* ---------------------------------------------------
*/
+/* $Core: libIRCDusers */
+
#include "inspircd.h"
#include <stdarg.h>
#include "socketengine.h"
#include "wildcard.h"
#include "xline.h"
+#include "bancache.h"
#include "commands/cmd_whowas.h"
static unsigned long already_sent[MAX_DESCRIPTORS] = {0};
age = ServerInstance->Time(true);
Penalty = 0;
lines_in = lastping = signon = idle_lastmsg = nping = registered = 0;
- ChannelCount = timeout = flood = bytes_in = bytes_out = cmds_in = cmds_out = 0;
+ ChannelCount = timeout = bytes_in = bytes_out = cmds_in = cmds_out = 0;
OverPenalty = ExemptFromPenalty = muted = exempt = haspassed = dns_done = false;
fd = -1;
recvq.clear();
res_forward = res_reverse = NULL;
Visibility = NULL;
ip = NULL;
+ MyClass = NULL;
+ AllowedOperCommands = NULL;
chans.clear();
invites.clear();
memset(modes,0,sizeof(modes));
User::~User()
{
+ /* NULL for remote users :) */
+ if (this->MyClass)
+ {
+ this->MyClass->RefCount--;
+ ServerInstance->Log(DEBUG, "User destructor -- connect refcount now: %u", this->MyClass->RefCount);
+ }
+ if (this->AllowedOperCommands)
+ {
+ delete AllowedOperCommands;
+ AllowedOperCommands = NULL;
+ }
+
this->InvalidateCache();
this->DecrementModes();
if (operquit)
bool User::HasPermission(const std::string &command)
{
- char* mycmd;
- char* savept;
- char* savept2;
-
/*
* users on remote servers can completely bypass all permissions based checks.
* This prevents desyncs when one server has different type/class tags to another.
return false;
}
- // check their opertype exists (!). This won't affect local users, of course.
- opertype_t::iterator iter_opertype = ServerInstance->Config->opertypes.find(this->oper);
- if (iter_opertype == ServerInstance->Config->opertypes.end())
- {
+ if (!AllowedOperCommands)
return false;
- }
- /* XXX all this strtok/strdup stuff is a bit ick and horrid -- w00t */
- char* Classes = strdup(iter_opertype->second);
- char* myclass = strtok_r(Classes," ",&savept);
- while (myclass)
- {
- operclass_t::iterator iter_operclass = ServerInstance->Config->operclass.find(myclass);
- if (iter_operclass != ServerInstance->Config->operclass.end())
- {
- char* CommandList = strdup(iter_operclass->second);
- mycmd = strtok_r(CommandList," ",&savept2);
- while (mycmd)
- {
- if ((!strcasecmp(mycmd,command.c_str())) || (*mycmd == '*'))
- {
- free(Classes);
- free(CommandList);
- return true;
- }
- mycmd = strtok_r(NULL," ",&savept2);
- }
- free(CommandList);
- }
- myclass = strtok_r(NULL," ",&savept);
- }
- free(Classes);
+ if (AllowedOperCommands->find(command) != AllowedOperCommands->end())
+ return true;
+ else if (AllowedOperCommands->find("*") != AllowedOperCommands->end())
+ return true;
return false;
}
if (a.length())
recvq.append(a);
- if (recvq.length() > (unsigned)this->recvqmax)
+ if (this->MyClass && (recvq.length() > this->MyClass->GetRecvqMax()))
{
this->SetWriteError("RecvQ exceeded");
- ServerInstance->WriteOpers("*** User %s RecvQ of %d exceeds connect class maximum of %d",this->nick,recvq.length(),this->recvqmax);
+ ServerInstance->WriteOpers("*** User %s RecvQ of %d exceeds connect class maximum of %d",this->nick,recvq.length(),this->MyClass->GetRecvqMax());
return false;
}
if (*this->GetWriteError())
return;
- if (sendq.length() + data.length() > (unsigned)this->sendqmax)
+ if (this->MyClass && (sendq.length() + data.length() > this->MyClass->GetSendqMax()))
{
/*
* Fix by brain - Set the error text BEFORE calling writeopers, because
* to repeatedly add the text to the sendq!
