From d9b4390dbc7af872a143eacf35dde3b0db438119 Mon Sep 17 00:00:00 2001 From: brain Date: Sun, 6 Aug 2006 16:51:45 +0000 Subject: Add git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@4735 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/m_spanningtree.cpp | 19 +++++++++++++++---- src/socket.cpp | 12 ++++++++---- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp index e98b7b460..91a917b8e 100644 --- a/src/modules/m_spanningtree.cpp +++ b/src/modules/m_spanningtree.cpp @@ -3050,13 +3050,20 @@ class TreeSocket : public InspSocket * IPs for which we don't have a link block. */ bool found = false; - vector::iterator i; + found = (std::find(ValidIPs.begin(), ValidIPs.end(), ip) != ValidIPs.end()); if (!found) { - WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip); - close(newsock); - return false; + for (vector::iterator i = ValidIPs.begin(); i != ValidIPs.end(); i++) + if (MatchCIDR(ip, (*i).c_str())) + found = true; + + if (!found) + { + WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip); + close(newsock); + return false; + } } TreeSocket* s = new TreeSocket(newsock, ip); Srv->AddSocket(s); @@ -3345,6 +3352,7 @@ void ReadConfiguration(bool rebind) for (int j =0; j < Conf->Enumerate("link"); j++) { Link L; + std::string Allow = Conf->ReadValue("link","allowmask",j); L.Name = (Conf->ReadValue("link","name",j)).c_str(); L.IPAddr = Conf->ReadValue("link","ipaddr",j); L.Port = Conf->ReadInteger("link","port",j,true); @@ -3359,6 +3367,9 @@ void ReadConfiguration(bool rebind) { ValidIPs.push_back(L.IPAddr); + if (Allow.length()) + ValidIPs.push_back(Allow); + /* Needs resolving */ insp_inaddr binip; if (insp_aton(L.IPAddr.c_str(), &binip) < 1) diff --git a/src/socket.cpp b/src/socket.cpp index 993b7e90b..b45322c3d 100644 --- a/src/socket.cpp +++ b/src/socket.cpp @@ -45,6 +45,10 @@ bool MatchCIDRBits(unsigned char* address, unsigned char* mask, unsigned int mas unsigned int modulus = mask_bits % 8; /* Number of whole bytes in the mask */ unsigned int divisor = mask_bits / 8; /* Remaining bits in the mask after whole bytes are dealt with */ + /* We shouldnt match anything, /0 is always valid */ + if (!mask_bits) + return true; + /* First compare the whole bytes, if they dont match, return false */ if (memcmp(address, mask, divisor)) return false; @@ -97,8 +101,8 @@ bool MatchCIDR(const char* address, const char* cidr_mask) memcpy(&addr_raw, &address_in6.s6_addr, 16); memcpy(&mask_raw, &mask_in6.s6_addr, 16); - if (mask > 128) - mask = 128; + if (bits > 128) + bits = 128; } else { @@ -115,8 +119,8 @@ bool MatchCIDR(const char* address, const char* cidr_mask) memcpy(&addr_raw, &address_in4.s_addr, 4); memcpy(&mask_raw, &mask_in4.s_addr, 4); - if (mask > 32) - mask = 32; + if (bits > 32) + bits = 32; } else { -- cgit v1.2.3