Changeset 731 for branches


Ignore:
Timestamp:
05/12/06 03:35:50 (6 years ago)
Author:
wd
Message:
  • Remove long useless fizzer drone module.
  • Update ACL API to make matching ACLs much stricter.
Location:
branches/ithildin-1.1/modules/ircd
Files:
1 deleted
5 edited

Legend:

Unmodified
Added
Removed

  • branches/ithildin-1.1/modules/ircd/addons/acl.c

    r730 r731  
    2626 * CIDR mask, or something else) */ 
    2727#define ACL_DEFAULT_HASH 0 
    28 /* the default rule at which inserts happen */ 
    29 #define ACL_DEFAULT_RULE 1000 
    30 #define ACL_DEFAULT_CONF_RULE 2000 
    3128 
    3229/* function prototypes */ 
     
    3633XINFO_FUNC(xinfo_acl_handler); 
    3734 
    38 /* create an acl structure with the given definition (or find one if it exists 
    39  * already) and add it in to the system.  ACLs are equivalent for our purposes 
    40  * if they are in the same stage and have the same host-pattern.  It doesn't 
    41  * make sense to have an accept for a host and a deny for host (with the 
    42  * exception that hosts which have a password are considered different enough 
    43  * to be left alone. */ 
    44 acl_t *create_acl(int stage, int acc, char *host, const char *type) { 
     35/* Create an ACL with the given data.  We will override ACLs that are 
     36 * similar enough to ourself (same stage/host/access/rule#) unless they have 
     37 * special parameter data (such as passwords or 'info line' bans) */ 
     38acl_t *create_acl(int stage, int acc, char *host, const char *type, int rule) { 
    4539    acl_t *ap, *ap2; 
    4640    char *at, hostcopy[USERLEN + HOSTLEN + 2]; 
    4741    struct acl_list *list; 
    4842     
    49     if ((ap = find_acl(stage, host, type, NULL, NULL)) != NULL) { 
    50         if ((ap->pass != NULL && (ap->access != acc)) || ap->info != NULL) 
    51             ap = NULL; /* if it has a password, don't trample it unless we are 
    52                           adding another rule with a password and the same 
    53                           access.  if it has an info field, don't trample it at 
    54                           all. */ 
     43    /* look for an ACL in this stage from the same hostname and with the 
     44     * same access and rule number.  If we find one we will delete it unless 
     45     * it has an info-line, in which case we will leave it alone.  (This is 
     46     * sort of a broken concession to not having a create command which 
     47     * takes that information...) */ 
     48    if ((ap = find_acl(stage, acc, host, type, rule, NULL, NULL)) != NULL) { 
     49        if (ap->info != NULL) 
     50            ap = NULL; 
    5551    } 
    5652 
     
    7874     
    7975    /* add them into the big list... */ 
    80     ap->rule = acl.default_rule; 
     76    if (rule == ACL_DEFAULT_RULE) 
     77        ap->rule = acl.default_rule; 
     78    else 
     79        ap->rule = (short)rule; 
    8180    ap->hash = get_acl_hash(ap->host); 
    8281 
     
    154153/* this function finds an ACL based on stage/host/type, and possibly based on 
    155154 * the pass/info parameters. */ 
    156 acl_t *find_acl(int stage, char *hostmask, const char *type, char *pass, 
    157         char *info) { 
     155acl_t *find_acl(int stage, int acc, char *hostmask, const char *type, 
     156        int rule, char *pass, char *info) { 
    158157    struct acl_list *list; 
    159158    char *at, hostcopy[USERLEN + HOSTLEN + 2], user[USERLEN + 1]; 
     
    182181    /* now try and find them in the bucket. */ 
    183182    LIST_FOREACH(ap, list, intlp) { 
     183        if (acc != ACL_ACCESS_ANY && ap->access != acc) 
     184            continue; 
     185        if (rule != ACL_ANY_RULE && ap->rule != rule) 
     186            continue; 
     187 
    184188        if (!strcasecmp(ap->user, user) && !strcasecmp(ap->host, host) && 
    185189                !strcasecmp(ap->type, type) && 
     
    457461} 
    458462 
     463/* These two are the defaults for runtime and configured rule numbers, 
     464 * respectively. */ 
     465#define ACLCONF_DEFAULT_RULE 1000 
     466#define ACLCONF_DEFAULT_CONF_RULE 2000 
    459467HOOK_FUNCTION(acl_conf_hook) { 
    460468    conf_entry_t *cep; 
     
    465473    char redirect[SERVLEN + 1]; 
    466474    class_t *cls; 
    467     int odr, rn, dcr; /* Old Default Rule, Rule Number, Default Conf Rule */ 
     475    int rule; 
     476    int default_rule; /* default rule for config entries */ 
    468477 
    469478    /* remove anything that points to a conf.  usually this will only be 
     
