]> jfr.im git - solanum.git/blame - ircd/authproc.c
projects / solanum.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Revert "Accept expired certificates"
[solanum.git] / ircd / authproc.c
CommitLineData
fb7d74ef
AC		 1/*
2 * authd.c: An interface to authd.
3 * (based somewhat on ircd-ratbox dns.c)
4 *
5 * Copyright (C) 2005 Aaron Sethman <androsyn@ratbox.org>
6 * Copyright (C) 2005-2012 ircd-ratbox development team
3fc0499e 7 * Copyright (C) 2016 Ariadne Conill <ariadne@dereferenced.org>
fb7d74ef
AC		 8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
22 * USA
23 */
24
d3f6b808
EM		 25#include "stdinc.h"
26#include "rb_lib.h"
27#include "client.h"
28#include "ircd_defs.h"
29#include "parse.h"
64fae260 30#include "authproc.h"
d3f6b808
EM		 31#include "match.h"
32#include "logger.h"
33#include "s_conf.h"
34#include "s_stats.h"
35#include "client.h"
36#include "packet.h"
37#include "hash.h"
38#include "send.h"
39#include "numeric.h"
40#include "msg.h"
41#include "dns.h"
fb7d74ef 42
ae0a0585
EM		 43typedef void (*authd_cb_t)(int, char **);
44
45struct authd_cb
46{
47 authd_cb_t fn;
48 int min_parc;
49};
50
fb7d74ef
AC		 51static int start_authd(void);
52static void parse_authd_reply(rb_helper * helper);
53static void restart_authd_cb(rb_helper * helper);
ef0b13b9 54static EVH timeout_dead_authd_clients;
fb7d74ef 55
ae0a0585
EM		 56static void cmd_accept_client(int parc, char **parv);
57static void cmd_reject_client(int parc, char **parv);
58static void cmd_dns_result(int parc, char **parv);
59static void cmd_notice_client(int parc, char **parv);
60static void cmd_oper_warn(int parc, char **parv);
61static void cmd_stats_results(int parc, char **parv);
62
fb7d74ef
AC		 63rb_helper *authd_helper;
64static char *authd_path;
65
50808796 66uint32_t cid;
d3f6b808 67static rb_dictionary *cid_clients;
ef0b13b9 68static struct ev_entry *timeout_ev;
d3f6b808 69
e02cc991 70rb_dictionary *dnsbl_stats = NULL;
d3f6b808 71
5e9a3f86
EM		 72rb_dlink_list opm_list;
73struct OPMListener opm_listeners[LISTEN_LAST];
74
ae0a0585
EM		 75static struct authd_cb authd_cmd_tab[256] =
76{
77 ['A'] = { cmd_accept_client, 4 },
78 ['E'] = { cmd_dns_result, 5 },
79 ['N'] = { cmd_notice_client, 3 },
80 ['R'] = { cmd_reject_client, 7 },
81 ['W'] = { cmd_oper_warn, 3 },
82 ['X'] = { cmd_stats_results, 3 },
83 ['Y'] = { cmd_stats_results, 3 },
84 ['Z'] = { cmd_stats_results, 3 },
85};
86
fb7d74ef
AC		 87static int
88start_authd(void)
89{
90 char fullpath[PATH_MAX + 1];
8f0c3422 91
fb7d74ef
AC		 92 if(authd_path == NULL)
93 {
8f0c3422 94 snprintf(fullpath, sizeof(fullpath), "%s/authd", ircd_paths[IRCD_PATH_LIBEXEC]);
fb7d74ef
AC		 95
96 if(access(fullpath, X_OK) == -1)
97 {
8f0c3422 98 snprintf(fullpath, sizeof(fullpath), "%s/bin/authd", ConfigFileEntry.dpath);
fb7d74ef
AC		 99 if(access(fullpath, X_OK) == -1)
100 {
7ad083b0
EM		 101 ierror("Unable to execute authd in %s or %s/bin",
102 ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
a9227555 103 sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
4d8cfacd
AC		 104 "Unable to execute authd in %s or %s/bin",
105 ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
fb7d74ef
AC		 106 return 1;
107 }
108
109 }
110
111 authd_path = rb_strdup(fullpath);
112 }
113
d3f6b808
EM		 114 if(cid_clients == NULL)
