Merge branch 'HostServ' of ssh://git.pk910.de:16110/srvx into HostServ

[srvx.git] / src / mod-blacklist.c

diff --git a/src/mod-blacklist.c b/src/mod-blacklist.c
index cfaeb5d300a46ba5975136fcc65aa556cbc280ad..e202f739302e9de2a8c4a90fb338eb406d762520 100644 (file)
--- a/src/mod-blacklist.c
+++ b/src/mod-blacklist.c
@@ -52,7 +52,11 @@ static struct {
     unsigned long gline_duration;
 } conf;
 
-#define blacklist_debug(format...) do { if (conf.debug_bot && conf.debug_channel) send_channel_notice(conf.debug_channel , conf.debug_bot , ## format); } while (0)
+#if defined(GCC_VARMACROS)
+# define blacklist_debug(ARGS...) do { if (conf.debug_bot && conf.debug_channel) send_channel_notice(conf.debug_channel, conf.debug_bot, ARGS); } while (0)
+#elif defined(C99_VARMACROS)
+# define blacklist_debug(...) do { if (conf.debug_bot && conf.debug_channel) send_channel_notice(conf.debug_channel, conf.debug_bot, __VA_ARGS__); } while (0)
+#endif
 
 static void
 do_expandos(char *output, unsigned int out_len, const char *input, ...)
@@ -138,8 +142,11 @@ dnsbl_hit(struct sar_request *req, struct dns_header *hdr, struct dns_rr *rr, un
                 message = "client is blacklisted";
         }
 
+        /* Prepend "AUTO " prefix so the g-lined are put in a different snomask */
+        strcpy(reason, "AUTO ");
+
         /* Expand elements of the message as necessary. */
-        do_expandos(reason, sizeof(reason), message, "%txt%", (txt ? txt : "(no-txt)"), "%ip%", data->client_ip, NULL);
+        do_expandos(reason + 5, sizeof(reason) - 5, message, "%txt%", (txt ? txt : "(no-txt)"), "%ip%", data->client_ip, NULL);
 
         if (zone->debug) {
             blacklist_debug("DNSBL match: [%s] %s (%s)", zone->zone, data->client_ip, reason);
@@ -148,13 +155,13 @@ dnsbl_hit(struct sar_request *req, struct dns_header *hdr, struct dns_rr *rr, un
             target[0] = '*';
             target[1] = '@';
             strcpy(target + 2, data->client_ip);
-            gline_add(self->name, target, zone->duration, reason, now, now, 1);
+            gline_add(self->name, target, zone->duration, reason, now, now, 0, 1);
         }
     }
     free(txt);
 }
 
-static int
+static void
 blacklist_check_user(struct userNode *user)
 {
     static const char *hexdigits = "0123456789abcdef";
@@ -166,9 +173,13 @@ blacklist_check_user(struct userNode *user)
     char ip[IRC_NTOP_MAX_SIZE];
     char dnsbl_target[128];
 
+    /* Users added during burst should not be checked. */
+    if (user->uplink->burst)
+        return;
+
     /* Users with bogus IPs are probably service bots. */
     if (!irc_in_addr_is_valid(user->ip))
-        return 0;
+        return;
 
     /* Check local file-based blacklist. */
     irc_ntop(ip, sizeof(ip), &user->ip);
@@ -182,7 +193,8 @@ blacklist_check_user(struct userNode *user)
         target[0] = '*';
         target[1] = '@';
         strcpy(target + 2, host);
-        gline_add(self->name, target, conf.gline_duration, reason, now, now, 1);
+        /* We do not prepend AUTO here so it can be done in the blacklist file. */
+        gline_add(self->name, target, conf.gline_duration, reason, now, now, 0, 1);
     }
 
     /* Figure out the base part of a DNS blacklist hostname. */
@@ -197,7 +209,7 @@ blacklist_check_user(struct userNode *user)
         }
         dnsbl_len = 48;
     } else {
-        return 0;
+        return;
     }
 
     /* Start a lookup for the appropriate hostname in each DNSBL. */
@@ -215,7 +227,6 @@ blacklist_check_user(struct userNode *user)
             strcpy(data->zone_name, zone);
         }
     }
-    return 0;
 }
 
 static void