From 482194058738a873e2a92144e7bd8a36bc0cba81 Mon Sep 17 00:00:00 2001 From: Michael Poole Date: Tue, 14 Dec 2004 00:21:54 +0000 Subject: [PATCH] Remove obsolete tools/crypter script. Allow Client blocks to independently match username, hostname and IP. Fix DNS resolution so hostname matching can work. git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/trunk@1272 c9e4aea6-c8fd-4c43-8297-357d70d61c8c --- ChangeLog | 23 +++++++++++++++++++ doc/example.conf | 29 ++++++++++++++++-------- ircd/ircd_lexer.l | 2 ++ ircd/ircd_parser.y | 38 ++++++++++++++++++++----------- ircd/ircd_res.c | 30 ++++++++++++++----------- ircd/os_generic.c | 19 +++++++++++----- ircd/s_conf.c | 14 +++++------- tools/crypter | 56 ---------------------------------------------- 8 files changed, 106 insertions(+), 105 deletions(-) delete mode 100755 tools/crypter diff --git a/ChangeLog b/ChangeLog index 0a26e29..d80d8bb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,26 @@ +2004-12-13 Michael Poole + + * doc/example.conf: Update configuration to move Client block + comment after sample Class blocks, and update entries in it. + + * ircd/ircd_lexer.y: Recognize IP and USERNAME tokens. + + * ircd/ircd_parser.y: Add ip and username global variables and IP + and USERNAME tokens. Add clientip and clientusername alternatives + for clientitem, and update clientblock to correspond. + + * ircd/ircd_res.c (delete_resolver_queries): Do not try to walk + the request_list before request_list is initialized. + (cres_mem): Likewise. + + * ircd/os_generic.c (sockaddr_from_irc): Improve guessing of + proper address family. + + * ircd/s_conf.c (attach_iline): Allow aconf->host == NULL, which + means DNS reply is optional. If aconf->addrbits >= 0, test it. + + * tools/crypter: Delete. + 2004-12-11 Kevin L Mitchell * ircd/*.c: use new assert() in ircd_log.h in preference to system diff --git a/doc/example.conf b/doc/example.conf index 95b37da..3f38924 100644 --- a/doc/example.conf +++ b/doc/example.conf @@ -101,20 +101,14 @@ Admin { # usermode = "+i"; # }; # +# maxlinks should be set at either 0 or 1. +# # applies only to servers, and specifies the frequency # that the server tries to autoconnect. setting this to 0 will cause # the server to attempt to connect repeatedly with no delay until the # condition is satisfied. This is a Bad Thing(tm). # Note that times can be specified as a number, or by giving something # like: 1 minutes 20 seconds, or 1*60+20. -# Client { -# host = "user@host"; -# ip = "ip@host"; -# password = "password"; -# class = "classname"; -# }; -# -# should be set at either 0 or 1. # # Recommended server classes: # All your server uplinks you are not a hub for. @@ -134,6 +128,23 @@ Class { sendq = 9000000; }; +# Client { +# username = "ident"; +# host = "host"; +# ip = "127.0.0.0/8"; +# password = "password"; +# class = "classname"; +# maxlinks = 3; +# }; +# +# Everything in a Client block is optional. If a username mask is +# given, it must match the client's username from the IDENT protocol. +# If a host mask is given, the client's hostname must resolve and +# match the host mask. If a CIDR-style IP mask is given, the client +# must have an IP matching that range. If maxlinks is given, it is +# limits the number of matching clients allowed from a particular IP +# address. +# # Recommended client classes: # Client classes. 