]>
jfr.im git - solanum.git/blob - src/hostmask.c
2 * charybdis: an advanced internet relay chat daemon (ircd).
3 * hostmask.c: Code to efficiently find IP & hostmask based configs.
5 * Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
6 * Copyright (C) 1996-2002 Hybrid Development Team
7 * Copyright (C) 2002-2005 ircd-ratbox development team
8 * Copyright (C) 2005-2008 charybdis development team
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
25 * $Id: hostmask.c 2757 2006-11-10 22:58:15Z jilles $
29 #include "ircd_defs.h"
37 static unsigned long hash_ipv6(struct sockaddr
*, int);
39 static unsigned long hash_ipv4(struct sockaddr
*, int);
42 /* int parse_netmask(const char *, struct rb_sockaddr_storage *, int *);
43 * Input: A hostmask, or an IPV4/6 address.
44 * Output: An integer describing whether it is an IPV4, IPV6 address or a
45 * hostmask, an address(if it is an IP mask),
46 * a bitlength(if it is IP mask).
50 parse_netmask(const char *text
, struct sockaddr
*naddr
, int *nb
)
52 char *ip
= LOCAL_COPY(text
);
54 struct rb_sockaddr_storage
*addr
, xaddr
;
62 addr
= (struct rb_sockaddr_storage
*)&xaddr
;
64 addr
= (struct rb_sockaddr_storage
*)naddr
;
66 if(strpbrk(ip
, "*?") != NULL
)
73 if((ptr
= strchr(ip
, '/')))
82 if(rb_inet_pton_sock(ip
, (struct sockaddr
*)addr
) > 0)
90 if((ptr
= strchr(ip
, '/')))
99 if(rb_inet_pton_sock(ip
, (struct sockaddr
*)addr
) > 0)
107 /* Hashtable stuff...now external as its used in m_stats.c */
108 struct AddressRec
*atable
[ATABLE_SIZE
];
113 memset(&atable
, 0, sizeof(atable
));
116 /* unsigned long hash_ipv4(struct rb_sockaddr_storage*)
117 * Input: An IP address.
118 * Output: A hash value of the IP address.
122 hash_ipv4(struct sockaddr
*saddr
, int bits
)
124 struct sockaddr_in
*addr
= (struct sockaddr_in
*) saddr
;
128 unsigned long av
= ntohl(addr
->sin_addr
.s_addr
) & ~((1 << (32 - bits
)) - 1);
129 return (av
^ (av
>> 12) ^ (av
>> 24)) & (ATABLE_SIZE
- 1);
135 /* unsigned long hash_ipv6(struct rb_sockaddr_storage*)
136 * Input: An IP address.
137 * Output: A hash value of the IP address.
142 hash_ipv6(struct sockaddr
*saddr
, int bits
)
144 struct sockaddr_in6
*addr
= (struct sockaddr_in6
*) saddr
;
145 unsigned long v
= 0, n
;
146 for (n
= 0; n
< 16; n
++)
150 v
^= addr
->sin6_addr
.s6_addr
[n
];
155 v
^= addr
->sin6_addr
.s6_addr
[n
] & ~((1 << (8 - bits
)) - 1);
156 return v
& (ATABLE_SIZE
- 1);
159 return v
& (ATABLE_SIZE
- 1);
161 return v
& (ATABLE_SIZE
- 1);
165 /* int hash_text(const char *start)
166 * Input: The start of the text to hash.
167 * Output: The hash of the string between 1 and (TH_MAX-1)
168 * Side-effects: None.
171 hash_text(const char *start
)
173 const char *p
= start
;
178 h
= (h
<< 4) - (h
+ (unsigned char) ToLower(*p
++));
181 return (h
& (ATABLE_SIZE
- 1));
184 /* unsigned long get_hash_mask(const char *)
185 * Input: The text to hash.
186 * Output: The hash of the string right of the first '.' past the last
187 * wildcard in the string.
188 * Side-effects: None.
191 get_mask_hash(const char *text
)
193 const char *hp
= "", *p
;
195 for (p
= text
+ strlen(text
) - 1; p
>= text
; p
--)
196 if(*p
== '*' || *p
== '?')
