Merge remote-tracking branch 'ophion/upstream/dnsbl-rename'
This commit is contained in:
commit
ac09f70838
13 changed files with 250 additions and 242 deletions
|
@ -12,7 +12,7 @@ authd_SOURCES = \
|
||||||
res.c \
|
res.c \
|
||||||
reslib.c \
|
reslib.c \
|
||||||
reslist.c \
|
reslist.c \
|
||||||
providers/blacklist.c \
|
providers/dnsbl.c \
|
||||||
providers/ident.c \
|
providers/ident.c \
|
||||||
providers/rdns.c \
|
providers/rdns.c \
|
||||||
providers/opm.c
|
providers/opm.c
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* The basic design here is to have "authentication providers" that do things
|
/* The basic design here is to have "authentication providers" that do things
|
||||||
* like query ident and blacklists and even open proxies.
|
* like query ident and DNSBLs and even open proxies.
|
||||||
*
|
*
|
||||||
* Providers are registered in the auth_providers linked list. It is planned to
|
* Providers are registered in the auth_providers linked list. It is planned to
|
||||||
* use a bitmap to store provider ID's later.
|
* use a bitmap to store provider ID's later.
|
||||||
|
@ -93,10 +93,10 @@ init_providers(void)
|
||||||
timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1);
|
timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1);
|
||||||
|
|
||||||
/* FIXME must be started before rdns/ident to receive completion notification from them */
|
/* FIXME must be started before rdns/ident to receive completion notification from them */
|
||||||
load_provider(&blacklist_provider);
|
load_provider(&dnsbl_provider);
|
||||||
load_provider(&opm_provider);
|
load_provider(&opm_provider);
|
||||||
|
|
||||||
/* FIXME must be started after blacklist/opm in case of early completion notifications */
|
/* FIXME must be started after dnsbl/opm in case of early completion notifications */
|
||||||
load_provider(&rdns_provider);
|
load_provider(&rdns_provider);
|
||||||
load_provider(&ident_provider);
|
load_provider(&ident_provider);
|
||||||
}
|
}
|
||||||
|
|
|
@ -105,7 +105,7 @@ struct auth_provider
|
||||||
|
|
||||||
extern struct auth_provider rdns_provider;
|
extern struct auth_provider rdns_provider;
|
||||||
extern struct auth_provider ident_provider;
|
extern struct auth_provider ident_provider;
|
||||||
extern struct auth_provider blacklist_provider;
|
extern struct auth_provider dnsbl_provider;
|
||||||
extern struct auth_provider opm_provider;
|
extern struct auth_provider opm_provider;
|
||||||
|
|
||||||
extern rb_dlink_list auth_providers;
|
extern rb_dlink_list auth_providers;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* charybdis: A slightly useful ircd.
|
* charybdis: A slightly useful ircd.
|
||||||
* blacklist.c: Manages DNS blacklist entries and lookups
|
* dnsbl.c: Manages DNSBL entries and lookups
|
||||||
*
|
*
|
||||||
* Copyright (C) 2006-2011 charybdis development team
|
* Copyright (C) 2006-2011 charybdis development team
|
||||||
*
|
*
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
#include "stdinc.h"
|
#include "stdinc.h"
|
||||||
#include "dns.h"
|
#include "dns.h"
|
||||||
|
|
||||||
#define SELF_PID (blacklist_provider.id)
|
#define SELF_PID (dnsbl_provider.id)
|
||||||
|
|
||||||
typedef enum filter_t
|
typedef enum filter_t
|
||||||
{
|
{
|
||||||
|
@ -52,12 +52,12 @@ typedef enum filter_t
|
||||||
FILTER_LAST = 2,
|
FILTER_LAST = 2,
|
||||||
} filter_t;
|
} filter_t;
|
||||||
|
|
||||||
/* Blacklist accepted IP types */
|
/* dnsbl accepted IP types */
|
||||||
#define IPTYPE_IPV4 1
|
#define IPTYPE_IPV4 1
|
||||||
#define IPTYPE_IPV6 2
|
#define IPTYPE_IPV6 2
|
||||||
|
|
||||||
/* A configured DNSBL */
|
/* A configured DNSBL */
|
||||||
struct blacklist
|
struct dnsbl
|
||||||
{
|
{
|
||||||
char host[IRCD_RES_HOSTLEN + 1];
|
char host[IRCD_RES_HOSTLEN + 1];
|
||||||
char reason[BUFSIZE]; /* Reason template (ircd fills in the blanks) */
|
char reason[BUFSIZE]; /* Reason template (ircd fills in the blanks) */
|
||||||
|
@ -65,24 +65,24 @@ struct blacklist
|
||||||
rb_dlink_list filters; /* Filters for queries */
|
rb_dlink_list filters; /* Filters for queries */
|
||||||
|
|
||||||
bool delete; /* If true delete when no clients */
|
bool delete; /* If true delete when no clients */
|
||||||
int refcount; /* When 0 and delete is set, remove this blacklist */
|
int refcount; /* When 0 and delete is set, remove this dnsbl */
|
||||||
unsigned int hits;
|
unsigned int hits;
|
||||||
|
|
||||||
time_t lastwarning; /* Last warning about garbage replies sent */
|
time_t lastwarning; /* Last warning about garbage replies sent */
|
||||||
};
|
};
|
||||||
|
|
||||||
/* A lookup in progress for a particular DNSBL for a particular client */
|
/* A lookup in progress for a particular DNSBL for a particular client */
|
||||||
struct blacklist_lookup
|
struct dnsbl_lookup
|
||||||
{
|
{
|
||||||
struct blacklist *bl; /* Blacklist we're checking */
|
struct dnsbl *bl; /* dnsbl we're checking */
|
||||||
struct auth_client *auth; /* Client */
|
struct auth_client *auth; /* Client */
|
||||||
struct dns_query *query; /* DNS query pointer */
|
struct dns_query *query; /* DNS query pointer */
|
||||||
|
|
||||||
rb_dlink_node node;
|
rb_dlink_node node;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* A blacklist filter */
|
/* A dnsbl filter */
|
||||||
struct blacklist_filter
|
struct dnsbl_filter
|
||||||
{
|
{
|
||||||
filter_t type; /* Type of filter */
|
filter_t type; /* Type of filter */
|
||||||
char filter[HOSTIPLEN]; /* The filter itself */
|
char filter[HOSTIPLEN]; /* The filter itself */
|
||||||
|
@ -90,38 +90,38 @@ struct blacklist_filter
|
||||||
rb_dlink_node node;
|
rb_dlink_node node;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Blacklist user data attached to auth_client instance */
|
/* dnsbl user data attached to auth_client instance */
|
||||||
struct blacklist_user
|
struct dnsbl_user
|
||||||
{
|
{
|
||||||
bool started;
|
bool started;
|
||||||
rb_dlink_list queries; /* Blacklist queries in flight */
|
rb_dlink_list queries; /* dnsbl queries in flight */
|
||||||
};
|
};
|
||||||
|
|
||||||
/* public interfaces */
|
/* public interfaces */
|
||||||
static void blacklists_destroy(void);
|
static void dnsbls_destroy(void);
|
||||||
|
|
||||||
static bool blacklists_start(struct auth_client *);
|
static bool dnsbls_start(struct auth_client *);
|
||||||
static inline void blacklists_generic_cancel(struct auth_client *, const char *);
|
static inline void dnsbls_generic_cancel(struct auth_client *, const char *);
|
||||||
static void blacklists_timeout(struct auth_client *);