*/
this->SetWriteError("SendQ exceeded");
- ServerInstance->WriteOpers("*** User %s SendQ of %d exceeds connect class maximum of %d",this->nick,sendq.length() + data.length(),this->sendqmax);
+ ServerInstance->WriteOpers("*** User %s SendQ of %d exceeds connect class maximum of %d",this->nick,sendq.length() + data.length(),this->MyClass->GetSendqMax());
return;
}
void User::Oper(const std::string &opertype)
{
+ char* mycmd;
+ char* savept;
+ char* savept2;
+
try
{
this->modes[UM_OPERATOR] = 1;
ServerInstance->Log(DEFAULT,"OPER: %s!%s@%s opered as type: %s", this->nick, this->ident, this->host, opertype.c_str());
strlcpy(this->oper, opertype.c_str(), NICKMAX - 1);
ServerInstance->all_opers.push_back(this);
+
+ opertype_t::iterator iter_opertype = ServerInstance->Config->opertypes.find(this->oper);
+ if (iter_opertype != ServerInstance->Config->opertypes.end())
+ {
+
+ if (AllowedOperCommands)
+ AllowedOperCommands->clear();
+ else
+ AllowedOperCommands = new std::map<std::string, bool>;
+
+ char* Classes = strdup(iter_opertype->second);
+ char* myclass = strtok_r(Classes," ",&savept);
+ while (myclass)
+ {
+ operclass_t::iterator iter_operclass = ServerInstance->Config->operclass.find(myclass);
+ if (iter_operclass != ServerInstance->Config->operclass.end())
+ {
+ char* CommandList = strdup(iter_operclass->second);
+ mycmd = strtok_r(CommandList," ",&savept2);
+ while (mycmd)
+ {
+ this->AllowedOperCommands->insert(std::make_pair(mycmd, true));
+ mycmd = strtok_r(NULL," ",&savept2);
+ }
+ free(CommandList);
+ }
+ myclass = strtok_r(NULL," ",&savept);
+ }
+ free(Classes);
+ }
+
FOREACH_MOD(I_OnPostOper,OnPostOper(this, opertype));
}
// remove the user from the oper list. Will remove multiple entries as a safeguard against bug #404
ServerInstance->all_opers.remove(this);
+
+ if (AllowedOperCommands)
+ {
+ delete AllowedOperCommands;
+ AllowedOperCommands = NULL;
+ }
}
}
void User::QuitUser(InspIRCd* Instance, User *user, const std::string &quitreason, const char* operreason)
{
- Instance->Log(DEBUG,"QuitUser: %s", user->nick);
- user->Write("ERROR :Closing link (%s@%s) [%s]", user->ident, user->host, operreason);
+ Instance->Log(DEBUG,"QuitUser: %s '%s'", user->nick, quitreason.c_str());
+ user->Write("ERROR :Closing link (%s@%s) [%s]", user->ident, user->host, *operreason ? operreason : quitreason.c_str());
user->muted = true;
Instance->GlobalCulls.AddItem(user, quitreason.c_str(), operreason);
}
* First class check. We do this again in FullConnect after DNS is done, and NICK/USER is recieved.
* See my note down there for why this is required. DO NOT REMOVE. :) -- w00t
*/
- ConnectClass* i = New->GetClass();
+ ConnectClass* i = New->SetClass();
if (!i)
{
return;
}
#endif
+ /*
+ * even with bancache, we still have to keep User::exempt current.
+ * besides that, if we get a positive bancache hit, we still won't fuck
+ * them over if they are exempt. -- w00t
+ */
+ New->exempt = (Instance->XLines->MatchesLine("E",New) != NULL);
- New->exempt = (Instance->XLines->matches_exception(New) != NULL);
- if (!New->exempt)
+ if (BanCacheHit *b = Instance->BanCache->GetHit(New->GetIPString()))
{
- ZLine* r = Instance->XLines->matches_zline(ipaddr);
- if (r)
+ if (!b->Type.empty() && !New->exempt)
{
- char reason[MAXBUF];
+ /* user banned */
+ Instance->Log(DEBUG, std::string("BanCache: Positive hit for ") + New->GetIPString());
if (*Instance->Config->MoronBanner)
New->WriteServ("NOTICE %s :*** %s", New->nick, Instance->Config->MoronBanner);
- snprintf(reason,MAXBUF,"Z-Lined: %s",r->reason);
- User::QuitUser(Instance, New, reason);
+ User::QuitUser(Instance, New, b->Reason);
return;
}
+ else
+ {
+ Instance->Log(DEBUG, std::string("BanCache: Negative hit for ") + New->GetIPString());
+ }
+ }
+ else
+ {
+ if (!New->exempt)
+ {
+ XLine* r = Instance->XLines->MatchesLine("Z",New);
+
+ if (r)
+ {
+ r->Apply(New);
+ return;
+ }
+ }
}
if (socket > -1)
* BOPM and other stuff requires it.
