Counts don't currently contain those of subsetted trustgroups, or display them.
Also need more extensive testing.
TRUSTS_NEWNICK/LOSTNICK have a move parameter now, for when they shouldn't enforce things like glines.
#define HOOK_TRUSTS_DB_CLOSED 900 /* No arg */
#define HOOK_TRUSTS_DB_LOADED 901 /* No arg */
-#define HOOK_TRUSTS_NEWNICK 902 /* Argument is nick* */
-#define HOOK_TRUSTS_LOSTNICK 903 /* Argument is nick* */
+#define HOOK_TRUSTS_NEWNICK 902 /* Argument is void*[2] (nick*, long) */
+#define HOOK_TRUSTS_LOSTNICK 903 /* Argument is void*[2] (nick*, long) */
#define HOOK_TRUSTS_NEWGROUP 904 /* Argument is trustgroup* */
#define HOOK_TRUSTS_LOSTGROUP 905 /* Argument is trustgroup* */
#include <stdlib.h>
#include <string.h>
+#include <stdio.h>
#include "../lib/sstring.h"
#include "../core/hooks.h"
return result;
}
-/* should this return the largest, smallest or any match? currently the latter */
-trusthost *th_getsupersetbyhost(uint32_t ip, uint32_t mask) {
+trusthost *th_getbyhostandmask(uint32_t ip, uint32_t mask) {
trustgroup *tg;
trusthost *th;
for(tg=tglist;tg;tg=tg->next)
for(th=tg->hosts;th;th=th->next)
- if((th->ip & mask) == ip)
+ if((th->ip == ip) && (th->mask == mask))
return th;
return NULL;
}
+/* returns the ip with the smallest prefix that is still a superset of the given host */
+trusthost *th_getsmallestsupersetbyhost(uint32_t ip, uint32_t mask) {
+ trustgroup *tg;
+ trusthost *th, *result = NULL;
+ uint32_t smask;
+
+ for(tg=tglist;tg;tg=tg->next) {
+ for(th=tg->hosts;th;th=th->next) {
+ if(th->ip == (ip & th->mask)) {
+ if((th->mask < mask) && (!result || (th->mask > smask))) {
+ smask = th->mask;
+ result = th;
+ }
+ }
+ }
+ }
+
+ return result;
+}
+
+/* returns the first ip that is a subset it comes across */
+trusthost *th_getsubsetbyhost(uint32_t ip, uint32_t mask) {
+ trustgroup *tg;
+ trusthost *th;
+
+ for(tg=tglist;tg;tg=tg->next)
+ for(th=tg->hosts;th;th=th->next)
+ if((th->ip & mask) == ip)
+ if(th->mask > mask)
+ return th;
+
+ return NULL;
+}
+
+void th_getsuperandsubsets(uint32_t ip, uint32_t mask, trusthost **superset, trusthost **subset) {
+ *superset = th_getsmallestsupersetbyhost(ip, mask);
+ *subset = th_getsubsetbyhost(ip, mask);
+}
+
void trusts_flush(void) {
trustgroup *tg;
trusthost *th;
return NULL;
}
+
+void th_adjusthosts(trusthost *th, trusthost *superset, trusthost *subset) {
+ /*
+ * First and foremost, CIDR doesn't allow hosts to cross boundaries, i.e. everything with a smaller prefix
+ * is entirely contained with the prefix that is one smaller.
+ * e.g. 0.0.0.0/23, 0.0.0.128/23, you can't have a single prefix for 0.0.0.64-0.0.0.192, instead
+ * you have two, 0.0.0.64/26 and 0.0.0.128/26.
+ *
+ * This makes the code MUCH easier as the entire thing is one huge set/tree.
+ *
+ * Four cases here:
+ * 1: host isn't covered by any existing hosts.
+ * 2: host is covered by a less specific one only, e.g. adding 0.0.0.1/32, while 0.0.0.0/24 already exists.
+ * 3: host is covered by a more specific one only, e.g. adding 0.0.0.0/24 while 0.0.0.1/32 already exists
+ * (note there might be more than one more specific host, e.g. 0.0.0.1/32 and 0.0.0.2/32).
+ * 4: covered by more and less specific cases, e.g. adding 0.0.0.0/24 to: { 0.0.0.1/32, 0.0.0.2/32, 0.0.0.0/16 }.
+ *
+ * CASE 1
+ * ------
+ *
+ * !superset && !subset
+ *
+ * Scan through the host hash and add any clients which match our host, this is exactly the same as case 3
+ * but without needing to check (though checking doesn't hurt), so we'll just use the code for that.
