#include "privilege.h"
#include "sslproc.h"
#include "bandbi.h"
+#include "operhash.h"
struct config_server_hide ConfigServerHide;
static rb_bh *confitem_heap = NULL;
+rb_dlink_list prop_bans;
+
rb_dlink_list temp_klines[LAST_TEMP_TYPE];
rb_dlink_list temp_dlines[LAST_TEMP_TYPE];
rb_dlink_list service_list;
static void read_conf(FILE *);
static void clear_out_old_conf(void);
+static void expire_prop_bans(void *list);
static void expire_temp_kd(void *list);
static void reorganise_temp_kd(void *list);
{
confitem_heap = rb_bh_create(sizeof(struct ConfItem), CONFITEM_HEAP_SIZE, "confitem_heap");
+ rb_event_addish("expire_prop_bans", expire_prop_bans, &prop_bans, 60);
+
rb_event_addish("expire_temp_klines", expire_temp_kd, &temp_klines[TEMP_MIN], 60);
rb_event_addish("expire_temp_dlines", expire_temp_kd, &temp_dlines[TEMP_MIN], 60);
rb_free(aconf->passwd);
rb_free(aconf->spasswd);
- rb_free(aconf->name);
rb_free(aconf->className);
rb_free(aconf->user);
rb_free(aconf->host);
+ if(IsConfBan(aconf))
+ operhash_delete(aconf->info.oper);
+ else
+ rb_free(aconf->info.name);
+
rb_bh_free(confitem_heap, aconf);
}
if(aconf->flags & CONF_FLAGS_REDIR)
{
sendto_one_numeric(client_p, RPL_REDIR, form_str(RPL_REDIR),
- aconf->name ? aconf->name : "", aconf->port);
+ aconf->info.name ? aconf->info.name : "", aconf->port);
return (NOT_AUTHORISED);
}
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"%s spoofing: %s as %s",
client_p->name,
- show_ip(NULL, client_p) ? client_p->host : aconf->name,
- aconf->name);
+ show_ip(NULL, client_p) ? client_p->host : aconf->info.name,
+ aconf->info.name);
}
/* user@host spoof */
- if((p = strchr(aconf->name, '@')) != NULL)
+ if((p = strchr(aconf->info.name, '@')) != NULL)
{
char *host = p+1;
*p = '\0';
- rb_strlcpy(client_p->username, aconf->name,
+ rb_strlcpy(client_p->username, aconf->info.name,
sizeof(client_p->username));
rb_strlcpy(client_p->host, host,
sizeof(client_p->host));
*p = '@';
}
else
- rb_strlcpy(client_p->host, aconf->name, sizeof(client_p->host));
+ rb_strlcpy(client_p->host, aconf->info.name, sizeof(client_p->host));
}
return (attach_iline(client_p, aconf));
}
else if(aconf->status & CONF_KILL)
{
if(ConfigFileEntry.kline_with_reason)
- {
sendto_one(client_p,
form_str(ERR_YOUREBANNEDCREEP),
- me.name, client_p->name, aconf->passwd);
- }
+ me.name, client_p->name,
+ get_user_ban_reason(aconf));
add_reject(client_p, aconf->user, aconf->host);
return (BANNED_CLIENT);
}
int local_count = 0;
int global_count = 0;
int ident_count = 0;
- int unidented = 0;
+ int unidented;
if(IsConfExemptLimits(aconf))
return (attach_conf(client_p, aconf));
- if(*client_p->username == '~')
- unidented = 1;
-
+ unidented = !IsGotId(client_p) && !IsNoTilde(aconf) &&
+ (!IsConfDoSpoofIp(aconf) || !strchr(aconf->info.name, '@'));
/* find_hostname() returns the head of the list to search */
RB_DLINK_FOREACH(ptr, find_hostname(client_p->host))
return (0);
}
-static struct banconf_entry
-{
- const char **filename;
- void (*func) (FILE *);
- int perm;
-} banconfs[] = {
- { &ConfigFileEntry.klinefile, parse_k_file, 0 },
- { &ConfigFileEntry.klinefile, parse_k_file, 1 },
- { &ConfigFileEntry.dlinefile, parse_d_file, 0 },
- { &ConfigFileEntry.dlinefile, parse_d_file, 1 },
- { &ConfigFileEntry.xlinefile, parse_x_file, 0 },
- { &ConfigFileEntry.xlinefile, parse_x_file, 1 },
- { &ConfigFileEntry.resvfile, parse_resv_file,0 },
- { &ConfigFileEntry.resvfile, parse_resv_file,1 },
- { NULL, NULL, 0 }
-};
-
void
rehash_bans(int sig)
{
ConfigFileEntry.collision_fnc = YES;
ConfigFileEntry.global_snotices = YES;
