]>
Commit | Line | Data |
---|---|---|
5ada3782 | 1 | #include <stdlib.h> |
2129448c | 2 | #include <string.h> |
9097ab05 | 3 | #include <stdio.h> |
5ada3782 CP |
4 | |
5 | #include "../lib/sstring.h" | |
2129448c | 6 | #include "../core/hooks.h" |
45989eab | 7 | #include "../core/nsmalloc.h" |
4ea9375d | 8 | #include "../lib/irc_string.h" |
5ada3782 CP |
9 | #include "trusts.h" |
10 | ||
11 | trustgroup *tglist; | |
12 | ||
4be1aaf2 CP |
13 | void th_dbupdatecounts(trusthost *); |
14 | void tg_dbupdatecounts(trustgroup *); | |
15 | ||
b76fd8e6 CP |
16 | static trusthost *th_getnextchildbyhost(trusthost *, trusthost *); |
17 | ||
5ada3782 CP |
18 | void trusts_freeall(void) { |
19 | trustgroup *tg, *ntg; | |
20 | trusthost *th, *nth; | |
21 | ||
22 | for(tg=tglist;tg;tg=ntg) { | |
23 | ntg = tg->next; | |
24 | for(th=tg->hosts;th;th=nth) { | |
25 | nth = th->next; | |
26 | ||
27 | th_free(th); | |
28 | } | |
29 | ||
30 | tg_free(tg); | |
31 | } | |
32 | ||
33 | tglist = NULL; | |
34 | } | |
35 | ||
36 | trustgroup *tg_getbyid(unsigned int id) { | |
37 | trustgroup *tg; | |
38 | ||
39 | for(tg=tglist;tg;tg=tg->next) | |
40 | if(tg->id == id) | |
41 | return tg; | |
42 | ||
43 | return NULL; | |
44 | } | |
45 | ||
46 | void th_free(trusthost *th) { | |
45989eab | 47 | nsfree(POOL_TRUSTS, th); |
5ada3782 CP |
48 | } |
49 | ||
b76fd8e6 CP |
50 | static void th_updatechildren(trusthost *th) { |
51 | trusthost *nth = NULL; | |
52 | ||
53 | th->children = NULL; | |
54 | ||
55 | for(;;) { | |
56 | nth = th_getnextchildbyhost(th, nth); | |
57 | if(!nth) | |
58 | break; | |
59 | ||
60 | nth->nextbychild = th->children; | |
61 | th->children = nth; | |
62 | } | |
63 | } | |
64 | ||
65 | void th_linktree(void) { | |
66 | trustgroup *tg; | |
67 | trusthost *th; | |
68 | ||
69 | /* ugh */ | |
70 | for(tg=tglist;tg;tg=tg->next) | |
71 | for(th=tg->hosts;th;th=th->next) | |
72 | th->parent = th_getsmallestsupersetbyhost(th->ip, th->mask); | |
73 | ||
74 | for(tg=tglist;tg;tg=tg->next) | |
75 | for(th=tg->hosts;th;th=th->next) | |
76 | if(th->parent) | |
77 | th_updatechildren(th->parent); | |
78 | } | |
79 | ||
d2c08930 | 80 | trusthost *th_add(trustgroup *tg, unsigned int id, char *host, unsigned int maxusage, time_t lastseen) { |
b76fd8e6 | 81 | uint32_t ip, mask; |
65f34016 CP |
82 | trusthost *th; |
83 | ||
84 | if(!trusts_str2cidr(host, &ip, &mask)) | |
d2c08930 | 85 | return NULL; |
5ada3782 | 86 | |
45989eab | 87 | th = nsmalloc(POOL_TRUSTS, sizeof(trusthost)); |
65f34016 | 88 | if(!th) |
d2c08930 | 89 | return NULL; |
65f34016 | 90 | |
9bf9e8a1 | 91 | th->id = id; |
4be1aaf2 | 92 | th->maxusage = maxusage; |
5ada3782 | 93 | th->lastseen = lastseen; |
65f34016 CP |
94 | th->ip = ip; |
95 | th->mask = mask; | |
5ada3782 | 96 | |
1bbe1ac3 CP |
97 | th->users = NULL; |
98 | th->group = tg; | |
99 | th->count = 0; | |
100 | ||
b76fd8e6 CP |
101 | th->parent = NULL; |
102 | th->children = NULL; | |
103 | ||
6ebeb438 CP |
104 | th->marker = 0; |
105 | ||
5ada3782 CP |
106 | th->next = tg->hosts; |
107 | tg->hosts = th; | |
108 | ||
d2c08930 | 109 | return th; |
5ada3782 CP |
110 | } |
111 | ||
112 | void tg_free(trustgroup *tg) { | |
2129448c CP |
113 | triggerhook(HOOK_TRUSTS_LOSTGROUP, tg); |
114 | ||
5ada3782 CP |
115 | freesstring(tg->name); |
116 | freesstring(tg->createdby); | |
117 | freesstring(tg->contact); | |
118 | freesstring(tg->comment); | |
45989eab | 119 | nsfree(POOL_TRUSTS, tg); |
5ada3782 CP |
