/*
- * charybdis: an advanced internet relay chat daemon (ircd).
+ * Solanum: a slightly advanced ircd
* hostmask.c: Code to efficiently find IP & hostmask based configs.
*
* Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
- *
- * $Id: hostmask.c 2757 2006-11-10 22:58:15Z jilles $
*/
#include "stdinc.h"
#include "ircd_defs.h"
#include "s_conf.h"
+#include "s_newconf.h"
#include "hostmask.h"
#include "numeric.h"
#include "send.h"
#include "match.h"
-#include "ipv4_from_ipv6.h"
-#ifdef RB_IPV6
static unsigned long hash_ipv6(struct sockaddr *, int);
-#endif
static unsigned long hash_ipv4(struct sockaddr *, int);
-/* int parse_netmask(const char *, struct rb_sockaddr_storage *, int *);
- * Input: A hostmask, or an IPV4/6 address.
- * Output: An integer describing whether it is an IPV4, IPV6 address or a
- * hostmask, an address(if it is an IP mask),
- * a bitlength(if it is IP mask).
- * Side effects: None
- */
-int
-parse_netmask(const char *text, struct rb_sockaddr_storage *naddr, int *nb)
+static int
+_parse_netmask(const char *text, struct rb_sockaddr_storage *naddr, int *nb, bool strict)
{
char *ip = LOCAL_COPY(text);
char *ptr;
+ char *endp;
struct rb_sockaddr_storage *addr, xaddr;
int *b, xb;
if(nb == NULL)
{
return HM_HOST;
}
-#ifdef RB_IPV6
if(strchr(ip, ':'))
{
if((ptr = strchr(ip, '/')))
{
*ptr = '\0';
ptr++;
- *b = atoi(ptr);
- if(*b > 128)
- *b = 128;
- else if(*b < 0)
+ long n = strtol(ptr, &endp, 10);
+ if (endp == ptr || n < 0)
return HM_HOST;
+ if (n > 128 || *endp != '\0')
+ {
+ if (strict)
+ return HM_ERROR;
+ else
+ n = 128;
+ }
+ *b = n;
} else
*b = 128;
- if(rb_inet_pton_sock(ip, (struct sockaddr *)addr) > 0)
+ if(rb_inet_pton_sock(ip, addr) > 0)
return HM_IPV6;
else
return HM_HOST;
} else
-#endif
if(strchr(text, '.'))
{
if((ptr = strchr(ip, '/')))
{
*ptr = '\0';
ptr++;
- *b = atoi(ptr);
- if(*b > 32)
- *b = 32;
- else if(*b < 0)
+ long n = strtol(ptr, &endp, 10);
+ if (endp == ptr || n < 0)
return HM_HOST;
+ if (n > 32 || *endp != '\0')
+ {
+ if (strict)
+ return HM_ERROR;
+ else
+ n = 32;
+ }
+ *b = n;
} else
*b = 32;
- if(rb_inet_pton_sock(ip, (struct sockaddr *)addr) > 0)
+ if(rb_inet_pton_sock(ip, addr) > 0)
return HM_IPV4;
else
return HM_HOST;
return HM_HOST;
}
+/* int parse_netmask(const char *, struct rb_sockaddr_storage *, int *);
+ * Input: A hostmask, or an IPV4/6 address.
+ * Output: An integer describing whether it is an IPV4, IPV6 address or a
+ * hostmask, an address(if it is an IP mask),
+ * a bitlength(if it is IP mask).
+ * Side effects: None
+ */
+int parse_netmask(const char *mask, struct rb_sockaddr_storage *addr, int *blen)
+{
+ return _parse_netmask(mask, addr, blen, false);
+}
+
+int parse_netmask_strict(const char *mask, struct rb_sockaddr_storage *addr, int *blen)
+{
+ return _parse_netmask(mask, addr, blen, true);
+}
+
/* Hashtable stuff...now external as its used in m_stats.c */
struct AddressRec *atable[ATABLE_SIZE];
* Output: A hash value of the IP address.
