Wrap up authd preclient stuff in its own struct
This commit is contained in:
parent
02fa4362cd
commit
154dc91ef0
4 changed files with 47 additions and 41 deletions
|
@ -41,9 +41,9 @@ struct Blacklist;
|
||||||
|
|
||||||
/* we store ipv6 ips for remote clients, so this needs to be v6 always */
|
/* we store ipv6 ips for remote clients, so this needs to be v6 always */
|
||||||
#define HOSTIPLEN 53 /* sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255.ipv6") */
|
#define HOSTIPLEN 53 /* sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255.ipv6") */
|
||||||
#define PASSWDLEN 128
|
#define PASSWDLEN 128
|
||||||
#define CIPHERKEYLEN 64 /* 512bit */
|
#define CIPHERKEYLEN 64 /* 512bit */
|
||||||
#define CLIENT_BUFSIZE 512 /* must be at least 512 bytes */
|
#define CLIENT_BUFSIZE 512 /* must be at least 512 bytes */
|
||||||
|
|
||||||
#define IDLEN 10
|
#define IDLEN 10
|
||||||
|
|
||||||
|
@ -287,18 +287,24 @@ struct LocalUser
|
||||||
unsigned char sasl_complete;
|
unsigned char sasl_complete;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct AuthClient
|
||||||
|
{
|
||||||
|
uint32_t cid; /* authd id */
|
||||||
|
time_t timeout; /* When to terminate authd query */
|
||||||
|
bool accepted; /* did authd accept us? */
|
||||||
|
char cause; /* rejection cause */
|
||||||
|
char *data; /* reason data */
|
||||||
|
char *reason; /* reason we were rejected */
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
struct PreClient
|
struct PreClient
|
||||||
{
|
{
|
||||||
char spoofnick[NICKLEN + 1];
|
char spoofnick[NICKLEN + 1];
|
||||||
char spoofuser[USERLEN + 1];
|
char spoofuser[USERLEN + 1];
|
||||||
char spoofhost[HOSTLEN + 1];
|
char spoofhost[HOSTLEN + 1];
|
||||||
|
|
||||||
uint32_t authd_cid; /* authd id */
|
struct AuthClient auth;
|
||||||
time_t authd_timeout; /* When to terminate authd query */
|
|
||||||
bool authd_accepted; /* did authd accept us? */
|
|
||||||
char authd_cause; /* rejection cause */
|
|
||||||
char *authd_data; /* reason data */
|
|
||||||
char *authd_reason; /* reason we were rejected */
|
|
||||||
|
|
||||||
struct rb_sockaddr_storage lip; /* address of our side of the connection */
|
struct rb_sockaddr_storage lip; /* address of our side of the connection */
|
||||||
};
|
};
|
||||||
|
|
|
@ -394,10 +394,10 @@ authd_initiate_client(struct Client *client_p)
|
||||||
uint16_t client_port, listen_port;
|
uint16_t client_port, listen_port;
|
||||||
uint32_t authd_cid;
|
uint32_t authd_cid;
|
||||||
|
|
||||||
if(client_p->preClient == NULL || client_p->preClient->authd_cid != 0)
|
if(client_p->preClient == NULL || client_p->preClient->auth.cid != 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
authd_cid = client_p->preClient->authd_cid = generate_cid();
|
authd_cid = client_p->preClient->auth.cid = generate_cid();
|
||||||
|
|
||||||
/* Collisions are extremely unlikely, so disregard the possibility */
|
/* Collisions are extremely unlikely, so disregard the possibility */
|
||||||
rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), client_p);
|
rb_dictionary_add(cid_clients, RB_UINT_TO_POINTER(authd_cid), client_p);
|
||||||
|
@ -411,7 +411,7 @@ authd_initiate_client(struct Client *client_p)
|
||||||
client_port = ntohs(GET_SS_PORT(&client_p->localClient->ip));
|
client_port = ntohs(GET_SS_PORT(&client_p->localClient->ip));
|
||||||
|
|
||||||
/* Add a bit of a fudge factor... */
|
/* Add a bit of a fudge factor... */
|
||||||
client_p->preClient->authd_timeout = rb_current_time() + ConfigFileEntry.connect_timeout + 10;
|
client_p->preClient->auth.timeout = rb_current_time() + ConfigFileEntry.connect_timeout + 10;
|
||||||
|
|
||||||
rb_helper_write(authd_helper, "C %x %s %hu %s %hu", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port);
|
rb_helper_write(authd_helper, "C %x %s %hu %s %hu", authd_cid, listen_ipaddr, listen_port, client_ipaddr, client_port);
|
||||||
}
|
}
|
||||||
|
@ -423,7 +423,7 @@ authd_initiate_client(struct Client *client_p)
|
||||||
static inline void
|
static inline void
|
||||||
authd_decide_client(struct Client *client_p, const char *ident, const char *host, bool accept, char cause, const char *data, const char *reason)
|
authd_decide_client(struct Client *client_p, const char *ident, const char *host, bool accept, char cause, const char *data, const char *reason)
|
||||||
{
|
{
|
||||||
if(client_p->preClient == NULL || client_p->preClient->authd_cid == 0)
|
if(client_p->preClient == NULL || client_p->preClient->auth.cid == 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if(*ident != '*')
|
if(*ident != '*')
|
||||||
|
