]>
Commit | Line | Data |
---|---|---|
5ada3782 | 1 | #include <stdlib.h> |
2129448c | 2 | #include <string.h> |
2bf602e9 | 3 | #include <strings.h> |
9097ab05 | 4 | #include <stdio.h> |
5ada3782 CP |
5 | |
6 | #include "../lib/sstring.h" | |
2129448c | 7 | #include "../core/hooks.h" |
45989eab | 8 | #include "../core/nsmalloc.h" |
4ea9375d | 9 | #include "../lib/irc_string.h" |
acd5f58f | 10 | #include "../irc/irc.h" |
5ada3782 CP |
11 | #include "trusts.h" |
12 | ||
13 | trustgroup *tglist; | |
14 | ||
4be1aaf2 CP |
15 | void th_dbupdatecounts(trusthost *); |
16 | void tg_dbupdatecounts(trustgroup *); | |
17 | ||
34e3de85 GB |
18 | static trusthost *th_getnextchildbyhost(trusthost *, trusthost *); |
19 | ||
5ada3782 CP |
20 | void trusts_freeall(void) { |
21 | trustgroup *tg, *ntg; | |
22 | trusthost *th, *nth; | |
23 | ||
24 | for(tg=tglist;tg;tg=ntg) { | |
25 | ntg = tg->next; | |
26 | for(th=tg->hosts;th;th=nth) { | |
27 | nth = th->next; | |
28 | ||
29 | th_free(th); | |
30 | } | |
31 | ||
2ab0a1e7 | 32 | tg_free(tg, 1); |
5ada3782 CP |
33 | } |
34 | ||
35 | tglist = NULL; | |
36 | } | |
37 | ||
38 | trustgroup *tg_getbyid(unsigned int id) { | |
39 | trustgroup *tg; | |
40 | ||
41 | for(tg=tglist;tg;tg=tg->next) | |
42 | if(tg->id == id) | |
43 | return tg; | |
44 | ||
45 | return NULL; | |
46 | } | |
47 | ||
48 | void th_free(trusthost *th) { | |
2ab0a1e7 CP |
49 | triggerhook(HOOK_TRUSTS_LOSTHOST, th); |
50 | ||
45989eab | 51 | nsfree(POOL_TRUSTS, th); |
5ada3782 CP |
52 | } |
53 | ||
34e3de85 GB |
54 | static void th_updatechildren(trusthost *th) { |
55 | trusthost *nth = NULL; | |
56 | ||
57 | th->children = NULL; | |
58 | ||
59 | for(;;) { | |
60 | nth = th_getnextchildbyhost(th, nth); | |
61 | if(!nth) | |
62 | break; | |
63 | ||
64 | nth->nextbychild = th->children; | |
65 | th->children = nth; | |
66 | } | |
67 | } | |
68 | ||
69 | void th_linktree(void) { | |
70 | trustgroup *tg; | |
71 | trusthost *th; | |
72 | ||
73 | /* ugh */ | |
74 | for(tg=tglist;tg;tg=tg->next) | |
75 | for(th=tg->hosts;th;th=th->next) | |
6e6e98da | 76 | th->parent = th_getsmallestsupersetbyhost(&th->ip, th->bits); |
34e3de85 GB |
77 | |
78 | for(tg=tglist;tg;tg=tg->next) | |
79 | for(th=tg->hosts;th;th=th->next) | |
80 | if(th->parent) | |
81 | th_updatechildren(th->parent); | |
82 | } | |
83 | ||
82a316e7 | 84 | trusthost *th_add(trusthost *ith) { |
65f34016 CP |
85 | trusthost *th; |
86 | ||
45989eab | 87 | th = nsmalloc(POOL_TRUSTS, sizeof(trusthost)); |
65f34016 | 88 | if(!th) |
d2c08930 | 89 | return NULL; |
65f34016 | 90 | |
82a316e7 | 91 | memcpy(th, ith, sizeof(trusthost)); |
5ada3782 | 92 | |
1bbe1ac3 | 93 | th->users = NULL; |
1bbe1ac3 CP |
94 | th->count = 0; |
95 | ||
34e3de85 GB |
96 | th->parent = NULL; |
97 | th->children = NULL; | |
98 | ||
99 | th->marker = 0; | |
100 | ||
82a316e7 CP |
101 | th->next = th->group->hosts; |
102 | th->group->hosts = th; | |
5ada3782 | 103 | |
d2c08930 | 104 | return th; |
5ada3782 CP |
105 | } |
106 | ||
2ab0a1e7 CP |
107 | void tg_free(trustgroup *tg, int created) { |
108 | if(created) | |
109 | triggerhook(HOOK_TRUSTS_LOSTGROUP, tg); | |
2129448c | 110 | |
5ada3782 CP |
111 | freesstring(tg->name); |
