]> jfr.im git - solanum.git/blob - authd/providers/blacklist.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
authd/providers/blacklist: fix use after free
[solanum.git] / authd / providers / blacklist.c
1 /*
2 * charybdis: A slightly useful ircd.
3 * blacklist.c: Manages DNS blacklist entries and lookups
4 *
5 * Copyright (C) 2006-2011 charybdis development team
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are
9 * met:
10 *
11 * 1. Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * 3. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
23 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
24 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
30 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31 * POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 /* Originally written for charybdis circa 2006 (by nenolod?).
35 * Tweaked for authd. Some functions and structs renamed. Public/private
36 * interfaces have been shifted around. Some code has been cleaned up too.
37 * -- Elizafox 24 March 2016
38 */
39
40 #include "authd.h"
41 #include "provider.h"
42 #include "notice.h"
43 #include "stdinc.h"
44 #include "dns.h"
45
46 typedef enum filter_t
47 {
48 FILTER_ALL = 1,
49 FILTER_LAST = 2,
50 } filter_t;
51
52 /* Blacklist accepted IP types */
53 #define IPTYPE_IPV4 1
54 #define IPTYPE_IPV6 2
55
56 /* A configured DNSBL */
57 struct blacklist
58 {
59 char host[IRCD_RES_HOSTLEN + 1];
60 char reason[BUFSIZE]; /* Reason template (ircd fills in the blanks) */
61 unsigned char iptype; /* IP types supported */
62 rb_dlink_list filters; /* Filters for queries */
63
64 bool delete; /* If true delete when no clients */
65 int refcount; /* When 0 and delete is set, remove this blacklist */
66
67 time_t lastwarning; /* Last warning about garbage replies sent */
68 };
69
70 /* A lookup in progress for a particular DNSBL for a particular client */
71 struct blacklist_lookup
72 {
73 struct blacklist *bl; /* Blacklist we're checking */
74 struct auth_client *auth; /* Client */
75 struct dns_query *query; /* DNS query pointer */
76
77 rb_dlink_node node;
78 };
79
80 /* A blacklist filter */
81 struct blacklist_filter
82 {
83 filter_t type; /* Type of filter */
84 char filter[HOSTIPLEN]; /* The filter itself */
85
86 rb_dlink_node node;
87 };
88
89 /* Blacklist user data attached to auth_client instance */
90 struct blacklist_user
91 {
92 rb_dlink_list queries; /* Blacklist queries in flight */
93 time_t timeout; /* When this times out */
94 };
95
96 /* public interfaces */
97 static bool blacklists_init(void);
98 static void blacklists_destroy(void);
99
100 static bool blacklists_start(struct auth_client *);
101 static void blacklists_cancel(struct auth_client *);
102
103 /* private interfaces */
104 static void unref_blacklist(struct blacklist *);
105 static struct blacklist *new_blacklist(const char *, const char *, unsigned char, rb_dlink_list *);
106 static struct blacklist *find_blacklist(const char *);
107 static bool blacklist_check_reply(struct blacklist_lookup *, const char *);
108 static void blacklist_dns_callback(const char *, bool, query_type, void *);
109 static void initiate_blacklist_dnsquery(struct blacklist *, struct auth_client *);
110 static void timeout_blacklist_queries_event(void *);
111
112 /* Variables */
113 static rb_dlink_list blacklist_list = { NULL, NULL, 0 };
114 static struct ev_entry *timeout_ev;
115 static int blacklist_timeout = 15;
116
117 /* private interfaces */
118
119 static void
120 unref_blacklist(struct blacklist *bl)
121 {
122 rb_dlink_node *ptr, *nptr;
123
124 bl->refcount--;
125 if (bl->delete && bl->refcount <= 0)
126 {
127 RB_DLINK_FOREACH_SAFE(ptr, nptr, bl->filters.head)
128 {
129 rb_dlinkDelete(ptr, &bl->filters);
130 rb_free(ptr);
131 }
132
133 rb_dlinkFindDestroy(bl, &blacklist_list);
134 rb_free(bl);
135 }
136 }
137
138 static struct blacklist *
139 new_blacklist(const char *name, const char *reason, unsigned char iptype, rb_dlink_list *filters)
140 {
141 struct blacklist *bl;
142
143 if (name == NULL || reason == NULL || iptype == 0)
144 return NULL;
145
146 if((bl = find_blacklist(name)) == NULL)
147 {
