mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-05 11:13:13 +02:00
More ssl -> tls moves. Also recommend to use 'certfp' rather than
the longer 'sslcertfp' or 'tlscertfp', we already support this since 4.0 so... updated the documentation as well.
This commit is contained in:
+2
-2
@@ -28,9 +28,9 @@ typedef struct {
|
||||
#define AUTHTYPE_UNIXCRYPT 1
|
||||
#define AUTHTYPE_MD5 2
|
||||
#define AUTHTYPE_SHA1 3
|
||||
#define AUTHTYPE_SSL_CLIENTCERT 4
|
||||
#define AUTHTYPE_TLS_CLIENTCERT 4
|
||||
#define AUTHTYPE_RIPEMD160 5
|
||||
#define AUTHTYPE_SSL_CLIENTCERTFP 6
|
||||
#define AUTHTYPE_TLS_CLIENTCERTFP 6
|
||||
#define AUTHTYPE_BCRYPT 7
|
||||
#define AUTHTYPE_SPKIFP 8
|
||||
#define AUTHTYPE_ARGON2 9
|
||||
|
||||
+3
-4
@@ -194,7 +194,7 @@ extern MODVAR int ipv6_disabled;
|
||||
#define IDENT_CHECK iConf.ident_check
|
||||
#define FAILOPER_WARN iConf.fail_oper_warn
|
||||
#define SHOWCONNECTINFO iConf.show_connect_info
|
||||
#define NOCONNECTSSLINFO iConf.no_connect_tls_info
|
||||
#define NOCONNECTTLSLINFO iConf.no_connect_tls_info
|
||||
#define OPER_ONLY_STATS iConf.oper_only_stats
|
||||
#define ANTI_SPAM_QUIT_MSG_TIME iConf.anti_spam_quit_message_time
|
||||
#ifdef HAVE_RAND_EGD
|
||||
@@ -289,9 +289,8 @@ struct SetCheck {
|
||||
unsigned has_dont_resolve:1;
|
||||
unsigned has_mkpasswd_for_everyone:1;
|
||||
unsigned has_allow_part_if_shunned:1;
|
||||
unsigned has_ssl_egd:1;
|
||||
unsigned has_ssl_server_cipher_list :1;
|
||||
unsigned has_ssl_protocols :1;
|
||||
unsigned has_tls_server_cipher_list :1;
|
||||
unsigned has_tls_protocols :1;
|
||||
unsigned has_dns_bind_ip:1;
|
||||
unsigned has_link_bind_ip:1;
|
||||
unsigned has_throttle_period:1;
|
||||
|
||||
+1
-1
@@ -525,7 +525,7 @@ extern void stripcrlf(char *line);
|
||||
extern time_t rfc2time(char *s);
|
||||
extern char *rfctime(time_t t, char *buf);
|
||||
extern void *MyMallocEx(size_t size);
|
||||
extern MODFUNC char *ssl_get_cipher(SSL *ssl);
|
||||
extern MODFUNC char *tls_get_cipher(SSL *ssl);
|
||||
extern TLSOptions *get_tls_options_for_client(aClient *acptr);
|
||||
extern int outdated_tls_client(aClient *acptr);
|
||||
extern char *outdated_tls_client_build_string(char *pattern, aClient *acptr);
|
||||
|
||||
+12
-10
@@ -30,10 +30,12 @@ anAuthStruct MODVAR AuthTypes[] = {
|
||||
{"crypt", AUTHTYPE_UNIXCRYPT},
|
||||
{"unixcrypt", AUTHTYPE_UNIXCRYPT},
|
||||
{"bcrypt", AUTHTYPE_BCRYPT},
|
||||
{"sslclientcert", AUTHTYPE_SSL_CLIENTCERT},
|
||||
{"cert", AUTHTYPE_SSL_CLIENTCERT},
|
||||
{"sslclientcertfp", AUTHTYPE_SSL_CLIENTCERTFP},
|
||||
{"certfp", AUTHTYPE_SSL_CLIENTCERTFP},
|
||||
{"cert", AUTHTYPE_TLS_CLIENTCERT},
|
||||
{"sslclientcert", AUTHTYPE_TLS_CLIENTCERT},
|
||||
{"tlsclientcert", AUTHTYPE_TLS_CLIENTCERT},
|
||||
{"certfp", AUTHTYPE_TLS_CLIENTCERTFP},
|
||||
{"sslclientcertfp", AUTHTYPE_TLS_CLIENTCERTFP},
|
||||
{"tlsclientcertfp", AUTHTYPE_TLS_CLIENTCERTFP},