*/
New->WriteServ("NOTICE Auth :*** Looking up your hostname...");
+
+ if (Instance->Config->NoUserDns)
+ {
+ New->dns_done = true;
+ }
+ else
+ {
+ New->StartDNSLookup();
+ }
}
unsigned long User::GlobalCloneCount()
/*
* Check class restrictions
*/
-void User::CheckClass(const std::string &explicit_class)
+void User::CheckClass()
{
- ConnectClass* a = this->GetClass(explicit_class);
+ ConnectClass* a = this->MyClass;
if ((!a) || (a->GetType() == CC_DENY))
{
return;
}
- this->pingmax = a->GetPingTime();
this->nping = ServerInstance->Time() + a->GetPingTime() + ServerInstance->Config->dns_timeout;
this->timeout = ServerInstance->Time() + a->GetRegTimeout();
- this->flood = a->GetFlood();
- this->threshold = a->GetThreshold();
- this->sendqmax = a->GetSendqMax();
- this->recvqmax = a->GetRecvqMax();
this->MaxChans = a->GetMaxChans();
}
* may put the user into a totally seperate class with different restrictions! so we *must* check again.
* Don't remove this! -- w00t
*/
- this->CheckClass();
+ this->SetClass();
/* Check the password, if one is required by the user's connect class.
* This CANNOT be in CheckClass(), because that is called prior to PASS as well!
*/
- if ((!this->GetClass()->GetPass().empty()) && (!this->haspassed))
+ if (this->MyClass && !this->MyClass->GetPass().empty() && !this->haspassed)
{
User::QuitUser(ServerInstance, this, "Invalid password");
return;
}
-
+
if (!this->exempt)
{
- GLine* r = ServerInstance->XLines->matches_gline(this);
+ GLine *r = (GLine *)ServerInstance->XLines->MatchesLine("G", this);
if (r)
{
this->muted = true;
- char reason[MAXBUF];
- if (*ServerInstance->Config->MoronBanner)
- this->WriteServ("NOTICE %s :*** %s", this->nick, ServerInstance->Config->MoronBanner);
- snprintf(reason,MAXBUF,"G-Lined: %s",r->reason);
- User::QuitUser(ServerInstance, this, reason);
+ r->Apply(this);
return;
}
- KLine* n = ServerInstance->XLines->matches_kline(this);
+ KLine *n = (KLine *)ServerInstance->XLines->MatchesLine("K", this);
if (n)
{
this->muted = true;
- char reason[MAXBUF];
- if (*ServerInstance->Config->MoronBanner)
- this->WriteServ("NOTICE %s :*** %s", this, ServerInstance->Config->MoronBanner);
- snprintf(reason,MAXBUF,"K-Lined: %s",n->reason);
- User::QuitUser(ServerInstance, this, reason);
+ n->Apply(this);
return;
}
}
FOREACH_MOD(I_OnPostConnect,OnPostConnect(this));
ServerInstance->SNO->WriteToSnoMask('c',"Client connecting on port %d: %s!%s@%s [%s] [%s]", this->GetPort(), this->nick, this->ident, this->host, this->GetIPString(), this->fullname);
+
+ ServerInstance->Log(DEBUG, "BanCache: Adding NEGATIVE hit for %s", this->GetIPString());
+ ServerInstance->BanCache->AddHit(this->GetIPString(), "", "");
}
/** User::UpdateNick()
return false;
}
- if (ServerInstance->XLines->matches_qline(newnick))
+ if (ServerInstance->XLines->MatchesLine("Q",newnick))
{
ServerInstance->stats->statsCollisions++;
return false;
return this->MaxChans;
}
-/* looks up a users password for their connection class (<ALLOW>/<DENY> tags)
+
+/*
+ * Sets a user's connection class.
+ * If the class name is provided, it will be used. Otherwise, the class will be guessed using host/ip/ident/etc.
* NOTE: If the <ALLOW> or <DENY> tag specifies an ip, and this user resolves,
* then their ip will be taken as 'priority' anyway, so for example,
* <connect allow="127.0.0.1"> will match joe!bloggs@localhost
*/
-ConnectClass* User::GetClass(const std::string &explicit_name)
+ConnectClass* User::SetClass(const std::string &explicit_name)
{
+ ConnectClass *found = NULL;
+
+ if (!IS_LOCAL(this))
+ return NULL;
+
if (!explicit_name.empty())
{
for (ClassVector::iterator i = ServerInstance->Config->Classes.begin(); i != ServerInstance->Config->Classes.end(); i++)
{
- if (explicit_name == i->GetName())
- return &(*i);
+ ConnectClass* c = *i;
+
+ if (explicit_name == c->GetName() && !c->GetDisabled())
+ {
+ found = c;
+ }
}
}
else
{
for (ClassVector::iterator i = ServerInstance->Config->Classes.begin(); i != ServerInstance->Config->Classes.end(); i++)
{
- if (((match(this->GetIPString(),i->GetHost().c_str(),true)) || (match(this->host,i->GetHost().c_str()))))
+ ConnectClass* c = *i;
+
+ if (((match(this->GetIPString(),c->GetHost().c_str(),true)) || (match(this->host,c->GetHost().c_str()))))
{
- if (i->GetPort())
+ if (c->GetPort())
{
- if (this->GetPort() == i->GetPort())
- return &(*i);
+ if (this->GetPort() == c->GetPort() && !c->GetDisabled())
+ {
+ found = c;
+ }
else
continue;
}
else
- return &(*i);
+ {
+ if (!c->GetDisabled())
+ found = c;
+ }
}
}
}
- return NULL;
+
+ /* ensure we don't fuck things up refcount wise, only remove them from a class if we find a new one :P */
+ if (found)
+ {
+ /* deny change if change will take class over the limit */
+ if (found->limit && (found->RefCount + 1 >= found->limit))
+ {
+ ServerInstance->Log(DEBUG, "OOPS: Connect class limit (%u) hit, denying", found->limit);
+ return this->MyClass;
+ }
+
+ /* should always be valid, but just in case .. */
+ if (this->MyClass)
+ {
+ if (found == this->MyClass) // no point changing this shit :P
+ return this->MyClass;
+ this->MyClass->RefCount--;
+ ServerInstance->Log(DEBUG, "Untying user from connect class -- refcount: %u", this->MyClass->RefCount);
+ }
+
+ this->MyClass = found;
+ this->MyClass->RefCount++;
+ ServerInstance->Log(DEBUG, "User tied to new class -- connect refcount now: %u", this->MyClass->RefCount);
+ }
+
+ return this->MyClass;
+}
+
+/* looks up a users password for their connection class (<ALLOW>/<DENY> tags)
+ * NOTE: If the <ALLOW> or <DENY> tag specifies an ip, and this user resolves,
+ * then their ip will be taken as 'priority' anyway, so for example,
+ * <connect allow="127.0.0.1"> will match joe!bloggs@localhost
+ */
+ConnectClass* User::GetClass()
+{
+ return this->MyClass;
}
void User::PurgeEmptyChannels()
if (i2 != ServerInstance->chanlist->end())
{
FOREACH_MOD(I_OnChannelDelete,OnChannelDelete(i2->second));
- DELETE(i2->second);
+ delete i2->second;
ServerInstance->chanlist->erase(i2);
this->chans.erase(*n);
}
return operquit ? operquit : "";
}
+void User::IncreasePenalty(int increase)
+{
+ this->Penalty += increase;
+}
+
+void User::DecreasePenalty(int decrease)
+{
+ this->Penalty -= decrease;
+}
+
VisData::VisData()
{
}