1 /* +------------------------------------+
2 * | Inspire Internet Relay Chat Daemon |
3 * +------------------------------------+
5 * InspIRCd: (C) 2002-2007 InspIRCd Development Team
6 * See: http://www.inspircd.org/wiki/index.php/Credits
8 * This program is free but copyrighted software; see
9 * the file COPYING for details.
11 * ---------------------------------------------------
14 #include <sys/types.h>
15 #include <sys/socket.h>
16 #include <netinet/in.h>
17 #include <arpa/inet.h>
26 /* $ModDesc: Provides handling of DNS blacklists */
28 /* Class holding data for a single entry */
32 enum EnumBanaction { I_UNKNOWN, I_KILL, I_ZLINE, I_KLINE, I_GLINE };
33 std::string name, domain, reason;
34 EnumBanaction banaction;
37 unsigned long stats_hits, stats_misses;
38 DNSBLConfEntry(): duration(86400),bitmask(0),stats_hits(0), stats_misses(0) {}
43 /** Resolver for CGI:IRC hostnames encoded in ident/GECOS
45 class DNSBLResolver : public Resolver
49 DNSBLConfEntry *ConfEntry;
52 DNSBLResolver(Module *me, InspIRCd *ServerInstance, const std::string &hostname, userrec* u, int userfd, DNSBLConfEntry *conf, bool &cached)
53 : Resolver(ServerInstance, hostname, DNS_QUERY_A, cached, me)
60 virtual void OnLookupComplete(const std::string &result, unsigned int ttl, bool cached)
62 /* Check the user still exists */
63 if ((them) && (them == ServerInstance->SE->GetRef(theirfd)))
65 // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d
68 unsigned int bitmask = 0;
72 /* Convert the result to an in_addr (we can gaurantee we got ipv4)
73 * Whoever did the loop that was here before, I AM CONFISCATING
74 * YOUR CRACKPIPE. you know who you are. -- Brain
76 inet_aton(result.c_str(), &resultip);
77 bitmask = resultip.s_addr >> 24; /* Last octet (network byte order */
79 bitmask &= ConfEntry->bitmask;
83 std::string reason = ConfEntry->reason;
84 std::string::size_type x = reason.find("%ip%");
85 while (x != std::string::npos)
88 reason.insert(x, them->GetIPString());
89 x = reason.find("%ip%");
92 ConfEntry->stats_hits++;
94 switch (ConfEntry->banaction)
96 case DNSBLConfEntry::I_KILL:
98 userrec::QuitUser(ServerInstance, them, std::string("Killed (") + reason + ")");
101 case DNSBLConfEntry::I_KLINE:
103 std::string ban = std::string("*@") + them->GetIPString();
104 show = ServerInstance->XLines->add_kline(ConfEntry->duration, ServerInstance->Config->ServerName, reason.c_str(), ban.c_str());
105 FOREACH_MOD(I_OnAddKLine,OnAddKLine(ConfEntry->duration, NULL, reason, ban));
108 case DNSBLConfEntry::I_GLINE:
110 std::string ban = std::string("*@") + them->GetIPString();
111 show = ServerInstance->XLines->add_gline(ConfEntry->duration, ServerInstance->Config->ServerName, reason.c_str(), ban.c_str());
112 FOREACH_MOD(I_OnAddGLine,OnAddGLine(ConfEntry->duration, NULL, reason, ban));
115 case DNSBLConfEntry::I_ZLINE:
117 show = ServerInstance->XLines->add_zline(ConfEntry->duration, ServerInstance->Config->ServerName, reason.c_str(), them->GetIPString());
118 FOREACH_MOD(I_OnAddZLine,OnAddZLine(ConfEntry->duration, NULL, reason, them->GetIPString()));
121 case DNSBLConfEntry::I_UNKNOWN:
129 ServerInstance->WriteOpers("*** Connecting user %s detected as being on a DNS blacklist (%s) with result %d", them->GetFullRealHost(), ConfEntry->name.c_str(), bitmask);
132 ConfEntry->stats_misses++;
135 ConfEntry->stats_misses++;
139 virtual void OnError(ResolverError e, const std::string &errormessage)
143 virtual ~DNSBLResolver()
148 class ModuleDNSBL : public Module
151 std::vector<DNSBLConfEntry *> DNSBLConfEntries;
154 * Convert a string to EnumBanaction
156 DNSBLConfEntry::EnumBanaction str2banaction(const std::string &action)
158 if(action.compare("KILL")==0)
159 return DNSBLConfEntry::I_KILL;
160 if(action.compare("KLINE")==0)
161 return DNSBLConfEntry::I_KLINE;
162 if(action.compare("ZLINE")==0)
163 return DNSBLConfEntry::I_ZLINE;
164 if(action.compare("GLINE")==0)
165 return DNSBLConfEntry::I_GLINE;
167 return DNSBLConfEntry::I_UNKNOWN;
170 ModuleDNSBL(InspIRCd *Me) : Module::Module(Me)
175 virtual ~ModuleDNSBL()
180 virtual Version GetVersion()
182 return Version(2, 0, 0, 1, VF_VENDOR, API_VERSION);
185 void Implements(char* List)
187 List[I_OnRehash] = List[I_OnUserRegister] = List[I_OnStats] = 1;
