Add an iline flag to match klines by spoof only

include/hostmask.h

@@ -49,8 +49,9 @@ struct ConfItem *find_address_conf(const char *host, const char *sockhost,
 
 struct ConfItem *find_dline(struct sockaddr *, int);
 
-#define find_kline(x)	(find_conf_by_address((x)->host, (x)->sockhost, \
+#define find_kline(x)	((IsConfDoSpoofIp((x)->localClient->att_conf) && IsConfKlineSpoof((x)->localClient->att_conf)) ? \
-			 (x)->orighost, \
+		find_conf_by_address((x)->orighost, NULL, NULL, NULL, CONF_KILL, AF_INET, (x)->username, NULL) : \
+		find_conf_by_address((x)->host, (x)->sockhost, (x)->orighost, \
 			 (struct sockaddr *)&(x)->localClient->ip, CONF_KILL,\
 			 GET_SS_FAMILY(&(x)->localClient->ip), (x)->username, NULL))
 

include/s_conf.h

@@ -112,6 +112,7 @@ struct ConfItem
 #define CONF_FLAGS_EXEMPTDNSBL		0x04000000
 #define CONF_FLAGS_EXEMPTPROXY		0x08000000
 #define CONF_FLAGS_ALLOW_SCTP		0x10000000
+#define CONF_FLAGS_KLINE_SPOOF		0x20000000
 
 
 /* Macros for struct ConfItem */
@@ -136,6 +137,7 @@ struct ConfItem
 #define IsConfExtendChans(x)	((x)->flags & CONF_FLAGS_EXTEND_CHANS)
 #define IsConfSSLNeeded(x)	((x)->flags & CONF_FLAGS_NEED_SSL)
 #define IsConfAllowSCTP(x)	((x)->flags & CONF_FLAGS_ALLOW_SCTP)
+#define IsConfKlineSpoof(x)	((x)->flags & CONF_FLAGS_KLINE_SPOOF)
 
 /* flag definitions for opers now in client.h */
 

ircd/hostmask.c

@@ -383,34 +383,38 @@ find_address_conf(const char *host, const char *sockhost, const char *user,
 	if(IsConfExemptKline(iconf))
 		return iconf;
 
-	/* Find the best K-line... -A1kmm */
-	kconf = find_conf_by_address(host, sockhost, NULL, ip, CONF_KILL, aftype, user, NULL);
-
-	/* If they are K-lined, return the K-line */
-	if(kconf)
-		return kconf;
-
 	/* if theres a spoof, check it against klines.. */
 	if(IsConfDoSpoofIp(iconf))
 	{
 		char *p = strchr(iconf->info.name, '@');
 
 		/* note, we dont need to pass sockhost here, as its
-		 * guaranteed to not match by whats above.. --anfl
+		 * guaranteed to not match by whats below.. --anfl
 		 */
 		if(p)
 		{
 			*p = '\0';
-			kconf = find_conf_by_address(p+1, NULL, NULL, ip, CONF_KILL, aftype, iconf->info.name, NULL);
+			kconf = find_conf_by_address(p+1, NULL, NULL, NULL, CONF_KILL, aftype, iconf->info.name, NULL);
 			*p = '@';
 		}
 		else
-			kconf = find_conf_by_address(iconf->info.name, NULL, NULL, ip, CONF_KILL, aftype, vuser, NULL);
+			kconf = find_conf_by_address(iconf->info.name, NULL, NULL, NULL, CONF_KILL, aftype, vuser, NULL);
 
 		if(kconf)
 			return kconf;
+
+		/* everything else checks real hosts, if they're kline_spoof_ip we're done */
+		if(IsConfKlineSpoof(iconf))
+			return iconf;
 	}
 
+	/* Find the best K-line... -A1kmm */
+	kconf = find_conf_by_address(host, sockhost, NULL, ip, CONF_KILL, aftype, user, NULL);
+
+	/* If they are K-lined, return the K-line */
+	if(kconf)
+		return kconf;
+
 	/* if no_tilde, check the username without tilde against klines too
 	 * -- jilles */
 	if(user != vuser)

ircd/newconf.c

@@ -353,6 +353,7 @@ static struct mode_table auth_table[] = {
 	{"need_sasl",		CONF_FLAGS_NEED_SASL		},
 	{"extend_chans",	CONF_FLAGS_EXTEND_CHANS		},
 	{"allow_sctp",		CONF_FLAGS_ALLOW_SCTP		},
+	{"kline_spoof_ip",	CONF_FLAGS_KLINE_SPOOF		},
 	{NULL, 0}
 };