From f4a4901fee693791493c340fd380658a24d4cf26 Mon Sep 17 00:00:00 2001 From: brain Date: Sun, 6 Aug 2006 16:09:29 +0000 Subject: Support CIDR, CIDR zline, /oper and CIDR tags. NOTE: With CIDR oper, ident field is not supported (yet) git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@4732 e03df62e-2008-0410-955e-edbf42e46eb7 --- include/socket.h | 1 + include/wildcard.h | 1 + src/cmd_oper.cpp | 6 ++-- src/commands.cpp | 2 +- src/helperfuncs.cpp | 2 +- src/inspircd.cpp | 14 ++++----- src/modules/extra/m_sqloper.cpp | 4 +-- src/socket.cpp | 64 +++++++++++++++++++++++++++++++++++++++-- src/users.cpp | 2 +- src/wildcard.cpp | 7 +++++ src/xline.cpp | 4 +-- 11 files changed, 88 insertions(+), 19 deletions(-) diff --git a/include/socket.h b/include/socket.h index 399f84397..2dcece906 100644 --- a/include/socket.h +++ b/include/socket.h @@ -50,6 +50,7 @@ typedef struct in_addr insp_inaddr; #endif bool MatchCIDRBits(unsigned char* address, unsigned char* mask, unsigned int mask_bits); +bool MatchCIDR(const char* address, const char* cidr_mask); const char* insp_ntoa(insp_inaddr n); int insp_aton(const char* a, insp_inaddr* n); diff --git a/include/wildcard.h b/include/wildcard.h index 936bd9e23..02bc6342c 100644 --- a/include/wildcard.h +++ b/include/wildcard.h @@ -17,4 +17,5 @@ #include "inspircd_config.h" bool match(const char* str, const char* mask); +bool match(const char *str, const char *mask, bool use_cidr_match); diff --git a/src/cmd_oper.cpp b/src/cmd_oper.cpp index 310c91266..fd71b8694 100644 --- a/src/cmd_oper.cpp +++ b/src/cmd_oper.cpp @@ -43,14 +43,14 @@ extern ModuleList modules; extern FactoryList factory; extern time_t TIME; -bool OneOfMatches(const char* host, const char* hostlist) +bool OneOfMatches(const char* host, const char* ip, const char* hostlist) { std::stringstream hl(hostlist); std::string xhost; while (hl >> xhost) { log(DEBUG,"Oper: Matching host %s",xhost.c_str()); - if (match(host,xhost.c_str())) + if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true)) { return true; } @@ -79,7 +79,7 @@ void cmd_oper::Handle (const char** parameters, int pcnt, userrec *user) Config->ConfValue(Config->config_data, "oper", "type", i, OperType, MAXBUF); Config->ConfValue(Config->config_data, "oper", "host", i, HostName, MAXBUF); - if ((!strcmp(LoginName,parameters[0])) && (!operstrcmp(Password,parameters[1])) && (OneOfMatches(TheHost,HostName))) + if ((!strcmp(LoginName,parameters[0])) && (!operstrcmp(Password,parameters[1])) && (OneOfMatches(TheHost,user->GetIPString(),HostName))) { fail2 = true; for (j =0; j < Config->ConfValueEnum(Config->config_data, "type"); j++) diff --git a/src/commands.cpp b/src/commands.cpp index 427633ef4..2e4ae0d8f 100644 --- a/src/commands.cpp +++ b/src/commands.cpp @@ -239,7 +239,7 @@ bool ip_matches_everyone(const std::string &ip, userrec* user) for (user_hash::iterator u = clientlist.begin(); u != clientlist.end(); u++) { - if (match(u->second->GetIPString(),ip.c_str())) + if (match(u->second->GetIPString(),ip.c_str(),true)) matches++; } diff --git a/src/helperfuncs.cpp b/src/helperfuncs.cpp index 9ba9d7b39..1ebf89008 100644 --- a/src/helperfuncs.cpp +++ b/src/helperfuncs.cpp @@ -1405,7 +1405,7 @@ ConnectClass GetClass(userrec *user) { for (ClassVector::iterator i = Config->Classes.begin(); i != Config->Classes.end(); i++) { - if ((match(user->GetIPString(),i->host.c_str())) || (match(user->host,i->host.c_str()))) + if ((match(user->GetIPString(),i->host.c_str(),true)) || (match(user->host,i->host.c_str()))) { return *i; } diff --git a/src/inspircd.cpp b/src/inspircd.cpp index 09cd74d69..a2b4e0d92 100644 --- a/src/inspircd.cpp +++ b/src/inspircd.cpp @@ -940,13 +940,13 @@ int InspIRCd::Run() int main(int argc, char** argv) { - - unsigned char addr[] = {0xCC,0xAA,0xCC,0xAA}; - unsigned char mask[] = {0xCC,0xAA,0xC0,0xAA}; - - printf("%d",MatchCIDRBits(addr, mask, 20)); - - exit(0); + /* This is a MatchCIDR() test suite - + printf("Should be 0: %d\n",MatchCIDR("127.0.0.1","1.2.3.4/8")); + printf("Should be 1: %d\n",MatchCIDR("127.0.0.1","127.0.0.0/8")); + printf("Should be 1: %d\n",MatchCIDR("127.0.0.1","127.0.0.0/18")); + printf("Should be 0: %d\n",MatchCIDR("3ffe::0","2fc9::0/16")); + printf("Should be 1: %d\n",MatchCIDR("3ffe:1:3::0", "3ffe:1::0/32")); + exit(0); */ try { diff --git a/src/modules/extra/m_sqloper.cpp b/src/modules/extra/m_sqloper.cpp