* Side effects: None
*/
-#ifdef RB_IPV6
static unsigned long
hash_ipv6(struct sockaddr *saddr, int bits)
{
}
return v & (ATABLE_SIZE - 1);
}
-#endif
/* int hash_text(const char *start)
* Input: The start of the text to hash.
while(*p)
{
- h = (h << 4) - (h + (unsigned char) ToLower(*p++));
+ h = (h << 4) - (h + (unsigned char) irctolower(*p++));
}
return (h & (ATABLE_SIZE - 1));
/* struct ConfItem* find_conf_by_address(const char*, struct rb_sockaddr_storage*,
* int type, int fam, const char *username)
+ *
+ * This process needs to be kept in sync with check_one_kline().
+ *
* Input: The hostname, the address, the type of mask to find, the address
* family, the username.
* Output: The matching value with the highest precedence.
unsigned long hprecv = 0;
struct ConfItem *hprec = NULL;
struct AddressRec *arec;
+ struct sockaddr_in ip4;
+ struct sockaddr *pip4 = NULL;
int b;
if(username == NULL)
if(addr)
{
- /* Check for IPV6 matches... */
-#ifdef RB_IPV6
- if(fam == AF_INET6)
+ if (fam == AF_INET)
+ pip4 = addr;
+
+ if (fam == AF_INET6)
{
+ if (type == CONF_KILL && rb_ipv4_from_ipv6((struct sockaddr_in6 *)addr, &ip4))
+ pip4 = (struct sockaddr *)&ip4;
for (b = 128; b >= 0; b -= 16)
{
}
}
}
- else
-#endif
- if(fam == AF_INET)
+
+ if (pip4 != NULL)
{
for (b = 32; b >= 0; b -= 8)
{
- for (arec = atable[hash_ipv4(addr, b)]; arec; arec = arec->next)
+ for (arec = atable[hash_ipv4(pip4, b)]; arec; arec = arec->next)
if(arec->type == (type & ~0x1) &&
arec->masktype == HM_IPV4 &&
- comp_with_mask_sock(addr, (struct sockaddr *)&arec->Mask.ipa.addr,
+ comp_with_mask_sock(pip4, (struct sockaddr *)&arec->Mask.ipa.addr,
arec->Mask.ipa.bits) &&
(type & 0x1 || match(arec->username, username)) &&
(type != CONF_CLIENT || !arec->auth_user ||
{
struct ConfItem *iconf, *kconf;
const char *vuser;
-#ifdef RB_IPV6
- struct sockaddr_in ip4;
-#endif
/* Find the best I-line... If none, return NULL -A1kmm */
if(!(iconf = find_conf_by_address(host, sockhost, NULL, ip, CONF_CLIENT, aftype, user, auth_user)))
if(IsConfExemptKline(iconf))
return iconf;
- /* Find the best K-line... -A1kmm */
- kconf = find_conf_by_address(host, sockhost, NULL, ip, CONF_KILL, aftype, user, NULL);
-
- /* If they are K-lined, return the K-line */
- if(kconf)
- return kconf;
-
/* if theres a spoof, check it against klines.. */
if(IsConfDoSpoofIp(iconf))
{
char *p = strchr(iconf->info.name, '@');
/* note, we dont need to pass sockhost here, as its
- * guaranteed to not match by whats above.. --anfl
+ * guaranteed to not match by whats below.. --anfl
*/
if(p)
{
*p = '\0';
- kconf = find_conf_by_address(p+1, NULL, NULL, ip, CONF_KILL, aftype, iconf->info.name, NULL);
+ kconf = find_conf_by_address(p+1, NULL, NULL, NULL, CONF_KILL, aftype, iconf->info.name, NULL);
*p = '@';
}
else
- kconf = find_conf_by_address(iconf->info.name, NULL, NULL, ip, CONF_KILL, aftype, vuser, NULL);
+ kconf = find_conf_by_address(iconf->info.name, NULL, NULL, NULL, CONF_KILL, aftype, vuser, NULL);
if(kconf)
return kconf;
+
+ /* everything else checks real hosts, if they're kline_spoof_ip we're done */
+ if(IsConfKlineSpoof(iconf))
+ return iconf;
}
+ /* Find the best K-line... -A1kmm */
+ kconf = find_conf_by_address(host, sockhost, NULL, ip, CONF_KILL, aftype, user, NULL);
+
+ /* If they are K-lined, return the K-line */
+ if(kconf)
+ return kconf;
+
/* if no_tilde, check the username without tilde against klines too
* -- jilles */
if(user != vuser)
return kconf;
}
-#ifdef RB_IPV6
- if(ip != NULL && ip->sa_family == AF_INET6 &&
- ipv4_from_ipv6((const struct sockaddr_in6 *)(const void *)ip, &ip4))
- {
- kconf = find_conf_by_address(NULL, NULL, NULL, (struct sockaddr *)&ip4, CONF_KILL, AF_INET, vuser, NULL);
- if(kconf)
- return kconf;
- }
-#endif /* RB_IPV6 */
-
return iconf;
}
find_dline(struct sockaddr *addr, int aftype)
{
struct ConfItem *aconf;
