Remove reject entries on unkline/ungline/unxline.
When a user is rejected, remember the hash value of the ban mask (for klines/glines, hash value of the user part XOR hash value of the host part) with the rejected IP; if the kline/gline/xline is removed, remove rejects with the same hash value also. Note that this does not happen for expiries; this is deliberate. Rejects for no auth{} or dnsbl put a hash value of 0; they cannot be removed selectively.
This commit is contained in:
parent
6bfe3faec0
commit
35f6f850b6
8 changed files with 59 additions and 11 deletions
|
@ -33,9 +33,10 @@ extern dlink_list delay_exit;
|
|||
|
||||
void init_reject(void);
|
||||
int check_reject(struct Client *);
|
||||
void add_reject(struct Client *);
|
||||
void add_reject(struct Client *, const char *mask1, const char *mask2);
|
||||
void flush_reject(void);
|
||||
int remove_reject(const char *ip);
|
||||
int remove_reject_ip(const char *ip);
|
||||
int remove_reject_mask(const char *mask1, const char *mask2);
|
||||
|
||||
int add_unknown_ip(struct Client *client_p);
|
||||
void del_unknown_ip(struct Client *client_p);
|
||||
|
|
|
@ -47,6 +47,7 @@
|
|||
#include "parse.h"
|
||||
#include "modules.h"
|
||||
#include "s_log.h"
|
||||
#include "reject.h"
|
||||
|
||||
static int mo_gline(struct Client *, struct Client *, int, const char **);
|
||||
static int mc_gline(struct Client *, struct Client *, int, const char **);
|
||||
|
@ -722,6 +723,7 @@ remove_temp_gline(const char *user, const char *host)
|
|||
continue;
|
||||
|
||||
dlinkDestroy(ptr, &glines);
|
||||
remove_reject_mask(aconf->user, aconf->host);
|
||||
delete_one_address_conf(aconf->host, aconf);
|
||||
return YES;
|
||||
}
|
||||
|
|
|
@ -46,6 +46,7 @@
|
|||
#include "parse.h"
|
||||
#include "modules.h"
|
||||
#include "event.h"
|
||||
#include "reject.h"
|
||||
|
||||
static int mo_kline(struct Client *, struct Client *, int, const char **);
|
||||
static int ms_kline(struct Client *, struct Client *, int, const char **);
|
||||
|
@ -866,6 +867,7 @@ remove_permkline_match(struct Client *source_p, struct ConfItem *aconf)
|
|||
ilog(L_KLINE, "UK %s %s %s",
|
||||
get_oper_name(source_p), user, host);
|
||||
|
||||
remove_reject_mask(aconf->user, aconf->host);
|
||||
delete_one_address_conf(aconf->host, aconf);
|
||||
|
||||
return;
|
||||
|
@ -925,6 +927,7 @@ remove_temp_kline(struct ConfItem *aconf)
|
|||
if (aconf == ptr->data)
|
||||
{
|
||||
dlinkDestroy(ptr, &temp_klines[i]);
|
||||
remove_reject_mask(aconf->user, aconf->host);
|
||||
delete_one_address_conf(aconf->host, aconf);
|
||||
return YES;
|
||||
}
|
||||
|
|
|
@ -62,7 +62,7 @@ mo_unreject(struct Client *client_p, struct Client *source_p, int parc, const ch
|
|||
return 0;
|
||||
}
|
||||
|
||||
if(remove_reject(parv[1]))
|
||||
if(remove_reject_ip(parv[1]))
|
||||
sendto_one_notice(source_p, ":Removed reject for %s", parv[1]);
|
||||
else
|
||||
sendto_one_notice(source_p, ":Unable to remove reject for %s", parv[1]);
|
||||
|
|
|
@ -52,6 +52,7 @@
|
|||
#include "modules.h"
|
||||
#include "s_conf.h"
|
||||
#include "s_newconf.h"
|
||||
#include "reject.h"
|
||||
|
||||
static int mo_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
|
||||
static int ms_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
|
||||
|
@ -558,6 +559,7 @@ remove_xline(struct Client *source_p, const char *name)
|
|||
get_oper_name(source_p), name);
|
||||
}
|
||||
|
||||
remove_reject_mask(aconf->name, NULL);
|
||||
free_conf(aconf);
|
||||
dlinkDestroy(ptr, &xline_conf_list);
|
||||
return;
|
||||
|
|
43
src/reject.c
43
src/reject.c
|
@ -33,6 +33,7 @@
|
|||
#include "reject.h"
|
||||
#include "s_stats.h"
|
||||
#include "msg.h"
|
||||
#include "hash.h"
|
||||
|
||||
static patricia_tree_t *reject_tree;
|
||||
dlink_list delay_exit;
|
||||
|
@ -45,6 +46,7 @@ struct reject_data
|
|||
dlink_node rnode;
|
||||
time_t time;
|
||||
unsigned int count;
|
||||
uint32_t mask_hashv;
|
||||
};
|
||||
|
||||
static patricia_tree_t *unknown_tree;
|
||||
|
@ -118,15 +120,22 @@ init_reject(void)
|
|||
|
||||
|
||||
void
|
||||
add_reject(struct Client *client_p)
|
||||
add_reject(struct Client *client_p, const char *mask1, const char *mask2)
|
||||
{
|
||||
patricia_node_t *pnode;
|
||||
struct reject_data *rdata;
