X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fusers.cpp;h=d7671de3c8a5a6496cdb26ec1aaebb145a6ba908;hb=2620d1258c6a2c249b9503a7c4a764e26a2da0f3;hp=f487be6dc89ec62f6db41760c0e9c223fcf9061d;hpb=0060869dd57ca0239ef0d1b47c24e5f0ac98898f;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/users.cpp b/src/users.cpp index f487be6dc..d7671de3c 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -2,7 +2,7 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd: (C) 2002-2007 InspIRCd Development Team + * InspIRCd: (C) 2002-2008 InspIRCd Development Team * See: http://www.inspircd.org/wiki/index.php/Credits * * This program is free but copyrighted software; see @@ -11,11 +11,14 @@ * --------------------------------------------------- */ +/* $Core: libIRCDusers */ + #include "inspircd.h" #include #include "socketengine.h" #include "wildcard.h" #include "xline.h" +#include "bancache.h" #include "commands/cmd_whowas.h" static unsigned long already_sent[MAX_DESCRIPTORS] = {0}; @@ -175,9 +178,10 @@ User::User(InspIRCd* Instance, const std::string &uid) : ServerInstance(Instance server = (char*)Instance->FindServerNamePtr(Instance->Config->ServerName); reset_due = ServerInstance->Time(); age = ServerInstance->Time(true); + Penalty = 0; lines_in = lastping = signon = idle_lastmsg = nping = registered = 0; - ChannelCount = timeout = flood = bytes_in = bytes_out = cmds_in = cmds_out = 0; - muted = exempt = haspassed = dns_done = false; + ChannelCount = timeout = bytes_in = bytes_out = cmds_in = cmds_out = 0; + OverPenalty = ExemptFromPenalty = muted = exempt = haspassed = dns_done = false; fd = -1; recvq.clear(); sendq.clear(); @@ -185,6 +189,8 @@ User::User(InspIRCd* Instance, const std::string &uid) : ServerInstance(Instance res_forward = res_reverse = NULL; Visibility = NULL; ip = NULL; + MyClass = NULL; + AllowedOperCommands = NULL; chans.clear(); invites.clear(); memset(modes,0,sizeof(modes)); @@ -206,38 +212,27 @@ User::User(InspIRCd* Instance, const std::string &uid) : ServerInstance(Instance throw CoreException("Duplicate UUID "+std::string(uuid)+" in User constructor"); } -void User::RemoveCloneCounts() +User::~User() { - clonemap::iterator x = ServerInstance->local_clones.find(this->GetIPString()); - if (x != ServerInstance->local_clones.end()) + /* NULL for remote users :) */ + if (this->MyClass) { - x->second--; - if (!x->second) - { - ServerInstance->local_clones.erase(x); - } + this->MyClass->RefCount--; + ServerInstance->Log(DEBUG, "User destructor -- connect refcount now: %u", this->MyClass->RefCount); } - - clonemap::iterator y = ServerInstance->global_clones.find(this->GetIPString()); - if (y != ServerInstance->global_clones.end()) + if (this->AllowedOperCommands) { - y->second--; - if (!y->second) - { - ServerInstance->global_clones.erase(y); - } + delete AllowedOperCommands; + AllowedOperCommands = NULL; } -} -User::~User() -{ this->InvalidateCache(); this->DecrementModes(); if (operquit) free(operquit); if (ip) { - this->RemoveCloneCounts(); + ServerInstance->Users->RemoveCloneCounts(this); if (this->GetProtocolFamily() == AF_INET) { @@ -407,10 +402,6 @@ void User::RemoveInvite(const irc::string &channel) bool User::HasPermission(const std::string &command) { - char* mycmd; - char* savept; - char* savept2; - /* * users on remote servers can completely bypass all permissions based checks. * This prevents desyncs when one server has different type/class tags to another. @@ -427,38 +418,13 @@ bool User::HasPermission(const std::string &command) return false; } - // check their opertype exists (!). This won't affect local