf(idx, "el\n");
252    #ifdef TLS
253      /* Ask the peer to switch to ssl communication. We'll continue
254       * using plain text, until it replies with stls itself. Bots which don't
255       * support it will simply ignore the request and everything goes on as usual.
256       */
257      if (dcc[idx].status & STAT_STARTTLS) {
258        dprintf(idx, "starttls\n");
259        putlog(LOG_BOTS, "*", "Sent STARTTLS to %s...", dcc[idx].nick);
260      }
261    #endif
262    
263  }  }
264    
265  void failed_link(int idx)  void failed_link(int idx)
# Line 311  static void cont_link(int idx, char *buf Line 326  static void cont_link(int idx, char *buf
326        }        }
327      }      }
328    }    }
329      /* Indicate that we'd like to switch to tls later */
330    #ifdef TLS
331      if (!dcc[idx].ssl)
332        dcc[idx].status |= STAT_STARTTLS;
333    #endif
334    dcc[idx].type = &DCC_BOT_NEW;    dcc[idx].type = &DCC_BOT_NEW;
335    dcc[idx].u.bot->numver = 0;    dcc[idx].u.bot->numver = 0;
336    
# Line 436  static void dcc_bot(int idx, char *code, Line 456  static void dcc_bot(int idx, char *code,
456    int f;    int f;
457    
458    if (raw_log) {    if (raw_log) {
459      if (code[0] == 's')      if (!strcmp(code, "s"))
460        putlog(LOG_BOTSHARE, "*", "{%s} %s", dcc[idx].nick, code + 2);        putlog(LOG_BOTSHARE, "*", "{%s} %s", dcc[idx].nick, code + 2);
461      else      else
462        putlog(LOG_BOTNET, "*", "[%s] %s", dcc[idx].nick, code);        putlog(LOG_BOTNET, "*", "[%s] %s", dcc[idx].nick, code);
# Line 597  static void dcc_chat_pass(int idx, char Line 617  static void dcc_chat_pass(int idx, char
617      }      }
618    }    }
619    
620    #ifdef TLS
621      /* Skip checking the password if the user is already identified by
622       * fingerprint.
623       */
624      if (dcc[idx].status & STAT_FPRINT || u_pass_match(dcc[idx].user, buf)) {
625    #else
626    if (u_pass_match(dcc[idx].user, buf)) {    if (u_pass_match(dcc[idx].user, buf)) {
627    #endif
628      if (atr & USER_BOT) {      if (atr & USER_BOT) {
629        nfree(dcc[idx].u.chat);        nfree(dcc[idx].u.chat);
630        dcc[idx].type = &DCC_BOT_NEW;        dcc[idx].type = &DCC_BOT_NEW;
# Line 1158  static void dcc_telnet(int idx, char *bu Line 1185  static void dcc_telnet(int idx, char *bu
1185    dcc[i].u.dns->ip = &dcc[i].sockname;    dcc[i].u.dns->ip = &dcc[i].sockname;
1186    dcc[i].sock = sock;    dcc[i].sock = sock;
1187    dcc[i].port = port;    dcc[i].port = port;
1188    #ifdef TLS
1189      if (dcc[idx].ssl && ssl_handshake(sock, TLS_LISTEN, tls_vfyclients,
1190          LOG_MISC, NULL, NULL)) {
1191        killsock(sock);
1192        lostdcc(i);
1193        return;
1194      }
1195      dcc[i].ssl = dcc[idx].ssl;
1196    #endif
1197    dcc[i].timeval = now;    dcc[i].timeval = now;
1198    strcpy(dcc[i].nick, "*");    strcpy(dcc[i].nick, "*");
1199    dcc[i].u.dns->dns_success = dcc_telnet_hostresolved;    dcc[i].u.dns->dns_success = dcc_telnet_hostresolved;
# Line 1381  static void dcc_telnet_id(int idx, char Line 1417  static void dcc_telnet_id(int idx, char
1417    }    }
1418    dcc[idx].user = get_user_by_handle(userlist, buf);    dcc[idx].user = get_user_by_handle(userlist, buf);
1419    get_user_flagrec(dcc[idx].user, &fr, NULL);    get_user_flagrec(dcc[idx].user, &fr, NULL);
1420    #ifdef TLS
1421      if (dcc[idx].ssl && (tls_auth == 2)) {
1422        char *uid = ssl_getuid(dcc[idx].sock);
1423    
1424        if (!uid || strcasecmp(uid, buf)) {
1425          if (glob_bot(fr))
1426            dprintf(idx, "error Certificate UID doesn't match handle\n");
1427          else
1428            dprintf(idx, "Your certificate UID doesn't match your handle.\n");
1429          killsock(dcc[idx].sock);
1430          lostdcc(idx);
1431          return;
1432        }
1433      }
1434    #endif
1435    /* Make sure users-only/bots-only connects are honored */    /* Make sure users-only/bots-only connects are honored */