148 bl = rb_malloc(sizeof(struct blacklist));
149 rb_dlinkAddAlloc(bl, &blacklist_list);
150 }
151 else
152 bl->delete = false;
153
154 rb_strlcpy(bl->host, name, IRCD_RES_HOSTLEN + 1);
155 rb_strlcpy(bl->reason, reason, BUFSIZE);
156 bl->iptype = iptype;
157
158 rb_dlinkMoveList(filters, &bl->filters);
159
160 bl->lastwarning = 0;
161
162 return bl;
163 }
164
165 static struct blacklist *
166 find_blacklist(const char *name)
167 {
168 rb_dlink_node *ptr;
169
170 RB_DLINK_FOREACH(ptr, blacklist_list.head)
171 {
172 struct blacklist *bl = (struct blacklist *)ptr->data;
173
174 if (!strcasecmp(bl->host, name))
175 return bl;
176 }
177
178 return NULL;
179 }
180
181 static inline bool
182 blacklist_check_reply(struct blacklist_lookup *bllookup, const char *ipaddr)
183 {
184 struct blacklist *bl = bllookup->bl;
185 const char *lastoctet;
186 rb_dlink_node *ptr;
187
188 /* No filters and entry found - thus positive match */
189 if (!rb_dlink_list_length(&bl->filters))
190 return true;
191
192 /* Below will prolly have to change if IPv6 address replies are sent back */
193 if ((lastoctet = strrchr(ipaddr, '.')) == NULL || *(++lastoctet) == '\0')
194 goto blwarn;
195
196 RB_DLINK_FOREACH(ptr, bl->filters.head)
197 {
198 struct blacklist_filter *filter = ptr->data;
199 const char *cmpstr;
200
201 if (filter->type == FILTER_ALL)
202 cmpstr = ipaddr;
203 else if (filter->type == FILTER_LAST)
204 cmpstr = lastoctet;
205 else
206 {
207 warn_opers(L_CRIT, "BUG: Unknown blacklist filter type on blacklist %s: %d",
208 bl->host, filter->type);
209 continue;
210 }
211
212 if (strcmp(cmpstr, filter->filter) == 0)
213 /* Match! */
214 return true;
215 }
216
217 return false;
218 blwarn:
219 if (bl->lastwarning + 3600 < rb_current_time())
220 {
221 warn_opers(L_WARN, "Garbage/undecipherable reply received from blacklist %s (reply %s)",
222 bl->host, ipaddr);
223 bl->lastwarning = rb_current_time();
224 }
225 return false;
226 }
227
228 static void
229 blacklist_dns_callback(const char *result, bool status, query_type type, void *data)
230 {
231 struct blacklist_lookup *bllookup = (struct blacklist_lookup *)data;
232 struct blacklist_user *bluser;
233 struct blacklist *bl;
234 struct auth_client *auth;
235
236 if (bllookup == NULL || bllookup->auth == NULL)
237 return;
238
239 bl = bllookup->bl;
240 auth = bllookup->auth;
241 bluser = auth->data[PROVIDER_BLACKLIST];
242 if(bluser == NULL)
243 return;
244
245 if (result != NULL && status && blacklist_check_reply(bllookup, result))
246 {
247 /* Match found, so proceed no further */
248 blacklists_cancel(auth);
249 reject_client(auth, PROVIDER_BLACKLIST, bl->reason);
250 return;
251 }
252
253 unref_blacklist(bl);
254 cancel_query(bllookup->query); /* Ignore future responses */
255 rb_dlinkDelete(&bllookup->node, &bluser->queries);
256 rb_free(bllookup);
257
258 if(!rb_dlink_list_length(&bluser->queries))
259 {
260 /* Done here */
261 rb_free(bluser);
262 auth->data[PROVIDER_BLACKLIST] = NULL;
263 provider_done(auth, PROVIDER_BLACKLIST);
264 }
265 }
266
267 static void
268 initiate_blacklist_dnsquery(struct blacklist *bl, struct auth_client *auth)
269 {
270 struct blacklist_lookup *bllookup = rb_malloc(sizeof(struct blacklist_lookup));
271 struct blacklist_user *bluser = auth->data[PROVIDER_BLACKLIST];
272 char buf[IRCD_RES_HOSTLEN + 1];
273 int aftype;
274
275 bllookup->bl = bl;
276 bllookup->auth = auth;
277
278 aftype = GET_SS_FAMILY(&auth->c_addr);
279 if((aftype == AF_INET && (bl->iptype & IPTYPE_IPV4) == 0) ||
280 (aftype == AF_INET6 && (bl->iptype & IPTYPE_IPV6) == 0))
281 /* Incorrect blacklist type for this IP... */
282 return;
283
284 build_rdns(buf, sizeof(buf), &auth->c_addr, bl->host);
285
286 bllookup->query = lookup_ip(buf, AF_INET, blacklist_dns_callback, bllookup);
287
288 rb_dlinkAdd(bllookup, &bllookup->node, &bluser->queries);
289 bl->refcount++;
290 }
291
292 /* Timeout outstanding queries */
293 static void
294 timeout_blacklist_queries_event(void *notused)
295 {
296 struct auth_client *auth;
297 rb_dictionary_iter iter;
298
299 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
300 {
301 struct blacklist_user *bluser = auth->data[PROVIDER_BLACKLIST];