197 return hash_text(hp
);
200 return hash_text(text
);
203 /* struct ConfItem* find_conf_by_address(const char*, struct rb_sockaddr_storage*,
204 * int type, int fam, const char *username)
205 * Input: The hostname, the address, the type of mask to find, the address
206 * family, the username.
207 * Output: The matching value with the highest precedence.
209 * Note: Setting bit 0 of the type means that the username is ignored.
212 find_conf_by_address(const char *name
, const char *sockhost
,
213 const char *orighost
,
214 struct sockaddr
*addr
, int type
, int fam
,
215 const char *username
, const char *auth_user
)
217 unsigned long hprecv
= 0;
218 struct ConfItem
*hprec
= NULL
;
219 struct AddressRec
*arec
;
227 /* Check for IPV6 matches... */
232 for (b
= 128; b
>= 0; b
-= 16)
234 for (arec
= atable
[hash_ipv6(addr
, b
)]; arec
; arec
= arec
->next
)
235 if(arec
->type
== (type
& ~0x1) &&
236 arec
->masktype
== HM_IPV6
&&
237 comp_with_mask_sock(addr
, (struct sockaddr
*)&arec
->Mask
.ipa
.addr
,
238 arec
->Mask
.ipa
.bits
) &&
239 (type
& 0x1 || match(arec
-> username
, username
)) &&
240 (type
!= CONF_CLIENT
|| !arec
->auth_user
||
241 (auth_user
&& match(arec
->auth_user
, auth_user
))) &&
242 arec
->precedence
> hprecv
)
244 hprecv
= arec
->precedence
;
253 for (b
= 32; b
>= 0; b
-= 8)
255 for (arec
= atable
[hash_ipv4(addr
, b
)]; arec
; arec
= arec
->next
)
256 if(arec
->type
== (type
& ~0x1) &&
257 arec
->masktype
== HM_IPV4
&&
258 comp_with_mask_sock(addr
, (struct sockaddr
*)&arec
->Mask
.ipa
.addr
,
259 arec
->Mask
.ipa
.bits
) &&
260 (type
& 0x1 || match(arec
->username
, username
)) &&
261 (type
!= CONF_CLIENT
|| !arec
->auth_user
||
262 (auth_user
&& match(arec
->auth_user
, auth_user
))) &&
263 arec
->precedence
> hprecv
)
265 hprecv
= arec
->precedence
;
276 for (p
= orighost
; p
!= NULL
;)
278 for (arec
= atable
[hash_text(p
)]; arec
; arec
= arec
->next
)
280 if((arec
->type
== (type
& ~0x1)) &&
281 (arec
->masktype
== HM_HOST
) &&
282 arec
->precedence
> hprecv
&&
283 match(arec
->Mask
.hostname
, orighost
) &&
284 (type
!= CONF_CLIENT
|| !arec
->auth_user
||
285 (auth_user
&& match(arec
->auth_user
, auth_user
))) &&
286 (type
& 0x1 || match(arec
->username
, username
)))
288 hprecv
= arec
->precedence
;
297 for (arec
= atable
[0]; arec
; arec
= arec
->next
)
299 if(arec
->type
== (type
& ~0x1) &&
300 arec
->masktype
== HM_HOST
&&
301 arec
->precedence
> hprecv
&&
302 (match(arec
->Mask
.hostname
, orighost
) ||
303 (sockhost
&& match(arec
->Mask
.hostname
, sockhost
))) &&
304 (type
!= CONF_CLIENT
|| !arec
->auth_user
||
305 (auth_user
&& match(arec
->auth_user
, auth_user
))) &&
306 (type
& 0x1 || match(arec
->username
, username
)))
308 hprecv
= arec
->precedence
;
317 /* And yes - we have to check p after strchr and p after increment for
319 for (p
= name
; p
!= NULL
;)
321 for (arec
= atable
[hash_text(p
)]; arec
; arec
= arec
->next
)
322 if((arec
->type
== (type
& ~0x1)) &&
323 (arec
->masktype
== HM_HOST
) &&
324 arec
->precedence
> hprecv
&&
325 match(arec
->Mask
.hostname
, name
) &&
326 (type
!= CONF_CLIENT
|| !arec
->auth_user
||
327 (auth_user
&& match(arec
->auth_user
, auth_user
))) &&
328 (type
& 0x1 || match(arec
->username
, username
)))
330 hprecv
= arec
->precedence
;
339 for (arec
= atable
[0]; arec
; arec
= arec
->next
)
341 if(arec
->type
== (type
& ~0x1) &&
342 arec
->masktype
== HM_HOST
&&
343 arec
->precedence
> hprecv
&&
344 (match(arec
->Mask
.hostname
, name
) ||
345 (sockhost
&& match(arec
->Mask
.hostname
, sockhost
))) &&
346 (type
!= CONF_CLIENT
|| !arec
->auth_user
||
347 (auth_user
&& match(arec
->auth_user
, auth_user
))) &&
348 (type
& 0x1 || match(arec
->username
, username
)))
350 hprecv
= arec
->precedence
;
358 /* struct ConfItem* find_address_conf(const char*, const char*,
359 * struct rb_sockaddr_storage*, int);
360 * Input: The hostname, username, address, address family.