|
||||
uint32_t hashv;
|
||||
|
||||
/* Reject is disabled */
|
||||
if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0)
|
||||
return;
|
||||
|
||||
hashv = 0;
|
||||
if (mask1 != NULL)
|
||||
hashv ^= fnv_hash_upper(mask1, 32);
|
||||
if (mask2 != NULL)
|
||||
hashv ^= fnv_hash_upper(mask2, 32);
|
||||
|
||||
if((pnode = match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL)
|
||||
{
|
||||
rdata = pnode->data;
|
||||
|
@ -146,6 +155,7 @@ add_reject(struct Client *client_p)
|
|||
rdata->time = CurrentTime;
|
||||
rdata->count = 1;
|
||||
}
|
||||
rdata->mask_hashv = hashv;
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -197,7 +207,7 @@ flush_reject(void)
|
|||
}
|
||||
|
||||
int
|
||||
remove_reject(const char *ip)
|
||||
remove_reject_ip(const char *ip)
|
||||
{
|
||||
patricia_node_t *pnode;
|
||||
|
||||
|
@ -217,6 +227,35 @@ remove_reject(const char *ip)
|
|||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
remove_reject_mask(const char *mask1, const char *mask2)
|
||||
{
|
||||
dlink_node *ptr, *next;
|
||||
patricia_node_t *pnode;
|
||||
struct reject_data *rdata;
|
||||
uint32_t hashv;
|
||||
int n = 0;
|
||||
|
||||
hashv = 0;
|
||||
if (mask1 != NULL)
|
||||
hashv ^= fnv_hash_upper(mask1, 32);
|
||||
if (mask2 != NULL)
|
||||
hashv ^= fnv_hash_upper(mask2, 32);
|
||||
DLINK_FOREACH_SAFE(ptr, next, reject_list.head)
|
||||
{
|
||||
pnode = ptr->data;
|
||||
rdata = pnode->data;
|
||||
if (rdata->mask_hashv == hashv)
|
||||
{
|
||||
dlinkDelete(ptr, &reject_list);
|
||||
MyFree(rdata);
|
||||
patricia_remove(reject_tree, pnode);
|
||||
n++;
|
||||
}
|
||||
}
|
||||
return n;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
add_unknown_ip(struct Client *client_p)
|
||||
|
|
|
@ -281,13 +281,12 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern
|
|||
source_p->name, IsGotId(source_p) ? "" : "~",
|
||||
source_p->username, source_p->sockhost,
|
||||
source_p->localClient->listener->name, port);
|
||||
add_reject(client_p);
|
||||
add_reject(client_p, NULL, NULL);
|
||||
exit_client(client_p, source_p, &me,
|
||||
"You are not authorised to use this server");
|
||||
break;
|
||||
}
|
||||
case BANNED_CLIENT:
|
||||
add_reject(client_p);
|
||||
exit_client(client_p, client_p, &me, "*** Banned ");
|
||||
ServerStats->is_ref++;
|
||||
break;
|
||||
|
@ -388,6 +387,7 @@ verify_access(struct Client *client_p, const char *username)
|
|||
form_str(ERR_YOUREBANNEDCREEP),
|
||||
me.name, client_p->name, aconf->passwd);
|
||||
}
|
||||
add_reject(client_p, aconf->user, aconf->host);
|
||||
return (BANNED_CLIENT);
|
||||
}
|
||||
else if(aconf->status & CONF_GLINE)
|
||||
|
@ -399,6 +399,7 @@ verify_access(struct Client *client_p, const char *username)
|
|||
form_str(ERR_YOUREBANNEDCREEP),
|
||||
me.name, client_p->name, aconf->passwd);
|
||||
|
||||
add_reject(client_p, aconf->user, aconf->host);
|
||||
return (BANNED_CLIENT);
|
||||
}
|
||||
|
||||
|
|
|
@ -223,7 +223,7 @@ show_lusers(struct Client *source_p)
|
|||
int
|
||||
register_local_user(struct Client *client_p, struct Client *source_p, const char *username)
|
||||
{
|
||||
struct ConfItem *aconf;
|
||||
struct ConfItem *aconf, *xconf;
|
||||
struct User *user = source_p->user;
|
||||
char tmpstr2[IRCD_BUFSIZE];
|
||||
char ipaddr[HOSTIPLEN];
|
||||
|
@ -415,10 +415,10 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char
|
|||
|
||||
/* kline exemption extends to xline too */
|
||||
if(!IsExemptKline(source_p) &&
|
||||
find_xline(source_p->info, 1) != NULL)
|
||||
(xconf = find_xline(source_p->info, 1)) != NULL)
|
||||
{
|
||||
ServerStats->is_ref++;
|
||||
add_reject(source_p);
|
||||
add_reject(source_p, xconf->name, NULL);
|
||||
exit_client(client_p, source_p, &me, "Bad user info");
|
||||
return CLIENT_EXITED;
|
||||
}
|
||||
|
@ -450,7 +450,7 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char
|
|||
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
|
||||
source_p->sockhost, source_p->preClient->dnsbl_listed->host);
|
||||
source_p->preClient->dnsbl_listed->hits++;
|
||||
add_reject(source_p);
|
||||
add_reject(source_p, NULL, NULL);
|
||||
exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)");
|
||||
return CLIENT_EXITED;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue