X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fusers.cpp;h=1955c90295bea651cdce870dcda06ec8e93a5c8e;hb=9bc8b2602426e187c4c5ba6ff0fad0641155357a;hp=5116b3e5f86235dae9afbd9e7c8924e35ba9a20f;hpb=f2c88404376249c34436c1de286e42e76e2c6c47;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/users.cpp b/src/users.cpp index 5116b3e5f..1955c9029 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -900,27 +900,12 @@ void userrec::AddClient(InspIRCd* Instance, int socket, int port, bool iscached, Instance->AddLocalClone(New); Instance->AddGlobalClone(New); + /* + * First class check. We do this again in FullConnect after DNS is done, and NICK/USER is recieved. + * See my note down there for why this is required. DO NOT REMOVE. :) -- w00t + */ ConnectClass* i = New->GetClass(); - - if ((!i) || (i->GetType() == CC_DENY)) - { - userrec::QuitUser(Instance, New,"Unauthorised connection"); - return; - } - - /* fix: do maxperlocal/global IP here, not on full connect to stop fd exhaustion attempts */ - if ((i->GetMaxLocal()) && (New->LocalCloneCount() > i->GetMaxLocal())) - { - userrec::QuitUser(Instance, New, "No more connections allowed from your host via this connect class (local)"); - Instance->WriteOpers("*** WARNING: maximum LOCAL connections (%ld) exceeded for IP %s", i->GetMaxLocal(), New->GetIPString()); - return; - } - else if ((i->GetMaxGlobal()) && (New->GlobalCloneCount() > i->GetMaxGlobal())) - { - userrec::QuitUser(Instance, New, "No more connections allowed from your host via this connect class (global)"); - Instance->WriteOpers("*** WARNING: maximum GLOBAL connections (%ld) exceeded for IP %s",i->GetMaxGlobal(), New->GetIPString()); - return; - } + New->CheckClass(); New->pingmax = i->GetPingTime(); New->nping = Instance->Time() + i->GetPingTime() + Instance->Config->dns_timeout; @@ -1001,27 +986,58 @@ unsigned long userrec::LocalCloneCount() return 0; } -void userrec::FullConnect() +/* + * Check class restrictions + */ +void userrec::CheckClass() { - ServerInstance->stats->statsConnects++; - this->idle_lastmsg = ServerInstance->Time(); - ConnectClass* a = this->GetClass(); if ((!a) || (a->GetType() == CC_DENY)) { - this->muted = true; - ServerInstance->GlobalCulls.AddItem(this,"Unauthorised connection"); + userrec::QuitUser(ServerInstance, this, "Unauthorised connection"); return; } if ((!a->GetPass().empty()) && (!this->haspassed)) { - this->muted = true; - ServerInstance->GlobalCulls.AddItem(this,"Invalid password"); + userrec::QuitUser(ServerInstance, this, "Invalid password"); return; } + if ((!a) || (a->GetType() == CC_DENY)) + { + userrec::QuitUser(ServerInstance, this,"Unauthorised connection"); + return; + } + + if ((a->GetMaxLocal()) && (this->LocalCloneCount() > a->GetMaxLocal())) + { + userrec::QuitUser(ServerInstance, this, "No more connections allowed from your host via this connect class (local)"); + ServerInstance->WriteOpers("*** WARNING: maximum LOCAL connections (%ld) exceeded for IP %s", a->GetMaxLocal(), this->GetIPString()); + return; + } + else if ((a->GetMaxGlobal()) && (this->GlobalCloneCount() > a->GetMaxGlobal())) + { + userrec::QuitUser(ServerInstance, this, "No more connections allowed from your host via this connect class (global)"); + ServerInstance->WriteOpers("*** WARNING: maximum GLOBAL connections (%ld) exceeded for IP %s", a->GetMaxGlobal(), this->GetIPString()); + return; + } +} + +void userrec::FullConnect() +{ + ServerInstance->stats->statsConnects++; + this->idle_lastmsg = ServerInstance->Time(); + + /* + * You may be thinking "wtf, we checked this in userrec::AddClient!" - and yes, we did, BUT. + * At the time AddClient is called, we don't have a resolved host, by here we probably do - which + * may put the user into a totally seperate class with different restrictions! so we *must* check again. + * Don't remove this! -- w00t + */ + this->CheckClass(); + if (!this->exempt) { GLine* r = ServerInstance->XLines->matches_gline(this);