Remove reject entries on unkline/ungline/unxline.
When a user is rejected, remember the hash value of the ban mask (for klines/glines, hash value of the user part XOR hash value of the host part) with the rejected IP; if the kline/gline/xline is removed, remove rejects with the same hash value also. Note that this does not happen for expiries; this is deliberate. Rejects for no auth{} or dnsbl put a hash value of 0; they cannot be removed selectively.
This commit is contained in:
parent
6bfe3faec0
commit
35f6f850b6
|
@ -33,9 +33,10 @@ extern dlink_list delay_exit;
|
||||||
|
|
||||||
void init_reject(void);
|
void init_reject(void);
|
||||||
int check_reject(struct Client *);
|
int check_reject(struct Client *);
|
||||||
void add_reject(struct Client *);
|
void add_reject(struct Client *, const char *mask1, const char *mask2);
|
||||||
void flush_reject(void);
|
void flush_reject(void);
|
||||||
int remove_reject(const char *ip);
|
int remove_reject_ip(const char *ip);
|
||||||
|
int remove_reject_mask(const char *mask1, const char *mask2);
|
||||||
|
|
||||||
int add_unknown_ip(struct Client *client_p);
|
int add_unknown_ip(struct Client *client_p);
|
||||||
void del_unknown_ip(struct Client *client_p);
|
void del_unknown_ip(struct Client *client_p);
|
||||||
|
|
|
@ -47,6 +47,7 @@
|
||||||
#include "parse.h"
|
#include "parse.h"
|
||||||
#include "modules.h"
|
#include "modules.h"
|
||||||
#include "s_log.h"
|
#include "s_log.h"
|
||||||
|
#include "reject.h"
|
||||||
|
|
||||||
static int mo_gline(struct Client *, struct Client *, int, const char **);
|
static int mo_gline(struct Client *, struct Client *, int, const char **);
|
||||||
static int mc_gline(struct Client *, struct Client *, int, const char **);
|
static int mc_gline(struct Client *, struct Client *, int, const char **);
|
||||||
|
@ -722,6 +723,7 @@ remove_temp_gline(const char *user, const char *host)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
dlinkDestroy(ptr, &glines);
|
dlinkDestroy(ptr, &glines);
|
||||||
|
remove_reject_mask(aconf->user, aconf->host);
|
||||||
delete_one_address_conf(aconf->host, aconf);
|
delete_one_address_conf(aconf->host, aconf);
|
||||||
return YES;
|
return YES;
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,6 +46,7 @@
|
||||||
#include "parse.h"
|
#include "parse.h"
|
||||||
#include "modules.h"
|
#include "modules.h"
|
||||||
#include "event.h"
|
#include "event.h"
|
||||||
|
#include "reject.h"
|
||||||
|
|
||||||
static int mo_kline(struct Client *, struct Client *, int, const char **);
|
static int mo_kline(struct Client *, struct Client *, int, const char **);
|
||||||
static int ms_kline(struct Client *, struct Client *, int, const char **);
|
static int ms_kline(struct Client *, struct Client *, int, const char **);
|
||||||
|
@ -866,6 +867,7 @@ remove_permkline_match(struct Client *source_p, struct ConfItem *aconf)
|
||||||
ilog(L_KLINE, "UK %s %s %s",
|
ilog(L_KLINE, "UK %s %s %s",
|
||||||
get_oper_name(source_p), user, host);
|
get_oper_name(source_p), user, host);
|
||||||
|
|
||||||
|
remove_reject_mask(aconf->user, aconf->host);
|
||||||
delete_one_address_conf(aconf->host, aconf);
|
delete_one_address_conf(aconf->host, aconf);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
@ -925,6 +927,7 @@ remove_temp_kline(struct ConfItem *aconf)
|
||||||
if (aconf == ptr->data)
|
if (aconf == ptr->data)
|
||||||
{
|
{
|
||||||
dlinkDestroy(ptr, &temp_klines[i]);
|
dlinkDestroy(ptr, &temp_klines[i]);
|
||||||
|
remove_reject_mask(aconf->user, aconf->host);
|
||||||
delete_one_address_conf(aconf->host, aconf);
|
delete_one_address_conf(aconf->host, aconf);
|
||||||
return YES;
|
return YES;
|
||||||
}
|
}
|
||||||
|
|
|
@ -62,7 +62,7 @@ mo_unreject(struct Client *client_p, struct Client *source_p, int parc, const ch
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(remove_reject(parv[1]))
|
if(remove_reject_ip(parv[1]))
|
||||||
sendto_one_notice(source_p, ":Removed reject for %s", parv[1]);
|
sendto_one_notice(source_p, ":Removed reject for %s", parv[1]);
|
||||||
else
|
else
|
||||||
