2 * Formerly written and maintained by satmd.
3 * This version written and maintained by w00t.
6 #include <sys/socket.h>
7 #include <netinet/in.h>
16 /* $ModDesc: Provides handling of DNS blacklists */
18 /* Class holding data for a single entry */
22 enum EnumBanaction { I_UNKNOWN, I_KILL, I_ZLINE, I_KLINE, I_GLINE };
23 std::string name, domain, reason;
24 EnumBanaction banaction;
27 DNSBLConfEntry(): duration(86400),bitmask(0) {}
31 /** Resolver for CGI:IRC hostnames encoded in ident/GECOS
33 class DNSBLResolver : public Resolver
37 DNSBLConfEntry *ConfEntry;
40 DNSBLResolver(Module *me, InspIRCd *ServerInstance, const std::string &hostname, userrec* u, int userfd, DNSBLConfEntry *conf)
41 : Resolver(ServerInstance, hostname, DNS_QUERY_A, me)
48 virtual void OnLookupComplete(const std::string &result)
50 /* Check the user still exists */
51 if ((them) && (them == ServerInstance->SE->GetRef(theirfd)))
53 ServerInstance->Log(DEBUG, "m_dnsbl: %s got a result from dnsbl %s", them->nick, ConfEntry->name.c_str());
55 // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d
58 unsigned int bitmask=0;
59 unsigned int octetpos=0;
60 std::string tmp = result;
65 unsigned int lastdot = tmp.rfind(".");
67 if (lastdot == std::string::npos)
74 octet=tmp.substr(lastdot+1,tmp.length()-lastdot+1);
78 bitmask += (256 ^ octetpos) * atoi(octet.c_str());
82 bitmask &= ConfEntry->bitmask;
86 std::string reason = ConfEntry->reason;
88 while (int pos = reason.find("%ip%") != std::string::npos)
90 reason.replace(pos, 4, them->GetIPString());
93 ServerInstance->WriteOpers("*** Connecting user %s detected as being on a DNS blacklist (%s) with result %d", them->GetFullRealHost(), ConfEntry->name.c_str(), bitmask);
95 switch (ConfEntry->banaction)
97 case DNSBLConfEntry::I_KILL:
99 them->QuitUser(ServerInstance, them, std::string("Killed (") + reason + ")");
102 case DNSBLConfEntry::I_KLINE:
104 ServerInstance->AddKLine(ConfEntry->duration, ServerInstance->Config->ServerName, reason, std::string("*@") + them->GetIPString());
107 case DNSBLConfEntry::I_GLINE:
109 ServerInstance->AddGLine(ConfEntry->duration, ServerInstance->Config->ServerName, reason, std::string("*@") + them->GetIPString());
112 case DNSBLConfEntry::I_ZLINE:
114 ServerInstance->AddZLine(ConfEntry->duration, ServerInstance->Config->ServerName, reason, them->GetIPString());
117 case DNSBLConfEntry::I_UNKNOWN:
128 virtual void OnError(ResolverError e, const std::string &errormessage)
131 this just means they don't appear in the respective dnsbl
132 if ((them) && (them == ServerInstance->SE->GetRef(theirfd)))
136 /* Check the user still exists */
137 if ((them) && (them == ServerInstance->SE->GetRef(theirfd)))
139 ServerInstance->Log(DEBUG, "m_dnsbl: %s got an error while resolving for dnsbl %s", them->nick, ConfEntry->name.c_str());
143 virtual ~DNSBLResolver()
148 class ModuleDNSBL : public Module
151 std::vector<DNSBLConfEntry *> DNSBLConfEntries;
154 * Convert a string to EnumBanaction
156 DNSBLConfEntry::EnumBanaction str2banaction(const std::string &action)
158 if(action.compare("KILL")==0)
159 return DNSBLConfEntry::I_KILL;
160 if(action.compare("KLINE")==0)
161 return DNSBLConfEntry::I_KLINE;
162 if(action.compare("ZLINE")==0)
163 return DNSBLConfEntry::I_ZLINE;
164 if(action.compare("GLINE")==0)
165 return DNSBLConfEntry::I_GLINE;
167 return DNSBLConfEntry::I_UNKNOWN;
170 ModuleDNSBL(InspIRCd *Me) : Module::Module(Me)
175 virtual ~ModuleDNSBL()
179 virtual Version GetVersion()
181 return Version(2, 0, 0, 0, 0, API_VERSION);
