newconf: deprecate blacklist{} blocks, replace with dnsbl{} blocks.
This commit is contained in:
parent
3321eef45a
commit
7f24f506e0
1 changed files with 73 additions and 60 deletions
133
ircd/newconf.c
133
ircd/newconf.c
|
@ -55,10 +55,10 @@ static struct oper_conf *yy_oper = NULL;
|
||||||
|
|
||||||
static struct alias_entry *yy_alias = NULL;
|
static struct alias_entry *yy_alias = NULL;
|
||||||
|
|
||||||
static char *yy_blacklist_host = NULL;
|
static char *yy_dnsbl_entry_host = NULL;
|
||||||
static char *yy_blacklist_reason = NULL;
|
static char *yy_dnsbl_entry_reason = NULL;
|
||||||
static uint8_t yy_blacklist_iptype = 0;
|
static uint8_t yy_dnsbl_entry_iptype = 0;
|
||||||
static rb_dlink_list yy_blacklist_filters = { NULL, NULL, 0 };
|
static rb_dlink_list yy_dnsbl_entry_filters = { NULL, NULL, 0 };
|
||||||
|
|
||||||
static char *yy_opm_address_ipv4 = NULL;
|
static char *yy_opm_address_ipv4 = NULL;
|
||||||
static char *yy_opm_address_ipv6 = NULL;
|
static char *yy_opm_address_ipv6 = NULL;
|
||||||
|
@ -1903,57 +1903,64 @@ conf_set_channel_autochanmodes(void *data)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* XXX for below */
|
/* XXX for below */
|
||||||
static void conf_set_blacklist_reason(void *data);
|
static void conf_set_dnsbl_entry_reason(void *data);
|
||||||
|
|
||||||
#define IPTYPE_IPV4 1
|
#define IPTYPE_IPV4 1
|
||||||
#define IPTYPE_IPV6 2
|
#define IPTYPE_IPV6 2
|
||||||
|
|
||||||
static void
|
static int
|
||||||
conf_set_blacklist_host(void *data)
|
conf_warn_blacklist_deprecation(struct TopConf *tc)
|
||||||
{
|
{
|
||||||
if (yy_blacklist_host)
|
conf_report_error("blacklist{} blocks have been deprecated -- use dnsbl{} blocks instead.");
|
||||||
{
|
return 0;
|
||||||
conf_report_error("blacklist::host %s overlaps existing host %s",
|
|
||||||
(char *)data, yy_blacklist_host);
|
|
||||||
|
|
||||||
/* Cleanup */
|
|
||||||
conf_set_blacklist_reason(NULL);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
yy_blacklist_iptype |= IPTYPE_IPV4;
|
|
||||||
yy_blacklist_host = rb_strdup(data);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
conf_set_blacklist_type(void *data)
|
conf_set_dnsbl_entry_host(void *data)
|
||||||
|
{
|
||||||
|
if (yy_dnsbl_entry_host)
|
||||||
|
{
|
||||||
|
conf_report_error("dnsbl::host %s overlaps existing host %s",
|
||||||
|
(char *)data, yy_dnsbl_entry_host);
|
||||||
|
|
||||||
|
/* Cleanup */
|
||||||
|
conf_set_dnsbl_entry_reason(NULL);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
|
||||||
|
yy_dnsbl_entry_host = rb_strdup(data);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
conf_set_dnsbl_entry_type(void *data)
|
||||||
{
|
{
|
||||||
conf_parm_t *args = data;
|
conf_parm_t *args = data;
|
||||||
|
|
||||||
/* Don't assume we have either if we got here */
|
/* Don't assume we have either if we got here */
|
||||||
yy_blacklist_iptype = 0;
|
yy_dnsbl_entry_iptype = 0;
|
||||||
|
|
||||||
for (; args; args = args->next)
|
for (; args; args = args->next)
|
||||||
{
|
{
|
||||||
if (!rb_strcasecmp(args->v.string, "ipv4"))
|
if (!rb_strcasecmp(args->v.string, "ipv4"))
|
||||||
yy_blacklist_iptype |= IPTYPE_IPV4;
|
yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
|
||||||
else if (!rb_strcasecmp(args->v.string, "ipv6"))
|
else if (!rb_strcasecmp(args->v.string, "ipv6"))
|
||||||
yy_blacklist_iptype |= IPTYPE_IPV6;
|
yy_dnsbl_entry_iptype |= IPTYPE_IPV6;
|
||||||
else
|
else
|
||||||
conf_report_error("blacklist::type has unknown address family %s",
|
conf_report_error("dnsbl::type has unknown address family %s",
|
||||||
args->v.string);
|
args->v.string);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If we have neither, just default to IPv4 */
|
/* If we have neither, just default to IPv4 */
|
||||||
if (!yy_blacklist_iptype)
|
if (!yy_dnsbl_entry_iptype)
|
||||||
{
|
{
|
||||||
conf_report_warning("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
|
conf_report_warning("dnsbl::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
|
||||||