112 | freesstring(tg->createdby); | |
113 | freesstring(tg->contact); | |
114 | freesstring(tg->comment); | |
45989eab | 115 | nsfree(POOL_TRUSTS, tg); |
5ada3782 CP |
116 | } |
117 | ||
82a316e7 | 118 | trustgroup *tg_add(trustgroup *itg) { |
45989eab | 119 | trustgroup *tg = nsmalloc(POOL_TRUSTS, sizeof(trustgroup)); |
5ada3782 | 120 | if(!tg) |
d2c08930 | 121 | return NULL; |
5ada3782 | 122 | |
82a316e7 CP |
123 | memcpy(tg, itg, sizeof(trustgroup)); |
124 | ||
125 | tg->name = getsstring(tg->name->content, TRUSTNAMELEN); | |
1f685425 | 126 | tg->createdby = getsstring(tg->createdby->content, CREATEDBYLEN); |
82a316e7 CP |
127 | tg->contact = getsstring(tg->contact->content, CONTACTLEN); |
128 | tg->comment = getsstring(tg->comment->content, COMMENTLEN); | |
5ada3782 | 129 | if(!tg->name || !tg->createdby || !tg->contact || !tg->comment) { |
2ab0a1e7 | 130 | tg_free(tg, 0); |
d2c08930 | 131 | return NULL; |
5ada3782 CP |
132 | } |
133 | ||
65f34016 | 134 | tg->hosts = NULL; |
34e3de85 | 135 | tg->marker = 0; |
1bbe1ac3 CP |
136 | tg->count = 0; |
137 | ||
2129448c CP |
138 | memset(tg->exts, 0, sizeof(tg->exts)); |
139 | ||
5ada3782 CP |
140 | tg->next = tglist; |
141 | tglist = tg; | |
142 | ||
2129448c CP |
143 | triggerhook(HOOK_TRUSTS_NEWGROUP, tg); |
144 | ||
d2c08930 | 145 | return tg; |
5ada3782 | 146 | } |
1bbe1ac3 | 147 | |
6e6e98da | 148 | trusthost *th_getbyhost(struct irc_in_addr *ip) { |
1bbe1ac3 | 149 | trustgroup *tg; |
fdcbe91d | 150 | trusthost *th, *result = NULL; |
6e6e98da | 151 | uint32_t bits; |
1bbe1ac3 | 152 | |
fdcbe91d CP |
153 | for(tg=tglist;tg;tg=tg->next) { |
154 | for(th=tg->hosts;th;th=th->next) { | |
6e6e98da GB |
155 | if(ipmask_check(ip, &th->ip, th->bits)) { |
156 | if(!result || (th->bits > bits)) { | |
157 | bits = th->bits; | |
fdcbe91d CP |
158 | result = th; |
159 | } | |
160 | } | |
161 | } | |
162 | } | |
1bbe1ac3 | 163 | |
fdcbe91d | 164 | return result; |
1bbe1ac3 | 165 | } |
4be1aaf2 | 166 | |
6e6e98da | 167 | trusthost *th_getbyhostandmask(struct irc_in_addr *ip, uint32_t bits) { |
d2c08930 CP |
168 | trustgroup *tg; |
169 | trusthost *th; | |
170 | ||
171 | for(tg=tglist;tg;tg=tg->next) | |
172 | for(th=tg->hosts;th;th=th->next) | |
6e6e98da | 173 | if(ipmask_check(ip, &th->ip, 128) && th->bits == bits) |
d2c08930 CP |
174 | return th; |
175 | ||
176 | return NULL; | |
177 | } | |
178 | ||
9097ab05 | 179 | /* returns the ip with the smallest prefix that is still a superset of the given host */ |
6e6e98da | 180 | trusthost *th_getsmallestsupersetbyhost(struct irc_in_addr *ip, uint32_t bits) { |
9097ab05 CP |
181 | trustgroup *tg; |
182 | trusthost *th, *result = NULL; | |
6e6e98da | 183 | uint32_t sbits; |
9097ab05 CP |
184 | |
185 | for(tg=tglist;tg;tg=tg->next) { | |
186 | for(th=tg->hosts;th;th=th->next) { | |
6e6e98da GB |
187 | if(ipmask_check(ip, &th->ip, th->bits)) { |
188 | if((th->bits < bits) && (!result || (th->bits > sbits))) { | |
189 | sbits = th->bits; | |
9097ab05 CP |
190 | result = th; |
191 | } | |
192 | } | |
193 | } | |
194 | } | |
195 | ||
196 | return result; | |
197 | } | |
198 | ||
199 | /* returns the first ip that is a subset it comes across */ | |
