X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_dnsbl.cpp;h=732717ff3dc08ea7704f956f41a0e7961c45d94f;hb=12a47e788b3eba8e395abdd46c2dc91692b9b292;hp=48ce1d791ae88c3e0b02429dfc6dde4ebdd0582d;hpb=59df199aaedf8018979c444eaa8cca59ff001877;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp
index 48ce1d791..732717ff3 100644
--- a/src/modules/m_dnsbl.cpp
+++ b/src/modules/m_dnsbl.cpp
@@ -35,7 +35,7 @@ class DNSBLConfEntry : public refcountbase
 		EnumBanaction banaction;
 		EnumType type;
 		long duration;
-		int bitmask;
+		unsigned int bitmask;
 		unsigned char records[256];
 		unsigned long stats_hits, stats_misses;
 		DNSBLConfEntry(): type(A_BITMASK),duration(86400),bitmask(0),stats_hits(0), stats_misses(0) {}
@@ -66,7 +66,17 @@ class DNSBLResolver : public DNS::Request
 		if (!them)
 			return;
 
-		const DNS::ResourceRecord &ans_record = r->answers[0];
+		const DNS::ResourceRecord* const ans_record = r->FindAnswerOfType(DNS::QUERY_A);
+		if (!ans_record)
+			return;
+
+		// All replies should be in 127.0.0.0/8
+		if (ans_record->rdata.compare(0, 4, "127.") != 0)
+		{
+			ServerInstance->SNO->WriteGlobalSno('a', "DNSBL: %s returned address outside of acceptable subnet 127.0.0.0/8: %s", ConfEntry->domain.c_str(), ans_record->rdata.c_str());
+			ConfEntry->stats_misses++;
+			return;
+		}
 
 		int i = countExt.get(them);
 		if (i)
@@ -78,7 +88,7 @@ class DNSBLResolver : public DNS::Request
 		bool match = false;
 		in_addr resultip;
 
-		inet_aton(ans_record.rdata.c_str(), &resultip);
+		inet_pton(AF_INET, ans_record->rdata.c_str(), &resultip);
 
 		switch (ConfEntry->type)
 		{
@@ -117,13 +127,13 @@ class DNSBLResolver : public DNS::Request
 				{
 					if (!ConfEntry->ident.empty())
 					{
-						them->WriteNumeric(304, ":Your ident has been set to " + ConfEntry->ident + " because you matched " + reason);
+						them->WriteNumeric(304, "Your ident has been set to " + ConfEntry->ident + " because you matched " + reason);
 						them->ChangeIdent(ConfEntry->ident);
 					}
 
 					if (!ConfEntry->host.empty())
 					{
-						them->WriteNumeric(304, ":Your host has been set to " + ConfEntry->host + " because you matched " + reason);
+						them->WriteNumeric(304, "Your host has been set to " + ConfEntry->host + " because you matched " + reason);
 						them->ChangeDisplayedHost(ConfEntry->host);
 					}
 
@@ -142,7 +152,10 @@ class DNSBLResolver : public DNS::Request
 						ServerInstance->XLines->ApplyLines();
 					}
 					else
+					{
 						delete kl;
+						return;
+					}
 					break;
 				}
 				case DNSBLConfEntry::I_GLINE:
@@ -157,7 +170,10 @@ class DNSBLResolver : public DNS::Request
 						ServerInstance->XLines->ApplyLines();
 					}
 					else
+					{
 						delete gl;
+						return;
+					}
 					break;
 				}
 				case DNSBLConfEntry::I_ZLINE:
@@ -167,12 +183,15 @@ class DNSBLResolver : public DNS::Request
 					if (ServerInstance->XLines->AddLine(zl,NULL))
 					{
 						std::string timestr = InspIRCd::TimeString(zl->expiry);
-						ServerInstance->SNO->WriteGlobalSno('x',"Z:line added due to DNSBL match on *@%s to expire on %s: %s",
+						ServerInstance->SNO->WriteGlobalSno('x',"Z:line added due to DNSBL match on %s to expire on %s: %s",
 							them->GetIPString().c_str(), timestr.c_str(), reason.c_str());
 						ServerInstance->XLines->ApplyLines();
 					}
 					else
+					{
 						delete zl;
+						return;
+					}
 					break;
 				}
 				case DNSBLConfEntry::I_UNKNOWN:
@@ -227,7 +246,12 @@ class ModuleDNSBL : public Module
 		return DNSBLConfEntry::I_UNKNOWN;
 	}
  public:
-	ModuleDNSBL() : DNS(this, "DNS"), nameExt("dnsbl_match", this), countExt("dnsbl_pending", this) { }
+	ModuleDNSBL()
+		: DNS(this, "DNS")
+		, nameExt("dnsbl_match", ExtensionItem::EXT_USER, this)
+		, countExt("dnsbl_pending", ExtensionItem::EXT_USER, this)
+	{
+	}
 