1436    if ((dcc[idx].status & STAT_BOTONLY) && !glob_bot(fr)) {    if ((dcc[idx].status & STAT_BOTONLY) && !glob_bot(fr)) {
1437      dprintf(idx, "This telnet port is for bots only.\n");      dprintf(idx, "This telnet port is for bots only.\n");
# Line 1443  static void dcc_telnet_id(int idx, char Line 1494  static void dcc_telnet_id(int idx, char
1494    dcc_telnet_pass(idx, atr);    dcc_telnet_pass(idx, atr);
1495  }  }
1496    
1497    #ifdef TLS
1498    int dcc_fingerprint(idx)
1499    {
1500      char *cf, *uf;
1501      struct flag_record fr = { FR_GLOBAL | FR_CHAN | FR_ANYWH, 0, 0, 0, 0, 0 };
1502      
1503      get_user_flagrec(dcc[idx].user, &fr, NULL);
1504      /* Check if fingerprint authentication is allowed or required. */
1505      if (dcc[idx].ssl && tls_auth) {
1506        /* Get the fingerprint of the current certificate */
1507        cf = ssl_getfp(dcc[idx].sock);
1508        /* Get the fingerprint of the user, if set */
1509        uf = get_user(&USERENTRY_FPRINT, dcc[idx].user);
1510        if (cf && uf && !strcasecmp(cf, uf)) {
1511          if (!glob_bot(fr))
1512            dprintf(idx, "Used your fingerprint for automatic authentication.\n");
1513          dcc[idx].status |= STAT_FPRINT;
1514          dcc_chat_pass(idx, "+", 1);
1515        /* Required? */
1516        } else if (tls_auth == 2) {
1517          if (glob_bot(fr))
1518            dprintf(idx, "error fingerprint required\n");
1519          else
1520            dprintf(idx, "Certificate authentication required. "
1521                    "You need to set your fingerprint.\n");
1522          killsock(dcc[idx].sock);
1523          lostdcc(idx);
1524        }
1525        return 0;
1526      }
1527      return 1;
1528    }
1529    #endif
1530    
1531  static void dcc_telnet_pass(int idx, int atr)  static void dcc_telnet_pass(int idx, int atr)
1532  {  {
1533    int ok = 0;    int ok = 0;
1534    struct flag_record fr = { FR_GLOBAL | FR_CHAN | FR_ANYWH, 0, 0, 0, 0, 0 };    struct flag_record fr = { FR_GLOBAL | FR_CHAN | FR_ANYWH, 0, 0, 0, 0, 0 };
1535    
1536    get_user_flagrec(dcc[idx].user, &fr, NULL);    get_user_flagrec(dcc[idx].user, &fr, NULL);
1537    #ifdef TLS
1538      /* Check if fingerprint authentication is allowed or required. */
1539      if (dcc[idx].ssl && tls_auth) {
1540        char *cf, *uf;
1541        
1542        /* Get the fingerprint of the current certificate */
1543        cf = ssl_getfp(dcc[idx].sock);
1544        /* Get the fingerprint of the user, if set */
1545        uf = get_user(&USERENTRY_FPRINT, dcc[idx].user);
1546        if (cf && uf && !strcasecmp(cf, uf)) {
1547          if (!glob_bot(fr))
1548            dprintf(idx, "Used your fingerprint for automatic authentication.\n");
1549          dcc[idx].status |= STAT_FPRINT;
1550          dcc_chat_pass(idx, "+", 1);
1551          return;
1552        /* Required? */
1553        } else if (tls_auth == 2) {
1554          if (glob_bot(fr))
1555            dprintf(idx, "error fingerprint required\n");
1556          else
1557            dprintf(idx, "Certificate authentication required. "
1558                    "You need to set your fingerprint.\n");
1559          killsock(dcc[idx].sock);
1560          lostdcc(idx);
1561          return;
1562        }
1563      }
1564    #endif
1565    /* No password set? */    /* No password set? */
1566    if (u_pass_match(dcc[idx].user, "-")) {    if (u_pass_match(dcc[idx].user, "-")) {
1567      if (glob_bot(fr)) {      if (glob_bot(fr)) {
# Line 2090  static void dcc_telnet_got_ident(int i, Line 2203  static void dcc_telnet_got_ident(int i,
2203      lostdcc(i);      lostdcc(i);
2204      return;      return;
2205    }    }
2206    
2207    /* Script? */    /* Script? */
2208    if (!strcmp(dcc[idx].nick, "(script)")) {    if (!strcmp(dcc[idx].nick, "(script)")) {
2209      dcc[i].type = &DCC_SOCKET;      dcc[i].type = &DCC_SOCKET;

Legend:
Removed from v.1.3  
changed lines
  Added in v.1.4

webmaster@eggheads.org
ViewVC Help
Powered by ViewVC 1.1.23