Wrap up authd preclient stuff in its own struct

This commit is contained in:
Elizabeth Myers 2016-04-10 09:20:51 -05:00
parent 02fa4362cd
commit 154dc91ef0
4 changed files with 47 additions and 41 deletions

View file

@ -41,9 +41,9 @@ struct Blacklist;
/* we store ipv6 ips for remote clients, so this needs to be v6 always */ /* we store ipv6 ips for remote clients, so this needs to be v6 always */
#define HOSTIPLEN 53 /* sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255.ipv6") */ #define HOSTIPLEN 53 /* sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255.ipv6") */
#define PASSWDLEN 128 #define PASSWDLEN 128
#define CIPHERKEYLEN 64 /* 512bit */ #define CIPHERKEYLEN 64 /* 512bit */
#define CLIENT_BUFSIZE 512 /* must be at least 512 bytes */ #define CLIENT_BUFSIZE 512 /* must be at least 512 bytes */
#define IDLEN 10 #define IDLEN 10
@ -287,18 +287,24 @@ struct LocalUser
unsigned char sasl_complete; unsigned char sasl_complete;
}; };
struct AuthClient
{
uint32_t cid; /* authd id */
time_t timeout; /* When to terminate authd query */
bool accepted; /* did authd accept us? */
char cause; /* rejection cause */
char *data; /* reason data */
char *reason; /* reason we were rejected */
};
struct PreClient struct PreClient
{ {
char spoofnick[NICKLEN + 1]; char spoofnick[NICKLEN + 1];
char spoofuser[USERLEN + 1]; char spoofuser[USERLEN + 1];
char spoofhost[HOSTLEN + 1]; char spoofhost[HOSTLEN + 1];
uint32_t authd_cid; /* authd id */ struct AuthClient auth;
time_t authd_timeout; /* When to terminate authd query */
bool authd_accepted; /* did authd accept us? */
char authd_cause; /* rejection cause */
char *authd_data; /* reason data */
char *authd_reason; /* reason we were rejected */
struct rb_sockaddr_storage lip; /* address of our side of the connection */ struct rb_sockaddr_storage lip; /* address of our side of the connection */
}; };

