1175ff837d
This change modifies extb_channel to allow matching users in secret channels, which prevents trivial ban evasion by setting the target channel +s. Information leak due to this change is unlikely since the attacker would have to know that the target channel exists, the name of the channel (or guess it), have a specific user they wanted to know whether was in the channel (and not know already), and the target user would need to have something like autojoin-on-invite enabled (or any of the other various ways hostname cloaking is attacked).
51 lines
1.1 KiB
C
51 lines
1.1 KiB
C
/*
|
|
* Channel extban type: matches users who are in a certain channel
|
|
* -- jilles
|
|
*/
|
|
|
|
#include "stdinc.h"
|
|
#include "modules.h"
|
|
#include "client.h"
|
|
#include "channel.h"
|
|
#include "hash.h"
|
|
#include "ircd.h"
|
|
|
|
static const char extb_desc[] = "Channel ($c) extban type";
|
|
|
|
static int _modinit(void);
|
|
static void _moddeinit(void);
|
|
static int eb_channel(const char *data, struct Client *client_p, struct Channel *chptr, long mode_type);
|
|
|
|
DECLARE_MODULE_AV2(extb_channel, _modinit, _moddeinit, NULL, NULL, NULL, NULL, NULL, extb_desc);
|
|
|
|
static int
|
|
_modinit(void)
|
|
{
|
|
extban_table['c'] = eb_channel;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void
|
|
_moddeinit(void)
|
|
{
|
|
extban_table['c'] = NULL;
|
|
}
|
|
|
|
static int eb_channel(const char *data, struct Client *client_p,
|
|
struct Channel *chptr, long mode_type)
|
|
{
|
|
struct Channel *chptr2;
|
|
|
|
(void)chptr;
|
|
(void)mode_type;
|
|
if (data == NULL)
|
|
return EXTBAN_INVALID;
|
|
chptr2 = find_channel(data);
|
|
if (chptr2 == NULL)
|
|
return EXTBAN_INVALID;
|
|
/* require consistent target */
|
|
if (chptr->chname[0] == '#' && data[0] == '&')
|
|
return EXTBAN_INVALID;
|
|
return IsMember(client_p, chptr2) ? EXTBAN_MATCH : EXTBAN_NOMATCH;
|
|
}
|