From 35f6f850b62d10299bdd2b6125aa659016c68127 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 8 Dec 2007 21:54:51 +0100 Subject: [PATCH] Remove reject entries on unkline/ungline/unxline. When a user is rejected, remember the hash value of the ban mask (for klines/glines, hash value of the user part XOR hash value of the host part) with the rejected IP; if the kline/gline/xline is removed, remove rejects with the same hash value also. Note that this does not happen for expiries; this is deliberate. Rejects for no auth{} or dnsbl put a hash value of 0; they cannot be removed selectively. --- include/reject.h | 5 +++-- modules/m_gline.c | 2 ++ modules/m_kline.c | 3 +++ modules/m_unreject.c | 2 +- modules/m_xline.c | 2 ++ src/reject.c | 43 +++++++++++++++++++++++++++++++++++++++++-- src/s_conf.c | 5 +++-- src/s_user.c | 8 ++++---- 8 files changed, 59 insertions(+), 11 deletions(-) diff --git a/include/reject.h b/include/reject.h index 5a4210c..5b0a9ae 100644 --- a/include/reject.h +++ b/include/reject.h @@ -33,9 +33,10 @@ extern dlink_list delay_exit; void init_reject(void); int check_reject(struct Client *); -void add_reject(struct Client *); +void add_reject(struct Client *, const char *mask1, const char *mask2); void flush_reject(void); -int remove_reject(const char *ip); +int remove_reject_ip(const char *ip); +int remove_reject_mask(const char *mask1, const char *mask2); int add_unknown_ip(struct Client *client_p); void del_unknown_ip(struct Client *client_p); diff --git a/modules/m_gline.c b/modules/m_gline.c index 1d9ecb8..f2d0870 100644 --- a/modules/m_gline.c +++ b/modules/m_gline.c @@ -47,6 +47,7 @@ #include "parse.h" #include "modules.h" #include "s_log.h" +#include "reject.h" static int mo_gline(struct Client *, struct Client *, int, const char **); static int mc_gline(struct Client *, struct Client *, int, const char **); @@ -722,6 +723,7 @@ remove_temp_gline(const char *user, const char *host) continue; dlinkDestroy(ptr, &glines); + remove_reject_mask(aconf->user, aconf->host); delete_one_address_conf(aconf->host, aconf); return YES; } diff --git a/modules/m_kline.c b/modules/m_kline.c index 401d600..48e5ac5 100644 --- a/modules/m_kline.c +++ b/modules/m_kline.c @@ -46,6 +46,7 @@ #include "parse.h" #include "modules.h" #include "event.h" +#include "reject.h" static int mo_kline(struct Client *, struct Client *, int, const char **); static int ms_kline(struct Client *, struct Client *, int, const char **); @@ -866,6 +867,7 @@ remove_permkline_match(struct Client *source_p, struct ConfItem *aconf) ilog(L_KLINE, "UK %s %s %s", get_oper_name(source_p), user, host); + remove_reject_mask(aconf->user, aconf->host); delete_one_address_conf(aconf->host, aconf); return; @@ -925,6 +927,7 @@ remove_temp_kline(struct ConfItem *aconf) if (aconf == ptr->data) { dlinkDestroy(ptr, &temp_klines[i]); + remove_reject_mask(aconf->user, aconf->host); delete_one_address_conf(aconf->host, aconf); return YES; } diff --git a/modules/m_unreject.c b/modules/m_unreject.c index b395ad5..21e136a 100644 --- a/modules/m_unreject.c +++ b/modules/m_unreject.c @@ -62,7 +62,7 @@ mo_unreject(struct Client *client_p, struct Client *source_p, int parc, const ch return 0; } - if(remove_reject(parv[1])) + if(remove_reject_ip(parv[1])) sendto_one_notice(source_p, ":Removed reject for %s", parv[1]); else sendto_one_notice(source_p, ":Unable to remove reject for %s", parv[1]); diff --git a/modules/m_xline.c b/modules/m_xline.c index 37f4353..a13d46f 100644 --- a/modules/m_xline.c +++ b/modules/m_xline.c @@ -52,6 +52,7 @@ #include "modules.h" #include "s_conf.h" #include "s_newconf.h" +#include "reject.h" static int mo_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]); static int ms_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]); @@ -558,6 +559,7 @@ remove_xline(struct Client *source_p, const char *name) get_oper_name(source_p), name); } + remove_reject_mask(aconf->name, NULL); free_conf(aconf); dlinkDestroy(ptr, &xline_conf_list); return; diff --git a/src/reject.c b/src/reject.c