X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/460032e61f0b10137442b66ffa203dae5343344b..2c11ccb99eb8fcdd32eddfa56ca228f4246270aa:/ircd/client.c

diff --git a/ircd/client.c b/ircd/client.c
index 268f61b2..9cc059f8 100644
--- a/ircd/client.c
+++ b/ircd/client.c
@@ -32,7 +32,7 @@
 #include "ircd.h"
 #include "numeric.h"
 #include "packet.h"
-#include "s_auth.h"
+#include "authproc.h"
 #include "s_conf.h"
 #include "s_newconf.h"
 #include "logger.h"
@@ -47,11 +47,11 @@
 #include "hook.h"
 #include "msg.h"
 #include "monitor.h"
-#include "blacklist.h"
 #include "reject.h"
 #include "scache.h"
 #include "rb_dictionary.h"
 #include "sslproc.h"
+#include "wsproc.h"
 #include "s_assert.h"
 
 #define DEBUG_EXITED_CLIENTS
@@ -80,12 +80,6 @@ static uint32_t current_connid = 0;
 
 rb_dictionary *nd_dict = NULL;
 
-enum
-{
-	D_LINED,
-	K_LINED
-};
-
 rb_dlink_list dead_list;
 #ifdef DEBUG_EXITED_CLIENTS
 static rb_dlink_list dead_remote_list;
@@ -140,8 +134,8 @@ init_client(void)
 uint32_t
 connid_get(struct Client *client_p)
 {
-	s_assert(MyClient(client_p));
-	if (!MyClient(client_p))
+	s_assert(MyConnect(client_p));
+	if (!MyConnect(client_p))
 		return 0;
 
 	/* find a connid that is available */
@@ -194,8 +188,10 @@ client_release_connids(struct Client *client_p)
 {
 	rb_dlink_node *ptr, *ptr2;
 
-	s_assert(MyClient(client_p));
-	if (!MyClient(client_p))
+	if (client_p->localClient->connids.head)
+		s_assert(MyConnect(client_p));
+
+	if (!MyConnect(client_p))
 		return;
 
 	RB_DLINK_FOREACH_SAFE(ptr, ptr2, client_p->localClient->connids.head)
@@ -245,7 +241,7 @@ make_client(struct Client *from)
 	}
 
 	SetUnknown(client_p);
-	strcpy(client_p->username, "unknown");
+	rb_strlcpy(client_p->username, "unknown", sizeof(client_p->username));
 
 	return client_p;
 }
@@ -253,17 +249,15 @@ make_client(struct Client *from)
 void
 free_pre_client(struct Client *client_p)
 {
-	struct Blacklist *blptr;
-
 	s_assert(NULL != client_p);
 
 	if(client_p->preClient == NULL)
 		return;
 
-	blptr = client_p->preClient->dnsbl_listed;
-	if (blptr != NULL)
-		unref_blacklist(blptr);
-	s_assert(rb_dlink_list_length(&client_p->preClient->dnsbl_queries) == 0);
+	s_assert(client_p->preClient->auth.cid == 0);
+
+	rb_free(client_p->preClient->auth.data);
+	rb_free(client_p->preClient->auth.reason);
 
 	rb_bh_free(pclient_heap, client_p->preClient);
 	client_p->preClient = NULL;
@@ -306,22 +300,26 @@ free_local_client(struct Client *client_p)
 	rb_free(client_p->localClient->auth_user);
 	rb_free(client_p->localClient->challenge);
 	rb_free(client_p->localClient->fullcaps);
-	rb_free(client_p->localClient->opername);
 	rb_free(client_p->localClient->mangledhost);
-	if (client_p->localClient->privset)
-		privilegeset_unref(client_p->localClient->privset);
 
-	if(IsSSL(client_p))
-	    ssld_decrement_clicount(client_p->localClient->ssl_ctl);
+	if (IsSSL(client_p))
+		ssld_decrement_clicount(client_p->localClient->ssl_ctl);
+
+	rb_free(client_p->localClient->cipher_string);
+
+	if (IsCapable(client_p, CAP_ZIP))
+		ssld_decrement_clicount(client_p->localClient->z_ctl);
 
-	if(IsCapable(client_p, CAP_ZIP))
-	    ssld_decrement_clicount(client_p->localClient->z_ctl);
+	rb_free(client_p->localClient->zipstats);
+
+	if (client_p->localClient->ws_ctl != NULL)
+		wsockd_decrement_clicount(client_p->localClient->ws_ctl);
 
 	rb_bh_free(lclient_heap, client_p->localClient);
 	client_p->localClient = NULL;
 }
 
-void
+static void
 free_client(struct Client *client_p)
 {
 	s_assert(NULL != client_p);
@@ -454,9 +452,8 @@ check_unknowns_list(rb_dlink_list * list)
 		if(IsDead(client_p) || IsClosing(client_p))
 			continue;
 