|
static void dnsbls_timeout(struct auth_client *);
|
||||||
static void blacklists_cancel(struct auth_client *);
|
static void dnsbls_cancel(struct auth_client *);
|
||||||
static void blacklists_cancel_none(struct auth_client *);
|
static void dnsbls_cancel_none(struct auth_client *);
|
||||||
|
|
||||||
/* private interfaces */
|
/* private interfaces */
|
||||||
static void unref_blacklist(struct blacklist *);
|
static void unref_dnsbl(struct dnsbl *);
|
||||||
static struct blacklist *new_blacklist(const char *, const char *, uint8_t, rb_dlink_list *);
|
static struct dnsbl *new_dnsbl(const char *, const char *, uint8_t, rb_dlink_list *);
|
||||||
static struct blacklist *find_blacklist(const char *);
|
static struct dnsbl *find_dnsbl(const char *);
|
||||||
static bool blacklist_check_reply(struct blacklist_lookup *, const char *);
|
static bool dnsbl_check_reply(struct dnsbl_lookup *, const char *);
|
||||||
static void blacklist_dns_callback(const char *, bool, query_type, void *);
|
static void dnsbl_dns_callback(const char *, bool, query_type, void *);
|
||||||
static void initiate_blacklist_dnsquery(struct blacklist *, struct auth_client *);
|
static void initiate_dnsbl_dnsquery(struct dnsbl *, struct auth_client *);
|
||||||
|
|
||||||
/* Variables */
|
/* Variables */
|
||||||
static rb_dlink_list blacklist_list = { NULL, NULL, 0 };
|
static rb_dlink_list dnsbl_list = { NULL, NULL, 0 };
|
||||||
static int blacklist_timeout = BLACKLIST_TIMEOUT_DEFAULT;
|
static int dnsbl_timeout = DNSBL_TIMEOUT_DEFAULT;
|
||||||
|
|
||||||
/* private interfaces */
|
/* private interfaces */
|
||||||
|
|
||||||
static void
|
static void
|
||||||
unref_blacklist(struct blacklist *bl)
|
unref_dnsbl(struct dnsbl *bl)
|
||||||
{
|
{
|
||||||
rb_dlink_node *ptr, *nptr;
|
rb_dlink_node *ptr, *nptr;
|
||||||
|
|
||||||
|
@ -134,23 +134,23 @@ unref_blacklist(struct blacklist *bl)
|
||||||
rb_free(ptr);
|
rb_free(ptr);
|
||||||
}
|
}
|
||||||
|
|
||||||
rb_dlinkFindDestroy(bl, &blacklist_list);
|
rb_dlinkFindDestroy(bl, &dnsbl_list);
|
||||||
rb_free(bl);
|
rb_free(bl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct blacklist *
|
static struct dnsbl *
|
||||||
new_blacklist(const char *name, const char *reason, uint8_t iptype, rb_dlink_list *filters)
|
new_dnsbl(const char *name, const char *reason, uint8_t iptype, rb_dlink_list *filters)
|
||||||
{
|
{
|
||||||
struct blacklist *bl;
|
struct dnsbl *bl;
|
||||||
|
|
||||||
if (name == NULL || reason == NULL || iptype == 0)
|
if (name == NULL || reason == NULL || iptype == 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if((bl = find_blacklist(name)) == NULL)
|
if((bl = find_dnsbl(name)) == NULL)
|
||||||
{
|
{
|
||||||
bl = rb_malloc(sizeof(struct blacklist));
|
bl = rb_malloc(sizeof(struct dnsbl));
|
||||||
rb_dlinkAddAlloc(bl, &blacklist_list);
|
rb_dlinkAddAlloc(bl, &dnsbl_list);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
bl->delete = false;
|
bl->delete = false;
|
||||||
|
@ -166,14 +166,14 @@ new_blacklist(const char *name, const char *reason, uint8_t iptype, rb_dlink_lis
|
||||||
return bl;
|
return bl;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct blacklist *
|
static struct dnsbl *
|
||||||
find_blacklist(const char *name)
|
find_dnsbl(const char *name)
|
||||||
{
|
{
|
||||||
rb_dlink_node *ptr;
|
rb_dlink_node *ptr;
|
||||||
|
|
||||||
RB_DLINK_FOREACH(ptr, blacklist_list.head)
|
RB_DLINK_FOREACH(ptr, dnsbl_list.head)
|
||||||
{
|
{
|
||||||
struct blacklist *bl = (struct blacklist *)ptr->data;
|
struct dnsbl *bl = (struct dnsbl *)ptr->data;
|
||||||
|
|
||||||
if (!strcasecmp(bl->host, name))
|
if (!strcasecmp(bl->host, name))
|
||||||
return bl;
|
return bl;
|
||||||
|
@ -183,9 +183,9 @@ find_blacklist(const char *name)
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline bool
|
static inline bool
|
||||||
blacklist_check_reply(struct blacklist_lookup *bllookup, const char *ipaddr)
|
dnsbl_check_reply(struct dnsbl_lookup *bllookup, const char *ipaddr)
|
||||||
{
|
{
|
||||||
struct blacklist *bl = bllookup->bl;
|
struct dnsbl *bl = bllookup->bl;
|
||||||
const char *lastoctet;
|
const char *lastoctet;
|
||||||
rb_dlink_node *ptr;
|
rb_dlink_node *ptr;
|
||||||
|
|
||||||
|
@ -199,7 +199,7 @@ blacklist_check_reply(struct blacklist_lookup *bllookup, const char *ipaddr)
|
||||||
|
|
||||||
RB_DLINK_FOREACH(ptr, bl->filters.head)
|
RB_DLINK_FOREACH(ptr, bl->filters.head)
|
||||||
{
|
{
|
||||||
struct blacklist_filter *filter = ptr->data;
|
struct dnsbl_filter *filter = ptr->data;
|
||||||
const char *cmpstr;
|
const char *cmpstr;
|
||||||
|
|
||||||
if (filter->type == FILTER_ALL)
|
if (filter->type == FILTER_ALL)
|
||||||
|
@ -208,7 +208,7 @@ blacklist_check_reply(struct blacklist_lookup *bllookup, const char *ipaddr)
|
||||||
cmpstr = lastoctet;
|
cmpstr = lastoctet;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
warn_opers(L_CRIT, "Blacklist: Unknown blacklist filter type (host %s): %d",
|
warn_opers(L_CRIT, "dnsbl: Unknown dnsbl filter type (host %s): %d",
|
||||||
bl->host, filter->type);
|
bl->host, filter->type);
|
||||||
exit(EX_PROVIDER_ERROR);
|
exit(EX_PROVIDER_ERROR);
|
||||||
}
|
}
|
||||||
|
@ -222,7 +222,7 @@ blacklist_check_reply(struct blacklist_lookup *bllookup, const char *ipaddr)
|
||||||
blwarn:
|
blwarn:
|
||||||
if (bl->lastwarning + 3600 < rb_current_time())
|
if (bl->lastwarning + 3600 < rb_current_time())
|
||||||
{
|
{
|
||||||
warn_opers(L_WARN, "Garbage/undecipherable reply received from blacklist %s (reply %s)",
|
warn_opers(L_WARN, "Garbage/undecipherable reply received from dnsbl %s (reply %s)",
|
||||||
bl->host, ipaddr);
|
bl->host, ipaddr);
|
||||||
bl->lastwarning = rb_current_time();
|
bl->lastwarning = rb_current_time();
|
||||||
}
|
}
|
||||||
|
@ -231,11 +231,11 @@ blwarn:
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
blacklist_dns_callback(const char *result, bool status, query_type type, void *data)
|
dnsbl_dns_callback(const char *result, bool status, query_type type, void *data)
|
||||||
{
|
{
|
||||||
struct blacklist_lookup *bllookup = (struct blacklist_lookup *)data;
|
struct dnsbl_lookup *bllookup = (struct dnsbl_lookup *)data;
|
||||||
struct blacklist_user *bluser;
|
struct dnsbl_user *bluser;
|
||||||
struct blacklist *bl;
|
struct dnsbl *bl;
|
||||||
struct auth_client *auth;
|
struct auth_client *auth;
|
||||||
|
|
||||||
lrb_assert(bllookup != NULL);
|
lrb_assert(bllookup != NULL);
|
||||||
|
@ -247,16 +247,16 @@ blacklist_dns_callback(const char *result, bool status, query_type type, void *d
|
||||||
if((bluser = get_provider_data(auth, SELF_PID)) == NULL)
|
if((bluser = get_provider_data(auth, SELF_PID)) == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (result != NULL && status && blacklist_check_reply(bllookup, result))
|
if (result != NULL && status && dnsbl_check_reply(bllookup, result))
|
||||||
{
|
{
|
||||||
/* Match found, so proceed no further */
|
/* Match found, so proceed no further */
|
||||||
bl->hits++;
|
bl->hits++;
|
||||||
reject_client(auth, SELF_PID, bl->host, bl->reason);
|
reject_client(auth, SELF_PID, bl->host, bl->reason);
|
||||||
blacklists_cancel(auth);
|
dnsbls_cancel(auth);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
unref_blacklist(bl);
|
unref_dnsbl(bl);
|
||||||
cancel_query(bllookup->query); /* Ignore future responses */
|
cancel_query(bllookup->query); /* Ignore future responses */
|
||||||
rb_dlinkDelete(&bllookup->node, &bluser->queries);
|
rb_dlinkDelete(&bllookup->node, &bluser->queries);
|
||||||
rb_free(bllookup);
|
rb_free(bllookup);
|
||||||
|
@ -264,8 +264,7 @@ blacklist_dns_callback(const char *result, bool status, query_type type, void *d
|
||||||
if(!rb_dlink_list_length(&bluser->queries))
|
if(!rb_dlink_list_length(&bluser->queries))
|
||||||
{
|
{
|
||||||
/* Done here */
|
/* Done here */
|
||||||
notice_client(auth->cid, "*** IP not found in DNS blacklist%s",
|
notice_client(auth->cid, "*** No DNSBL entry found for this IP");
|
||||||
rb_dlink_list_length(&blacklist_list) > 1 ? "s" : "");
|
|
||||||
rb_free(bluser);
|
rb_free(bluser);
|
||||||
set_provider_data(auth, SELF_PID, NULL);
|
set_provider_data(auth, SELF_PID, NULL);
|
||||||
set_provider_timeout_absolute(auth, SELF_PID, 0);
|
set_provider_timeout_absolute(auth, SELF_PID, 0);
|
||||||
|
@ -276,10 +275,10 @@ blacklist_dns_callback(const char *result, bool status, query_type type, void *d
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
initiate_blacklist_dnsquery(struct blacklist *bl, struct auth_client *auth)
|
initiate_dnsbl_dnsquery(struct dnsbl *bl, struct auth_client *auth)
|
||||||
{
|
{
|
||||||
struct blacklist_lookup *bllookup = rb_malloc(sizeof(struct blacklist_lookup));
|
struct dnsbl_lookup *bllookup = rb_malloc(sizeof(struct dnsbl_lookup));
|
||||||
struct blacklist_user *bluser = get_provider_data(auth, SELF_PID);
|
struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
|
||||||
char buf[IRCD_RES_HOSTLEN + 1];
|
char buf[IRCD_RES_HOSTLEN + 1];
|
||||||
int aftype;
|
int aftype;
|
||||||
|
|
||||||
|
@ -289,23 +288,23 @@ initiate_blacklist_dnsquery(struct blacklist *bl, struct auth_client *auth)
|
||||||
aftype = GET_SS_FAMILY(&auth->c_addr);
|
aftype = GET_SS_FAMILY(&auth->c_addr);
|
||||||
if((aftype == AF_INET && (bl->iptype & IPTYPE_IPV4) == 0) ||
|
if((aftype == AF_INET && (bl->iptype & IPTYPE_IPV4) == 0) ||
|
||||||
(aftype == AF_INET6 && (bl->iptype & IPTYPE_IPV6) == 0))
|
(aftype == AF_INET6 && (bl->iptype & IPTYPE_IPV6) == 0))
|
||||||
/* Incorrect blacklist type for this IP... */
|
/* Incorrect dnsbl type for this IP... */
|
||||||
{
|
{
|
||||||
rb_free(bllookup);
|
rb_free(bllookup);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
build_rdns(buf, sizeof(buf), &auth->c_addr, bl->host);
|
build_rdns(buf, sizeof(buf), &auth->c_addr, bl->host);
|
||||||
bllookup->query = lookup_ip(buf, AF_INET, blacklist_dns_callback, bllookup);
|
bllookup->query = lookup_ip(buf, AF_INET, dnsbl_dns_callback, bllookup);
|
||||||
|
|
||||||
rb_dlinkAdd(bllookup, &bllookup->node, &bluser->queries);
|
rb_dlinkAdd(bllookup, &bllookup->node, &bluser->queries);
|
||||||
bl->refcount++;
|
bl->refcount++;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline bool
|
static inline bool
|
||||||
lookup_all_blacklists(struct auth_client *auth)
|
lookup_all_dnsbls(struct auth_client *auth)
|
||||||
{
|
{
|
||||||
struct blacklist_user *bluser = get_provider_data(auth, SELF_PID);
|
struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
|
||||||
rb_dlink_node *ptr;
|
rb_dlink_node *ptr;
|
||||||
int iptype;
|
int iptype;
|
||||||
|
|
||||||
|
@ -317,56 +316,55 @@ lookup_all_blacklists(struct auth_client *auth)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
bluser->started = true;
|
bluser->started = true;
|
||||||
notice_client(auth->cid, "*** Checking your IP against DNS blacklist%s",
|
notice_client(auth->cid, "*** Checking your IP against DNSBLs");
|
||||||
rb_dlink_list_length(&blacklist_list) > 1 ? "s" : "");
|
|
||||||
|
|
||||||
RB_DLINK_FOREACH(ptr, blacklist_list.head)
|
RB_DLINK_FOREACH(ptr, dnsbl_list.head)
|
||||||
{
|
{
|
||||||
struct blacklist *bl = (struct blacklist *)ptr->data;
|
struct dnsbl *bl = (struct dnsbl *)ptr->data;
|
||||||
|
|
||||||
if (!bl->delete && (bl->iptype & iptype))
|
if (!bl->delete && (bl->iptype & iptype))
|
||||||
initiate_blacklist_dnsquery(bl, auth);
|
initiate_dnsbl_dnsquery(bl, auth);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!rb_dlink_list_length(&bluser->queries))
|
if(!rb_dlink_list_length(&bluser->queries))
|
||||||
/* None checked. */
|
/* None checked. */
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
set_provider_timeout_relative(auth, SELF_PID, blacklist_timeout);
|
set_provider_timeout_relative(auth, SELF_PID, dnsbl_timeout);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void
|
static inline void
|
||||||
delete_blacklist(struct blacklist *bl)
|
delete_dnsbl(struct dnsbl *bl)
|
||||||
{
|
{
|
||||||
if (bl->refcount > 0)
|
if (bl->refcount > 0)
|
||||||
bl->delete = true;
|
bl->delete = true;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
rb_dlinkFindDestroy(bl, &blacklist_list);
|
rb_dlinkFindDestroy(bl, &dnsbl_list);
|
||||||
rb_free(bl);
|
rb_free(bl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
delete_all_blacklists(void)
|
delete_all_dnsbls(void)
|
||||||
{
|
{
|
||||||
rb_dlink_node *ptr, *nptr;
|
rb_dlink_node *ptr, *nptr;
|
||||||
|
|
||||||
RB_DLINK_FOREACH_SAFE(ptr, nptr, blacklist_list.head)
|
RB_DLINK_FOREACH_SAFE(ptr, nptr, dnsbl_list.head)
|
||||||
{
|
{
|
||||||
delete_blacklist(ptr->data);
|
delete_dnsbl(ptr->data);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* public interfaces */
|
/* public interfaces */
|
||||||
static bool
|
static bool
|
||||||
blacklists_start(struct auth_client *auth)
|
dnsbls_start(struct auth_client *auth)
|
||||||
{
|
{
|
||||||
lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
|
lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
|
||||||
|
|
||||||
if (!rb_dlink_list_length(&blacklist_list)) {
|
if (!rb_dlink_list_length(&dnsbl_list)) {
|
||||||
/* Nothing to do... */
|
/* Nothing to do... */
|
||||||
provider_done(auth, SELF_PID);
|
provider_done(auth, SELF_PID);
|
||||||
return true;
|
return true;
|
||||||
|
@ -374,12 +372,12 @@ blacklists_start(struct auth_client *auth)
|
||||||
|
|
||||||
auth_client_ref(auth);
|
auth_client_ref(auth);
|
||||||
|
|
||||||
set_provider_data(auth, SELF_PID, rb_malloc(sizeof(struct blacklist_user)));
|
set_provider_data(auth, SELF_PID, rb_malloc(sizeof(struct dnsbl_user)));
|
||||||
|
|
||||||
if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
|
if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
|
||||||
/* Start the lookup if ident and rdns are finished, or not loaded. */
|
/* Start the lookup if ident and rdns are finished, or not loaded. */
|
||||||
if (!lookup_all_blacklists(auth)) {
|
if (!lookup_all_dnsbls(auth)) {
|
||||||
blacklists_cancel_none(auth);
|
dnsbls_cancel_none(auth);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -389,30 +387,30 @@ blacklists_start(struct auth_client *auth)
|
||||||
|
|
||||||
/* This is called every time a provider is completed as long as we are marked not done */
|
/* This is called every time a provider is completed as long as we are marked not done */
|
||||||
static void
|
static void
|
||||||
blacklists_initiate(struct auth_client *auth, uint32_t provider)
|
dnsbls_initiate(struct auth_client *auth, uint32_t provider)
|
||||||
{
|
{
|
||||||
struct blacklist_user *bluser = get_provider_data(auth, SELF_PID);
|
struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
|
||||||
|
|
||||||
lrb_assert(provider != SELF_PID);
|
lrb_assert(provider != SELF_PID);
|
||||||
lrb_assert(!is_provider_done(auth, SELF_PID));
|
lrb_assert(!is_provider_done(auth, SELF_PID));
|
||||||
lrb_assert(rb_dlink_list_length(&blacklist_list) > 0);
|
lrb_assert(rb_dlink_list_length(&dnsbl_list) > 0);
|
||||||
|
|
||||||
if (bluser == NULL || bluser->started) {
|
if (bluser == NULL || bluser->started) {
|
||||||
/* Nothing to do */
|
/* Nothing to do */
|
||||||
return;
|
return;
|
||||||
} else if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
|
} else if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
|
||||||
/* Start the lookup if ident and rdns are finished, or not loaded. */
|
/* Start the lookup if ident and rdns are finished, or not loaded. */
|
||||||
if (!lookup_all_blacklists(auth)) {
|
if (!lookup_all_dnsbls(auth)) {
|
||||||
blacklists_cancel_none(auth);
|
dnsbls_cancel_none(auth);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void
|
static inline void
|
||||||
blacklists_generic_cancel(struct auth_client *auth, const char *message)
|
dnsbls_generic_cancel(struct auth_client *auth, const char *message)
|
||||||
{
|
{
|
||||||
rb_dlink_node *ptr, *nptr;
|
rb_dlink_node *ptr, *nptr;
|
||||||
struct blacklist_user *bluser = get_provider_data(auth, SELF_PID);
|
struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
|
||||||
|
|
||||||
if(bluser == NULL)
|
if(bluser == NULL)
|
||||||
return;
|
return;
|
||||||
|
@ -423,10 +421,10 @@ blacklists_generic_cancel(struct auth_client *auth, const char *message)
|
||||||
|
|
||||||
RB_DLINK_FOREACH_SAFE(ptr, nptr, bluser->queries.head)
|
RB_DLINK_FOREACH_SAFE(ptr, nptr, bluser->queries.head)
|
||||||
{
|
{
|
||||||
struct blacklist_lookup *bllookup = ptr->data;
|
struct dnsbl_lookup *bllookup = ptr->data;
|
||||||
|
|
||||||
cancel_query(bllookup->query);
|
cancel_query(bllookup->query);
|
||||||
unref_blacklist(bllookup->bl);
|
unref_dnsbl(bllookup->bl);
|
||||||
|
|
||||||
rb_dlinkDelete(&bllookup->node, &bluser->queries);
|
rb_dlinkDelete(&bllookup->node, &bluser->queries);
|
||||||
rb_free(bllookup);
|
rb_free(bllookup);
|
||||||
|
@ -442,40 +440,40 @@ blacklists_generic_cancel(struct auth_client *auth, const char *message)
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
blacklists_timeout(struct auth_client *auth)
|
dnsbls_timeout(struct auth_client *auth)
|
||||||
{
|
{
|
||||||
blacklists_generic_cancel(auth, "*** No response from DNS blacklists");
|
dnsbls_generic_cancel(auth, "*** No response from DNSBLs");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
blacklists_cancel(struct auth_client *auth)
|
dnsbls_cancel(struct auth_client *auth)
|
||||||
{
|
{
|
||||||
blacklists_generic_cancel(auth, "*** Aborting DNS blacklist checks");
|
dnsbls_generic_cancel(auth, "*** Aborting DNSBL checks");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
blacklists_cancel_none(struct auth_client *auth)
|
dnsbls_cancel_none(struct auth_client *auth)
|
||||||
{
|
{
|
||||||
blacklists_generic_cancel(auth, "*** Could not check DNS blacklists");
|
dnsbls_generic_cancel(auth, "*** Could not check DNSBLs");
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
blacklists_destroy(void)
|
dnsbls_destroy(void)
|
||||||
{
|
{
|
||||||
rb_dictionary_iter iter;
|
rb_dictionary_iter iter;
|
||||||
struct auth_client *auth;
|
struct auth_client *auth;
|
||||||
|
|
||||||
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
|
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
|
||||||
{
|
{
|
||||||
blacklists_cancel(auth);
|
dnsbls_cancel(auth);
|
||||||
/* auth is now invalid as we have no reference */
|
/* auth is now invalid as we have no reference */
|
||||||
}
|
}
|
||||||
|
|
||||||
delete_all_blacklists();
|
delete_all_dnsbls();
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
add_conf_blacklist(const char *key, int parc, const char **parv)
|
add_conf_dnsbl(const char *key, int parc, const char **parv)
|
||||||
{
|
{
|
||||||
rb_dlink_list filters = { NULL, NULL, 0 };
|
rb_dlink_list filters = { NULL, NULL, 0 };
|
||||||
char *tmp, *elemlist = rb_strdup(parv[2]);
|
char *tmp, *elemlist = rb_strdup(parv[2]);
|
||||||
|
@ -486,18 +484,18 @@ add_conf_blacklist(const char *key, int parc, const char **parv)
|
||||||
|
|
||||||
for(char *elem = rb_strtok_r(elemlist, ",", &tmp); elem; elem = rb_strtok_r(NULL, ",", &tmp))
|
for(char *elem = rb_strtok_r(elemlist, ",", &tmp); elem; elem = rb_strtok_r(NULL, ",", &tmp))
|
||||||
{
|
{
|
||||||
struct blacklist_filter *filter = rb_malloc(sizeof(struct blacklist_filter));
|
struct dnsbl_filter *filter = rb_malloc(sizeof(struct dnsbl_filter));
|
||||||
int dot_c = 0;
|
int dot_c = 0;
|
||||||
filter_t type = FILTER_LAST;
|
filter_t type = FILTER_LAST;
|
||||||
|
|
||||||
/* Check blacklist filter type and for validity */
|
/* Check dnsbl filter type and for validity */
|
||||||
for(char *c = elem; *c != '\0'; c++)
|
for(char *c = elem; *c != '\0'; c++)
|
||||||
{
|
{
|
||||||
if(*c == '.')
|
if(*c == '.')
