mirror of https://github.com/pissnet/pissircd.git
272 lines
7.0 KiB
C
272 lines
7.0 KiB
C
/*
|
|
* JumpServer: This module can redirect clients to another server.
|
|
* (C) Copyright 2004-2016 Bram Matthys (Syzop).
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 1, or (at your option)
|
|
* any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
|
|
#include "unrealircd.h"
|
|
|
|
ModuleHeader MOD_HEADER
|
|
= {
|
|
"jumpserver",
|
|
"1.1",
|
|
"/jumpserver command",
|
|
"UnrealIRCd Team",
|
|
"unrealircd-6",
|
|
};
|
|
|
|
/* Forward declarations */
|
|
CMD_FUNC(cmd_jumpserver);
|
|
int jumpserver_preconnect(Client *);
|
|
void jumpserver_free_jss(ModData *m);
|
|
|
|
/* Jumpserver status struct */
|
|
typedef struct JSS JSS;
|
|
struct JSS
|
|
{
|
|
char *reason;
|
|
char *server;
|
|
int port;
|
|
char *tls_server;
|
|
int tls_port;
|
|
};
|
|
|
|
JSS *jss=NULL; /**< JumpServer Status. NULL=disabled. */
|
|
|
|
MOD_INIT()
|
|
{
|
|
MARK_AS_OFFICIAL_MODULE(modinfo);
|
|
LoadPersistentPointer(modinfo, jss, jumpserver_free_jss);
|
|
CommandAdd(modinfo->handle, "JUMPSERVER", cmd_jumpserver, 3, CMD_USER);
|
|
HookAdd(modinfo->handle, HOOKTYPE_PRE_LOCAL_CONNECT, 0, jumpserver_preconnect);
|
|
return MOD_SUCCESS;
|
|
}
|
|
|
|
MOD_LOAD()
|
|
{
|
|
return MOD_SUCCESS;
|
|
}
|
|
|
|
MOD_UNLOAD()
|
|
{
|
|
SavePersistentPointer(modinfo, jss);
|
|
return MOD_SUCCESS;
|
|
}
|
|
|
|
static void do_jumpserver_exit_client(Client *client)
|
|
{
|
|
if (IsSecure(client) && jss->tls_server)
|
|
sendnumeric(client, RPL_REDIR, jss->tls_server, jss->tls_port);
|
|
else
|
|
sendnumeric(client, RPL_REDIR, jss->server, jss->port);
|
|
exit_client(client, NULL, jss->reason);
|
|
}
|
|
|
|
static void redirect_all_clients(void)
|
|
{
|
|
int count = 0;
|
|
Client *client, *next;
|
|
|
|
list_for_each_entry_safe(client, next, &lclient_list, lclient_node)
|
|
{
|
|
if (IsUser(client) && !IsOper(client))
|
|
{
|
|
do_jumpserver_exit_client(client);
|
|
count++;
|
|
}
|
|
}
|
|
unreal_log(ULOG_INFO, "jumpserver", "JUMPSERVER_REPORT", NULL,
|
|
"[jumpserver] Redirected $num_clients client(s)",
|
|
log_data_integer("num_clients", count));
|
|
}
|
|
|
|
int jumpserver_preconnect(Client *client)
|
|
{
|
|
if (jss)
|
|
{
|
|
do_jumpserver_exit_client(client);
|
|
return HOOK_DENY;
|
|
}
|
|
return HOOK_CONTINUE;
|
|
}
|
|
|
|
void free_jss(void)
|
|
{
|
|
if (jss)
|
|
{
|
|
safe_free(jss->server);
|
|
safe_free(jss->reason);
|
|
safe_free(jss->tls_server);
|
|
safe_free(jss);
|
|
jss = NULL;
|
|
}
|
|
}
|
|
|
|
void jumpserver_free_jss(ModData *m)
|
|
{
|
|
free_jss();
|
|
}
|
|
|
|
CMD_FUNC(cmd_jumpserver)
|
|
{
|
|
char *serv, *tlsserv=NULL, *p;
|
|
const char *reason;
|
|
int all=0, port=6667, sslport=6697;
|
|
char request[BUFSIZE];
|
|
char logbuf[512];
|
|
|
|
if (!IsOper(client))
|
|
{
|
|
sendnumeric(client, ERR_NOPRIVILEGES);
|
|
return;
|
|
}
|
|
|
|
if ((parc < 2) || BadPtr(parv[1]))
|
|
{
|
|
if (jss && jss->tls_server)
|
|
sendnotice(client, "JumpServer is \002ENABLED\002 to %s:%d (TLS: %s:%d) with reason '%s'",
|
|
jss->server, jss->port, jss->tls_server, jss->tls_port, jss->reason);
|
|
else
|
|
if (jss)
|
|
sendnotice(client, "JumpServer is \002ENABLED\002 to %s:%d with reason '%s'",
|
|
jss->server, jss->port, jss->reason);
|
|
else
|
|
sendnotice(client, "JumpServer is \002DISABLED\002");
|
|
return;
|
|
}
|
|
|
|
if ((parc > 1) && (!strcasecmp(parv[1], "OFF") || !strcasecmp(parv[1], "STOP")))
|
|
{
|
|
if (!jss)
|
|
{
|
|
sendnotice(client, "JUMPSERVER: No redirect active (already OFF)");
|
|
return;
|
|
}
|
|
