newconf: deprecate blacklist{} blocks, replace with dnsbl{} blocks.

This commit is contained in:
Ariadne Conill 2020-07-05 21:07:33 -06:00
parent 3321eef45a
commit 7f24f506e0

View file

@ -55,10 +55,10 @@ static struct oper_conf *yy_oper = NULL;
static struct alias_entry *yy_alias = NULL; static struct alias_entry *yy_alias = NULL;
static char *yy_blacklist_host = NULL; static char *yy_dnsbl_entry_host = NULL;
static char *yy_blacklist_reason = NULL; static char *yy_dnsbl_entry_reason = NULL;
static uint8_t yy_blacklist_iptype = 0; static uint8_t yy_dnsbl_entry_iptype = 0;
static rb_dlink_list yy_blacklist_filters = { NULL, NULL, 0 }; static rb_dlink_list yy_dnsbl_entry_filters = { NULL, NULL, 0 };
static char *yy_opm_address_ipv4 = NULL; static char *yy_opm_address_ipv4 = NULL;
static char *yy_opm_address_ipv6 = NULL; static char *yy_opm_address_ipv6 = NULL;
@ -1903,57 +1903,64 @@ conf_set_channel_autochanmodes(void *data)
} }
/* XXX for below */ /* XXX for below */
static void conf_set_blacklist_reason(void *data); static void conf_set_dnsbl_entry_reason(void *data);
#define IPTYPE_IPV4 1 #define IPTYPE_IPV4 1
#define IPTYPE_IPV6 2 #define IPTYPE_IPV6 2
static void static int
conf_set_blacklist_host(void *data) conf_warn_blacklist_deprecation(struct TopConf *tc)
{ {
if (yy_blacklist_host) conf_report_error("blacklist{} blocks have been deprecated -- use dnsbl{} blocks instead.");
{ return 0;
conf_report_error("blacklist::host %s overlaps existing host %s",
(char *)data, yy_blacklist_host);
/* Cleanup */
conf_set_blacklist_reason(NULL);
return;
}
yy_blacklist_iptype |= IPTYPE_IPV4;
yy_blacklist_host = rb_strdup(data);
} }
static void static void
conf_set_blacklist_type(void *data) conf_set_dnsbl_entry_host(void *data)
{
if (yy_dnsbl_entry_host)
{
conf_report_error("dnsbl::host %s overlaps existing host %s",
(char *)data, yy_dnsbl_entry_host);
/* Cleanup */
conf_set_dnsbl_entry_reason(NULL);
return;
}
yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
yy_dnsbl_entry_host = rb_strdup(data);
}
static void
conf_set_dnsbl_entry_type(void *data)
{ {
conf_parm_t *args = data; conf_parm_t *args = data;
/* Don't assume we have either if we got here */ /* Don't assume we have either if we got here */
yy_blacklist_iptype = 0; yy_dnsbl_entry_iptype = 0;
for (; args; args = args->next) for (; args; args = args->next)
{ {
if (!rb_strcasecmp(args->v.string, "ipv4")) if (!rb_strcasecmp(args->v.string, "ipv4"))
yy_blacklist_iptype |= IPTYPE_IPV4; yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
else if (!rb_strcasecmp(args->v.string, "ipv6")) else if (!rb_strcasecmp(args->v.string, "ipv6"))
yy_blacklist_iptype |= IPTYPE_IPV6; yy_dnsbl_entry_iptype |= IPTYPE_IPV6;
else else
conf_report_error("blacklist::type has unknown address family %s", conf_report_error("dnsbl::type has unknown address family %s",
args->v.string); args->v.string);
} }
/* If we have neither, just default to IPv4 */ /* If we have neither, just default to IPv4 */
if (!yy_blacklist_iptype) if (!yy_dnsbl_entry_iptype)
{ {
conf_report_warning("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)"); conf_report_warning("dnsbl::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
yy_blacklist_iptype = IPTYPE_IPV4; yy_dnsbl_entry_iptype = IPTYPE_IPV4;
} }
} }
static void static void
conf_set_blacklist_matches(void *data) conf_set_dnsbl_entry_matches(void *data)
{ {
conf_parm_t *args = data; conf_parm_t *args = data;
enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST }; enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST };
@ -1966,19 +1973,19 @@ conf_set_blacklist_matches(void *data)
if (CF_TYPE(args->type) != CF_QSTRING) if (CF_TYPE(args->type) != CF_QSTRING)
{ {
conf_report_error("blacklist::matches -- must be quoted string"); conf_report_error("dnsbl::matches -- must be quoted string");
continue; continue;
} }
if (str == NULL) if (str == NULL)
{ {
conf_report_error("blacklist::matches -- invalid entry"); conf_report_error("dnsbl::matches -- invalid entry");
continue; continue;
} }
if (strlen(str) > HOSTIPLEN) if (strlen(str) > HOSTIPLEN)
{ {
conf_report_error("blacklist::matches has an entry too long: %s", conf_report_error("dnsbl::matches has an entry too long: %s",
str); str);
continue; continue;
} }
@ -1990,7 +1997,7 @@ conf_set_blacklist_matches(void *data)
type = FILTER_ALL; type = FILTER_ALL;
else if (!isdigit((unsigned char)*p)) else if (!isdigit((unsigned char)*p))
{ {
conf_report_error("blacklist::matches has invalid IP match entry %s", conf_report_error("dnsbl::matches has invalid IP match entry %s",
str); str);
type = FILTER_NONE; type = FILTER_NONE;
break; break;
@ -2003,7 +2010,7 @@ conf_set_blacklist_matches(void *data)
struct rb_sockaddr_storage tmp; struct rb_sockaddr_storage tmp;