index 191753e66..81f22eca6 100644 --- a/src/modules/extra/m_sqloper.cpp +++ b/src/modules/extra/m_sqloper.cpp @@ -223,10 +223,10 @@ public: std::string hostname(user->ident); hostname.append("@").append(user->host); - if((tname == type) && OneOfMatches(hostname.c_str(), pattern.c_str())) + if((tname == type) && OneOfMatches(hostname.c_str(), user->GetIPString(), pattern.c_str())) { /* Opertype and host match, looks like this is it. */ - log(DEBUG, "Host (%s matched %s) and type (%s)", pattern.c_str(), hostname.c_str(), type.c_str()); + log(DEBUG, "Host (%s matched %s OR %s) and type (%s)", pattern.c_str(), hostname.c_str(), user->GetIPString(), type.c_str()); std::string operhost = Conf.ReadValue("type", "host", j); diff --git a/src/socket.cpp b/src/socket.cpp index 41c4fd1ca..14fe580ad 100644 --- a/src/socket.cpp +++ b/src/socket.cpp @@ -41,8 +41,8 @@ char inverted_bits[8] = { 0x00, /* 00000000 - 0 bits */ bool MatchCIDRBits(unsigned char* address, unsigned char* mask, unsigned int mask_bits) { - unsigned int modulus = mask_bits & 0x07; /* Number of whole bytes in the mask */ - unsigned int divisor = mask_bits >> 0x04; /* Remaining bits in the mask after whole bytes are dealt with */ + unsigned int modulus = mask_bits % 8; /* Number of whole bytes in the mask */ + unsigned int divisor = mask_bits / 8; /* Remaining bits in the mask after whole bytes are dealt with */ /* First compare the whole bytes, if they dont match, return false */ if (memcmp(address, mask, divisor)) @@ -58,6 +58,66 @@ bool MatchCIDRBits(unsigned char* address, unsigned char* mask, unsigned int mas return true; } +bool MatchCIDR(const char* address, const char* cidr_mask) +{ + unsigned char addr_raw[16]; + unsigned char mask_raw[16]; + unsigned int bits = 0; + char* mask = strdup(cidr_mask); + + in_addr address_in4; + in_addr mask_in4; + + char* bits_chars = strchr(mask,'/'); + + if (bits_chars) + { + bits = atoi(bits_chars + 1); + *bits_chars = 0; + } + +#ifdef SUPPORT_IP6LINKS + in6_addr address_in6; + in6_addr mask_in6; + + if (inet_pton(AF_INET6, address, &address_in6) > 0) + { + if (inet_pton(AF_INET6, mask, &mask_in6) > 0) + { + memcpy(&addr_raw, &address_in6.s6_addr, 16); + memcpy(&mask_raw, &mask_in6.s6_addr, 16); + } + else + { + free(mask); + return false; + } + } + else +#endif + if (inet_pton(AF_INET, address, &address_in4) > 0) + { + if (inet_pton(AF_INET, mask, &mask_in4) > 0) + { + memcpy(&addr_raw, &address_in4.s_addr, 4); + memcpy(&mask_raw, &mask_in4.s_addr, 4); + } + else + { + free(mask); + return false; + } + } + else + { + free(mask); + return false; + } + + free(mask); + return MatchCIDRBits(addr_raw, mask_raw, bits); +} + /** This will bind a socket to a port. It works for UDP/TCP. * It can only bind to IP addresses, if you wish to bind to hostnames * you should first resolve them using class 'Resolver'. diff --git a/src/users.cpp b/src/users.cpp index 7ed5e2fd6..c02dbd4ab 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -844,7 +844,7 @@ void AddClient(int socket, int port, bool iscached, insp_inaddr ip) for (ClassVector::iterator i = Config->Classes.begin(); i != Config->Classes.end(); i++) { - if ((i->type == CC_ALLOW) && (match(ipaddr,i->host.c_str()))) + if ((i->type == CC_ALLOW) && (match(ipaddr,i->host.c_str(),true))) { class_regtimeout = (unsigned long)i->registration_timeout; class_flood = i->flood; diff --git a/src/wildcard.cpp b/src/wildcard.cpp index aa9f52102..3b4554f0f 100644 --- a/src/wildcard.cpp +++ b/src/wildcard.cpp @@ -83,3 +83,10 @@ bool match(const char *str, const char *mask) return !*wild; } +/* Overloaded function that has the option of using cidr */ +bool match(const char *str, const char *mask, bool use_cidr_match) +{ + if (use_cidr_match && MatchCIDR(str, mask)) + return true; + return match(str, mask); +} diff --git a/src/xline.cpp b/src/xline.cpp index 7970f977e..32619b18c 100644 --- a/src/xline.cpp +++ b/src/xline.cpp @@ -558,10 +558,10 @@ char* matches_zline(const char* ipaddr) if ((zlines.empty()) && (pzlines.empty())) return NULL; for (std::vector::iterator i = zlines.begin(); i != zlines.end(); i++) - if (match(ipaddr,i->ipaddr)) + if (match(ipaddr,i->ipaddr,true)) return i->reason; for (std::vector::iterator i = pzlines.begin(); i != pzlines.end(); i++) - if (match(ipaddr,i->ipaddr)) + if (match(ipaddr,i->ipaddr,true)) return i->reason; return NULL; } -- cgit v1.2.3