]>
Commit | Line | Data |
---|---|---|
5ada3782 | 1 | #include <stdlib.h> |
2129448c | 2 | #include <string.h> |
9097ab05 | 3 | #include <stdio.h> |
5ada3782 CP |
4 | |
5 | #include "../lib/sstring.h" | |
2129448c | 6 | #include "../core/hooks.h" |
45989eab | 7 | #include "../core/nsmalloc.h" |
4ea9375d | 8 | #include "../lib/irc_string.h" |
5ada3782 CP |
9 | #include "trusts.h" |
10 | ||
11 | trustgroup *tglist; | |
12 | ||
4be1aaf2 CP |
13 | void th_dbupdatecounts(trusthost *); |
14 | void tg_dbupdatecounts(trustgroup *); | |
15 | ||
5ada3782 CP |
16 | void trusts_freeall(void) { |
17 | trustgroup *tg, *ntg; | |
18 | trusthost *th, *nth; | |
19 | ||
20 | for(tg=tglist;tg;tg=ntg) { | |
21 | ntg = tg->next; | |
22 | for(th=tg->hosts;th;th=nth) { | |
23 | nth = th->next; | |
24 | ||
25 | th_free(th); | |
26 | } | |
27 | ||
28 | tg_free(tg); | |
29 | } | |
30 | ||
31 | tglist = NULL; | |
32 | } | |
33 | ||
34 | trustgroup *tg_getbyid(unsigned int id) { | |
35 | trustgroup *tg; | |
36 | ||
37 | for(tg=tglist;tg;tg=tg->next) | |
38 | if(tg->id == id) | |
39 | return tg; | |
40 | ||
41 | return NULL; | |
42 | } | |
43 | ||
44 | void th_free(trusthost *th) { | |
45989eab | 45 | nsfree(POOL_TRUSTS, th); |
5ada3782 CP |
46 | } |
47 | ||
d2c08930 | 48 | trusthost *th_add(trustgroup *tg, unsigned int id, char *host, unsigned int maxusage, time_t lastseen) { |
65f34016 CP |
49 | u_int32_t ip, mask; |
50 | trusthost *th; | |
51 | ||
52 | if(!trusts_str2cidr(host, &ip, &mask)) | |
d2c08930 | 53 | return NULL; |
5ada3782 | 54 | |
45989eab | 55 | th = nsmalloc(POOL_TRUSTS, sizeof(trusthost)); |
65f34016 | 56 | if(!th) |
d2c08930 | 57 | return NULL; |
65f34016 | 58 | |
9bf9e8a1 | 59 | th->id = id; |
4be1aaf2 | 60 | th->maxusage = maxusage; |
5ada3782 | 61 | th->lastseen = lastseen; |
65f34016 CP |
62 | th->ip = ip; |
63 | th->mask = mask; | |
5ada3782 | 64 | |
1bbe1ac3 CP |
65 | th->users = NULL; |
66 | th->group = tg; | |
67 | th->count = 0; | |
68 | ||
5ada3782 CP |
69 | th->next = tg->hosts; |
70 | tg->hosts = th; | |
71 | ||
d2c08930 | 72 | return th; |
5ada3782 CP |
73 | } |
74 | ||
75 | void tg_free(trustgroup *tg) { | |
2129448c CP |
76 | triggerhook(HOOK_TRUSTS_LOSTGROUP, tg); |
77 | ||
5ada3782 CP |
78 | freesstring(tg->name); |
79 | freesstring(tg->createdby); | |
80 | freesstring(tg->contact); | |
81 | freesstring(tg->comment); | |
45989eab | 82 | nsfree(POOL_TRUSTS, tg); |
5ada3782 CP |
83 | } |
84 | ||
d2c08930 | 85 | trustgroup *tg_add(unsigned int id, char *name, unsigned int trustedfor, int mode, unsigned int maxperident, unsigned int maxusage, time_t expires, time_t lastseen, time_t lastmaxuserreset, char *createdby, char *contact, char *comment) { |
45989eab | 86 | trustgroup *tg = nsmalloc(POOL_TRUSTS, sizeof(trustgroup)); |
5ada3782 | 87 | if(!tg) |
d2c08930 | 88 | return NULL; |
5ada3782 CP |
89 | |
90 | tg->name = getsstring(name, TRUSTNAMELEN); | |
91 | tg->createdby = getsstring(createdby, NICKLEN); | |
92 | tg->contact = getsstring(contact, CONTACTLEN); | |
93 | tg->comment = getsstring(comment, COMMENTLEN); | |
94 | if(!tg->name || !tg->createdby || !tg->contact || !tg->comment) { | |
95 | tg_free(tg); | |
d2c08930 | 96 | return NULL; |
5ada3782 CP |
97 | } |
98 | ||
99 | tg->id = id; | |
100 | tg->trustedfor = trustedfor; | |
101 | tg->mode = mode; | |
102 | tg->maxperident = maxperident; | |
4be1aaf2 | 103 | tg->maxusage = maxusage; |
5ada3782 CP |
104 | tg->expires = expires; |
105 | tg->lastseen = lastseen; | |
106 | tg->lastmaxuserreset = lastmaxuserreset; | |
65f34016 | 107 | tg->hosts = NULL; |
5ada3782 | 108 | |
1bbe1ac3 CP |
109 | tg->count = 0; |
110 | ||
2129448c CP |
111 | memset(tg->exts, 0, sizeof(tg->exts)); |
