2 * IRC - Internet Relay Chat, ircd/s_conf.c
3 * Copyright (C) 1990 Jarkko Oikarinen and
4 * University of Oulu, Computing Center
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 1, or (at your option)
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
29 #include "ircd_features.h"
34 #include "ircd_alloc.h"
35 #include "ircd_auth.h"
36 #include "ircd_chattr.h"
38 #include "ircd_reply.h"
39 #include "ircd_snprintf.h"
40 #include "ircd_string.h"
59 #include <arpa/inet.h>
69 struct ConfItem *GlobalConfList = 0;
70 int GlobalConfCount = 0;
71 struct s_map *GlobalServiceMapList = 0;
72 struct qline *GlobalQuarantineList = 0;
77 struct LocalConf localConf;
78 struct CRuleConf* cruleConfList;
79 /* struct ServerConf* serverConfList; */
80 struct DenyConf* denyConfList;
83 * output the reason for being k lined from a file - Mmmm
84 * sptr is client being dumped
85 * filename is the file that is to be output to the K lined client
87 static void killcomment(struct Client* sptr, const char* filename)
94 if (NULL == (file = fbopen(filename, "r"))) {
95 send_reply(sptr, ERR_NOMOTD);
96 send_reply(sptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP,
97 ":Connection from your host is refused on this server.");
101 tm = localtime((time_t*) &sb.st_mtime); /* NetBSD needs cast */
102 while (fbgets(line, sizeof(line) - 1, file)) {
103 char* end = line + strlen(line);
106 if ('\n' == *end || '\r' == *end)
111 send_reply(sptr, RPL_MOTD, line);
113 send_reply(sptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP,
114 ":Connection from your host is refused on this server.");
118 struct ConfItem* make_conf(void)
120 struct ConfItem* aconf;
122 aconf = (struct ConfItem*) MyMalloc(sizeof(struct ConfItem));
127 memset(aconf, 0, sizeof(struct ConfItem));
128 aconf->status = CONF_ILLEGAL;
132 void delist_conf(struct ConfItem *aconf)
134 if (aconf == GlobalConfList)
135 GlobalConfList = GlobalConfList->next;
137 struct ConfItem *bconf;
139 for (bconf = GlobalConfList; aconf != bconf->next; bconf = bconf->next)
141 bconf->next = aconf->next;
146 void free_conf(struct ConfItem *aconf)
148 Debug((DEBUG_DEBUG, "free_conf: %s %s %d",
149 aconf->host ? aconf->host : "*",
150 aconf->name ? aconf->name : "*",
151 aconf->address.port));
152 if (aconf->dns_pending)
153 delete_resolver_queries(aconf);
156 memset(aconf->passwd, 0, strlen(aconf->passwd));
157 MyFree(aconf->passwd);
166 * detach_conf - Disassociate configuration from the client.
168 static void detach_conf(struct Client* cptr, struct ConfItem* aconf)
175 assert(0 < aconf->clients);
177 lp = &(cli_confs(cptr));
180 if ((*lp)->value.aconf == aconf) {
181 if (aconf->conn_class && (aconf->status & CONF_CLIENT_MASK) && ConfLinks(aconf) > 0)
184 assert(0 < aconf->clients);
185 if (0 == --aconf->clients && IsIllegal(aconf))
197 * conf_dns_callback - called when resolver query finishes
198 * if the query resulted in a successful search, hp will contain
199 * a non-null pointer, otherwise hp will be null.
200 * if successful save hp in the conf item it was called with
202 static void conf_dns_callback(void* vptr, struct DNSReply* hp)
204 struct ConfItem* aconf = (struct ConfItem*) vptr;
206 aconf->dns_pending = 0;
208 memcpy(&aconf->address.addr, &hp->addr, sizeof(aconf->address.addr));
214 * conf_dns_lookup - do a nameserver lookup of the conf host
215 * if the conf entry is currently doing a ns lookup do nothing, otherwise
216 * if the lookup returns a null pointer, set the conf dns_pending flag
218 static void conf_dns_lookup(struct ConfItem* aconf)
220 if (!aconf->dns_pending) {
221 char buf[HOSTLEN + 1];
222 struct DNSQuery query;
224 query.callback = conf_dns_callback;
225 host_from_uh(buf, aconf->host, HOSTLEN);
228 gethost_byname(buf, &query);
229 aconf->dns_pending = 1;
237 * Do (start) DNS lookups of all hostnames in the conf line and convert
238 * an IP addresses in a.b.c.d number for to IP#s.
