diff options
author | w00t <w00t@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-05-15 16:40:37 +0000 |
---|---|---|
committer | w00t <w00t@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-05-15 16:40:37 +0000 |
commit | 5dbf63c2a3f8a702e06c95bbb0952f9b4ea34dad (patch) | |
tree | ca8ea1f45b13115839e67987e6da51dca010c3be /src | |
parent | af2b10e82cd3b9cda80ae29607da78e15974f155 (diff) |
Rather largeish change to class checking on connect to fix a few minor bits and bobs here and there
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@7029 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src')
-rw-r--r-- | src/users.cpp | 72 |
1 files changed, 44 insertions, 28 deletions
diff --git a/src/users.cpp b/src/users.cpp index 5116b3e5f..1955c9029 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -900,27 +900,12 @@ void userrec::AddClient(InspIRCd* Instance, int socket, int port, bool iscached, Instance->AddLocalClone(New); Instance->AddGlobalClone(New); + /* + * First class check. We do this again in FullConnect after DNS is done, and NICK/USER is recieved. + * See my note down there for why this is required. DO NOT REMOVE. :) -- w00t + */ ConnectClass* i = New->GetClass(); - - if ((!i) || (i->GetType() == CC_DENY)) - { - userrec::QuitUser(Instance, New,"Unauthorised connection"); - return; - } - - /* fix: do maxperlocal/global IP here, not on full connect to stop fd exhaustion attempts */ - if ((i->GetMaxLocal()) && (New->LocalCloneCount() > i->GetMaxLocal())) - { - userrec::QuitUser(Instance, New, "No more connections allowed from your host via this connect class (local)"); - Instance->WriteOpers("*** WARNING: maximum LOCAL connections (%ld) exceeded for IP %s", i->GetMaxLocal(), New->GetIPString()); - return; - } - else if ((i->GetMaxGlobal()) && (New->GlobalCloneCount() > i->GetMaxGlobal())) - { - userrec::QuitUser(Instance, New, "No more connections allowed from your host via this connect class (global)"); - Instance->WriteOpers("*** WARNING: maximum GLOBAL connections (%ld) exceeded for IP %s",i->GetMaxGlobal(), New->GetIPString()); - return; - } + New->CheckClass(); New->pingmax = i->GetPingTime(); New->nping = Instance->Time() + i->GetPingTime() + Instance->Config->dns_timeout; @@ -1001,27 +986,58 @@ unsigned long userrec::LocalCloneCount() return 0; } -void userrec::FullConnect() +/* + * Check class restrictions + */ +void userrec::CheckClass() { - ServerInstance->stats->statsConnects++; - this->idle_lastmsg = ServerInstance->Time(); - ConnectClass* a = this->GetClass(); if ((!a) || (a->GetType() == CC_DENY)) { - this->muted = true; - ServerInstance->GlobalCulls.AddItem(this,"Unauthorised connection"); + userrec::QuitUser(ServerInstance, this, "Unauthorised connection"); return; } if ((!a->GetPass().empty()) && (!this->haspassed)) { - this->muted = true; - ServerInstance->GlobalCulls.AddItem(this,"Invalid password"); + userrec::QuitUser(ServerInstance, this, "Invalid password"); return; } + if ((!a) || (a->GetType() == CC_DENY)) + { + userrec::QuitUser(ServerInstance, this,"Unauthorised connection"); + return; + } + + if ((a->GetMaxLocal()) && (this->LocalCloneCount() > a->GetMaxLocal())) + { + userrec::QuitUser(ServerInstance, this, "No more connections allowed from your host via this connect class (local)"); + ServerInstance->WriteOpers("*** WARNING: maximum LOCAL connections (%ld) exceeded for IP %s", a->GetMaxLocal(), this->GetIPString()); + return; + } + else if ((a->GetMaxGlobal()) && (this->GlobalCloneCount() > a->GetMaxGlobal())) + { + userrec::QuitUser(ServerInstance, this, "No more connections allowed from your host via this connect class (global)"); + ServerInstance->WriteOpers("*** WARNING: maximum GLOBAL connections (%ld) exceeded for IP %s", a->GetMaxGlobal(), this->GetIPString()); + return; + } +} + +void userrec::FullConnect() +{ + ServerInstance->stats->statsConnects++; + this->idle_lastmsg = ServerInstance->Time(); + + /* + * You may be thinking "wtf, we checked this in userrec::AddClient!" - and yes, we did, BUT. + * At the time AddClient is called, we don't have a resolved host, by here we probably do - which + * may put the user into a totally seperate class with different restrictions! so we *must* check again. + * Don't remove this! -- w00t + */ + this->CheckClass(); + if (!this->exempt) { GLine* r = ServerInstance->XLines->matches_gline(this); |