diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/modules/m_cgiirc.cpp | 13 | ||||
-rw-r--r-- | src/modules/m_dnsbl.cpp | 14 | ||||
-rw-r--r-- | src/modules/m_geoclass.cpp | 2 | ||||
-rw-r--r-- | src/modules/m_ident.cpp | 4 | ||||
-rw-r--r-- | src/modules/m_services_account.cpp | 4 | ||||
-rw-r--r-- | src/modules/m_sslinfo.cpp | 16 | ||||
-rw-r--r-- | src/users.cpp | 55 |
7 files changed, 76 insertions, 32 deletions
diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index 9397b206a..52c24e50a 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -346,11 +346,22 @@ class ModuleCgiIRC // cannot match this connect class. const std::string* gateway = cmd.gateway.get(user); if (!gateway) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires a connection via a WebIRC gateway", + myclass->GetName().c_str()); return MOD_RES_DENY; + } // If the gateway matches the <connect:webirc> constraint then // allow the check to continue. Otherwise, reject it. - return InspIRCd::Match(*gateway, webirc) ? MOD_RES_PASSTHRU : MOD_RES_DENY; + if (!InspIRCd::Match(*gateway, webirc)) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as the WebIRC gateway name (%s) does not match %s", + myclass->GetName().c_str(), gateway->c_str(), webirc.c_str()); + return MOD_RES_DENY; + } + + return MOD_RES_PASSTHRU; } ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp index 689f3f1be..6265ca85a 100644 --- a/src/modules/m_dnsbl.cpp +++ b/src/modules/m_dnsbl.cpp @@ -427,12 +427,20 @@ class ModuleDNSBL : public Module, public Stats::EventListener std::string* match = nameExt.get(user); if (!match) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires a DNSBL mark", + myclass->GetName().c_str()); return MOD_RES_DENY; + } - if (InspIRCd::Match(*match, dnsbl)) - return MOD_RES_PASSTHRU; + if (!InspIRCd::Match(*match, dnsbl)) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as the DNSBL mark (%s) does not match %s", + myclass->GetName().c_str(), match->c_str(), dnsbl.c_str()); + return MOD_RES_DENY; + } - return MOD_RES_DENY; + return MOD_RES_PASSTHRU; } ModResult OnCheckReady(LocalUser *user) CXX11_OVERRIDE diff --git a/src/modules/m_geoclass.cpp b/src/modules/m_geoclass.cpp index 6251131fd..8289c9a60 100644 --- a/src/modules/m_geoclass.cpp +++ b/src/modules/m_geoclass.cpp @@ -68,6 +68,8 @@ class ModuleGeoClass // A list of country codes were specified but the user didn't match // any of them. + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as the origin country (%s) is not any of %s", + myclass->GetName().c_str(), code.c_str(), country.c_str()); return MOD_RES_DENY; } diff --git a/src/modules/m_ident.cpp b/src/modules/m_ident.cpp index fe0f3e80d..73dc64cf0 100644 --- a/src/modules/m_ident.cpp +++ b/src/modules/m_ident.cpp @@ -410,7 +410,11 @@ class ModuleIdent : public Module ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE { if (myclass->config->getBool("requireident") && state.get(user) != IDENT_FOUND) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires an identd response", + myclass->GetName().c_str()); return MOD_RES_DENY; + } return MOD_RES_PASSTHRU; } diff --git a/src/modules/m_services_account.cpp b/src/modules/m_services_account.cpp index 0ca29f603..53d1a4730 100644 --- a/src/modules/m_services_account.cpp +++ b/src/modules/m_services_account.cpp @@ -317,7 +317,11 @@ class ModuleServicesAccount ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE { if (myclass->config->getBool("requireaccount") && !accountname.get(user)) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires the user to be logged into an account", + myclass->GetName().c_str()); return MOD_RES_DENY; + } return MOD_RES_PASSTHRU; } diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 70e065257..0054e3ed7 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -318,21 +318,25 @@ class ModuleSSLInfo ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE { ssl_cert* cert = cmd.sslapi.GetCertificate(user); - bool ok = true; + const char* error = NULL; const std::string requiressl = myclass->config->getString("requiressl"); if (stdalgo::string::equalsci(requiressl, "trusted")) { - ok = (cert && cert->IsCAVerified()); - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a trusted TLS (SSL) client certificate. Client %s one.", (ok ? "has" : "does not have")); + if (!cert || !cert->IsCAVerified()) + error = "a trusted TLS (SSL) client certificate"; } else if (myclass->config->getBool("requiressl")) { - ok = (cert != NULL); - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class requires a secure connection. Client %s on a secure connection.", (ok ? "is" : "is not")); + if (!cert) + error = "a TLS (SSL) connection"; } - if (!ok) + if (error) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires %s", + myclass->GetName().c_str(), error); return