summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/modules/m_cgiirc.cpp13
-rw-r--r--src/modules/m_dnsbl.cpp14
-rw-r--r--src/modules/m_geoclass.cpp2
-rw-r--r--src/modules/m_ident.cpp4
-rw-r--r--src/modules/m_services_account.cpp4
-rw-r--r--src/modules/m_sslinfo.cpp16
-rw-r--r--src/users.cpp55
7 files changed, 76 insertions, 32 deletions
diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp
index 9397b206a..52c24e50a 100644
--- a/src/modules/m_cgiirc.cpp
+++ b/src/modules/m_cgiirc.cpp
@@ -346,11 +346,22 @@ class ModuleCgiIRC
// cannot match this connect class.
const std::string* gateway = cmd.gateway.get(user);
if (!gateway)
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires a connection via a WebIRC gateway",
+ myclass->GetName().c_str());
return MOD_RES_DENY;
+ }
// If the gateway matches the <connect:webirc> constraint then
// allow the check to continue. Otherwise, reject it.
- return InspIRCd::Match(*gateway, webirc) ? MOD_RES_PASSTHRU : MOD_RES_DENY;
+ if (!InspIRCd::Match(*gateway, webirc))
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as the WebIRC gateway name (%s) does not match %s",
+ myclass->GetName().c_str(), gateway->c_str(), webirc.c_str());
+ return MOD_RES_DENY;
+ }
+
+ return MOD_RES_PASSTHRU;
}
ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE
diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp
index 689f3f1be..6265ca85a 100644
--- a/src/modules/m_dnsbl.cpp
+++ b/src/modules/m_dnsbl.cpp
@@ -427,12 +427,20 @@ class ModuleDNSBL : public Module, public Stats::EventListener
std::string* match = nameExt.get(user);
if (!match)
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires a DNSBL mark",
+ myclass->GetName().c_str());
return MOD_RES_DENY;
+ }
- if (InspIRCd::Match(*match, dnsbl))
- return MOD_RES_PASSTHRU;
+ if (!InspIRCd::Match(*match, dnsbl))
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as the DNSBL mark (%s) does not match %s",
+ myclass->GetName().c_str(), match->c_str(), dnsbl.c_str());
+ return MOD_RES_DENY;
+ }
- return MOD_RES_DENY;
+ return MOD_RES_PASSTHRU;
}
ModResult OnCheckReady(LocalUser *user) CXX11_OVERRIDE
diff --git a/src/modules/m_geoclass.cpp b/src/modules/m_geoclass.cpp
index 6251131fd..8289c9a60 100644
--- a/src/modules/m_geoclass.cpp
+++ b/src/modules/m_geoclass.cpp
@@ -68,6 +68,8 @@ class ModuleGeoClass
// A list of country codes were specified but the user didn't match
// any of them.
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as the origin country (%s) is not any of %s",
+ myclass->GetName().c_str(), code.c_str(), country.c_str());
return MOD_RES_DENY;
}
diff --git a/src/modules/m_ident.cpp b/src/modules/m_ident.cpp
index fe0f3e80d..73dc64cf0 100644
--- a/src/modules/m_ident.cpp
+++ b/src/modules/m_ident.cpp
@@ -410,7 +410,11 @@ class ModuleIdent : public Module
ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE
{
if (myclass->config->getBool("requireident") && state.get(user) != IDENT_FOUND)
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires an identd response",
+ myclass->GetName().c_str());
return MOD_RES_DENY;
+ }
return MOD_RES_PASSTHRU;
}
diff --git a/src/modules/m_services_account.cpp b/src/modules/m_services_account.cpp
index 0ca29f603..53d1a4730 100644
--- a/src/modules/m_services_account.cpp
+++ b/src/modules/m_services_account.cpp
@@ -317,7 +317,11 @@ class ModuleServicesAccount
ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE
{
if (myclass->config->getBool("requireaccount") && !accountname.get(user))
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires the user to be logged into an account",
+ myclass->GetName().c_str());
return MOD_RES_DENY;
+ }
return MOD_RES_PASSTHRU;
}
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 70e065257..0054e3ed7 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -318,21 +318,25 @@ class ModuleSSLInfo
ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE
{
ssl_cert* cert = cmd.sslapi.GetCertificate(user);
- bool ok = true;
+ const char* error = NULL;
const std::string requiressl = myclass->config->getString("requiressl");
if (stdalgo::string::equalsci(requiressl, "trusted"))
{
- ok = (cert && cert->IsCAVerified());
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a trusted TLS (SSL) client certificate. Client %s one.", (ok ? "has" : "does not have"));
+ if (!cert || !cert->IsCAVerified())
+ error = "a trusted TLS (SSL) client certificate";
}
else if (myclass->config->getBool("requiressl"))
{
- ok = (cert != NULL);
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a secure connection. Client %s on a secure connection.", (ok ? "is" : "is not"));
+ if (!cert)
+ error = "a TLS (SSL) connection";
}
- if (!ok)
+ if (error)
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires %s",
