Merge remote-tracking branch 'ophion/upstream/dnsbl-rename'

This commit is contained in:
Simon Arlott 2020-07-09 20:53:38 +01:00
commit ac09f70838
No known key found for this signature in database
GPG key ID: DF001BFD83E75990
13 changed files with 250 additions and 242 deletions

View file

@ -12,7 +12,7 @@ authd_SOURCES = \
res.c \ res.c \
reslib.c \ reslib.c \
reslist.c \ reslist.c \
providers/blacklist.c \ providers/dnsbl.c \
providers/ident.c \ providers/ident.c \
providers/rdns.c \ providers/rdns.c \
providers/opm.c providers/opm.c

View file

@ -19,7 +19,7 @@
*/ */
/* The basic design here is to have "authentication providers" that do things /* The basic design here is to have "authentication providers" that do things
* like query ident and blacklists and even open proxies. * like query ident and DNSBLs and even open proxies.
* *
* Providers are registered in the auth_providers linked list. It is planned to * Providers are registered in the auth_providers linked list. It is planned to
* use a bitmap to store provider ID's later. * use a bitmap to store provider ID's later.
@ -93,10 +93,10 @@ init_providers(void)
timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1); timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1);
/* FIXME must be started before rdns/ident to receive completion notification from them */ /* FIXME must be started before rdns/ident to receive completion notification from them */
load_provider(&blacklist_provider); load_provider(&dnsbl_provider);
load_provider(&opm_provider); load_provider(&opm_provider);
/* FIXME must be started after blacklist/opm in case of early completion notifications */ /* FIXME must be started after dnsbl/opm in case of early completion notifications */
load_provider(&rdns_provider); load_provider(&rdns_provider);
load_provider(&ident_provider); load_provider(&ident_provider);
} }

View file

@ -105,7 +105,7 @@ struct auth_provider
extern struct auth_provider rdns_provider; extern struct auth_provider rdns_provider;
extern struct auth_provider ident_provider; extern struct auth_provider ident_provider;
extern struct auth_provider blacklist_provider; extern struct auth_provider dnsbl_provider;
extern struct auth_provider opm_provider; extern struct auth_provider opm_provider;
extern rb_dlink_list auth_providers; extern rb_dlink_list auth_providers;

