inspircd

A modular C++ IRC daemon (ircd). https://www.inspircd.org/
Log | Files | Refs | README

commit 27e261780809073b5c776e535f8d2402c0df2ec7
parent a7fc2fe0dc845ffba1f4575e694aa1bb7f60756b
Author: Peter Powell <petpow@saberuk.com>
Date:   Fri, 15 Feb 2019 12:35:51 +0000

Move the close and jumpserver modules to inspircd-extras.

- The close module is borderline useless.
- The jumpserver numeric is supported by barely any clients and
  has various security problems.

Diffstat:
Mdocs/conf/helpop.conf.example | 45++++++++++-----------------------------------
Mdocs/conf/modules.conf.example | 14--------------
Mdocs/conf/opers.conf.example | 4++--
Dsrc/modules/m_close.cpp | 83-------------------------------------------------------------------------------
Dsrc/modules/m_jumpserver.cpp | 198-------------------------------------------------------------------------------
5 files changed, 12 insertions(+), 332 deletions(-)

diff --git a/docs/conf/helpop.conf.example b/docs/conf/helpop.conf.example @@ -407,16 +407,16 @@ Sets your name to the specified name."> ------------- ALLTIME CBAN CHECK CHGHOST CHGIDENT -CHGNAME CLEARCHAN CLOAK CLONES CLOSE -CONNECT DIE ELINE FILTER GLINE -GLOADMODULE GLOBOPS GRELOADMODULE GUNLOADMODULE JUMPSERVER -KILL KLINE LOADMODULE LOCKSERV MODENOTICE -NICKLOCK NICKUNLOCK OJOIN OPERMOTD QLINE -RCONNECT REHASH RELOADMODULE RESTART RLINE -RSQUIT SAJOIN SAKICK SAMODE SANICK -SAPART SAQUIT SATOPIC SETHOST SETIDENT -SETIDLE SHUN SQUIT SWHOIS TLINE -UNLOADMODULE UNLOCKSERV USERIP WALLOPS ZLINE"> +CHGNAME CLEARCHAN CLOAK CLONES CONNECT +DIE ELINE FILTER GLINE GLOADMODULE +GLOBOPS GRELOADMODULE GUNLOADMODULE KILL KLINE +LOADMODULE LOCKSERV MODENOTICE NICKLOCK NICKUNLOCK +OJOIN OPERMOTD QLINE RCONNECT REHASH +RELOADMODULE RESTART RLINE RSQUIT SAJOIN +SAKICK SAMODE SANICK SAPART SAQUIT +SATOPIC SETHOST SETIDENT SETIDLE SHUN +SQUIT SWHOIS TLINE UNLOADMODULE UNLOCKSERV +USERIP WALLOPS ZLINE"> <helpop key="userip" value="/USERIP <nick> [<nick>] @@ -438,27 +438,6 @@ service is temporarily closed and to try again later."> Opens the server up again for new connections."> -<helpop key="jumpserver" value="/JUMPSERVER [<newserver> <newport> <(+|-)[flags]> :[<reason>]] - -Sets or cancels jumpserver mode. If no parameters are given, -jumpserver mode is cancelled, if it is currently set. If parameters -are given, a server address must be given for <newserver> and a -server port must be given for <newport>. Zero or more status flags -should be given for 'flags', from the list below (if you do not -wish to specify any flags just place a '+' in this field): - -1. +a: Redirect all users immediately (except for opers) and cause -them to quit with the given reason - -2. +n: Redirect any new users who connect and cause them to quit -during registration - -You may use + and - to set or unset these flags in the command, the -default flags are -a+n, which will just redirect new users. The -reason parameter is optional, and if not provided defaults to -'Please use this server/port instead' (the default given in various -numeric lists)"> - <helpop key="filter" value="/FILTER <filter-definition> [<action> <flags> [<duration>] :<reason>] This command will add a filter when more than one parameter is given, @@ -776,10 +755,6 @@ The duration may be specified in seconds, or in the format 1y2w3d4h5m6s - meaning one year, two weeks, three days, 4 hours, 5 minutes and 6 seconds. All fields in this format are optional."> -<helpop key="close" value="/CLOSE - -Closes all unregistered connections to the local server."> - <helpop key="clearchan" value="/CLEARCHAN <channel> [<KILL|KICK|G|Z>] [<reason>] Quits or kicks all non-opers from a channel, optionally G/Z-lines them. diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example @@ -554,12 +554,6 @@ # key="changeme" # prefix="net-"> -#-#-#-#-#-#-#-#-#-#-#-#- CLOSE MODULE #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Close module: Allows an oper to close all unregistered connections. -# This module is oper-only and provides the /CLOSE command. -# To use, CLOSE must be in one of your oper class blocks. -#<module name="close"> - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Clones module: Adds an oper command /CLONES for detecting cloned # users. Warning: This command may be resource intensive when it is @@ -1166,14 +1160,6 @@ #<joinflood duration="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Jump server module: Adds support for the RPL_REDIR numeric. -# This module is oper-only. -# To use, JUMPSERVER must be in one of your oper class blocks. -# If your server is redirecting new clients and you get disconnected, -# do a REHASH from shell to open up again. -#<module name="jumpserver"> - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Anti auto rejoin: Adds support for prevention of auto-rejoin (+J). #<module name="kicknorejoin"> diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example @@ -43,8 +43,8 @@ chanmodes="*"> <class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN"> -<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS JUMPSERVER LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex"> -<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN CLOSE" usermodes="*" chanmodes="*"> +<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex"> +<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*"> <class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message"> <class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex"> diff --git a/src/modules/m_close.cpp b/src/modules/m_close.cpp @@ -1,83 +0,0 @@ -/* - * InspIRCd -- Internet Relay Chat Daemon - * - * Copyright (C) 2007 Dennis Friis <peavey@inspircd.org> - * Copyright (C) 2007 Carsten Valdemar Munk <carsten.munk+inspircd@gmail.com> - * - * This file is part of InspIRCd. InspIRCd is free software: you can - * redistribute it and/or modify it under the terms of the GNU General Public - * License as published by the Free Software Foundation, version 2. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - - -#include "inspircd.h" - -/** Handle /CLOSE - */ -class CommandClose : public Command -{ - public: - /* Command 'close', needs operator */ - CommandClose(Module* Creator) : Command(Creator,"CLOSE", 0) - { - flags_needed = 'o'; - } - - CmdResult Handle(User* src, const Params& parameters) CXX11_OVERRIDE - { - std::map<std::string,int> closed; - - const UserManager::LocalList& list = ServerInstance->Users.GetLocalUsers(); - for (UserManager::LocalList::const_iterator u = list.begin(); u != list.end(); ) - { - // Quitting the user removes it from the list - LocalUser* user = *u; - ++u; - if (user->registered != REG_ALL) - { - ServerInstance->Users->QuitUser(user, "Closing all unknown connections per request"); - std::string key = ConvToStr(user->GetIPString())+"."+ConvToStr(user->server_sa.port()); - closed[key]++; - } - } - - int total = 0; - for (std::map<std::string,int>::iterator ci = closed.begin(); ci != closed.end(); ci++) - { - src->WriteNotice("*** Closed " + ConvToStr(ci->second) + " unknown " + (ci->second == 1 ? "connection" : "connections") + - " from [" + ci->first + "]"); - total += ci->second; - } - if (total) - src->WriteNotice("*** " + ConvToStr(total) + " unknown " + (total == 1 ? "connection" : "connections") + " closed"); - else - src->WriteNotice("*** No unknown connections found"); - - return CMD_SUCCESS; - } -}; - -class ModuleClose : public Module -{ - CommandClose cmd; - public: - ModuleClose() - : cmd(this) - { - } - - Version GetVersion() CXX11_OVERRIDE - { - return Version("Provides /CLOSE functionality", VF_VENDOR); - } -}; - -MODULE_INIT(ModuleClose) diff --git a/src/modules/m_jumpserver.cpp b/src/modules/m_jumpserver.cpp @@ -1,198 +0,0 @@ -/* - * InspIRCd -- Internet Relay Chat Daemon - * - * Copyright (C) 2007-2008 Craig Edwards <craigedwards@brainbox.cc> - * Copyright (C) 2007 Dennis Friis <peavey@inspircd.org> - * Copyright (C) 2007 Robin Burchell <robin+git@viroteck.net> - * - * This file is part of InspIRCd. InspIRCd is free software: you can - * redistribute it and/or modify it under the terms of the GNU General Public - * License as published by the Free Software Foundation, version 2. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more - * details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - - -#include "inspircd.h" -#include "modules/ssl.h" - -enum -{ - // From ircd-ratbox. - RPL_REDIR = 10 -}; - -/** Handle /JUMPSERVER - */ -class CommandJumpserver : public Command -{ - public: - bool redirect_new_users; - std::string redirect_to; - std::string reason; - int port; - int sslport; - UserCertificateAPI sslapi; - - CommandJumpserver(Module* Creator) - : Command(Creator, "JUMPSERVER", 0, 4) - , sslapi(Creator) - { - flags_needed = 'o'; - syntax = "[<server> <port>[:<sslport>] <+/-an> <reason>]"; - port = 0; - sslport = 0; - redirect_new_users = false; - } - - CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE - { - int n_done = 0; - reason = (parameters.size() < 4) ? "Please use this server/port instead" : parameters[3]; - bool redirect_all_immediately = false; - redirect_new_users = true; - bool direction = true; - std::string n_done_s; - - /* No parameters: jumpserver disabled */ - if (parameters.empty()) - { - if (port) - user->WriteNotice("*** Disabled jumpserver (previously set to '" + redirect_to + ":" + ConvToStr(port) + "')"); - else - user->WriteNotice("*** Jumpserver was not enabled."); - - port = 0; - sslport = 0; - redirect_to.clear(); - return CMD_SUCCESS; - } - - port = 0; - redirect_to.clear(); - - if (parameters.size() >= 3) - { - for (std::string::const_iterator n = parameters[2].begin(); n != parameters[2].end(); ++n) - { - switch (*n) - { - case '+': - direction = true; - break; - case '-': - direction = false; - break; - case 'a': - redirect_all_immediately = direction; - break; - case 'n': - redirect_new_users = direction; - break; - default: - user->WriteNotice("*** Invalid JUMPSERVER flag: " + ConvToStr(*n)); - return CMD_FAILURE; - break; - } - } - - size_t delimpos = parameters[1].find(':'); - port = ConvToNum<int>(parameters[1].substr(0, delimpos ? delimpos : std::string::npos)); - sslport = (delimpos == std::string::npos ? 0 : ConvToNum<int>(parameters[1].substr(delimpos + 1))); - - if (parameters[1].find_first_not_of("0123456789:") != std::string::npos - || parameters[1].rfind(':') != delimpos - || port > 65535 || sslport > 65535) - { - user->WriteNotice("*** Invalid port number"); - return CMD_FAILURE; - } - - if (redirect_all_immediately) - { - /* Redirect everyone but the oper sending the command */ - const UserManager::LocalList& list = ServerInstance->Users.GetLocalUsers(); - for (UserManager::LocalList::const_iterator i = list.begin(); i != list.end(); ) - { - // Quitting the user removes it from the list - LocalUser* t = *i; - ++i; - if (!t->IsOper()) - { - t->WriteNumeric(RPL_REDIR, parameters[0], GetPort(t), "Please use this Server/Port instead"); - ServerInstance->Users->QuitUser(t, reason); - n_done++; - } - } - if (n_done) - { - n_done_s = ConvToStr(n_done); - } - } - - if (redirect_new_users) - redirect_to = parameters[0]; - - user->WriteNotice("*** Set jumpserver to server '" + parameters[0] + "' port '" + (port ? ConvToStr(port) : "Auto") + ", SSL " + (sslport ? ConvToStr(sslport) : "Auto") + "', flags '+" + - (redirect_all_immediately ? "a" : "") + (redirect_new_users ? "n'" : "'") + - (n_done ? " (" + n_done_s + "user(s) redirected): " : ": ") + reason); - } - - return CMD_SUCCESS; - } - - int GetPort(LocalUser* user) - { - int p = (sslapi && sslapi->GetCertificate(user) ? sslport : port); - if (p == 0) - p = user->server_sa.port(); - return p; - } -}; - -class ModuleJumpServer : public Module -{ - CommandJumpserver js; - public: - ModuleJumpServer() : js(this) - { - } - - void OnModuleRehash(User* user, const std::string& param) CXX11_OVERRIDE - { - if (irc::equals(param, "jumpserver") && js.redirect_new_users) - js.redirect_new_users = false; - } - - ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE - { - if (js.redirect_new_users) - { - int port = js.GetPort(user); - user->WriteNumeric(RPL_REDIR, js.redirect_to, port, "Please use this Server/Port instead"); - ServerInstance->Users->QuitUser(user, js.reason); - return MOD_RES_DENY; - } - return MOD_RES_PASSTHRU; - } - - void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE - { - // Emergency way to unlock - if (!status.srcuser) - js.redirect_new_users = false; - } - - Version GetVersion() CXX11_OVERRIDE - { - return Version("Provides support for the RPL_REDIR numeric and the /JUMPSERVER command.", VF_VENDOR); - } -}; - -MODULE_INIT(ModuleJumpServer)