sendto_one_notice(source_p, ":Unable to remove reject for %s", parv[1]);
|
sendto_one_notice(source_p, ":Unable to remove reject for %s", parv[1]);
|
||||||
|
|
|
@ -52,6 +52,7 @@
|
||||||
#include "modules.h"
|
#include "modules.h"
|
||||||
#include "s_conf.h"
|
#include "s_conf.h"
|
||||||
#include "s_newconf.h"
|
#include "s_newconf.h"
|
||||||
|
#include "reject.h"
|
||||||
|
|
||||||
static int mo_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
|
static int mo_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
|
||||||
static int ms_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
|
static int ms_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
|
||||||
|
@ -558,6 +559,7 @@ remove_xline(struct Client *source_p, const char *name)
|
||||||
get_oper_name(source_p), name);
|
get_oper_name(source_p), name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
remove_reject_mask(aconf->name, NULL);
|
||||||
free_conf(aconf);
|
free_conf(aconf);
|
||||||
dlinkDestroy(ptr, &xline_conf_list);
|
dlinkDestroy(ptr, &xline_conf_list);
|
||||||
return;
|
return;
|
||||||
|
|
43
src/reject.c
43
src/reject.c
|
@ -33,6 +33,7 @@
|
||||||
#include "reject.h"
|
#include "reject.h"
|
||||||
#include "s_stats.h"
|
#include "s_stats.h"
|
||||||
#include "msg.h"
|
#include "msg.h"
|
||||||
|
#include "hash.h"
|
||||||
|
|
||||||
static patricia_tree_t *reject_tree;
|
static patricia_tree_t *reject_tree;
|
||||||
dlink_list delay_exit;
|
dlink_list delay_exit;
|
||||||
|
@ -45,6 +46,7 @@ struct reject_data
|
||||||
dlink_node rnode;
|
dlink_node rnode;
|
||||||
time_t time;
|
time_t time;
|
||||||
unsigned int count;
|
unsigned int count;
|
||||||
|
uint32_t mask_hashv;
|
||||||
};
|
};
|
||||||
|
|
||||||
static patricia_tree_t *unknown_tree;
|
static patricia_tree_t *unknown_tree;
|
||||||
|
@ -118,15 +120,22 @@ init_reject(void)
|
||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
add_reject(struct Client *client_p)
|
add_reject(struct Client *client_p, const char *mask1, const char *mask2)
|
||||||
{
|
{
|
||||||
patricia_node_t *pnode;
|
patricia_node_t *pnode;
|
||||||
struct reject_data *rdata;
|
struct reject_data *rdata;
|
||||||
|
uint32_t hashv;
|
||||||
|
|
||||||
/* Reject is disabled */
|
/* Reject is disabled */
|
||||||
if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0)
|
if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
hashv = 0;
|
||||||
|
if (mask1 != NULL)
|
||||||
|
hashv ^= fnv_hash_upper(mask1, 32);
|
||||||
|
if (mask2 != NULL)
|
||||||
|
hashv ^= fnv_hash_upper(mask2, 32);
|
||||||
|
|
||||||
if((pnode = match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL)
|
if((pnode = match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL)
|
||||||
{
|
{
|
||||||
rdata = pnode->data;
|
rdata = pnode->data;
|
||||||
|
@ -146,6 +155,7 @@ add_reject(struct Client *client_p)
|
||||||
rdata->time = CurrentTime;
|
rdata->time = CurrentTime;
|
||||||
rdata->count = 1;
|
rdata->count = 1;
|
||||||
}
|
}
|
||||||
|
rdata->mask_hashv = hashv;
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
@ -197,7 +207,7 @@ flush_reject(void)
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
remove_reject(const char *ip)
|
remove_reject_ip(const char *ip)
|
||||||
{
|
{
|
||||||
patricia_node_t *pnode;
|
patricia_node_t *pnode;
|
||||||
|
|
||||||
|
@ -217,6 +227,35 @@ remove_reject(const char *ip)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
remove_reject_mask(const char *mask1, const char *mask2)
|
||||||
|
{
|
||||||
|
dlink_node *ptr, *next;
|
||||||
|
patricia_node_t *pnode;
|
||||||
|
struct reject_data *rdata;
|
||||||
|
uint32_t hashv;
|
||||||
|
int n = 0;
|
||||||
|
|
||||||
|
hashv = 0;
|
||||||
|
if (mask1 != NULL)
|
||||||
|
hashv ^= fnv_hash_upper(mask1, 32);
|
||||||
|
if (mask2 != NULL)
|
||||||
|
hashv ^= fnv_hash_upper(mask2, 32);
|
||||||
|
DLINK_FOREACH_SAFE(ptr, next, reject_list.head)
|
||||||
|
{
|
||||||
|
pnode = ptr->data;
|
||||||
|
rdata = pnode->data;
|
||||||
|
if (rdata->mask_hashv == hashv)
|
||||||
|
{
|
||||||
|
dlinkDelete(ptr, &reject_list);
|
||||||
|
MyFree(rdata);
|
||||||
|
patricia_remove(reject_tree, pnode);