View file

@ -1,6 +1,6 @@
/* /*
* charybdis: A slightly useful ircd. * charybdis: A slightly useful ircd.
* blacklist.c: Manages DNS blacklist entries and lookups * dnsbl.c: Manages DNSBL entries and lookups
* *
* Copyright (C) 2006-2011 charybdis development team * Copyright (C) 2006-2011 charybdis development team
* *
@ -44,7 +44,7 @@
#include "stdinc.h" #include "stdinc.h"
#include "dns.h" #include "dns.h"
#define SELF_PID (blacklist_provider.id) #define SELF_PID (dnsbl_provider.id)
typedef enum filter_t typedef enum filter_t
{ {
@ -52,12 +52,12 @@ typedef enum filter_t
FILTER_LAST = 2, FILTER_LAST = 2,
} filter_t; } filter_t;
/* Blacklist accepted IP types */ /* dnsbl accepted IP types */
#define IPTYPE_IPV4 1 #define IPTYPE_IPV4 1
#define IPTYPE_IPV6 2 #define IPTYPE_IPV6 2
/* A configured DNSBL */ /* A configured DNSBL */
struct blacklist struct dnsbl
{ {
char host[IRCD_RES_HOSTLEN + 1]; char host[IRCD_RES_HOSTLEN + 1];
char reason[BUFSIZE]; /* Reason template (ircd fills in the blanks) */ char reason[BUFSIZE]; /* Reason template (ircd fills in the blanks) */
@ -65,24 +65,24 @@ struct blacklist
rb_dlink_list filters; /* Filters for queries */ rb_dlink_list filters; /* Filters for queries */
bool delete; /* If true delete when no clients */ bool delete; /* If true delete when no clients */
int refcount; /* When 0 and delete is set, remove this blacklist */ int refcount; /* When 0 and delete is set, remove this dnsbl */
unsigned int hits; unsigned int hits;
time_t lastwarning; /* Last warning about garbage replies sent */ time_t lastwarning; /* Last warning about garbage replies sent */
}; };
/* A lookup in progress for a particular DNSBL for a particular client */ /* A lookup in progress for a particular DNSBL for a particular client */
struct blacklist_lookup struct dnsbl_lookup
{ {
struct blacklist *bl; /* Blacklist we're checking */ struct dnsbl *bl; /* dnsbl we're checking */
struct auth_client *auth; /* Client */ struct auth_client *auth; /* Client */
struct dns_query *query; /* DNS query pointer */ struct dns_query *query; /* DNS query pointer */
rb_dlink_node node; rb_dlink_node node;
}; };
/* A blacklist filter */ /* A dnsbl filter */
struct blacklist_filter struct dnsbl_filter
{ {
filter_t type; /* Type of filter */ filter_t type; /* Type of filter */
char filter[HOSTIPLEN]; /* The filter itself */ char filter[HOSTIPLEN]; /* The filter itself */
@ -90,38 +90,38 @@ struct blacklist_filter
rb_dlink_node node; rb_dlink_node node;
}; };
/* Blacklist user data attached to auth_client instance */ /* dnsbl user data attached to auth_client instance */
struct blacklist_user struct dnsbl_user
{ {
bool started; bool started;
rb_dlink_list queries; /* Blacklist queries in flight */ rb_dlink_list queries; /* dnsbl queries in flight */
}; };
/* public interfaces */ /* public interfaces */
static void blacklists_destroy(void); static void dnsbls_destroy(void);
static bool blacklists_start(struct auth_client *); static bool dnsbls_start(struct auth_client *);
static inline void blacklists_generic_cancel(struct auth_client *, const char *); static inline void dnsbls_generic_cancel(struct auth_client *, const char *);
static void blacklists_timeout(struct auth_client *); static void dnsbls_timeout(struct auth_client *);
static void blacklists_cancel(struct auth_client *); static void dnsbls_cancel(struct auth_client *);
static void blacklists_cancel_none(struct auth_client *); static void dnsbls_cancel_none(struct auth_client *);
/* private interfaces */ /* private interfaces */
static void unref_blacklist(struct blacklist *); static void unref_dnsbl(struct dnsbl *);
static struct blacklist *new_blacklist(const char *, const char *, uint8_t, rb_dlink_list *); static struct dnsbl *new_dnsbl(const char *, const char *, uint8_t, rb_dlink_list *);
static struct blacklist *find_blacklist(const char *); static struct dnsbl *find_dnsbl(const char *);
static bool blacklist_check_reply(struct blacklist_lookup *, const char *); static bool dnsbl_check_reply(struct dnsbl_lookup *, const char *);
static void blacklist_dns_callback(const char *, bool, query_type, void *); static void dnsbl_dns_callback(const char *, bool, query_type, void *);
static void initiate_blacklist_dnsquery(struct blacklist *, struct auth_client *); static void initiate_dnsbl_dnsquery(struct dnsbl *, struct auth_client *);
/* Variables */ /* Variables */
static rb_dlink_list blacklist_list = { NULL, NULL, 0 }; static rb_dlink_list dnsbl_list = { NULL, NULL, 0 };
static int blacklist_timeout = BLACKLIST_TIMEOUT_DEFAULT; static int dnsbl_timeout = DNSBL_TIMEOUT_DEFAULT;
/* private interfaces */ /* private interfaces */
static void static void
unref_blacklist(struct blacklist *bl) unref_dnsbl(struct dnsbl *bl)
{ {
rb_dlink_node *ptr, *nptr; rb_dlink_node *ptr, *nptr;
@ -134,23 +134,23 @@ unref_blacklist(struct blacklist *bl)
rb_free(ptr); rb_free(ptr);
} }
rb_dlinkFindDestroy(bl, &blacklist_list); rb_dlinkFindDestroy(bl, &dnsbl_list);
rb_free(bl); rb_free(bl);
} }
} }
static struct blacklist * static struct dnsbl *
new_blacklist(const char *name, const char *reason, uint8_t iptype, rb_dlink_list *filters) new_dnsbl(const char *name, const char *reason, uint8_t iptype, rb_dlink_list *filters)
{ {
struct blacklist *bl; struct dnsbl *bl;
if (name == NULL || reason == NULL || iptype == 0) if (name == NULL || reason == NULL || iptype == 0)
return NULL; return NULL;
if((bl = find_blacklist(name)) == NULL) if((bl = find_dnsbl(name)) == NULL)
{ {
bl = rb_malloc(sizeof(struct blacklist)); bl = rb_malloc(sizeof(struct dnsbl));
rb_dlinkAddAlloc(bl, &blacklist_list); rb_dlinkAddAlloc(bl, &dnsbl_list);
} }
else else
bl->delete = false; bl->delete = false;
@ -166,14 +166,14 @@ new_blacklist(const char *name, const char *reason, uint8_t iptype, rb_dlink_lis
return bl; return bl;
} }
static struct blacklist * static struct dnsbl *
find_blacklist(const char *name) find_dnsbl(const char *name)
{ {
rb_dlink_node *ptr; rb_dlink_node *ptr;
RB_DLINK_FOREACH(ptr, blacklist_list.head) RB_DLINK_FOREACH(ptr, dnsbl_list.head)
{ {
struct blacklist *bl = (struct blacklist *)ptr->data; struct dnsbl *bl = (struct dnsbl *)ptr->data;
if (!strcasecmp(bl->host, name)) if (!strcasecmp(bl->host, name))
return bl; return bl;
@ -183,9 +183,9 @@ find_blacklist(const char *name)
} }
static inline bool static inline bool
blacklist_check_reply(struct blacklist_lookup *bllookup, const char *ipaddr) dnsbl_check_reply(struct dnsbl_lookup *bllookup, const char *ipaddr)
{ {
struct blacklist *bl = bllookup->bl; struct dnsbl *bl = bllookup->bl;
const char *lastoctet; const char *lastoctet;
rb_dlink_node *ptr; rb_dlink_node *ptr;
@ -199,7 +199,7 @@ blacklist_check_reply(struct blacklist_lookup *bllookup, const char *ipaddr)
RB_DLINK_FOREACH(ptr, bl->filters.head) RB_DLINK_FOREACH(ptr, bl->filters.head)
{ {
struct blacklist_filter *filter = ptr->data; struct dnsbl_filter *filter = ptr->data;
const char *cmpstr; const char *cmpstr;
if (filter->type == FILTER_ALL) if (filter->type == FILTER_ALL)
@ -208,7 +208,7 @@ blacklist_check_reply(struct blacklist_lookup *bllookup, const char *ipaddr)
cmpstr = lastoctet; cmpstr = lastoctet;
else else
{ {
warn_opers(L_CRIT, "Blacklist: Unknown blacklist filter type (host %s): %d", warn_opers(L_CRIT, "dnsbl: Unknown dnsbl filter type (host %s): %d",
bl->host, filter->type); bl->host, filter->type);
exit(EX_PROVIDER_ERROR); exit(EX_PROVIDER_ERROR);
} }
@ -222,7 +222,7 @@ blacklist_check_reply(struct blacklist_lookup *bllookup, const char *ipaddr)
blwarn: blwarn:
if (bl->lastwarning + 3600 < rb_current_time()) if (bl->lastwarning + 3600 < rb_current_time())
{ {
warn_opers(L_WARN, "Garbage/undecipherable reply received from blacklist %s (reply %s)", warn_opers(L_WARN, "Garbage/undecipherable reply received from dnsbl %s (reply %s)",
bl->host, ipaddr); bl->host, ipaddr);
bl->lastwarning = rb_current_time(); bl->lastwarning = rb_current_time();
} }