241 lookup_confhost(struct ConfItem *aconf)
243 if (EmptyString(aconf->host) || EmptyString(aconf->name)) {
244 Debug((DEBUG_ERROR, "Host/server name error: (%s) (%s)",
245 aconf->host, aconf->name));
248 if (aconf->origin_name
249 && !ircd_aton(&aconf->origin.addr, aconf->origin_name)) {
250 Debug((DEBUG_ERROR, "Origin name error: (%s) (%s)",
251 aconf->origin_name, aconf->name));
254 * Do name lookup now on hostnames given and store the
255 * ip numbers in conf structure.
257 if (IsIP6Char(*aconf->host)) {
258 if (!ircd_aton(&aconf->address.addr, aconf->host)) {
259 Debug((DEBUG_ERROR, "Host/server name error: (%s) (%s)",
260 aconf->host, aconf->name));
264 conf_dns_lookup(aconf);
268 * conf_find_server - find a server by name or hostname
269 * returns a server conf item pointer if found, 0 otherwise
271 * NOTE: at some point when we don't have to scan the entire
272 * list it may be cheaper to look for server names and host
273 * names in separate loops (original code did it that way)
275 struct ConfItem* conf_find_server(const char* name)
277 struct ConfItem* conf;
280 for (conf = GlobalConfList; conf; conf = conf->next) {
281 if (CONF_SERVER == conf->status) {
283 * Check first servernames, then try hostnames.
284 * XXX - match returns 0 if there _is_ a match... guess they
285 * haven't decided what true is yet
287 if (0 == match(name, conf->name))
295 * conf_eval_crule - evaluate connection rules
296 * returns the name of the rule triggered if found, 0 otherwise
298 * Evaluate connection rules... If no rules found, allow the
299 * connect. Otherwise stop with the first true rule (ie: rules
300 * are ored together. Oper connects are effected only by D
301 * lines (CRULE_ALL) not d lines (CRULE_AUTO).
303 const char* conf_eval_crule(const char* name, int mask)
305 struct CRuleConf* p = cruleConfList;
308 for ( ; p; p = p->next) {
309 if (0 != (p->type & mask) && 0 == match(p->hostmask, name)) {
310 if (crule_eval(p->node))
318 * Remove all conf entries from the client except those which match
319 * the status field mask.
321 void det_confs_butmask(struct Client* cptr, int mask)
327 for (link = cli_confs(cptr); link; link = next) {
329 if ((link->value.aconf->status & mask) == 0)
330 detach_conf(cptr, link->value.aconf);
335 * check_limit_and_attach - check client limits and attach I:line
337 * Made it accept 1 charactor, and 2 charactor limits (0->99 now),
338 * and dislallow more than 255 people here as well as in ipcheck.
339 * removed the old "ONE" scheme too.
340 * -- Isomer 2000-06-22
342 static enum AuthorizationCheckResult
343 check_limit_and_attach(struct Client* cptr, struct ConfItem* aconf)
348 if (IsDigit(*aconf->passwd) && !aconf->passwd[1])
349 number = *aconf->passwd-'0';
350 else if (IsDigit(*aconf->passwd) && IsDigit(aconf->passwd[1]) &&
352 number = (*aconf->passwd-'0')*10+(aconf->passwd[1]-'0');
354 if (IPcheck_nr(cptr) > number)
355 return ACR_TOO_MANY_FROM_IP;
356 return attach_conf(cptr, aconf);
360 * Find the first (best) I line to attach.
362 enum AuthorizationCheckResult attach_iline(struct Client* cptr)
364 struct ConfItem* aconf;
365 static char uhost[HOSTLEN + USERLEN + 3];
366 static char fullname[HOSTLEN + 1];
367 struct DNSReply* hp = 0;
371 if (cli_dns_reply(cptr))
372 hp = cli_dns_reply(cptr);
374 for (aconf = GlobalConfList; aconf; aconf = aconf->next) {
375 if (aconf->status != CONF_CLIENT)
377 if (aconf->address.port && aconf->address.port != cli_listener(cptr)->addr.port)
379 if (!aconf->host || !aconf->name)
382 ircd_strncpy(fullname, hp->h_name, HOSTLEN);
383 fullname[HOSTLEN] = '\0';
385 Debug((DEBUG_DNS, "a_il: %s->%s", cli_sockhost(cptr), fullname));
387 if (strchr(aconf->name, '@')) {
388 strcpy(uhost, cli_username(cptr));
393 strncat(uhost, fullname, sizeof(uhost) - 1 - strlen(uhost));
394 uhost[sizeof(uhost) - 1] = 0;
395 if (0 == match(aconf->name, uhost)) {
396 if (strchr(uhost, '@'))
397 SetFlag(cptr, FLAG_DOID);
398 return check_limit_and_attach(cptr, aconf);
401 if (strchr(aconf->host, '@')) {
402 ircd_strncpy(uhost, cli_username(cptr), sizeof(uhost) - 2);
403 uhost[sizeof(uhost) - 2] = 0;
408 strncat(uhost, cli_sock_ip(cptr), sizeof(uhost) - 1 - strlen(uhost));
409 uhost[sizeof(uhost) - 1] = 0;
410 if (match(aconf->host, uhost))
412 if (strchr(uhost, '@'))
413 SetFlag(cptr, FLAG_DOID);
415 return check_limit_and_attach(cptr, aconf);
417 return ACR_NO_AUTHORIZATION;
420 static int is_attached(struct ConfItem *aconf, struct Client *cptr)
424 for (lp = cli_confs(cptr); lp; lp = lp->next) {
425 if (lp->value.aconf == aconf)
434 * Associate a specific configuration entry to a *local*
435 * client (this is the one which used in accepting the
436 * connection). Note, that this automaticly changes the
437 * attachment if there was an old one...
439 enum AuthorizationCheckResult attach_conf(struct Client *cptr, struct ConfItem *aconf)
443 if (is_attached(aconf, cptr))
444 return ACR_ALREADY_AUTHORIZED;
445 if (IsIllegal(aconf))
446 return ACR_NO_AUTHORIZATION;
447 if ((aconf->status & (CONF_OPERATOR | CONF_CLIENT)) &&
448 ConfLinks(aconf) >= ConfMaxLinks(aconf) && ConfMaxLinks(aconf) > 0)
449 return ACR_TOO_MANY_IN_CLASS; /* Use this for printing error message */
451 lp->next = cli_confs(cptr);
452 lp->value.aconf = aconf;
453 cli_confs(cptr) = lp;
455 if (aconf->status & CONF_CLIENT_MASK)
460 const struct LocalConf* conf_get_local(void)
466 * attach_confs_byname
468 * Attach a CONF line to a client if the name passed matches that for
469 * the conf file (for non-C/N lines) or is an exact match (C/N lines
470 * only). The difference in behaviour is to stop C:*::* and N:*::*.
472 struct ConfItem* attach_confs_byname(struct Client* cptr, const char* name,
475 struct ConfItem* tmp;
476 struct ConfItem* first = NULL;
480 if (HOSTLEN < strlen(name))
483 for (tmp = GlobalConfList; tmp; tmp = tmp->next) {
484 if (0 != (tmp->status & statmask) && !IsIllegal(tmp)) {
485 assert(0 != tmp->name);
486 if (0 == match(tmp->name, name) || 0 == ircd_strcmp(tmp->name, name)) {
487 if (ACR_OK == attach_conf(cptr, tmp) && !first)
496 * Added for new access check meLazy
498 struct ConfItem* attach_confs_byhost(struct Client* cptr, const char* host,
501 struct ConfItem* tmp;
502 struct ConfItem* first = 0;
505 if (HOSTLEN < strlen(host))
508 for (tmp = GlobalConfList; tmp; tmp = tmp->next) {
509 if (0 != (tmp->status & statmask) && !IsIllegal(tmp)) {
510 assert(0 != tmp->host);
511 if (0 == match(tmp->host, host) || 0 == ircd_strcmp(tmp->host, host)) {
512 if (ACR_OK == attach_conf(cptr, tmp) && !first)
521 * find a conf entry which matches the hostname and has the same name.
523 struct ConfItem* find_conf_exact(const char* name, const char* user,
524 const char* host, int statmask)
526 struct ConfItem *tmp;
527 char userhost[USERLEN + HOSTLEN + 3];
530 ircd_snprintf(0, userhost, sizeof(userhost), "%s@%s", user, host);
532 ircd_strncpy(userhost, host, sizeof(userhost) - 1);
534 for (tmp = GlobalConfList; tmp; tmp = tmp->next) {
535 if (!(tmp->status & statmask) || !tmp->name || !tmp->host ||
536 0 != ircd_strcmp(tmp->name, name))
539 * Accept if the *real* hostname (usually sockecthost)
540 * socket host) matches *either* host or name field
541 * of the configuration.
543 if (match(tmp->host, userhost))
545 if (tmp->status & CONF_OPERATOR) {
546 if (tmp->clients < MaxLinks(tmp->conn_class))
557 struct ConfItem* find_conf_byname(struct SLink* lp, const char* name,
560 struct ConfItem* tmp;
563 if (HOSTLEN < strlen(name))
566 for (; lp; lp = lp->next) {
567 tmp = lp->value.aconf;
568 if (0 != (tmp->status & statmask)) {
569 assert(0 != tmp->name);
570 if (0 == ircd_strcmp(tmp->name, name) || 0 == match(tmp->name, name))
578 * Added for new access check meLazy
580 struct ConfItem* find_conf_byhost(struct SLink* lp, const char* host,
583 struct ConfItem* tmp = NULL;
586 if (HOSTLEN < strlen(host))
589 for (; lp; lp = lp->next) {
590 tmp = lp->value.aconf;
591 if (0 != (tmp->status & statmask)) {
592 assert(0 != tmp->host);
593 if (0 == match(tmp->host, host))
603 * Find a conf line using the IP# stored in it to search upon.
604 * Added 1/8/92 by Avalon.
606 struct ConfItem* find_conf_byip(struct SLink* lp, const struct irc_in_addr* ip,
609 struct ConfItem* tmp;
611 for (; lp; lp = lp->next) {
612 tmp = lp->value.aconf;
613 if (0 != (tmp->status & statmask)
614 && !irc_in_addr_cmp(&tmp->address.addr, ip))
623 * - looks for a match on all given fields.
626 static struct ConfItem *find_conf_entry(struct ConfItem *aconf,
629 struct ConfItem *bconf;
632 mask &= ~CONF_ILLEGAL;
634 for (bconf = GlobalConfList; bconf; bconf = bconf->next) {
635 if (!(bconf->status & mask) || (bconf->port != aconf->port))
638 if ((EmptyString(bconf->host) && !EmptyString(aconf->host)) ||
639 (EmptyString(aconf->host) && !EmptyString(bconf->host)))
641 if (!EmptyString(bconf->host) && 0 != ircd_strcmp(bconf->host, aconf->host))
644 if ((EmptyString(bconf->passwd) && !EmptyString(aconf->passwd)) ||
645 (EmptyString(aconf->passwd) && !EmptyString(bconf->passwd)))
647 if (!EmptyString(bconf->passwd) && (!IsDigit(*bconf->passwd) || bconf->passwd[1])
648 && 0 != ircd_strcmp(bconf->passwd, aconf->passwd))
651 if ((EmptyString(bconf->name) && !EmptyString(aconf->name)) ||
652 (EmptyString(aconf->name) && !EmptyString(bconf->name)))
654 if (!EmptyString(bconf->name) && 0 != ircd_strcmp(bconf->name, aconf->name))
662 * If conf line is a class definition, create a class entry
663 * for it and make the conf_line illegal and delete it.
