From 2d732f4dbf4ccd22c8a4424692cc72a89ffd49b7 Mon Sep 17 00:00:00 2001 From: danieldg Date: Sun, 13 Sep 2009 20:33:11 +0000 Subject: Change match direction of extbans to allow stacking This allows you create stacked bans like: +b m:r:*bot* to mute anyone with bot in their gecos +e S:j:+#staff to allow voices in #staff to use color It also deprecates extban M, which can be implemented using m:R: git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@11711 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/channels.cpp | 78 ++++++++++++++++---------------------- src/modules.cpp | 6 +-- src/modules/m_banexception.cpp | 55 +++++++-------------------- src/modules/m_channelban.cpp | 33 ++++++++++++---- src/modules/m_gecosban.cpp | 17 ++++++--- src/modules/m_operchans.cpp | 18 ++------- src/modules/m_operinvex.cpp | 31 ++++----------- src/modules/m_serverban.cpp | 17 ++++++--- src/modules/m_services_account.cpp | 42 +++++++++----------- src/modules/m_sslmodes.cpp | 13 ++++--- 10 files changed, 135 insertions(+), 175 deletions(-) (limited to 'src') diff --git a/src/channels.cpp b/src/channels.cpp index 0afbc93bb..c60ec2890 100644 --- a/src/channels.cpp +++ b/src/channels.cpp @@ -383,76 +383,64 @@ Channel* Channel::ForceChan(InspIRCd* Instance, Channel* Ptr, User* user, const bool Channel::IsBanned(User* user) { ModResult result; - DO_EACH_HOOK(ServerInstance, OnCheckBan, ModResult modresult, (user, this)) - { - result = result + modresult; - } - WHILE_EACH_HOOK(ServerInstance, OnCheckBan); + FIRST_MOD_RESULT(ServerInstance, OnCheckChannelBan, result, (user, this)); if (result != MOD_RES_PASSTHRU) return (result == MOD_RES_DENY); - char mask[MAXBUF]; - snprintf(mask, MAXBUF, "%s!%s@%s", user->nick.c_str(), user->ident.c_str(), user->GetIPString()); for (BanList::iterator i = this->bans.begin(); i != this->bans.end(); i++) { - if ((InspIRCd::Match(user->GetFullHost(),i->data, NULL)) || // host - (InspIRCd::Match(user->GetFullRealHost(),i->data, NULL)) || // uncloaked host - (InspIRCd::MatchCIDR(mask, i->data, NULL))) // ip - { + if (CheckBan(user, i->data)) return true; - } } return false; } -ModResult Channel::GetExtBanStatus(const std::string &str, char type) +bool Channel::CheckBan(User* user, const std::string& mask) { ModResult result; - DO_EACH_HOOK(ServerInstance, OnCheckStringExtBan, ModResult modresult, (str, this, type)) - { - result = result + modresult; - } - WHILE_EACH_HOOK(ServerInstance, OnCheckStringExtBan); - + FIRST_MOD_RESULT(ServerInstance, OnCheckBan, result, (user, this, mask)); if (result != MOD_RES_PASSTHRU) - return result; + return (result == MOD_RES_DENY); - // nobody decided for us, check the ban list - for (BanList::iterator i = this->bans.begin(); i != this->bans.end(); i++) - { - if (i->data[0] != type || i->data[1] != ':') - continue; + // extbans were handled above, if this is one it obviously didn't match + if (mask[1] == ':') + return false; - std::string maskptr = i->data.substr(2); - ServerInstance->Logs->Log("EXTBANS", DEBUG, "Checking %s against %s, type is %c", str.c_str(), maskptr.c_str(), type); + std::string::size_type at = mask.find('@'); + if (at == std::string::npos) + return false; - if (InspIRCd::Match(str, maskptr, NULL)) - return MOD_RES_DENY; + char tomatch[MAXBUF]; + snprintf(tomatch, MAXBUF, "%s!