]>
jfr.im git - irc/quakenet/newserv.git/blob - trusts/trusts_policy.c
1 #include "../core/hooks.h"
2 #include "../core/config.h"
3 #include "../control/control.h"
4 #include "../lib/irc_string.h"
5 #include "../irc/irc.h"
8 static int countext
, enforcepolicy
;
10 static void policycheck ( int hooknum
, void * arg
) {
13 long moving
= ( long ) args
[ 1 ];
14 trusthost
* th
= gettrusthost ( np
);
16 patricia_node_t
* head
, * node
;
27 head
= refnode ( iptree
, & np
-> p_ipaddr
, th
-> nodebits
);
28 PATRICIA_WALK ( head
, node
)
30 nodecount
+= node
-> usercount
;
33 derefnode ( iptree
, head
);
35 if ( th
-> maxpernode
&& nodecount
> th
-> maxpernode
) {
36 controlwall ( NO_OPER
, NL_TRUSTS
, "Hard connection limit exceeded on IP: %s (group: %s ) %d connected, %d max." , IPtostr ( np
-> p_ipaddr
), tg
-> name
-> content
, nodecount
, th
-> maxpernode
);
39 irc_send ( " %s GL * +*@ %s %d %j d :Too many connections from your host." , mynumeric
-> content
, trusts_cidr2str (& np
-> p_ipaddr
, th
-> nodebits
), POLICY_GLINE_DURATION
, ( intmax_t ) getnettime ());
45 * the purpose of this logic is to avoid spam like this:
46 * WARNING: tgX exceeded limit: 11 connected vs 10 max
47 * (goes back down to 10)
48 * WARNING: tgX exceeded limit: 11 connected vs 10 max
51 if ( hooknum
== HOOK_TRUSTS_NEWNICK
) {
52 if ( tg
-> trustedfor
&& tg
-> count
> tg
-> trustedfor
) {
54 if(tg->count > (long)tg->exts[countext]) {
56 tg->exts[countext] = (void *)(long)tg->count;
58 controlwall ( NO_OPER
, NL_TRUSTS
, "Hard connection limit exceeded: ' %s ', %d connected, %d max." , tg
-> name
-> content
, tg
-> count
, tg
-> trustedfor
);
63 if (( tg
-> mode
== 1 ) && ( np
-> ident
[ 0 ] == '~' )) {
64 controlwall ( NO_OPER
, NL_TRUSTS
, "Ident required: ' %s ' %s ! %s @ %s ." , tg
-> name
-> content
, np
-> nick
, np
-> ident
, np
-> host
-> name
-> content
);
67 irc_send ( " %s GL * + %s @ %s %d %j d :IDENT required from your host." , mynumeric
-> content
, np
-> ident
, trusts_cidr2str (& np
-> p_ipaddr
, th
-> nodebits
), POLICY_GLINE_DURATION
, ( intmax_t ) getnettime ());
70 if ( tg
-> maxperident
> 0 ) {
75 for ( th2
= tg
-> hosts
; th2
; th2
= th2
-> next
) {
76 for ( tnp
= th2
-> users
; tnp
; tnp
= nextbytrust ( tnp
)) {
77 if (! ircd_strcmp ( tnp
-> ident
, np
-> ident
))
82 if ( identcount
> tg
-> maxperident
) {
83 controlwall ( NO_OPER
, NL_TRUSTS
, "Hard ident limit exceeded: ' %s ' %s ! %s @ %s , %d connected, %d max." , tg
-> name
-> content
, np
-> nick
, np
-> ident
, np
-> host
-> name
-> content
, identcount
, tg
-> maxperident
);
86 irc_send ( " %s GL * + %s @ %s %d %j d :Too many connections from your user." , mynumeric
-> content
, np
-> ident
, trusts_cidr2str (& np
-> p_ipaddr
, th
-> nodebits
), POLICY_GLINE_DURATION
, ( intmax_t ) getnettime ());
90 if ( tg
-> count
< tg
-> maxusage
)
91 tg
-> exts
[ countext
] = ( void *)( long ) tg
-> count
;
96 countext
= registertgext ( "count" );
102 m
= getconfigitem ( "trusts_policy" , "enforcepolicy" );
104 enforcepolicy
= atoi ( m
-> content
);
106 registerhook ( HOOK_TRUSTS_NEWNICK
, policycheck
);
107 registerhook ( HOOK_TRUSTS_LOSTNICK
, policycheck
);
114 releasetgext ( countext
);
116 deregisterhook ( HOOK_TRUSTS_NEWNICK
, policycheck
);
117 deregisterhook ( HOOK_TRUSTS_LOSTNICK
, policycheck
);