361 * Output: The applicable ConfItem.
365 find_address_conf(const char *host
, const char *sockhost
, const char *user
,
366 const char *notildeuser
, struct sockaddr
*ip
, int aftype
, char *auth_user
)
368 struct ConfItem
*iconf
, *kconf
;
371 /* Find the best I-line... If none, return NULL -A1kmm */
372 if(!(iconf
= find_conf_by_address(host
, sockhost
, NULL
, ip
, CONF_CLIENT
, aftype
, user
, auth_user
)))
374 /* Find what their visible username will be.
375 * Note that the username without tilde may contain one char more.
377 vuser
= IsNoTilde(iconf
) ? notildeuser
: user
;
379 /* If they are exempt from K-lines, return the best I-line. -A1kmm */
380 if(IsConfExemptKline(iconf
))
383 /* Find the best K-line... -A1kmm */
384 kconf
= find_conf_by_address(host
, sockhost
, NULL
, ip
, CONF_KILL
, aftype
, user
, NULL
);
386 /* If they are K-lined, return the K-line */
390 /* if theres a spoof, check it against klines.. */
391 if(IsConfDoSpoofIp(iconf
))
393 char *p
= strchr(iconf
->info
.name
, '@');
395 /* note, we dont need to pass sockhost here, as its
396 * guaranteed to not match by whats above.. --anfl
401 kconf
= find_conf_by_address(p
+1, NULL
, NULL
, ip
, CONF_KILL
, aftype
, iconf
->info
.name
, NULL
);
405 kconf
= find_conf_by_address(iconf
->info
.name
, NULL
, NULL
, ip
, CONF_KILL
, aftype
, vuser
, NULL
);
411 /* if no_tilde, check the username without tilde against klines too
415 kconf
= find_conf_by_address(host
, sockhost
, NULL
, ip
, CONF_KILL
, aftype
, vuser
, NULL
);
423 /* struct ConfItem* find_dline(struct rb_sockaddr_storage*, int)
424 * Input: An address, an address family.
425 * Output: The best matching D-line or exempt line.
426 * Side effects: None.
429 find_dline(struct sockaddr
*addr
, int aftype
)
431 struct ConfItem
*eline
;
432 eline
= find_conf_by_address(NULL
, NULL
, NULL
, addr
, CONF_EXEMPTDLINE
| 1, aftype
, NULL
, NULL
);
435 return find_conf_by_address(NULL
, NULL
, NULL
, addr
, CONF_DLINE
| 1, aftype
, NULL
, NULL
);
438 /* void find_exact_conf_by_address(const char*, int, const char *)
440 * Output: ConfItem if found
444 find_exact_conf_by_address(const char *address
, int type
, const char *username
)
448 struct AddressRec
*arec
;
449 struct rb_sockaddr_storage addr
;
452 address
= "/NOMATCH!/";
453 masktype
= parse_netmask(address
, (struct sockaddr
*)&addr
, &bits
);
455 if(masktype
== HM_IPV6
)
457 /* We have to do this, since we do not re-hash for every bit -A1kmm. */
458 hv
= hash_ipv6((struct sockaddr
*)&addr
, bits
- bits
% 16);
462 if(masktype
== HM_IPV4
)
464 /* We have to do this, since we do not re-hash for every bit -A1kmm. */
465 hv
= hash_ipv4((struct sockaddr
*)&addr
, bits
- bits
% 8);
469 hv
= get_mask_hash(address
);
471 for (arec
= atable
[hv
]; arec
; arec
= arec
->next
)
473 if (arec
->type
== type
&&
474 arec
->masktype
== masktype
&&
475 (arec
->username
== NULL
|| username
== NULL
? arec
->username
== username
: !irccmp(arec
->username
, username
)))
477 if (masktype
== HM_HOST
)
479 if (!irccmp(arec
->Mask
.hostname
, address
))
484 if (arec
->Mask
.ipa
.bits
== bits
&&
485 comp_with_mask_sock((struct sockaddr
*)&arec
->Mask
.ipa
.addr
, (struct sockaddr
*)&addr
, bits
))
493 /* void add_conf_by_address(const char*, int, const char *,
494 * struct ConfItem *aconf)
497 * Side-effects: Adds this entry to the hash table.