yy_blacklist_iptype = IPTYPE_IPV4;
|
yy_dnsbl_entry_iptype = IPTYPE_IPV4;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
conf_set_blacklist_matches(void *data)
|
conf_set_dnsbl_entry_matches(void *data)
|
||||||
{
|
{
|
||||||
conf_parm_t *args = data;
|
conf_parm_t *args = data;
|
||||||
enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST };
|
enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST };
|
||||||
|
@ -1966,19 +1973,19 @@ conf_set_blacklist_matches(void *data)
|
||||||
|
|
||||||
if (CF_TYPE(args->type) != CF_QSTRING)
|
if (CF_TYPE(args->type) != CF_QSTRING)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches -- must be quoted string");
|
conf_report_error("dnsbl::matches -- must be quoted string");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (str == NULL)
|
if (str == NULL)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches -- invalid entry");
|
conf_report_error("dnsbl::matches -- invalid entry");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strlen(str) > HOSTIPLEN)
|
if (strlen(str) > HOSTIPLEN)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches has an entry too long: %s",
|
conf_report_error("dnsbl::matches has an entry too long: %s",
|
||||||
str);
|
str);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -1990,7 +1997,7 @@ conf_set_blacklist_matches(void *data)
|
||||||
type = FILTER_ALL;
|
type = FILTER_ALL;
|
||||||
else if (!isdigit((unsigned char)*p))
|
else if (!isdigit((unsigned char)*p))
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches has invalid IP match entry %s",
|
conf_report_error("dnsbl::matches has invalid IP match entry %s",
|
||||||
str);
|
str);
|
||||||
type = FILTER_NONE;
|
type = FILTER_NONE;
|
||||||
break;
|
break;
|
||||||
|
@ -2003,7 +2010,7 @@ conf_set_blacklist_matches(void *data)
|
||||||
struct rb_sockaddr_storage tmp;
|
struct rb_sockaddr_storage tmp;
|
||||||
if (rb_inet_pton(AF_INET, str, &tmp) <= 0)
|
if (rb_inet_pton(AF_INET, str, &tmp) <= 0)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches has invalid IP match entry %s",
|
conf_report_error("dnsbl::matches has invalid IP match entry %s",
|
||||||
str);
|
str);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -2013,7 +2020,7 @@ conf_set_blacklist_matches(void *data)
|
||||||
/* Verify it's the correct length */
|
/* Verify it's the correct length */
|
||||||
if (strlen(str) > 3)
|
if (strlen(str) > 3)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::matches has invalid octet match entry %s",
|
conf_report_error("dnsbl::matches has invalid octet match entry %s",
|
||||||
str);
|
str);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -2023,61 +2030,61 @@ conf_set_blacklist_matches(void *data)
|
||||||
continue; /* Invalid entry */
|
continue; /* Invalid entry */
|
||||||
}
|
}
|
||||||
|
|
||||||
rb_dlinkAddAlloc(rb_strdup(str), &yy_blacklist_filters);
|
rb_dlinkAddAlloc(rb_strdup(str), &yy_dnsbl_entry_filters);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
conf_set_blacklist_reason(void *data)
|
conf_set_dnsbl_entry_reason(void *data)
|
||||||
{
|
{
|
||||||
rb_dlink_node *ptr, *nptr;
|
rb_dlink_node *ptr, *nptr;
|
||||||
|
|
||||||
if (yy_blacklist_host && data)
|
if (yy_dnsbl_entry_host && data)
|
||||||
{
|
{
|
||||||
yy_blacklist_reason = rb_strdup(data);
|
yy_dnsbl_entry_reason = rb_strdup(data);
|
||||||
if (yy_blacklist_iptype & IPTYPE_IPV6)
|
if (yy_dnsbl_entry_iptype & IPTYPE_IPV6)
|
||||||
{
|
{
|
||||||
/* Make sure things fit (magic number 64 = alnum count + dots)
|
/* Make sure things fit (magic number 64 = alnum count + dots)
|
||||||
* Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
|
* Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
|
||||||
*/
|
*/
|
||||||
if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
|
if ((64 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::host %s results in IPv6 queries that are too long",
|
conf_report_error("dnsbl::host %s results in IPv6 queries that are too long",
|
||||||
yy_blacklist_host);
|
