]>
Commit | Line | Data |
---|---|---|
1 | #include <stdlib.h> | |
2 | #include <string.h> | |
3 | #include <strings.h> | |
4 | #include <stdio.h> | |
5 | ||
6 | #include "../lib/sstring.h" | |
7 | #include "../core/hooks.h" | |
8 | #include "../core/nsmalloc.h" | |
9 | #include "../lib/irc_string.h" | |
10 | #include "../irc/irc.h" | |
11 | #include "trusts.h" | |
12 | ||
13 | trustgroup *tglist; | |
14 | ||
15 | void th_dbupdatecounts(trusthost *); | |
16 | void tg_dbupdatecounts(trustgroup *); | |
17 | ||
18 | static trusthost *th_getnextchildbyhost(trusthost *, trusthost *); | |
19 | ||
20 | void trusts_freeall(void) { | |
21 | trustgroup *tg, *ntg; | |
22 | trusthost *th, *nth; | |
23 | ||
24 | for(tg=tglist;tg;tg=ntg) { | |
25 | ntg = tg->next; | |
26 | for(th=tg->hosts;th;th=nth) { | |
27 | nth = th->next; | |
28 | ||
29 | th_free(th); | |
30 | } | |
31 | ||
32 | tg_free(tg, 1); | |
33 | } | |
34 | ||
35 | tglist = NULL; | |
36 | } | |
37 | ||
38 | trustgroup *tg_getbyid(unsigned int id) { | |
39 | trustgroup *tg; | |
40 | ||
41 | for(tg=tglist;tg;tg=tg->next) | |
42 | if(tg->id == id) | |
43 | return tg; | |
44 | ||
45 | return NULL; | |
46 | } | |
47 | ||
48 | void th_free(trusthost *th) { | |
49 | triggerhook(HOOK_TRUSTS_LOSTHOST, th); | |
50 | ||
51 | nsfree(POOL_TRUSTS, th); | |
52 | } | |
53 | ||
54 | static void th_updatechildren(trusthost *th) { | |
55 | trusthost *nth = NULL; | |
56 | ||
57 | th->children = NULL; | |
58 | ||
59 | for(;;) { | |
60 | nth = th_getnextchildbyhost(th, nth); | |
61 | if(!nth) | |
62 | break; | |
63 | ||
64 | nth->nextbychild = th->children; | |
65 | th->children = nth; | |
66 | } | |
67 | } | |
68 | ||
69 | void th_linktree(void) { | |
70 | trustgroup *tg; | |
71 | trusthost *th; | |
72 | ||
73 | /* ugh */ | |
74 | for(tg=tglist;tg;tg=tg->next) | |
75 | for(th=tg->hosts;th;th=th->next) | |
76 | th->parent = th_getsmallestsupersetbyhost(&th->ip, th->bits); | |
77 | ||
78 | for(tg=tglist;tg;tg=tg->next) | |
79 | for(th=tg->hosts;th;th=th->next) | |
80 | if(th->parent) | |
81 | th_updatechildren(th->parent); | |
82 | } | |
83 | ||
84 | trusthost *th_add(trusthost *ith) { | |
85 | trusthost *th; | |
86 | ||
87 | th = nsmalloc(POOL_TRUSTS, sizeof(trusthost)); | |
88 | if(!th) | |
89 | return NULL; | |
90 | ||
91 | memcpy(th, ith, sizeof(trusthost)); | |
92 | ||
93 | th->users = NULL; | |
94 | th->count = 0; | |
95 | ||
96 | th->parent = NULL; | |
97 | th->children = NULL; | |
98 | ||
99 | th->marker = 0; | |
100 | ||
101 | th->next = th->group->hosts; | |
102 | th->group->hosts = th; | |
103 | ||
104 | return th; | |
105 | } | |
106 | ||
107 | void tg_free(trustgroup *tg, int created) { | |
108 | if(created) | |
109 | triggerhook(HOOK_TRUSTS_LOSTGROUP, tg); | |
110 | ||
111 | freesstring(tg->name); | |
112 | freesstring(tg->createdby); | |
113 | freesstring(tg->contact); | |
114 | freesstring(tg->comment); | |