6e6e98da | 200 | trusthost *th_getsubsetbyhost(struct irc_in_addr *ip, uint32_t bits) { |
9097ab05 CP |
201 | trustgroup *tg; |
202 | trusthost *th; | |
203 | ||
204 | for(tg=tglist;tg;tg=tg->next) | |
205 | for(th=tg->hosts;th;th=th->next) | |
6e6e98da GB |
206 | if(ipmask_check(ip, &th->ip, th->bits)) |
207 | if(th->bits > bits) | |
9097ab05 CP |
208 | return th; |
209 | ||
210 | return NULL; | |
211 | } | |
212 | ||
34e3de85 GB |
213 | /* NOT reentrant obviously */ |
214 | static trusthost *th_getnextchildbyhost(trusthost *orig, trusthost *th) { | |
215 | if(!th) { | |
216 | trustgroup *tg; | |
217 | ||
34e3de85 GB |
218 | for(tg=tglist;tg;tg=tg->next) { |
219 | th = tg->hosts; | |
220 | if(th) | |
221 | break; | |
222 | } | |
223 | ||
224 | /* INVARIANT: tg => th */ | |
225 | if(!tg) | |
226 | return NULL; | |
227 | ||
228 | if(th->parent == orig) | |
229 | return th; | |
230 | } | |
231 | ||
232 | for(;;) { | |
233 | if(th->next) { | |
234 | th = th->next; | |
235 | } else { | |
9a9f4372 GB |
236 | trustgroup *tg = th->group; |
237 | ||
238 | do { | |
239 | tg = tg->next; | |
240 | } while (tg && !tg->hosts); | |
241 | ||
242 | if(!tg) | |
34e3de85 | 243 | return NULL; |
9a9f4372 GB |
244 | |
245 | th = tg->hosts; | |
34e3de85 GB |
246 | } |
247 | ||
9a9f4372 | 248 | if(th->parent == orig) |
34e3de85 GB |
249 | return th; |
250 | } | |
251 | } | |
252 | ||
6e6e98da GB |
253 | void th_getsuperandsubsets(struct irc_in_addr *ip, uint32_t bits, trusthost **superset, trusthost **subset) { |
254 | *superset = th_getsmallestsupersetbyhost(ip, bits); | |
255 | *subset = th_getsubsetbyhost(ip, bits); | |
9097ab05 CP |
256 | } |
257 | ||
b9c52ee0 | 258 | void trusts_flush(void (*thflush)(trusthost *), void (*tgflush)(trustgroup *)) { |
4be1aaf2 CP |
259 | trustgroup *tg; |
260 | trusthost *th; | |
acd5f58f | 261 | time_t t = getnettime(); |
4be1aaf2 CP |
262 | |
263 | for(tg=tglist;tg;tg=tg->next) { | |
264 | if(tg->count > 0) | |
265 | tg->lastseen = t; | |
266 | ||
b9c52ee0 | 267 | tgflush(tg); |
4be1aaf2 CP |
268 | |
269 | for(th=tg->hosts;th;th=th->next) { | |
270 | if(th->count > 0) | |
271 | th->lastseen = t; | |
272 | ||
b9c52ee0 | 273 | thflush(th); |
4be1aaf2 CP |
274 | } |
275 | } | |
276 | } | |
4ea9375d CP |
277 | |
278 | trustgroup *tg_strtotg(char *name) { | |
279 | unsigned long id; | |
280 | trustgroup *tg; | |
281 | ||
282 | /* legacy format */ | |
283 | if(name[0] == '#') { | |
73653516 CP |
284 | char *endp; |
285 | id = strtoul(&name[1], &endp, 10); | |
286 | if(!id || *endp) | |
4ea9375d CP |
287 | return NULL; |
288 | ||
73653516 | 289 | return tg_getbyid(id); |
4ea9375d CP |
290 | } |
291 | ||
292 | for(tg=tglist;tg;tg=tg->next) | |
2bf602e9 | 293 | if(!strcasecmp(name, tg->name->content)) |
4ea9375d CP |
294 | return tg; |
295 | ||
296 | return NULL; | |
297 | } | |
9097ab05 CP |
298 | |
299 | void th_adjusthosts(trusthost *th, trusthost *superset, trusthost *subset) { | |
fdcb5d66 GB |
300 | struct irc_in_addr ipaddress_canonical; |
301 | ||
9097ab05 CP |
302 | /* |
303 | * First and foremost, CIDR doesn't allow hosts to cross boundaries, i.e. everything with a smaller prefix | |
304 | * is entirely contained with the prefix that is one smaller. | |