View file

@ -394,10 +394,10 @@ authd_initiate_client(struct Client *client_p)
uint16_t client_port, listen_port; uint16_t client_port, listen_port;
uint32_t authd_cid; uint32_t authd_cid;
if(client_p->preClient == NULL || client_p->preClient->authd_cid != 0) if(client_p->preClient == NULL || client_p->preClient->auth.cid != 0)
return; return;
authd_cid = client_p->preClient->authd_cid = generate_cid(); authd_cid = client_p->preClient->auth.cid = generate_cid();
/* Collisions are extremely unlikely, so disregard the possibility */ /* Collisions are extremely unlikely, so disregard the possibility */
rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), client_p); rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), client_p);
@ -411,7 +411,7 @@ authd_initiate_client(struct Client *client_p)
client_port = ntohs(GET_SS_PORT(&client_p->localClient->ip)); client_port = ntohs(GET_SS_PORT(&client_p->localClient->ip));
/* Add a bit of a fudge factor... */ /* Add a bit of a fudge factor... */
client_p->preClient->authd_timeout = rb_current_time() + ConfigFileEntry.connect_timeout + 10; client_p->preClient->auth.timeout = rb_current_time() + ConfigFileEntry.connect_timeout + 10;
rb_helper_write(authd_helper, "C %x %s %hu %s %hu", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port); rb_helper_write(authd_helper, "C %x %s %hu %s %hu", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port);
} }
@ -423,7 +423,7 @@ authd_initiate_client(struct Client *client_p)
static inline void static inline void
authd_decide_client(struct Client *client_p, const char *ident, const char *host, bool accept, char cause, const char *data, const char *reason) authd_decide_client(struct Client *client_p, const char *ident, const char *host, bool accept, char cause, const char *data, const char *reason)
{ {
if(client_p->preClient == NULL || client_p->preClient->authd_cid == 0) if(client_p->preClient == NULL || client_p->preClient->auth.cid == 0)
return; return;
if(*ident != '*') if(*ident != '*')
@ -437,13 +437,13 @@ authd_decide_client(struct Client *client_p, const char *ident, const char *host
if(*host != '*') if(*host != '*')
rb_strlcpy(client_p->host, host, sizeof(client_p->host)); rb_strlcpy(client_p->host, host, sizeof(client_p->host));
rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid)); rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid));
client_p->preClient->authd_accepted = accept; client_p->preClient->auth.accepted = accept;
client_p->preClient->authd_cause = cause; client_p->preClient->auth.cause = cause;
client_p->preClient->authd_data = (data == NULL ? NULL : rb_strdup(data)); client_p->preClient->auth.data = (data == NULL ? NULL : rb_strdup(data));
client_p->preClient->authd_reason = (reason == NULL ? NULL : rb_strdup(reason)); client_p->preClient->auth.reason = (reason == NULL ? NULL : rb_strdup(reason));
client_p->preClient->authd_cid = 0; client_p->preClient->auth.cid = 0;
/* /*
* When a client has auth'ed, we want to start reading what it sends * When a client has auth'ed, we want to start reading what it sends
@ -477,16 +477,16 @@ authd_abort_client(struct Client *client_p)
if(client_p == NULL || client_p->preClient == NULL) if(client_p == NULL || client_p->preClient == NULL)
return; return;
if(client_p->preClient->authd_cid == 0) if(client_p->preClient->auth.cid == 0)
return; return;
rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid)); rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid));
if(authd_helper != NULL) if(authd_helper != NULL)
rb_helper_write(authd_helper, "E %x", client_p->preClient->authd_cid); rb_helper_write(authd_helper, "E %x", client_p->preClient->auth.cid);
client_p->preClient->authd_accepted = true; client_p->preClient->auth.accepted = true;
client_p->preClient->authd_cid = 0; client_p->preClient->auth.cid = 0;
} }
static void static void
@ -497,7 +497,7 @@ timeout_dead_authd_clients(void *notused __unused)
RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients) RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients)
{ {
if(client_p->preClient->authd_timeout < rb_current_time()) if(client_p->preClient->auth.timeout < rb_current_time())
authd_abort_client(client_p); authd_abort_client(client_p);
} }
} }

View file

@ -258,10 +258,10 @@ free_pre_client(struct Client *client_p)
if(client_p->preClient == NULL) if(client_p->preClient == NULL)
return; return;
s_assert(client_p->preClient->authd_cid == 0); s_assert(client_p->preClient->auth.cid == 0);
rb_free(client_p->preClient->authd_data); rb_free(client_p->preClient->auth.data);
rb_free(client_p->preClient->authd_reason); rb_free(client_p->preClient->auth.reason);
rb_bh_free(pclient_heap, client_p->preClient); rb_bh_free(pclient_heap, client_p->preClient);
client_p->preClient = NULL; client_p->preClient = NULL;
@ -456,7 +456,7 @@ check_unknowns_list(rb_dlink_list * list)
continue; continue;
/* Still querying with authd */ /* Still querying with authd */
if(client_p->preClient != NULL && client_p->preClient->authd_cid != 0) if(client_p->preClient != NULL && client_p->preClient->auth.cid != 0)
continue; continue;
/* /*

