Implement for unthrottling trusted IP addresses using IAuth.

--HG--
branch : throttle

diff --git a/trusts/trusts.h b/trusts/trusts.h
index 542bfc8f5acf0a029d2ac47f4a55eeafe8a2397c..bbaa9b6ce449c0f220caa11c65823e7684247d57 100644 (file)
--- a/trusts/trusts.h
+++ b/trusts/trusts.h
@@ -43,6 +43,7 @@
 #define TRUST_NO_CLEANUP 2
 #define TRUST_PROTECTED 4
 #define TRUST_RELIABLE_USERNAME 8
+#define TRUST_UNTHROTTLE 16
 
 #define TRUST_MIN_UNPRIVILEGED_BITS_IPV4 (96 + 20)
 #define TRUST_MIN_UNPRIVILEGED_BITS_IPV6 32

diff --git a/trusts/trusts_commands.c b/trusts/trusts_commands.c
index baa7f1544aa03c47a9214dc02828e42a1402bbf4..820a4a600ac9b1c66236f10a7752542598fc0a77 100644 (file)
--- a/trusts/trusts_commands.c
+++ b/trusts/trusts_commands.c
@@ -147,6 +147,13 @@ static char *formatflags(int flags) {
     strncat(buf, "reliable username", 512);
   }
 
+  if(flags & TRUST_UNTHROTTLE) {
+    if(buf[0])
+      strncat(buf, ", ", 512);
+
+    strncat(buf, "unthrottled", 512);
+  }
+
   buf[512-1] = '\0';
 
   return buf;

diff --git a/trusts/trusts_management.c b/trusts/trusts_management.c
index f691ebc2cc37a230a393c3f6844747f934b35718..8aaa56840908e049def24ded3e05a43efb5b9896 100644 (file)
--- a/trusts/trusts_management.c
+++ b/trusts/trusts_management.c
@@ -401,6 +401,20 @@ static int modifyreliableusername(void *arg, char *num, nick *source, int overri
   return 1;
 }
 
+static int modifyunthrottle(void *arg, char *num, nick *source, int override) {
+  trustgroup *tg = arg;
+
+  if(num[0] == '1') {
+    tg->flags |= TRUST_UNTHROTTLE;
+  } else if(num[0] == '0') {
+    tg->flags &= ~TRUST_UNTHROTTLE;
+  } else {
+    return 0;
+  }
+
+  return 1;
+}
+
 static int modifyexpires(void *arg, char *expires, nick *source, int override) {
   trustgroup *tg = arg;
   int howlong = durationtolong(expires);
@@ -803,6 +817,7 @@ static void setupmods(void) {
   MSGROUP(trustedfor);
   MSGROUP(cleanup);
   MSGROUP(protected);
+  MSGROUP(unthrottle);
 
   MSHOST(maxpernode);
   MSHOST(nodebits);

diff --git a/trusts/trusts_policy.c b/trusts/trusts_policy.c
index a8d9c141cc56d4c34996023c337f3df0ff7ec157..fba1c4cfc09ebb6cb18c36473abc1db540a8a597 100644 (file)
--- a/trusts/trusts_policy.c
+++ b/trusts/trusts_policy.c
@@ -64,9 +64,12 @@ typedef struct trustaccount {
 
 trustaccount trustaccounts[MAXSERVERS];
 
-static int checkconnectionth(const char *username, struct irc_in_addr *ip, trusthost *th, int hooknum, int usercountadjustment, char *message, size_t messagelen) {
+static int checkconnectionth(const char *username, struct irc_in_addr *ip, trusthost *th, int hooknum, int usercountadjustment, char *message, size_t messagelen, int *unthrottle) {
   trustgroup *tg;
 
+  if (unthrottle)
+    *unthrottle = 0;
+
   if(messagelen>0)
     message[0] = '\0';
   
@@ -140,14 +143,10 @@ static int checkconnectionth(const char *username, struct irc_in_addr *ip, trust
   if(tg->trustedfor > 0)
     snprintf(message, messagelen, "Trust has %d out of %d allowed connections.", tg->count + usercountadjustment, tg->trustedfor);
 
-  return POLICY_SUCCESS;
-}
+  if(unthrottle && (tg->flags & TRUST_UNTHROTTLE))
+    *unthrottle = 1; /* TODO: Do _some_ kind of rate-limiting */
 
-static int checkconnection(const char *username, struct irc_in_addr *ip, int hooknum, int cloneadjustment, char *message, size_t messagelen) {
-  struct irc_in_addr ip_canonicalized;
-  ip_canonicalize_tunnel(&ip_canonicalized, ip);
-
-  return checkconnectionth(username, &ip_canonicalized, th_getbyhost(&ip_canonicalized), hooknum, cloneadjustment, message, messagelen);
+  return POLICY_SUCCESS;
 }
 
 static int trustdowrite(trustsocket *sock, char *format, ...) {
@@ -171,16 +170,18 @@ static int trustdowrite(trustsocket *sock, char *format, ...) {
 
 static int policycheck_auth(trustsocket *sock, const char *sequence_id, const char *username, const char *host) {
   char message[512];
-  int verdict;
-  struct irc_in_addr ip;
+  int verdict, unthrottle;
+  struct irc_in_addr ip, ip_canonicalized;
   unsigned char bits;
+  trustsocket *ts;
   
   if(!ipmask_parse(host, &ip, &bits)) {
     sock->accepted++;
     return trustdowrite(sock, "PASS %s", sequence_id);
   }
-  
-  verdict = checkconnection(username, &ip, HOOK_TRUSTS_NEWNICK, 1, message, sizeof(message));
+
+  ip_canonicalize_tunnel(&ip_canonicalized, &ip);
+  verdict = checkconnectionth(username, &ip_canonicalized, th_getbyhost(&ip_canonicalized), HOOK_TRUSTS_NEWNICK, 1, message, sizeof(message), &unthrottle);
 
   if(!enforcepolicy_auth)
     verdict = POLICY_SUCCESS;
@@ -188,6 +189,11 @@ static int policycheck_auth(trustsocket *sock, const char *sequence_id, const ch
   if (verdict == POLICY_SUCCESS) {
     sock->accepted++;
 
+    if (unthrottle) {
+      for (ts = tslist; ts; ts = ts->next)
+        trustdowrite(ts, "UNTHROTTLE %s", IPtostr(ip));
+    }
+
     if(message[0])
       return trustdowrite(sock, "PASS %s %s", sequence_id, message);
     else
@@ -484,7 +490,7 @@ static void policycheck_irc(int hooknum, void *arg) {
 
   ip_canonicalize_tunnel(&ipaddress_canonical, &np->ipaddress);
 
-  verdict = checkconnectionth(np->ident, &ipaddress_canonical, gettrusthost(np), hooknum, 0, message, sizeof(message));
+  verdict = checkconnectionth(np->ident, &ipaddress_canonical, gettrusthost(np), hooknum, 0, message, sizeof(message), NULL);
     
   if(!enforcepolicy_irc)
     verdict = POLICY_SUCCESS;