|
||||
{"spkifp", AUTHTYPE_SPKIFP},
|
||||
{"argon2", AUTHTYPE_ARGON2},
|
||||
{NULL, 0}
|
||||
@@ -64,7 +66,7 @@ int Auth_AutoDetectHashType(char *hash)
|
||||
if ((*p != ':') && !strchr(hexchars, *p))
|
||||
return AUTHTYPE_PLAINTEXT; /* not hex and not colon */
|
||||
|
||||
return AUTHTYPE_SSL_CLIENTCERTFP;
|
||||
return AUTHTYPE_TLS_CLIENTCERTFP;
|
||||
}
|
||||
|
||||
if (strlen(hash) == 44)
|
||||
@@ -182,11 +184,11 @@ int Auth_CheckError(ConfigEntry *ce)
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
case AUTHTYPE_SSL_CLIENTCERT:
|
||||
case AUTHTYPE_TLS_CLIENTCERT:
|
||||
convert_to_absolute_path(&ce->ce_vardata, CONFDIR);
|
||||
if (!(x509_f = fopen(ce->ce_vardata, "r")))
|
||||
{
|
||||
config_error("%s:%i: authentication module failure: AUTHTYPE_SSL_CLIENTCERT: error opening file %s: %s",
|
||||
config_error("%s:%i: authentication module failure: AUTHTYPE_TLS_CLIENTCERT: error opening file %s: %s",
|
||||
ce->ce_fileptr->cf_filename, ce->ce_varlinenum, ce->ce_vardata, strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
@@ -194,7 +196,7 @@ int Auth_CheckError(ConfigEntry *ce)
|
||||
fclose(x509_f);
|
||||
if (!x509_filecert)
|
||||
{
|
||||
config_error("%s:%i: authentication module failure: AUTHTYPE_SSL_CLIENTCERT: PEM_read_X509 errored in file %s (format error?)",
|
||||
config_error("%s:%i: authentication module failure: AUTHTYPE_TLS_CLIENTCERT: PEM_read_X509 errored in file %s (format error?)",
|
||||
ce->ce_fileptr->cf_filename, ce->ce_varlinenum, ce->ce_vardata);
|
||||
return -1;
|
||||
}
|
||||
@@ -583,7 +585,7 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para)
|
||||
case AUTHTYPE_RIPEMD160:
|
||||
return authcheck_ripemd160(cptr, as, para);
|
||||
|
||||
case AUTHTYPE_SSL_CLIENTCERT:
|
||||
case AUTHTYPE_TLS_CLIENTCERT:
|
||||
{
|
||||
X509 *x509_clientcert = NULL;
|
||||
X509 *x509_filecert = NULL;
|
||||
@@ -617,7 +619,7 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para)
|
||||
return 2;
|
||||
}
|
||||
|
||||
case AUTHTYPE_SSL_CLIENTCERTFP:
|
||||
case AUTHTYPE_TLS_CLIENTCERTFP:
|
||||
{
|
||||
int i, k;
|
||||
char hexcolon[EVP_MAX_MD_SIZE * 3 + 1];
|
||||
|
||||
+2
-2
@@ -6533,8 +6533,8 @@ int _test_link(ConfigFile *conf, ConfigEntry *ce)
|
||||
} else {
|
||||
anAuthStruct *auth = Auth_ConvertConf2AuthStruct(cep);
|
||||
/* hm. would be nicer if handled @auth-system I think. ah well.. */
|
||||
if ((auth->type != AUTHTYPE_PLAINTEXT) && (auth->type != AUTHTYPE_SSL_CLIENTCERT) &&
|
||||
(auth->type != AUTHTYPE_SSL_CLIENTCERTFP) && (auth->type != AUTHTYPE_SPKIFP))
|
||||
if ((auth->type != AUTHTYPE_PLAINTEXT) && (auth->type != AUTHTYPE_TLS_CLIENTCERT) &&
|
||||
(auth->type != AUTHTYPE_TLS_CLIENTCERTFP) && (auth->type != AUTHTYPE_SPKIFP))
|
||||
{
|
||||
config_error("%s:%i: password in link block should be plaintext OR should be the "
|
||||
"SSL or SPKI fingerprint of the remote link (=better)",