115 cid_clients = rb_dictionary_create("authd cid to uid mapping", rb_uint32cmp);
116
ef0b13b9
EM		 117 if(timeout_ev == NULL)
118 timeout_ev = rb_event_addish("timeout_dead_authd_clients", timeout_dead_authd_clients, NULL, 1);
119
fb7d74ef
AC		 120 authd_helper = rb_helper_start("authd", authd_path, parse_authd_reply, restart_authd_cb);
121
122 if(authd_helper == NULL)
123 {
7ad083b0 124 ierror("Unable to start authd helper: %s", strerror(errno));
a9227555 125 sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Unable to start authd helper: %s", strerror(errno));
fb7d74ef
AC		 126 return 1;
127 }
e7c4ecd5 128
fb7d74ef 129 ilog(L_MAIN, "authd helper started");
a9227555 130 sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "authd helper started");
fb7d74ef
AC		 131 rb_helper_run(authd_helper);
132 return 0;
133}
134
6a7bb6f1
EM		 135static inline uint32_t
136str_to_cid(const char *str)
137{
138 long lcid = strtol(str, NULL, 16);
139
140 if(lcid > UINT32_MAX || lcid <= 0)
141 {
142 iwarn("authd sent us back a bad client ID: %lx", lcid);
143 restart_authd();
144 return 0;
145 }
146
147 return (uint32_t)lcid;
148}
149
150static inline struct Client *
5cbd46a8 151cid_to_client(uint32_t ncid, bool del)
6a7bb6f1
EM		 152{
153 struct Client *client_p;
154
5cbd46a8
AJ		 155 if(del)
156 client_p = rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(ncid));
6a7bb6f1 157 else
5cbd46a8 158 client_p = rb_dictionary_retrieve(cid_clients, RB_UINT_TO_POINTER(ncid));
6a7bb6f1 159
61d1befa
EM		 160 /* If the client's not found, that's okay, it may have already gone away.
161 * --Elizafox */
6a7bb6f1
EM		 162
163 return client_p;
164}
165
adfe7b83 166static inline struct Client *
5cbd46a8 167str_cid_to_client(const char *str, bool del)
adfe7b83 168{
5cbd46a8 169 uint32_t ncid = str_to_cid(str);
adfe7b83 170
5cbd46a8 171 if(ncid == 0)
adfe7b83
EM		 172 return NULL;
173
5cbd46a8 174 return cid_to_client(ncid, del);
adfe7b83
EM		 175}
176
fb7d74ef 177static void
ae0a0585 178cmd_accept_client(int parc, char **parv)
fb7d74ef 179{
d3f6b808 180 struct Client *client_p;
6d0fafec 181
ae0a0585
EM		 182 /* cid to uid (retrieve and delete) */
183 if((client_p = str_cid_to_client(parv[1], true)) == NULL)
184 return;
394b8dde 185
ae0a0585
EM		 186 authd_accept_client(client_p, parv[2], parv[3]);
187}
fb7d74ef 188
ae0a0585
EM		 189static void
190cmd_dns_result(int parc, char **parv)
191{
192 dns_results_callback(parv[1], parv[2], parv[3], parv[4]);
193}
d3f6b808 194
ae0a0585
EM		 195static void
196cmd_notice_client(int parc, char **parv)
197{
198 struct Client *client_p;
d3f6b808 199
1a16d47e
EK		 200 if ((client_p = str_cid_to_client(parv[1], false)) == NULL)
201 return;
202
203 if (IsAnyDead(client_p))
ae0a0585 204 return;
d3f6b808 205
ae0a0585
EM		 206 sendto_one_notice(client_p, ":%s", parv[2]);
207}
d3f6b808 208
ae0a0585
EM		 209static void
210cmd_reject_client(int parc, char **parv)
211{
212 struct Client *client_p;
50808796 213
ae0a0585
EM		 214 /* cid to uid (retrieve and delete) */
215 if((client_p = str_cid_to_client(parv[1], true)) == NULL)
216 return;
cc4d3931 217
ae0a0585
EM		 218 authd_reject_client(client_p, parv[3], parv[4], toupper(*parv[2]), parv[5], parv[6]);
219}
adfe7b83 220
ae0a0585
EM		 221static void