10 = locals; 2 = for all .net and .com that are not # in Europe; 1 = for everybody. @@ -147,7 +158,7 @@ Class { Client { class = "Other"; - host = "*@*"; + username = "*"; }; Class { name = "America"; diff --git a/ircd/ircd_lexer.l b/ircd/ircd_lexer.l index 6207e3c..8aa1925 100644 --- a/ircd/ircd_lexer.l +++ b/ircd/ircd_lexer.l @@ -50,6 +50,8 @@ static struct lexer_token { TOKEN(SENDQ), TOKEN(NAME), TOKEN(HOST), + TOKEN(IP), + TOKEN(USERNAME), TOKEN(PASS), TOKEN(SECONDS), TOKEN(MINUTES), diff --git a/ircd/ircd_parser.y b/ircd/ircd_parser.y index 3b4d537..68c90d8 100644 --- a/ircd/ircd_parser.y +++ b/ircd/ircd_parser.y @@ -69,7 +69,7 @@ int yylex(void); /* Now all the globals we need :/... */ int tping, tconn, maxlinks, sendq, port, invert, stringno; - char *name, *pass, *host, *origin, *hub_limit; + char *name, *pass, *host, *ip, *username, *origin, *hub_limit; char *stringlist[MAX_STRINGS]; struct ConnectionClass *c_class; struct DenyConf *dconf; @@ -108,6 +108,8 @@ static void parse_error(char *pattern,...) { %token SENDQ %token NAME %token HOST +%token IP +%token USERNAME %token PASS %token LOCAL %token SECONDS @@ -642,28 +644,38 @@ clientblock: CLIENT } '{' clientitems '}' ';' { - if (host) - { - struct ConfItem *aconf = make_conf(CONF_CLIENT); - conf_parse_userhost(aconf, host); - aconf->conn_class = c_class ? c_class : find_class("default"); - aconf->maximum = maxlinks; - } + struct ConfItem *aconf = make_conf(CONF_CLIENT); + unsigned char addrbits; + aconf->username = username; + aconf->host = host; + if (ip && ipmask_parse(ip, &aconf->address.addr, &addrbits)) + aconf->addrbits = addrbits; else - { - MyFree(host); - parse_error("Bad client block"); - } + aconf->addrbits = -1; + aconf->conn_class = c_class ? c_class : find_class("default"); + aconf->maximum = maxlinks; host = NULL; + username = NULL; c_class = NULL; + MyFree(ip); }; clientitems: clientitem clientitems | clientitem; -clientitem: clienthost | clientclass | clientpass | clientmaxlinks | error; +clientitem: clienthost | clientip | clientusername | clientclass | clientpass | clientmaxlinks | error; clienthost: HOST '=' QSTRING ';' { MyFree(host); DupString(host, $3); }; +clientip: IP '=' QSTRING ';' +{ + MyFree(ip); + DupString(ip, $3); +} +clientusername: USERNAME '=' QSTRING ';' +{ + MyFree(username); + DupString(username, $3); +} clientclass: CLASS '=' QSTRING ';' { c_class = find_class($3); diff --git a/ircd/ircd_res.c b/ircd/ircd_res.c index 5ca6fea..feb1d82 100644 --- a/ircd/ircd_res.c +++ b/ircd/ircd_res.c @@ -329,13 +329,15 @@ delete_resolver_queries(const void *vptr) struct dlink *ptr, *next_ptr; struct reslist *request; - for (ptr = request_list.next; ptr != &request_list; ptr = next_ptr) - { - next_ptr = ptr->next; - request = (struct reslist*)ptr; - if (vptr == request->query.vptr) { - Debug((DEBUG_DNS, "Removing request %p with vptr %p", request, vptr)); - rem_request(request); + if (request_list.next) { + for (ptr = request_list.next; ptr != &request_list; ptr = next_ptr) + { + next_ptr = ptr->next; + request = (struct reslist*)ptr; + if (vptr == request->query.vptr) { + Debug((DEBUG_DNS, "Removing request %p with vptr %p", request, vptr)); + rem_request(request); + } } } } @@ -899,12 +901,14 @@ cres_mem(struct Client* sptr) size_t request_mem = 0; int request_count = 0; - for (dlink = request_list.next; dlink != &request_list; dlink = dlink->next) { - request = (struct reslist*)dlink; - request_mem += sizeof(*request); - if (request->name) - request_mem += strlen(request->name) + 1; - ++request_count; + if (request_list.next) { + for (dlink = request_list.next; dlink != &request_list; dlink = dlink->next) { + request = (struct reslist*)dlink; + request_mem += sizeof(*request); + if (request->name) + request_mem += strlen(request->name) + 1; + ++request_count; + } } send_reply(sptr, SND_EXPLICIT | RPL_STATSDEBUG, diff --git a/ircd/os_generic.c b/ircd/os_generic.c index 3f52e76..c824f53 100644 --- a/ircd/os_generic.c +++ b/ircd/os_generic.c @@ -108,12 +108,19 @@ int sockaddr_from_irc(struct sockaddr_in6 *v6, const struct irc_sockaddr *irc, i