500 add_conf_by_address(const char *address
, int type
, const char *username
, const char *auth_user
, struct ConfItem
*aconf
)
502 static unsigned long prec_value
= 0xFFFFFFFF;
505 struct AddressRec
*arec
;
508 address
= "/NOMATCH!/";
509 arec
= rb_malloc(sizeof(struct AddressRec
));
510 masktype
= parse_netmask(address
, (struct sockaddr
*)&arec
->Mask
.ipa
.addr
, &bits
);
511 arec
->Mask
.ipa
.bits
= bits
;
512 arec
->masktype
= masktype
;
514 if(masktype
== HM_IPV6
)
516 /* We have to do this, since we do not re-hash for every bit -A1kmm. */
518 arec
->next
= atable
[(hv
= hash_ipv6((struct sockaddr
*)&arec
->Mask
.ipa
.addr
, bits
))];
523 if(masktype
== HM_IPV4
)
525 /* We have to do this, since we do not re-hash for every bit -A1kmm. */
527 arec
->next
= atable
[(hv
= hash_ipv4((struct sockaddr
*)&arec
->Mask
.ipa
.addr
, bits
))];
532 arec
->Mask
.hostname
= address
;
533 arec
->next
= atable
[(hv
= get_mask_hash(address
))];
536 arec
->username
= username
;
537 arec
->auth_user
= auth_user
;
539 arec
->precedence
= prec_value
--;
543 /* void delete_one_address(const char*, struct ConfItem*)
544 * Input: An address string, the associated ConfItem.
546 * Side effects: Deletes an address record. Frees the ConfItem if there
547 * is nothing referencing it, sets it as illegal otherwise.
550 delete_one_address_conf(const char *address
, struct ConfItem
*aconf
)
554 struct AddressRec
*arec
, *arecl
= NULL
;
555 struct rb_sockaddr_storage addr
;
556 masktype
= parse_netmask(address
, (struct sockaddr
*)&addr
, &bits
);
558 if(masktype
== HM_IPV6
)
560 /* We have to do this, since we do not re-hash for every bit -A1kmm. */
562 hv
= hash_ipv6((struct sockaddr
*)&addr
, bits
);
566 if(masktype
== HM_IPV4
)
568 /* We have to do this, since we do not re-hash for every bit -A1kmm. */
570 hv
= hash_ipv4((struct sockaddr
*)&addr
, bits
);
573 hv
= get_mask_hash(address
);
574 for (arec
= atable
[hv
]; arec
; arec
= arec
->next
)
576 if(arec
->aconf
== aconf
)
579 arecl
->next
= arec
->next
;
581 atable
[hv
] = arec
->next
;
582 aconf
->status
|= CONF_ILLEGAL
;
592 /* void clear_out_address_conf(void)
595 * Side effects: Clears out all address records in the hash table,
596 * frees them, and frees the ConfItems if nothing references
597 * them, otherwise sets them as illegal.