222cmd_oper_warn(int parc, char **parv)
223{
e2a8228f 224 switch(*parv[1])
ae0a0585
EM		 225 {
226 case 'D': /* Debug */
f085388a 227 sendto_realops_snomask(SNO_DEBUG, L_NETWIDE, "authd debug: %s", parv[2]);
e2a8228f 228 idebug("authd: %s", parv[2]);
ae0a0585
EM		 229 break;
230 case 'I': /* Info */
f085388a 231 sendto_realops_snomask(SNO_DEBUG, L_NETWIDE, "authd info: %s", parv[2]);
e2a8228f 232 inotice("authd: %s", parv[2]);
ae0a0585
EM		 233 break;
234 case 'W': /* Warning */
687f290a 235 sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "authd WARNING: %s", parv[2]);
e2a8228f 236 iwarn("authd: %s", parv[2]);
ae0a0585
EM		 237 break;
238 case 'C': /* Critical (error) */
687f290a 239 sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "authd CRITICAL: %s", parv[2]);
e2a8228f 240 ierror("authd: %s", parv[2]);
ae0a0585
EM		 241 break;
242 default: /* idk */
687f290a 243 sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "authd sent us an unknown oper notice type (%s): %s", parv[1], parv[2]);
e2a8228f 244 ilog(L_MAIN, "authd unknown oper notice type (%s): %s", parv[1], parv[2]);
ae0a0585
EM		 245 break;
246 }
247}
0a659bf0 248
ae0a0585
EM		 249static void
250cmd_stats_results(int parc, char **parv)
251{
252 /* Select by type */
253 switch(*parv[2])
254 {
255 case 'D':
256 /* parv[0] conveys status */
257 if(parc < 4)
258 {
259 iwarn("authd sent a result with wrong number of arguments: got %d", parc);
260 restart_authd();
261 return;
262 }
263 dns_stats_results_callback(parv[1], parv[0], parc - 3, (const char **)&parv[3]);
264 break;
265 default:
266 break;
267 }
268}
269
270static void
271parse_authd_reply(rb_helper * helper)
272{
273 ssize_t len;
274 int parc;
6d0fafec 275 char buf[READBUF_SIZE];
33ded5fc 276 char *parv[MAXPARA];
0a659bf0 277
6d0fafec 278 while((len = rb_helper_read(helper, buf, sizeof(buf))) > 0)
ae0a0585
EM		 279 {
280 struct authd_cb *cmd;
281
33ded5fc 282 parc = rb_string_to_array(buf, parv, sizeof(parv));
1729f46e 283 cmd = &authd_cmd_tab[(unsigned char)*parv[0]];
ae0a0585
EM		 284 if(cmd->fn != NULL)
285 {
286 if(cmd->min_parc > parc)
394b8dde 287 {
ae0a0585
EM		 288 iwarn("authd sent a result with wrong number of arguments: expected %d, got %d",
289 cmd->min_parc, parc);
394b8dde 290 restart_authd();
ae0a0585 291 continue;
394b8dde
EM		 292 }
293
ae0a0585 294 cmd->fn(parc, parv);
fb7d74ef 295 }
b0326abd
EM		 296 else
297 {
298 iwarn("authd sent us a bad command type: %c", *parv[0]);
299 restart_authd();
300 continue;
301 }
fb7d74ef
AC		 302 }
303}
304
305void
306init_authd(void)
307{
308 if(start_authd())
309 {
7ad083b0 310 ierror("Unable to start authd helper: %s", strerror(errno));
fb7d74ef
AC		 311 exit(0);
312 }
313}
314
d3f6b808
EM		 315void
316configure_authd(void)
317{
5e9a3f86 318 /* Timeouts */
d3f6b808
EM		 319 set_authd_timeout("ident_timeout", GlobalSetOptions.ident_timeout);
320 set_authd_timeout("rdns_timeout", ConfigFileEntry.connect_timeout);
50808796 321 set_authd_timeout("rbl_timeout", ConfigFileEntry.connect_timeout);
5e9a3f86 322
50808796 323 ident_check_enable(!ConfigFileEntry.disable_auth);
5e9a3f86
EM		 324
325 /* Configure OPM */
326 if(rb_dlink_list_length(&opm_list) > 0 &&
327 (opm_listeners[LISTEN_IPV4].ipaddr[0] != '\0' ||
328 opm_listeners[LISTEN_IPV6].ipaddr[0] != '\0'))