305 | * e.g. 0.0.0.0/23, 0.0.0.128/23, you can't have a single prefix for 0.0.0.64-0.0.0.192, instead | |
306 | * you have two, 0.0.0.64/26 and 0.0.0.128/26. | |
307 | * | |
308 | * This makes the code MUCH easier as the entire thing is one huge set/tree. | |
309 | * | |
310 | * Four cases here: | |
311 | * 1: host isn't covered by any existing hosts. | |
312 | * 2: host is covered by a less specific one only, e.g. adding 0.0.0.1/32, while 0.0.0.0/24 already exists. | |
313 | * 3: host is covered by a more specific one only, e.g. adding 0.0.0.0/24 while 0.0.0.1/32 already exists | |
314 | * (note there might be more than one more specific host, e.g. 0.0.0.1/32 and 0.0.0.2/32). | |
315 | * 4: covered by more and less specific cases, e.g. adding 0.0.0.0/24 to: { 0.0.0.1/32, 0.0.0.2/32, 0.0.0.0/16 }. | |
316 | * | |
317 | * CASE 1 | |
318 | * ------ | |
319 | * | |
320 | * !superset && !subset | |
321 | * | |
322 | * Scan through the host hash and add any clients which match our host, this is exactly the same as case 3 | |
323 | * but without needing to check (though checking doesn't hurt), so we'll just use the code for that. | |
324 | * | |
325 | * CASE 2 | |
326 | * ------ | |
327 | * | |
328 | * superset && !subset | |
329 | * | |
330 | * We have the less specific host in 'superset', we know it is the only one so pull out clients in it's | |
331 | * ->users list matching our new host. | |
332 | * No need to look for extra hosts in the main nick hash as they're all covered already. | |
333 | * | |
334 | * CASE 3 | |
335 | * ------ | |
336 | * | |
337 | * !superset && subset | |
338 | * | |
339 | * We have one host in 'subset', but there might be more than one, we don't care though! | |
340 | * We can scan the entire host hash and pull out any hosts that match us and don't have | |
341 | * a trust group already, this ignores any with a more specific prefix. | |
342 | * | |
343 | * CASE 4 | |
344 | * ------ | |
345 | * | |
346 | * superset && subset | |
347 | * | |
348 | * Here we first fix up the ones less specific then us, so we just perform what we did for case 2, | |
349 | * then we perform what we did for case 3. | |
350 | * | |
351 | * So in summary: | |
352 | * CASE 1: DO 3 | |
353 | * CASE 2: (work) | |
354 | * CASE 3: (work) | |
355 | * CASE 4: DO 2; DO 3 | |
356 | * Or: | |
357 | * if(2 || 4) : DO 2 | |
358 | * if(1 || 3 || 4): DO 3 | |
359 | */ | |
360 | ||
361 | /* we let the compiler do the boolean minimisation for clarity reasons */ | |
362 | ||
363 | if((superset && !subset) || (superset && subset)) { /* cases 2 and 4 */ | |
364 | nick *np, *nnp; | |
365 | for(np=superset->users;np;np=nnp) { | |
366 | nnp = nextbytrust(np); | |
fdcb5d66 GB |
367 | ip_canonicalize_tunnel(&ipaddress_canonical, &np->ipaddress); |
368 | if(ipmask_check(&ipaddress_canonical, &th->ip, th->bits)) { | |
9097ab05 CP |
369 | trusts_lostnick(np, 1); |
370 | trusts_newnick(np, 1); | |
371 | } | |
372 | } | |
373 | } | |
374 | ||
375 | if((!superset && !subset) || (!superset && subset) || (superset && subset)) { /* cases 1, 3 and 4 */ | |
376 | nick *np; | |
377 | int i; | |
378 | ||
fdcb5d66 GB |
379 | for(i=0;i<NICKHASHSIZE;i++) { |
380 | for(np=nicktable[i];np;np=np->next) { | |