112 | ||
5ada3782 CP |
113 | tg->next = tglist; |
114 | tglist = tg; | |
115 | ||
2129448c CP |
116 | triggerhook(HOOK_TRUSTS_NEWGROUP, tg); |
117 | ||
d2c08930 | 118 | return tg; |
5ada3782 | 119 | } |
1bbe1ac3 | 120 | |
d2c08930 | 121 | trusthost *th_getbyhost(uint32_t ip) { |
1bbe1ac3 | 122 | trustgroup *tg; |
fdcbe91d CP |
123 | trusthost *th, *result = NULL; |
124 | uint32_t mask; | |
1bbe1ac3 | 125 | |
fdcbe91d CP |
126 | for(tg=tglist;tg;tg=tg->next) { |
127 | for(th=tg->hosts;th;th=th->next) { | |
d2c08930 | 128 | if((ip & th->mask) == th->ip) { |
fdcbe91d CP |
129 | if(!result || (th->mask > mask)) { |
130 | mask = th->mask; | |
131 | result = th; | |
132 | } | |
133 | } | |
134 | } | |
135 | } | |
1bbe1ac3 | 136 | |
fdcbe91d | 137 | return result; |
1bbe1ac3 | 138 | } |
4be1aaf2 | 139 | |
9097ab05 | 140 | trusthost *th_getbyhostandmask(uint32_t ip, uint32_t mask) { |
d2c08930 CP |
141 | trustgroup *tg; |
142 | trusthost *th; | |
143 | ||
144 | for(tg=tglist;tg;tg=tg->next) | |
145 | for(th=tg->hosts;th;th=th->next) | |
9097ab05 | 146 | if((th->ip == ip) && (th->mask == mask)) |
d2c08930 CP |
147 | return th; |
148 | ||
149 | return NULL; | |
150 | } | |
151 | ||
9097ab05 CP |
152 | /* returns the ip with the smallest prefix that is still a superset of the given host */ |
153 | trusthost *th_getsmallestsupersetbyhost(uint32_t ip, uint32_t mask) { | |
154 | trustgroup *tg; | |
155 | trusthost *th, *result = NULL; | |
156 | uint32_t smask; | |
157 | ||
158 | for(tg=tglist;tg;tg=tg->next) { | |
159 | for(th=tg->hosts;th;th=th->next) { | |
160 | if(th->ip == (ip & th->mask)) { | |
161 | if((th->mask < mask) && (!result || (th->mask > smask))) { | |
162 | smask = th->mask; | |
163 | result = th; | |
164 | } | |
165 | } | |
166 | } | |
167 | } | |
168 | ||
169 | return result; | |
170 | } | |
171 | ||
172 | /* returns the first ip that is a subset it comes across */ | |
173 | trusthost *th_getsubsetbyhost(uint32_t ip, uint32_t mask) { | |
174 | trustgroup *tg; | |
175 | trusthost *th; | |
176 | ||
177 | for(tg=tglist;tg;tg=tg->next) | |
178 | for(th=tg->hosts;th;th=th->next) | |
179 | if((th->ip & mask) == ip) | |
180 | if(th->mask > mask) | |
181 | return th; | |
182 | ||
183 | return NULL; | |
184 | } | |
185 | ||
186 | void th_getsuperandsubsets(uint32_t ip, uint32_t mask, trusthost **superset, trusthost **subset) { | |
187 | *superset = th_getsmallestsupersetbyhost(ip, mask); | |
188 | *subset = th_getsubsetbyhost(ip, mask); | |
189 | } | |
190 | ||
4be1aaf2 CP |
191 | void trusts_flush(void) { |
192 | trustgroup *tg; | |
193 | trusthost *th; | |
194 | time_t t = time(NULL); | |
195 | ||
196 | for(tg=tglist;tg;tg=tg->next) { | |
197 | if(tg->count > 0) | |
198 | tg->lastseen = t; | |
199 | ||
200 | tg_dbupdatecounts(tg); | |
201 | ||
202 | for(th=tg->hosts;th;th=th->next) { | |
203 | if(th->count > 0) | |
204 | th->lastseen = t; | |
205 | ||
206 | th_dbupdatecounts(th); | |
207 | } | |
208 | } | |
209 | } | |
4ea9375d CP |
210 | |
211 | trustgroup *tg_strtotg(char *name) { | |
212 | unsigned long id; | |
213 | trustgroup *tg; | |
214 | ||
215 | /* legacy format */ | |
216 | if(name[0] == '#') { | |
217 | id = strtoul(&name[1], NULL, 10); | |
17e84978 | 218 | if(!id) |
4ea9375d CP |
219 | return NULL; |
220 | ||
221 | for(tg=tglist;tg;tg=tg->next) | |
222 | if(tg->id == id) | |
223 | return tg; | |
224 | } | |
225 | ||
226 | for(tg=tglist;tg;tg=tg->next) | |
227 | if(!match(name, tg->name->content)) | |
228 | return tg; | |
229 | ||
230 | id = strtoul(name, NULL, 10); | |
17e84978 | 231 | if(!id) |
4ea9375d CP |
232 | return NULL; |
233 | ||
234 | /* legacy format */ | |
235 | for(tg=tglist;tg;tg=tg->next) | |