120 | } |
121 | ||
d2c08930 | 122 | trustgroup *tg_add(unsigned int id, char *name, unsigned int trustedfor, int mode, unsigned int maxperident, unsigned int maxusage, time_t expires, time_t lastseen, time_t lastmaxuserreset, char *createdby, char *contact, char *comment) { |
45989eab | 123 | trustgroup *tg = nsmalloc(POOL_TRUSTS, sizeof(trustgroup)); |
5ada3782 | 124 | if(!tg) |
d2c08930 | 125 | return NULL; |
5ada3782 CP |
126 | |
127 | tg->name = getsstring(name, TRUSTNAMELEN); | |
128 | tg->createdby = getsstring(createdby, NICKLEN); | |
129 | tg->contact = getsstring(contact, CONTACTLEN); | |
130 | tg->comment = getsstring(comment, COMMENTLEN); | |
131 | if(!tg->name || !tg->createdby || !tg->contact || !tg->comment) { | |
132 | tg_free(tg); | |
d2c08930 | 133 | return NULL; |
5ada3782 CP |
134 | } |
135 | ||
136 | tg->id = id; | |
137 | tg->trustedfor = trustedfor; | |
138 | tg->mode = mode; | |
139 | tg->maxperident = maxperident; | |
4be1aaf2 | 140 | tg->maxusage = maxusage; |
5ada3782 CP |
141 | tg->expires = expires; |
142 | tg->lastseen = lastseen; | |
143 | tg->lastmaxuserreset = lastmaxuserreset; | |
65f34016 | 144 | tg->hosts = NULL; |
5ada3782 | 145 | |
6ebeb438 CP |
146 | tg->marker = 0; |
147 | ||
1bbe1ac3 CP |
148 | tg->count = 0; |
149 | ||
2129448c CP |
150 | memset(tg->exts, 0, sizeof(tg->exts)); |
151 | ||
5ada3782 CP |
152 | tg->next = tglist; |
153 | tglist = tg; | |
154 | ||
2129448c CP |
155 | triggerhook(HOOK_TRUSTS_NEWGROUP, tg); |
156 | ||
d2c08930 | 157 | return tg; |
5ada3782 | 158 | } |
1bbe1ac3 | 159 | |
d2c08930 | 160 | trusthost *th_getbyhost(uint32_t ip) { |
1bbe1ac3 | 161 | trustgroup *tg; |
fdcbe91d CP |
162 | trusthost *th, *result = NULL; |
163 | uint32_t mask; | |
1bbe1ac3 | 164 | |
fdcbe91d CP |
165 | for(tg=tglist;tg;tg=tg->next) { |
166 | for(th=tg->hosts;th;th=th->next) { | |
d2c08930 | 167 | if((ip & th->mask) == th->ip) { |
fdcbe91d CP |
168 | if(!result || (th->mask > mask)) { |
169 | mask = th->mask; | |
170 | result = th; | |
171 | } | |
172 | } | |
173 | } | |
174 | } | |
1bbe1ac3 | 175 | |
fdcbe91d | 176 | return result; |
1bbe1ac3 | 177 | } |
4be1aaf2 | 178 | |
9097ab05 | 179 | trusthost *th_getbyhostandmask(uint32_t ip, uint32_t mask) { |
d2c08930 CP |
180 | trustgroup *tg; |
181 | trusthost *th; | |
182 | ||
183 | for(tg=tglist;tg;tg=tg->next) | |
184 | for(th=tg->hosts;th;th=th->next) | |
9097ab05 | 185 | if((th->ip == ip) && (th->mask == mask)) |
d2c08930 CP |
186 | return th; |
187 | ||
188 | return NULL; | |
189 | } | |
190 | ||
9097ab05 CP |
191 | /* returns the ip with the smallest prefix that is still a superset of the given host */ |
192 | trusthost *th_getsmallestsupersetbyhost(uint32_t ip, uint32_t mask) { | |
193 | trustgroup *tg; | |
194 | trusthost *th, *result = NULL; | |
195 | uint32_t smask; | |
196 | ||
197 | for(tg=tglist;tg;tg=tg->next) { | |
198 | for(th=tg->hosts;th;th=th->next) { | |
199 | if(th->ip == (ip & th->mask)) { | |
200 | if((th->mask < mask) && (!result || (th->mask > smask))) { | |
201 | smask = th->mask; | |
202 | result = th; | |
203 | } | |
204 | } | |
205 | } | |
206 | } | |
207 | ||
208 | return result; | |
209 | } | |
210 | ||
211 | /* returns the first ip that is a subset it comes across */ | |
212 | trusthost *th_getsubsetbyhost(uint32_t ip, uint32_t mask) { | |
213 | trustgroup *tg; | |
214 | trusthost *th; | |
215 | ||
216 | for(tg=tglist;tg;tg=tg->next) | |
217 | for(th=tg->hosts;th;th=th->next) | |