|
||||
|
||||
@@ -125,8 +125,8 @@ int certificate_verification_active(aClient *acptr)
|
||||
if (conf->verify_certificate)
|
||||
return 1; /* yes, verify-certificate is 'yes' */
|
||||
|
||||
if ((conf->auth->type == AUTHTYPE_SSL_CLIENTCERT) ||
|
||||
(conf->auth->type == AUTHTYPE_SSL_CLIENTCERTFP) ||
|
||||
if ((conf->auth->type == AUTHTYPE_TLS_CLIENTCERT) ||
|
||||
(conf->auth->type == AUTHTYPE_TLS_CLIENTCERTFP) ||
|
||||
(conf->auth->type == AUTHTYPE_SPKIFP))
|
||||
{
|
||||
/* yes, verified by link::password being a
|
||||
|
||||
+1
-1
@@ -1429,7 +1429,7 @@ int _register_user(aClient *cptr, aClient *sptr, char *nick, char *username, cha
|
||||
if (sptr->local->ssl && !iConf.no_connect_tls_info)
|
||||
{
|
||||
sendnotice(sptr, "*** You are connected to %s with %s",
|
||||
me.name, ssl_get_cipher(sptr->local->ssl));
|
||||
me.name, tls_get_cipher(sptr->local->ssl));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+18
-18
@@ -322,7 +322,7 @@ skip_host_check:
|
||||
{
|
||||
/* Let's help admins a bit with a good error message in case
|
||||
* they mix different authentication systems (plaintext password
|
||||
* vs an "TLS Auth type" like spkifp/sslclientcert/sslclientcertfp).
|
||||
* vs an "TLS Auth type" like spkifp/tlsclientcert/tlsclientcertfp).
|
||||
* The 'if' statement below is a bit complex but it consists of 2 things:
|
||||
* 1. Check if our side expects a plaintext password but we did not receive one
|
||||
* 2. Check if our side expects a non-plaintext password but we did receive one
|
||||
@@ -339,14 +339,14 @@ skip_host_check:
|
||||
sendto_ops_and_log("Link denied for '%s' (Authentication failed [spkifp mismatch]) %s",
|
||||
servername, inpath);
|
||||
} else
|
||||
if (link->auth->type == AUTHTYPE_SSL_CLIENTCERT)
|
||||
if (link->auth->type == AUTHTYPE_TLS_CLIENTCERT)
|
||||
{
|
||||
sendto_ops_and_log("Link denied for '%s' (Authentication failed [sslclientcert mismatch]) %s",
|
||||
sendto_ops_and_log("Link denied for '%s' (Authentication failed [tlsclientcert mismatch]) %s",
|
||||
servername, inpath);
|
||||
} else
|
||||
if (link->auth->type == AUTHTYPE_SSL_CLIENTCERTFP)
|
||||
if (link->auth->type == AUTHTYPE_TLS_CLIENTCERTFP)
|
||||
{
|
||||
sendto_ops_and_log("Link denied for '%s' (Authentication failed [sslclientcertfp mismatch]) %s",
|
||||
sendto_ops_and_log("Link denied for '%s' (Authentication failed [tlsclientcertfp mismatch]) %s",
|
||||
servername, inpath);
|
||||
} else
|
||||
{
|
||||
@@ -360,7 +360,7 @@ skip_host_check:
|
||||
"Link denied (Authentication failed)");
|
||||
}
|
||||
|
||||
/* Verify the SSL certificate (if requested) */
|
||||
/* Verify the TLS certificate (if requested) */
|
||||
if (link->verify_certificate)
|
||||
{
|
||||
char *errstr = NULL;
|
||||
@@ -443,7 +443,7 @@ skip_host_check:
|
||||
if (IsSecure(cptr) && (iConf.outdated_tls_policy_server == POLICY_DENY) && outdated_tls_client(cptr))
