CVS: Bahamut-1.8/src drone.c, NONE, 1.1 s_bsd.c, 1.2, 1.3 s_user.c,
1.7, 1.8
Mark Rutherford
markr at nubian.blitzed.org
Sat Aug 20 02:49:39 UTC 2005
Update of /data/cvs/Bahamut-1.8/src
In directory nubian.blitzed.org:/tmp/cvs-serv48518/src
Modified Files:
s_bsd.c s_user.c
Added Files:
drone.c
Log Message:
msg.h/s_user.c:
- HTTP PUT/POST detection. (courtesy of Quension, Bahamut team)
- drone detection variables
s_bsd.c:
- there is some weirdness going on that I cant duplicate easily
seems that the ircd crashes, local[] is not being dealt with properly
with regards to SSL, needs investigation.
drone.c:
- the starts of drone detection. checks for fyle.
needs the remainder of the check code inserted and tested.
--- NEW FILE ---
/************************************************************************
* IRC - Internet Relay Chat, src/drone.c
* Copyright (C) 2002, DALnet coding team
* Copyright (C) 2003-2005, Blitzed ircd team
*
* See file AUTHORS in IRC package for additional names of
* the programmers.
*
* This program is free softwmare; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include <fcntl.h>
#include "struct.h"
#include "common.h"
#include "sys.h"
#include "numeric.h"
#include "msg.h"
#include "channel.h"
#include "throttle.h"
#include "h.h"
#include "hooks.h"
/* compile:
* gcc -I<path to bahamut include dir> -o drone.so -shared -g drone.c
* IMPORTANT!
* IF USING SSL:
* gcc -I<path to bahamut include dir> -DUSE_SSL -o drone.so -shared -g drone.c
*/
#define MODULEVERSION 1006
#define REPORT_CHANNEL "#drone_notices"
static int check_fyle(aClient *, char *, char *, char *, char *);
void *mod;
void bircmodule_check(int *acsz)
{
*acsz = MODULEVERSION;
}
void bircmodule_getinfo(char **ver, char **desc)
{
*ver = "1.0";
*desc = "Blitzed Drone module";
}
int handle_drone(aClient *sptr)
{
char buf[128];
aChannel *chptr = find_channel(REPORT_CHANNEL, NULL);
sendto_one(sptr, ":%s NOTICE AUTH :*** Notice -- Trojan/Virus: %s",
me.name, sptr->drone);
if(chptr != NULL)
sendto_channelops_butone(NULL, &me, chptr, ":%s NOTICE @%s :Rejected trojan/virus from %s: %s", me.name,
chptr->chname, sptr->sockhost, sptr->drone);
sptr->firsttime += 600;
sprintf(buf, "You are infected with Trojan/Virus: %s", sptr->drone);
return exit_client(sptr, sptr, &me, buf);
}
/* check for drones */
int check_drone(aClient *sptr)
{
struct in_addr inp;
/* Is server an IP? If so this is an Anatoly/Fyle/unut3 sign. */
if(inet_aton(sptr->droneserver, &inp) != 0)
sendto_one(sptr, ":%s 439 dummy :You match the signature of a known "
"spambot so this is a just a probe to check you aren't. "
"If you're a real human, please ignore this!", me.name);
if(check_fyle(sptr, sptr->droneusername, sptr->dronehost, sptr->droneserver, sptr->dronerealname))
return handle_drone(sptr);
/*
if(check_fizzer(sptr, username, hostname, server, realname))
return 1;
if(check_unut23(sptr, username, hostname, server, realname, unut2_names,
"Spam bot (unut2)"))
return 1;
if(check_unut23(sptr, username, hostname, server, realname, unut3_names,
"Spam bot (unut3)"))
return 1;
if(check_spacex(sptr, username, hostname, server, realname))
return 1;
if(check_mymoon(sptr, username, hostname, server, realname))
return 1;
*/
return 0;
}
/* CHOOK_POSTACCESS is fired right after the ban checks.
* seems like a good time to do even more checks. -Mark
*/
int bircmodule_init(void *module)
{
mod = module; /* it did'nt work for me unless I played this pointer game.. why is that? -Mark */
bircmodule_add_hook(CHOOK_POSTACCESS, mod, check_drone);
return 0;
}
void bircmodule_shutdown(void)
{
return;
}
int bircmodule_command(aClient *sptr, int parc, char **parv)
{
return 0;
}
int bircmodule_globalcommand(aClient *sptr, aClient *dst, int parc, char **parv)
{
return 0;
}
/* Returns true if client matches the signature of the Trojan.IRC.Fyle
* trojan (clamav name) */
#define FYLE_REALCHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz."