218 | if((th->ip & mask) == ip) | |
219 | if(th->mask > mask) | |
220 | return th; | |
221 | ||
222 | return NULL; | |
223 | } | |
224 | ||
b76fd8e6 CP |
225 | /* NOT reentrant obviously */ |
226 | static trusthost *th_getnextchildbyhost(trusthost *orig, trusthost *th) { | |
227 | if(!th) { | |
228 | trustgroup *tg; | |
229 | ||
230 | tg = tglist; | |
231 | for(tg=tglist;tg;tg=tg->next) { | |
232 | th = tg->hosts; | |
233 | if(th) | |
234 | break; | |
235 | } | |
236 | ||
237 | /* INVARIANT: tg => th */ | |
238 | if(!tg) | |
239 | return NULL; | |
240 | ||
241 | if(th->parent == orig) | |
242 | return th; | |
243 | } | |
244 | ||
245 | for(;;) { | |
246 | if(th->next) { | |
247 | th = th->next; | |
248 | } else { | |
249 | if(!th->group->next) | |
250 | return NULL; | |
251 | th = th->group->next->hosts; | |
252 | } | |
253 | ||
254 | if(th->parent == orig) | |
255 | return th; | |
256 | } | |
257 | } | |
258 | ||
9097ab05 CP |
259 | void th_getsuperandsubsets(uint32_t ip, uint32_t mask, trusthost **superset, trusthost **subset) { |
260 | *superset = th_getsmallestsupersetbyhost(ip, mask); | |
261 | *subset = th_getsubsetbyhost(ip, mask); | |
262 | } | |
263 | ||
4be1aaf2 CP |
264 | void trusts_flush(void) { |
265 | trustgroup *tg; | |
266 | trusthost *th; | |
267 | time_t t = time(NULL); | |
268 | ||
269 | for(tg=tglist;tg;tg=tg->next) { | |
270 | if(tg->count > 0) | |
271 | tg->lastseen = t; | |
272 | ||
273 | tg_dbupdatecounts(tg); | |
274 | ||
275 | for(th=tg->hosts;th;th=th->next) { | |
276 | if(th->count > 0) | |
277 | th->lastseen = t; | |
278 | ||
279 | th_dbupdatecounts(th); | |
280 | } | |
281 | } | |
282 | } | |
4ea9375d CP |
283 | |
284 | trustgroup *tg_strtotg(char *name) { | |
285 | unsigned long id; | |
286 | trustgroup *tg; | |
287 | ||
288 | /* legacy format */ | |
289 | if(name[0] == '#') { | |
290 | id = strtoul(&name[1], NULL, 10); | |
17e84978 | 291 | if(!id) |
4ea9375d CP |
292 | return NULL; |
293 | ||
294 | for(tg=tglist;tg;tg=tg->next) | |
295 | if(tg->id == id) | |
296 | return tg; | |
297 | } | |
298 | ||
299 | for(tg=tglist;tg;tg=tg->next) | |
300 | if(!match(name, tg->name->content)) | |
301 | return tg; | |
302 | ||
303 | id = strtoul(name, NULL, 10); | |
17e84978 | 304 | if(!id) |
4ea9375d CP |
305 | return NULL; |
306 | ||
307 | /* legacy format */ | |
308 | for(tg=tglist;tg;tg=tg->next) | |
309 | if(tg->id == id) | |
310 | return tg; | |
311 | ||
312 | return NULL; | |
313 | } | |
9097ab05 CP |
314 | |
315 | void th_adjusthosts(trusthost *th, trusthost *superset, trusthost *subset) { | |
316 | /* | |
317 | * First and foremost, CIDR doesn't allow hosts to cross boundaries, i.e. everything with a smaller prefix | |
318 | * is entirely contained with the prefix that is one smaller. | |
319 | * e.g. 0.0.0.0/23, 0.0.0.128/23, you can't have a single prefix for 0.0.0.64-0.0.0.192, instead | |
320 | * you have two, 0.0.0.64/26 and 0.0.0.128/26. | |
321 | * | |
322 | * This makes the code MUCH easier as the entire thing is one huge set/tree. | |
323 | * | |
324 | * Four cases here: | |
325 | * 1: host isn't covered by any existing hosts. | |
326 | * 2: host is covered by a less specific one only, e.g. adding 0.0.0.1/32, while 0.0.0.0/24 already exists. | |
327 | * 3: host is covered by a more specific one only, e.g. adding 0.0.0.0/24 while 0.0.0.1/32 already exists | |
328 | * (note there might be more than one more specific host, e.g. 0.0.0.1/32 and 0.0.0.2/32). | |