|
||||||
{
|
{
|
||||||
if(++dot_c > 3)
|
if(++dot_c > 3)
|
||||||
{
|
{
|
||||||
warn_opers(L_CRIT, "Blacklist: addr_conf_blacklist got a bad filter (too many octets)");
|
warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (too many octets)");
|
||||||
exit(EX_PROVIDER_ERROR);
|
exit(EX_PROVIDER_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -505,7 +503,7 @@ add_conf_blacklist(const char *key, int parc, const char **parv)
|
||||||
}
|
}
|
||||||
else if(!isdigit(*c))
|
else if(!isdigit(*c))
|
||||||
{
|
{
|
||||||
warn_opers(L_CRIT, "Blacklist: addr_conf_blacklist got a bad filter (invalid character in blacklist filter: %c)",
|
warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (invalid character in dnsbl filter: %c)",
|
||||||
*c);
|
*c);
|
||||||
exit(EX_PROVIDER_ERROR);
|
exit(EX_PROVIDER_ERROR);
|
||||||
}
|
}
|
||||||
|
@ -513,7 +511,7 @@ add_conf_blacklist(const char *key, int parc, const char **parv)
|
||||||
|
|
||||||
if(dot_c > 0 && dot_c < 3)
|
if(dot_c > 0 && dot_c < 3)
|
||||||
{
|
{
|
||||||
warn_opers(L_CRIT, "Blacklist: addr_conf_blacklist got a bad filter (insufficient octets)");
|
warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (insufficient octets)");
|
||||||
exit(EX_PROVIDER_ERROR);
|
exit(EX_PROVIDER_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -526,56 +524,56 @@ end:
|
||||||
rb_free(elemlist);
|
rb_free(elemlist);
|
||||||
|
|
||||||
iptype = atoi(parv[1]) & 0x3;
|
iptype = atoi(parv[1]) & 0x3;
|
||||||
if(new_blacklist(parv[0], parv[3], iptype, &filters) == NULL)
|
if(new_dnsbl(parv[0], parv[3], iptype, &filters) == NULL)
|
||||||
{
|
{
|
||||||
warn_opers(L_CRIT, "Blacklist: addr_conf_blacklist got a malformed blacklist");
|
warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a malformed dnsbl");
|
||||||
exit(EX_PROVIDER_ERROR);
|
exit(EX_PROVIDER_ERROR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
del_conf_blacklist(const char *key, int parc, const char **parv)
|
del_conf_dnsbl(const char *key, int parc, const char **parv)
|
||||||
{
|
{
|
||||||
struct blacklist *bl = find_blacklist(parv[0]);
|
struct dnsbl *bl = find_dnsbl(parv[0]);
|
||||||
if(bl == NULL)
|
if(bl == NULL)
|
||||||
{
|
{
|
||||||
/* Not fatal for now... */
|
/* Not fatal for now... */
|
||||||
warn_opers(L_WARN, "Blacklist: tried to remove nonexistent blacklist %s", parv[0]);
|
warn_opers(L_WARN, "dnsbl: tried to remove nonexistent dnsbl %s", parv[0]);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
delete_blacklist(bl);
|
delete_dnsbl(bl);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
del_conf_blacklist_all(const char *key, int parc, const char **parv)
|
del_conf_dnsbl_all(const char *key, int parc, const char **parv)
|
||||||
{
|
{
|
||||||
delete_all_blacklists();
|
delete_all_dnsbls();
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
add_conf_blacklist_timeout(const char *key, int parc, const char **parv)
|
add_conf_dnsbl_timeout(const char *key, int parc, const char **parv)
|
||||||
{
|
{
|
||||||
int timeout = atoi(parv[0]);
|
int timeout = atoi(parv[0]);
|
||||||
|
|
||||||
if(timeout < 0)
|
if(timeout < 0)
|
||||||
{
|
{
|
||||||
warn_opers(L_CRIT, "Blacklist: blacklist timeout < 0 (value: %d)", timeout);
|
warn_opers(L_CRIT, "dnsbl: dnsbl timeout < 0 (value: %d)", timeout);
|
||||||
exit(EX_PROVIDER_ERROR);
|
exit(EX_PROVIDER_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
blacklist_timeout = timeout;
|
dnsbl_timeout = timeout;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
static void
|
static void
|
||||||
blacklist_stats(uint32_t rid, char letter)
|
dnsbl_stats(uint32_t rid, char letter)
|
||||||
{
|
{
|
||||||
rb_dlink_node *ptr;
|
rb_dlink_node *ptr;
|
||||||
|
|
||||||
RB_DLINK_FOREACH(ptr, blacklist_list.head)
|
RB_DLINK_FOREACH(ptr, dnsbl_list.head)
|
||||||
{
|
{
|
||||||
struct blacklist *bl = ptr->data;
|
struct dnsbl *bl = ptr->data;
|
||||||
|
|
||||||
if(bl->delete)
|
if(bl->delete)
|
||||||
continue;
|
continue;
|
||||||
|
@ -587,24 +585,24 @@ blacklist_stats(uint32_t rid, char letter)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct auth_opts_handler blacklist_options[] =
|
struct auth_opts_handler dnsbl_options[] =
|
||||||
{
|
{
|
||||||
{ "rbl", 4, add_conf_blacklist },
|
{ "rbl", 4, add_conf_dnsbl },
|
||||||
{ "rbl_del", 1, del_conf_blacklist },
|
{ "rbl_del", 1, del_conf_dnsbl },
|
||||||
{ "rbl_del_all", 0, del_conf_blacklist_all },
|
{ "rbl_del_all", 0, del_conf_dnsbl_all },
|
||||||
{ "rbl_timeout", 1, add_conf_blacklist_timeout },
|
{ "rbl_timeout", 1, add_conf_dnsbl_timeout },
|
||||||
{ NULL, 0, NULL },
|
{ NULL, 0, NULL },
|
||||||
};
|
};
|
||||||
|
|
||||||
struct auth_provider blacklist_provider =
|
struct auth_provider dnsbl_provider =
|
||||||
{
|
{
|
||||||
.name = "blacklist",
|
.name = "dnsbl",
|
||||||
.letter = 'B',
|
.letter = 'B',
|
||||||
.destroy = blacklists_destroy,
|
.destroy = dnsbls_destroy,
|
||||||
.start = blacklists_start,
|
.start = dnsbls_start,
|
||||||
.cancel = blacklists_cancel,
|
.cancel = dnsbls_cancel,
|
||||||
.timeout = blacklists_timeout,
|
.timeout = dnsbls_timeout,
|
||||||
.completed = blacklists_initiate,
|
.completed = dnsbls_initiate,
|
||||||
.opt_handlers = blacklist_options,
|
.opt_handlers = dnsbl_options,
|
||||||
/* .stats_handler = { 'B', blacklist_stats }, */
|
/* .stats_handler = { 'B', dnsbl_stats }, */
|
||||||
};
|
};
|
|
@ -384,14 +384,14 @@ serverhide {
|
||||||
disable_hidden = no;
|
disable_hidden = no;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* These are the blacklist settings.
|
/* These are the DNSBL settings.
|
||||||
* You can have multiple combinations of host and rejection reasons.
|
* You can have multiple combinations of host and rejection reasons.
|
||||||
* They are used in pairs of one host/rejection reason.
|
* They are used in pairs of one host/rejection reason.
|
||||||
*
|
*
|
||||||
* These settings should be adequate for most networks.
|
* The default settings should be adequate for most networks.
|
||||||
*
|
*
|
||||||
* Word to the wise: Do not use blacklists like SPEWS for blocking IRC
|
* It is not recommended to use DNSBL services designed for e-mail spam
|
||||||
* connections.
|
* prevention, such as SPEWS for blocking IRC connections.
|
||||||
*
|
*
|
||||||
* As of charybdis 2.2, you can do some keyword substitution on the rejection
|
* As of charybdis 2.2, you can do some keyword substitution on the rejection
|
||||||
* reason. The available keyword substitutions are:
|
* reason. The available keyword substitutions are:
|
||||||
|
@ -411,13 +411,13 @@ serverhide {
|
||||||
* is considered a match. If included, a comma-separated list of *quoted*
|
* is considered a match. If included, a comma-separated list of *quoted*
|
||||||
* strings is allowed to match queries. They may be of the format "0" to "255"
|
* strings is allowed to match queries. They may be of the format "0" to "255"
|
||||||
* to match the final octet (e.g. 127.0.0.1) or "127.x.y.z" to explicitly match
|
* to match the final octet (e.g. 127.0.0.1) or "127.x.y.z" to explicitly match
|
||||||
* an A record. The blacklist is only applied if it matches anything in the
|
* an A record. The DNSBL match is only applied if it matches anything in the
|
||||||
* list. You may freely mix full IP's and final octets.
|
* list. You may freely mix full IP's and final octets.
|
||||||
*
|
*
|
||||||
* Consult your blacklist provider for the meaning of these parameters; they
|
* Consult your DNSBL provider for the meaning of these parameters; they
|
||||||
* are usually used to denote different ban types.
|
* are usually used to denote different block reasons.
|
||||||
*/
|
*/
|
||||||
blacklist {
|
dnsbl {
|
||||||
host = "rbl.efnetrbl.org";
|
host = "rbl.efnetrbl.org";
|
||||||
type = ipv4;
|
type = ipv4;
|
||||||
reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
|
reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
#include "rb_dictionary.h"
|
#include "rb_dictionary.h"
|
||||||
#include "client.h"
|
#include "client.h"
|
||||||
|
|
||||||
struct BlacklistStats
|
struct DNSBLEntryStats
|
||||||
{
|
{
|
||||||
char *host;
|
char *host;
|
||||||
uint8_t iptype;
|
uint8_t iptype;
|
||||||
|
@ -60,7 +60,7 @@ enum
|
||||||
|
|
||||||
extern rb_helper *authd_helper;
|
extern rb_helper *authd_helper;
|
||||||
|
|
||||||
extern rb_dictionary *bl_stats;
|
extern rb_dictionary *dnsbl_stats;
|
||||||
extern rb_dlink_list opm_list;
|
extern rb_dlink_list opm_list;
|
||||||
extern struct OPMListener opm_listeners[LISTEN_LAST];
|
extern struct OPMListener opm_listeners[LISTEN_LAST];
|
||||||
|
|
||||||
|
@ -76,9 +76,9 @@ void authd_accept_client(struct Client *client_p, const char *ident, const char
|
||||||
void authd_reject_client(struct Client *client_p, const char *ident, const char *host, char cause, const char *data, const char *reason);
|
void authd_reject_client(struct Client *client_p, const char *ident, const char *host, char cause, const char *data, const char *reason);
|
||||||
void authd_abort_client(struct Client *);
|
void authd_abort_client(struct Client *);
|
||||||
|
|
||||||
void add_blacklist(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters);
|
void add_dnsbl_entry(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters);
|
||||||
void del_blacklist(const char *host);
|
void del_dnsbl_entry(const char *host);
|
||||||
void del_blacklist_all(void);
|
void del_dnsbl_entry_all(void);
|
||||||
|
|
||||||
bool set_authd_timeout(const char *key, int timeout);
|
bool set_authd_timeout(const char *key, int timeout);
|
||||||
void ident_check_enable(bool enabled);
|
void ident_check_enable(bool enabled);
|
||||||
|
|
|
@ -36,9 +36,6 @@
|
||||||
#include "ircd.h"
|
#include "ircd.h"
|
||||||
#include "privilege.h"
|
#include "privilege.h"
|
||||||
|
|
||||||
/* other structs */
|
|
||||||
struct Blacklist;
|
|
||||||
|
|
||||||
/* we store ipv6 ips for remote clients, so this needs to be v6 always */
|
/* we store ipv6 ips for remote clients, so this needs to be v6 always */
|
||||||
#define HOSTIPLEN 53 /* sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255.ipv6") */
|
#define HOSTIPLEN 53 /* sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255.ipv6") */
|
||||||
#define PASSWDLEN 128
|
#define PASSWDLEN 128
|
||||||
|
|
|
@ -77,7 +77,7 @@ extern const char *ircd_paths[IRCD_PATH_COUNT];
|
||||||
#define LINKS_DELAY_DEFAULT 300
|
#define LINKS_DELAY_DEFAULT 300
|
||||||
#define MAX_TARGETS_DEFAULT 4 /* default for max_targets */
|
#define MAX_TARGETS_DEFAULT 4 /* default for max_targets */
|
||||||
#define IDENT_TIMEOUT_DEFAULT 5
|
#define IDENT_TIMEOUT_DEFAULT 5
|
||||||
#define BLACKLIST_TIMEOUT_DEFAULT 10
|
#define DNSBL_TIMEOUT_DEFAULT 10
|
||||||
#define OPM_TIMEOUT_DEFAULT 10
|
#define OPM_TIMEOUT_DEFAULT 10
|
||||||
#define RDNS_TIMEOUT_DEFAULT 5
|
#define RDNS_TIMEOUT_DEFAULT 5
|
||||||
#define MIN_JOIN_LEAVE_TIME 60
|
#define MIN_JOIN_LEAVE_TIME 60
|
||||||
|
|
|
@ -67,7 +67,7 @@ uint32_t cid;
|
||||||
static rb_dictionary *cid_clients;
|
static rb_dictionary *cid_clients;
|
||||||
static struct ev_entry *timeout_ev;
|
static struct ev_entry *timeout_ev;
|
||||||
|
|
||||||
rb_dictionary *bl_stats;
|
rb_dictionary *dnsbl_stats;
|
||||||
|
|
||||||
rb_dlink_list opm_list;
|
rb_dlink_list opm_list;
|
||||||
struct OPMListener opm_listeners[LISTEN_LAST];
|
struct OPMListener opm_listeners[LISTEN_LAST];
|
||||||
|
@ -581,17 +581,17 @@ timeout_dead_authd_clients(void *notused __unused)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Send a new blacklist to authd */
|
/* Send a new DNSBL entry to authd */
|
||||||
void
|
void
|
||||||
add_blacklist(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters)
|
add_dnsbl_entry(const char *host, const char *reason, uint8_t iptype, rb_dlink_list *filters)
|
||||||
{
|
{
|
||||||
rb_dlink_node *ptr;
|
rb_dlink_node *ptr;
|
||||||
struct BlacklistStats *stats = rb_malloc(sizeof(struct BlacklistStats));
|
struct DNSBLEntryStats *stats = rb_malloc(sizeof(*stats));
|
||||||
char filterbuf[BUFSIZE] = "*";
|
char filterbuf[BUFSIZE] = "*";
|
||||||
size_t s = 0;
|
size_t s = 0;
|
||||||
|
|
||||||
if(bl_stats == NULL)
|
if(dnsbl_stats == NULL)
|
||||||
bl_stats = rb_dictionary_create("blacklist statistics", rb_strcasecmp);
|
dnsbl_stats = rb_dictionary_create("dnsbl statistics", rb_strcasecmp);
|
||||||
|
|
||||||
/* Build a list of comma-separated values for authd.
|
/* Build a list of comma-separated values for authd.
|
||||||
* We don't check for validity - do it elsewhere.
|
* We don't check for validity - do it elsewhere.
|
||||||
|
@ -615,19 +615,19 @@ add_blacklist(const char *host, const char *reason, uint8_t iptype, rb_dlink_lis
|
||||||
stats->host = rb_strdup(host);
|
stats->host = rb_strdup(host);
|
||||||
stats->iptype = iptype;
|
stats->iptype = iptype;
|
||||||
stats->hits = 0;
|
stats->hits = 0;
|
||||||
rb_dictionary_add(bl_stats, stats->host, stats);
|
rb_dictionary_add(dnsbl_stats, stats->host, stats);
|
||||||
|
|
||||||
rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason);
|
rb_helper_write(authd_helper, "O rbl %s %hhu %s :%s", host, iptype, filterbuf, reason);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Delete a blacklist */
|
/* Delete a DNSBL entry. */
|
||||||
void
|
void
|
||||||
del_blacklist(const char *host)
|
del_dnsbl_entry(const char *host)
|
||||||
{
|
{
|
||||||
struct BlacklistStats *stats = rb_dictionary_retrieve(bl_stats, host);
|
struct DNSBLEntryStats *stats = rb_dictionary_retrieve(dnsbl_stats, host);
|
||||||
if(stats != NULL)
|
if(stats != NULL)
|
||||||
{
|
{
|
||||||
rb_dictionary_delete(bl_stats, host);
|
rb_dictionary_delete(dnsbl_stats, host);
|
||||||
rb_free(stats->host);
|
rb_free(stats->host);
|
||||||
rb_free(stats);
|
rb_free(stats);
|
||||||
}
|
}
|
||||||
|
@ -636,21 +636,21 @@ del_blacklist(const char *host)
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
blacklist_delete(rb_dictionary_element *delem, void *unused)
|
dnsbl_delete_elem(rb_dictionary_element *delem, void *unused)
|
||||||
{
|
{
|
||||||
struct BlacklistStats *stats = delem->data;
|
struct DNSBLEntryStats *stats = delem->data;
|
||||||
|
|
||||||
rb_free(stats->host);
|
rb_free(stats->host);
|
||||||
rb_free(stats);
|
rb_free(stats);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Delete all the blacklists */
|
/* Delete all the DNSBL entries. */
|
||||||
void
|
void
|
||||||
del_blacklist_all(void)
|
del_dnsbl_entry_all(void)
|
||||||
{
|
{
|
||||||
if(bl_stats != NULL)
|
if(dnsbl_stats != NULL)
|
||||||
rb_dictionary_destroy(bl_stats, blacklist_delete, NULL);
|
rb_dictionary_destroy(dnsbl_stats, dnsbl_delete_elem, NULL);
|
||||||
bl_stats = NULL;
|
dnsbl_stats = NULL;
|
||||||
|
|
||||||
rb_helper_write(authd_helper, "O rbl_del_all");
|
rb_helper_write(authd_helper, "O rbl_del_all");
|
||||||
}
|
}
|
||||||
|
|
133
ircd/newconf.c
133
ircd/newconf.c
|
@ -55,10 +55,10 @@ static struct oper_conf *yy_oper = NULL;
|
||||||
|
|
||||||
static struct alias_entry *yy_alias = NULL;
|
static struct alias_entry *yy_alias = NULL;
|
||||||
|
|
||||||
static char *yy_blacklist_host = NULL;
|
static char *yy_dnsbl_entry_host = NULL;
|
||||||
static char *yy_blacklist_reason = NULL;
|
static char *yy_dnsbl_entry_reason = NULL;
|
||||||
static uint8_t yy_blacklist_iptype = 0;
|
static uint8_t yy_dnsbl_entry_iptype = 0;
|
||||||