@ -437,13 +437,13 @@ authd_decide_client(struct Client *client_p, const char *ident, const char *host
|
||||||
if(*host != '*')
|
if(*host != '*')
|
||||||
rb_strlcpy(client_p->host, host, sizeof(client_p->host));
|
rb_strlcpy(client_p->host, host, sizeof(client_p->host));
|
||||||
|
|
||||||
rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid));
|
rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid));
|
||||||
|
|
||||||
client_p->preClient->authd_accepted = accept;
|
client_p->preClient->auth.accepted = accept;
|
||||||
client_p->preClient->authd_cause = cause;
|
client_p->preClient->auth.cause = cause;
|
||||||
client_p->preClient->authd_data = (data == NULL ? NULL : rb_strdup(data));
|
client_p->preClient->auth.data = (data == NULL ? NULL : rb_strdup(data));
|
||||||
client_p->preClient->authd_reason = (reason == NULL ? NULL : rb_strdup(reason));
|
client_p->preClient->auth.reason = (reason == NULL ? NULL : rb_strdup(reason));
|
||||||
client_p->preClient->authd_cid = 0;
|
client_p->preClient->auth.cid = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* When a client has auth'ed, we want to start reading what it sends
|
* When a client has auth'ed, we want to start reading what it sends
|
||||||
|
@ -477,16 +477,16 @@ authd_abort_client(struct Client *client_p)
|
||||||
if(client_p == NULL || client_p->preClient == NULL)
|
if(client_p == NULL || client_p->preClient == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if(client_p->preClient->authd_cid == 0)
|
if(client_p->preClient->auth.cid == 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->authd_cid));
|
rb_dictionary_delete(cid_clients, RB_UINT_TO_POINTER(client_p->preClient->auth.cid));
|
||||||
|
|
||||||
if(authd_helper != NULL)
|
if(authd_helper != NULL)
|
||||||
rb_helper_write(authd_helper, "E %x", client_p->preClient->authd_cid);
|
rb_helper_write(authd_helper, "E %x", client_p->preClient->auth.cid);
|
||||||
|
|
||||||
client_p->preClient->authd_accepted = true;
|
client_p->preClient->auth.accepted = true;
|
||||||
client_p->preClient->authd_cid = 0;
|
client_p->preClient->auth.cid = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -497,7 +497,7 @@ timeout_dead_authd_clients(void *notused __unused)
|
||||||
|
|
||||||
RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients)
|
RB_DICTIONARY_FOREACH(client_p, &iter, cid_clients)
|
||||||
{
|
{
|
||||||
if(client_p->preClient->authd_timeout < rb_current_time())
|
if(client_p->preClient->auth.timeout < rb_current_time())
|
||||||
authd_abort_client(client_p);
|
authd_abort_client(client_p);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -258,10 +258,10 @@ free_pre_client(struct Client *client_p)
|
||||||
if(client_p->preClient == NULL)
|
if(client_p->preClient == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
s_assert(client_p->preClient->authd_cid == 0);
|
s_assert(client_p->preClient->auth.cid == 0);
|
||||||
|
|
||||||
rb_free(client_p->preClient->authd_data);
|
rb_free(client_p->preClient->auth.data);
|
||||||
rb_free(client_p->preClient->authd_reason);
|
rb_free(client_p->preClient->auth.reason);
|
||||||
|
|
||||||
rb_bh_free(pclient_heap, client_p->preClient);
|
rb_bh_free(pclient_heap, client_p->preClient);
|
||||||
client_p->preClient = NULL;
|
client_p->preClient = NULL;
|
||||||
|
@ -456,7 +456,7 @@ check_unknowns_list(rb_dlink_list * list)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/* Still querying with authd */
|
/* Still querying with authd */
|
||||||
if(client_p->preClient != NULL && client_p->preClient->authd_cid != 0)
|
if(client_p->preClient != NULL && client_p->preClient->auth.cid != 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -252,7 +252,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
/* Waiting on authd */
|
/* Waiting on authd */
|
||||||
if(source_p->preClient->authd_cid)
|
if(source_p->preClient->auth.cid)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
client_p->localClient->last = rb_current_time();
|
client_p->localClient->last = rb_current_time();
|
||||||
|
@ -420,7 +420,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* authd rejection check */
|
/* authd rejection check */
|
||||||
if(source_p->preClient->authd_accepted == false)
|
if(source_p->preClient->auth.accepted == false)
|
||||||
{
|
{
|
||||||
struct blacklist_stats *stats;
|
struct blacklist_stats *stats;
|
||||||
rb_dlink_list varlist = { NULL, NULL, 0 };
|
rb_dlink_list varlist = { NULL, NULL, 0 };
|
||||||
|
@ -429,26 +429,26 @@ register_local_user(struct Client *client_p, struct Client *source_p)
|
||||||
substitution_append_var(&varlist, "nick", source_p->name);
|
substitution_append_var(&varlist, "nick", source_p->name);
|
||||||