%s", user->nick.c_str(), user->ident.c_str()); + std::string prefix = mask.substr(0, at); + if (InspIRCd::Match(tomatch, prefix, NULL)) + { + std::string suffix = mask.substr(at + 1); + if (InspIRCd::Match(user->host, suffix, NULL) || + InspIRCd::Match(user->dhost, suffix, NULL) || + InspIRCd::MatchCIDR(user->GetIPString(), suffix, NULL)) + return true; } - - return MOD_RES_PASSTHRU; + return false; } ModResult Channel::GetExtBanStatus(User *user, char type) { ModResult rv; - DO_EACH_HOOK(ServerInstance, OnCheckExtBan, ModResult modresult, (user, this, type)) - { - rv = rv + modresult; - } - WHILE_EACH_HOOK(ServerInstance, OnCheckExtBan); - + FIRST_MOD_RESULT(ServerInstance, OnExtBanCheck, rv, (user, this, type)); if (rv != MOD_RES_PASSTHRU) return rv; - - char mask[MAXBUF]; - snprintf(mask, MAXBUF, "%s!%s@%s", user->nick.c_str(), user->ident.c_str(), user->GetIPString()); - - rv = rv + this->GetExtBanStatus(mask, type); - rv = rv + this->GetExtBanStatus(user->GetFullHost(), type); - rv = rv + this->GetExtBanStatus(user->GetFullRealHost(), type); - return rv; + for (BanList::iterator i = this->bans.begin(); i != this->bans.end(); i++) + { + if (i->data[0] == type && i->data[1] == ':') + { + std::string val = i->data.substr(2); + if (CheckBan(user, val)) + return MOD_RES_DENY; + } + } + return MOD_RES_ALLOW; } /* Channel::PartUser diff --git a/src/modules.cpp b/src/modules.cpp index e382f145e..48b477658 100644 --- a/src/modules.cpp +++ b/src/modules.cpp @@ -145,9 +145,9 @@ ModResult Module::OnRawMode(User*, Channel*, const char, const std::string &, bo ModResult Module::OnCheckInvite(User*, Channel*) { return MOD_RES_PASSTHRU; } ModResult Module::OnCheckKey(User*, Channel*, const std::string&) { return MOD_RES_PASSTHRU; } ModResult Module::OnCheckLimit(User*, Channel*) { return MOD_RES_PASSTHRU; } -ModResult Module::OnCheckBan(User*, Channel*) { return MOD_RES_PASSTHRU; } -ModResult Module::OnCheckExtBan(User *, Channel *, char) { return MOD_RES_PASSTHRU; } -ModResult Module::OnCheckStringExtBan(const std::string &s, Channel *c, char type) { return MOD_RES_PASSTHRU; } +ModResult Module::OnCheckChannelBan(User*, Channel*) { return MOD_RES_PASSTHRU; } +ModResult Module::OnCheckBan(User*, Channel*, const std::string&) { return MOD_RES_PASSTHRU; } +ModResult Module::OnExtBanCheck(User*, Channel*, char) { return MOD_RES_PASSTHRU; } ModResult Module::OnStats(char, User*, string_list&) { return MOD_RES_PASSTHRU; } ModResult Module::OnChangeLocalUserHost(User*, const std::string&) { return MOD_RES_PASSTHRU; } ModResult Module::OnChangeLocalUserGECOS(User*, const std::string&) { return MOD_RES_PASSTHRU; } diff --git a/src/modules/m_banexception.cpp b/src/modules/m_banexception.cpp index 9137c09d9..be4e8d28a 100644 --- a/src/modules/m_banexception.cpp +++ b/src/modules/m_banexception.cpp @@ -47,17 +47,17 @@ public: ServerInstance->Modules->PublishInterface("ChannelBanList", this); be.DoImplements(this); - Implementation list[] = { I_OnRehash, I_OnRequest, I_On005Numeric, I_OnCheckBan, I_OnCheckExtBan, I_OnCheckStringExtBan }; - Me->Modules->Attach(list, this, 6); + Implementation list[] = { I_OnRehash, I_OnRequest, I_On005Numeric, I_OnExtBanCheck, I_OnCheckChannelBan }; + Me->Modules->Attach(list, this, 5); } - virtual void On005Numeric(std::string &output) + void On005Numeric(std::string &output) { output.append(" EXCEPTS=e"); } - virtual ModResult OnCheckExtBan(User *user, Channel *chan, char type) + ModResult OnExtBanCheck(User *user, Channel *chan, char type) { if (chan != NULL) { @@ -66,15 +66,12 @@ public: if (!list) return MOD_RES_PASSTHRU; - std::string mask = std::string(user->nick) + "!" + user->ident + "@" + user->GetIPString(); for (modelist::iterator it = list->begin(); it != list->end(); it++) { if (it->mask[0] != type || it->mask[1] != ':') continue; - std::string maskptr = it->mask.substr(2); - - if (InspIRCd::Match(user->GetFullRealHost(), maskptr) || InspIRCd::Match(user->GetFullHost(), maskptr) || (InspIRCd::MatchCIDR(mask, maskptr))) + if (chan->CheckBan(user, it->mask.substr(2))) { // They match an entry on the list, so let them pass this. return MOD_RES_ALLOW; @@ -85,32 +82,9 @@ public: return MOD_RES_PASSTHRU; } - virtual ModResult OnCheckStringExtBan(const std::string &str, Channel *chan, char type) - { - if (chan != NULL) - { - modelist *list = be.extItem.get(chan); - - if (!list) - return MOD_RES_PASSTHRU; - for (modelist::iterator it = list->begin(); it != list->end(); it++) - { - if (it->mask[0] != type || it->mask[1] != ':') - continue; - - std::string maskptr = it->mask.substr(2); - if (InspIRCd::Match(str, maskptr)) - // They match an entry on the list, so let them in. - return MOD_RES_ALLOW; - } - } - - return MOD_RES_PASSTHRU; - } - - virtual ModResult OnCheckBan(User* user, Channel* chan) + ModResult OnCheckChannelBan(User* user, Channel* chan) { - if (chan != NULL) + if (chan) { modelist *list = be.extItem.get(chan); @@ -120,10 +94,9 @@ public: return MOD_RES_PASSTHRU; } - std::string mask = std::string(user->nick) + "!" + user->ident + "@" + user->GetIPString(); for (modelist::iterator it = list->begin(); it != list->end(); it++) { - if (InspIRCd::Match(user->GetFullRealHost(), it->mask) || InspIRCd::Match(user->GetFullHost(), it->mask) || (InspIRCd::MatchCIDR(mask, it->mask))) + if (chan->CheckBan(user, it->mask)) { // They match an entry on the list, so let them in. return MOD_RES_ALLOW; @@ -133,32 +106,32 @@ public: return MOD_RES_PASSTHRU; } - virtual void OnCleanup(int target_type, void* item) + void OnCleanup(int target_type, void* item) { be.DoCleanup(target_type, item); } - virtual void OnSyncChannel(Channel* chan, Module* proto, void* opaque) + void OnSyncChannel(Channel* chan, Module* proto, void* opaque) { be.DoSyncChannel(chan, proto, opaque); } - virtual void OnRehash(User* user) + void OnRehash(User* user) { be.DoRehash(); } - virtual const char* OnRequest(Request* request) + const char* OnRequest(Request* request) { return be.DoOnRequest(request); } - virtual Version GetVersion() + Version GetVersion() { return Version("$Id$", VF_COMMON | VF_VENDOR, API_VERSION); } - virtual ~ModuleBanException() + ~ModuleBanException() { ServerInstance->Modes->DelMode(&be); ServerInstance->Modules->UnpublishInterface("ChannelBanList", this); diff --git a/src/modules/m_channelban.cpp b/src/modules/m_channelban.cpp index 727ab15a3..387aeb2b9 100644 --- a/src/modules/m_channelban.cpp +++ b/src/modules/m_channelban.cpp @@ -31,18 +31,37 @@ class ModuleBadChannelExtban : public Module Version GetVersion() { - return Version("$Id$", VF_COMMON|VF_VENDOR,API_VERSION); + return Version("Extban 'j' - channel status/join ban", VF_COMMON|VF_VENDOR,API_VERSION); } - ModResult OnCheckBan(User *user, Channel *c) + ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) { - ModResult rv; - for (UCListIter i = user->chans.begin(); i != user->chans.end(); i++) + if (mask[0] == 'j' && mask[1] == ':') { - rv = rv + c->GetExtBanStatus((*i)->name, 'j'); + std::string rm = mask.substr(2); + char status = 0; + ModeHandler* mh = ServerInstance->Modes->FindPrefix(rm[0]); + if (mh) + { + rm = mask.substr(3); + status = mh->GetModeChar(); + } + for (UCListIter i = user->chans.begin(); i != user->chans.end(); i++) + { + if (InspIRCd::Match((**i).name, rm)) + { + if (status) + { + Membership* memb = c->GetUser(user); + if (memb->hasMode(status)) + return MOD_RES_DENY; + } + else + return MOD_RES_DENY; + } + } } - - return rv; + return MOD_RES_PASSTHRU; } void On005Numeric(std::string &output) diff --git a/src/modules/m_gecosban.cpp b/src/modules/m_gecosban.cpp index 46ed50f2f..0a868d347 100644 --- a/src/modules/m_gecosban.cpp +++ b/src/modules/m_gecosban.cpp @@ -25,21 +25,26 @@ class ModuleGecosBan : public Module ServerInstance->Modules->Attach(eventlist, this, 2); } - virtual ~ModuleGecosBan() + ~ModuleGecosBan() { } - virtual Version GetVersion() + Version GetVersion() { - return Version("$Id$", VF_COMMON|VF_VENDOR, API_VERSION); + return Version("Extban 'r' - realname (gecos) ban", VF_COMMON|VF_VENDOR); } - virtual ModResult OnCheckBan(User *user, Channel *c) + ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) { - return c->GetExtBanStatus(user->fullname, 'r'); + if (mask[0] == 'r' && mask[1] == ':') + { + if (InspIRCd::Match(user->fullname, mask.substr(2))) + return MOD_RES_DENY; + } + return MOD_RES_PASSTHRU; } - virtual void On005Numeric(std::string &output) + void On005Numeric(std::string &output) { ServerInstance->AddExtBanChar('r'); } diff --git a/src/modules/m_operchans.cpp b/src/modules/m_operchans.cpp index d97142e66..32d54bce7 100644 --- a/src/modules/m_operchans.cpp +++ b/src/modules/m_operchans.cpp @@ -46,7 +46,6 @@ class OperChans : public ModeHandler class ModuleOperChans : public Module { - OperChans oc; public: ModuleOperChans(InspIRCd* Me) @@ -54,11 +53,10 @@ class ModuleOperChans : public Module { if (!ServerInstance->Modes->AddMode(&oc)) throw ModuleException("Could not add new modes!"); - Implementation eventlist[] = { I_OnCheckBan, I_OnUserPreJoin }; - ServerInstance->Modules->Attach(eventlist, this, 2); + ServerInstance->Modules->Attach(I_OnUserPreJoin, this); } - virtual ModResult OnUserPreJoin(User* user, Channel* chan, const char* cname, std::string &privs, const std::string &keygiven) + ModResult OnUserPreJoin(User* user, Channel* chan, const char* cname, std::string &privs, const std::string &keygiven) { if (chan && chan->IsModeSet('O') && !IS_OPER(user)) { @@ -69,20 +67,12 @@ class ModuleOperChans : public Module return MOD_RES_PASSTHRU; } - virtual ModResult OnCheckBan(User* user, Channel* chan) - { - if (IS_OPER(user)) - return chan->GetExtBanStatus(user->oper, 'O'); - - return MOD_RES_PASSTHRU; - } - - virtual ~ModuleOperChans() + ~ModuleOperChans() { ServerInstance->Modes->DelMode(&oc); } - virtual Version GetVersion() + Version GetVersion() { return Version("$Id$", VF_VENDOR | VF_COMMON, API_VERSION); } diff --git a/src/modules/m_operinvex.cpp b/src/modules/m_operinvex.cpp index 41fc51a1d..a32f39176 100644 --- a/src/modules/m_operinvex.cpp +++ b/src/modules/m_operinvex.cpp @@ -24,44 +24,29 @@ class ModuleOperInvex : public Module public: ModuleOperInvex(InspIRCd* Me) : Module(Me) { - Implementation eventlist[] = { I_OnCheckBan, I_On005Numeric, I_OnCheckInvite }; - ServerInstance->Modules->Attach(eventlist, this, 3); + Implementation eventlist[] = { I_OnCheckBan, I_On005Numeric }; + ServerInstance->Modules->Attach(eventlist, this, 2); } - virtual ~ModuleOperInvex() + ~ModuleOperInvex() { } - virtual Version