users, of course. - opertype_t::iterator iter_opertype = ServerInstance->Config->opertypes.find(this->oper); - if (iter_opertype == ServerInstance->Config->opertypes.end()) - { + if (!AllowedOperCommands) return false; - } - /* XXX all this strtok/strdup stuff is a bit ick and horrid -- w00t */ - char* Classes = strdup(iter_opertype->second); - char* myclass = strtok_r(Classes," ",&savept); - while (myclass) - { - operclass_t::iterator iter_operclass = ServerInstance->Config->operclass.find(myclass); - if (iter_operclass != ServerInstance->Config->operclass.end()) - { - char* CommandList = strdup(iter_operclass->second); - mycmd = strtok_r(CommandList," ",&savept2); - while (mycmd) - { - if ((!strcasecmp(mycmd,command.c_str())) || (*mycmd == '*')) - { - free(Classes); - free(CommandList); - return true; - } - mycmd = strtok_r(NULL," ",&savept2); - } - free(CommandList); - } - myclass = strtok_r(NULL," ",&savept); - } - free(Classes); + if (AllowedOperCommands->find(command) != AllowedOperCommands->end()) + return true; + else if (AllowedOperCommands->find("*") != AllowedOperCommands->end()) + return true; return false; } @@ -484,10 +450,10 @@ bool User::AddBuffer(std::string a) if (a.length()) recvq.append(a); - if (recvq.length() > (unsigned)this->recvqmax) + if (this->MyClass && (recvq.length() > this->MyClass->GetRecvqMax())) { this->SetWriteError("RecvQ exceeded"); - ServerInstance->WriteOpers("*** User %s RecvQ of %d exceeds connect class maximum of %d",this->nick,recvq.length(),this->recvqmax); + ServerInstance->WriteOpers("*** User %s RecvQ of %d exceeds connect class maximum of %d",this->nick,recvq.length(),this->MyClass->GetRecvqMax()); return false; } @@ -515,7 +481,7 @@ std::string User::GetBuffer() { try { - if (!recvq.length()) + if (recvq.empty()) return ""; /* Strip any leading \r or \n off the string. @@ -556,7 +522,7 @@ void User::AddWriteBuf(const std::string &data) if (*this->GetWriteError()) return; - if (sendq.length() + data.length() > (unsigned)this->sendqmax) + if (this->MyClass && (sendq.length() + data.length() > this->MyClass->GetSendqMax())) { /* * Fix by brain - Set the error text BEFORE calling writeopers, because @@ -564,7 +530,7 @@ void User::AddWriteBuf(const std::string &data) * to repeatedly add the text to the sendq! */ this->SetWriteError("SendQ exceeded"); - ServerInstance->WriteOpers("*** User %s SendQ of %d exceeds connect class maximum of %d",this->nick,sendq.length() + data.length(),this->sendqmax); + ServerInstance->WriteOpers("*** User %s SendQ of %d exceeds connect class maximum of %d",this->nick,sendq.length() + data.length(),this->MyClass->GetSendqMax()); return; } @@ -658,8 +624,12 @@ const char* User::GetWriteError() return this->WriteError.c_str(); } -void User::Oper(const std::string &opertype) +void User::Oper(const std::string &opertype, const std::string &opername) { + char* mycmd; + char* savept; + char* savept2; + try { this->modes[UM_OPERATOR] = 1; @@ -668,7 +638,38 @@ void User::Oper(const std::string &opertype) ServerInstance->Log(DEFAULT,"OPER: %s!