-		/* still has DNSbls to validate against */
-		if(client_p->preClient != NULL &&
-				rb_dlink_list_length(&client_p->preClient->dnsbl_queries) > 0)
+		/* Still querying with authd */
+		if(client_p->preClient != NULL && client_p->preClient->auth.cid != 0)
 			continue;
 
 		/*
@@ -481,7 +478,7 @@ check_unknowns_list(rb_dlink_list * list)
 	}
 }
 
-static void
+void
 notify_banned_client(struct Client *client_p, struct ConfItem *aconf, int ban)
 {
 	static const char conn_closed[] = "Connection closed";
@@ -526,19 +523,6 @@ check_banned_lines(void)
 	check_xlines();
 }
 
-/* check_klines_event()
- *
- * inputs	-
- * outputs	-
- * side effects - check_klines() is called, kline_queued unset
- */
-void
-check_klines_event(void *unused)
-{
-	kline_queued = false;
-	check_klines();
-}
-
 /* check_klines
  *
  * inputs       -
@@ -581,6 +565,83 @@ check_klines(void)
 	}
 }
 
+
+/* check_one_kline()
+ *
+ * This process needs to be kept in sync with find_kline() aka find_conf_by_address().
+ *
+ * inputs       - pointer to kline to check
+ * outputs      -
+ * side effects - all clients will be checked against given kline
+ */
+void
+check_one_kline(struct ConfItem *kline)
+{
+	struct Client *client_p;
+	rb_dlink_node *ptr;
+	rb_dlink_node *next_ptr;
+	int masktype;
+	int bits;
+	struct rb_sockaddr_storage sockaddr;
+	struct sockaddr_in ip4;
+
+	masktype = parse_netmask(kline->host, (struct sockaddr_storage *)&sockaddr, &bits);
+
+	RB_DLINK_FOREACH_SAFE(ptr, next_ptr, lclient_list.head)
+	{
+		int matched = 0;
+
+		client_p = ptr->data;
+
+		if(IsMe(client_p) || !IsPerson(client_p))
+			continue;
+
+		if(!match(kline->user, client_p->username))
+			continue;
+
+		/* match one kline */
+		switch (masktype) {
+		case HM_IPV4:
+			if (client_p->localClient->ip.ss_family == AF_INET6 &&
+					rb_ipv4_from_ipv6((struct sockaddr_in6 *)&client_p->localClient->ip, &ip4)
+						&& comp_with_mask_sock((struct sockaddr *)&ip4, (struct sockaddr *)&sockaddr, bits))
+				matched = 1;
+			/* fallthrough */
+		case HM_IPV6:
+			if (client_p->localClient->ip.ss_family == sockaddr.ss_family &&
+					comp_with_mask_sock((struct sockaddr *)&client_p->localClient->ip,
+						(struct sockaddr *)&sockaddr, bits))
+				matched = 1;
+			break;
+		case HM_HOST:
+			if (match(kline->host, client_p->orighost))
+				matched = 1;
+			if (match(kline->host, client_p->sockhost))
+				matched = 1;
+			break;
+		}
+
+		if (!matched)
+			continue;
+
+		if(IsExemptKline(client_p))
+		{
+			sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+						 "KLINE over-ruled for %s, client is kline_exempt [%s@%s]",
+						 get_client_name(client_p, HIDE_IP),
+						 kline->user, kline->host);
+			continue;
+		}
+
+		sendto_realops_snomask(SNO_GENERAL, L_ALL,
+					 "KLINE active for %s",
+					 get_client_name(client_p, HIDE_IP));
+
+		notify_banned_client(client_p, kline, K_LINED);
+	}
+}
+
+
 /* check_dlines()
  *
  * inputs       -
@@ -1077,9 +1138,9 @@ free_exited_clients(void *unused)
 				{
 					s_assert(0);
 					sendto_realops_snomask(SNO_GENERAL, L_ALL,
-						"On abort_list: %s stat: %u flags: %u/%u handler: %c",
+						"On abort_list: %s stat: %u flags: %llu handler: %c",
 						target_p->name, (unsigned int) target_p->status,
-						target_p->flags, target_p->flags2, target_p->handler);
+						(unsigned long long)target_p->flags,  target_p->handler);
 					sendto_realops_snomask(SNO_GENERAL, L_ALL,
 						"Please report this to the charybdis developers!");
 					found++;
@@ -1221,9 +1282,9 @@ exit_aborted_clients(void *unused)
 			{
 				s_assert(0);
 				sendto_realops_snomask(SNO_GENERAL, L_ALL,
-					"On dead_list: %s stat: %u flags: %u/%u handler: %c",
+					"On dead_list: %s stat: %u flags: %llu handler: %c",
 					abt->client->name, (unsigned int) abt->client->status,
-					abt->client->flags, abt->client->flags2, abt->client->handler);
+					(unsigned long long)abt->client->flags, abt->client->handler);
 				sendto_realops_snomask(SNO_GENERAL, L_ALL,
 					"Please report this to the charybdis developers!");
 				continue;
@@ -1352,11 +1413,18 @@ exit_remote_client(struct Client *client_p, struct Client *source_p, struct Clie
  */
 