ConfigFileEntry.operspy_dont_care_user_info = NO;
+ ConfigFileEntry.use_propagated_bans = YES;
#ifdef HAVE_LIBZ
ConfigFileEntry.compression_level = 4;
ConfigChannel.no_join_on_split = NO;
ConfigChannel.no_create_on_split = YES;
ConfigChannel.resv_forcepart = YES;
+ ConfigChannel.channel_target_change = YES;
ConfigServerHide.flatten_links = 0;
ConfigServerHide.links_delay = 300;
ConfigFileEntry.min_nonwildcard = 4;
ConfigFileEntry.min_nonwildcard_simple = 3;
ConfigFileEntry.default_floodcount = 8;
+ ConfigFileEntry.default_ident_timeout = 5;
ConfigFileEntry.client_flood = CLIENT_FLOOD_DEFAULT;
ConfigFileEntry.tkline_expire_notices = 0;
add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, NULL, aconf);
}
+/* valid_wild_card()
+ *
+ * input - user buffer, host buffer
+ * output - 0 if invalid, 1 if valid
+ * side effects -
+ */
+int
+valid_wild_card(const char *luser, const char *lhost)
+{
+ const char *p;
+ char tmpch;
+ int nonwild = 0;
+ int bitlen;
+
+ /* user has no wildcards, always accept -- jilles */
+ if(!strchr(luser, '?') && !strchr(luser, '*'))
+ return 1;
+
+ /* check there are enough non wildcard chars */
+ p = luser;
+ while((tmpch = *p++))
+ {
+ if(!IsKWildChar(tmpch))
+ {
+ /* found enough chars, return */
+ if(++nonwild >= ConfigFileEntry.min_nonwildcard)
+ return 1;
+ }
+ }
+
+ /* try host, as user didnt contain enough */
+ /* special case for cidr masks -- jilles */
+ if((p = strrchr(lhost, '/')) != NULL && IsDigit(p[1]))
+ {
+ bitlen = atoi(p + 1);
+ /* much like non-cidr for ipv6, rather arbitrary for ipv4 */
+ if(bitlen > 0
+ && bitlen >=
+ (strchr(lhost, ':') ? 4 * (ConfigFileEntry.min_nonwildcard - nonwild) : 6 -
+ 2 * nonwild))
+ return 1;
+ }
+ else
+ {
+ p = lhost;
+ while((tmpch = *p++))
+ {
+ if(!IsKWildChar(tmpch))
+ if(++nonwild >= ConfigFileEntry.min_nonwildcard)
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+rb_dlink_node *
+find_prop_ban(unsigned int status, const char *user, const char *host)
+{
+ rb_dlink_node *ptr;
+ struct ConfItem *aconf;
+
+ RB_DLINK_FOREACH(ptr, prop_bans.head)
+ {
+ aconf = ptr->data;
+
+ if((aconf->status & ~CONF_ILLEGAL) == status &&
+ (!user || !aconf->user ||
+ !irccmp(aconf->user, user)) &&
+ !irccmp(aconf->host, host))
+ return ptr;
+ }
+ return NULL;
+}
+
+void
+deactivate_conf(struct ConfItem *aconf, rb_dlink_node *ptr)
+{
+ int i;
+
+ s_assert(ptr->data == aconf);
+
+ switch (aconf->status)
+ {
+ case CONF_KILL:
+ if (aconf->lifetime == 0 &&
+ aconf->flags & CONF_FLAGS_TEMPORARY)
+ for (i = 0; i < LAST_TEMP_TYPE; i++)
+ rb_dlinkFindDestroy(aconf, &temp_klines[i]);
+ /* Make sure delete_one_address_conf() does not
+ * free the aconf.
+ */
+ aconf->clients++;
+ delete_one_address_conf(aconf->host, aconf);
+ aconf->clients--;
+ break;
+ case CONF_DLINE:
+ if (aconf->lifetime == 0 &&
+ aconf->flags & CONF_FLAGS_TEMPORARY)
+ for (i = 0; i < LAST_TEMP_TYPE; i++)
+ rb_dlinkFindDestroy(aconf, &temp_dlines[i]);
+ aconf->clients++;
+ delete_one_address_conf(aconf->host, aconf);
+ aconf->clients--;
+ break;
+ case CONF_XLINE:
+ rb_dlinkFindDestroy(aconf, &xline_conf_list);
+ break;
+ case CONF_RESV_NICK:
+ rb_dlinkFindDestroy(aconf, &resv_conf_list);
+ break;
+ case CONF_RESV_CHANNEL:
+ del_from_resv_hash(aconf->host, aconf);
+ break;
+ }
+ if (aconf->lifetime != 0 && rb_current_time() < aconf->lifetime)
+ aconf->status |= CONF_ILLEGAL;
+ else
+ {
+ if (aconf->lifetime != 0)
+ rb_dlinkDestroy(ptr, &prop_bans);
+ free_conf(aconf);
+ }
+}
+
+/* Given a new ban ConfItem, look for any matching ban, update the lifetime
+ * from it and delete it.