@ -231,11 +231,11 @@ blwarn:
} }
static void static void
blacklist_dns_callback(const char *result, bool status, query_type type, void *data) dnsbl_dns_callback(const char *result, bool status, query_type type, void *data)
{ {
struct blacklist_lookup *bllookup = (struct blacklist_lookup *)data; struct dnsbl_lookup *bllookup = (struct dnsbl_lookup *)data;
struct blacklist_user *bluser; struct dnsbl_user *bluser;
struct blacklist *bl; struct dnsbl *bl;
struct auth_client *auth; struct auth_client *auth;
lrb_assert(bllookup != NULL); lrb_assert(bllookup != NULL);
@ -247,16 +247,16 @@ blacklist_dns_callback(const char *result, bool status, query_type type, void *d
if((bluser = get_provider_data(auth, SELF_PID)) == NULL) if((bluser = get_provider_data(auth, SELF_PID)) == NULL)
return; return;
if (result != NULL && status && blacklist_check_reply(bllookup, result)) if (result != NULL && status && dnsbl_check_reply(bllookup, result))
{ {
/* Match found, so proceed no further */ /* Match found, so proceed no further */
bl->hits++; bl->hits++;
reject_client(auth, SELF_PID, bl->host, bl->reason); reject_client(auth, SELF_PID, bl->host, bl->reason);
blacklists_cancel(auth); dnsbls_cancel(auth);
return; return;
} }
unref_blacklist(bl); unref_dnsbl(bl);
cancel_query(bllookup->query); /* Ignore future responses */ cancel_query(bllookup->query); /* Ignore future responses */
rb_dlinkDelete(&bllookup->node, &bluser->queries); rb_dlinkDelete(&bllookup->node, &bluser->queries);
rb_free(bllookup); rb_free(bllookup);
@ -264,8 +264,7 @@ blacklist_dns_callback(const char *result, bool status, query_type type, void *d
if(!rb_dlink_list_length(&bluser->queries)) if(!rb_dlink_list_length(&bluser->queries))
{ {
/* Done here */ /* Done here */
notice_client(auth->cid, "*** IP not found in DNS blacklist%s", notice_client(auth->cid, "*** No DNSBL entry found for this IP");
rb_dlink_list_length(&blacklist_list) > 1 ? "s" : "");
rb_free(bluser); rb_free(bluser);
set_provider_data(auth, SELF_PID, NULL); set_provider_data(auth, SELF_PID, NULL);
set_provider_timeout_absolute(auth, SELF_PID, 0); set_provider_timeout_absolute(auth, SELF_PID, 0);
@ -276,10 +275,10 @@ blacklist_dns_callback(const char *result, bool status, query_type type, void *d
} }
static void static void
initiate_blacklist_dnsquery(struct blacklist *bl, struct auth_client *auth) initiate_dnsbl_dnsquery(struct dnsbl *bl, struct auth_client *auth)
{ {
struct blacklist_lookup *bllookup = rb_malloc(sizeof(struct blacklist_lookup)); struct dnsbl_lookup *bllookup = rb_malloc(sizeof(struct dnsbl_lookup));
struct blacklist_user *bluser = get_provider_data(auth, SELF_PID); struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
char buf[IRCD_RES_HOSTLEN + 1]; char buf[IRCD_RES_HOSTLEN + 1];
int aftype; int aftype;
@ -289,23 +288,23 @@ initiate_blacklist_dnsquery(struct blacklist *bl, struct auth_client *auth)
aftype = GET_SS_FAMILY(&auth->c_addr); aftype = GET_SS_FAMILY(&auth->c_addr);
if((aftype == AF_INET && (bl->iptype & IPTYPE_IPV4) == 0) || if((aftype == AF_INET && (bl->iptype & IPTYPE_IPV4) == 0) ||
(aftype == AF_INET6 && (bl->iptype & IPTYPE_IPV6) == 0)) (aftype == AF_INET6 && (bl->iptype & IPTYPE_IPV6) == 0))
/* Incorrect blacklist type for this IP... */ /* Incorrect dnsbl type for this IP... */
{ {
rb_free(bllookup); rb_free(bllookup);
return; return;
} }
build_rdns(buf, sizeof(buf), &auth->c_addr, bl->host); build_rdns(buf, sizeof(buf), &auth->c_addr, bl->host);
bllookup->query = lookup_ip(buf, AF_INET, blacklist_dns_callback, bllookup); bllookup->query = lookup_ip(buf, AF_INET, dnsbl_dns_callback, bllookup);
rb_dlinkAdd(bllookup, &bllookup->node, &bluser->queries); rb_dlinkAdd(bllookup, &bllookup->node, &bluser->queries);
bl->refcount++; bl->refcount++;
} }
static inline bool static inline bool
lookup_all_blacklists(struct auth_client *auth) lookup_all_dnsbls(struct auth_client *auth)
{ {
struct blacklist_user *bluser = get_provider_data(auth, SELF_PID); struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
rb_dlink_node *ptr; rb_dlink_node *ptr;
int iptype; int iptype;
@ -317,56 +316,55 @@ lookup_all_blacklists(struct auth_client *auth)
return false; return false;
bluser->started = true; bluser->started = true;
notice_client(auth->cid, "*** Checking your IP against DNS blacklist%s", notice_client(auth->cid, "*** Checking your IP against DNSBLs");
rb_dlink_list_length(&blacklist_list) > 1 ? "s" : "");
RB_DLINK_FOREACH(ptr, blacklist_list.head) RB_DLINK_FOREACH(ptr, dnsbl_list.head)
{ {
struct blacklist *bl = (struct blacklist *)ptr->data; struct dnsbl *bl = (struct dnsbl *)ptr->data;
if (!bl->delete && (bl->iptype & iptype)) if (!bl->delete && (bl->iptype & iptype))
initiate_blacklist_dnsquery(bl, auth); initiate_dnsbl_dnsquery(bl, auth);
} }
if(!rb_dlink_list_length(&bluser->queries)) if(!rb_dlink_list_length(&bluser->queries))
/* None checked. */ /* None checked. */
return false; return false;
set_provider_timeout_relative(auth, SELF_PID, blacklist_timeout); set_provider_timeout_relative(auth, SELF_PID, dnsbl_timeout);
return true; return true;
} }
static inline void static inline void
delete_blacklist(struct blacklist *bl) delete_dnsbl(struct dnsbl *bl)
{ {
if (bl->refcount > 0) if (bl->refcount > 0)
bl->delete = true; bl->delete = true;
else else
{ {
rb_dlinkFindDestroy(bl, &blacklist_list); rb_dlinkFindDestroy(bl, &dnsbl_list);
rb_free(bl); rb_free(bl);
} }
} }
static void static void
delete_all_blacklists(void) delete_all_dnsbls(void)
{ {
rb_dlink_node *ptr, *nptr; rb_dlink_node *ptr, *nptr;
RB_DLINK_FOREACH_SAFE(ptr, nptr, blacklist_list.head) RB_DLINK_FOREACH_SAFE(ptr, nptr, dnsbl_list.head)
{ {
delete_blacklist(ptr->data); delete_dnsbl(ptr->data);
} }
} }
/* public interfaces */ /* public interfaces */
static bool static bool
blacklists_start(struct auth_client *auth) dnsbls_start(struct auth_client *auth)
{ {
lrb_assert(get_provider_data(auth, SELF_PID) == NULL); lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
if (!rb_dlink_list_length(&blacklist_list)) { if (!rb_dlink_list_length(&dnsbl_list)) {
/* Nothing to do... */ /* Nothing to do... */
provider_done(auth, SELF_PID); provider_done(auth, SELF_PID);
return true; return true;
@ -374,12 +372,12 @@ blacklists_start(struct auth_client *auth)
auth_client_ref(auth); auth_client_ref(auth);
set_provider_data(auth, SELF_PID, rb_malloc(sizeof(struct blacklist_user))); set_provider_data(auth, SELF_PID, rb_malloc(sizeof(struct dnsbl_user)));
if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) { if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
/* Start the lookup if ident and rdns are finished, or not loaded. */ /* Start the lookup if ident and rdns are finished, or not loaded. */
if (!lookup_all_blacklists(auth)) { if (!lookup_all_dnsbls(auth)) {
blacklists_cancel_none(auth); dnsbls_cancel_none(auth);
return true; return true;
} }
} }
@ -389,30 +387,30 @@ blacklists_start(struct auth_client *auth)
/* This is called every time a provider is completed as long as we are marked not done */ /* This is called every time a provider is completed as long as we are marked not done */
static void static void
blacklists_initiate(struct auth_client *auth, uint32_t provider) dnsbls_initiate(struct auth_client *auth, uint32_t provider)
{ {
struct blacklist_user *bluser = get_provider_data(auth, SELF_PID); struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
lrb_assert(provider != SELF_PID); lrb_assert(provider != SELF_PID);
lrb_assert(!is_provider_done(auth, SELF_PID)); lrb_assert(!is_provider_done(auth, SELF_PID));
lrb_assert(rb_dlink_list_length(&blacklist_list) > 0); lrb_assert(rb_dlink_list_length(&dnsbl_list) > 0);
if (bluser == NULL || bluser->started) { if (bluser == NULL || bluser->started) {
/* Nothing to do */ /* Nothing to do */
return; return;
} else if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) { } else if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
