Remove reject entries on unkline/ungline/unxline.

When a user is rejected, remember the hash value of the ban mask (for klines/glines, hash value of the user part XOR hash value of the host part) with the rejected IP; if the kline/gline/xline is removed, remove rejects with the same hash value also. Note that this does not happen for expiries; this is deliberate. Rejects for no auth{} or dnsbl put a hash value of 0; they cannot be removed selectively.
2007-12-08 21:54:51 +01:00 · 2007-12-08 21:54:51 +01:00 · 35f6f850b6
commit 35f6f850b6
parent 6bfe3faec0
8 changed files with 59 additions and 11 deletions
--- a/include/reject.h
+++ b/include/reject.h
@ -33,9 +33,10 @@ extern dlink_list delay_exit;

 void init_reject(void);
 int check_reject(struct Client *);
-void add_reject(struct Client *);
+void add_reject(struct Client *, const char *mask1, const char *mask2);
 void flush_reject(void);
-int remove_reject(const char *ip);
+int remove_reject_ip(const char *ip);
+int remove_reject_mask(const char *mask1, const char *mask2);

 int add_unknown_ip(struct Client *client_p);
 void del_unknown_ip(struct Client *client_p);
--- a/modules/m_gline.c
+++ b/modules/m_gline.c
@ -47,6 +47,7 @@
 #include "parse.h"
 #include "modules.h"
 #include "s_log.h"
+#include "reject.h"

 static int mo_gline(struct Client *, struct Client *, int, const char **);
 static int mc_gline(struct Client *, struct Client *, int, const char **);
@ -722,6 +723,7 @@ remove_temp_gline(const char *user, const char *host)
 			continue;

 		dlinkDestroy(ptr, &glines);
+		remove_reject_mask(aconf->user, aconf->host);
 		delete_one_address_conf(aconf->host, aconf);
 		return YES;
 	}
--- a/modules/m_kline.c
+++ b/modules/m_kline.c
@ -46,6 +46,7 @@
 #include "parse.h"
 #include "modules.h"
 #include "event.h"
+#include "reject.h"

 static int mo_kline(struct Client *, struct Client *, int, const char **);
 static int ms_kline(struct Client *, struct Client *, int, const char **);
@ -866,6 +867,7 @@ remove_permkline_match(struct Client *source_p, struct ConfItem *aconf)
 	ilog(L_KLINE, "UK %s %s %s",
 		get_oper_name(source_p), user, host);

+	remove_reject_mask(aconf->user, aconf->host);
 	delete_one_address_conf(aconf->host, aconf);

 	return;
@ -925,6 +927,7 @@ remove_temp_kline(struct ConfItem *aconf)
 			if (aconf == ptr->data)
 			{
 				dlinkDestroy(ptr, &temp_klines[i]);
+				remove_reject_mask(aconf->user, aconf->host);
 				delete_one_address_conf(aconf->host, aconf);
 				return YES;
 			}
--- a/modules/m_unreject.c
+++ b/modules/m_unreject.c
@ -62,7 +62,7 @@ mo_unreject(struct Client *client_p, struct Client *source_p, int parc, const ch
 		return 0;
 	}	
 	
-	if(remove_reject(parv[1]))
+	if(remove_reject_ip(parv[1]))
 		sendto_one_notice(source_p, ":Removed reject for %s", parv[1]);
 	else
 		sendto_one_notice(source_p, ":Unable to remove reject for %s", parv[1]);
--- a/modules/m_xline.c
+++ b/modules/m_xline.c
@ -52,6 +52,7 @@
 #include "modules.h"
 #include "s_conf.h"
 #include "s_newconf.h"
+#include "reject.h"

 static int mo_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
 static int ms_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
@ -558,6 +559,7 @@ remove_xline(struct Client *source_p, const char *name)
 						get_oper_name(source_p), name);
 			}
 			
+			remove_reject_mask(aconf->name, NULL);
 			free_conf(aconf);
 			dlinkDestroy(ptr, &xline_conf_list);
 			return;
--- a/src/reject.c
+++ b/src/reject.c
@ -33,6 +33,7 @@
 #include "reject.h"
 #include "s_stats.h"
 #include "msg.h"
+#include "hash.h"

 static patricia_tree_t *reject_tree;
 dlink_list delay_exit;
@ -45,6 +46,7 @@ struct reject_data
 	dlink_node rnode;
 	time_t time;
 	unsigned int count;
+	uint32_t mask_hashv;
 };

 static patricia_tree_t *unknown_tree;
@ -118,15 +120,22 @@ init_reject(void)


 void
-add_reject(struct Client *client_p)
+add_reject(struct Client *client_p, const char *mask1, const char *mask2)
 {
 	patricia_node_t *pnode;
 	struct reject_data *rdata;
+	uint32_t hashv;