yy_dnsbl_entry_host);
|
||||||
goto cleanup_bl;
|
goto cleanup_bl;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */
|
/* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */
|
||||||
if ((yy_blacklist_iptype & IPTYPE_IPV4) && !(yy_blacklist_iptype & IPTYPE_IPV6))
|
if ((yy_dnsbl_entry_iptype & IPTYPE_IPV4) && !(yy_dnsbl_entry_iptype & IPTYPE_IPV6))
|
||||||
{
|
{
|
||||||
/* Make sure things fit for worst case (magic number 16 = number of nums + dots)
|
/* Make sure things fit for worst case (magic number 16 = number of nums + dots)
|
||||||
* Example: 127.127.127.127.in-addr.arpa
|
* Example: 127.127.127.127.in-addr.arpa
|
||||||
*/
|
*/
|
||||||
if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
|
if ((16 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
|
||||||
{
|
{
|
||||||
conf_report_error("blacklist::host %s results in IPv4 queries that are too long",
|
conf_report_error("dnsbl::host %s results in IPv4 queries that are too long",
|
||||||
yy_blacklist_host);
|
yy_dnsbl_entry_host);
|
||||||
goto cleanup_bl;
|
goto cleanup_bl;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
add_dnsbl_entry(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_iptype, &yy_blacklist_filters);
|
add_dnsbl_entry(yy_dnsbl_entry_host, yy_dnsbl_entry_reason, yy_dnsbl_entry_iptype, &yy_dnsbl_entry_filters);
|
||||||
}
|
}
|
||||||
|
|
||||||
cleanup_bl:
|
cleanup_bl:
|
||||||
RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_blacklist_filters.head)
|
RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_dnsbl_entry_filters.head)
|
||||||
{
|
{
|
||||||
rb_free(ptr->data);
|
rb_free(ptr->data);
|
||||||
rb_dlinkDestroy(ptr, &yy_blacklist_filters);
|
rb_dlinkDestroy(ptr, &yy_dnsbl_entry_filters);
|
||||||
}
|
}
|
||||||
|
|
||||||
yy_blacklist_filters = (rb_dlink_list){ NULL, NULL, 0 };
|
yy_dnsbl_entry_filters = (rb_dlink_list){ NULL, NULL, 0 };
|
||||||
|
|
||||||
rb_free(yy_blacklist_host);
|
rb_free(yy_dnsbl_entry_host);
|
||||||
rb_free(yy_blacklist_reason);
|
rb_free(yy_dnsbl_entry_reason);
|
||||||
yy_blacklist_host = NULL;
|
yy_dnsbl_entry_host = NULL;
|
||||||
yy_blacklist_reason = NULL;
|
yy_dnsbl_entry_reason = NULL;
|
||||||
yy_blacklist_iptype = 0;
|
yy_dnsbl_entry_iptype = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -2893,11 +2900,17 @@ newconf_init()
|
||||||
add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name);
|
add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name);
|
||||||
add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target);
|
add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target);
|
||||||
|
|
||||||
add_top_conf("blacklist", NULL, NULL, NULL);
|
add_top_conf("dnsbl", NULL, NULL, NULL);
|
||||||
add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host);
|
add_conf_item("dnsbl", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
|
||||||
add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type);
|
add_conf_item("dnsbl", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
|
||||||
add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_blacklist_matches);
|
add_conf_item("dnsbl", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
|
||||||
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason);
|
add_conf_item("dnsbl", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
|
||||||
|
|
||||||
|
add_top_conf("blacklist", conf_warn_blacklist_deprecation, NULL, NULL);
|
||||||
|
add_conf_item("blacklist", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
|
||||||
|
add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
|
||||||
|
add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
|
||||||
|
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
|
||||||
|
|
||||||
add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL);
|
add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL);
|
||||||
add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);
|
add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);
|
||||||
|
|
Loading…
Reference in a new issue