void dotrustdenydel(long unum, char *tail) {
int res; char tmps2[TMPSSIZE], tmps3[TMPSSIZE]; long i; trustdeny * td;
unsigned long snet, smask;
res=sscanf(tail,"%s %s",tmps2,tmps3);
if (res<2) {
msgtouser(unum,"Syntax: trustdenydel subnet/[netmask]");
msgtouser(unum,"if netmask is omitted, then /32 (a single IP) is assumed.");
return;
}
if (!ischarinstr('/',tmps3)) {
smask=32;
snet=parseipv4(tmps3);
} else {
char h1[TMPSSIZE]; char h2[TMPSSIZE]; char dumc; int r2;
r2=sscanf(tmps3,"%[0-9.]%c%[0-9]",h1,&dumc,h2);
if (r2!=3) { msgtouser(unum,"Invalid subnetmask."); return; }
snet=parseipv4(h1);
smask=strtoul(h2,NULL,10);
if (smask>32) { msgtouser(unum,"Invalid subnetmask."); return; }
}
td=(trustdeny *)deniedtrusts.content;
for (i=0;i<deniedtrusts.cursi;i++) {
if ((td[i].v4net==snet) && (td[i].v4mask==smask)) {
array_delslot(&deniedtrusts,i);
msgtouser(unum,"trustdeny removed.");
return;
}
}
msgtouser(unum,"No such trustdeny");
}
void dotrustadd(long unum, char *tail) {
int res; char tmps2[TMPSSIZE], tmps3[TMPSSIZE], tmps4[TMPSSIZE], tmps5[TMPSSIZE];
trustedgroup *tg; trustedhost *th; long i; userdata *u;
trustdeny * td; unsigned long theip;
res=sscanf(tail,"%s %s %s %s",tmps2,tmps3,tmps4,tmps5);
if (res!=3) {
msgtouser(unum,"Syntax: trustadd <groupname OR #groupid> IP"); return;
}
toLowerCase(tmps3);
if (tmps3[0]=='#') {
tg=findtrustgroupbyID(strtol(&tmps3[1],NULL,10));
} else {
tg=findtrustgroupbyname(tmps3);
}
if (tg==NULL) {
sprintf(tmps2,"A trustgroup with that %s does not exist.",(tmps3[0]=='#') ? "ID" : "name");
msgtouser(unum,tmps2); return;
}
if (tg->id==0) { msgtouser(unum,"Internal error: Trustgroup has ID 0"); return; }
if (!isvalidipv4(tmps4)) { msgtouser(unum,"Not a valid IP(v4)."); return; }
theip=parseipv4(tmps4);
if (istrusted(theip)>0) {
msgtouser(unum,"That IP already belongs to some trustgroup"); return;
}
td=gettrustdeny(theip);
if (td!=NULL) {
if (td->type==TRUSTDENY_DENY) {
msgtouser(unum,"Trusting this IP is DENIED!");
} else { /* Warn only */
msgtouser(unum,"WARNING: There is a trustdeny-warning for this IP.");
}
newmsgtouser(unum,"The entry was last updated by %s, reason: %s",td->creator,td->reason);
if (td->type==TRUSTDENY_DENY) { return; }
}
/* OK so we have a valid group and host - create new hostentry */
th=(trustedhost *)malloc(sizeof(trustedhost));
th->IPv4=theip;
th->id=tg->id;
th->lastused=0; th->maxused=0; th->maxreset=0; th->currentlyon=0;
th->next=(void *)trustedhosts[tlhash(theip)];
trustedhosts[tlhash(theip)]=th;
/* Recount the host, add it to the trustgroup */
for (i=0;i<SIZEOFUL;i++) {
u=uls[i];
while (u!=NULL) {
if (theip==u->realip) {
addtotrustedhost(u->ident,tg->id);
updatetrustedhost(theip,+1);
}
u=(void *)u->next;
}
}
numtonick(unum,tmps3);
sprintf(tmps2,"%s added IP %s to trustgroup %s (#%lu)",tmps3,tmps4,tg->name,tg->id);
sendtonoticemask(NM_TRUSTS,tmps2);
recreateimpsntrusts();
sprintf(tmps2,"Added IP %s to trustgroup %s (#%lu)",tmps4,tg->name,tg->id);
msgtouser(unum,tmps2);
}
/*
* Parse IP address, return IP version
*/
int
parseip(char *from, uchar *to)
{
/* '.' is v4 separator; ':' is v6 */
return strchr(from, '.')