|
||||||
|
n++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return n;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
add_unknown_ip(struct Client *client_p)
|
add_unknown_ip(struct Client *client_p)
|
||||||
|
|
|
@ -281,13 +281,12 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern
|
||||||
source_p->name, IsGotId(source_p) ? "" : "~",
|
source_p->name, IsGotId(source_p) ? "" : "~",
|
||||||
source_p->username, source_p->sockhost,
|
source_p->username, source_p->sockhost,
|
||||||
source_p->localClient->listener->name, port);
|
source_p->localClient->listener->name, port);
|
||||||
add_reject(client_p);
|
add_reject(client_p, NULL, NULL);
|
||||||
exit_client(client_p, source_p, &me,
|
exit_client(client_p, source_p, &me,
|
||||||
"You are not authorised to use this server");
|
"You are not authorised to use this server");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case BANNED_CLIENT:
|
case BANNED_CLIENT:
|
||||||
add_reject(client_p);
|
|
||||||
exit_client(client_p, client_p, &me, "*** Banned ");
|
exit_client(client_p, client_p, &me, "*** Banned ");
|
||||||
ServerStats->is_ref++;
|
ServerStats->is_ref++;
|
||||||
break;
|
break;
|
||||||
|
@ -388,6 +387,7 @@ verify_access(struct Client *client_p, const char *username)
|
||||||
form_str(ERR_YOUREBANNEDCREEP),
|
form_str(ERR_YOUREBANNEDCREEP),
|
||||||
me.name, client_p->name, aconf->passwd);
|
me.name, client_p->name, aconf->passwd);
|
||||||
}
|
}
|
||||||
|
add_reject(client_p, aconf->user, aconf->host);
|
||||||
return (BANNED_CLIENT);
|
return (BANNED_CLIENT);
|
||||||
}
|
}
|
||||||
else if(aconf->status & CONF_GLINE)
|
else if(aconf->status & CONF_GLINE)
|
||||||
|
@ -399,6 +399,7 @@ verify_access(struct Client *client_p, const char *username)
|
||||||
form_str(ERR_YOUREBANNEDCREEP),
|
form_str(ERR_YOUREBANNEDCREEP),
|
||||||
me.name, client_p->name, aconf->passwd);
|
me.name, client_p->name, aconf->passwd);
|
||||||
|
|
||||||
|
add_reject(client_p, aconf->user, aconf->host);
|
||||||
return (BANNED_CLIENT);
|
return (BANNED_CLIENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -223,7 +223,7 @@ show_lusers(struct Client *source_p)
|
||||||
int
|
int
|
||||||
register_local_user(struct Client *client_p, struct Client *source_p, const char *username)
|
register_local_user(struct Client *client_p, struct Client *source_p, const char *username)
|
||||||
{
|
{
|
||||||
struct ConfItem *aconf;
|
struct ConfItem *aconf, *xconf;
|
||||||
struct User *user = source_p->user;
|
struct User *user = source_p->user;
|
||||||
char tmpstr2[IRCD_BUFSIZE];
|
char tmpstr2[IRCD_BUFSIZE];
|
||||||
char ipaddr[HOSTIPLEN];
|
char ipaddr[HOSTIPLEN];
|
||||||
|
@ -415,10 +415,10 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char
|
||||||
|
|
||||||
/* kline exemption extends to xline too */
|
/* kline exemption extends to xline too */
|
||||||
if(!IsExemptKline(source_p) &&
|
if(!IsExemptKline(source_p) &&
|
||||||
find_xline(source_p->info, 1) != NULL)
|
(xconf = find_xline(source_p->info, 1)) != NULL)
|
||||||
{
|
{
|
||||||
ServerStats->is_ref++;
|
ServerStats->is_ref++;
|
||||||
add_reject(source_p);
|
add_reject(source_p, xconf->name, NULL);
|
||||||
exit_client(client_p, source_p, &me, "Bad user info");
|
exit_client(client_p, source_p, &me, "Bad user info");
|
||||||
return CLIENT_EXITED;
|
return CLIENT_EXITED;
|
||||||
}
|
}
|
||||||
|
@ -450,7 +450,7 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char
|
||||||
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
|
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
|
||||||
source_p->sockhost, source_p->preClient->dnsbl_listed->host);
|
source_p->sockhost, source_p->preClient->dnsbl_listed->host);
|
||||||
source_p->preClient->dnsbl_listed->hits++;
|
source_p->preClient->dnsbl_listed->hits++;
|
||||||
add_reject(source_p);
|
add_reject(source_p, NULL, NULL);
|
||||||
exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)");
|
exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)");
|
||||||
return CLIENT_EXITED;
|
return CLIENT_EXITED;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue