Add exempt logic for open proxies
This commit is contained in:
Elizabeth Myers
parent
51fa2ab8a3
commit
fbe8d087e7
4 changed files with 50 additions and 16 deletions
|
|
@ -215,6 +215,9 @@ reject_client(struct auth_client *auth, provider_t id, const char *data, const c
|
|||
case PROVIDER_BLACKLIST:
|
||||
reject = 'B';
|
||||
break;
|
||||
case PROVIDER_OPM:
|
||||
reject = 'O';
|
||||
break;
|
||||
default:
|
||||
reject = 'N';
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@ struct ConfItem
|
|||
#define CONF_FLAGS_EXTEND_CHANS 0x00080000
|
||||
#define CONF_FLAGS_ENCRYPTED 0x00200000
|
||||
#define CONF_FLAGS_EXEMPTDNSBL 0x04000000
|
||||
#define CONF_FLAGS_EXEMPTPROXY 0x08000000
|
||||
|
||||
|
||||
/* Macros for struct ConfItem */
|
||||
|
|
@ -130,6 +131,7 @@ struct ConfItem
|
|||
#define IsConfEncrypted(x) ((x)->flags & CONF_FLAGS_ENCRYPTED)
|
||||
#define IsNeedSasl(x) ((x)->flags & CONF_FLAGS_NEED_SASL)
|
||||
#define IsConfExemptDNSBL(x) ((x)->flags & CONF_FLAGS_EXEMPTDNSBL)
|
||||
#define IsConfExemptProxy(x) ((x)->flags & CONF_FLAGS_EXEMPTPROXY)
|
||||
#define IsConfExtendChans(x) ((x)->flags & CONF_FLAGS_EXTEND_CHANS)
|
||||
#define IsConfSSLNeeded(x) ((x)->flags & CONF_FLAGS_NEED_SSL)
|
||||
|
||||
|
|
|
|||
|
|
@ -335,6 +335,7 @@ static struct mode_table auth_table[] = {
|
|||
{"spoof_notice", CONF_FLAGS_SPOOF_NOTICE },
|
||||
{"exceed_limit", CONF_FLAGS_NOLIMIT },
|
||||
{"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL },
|
||||
{"proxy_exempt", CONF_FLAGS_EXEMPTPROXY },
|
||||
{"kline_exempt", CONF_FLAGS_EXEMPTKLINE },
|
||||
{"flood_exempt", CONF_FLAGS_EXEMPTFLOOD },
|
||||
{"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT },
|
||||
|
|
|
|||
|
|
@ -467,6 +467,34 @@ register_local_user(struct Client *client_p, struct Client *source_p)
|
|||
return CLIENT_EXITED;
|
||||
}
|
||||
break;
|
||||
case 'O':
|
||||
if(IsExemptKline(source_p) || IsConfExemptProxy(aconf))
|
||||
{
|
||||
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s), but you are exempt",
|
||||
source_p->sockhost, source_p->preClient->authd_data);
|
||||
}
|
||||
else
|
||||
{
|
||||
sendto_realops_snomask(SNO_REJ, L_NETWIDE,
|
||||
"Open proxy %s: %s (%s@%s) [%s] [%s]",
|
||||
source_p->preClient->authd_data,
|
||||
source_p->name,
|
||||
source_p->username, source_p->host,
|
||||
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
|
||||
source_p->info);
|
||||
|
||||
ServerStats.is_ref++;
|
||||
|
||||
sendto_one(source_p, form_str(ERR_YOUREBANNEDCREEP),
|
||||
me.name, source_p->name, reason);
|
||||
|
||||
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s)",
|
||||
source_p->sockhost, source_p->preClient->authd_data);
|
||||
add_reject(source_p, NULL, NULL);
|
||||
exit_client(client_p, source_p, &me, "*** Banned (Open proxy)");
|
||||
substitution_free(&varlist);
|
||||
return CLIENT_EXITED;
|
||||
}
|
||||
default: /* Unknown, but handle the case properly */
|
||||
if (IsExemptKline(source_p))
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue