Merge pull request #315 from edk0/check-kline

Make K-line checking more consistent
This commit is contained in:
Aaron Jones 2020-04-19 11:57:08 +00:00 committed by GitHub
commit 60445f51d0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 35 deletions

View file

@ -580,9 +580,17 @@ check_one_kline(struct ConfItem *kline)
struct Client *client_p;
rb_dlink_node *ptr;
rb_dlink_node *next_ptr;
int masktype;
int bits;
struct rb_sockaddr_storage sockaddr;
struct sockaddr_in ip4;
masktype = parse_netmask(kline->host, (struct sockaddr_storage *)&sockaddr, &bits);
RB_DLINK_FOREACH_SAFE(ptr, next_ptr, lclient_list.head)
{
int matched = 0;
client_p = ptr->data;
if(IsMe(client_p) || !IsPerson(client_p))
@ -592,28 +600,29 @@ check_one_kline(struct ConfItem *kline)
continue;
/* match one kline */
{
int matched = 0;
int masktype;
int bits;
struct rb_sockaddr_storage sockaddr;
masktype = parse_netmask(kline->host, (struct sockaddr_storage *)&sockaddr, &bits);
switch (masktype) {
case HM_IPV4:
if (client_p->localClient->ip.ss_family == AF_INET6 &&
rb_ipv4_from_ipv6((struct sockaddr_in6 *)&client_p->localClient->ip, &ip4)
&& comp_with_mask_sock((struct sockaddr *)&ip4, (struct sockaddr *)&sockaddr, bits))
matched = 1;
/* fallthrough */
case HM_IPV6:
if(comp_with_mask_sock((struct sockaddr *)&client_p->localClient->ip,
if (client_p->localClient->ip.ss_family == sockaddr.ss_family &&
comp_with_mask_sock((struct sockaddr *)&client_p->localClient->ip,
(struct sockaddr *)&sockaddr, bits))
matched = 1;
break;
case HM_HOST:
if (match(kline->host, client_p->orighost))
matched = 1;
if (match(kline->host, client_p->sockhost))
matched = 1;
break;
}
if (!matched)
continue;
}
if(IsExemptKline(client_p))
{

View file

@ -216,6 +216,8 @@ find_conf_by_address(const char *name, const char *sockhost,
unsigned long hprecv = 0;
struct ConfItem *hprec = NULL;
struct AddressRec *arec;
struct sockaddr_in ip4;
struct sockaddr *pip4 = NULL;
int b;
if(username == NULL)
@ -223,9 +225,13 @@ find_conf_by_address(const char *name, const char *sockhost,
if(addr)
{
/* Check for IPV6 matches... */
if (fam == AF_INET)
pip4 = addr;
if (fam == AF_INET6)
{
if (type == CONF_KILL && rb_ipv4_from_ipv6((struct sockaddr_in6 *)addr, &ip4))
pip4 = (struct sockaddr *)&ip4;
for (b = 128; b >= 0; b -= 16)
{
@ -244,15 +250,15 @@ find_conf_by_address(const char *name, const char *sockhost,
}
}
}
else
if(fam == AF_INET)
if (pip4 != NULL)
{
for (b = 32; b >= 0; b -= 8)
{
for (arec = atable[hash_ipv4(addr, b)]; arec; arec = arec->next)
for (arec = atable[hash_ipv4(pip4, b)]; arec; arec = arec->next)
if(arec->type == (type & ~0x1) &&
arec->masktype == HM_IPV4 &&
comp_with_mask_sock(addr, (struct sockaddr *)&arec->Mask.ipa.addr,
comp_with_mask_sock(pip4, (struct sockaddr *)&arec->Mask.ipa.addr,
arec->Mask.ipa.bits) &&
(type & 0x1 || match(arec->username, username)) &&
(type != CONF_CLIENT || !arec->auth_user ||
@ -364,7 +370,6 @@ find_address_conf(const char *host, const char *sockhost, const char *user,
{
struct ConfItem *iconf, *kconf;
const char *vuser;
struct sockaddr_in ip4;
/* Find the best I-line... If none, return NULL -A1kmm */
if(!(iconf = find_conf_by_address(host, sockhost, NULL, ip, CONF_CLIENT, aftype, user, auth_user)))
@ -415,14 +420,6 @@ find_address_conf(const char *host, const char *sockhost, const char *user,
return kconf;
}
if(ip != NULL && ip->sa_family == AF_INET6 &&
rb_ipv4_from_ipv6((const struct sockaddr_in6 *)(const void *)ip, &ip4))
{
kconf = find_conf_by_address(NULL, NULL, NULL, (struct sockaddr *)&ip4, CONF_KILL, AF_INET, vuser, NULL);
if(kconf)
return kconf;
}
return iconf;
}