302
303 if(bluser != NULL && bluser->timeout < rb_current_time())
304 {
305 blacklists_cancel(auth);
306 provider_done(auth, PROVIDER_BLACKLIST);
307 }
308 }
309 }
310
311 static inline void
312 lookup_all_blacklists(struct auth_client *auth)
313 {
314 struct blacklist_user *bluser = auth->data[PROVIDER_BLACKLIST];
315 rb_dlink_node *ptr;
316
317 RB_DLINK_FOREACH(ptr, blacklist_list.head)
318 {
319 struct blacklist *bl = (struct blacklist *)ptr->data;
320
321 if (!bl->delete)
322 initiate_blacklist_dnsquery(bl, auth);
323 }
324
325 bluser->timeout = rb_current_time() + blacklist_timeout;
326 }
327
328 static inline void
329 delete_blacklist(struct blacklist *bl)
330 {
331 if (bl->refcount > 0)
332 bl->delete = true;
333 else
334 {
335 rb_dlinkFindDestroy(bl, &blacklist_list);
336 rb_free(bl);
337 }
338 }
339
340 static void
341 delete_all_blacklists(void)
342 {
343 rb_dlink_node *ptr, *nptr;
344
345 RB_DLINK_FOREACH_SAFE(ptr, nptr, blacklist_list.head)
346 {
347 delete_blacklist(ptr->data);
348 }
349 }
350
351 /* public interfaces */
352 static bool
353 blacklists_start(struct auth_client *auth)
354 {
355 if(auth->data[PROVIDER_BLACKLIST] != NULL)
356 return true;
357
358 if(!rb_dlink_list_length(&blacklist_list))
359 /* Nothing to do... */
360 return true;
361
362 auth->data[PROVIDER_BLACKLIST] = rb_malloc(sizeof(struct blacklist_user));
363
364 if(is_provider_done(auth, PROVIDER_RDNS) && is_provider_done(auth, PROVIDER_IDENT))
365 /* This probably can't happen but let's handle this case anyway */
366 lookup_all_blacklists(auth);
367
368 set_provider_on(auth, PROVIDER_BLACKLIST);
369 return true;
370 }
371
372 /* This is called every time a provider is completed as long as we are marked not done */
373 static void
374 blacklists_initiate(struct auth_client *auth, provider_t provider)
375 {
376 struct blacklist_user *bluser = auth->data[PROVIDER_BLACKLIST];
377
378 lrb_assert(provider != PROVIDER_BLACKLIST);
379 lrb_assert(!is_provider_done(auth, PROVIDER_BLACKLIST));
380 lrb_assert(rb_dlink_list_length(&blacklist_list) > 0);
381
382 if(bluser == NULL || rb_dlink_list_length(&bluser->queries))
383 /* Nothing to do */
384 return;
385 else if(!(is_provider_done(auth, PROVIDER_RDNS) && is_provider_done(auth, PROVIDER_IDENT)))
386 /* Don't start until we've completed these */
387 return;
388 else
389 lookup_all_blacklists(auth);
390 }
391
392 static void
393 blacklists_cancel(struct auth_client *auth)
394 {
395 rb_dlink_node *ptr, *nptr;
396 struct blacklist_user *bluser = auth->data[PROVIDER_BLACKLIST];
397
398 if(bluser == NULL)
399 return;
400
401 RB_DLINK_FOREACH_SAFE(ptr, nptr, bluser->queries.head)
402 {
403 struct blacklist_lookup *bllookup = ptr->data;
404
405 cancel_query(bllookup->query);
406 unref_blacklist(bllookup->bl);
407
408 rb_dlinkDelete(&bllookup->node, &bluser->queries);
409 rb_free(bllookup);
410 }
411
412 rb_free(bluser);
413 auth->data[PROVIDER_BLACKLIST] = NULL;
414 }
415
416 static bool
417 blacklists_init(void)
418 {
419 timeout_ev = rb_event_addish("timeout_blacklist_queries_event", timeout_blacklist_queries_event, NULL, 1);
420 return (timeout_ev != NULL);
421 }
422
423 static void
424 blacklists_destroy(void)
425 {
426 rb_dlink_node *ptr, *nptr;
427 rb_dictionary_iter iter;
428 struct blacklist *bl;
429 struct auth_client *auth;
430
431 RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
432 {
433 blacklists_cancel(auth);
434 }
435
436 delete_all_blacklists();
437 rb_event_delete(timeout_ev);
438 }
439
440 static void
441 add_conf_blacklist(const char *key, int parc, const char **parv)
442 {
443 rb_dlink_list filters = { NULL, NULL, 0 };
444 char *tmp, *elemlist = rb_strdup(parv[2]);
445 unsigned char iptype;
446
447 if(*elemlist == '*')
448 goto end;
449
450 for(char *elem = rb_strtok_r(elemlist, ",", &tmp); elem; elem = rb_strtok_r(NULL, ",", &tmp))
451 {
452 struct blacklist_filter *filter = rb_malloc(sizeof(struct blacklist_filter));
453 int dot_c = 0;
454 filter_t type = FILTER_LAST;
455 bool valid = true;
456
457 /* Check blacklist filter type and for validity */
458 for(char *c = elem; *c != '\0'; c++)
459 {
460 if(*c == '.')