|
||||
{
|
||||
sendto_one(cptr, NULL, "ERROR :Server is using an outdated SSL/TLS protocol or cipher (set::outdated-tls-policy::server is 'deny')");
|
||||
sendto_ops_and_log("Rejected server %s using outdated %s. See https://www.unrealircd.org/docs/FAQ#server-outdated-tls", ssl_get_cipher(cptr->local->ssl), cptr->name);
|
||||
sendto_ops_and_log("Rejected server %s using outdated %s. See https://www.unrealircd.org/docs/FAQ#server-outdated-tls", tls_get_cipher(cptr->local->ssl), cptr->name);
|
||||
return exit_client(cptr, sptr, &me, NULL, "Server using outdates SSL/TLS protocol or cipher (set::outdated-tls-policy::server is 'deny')");
|
||||
}
|
||||
if (link_out)
|
||||
@@ -791,15 +791,15 @@ void _introduce_user(aClient *to, aClient *acptr)
|
||||
void tls_link_notification_verify(aClient *acptr, ConfigItem_link *aconf)
|
||||
{
|
||||
char *spki_fp;
|
||||
char *ssl_fp;
|
||||
char *tls_fp;
|
||||
char *errstr = NULL;
|
||||
int verify_ok;
|
||||
|
||||
if (!MyConnect(acptr) || !acptr->local->ssl || !aconf)
|
||||
return;
|
||||
|
||||
if ((aconf->auth->type == AUTHTYPE_SSL_CLIENTCERT) ||
|
||||
(aconf->auth->type == AUTHTYPE_SSL_CLIENTCERTFP) ||
|
||||
if ((aconf->auth->type == AUTHTYPE_TLS_CLIENTCERT) ||
|
||||
(aconf->auth->type == AUTHTYPE_TLS_CLIENTCERTFP) ||
|
||||
(aconf->auth->type == AUTHTYPE_SPKIFP))
|
||||
{
|
||||
/* Link verified by certificate or SPKI */
|
||||
@@ -812,9 +812,9 @@ void tls_link_notification_verify(aClient *acptr, ConfigItem_link *aconf)
|
||||
return;
|
||||
}
|
||||
|
||||
ssl_fp = moddata_client_get(acptr, "certfp");
|
||||
tls_fp = moddata_client_get(acptr, "certfp");
|
||||
spki_fp = spki_fingerprint(acptr);
|
||||
if (!ssl_fp || !spki_fp)
|
||||
if (!tls_fp || !spki_fp)
|
||||
return; /* wtf ? */
|
||||
|
||||
/* Only bother the user if we are linking to UnrealIRCd 4.0.16+,
|
||||
@@ -943,9 +943,9 @@ int m_server_synch(aClient *cptr, ConfigItem_link *aconf)
|
||||
{
|
||||
sendto_server(&me, 0, 0, NULL, ":%s SMO o :(\2link\2) Secure link %s -> %s established (%s)",
|
||||
me.name,
|
||||
me.name, inpath, ssl_get_cipher(cptr->local->ssl));
|
||||
me.name, inpath, tls_get_cipher(cptr->local->ssl));
|
||||
sendto_realops("(\2link\2) Secure link %s -> %s established (%s)",
|
||||
me.name, inpath, ssl_get_cipher(cptr->local->ssl));
|
||||
me.name, inpath, tls_get_cipher(cptr->local->ssl));
|
||||
tls_link_notification_verify(cptr, aconf);
|
||||
}
|
||||
else
|
||||
@@ -955,19 +955,19 @@ int m_server_synch(aClient *cptr, ConfigItem_link *aconf)
|
||||
me.name, inpath);
|
||||
sendto_realops("(\2link\2) Link %s -> %s established",
|
||||
me.name, inpath);
|
||||
/* Print out a warning if linking to a non-SSL server unless it's localhost.
|
||||
* Yeah.. there are still other cases when non-SSL links are fine (eg: local IP
|
||||
/* Print out a warning if linking to a non-TLS server unless it's localhost.