if (rb_inet_pton(AF_INET, str, &tmp) <= 0) if (rb_inet_pton(AF_INET, str, &tmp) <= 0)
{ {
conf_report_error("blacklist::matches has invalid IP match entry %s", conf_report_error("dnsbl::matches has invalid IP match entry %s",
str); str);
continue; continue;
} }
@ -2013,7 +2020,7 @@ conf_set_blacklist_matches(void *data)
/* Verify it's the correct length */ /* Verify it's the correct length */
if (strlen(str) > 3) if (strlen(str) > 3)
{ {
conf_report_error("blacklist::matches has invalid octet match entry %s", conf_report_error("dnsbl::matches has invalid octet match entry %s",
str); str);
continue; continue;
} }
@ -2023,61 +2030,61 @@ conf_set_blacklist_matches(void *data)
continue; /* Invalid entry */ continue; /* Invalid entry */
} }
rb_dlinkAddAlloc(rb_strdup(str), &yy_blacklist_filters); rb_dlinkAddAlloc(rb_strdup(str), &yy_dnsbl_entry_filters);
} }
} }
static void static void
conf_set_blacklist_reason(void *data) conf_set_dnsbl_entry_reason(void *data)
{ {
rb_dlink_node *ptr, *nptr; rb_dlink_node *ptr, *nptr;
if (yy_blacklist_host && data) if (yy_dnsbl_entry_host && data)
{ {
yy_blacklist_reason = rb_strdup(data); yy_dnsbl_entry_reason = rb_strdup(data);
if (yy_blacklist_iptype & IPTYPE_IPV6) if (yy_dnsbl_entry_iptype & IPTYPE_IPV6)
{ {
/* Make sure things fit (magic number 64 = alnum count + dots) /* Make sure things fit (magic number 64 = alnum count + dots)
* Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa * Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
*/ */
if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) if ((64 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
{ {
conf_report_error("blacklist::host %s results in IPv6 queries that are too long", conf_report_error("dnsbl::host %s results in IPv6 queries that are too long",
yy_blacklist_host); yy_dnsbl_entry_host);
goto cleanup_bl; goto cleanup_bl;
} }
} }
/* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */ /* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */
if ((yy_blacklist_iptype & IPTYPE_IPV4) && !(yy_blacklist_iptype & IPTYPE_IPV6)) if ((yy_dnsbl_entry_iptype & IPTYPE_IPV4) && !(yy_dnsbl_entry_iptype & IPTYPE_IPV6))
{ {
/* Make sure things fit for worst case (magic number 16 = number of nums + dots) /* Make sure things fit for worst case (magic number 16 = number of nums + dots)
* Example: 127.127.127.127.in-addr.arpa * Example: 127.127.127.127.in-addr.arpa
*/ */
if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) if ((16 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
{ {
conf_report_error("blacklist::host %s results in IPv4 queries that are too long", conf_report_error("dnsbl::host %s results in IPv4 queries that are too long",
yy_blacklist_host); yy_dnsbl_entry_host);
goto cleanup_bl; goto cleanup_bl;
} }
} }
add_dnsbl_entry(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_iptype, &yy_blacklist_filters); add_dnsbl_entry(yy_dnsbl_entry_host, yy_dnsbl_entry_reason, yy_dnsbl_entry_iptype, &yy_dnsbl_entry_filters);
} }
cleanup_bl: cleanup_bl:
RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_blacklist_filters.head) RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_dnsbl_entry_filters.head)
{ {
rb_free(ptr->data); rb_free(ptr->data);
rb_dlinkDestroy(ptr, &yy_blacklist_filters); rb_dlinkDestroy(ptr, &yy_dnsbl_entry_filters);
} }
yy_blacklist_filters = (rb_dlink_list){ NULL, NULL, 0 }; yy_dnsbl_entry_filters = (rb_dlink_list){ NULL, NULL, 0 };
rb_free(yy_blacklist_host); rb_free(yy_dnsbl_entry_host);
rb_free(yy_blacklist_reason); rb_free(yy_dnsbl_entry_reason);
yy_blacklist_host = NULL; yy_dnsbl_entry_host = NULL;
yy_blacklist_reason = NULL; yy_dnsbl_entry_reason = NULL;
yy_blacklist_iptype = 0; yy_dnsbl_entry_iptype = 0;
} }
@ -2893,11 +2900,17 @@ newconf_init()
add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name); add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name);
add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target); add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target);
add_top_conf("blacklist", NULL, NULL, NULL); add_top_conf("dnsbl", NULL, NULL, NULL);
add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host); add_conf_item("dnsbl", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type); add_conf_item("dnsbl", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_blacklist_matches); add_conf_item("dnsbl", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason); add_conf_item("dnsbl", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
add_top_conf("blacklist", conf_warn_blacklist_deprecation, NULL, NULL);
add_conf_item("blacklist", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL); add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL);
add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout); add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);