184 void Implements(char* List)
186 List[I_OnRehash] = List[I_OnUserRegister] = 1;
190 * Fill our conf vector with data
192 virtual void ReadConf()
194 ConfigReader *MyConf = new ConfigReader(ServerInstance);
195 DNSBLConfEntries.clear();
197 for (int i=0; i< MyConf->Enumerate("dnsbl"); i++)
199 DNSBLConfEntry *e = new DNSBLConfEntry();
201 e->name = MyConf->ReadValue("dnsbl", "name", i);
202 e->reason = MyConf->ReadValue("dnsbl", "reason", i);
203 e->domain = MyConf->ReadValue("dnsbl", "domain", i);
204 e->banaction = str2banaction(MyConf->ReadValue("dnsbl", "action", i));
205 e->duration = ServerInstance->Duration(MyConf->ReadValue("dnsbl", "duration", i).c_str());
206 e->bitmask = MyConf->ReadInteger("dnsbl", "bitmask", i, false);
208 /* yeah, logic here is a little messy */
211 ServerInstance->WriteOpers("*** DNSBL(#%d): invalid bitmask",i);
213 else if (e->name == "")
215 ServerInstance->WriteOpers("*** DNSBL(#%d): Invalid name",i);
217 else if (e->domain == "")
219 ServerInstance->WriteOpers("*** DNSBL(#%d): Invalid domain",i);
221 else if (e->banaction == DNSBLConfEntry::I_UNKNOWN)
223 ServerInstance->WriteOpers("*** DNSBL(#%d): Invalid banaction", i);
229 ServerInstance->WriteOpers("*** DNSBL(#%d): empty reason, using defaults",i);
230 e->reason = "Your IP has been blacklisted.";
233 /* add it, all is ok */
234 DNSBLConfEntries.push_back(e);
239 /* delete and drop it, error somewhere */
247 virtual void OnRehash(const std::string ¶meter)
253 * We will check each user that connects *locally* (userrec::fd>0)
255 virtual int OnUserRegister(userrec* user)
259 /* following code taken from bopm, reverses an IP address. */
261 unsigned char a, b, c, d;
262 char reversedipbuf[128];
263 std::string reversedip;
265 if (!inet_aton(user->GetIPString(), &in))
267 ServerInstance->WriteOpers("Invalid IP address in m_dnsbl! Bailing check");
271 d = (unsigned char) (in.s_addr >> 24) & 0xFF;
272 c = (unsigned char) (in.s_addr >> 16) & 0xFF;
273 b = (unsigned char) (in.s_addr >> 8) & 0xFF;
274 a = (unsigned char) in.s_addr & 0xFF;
276 snprintf(reversedipbuf, 128, "%d.%d.%d.%d", d, c, b, a);
277 reversedip = std::string(reversedipbuf);
280 this is satmd's old code
281 std::string reversedip;
282 std::string userip = user->GetIPString();
283 std::string tempip = userip;
285 // reversedip will created in there
286 while (tempip.length()>0)
288 unsigned int lastdot=tempip.rfind(".");
289 if (lastdot == std::string::npos)
296 reversedip += tempip.substr(lastdot+1,tempip.length()-lastdot+1);
298 tempip.resize(lastdot);
303 // For each DNSBL, we will run through this lookup
304 for (std::vector<DNSBLConfEntry *>::iterator i = DNSBLConfEntries.begin(); i != DNSBLConfEntries.end(); i++)
306 // Fill hostname with a dnsbl style host (d.c.b.a.domain.tld)
307 std::string hostname=reversedip+"."+ (*i)->domain;
309 ServerInstance->Log(DEBUG, "m_dnsbl: sending %s for resolution", hostname.c_str());
311 /* now we'd need to fire off lookups for `hostname'. */
312 DNSBLResolver *r = new DNSBLResolver(this, ServerInstance, hostname, user, user->GetFd(), *i);
313 ServerInstance->AddResolver(r);
317 /* don't do anything with this hot potato */
322 // stuff down here is the module-factory stuff.
324 class ModuleDNSBLFactory : public ModuleFactory
331 ~ModuleDNSBLFactory()
335 virtual Module *CreateModule(InspIRCd *Me)
337 return new ModuleDNSBL(Me);
343 extern "C" void * init_module( void )
345 return new ModuleDNSBLFactory;
projects / user / henk / code / inspircd.git / blob