 	/* Reject is disabled */
 	if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0)
 		return;

+	hashv = 0;
+	if (mask1 != NULL)
+		hashv ^= fnv_hash_upper(mask1, 32);
+	if (mask2 != NULL)
+		hashv ^= fnv_hash_upper(mask2, 32);
+
 	if((pnode = match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL)
 	{
 		rdata = pnode->data;
@ -146,6 +155,7 @@ add_reject(struct Client *client_p)
 		rdata->time = CurrentTime;
 		rdata->count = 1;
 	}
+	rdata->mask_hashv = hashv;
 }

 int
@ -197,7 +207,7 @@ flush_reject(void)
 }

 int 
-remove_reject(const char *ip)
+remove_reject_ip(const char *ip)
 {
 	patricia_node_t *pnode;
 	
@ -217,6 +227,35 @@ remove_reject(const char *ip)
 	return 0;
 }

+int
+remove_reject_mask(const char *mask1, const char *mask2)
+{
+	dlink_node *ptr, *next;
+	patricia_node_t *pnode;
+	struct reject_data *rdata;
+	uint32_t hashv;
+	int n = 0;
+	
+	hashv = 0;
+	if (mask1 != NULL)
+		hashv ^= fnv_hash_upper(mask1, 32);
+	if (mask2 != NULL)
+		hashv ^= fnv_hash_upper(mask2, 32);
+	DLINK_FOREACH_SAFE(ptr, next, reject_list.head)
+	{
+		pnode = ptr->data;
+		rdata = pnode->data;
+		if (rdata->mask_hashv == hashv)
+		{
+			dlinkDelete(ptr, &reject_list);
+			MyFree(rdata);
+			patricia_remove(reject_tree, pnode);
+			n++;
+		}
+	}
+	return n;
+}
+

 int
 add_unknown_ip(struct Client *client_p)
--- a/src/s_conf.c
+++ b/src/s_conf.c
@ -281,13 +281,12 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern
 				source_p->name, IsGotId(source_p) ? "" : "~",
 				source_p->username, source_p->sockhost,
 				source_p->localClient->listener->name, port);
-			add_reject(client_p);
+			add_reject(client_p, NULL, NULL);
 			exit_client(client_p, source_p, &me,
 				    "You are not authorised to use this server");
 			break;
 		}
 	case BANNED_CLIENT:
-		add_reject(client_p);
 		exit_client(client_p, client_p, &me, "*** Banned ");
 		ServerStats->is_ref++;
 		break;
@ -388,6 +387,7 @@ verify_access(struct Client *client_p, const char *username)
 					form_str(ERR_YOUREBANNEDCREEP),
 					me.name, client_p->name, aconf->passwd);
 		}
+		add_reject(client_p, aconf->user, aconf->host);
 		return (BANNED_CLIENT);
 	}
 	else if(aconf->status & CONF_GLINE)
@ -399,6 +399,7 @@ verify_access(struct Client *client_p, const char *username)
 					form_str(ERR_YOUREBANNEDCREEP),
 					me.name, client_p->name, aconf->passwd);

+		add_reject(client_p, aconf->user, aconf->host);
 		return (BANNED_CLIENT);
 	}

--- a/src/s_user.c
+++ b/src/s_user.c
@ -223,7 +223,7 @@ show_lusers(struct Client *source_p)
 int
 register_local_user(struct Client *client_p, struct Client *source_p, const char *username)
 {
-	struct ConfItem *aconf;
+	struct ConfItem *aconf, *xconf;
 	struct User *user = source_p->user;
 	char tmpstr2[IRCD_BUFSIZE];
 	char ipaddr[HOSTIPLEN];
@ -415,10 +415,10 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char

 	/* kline exemption extends to xline too */
 	if(!IsExemptKline(source_p) &&
-	   find_xline(source_p->info, 1) != NULL)
+	   (xconf = find_xline(source_p->info, 1)) != NULL)
 	{
 		ServerStats->is_ref++;
-		add_reject(source_p);
+		add_reject(source_p, xconf->name, NULL);
 		exit_client(client_p, source_p, &me, "Bad user info");
 		return CLIENT_EXITED;
 	}
@ -450,7 +450,7 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char
 			sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
 					source_p->sockhost, source_p->preClient->dnsbl_listed->host);
 			source_p->preClient->dnsbl_listed->hits++;
-			add_reject(source_p);
+			add_reject(source_p, NULL, NULL);
 			exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)");
 			return CLIENT_EXITED;
 		}