+ *
+ * CASE 2
+ * ------
+ *
+ * superset && !subset
+ *
+ * We have the less specific host in 'superset', we know it is the only one so pull out clients in it's
+ * ->users list matching our new host.
+ * No need to look for extra hosts in the main nick hash as they're all covered already.
+ *
+ * CASE 3
+ * ------
+ *
+ * !superset && subset
+ *
+ * We have one host in 'subset', but there might be more than one, we don't care though!
+ * We can scan the entire host hash and pull out any hosts that match us and don't have
+ * a trust group already, this ignores any with a more specific prefix.
+ *
+ * CASE 4
+ * ------
+ *
+ * superset && subset
+ *
+ * Here we first fix up the ones less specific then us, so we just perform what we did for case 2,
+ * then we perform what we did for case 3.
+ *
+ * So in summary:
+ * CASE 1: DO 3
+ * CASE 2: (work)
+ * CASE 3: (work)
+ * CASE 4: DO 2; DO 3
+ * Or:
+ * if(2 || 4) : DO 2
+ * if(1 || 3 || 4): DO 3
+ */
+
+ /* we let the compiler do the boolean minimisation for clarity reasons */
+
+ if((superset && !subset) || (superset && subset)) { /* cases 2 and 4 */
+ nick *np, *nnp;
+ for(np=superset->users;np;np=nnp) {
+ nnp = nextbytrust(np);
+ if((irc_in_addr_v4_to_int(&np->p_ipaddr) & th->mask) == th->ip) {
+ trusts_lostnick(np, 1);
+ trusts_newnick(np, 1);
+ }
+ }
+ }
+
+ if((!superset && !subset) || (!superset && subset) || (superset && subset)) { /* cases 1, 3 and 4 */
+ nick *np;
+ int i;
+
+ for(i=0;i<NICKHASHSIZE;i++)
+ for(np=nicktable[i];np;np=np->next)
+ if(!gettrusthost(np) && ((irc_in_addr_v4_to_int(&np->p_ipaddr) & th->mask) == th->ip))
+ trusts_newnick(np, 1);
+ }
+}
}
trusthost *th_new(trustgroup *tg, char *host) {
- trusthost *th = th_add(tg, thmaxid + 1, host, 0, 0);
+ trusthost *th, *superset, *subset;
+ u_int32_t ip, mask;
+
+ /* ugh */
+ if(!trusts_str2cidr(host, &ip, &mask))
+ return NULL;
+
+ th_getsuperandsubsets(ip, mask, &superset, &subset);
+
+ th = th_add(tg, thmaxid + 1, host, 0, 0);
if(!th)
return NULL;
"Tuusut", "hosts", th->id, tg->id, trusts_cidr2str(th->ip, th->mask), th->maxusage, th->lastseen
);
- /* fix up stuff in memory */
+ th_adjusthosts(th, subset, superset);
return th;
}
static void __counthandler(int hooknum, void *arg);
-static void __newnick(int hooknum, void *arg) {
- nick *sender = arg;
+void trusts_newnick(nick *sender, int moving) {
uint32_t host;
trusthost *th;
+ void *arg[2];
host = irc_in_addr_v4_to_int(&sender->p_ipaddr);
th = th_getbyhost(host);
/* sucks we have to do this, at least until we get priority hooks */
__counthandler(HOOK_TRUSTS_NEWNICK, sender);
- triggerhook(HOOK_TRUSTS_NEWNICK, sender);
+
+ arg[0] = sender;
+ arg[1] = (void *)(long)moving;
+ triggerhook(HOOK_TRUSTS_NEWNICK, arg);
}
-static void __lostnick(int hooknum, void *arg) {
- nick *sender = arg, *np, *lp;
+static void __newnick(int hooknum, void *arg) {
+ trusts_newnick(arg, 0);
+}
+
+void trusts_lostnick(nick *sender, int moving) {
+ nick *np, *lp;
trusthost *th = gettrusthost(sender);
+ void *arg[2];
if(!th)
return;
__counthandler(HOOK_TRUSTS_LOSTNICK, sender);
- triggerhook(HOOK_TRUSTS_LOSTNICK, sender);
+
+ arg[0] = sender;
+ arg[1] = (void *)(long)moving;
+ triggerhook(HOOK_TRUSTS_LOSTNICK, arg);
/*
* we need to erase this nick from the trusthost list
}
}
+static void __lostnick(int hooknum, void *arg) {
+ trusts_lostnick(arg, 0);
+}
+
static void __counthandler(int hooknum, void *arg) {
time_t t = time(NULL);
trusthost *th = gettrusthost((nick *)arg);
void tg_free(trustgroup *);
trustgroup *tg_add(unsigned int, char *, unsigned int, int, unsigned int, unsigned int, time_t, time_t, time_t, char *, char *, char *);