%s@%s opered as type: %s", this->nick, this->ident, this->host, opertype.c_str()); strlcpy(this->oper, opertype.c_str(), NICKMAX - 1); ServerInstance->all_opers.push_back(this); - FOREACH_MOD(I_OnPostOper,OnPostOper(this, opertype)); + + opertype_t::iterator iter_opertype = ServerInstance->Config->opertypes.find(this->oper); + if (iter_opertype != ServerInstance->Config->opertypes.end()) + { + + if (AllowedOperCommands) + AllowedOperCommands->clear(); + else + AllowedOperCommands = new std::map; + + char* Classes = strdup(iter_opertype->second); + char* myclass = strtok_r(Classes," ",&savept); + while (myclass) + { + operclass_t::iterator iter_operclass = ServerInstance->Config->operclass.find(myclass); + if (iter_operclass != ServerInstance->Config->operclass.end()) + { + char* CommandList = strdup(iter_operclass->second); + mycmd = strtok_r(CommandList," ",&savept2); + while (mycmd) + { + this->AllowedOperCommands->insert(std::make_pair(mycmd, true)); + mycmd = strtok_r(NULL," ",&savept2); + } + free(CommandList); + } + myclass = strtok_r(NULL," ",&savept); + } + free(Classes); + } + + FOREACH_MOD(I_OnPostOper,OnPostOper(this, opertype, opername)); } catch (...) @@ -689,6 +690,12 @@ void User::UnOper() // remove the user from the oper list. Will remove multiple entries as a safeguard against bug #404 ServerInstance->all_opers.remove(this); + + if (AllowedOperCommands) + { + delete AllowedOperCommands; + AllowedOperCommands = NULL; + } } } @@ -700,7 +707,8 @@ void User::UnOper() void User::QuitUser(InspIRCd* Instance, User *user, const std::string &quitreason, const char* operreason) { - user->Write("ERROR :Closing link (%s@%s) [%s]", user->ident, user->host, operreason); + Instance->Log(DEBUG,"QuitUser: %s '%s'", user->nick, quitreason.c_str()); + user->Write("ERROR :Closing link (%s@%s) [%s]", user->ident, user->host, *operreason ? operreason : quitreason.c_str()); user->muted = true; Instance->GlobalCulls.AddItem(user, quitreason.c_str(), operreason); } @@ -717,184 +725,33 @@ void User::AddToWhoWas() } } -/* add a client connection to the sockets list */ -void User::AddClient(InspIRCd* Instance, int socket, int port, bool iscached, int socketfamily, sockaddr* ip) -{ - /* NOTE: Calling this one parameter constructor for User automatically - * allocates a new UUID and places it in the hash_map. - */ - User* New = NULL; - try - { - New = new User(Instance); - } - catch (...) - { - Instance->Log(DEFAULT,"*** WTF *** Duplicated UUID! -- Crack smoking monkies have been unleashed."); - Instance->WriteOpers("*** WARNING *** Duplicate UUID allocated!"); - return; - } - - int j = 0; - - Instance->unregistered_count++; - - char ipaddr[MAXBUF]; -#ifdef IPV6 - if (socketfamily == AF_INET6) - inet_ntop(AF_INET6, &((const sockaddr_in6*)ip)->sin6_addr, ipaddr, sizeof(ipaddr)); - else -#endif - inet_ntop(AF_INET, &((const sockaddr_in*)ip)->sin_addr, ipaddr, sizeof(ipaddr)); - - (*(Instance->clientlist))[New->uuid] = New; - New->SetFd(socket); - - /* The users default nick is their UUID */ - strlcpy(New->nick, New->uuid, NICKMAX - 1); - - New->server = Instance->FindServerNamePtr(Instance->Config->ServerName); - /* We don't need range checking here, we KNOW 'unknown\0' will fit into the ident field. */ - strcpy(New->ident, "unknown"); - - New->registered = REG_NONE; - New->signon = Instance->Time() + Instance->Config->dns_timeout; - New->lastping = 1; - - New->SetSockAddr(socketfamily, ipaddr, port); - - /* Smarter than your average bear^H^H^H^Hset of strlcpys. */ - for (const char* temp = New->GetIPString(); *temp && j < 64; temp++, j++) - New->dhost[j] = New->host[j] = *temp; - New->dhost[j] = New->host[j] = 0; - - Instance->AddLocalClone(New); - Instance->AddGlobalClone(New); - - /* - * First class check. We do this again in FullConnect after DNS is done, and NICK/USER is recieved. - * See my note down there for why this is required. DO NOT REMOVE. :) -- w00t - */ - ConnectClass* i = New->GetClass(); - - if (!i) - { - User::QuitUser(Instance, New, "Access denied by configuration"); - return; - } - - /* - * Check connect class settings and initialise settings