/* Start the lookup if ident and rdns are finished, or not loaded. */ /* Start the lookup if ident and rdns are finished, or not loaded. */
if (!lookup_all_blacklists(auth)) { if (!lookup_all_dnsbls(auth)) {
blacklists_cancel_none(auth); dnsbls_cancel_none(auth);
} }
} }
} }
static inline void static inline void
blacklists_generic_cancel(struct auth_client *auth, const char *message) dnsbls_generic_cancel(struct auth_client *auth, const char *message)
{ {
rb_dlink_node *ptr, *nptr; rb_dlink_node *ptr, *nptr;
struct blacklist_user *bluser = get_provider_data(auth, SELF_PID); struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
if(bluser == NULL) if(bluser == NULL)
return; return;
@ -423,10 +421,10 @@ blacklists_generic_cancel(struct auth_client *auth, const char *message)
RB_DLINK_FOREACH_SAFE(ptr, nptr, bluser->queries.head) RB_DLINK_FOREACH_SAFE(ptr, nptr, bluser->queries.head)
{ {
struct blacklist_lookup *bllookup = ptr->data; struct dnsbl_lookup *bllookup = ptr->data;
cancel_query(bllookup->query); cancel_query(bllookup->query);
unref_blacklist(bllookup->bl); unref_dnsbl(bllookup->bl);
rb_dlinkDelete(&bllookup->node, &bluser->queries); rb_dlinkDelete(&bllookup->node, &bluser->queries);
rb_free(bllookup); rb_free(bllookup);
@ -442,40 +440,40 @@ blacklists_generic_cancel(struct auth_client *auth, const char *message)
} }
static void static void
blacklists_timeout(struct auth_client *auth) dnsbls_timeout(struct auth_client *auth)
{ {
blacklists_generic_cancel(auth, "*** No response from DNS blacklists"); dnsbls_generic_cancel(auth, "*** No response from DNSBLs");
} }
static void static void
blacklists_cancel(struct auth_client *auth) dnsbls_cancel(struct auth_client *auth)
{ {
blacklists_generic_cancel(auth, "*** Aborting DNS blacklist checks"); dnsbls_generic_cancel(auth, "*** Aborting DNSBL checks");
} }
static void static void
blacklists_cancel_none(struct auth_client *auth) dnsbls_cancel_none(struct auth_client *auth)
{ {
blacklists_generic_cancel(auth, "*** Could not check DNS blacklists"); dnsbls_generic_cancel(auth, "*** Could not check DNSBLs");
} }
static void static void
blacklists_destroy(void) dnsbls_destroy(void)
{ {
rb_dictionary_iter iter; rb_dictionary_iter iter;
struct auth_client *auth; struct auth_client *auth;
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients) RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{ {
blacklists_cancel(auth); dnsbls_cancel(auth);
/* auth is now invalid as we have no reference */ /* auth is now invalid as we have no reference */
} }
delete_all_blacklists(); delete_all_dnsbls();
} }
static void static void
add_conf_blacklist(const char *key, int parc, const char **parv) add_conf_dnsbl(const char *key, int parc, const char **parv)
{ {
rb_dlink_list filters = { NULL, NULL, 0 }; rb_dlink_list filters = { NULL, NULL, 0 };
char *tmp, *elemlist = rb_strdup(parv[2]); char *tmp, *elemlist = rb_strdup(parv[2]);
@ -486,18 +484,18 @@ add_conf_blacklist(const char *key, int parc, const char **parv)
for(char *elem = rb_strtok_r(elemlist, ",", &tmp); elem; elem = rb_strtok_r(NULL, ",", &tmp)) for(char *elem = rb_strtok_r(elemlist, ",", &tmp); elem; elem = rb_strtok_r(NULL, ",", &tmp))
{ {
struct blacklist_filter *filter = rb_malloc(sizeof(struct blacklist_filter)); struct dnsbl_filter *filter = rb_malloc(sizeof(struct dnsbl_filter));
int dot_c = 0; int dot_c = 0;
filter_t type = FILTER_LAST; filter_t type = FILTER_LAST;
/* Check blacklist filter type and for validity */ /* Check dnsbl filter type and for validity */
for(char *c = elem; *c != '\0'; c++) for(char *c = elem; *c != '\0'; c++)
{ {
if(*c == '.') if(*c == '.')
{ {
if(++dot_c > 3) if(++dot_c > 3)
{ {
warn_opers(L_CRIT, "Blacklist: addr_conf_blacklist got a bad filter (too many octets)"); warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (too many octets)");
exit(EX_PROVIDER_ERROR); exit(EX_PROVIDER_ERROR);
} }
@ -505,7 +503,7 @@ add_conf_blacklist(const char *key, int parc, const char **parv)
} }
else if(!isdigit(*c)) else if(!isdigit(*c))
{ {
warn_opers(L_CRIT, "Blacklist: addr_conf_blacklist got a bad filter (invalid character in blacklist filter: %c)", warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (invalid character in dnsbl filter: %c)",
*c); *c);
exit(EX_PROVIDER_ERROR); exit(EX_PROVIDER_ERROR);
} }
@ -513,7 +511,7 @@ add_conf_blacklist(const char *key, int parc, const char **parv)
if(dot_c > 0 && dot_c < 3) if(dot_c > 0 && dot_c < 3)
{ {
warn_opers(L_CRIT, "Blacklist: addr_conf_blacklist got a bad filter (insufficient octets)"); warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (insufficient octets)");
exit(EX_PROVIDER_ERROR); exit(EX_PROVIDER_ERROR);
} }
@ -526,56 +524,56 @@ end:
rb_free(elemlist); rb_free(elemlist);
iptype = atoi(parv[1]) & 0x3; iptype = atoi(parv[1]) & 0x3;
if(new_blacklist(parv[0], parv[3], iptype, &filters) == NULL) if(new_dnsbl(parv[0], parv[3], iptype, &filters) == NULL)
{ {
warn_opers(L_CRIT, "Blacklist: addr_conf_blacklist got a malformed blacklist"); warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a malformed dnsbl");
exit(EX_PROVIDER_ERROR); exit(EX_PROVIDER_ERROR);
} }
} }
static void static void
del_conf_blacklist(const char *key, int parc, const char **parv) del_conf_dnsbl(const char *key, int parc, const char **parv)
{ {
struct blacklist *bl = find_blacklist(parv[0]); struct dnsbl *bl = find_dnsbl(parv[0]);
if(bl == NULL) if(bl == NULL)
{ {
/* Not fatal for now... */ /* Not fatal for now... */
warn_opers(L_WARN, "Blacklist: tried to remove nonexistent blacklist %s", parv[0]); warn_opers(L_WARN, "dnsbl: tried to remove nonexistent dnsbl %s", parv[0]);
return; return;
} }
delete_blacklist(bl); delete_dnsbl(bl);
} }
static void static void
del_conf_blacklist_all(const char *key, int parc, const char **parv) del_conf_dnsbl_all(const char *key, int parc, const char **parv)
{ {
delete_all_blacklists(); delete_all_dnsbls();
} }
static void static void
add_conf_blacklist_timeout(const char *key, int parc, const char **parv) add_conf_dnsbl_timeout(const char *key, int parc, const char **parv)
{ {
int timeout = atoi(parv[0]); int timeout = atoi(parv[0]);
if(timeout < 0) if(timeout < 0)
{ {
warn_opers(L_CRIT, "Blacklist: blacklist timeout < 0 (value: %d)", timeout); warn_opers(L_CRIT, "dnsbl: dnsbl timeout < 0 (value: %d)", timeout);
exit(EX_PROVIDER_ERROR); exit(EX_PROVIDER_ERROR);
} }
blacklist_timeout = timeout; dnsbl_timeout = timeout;
} }
#if 0 #if 0
static void static void
blacklist_stats(uint32_t rid, char letter) dnsbl_stats(uint32_t rid, char letter)
{ {
rb_dlink_node *ptr; rb_dlink_node *ptr;
RB_DLINK_FOREACH(ptr, blacklist_list.head) RB_DLINK_FOREACH(ptr, dnsbl_list.head)
{ {
struct blacklist *bl = ptr->data; struct dnsbl *bl = ptr->data;
if(bl->delete) if(bl->delete)
continue; continue;
@ -587,24 +585,24 @@ blacklist_stats(uint32_t rid, char letter)
} }
#endif #endif
struct auth_opts_handler blacklist_options[] = struct auth_opts_handler dnsbl_options[] =
{ {
{ "rbl", 4, add_conf_blacklist }, { "rbl", 4, add_conf_dnsbl },
{ "rbl_del", 1, del_conf_blacklist }, { "rbl_del", 1, del_conf_dnsbl },
{ "rbl_del_all", 0, del_conf_blacklist_all }, { "rbl_del_all", 0, del_conf_dnsbl_all },
{ "rbl_timeout", 1, add_conf_blacklist_timeout }, { "rbl_timeout", 1, add_conf_dnsbl_timeout },
{ NULL, 0, NULL }, { NULL, 0, NULL },
}; };
struct auth_provider blacklist_provider = struct auth_provider dnsbl_provider =
{ {
.name = "blacklist", .name = "dnsbl",
.letter = 'B', .letter = 'B',
.destroy = blacklists_destroy, .destroy = dnsbls_destroy,
.start = blacklists_start, .start = dnsbls_start,
.cancel = blacklists_cancel, .cancel = dnsbls_cancel,
.timeout = blacklists_timeout, .timeout = dnsbls_timeout,
.completed = blacklists_initiate, .completed = dnsbls_initiate,
.opt_handlers = blacklist_options, .opt_handlers = dnsbl_options,
/* .stats_handler = { 'B', blacklist_stats }, */ /* .stats_handler = { 'B', dnsbl_stats }, */
}; };