static int check_fyle(aClient *sptr, char *username, char *hostname,
char *server, char *realname)
{
if(strcmp(hostname, realname) == 0
&& strspn(realname, FYLE_REALCHARS) == strlen(realname))
{
char *dot = strchr(realname, '.');
if(!dot)
return 0;
dot++;
if(strcmp(dot, "com") == 0 || strcmp(dot, "net") == 0
|| strcmp(dot, "org") == 0 || strcmp(dot, "ca") == 0)
{
sptr->drone = "Fyle";
return 1;
}
}
return 0;
}
Index: s_bsd.c
===================================================================
RCS file: /data/cvs/Bahamut-1.8/src/s_bsd.c,v
retrieving revision 1.2
retrieving revision 1.3
diff --unified=6 -r1.2 -r1.3
--- s_bsd.c 13 Aug 2005 16:58:09 -0000 1.2
+++ s_bsd.c 20 Aug 2005 02:49:36 -0000 1.3
@@ -917,13 +917,15 @@
if (cptr->fd >= 0)
{
#ifdef USE_SSL
if(!IsDead(cptr))
#endif
dump_connections(cptr->fd);
- local[cptr->fd] = NULL;
+
+ local[cptr->fd] = NULL;
+
#ifdef USE_SSL
if(IsSSL(cptr) && cptr->ssl) {
SSL_set_shutdown(cptr->ssl, SSL_RECEIVED_SHUTDOWN);
SSL_smart_shutdown(cptr->ssl);
SSL_free(cptr->ssl);
cptr->ssl = NULL;
Index: s_user.c
===================================================================
RCS file: /data/cvs/Bahamut-1.8/src/s_user.c,v
retrieving revision 1.7
retrieving revision 1.8
diff --unified=6 -r1.7 -r1.8
--- s_user.c 16 Aug 2005 03:35:05 -0000 1.7
+++ s_user.c 20 Aug 2005 02:49:36 -0000 1.8
@@ -414,12 +414,21 @@
sendto_realops("Failed OPERMASK attempt by %s (%s@%s) [Bad Password]",
sptr->name, sptr->user->username, sptr->user->host);
return 0;
}
#endif
+/* used by m_user, m_put, m_post */
+
+static int
+reject_proxy(aClient *cptr, char *cmd, char *args)
+{
+ sendto_realops_lev(REJ_LEV, "proxy attempt from %s: %s %s",
+ inetntoa((char *)&cptr->ip), cmd, args ? args : "");
+ return exit_client(cptr, cptr, &me, "relay connection");
+}
/*
* * register_user
* This function is called when both NICK and USER messages
* have been accepted for the client, in whatever order. Only
* after this, is the USER message propagated.
@@ -2094,16 +2103,19 @@
* parv[3] = server host name (used only from other servers)
* parv[4] = users real name info
*/
int
m_user(aClient *cptr, aClient *sptr, int parc, char *parv[])
{
-#define UFLAGS (UMODE_i|UMODE_w|UMODE_s)
+
char *username, *host, *server, *realname;
struct simBan *ban;
-
+ /* FTP proxy - NOT TESTED!!!!!
+ if (!IsRegistered(cptr) && parc == 2 && cptr->receiveM == 1)
+ return reject_proxy(cptr, "USER", parv[1]);
+ */
if (parc > 2 && (username = (char *) strchr(parv[1], '@')))
*username = '\0';
if (parc < 5 || *parv[1] == '\0' || *parv[2] == '\0' ||
*parv[3] == '\0' || *parv[4] == '\0')
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, parv[0], "USER");
@@ -2118,27 +2130,33 @@
host = (parc < 3 || BadPtr(parv[2])) ? "<nohost>" : parv[2];
server = (parc < 4 || BadPtr(parv[3])) ? "<noserver>" : parv[3];
realname = (parc < 5 || BadPtr(parv[4])) ? "<bad-realname>" : parv[4];
if ((ban = check_regex_mask_simbanned(realname, SBAN_GCOS)))
return exit_client(cptr, sptr, sptr, BadPtr(ban->reason) ?
"Bad GCOS: Reason unspecified" : ban->reason);
+
+ /* duplicate these strings for drone detection. to be freed later */
+ DupString(sptr->droneusername, username);
+ DupString(sptr->dronehost, host);
+ DupString(sptr->droneserver, server);
+ DupString(sptr->dronerealname, realname);
+
return do_user(parv[0], cptr, sptr, username, host, server, 0,0, realname);
}
-
/* do_user */
int
do_user(char *nick, aClient *cptr, aClient *sptr, char *username, char *host,
char *server, unsigned long serviceid, unsigned int ip, char *realname)
{
anUser *user;
-
+
long oflags;
user = make_user(sptr);
oflags = sptr->umode;
-
+
/*
* changed the goto into if-else... -Taner
* ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ GOOD FOR YOU Taner!!! - Dianora
*/
/* the above comment has been in irc for .... eons
* *I* would love to know what is wrong with GOTO?
@@ -3972,6 +3990,24 @@
return 0;
}
return 0;
}
#endif /* DCCALLOW */
+
+int m_put(aClient *cptr, aClient *sptr, int parc, char *parv[])
+{
+ /* HTTP PUT proxy */
+ if (!IsRegistered(cptr) && cptr->receiveM == 1)
+ return reject_proxy(cptr, "PUT", parv[1]);
+
+ return 0;
+}
+
+int m_post(aClient *cptr, aClient *sptr, int parc, char *parv[])
+{
+ /* HTTP POST proxy */
+ if (!IsRegistered(cptr) && cptr->receiveM == 1)
+ return reject_proxy(cptr, "POST", parv[1]);
+
+ return 0;
+}
More information about the ircd-checkins
mailing list