-#ifdef RB_IPV6
struct sockaddr_in addr2;
-#endif
aconf = find_conf_by_address(NULL, NULL, NULL, addr, CONF_EXEMPTDLINE | 1, aftype, NULL, NULL);
if(aconf)
aconf = find_conf_by_address(NULL, NULL, NULL, addr, CONF_DLINE | 1, aftype, NULL, NULL);
if(aconf)
return aconf;
-#ifdef RB_IPV6
if(addr->sa_family == AF_INET6 &&
- ipv4_from_ipv6((const struct sockaddr_in6 *)(const void *)addr, &addr2))
+ rb_ipv4_from_ipv6((const struct sockaddr_in6 *)(const void *)addr, &addr2))
{
aconf = find_conf_by_address(NULL, NULL, NULL, (struct sockaddr *)&addr2, CONF_DLINE | 1, AF_INET, NULL, NULL);
if(aconf)
return aconf;
}
-#endif
return NULL;
}
-/* void find_exact_conf_by_address(const char*, int, const char *)
- * Input:
- * Output: ConfItem if found
- * Side-effects: None
- */
struct ConfItem *
-find_exact_conf_by_address(const char *address, int type, const char *username)
+find_exact_conf_by_address_filtered(const char *address, int type, const char *username, bool (*filter)(struct ConfItem *))
{
int masktype, bits;
unsigned long hv;
if(address == NULL)
address = "/NOMATCH!/";
masktype = parse_netmask(address, &addr, &bits);
-#ifdef RB_IPV6
if(masktype == HM_IPV6)
{
/* We have to do this, since we do not re-hash for every bit -A1kmm. */
hv = hash_ipv6((struct sockaddr *)&addr, bits - bits % 16);
}
- else
-#endif
- if(masktype == HM_IPV4)
+ else if(masktype == HM_IPV4)
{
/* We have to do this, since we do not re-hash for every bit -A1kmm. */
hv = hash_ipv4((struct sockaddr *)&addr, bits - bits % 8);
arec->masktype == masktype &&
(arec->username == NULL || username == NULL ? arec->username == username : !irccmp(arec->username, username)))
{
+ if (filter && !filter(arec->aconf))
+ continue;
+
if (masktype == HM_HOST)
{
if (!irccmp(arec->Mask.hostname, address))
return NULL;
}
+/* void find_exact_conf_by_address(const char*, int, const char *)
+ * Input:
+ * Output: ConfItem if found
+ * Side-effects: None
+ */
+struct ConfItem *
+find_exact_conf_by_address(const char *address, int type, const char *username)
+{
+ return find_exact_conf_by_address_filtered(address, type, username, NULL);
+}
+
/* void add_conf_by_address(const char*, int, const char *,
* struct ConfItem *aconf)
* Input:
add_conf_by_address(const char *address, int type, const char *username, const char *auth_user, struct ConfItem *aconf)
{
static unsigned long prec_value = 0xFFFFFFFF;
- int masktype, bits;
+ int bits;
unsigned long hv;
struct AddressRec *arec;
if(address == NULL)
address = "/NOMATCH!/";
arec = rb_malloc(sizeof(struct AddressRec));
- masktype = parse_netmask(address, &arec->Mask.ipa.addr, &bits);
- arec->Mask.ipa.bits = bits;
- arec->masktype = masktype;
-#ifdef RB_IPV6
- if(masktype == HM_IPV6)
+ arec->masktype = parse_netmask(address, &arec->Mask.ipa.addr, &bits);
+ if(arec->masktype == HM_IPV6)
{
+ arec->Mask.ipa.bits = bits;
/* We have to do this, since we do not re-hash for every bit -A1kmm. */
bits -= bits % 16;
arec->next = atable[(hv = hash_ipv6((struct sockaddr *)&arec->Mask.ipa.addr, bits))];
atable[hv] = arec;
}
- else
-#endif
- if(masktype == HM_IPV4)
+ else if(arec->masktype == HM_IPV4)
{
+ arec->Mask.ipa.bits = bits;
/* We have to do this, since we do not re-hash for every bit -A1kmm. */
bits -= bits % 8;
arec->next = atable[(hv = hash_ipv4((struct sockaddr *)&arec->Mask.ipa.addr, bits))];
struct AddressRec *arec, *arecl = NULL;
struct rb_sockaddr_storage addr;
masktype = parse_netmask(address, &addr, &bits);
-#ifdef RB_IPV6
if(masktype == HM_IPV6)
{
/* We have to do this, since we do not re-hash for every bit -A1kmm. */
bits -= bits % 16;
hv = hash_ipv6((struct sockaddr *)&addr, bits);
}
- else
-#endif
- if(masktype == HM_IPV4)
+ else if(masktype == HM_IPV4)
{
/* We have to do this, since we do not re-hash for every bit -A1kmm. */
bits -= bits % 8;
* them, otherwise sets them as illegal.