665 void conf_add_class(const char* const* fields, int count)
669 add_class(atoi(fields[1]), atoi(fields[2]), atoi(fields[3]),
670 atoi(fields[4]), atoi(fields[5]));
673 void conf_add_listener(const char* const* fields, int count)
681 if (count < 5 || EmptyString(fields[4]))
684 if (!EmptyString(fields[3])) {
685 const char* x = fields[3];
686 if ('S' == ToUpper(*x))
689 if ('H' == ToUpper(*x))
692 /* port vhost mask */
693 add_listener(atoi(fields[4]), fields[2], fields[1], is_server, is_hidden);
696 void conf_add_local(const char* const* fields, int count)
698 if (count < 6 || EmptyString(fields[1]) || EmptyString(fields[5])) {
699 log_write(LS_CONFIG, L_CRIT, 0, "Your M: line must have 6 fields!");
703 * these two can only be set the first time
705 if (0 == localConf.name) {
706 if (string_is_hostname(fields[1]))
707 DupString(localConf.name, fields[1]);
709 if (0 == localConf.numeric) {
710 localConf.numeric = atoi(fields[5]);
711 if (0 == localConf.numeric)
712 log_write(LS_CONFIG, L_WARNING, 0,
713 "Your M: line must have a Numeric value greater than 0");
716 * these two can be changed while the server is running
718 if (string_is_address(fields[2])) {
719 if (INADDR_NONE == (localConf.vhost_address.s_addr = inet_addr(fields[2])))
720 localConf.vhost_address.s_addr = INADDR_ANY;
722 MyFree(localConf.description);
723 DupString(localConf.description, fields[3]);
725 * XXX - shouldn't be setting these directly here
727 ircd_strncpy(cli_info(&me), fields[3], REALLEN);
728 set_virtual_host(localConf.vhost_address);
731 void conf_add_admin(const char* const* fields, int count)
734 * if you have one, it MUST have 3 lines
737 log_write(LS_CONFIG, L_CRIT, 0, "Your A: line must have 4 fields!");
740 MyFree(localConf.location1);
741 DupString(localConf.location1, fields[1]);
743 MyFree(localConf.location2);
744 DupString(localConf.location2, fields[2]);
746 MyFree(localConf.contact);
747 DupString(localConf.contact, fields[3]);
751 * conf_add_crule - Create expression tree from connect rule and add it
754 void conf_add_crule(const char* const* fields, int count, int type)
756 struct CRuleNode* node;
759 if (count < 4 || EmptyString(fields[1]) || EmptyString(fields[3]))
762 if ((node = crule_parse(fields[3]))) {
763 struct CRuleConf* p = (struct CRuleConf*) MyMalloc(sizeof(struct CRuleConf));
766 DupString(p->hostmask, fields[1]);
767 collapse(p->hostmask);
769 DupString(p->rule, fields[3]);
773 p->next = cruleConfList;
779 void conf_erase_crule_list(void)
781 struct CRuleConf* next;
782 struct CRuleConf* p = cruleConfList;
784 for ( ; p; p = next) {
786 crule_free(&p->node);
794 const struct CRuleConf* conf_get_crule_list(void)
796 return cruleConfList;
799 void conf_erase_deny_list(void)
801 struct DenyConf* next;
802 struct DenyConf* p = denyConfList;
803 for ( ; p; p = next) {
813 const struct DenyConf* conf_get_deny_list(void)
819 find_quarantine(const char *chname)
823 for (qline = GlobalQuarantineList; qline; qline = qline->next)
824 if (!ircd_strcmp(qline->chname, chname))
825 return qline->reason;
829 void clear_quarantines(void)
832 while ((qline = GlobalQuarantineList))
834 GlobalQuarantineList = qline->next;
835 MyFree(qline->reason);
836 MyFree(qline->chname);
843 * read_configuration_file
845 * Read configuration file.
847 * returns 0, if file cannot be opened
851 #define MAXCONFLINKS 150
853 static int conf_error;
854 static int conf_already_read;
856 void init_lexer(void);
858 int read_configuration_file(void)
861 feature_unmark(); /* unmark all features for resetting later */
862 /* Now just open an fd. The buffering isn't really needed... */
867 feature_mark(); /* reset unmarked features */
868 conf_already_read = 1;
873 yyerror(const char *msg)
875 sendto_opmask_butone(0, SNO_ALL, "Config file parse error line %d: %s",
877 log_write(LS_CONFIG, L_ERROR, 0, "Config file parse error line %d: %s",
879 if (!conf_already_read)
880 fprintf(stderr, "Config file parse error line %d: %s\n", lineno, msg);
887 * Actual REHASH service routine. Called with sig == 0 if it has been called
888 * as a result of an operator issuing this command, else assume it has been
889 * called as a result of the server receiving a HUP signal.