115 | nsfree(POOL_TRUSTS, tg); | |
116 | } | |
117 | ||
118 | trustgroup *tg_add(trustgroup *itg) { | |
119 | trustgroup *tg = nsmalloc(POOL_TRUSTS, sizeof(trustgroup)); | |
120 | if(!tg) | |
121 | return NULL; | |
122 | ||
123 | memcpy(tg, itg, sizeof(trustgroup)); | |
124 | ||
125 | tg->name = getsstring(tg->name->content, TRUSTNAMELEN); | |
126 | tg->createdby = getsstring(tg->createdby->content, CREATEDBYLEN); | |
127 | tg->contact = getsstring(tg->contact->content, CONTACTLEN); | |
128 | tg->comment = getsstring(tg->comment->content, COMMENTLEN); | |
129 | if(!tg->name || !tg->createdby || !tg->contact || !tg->comment) { | |
130 | tg_free(tg, 0); | |
131 | return NULL; | |
132 | } | |
133 | ||
134 | tg->hosts = NULL; | |
135 | tg->marker = 0; | |
136 | tg->count = 0; | |
137 | ||
138 | memset(tg->exts, 0, sizeof(tg->exts)); | |
139 | ||
140 | tg->next = tglist; | |
141 | tglist = tg; | |
142 | ||
143 | triggerhook(HOOK_TRUSTS_NEWGROUP, tg); | |
144 | ||
145 | return tg; | |
146 | } | |
147 | ||
148 | trusthost *th_getbyhost(struct irc_in_addr *ip) { | |
149 | trustgroup *tg; | |
150 | trusthost *th, *result = NULL; | |
151 | uint32_t bits; | |
152 | ||
153 | for(tg=tglist;tg;tg=tg->next) { | |
154 | for(th=tg->hosts;th;th=th->next) { | |
155 | if(ipmask_check(ip, &th->ip, th->bits)) { | |
156 | if(!result || (th->bits > bits)) { | |
157 | bits = th->bits; | |
158 | result = th; | |
159 | } | |
160 | } | |
161 | } | |
162 | } | |
163 | ||
164 | return result; | |
165 | } | |
166 | ||
167 | trusthost *th_getbyhostandmask(struct irc_in_addr *ip, uint32_t bits) { | |
168 | trustgroup *tg; | |
169 | trusthost *th; | |
170 | ||
171 | for(tg=tglist;tg;tg=tg->next) | |
172 | for(th=tg->hosts;th;th=th->next) | |
173 | if(ipmask_check(ip, &th->ip, 128) && th->bits == bits) | |
174 | return th; | |
175 | ||
176 | return NULL; | |
177 | } | |
178 | ||
179 | /* returns the ip with the smallest prefix that is still a superset of the given host */ | |
180 | trusthost *th_getsmallestsupersetbyhost(struct irc_in_addr *ip, uint32_t bits) { | |
181 | trustgroup *tg; | |
182 | trusthost *th, *result = NULL; | |
183 | uint32_t sbits; | |
184 | ||
185 | for(tg=tglist;tg;tg=tg->next) { | |
186 | for(th=tg->hosts;th;th=th->next) { | |
187 | if(ipmask_check(ip, &th->ip, th->bits)) { | |
188 | if((th->bits < bits) && (!result || (th->bits > sbits))) { | |
189 | sbits = th->bits; | |
190 | result = th; | |
191 | } | |
192 | } | |
193 | } | |
194 | } | |
195 | ||
196 | return result; | |
197 | } | |
198 | ||
199 | /* returns the first ip that is a subset it comes across */ | |
200 | trusthost *th_getsubsetbyhost(struct irc_in_addr *ip, uint32_t bits) { | |
201 | trustgroup *tg; | |
202 | trusthost *th; | |
203 | ||
204 | for(tg=tglist;tg;tg=tg->next) | |
205 | for(th=tg->hosts;th;th=th->next) | |
206 | if(ipmask_check(ip, &th->ip, th->bits)) | |
207 | if(th->bits > bits) | |