View file

@ -252,7 +252,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
return -1; return -1;
/* Waiting on authd */ /* Waiting on authd */
if(source_p->preClient->authd_cid) if(source_p->preClient->auth.cid)
return -1; return -1;
client_p->localClient->last = rb_current_time(); client_p->localClient->last = rb_current_time();
@ -420,7 +420,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
} }
/* authd rejection check */ /* authd rejection check */
if(source_p->preClient->authd_accepted == false) if(source_p->preClient->auth.accepted == false)
{ {
struct blacklist_stats *stats; struct blacklist_stats *stats;
rb_dlink_list varlist = { NULL, NULL, 0 }; rb_dlink_list varlist = { NULL, NULL, 0 };
@ -429,26 +429,26 @@ register_local_user(struct Client *client_p, struct Client *source_p)
substitution_append_var(&varlist, "nick", source_p->name); substitution_append_var(&varlist, "nick", source_p->name);
substitution_append_var(&varlist, "ip", source_p->sockhost); substitution_append_var(&varlist, "ip", source_p->sockhost);
substitution_append_var(&varlist, "host", source_p->host); substitution_append_var(&varlist, "host", source_p->host);
substitution_append_var(&varlist, "dnsbl-host", source_p->preClient->authd_data); substitution_append_var(&varlist, "dnsbl-host", source_p->preClient->auth.data);
substitution_append_var(&varlist, "network-name", ServerInfo.network_name); substitution_append_var(&varlist, "network-name", ServerInfo.network_name);
reason = substitution_parse(source_p->preClient->authd_reason, &varlist); reason = substitution_parse(source_p->preClient->auth.reason, &varlist);
switch(source_p->preClient->authd_cause) switch(source_p->preClient->auth.cause)
{ {
case 'B': /* Blacklists */ case 'B': /* Blacklists */
if((stats = rb_dictionary_retrieve(bl_stats, source_p->preClient->authd_data)) != NULL) if((stats = rb_dictionary_retrieve(bl_stats, source_p->preClient->auth.data)) != NULL)
stats->hits++; stats->hits++;
if(IsExemptKline(source_p) || IsConfExemptDNSBL(aconf)) if(IsExemptKline(source_p) || IsConfExemptDNSBL(aconf))
{ {
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s, but you are exempt", sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s, but you are exempt",
source_p->sockhost, source_p->preClient->authd_data); source_p->sockhost, source_p->preClient->auth.data);
} }
else else
{ {
sendto_realops_snomask(SNO_REJ, L_NETWIDE, sendto_realops_snomask(SNO_REJ, L_NETWIDE,
"Listed on DNSBL %s: %s (%s@%s) [%s] [%s]", "Listed on DNSBL %s: %s (%s@%s) [%s] [%s]",
source_p->preClient->authd_data, source_p->preClient->auth.data,
source_p->name, source_p->name,
source_p->username, source_p->host, source_p->username, source_p->host,
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost, IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
@ -460,7 +460,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
me.name, source_p->name, reason); me.name, source_p->name, reason);
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s", sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
source_p->sockhost, source_p->preClient->authd_data); source_p->sockhost, source_p->preClient->auth.data);
add_reject(source_p, NULL, NULL); add_reject(source_p, NULL, NULL);
exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)"); exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)");
substitution_free(&varlist); substitution_free(&varlist);
@ -471,13 +471,13 @@ register_local_user(struct Client *client_p, struct Client *source_p)
if(IsExemptKline(source_p) || IsConfExemptProxy(aconf)) if(IsExemptKline(source_p) || IsConfExemptProxy(aconf))
{ {
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s), but you are exempt", sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s), but you are exempt",
source_p->sockhost, source_p->preClient->authd_data); source_p->sockhost, source_p->preClient->auth.data);
} }
else else
{ {
sendto_realops_snomask(SNO_REJ, L_NETWIDE, sendto_realops_snomask(SNO_REJ, L_NETWIDE,
"Open proxy %s: %s (%s@%s) [%s] [%s]", "Open proxy %s: %s (%s@%s) [%s] [%s]",
source_p->preClient->authd_data, source_p->preClient->auth.data,
source_p->name, source_p->name,
source_p->username, source_p->host, source_p->username, source_p->host,
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost, IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
@ -489,7 +489,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
me.name, source_p->name, reason); me.name, source_p->name, reason);
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s)", sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s)",
source_p->sockhost, source_p->preClient->authd_data); source_p->sockhost, source_p->preClient->auth.data);
add_reject(source_p, NULL, NULL); add_reject(source_p, NULL, NULL);
exit_client(client_p, source_p, &me, "*** Banned (Open proxy)"); exit_client(client_p, source_p, &me, "*** Banned (Open proxy)");
substitution_free(&varlist); substitution_free(&varlist);