891 int rehash(struct Client *cptr, int sig)
893 struct ConfItem** tmp = &GlobalConfList;
894 struct ConfItem* tmp2;
895 struct Client* acptr;
901 sendto_opmask_butone(0, SNO_OLDSNO,
902 "Got signal SIGHUP, reloading ircd conf. file");
904 while ((tmp2 = *tmp)) {
907 * Configuration entry is still in use by some
908 * local clients, cannot delete it--mark it so
909 * that it will be deleted when the last client
912 if (CONF_CLIENT == (tmp2->status & CONF_CLIENT))
918 tmp2->status |= CONF_ILLEGAL;
925 conf_erase_crule_list();
926 conf_erase_deny_list();
930 * delete the juped nicks list
940 mark_listeners_closing();
941 iauth_mark_closing();
943 read_configuration_file();
945 log_reopen(); /* reopen log files */
947 iauth_close_unused();
949 class_delete_marked(); /* unless it fails */
952 * Flush out deleted I and P lines although still in use.
954 for (tmp = &GlobalConfList; (tmp2 = *tmp);) {
955 if (CONF_ILLEGAL == (tmp2->status & CONF_ILLEGAL)) {
965 for (i = 0; i <= HighestFd; i++) {
966 if ((acptr = LocalClientArray[i])) {
967 assert(!IsMe(acptr));
968 if (IsServer(acptr)) {
969 det_confs_butmask(acptr,
970 ~(CONF_HUB | CONF_LEAF | CONF_UWORLD | CONF_ILLEGAL));
971 attach_confs_byname(acptr, cli_name(acptr),
972 CONF_HUB | CONF_LEAF | CONF_UWORLD);
974 /* Because admin's are getting so uppity about people managing to
975 * get past K/G's etc, we'll "fix" the bug by actually explaining
978 if ((found_g = find_kill(acptr))) {
979 sendto_opmask_butone(0, found_g == -2 ? SNO_GLINE : SNO_OPERKILL,
980 found_g == -2 ? "G-line active for %s%s" :
981 "K-line active for %s%s",
982 IsUnknown(acptr) ? "Unregistered Client ":"",
983 get_client_name(acptr, SHOW_IP));
984 if (exit_client(cptr, acptr, &me, found_g == -2 ? "G-lined" :
985 "K-lined") == CPTR_KILLED)
997 * Read configuration file.
999 * returns 0, if file cannot be opened
1005 if (read_configuration_file()) {
1007 * make sure we're sane to start if the config
1008 * file read didn't get everything we need.
1009 * XXX - should any of these abort the server?
1010 * TODO: add warning messages
1012 if (0 == localConf.name || 0 == localConf.numeric)
1017 if (0 == localConf.location1)
1018 DupString(localConf.location1, "");
1019 if (0 == localConf.location2)
1020 DupString(localConf.location2, "");
1021 if (0 == localConf.contact)
1022 DupString(localConf.contact, "");
1034 * 0: Client may continue to try and connect
1035 * -1: Client was K/k:'d - sideeffect: reason was sent.
1036 * -2: Client was G/g:'d - sideeffect: reason was sent.
1038 * Client may have been sent a reason why they are denied, as above.
1040 int find_kill(struct Client *cptr)
1044 const char* realname;
1045 struct DenyConf* deny;
1046 struct Gline* agline = NULL;
1050 if (!cli_user(cptr))
1053 host = cli_sockhost(cptr);
1054 name = cli_user(cptr)->username;
1055 realname = cli_info(cptr);
1057 assert(strlen(host) <= HOSTLEN);
1058 assert((name ? strlen(name) : 0) <= HOSTLEN);
1059 assert((realname ? strlen(realname) : 0) <= REALLEN);
1061 /* 2000-07-14: Rewrote this loop for massive speed increases.
1064 for (deny = denyConfList; deny; deny = deny->next) {
1065 if (0 != match(deny->usermask, name))
1068 if (EmptyString(deny->hostmask))
1071 if (deny->flags & DENY_FLAGS_REALNAME) { /* K: by real name */
1072 if (0 == match(deny->hostmask + 2, realname))
1074 } else if (deny->flags & DENY_FLAGS_IP) { /* k: by IP */
1076 char tbuf1[SOCKIPLEN], tbuf2[SOCKIPLEN];
1077 Debug((DEBUG_DEBUG, "ip: %s network: %s/%u",
1078 ircd_ntoa_r(tbuf1, &cli_ip(cptr)), ircd_ntoa_r(tbuf2, &deny->address), deny->bits));
1080 if (ipmask_check(&cli_ip(cptr), &deny->address, deny->bits))
1083 else if (0 == match(deny->hostmask, host))
1087 if (EmptyString(deny->message))
1088 send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP,
1089 ":Connection from your host is refused on this server.");
1091 if (deny->flags & DENY_FLAGS_FILE)
1092 killcomment(cptr, deny->message);
1094 send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, ":%s.", deny->message);
1097 else if ((agline = gline_lookup(cptr, 0))) {
1099 * find active glines
1100 * added a check against the user's IP address to find_gline() -Kev
1102 send_reply(cptr, SND_EXPLICIT | ERR_YOUREBANNEDCREEP, ":%s.", GlineReason(agline));
1114 * Ordinary client access check. Look for conf lines which have the same
1115 * status as the flags passed.