View file

@ -384,14 +384,14 @@ serverhide {
disable_hidden = no; disable_hidden = no;
}; };
/* These are the blacklist settings. /* These are the DNSBL settings.
* You can have multiple combinations of host and rejection reasons. * You can have multiple combinations of host and rejection reasons.
* They are used in pairs of one host/rejection reason. * They are used in pairs of one host/rejection reason.
* *
* These settings should be adequate for most networks. * The default settings should be adequate for most networks.
* *
* Word to the wise: Do not use blacklists like SPEWS for blocking IRC * It is not recommended to use DNSBL services designed for e-mail spam
* connections. * prevention, such as SPEWS for blocking IRC connections.
* *
* As of charybdis 2.2, you can do some keyword substitution on the rejection * As of charybdis 2.2, you can do some keyword substitution on the rejection
* reason. The available keyword substitutions are: * reason. The available keyword substitutions are:
@ -411,13 +411,13 @@ serverhide {
* is considered a match. If included, a comma-separated list of *quoted* * is considered a match. If included, a comma-separated list of *quoted*
* strings is allowed to match queries. They may be of the format "0" to "255" * strings is allowed to match queries. They may be of the format "0" to "255"
* to match the final octet (e.g. 127.0.0.1) or "127.x.y.z" to explicitly match * to match the final octet (e.g. 127.0.0.1) or "127.x.y.z" to explicitly match
* an A record. The blacklist is only applied if it matches anything in the * an A record. The DNSBL match is only applied if it matches anything in the
* list. You may freely mix full IP's and final octets. * list. You may freely mix full IP's and final octets.
* *
* Consult your blacklist provider for the meaning of these parameters; they * Consult your DNSBL provider for the meaning of these parameters; they
* are usually used to denote different ban types. * are usually used to denote different block reasons.
*/ */
blacklist { dnsbl {
host = "rbl.efnetrbl.org"; host = "rbl.efnetrbl.org";
type = ipv4; type = ipv4;
reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}"; reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";

View file

@ -30,7 +30,7 @@
#include "rb_dictionary.h" #include "rb_dictionary.h"
#include "client.h" #include "client.h"
struct BlacklistStats struct DNSBLEntryStats
{ {
char *host; char *host;
uint8_t iptype; uint8_t iptype;
@ -60,7 +60,7 @@ enum
extern rb_helper *authd_helper; extern rb_helper *authd_helper;
extern rb_dictionary *bl_stats; extern rb_dictionary *dnsbl_stats;
extern rb_dlink_list opm_list; extern rb_dlink_list opm_list;
extern struct OPMListener opm_listeners[LISTEN_LAST]; extern struct OPMListener opm_listeners[LISTEN_LAST];
@ -76,9 +76,9 @@ void authd_accept_client(struct Client *client_p, const char *ident, const char
void authd_reject_client(struct Client *client_p, const char *ident, const char *host, char cause, const char *data, const char *reason); void authd_reject_client(struct Client *client_p, const char *ident, const char *host, char cause, const char *data, const char *reason);
void authd_abort_client(struct Client *); void authd_abort_client(struct Client *);
void add_blacklist(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters); void add_dnsbl_entry(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters);
void del_blacklist(const char *host); void del_dnsbl_entry(const char *host);
void del_blacklist_all(void); void del_dnsbl_entry_all(void);
bool set_authd_timeout(const char *key, int timeout); bool set_authd_timeout(const char *key, int timeout);
void ident_check_enable(bool enabled); void ident_check_enable(bool enabled);