208 | return th; | |
209 | ||
210 | return NULL; | |
211 | } | |
212 | ||
213 | /* NOT reentrant obviously */ | |
214 | static trusthost *th_getnextchildbyhost(trusthost *orig, trusthost *th) { | |
215 | if(!th) { | |
216 | trustgroup *tg; | |
217 | ||
218 | for(tg=tglist;tg;tg=tg->next) { | |
219 | th = tg->hosts; | |
220 | if(th) | |
221 | break; | |
222 | } | |
223 | ||
224 | /* INVARIANT: tg => th */ | |
225 | if(!tg) | |
226 | return NULL; | |
227 | ||
228 | if(th->parent == orig) | |
229 | return th; | |
230 | } | |
231 | ||
232 | for(;;) { | |
233 | if(th->next) { | |
234 | th = th->next; | |
235 | } else { | |
236 | trustgroup *tg = th->group; | |
237 | ||
238 | do { | |
239 | tg = tg->next; | |
240 | } while (tg && !tg->hosts); | |
241 | ||
242 | if(!tg) | |
243 | return NULL; | |
244 | ||
245 | th = tg->hosts; | |
246 | } | |
247 | ||
248 | if(th->parent == orig) | |
249 | return th; | |
250 | } | |
251 | } | |
252 | ||
253 | void th_getsuperandsubsets(struct irc_in_addr *ip, uint32_t bits, trusthost **superset, trusthost **subset) { | |
254 | *superset = th_getsmallestsupersetbyhost(ip, bits); | |
255 | *subset = th_getsubsetbyhost(ip, bits); | |
256 | } | |
257 | ||
258 | void trusts_flush(void (*thflush)(trusthost *), void (*tgflush)(trustgroup *)) { | |
259 | trustgroup *tg; | |
260 | trusthost *th; | |
261 | time_t t = getnettime(); | |
262 | ||
263 | for(tg=tglist;tg;tg=tg->next) { | |
264 | if(tg->count > 0) | |
265 | tg->lastseen = t; | |
266 | ||
267 | tgflush(tg); | |
268 | ||
269 | for(th=tg->hosts;th;th=th->next) { | |
270 | if(th->count > 0) | |
271 | th->lastseen = t; | |
272 | ||
273 | thflush(th); | |
274 | } | |
275 | } | |
276 | } | |
277 | ||
278 | trustgroup *tg_strtotg(char *name) { | |
279 | unsigned long id; | |
280 | trustgroup *tg; | |
281 | ||
282 | /* legacy format */ | |
283 | if(name[0] == '#') { | |
284 | char *endp; | |
285 | id = strtoul(&name[1], &endp, 10); | |
286 | if(!id || *endp) | |
287 | return NULL; | |
288 | ||
289 | return tg_getbyid(id); | |
290 | } | |
291 | ||
292 | for(tg=tglist;tg;tg=tg->next) | |
293 | if(!strcasecmp(name, tg->name->content)) | |
294 | return tg; | |
295 | ||
296 | return NULL; | |
297 | } | |
298 | ||
299 | void th_adjusthosts(trusthost *th, trusthost *superset, trusthost *subset) { | |
300 | struct irc_in_addr ipaddress_canonical; | |
301 | ||
302 | /* | |
303 | * First and foremost, CIDR doesn't allow hosts to cross boundaries, i.e. everything with a smaller prefix | |
304 | * is entirely contained with the prefix that is one smaller. | |
305 | * e.g. 0.0.0.0/23, 0.0.0.128/23, you can't have a single prefix for 0.0.0.64-0.0.0.192, instead | |
306 | * you have two, 0.0.0.64/26 and 0.0.0.128/26. | |
307 | * | |
308 | * This makes the code MUCH easier as the entire thing is one huge set/tree. | |
309 | * | |
310 | * Four cases here: | |
311 | * 1: host isn't covered by any existing hosts. | |