MOD_RES_DENY; + } return MOD_RES_PASSTHRU; } diff --git a/src/users.cpp b/src/users.cpp index 7a11f22c8..1da7a974c 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -1105,10 +1105,10 @@ bool User::ChangeIdent(const std::string& newident) */ void LocalUser::SetClass(const std::string &explicit_name) { - ConnectClass *found = NULL; - - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Setting connect class for UID %s", this->uuid.c_str()); + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Setting connect class for %s (%s) ...", + this->uuid.c_str(), this->GetFullRealHost().c_str()); + ConnectClass *found = NULL; if (!explicit_name.empty()) { for (ServerConfig::ClassVector::const_iterator i = ServerInstance->Config->Classes.begin(); i != ServerInstance->Config->Classes.end(); ++i) @@ -1117,7 +1117,8 @@ void LocalUser::SetClass(const std::string &explicit_name) if (explicit_name == c->name) { - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Explicitly set to %s", explicit_name.c_str()); + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Connect class explicitly set to %s", + explicit_name.c_str()); found = c; } } @@ -1127,31 +1128,43 @@ void LocalUser::SetClass(const std::string &explicit_name) for (ServerConfig::ClassVector::const_iterator i = ServerInstance->Config->Classes.begin(); i != ServerInstance->Config->Classes.end(); ++i) { ConnectClass* c = *i; - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Checking %s", c->GetName().c_str()); + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Checking the %s connect class ...", + c->GetName().c_str()); ModResult MOD_RESULT; FIRST_MOD_RESULT(OnSetConnectClass, MOD_RESULT, (this,c)); if (MOD_RESULT == MOD_RES_DENY) continue; + if (MOD_RESULT == MOD_RES_ALLOW) { - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Class forced by module to %s", c->GetName().c_str()); + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class was explicitly chosen by a module", + c->GetName().c_str()); found = c; break; } if (c->type == CC_NAMED) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as neither <connect:allow> nor <connect:deny> are set", + c->GetName().c_str()); continue; + } bool regdone = (registered != REG_NONE); if (c->config->getBool("registered", regdone) != regdone) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it requires that the user is %s", + c->GetName().c_str(), regdone ? "not fully connected" : "fully connected"); continue; + } /* check if host matches.. */ if (!InspIRCd::MatchCIDR(this->GetIPString(), c->GetHost(), NULL) && !InspIRCd::MatchCIDR(this->GetRealHost(), c->GetHost(), NULL)) { - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "No host match (for %s)", c->GetHost().c_str()); + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as neither the host (%s) nor the IP (%s) matches %s", + c->GetName().c_str(), this->GetRealHost().c_str(), this->GetIPString().c_str(), c->GetHost().c_str()); continue; } @@ -1161,31 +1174,29 @@ void LocalUser::SetClass(const std::string &explicit_name) */ if (c->limit && (c->GetReferenceCount() >= c->limit)) { - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "OOPS: Connect class limit (%lu) hit, denying", c->limit); + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as it has reached its user limit (%lu)", + c->GetName().c_str(), c->limit); continue; } - /* if it requires a port ... */ - if (!c->ports.empty()) + /* if it requires a port and our port doesn't match, fail */ + if (!c->ports.empty() && !c->ports.count(this->server_sa.port())) { - /* and our port doesn't match, fail. */ - if (!c->ports.count(this->server_sa.port())) - { - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Requires a different port, skipping"); - continue; - } + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as the connection port (%d) is not any of %s", + c->GetName().c_str(), this->server_sa.port(), stdalgo::string::join(c->ports).c_str()); + continue; } - if (regdone && !c->password.empty()) + if (regdone && !c->password.empty() && !ServerInstance->PassCompare(this, c->password, password, c->passwordhash)) { - if (!ServerInstance->PassCompare(this, c->password, password, c->passwordhash)) - { - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Bad password, skipping"); - continue; - } + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is not suitable as requires a password and %s", + c->GetName().c_str(), password.empty() ? "one was not provided" : "the provided password was incorrect"); + continue; } /* we stop at the first class that meets ALL critera. */ + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "The %s connect class is suitable for %s (%s)", + c->GetName().c_str(), this->uuid.c_str(), this->GetFullRealHost().c_str()); found = c; break; } |