View file

@ -36,9 +36,6 @@
#include "ircd.h" #include "ircd.h"
#include "privilege.h" #include "privilege.h"
/* other structs */
struct Blacklist;
/* we store ipv6 ips for remote clients, so this needs to be v6 always */ /* we store ipv6 ips for remote clients, so this needs to be v6 always */
#define HOSTIPLEN 53 /* sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255.ipv6") */ #define HOSTIPLEN 53 /* sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255.ipv6") */
#define PASSWDLEN 128 #define PASSWDLEN 128

View file

@ -77,7 +77,7 @@ extern const char *ircd_paths[IRCD_PATH_COUNT];
#define LINKS_DELAY_DEFAULT 300 #define LINKS_DELAY_DEFAULT 300
#define MAX_TARGETS_DEFAULT 4 /* default for max_targets */ #define MAX_TARGETS_DEFAULT 4 /* default for max_targets */
#define IDENT_TIMEOUT_DEFAULT 5 #define IDENT_TIMEOUT_DEFAULT 5
#define BLACKLIST_TIMEOUT_DEFAULT 10 #define DNSBL_TIMEOUT_DEFAULT 10
#define OPM_TIMEOUT_DEFAULT 10 #define OPM_TIMEOUT_DEFAULT 10
#define RDNS_TIMEOUT_DEFAULT 5 #define RDNS_TIMEOUT_DEFAULT 5
#define MIN_JOIN_LEAVE_TIME 60 #define MIN_JOIN_LEAVE_TIME 60

View file

@ -67,7 +67,7 @@ uint32_t cid;
static rb_dictionary *cid_clients; static rb_dictionary *cid_clients;
static struct ev_entry *timeout_ev; static struct ev_entry *timeout_ev;
rb_dictionary *bl_stats; rb_dictionary *dnsbl_stats;
rb_dlink_list opm_list; rb_dlink_list opm_list;
struct OPMListener opm_listeners[LISTEN_LAST]; struct OPMListener opm_listeners[LISTEN_LAST];
@ -581,17 +581,17 @@ timeout_dead_authd_clients(void *notused __unused)
} }
} }
/* Send a new blacklist to authd */ /* Send a new DNSBL entry to authd */
void void
add_blacklist(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters) add_dnsbl_entry(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters)
{ {
rb_dlink_node *ptr; rb_dlink_node *ptr;
struct BlacklistStats *stats = rb_malloc(sizeof(struct BlacklistStats)); struct DNSBLEntryStats *stats = rb_malloc(sizeof(*stats));
char filterbuf[BUFSIZE] = "*"; char filterbuf[BUFSIZE] = "*";
size_t s = 0; size_t s = 0;
if(bl_stats == NULL) if(dnsbl_stats == NULL)
bl_stats = rb_dictionary_create("blacklist statistics", rb_strcasecmp); dnsbl_stats = rb_dictionary_create("dnsbl statistics", rb_strcasecmp);
/* Build a list of comma-separated values for authd. /* Build a list of comma-separated values for authd.
* We don't check for validity - do it elsewhere. * We don't check for validity - do it elsewhere.
@ -615,19 +615,19 @@ add_blacklist(const char *host, const char *reason, uint8_t iptype, rb_dlink_lis
stats->host = rb_strdup(host); stats->host = rb_strdup(host);
stats->iptype = iptype; stats->iptype = iptype;
stats->hits = 0; stats->hits = 0;
rb_dictionary_add(bl_stats, stats->host, stats); rb_dictionary_add(dnsbl_stats, stats->host, stats);
rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason); rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason);
} }
/* Delete a blacklist */ /* Delete a DNSBL entry. */
void void
del_blacklist(const char *host) del_dnsbl_entry(const char *host)
{ {
struct BlacklistStats *stats = rb_dictionary_retrieve(bl_stats, host); struct DNSBLEntryStats *stats = rb_dictionary_retrieve(dnsbl_stats, host);
if(stats != NULL) if(stats != NULL)
{ {
rb_dictionary_delete(bl_stats, host); rb_dictionary_delete(dnsbl_stats, host);
rb_free(stats->host); rb_free(stats->host);
rb_free(stats); rb_free(stats);
} }
@ -636,21 +636,21 @@ del_blacklist(const char *host)
} }
static void static void
blacklist_delete(rb_dictionary_element *delem, void *unused) dnsbl_delete_elem(rb_dictionary_element *delem, void *unused)
{ {
struct BlacklistStats *stats = delem->data; struct DNSBLEntryStats *stats = delem->data;
rb_free(stats->host); rb_free(stats->host);
rb_free(stats); rb_free(stats);
} }
/* Delete all the blacklists */ /* Delete all the DNSBL entries. */
void void
del_blacklist_all(void) del_dnsbl_entry_all(void)
{ {
if(bl_stats != NULL) if(dnsbl_stats != NULL)
rb_dictionary_destroy(bl_stats, blacklist_delete, NULL); rb_dictionary_destroy(dnsbl_stats, dnsbl_delete_elem, NULL);
bl_stats = NULL; dnsbl_stats = NULL;
rb_helper_write(authd_helper, "O rbl_del_all"); rb_helper_write(authd_helper, "O rbl_del_all");
} }