 	Version GetVersion() CXX11_OVERRIDE
 	{
@@ -255,7 +279,7 @@ class ModuleDNSBL : public Module
 			if (tag->getString("type") == "bitmask")
 			{
 				e->type = DNSBLConfEntry::A_BITMASK;
-				e->bitmask = tag->getInt("bitmask");
+				e->bitmask = tag->getInt("bitmask", 0, 0, UINT_MAX);
 			}
 			else
 			{
@@ -310,7 +334,7 @@ class ModuleDNSBL : public Module
 
 	void OnSetUserIP(LocalUser* user) CXX11_OVERRIDE
 	{
-		if ((user->exempt) || (user->client_sa.sa.sa_family != AF_INET) || !DNS)
+		if ((user->exempt) || !DNS)
 			return;
 
 		if (user->MyClass)
@@ -321,13 +345,32 @@ class ModuleDNSBL : public Module
 		else
 			ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "User has no connect class in OnSetUserIP");
 
-		unsigned int a, b, c, d;
-		d = (unsigned int) (user->client_sa.in4.sin_addr.s_addr >> 24) & 0xFF;
-		c = (unsigned int) (user->client_sa.in4.sin_addr.s_addr >> 16) & 0xFF;
-		b = (unsigned int) (user->client_sa.in4.sin_addr.s_addr >> 8) & 0xFF;
-		a = (unsigned int) user->client_sa.in4.sin_addr.s_addr & 0xFF;
+		std::string reversedip;
+		if (user->client_sa.sa.sa_family == AF_INET)
+		{
+			unsigned int a, b, c, d;
+			d = (unsigned int) (user->client_sa.in4.sin_addr.s_addr >> 24) & 0xFF;
+			c = (unsigned int) (user->client_sa.in4.sin_addr.s_addr >> 16) & 0xFF;
+			b = (unsigned int) (user->client_sa.in4.sin_addr.s_addr >> 8) & 0xFF;
+			a = (unsigned int) user->client_sa.in4.sin_addr.s_addr & 0xFF;
+
+			reversedip = ConvToStr(d) + "." + ConvToStr(c) + "." + ConvToStr(b) + "." + ConvToStr(a);
+		}
+		else if (user->client_sa.sa.sa_family == AF_INET6)
+		{
+			const unsigned char* ip = user->client_sa.in6.sin6_addr.s6_addr;
+
+			std::string buf = BinToHex(ip, 16);
+			for (std::string::const_reverse_iterator it = buf.rbegin(); it != buf.rend(); ++it)
+			{
+				reversedip.push_back(*it);
+				reversedip.push_back('.');
+			}
+		}
+		else
+			return;
 
-		const std::string reversedip = ConvToStr(d) + "." + ConvToStr(c) + "." + ConvToStr(b) + "." + ConvToStr(a);
+		ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Reversed IP %s -> %s", user->GetIPString().c_str(), reversedip.c_str());
 
 		countExt.set(user, DNSBLConfEntries.size());
 
@@ -346,7 +389,7 @@ class ModuleDNSBL : public Module
 			catch (DNS::Exception &ex)
 			{
 				delete r;
-				ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, std::string(ex.GetReason()));
+				ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, ex.GetReason());
 			}
 
 			if (user->quitting)
@@ -373,9 +416,9 @@ class ModuleDNSBL : public Module
 		return MOD_RES_PASSTHRU;
 	}
 
-	ModResult OnStats(char symbol, User* user, string_list &results) CXX11_OVERRIDE
+	ModResult OnStats(Stats::Context& stats) CXX11_OVERRIDE
 	{
-		if (symbol != 'd')
+		if (stats.GetSymbol() != 'd')
 			return MOD_RES_PASSTHRU;
 
 		unsigned long total_hits = 0, total_misses = 0;
@@ -385,12 +428,12 @@ class ModuleDNSBL : public Module
 			total_hits += (*i)->stats_hits;
 			total_misses += (*i)->stats_misses;
 
-			results.push_back(ServerInstance->Config->ServerName + " 304 " + user->nick + " :DNSBLSTATS DNSbl \"" + (*i)->name + "\" had " +
+			stats.AddRow(304, "DNSBLSTATS DNSbl \"" + (*i)->name + "\" had " +
 					ConvToStr((*i)->stats_hits) + " hits and " + ConvToStr((*i)->stats_misses) + " misses");
 		}
 
-		results.push_back(ServerInstance->Config->ServerName + " 304 " + user->nick + " :DNSBLSTATS Total hits: " + ConvToStr(total_hits));
-		results.push_back(ServerInstance->Config->ServerName + " 304 " + user->nick + " :DNSBLSTATS Total misses: " + ConvToStr(total_misses));
+		stats.AddRow(304, "DNSBLSTATS Total hits: " + ConvToStr(total_hits));
+		stats.AddRow(304, "DNSBLSTATS Total misses: " + ConvToStr(total_misses));
 
 		return MOD_RES_PASSTHRU;
 	}