236 | if(tg->id == id) | |
237 | return tg; | |
238 | ||
239 | return NULL; | |
240 | } | |
9097ab05 CP |
241 | |
242 | void th_adjusthosts(trusthost *th, trusthost *superset, trusthost *subset) { | |
243 | /* | |
244 | * First and foremost, CIDR doesn't allow hosts to cross boundaries, i.e. everything with a smaller prefix | |
245 | * is entirely contained with the prefix that is one smaller. | |
246 | * e.g. 0.0.0.0/23, 0.0.0.128/23, you can't have a single prefix for 0.0.0.64-0.0.0.192, instead | |
247 | * you have two, 0.0.0.64/26 and 0.0.0.128/26. | |
248 | * | |
249 | * This makes the code MUCH easier as the entire thing is one huge set/tree. | |
250 | * | |
251 | * Four cases here: | |
252 | * 1: host isn't covered by any existing hosts. | |
253 | * 2: host is covered by a less specific one only, e.g. adding 0.0.0.1/32, while 0.0.0.0/24 already exists. | |
254 | * 3: host is covered by a more specific one only, e.g. adding 0.0.0.0/24 while 0.0.0.1/32 already exists | |
255 | * (note there might be more than one more specific host, e.g. 0.0.0.1/32 and 0.0.0.2/32). | |
256 | * 4: covered by more and less specific cases, e.g. adding 0.0.0.0/24 to: { 0.0.0.1/32, 0.0.0.2/32, 0.0.0.0/16 }. | |
257 | * | |
258 | * CASE 1 | |
259 | * ------ | |
260 | * | |
261 | * !superset && !subset | |
262 | * | |
263 | * Scan through the host hash and add any clients which match our host, this is exactly the same as case 3 | |
264 | * but without needing to check (though checking doesn't hurt), so we'll just use the code for that. | |
265 | * | |
266 | * CASE 2 | |
267 | * ------ | |
268 | * | |
269 | * superset && !subset | |
270 | * | |
271 | * We have the less specific host in 'superset', we know it is the only one so pull out clients in it's | |
272 | * ->users list matching our new host. | |
273 | * No need to look for extra hosts in the main nick hash as they're all covered already. | |
274 | * | |
275 | * CASE 3 | |
276 | * ------ | |
277 | * | |
278 | * !superset && subset | |
279 | * | |
280 | * We have one host in 'subset', but there might be more than one, we don't care though! | |
281 | * We can scan the entire host hash and pull out any hosts that match us and don't have | |
282 | * a trust group already, this ignores any with a more specific prefix. | |
283 | * | |
284 | * CASE 4 | |
285 | * ------ | |
286 | * | |
287 | * superset && subset | |
288 | * | |
289 | * Here we first fix up the ones less specific then us, so we just perform what we did for case 2, | |
290 | * then we perform what we did for case 3. | |
291 | * | |
292 | * So in summary: | |
293 | * CASE 1: DO 3 | |
294 | * CASE 2: (work) | |
295 | * CASE 3: (work) | |
296 | * CASE 4: DO 2; DO 3 | |
297 | * Or: | |
298 | * if(2 || 4) : DO 2 | |
299 | * if(1 || 3 || 4): DO 3 | |
300 | */ | |
301 | ||
302 | /* we let the compiler do the boolean minimisation for clarity reasons */ | |
303 | ||
304 | if((superset && !subset) || (superset && subset)) { /* cases 2 and 4 */ | |
305 | nick *np, *nnp; | |
306 | for(np=superset->users;np;np=nnp) { | |
307 | nnp = nextbytrust(np); | |
308 | if((irc_in_addr_v4_to_int(&np->p_ipaddr) & th->mask) == th->ip) { | |
309 | trusts_lostnick(np, 1); | |
310 | trusts_newnick(np, 1); | |
311 | } | |
312 | } | |
313 | } | |
314 | ||
315 | if((!superset && !subset) || (!superset && subset) || (superset && subset)) { /* cases 1, 3 and 4 */ | |
316 | nick *np; | |
317 | int i; | |
318 | ||
319 | for(i=0;i<NICKHASHSIZE;i++) | |
320 | for(np=nicktable[i];np;np=np->next) | |
321 | if(!gettrusthost(np) && ((irc_in_addr_v4_to_int(&np->p_ipaddr) & th->mask) == th->ip)) | |
322 | trusts_newnick(np, 1); | |
323 | } | |
324 | } |