View file

@ -55,10 +55,10 @@ static struct oper_conf *yy_oper = NULL;
static struct alias_entry *yy_alias = NULL; static struct alias_entry *yy_alias = NULL;
static char *yy_blacklist_host = NULL; static char *yy_dnsbl_entry_host = NULL;
static char *yy_blacklist_reason = NULL; static char *yy_dnsbl_entry_reason = NULL;
static uint8_t yy_blacklist_iptype = 0; static uint8_t yy_dnsbl_entry_iptype = 0;
static rb_dlink_list yy_blacklist_filters = { NULL, NULL, 0 }; static rb_dlink_list yy_dnsbl_entry_filters = { NULL, NULL, 0 };
static char *yy_opm_address_ipv4 = NULL; static char *yy_opm_address_ipv4 = NULL;
static char *yy_opm_address_ipv6 = NULL; static char *yy_opm_address_ipv6 = NULL;
@ -1903,57 +1903,64 @@ conf_set_channel_autochanmodes(void *data)
} }
/* XXX for below */ /* XXX for below */
static void conf_set_blacklist_reason(void *data); static void conf_set_dnsbl_entry_reason(void *data);
#define IPTYPE_IPV4 1 #define IPTYPE_IPV4 1
#define IPTYPE_IPV6 2 #define IPTYPE_IPV6 2
static int
conf_warn_blacklist_deprecation(struct TopConf *tc)
{
conf_report_error("blacklist{} blocks have been deprecated -- use dnsbl{} blocks instead.");
return 0;
}
static void static void
conf_set_blacklist_host(void *data) conf_set_dnsbl_entry_host(void *data)
{ {
if (yy_blacklist_host) if (yy_dnsbl_entry_host)
{ {
conf_report_error("blacklist::host %s overlaps existing host %s", conf_report_error("dnsbl::host %s overlaps existing host %s",
(char *)data, yy_blacklist_host); (char *)data, yy_dnsbl_entry_host);
/* Cleanup */ /* Cleanup */
conf_set_blacklist_reason(NULL); conf_set_dnsbl_entry_reason(NULL);
return; return;
} }
yy_blacklist_iptype |= IPTYPE_IPV4; yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
yy_blacklist_host = rb_strdup(data); yy_dnsbl_entry_host = rb_strdup(data);
} }
static void static void
conf_set_blacklist_type(void *data) conf_set_dnsbl_entry_type(void *data)
{ {
conf_parm_t *args = data; conf_parm_t *args = data;
/* Don't assume we have either if we got here */ /* Don't assume we have either if we got here */
yy_blacklist_iptype = 0; yy_dnsbl_entry_iptype = 0;
for (; args; args = args->next) for (; args; args = args->next)
{ {
if (!rb_strcasecmp(args->v.string, "ipv4")) if (!rb_strcasecmp(args->v.string, "ipv4"))
yy_blacklist_iptype |= IPTYPE_IPV4; yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
else if (!rb_strcasecmp(args->v.string, "ipv6")) else if (!rb_strcasecmp(args->v.string, "ipv6"))
yy_blacklist_iptype |= IPTYPE_IPV6; yy_dnsbl_entry_iptype |= IPTYPE_IPV6;
else else
conf_report_error("blacklist::type has unknown address family %s", conf_report_error("dnsbl::type has unknown address family %s",
args->v.string); args->v.string);
} }
/* If we have neither, just default to IPv4 */ /* If we have neither, just default to IPv4 */
if (!yy_blacklist_iptype) if (!yy_dnsbl_entry_iptype)
{ {
conf_report_warning("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)"); conf_report_warning("dnsbl::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
yy_blacklist_iptype = IPTYPE_IPV4; yy_dnsbl_entry_iptype = IPTYPE_IPV4;
} }
} }
static void static void
conf_set_blacklist_matches(void *data) conf_set_dnsbl_entry_matches(void *data)
{ {
conf_parm_t *args = data; conf_parm_t *args = data;
enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST }; enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST };
@ -1966,19 +1973,19 @@ conf_set_blacklist_matches(void *data)
if (CF_TYPE(args->type) != CF_QSTRING) if (CF_TYPE(args->type) != CF_QSTRING)
{ {
conf_report_error("blacklist::matches -- must be quoted string"); conf_report_error("dnsbl::matches -- must be quoted string");
continue; continue;
} }
if (str == NULL) if (str == NULL)
{ {
conf_report_error("blacklist::matches -- invalid entry"); conf_report_error("dnsbl::matches -- invalid entry");
continue; continue;
} }
if (strlen(str) > HOSTIPLEN) if (strlen(str) > HOSTIPLEN)
{ {
conf_report_error("blacklist::matches has an entry too long: %s", conf_report_error("dnsbl::matches has an entry too long: %s",
str); str);
continue; continue;
} }
@ -1990,7 +1997,7 @@ conf_set_blacklist_matches(void *data)
type = FILTER_ALL; type = FILTER_ALL;
else if (!isdigit((unsigned char)*p)) else if (!isdigit((unsigned char)*p))
{ {
conf_report_error("blacklist::matches has invalid IP match entry %s", conf_report_error("dnsbl::matches has invalid IP match entry %s",
str); str);
type = FILTER_NONE; type = FILTER_NONE;
break; break;
@ -2003,7 +2010,7 @@ conf_set_blacklist_matches(void *data)
struct rb_sockaddr_storage tmp; struct rb_sockaddr_storage tmp;
if (rb_inet_pton(AF_INET, str, &tmp) <= 0) if (rb_inet_pton(AF_INET, str, &tmp) <= 0)
{ {
conf_report_error("blacklist::matches has invalid IP match entry %s", conf_report_error("dnsbl::matches has invalid IP match entry %s",
str); str);
continue; continue;
} }
@ -2013,7 +2020,7 @@ conf_set_blacklist_matches(void *data)
/* Verify it's the correct length */ /* Verify it's the correct length */
if (strlen(str) > 3) if (strlen(str) > 3)
{ {
conf_report_error("blacklist::matches has invalid octet match entry %s", conf_report_error("dnsbl::matches has invalid octet match entry %s",
str); str);
continue; continue;
} }
@ -2023,61 +2030,61 @@ conf_set_blacklist_matches(void *data)
continue; /* Invalid entry */ continue; /* Invalid entry */
} }
rb_dlinkAddAlloc(rb_strdup(str), &yy_blacklist_filters); rb_dlinkAddAlloc(rb_strdup(str), &yy_dnsbl_entry_filters);
} }
} }
static void static void
conf_set_blacklist_reason(void *data) conf_set_dnsbl_entry_reason(void *data)
{ {
rb_dlink_node *ptr, *nptr; rb_dlink_node *ptr, *nptr;
if (yy_blacklist_host && data) if (yy_dnsbl_entry_host && data)
{ {
yy_blacklist_reason = rb_strdup(data); yy_dnsbl_entry_reason = rb_strdup(data);
if (yy_blacklist_iptype & IPTYPE_IPV6) if (yy_dnsbl_entry_iptype & IPTYPE_IPV6)
{ {
/* Make sure things fit (magic number 64 = alnum count + dots) /* Make sure things fit (magic number 64 = alnum count + dots)
* Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa * Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
*/ */
if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) if ((64 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
{ {
conf_report_error("blacklist::host %s results in IPv6 queries that are too long", conf_report_error("dnsbl::host %s results in IPv6 queries that are too long",
yy_blacklist_host); yy_dnsbl_entry_host);
goto cleanup_bl; goto cleanup_bl;
} }
} }
/* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */ /* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */
if ((yy_blacklist_iptype & IPTYPE_IPV4) && !(yy_blacklist_iptype & IPTYPE_IPV6)) if ((yy_dnsbl_entry_iptype & IPTYPE_IPV4) && !(yy_dnsbl_entry_iptype & IPTYPE_IPV6))
{ {
/* Make sure things fit for worst case (magic number 16 = number of nums + dots) /* Make sure things fit for worst case (magic number 16 = number of nums + dots)
* Example: 127.127.127.127.in-addr.arpa * Example: 127.127.127.127.in-addr.arpa
*/ */
if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) if ((16 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
{ {
conf_report_error("blacklist::host %s results in IPv4 queries that are too long", conf_report_error("dnsbl::host %s results in IPv4 queries that are too long",
yy_blacklist_host); yy_dnsbl_entry_host);
goto cleanup_bl; goto cleanup_bl;
} }
} }
add_blacklist(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_iptype, &yy_blacklist_filters); add_dnsbl_entry(yy_dnsbl_entry_host, yy_dnsbl_entry_reason, yy_dnsbl_entry_iptype, &yy_dnsbl_entry_filters);
} }
cleanup_bl: cleanup_bl:
RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_blacklist_filters.head) RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_dnsbl_entry_filters.head)
{ {
rb_free(ptr->data); rb_free(ptr->data);
rb_dlinkDestroy(ptr, &yy_blacklist_filters); rb_dlinkDestroy(ptr, &yy_dnsbl_entry_filters);
} }
yy_blacklist_filters = (rb_dlink_list){ NULL, NULL, 0 }; yy_dnsbl_entry_filters = (rb_dlink_list){ NULL, NULL, 0 };
rb_free(yy_blacklist_host); rb_free(yy_dnsbl_entry_host);
rb_free(yy_blacklist_reason); rb_free(yy_dnsbl_entry_reason);
yy_blacklist_host = NULL; yy_dnsbl_entry_host = NULL;
yy_blacklist_reason = NULL; yy_dnsbl_entry_reason = NULL;
yy_blacklist_iptype = 0; yy_dnsbl_entry_iptype = 0;
} }
@ -2895,11 +2902,17 @@ newconf_init()
add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name); add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name);
add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target); add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target);
add_top_conf("blacklist", NULL, NULL, NULL); add_top_conf("dnsbl", NULL, NULL, NULL);
add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host); add_conf_item("dnsbl", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type); add_conf_item("dnsbl", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_blacklist_matches); add_conf_item("dnsbl", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason); add_conf_item("dnsbl", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
add_top_conf("blacklist", conf_warn_blacklist_deprecation, NULL, NULL);
add_conf_item("blacklist", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL); add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL);
add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout); add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);

