From: Ed Kellett Date: Mon, 13 Apr 2020 22:51:52 +0000 (+0100) Subject: Add an iline flag to match klines by spoof only X-Git-Url: https://jfr.im/git/solanum.git/commitdiff_plain/67e05d5b67e8db0c2d2347171c4aa490acf2124b Add an iline flag to match klines by spoof only --- diff --git a/include/hostmask.h b/include/hostmask.h index bb41b6c2..28b47d66 100644 --- a/include/hostmask.h +++ b/include/hostmask.h @@ -49,8 +49,9 @@ struct ConfItem *find_address_conf(const char *host, const char *sockhost, struct ConfItem *find_dline(struct sockaddr *, int); -#define find_kline(x) (find_conf_by_address((x)->host, (x)->sockhost, \ - (x)->orighost, \ +#define find_kline(x) ((IsConfDoSpoofIp((x)->localClient->att_conf) && IsConfKlineSpoof((x)->localClient->att_conf)) ? \ + find_conf_by_address((x)->orighost, NULL, NULL, NULL, CONF_KILL, AF_INET, (x)->username, NULL) : \ + find_conf_by_address((x)->host, (x)->sockhost, (x)->orighost, \ (struct sockaddr *)&(x)->localClient->ip, CONF_KILL,\ GET_SS_FAMILY(&(x)->localClient->ip), (x)->username, NULL)) diff --git a/include/s_conf.h b/include/s_conf.h index e04dcee5..703f4eac 100644 --- a/include/s_conf.h +++ b/include/s_conf.h @@ -112,6 +112,7 @@ struct ConfItem #define CONF_FLAGS_EXEMPTDNSBL 0x04000000 #define CONF_FLAGS_EXEMPTPROXY 0x08000000 #define CONF_FLAGS_ALLOW_SCTP 0x10000000 +#define CONF_FLAGS_KLINE_SPOOF 0x20000000 /* Macros for struct ConfItem */ @@ -136,6 +137,7 @@ struct ConfItem #define IsConfExtendChans(x) ((x)->flags & CONF_FLAGS_EXTEND_CHANS) #define IsConfSSLNeeded(x) ((x)->flags & CONF_FLAGS_NEED_SSL) #define IsConfAllowSCTP(x) ((x)->flags & CONF_FLAGS_ALLOW_SCTP) +#define IsConfKlineSpoof(x) ((x)->flags & CONF_FLAGS_KLINE_SPOOF) /* flag definitions for opers now in client.h */ diff --git a/ircd/hostmask.c b/ircd/hostmask.c index 580a3509..94214041 100644 --- a/ircd/hostmask.c +++ b/ircd/hostmask.c @@ -383,34 +383,38 @@ find_address_conf(const char *host, const char *sockhost, const char *user, if(IsConfExemptKline(iconf)) return iconf; - /* Find the best K-line... -A1kmm */ - kconf = find_conf_by_address(host, sockhost, NULL, ip, CONF_KILL, aftype, user, NULL); - - /* If they are K-lined, return the K-line */ - if(kconf) - return kconf; - /* if theres a spoof, check it against klines.. */ if(IsConfDoSpoofIp(iconf)) { char *p = strchr(iconf->info.name, '@'); /* note, we dont need to pass sockhost here, as its - * guaranteed to not match by whats above.. --anfl + * guaranteed to not match by whats below.. --anfl */ if(p) { *p = '\0'; - kconf = find_conf_by_address(p+1, NULL, NULL, ip, CONF_KILL, aftype, iconf->info.name, NULL); + kconf = find_conf_by_address(p+1, NULL, NULL, NULL, CONF_KILL, aftype, iconf->info.name, NULL); *p = '@'; } else - kconf = find_conf_by_address(iconf->info.name, NULL, NULL, ip, CONF_KILL, aftype, vuser, NULL); + kconf = find_conf_by_address(iconf->info.name, NULL, NULL, NULL, CONF_KILL, aftype, vuser, NULL); if(kconf) return kconf; + + /* everything else checks real hosts, if they're kline_spoof_ip we're done */ + if(IsConfKlineSpoof(iconf)) + return iconf; } + /* Find the best K-line... -A1kmm */ + kconf = find_conf_by_address(host, sockhost, NULL, ip, CONF_KILL, aftype, user, NULL); + + /* If they are K-lined, return the K-line */ + if(kconf) + return kconf; + /* if no_tilde, check the username without tilde against klines too * -- jilles */ if(user != vuser) diff --git a/ircd/newconf.c b/ircd/newconf.c index bf87c093..6a81208d 100644 --- a/ircd/newconf.c +++ b/ircd/newconf.c @@ -353,6 +353,7 @@ static struct mode_table auth_table[] = { {"need_sasl", CONF_FLAGS_NEED_SASL }, {"extend_chans", CONF_FLAGS_EXTEND_CHANS }, {"allow_sctp", CONF_FLAGS_ALLOW_SCTP }, + {"kline_spoof_ip", CONF_FLAGS_KLINE_SPOOF }, {NULL, 0} };