From 0a42cedf77aae8bbb6769e7477e485aee3ca1340 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Sun, 24 May 2015 16:16:31 +0200 Subject: [PATCH] Bounce links that have their clock too far out of sync (#4214). Currently set at 1 minute. TODO: make configurable. This only works with newer servers as it relies on PROTOCTL TS=xyz very early in the synch. --- doc/technical/protoctl.txt | 5 +++++ src/modules/m_protoctl.c | 31 +++++++++++++++++++++++++++++++ src/s_serv.c | 4 ++-- 3 files changed, 38 insertions(+), 2 deletions(-) diff --git a/doc/technical/protoctl.txt b/doc/technical/protoctl.txt index fd6d0cc46..3209a2f27 100644 --- a/doc/technical/protoctl.txt +++ b/doc/technical/protoctl.txt @@ -126,3 +126,8 @@ SID This token indicates that the peer server supports UIDs and SIDs i ESVID This token indicates that the traditional services stamp value may take any arbitrary value for the SVID field, such as an account name or other unique identifier, including a traditional timestamp value. + +TS Upon linking newer servers send TS= where is the current unix + timestamp. This way a link can be rejected if the difference between the + clock of two servers is too large (since such a difference would lead to + serious issues). diff --git a/src/modules/m_protoctl.c b/src/modules/m_protoctl.c index 486bf3c67..0ebbb6073 100644 --- a/src/modules/m_protoctl.c +++ b/src/modules/m_protoctl.c @@ -348,6 +348,37 @@ CMD_FUNC(m_protoctl) if (!IsHandshake(cptr) && aconf && !BadPtr(aconf->connpwd)) /* Send PASS early... */ sendto_one(sptr, "PASS :%s", aconf->connpwd); } + else if ((strncmp(s, "TS=",3) == 0) && (IsServer(sptr) || IsEAuth(sptr))) + { + long t = atol(s+3); + char msg[512], linkerr[512]; + + if (t < 10000) + continue; /* ignore */ + + *msg = *linkerr = '\0'; +#define MAX_SERVER_TIME_OFFSET 60 + + if ((TStime() - t) > MAX_SERVER_TIME_OFFSET) + { + snprintf(linkerr, sizeof(linkerr), "Your clock is %ld seconds behind my clock. Please verify both your clock and mine, fix it and try linking again.", TStime() - t); + snprintf(msg, sizeof(msg), "Rejecting link %s: our clock is %ld seconds ahead. Correct time is very important in IRC. Please verify the clock on both %s (them) and %s (us), fix it and then try linking again", + get_client_name(cptr, TRUE), TStime() - t, sptr->name, me.name); + } else + if ((t - TStime()) > MAX_SERVER_TIME_OFFSET) + { + snprintf(linkerr, sizeof(linkerr), "Your clock is %ld seconds ahead of my clock. Please verify both your clock and mine, fix it, and try linking again.", t - TStime()); + snprintf(msg, sizeof(msg), "Rejecting link %s: our clock is %ld seconds behind. Correct time is very important in IRC. Please verify the clock on both %s (them) and %s (us), fix it and then try linking again", + get_client_name(cptr, TRUE), t - TStime(), sptr->name, me.name); + } + + if (*msg) + { + sendto_realops("%s", msg); + ircd_log(LOG_ERROR, "%s", msg); + return exit_client(sptr, sptr, sptr, linkerr); + } + } else if ((strcmp(s, "MLOCK")) == 0) { #ifdef PROTOCTL_MADNESS diff --git a/src/s_serv.c b/src/s_serv.c index 67003782e..d8c0174f6 100644 --- a/src/s_serv.c +++ b/src/s_serv.c @@ -222,8 +222,8 @@ char buf[1024]; sendto_one(cptr, "PROTOCTL %s", PROTOCTL_SERVER); /* Second line */ - snprintf(buf, sizeof(buf), "CHANMODES=%s%s,%s%s,%s%s,%s%s NICKCHARS=%s SID=%s MLOCK", - CHPAR1, EXPAR1, CHPAR2, EXPAR2, CHPAR3, EXPAR3, CHPAR4, EXPAR4, langsinuse, me.id); + snprintf(buf, sizeof(buf), "CHANMODES=%s%s,%s%s,%s%s,%s%s NICKCHARS=%s SID=%s MLOCK TS=%ld", + CHPAR1, EXPAR1, CHPAR2, EXPAR2, CHPAR3, EXPAR3, CHPAR4, EXPAR4, langsinuse, me.id, (long)TStime()); sendto_one(cptr, "PROTOCTL %s", buf); }