*/
void
-clear_out_address_conf(void)
+clear_out_address_conf(enum aconf_category clear_type)
{
int i;
struct AddressRec **store_next;
store_next = &atable[i];
for (arec = atable[i]; arec; arec = arecn)
{
+ enum aconf_category cur_type;
arecn = arec->next;
- /* We keep the temporary K-lines and destroy the
- * permanent ones, just to be confusing :) -A1kmm */
- if(arec->aconf->flags & CONF_FLAGS_TEMPORARY ||
- (arec->type != CONF_CLIENT && arec->type != CONF_EXEMPTDLINE))
- {
- *store_next = arec;
- store_next = &arec->next;
- }
- else
- {
- arec->aconf->status |= CONF_ILLEGAL;
- if(!arec->aconf->clients)
- free_conf(arec->aconf);
- rb_free(arec);
- }
- }
- *store_next = NULL;
- }
-}
-void
-clear_out_address_conf_bans(void)
-{
- int i;
- struct AddressRec **store_next;
- struct AddressRec *arec, *arecn;
+ if (arec->type == CONF_CLIENT || arec->type == CONF_EXEMPTDLINE || arec->type == CONF_SECURE)
+ cur_type = AC_CONFIG;
+ else
+ cur_type = AC_BANDB;
- for (i = 0; i < ATABLE_SIZE; i++)
- {
- store_next = &atable[i];
- for (arec = atable[i]; arec; arec = arecn)
- {
- arecn = arec->next;
/* We keep the temporary K-lines and destroy the
* permanent ones, just to be confusing :) -A1kmm */
- if(arec->aconf->flags & CONF_FLAGS_TEMPORARY ||
- (arec->type == CONF_CLIENT || arec->type == CONF_EXEMPTDLINE))
+ if (arec->aconf->flags & CONF_FLAGS_TEMPORARY || cur_type != clear_type)
{
*store_next = arec;
store_next = &arec->next;
}
}
-
/*
* show_iline_prefix()
*
*prefix_ptr++ = '+';
if(IsConfDoSpoofIp(aconf))
*prefix_ptr++ = '=';
+ if(IsNeedSasl(aconf))
+ *prefix_ptr++ = '%';
if(IsOper(sptr) && IsConfExemptFlood(aconf))
*prefix_ptr++ = '|';
if(IsOper(sptr) && IsConfExemptDNSBL(aconf) && !IsConfExemptKline(aconf))
*prefix_ptr++ = '^';
if(IsOper(sptr) && IsConfExemptLimits(aconf))
*prefix_ptr++ = '>';
- *prefix_ptr = '\0';
- strncpy(prefix_ptr, name, USERLEN);
+ rb_strlcpy(prefix_ptr, name, USERLEN + 1);
return (prefix_of_host);
}
{
aconf = arec->aconf;
- if(!IsOper(client_p) && IsConfDoSpoofIp(aconf))
+ if(!IsOperGeneral(client_p) && IsConfDoSpoofIp(aconf))
continue;
get_printable_conf(aconf, &name, &host, &pass, &user, &port,
projects / solanum.git / blobdiff