into User. - * This will be done again after DNS resolution. -- w00t - */ - New->CheckClass(); - - Instance->local_users.push_back(New); - - if ((Instance->local_users.size() > Instance->Config->SoftLimit) || (Instance->local_users.size() >= MAXCLIENTS)) - { - Instance->WriteOpers("*** Warning: softlimit value has been reached: %d clients", Instance->Config->SoftLimit); - User::QuitUser(Instance, New,"No more connections allowed"); - return; - } - - /* - * XXX - - * this is done as a safety check to keep the file descriptors within range of fd_ref_table. - * its a pretty big but for the moment valid assumption: - * file descriptors are handed out starting at 0, and are recycled as theyre freed. - * therefore if there is ever an fd over 65535, 65536 clients must be connected to the - * irc server at once (or the irc server otherwise initiating this many connections, files etc) - * which for the time being is a physical impossibility (even the largest networks dont have more - * than about 10,000 users on ONE server!) - */ -#ifndef WINDOWS - if ((unsigned int)socket >= MAX_DESCRIPTORS) - { - User::QuitUser(Instance, New, "Server is full"); - return; - } -#endif - - New->exempt = (Instance->XLines->matches_exception(New) != NULL); - if (!New->exempt) - { - ZLine* r = Instance->XLines->matches_zline(ipaddr); - if (r) - { - char reason[MAXBUF]; - if (*Instance->Config->MoronBanner) - New->WriteServ("NOTICE %s :*** %s", New->nick, Instance->Config->MoronBanner); - snprintf(reason,MAXBUF,"Z-Lined: %s",r->reason); - User::QuitUser(Instance, New, reason); - return; - } - } - - if (socket > -1) - { - if (!Instance->SE->AddFd(New)) - { - User::QuitUser(Instance, New, "Internal error handling connection"); - } - } - - /* NOTE: even if dns lookups are *off*, we still need to display this. - * BOPM and other stuff requires it. - */ - New->WriteServ("NOTICE Auth :*** Looking up your hostname..."); -} - -unsigned long User::GlobalCloneCount() -{ - clonemap::iterator x = ServerInstance->global_clones.find(this->GetIPString()); - if (x != ServerInstance->global_clones.end()) - return x->second; - else - return 0; -} - -unsigned long User::LocalCloneCount() -{ - clonemap::iterator x = ServerInstance->local_clones.find(this->GetIPString()); - if (x != ServerInstance->local_clones.end()) - return x->second; - else - return 0; -} - /* * Check class restrictions */ -void User::CheckClass(const std::string &explicit_class) +void User::CheckClass() { - ConnectClass* a = this->GetClass(explicit_class); + ConnectClass* a = this->MyClass; if ((!a) || (a->GetType() == CC_DENY)) { User::QuitUser(ServerInstance, this, "Unauthorised connection"); return; } - else if ((a->GetMaxLocal()) && (this->LocalCloneCount() > a->GetMaxLocal())) + else if ((a->GetMaxLocal()) && (ServerInstance->Users->LocalCloneCount(this) > a->GetMaxLocal())) { User::QuitUser(ServerInstance, this, "No more connections allowed from your host via this connect class (local)"); ServerInstance->WriteOpers("*** WARNING: maximum LOCAL connections (%ld) exceeded for IP %s", a->GetMaxLocal(), this->GetIPString()); return; } - else if ((a->GetMaxGlobal()) && (this->GlobalCloneCount() > a->GetMaxGlobal())) + else if ((a->GetMaxGlobal()) && (ServerInstance->Users->GlobalCloneCount(this) > a->GetMaxGlobal())) { User::QuitUser(ServerInstance, this, "No more connections allowed from your host via this connect class (global)"); ServerInstance->WriteOpers("*** WARNING: maximum GLOBAL connections (%ld) exceeded for IP %s", a->GetMaxGlobal(), this->GetIPString()); return; } - this->pingmax = a->GetPingTime(); this->nping = ServerInstance->Time() + a->GetPingTime() + ServerInstance->Config->dns_timeout; this->timeout = ServerInstance->Time() + a->GetRegTimeout(); - this->flood = a->GetFlood(); - this->threshold = a->GetThreshold(); - this->sendqmax = a->GetSendqMax(); - this->recvqmax = a->GetRecvqMax(); this->MaxChans = a->GetMaxChans(); } @@ -909,42 +766,34 @@ void User::FullConnect() * may put the user into a totally seperate class with different restrictions! so we *must* check again. * Don't remove this! -- w00t */ - this->CheckClass(); + this->SetClass(); /* Check the password, if one is required by the user's connect class. * This CANNOT be in CheckClass(), because that is called prior to PASS as well! */ - if ((!this->GetClass()->GetPass().empty()) && (!this->haspassed)) + if (this->MyClass && !this->MyClass->GetPass().empty() && !this->haspassed) { User::QuitUser(ServerInstance, this, "Invalid password"); return; } - + if (!this->exempt) { - GLine* r = ServerInstance->XLines->matches_gline(this); + GLine *r = (GLine *)ServerInstance->XLines->MatchesLine("G", this); if (r) { this->muted = true; - char reason[MAXBUF]; - if (*ServerInstance->Config->MoronBanner) - this->WriteServ("NOTICE %s :*** %s", this->nick, ServerInstance->Config->MoronBanner); - snprintf(reason,MAXBUF,"G-Lined: %s",r->reason); - User::QuitUser(ServerInstance, this, reason); + r->Apply(this); return; } - KLine* n = ServerInstance->XLines->matches_kline(this); + KLine *n = (KLine *)ServerInstance->XLines->MatchesLine("K", this); if (n) { this->muted = true; - char reason[MAXBUF]; - if (*ServerInstance->Config->MoronBanner) - this->WriteServ("NOTICE %s :*** %s", this, ServerInstance->Config->MoronBanner); - snprintf(reason,MAXBUF,"K-Lined: %s",n->reason); - User::QuitUser(ServerInstance, this, reason); + n->Apply(this); return; } } @@ -983,6 +832,9 @@ void User::FullConnect() FOREACH_MOD(I_OnPostConnect,OnPostConnect(this)); ServerInstance->SNO->WriteToSnoMask('c',"Client connecting on port %d: %s!%s@%s [%s] [%s]", this->GetPort(), this->nick, this->ident, this->host, this->GetIPString(), this->fullname); + + ServerInstance->Log(DEBUG, "BanCache: Adding NEGATIVE hit for %s", this->GetIPString()); + ServerInstance->BanCache->AddHit(this->GetIPString(), "", ""); } /** User::UpdateNick() @@ -1045,7 +897,7 @@ bool User::ForceNickChange(const char* newnick) return false; } - if (ServerInstance->XLines->matches_qline(newnick)) + if (ServerInstance->XLines->MatchesLine("Q",newnick)) { ServerInstance->stats->statsCollisions++; return false; @@ -1139,6 +991,10 @@ int User::GetProtocolFamily() return sin->sin_family; } +/* + * XXX the duplication here is horrid.. + * do we really need two methods doing essentially the same thing? + */ const char* User::GetIPString() { static char buf[1024]; @@ -1179,48 +1035,6 @@ const char* User::GetIPString() return ""; } -const char* User::GetIPString(char* buf) -{ - if (this->ip == NULL) - { - *buf = 0; - return buf; - } - - switch (this->GetProtocolFamily()) - { -#ifdef SUPPORT_IP6LINKS - case AF_INET6: - { - static char temp[1024]; - - sockaddr_in6* sin = (sockaddr_in6*)this->ip; - inet_ntop(sin->sin6_family, &sin->sin6_addr, buf, sizeof(buf)); - /* IP addresses starting with a : on irc are a Bad Thing (tm) */ - if (*buf == ':') - { - strlcpy(&temp[1], buf, sizeof(temp) - 1); - *temp = '0'; - strlcpy(buf, temp, sizeof(temp)); - } - return buf; - } - break; -#endif - case AF_INET: - { - sockaddr_in* sin = (sockaddr_in*)this->ip; - inet_ntop(sin->sin_family, &sin->sin_addr, buf, sizeof(buf)); - return buf; - } - break; - - default: - break; - } - return ""; -} - /** NOTE: We cannot pass a const reference to this method. * The string is changed by the workings of the method, * so that if we pass const ref, we end up copying it to @@ -1725,40 +1539,94 @@ unsigned int User::GetMaxChans() return this->MaxChans; } -/* looks up a users password for their connection class (/ tags) + +/* + * Sets a user's connection class. + * If the class name is provided, it will be used. Otherwise, the class will be guessed using host/ip/ident/etc. * NOTE: If the or tag specifies an ip, and this user resolves, * then their ip will be taken as 'priority' anyway, so for example, * will match joe!bloggs@localhost */ -ConnectClass* User::GetClass(const std::string &explicit_name) +ConnectClass* User::SetClass(const std::string &explicit_name) { + ConnectClass *found = NULL; + + if (!IS_LOCAL(this)) + return NULL; + if (!explicit_name.empty()) { for (ClassVector::iterator i = ServerInstance->Config->Classes.begin(); i != ServerInstance->Config->Classes.end(); i++) { - if (explicit_name == i->GetName()) - return &(*i); + ConnectClass* c = *i; + + if (explicit_name == c->GetName() && !c->GetDisabled()) + { + found = c; + } } } else { for (ClassVector::iterator i = ServerInstance->Config->Classes.begin(); i != ServerInstance->Config->Classes.end(); i++) { - if (((match(this->GetIPString(),i->GetHost().c_str(),true)) || (match(this->host,i->GetHost().c_str())))) + ConnectClass* c = *i; + + if (((match(this->GetIPString(),c->GetHost().c_str(),true)) || (match(this->host,c->GetHost().c_str())))) { - if (i->GetPort()) + if (c->GetPort()) { - if (this->GetPort() == i->GetPort()) - return &(*i); + if (this->GetPort() == c->GetPort() && !c->GetDisabled()) + { + found = c; + } else continue; } else - return &(*i); + { + if (!c->GetDisabled()) + found = c; + } } } } - return NULL; + + /* ensure we don't fuck things up refcount wise, only remove them from a class if we find a new one :P */ + if (found) + { + /* deny change if change will take class over the limit */ + if (found->limit && (found->RefCount + 1 >= found->limit)) + { + ServerInstance->Log(DEBUG, "OOPS: Connect class limit (%u) hit, denying", found->limit); + return this->MyClass; + } + + /* should always be valid, but just in case .. */ + if (this->MyClass) + { + if (found == this->MyClass) // no point changing this shit :P + return this->MyClass; + this->MyClass->RefCount--; + ServerInstance->Log(DEBUG, "Untying user from connect class -- refcount: %u", this->MyClass->RefCount); + } + + this->MyClass = found; + this->MyClass->RefCount++; + ServerInstance->Log(DEBUG, "User tied to new class -- connect refcount now: %u", this->MyClass->RefCount); + } + + return this->MyClass; +} + +/* looks up a users password for their connection class (/ tags) + * NOTE: If the or tag specifies an ip, and this user resolves, + * then their ip will be taken as 'priority' anyway, so for example, + * will match joe!bloggs@localhost + */ +ConnectClass* User::GetClass() +{ + return this->MyClass; } void User::PurgeEmptyChannels() @@ -1790,7 +1658,7 @@ void User::PurgeEmptyChannels() if (i2 != ServerInstance->chanlist->end()) { FOREACH_MOD(I_OnChannelDelete,OnChannelDelete(i2->second)); - DELETE(i2->second); + delete i2->second; ServerInstance->chanlist->erase(i2); this->chans.erase(*n); } @@ -1879,6 +1747,16 @@ const char* User::GetOperQuit() return operquit ? operquit : ""; } +void User::IncreasePenalty(int increase) +{ + this->Penalty += increase; +} + +void User::DecreasePenalty(int decrease) +{ + this->Penalty -= decrease; +} + VisData::VisData() { }