312 | * 2: host is covered by a less specific one only, e.g. adding 0.0.0.1/32, while 0.0.0.0/24 already exists. | |
313 | * 3: host is covered by a more specific one only, e.g. adding 0.0.0.0/24 while 0.0.0.1/32 already exists | |
314 | * (note there might be more than one more specific host, e.g. 0.0.0.1/32 and 0.0.0.2/32). | |
315 | * 4: covered by more and less specific cases, e.g. adding 0.0.0.0/24 to: { 0.0.0.1/32, 0.0.0.2/32, 0.0.0.0/16 }. | |
316 | * | |
317 | * CASE 1 | |
318 | * ------ | |
319 | * | |
320 | * !superset && !subset | |
321 | * | |
322 | * Scan through the host hash and add any clients which match our host, this is exactly the same as case 3 | |
323 | * but without needing to check (though checking doesn't hurt), so we'll just use the code for that. | |
324 | * | |
325 | * CASE 2 | |
326 | * ------ | |
327 | * | |
328 | * superset && !subset | |
329 | * | |
330 | * We have the less specific host in 'superset', we know it is the only one so pull out clients in it's | |
331 | * ->users list matching our new host. | |
332 | * No need to look for extra hosts in the main nick hash as they're all covered already. | |
333 | * | |
334 | * CASE 3 | |
335 | * ------ | |
336 | * | |
337 | * !superset && subset | |
338 | * | |
339 | * We have one host in 'subset', but there might be more than one, we don't care though! | |
340 | * We can scan the entire host hash and pull out any hosts that match us and don't have | |
341 | * a trust group already, this ignores any with a more specific prefix. | |
342 | * | |
343 | * CASE 4 | |
344 | * ------ | |
345 | * | |
346 | * superset && subset | |
347 | * | |
348 | * Here we first fix up the ones less specific then us, so we just perform what we did for case 2, | |
349 | * then we perform what we did for case 3. | |
350 | * | |
351 | * So in summary: | |
352 | * CASE 1: DO 3 | |
353 | * CASE 2: (work) | |
354 | * CASE 3: (work) | |
355 | * CASE 4: DO 2; DO 3 | |
356 | * Or: | |
357 | * if(2 || 4) : DO 2 | |
358 | * if(1 || 3 || 4): DO 3 | |
359 | */ | |
360 | ||
361 | /* we let the compiler do the boolean minimisation for clarity reasons */ | |
362 | ||
363 | if((superset && !subset) || (superset && subset)) { /* cases 2 and 4 */ | |
364 | nick *np, *nnp; | |
365 | for(np=superset->users;np;np=nnp) { | |
366 | nnp = nextbytrust(np); | |
367 | ip_canonicalize_tunnel(&ipaddress_canonical, &np->ipaddress); | |
368 | if(ipmask_check(&ipaddress_canonical, &th->ip, th->bits)) { | |
369 | trusts_lostnick(np, 1); | |
370 | trusts_newnick(np, 1); | |
371 | } | |
372 | } | |
373 | } | |
374 | ||
375 | if((!superset && !subset) || (!superset && subset) || (superset && subset)) { /* cases 1, 3 and 4 */ | |
376 | nick *np; | |
377 | int i; | |
378 | ||
379 | for(i=0;i<NICKHASHSIZE;i++) { | |
380 | for(np=nicktable[i];np;np=np->next) { | |
381 | ip_canonicalize_tunnel(&ipaddress_canonical, &np->ipaddress); | |