381 | ip_canonicalize_tunnel(&ipaddress_canonical, &np->ipaddress); | |
382 | if(!gettrusthost(np) && ipmask_check(&ipaddress_canonical, &th->ip, th->bits)) | |
9097ab05 | 383 | trusts_newnick(np, 1); |
fdcb5d66 GB |
384 | } |
385 | } | |
9097ab05 CP |
386 | } |
387 | } | |
6ebeb438 | 388 | |
34e3de85 GB |
389 | unsigned int nexttgmarker(void) { |
390 | static unsigned int tgmarker = 0; | |
391 | trustgroup *tg; | |
392 | ||
393 | tgmarker++; | |
394 | if(!tgmarker) { | |
395 | /* If we wrapped to zero, zap the marker on all groups */ | |
396 | for(tg=tglist;tg;tg=tg->next) | |
397 | tg->marker=0; | |
398 | ||
399 | tgmarker++; | |
400 | } | |
401 | ||
402 | return tgmarker; | |
403 | } | |
404 | ||
405 | unsigned int nextthmarker(void) { | |
406 | static unsigned int thmarker = 0; | |
407 | trustgroup *tg; | |
408 | trusthost *th; | |
409 | ||
410 | thmarker++; | |
411 | if(!thmarker) { | |
412 | /* If we wrapped to zero, zap the marker on all hosts */ | |
413 | for(tg=tglist;tg;tg=tg->next) | |
414 | for(th=tg->hosts;th;th=th->next) | |
415 | th->marker=0; | |
416 | ||
417 | thmarker++; | |
418 | } | |
419 | ||
420 | return thmarker; | |
421 | } | |
422 | ||
2ab0a1e7 | 423 | trusthost *th_getbyid(unsigned int id) { |
82a316e7 | 424 | trustgroup *tg; |
2ab0a1e7 | 425 | trusthost *th; |
82a316e7 CP |
426 | |
427 | for(tg=tglist;tg;tg=tg->next) | |
2ab0a1e7 CP |
428 | for(th=tg->hosts;th;th=th->next) |
429 | if(th->id == id) | |
430 | return th; | |
82a316e7 CP |
431 | |
432 | return NULL; | |
433 | } | |
434 | ||
2ab0a1e7 CP |
435 | int tg_modify(trustgroup *oldtg, trustgroup *newtg) { |
436 | trustgroup vnewtg; | |
437 | ||
438 | memcpy(&vnewtg, oldtg, sizeof(trustgroup)); | |
439 | ||
440 | /* unfortunately we can't just memcpy the new one over */ | |
441 | ||
442 | vnewtg.name = getsstring(newtg->name->content, TRUSTNAMELEN); | |
1f685425 | 443 | vnewtg.createdby = getsstring(newtg->createdby->content, CREATEDBYLEN); |
2ab0a1e7 CP |
444 | vnewtg.contact = getsstring(newtg->contact->content, CONTACTLEN); |
445 | vnewtg.comment = getsstring(newtg->comment->content, COMMENTLEN); | |
f803c9ca | 446 | if(!vnewtg.name || !vnewtg.createdby || !vnewtg.contact || !vnewtg.comment) { |
2ab0a1e7 CP |
447 | freesstring(vnewtg.name); |
448 | freesstring(vnewtg.createdby); | |
449 | freesstring(vnewtg.contact); | |
450 | freesstring(vnewtg.comment); | |
451 | return 0; | |
452 | } | |
453 | ||
454 | /* id remains the same, count/hosts/marker/next/exts are ignored */ | |
455 | vnewtg.trustedfor = newtg->trustedfor; | |
de723023 | 456 | vnewtg.flags = newtg->flags; |
2ab0a1e7 CP |
457 | vnewtg.maxperident = newtg->maxperident; |
458 | vnewtg.maxusage = newtg->maxusage; | |
459 | vnewtg.expires = newtg->expires; | |
460 | vnewtg.lastseen = newtg->lastseen; | |
1f685425 | 461 | vnewtg.lastmaxusereset = newtg->lastmaxusereset; |
2ab0a1e7 CP |
462 | |
463 | memcpy(oldtg, &vnewtg, sizeof(trustgroup)); | |
464 | ||
465 | return 1; | |
466 | } | |
058f68c5 GB |
467 | |
468 | int th_modify(trusthost *oldth, trusthost *newth) { | |
469 | oldth->maxpernode = newth->maxpernode; | |
470 | oldth->nodebits = newth->nodebits; | |
471 | ||
472 | return 1; | |
473 | } | |
474 |