index 1073321..1e1ceb7 100644 --- a/src/reject.c +++ b/src/reject.c @@ -33,6 +33,7 @@ #include "reject.h" #include "s_stats.h" #include "msg.h" +#include "hash.h" static patricia_tree_t *reject_tree; dlink_list delay_exit; @@ -45,6 +46,7 @@ struct reject_data dlink_node rnode; time_t time; unsigned int count; + uint32_t mask_hashv; }; static patricia_tree_t *unknown_tree; @@ -118,15 +120,22 @@ init_reject(void) void -add_reject(struct Client *client_p) +add_reject(struct Client *client_p, const char *mask1, const char *mask2) { patricia_node_t *pnode; struct reject_data *rdata; + uint32_t hashv; /* Reject is disabled */ if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0) return; + hashv = 0; + if (mask1 != NULL) + hashv ^= fnv_hash_upper(mask1, 32); + if (mask2 != NULL) + hashv ^= fnv_hash_upper(mask2, 32); + if((pnode = match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL) { rdata = pnode->data; @@ -146,6 +155,7 @@ add_reject(struct Client *client_p) rdata->time = CurrentTime; rdata->count = 1; } + rdata->mask_hashv = hashv; } int @@ -197,7 +207,7 @@ flush_reject(void) } int -remove_reject(const char *ip) +remove_reject_ip(const char *ip) { patricia_node_t *pnode; @@ -217,6 +227,35 @@ remove_reject(const char *ip) return 0; } +int +remove_reject_mask(const char *mask1, const char *mask2) +{ + dlink_node *ptr, *next; + patricia_node_t *pnode; + struct reject_data *rdata; + uint32_t hashv; + int n = 0; + + hashv = 0; + if (mask1 != NULL) + hashv ^= fnv_hash_upper(mask1, 32); + if (mask2 != NULL) + hashv ^= fnv_hash_upper(mask2, 32); + DLINK_FOREACH_SAFE(ptr, next, reject_list.head) + { + pnode = ptr->data; + rdata = pnode->data; + if (rdata->mask_hashv == hashv) + { + dlinkDelete(ptr, &reject_list); + MyFree(rdata); + patricia_remove(reject_tree, pnode); + n++; + } + } + return n; +} + int add_unknown_ip(struct Client *client_p) diff --git a/src/s_conf.c b/src/s_conf.c index 15912c9..68ab882 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -281,13 +281,12 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost, source_p->localClient->listener->name, port); - add_reject(client_p); + add_reject(client_p, NULL, NULL); exit_client(client_p, source_p, &me, "You are not authorised to use this server"); break; } case BANNED_CLIENT: - add_reject(client_p); exit_client(client_p, client_p, &me, "*** Banned "); ServerStats->is_ref++; break; @@ -388,6 +387,7 @@ verify_access(struct Client *client_p, const char *username) form_str(ERR_YOUREBANNEDCREEP), me.name, client_p->name, aconf->passwd); } + add_reject(client_p, aconf->user, aconf->host); return (BANNED_CLIENT); } else if(aconf->status & CONF_GLINE) @@ -399,6 +399,7 @@ verify_access(struct Client *client_p, const char *username) form_str(ERR_YOUREBANNEDCREEP), me.name, client_p->name, aconf->passwd); + add_reject(client_p, aconf->user, aconf->host); return (BANNED_CLIENT); } diff --git a/src/s_user.c b/src/s_user.c index ef413d5..31e05c1 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -223,7 +223,7 @@ show_lusers(struct Client *source_p) int register_local_user(struct Client *client_p, struct Client *source_p, const char *username) { - struct ConfItem *aconf; + struct ConfItem *aconf, *xconf; struct User *user = source_p->user; char tmpstr2[IRCD_BUFSIZE]; char ipaddr[HOSTIPLEN]; @@ -415,10 +415,10 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char /* kline exemption extends to xline too */ if(!IsExemptKline(source_p) && - find_xline(source_p->info, 1) != NULL) + (xconf = find_xline(source_p->info, 1)) != NULL) { ServerStats->is_ref++; - add_reject(source_p); + add_reject(source_p, xconf->name, NULL); exit_client(client_p, source_p, &me, "Bad user info"); return CLIENT_EXITED; } @@ -450,7 +450,7 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s", source_p->sockhost, source_p->preClient->dnsbl_listed->host); source_p->preClient->dnsbl_listed->hits++; - add_reject(source_p); + add_reject(source_p, NULL, NULL); exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)"); return CLIENT_EXITED; }