|
||||
* Yeah.. there are still other cases when non-TLS links are fine (eg: local IP
|
||||
* of the same machine), we won't bother with detecting that. -- Syzop
|
||||
*/
|
||||
if (!IsLocal(cptr) && (iConf.plaintext_policy_server == POLICY_WARN))
|
||||
{
|
||||
sendto_realops("\002WARNING:\002 This link is unencrypted (non-SSL). We highly recommend to use "
|
||||
sendto_realops("\002WARNING:\002 This link is unencrypted (not SSL/TLS). We highly recommend to use "
|
||||
"SSL/TLS for server linking. See https://www.unrealircd.org/docs/Linking_servers");
|
||||
}
|
||||
if (IsSecure(cptr) && (iConf.outdated_tls_policy_server == POLICY_WARN) && outdated_tls_client(cptr))
|
||||
{
|
||||
sendto_realops("\002WARNING:\002 This link is using an outdated SSL/TLS protocol or cipher (%s).",
|
||||
ssl_get_cipher(cptr->local->ssl));
|
||||
tls_get_cipher(cptr->local->ssl));
|
||||
}
|
||||
}
|
||||
(void)add_to_client_hash_table(cptr->name, cptr);
|
||||
|
||||
+6
-6
@@ -558,7 +558,7 @@ static char *stats_port_helper(ConfigItem_listen *listener)
|
||||
ircsnprintf(buf, sizeof(buf), "%s%s%s%s",
|
||||
(listener->options & LISTENER_CLIENTSONLY)? "clientsonly ": "",
|
||||
(listener->options & LISTENER_SERVERSONLY)? "serversonly ": "",
|
||||
(listener->options & LISTENER_TLS)? "ssl ": "",
|
||||
(listener->options & LISTENER_TLS)? "tls ": "",
|
||||
!(listener->options & LISTENER_TLS)? "plaintext ": "");
|
||||
return buf;
|
||||
}
|
||||
@@ -1109,16 +1109,16 @@ int stats_set(aClient *sptr, char *para)
|
||||
sendtxtnumeric(sptr, "hide-ban-reason: %d", HIDE_BAN_REASON);
|
||||
sendtxtnumeric(sptr, "anti-spam-quit-message-time: %s", pretty_time_val(ANTI_SPAM_QUIT_MSG_TIME));
|
||||
sendtxtnumeric(sptr, "channel-command-prefix: %s", CHANCMDPFX ? CHANCMDPFX : "`");
|
||||
sendtxtnumeric(sptr, "ssl::certificate: %s", SafePrint(iConf.tls_options->certificate_file));
|
||||
sendtxtnumeric(sptr, "ssl::key: %s", SafePrint(iConf.tls_options->key_file));
|
||||
sendtxtnumeric(sptr, "ssl::trusted-ca-file: %s", SafePrint(iConf.tls_options->trusted_ca_file));
|
||||
sendtxtnumeric(sptr, "ssl::options: %s", iConf.tls_options->options & TLSFLAG_FAILIFNOCERT ? "FAILIFNOCERT" : "");
|
||||
sendtxtnumeric(sptr, "tls::certificate: %s", SafePrint(iConf.tls_options->certificate_file));
|
||||
sendtxtnumeric(sptr, "tls::key: %s", SafePrint(iConf.tls_options->key_file));
|
||||
sendtxtnumeric(sptr, "tls::trusted-ca-file: %s", SafePrint(iConf.tls_options->trusted_ca_file));
|
||||
sendtxtnumeric(sptr, "tls::options: %s", iConf.tls_options->options & TLSFLAG_FAILIFNOCERT ? "FAILIFNOCERT" : "");
|
||||