329 {
330 rb_dlink_node *ptr;
331
332 if(opm_listeners[LISTEN_IPV4].ipaddr[0] != '\0')
333 rb_helper_write(authd_helper, "O opm_listener %s %hu",
334 opm_listeners[LISTEN_IPV4].ipaddr, opm_listeners[LISTEN_IPV4].port);
335
5e9a3f86
EM		 336 if(opm_listeners[LISTEN_IPV6].ipaddr[0] != '\0')
337 rb_helper_write(authd_helper, "O opm_listener %s %hu",
338 opm_listeners[LISTEN_IPV6].ipaddr, opm_listeners[LISTEN_IPV6].port);
5e9a3f86
EM		 339
340 RB_DLINK_FOREACH(ptr, opm_list.head)
341 {
342 struct OPMScanner *scanner = ptr->data;
343 rb_helper_write(authd_helper, "O opm_scanner %s %hu",
344 scanner->type, scanner->port);
345 }
346
347 opm_check_enable(true);
348 }
349 else
350 opm_check_enable(false);
fbc97166
AJ		 351
352 /* Configure DNSBLs */
e02cc991 353 if (dnsbl_stats != NULL)
fbc97166 354 {
e02cc991
AJ		 355 rb_dictionary_iter iter;
356 struct DNSBLEntry *entry;
357 RB_DICTIONARY_FOREACH(entry, &iter, dnsbl_stats)
358 {
359 rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", entry->host,
360 entry->iptype, entry->filters, entry->reason);
361 }
fbc97166 362 }
d3f6b808
EM		 363}
364
e7c4ecd5
EM		 365static void
366authd_free_client(struct Client *client_p)
367{
368 if(client_p == NULL || client_p->preClient == NULL)
369 return;
370
371 if(client_p->preClient->auth.cid == 0)
372 return;
373
374 if(authd_helper != NULL)
375 rb_helper_write(authd_helper, "E %x", client_p->preClient->auth.cid);
376
377 client_p->preClient->auth.accepted = true;
378 client_p->preClient->auth.cid = 0;
379}
380
381static void
382authd_free_client_cb(rb_dictionary_element *delem, void *unused)
383{
384 struct Client *client_p = delem->data;
385 authd_free_client(client_p);
386}
387
388void
389authd_abort_client(struct Client *client_p)
390{
391 rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid));
392 authd_free_client(client_p);
393}
394
fb7d74ef
AC		 395static void
396restart_authd_cb(rb_helper * helper)
397{
f085388a 398 iwarn("authd helper died - attempting to restart");
519d9bc0 399 sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "authd helper died - attempting to restart");
e1582810 400
fb7d74ef
AC		 401 if(helper != NULL)
402 {
403 rb_helper_close(helper);
404 authd_helper = NULL;
405 }
e1582810 406
e7c4ecd5
EM		 407 rb_dictionary_destroy(cid_clients, authd_free_client_cb, NULL);
408 cid_clients = NULL;
e1582810 409
fb7d74ef 410 start_authd();
e2a8228f 411 configure_authd();
fb7d74ef
AC		 412}
413
414void
415restart_authd(void)
416{
5c5296c8 417 ierror("authd restarting...");
fb7d74ef
AC		 418 restart_authd_cb(authd_helper);
419}
420
421void
422rehash_authd(void)
423{
424 rb_helper_write(authd_helper, "R");
425}
426
427void
428check_authd(void)
429{
430 if(authd_helper == NULL)
431 restart_authd();
432}
d3f6b808
EM		 433
434static inline uint32_t
435generate_cid(void)
436{
437 if(++cid == 0)
438 cid = 1;
439
440 return cid;
441}
442
443/* Basically when this is called we begin handing off the client to authd for
444 * processing. authd "owns" the client until processing is finished, or we
445 * timeout from authd. authd will make a decision whether or not to accept the
446 * client, but it's up to other parts of the code (for now) to decide if we're
447 * gonna accept the client and ignore authd's suggestion.
