]> jfr.im git - solanum.git/blame - ircd/authproc.c
projects / solanum.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Replace most checks for +o with oper:general
[solanum.git] / ircd / authproc.c
CommitLineData
fb7d74ef
AC		 1/*
2 * authd.c: An interface to authd.
3 * (based somewhat on ircd-ratbox dns.c)
4 *
5 * Copyright (C) 2005 Aaron Sethman <androsyn@ratbox.org>
6 * Copyright (C) 2005-2012 ircd-ratbox development team
7 * Copyright (C) 2016 William Pitcock <nenolod@dereferenced.org>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
22 * USA
23 */
24
d3f6b808
EM		 25#include "stdinc.h"
26#include "rb_lib.h"
27#include "client.h"
28#include "ircd_defs.h"
29#include "parse.h"
64fae260 30#include "authproc.h"
d3f6b808
EM		 31#include "match.h"
32#include "logger.h"
33#include "s_conf.h"
34#include "s_stats.h"
35#include "client.h"
36#include "packet.h"
37#include "hash.h"
38#include "send.h"
39#include "numeric.h"
40#include "msg.h"
41#include "dns.h"
fb7d74ef 42
ae0a0585
EM		 43typedef void (*authd_cb_t)(int, char **);
44
45struct authd_cb
46{
47 authd_cb_t fn;
48 int min_parc;
49};
50
fb7d74ef
AC		 51static int start_authd(void);
52static void parse_authd_reply(rb_helper * helper);
53static void restart_authd_cb(rb_helper * helper);
ef0b13b9 54static EVH timeout_dead_authd_clients;
fb7d74ef 55
ae0a0585
EM		 56static void cmd_accept_client(int parc, char **parv);
57static void cmd_reject_client(int parc, char **parv);
58static void cmd_dns_result(int parc, char **parv);
59static void cmd_notice_client(int parc, char **parv);
60static void cmd_oper_warn(int parc, char **parv);
61static void cmd_stats_results(int parc, char **parv);
62
fb7d74ef
AC		 63rb_helper *authd_helper;
64static char *authd_path;
65
50808796 66uint32_t cid;
d3f6b808 67static rb_dictionary *cid_clients;
ef0b13b9 68static struct ev_entry *timeout_ev;
d3f6b808 69
3321eef4 70rb_dictionary *dnsbl_stats;
d3f6b808 71
5e9a3f86
EM		 72rb_dlink_list opm_list;
73struct OPMListener opm_listeners[LISTEN_LAST];
74
ae0a0585
EM		 75static struct authd_cb authd_cmd_tab[256] =
76{
77 ['A'] = { cmd_accept_client, 4 },
78 ['E'] = { cmd_dns_result, 5 },
79 ['N'] = { cmd_notice_client, 3 },
80 ['R'] = { cmd_reject_client, 7 },
81 ['W'] = { cmd_oper_warn, 3 },
82 ['X'] = { cmd_stats_results, 3 },
83 ['Y'] = { cmd_stats_results, 3 },
84 ['Z'] = { cmd_stats_results, 3 },
85};
86
fb7d74ef
AC		 87static int
88start_authd(void)
89{
90 char fullpath[PATH_MAX + 1];
91#ifdef _WIN32
92 const char *suffix = ".exe";
93#else
94 const char *suffix = "";
95#endif
96 if(authd_path == NULL)
97 {
4d8cfacd 98 snprintf(fullpath, sizeof(fullpath), "%s%cauthd%s", ircd_paths[IRCD_PATH_LIBEXEC], RB_PATH_SEPARATOR, suffix);
fb7d74ef
AC		 99
100 if(access(fullpath, X_OK) == -1)
101 {
4d8cfacd
AC		 102 snprintf(fullpath, sizeof(fullpath), "%s%cbin%cauthd%s",
103 ConfigFileEntry.dpath, RB_PATH_SEPARATOR, RB_PATH_SEPARATOR, suffix);
fb7d74ef
AC		 104 if(access(fullpath, X_OK) == -1)
105 {
7ad083b0
EM		 106 ierror("Unable to execute authd in %s or %s/bin",
107 ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
fb7d74ef 108 sendto_realops_snomask(SNO_GENERAL, L_ALL,
4d8cfacd