    480489    /* see about setting the default rule number.. */ 
    481490    if ((s = conf_find_entry("default-acl-rule", *ircd.confhead, 1)) != NULL) 
    482         acl.default_rule = str_conv_int(s, ACL_DEFAULT_RULE); 
     491        acl.default_rule = str_conv_int(s, ACLCONF_DEFAULT_RULE); 
    483492    else 
    484         acl.default_rule = ACL_DEFAULT_RULE; 
     493        acl.default_rule = ACLCONF_DEFAULT_RULE; 
    485494    if ((s = conf_find_entry("default-acl-conf-rule", *ircd.confhead, 1)) != 
    486495            NULL) 
    487         dcr = str_conv_int(s, ACL_DEFAULT_CONF_RULE); 
     496        default_rule = str_conv_int(s, ACLCONF_DEFAULT_CONF_RULE); 
    488497    else 
    489         dcr = ACL_DEFAULT_CONF_RULE; 
     498        default_rule = ACLCONF_DEFAULT_CONF_RULE; 
    490499 
    491500    /* now read through the conf looking for ACLs, as we find them parse and 
     
    496505    while ((cep = conf_find_next("acl", NULL, CONF_TYPE_LIST, cep, 
    497506                    *ircd.confhead, 1)) != NULL) { 
    498         rn = dcr; 
     507        rule = default_rule; 
    499508        if (cep->string != NULL) 
    500             rn = str_conv_int(cep->string, -1); 
    501         if (rn < 0 || rn > USHRT_MAX) { 
    502             log_warn("got acl with bogus rule number (%d)", rn); 
    503             rn = dcr; 
     509            rule = str_conv_int(cep->string, -1); 
     510        if (rule < 0 || rule > USHRT_MAX) { 
     511            log_warn("got acl with bogus rule number (%d)", rule); 
     512            rule = default_rule; 
    504513        } 
    505514 
     
    566575         * add the acl.  yikes!  Use this macro to make life a bit easier. */ 
    567576#define ACL_PARSE_ADD(_host) do {                                             \ 
    568         odr = acl.default_rule;                                               \ 
    569         acl.default_rule = rn;                                                \ 
    570         ap = create_acl(stg, acc, _host, "acl");                              \ 
    571         acl.default_rule = odr;                                               \ 
     577        ap = create_acl(stg, acc, _host, "acl", rule);                        \ 
    572578        ap->conf = clp;                                                       \ 
    573579        ap->cls = cls;                                                        \ 

  • branches/ithildin-1.1/modules/ircd/addons/acl.h

    r729 r731  
    1616#define ACL_STAGE_REGISTER 3 
    1717    int     stage;                  /* one of 1, 2, or 3 */ 
     18#define ACL_ACCESS_ANY -1 
    1819#define ACL_DENY 0 
    1920#define ACL_ALLOW 1 
     
    6364} acl; 
    6465 
    65 acl_t *create_acl(int, int, char *, const char *); 
    66 acl_t *find_acl(int, char *, const char *, char *, char *); 
     66#define ACL_ANY_RULE -1 
     67#define ACL_DEFAULT_RULE -2 
     68acl_t *create_acl(int, int, char *, const char *, int); 
     69acl_t *find_acl(int, int, char *, const char *, int, char *, char *); 
    6770void destroy_acl(acl_t *); 
    6871void acl_add_timer(acl_t *, time_t); 

  • branches/ithildin-1.1/modules/ircd/addons/throttle.c

    r664 r731  
    164164 
    165165    if (tp->banned + len >= me.now)  { 
    166         if ((ap = find_acl(ACL_STAGE_CONNECT, cp->host, throttle_acl_type, 
    167                         NULL, NULL)) == NULL) { 
     166        if ((ap = find_acl(ACL_STAGE_CONNECT, ACL_DENY, cp->host, 
     167                        throttle_acl_type, NULL, NULL)) == NULL) { 
    168168            ap = create_acl(ACL_STAGE_CONNECT, ACL_DENY, cp->host, 
    169                     throttle_acl_type); 
     169                    throttle_acl_type, ACL_DEFAULT_RULE); 
    170170            ap->reason = strdup(THROTTLE_ERRMSG); 
    171171        } 

  • branches/ithildin-1.1/modules/ircd/commands/acl.c

    r586 r731  
    228228 
    229229    /* see if it exists */ 
    230     ap = find_acl(stage, mask, type, NULL, NULL); 
     230    ap = find_acl(stage, acc, mask, type, ACL_DEFAULT_RULE, NULL, NULL); 
    231231 
    232232    /* are we adding..? */ 
     
    238238        } 
    239239 
    240         ap = create_acl(stage, acc, mask, type); 
     240        ap = create_acl(stage, acc, mask, type, ACL_DEFAULT_RULE); 
    241241        ap->reason = strdup(reason); 
    242242        /* if the expire time is non-zero, set a conf to 0x1 so it will get 

  • branches/ithildin-1.1/modules/ircd/commands/akill.c

    r706 r731  
    187187 
    188188    if (op == ACL_ADD) { 
    189         ap = create_acl(stage, ACL_DENY, mask, type); 
     189        ap = create_acl(stage, ACL_DENY, mask, type, ACL_DEFAULT_RULE); 
    190190        ap->conf = ACL_CONF_TEMP; 
    191191        if (expire) 
     
    198198        acl_force_check(ap->stage, ap, srv->name, false); 
    199199    } else if (op == ACL_DEL) { 
    200         if ((ap = find_acl(stage, mask, type, NULL, info))) 
     200        if ((ap = find_acl(stage, ACL_DENY, mask, type, ACL_DEFAULT_RULE, NULL, info))) 
    201201            destroy_acl(ap); 
    202202    } 
Note: See TracChangeset for help on using the changeset viewer.