448 *
449 * --Elizafox
762468f8
SA		 450 *
451 * If this is an SSL connection we must defer handing off the client for
452 * reading until it is open and we have the certificate fingerprint, otherwise
453 * it's possible for the client to immediately send data before authd completes
454 * and before the status of the connection is communicated via ssld. This data
455 * could then be processed too early by read_packet().
d3f6b808
EM		 456 */
457void
762468f8 458authd_initiate_client(struct Client *client_p, bool defer)
d3f6b808
EM		 459{
460 char client_ipaddr[HOSTIPLEN+1];
461 char listen_ipaddr[HOSTIPLEN+1];
462 uint16_t client_port, listen_port;
463 uint32_t authd_cid;
464
154dc91e 465 if(client_p->preClient == NULL || client_p->preClient->auth.cid != 0)
d3f6b808
EM		 466 return;
467
154dc91e 468 authd_cid = client_p->preClient->auth.cid = generate_cid();
d3f6b808
EM		 469
470 /* Collisions are extremely unlikely, so disregard the possibility */
50808796 471 rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), client_p);
d3f6b808
EM		 472
473 /* Retrieve listener and client IP's */
474 rb_inet_ntop_sock((struct sockaddr *)&client_p->preClient->lip, listen_ipaddr, sizeof(listen_ipaddr));
475 rb_inet_ntop_sock((struct sockaddr *)&client_p->localClient->ip, client_ipaddr, sizeof(client_ipaddr));
476
477 /* Retrieve listener and client ports */
d86692fa
EM		 478 listen_port = ntohs(GET_SS_PORT(&client_p->preClient->lip));
479 client_port = ntohs(GET_SS_PORT(&client_p->localClient->ip));
d3f6b808 480
762468f8
SA		 481 if(defer)
482 client_p->preClient->auth.flags |= AUTHC_F_DEFERRED;
483
59d42a9f 484 /* Add a bit of a fudge factor... */
154dc91e 485 client_p->preClient->auth.timeout = rb_current_time() + ConfigFileEntry.connect_timeout + 10;
d3f6b808 486
c6ad9b0c
SA		 487 rb_helper_write(authd_helper, "C %x %s %hu %s %hu %x", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port,
488#ifdef HAVE_LIBSCTP
489 IsSCTP(client_p) ? IPPROTO_SCTP : IPPROTO_TCP);
490#else
491 IPPROTO_TCP);
492#endif
d3f6b808
EM		 493}
494
762468f8
SA		 495static inline void
496authd_read_client(struct Client *client_p)
497{
498 /*
499 * When a client has auth'ed, we want to start reading what it sends
500 * us. This is what read_packet() does.
501 * -- adrian
502 *
503 * Above comment was originally in s_auth.c, but moved here with below code.
504 * --Elizafox
505 */
506 rb_dlinkAddTail(client_p, &client_p->node, &global_client_list);
507 read_packet(client_p->localClient->F, client_p);
508}
509
d3f6b808
EM		 510/* When this is called we have a decision on client acceptance.