AC		 109 "Unable to execute authd in %s or %s/bin",
110 ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
fb7d74ef
AC		 111 return 1;
112 }
113
114 }
115
116 authd_path = rb_strdup(fullpath);
117 }
118
d3f6b808
EM		 119 if(cid_clients == NULL)
120 cid_clients = rb_dictionary_create("authd cid to uid mapping", rb_uint32cmp);
121
ef0b13b9
EM		 122 if(timeout_ev == NULL)
123 timeout_ev = rb_event_addish("timeout_dead_authd_clients", timeout_dead_authd_clients, NULL, 1);
124
fb7d74ef
AC		 125 authd_helper = rb_helper_start("authd", authd_path, parse_authd_reply, restart_authd_cb);
126
127 if(authd_helper == NULL)
128 {
7ad083b0 129 ierror("Unable to start authd helper: %s", strerror(errno));
fb7d74ef
AC		 130 sendto_realops_snomask(SNO_GENERAL, L_ALL, "Unable to start authd helper: %s", strerror(errno));
131 return 1;
132 }
e7c4ecd5 133
fb7d74ef
AC		 134 ilog(L_MAIN, "authd helper started");
135 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd helper started");
136 rb_helper_run(authd_helper);
137 return 0;
138}
139
6a7bb6f1
EM		 140static inline uint32_t
141str_to_cid(const char *str)
142{
143 long lcid = strtol(str, NULL, 16);
144
145 if(lcid > UINT32_MAX || lcid <= 0)
146 {
147 iwarn("authd sent us back a bad client ID: %lx", lcid);
148 restart_authd();
149 return 0;
150 }
151
152 return (uint32_t)lcid;
153}
154
155static inline struct Client *
5cbd46a8 156cid_to_client(uint32_t ncid, bool del)
6a7bb6f1
EM		 157{
158 struct Client *client_p;
159
5cbd46a8
AJ		 160 if(del)
161 client_p = rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(ncid));
6a7bb6f1 162 else
5cbd46a8 163 client_p = rb_dictionary_retrieve(cid_clients, RB_UINT_TO_POINTER(ncid));
6a7bb6f1 164
61d1befa
EM		 165 /* If the client's not found, that's okay, it may have already gone away.
166 * --Elizafox */
6a7bb6f1
EM		 167
168 return client_p;
169}
170
adfe7b83 171static inline struct Client *
5cbd46a8 172str_cid_to_client(const char *str, bool del)
adfe7b83 173{
5cbd46a8 174 uint32_t ncid = str_to_cid(str);
adfe7b83 175
5cbd46a8 176 if(ncid == 0)
adfe7b83
EM		 177 return NULL;
178
5cbd46a8 179 return cid_to_client(ncid, del);
adfe7b83
EM		 180}
181
fb7d74ef 182static void
ae0a0585 183cmd_accept_client(int parc, char **parv)
fb7d74ef 184{
d3f6b808 185 struct Client *client_p;
6d0fafec 186
ae0a0585
EM		 187 /* cid to uid (retrieve and delete) */
188 if((client_p = str_cid_to_client(parv[1], true)) == NULL)
189 return;
394b8dde 190
ae0a0585
EM		 191 authd_accept_client(client_p, parv[2], parv[3]);
192}
fb7d74ef 193
ae0a0585
EM		 194static void
195cmd_dns_result(int parc, char **parv)
196{
197 dns_results_callback(parv[1], parv[2], parv[3], parv[4]);
198}
d3f6b808 199
ae0a0585
EM		 200static void
201cmd_notice_client(int parc, char **parv)
202{
203 struct Client *client_p;
d3f6b808 204
ae0a0585
EM		 205 if((client_p = str_cid_to_client(parv[1], false)) == NULL)
206 return;
d3f6b808 207
ae0a0585
EM		 208 sendto_one_notice(client_p, ":%s", parv[2]);
209}
d3f6b808 210
ae0a0585
EM		 211static void
212cmd_reject_client(int parc, char **parv)
213{
214 struct Client *client_p;
50808796 215
ae0a0585
EM		 216 /* cid to uid (retrieve and delete) */