free_jss();
|
|
unreal_log(ULOG_INFO, "jumpserver", "JUMPSERVER_DISABLED", client,
|
|
"[jumpserver] $client.details turned jumpserver OFF");
|
|
return;
|
|
}
|
|
|
|
if (parc < 4)
|
|
{
|
|
/* Waah, pretty verbose usage info ;) */
|
|
sendnotice(client, "Use: /JUMPSERVER <server>[:port] <NEW|ALL> <reason>");
|
|
sendnotice(client, " Or: /JUMPSERVER <server>[:port]/<tlsserver>[:port] <NEW|ALL> <reason>");
|
|
sendnotice(client, "if 'NEW' is chosen then only new (incoming) connections will be redirected");
|
|
sendnotice(client, "if 'ALL' is chosen then all clients except opers will be redirected immediately (+incoming connections)");
|
|
sendnotice(client, "Example: /JUMPSERVER irc2.test.net NEW This server will be upgraded, please use irc2.test.net for now");
|
|
sendnotice(client, "And then for example 10 minutes later...");
|
|
sendnotice(client, " /JUMPSERVER irc2.test.net ALL This server will be upgraded, please use irc2.test.net for now");
|
|
sendnotice(client, "Use: '/JUMPSERVER OFF' to turn off any redirects");
|
|
return;
|
|
}
|
|
|
|
/* Parsing code follows... */
|
|
|
|
strlcpy(request, parv[1], sizeof(request));
|
|
serv = request;
|
|
|
|
p = strchr(serv, '/');
|
|
if (p)
|
|
{
|
|
*p = '\0';
|
|
tlsserv = p+1;
|
|
}
|
|
|
|
p = strchr(serv, ':');
|
|
if (p)
|
|
{
|
|
*p++ = '\0';
|
|
port = atoi(p);
|
|
if ((port < 1) || (port > 65535))
|
|
{
|
|
sendnotice(client, "Invalid serverport specified (%d)", port);
|
|
return;
|
|
}
|
|
}
|
|
if (tlsserv)
|
|
{
|
|
p = strchr(tlsserv, ':');
|
|
if (p)
|
|
{
|
|
*p++ = '\0';
|
|
sslport = atoi(p);
|
|
if ((sslport < 1) || (sslport > 65535))
|
|
{
|
|
sendnotice(client, "Invalid TLS serverport specified (%d)", sslport);
|
|
return;
|
|
}
|
|
}
|
|
if (!*tlsserv)
|
|
tlsserv = NULL;
|
|
}
|
|
if (!strcasecmp(parv[2], "new"))
|
|
all = 0;
|
|
else if (!strcasecmp(parv[2], "all"))
|
|
all = 1;
|
|
else {
|
|
sendnotice(client, "ERROR: Invalid action '%s', should be 'NEW' or 'ALL' (see /jumpserver help for usage)", parv[2]);
|
|
return;
|
|
}
|
|
|
|
reason = parv[3];
|
|
|
|
/* Free any old stuff (needed!) */
|
|
if (jss)
|
|
free_jss();
|
|
|
|
jss = safe_alloc(sizeof(JSS));
|
|
|
|
/* Set it */
|
|
safe_strdup(jss->server, serv);
|
|
jss->port = port;
|
|
if (tlsserv)
|
|
{
|
|
safe_strdup(jss->tls_server, tlsserv);
|
|
jss->tls_port = sslport;
|
|
}
|
|
safe_strdup(jss->reason, reason);
|
|
|
|
/* Broadcast/log */
|
|
if (tlsserv)
|
|
{
|
|
unreal_log(ULOG_INFO, "jumpserver", "JUMPSERVER_ENABLED", client,
|
|
"[jumpserver] $client.details turned jumpserver ON for $jumpserver_who "
|
|
"to $jumpserver_server:$jumpserver_port "
|
|
"[TLS: $jumpserver_tls_server:$jumpserver_tls_port] "
|
|
"($reason)",
|
|
log_data_string("jumpserver_who", all ? "ALL CLIENTS" : "all new clients"),
|
|
log_data_string("jumpserver_server", jss->server),
|
|
log_data_integer("jumpserver_port", jss->port),
|
|
log_data_string("jumpserver_tls_server", jss->tls_server),
|
|
log_data_integer("jumpserver_tls_port", jss->tls_port),
|
|
log_data_string("reason", jss->reason));
|
|
} else {
|
|
unreal_log(ULOG_INFO, "jumpserver", "JUMPSERVER_ENABLED", client,
|
|
"[jumpserver] $client.details turned jumpserver ON for $jumpserver_who "
|
|
"to $jumpserver_server:$jumpserver_port "
|
|
"($reason)",
|
|
log_data_string("jumpserver_who", all ? "ALL CLIENTS" : "all new clients"),
|
|
log_data_string("jumpserver_server", jss->server),
|
|
log_data_integer("jumpserver_port", jss->port),
|
|
log_data_string("reason", jss->reason));
|
|
}
|
|
|
|
if (all)
|
|
redirect_all_clients();
|
|
}
|