Remove reject entries on unkline/ungline/unxline.

When a user is rejected, remember the hash value of the
ban mask (for klines/glines, hash value of the user part
XOR hash value of the host part) with the rejected IP;
if the kline/gline/xline is removed, remove rejects with
the same hash value also.  Note that this does not happen
for expiries; this is deliberate.
Rejects for no auth{} or dnsbl put a hash value of 0;
they cannot be removed selectively.
This commit is contained in:
Jilles Tjoelker 2007-12-08 21:54:51 +01:00
parent 6bfe3faec0
commit 35f6f850b6
8 changed files with 59 additions and 11 deletions

View file

@ -33,9 +33,10 @@ extern dlink_list delay_exit;
void init_reject(void); void init_reject(void);
int check_reject(struct Client *); int check_reject(struct Client *);
void add_reject(struct Client *); void add_reject(struct Client *, const char *mask1, const char *mask2);
void flush_reject(void); void flush_reject(void);
int remove_reject(const char *ip); int remove_reject_ip(const char *ip);
int remove_reject_mask(const char *mask1, const char *mask2);
int add_unknown_ip(struct Client *client_p); int add_unknown_ip(struct Client *client_p);
void del_unknown_ip(struct Client *client_p); void del_unknown_ip(struct Client *client_p);

View file

@ -47,6 +47,7 @@
#include "parse.h" #include "parse.h"
#include "modules.h" #include "modules.h"
#include "s_log.h" #include "s_log.h"
#include "reject.h"
static int mo_gline(struct Client *, struct Client *, int, const char **); static int mo_gline(struct Client *, struct Client *, int, const char **);
static int mc_gline(struct Client *, struct Client *, int, const char **); static int mc_gline(struct Client *, struct Client *, int, const char **);
@ -722,6 +723,7 @@ remove_temp_gline(const char *user, const char *host)
continue; continue;
dlinkDestroy(ptr, &glines); dlinkDestroy(ptr, &glines);
remove_reject_mask(aconf->user, aconf->host);
delete_one_address_conf(aconf->host, aconf); delete_one_address_conf(aconf->host, aconf);
return YES; return YES;
} }

View file

@ -46,6 +46,7 @@
#include "parse.h" #include "parse.h"
#include "modules.h" #include "modules.h"
#include "event.h" #include "event.h"
#include "reject.h"
static int mo_kline(struct Client *, struct Client *, int, const char **); static int mo_kline(struct Client *, struct Client *, int, const char **);
static int ms_kline(struct Client *, struct Client *, int, const char **); static int ms_kline(struct Client *, struct Client *, int, const char **);
@ -866,6 +867,7 @@ remove_permkline_match(struct Client *source_p, struct ConfItem *aconf)
ilog(L_KLINE, "UK %s %s %s", ilog(L_KLINE, "UK %s %s %s",
get_oper_name(source_p), user, host); get_oper_name(source_p), user, host);
remove_reject_mask(aconf->user, aconf->host);
delete_one_address_conf(aconf->host, aconf); delete_one_address_conf(aconf->host, aconf);
return; return;
@ -925,6 +927,7 @@ remove_temp_kline(struct ConfItem *aconf)
if (aconf == ptr->data) if (aconf == ptr->data)
{ {
dlinkDestroy(ptr, &temp_klines[i]); dlinkDestroy(ptr, &temp_klines[i]);
remove_reject_mask(aconf->user, aconf->host);
delete_one_address_conf(aconf->host, aconf); delete_one_address_conf(aconf->host, aconf);
return YES; return YES;
} }

View file

@ -62,7 +62,7 @@ mo_unreject(struct Client *client_p, struct Client *source_p, int parc, const ch
return 0; return 0;
} }
if(remove_reject(parv[1])) if(remove_reject_ip(parv[1]))
sendto_one_notice(source_p, ":Removed reject for %s", parv[1]); sendto_one_notice(source_p, ":Removed reject for %s", parv[1]);
else else
sendto_one_notice(source_p, ":Unable to remove reject for %s", parv[1]); sendto_one_notice(source_p, ":Unable to remove reject for %s", parv[1]);

View file

@ -52,6 +52,7 @@
#include "modules.h" #include "modules.h"
#include "s_conf.h" #include "s_conf.h"
#include "s_newconf.h" #include "s_newconf.h"
#include "reject.h"
static int mo_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]); static int mo_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
static int ms_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]); static int ms_xline(struct Client *client_p, struct Client *source_p, int parc, const char *parv[]);
@ -558,6 +559,7 @@ remove_xline(struct Client *source_p, const char *name)
get_oper_name(source_p), name); get_oper_name(source_p), name);
} }
remove_reject_mask(aconf->name, NULL);
free_conf(aconf); free_conf(aconf);
dlinkDestroy(ptr, &xline_conf_list); dlinkDestroy(ptr, &xline_conf_list);
return; return;