217 if((client_p = str_cid_to_client(parv[1], true)) == NULL)
218 return;
cc4d3931 219
ae0a0585
EM		 220 authd_reject_client(client_p, parv[3], parv[4], toupper(*parv[2]), parv[5], parv[6]);
221}
adfe7b83 222
ae0a0585
EM		 223static void
224cmd_oper_warn(int parc, char **parv)
225{
e2a8228f 226 switch(*parv[1])
ae0a0585
EM		 227 {
228 case 'D': /* Debug */
e2a8228f
EM		 229 sendto_realops_snomask(SNO_DEBUG, L_ALL, "authd debug: %s", parv[2]);
230 idebug("authd: %s", parv[2]);
ae0a0585
EM		 231 break;
232 case 'I': /* Info */
e2a8228f
EM		 233 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd info: %s", parv[2]);
234 inotice("authd: %s", parv[2]);
ae0a0585
EM		 235 break;
236 case 'W': /* Warning */
e2a8228f
EM		 237 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd WARNING: %s", parv[2]);
238 iwarn("authd: %s", parv[2]);
ae0a0585
EM		 239 break;
240 case 'C': /* Critical (error) */
e2a8228f
EM		 241 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd CRITICAL: %s", parv[2]);
242 ierror("authd: %s", parv[2]);
ae0a0585
EM		 243 break;
244 default: /* idk */
e2a8228f
EM		 245 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd sent us an unknown oper notice type (%s): %s", parv[1], parv[2]);
246 ilog(L_MAIN, "authd unknown oper notice type (%s): %s", parv[1], parv[2]);
ae0a0585
EM		 247 break;
248 }
249}
0a659bf0 250
ae0a0585
EM		 251static void
252cmd_stats_results(int parc, char **parv)
253{
254 /* Select by type */
255 switch(*parv[2])
256 {
257 case 'D':
258 /* parv[0] conveys status */
259 if(parc < 4)
260 {
261 iwarn("authd sent a result with wrong number of arguments: got %d", parc);
262 restart_authd();
263 return;
264 }
265 dns_stats_results_callback(parv[1], parv[0], parc - 3, (const char **)&parv[3]);
266 break;
267 default:
268 break;
269 }
270}
271
272static void
273parse_authd_reply(rb_helper * helper)
274{
275 ssize_t len;
276 int parc;
6d0fafec 277 char buf[READBUF_SIZE];
33ded5fc 278 char *parv[MAXPARA];
0a659bf0 279
6d0fafec 280 while((len = rb_helper_read(helper, buf, sizeof(buf))) > 0)
ae0a0585
EM		 281 {
282 struct authd_cb *cmd;
283
33ded5fc 284 parc = rb_string_to_array(buf, parv, sizeof(parv));
1729f46e 285 cmd = &authd_cmd_tab[(unsigned char)*parv[0]];
ae0a0585
EM		 286 if(cmd->fn != NULL)
287 {
288 if(cmd->min_parc > parc)
394b8dde 289 {
ae0a0585
EM		 290 iwarn("authd sent a result with wrong number of arguments: expected %d, got %d",
291 cmd->min_parc, parc);
394b8dde 292 restart_authd();
ae0a0585 293 continue;
394b8dde
EM		 294 }
295
ae0a0585 296 cmd->fn(parc, parv);
fb7d74ef 297 }
b0326abd
EM		 298 else
299 {
300 iwarn("authd sent us a bad command type: %c", *parv[0]);
301 restart_authd();
302 continue;
303 }
fb7d74ef
AC		 304 }
305}
306
307void
308init_authd(void)
309{
310 if(start_authd())
311 {
7ad083b0 312 ierror("Unable to start authd helper: %s", strerror(errno));
fb7d74ef
AC		 313 exit(0);
314 }
315}
316
d3f6b808
EM		 317void
318configure_authd(void)
319{
5e9a3f86 320 /* Timeouts */
d3f6b808
EM		 321 set_authd_timeout("ident_timeout", GlobalSetOptions.ident_timeout);
322 set_authd_timeout("rdns_timeout", ConfigFileEntry.connect_timeout);
50808796 323 set_authd_timeout("rbl_timeout", ConfigFileEntry.connect_timeout);
