Add exempt logic for open proxies

This commit is contained in:
Elizabeth Myers 2016-04-02 02:42:11 -05:00
parent 51fa2ab8a3
commit fbe8d087e7
4 changed files with 50 additions and 16 deletions

View file

@ -215,6 +215,9 @@ reject_client(struct auth_client *auth, provider_t id, const char *data, const c
case PROVIDER_BLACKLIST: case PROVIDER_BLACKLIST:
reject = 'B'; reject = 'B';
break; break;
case PROVIDER_OPM:
reject = 'O';
break;
default: default:
reject = 'N'; reject = 'N';
break; break;

View file

@ -110,6 +110,7 @@ struct ConfItem
#define CONF_FLAGS_EXTEND_CHANS 0x00080000 #define CONF_FLAGS_EXTEND_CHANS 0x00080000
#define CONF_FLAGS_ENCRYPTED 0x00200000 #define CONF_FLAGS_ENCRYPTED 0x00200000
#define CONF_FLAGS_EXEMPTDNSBL 0x04000000 #define CONF_FLAGS_EXEMPTDNSBL 0x04000000
#define CONF_FLAGS_EXEMPTPROXY 0x08000000
/* Macros for struct ConfItem */ /* Macros for struct ConfItem */
@ -130,6 +131,7 @@ struct ConfItem
#define IsConfEncrypted(x) ((x)->flags & CONF_FLAGS_ENCRYPTED) #define IsConfEncrypted(x) ((x)->flags & CONF_FLAGS_ENCRYPTED)
#define IsNeedSasl(x) ((x)->flags & CONF_FLAGS_NEED_SASL) #define IsNeedSasl(x) ((x)->flags & CONF_FLAGS_NEED_SASL)
#define IsConfExemptDNSBL(x) ((x)->flags & CONF_FLAGS_EXEMPTDNSBL) #define IsConfExemptDNSBL(x) ((x)->flags & CONF_FLAGS_EXEMPTDNSBL)
#define IsConfExemptProxy(x) ((x)->flags & CONF_FLAGS_EXEMPTPROXY)
#define IsConfExtendChans(x) ((x)->flags & CONF_FLAGS_EXTEND_CHANS) #define IsConfExtendChans(x) ((x)->flags & CONF_FLAGS_EXTEND_CHANS)
#define IsConfSSLNeeded(x) ((x)->flags & CONF_FLAGS_NEED_SSL) #define IsConfSSLNeeded(x) ((x)->flags & CONF_FLAGS_NEED_SSL)

View file

@ -335,6 +335,7 @@ static struct mode_table auth_table[] = {
{"spoof_notice", CONF_FLAGS_SPOOF_NOTICE }, {"spoof_notice", CONF_FLAGS_SPOOF_NOTICE },
{"exceed_limit", CONF_FLAGS_NOLIMIT }, {"exceed_limit", CONF_FLAGS_NOLIMIT },
{"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL }, {"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL },
{"proxy_exempt", CONF_FLAGS_EXEMPTPROXY },
{"kline_exempt", CONF_FLAGS_EXEMPTKLINE }, {"kline_exempt", CONF_FLAGS_EXEMPTKLINE },
{"flood_exempt", CONF_FLAGS_EXEMPTFLOOD }, {"flood_exempt", CONF_FLAGS_EXEMPTFLOOD },
{"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT }, {"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT },

View file

@ -467,6 +467,34 @@ register_local_user(struct Client *client_p, struct Client *source_p)
return CLIENT_EXITED; return CLIENT_EXITED;
} }
break; break;
case 'O':
if(IsExemptKline(source_p) || IsConfExemptProxy(aconf))
{
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s), but you are exempt",
source_p->sockhost, source_p->preClient->authd_data);
}
else
{
sendto_realops_snomask(SNO_REJ, L_NETWIDE,
"Open proxy %s: %s (%s@%s) [%s] [%s]",
source_p->preClient->authd_data,
source_p->name,
source_p->username, source_p->host,
IsIPSpoof(source_p) ? "255.255.255.255" : source_p->sockhost,
source_p->info);
ServerStats.is_ref++;
sendto_one(source_p, form_str(ERR_YOUREBANNEDCREEP),
me.name, source_p->name, reason);
sendto_one_notice(source_p, ":*** Your IP address %s has been detected as an open proxy (ip:port %s)",
source_p->sockhost, source_p->preClient->authd_data);
add_reject(source_p, NULL, NULL);
exit_client(client_p, source_p, &me, "*** Banned (Open proxy)");
substitution_free(&varlist);
return CLIENT_EXITED;
}
default: /* Unknown, but handle the case properly */ default: /* Unknown, but handle the case properly */
if (IsExemptKline(source_p)) if (IsExemptKline(source_p))
{ {