1117 enum AuthorizationCheckResult conf_check_client(struct Client *cptr)
1119 enum AuthorizationCheckResult acr = ACR_OK;
1123 if ((acr = attach_iline(cptr))) {
1124 Debug((DEBUG_DNS, "ch_cl: access denied: %s[%s]",
1125 cli_name(cptr), cli_sockhost(cptr)));
1134 * Check access for a server given its name (passed in cptr struct).
1135 * Must check for all C/N lines which have a name which matches the
1136 * name given and a host which matches. A host alias which is the
1137 * same as the server name is also acceptable in the host field of a
1142 * -1 = Access denied
1145 int conf_check_server(struct Client *cptr)
1147 struct ConfItem* c_conf = NULL;
1150 Debug((DEBUG_DNS, "sv_cl: check access for %s[%s]",
1151 cli_name(cptr), cli_sockhost(cptr)));
1153 if (IsUnknown(cptr) && !attach_confs_byname(cptr, cli_name(cptr), CONF_SERVER)) {
1154 Debug((DEBUG_DNS, "No C/N lines for %s", cli_sockhost(cptr)));
1157 lp = cli_confs(cptr);
1159 * We initiated this connection so the client should have a C and N
1160 * line already attached after passing through the connect_server()
1163 if (IsConnecting(cptr) || IsHandshake(cptr)) {
1164 c_conf = find_conf_byname(lp, cli_name(cptr), CONF_SERVER);
1166 sendto_opmask_butone(0, SNO_OLDSNO, "Connect Error: lost C:line for %s",
1168 det_confs_butmask(cptr, 0);
1176 if (cli_dns_reply(cptr)) {
1177 struct DNSReply* hp = cli_dns_reply(cptr);
1178 const char* name = hp->h_name;
1180 * If we are missing a C or N line from above, search for
1181 * it under all known hostnames we have for this ip#.
1183 if ((c_conf = find_conf_byhost(lp, hp->h_name, CONF_SERVER)))
1184 ircd_strncpy(cli_sockhost(cptr), name, HOSTLEN);
1186 c_conf = find_conf_byip(lp, &hp->addr, CONF_SERVER);
1190 * Check for C lines with the hostname portion the ip number
1191 * of the host the server runs on. This also checks the case where
1192 * there is a server connecting from 'localhost'.
1194 c_conf = find_conf_byhost(lp, cli_sockhost(cptr), CONF_SERVER);
1198 * Attach by IP# only if all other checks have failed.
1199 * It is quite possible to get here with the strange things that can
1200 * happen when using DNS in the way the irc server does. -avalon
1203 c_conf = find_conf_byip(lp, &cli_ip(cptr), CONF_SERVER);
1205 * detach all conf lines that got attached by attach_confs()
1207 det_confs_butmask(cptr, 0);
1209 * if no C or no N lines, then deny access
1212 Debug((DEBUG_DNS, "sv_cl: access denied: %s[%s@%s]",
1213 cli_name(cptr), cli_username(cptr), cli_sockhost(cptr)));
1216 ircd_strncpy(cli_name(cptr), c_conf->name, HOSTLEN);
1218 * attach the C and N lines to the client structure for later use.
1220 attach_conf(cptr, c_conf);
1221 attach_confs_byname(cptr, cli_name(cptr), CONF_HUB | CONF_LEAF | CONF_UWORLD);
1223 if (!irc_in_addr_valid(&c_conf->address.addr))
1224 memcpy(&c_conf->address.addr, &cli_ip(cptr), sizeof(c_conf->address.addr));
1226 Debug((DEBUG_DNS, "sv_cl: access ok: %s[%s]",
1227 cli_name(cptr), cli_sockhost(cptr)));