5e9a3f86 324
50808796 325 ident_check_enable(!ConfigFileEntry.disable_auth);
5e9a3f86
EM		 326
327 /* Configure OPM */
328 if(rb_dlink_list_length(&opm_list) > 0 &&
329 (opm_listeners[LISTEN_IPV4].ipaddr[0] != '\0' ||
330 opm_listeners[LISTEN_IPV6].ipaddr[0] != '\0'))
331 {
332 rb_dlink_node *ptr;
333
334 if(opm_listeners[LISTEN_IPV4].ipaddr[0] != '\0')
335 rb_helper_write(authd_helper, "O opm_listener %s %hu",
336 opm_listeners[LISTEN_IPV4].ipaddr, opm_listeners[LISTEN_IPV4].port);
337
5e9a3f86
EM		 338 if(opm_listeners[LISTEN_IPV6].ipaddr[0] != '\0')
339 rb_helper_write(authd_helper, "O opm_listener %s %hu",
340 opm_listeners[LISTEN_IPV6].ipaddr, opm_listeners[LISTEN_IPV6].port);
5e9a3f86
EM		 341
342 RB_DLINK_FOREACH(ptr, opm_list.head)
343 {
344 struct OPMScanner *scanner = ptr->data;
345 rb_helper_write(authd_helper, "O opm_scanner %s %hu",
346 scanner->type, scanner->port);
347 }
348
349 opm_check_enable(true);
350 }
351 else
352 opm_check_enable(false);
d3f6b808
EM		 353}
354
e7c4ecd5
EM		 355static void
356authd_free_client(struct Client *client_p)
357{
358 if(client_p == NULL || client_p->preClient == NULL)
359 return;
360
361 if(client_p->preClient->auth.cid == 0)
362 return;
363
364 if(authd_helper != NULL)
365 rb_helper_write(authd_helper, "E %x", client_p->preClient->auth.cid);
366
367 client_p->preClient->auth.accepted = true;
368 client_p->preClient->auth.cid = 0;
369}
370
371static void
372authd_free_client_cb(rb_dictionary_element *delem, void *unused)
373{
374 struct Client *client_p = delem->data;
375 authd_free_client(client_p);
376}
377
378void
379authd_abort_client(struct Client *client_p)
380{
381 rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid));
382 authd_free_client(client_p);
383}
384
fb7d74ef
AC		 385static void
386restart_authd_cb(rb_helper * helper)
387{
7ad083b0 388 iwarn("authd: restart_authd_cb called, authd died?");
3949459b 389 sendto_realops_snomask(SNO_GENERAL, L_ALL, "authd: restart_authd_cb called, authd died?");
e1582810 390
fb7d74ef
AC		 391 if(helper != NULL)
392 {
393 rb_helper_close(helper);
394 authd_helper = NULL;
395 }
e1582810 396
e7c4ecd5
EM		 397 rb_dictionary_destroy(cid_clients, authd_free_client_cb, NULL);
398 cid_clients = NULL;
e1582810 399
fb7d74ef 400 start_authd();
e2a8228f 401 configure_authd();
fb7d74ef
AC		 402}
403
404void
405restart_authd(void)
406{
5c5296c8 407 ierror("authd restarting...");
fb7d74ef
AC		 408 restart_authd_cb(authd_helper);
409}
410
411void
412rehash_authd(void)
413{
414 rb_helper_write(authd_helper, "R");
415}
416
417void
418check_authd(void)
419{
420 if(authd_helper == NULL)
421 restart_authd();
422}
d3f6b808
EM		 423
424static inline uint32_t
425generate_cid(void)
426{
427 if(++cid == 0)
428 cid = 1;
429
430 return cid;
431}
432
433/* Basically when this is called we begin handing off the client to authd for
434 * processing. authd "owns" the client until processing is finished, or we
435 * timeout from authd. authd will make a decision whether or not to accept the
436 * client, but it's up to other parts of the code (for now) to decide if we're
437 * gonna accept the client and ignore authd's suggestion.