382 | if(!gettrusthost(np) && ipmask_check(&ipaddress_canonical, &th->ip, th->bits)) | |
383 | trusts_newnick(np, 1); | |
384 | } | |
385 | } | |
386 | } | |
387 | } | |
388 | ||
389 | unsigned int nexttgmarker(void) { | |
390 | static unsigned int tgmarker = 0; | |
391 | trustgroup *tg; | |
392 | ||
393 | tgmarker++; | |
394 | if(!tgmarker) { | |
395 | /* If we wrapped to zero, zap the marker on all groups */ | |
396 | for(tg=tglist;tg;tg=tg->next) | |
397 | tg->marker=0; | |
398 | ||
399 | tgmarker++; | |
400 | } | |
401 | ||
402 | return tgmarker; | |
403 | } | |
404 | ||
405 | unsigned int nextthmarker(void) { | |
406 | static unsigned int thmarker = 0; | |
407 | trustgroup *tg; | |
408 | trusthost *th; | |
409 | ||
410 | thmarker++; | |
411 | if(!thmarker) { | |
412 | /* If we wrapped to zero, zap the marker on all hosts */ | |
413 | for(tg=tglist;tg;tg=tg->next) | |
414 | for(th=tg->hosts;th;th=th->next) | |
415 | th->marker=0; | |
416 | ||
417 | thmarker++; | |
418 | } | |
419 | ||
420 | return thmarker; | |
421 | } | |
422 | ||
423 | trusthost *th_getbyid(unsigned int id) { | |
424 | trustgroup *tg; | |
425 | trusthost *th; | |
426 | ||
427 | for(tg=tglist;tg;tg=tg->next) | |
428 | for(th=tg->hosts;th;th=th->next) | |
429 | if(th->id == id) | |
430 | return th; | |
431 | ||
432 | return NULL; | |
433 | } | |
434 | ||
435 | int tg_modify(trustgroup *oldtg, trustgroup *newtg) { | |
436 | trustgroup vnewtg; | |
437 | ||
438 | memcpy(&vnewtg, oldtg, sizeof(trustgroup)); | |
439 | ||
440 | /* unfortunately we can't just memcpy the new one over */ | |
441 | ||
442 | vnewtg.name = getsstring(newtg->name->content, TRUSTNAMELEN); | |
443 | vnewtg.createdby = getsstring(newtg->createdby->content, CREATEDBYLEN); | |
444 | vnewtg.contact = getsstring(newtg->contact->content, CONTACTLEN); | |
445 | vnewtg.comment = getsstring(newtg->comment->content, COMMENTLEN); | |
446 | if(!vnewtg.name || !vnewtg.createdby || !vnewtg.contact || !vnewtg.comment) { | |
447 | freesstring(vnewtg.name); | |
448 | freesstring(vnewtg.createdby); | |
449 | freesstring(vnewtg.contact); | |
450 | freesstring(vnewtg.comment); | |
451 | return 0; | |
452 | } | |
453 | ||
454 | /* id remains the same, count/hosts/marker/next/exts are ignored */ | |
455 | vnewtg.trustedfor = newtg->trustedfor; | |
456 | vnewtg.flags = newtg->flags; | |
457 | vnewtg.maxperident = newtg->maxperident; | |
458 | vnewtg.maxusage = newtg->maxusage; | |
459 | vnewtg.expires = newtg->expires; | |
460 | vnewtg.lastseen = newtg->lastseen; | |
461 | vnewtg.lastmaxusereset = newtg->lastmaxusereset; | |
462 | ||
463 | memcpy(oldtg, &vnewtg, sizeof(trustgroup)); | |
464 | ||
465 | return 1; | |
466 | } | |
467 | ||
468 | int th_modify(trusthost *oldth, trusthost *newth) { | |
469 | oldth->maxpernode = newth->maxpernode; | |
470 | oldth->nodebits = newth->nodebits; | |
471 | ||
472 | return 1; | |
473 | } | |
474 |