+ myclass->GetName().c_str(), error);
return MOD_RES_DENY;
+ }
return MOD_RES_PASSTHRU;
}
diff --git a/src/users.cpp b/src/users.cpp
index 7a11f22c8..1da7a974c 100644
--- a/src/users.cpp
+++ b/src/users.cpp
@@ -1105,10 +1105,10 @@ bool User::ChangeIdent(const std::string& newident)
*/
void LocalUser::SetClass(const std::string &explicit_name)
{
- ConnectClass *found = NULL;
-
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Setting connect class for UID %s", this->uuid.c_str());
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Setting connect class for %s (%s) ...",
+ this->uuid.c_str(), this->GetFullRealHost().c_str());
+ ConnectClass *found = NULL;
if (!explicit_name.empty())
{
for (ServerConfig::ClassVector::const_iterator i = ServerInstance->Config->Classes.begin(); i != ServerInstance->Config->Classes.end(); ++i)
@@ -1117,7 +1117,8 @@ void LocalUser::SetClass(const std::string &explicit_name)
if (explicit_name == c->name)
{
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Explicitly set to %s", explicit_name.c_str());
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Connect class explicitly set to %s",
+ explicit_name.c_str());
found = c;
}
}
@@ -1127,31 +1128,43 @@ void LocalUser::SetClass(const std::string &explicit_name)
for (ServerConfig::ClassVector::const_iterator i = ServerInstance->Config->Classes.begin(); i != ServerInstance->Config->Classes.end(); ++i)
{
ConnectClass* c = *i;
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Checking %s", c->GetName().c_str());
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Checking the %s connect class ...",
+ c->GetName().c_str());
ModResult MOD_RESULT;
FIRST_MOD_RESULT(OnSetConnectClass, MOD_RESULT, (this,c));
if (MOD_RESULT == MOD_RES_DENY)
continue;
+
if (MOD_RESULT == MOD_RES_ALLOW)
{
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class forced by module to %s", c->GetName().c_str());
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class was explicitly chosen by a module",
+ c->GetName().c_str());
found = c;
break;
}
if (c->type == CC_NAMED)
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as neither <connect:allow> nor <connect:deny> are set",
+ c->GetName().c_str());
continue;
+ }
bool regdone = (registered != REG_NONE);
if (c->config->getBool("registered", regdone) != regdone)
+ {
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires that the user is %s",
+ c->GetName().c_str(), regdone ? "not fully connected" : "fully connected");
continue;
+ }
/* check if host matches.. */
if (!InspIRCd::MatchCIDR(this->GetIPString(), c->GetHost(), NULL) &&
!InspIRCd::MatchCIDR(this->GetRealHost(), c->GetHost(), NULL))
{
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "No host match (for %s)", c->GetHost().c_str());
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as neither the host (%s) nor the IP (%s) matches %s",
+ c->GetName().c_str(), this->GetRealHost().c_str(), this->GetIPString().c_str(), c->GetHost().c_str());
continue;
}
@@ -1161,31 +1174,29 @@ void LocalUser::SetClass(const std::string &explicit_name)
*/
if (c->limit && (c->GetReferenceCount() >= c->limit))
{
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "OOPS: Connect class limit (%lu) hit, denying", c->limit);
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it has reached its user limit (%lu)",
+ c->GetName().c_str(), c->limit);
continue;
}
- /* if it requires a port ... */
- if (!c->ports.empty())
+ /* if it requires a port and our port doesn't match, fail */
+ if (!c->ports.empty() && !c->ports.count(this->server_sa.port()))
{
- /* and our port doesn't match, fail. */
- if (!c->ports.count(this->server_sa.port()))
- {
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Requires a different port, skipping");
- continue;
- }
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as the connection port (%d) is not any of %s",
+ c->GetName().c_str(), this->server_sa.port(), stdalgo::string::join(c->ports).c_str());
+ continue;
}
- if (regdone && !c->password.empty())
+ if (regdone && !c->password.empty() && !ServerInstance->PassCompare(this, c->password, password, c->passwordhash))
{
- if (!ServerInstance->PassCompare(this, c->password, password, c->passwordhash))
- {
- ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Bad password, skipping");
- continue;
- }
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as requires a password and %s",
+ c->GetName().c_str(), password.empty() ? "one was not provided" : "the provided password was incorrect");
+ continue;
}
/* we stop at the first class that meets ALL critera. */
+ ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is suitable for %s (%s)",
+ c->GetName().c_str(), this->uuid.c_str(), this->GetFullRealHost().c_str());
found = c;
break;
}