438 *
439 * --Elizafox
762468f8
SA		 440 *
441 * If this is an SSL connection we must defer handing off the client for
442 * reading until it is open and we have the certificate fingerprint, otherwise
443 * it's possible for the client to immediately send data before authd completes
444 * and before the status of the connection is communicated via ssld. This data
445 * could then be processed too early by read_packet().
d3f6b808
EM		 446 */
447void
762468f8 448authd_initiate_client(struct Client *client_p, bool defer)
d3f6b808
EM		 449{
450 char client_ipaddr[HOSTIPLEN+1];
451 char listen_ipaddr[HOSTIPLEN+1];
452 uint16_t client_port, listen_port;
453 uint32_t authd_cid;
454
154dc91e 455 if(client_p->preClient == NULL || client_p->preClient->auth.cid != 0)
d3f6b808
EM		 456 return;
457
154dc91e 458 authd_cid = client_p->preClient->auth.cid = generate_cid();
d3f6b808
EM		 459
460 /* Collisions are extremely unlikely, so disregard the possibility */
50808796 461 rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), client_p);
d3f6b808
EM		 462
463 /* Retrieve listener and client IP's */
464 rb_inet_ntop_sock((struct sockaddr *)&client_p->preClient->lip, listen_ipaddr, sizeof(listen_ipaddr));
465 rb_inet_ntop_sock((struct sockaddr *)&client_p->localClient->ip, client_ipaddr, sizeof(client_ipaddr));
466
467 /* Retrieve listener and client ports */
d86692fa
EM		 468 listen_port = ntohs(GET_SS_PORT(&client_p->preClient->lip));
469 client_port = ntohs(GET_SS_PORT(&client_p->localClient->ip));
d3f6b808 470
762468f8
SA		 471 if(defer)
472 client_p->preClient->auth.flags |= AUTHC_F_DEFERRED;
473
59d42a9f 474 /* Add a bit of a fudge factor... */
154dc91e 475 client_p->preClient->auth.timeout = rb_current_time() + ConfigFileEntry.connect_timeout + 10;
d3f6b808 476
c6ad9b0c
SA		 477 rb_helper_write(authd_helper, "C %x %s %hu %s %hu %x", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port,
478#ifdef HAVE_LIBSCTP
479 IsSCTP(client_p) ? IPPROTO_SCTP : IPPROTO_TCP);
480#else
481 IPPROTO_TCP);
482#endif
d3f6b808
EM		 483}
484
762468f8
SA		 485static inline void
486authd_read_client(struct Client *client_p)
487{
488 /*
489 * When a client has auth'ed, we want to start reading what it sends
490 * us. This is what read_packet() does.
491 * -- adrian
492 *
493 * Above comment was originally in s_auth.c, but moved here with below code.
494 * --Elizafox
495 */
496 rb_dlinkAddTail(client_p, &client_p->node, &global_client_list);
497 read_packet(client_p->localClient->F, client_p);
498}
499
d3f6b808
EM		 500/* When this is called we have a decision on client acceptance.