int family; slen = sizeof(sin6); - if ((0 <= compat_fd) && (0 == getsockname(compat_fd, (struct sockaddr*)&sin6, &slen))) - family = sin6.sin6_family; - else if (irc_in_addr_is_ipv4(&VirtualHost.addr)) - family = AF_INET; - else - family = AF_INET6; + if (0 <= compat_fd) { + if (0 == getsockname(compat_fd, (struct sockaddr*)&sin6, &slen)) + family = sin6.sin6_family; + else if (irc_in_addr_is_ipv4(&VirtualHost.addr)) + family = AF_INET; + else + family = AF_INET6; + } else { + if (irc_in_addr_is_ipv4(&irc->addr)) + family = AF_INET; + else + family = AF_INET6; + } memset(v6, 0, sizeof(*v6)); if (!irc) { diff --git a/ircd/s_conf.c b/ircd/s_conf.c index 12a5ac8..4fac7b8 100644 --- a/ircd/s_conf.c +++ b/ircd/s_conf.c @@ -382,7 +382,7 @@ enum AuthorizationCheckResult attach_iline(struct Client* cptr) hp = cli_dns_reply(cptr); for (aconf = GlobalConfList; aconf; aconf = aconf->next) { - if (aconf->status != CONF_CLIENT || !aconf->host) + if (aconf->status != CONF_CLIENT) continue; if (aconf->address.port && aconf->address.port != cli_listener(cptr)->addr.port) continue; @@ -391,14 +391,12 @@ enum AuthorizationCheckResult attach_iline(struct Client* cptr) if (match(aconf->username, cli_username(cptr))) continue; } - if (hp) { - Debug((DEBUG_DNS, "a_il: %s->%s", cli_sockhost(cptr), hp->h_name)); - if (!match(aconf->host, hp->h_name)) - return check_limit_and_attach(cptr, aconf); - } + if (aconf->host && (!hp || match(aconf->host, hp->h_name))) + continue; if ((aconf->addrbits >= 0) - && ipmask_check(&cli_ip(cptr), &aconf->address.addr, aconf->addrbits)) - return check_limit_and_attach(cptr, aconf); + && !ipmask_check(&cli_ip(cptr), &aconf->address.addr, aconf->addrbits)) + continue; + return check_limit_and_attach(cptr, aconf); } return ACR_NO_AUTHORIZATION; } diff --git a/tools/crypter b/tools/crypter deleted file mode 100755 index 7feb6c2..0000000 --- a/tools/crypter +++ /dev/null @@ -1,56 +0,0 @@ -#!/usr/bin/perl - -#************************************************************************ -#* IRC - Internet Relay Chat, tools/crypter -#* Copyright (C) 1991 Sean Batt -#* -#* This program is free software; you can redistribute it and/or modify -#* it under the terms of the GNU General Public License as published by -#* the Free Software Foundation; either version 1, or (at your option) -#* any later version. -#* -#* This program is distributed in the hope that it will be useful, -#* but WITHOUT ANY WARRANTY; without even the implied warranty of -#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -#* GNU General Public License for more details. -#* -#* You should have received a copy of the GNU General Public License -#* along with this program; if not, write to the Free Software -#* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -#* -#* $Id: crypter,v 1.2 2002-03-07 22:52:57 ghostwolf Exp $ -#*/ - -#From Sean Batt sean@coombs.anu.edu.au -# -#Temporary output file -# -$tmpfile = "/tmp/ircd.conf.tmp"; - -# -#Original ircd.conf file -# -$ircdconf = @ARGV[0]; - -print "crypting ",$ircdconf,"\n"; -@saltset = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/'); - -umask(0077); -open ($ircdout, ">$tmpfile") || die "open $!"; - -while ($text = <>) { -#if its not an "O" line we can ignore it - $text =~ /^o/i || print ($ircdout $text) && next; - chop($text); - @oline = split(':', $text); - $salt = $saltset[rand(time)%64].$saltset[(rand(time)>>6)%64]; - $oline[2] = crypt(@oline[2], $salt); - print ($ircdout join(':',@oline)."\n"); -} -close ($ircdout); -close ($ircdin); -print "/bin/cp ",$tmpfile," ",$ircdconf,"\n"; -(fork()==0) ? exec("/bin/cp", $tmpfile, $ircdconf) : wait; -print "",$ircdconf," has been crypted successfully!\n"; - -#unlink($tmpfile); -- 2.20.1