511 *
762468f8
SA		 512 * After this point authd no longer "owns" the client, but if
513 * it's flagged as deferred then we're still waiting for a call
514 * to authd_deferred_client().
d3f6b808 515 */
b1a577f2 516static inline void
d3f6b808
EM		 517authd_decide_client(struct Client *client_p, const char *ident, const char *host, bool accept, char cause, const char *data, const char *reason)
518{
154dc91e 519 if(client_p->preClient == NULL || client_p->preClient->auth.cid == 0)
d3f6b808
EM		 520 return;
521
522 if(*ident != '*')
523 {
524 rb_strlcpy(client_p->username, ident, sizeof(client_p->username));
e7c4cf63 525 SetGotId(client_p);
4f6119cd 526 ServerStats.is_asuc++;
d3f6b808
EM		 527 }
528 else
4f6119cd 529 ServerStats.is_abad++; /* s_auth used to do this, stay compatible */
d3f6b808
EM		 530
531 if(*host != '*')
532 rb_strlcpy(client_p->host, host, sizeof(client_p->host));
533
154dc91e 534 rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid));
6d5edc6f 535
154dc91e
EM		 536 client_p->preClient->auth.accepted = accept;
537 client_p->preClient->auth.cause = cause;
538 client_p->preClient->auth.data = (data == NULL ? NULL : rb_strdup(data));
539 client_p->preClient->auth.reason = (reason == NULL ? NULL : rb_strdup(reason));
540 client_p->preClient->auth.cid = 0;
d3f6b808 541
762468f8
SA		 542 client_p->preClient->auth.flags |= AUTHC_F_COMPLETE;
543 if((client_p->preClient->auth.flags & AUTHC_F_DEFERRED) == 0)
544 authd_read_client(client_p);
545}
546
547void
548authd_deferred_client(struct Client *client_p)
549{
550 client_p->preClient->auth.flags &= ~AUTHC_F_DEFERRED;
551 if(client_p->preClient->auth.flags & AUTHC_F_COMPLETE)
552 authd_read_client(client_p);
d3f6b808
EM		 553}
554
b1a577f2
EM		 555/* Convenience function to accept client */
556void
557authd_accept_client(struct Client *client_p, const char *ident, const char *host)
558{
559 authd_decide_client(client_p, ident, host, true, '\0', NULL, NULL);
560}
561
562/* Convenience function to reject client */
563void
564authd_reject_client(struct Client *client_p, const char *ident, const char *host, char cause, const char *data, const char *reason)
565{
566 authd_decide_client(client_p, ident, host, false, cause, data, reason);
567}
568
ef0b13b9
EM		 569static void
570timeout_dead_authd_clients(void *notused __unused)
571{
572 rb_dictionary_iter iter;
0bb5d3f0 573 struct Client *client_p;
e7c4ecd5
EM		 574 rb_dlink_list freelist = { NULL, NULL, 0 };
575 rb_dlink_node *ptr, *nptr;
ef0b13b9 576
0bb5d3f0 577 RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients)
ef0b13b9 578 {
154dc91e 579 if(client_p->preClient->auth.timeout < rb_current_time())
e7c4ecd5 580 {
e7c4ecd5
EM		 581 rb_dlinkAddAlloc(client_p, &freelist);
582 }
583 }
584
585 /* RB_DICTIONARY_FOREACH is not safe for deletion, so we do this crap */
586 RB_DLINK_FOREACH_SAFE(ptr, nptr, freelist.head)
587 {
588 client_p = ptr->data;
63ee1037
AJ		 589 authd_abort_client(client_p);
590 rb_dlinkDestroy(ptr, &freelist);
ef0b13b9
EM		 591 }
592}
593
3321eef4 594/* Send a new DNSBL entry to authd */
d3f6b808 595void
3321eef4 596add_dnsbl_entry(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters)
d3f6b808
EM		 597{
598 rb_dlink_node *ptr;
fbc97166 599 struct DNSBLEntry *entry = rb_malloc(sizeof(*entry));
50808796 600 char filterbuf[BUFSIZE] = "*";
d3f6b808
EM		 601 size_t s = 0;
602
3321eef4
AC		 603 if(dnsbl_stats == NULL)
604 dnsbl_stats = rb_dictionary_create("dnsbl statistics", rb_strcasecmp);
e7c4ecd5 605
d3f6b808
EM		 606 /* Build a list of comma-separated values for authd.