501 *
762468f8
SA		 502 * After this point authd no longer "owns" the client, but if
503 * it's flagged as deferred then we're still waiting for a call
504 * to authd_deferred_client().
d3f6b808 505 */
b1a577f2 506static inline void
d3f6b808
EM		 507authd_decide_client(struct Client *client_p, const char *ident, const char *host, bool accept, char cause, const char *data, const char *reason)
508{
154dc91e 509 if(client_p->preClient == NULL || client_p->preClient->auth.cid == 0)
d3f6b808
EM		 510 return;
511
512 if(*ident != '*')
513 {
514 rb_strlcpy(client_p->username, ident, sizeof(client_p->username));
e7c4cf63 515 SetGotId(client_p);
4f6119cd 516 ServerStats.is_asuc++;
d3f6b808
EM		 517 }
518 else
4f6119cd 519 ServerStats.is_abad++; /* s_auth used to do this, stay compatible */
d3f6b808
EM		 520
521 if(*host != '*')
522 rb_strlcpy(client_p->host, host, sizeof(client_p->host));
523
154dc91e 524 rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid));
6d5edc6f 525
154dc91e
EM		 526 client_p->preClient->auth.accepted = accept;
527 client_p->preClient->auth.cause = cause;
528 client_p->preClient->auth.data = (data == NULL ? NULL : rb_strdup(data));
529 client_p->preClient->auth.reason = (reason == NULL ? NULL : rb_strdup(reason));
530 client_p->preClient->auth.cid = 0;
d3f6b808 531
762468f8
SA		 532 client_p->preClient->auth.flags |= AUTHC_F_COMPLETE;
533 if((client_p->preClient->auth.flags & AUTHC_F_DEFERRED) == 0)
534 authd_read_client(client_p);
535}
536
537void
538authd_deferred_client(struct Client *client_p)
539{
540 client_p->preClient->auth.flags &= ~AUTHC_F_DEFERRED;
541 if(client_p->preClient->auth.flags & AUTHC_F_COMPLETE)
542 authd_read_client(client_p);
d3f6b808
EM		 543}
544
b1a577f2
EM		 545/* Convenience function to accept client */
546void
547authd_accept_client(struct Client *client_p, const char *ident, const char *host)
548{
549 authd_decide_client(client_p, ident, host, true, '\0', NULL, NULL);
550}
551
552/* Convenience function to reject client */
553void
554authd_reject_client(struct Client *client_p, const char *ident, const char *host, char cause, const char *data, const char *reason)
555{
556 authd_decide_client(client_p, ident, host, false, cause, data, reason);
557}
558
ef0b13b9
EM		 559static void
560timeout_dead_authd_clients(void *notused __unused)
561{
562 rb_dictionary_iter iter;
0bb5d3f0 563 struct Client *client_p;
e7c4ecd5
EM		 564 rb_dlink_list freelist = { NULL, NULL, 0 };
565 rb_dlink_node *ptr, *nptr;
ef0b13b9 566
0bb5d3f0 567 RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients)
ef0b13b9 568 {
154dc91e 569 if(client_p->preClient->auth.timeout < rb_current_time())
e7c4ecd5
EM		 570 {
571 authd_free_client(client_p);
572 rb_dlinkAddAlloc(client_p, &freelist);
573 }
574 }
575
576 /* RB_DICTIONARY_FOREACH is not safe for deletion, so we do this crap */
577 RB_DLINK_FOREACH_SAFE(ptr, nptr, freelist.head)
578 {
579 client_p = ptr->data;
580 rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid));
ef0b13b9
EM		 581 }
582}
583
3321eef4 584/* Send a new DNSBL entry to authd */
d3f6b808 585void
3321eef4 586add_dnsbl_entry(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters)
d3f6b808
EM		 587{
588 rb_dlink_node *ptr;
3321eef4 589 struct DNSBLEntryStats *stats = rb_malloc(sizeof(*stats));
50808796 590 char filterbuf[BUFSIZE] = "*";
d3f6b808
EM		 591 size_t s = 0;
592
3321eef4
AC		 593 if(dnsbl_stats == NULL)
594 dnsbl_stats = rb_dictionary_create("dnsbl statistics", rb_strcasecmp);
e7c4ecd5 595
d3f6b808
EM		 596 /* Build a list of comma-separated values for authd.
