]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_dnsbl.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add ConfigTag::getUInt for reading unsigned config values.
[user/henk/code/inspircd.git] / src / modules / m_dnsbl.cpp
diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp
index 44328480e3fe4bd54c4b74e28028f7bf7d64b94b..16694de932fe937278123c6c98cbd234289f282e 100644 (file)
--- a/src/modules/m_dnsbl.cpp
+++ b/src/modules/m_dnsbl.cpp
@@ -24,6 +24,7 @@
 #include "inspircd.h"
 #include "xline.h"
 #include "modules/dns.h"
+#include "modules/stats.h"
 
 /* Class holding data for a single entry */
 class DNSBLConfEntry : public refcountbase
@@ -34,15 +35,15 @@ class DNSBLConfEntry : public refcountbase
                std::string name, ident, host, domain, reason;
                EnumBanaction banaction;
                EnumType type;
-               long duration;
-               int bitmask;
+               unsigned long duration;
+               unsigned int bitmask;
                unsigned char records[256];
                unsigned long stats_hits, stats_misses;
                DNSBLConfEntry(): type(A_BITMASK),duration(86400),bitmask(0),stats_hits(0), stats_misses(0) {}
 };
 
 
-/** Resolver for CGI:IRC hostnames encoded in ident/GECOS
+/** Resolver for CGI:IRC hostnames encoded in ident/real name
  */
 class DNSBLResolver : public DNS::Request
 {
@@ -66,7 +67,17 @@ class DNSBLResolver : public DNS::Request
                if (!them)
                        return;
 
-               const DNS::ResourceRecord &ans_record = r->answers[0];
+               const DNS::ResourceRecord* const ans_record = r->FindAnswerOfType(DNS::QUERY_A);
+               if (!ans_record)
+                       return;
+
+               // All replies should be in 127.0.0.0/8
+               if (ans_record->rdata.compare(0, 4, "127.") != 0)
+               {
+                       ServerInstance->SNO->WriteGlobalSno('a', "DNSBL: %s returned address outside of acceptable subnet 127.0.0.0/8: %s", ConfEntry->domain.c_str(), ans_record->rdata.c_str());
+                       ConfEntry->stats_misses++;
+                       return;
+               }
 
                int i = countExt.get(them);
                if (i)
@@ -78,7 +89,7 @@ class DNSBLResolver : public DNS::Request
                bool match = false;
                in_addr resultip;
 
-               inet_aton(ans_record.rdata.c_str(), &resultip);
+               inet_pton(AF_INET, ans_record->rdata.c_str(), &resultip);
 
                switch (ConfEntry->type)
                {
@@ -173,7 +184,7 @@ class DNSBLResolver : public DNS::Request
                                        if (ServerInstance->XLines->AddLine(zl,NULL))
                                        {
                                                std::string timestr = InspIRCd::TimeString(zl->expiry);
-                                               ServerInstance->SNO->WriteGlobalSno('x',"Z:line added due to DNSBL match on *@%s to expire on %s: %s",
+                                               ServerInstance->SNO->WriteGlobalSno('x',"Z:line added due to DNSBL match on %s to expire on %s: %s",
                                                        them->GetIPString().c_str(), timestr.c_str(), reason.c_str());
                                                ServerInstance->XLines->ApplyLines();
                                        }
@@ -210,7 +221,7 @@ class DNSBLResolver : public DNS::Request
        }
 };
 
-class ModuleDNSBL : public Module
+class ModuleDNSBL : public Module, public Stats::EventListener
 {
        std::vector<reference<DNSBLConfEntry> > DNSBLConfEntries;
        dynamic_reference<DNS::Manager> DNS;
@@ -237,7 +248,8 @@ class ModuleDNSBL : public Module
        }
  public:
        ModuleDNSBL()
-               : DNS(this, "DNS")
+               : Stats::EventListener(this)
+               , DNS(this, "DNS")
                , nameExt("dnsbl_match", ExtensionItem::EXT_USER, this)
                , countExt("dnsbl_pending", ExtensionItem::EXT_USER, this)
        {
@@ -269,7 +281,7 @@ class ModuleDNSBL : public Module
                        if (tag->getString("type") == "bitmask")
                        {
                                e->type = DNSBLConfEntry::A_BITMASK;
-                               e->bitmask = tag->getInt("bitmask");
+                               e->bitmask = tag->getUInt("bitmask", 0, 0, UINT_MAX);
                        }
                        else
                        {