static rb_dlink_list yy_blacklist_filters = { NULL, NULL, 0 };
|
static rb_dlink_list yy_dnsbl_entry_filters = { NULL, NULL, 0 };
|
||||||
|
|
||||||
static char *yy_opm_address_ipv4 = NULL;
|
static char *yy_opm_address_ipv4 = NULL;
|
||||||
static char *yy_opm_address_ipv6 = NULL;
|
static char *yy_opm_address_ipv6 = NULL;
|
||||||
|
@ -1903,57 +1903,64 @@ conf_set_channel_autochanmodes(void *data)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* XXX for below */
|
/* XXX for below */
|
||||||
static void conf_set_blacklist_reason(void *data);
|
static void conf_set_dnsbl_entry_reason(void *data);
|
||||||
|
|
||||||
#define IPTYPE_IPV4 1
|
#define IPTYPE_IPV4 1
|
||||||
#define IPTYPE_IPV6 2
|
#define IPTYPE_IPV6 2
|
||||||
|
|
||||||
static void
|
static int
|
||||||
conf_set_blacklist_host(void *data)
|
conf_warn_blacklist_deprecation(struct TopConf *tc)
|
||||||
{
|
{
|
||||||
if (yy_blacklist_host)
|
conf_report_error("blacklist{} blocks have been deprecated -- use dnsbl{} blocks instead.");
|
||||||
{
|
return 0;
|
||||||
conf_report_error("blacklist::host %s overlaps existing host %s",
|
|
||||||
(char *)data, yy_blacklist_host);
|
|
||||||
|
|
||||||
/* Cleanup */
|
|
||||||
conf_set_blacklist_reason(NULL);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
yy_blacklist_iptype |= IPTYPE_IPV4;
|
|
||||||
yy_blacklist_host = rb_strdup(data);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
conf_set_blacklist_type(void *data)
|
conf_set_dnsbl_entry_host(void *data)
|
||||||
|
{
|
||||||
|
if (yy_dnsbl_entry_host)
|
||||||
|
{
|
||||||
|
conf_report_error("dnsbl::host %s overlaps existing host %s",
|
||||||
|
(char *)data, yy_dnsbl_entry_host);
|
||||||
|
|
||||||
|
/* Cleanup */
|
||||||
|
conf_set_dnsbl_entry_reason(NULL);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
|
||||||
|
yy_dnsbl_entry_host = rb_strdup(data);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
conf_set_dnsbl_entry_type(void *data)
|
||||||
{
|
{
|
||||||
conf_parm_t *args = data;
|
conf_parm_t *args = data;
|
||||||
|
|
||||||
/* Don't assume we have either if we got here */
|
/* Don't assume we have either if we got here */
|
||||||
yy_blacklist_iptype = 0;
|
yy_dnsbl_entry_iptype = 0;
|
||||||
|
|
||||||
for (; args; args = args->next)
|
for (; args; args = args->next)
|
||||||
{
|
{
|
||||||
if (!rb_strcasecmp(args->v.string, "ipv4"))
|
if (!rb_strcasecmp(args->v.string, "ipv4"))
|
||||||
yy_blacklist_iptype |= IPTYPE_IPV4;
|
yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
|
||||||
else if (!rb_strcasecmp(args->v.string, "ipv6"))
|
else if (!rb_strcasecmp(args->v.string, "ipv6"))
|
||||||
yy_blacklist_iptype |= IPTYPE_IPV6;
|
yy_dnsbl_entry_iptype |= IPTYPE_IPV6;
|
||||||
else
|
else
|
||||||
conf_report_error("blacklist::type has unknown address family %s",
|
conf_report_error("dnsbl::type has unknown address family %s",
|
||||||
args->v.string);
|
args->v.string);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If we have neither, just default to IPv4 */
|
/* If we have neither, just default to IPv4 */
|
||||||
if (!yy_blacklist_iptype)
|
if (!yy_dnsbl_entry_iptype)
|
||||||
{
|
{
|
||||||
conf_report_warning("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
|
conf_report_warning("dnsbl::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
|
||||||
yy_blacklist_iptype = IPTYPE_IPV4;
|
yy_dnsbl_entry_iptype = IPTYPE_IPV4;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
conf_set_blacklist_matches(void *data)
|
conf_set_dnsbl_entry_matches(void *data)
|
||||||
{
|
{
|
||||||
conf_parm_t *args = data;
|
conf_parm_t *args = data;
|
||||||
enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST };
|
enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST };
|
||||||
|
@ -1966,19 +1973,19 @@ conf_set_blacklist_matches(void *data)
|
||||||
|
|
||||||
if (CF_TYPE(args->type) != CF_QSTRING)
|
if (CF_TYPE(args->type) != CF_QSTRING)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches -- must be quoted string");
|
conf_report_error("dnsbl::matches -- must be quoted string");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (str == NULL)
|
if (str == NULL)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches -- invalid entry");
|
conf_report_error("dnsbl::matches -- invalid entry");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strlen(str) > HOSTIPLEN)
|
if (strlen(str) > HOSTIPLEN)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches has an entry too long: %s",
|
conf_report_error("dnsbl::matches has an entry too long: %s",
|
||||||
str);
|
str);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -1990,7 +1997,7 @@ conf_set_blacklist_matches(void *data)
|
||||||
type = FILTER_ALL;
|
type = FILTER_ALL;
|
||||||
else if (!isdigit((unsigned char)*p))
|
else if (!isdigit((unsigned char)*p))
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches has invalid IP match entry %s",
|
conf_report_error("dnsbl::matches has invalid IP match entry %s",
|
||||||
str);
|
str);
|
||||||
type = FILTER_NONE;
|
type = FILTER_NONE;
|
||||||
break;
|
break;
|
||||||
|
@ -2003,7 +2010,7 @@ conf_set_blacklist_matches(void *data)
|
||||||
struct rb_sockaddr_storage tmp;
|
struct rb_sockaddr_storage tmp;
|
||||||
if (rb_inet_pton(AF_INET, str, &tmp) <= 0)
|
if (rb_inet_pton(AF_INET, str, &tmp) <= 0)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches has invalid IP match entry %s",
|
conf_report_error("dnsbl::matches has invalid IP match entry %s",
|
||||||
str);
|
str);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -2013,7 +2020,7 @@ conf_set_blacklist_matches(void *data)
|
||||||
/* Verify it's the correct length */
|
/* Verify it's the correct length */
|
||||||
if (strlen(str) > 3)
|
if (strlen(str) > 3)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches has invalid octet match entry %s",
|
conf_report_error("dnsbl::matches has invalid octet match entry %s",
|
||||||
str);
|
str);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -2023,61 +2030,61 @@ conf_set_blacklist_matches(void *data)
|
||||||
continue; /* Invalid entry */
|
continue; /* Invalid entry */
|
||||||
}
|
}
|
||||||
|
|
||||||
rb_dlinkAddAlloc(rb_strdup(str), &yy_blacklist_filters);
|
rb_dlinkAddAlloc(rb_strdup(str), &yy_dnsbl_entry_filters);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
conf_set_blacklist_reason(void *data)
|
conf_set_dnsbl_entry_reason(void *data)
|
||||||
{
|
{
|
||||||
rb_dlink_node *ptr, *nptr;
|
rb_dlink_node *ptr, *nptr;
|
||||||
|
|
||||||
if (yy_blacklist_host && data)
|
if (yy_dnsbl_entry_host && data)
|
||||||
{
|
{
|
||||||
yy_blacklist_reason = rb_strdup(data);
|
yy_dnsbl_entry_reason = rb_strdup(data);
|
||||||
if (yy_blacklist_iptype & IPTYPE_IPV6)
|
if (yy_dnsbl_entry_iptype & IPTYPE_IPV6)
|
||||||
{
|
{
|
||||||
/* Make sure things fit (magic number 64 = alnum count + dots)
|
/* Make sure things fit (magic number 64 = alnum count + dots)
|
||||||
* Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
|
* Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
|
||||||
*/
|
*/
|
||||||
if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
|
if ((64 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::host %s results in IPv6 queries that are too long",
|
conf_report_error("dnsbl::host %s results in IPv6 queries that are too long",
|
||||||
yy_blacklist_host);
|
yy_dnsbl_entry_host);
|
||||||
goto cleanup_bl;
|
goto cleanup_bl;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */
|
/* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */
|
||||||
if ((yy_blacklist_iptype & IPTYPE_IPV4) && !(yy_blacklist_iptype & IPTYPE_IPV6))
|
if ((yy_dnsbl_entry_iptype & IPTYPE_IPV4) && !(yy_dnsbl_entry_iptype & IPTYPE_IPV6))
|
||||||
{
|
{
|
||||||
/* Make sure things fit for worst case (magic number 16 = number of nums + dots)