597 * We don't check for validity - do it elsewhere.
598 */
599 RB_DLINK_FOREACH(ptr, filters->head)
600 {
601 char *filter = ptr->data;
602 size_t filterlen = strlen(filter) + 1;
603
604 if(s + filterlen > sizeof(filterbuf))
605 break;
606
607 snprintf(&filterbuf[s], sizeof(filterbuf) - s, "%s,", filter);
608
609 s += filterlen;
610 }
611
612 if(s)
613 filterbuf[s - 1] = '\0';
614
4f2b9a4f 615 stats->host = rb_strdup(host);
d3f6b808
EM		 616 stats->iptype = iptype;
617 stats->hits = 0;
3321eef4 618 rb_dictionary_add(dnsbl_stats, stats->host, stats);
d3f6b808
EM		 619
620 rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason);
621}
622
3321eef4 623/* Delete a DNSBL entry. */
d3f6b808 624void
3321eef4 625del_dnsbl_entry(const char *host)
d3f6b808 626{
3321eef4 627 struct DNSBLEntryStats *stats = rb_dictionary_retrieve(dnsbl_stats, host);
5e9a3f86
EM		 628 if(stats != NULL)
629 {
3321eef4 630 rb_dictionary_delete(dnsbl_stats, host);
4f2b9a4f 631 rb_free(stats->host);
5e9a3f86
EM		 632 rb_free(stats);
633 }
d3f6b808
EM		 634
635 rb_helper_write(authd_helper, "O rbl_del %s", host);
636}
637
e7c4ecd5 638static void
3321eef4 639dnsbl_delete_elem(rb_dictionary_element *delem, void *unused)
e7c4ecd5 640{
3321eef4 641 struct DNSBLEntryStats *stats = delem->data;
e7c4ecd5
EM		 642
643 rb_free(stats->host);
644 rb_free(stats);
645}
646
3321eef4 647/* Delete all the DNSBL entries. */
d3f6b808 648void
3321eef4 649del_dnsbl_entry_all(void)
d3f6b808 650{
3321eef4
AC		 651 if(dnsbl_stats != NULL)
652 rb_dictionary_destroy(dnsbl_stats, dnsbl_delete_elem, NULL);
653 dnsbl_stats = NULL;
d3f6b808
EM		 654
655 rb_helper_write(authd_helper, "O rbl_del_all");
656}
657
658/* Adjust an authd timeout value */
4f6119cd 659bool
d3f6b808
EM		 660set_authd_timeout(const char *key, int timeout)
661{
4f6119cd
EM		 662 if(timeout <= 0)
663 return false;
664
d3f6b808 665 rb_helper_write(authd_helper, "O %s %d", key, timeout);
4f6119cd 666 return true;
d3f6b808 667}
ad043803 668
4f6119cd 669/* Enable identd checks */
ad043803
EM		 670void
671ident_check_enable(bool enabled)
672{
673 rb_helper_write(authd_helper, "O ident_enabled %d", enabled ? 1 : 0);
674}
4f6119cd 675
5e9a3f86
EM		 676/* Create an OPM listener
677 * XXX - This is a big nasty hack, but it avoids resending duplicate data when
678 * configure_authd() is called.