trusthost *th_getbyhost(uint32_t);
-trusthost *th_getsupersetbyhost(uint32_t, uint32_t);
-trustgroup *tg_strtotg(char *name);
+trusthost *th_getbyhostandmask(uint32_t, uint32_t);
+trusthost *th_getsmallestsupersetbyhost(uint32_t, uint32_t);
+trustgroup *tg_strtotg(char *);
+void th_adjusthosts(trusthost *th, trusthost *, trusthost *);
+void th_getsuperandsubsets(uint32_t, uint32_t, trusthost **, trusthost **);
+trusthost *th_getsubsetbyhost(uint32_t, uint32_t);
/* migration.c */
typedef void (*TrustMigrationGroup)(void *, unsigned int, char *, unsigned int, unsigned int, unsigned int, unsigned int, time_t, time_t, time_t, char *, char *, char *);
/* db-migration.c */
typedef void (*TrustDBMigrationCallback)(int, void *);
+/* events.c */
+void trusts_newnick(nick *, int);
+void trusts_lostnick(nick *, int);
+
#endif
nick *sender = source;
char *host;
uint32_t ip, mask;
- trusthost *th;
+ trusthost *th, *superset, *subset;
if(cargc < 2)
return CMD_USAGE;
return CMD_ERROR;
}
- th = th_getbyhost(ip);
- if(th) {
- if(mask == th->mask) {
- controlreply(sender, "This host already exists with the same mask.");
+ /* OKAY! Lots of checking here!
+ *
+ * Need to check:
+ * - host isn't already covered by given group (reject if it is)
+ * - host doesn't already exist exactly already (reject if it does)
+ * - host is more specific than an existing one (warn if it is, fix up later)
+ * - host is less specific than an existing one (warn if it is, don't need to do anything special)
+ */
+
+ for(th=tg->hosts;th;th=th->next) {
+ if(th->ip == (ip & th->mask)) {
+ controlreply(sender, "This host (or part of it) is already covered in the given group.");
return CMD_ERROR;
}
- if(mask > th->mask) {
- /* this mask is a closer fit */
+ }
- controlreply(sender, "Warning: this host will override another (%s), as it has smaller prefix (group: %s).", trusts_cidr2str(th->ip, th->mask), th->group->name->content);
- controlreply(sender, "Adding anyway...");
- }
- } else {
- th = th_getsupersetbyhost(ip, mask);
- if(th) {
- controlreply(sender, "Warning: this host is already covered by a smaller prefix (%s), which will remain part of that group: %s", trusts_cidr2str(th->ip, th->mask), th->group->name->content);
- controlreply(sender, "Adding anyway...");
- }
+ if(th_getbyhostandmask(ip, mask)) {
+ controlreply(sender, "This host already exists in another group with the same mask.");
+ return CMD_ERROR;
+ }
+
+ /* this function will set both to NULL if it's equal, hence the check above */
+ th_getsuperandsubsets(ip, mask, &superset, &subset);
+ if(superset) {
+ /* a superset exists for us, we will be more specific than one existing host */
+
+ controlreply(sender, "Warning: this host already exists in another group, but this new host will override it as it has a smaller prefix.");
+ }
+ if(subset) {
+ /* a subset of us exists, we will be less specific than some existing hosts */
+
+ controlreply(sender, "Warning: this host already exists in at least one other group, the new host has a larger prefix and therefore will not override those hosts.");
}
+ if(superset || subset)
+ controlreply(sender, "Adding anyway...");
th = th_new(tg, host);
if(!th) {
static int countext;
static void policycheck(int hooknum, void *arg) {
- nick *np = arg;
+ void **args = arg;
+ nick *np = args[0];
+ long moving = (long)args[1];
trusthost *th = gettrusthost(np);
trustgroup *tg = th->group;
+ if(moving)
+ return;
+
/*
* the purpose of this logic is to avoid spam like this:
* WARNING: tgX exceeded limit: 11 connected vs 10 max
projects / irc / quakenet / newserv.git / commitdiff