GetVersion() + Version GetVersion() { - return Version("$Id$", VF_COMMON|VF_VENDOR, API_VERSION); + return Version("ExtBan 'O' - oper type ban", VF_COMMON|VF_VENDOR); } - virtual ModResult OnCheckInvite(User *user, Channel *c) + ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) { - if (!IS_LOCAL(user) || !IS_OPER(user)) - return MOD_RES_PASSTHRU; - - Module* ExceptionModule = ServerInstance->Modules->Find("m_inviteexception.so"); - if (ExceptionModule) + if (mask[0] == 'O' && mask[1] == ':') { - if (ListModeRequest(this, ExceptionModule, user->oper, 'O', c).Send()) - { - // Oper type is exempt + if (IS_OPER(user) && InspIRCd::Match(user->oper, mask.substr(2))) return MOD_RES_DENY; - } } - return MOD_RES_PASSTHRU; } - virtual ModResult OnCheckBan(User *user, Channel *c) - { - if (!IS_OPER(user)) - return MOD_RES_PASSTHRU; - return c->GetExtBanStatus(user->oper, 'O'); - } - virtual void On005Numeric(std::string &output) { ServerInstance->AddExtBanChar('O'); diff --git a/src/modules/m_serverban.cpp b/src/modules/m_serverban.cpp index bd47e947a..6f35de862 100644 --- a/src/modules/m_serverban.cpp +++ b/src/modules/m_serverban.cpp @@ -25,21 +25,26 @@ class ModuleServerBan : public Module ServerInstance->Modules->Attach(eventlist, this, 2); } - virtual ~ModuleServerBan() + ~ModuleServerBan() { } - virtual Version GetVersion() + Version GetVersion() { - return Version("$Id$",VF_COMMON|VF_VENDOR,API_VERSION); + return Version("Extban 's' - server ban",VF_COMMON|VF_VENDOR); } - virtual ModResult OnCheckBan(User *user, Channel *c) + ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) { - return c->GetExtBanStatus(user->server, 's'); + if (mask[0] == 's' && mask[1] == ':') + { + if (InspIRCd::Match(user->server, mask.substr(2))) + return MOD_RES_DENY; + } + return MOD_RES_PASSTHRU; } - virtual void On005Numeric(std::string &output) + void On005Numeric(std::string &output) { ServerInstance->AddExtBanChar('s'); } diff --git a/src/modules/m_services_account.cpp b/src/modules/m_services_account.cpp index 30077e408..ac71a1215 100644 --- a/src/modules/m_services_account.cpp +++ b/src/modules/m_services_account.cpp @@ -123,14 +123,13 @@ class ModuleServicesAccount : public Module ServerInstance->Modules->Attach(eventlist, this, 10); } - virtual void On005Numeric(std::string &t) + void On005Numeric(std::string &t) { ServerInstance->AddExtBanChar('R'); - ServerInstance->AddExtBanChar('M'); } /* <- :twisted.oscnet.org 330 w00t2 w00t2 w00t :is logged in as */ - virtual void OnWhois(User* source, User* dest) + void OnWhois(User* source, User* dest) { std::string *account = accountname.get(dest); @@ -146,7 +145,7 @@ class ModuleServicesAccount : public Module } } - virtual void OnUserPostNick(User* user, const std::string &oldnick) + void OnUserPostNick(User* user, const std::string &oldnick) { /* On nickchange, if they have +r, remove it */ if (user->IsModeSet('r') && assign(user->nick) != oldnick) @@ -158,7 +157,7 @@ class ModuleServicesAccount : public Module } } - virtual ModResult OnUserPreMessage(User* user,void* dest,int target_type, std::string &text, char status, CUList &exempt_list) + ModResult OnUserPreMessage(User* user,void* dest,int target_type, std::string &text, char status, CUList &exempt_list) { if (!IS_LOCAL(user)) return MOD_RES_PASSTHRU; @@ -182,16 +181,6 @@ class ModuleServicesAccount : public Module user->WriteNumeric(477, ""+std::string(user->nick)+" "+std::string(c->name)+" :You need to be identified