Add a Flash Policy Daemon module

2025-03-10 02:59:01 -04:00 · 2013-12-10 05:51:30 -08:00 · 2013-12-10 05:51:30 -08:00 · 96d96c48bf
commit 96d96c48bf
parent 140e34e44b
2 changed files with 166 additions and 0 deletions
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@ -735,6 +735,14 @@
 #                                                                     #
 #<include file="examples/filter.conf.example">

+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Flash Policy Daemon module: Allows Flash IRC clients (e.g. LightIRC)#
+# to connect. If no file is specified, it'll serve a default policy   #
+# allowing all IPs to connect to all plaintext IRC ports              #
+#<bind address="" port="8430" type="flashpolicyd">                    #
+#<flashpolicyd timeout="5" file="">                                   #
+#<module name="m_flashpolicyd.so">                                    #
+
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Gecosban: Implements extended ban r:, which stops anyone matching
 # a mask like +b r:*realname?here* from joining a channel.
--- a/src/modules/m_flashpolicyd.cpp
+++ b/src/modules/m_flashpolicyd.cpp
@ -0,0 +1,158 @@
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
+ *
+ *   Copyright (C) 2013 Daniel Vassdal <shutter@canternet.org>
+ *
+ * This file is part of InspIRCd.  InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "inspircd.h"
+
+class FlashPDSocket;
+
+namespace
+{
+	std::set<FlashPDSocket*> sockets;
+	std::string policy_reply;
+	const std::string expected_request("<policy-file-request/>\0", 23);
+}
+
+class FlashPDSocket : public BufferedSocket
+{
+ public:
+	time_t created;
+
+	FlashPDSocket(int newfd)
+		: BufferedSocket(newfd)
+		, created(ServerInstance->Time())
+	{
+	}
+
+	~FlashPDSocket()
+	{
+		sockets.erase(this);
+	}
+
+	void OnError(BufferedSocketError) CXX11_OVERRIDE
+	{
+		AddToCull();
+	}
+
+	void OnDataReady() CXX11_OVERRIDE
+	{
+		if (recvq == expected_request)
+			WriteData(policy_reply);
+		AddToCull();
+	}
+
+	void AddToCull()
+	{
+		if (created == 0)
+			return;
+
+		created = 0;
+		Close();
+		ServerInstance->GlobalCulls.AddItem(this);
+	}
+};
+
+class ModuleFlashPD : public Module
+{
+	time_t timeout;
+
+ public:
+	void OnBackgroundTimer(time_t curtime) CXX11_OVERRIDE
+	{
+		for (std::set<FlashPDSocket*>::const_iterator i = sockets.begin(); i != sockets.end(); ++i)
+		{
+			FlashPDSocket* sock = *i;
+			if ((sock->created + timeout <= curtime) && (sock->created != 0))
+				sock->AddToCull();
+		}
+	}
+
+	ModResult OnAcceptConnection(int nfd, ListenSocket* from, irc::sockets::sockaddrs* client, irc::sockets::sockaddrs* server) CXX11_OVERRIDE
+	{
+		if (from->bind_tag->getString("type") != "flashpolicyd")
+			return MOD_RES_PASSTHRU;
+
+		if (policy_reply.empty())
+			return MOD_RES_DENY;
+
+		sockets.insert(new FlashPDSocket(nfd));
+		return MOD_RES_ALLOW;
+	}
+
+	void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
+	{
+		ConfigTag* tag = ServerInstance->Config->ConfValue("flashpolicyd");
+		timeout = tag->getInt("timeout", 5, 1);
+		std::string file = tag->getString("file");
+
+		if (!file.empty())
+		{
+			try
+			{
+				FileReader reader(file);
+				policy_reply = reader.GetString();
+			}
+			catch (CoreException&)
+			{
+				const std::string error_message = "A file was specified for FlashPD, but it could not be loaded.";
+				ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, error_message);
+				ServerInstance->SNO->WriteGlobalSno('a', error_message);
+				policy_reply.clear();
+			}
+			return;
+		}
+
+		// A file was not specified. Set the default setting.
+		// We allow access to all client ports by default
+		std::string to_ports;
+		for (std::vector<ListenSocket*>::const_iterator i = ServerInstance->ports.begin(); i != ServerInstance->ports.end(); ++i)
+		{
+				ListenSocket* ls = *i;
+				if (ls->bind_tag->getString("type", "clients") != "clients" || ls->bind_tag->getString("ssl", "plaintext") != "plaintext")
+					continue;
+
+				to_ports.append(ConvToStr(ls->bind_port)).push_back(',');
+		}
+		to_ports.erase(to_ports.size() - 1);
+
+		policy_reply =
+"<?xml version=\"1.0\"?>\
+<!DOCTYPE cross-domain-policy SYSTEM \"/xml/dtds/cross-domain-policy.dtd\">\
+<cross-domain-policy>\
+<site-control permitted-cross-domain-policies=\"master-only\"/>\
+<allow-access-from domain=\"*\" to-ports=\"" + to_ports + "\" />\
+</cross-domain-policy>";
+	}
+
+	CullResult cull()
+	{
+		for (std::set<FlashPDSocket*>::const_iterator i = sockets.begin(); i != sockets.end(); ++i)
+		{
+			FlashPDSocket* sock = *i;
+			sock->AddToCull();
+		}
+		return Module::cull();
+	}
+
+	Version GetVersion() CXX11_OVERRIDE
+	{
+		return Version("Flash Policy Daemon. Allows Flash IRC clients to connect", VF_VENDOR);
+	}
+};
+
+MODULE_INIT(ModuleFlashPD)