679 */
680void
681conf_create_opm_listener(const char *ip, uint16_t port)
682{
683 char ipbuf[HOSTIPLEN];
684 struct OPMListener *listener;
685
686 rb_strlcpy(ipbuf, ip, sizeof(ipbuf));
687 if(ipbuf[0] == ':')
688 {
689 memmove(ipbuf + 1, ipbuf, sizeof(ipbuf) - 1);
690 ipbuf[0] = '0';
691 }
692
693 /* I am much too lazy to use rb_inet_pton and GET_SS_FAMILY for now --Elizafox */
694 listener = &opm_listeners[(strchr(ipbuf, ':') != NULL ? LISTEN_IPV6 : LISTEN_IPV4)];
695 rb_strlcpy(listener->ipaddr, ipbuf, sizeof(listener->ipaddr));
696 listener->port = port;
697}
698
b1a577f2 699void
34f16c46 700create_opm_listener(const char *ip, uint16_t port)
4f6119cd 701{
d9364d29 702 char ipbuf[HOSTIPLEN];
5e9a3f86
EM		 703
704 /* XXX duplicated in conf_create_opm_listener */
d9364d29
EM		 705 rb_strlcpy(ipbuf, ip, sizeof(ipbuf));
706 if(ipbuf[0] == ':')
707 {
708 memmove(ipbuf + 1, ipbuf, sizeof(ipbuf) - 1);
709 ipbuf[0] = '0';
710 }
711
5e9a3f86 712 conf_create_opm_listener(ip, port);
9e5c31ea 713 rb_helper_write(authd_helper, "O opm_listener %s %hu", ipbuf, port);
5e9a3f86
EM		 714}
715
716void
717delete_opm_listener_all(void)
718{
719 memset(&opm_listeners, 0, sizeof(opm_listeners));
720 rb_helper_write(authd_helper, "O opm_listener_del_all");
b1a577f2
EM		 721}
722
723/* Disable all OPM scans */
724void
725opm_check_enable(bool enabled)
726{
3d2fc110 727 rb_helper_write(authd_helper, "O opm_enabled %d", enabled ? 1 : 0);
b1a577f2
EM		 728}
729
5e9a3f86
EM		 730/* Create an OPM proxy scanner
731 * XXX - This is a big nasty hack, but it avoids resending duplicate data when
732 * configure_authd() is called.
733 */
734void
735conf_create_opm_proxy_scanner(const char *type, uint16_t port)
736{
737 struct OPMScanner *scanner = rb_malloc(sizeof(struct OPMScanner));
738
739 rb_strlcpy(scanner->type, type, sizeof(scanner->type));
740 scanner->port = port;
741 rb_dlinkAdd(scanner, &scanner->node, &opm_list);
742}
743
b1a577f2 744void
51fa2ab8 745create_opm_proxy_scanner(const char *type, uint16_t port)
b1a577f2 746{
5e9a3f86 747 conf_create_opm_proxy_scanner(type, port);
51fa2ab8 748 rb_helper_write(authd_helper, "O opm_scanner %s %hu", type, port);
4f6119cd 749}
3d2fc110
EM		 750
751void
752delete_opm_proxy_scanner(const char *type, uint16_t port)
753{
5e9a3f86
EM		 754 rb_dlink_node *ptr, *nptr;
755
756 RB_DLINK_FOREACH_SAFE(ptr, nptr, opm_list.head)
757 {
758 struct OPMScanner *scanner = ptr->data;
759
760 if(rb_strncasecmp(scanner->type, type, sizeof(scanner->type)) == 0 &&
761 scanner->port == port)
762 {
763 rb_dlinkDelete(ptr, &opm_list);
764 rb_free(scanner);
765 break;
766 }
767 }
768
3d2fc110
EM		 769 rb_helper_write(authd_helper, "O opm_scanner_del %s %hu", type, port);
770}
771
772void
773delete_opm_proxy_scanner_all(void)
774{
5e9a3f86
EM		 775 rb_dlink_node *ptr, *nptr;
776
777 RB_DLINK_FOREACH_SAFE(ptr, nptr, opm_list.head)
778 {
779 struct OPMScanner *scanner = ptr->data;
780
781 rb_dlinkDelete(ptr, &opm_list);
782 rb_free(scanner);
783 }
784
3d2fc110
EM		 785 rb_helper_write(authd_helper, "O opm_scanner_del_all");
786}
Fork of solanum ircd, history is rebased regularly