to a registered account to message this channel"); return MOD_RES_DENY; } - - if (account) - { - if (c->GetExtBanStatus(*account, 'M') == MOD_RES_DENY) - { - // may not speak (text is deliberately vague, so they don't know which restriction to evade) - user->WriteNumeric(477, ""+std::string(user->nick)+" "+std::string(c->name)+" :You may not speak in this channel"); - return MOD_RES_DENY; - } - } } else if (target_type == TYPE_USER) { @@ -207,20 +196,23 @@ class ModuleServicesAccount : public Module return MOD_RES_PASSTHRU; } - virtual ModResult OnCheckBan(User* user, Channel* chan) + ModResult OnCheckBan(User* user, Channel* chan, const std::string& mask) { - std::string *account = accountname.get(user); - if (!account) - return MOD_RES_PASSTHRU; - return chan->GetExtBanStatus(*account, 'R'); + if (mask[0] == 'R' && mask[1] == ':') + { + std::string *account = accountname.get(user); + if (account && InspIRCd::Match(*account, mask.substr(2))) + return MOD_RES_DENY; + } + return MOD_RES_PASSTHRU; } - virtual ModResult OnUserPreNotice(User* user,void* dest,int target_type, std::string &text, char status, CUList &exempt_list) + ModResult OnUserPreNotice(User* user,void* dest,int target_type, std::string &text, char status, CUList &exempt_list) { return OnUserPreMessage(user, dest, target_type, text, status, exempt_list); } - virtual ModResult OnUserPreJoin(User* user, Channel* chan, const char* cname, std::string &privs, const std::string &keygiven) + ModResult OnUserPreJoin(User* user, Channel* chan, const char* cname, std::string &privs, const std::string &keygiven) { if (!IS_LOCAL(user)) return MOD_RES_PASSTHRU; @@ -256,7 +248,7 @@ class ModuleServicesAccount : public Module // In our case we're only sending a single string around, so we just construct a std::string. // Some modules will probably get much more complex and format more detailed structs and classes // in a textual way for sending over the link. - virtual void OnDecodeMetaData(Extensible* target, const std::string &extname, const std::string &extdata) + void OnDecodeMetaData(Extensible* target, const std::string &extname, const std::string &extdata) { User* dest = dynamic_cast(target); // check if its our metadata key, and its associated with a user @@ -280,7 +272,7 @@ class ModuleServicesAccount : public Module } } - virtual ~ModuleServicesAccount() + ~ModuleServicesAccount() { ServerInstance->Modes->DelMode(&m1); ServerInstance->Modes->DelMode(&m2); @@ -289,7 +281,7 @@ class ModuleServicesAccount : public Module ServerInstance->Modes->DelMode(&m5); } - virtual Version GetVersion() + Version GetVersion() { return Version("$Id$",VF_COMMON|VF_VENDOR,API_VERSION); } diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp index b190cfc39..27a9285cc 100644 --- a/src/modules/m_sslmodes.cpp +++ b/src/modules/m_sslmodes.cpp @@ -101,12 +101,15 @@ class ModuleSSLModes : public Module return MOD_RES_PASSTHRU; } - ModResult OnCheckBan(User *user, Channel *c) + ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) { - BufferedSocketCertificateRequest req(user, this, user->GetIOHook()); - req.Send(); - if (req.cert) - return c->GetExtBanStatus(req.cert->GetFingerprint(), 'z'); + if (mask[0] == 'z' && mask[1] == ':') + { + BufferedSocketCertificateRequest req(user, this, user->GetIOHook()); + req.Send(); + if (req.cert && InspIRCd::Match(req.cert->GetFingerprint(), mask.substr(2))) + return MOD_RES_DENY; + } return MOD_RES_PASSTHRU; } -- cgit v1.2.3