607 * We don't check for validity - do it elsewhere.
608 */
609 RB_DLINK_FOREACH(ptr, filters->head)
610 {
611 char *filter = ptr->data;
612 size_t filterlen = strlen(filter) + 1;
613
614 if(s + filterlen > sizeof(filterbuf))
615 break;
616
617 snprintf(&filterbuf[s], sizeof(filterbuf) - s, "%s,", filter);
618
619 s += filterlen;
620 }
621
622 if(s)
623 filterbuf[s - 1] = '\0';
624
fbc97166
AJ		 625 entry->host = rb_strdup(host);
626 entry->reason = rb_strdup(reason);
627 entry->filters = rb_strdup(filterbuf);
628 entry->iptype = iptype;
629 entry->hits = 0;
d3f6b808 630
fbc97166 631 rb_dictionary_add(dnsbl_stats, entry->host, entry);
d3f6b808
EM		 632 rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason);
633}
634
3321eef4 635/* Delete a DNSBL entry. */
d3f6b808 636void
3321eef4 637del_dnsbl_entry(const char *host)
d3f6b808 638{
fbc97166
AJ		 639 struct DNSBLEntry *entry = rb_dictionary_retrieve(dnsbl_stats, host);
640
641 if(entry != NULL)
5e9a3f86 642 {
fbc97166
AJ		 643 rb_dictionary_delete(dnsbl_stats, entry->host);
644 rb_free(entry->host);
645 rb_free(entry->reason);
646 rb_free(entry->filters);
647 rb_free(entry);
5e9a3f86 648 }
d3f6b808
EM		 649
650 rb_helper_write(authd_helper, "O rbl_del %s", host);
651}
652
e7c4ecd5 653static void
3321eef4 654dnsbl_delete_elem(rb_dictionary_element *delem, void *unused)
e7c4ecd5 655{
fbc97166 656 struct DNSBLEntry *entry = delem->data;
e7c4ecd5 657
fbc97166
AJ		 658 rb_free(entry->host);
659 rb_free(entry->reason);
660 rb_free(entry->filters);
661 rb_free(entry);
e7c4ecd5
EM		 662}
663
3321eef4 664/* Delete all the DNSBL entries. */
d3f6b808 665void
3321eef4 666del_dnsbl_entry_all(void)
d3f6b808 667{
3321eef4
AC		 668 if(dnsbl_stats != NULL)
669 rb_dictionary_destroy(dnsbl_stats, dnsbl_delete_elem, NULL);
670 dnsbl_stats = NULL;
d3f6b808
EM		 671
672 rb_helper_write(authd_helper, "O rbl_del_all");
673}
674
675/* Adjust an authd timeout value */
4f6119cd 676bool
d3f6b808
EM		 677set_authd_timeout(const char *key, int timeout)
678{
4f6119cd
EM		 679 if(timeout <= 0)
680 return false;
681
d3f6b808 682 rb_helper_write(authd_helper, "O %s %d", key, timeout);
4f6119cd 683 return true;
d3f6b808 684}
ad043803 685
4f6119cd 686/* Enable identd checks */
ad043803
EM		 687void
688ident_check_enable(bool enabled)
689{
690 rb_helper_write(authd_helper, "O ident_enabled %d", enabled ? 1 : 0);
691}
4f6119cd 692
5e9a3f86
EM		 693/* Create an OPM listener
694 * XXX - This is a big nasty hack, but it avoids resending duplicate data when
695 * configure_authd() is called.