sendtxtnumeric(sptr, "options::show-opermotd: %d", SHOWOPERMOTD);
|
||||
sendtxtnumeric(sptr, "options::hide-ulines: %d", HIDE_ULINES);
|
||||
sendtxtnumeric(sptr, "options::identd-check: %d", IDENT_CHECK);
|
||||
sendtxtnumeric(sptr, "options::fail-oper-warn: %d", FAILOPER_WARN);
|
||||
sendtxtnumeric(sptr, "options::show-connect-info: %d", SHOWCONNECTINFO);
|
||||
sendtxtnumeric(sptr, "options::no-connect-tls-info: %d", NOCONNECTSSLINFO);
|
||||
sendtxtnumeric(sptr, "options::no-connect-tls-info: %d", NOCONNECTTLSLINFO);
|
||||
sendtxtnumeric(sptr, "options::dont-resolve: %d", DONT_RESOLVE);
|
||||
sendtxtnumeric(sptr, "options::mkpasswd-for-everyone: %d", MKPASSWD_FOR_EVERYONE);
|
||||
sendtxtnumeric(sptr, "options::allow-insane-bans: %d", ALLOW_INSANE_BANS);
|
||||
|
||||
+73
-66
@@ -157,72 +157,79 @@ CMD_FUNC(m_trace)
|
||||
class = acptr->local->class ? acptr->local->class->name : "default";
|
||||
switch (acptr->status)
|
||||
{
|
||||
case STAT_CONNECTING:
|
||||
sendnumeric(sptr, RPL_TRACECONNECTING, class, name);
|
||||
cnt++;
|
||||
break;
|
||||
case STAT_HANDSHAKE:
|
||||
sendnumeric(sptr, RPL_TRACEHANDSHAKE, class, name);
|
||||
cnt++;
|
||||
break;
|
||||
case STAT_ME:
|
||||
break;
|
||||
case STAT_UNKNOWN:
|
||||
sendnumeric(sptr, RPL_TRACEUNKNOWN, class, name);
|
||||
cnt++;
|
||||
break;
|
||||
case STAT_CLIENT:
|
||||
/* Only opers see users if there is a wildcard
|
||||
* but anyone can see all the opers.
|
||||
*/
|
||||
if (ValidatePermissionsForPath("client:see:trace:invisible-users",sptr,acptr,NULL,NULL) ||
|
||||
(!IsInvisible(acptr) && ValidatePermissionsForPath("client:see:trace",sptr,acptr,NULL,NULL)))
|
||||
{
|
||||
if (ValidatePermissionsForPath("client:see:trace",sptr,acptr,NULL,NULL) || ValidatePermissionsForPath("client:see:trace:invisible-users",sptr,acptr,NULL,NULL))
|
||||
sendnumeric(sptr, RPL_TRACEOPERATOR,
|
||||
class, acptr->name,
|
||||
GetHost(acptr),
|
||||
now - acptr->local->lasttime);
|
||||
else
|
||||
sendnumeric(sptr, RPL_TRACEUSER,
|
||||
class, acptr->name,
|
||||
acptr->user->realhost,
|
||||
now - acptr->local->lasttime);
|
||||
cnt++;
|
||||
}
|
||||
break;
|
||||
case STAT_SERVER:
|
||||
if (acptr->serv->user)
|
||||
sendnumeric(sptr, RPL_TRACESERVER, class, acptr->fd >= 0 ? link_s[acptr->fd] : -1,
|
||||
acptr->fd >= 0 ? link_u[acptr->fd] : -1, name, acptr->serv->by,
|
||||
acptr->serv->user->username,
|
||||
acptr->serv->user->realhost,
|
||||
now - acptr->local->lasttime);
|
||||
else
|
||||
sendnumeric(sptr, RPL_TRACESERVER, class, acptr->fd >= 0 ? link_s[acptr->fd] : -1,
|
||||
acptr->fd >= 0 ? link_u[acptr->fd] : -1, name, *(acptr->serv->by) ?
