]>
jfr.im git - irc/quakenet/newserv.git/blob - trusts/trusts_policy.c
1 #include "../core/hooks.h"
2 #include "../core/config.h"
3 #include "../control/control.h"
4 #include "../lib/irc_string.h"
5 #include "../irc/irc.h"
6 #include "../glines/glines.h"
9 static int countext
, enforcepolicy
;
11 static void policycheck ( int hooknum
, void * arg
) {
14 long moving
= ( long ) args
[ 1 ];
15 trusthost
* th
= gettrusthost ( np
);
17 patricia_node_t
* head
, * node
;
28 head
= refnode ( iptree
, & np
-> p_nodeaddr
, th
-> nodebits
);
29 PATRICIA_WALK ( head
, node
)
31 nodecount
+= node
-> usercount
;
34 derefnode ( iptree
, head
);
36 if ( th
-> maxpernode
&& nodecount
> th
-> maxpernode
) {
37 controlwall ( NO_OPER
, NL_TRUSTS
, "Hard connection limit exceeded on subnet: %s (group: %s ) %d connected, %d max." , trusts_cidr2str (& np
-> p_nodeaddr
, th
-> nodebits
), tg
-> name
-> content
, nodecount
, th
-> maxpernode
);
40 glinebynick ( np
, POLICY_GLINE_DURATION
, "Too many connections from your host." , GLINE_IGNORE_TRUST
);
46 * the purpose of this logic is to avoid spam like this:
47 * WARNING: tgX exceeded limit: 11 connected vs 10 max
48 * (goes back down to 10)
49 * WARNING: tgX exceeded limit: 11 connected vs 10 max
52 if ( hooknum
== HOOK_TRUSTS_NEWNICK
) {
53 if ( tg
-> trustedfor
&& tg
-> count
> tg
-> trustedfor
) {
55 if(tg->count > (long)tg->exts[countext]) {
57 tg->exts[countext] = (void *)(long)tg->count;
59 controlwall ( NO_OPER
, NL_TRUSTS
, "Hard connection limit exceeded: ' %s ', %d connected, %d max." , tg
-> name
-> content
, tg
-> count
, tg
-> trustedfor
);
64 if (( tg
-> mode
== 1 ) && ( np
-> ident
[ 0 ] == '~' )) {
65 controlwall ( NO_OPER
, NL_TRUSTS
, "Ident required: ' %s ' %s ! %s @ %s ." , tg
-> name
-> content
, np
-> nick
, np
-> ident
, np
-> host
-> name
-> content
);
68 glinebynick ( np
, POLICY_GLINE_DURATION
, "IDENT required from your host." , GLINE_ALWAYS_USER
| GLINE_IGNORE_TRUST
);
71 if ( tg
-> maxperident
> 0 ) {
76 for ( th2
= tg
-> hosts
; th2
; th2
= th2
-> next
) {
77 for ( tnp
= th2
-> users
; tnp
; tnp
= nextbytrust ( tnp
)) {
78 if (! ircd_strcmp ( tnp
-> ident
, np
-> ident
))
83 if ( identcount
> tg
-> maxperident
) {
84 controlwall ( NO_OPER
, NL_TRUSTS
, "Hard ident limit exceeded: ' %s ' %s ! %s @ %s , %d connected, %d max." , tg
-> name
-> content
, np
-> nick
, np
-> ident
, np
-> host
-> name
-> content
, identcount
, tg
-> maxperident
);
87 glinebynick ( np
, POLICY_GLINE_DURATION
, "Too many connections from your user." , GLINE_ALWAYS_USER
| GLINE_IGNORE_TRUST
);
91 if ( tg
-> count
< tg
-> maxusage
)
92 tg
-> exts
[ countext
] = ( void *)( long ) tg
-> count
;
96 static int trusts_cmdtrustpolicy ( void * source
, int cargc
, char ** cargv
) {
97 nick
* sender
= source
;
100 controlreply ( sender
, "Trust policy enforcement is currently %s ." , enforcepolicy
? "enabled" : "disabled" );
104 enforcepolicy
= atoi ( cargv
[ 0 ]);
105 controlwall ( NO_OPER
, NL_TRUSTS
, " %s %s trust policy enforcement." , controlid ( sender
), enforcepolicy
? "enabled" : "disabled" );
106 controlreply ( sender
, "Trust policy enforcement is now %s ." , enforcepolicy
? "enabled" : "disabled" );
112 countext
= registertgext ( "count" );
118 m
= getconfigitem ( "trusts_policy" , "enforcepolicy" );
120 enforcepolicy
= atoi ( m
-> content
);
122 registerhook ( HOOK_TRUSTS_NEWNICK
, policycheck
);
123 registerhook ( HOOK_TRUSTS_LOSTNICK
, policycheck
);
125 registercontrolhelpcmd ( "trustpolicy" , NO_DEVELOPER
, 1 , trusts_cmdtrustpolicy
, "Usage: trustpolicy ?1|0? \n Enables or disables policy enforcement. Shows current status when no parameter is specified." );
132 releasetgext ( countext
);
134 deregisterhook ( HOOK_TRUSTS_NEWNICK
, policycheck
);
135 deregisterhook ( HOOK_TRUSTS_LOSTNICK
, policycheck
);
137 deregistercontrolcmd ( "trustpolicy" , trusts_cmdtrustpolicy
);