|
/* Make sure things fit for worst case (magic number 16 = number of nums + dots)
|
||||||
* Example: 127.127.127.127.in-addr.arpa
|
* Example: 127.127.127.127.in-addr.arpa
|
||||||
*/
|
*/
|
||||||
if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
|
if ((16 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::host %s results in IPv4 queries that are too long",
|
conf_report_error("dnsbl::host %s results in IPv4 queries that are too long",
|
||||||
yy_blacklist_host);
|
yy_dnsbl_entry_host);
|
||||||
goto cleanup_bl;
|
goto cleanup_bl;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
add_blacklist(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_iptype, &yy_blacklist_filters);
|
add_dnsbl_entry(yy_dnsbl_entry_host, yy_dnsbl_entry_reason, yy_dnsbl_entry_iptype, &yy_dnsbl_entry_filters);
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup_bl:
|
cleanup_bl:
|
||||||
RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_blacklist_filters.head)
|
RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_dnsbl_entry_filters.head)
|
||||||
{
|
{
|
||||||
rb_free(ptr->data);
|
rb_free(ptr->data);
|
||||||
rb_dlinkDestroy(ptr, &yy_blacklist_filters);
|
rb_dlinkDestroy(ptr, &yy_dnsbl_entry_filters);
|
||||||
}
|
}
|
||||||
|
|
||||||
yy_blacklist_filters = (rb_dlink_list){ NULL, NULL, 0 };
|
yy_dnsbl_entry_filters = (rb_dlink_list){ NULL, NULL, 0 };
|
||||||
|
|
||||||
rb_free(yy_blacklist_host);
|
rb_free(yy_dnsbl_entry_host);
|
||||||
rb_free(yy_blacklist_reason);
|
rb_free(yy_dnsbl_entry_reason);
|
||||||
yy_blacklist_host = NULL;
|
yy_dnsbl_entry_host = NULL;
|
||||||
yy_blacklist_reason = NULL;
|
yy_dnsbl_entry_reason = NULL;
|
||||||
yy_blacklist_iptype = 0;
|
yy_dnsbl_entry_iptype = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -2895,11 +2902,17 @@ newconf_init()
|
||||||
add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name);
|
add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name);
|
||||||
add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target);
|
add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target);
|
||||||
|
|
||||||
add_top_conf("blacklist", NULL, NULL, NULL);
|
add_top_conf("dnsbl", NULL, NULL, NULL);
|
||||||
add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host);
|
add_conf_item("dnsbl", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
|
||||||
add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type);
|
add_conf_item("dnsbl", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
|
||||||
add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_blacklist_matches);
|
add_conf_item("dnsbl", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
|
||||||
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason);
|
add_conf_item("dnsbl", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
|
||||||
|
|
||||||
|
add_top_conf("blacklist", conf_warn_blacklist_deprecation, NULL, NULL);
|
||||||
|
add_conf_item("blacklist", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
|
||||||
|
add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
|
||||||
|
add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
|
||||||
|
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
|
||||||
|
|
||||||
add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL);
|
add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL);
|
||||||
add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);
|
add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);
|
||||||
|
|
|
@ -1568,7 +1568,7 @@ clear_out_old_conf(void)
|
||||||
alias_dict = NULL;
|
alias_dict = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
del_blacklist_all();
|
del_dnsbl_entry_all();
|
||||||
|
|
||||||
privilegeset_mark_all_illegal();
|
privilegeset_mark_all_illegal();
|
||||||
|
|
||||||
|
|
|
@ -213,25 +213,25 @@ authd_check(struct Client *client_p, struct Client *source_p)
|
||||||
|
|
||||||
switch(source_p->preClient->auth.cause)
|
switch(source_p->preClient->auth.cause)
|
||||||
{
|
{
|
||||||
case 'B': /* Blacklists */
|
case 'B': /* DNSBL */
|
||||||
{
|
{
|
||||||
struct BlacklistStats *stats;
|
struct DNSBLEntryStats *stats;
|
||||||
char *blacklist = source_p->preClient->auth.data;
|
char *dnsbl_name = source_p->preClient->auth.data;
|
||||||
|
|
||||||
if(bl_stats != NULL)
|
if(dnsbl_stats != NULL)
|
||||||
if((stats = rb_dictionary_retrieve(bl_stats, blacklist)) != NULL)
|
if((stats = rb_dictionary_retrieve(dnsbl_stats, dnsbl_name)) != NULL)
|
||||||
stats->hits++;
|
stats->hits++;
|
||||||
|
|
||||||
if(IsExemptKline(source_p) || IsConfExemptDNSBL(aconf))
|
if(IsExemptKline(source_p) || IsConfExemptDNSBL(aconf))
|
||||||
{
|
{
|
||||||
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s, but you are exempt",
|
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s, but you are exempt",
|
||||||
source_p->sockhost, blacklist);
|
source_p->sockhost, dnsbl_name);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
sendto_realops_snomask(SNO_REJ, L_NETWIDE,
|
sendto_realops_snomask(SNO_REJ, L_NETWIDE,
|
||||||
"Listed on DNSBL %s: %s (%s@%s) [%s] [%s]",
|
"Listed on DNSBL %s: %s (%s@%s) [%s] [%s]",
|
||||||
blacklist, source_p->name, source_p->username, source_p->host,
|
dnsbl_name, source_p->name, source_p->username, source_p->host,
|
||||||
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
|
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
|
||||||
source_p->info);
|
source_p->info);
|
||||||
|
|
||||||
|
@ -239,9 +239,9 @@ authd_check(struct Client *client_p, struct Client *source_p)
|
||||||
me.name, source_p->name, reason);
|
me.name, source_p->name, reason);
|
||||||
|
|
||||||
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
|
sendto_one_notice(source_p, ":*** Your IP address %s is listed in %s",
|
||||||
source_p->sockhost, blacklist);
|
source_p->sockhost, dnsbl_name);
|
||||||
add_reject(source_p, NULL, NULL, NULL, "Banned (DNS blacklist)");
|
add_reject(source_p, NULL, NULL, NULL, "Banned (listed in a DNSBL)");
|
||||||
exit_client(client_p, source_p, &me, "Banned (DNS blacklist)");
|
exit_client(client_p, source_p, &me, "Banned (listed in a DNSBL)");
|
||||||
reject = true;
|
reject = true;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
@ -927,7 +927,7 @@ report_and_set_user_flags(struct Client *source_p, struct ConfItem *aconf)
|
||||||
if(IsConfExemptDNSBL(aconf))
|
if(IsConfExemptDNSBL(aconf))
|
||||||
/* kline exempt implies this, don't send both */
|
/* kline exempt implies this, don't send both */
|
||||||
if(!IsConfExemptKline(aconf))
|
if(!IsConfExemptKline(aconf))
|
||||||
sendto_one_notice(source_p, ":*** You are exempt from DNS blacklists");
|
sendto_one_notice(source_p, ":*** You are exempt from DNSBL listings");
|
||||||
|
|
||||||
/* If this user is exempt from user limits set it F lined" */
|
/* If this user is exempt from user limits set it F lined" */
|
||||||
if(IsConfExemptLimits(aconf))
|
if(IsConfExemptLimits(aconf))
|
||||||
|
|
|
@ -756,12 +756,12 @@ static void
|
||||||
stats_dnsbl(struct Client *source_p)
|
stats_dnsbl(struct Client *source_p)
|
||||||
{
|
{
|
||||||
rb_dictionary_iter iter;
|
rb_dictionary_iter iter;
|
||||||
struct BlacklistStats *stats;
|
struct DNSBLEntryStats *stats;
|
||||||
|
|
||||||
if(bl_stats == NULL)
|
if(dnsbl_stats == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
RB_DICTIONARY_FOREACH(stats, &iter, bl_stats)
|
RB_DICTIONARY_FOREACH(stats, &iter, dnsbl_stats)
|
||||||
{
|
{
|
||||||
/* use RPL_STATSDEBUG for now -- jilles */
|
/* use RPL_STATSDEBUG for now -- jilles */
|
||||||
sendto_one_numeric(source_p, RPL_STATSDEBUG, "n :%d %s",
|
sendto_one_numeric(source_p, RPL_STATSDEBUG, "n :%d %s",
|
||||||
|
|
Loading…
Reference in a new issue