329 | * 4: covered by more and less specific cases, e.g. adding 0.0.0.0/24 to: { 0.0.0.1/32, 0.0.0.2/32, 0.0.0.0/16 }. | |
330 | * | |
331 | * CASE 1 | |
332 | * ------ | |
333 | * | |
334 | * !superset && !subset | |
335 | * | |
336 | * Scan through the host hash and add any clients which match our host, this is exactly the same as case 3 | |
337 | * but without needing to check (though checking doesn't hurt), so we'll just use the code for that. | |
338 | * | |
339 | * CASE 2 | |
340 | * ------ | |
341 | * | |
342 | * superset && !subset | |
343 | * | |
344 | * We have the less specific host in 'superset', we know it is the only one so pull out clients in it's | |
345 | * ->users list matching our new host. | |
346 | * No need to look for extra hosts in the main nick hash as they're all covered already. | |
347 | * | |
348 | * CASE 3 | |
349 | * ------ | |
350 | * | |
351 | * !superset && subset | |
352 | * | |
353 | * We have one host in 'subset', but there might be more than one, we don't care though! | |
354 | * We can scan the entire host hash and pull out any hosts that match us and don't have | |
355 | * a trust group already, this ignores any with a more specific prefix. | |
356 | * | |
357 | * CASE 4 | |
358 | * ------ | |
359 | * | |
360 | * superset && subset | |
361 | * | |
362 | * Here we first fix up the ones less specific then us, so we just perform what we did for case 2, | |
363 | * then we perform what we did for case 3. | |
364 | * | |
365 | * So in summary: | |
366 | * CASE 1: DO 3 | |
367 | * CASE 2: (work) | |
368 | * CASE 3: (work) | |
369 | * CASE 4: DO 2; DO 3 | |
370 | * Or: | |
371 | * if(2 || 4) : DO 2 | |
372 | * if(1 || 3 || 4): DO 3 | |
373 | */ | |
374 | ||
375 | /* we let the compiler do the boolean minimisation for clarity reasons */ | |
376 | ||
377 | if((superset && !subset) || (superset && subset)) { /* cases 2 and 4 */ | |
378 | nick *np, *nnp; | |
379 | for(np=superset->users;np;np=nnp) { | |
380 | nnp = nextbytrust(np); | |
381 | if((irc_in_addr_v4_to_int(&np->p_ipaddr) & th->mask) == th->ip) { | |
382 | trusts_lostnick(np, 1); | |
383 | trusts_newnick(np, 1); | |
384 | } | |
385 | } | |
386 | } | |
387 | ||
388 | if((!superset && !subset) || (!superset && subset) || (superset && subset)) { /* cases 1, 3 and 4 */ | |
389 | nick *np; | |
390 | int i; | |
391 | ||
392 | for(i=0;i<NICKHASHSIZE;i++) | |
393 | for(np=nicktable[i];np;np=np->next) | |
394 | if(!gettrusthost(np) && ((irc_in_addr_v4_to_int(&np->p_ipaddr) & th->mask) == th->ip)) | |
395 | trusts_newnick(np, 1); | |
396 | } | |
397 | } | |
6ebeb438 CP |
398 | |
399 | unsigned int nexttgmarker(void) { | |
400 | static unsigned int tgmarker = 0; | |
401 | trustgroup *tg; | |
402 | ||
403 | tgmarker++; | |
404 | if(!tgmarker) { | |
405 | /* If we wrapped to zero, zap the marker on all groups */ | |
406 | for(tg=tglist;tg;tg=tg->next) | |
407 | tg->marker=0; | |
408 | ||
409 | tgmarker++; | |
410 | } | |
411 | ||
412 | return tgmarker; | |
413 | } | |
414 | ||
415 | unsigned int nextthmarker(void) { | |
416 | static unsigned int thmarker = 0; | |
417 | trustgroup *tg; | |
418 | trusthost *th; | |
419 | ||
420 | thmarker++; | |
421 | if(!thmarker) { | |
422 | /* If we wrapped to zero, zap the marker on all hosts */ | |
423 | for(tg=tglist;tg;tg=tg->next) | |
424 | for(th=tg->hosts;th;th=th->next) | |
425 | th->marker=0; | |
426 | ||
427 | thmarker++; | |
428 | } | |
429 | ||
430 | return thmarker; | |
431 | } |