View file

@ -1568,7 +1568,7 @@ clear_out_old_conf(void)
alias_dict = NULL; alias_dict = NULL;
} }
del_blacklist_all(); del_dnsbl_entry_all();
privilegeset_mark_all_illegal(); privilegeset_mark_all_illegal();

View file

@ -213,25 +213,25 @@ authd_check(struct Client *client_p, struct Client *source_p)
switch(source_p->preClient->auth.cause) switch(source_p->preClient->auth.cause)
{ {
case 'B': /* Blacklists */ case 'B': /* DNSBL */
{ {
struct BlacklistStats *stats; struct DNSBLEntryStats *stats;
char *blacklist = source_p->preClient->auth.data; char *dnsbl_name = source_p->preClient->auth.data;
if(bl_stats != NULL) if(dnsbl_stats != NULL)
if((stats = rb_dictionary_retrieve(bl_stats, blacklist)) != NULL) if((stats = rb_dictionary_retrieve(dnsbl_stats, dnsbl_name)) != NULL)
stats->hits++; stats->hits++;
if(IsExemptKline(source_p) || IsConfExemptDNSBL(aconf)) if(IsExemptKline(source_p) || IsConfExemptDNSBL(aconf))
{ {
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s, but you are exempt", sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s, but you are exempt",
source_p->sockhost, blacklist); source_p->sockhost, dnsbl_name);
break; break;
} }
sendto_realops_snomask(SNO_REJ, L_NETWIDE, sendto_realops_snomask(SNO_REJ, L_NETWIDE,
"Listed on DNSBL %s: %s (%s@%s) [%s] [%s]", "Listed on DNSBL %s: %s (%s@%s) [%s] [%s]",
blacklist, source_p->name, source_p->username, source_p->host, dnsbl_name, source_p->name, source_p->username, source_p->host,
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost, IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
source_p->info); source_p->info);
@ -239,9 +239,9 @@ authd_check(struct Client *client_p, struct Client *source_p)
me.name, source_p->name, reason); me.name, source_p->name, reason);
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s", sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
source_p->sockhost, blacklist); source_p->sockhost, dnsbl_name);
add_reject(source_p, NULL, NULL, NULL, "Banned (DNS blacklist)"); add_reject(source_p, NULL, NULL, NULL, "Banned (listed in a DNSBL)");
exit_client(client_p, source_p, &me, "Banned (DNS blacklist)"); exit_client(client_p, source_p, &me, "Banned (listed in a DNSBL)");
reject = true; reject = true;
} }
break; break;
@ -927,7 +927,7 @@ report_and_set_user_flags(struct Client *source_p, struct ConfItem *aconf)
if(IsConfExemptDNSBL(aconf)) if(IsConfExemptDNSBL(aconf))
/* kline exempt implies this, don't send both */ /* kline exempt implies this, don't send both */
if(!IsConfExemptKline(aconf)) if(!IsConfExemptKline(aconf))
sendto_one_notice(source_p, ":*** You are exempt from DNS blacklists"); sendto_one_notice(source_p, ":*** You are exempt from DNSBL listings");
/* If this user is exempt from user limits set it F lined" */ /* If this user is exempt from user limits set it F lined" */
if(IsConfExemptLimits(aconf)) if(IsConfExemptLimits(aconf))

View file

@ -756,12 +756,12 @@ static void
stats_dnsbl(struct Client *source_p) stats_dnsbl(struct Client *source_p)
{ {
rb_dictionary_iter iter; rb_dictionary_iter iter;
struct BlacklistStats *stats; struct DNSBLEntryStats *stats;
if(bl_stats == NULL) if(dnsbl_stats == NULL)
return; return;
RB_DICTIONARY_FOREACH(stats, &iter, bl_stats) RB_DICTIONARY_FOREACH(stats, &iter, dnsbl_stats)
{ {
/* use RPL_STATSDEBUG for now -- jilles */ /* use RPL_STATSDEBUG for now -- jilles */
sendto_one_numeric(source_p, RPL_STATSDEBUG, "n :%d %s", sendto_one_numeric(source_p, RPL_STATSDEBUG, "n :%d %s",