View file

@ -33,6 +33,7 @@
#include "reject.h" #include "reject.h"
#include "s_stats.h" #include "s_stats.h"
#include "msg.h" #include "msg.h"
#include "hash.h"
static patricia_tree_t *reject_tree; static patricia_tree_t *reject_tree;
dlink_list delay_exit; dlink_list delay_exit;
@ -45,6 +46,7 @@ struct reject_data
dlink_node rnode; dlink_node rnode;
time_t time; time_t time;
unsigned int count; unsigned int count;
uint32_t mask_hashv;
}; };
static patricia_tree_t *unknown_tree; static patricia_tree_t *unknown_tree;
@ -118,15 +120,22 @@ init_reject(void)
void void
add_reject(struct Client *client_p) add_reject(struct Client *client_p, const char *mask1, const char *mask2)
{ {
patricia_node_t *pnode; patricia_node_t *pnode;
struct reject_data *rdata; struct reject_data *rdata;
uint32_t hashv;
/* Reject is disabled */ /* Reject is disabled */
if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0) if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0)
return; return;
hashv = 0;
if (mask1 != NULL)
hashv ^= fnv_hash_upper(mask1, 32);
if (mask2 != NULL)
hashv ^= fnv_hash_upper(mask2, 32);
if((pnode = match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL) if((pnode = match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL)
{ {
rdata = pnode->data; rdata = pnode->data;
@ -146,6 +155,7 @@ add_reject(struct Client *client_p)
rdata->time = CurrentTime; rdata->time = CurrentTime;
rdata->count = 1; rdata->count = 1;
} }
rdata->mask_hashv = hashv;
} }
int int
@ -197,7 +207,7 @@ flush_reject(void)
} }
int int
remove_reject(const char *ip) remove_reject_ip(const char *ip)
{ {
patricia_node_t *pnode; patricia_node_t *pnode;
@ -217,6 +227,35 @@ remove_reject(const char *ip)
return 0; return 0;
} }
int
remove_reject_mask(const char *mask1, const char *mask2)
{
dlink_node *ptr, *next;
patricia_node_t *pnode;
struct reject_data *rdata;
uint32_t hashv;
int n = 0;
hashv = 0;
if (mask1 != NULL)
hashv ^= fnv_hash_upper(mask1, 32);
if (mask2 != NULL)
hashv ^= fnv_hash_upper(mask2, 32);
DLINK_FOREACH_SAFE(ptr, next, reject_list.head)
{
pnode = ptr->data;
rdata = pnode->data;
if (rdata->mask_hashv == hashv)
{
dlinkDelete(ptr, &reject_list);
MyFree(rdata);
patricia_remove(reject_tree, pnode);
n++;
}
}
return n;
}
int int
add_unknown_ip(struct Client *client_p) add_unknown_ip(struct Client *client_p)

View file

@ -281,13 +281,12 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern
source_p->name, IsGotId(source_p) ? "" : "~", source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->sockhost, source_p->username, source_p->sockhost,
source_p->localClient->listener->name, port); source_p->localClient->listener->name, port);
add_reject(client_p); add_reject(client_p, NULL, NULL);
exit_client(client_p, source_p, &me, exit_client(client_p, source_p, &me,
"You are not authorised to use this server"); "You are not authorised to use this server");
break; break;
} }
case BANNED_CLIENT: case BANNED_CLIENT:
add_reject(client_p);
exit_client(client_p, client_p, &me, "*** Banned "); exit_client(client_p, client_p, &me, "*** Banned ");
ServerStats->is_ref++; ServerStats->is_ref++;
break; break;
@ -388,6 +387,7 @@ verify_access(struct Client *client_p, const char *username)
form_str(ERR_YOUREBANNEDCREEP), form_str(ERR_YOUREBANNEDCREEP),
me.name, client_p->name, aconf->passwd); me.name, client_p->name, aconf->passwd);
} }
add_reject(client_p, aconf->user, aconf->host);
return (BANNED_CLIENT); return (BANNED_CLIENT);
} }
else if(aconf->status & CONF_GLINE) else if(aconf->status & CONF_GLINE)
@ -399,6 +399,7 @@ verify_access(struct Client *client_p, const char *username)
form_str(ERR_YOUREBANNEDCREEP), form_str(ERR_YOUREBANNEDCREEP),
me.name, client_p->name, aconf->passwd); me.name, client_p->name, aconf->passwd);
add_reject(client_p, aconf->user, aconf->host);
return (BANNED_CLIENT); return (BANNED_CLIENT);
} }

View file

@ -223,7 +223,7 @@ show_lusers(struct Client *source_p)
int int
register_local_user(struct Client *client_p, struct Client *source_p, const char *username) register_local_user(struct Client *client_p, struct Client *source_p, const char *username)
{ {
struct ConfItem *aconf; struct ConfItem *aconf, *xconf;
struct User *user = source_p->user; struct User *user = source_p->user;
char tmpstr2[IRCD_BUFSIZE]; char tmpstr2[IRCD_BUFSIZE];
char ipaddr[HOSTIPLEN]; char ipaddr[HOSTIPLEN];
@ -415,10 +415,10 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char
/* kline exemption extends to xline too */ /* kline exemption extends to xline too */
if(!IsExemptKline(source_p) && if(!IsExemptKline(source_p) &&
find_xline(source_p->info, 1) != NULL) (xconf = find_xline(source_p->info, 1)) != NULL)
{ {
ServerStats->is_ref++; ServerStats->is_ref++;
add_reject(source_p); add_reject(source_p, xconf->name, NULL);
exit_client(client_p, source_p, &me, "Bad user info"); exit_client(client_p, source_p, &me, "Bad user info");
return CLIENT_EXITED; return CLIENT_EXITED;
} }
@ -450,7 +450,7 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s", sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
source_p->sockhost, source_p->preClient->dnsbl_listed->host); source_p->sockhost, source_p->preClient->dnsbl_listed->host);
source_p->preClient->dnsbl_listed->hits++; source_p->preClient->dnsbl_listed->hits++;
add_reject(source_p); add_reject(source_p, NULL, NULL);
exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)"); exit_client(client_p, source_p, &me, "*** Banned (DNS blacklist)");
return CLIENT_EXITED; return CLIENT_EXITED;
} }