600 clear_out_address_conf(void)
603 struct AddressRec
**store_next
;
604 struct AddressRec
*arec
, *arecn
;
606 for (i
= 0; i
< ATABLE_SIZE
; i
++)
608 store_next
= &atable
[i
];
609 for (arec
= atable
[i
]; arec
; arec
= arecn
)
612 /* We keep the temporary K-lines and destroy the
613 * permanent ones, just to be confusing :) -A1kmm */
614 if(arec
->aconf
->flags
& CONF_FLAGS_TEMPORARY
||
615 (arec
->type
!= CONF_CLIENT
&& arec
->type
!= CONF_EXEMPTDLINE
))
618 store_next
= &arec
->next
;
622 arec
->aconf
->status
|= CONF_ILLEGAL
;
623 if(!arec
->aconf
->clients
)
624 free_conf(arec
->aconf
);
633 clear_out_address_conf_bans(void)
636 struct AddressRec
**store_next
;
637 struct AddressRec
*arec
, *arecn
;
639 for (i
= 0; i
< ATABLE_SIZE
; i
++)
641 store_next
= &atable
[i
];
642 for (arec
= atable
[i
]; arec
; arec
= arecn
)
645 /* We keep the temporary K-lines and destroy the
646 * permanent ones, just to be confusing :) -A1kmm */
647 if(arec
->aconf
->flags
& CONF_FLAGS_TEMPORARY
||
648 (arec
->type
== CONF_CLIENT
|| arec
->type
== CONF_EXEMPTDLINE
))
651 store_next
= &arec
->next
;
655 arec
->aconf
->status
|= CONF_ILLEGAL
;
656 if(!arec
->aconf
->clients
)
657 free_conf(arec
->aconf
);
667 * show_iline_prefix()
669 * inputs - pointer to struct Client requesting output
670 * - pointer to struct ConfItem
671 * - name to which iline prefix will be prefixed to
672 * output - pointer to static string with prefixes listed in ascii form
673 * side effects - NONE
676 show_iline_prefix(struct Client
*sptr
, struct ConfItem
*aconf
, char *name
)
678 static char prefix_of_host
[USERLEN
+ 15];
681 prefix_ptr
= prefix_of_host
;
684 if(IsNeedIdentd(aconf
))
686 if(IsConfDoSpoofIp(aconf
))
688 if(IsOper(sptr
) && IsConfExemptFlood(aconf
))
690 if(IsOper(sptr
) && IsConfExemptDNSBL(aconf
) && !IsConfExemptKline(aconf
))
692 if(IsOper(sptr
) && IsConfExemptKline(aconf
))
694 if(IsOper(sptr
) && IsConfExemptLimits(aconf
))
697 strncpy(prefix_ptr
, name
, USERLEN
);
698 return (prefix_of_host
);
703 * Inputs: pointer to client to report to
705 * Side effects: Reports configured auth{} blocks to client_p
708 report_auth(struct Client
*client_p
)
710 char *name
, *host
, *pass
, *user
, *classname
;
711 struct AddressRec
*arec
;
712 struct ConfItem
*aconf
;
715 for (i
= 0; i
< ATABLE_SIZE
; i
++)
716 for (arec
= atable
[i
]; arec
; arec
= arec
->next
)
717 if(arec
->type
== CONF_CLIENT
)
721 if(!IsOper(client_p
) && IsConfDoSpoofIp(aconf
))
724 get_printable_conf(aconf
, &name
, &host
, &pass
, &user
, &port
,
727 if(!EmptyString(aconf
->spasswd
))
728 pass
= aconf
->spasswd
;
730 sendto_one_numeric(client_p
, RPL_STATSILINE
,
731 form_str(RPL_STATSILINE
),
732 name
, pass
, show_iline_prefix(client_p
, aconf
, user
),
733 show_ip_conf(aconf
, client_p
) ? host
: "255.255.255.255",
740 * inputs - Client to report to, mask
742 * side effects - Reports configured K-lines to client_p.
745 report_Klines(struct Client
*source_p
)
747 char *host
, *pass
, *user
, *oper_reason
;
748 struct AddressRec
*arec
;
749 struct ConfItem
*aconf
= NULL
;
752 for (i
= 0; i
< ATABLE_SIZE
; i
++)
754 for (arec
= atable
[i
]; arec
; arec
= arec
->next
)
756 if(arec
->type
== CONF_KILL
)
760 /* its a tempkline, theyre reported elsewhere */
761 if(aconf
->flags
& CONF_FLAGS_TEMPORARY
)
764 get_printable_kline(source_p
, aconf
, &host
, &pass
, &user
, &oper_reason
);
765 sendto_one_numeric(source_p
, RPL_STATSKLINE
,
766 form_str(RPL_STATSKLINE
),
767 'K', host
, user
, pass
,
768 oper_reason
? "|" : "",
769 oper_reason
? oper_reason
: "");