461 {
462 if(++dot_c > 3)
463 {
464 warn_opers(L_CRIT, "addr_conf_blacklist got a bad filter (too many octets)");
465 valid = false;
466 break;
467 }
468
469 type = FILTER_ALL;
470 }
471 else if(!isdigit(*c))
472 {
473 warn_opers(L_CRIT, "addr_conf_blacklist got a bad filter (invalid character in blacklist filter: %c)", *c);
474 valid = false;
475 break;
476 }
477 }
478
479 if(valid && dot_c > 0 && dot_c < 3)
480 {
481 warn_opers(L_CRIT, "addr_conf_blacklist got a bad filter (insufficient octets)");
482 valid = false;
483 }
484
485 if(!valid)
486 {
487 rb_free(filter);
488 continue;
489 }
490
491 filter->type = type;
492 rb_strlcpy(filter->filter, elem, sizeof(filter->filter));
493 rb_dlinkAdd(filter, &filter->node, &filters);
494 }
495
496 end:
497 rb_free(elemlist);
498
499 iptype = atoi(parv[1]) & 0x3;
500 if(new_blacklist(parv[0], parv[3], iptype, &filters) == NULL)
501 {
502 rb_dlink_node *ptr, *nptr;
503
504 warn_opers(L_CRIT, "addr_conf_blacklist got a malformed blacklist");
505
506 RB_DLINK_FOREACH_SAFE(ptr, nptr, filters.head)
507 {
508 rb_free(ptr->data);
509 rb_dlinkDelete(ptr, &filters);
510 }
511 }
512 }
513
514 static void
515 del_conf_blacklist(const char *key, int parc, const char **parv)
516 {
517 struct blacklist *bl = find_blacklist(parv[0]);
518 if(bl == NULL)
519 {
520 warn_opers(L_CRIT, "BUG: tried to remove nonexistent blacklist %s", parv[0]);
521 return;
522 }
523
524 delete_blacklist(bl);
525 }
526
527 static void
528 del_conf_blacklist_all(const char *key, int parc, const char **parv)
529 {
530 delete_all_blacklists();
531 }
532
533 static void
534 add_conf_blacklist_timeout(const char *key, int parc, const char **parv)
535 {
536 int timeout = atoi(parv[0]);
537
538 if(timeout < 0)
539 {
540 warn_opers(L_CRIT, "BUG: blacklist timeout < 0 (value: %d)", timeout);
541 return;
542 }
543
544 blacklist_timeout = timeout;
545 }
546
547 struct auth_opts_handler blacklist_options[] =
548 {
549 { "rbl", 4, add_conf_blacklist },
550 { "rbl_del", 1, del_conf_blacklist },
551 { "rbl_del_all", 0, del_conf_blacklist_all },
552 { "rbl_timeout", 1, add_conf_blacklist_timeout },
553 { NULL, 0, NULL },
554 };
555
556 struct auth_provider blacklist_provider =
557 {
558 .id = PROVIDER_BLACKLIST,
559 .init = blacklists_init,
560 .destroy = blacklists_destroy,
561 .start = blacklists_start,
562 .cancel = blacklists_cancel,
563 .completed = blacklists_initiate,
564 .opt_handlers = blacklist_options,
565 };
Fork of solanum ircd, history is rebased regularly