 static int
-exit_unknown_client(struct Client *client_p, struct Client *source_p, struct Client *from,
-		  const char *comment)
+exit_unknown_client(struct Client *client_p, /* The local client originating the
+                                              * exit or NULL, if this exit is
+                                              * generated by this server for
+                                              * internal reasons.
+                                              * This will not get any of the
+                                              * generated messages. */
+		struct Client *source_p,     /* Client exiting */
+		struct Client *from,         /* Client firing off this Exit,
+                                              * never NULL! */
+		const char *comment)
 {
-	delete_auth_queries(source_p);
-	abort_blacklist_queries(source_p);
+	authd_abort_client(source_p);
 	rb_dlinkDelete(&source_p->localClient->tnode, &unknown_list);
 
 	if(!IsIOError(source_p))
@@ -1370,7 +1438,8 @@ exit_unknown_client(struct Client *client_p, struct Client *source_p, struct Cli
 		del_from_id_hash(source_p->id, source_p);
 
 	del_from_hostname_hash(source_p->host, source_p);
-	del_from_client_hash(source_p->name, source_p);
+	if (!IsAnyServer(source_p))
+		del_from_client_hash(source_p->name, source_p);
 	remove_client_from_list(source_p);
 	SetDead(source_p);
 	rb_dlinkAddAlloc(source_p, &dead_list);
@@ -1399,13 +1468,9 @@ exit_remote_server(struct Client *client_p, struct Client *source_p, struct Clie
 		snprintf(newcomment, sizeof(newcomment), "by %s: %s",
 				from->name, comment);
 
-	if(source_p->serv != NULL)
-		remove_dependents(client_p, source_p, from, IsPerson(from) ? newcomment : comment, comment1);
+	remove_dependents(client_p, source_p, from, IsPerson(from) ? newcomment : comment, comment1);
 
-	if(source_p->servptr && source_p->servptr->serv)
-		rb_dlinkDelete(&source_p->lnode, &source_p->servptr->serv->servers);
-	else
-		s_assert(0);
+	rb_dlinkDelete(&source_p->lnode, &source_p->servptr->serv->servers);
 
 	rb_dlinkFindDestroy(source_p, &global_serv_list);
 	target_p = source_p->from;
@@ -1423,6 +1488,7 @@ exit_remote_server(struct Client *client_p, struct Client *source_p, struct Clie
 
 	del_from_client_hash(source_p->name, source_p);
 	remove_client_from_list(source_p);
+
 	scache_split(source_p->serv->nameinfo);
 
 	SetDead(source_p);
@@ -1615,6 +1681,8 @@ exit_client(struct Client *client_p,	/* The local client originating the
 	    const char *comment	/* Reason for the exit */
 	)
 {
+	int ret = -1;
+
 	hook_data_client_exit hdata;
 	if(IsClosing(source_p))
 		return -1;
@@ -1635,23 +1703,25 @@ exit_client(struct Client *client_p,	/* The local client originating the
 	{
 		/* Local clients of various types */
 		if(IsPerson(source_p))
-			return exit_local_client(client_p, source_p, from, comment);
+			ret = exit_local_client(client_p, source_p, from, comment);
 		else if(IsServer(source_p))
-			return exit_local_server(client_p, source_p, from, comment);
+			ret = exit_local_server(client_p, source_p, from, comment);
 		/* IsUnknown || IsConnecting || IsHandShake */
 		else if(!IsReject(source_p))
-			return exit_unknown_client(client_p, source_p, from, comment);
+			ret = exit_unknown_client(client_p, source_p, from, comment);
 	}
 	else
 	{
 		/* Remotes */
 		if(IsPerson(source_p))
-			return exit_remote_client(client_p, source_p, from, comment);
+			ret = exit_remote_client(client_p, source_p, from, comment);
 		else if(IsServer(source_p))
-			return exit_remote_server(client_p, source_p, from, comment);
+			ret = exit_remote_server(client_p, source_p, from, comment);
 	}
 
-	return -1;
+	call_hook(h_after_client_exit, NULL);
+
+	return ret;
 }
 
 /*
@@ -1856,6 +1926,9 @@ free_user(struct User *user, struct Client *client_p)
 	{
 		if(user->away)
 			rb_free((char *) user->away);
+		rb_free(user->opername);
+		if (user->privset)
+			privilegeset_unref(user->privset);
 		/*
 		 * sanity check
 		 */