696 */
697void
698conf_create_opm_listener(const char *ip, uint16_t port)
699{
700 char ipbuf[HOSTIPLEN];
701 struct OPMListener *listener;
702
703 rb_strlcpy(ipbuf, ip, sizeof(ipbuf));
704 if(ipbuf[0] == ':')
705 {
706 memmove(ipbuf + 1, ipbuf, sizeof(ipbuf) - 1);
707 ipbuf[0] = '0';
708 }
709
710 /* I am much too lazy to use rb_inet_pton and GET_SS_FAMILY for now --Elizafox */
711 listener = &opm_listeners[(strchr(ipbuf, ':') != NULL ? LISTEN_IPV6 : LISTEN_IPV4)];
712 rb_strlcpy(listener->ipaddr, ipbuf, sizeof(listener->ipaddr));
713 listener->port = port;
714}
715
b1a577f2 716void
34f16c46 717create_opm_listener(const char *ip, uint16_t port)
4f6119cd 718{
d9364d29 719 char ipbuf[HOSTIPLEN];
5e9a3f86
EM		 720
721 /* XXX duplicated in conf_create_opm_listener */
d9364d29
EM		 722 rb_strlcpy(ipbuf, ip, sizeof(ipbuf));
723 if(ipbuf[0] == ':')
724 {
725 memmove(ipbuf + 1, ipbuf, sizeof(ipbuf) - 1);
726 ipbuf[0] = '0';
727 }
728
5e9a3f86 729 conf_create_opm_listener(ip, port);
9e5c31ea 730 rb_helper_write(authd_helper, "O opm_listener %s %hu", ipbuf, port);
5e9a3f86
EM		 731}
732
733void
734delete_opm_listener_all(void)
735{
736 memset(&opm_listeners, 0, sizeof(opm_listeners));
737 rb_helper_write(authd_helper, "O opm_listener_del_all");
b1a577f2
EM		 738}
739
740/* Disable all OPM scans */
741void
742opm_check_enable(bool enabled)
743{
3d2fc110 744 rb_helper_write(authd_helper, "O opm_enabled %d", enabled ? 1 : 0);
b1a577f2
EM		 745}
746
5e9a3f86
EM		 747/* Create an OPM proxy scanner
748 * XXX - This is a big nasty hack, but it avoids resending duplicate data when
749 * configure_authd() is called.
750 */
751void
752conf_create_opm_proxy_scanner(const char *type, uint16_t port)
753{
754 struct OPMScanner *scanner = rb_malloc(sizeof(struct OPMScanner));
755
756 rb_strlcpy(scanner->type, type, sizeof(scanner->type));
757 scanner->port = port;
758 rb_dlinkAdd(scanner, &scanner->node, &opm_list);
759}
760
b1a577f2 761void
51fa2ab8 762create_opm_proxy_scanner(const char *type, uint16_t port)
b1a577f2 763{
5e9a3f86 764 conf_create_opm_proxy_scanner(type, port);
51fa2ab8 765 rb_helper_write(authd_helper, "O opm_scanner %s %hu", type, port);
4f6119cd 766}
3d2fc110
EM		 767
768void
769delete_opm_proxy_scanner(const char *type, uint16_t port)
770{
5e9a3f86
EM		 771 rb_dlink_node *ptr, *nptr;
772
773 RB_DLINK_FOREACH_SAFE(ptr, nptr, opm_list.head)
774 {
775 struct OPMScanner *scanner = ptr->data;
776
777 if(rb_strncasecmp(scanner->type, type, sizeof(scanner->type)) == 0 &&
778 scanner->port == port)
779 {
780 rb_dlinkDelete(ptr, &opm_list);
781 rb_free(scanner);
782 break;
783 }
784 }
785
3d2fc110
EM		 786 rb_helper_write(authd_helper, "O opm_scanner_del %s %hu", type, port);
787}
788
789void
790delete_opm_proxy_scanner_all(void)
791{
5e9a3f86
EM		 792 rb_dlink_node *ptr, *nptr;
793
794 RB_DLINK_FOREACH_SAFE(ptr, nptr, opm_list.head)
795 {
796 struct OPMScanner *scanner = ptr->data;
797
798 rb_dlinkDelete(ptr, &opm_list);
799 rb_free(scanner);
800 }
801
3d2fc110
EM		 802 rb_helper_write(authd_helper, "O opm_scanner_del_all");
803}
Fork of solanum ircd, history is rebased regularly