+ */
+void
+replace_old_ban(struct ConfItem *aconf)
+{
+ rb_dlink_node *ptr;
+ struct ConfItem *oldconf;
+
+ ptr = find_prop_ban(aconf->status, aconf->user, aconf->host);
+ if(ptr != NULL)
+ {
+ oldconf = ptr->data;
+ /* Remember at least as long as the old one. */
+ if(oldconf->lifetime > aconf->lifetime)
+ aconf->lifetime = oldconf->lifetime;
+ /* Force creation time to increase. */
+ if(oldconf->created >= aconf->created)
+ aconf->created = oldconf->created + 1;
+ /* Leave at least one second of validity. */
+ if(aconf->hold <= aconf->created)
+ aconf->hold = aconf->created + 1;
+ if(aconf->lifetime < aconf->hold)
+ aconf->lifetime = aconf->hold;
+ /* Tell deactivate_conf() to destroy it. */
+ oldconf->lifetime = rb_current_time();
+ deactivate_conf(oldconf, ptr);
+ }
+}
+
+static void
+expire_prop_bans(void *list)
+{
+ rb_dlink_node *ptr;
+ rb_dlink_node *next_ptr;
+ struct ConfItem *aconf;
+
+ RB_DLINK_FOREACH_SAFE(ptr, next_ptr, ((rb_dlink_list *) list)->head)
+ {
+ aconf = ptr->data;
+
+ if(aconf->lifetime <= rb_current_time() ||
+ (aconf->hold <= rb_current_time() &&
+ !(aconf->status & CONF_ILLEGAL)))
+ {
+ /* Alert opers that a TKline expired - Hwy */
+ /* XXX show what type of ban it is */
+ if(ConfigFileEntry.tkline_expire_notices &&
+ !(aconf->status & CONF_ILLEGAL))
+ sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ "Propagated ban for [%s%s%s] expired",
+ aconf->user ? aconf->user : "",
+ aconf->user ? "@" : "",
+ aconf->host ? aconf->host : "*");
+
+ /* will destroy or mark illegal */
+ deactivate_conf(aconf, ptr);
+ }
+ }
+}
+
/* expire_tkline()
*
* inputs - list pointer
static char null[] = "<NULL>";
static char zero[] = "default";
- *name = EmptyString(aconf->name) ? null : aconf->name;
+ *name = EmptyString(aconf->info.name) ? null : aconf->info.name;
*host = EmptyString(aconf->host) ? null : aconf->host;
*pass = EmptyString(aconf->passwd) ? null : aconf->passwd;
*user = EmptyString(aconf->user) ? null : aconf->user;
*port = (int) aconf->port;
}
+char *
+get_user_ban_reason(struct ConfItem *aconf)
+{
+ static char reasonbuf[BUFSIZE];
+
+ if (aconf->flags & CONF_FLAGS_TEMPORARY &&
+ (aconf->status == CONF_KILL || aconf->status == CONF_DLINE))
+ rb_snprintf(reasonbuf, sizeof reasonbuf,
+ "Temporary %c-line %d min. - ",
+ aconf->status == CONF_DLINE ? 'D' : 'K',
+ (int)((aconf->hold - aconf->created) / 60));
+ else
+ reasonbuf[0] = '\0';
+ if (aconf->passwd)
+ rb_strlcat(reasonbuf, aconf->passwd, sizeof reasonbuf);
+ else
+ rb_strlcat(reasonbuf, "No Reason", sizeof reasonbuf);
+ if (aconf->created)
+ {
+ rb_strlcat(reasonbuf, " (", sizeof reasonbuf);
+ rb_strlcat(reasonbuf, smalldate(aconf->created),
+ sizeof reasonbuf);
+ rb_strlcat(reasonbuf, ")", sizeof reasonbuf);
+ }
+ return reasonbuf;
+}
+
void
get_printable_kline(struct Client *source_p, struct ConfItem *aconf,
char **host, char **reason,
char **user, char **oper_reason)
{
static char null[] = "<NULL>";
+ static char operreasonbuf[BUFSIZE];
*host = EmptyString(aconf->host) ? null : aconf->host;
- *reason = EmptyString(aconf->passwd) ? null : aconf->passwd;
*user = EmptyString(aconf->user) ? null : aconf->user;
+ *reason = get_user_ban_reason(aconf);
- if(EmptyString(aconf->spasswd) || !IsOper(source_p))
+ if(!IsOper(source_p))
*oper_reason = NULL;
else
- *oper_reason = aconf->spasswd;
+ {
+ rb_snprintf(operreasonbuf, sizeof operreasonbuf, "%s%s(%s)",
+ EmptyString(aconf->spasswd) ? "" : aconf->spasswd,
+ EmptyString(aconf->spasswd) ? "" : " ",
+ aconf->info.oper);
+ *oper_reason = operreasonbuf;
+ }
}
/*
int
conf_fgets(char *lbuf, int max_size, FILE * fb)
{
- char *buff;
-
- if((buff = fgets(lbuf, max_size, fb)) == NULL)
+ if(fgets(lbuf, max_size, fb) == NULL)
return (0);
return (strlen(lbuf));