|
||||
acptr->serv->by : "*", "*", me.name,
|
||||
now - acptr->local->lasttime);
|
||||
cnt++;
|
||||
break;
|
||||
case STAT_LOG:
|
||||
sendnumeric(sptr, RPL_TRACELOG, LOGFILE, acptr->local->port);
|
||||
cnt++;
|
||||
break;
|
||||
#ifdef USE_SSL
|
||||
case STAT_TLS_CONNECT_HANDSHAKE:
|
||||
sendnumeric(sptr, RPL_TRACENEWTYPE, "SSL-Connect-Handshake", name);
|
||||
cnt++;
|
||||
break;
|
||||
case STAT_TLS_ACCEPT_HANDSHAKE:
|
||||
sendnumeric(sptr, RPL_TRACENEWTYPE, "SSL-Accept-Handshake", name);
|
||||
cnt++;
|
||||
break;
|
||||
#endif
|
||||
default: /* ...we actually shouldn't come here... --msa */
|
||||
sendnumeric(sptr, RPL_TRACENEWTYPE, "<newtype>", name);
|
||||
cnt++;
|
||||
break;
|
||||
case STAT_CONNECTING:
|
||||
sendnumeric(sptr, RPL_TRACECONNECTING, class, name);
|
||||
cnt++;
|
||||
break;
|
||||
|
||||
case STAT_HANDSHAKE:
|
||||
sendnumeric(sptr, RPL_TRACEHANDSHAKE, class, name);
|
||||
cnt++;
|
||||
break;
|
||||
|
||||
case STAT_ME:
|
||||
break;
|
||||
|
||||
case STAT_UNKNOWN:
|
||||
sendnumeric(sptr, RPL_TRACEUNKNOWN, class, name);
|
||||
cnt++;
|
||||
break;
|
||||
|
||||
case STAT_CLIENT:
|
||||
/* Only opers see users if there is a wildcard
|
||||
* but anyone can see all the opers.
|
||||
*/
|
||||
if (ValidatePermissionsForPath("client:see:trace:invisible-users",sptr,acptr,NULL,NULL) ||
|
||||
(!IsInvisible(acptr) && ValidatePermissionsForPath("client:see:trace",sptr,acptr,NULL,NULL)))
|
||||
{
|
||||
if (ValidatePermissionsForPath("client:see:trace",sptr,acptr,NULL,NULL) || ValidatePermissionsForPath("client:see:trace:invisible-users",sptr,acptr,NULL,NULL))
|
||||
sendnumeric(sptr, RPL_TRACEOPERATOR,
|
||||
class, acptr->name,
|
||||
GetHost(acptr),
|
||||
now - acptr->local->lasttime);
|
||||
else
|
||||
sendnumeric(sptr, RPL_TRACEUSER,
|
||||
class, acptr->name,
|
||||
acptr->user->realhost,
|
||||
now - acptr->local->lasttime);
|
||||
cnt++;
|
||||
}
|
||||
break;
|
||||
|
||||
case STAT_SERVER:
|
||||
if (acptr->serv->user)
|
||||
sendnumeric(sptr, RPL_TRACESERVER, class, acptr->fd >= 0 ? link_s[acptr->fd] : -1,
|
||||
acptr->fd >= 0 ? link_u[acptr->fd] : -1, name, acptr->serv->by,
|
||||
acptr->serv->user->username,
|
||||
acptr->serv->user->realhost,
|
||||
now - acptr->local->lasttime);
|
||||
else
|
||||
sendnumeric(sptr, RPL_TRACESERVER, class, acptr->fd >= 0 ? link_s[acptr->fd] : -1,
|
||||
acptr->fd >= 0 ? link_u[acptr->fd] : -1, name, *(acptr->serv->by) ?
|
||||
acptr->serv->by : "*", "*", me.name,
|
||||
now - acptr->local->lasttime);
|
||||
cnt++;
|
||||
break;
|
||||
|
||||
case STAT_LOG:
|
||||
sendnumeric(sptr, RPL_TRACELOG, LOGFILE, acptr->local->port);
|
||||
cnt++;
|
||||
break;
|
||||
|
||||
case STAT_TLS_CONNECT_HANDSHAKE:
|
||||
sendnumeric(sptr, RPL_TRACENEWTYPE, "TLS-Connect-Handshake", name);
|
||||
cnt++;
|
||||
break;
|
||||
|
||||
case STAT_TLS_ACCEPT_HANDSHAKE:
|
||||
sendnumeric(sptr, RPL_TRACENEWTYPE, "TLS-Accept-Handshake", name);
|
||||
cnt++;
|
||||
break;
|
||||
|
||||
default: /* ...we actually shouldn't come here... --msa */
|
||||
sendnumeric(sptr, RPL_TRACENEWTYPE, "<newtype>", name);
|
||||
cnt++;
|
||||
break;
|
||||
}
|
||||
}
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user