190 /** Clear entries and free the mem it was using
194 std::vector<DNSBLConfEntry *>::iterator i;
195 for (std::vector<DNSBLConfEntry *>::iterator i = DNSBLConfEntries.begin(); i != DNSBLConfEntries.end(); i++)
197 DNSBLConfEntries.clear();
200 /** Fill our conf vector with data
202 virtual void ReadConf()
204 ConfigReader *MyConf = new ConfigReader(ServerInstance);
207 for (int i=0; i< MyConf->Enumerate("dnsbl"); i++)
209 DNSBLConfEntry *e = new DNSBLConfEntry();
211 e->name = MyConf->ReadValue("dnsbl", "name", i);
212 e->reason = MyConf->ReadValue("dnsbl", "reason", i);
213 e->domain = MyConf->ReadValue("dnsbl", "domain", i);
214 e->banaction = str2banaction(MyConf->ReadValue("dnsbl", "action", i));
215 e->duration = ServerInstance->Duration(MyConf->ReadValue("dnsbl", "duration", i).c_str());
216 e->bitmask = MyConf->ReadInteger("dnsbl", "bitmask", i, false);
218 /* yeah, logic here is a little messy */
221 ServerInstance->WriteOpers("*** DNSBL(#%d): invalid bitmask",i);
223 else if (e->name == "")
225 ServerInstance->WriteOpers("*** DNSBL(#%d): Invalid name",i);
227 else if (e->domain == "")
229 ServerInstance->WriteOpers("*** DNSBL(#%d): Invalid domain",i);
231 else if (e->banaction == DNSBLConfEntry::I_UNKNOWN)
233 ServerInstance->WriteOpers("*** DNSBL(#%d): Invalid banaction", i);
239 ServerInstance->WriteOpers("*** DNSBL(#%d): empty reason, using defaults",i);
240 e->reason = "Your IP has been blacklisted.";
243 /* add it, all is ok */
244 DNSBLConfEntries.push_back(e);
248 /* delete and drop it, error somewhere */
255 virtual void OnRehash(userrec* user, const std::string ¶meter)
261 * We will check each user that connects *locally* (userrec::fd>0)
263 virtual int OnUserRegister(userrec* user)
267 /* following code taken from bopm, reverses an IP address. */
269 unsigned char a, b, c, d;
270 char reversedipbuf[128];
271 std::string reversedip;
272 bool success = false;
274 if (!inet_aton(user->GetIPString(), &in))
277 /* We could have an ipv6 address here */
278 std::string x = user->GetIPString();
279 /* Is it a 4in6 address? (Compensate for this kernel kludge that people love) */
280 if (x.find("0::ffff:") == 0)
282 x.erase(x.begin(), x.begin() + 8);
283 if (inet_aton(x.c_str(), &in))
296 d = (unsigned char) (in.s_addr >> 24) & 0xFF;
297 c = (unsigned char) (in.s_addr >> 16) & 0xFF;
298 b = (unsigned char) (in.s_addr >> 8) & 0xFF;
299 a = (unsigned char) in.s_addr & 0xFF;
301 snprintf(reversedipbuf, 128, "%d.%d.%d.%d", d, c, b, a);
302 reversedip = std::string(reversedipbuf);
304 // For each DNSBL, we will run through this lookup
305 for (std::vector<DNSBLConfEntry *>::iterator i = DNSBLConfEntries.begin(); i != DNSBLConfEntries.end(); i++)
307 // Fill hostname with a dnsbl style host (d.c.b.a.domain.tld)
308 std::string hostname = reversedip + "." + (*i)->domain;
310 /* now we'd need to fire off lookups for `hostname'. */
312 DNSBLResolver *r = new DNSBLResolver(this, ServerInstance, hostname, user, user->GetFd(), *i, cached);
313 ServerInstance->AddResolver(r, cached);
317 /* don't do anything with this hot potato */
321 virtual int OnStats(char symbol, userrec* user, string_list &results)
326 unsigned long total_hits = 0, total_misses = 0;
328 for (std::vector<DNSBLConfEntry*>::iterator i = DNSBLConfEntries.begin(); i != DNSBLConfEntries.end(); i++)
330 total_hits += (*i)->stats_hits;
331 total_misses += (*i)->stats_misses;
333 results.push_back(std::string(ServerInstance->Config->ServerName) + " 304 " + user->nick + " :DNSBLSTATS DNSbl \"" + (*i)->name + "\" had " +
334 ConvToStr((*i)->stats_hits) + " hits and " + ConvToStr((*i)->stats_misses) + " misses");
337 results.push_back(std::string(ServerInstance->Config->ServerName) + " 304 " + user->nick + " :DNSBLSTATS Total hits: " + ConvToStr(total_hits));
338 results.push_back(std::string(ServerInstance->Config->ServerName) + " 304 " + user->nick + " :DNSBLSTATS Total misses: " + ConvToStr(total_misses));
344 // stuff down here is the module-factory stuff.
346 class ModuleDNSBLFactory : public ModuleFactory
353 ~ModuleDNSBLFactory()
357 virtual Module *CreateModule(InspIRCd *Me)
359 return new ModuleDNSBL(Me);
365 extern "C" void * init_module( void )
367 return new ModuleDNSBLFactory;
projects / user / henk / code / inspircd.git / blob