substitution_append_var(&varlist, "ip", source_p->sockhost);
|
substitution_append_var(&varlist, "ip", source_p->sockhost);
|
||||||
substitution_append_var(&varlist, "host", source_p->host);
|
substitution_append_var(&varlist, "host", source_p->host);
|
||||||
substitution_append_var(&varlist, "dnsbl-host", source_p->preClient->authd_data);
|
substitution_append_var(&varlist, "dnsbl-host", source_p->preClient->auth.data);
|
||||||
substitution_append_var(&varlist, "network-name", ServerInfo.network_name);
|
substitution_append_var(&varlist, "network-name", ServerInfo.network_name);
|
||||||
reason = substitution_parse(source_p->preClient->authd_reason, &varlist);
|
reason = substitution_parse(source_p->preClient->auth.reason, &varlist);
|
||||||
|
|
||||||
switch(source_p->preClient->authd_cause)
|
switch(source_p->preClient->auth.cause)
|
||||||
{
|
{
|
||||||
case 'B': /* Blacklists */
|
case 'B': /* Blacklists */
|
||||||
if((stats = rb_dictionary_retrieve(bl_stats, source_p->preClient->authd_data)) != NULL)
|
if((stats = rb_dictionary_retrieve(bl_stats, source_p->preClient->auth.data)) != NULL)
|
||||||
stats->hits++;
|
stats->hits++;
|
||||||
|
|
||||||
if(IsExemptKline(source_p) || IsConfExemptDNSBL(aconf))
|
if(IsExemptKline(source_p) || IsConfExemptDNSBL(aconf))
|
||||||
{
|
{
|
||||||
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s, but you are exempt",
|
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s, but you are exempt",
|
||||||
source_p->sockhost, source_p->preClient->authd_data);
|
source_p->sockhost, source_p->preClient->auth.data);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sendto_realops_snomask(SNO_REJ, L_NETWIDE,
|
sendto_realops_snomask(SNO_REJ, L_NETWIDE,
|
||||||
"Listed on DNSBL %s: %s (%s@%s) [%s] [%s]",
|
"Listed on DNSBL %s: %s (%s@%s) [%s] [%s]",
|
||||||
source_p->preClient->authd_data,
|
source_p->preClient->auth.data,
|
||||||
source_p->name,
|
source_p->name,
|
||||||
source_p->username, source_p->host,
|
source_p->username, source_p->host,
|
||||||
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
|
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
|
||||||
|
@ -460,7 +460,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
|
||||||
me.name, source_p->name, reason);
|
me.name, source_p->name, reason);
|
||||||
|
|
||||||
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
|
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
|
||||||
source_p->sockhost, source_p->preClient->authd_data);
|
source_p->sockhost, source_p->preClient->auth.data);
|
||||||
add_reject(source_p, NULL, NULL);
|
add_reject(source_p, NULL, NULL);
|
||||||
exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)");
|
exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)");
|
||||||
substitution_free(&varlist);
|
substitution_free(&varlist);
|
||||||
|
@ -471,13 +471,13 @@ register_local_user(struct Client *client_p, struct Client *source_p)
|
||||||
if(IsExemptKline(source_p) || IsConfExemptProxy(aconf))
|
if(IsExemptKline(source_p) || IsConfExemptProxy(aconf))
|
||||||
{
|
{
|
||||||
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s), but you are exempt",
|
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s), but you are exempt",
|
||||||
source_p->sockhost, source_p->preClient->authd_data);
|
source_p->sockhost, source_p->preClient->auth.data);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
sendto_realops_snomask(SNO_REJ, L_NETWIDE,
|
sendto_realops_snomask(SNO_REJ, L_NETWIDE,
|
||||||
"Open proxy %s: %s (%s@%s) [%s] [%s]",
|
"Open proxy %s: %s (%s@%s) [%s] [%s]",
|
||||||
source_p->preClient->authd_data,
|
source_p->preClient->auth.data,
|
||||||
source_p->name,
|
source_p->name,
|
||||||
source_p->username, source_p->host,
|
source_p->username, source_p->host,
|
||||||
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
|
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
|
||||||
|
@ -489,7 +489,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
|
||||||
me.name, source_p->name, reason);
|
me.name, source_p->name, reason);
|
||||||
|
|
||||||
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s)",
|
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s)",
|
||||||
source_p->sockhost, source_p->preClient->authd_data);
|
source_p->sockhost, source_p->preClient->auth.data);
|
||||||
add_reject(source_p, NULL, NULL);
|
add_reject(source_p, NULL, NULL);
|
||||||
exit_client(client_p, source_p, &me, "*** Banned (Open proxy)");
|
exit_client(client_p, source_p, &me, "*** Banned (Open proxy)");
|
||||||
substitution_free(&varlist);
|
substitution_free(&varlist);
|
||||||
|
|
Loading…
Reference in a new issue