? parseipv4(from, to)
: parseipv6(from, to);
}
void dotrustdel(long unum, char *tail) {
int res; char tmps2[TMPSSIZE], tmps3[TMPSSIZE], tmps4[TMPSSIZE];
trustedgroup *tg; trustedhost *th, *t2; unsigned long theip; int arw=0;
res=sscanf(tail,"%s %s %s",tmps2,tmps3,tmps4);
if (res!=2) {
msgtouser(unum,"Syntax: trustdel IP"); return;
}
theip=parseipv4(tmps3);
th=trustedhosts[tlhash(theip)]; t2=NULL;
while (th!=NULL) {
if (th->IPv4==theip) {
long i; userdata *u;
tg=findtrustgroupbyID(th->id);
if (t2==NULL) {
trustedhosts[tlhash(theip)]=(void *)th->next;
} else {
t2->next=th->next;
}
free(th);
/* Recount the host */
for (i=0;i<SIZEOFUL;i++) {
u=uls[i];
while (u!=NULL) {
if (u->realip==theip) {
int currenton;
delfromtrustedhost(u->ident,tg->id);
updatetrustedhost(theip,-1);
currenton=sncget(theip,32);
if (currenton>=mf4warn[32]) { /* Clonelimit for that host exceeded */
if ((mf4warn[32]>=0) && (arw==0)) {
char * mycip=printipv4(u->realip);
sprintf(tmps2,"[%d] clones detected from (previously trusted host) %s(=%s)",currenton,u->host,mycip);
noticeallircops(tmps2);
putlog("[clones] %d clones detected from (now) untrusted host %s(=%s)",currenton,u->host,mycip);
free(mycip);
arw++;
}
}
}
u=(void *)u->next;
}
}
recreateimpsntrusts();
numtonick(unum,tmps4);
sprintf(tmps2,"%s removed trust for IP %s",tmps4,tmps3);
sendtonoticemask(NM_TRUSTS,tmps2);
sprintf(tmps2,"IP removed from Trustgroup %s (#%lu)",tg->name,tg->id);
msgtouser(unum,tmps2);
return;
} else {
t2=th;
th=(void *)th->next;
}
}
msgtouser(unum,"That IP was not trusted.");
}
void dotrustdenylist(long unum, char *tail) {
int res; char tmps2[TMPSSIZE], tmps3[TMPSSIZE]; long i, j; trustdeny *td;
unsigned long snet, smask; char * mycip;
res=sscanf(tail,"%s %s",tmps2,tmps3);
if (res<2) { strcpy(tmps3,"0.0.0.0/0"); }
if (!ischarinstr('/',tmps3)) {
smask=32;
snet=parseipv4(tmps3);
} else {
char h1[TMPSSIZE]; char h2[TMPSSIZE]; char dumc; int r2;
r2=sscanf(tmps3,"%[0-9.]%c%[0-9]",h1,&dumc,h2);
if (r2!=3) { msgtouser(unum,"Invalid subnetmask."); return; }
snet=parseipv4(h1);
smask=strtoul(h2,NULL,10);
if (smask>32) { msgtouser(unum,"Invalid subnetmask."); return; }
}
trustdenyexpire();
td=(trustdeny *)deniedtrusts.content;
j=0;
for (i=0;i<deniedtrusts.cursi;i++) {
if (((td[i].v4net&netmasks[smask])==(snet&netmasks[smask])) ||
((td[i].v4net&netmasks[td[i].v4mask])==(snet&netmasks[td[i].v4mask]))) {
if (j==0) {
newmsgtouser(unum,"%-30s %-15s %-17s %-1s %s","IP/mask","by","expires in","t","Reason");
}
longtoduration(tmps2,td[i].expires-getnettime());
mycip=printipv4(td[i].v4net);
newmsgtouser(unum,"%-27s/%02u %-15s %-17s %s %s",mycip,td[i].v4mask,td[i].creator,
tmps2,(td[i].type==TRUSTDENY_DENY) ? "D" : "W", td[i].reason);
free(mycip);
j++;
}
}
if (j==0) {
msgtouser(unum,"--- No matches ---");
} else {
newmsgtouser(unum,"--- End of list - %ld matches ---",j);
}
}
void dotrustdenyadd(long unum, char *tail) {
int res; long i; trustdeny *td; long expires;
char tmps2[TMPSSIZE], tmps3[TMPSSIZE], tmps4[TMPSSIZE], tmps5[TMPSSIZE], tmps6[TMPSSIZE];
unsigned long snet, smask;
res=sscanf(tail,"%s %s %s %s %[^\n]",tmps2,tmps3,tmps4,tmps5,tmps6);
if (res<5) {
msgtouser(unum,"Syntax: trustdenyadd warn|deny subnet[/netmask] duration reason");
msgtouser(unum,"if netmask is omitted, then /32 (a single IP) is assumed.");
return;
}
toLowerCase(tmps3);
if (strcmp(tmps3,"warn")==0) { res=TRUSTDENY_WARN; }
if (strcmp(tmps3,"deny")==0) { res=TRUSTDENY_DENY; }
if ((res!=TRUSTDENY_WARN) && (res!=TRUSTDENY_DENY)) {
msgtouser(unum,"You can only warn or deny.");
return;
}
if (!ischarinstr('/',tmps4)) {
smask=32;
snet=parseipv4(tmps4);
} else {
char h1[TMPSSIZE]; char h2[TMPSSIZE]; char dumc; int r2;
r2=sscanf(tmps4,"%[0-9.]%c%[0-9]",h1,&dumc,h2);
if (r2!=3) { msgtouser(unum,"Invalid subnetmask."); return; }
snet=parseipv4(h1);
smask=strtoul(h2,NULL,10);
if (smask>32) { msgtouser(unum,"Invalid subnetmask."); return; }
}
expires=durationtolong(tmps5);
if (expires<1) {
msgtouser(unum,"Invalid duration.");
return;
}
expires+=getnettime();
td=(trustdeny *)deniedtrusts.content;
for (i=0;i<deniedtrusts.cursi;i++) {
if ((td[i].v4net==snet) && (td[i].v4mask=smask)) {
longtoduration(tmps2,getnettime()-td[i].created);
longtoduration(tmps3,td[i].expires-getnettime());
msgtouser(unum,"a trustdeny for that hostmask already exists - replacing values");
newmsgtouser(unum,"Old one was created by %s %s ago, expiring in %s and mode %s",
td[i].creator,tmps2,tmps3,(td[i].type==TRUSTDENY_WARN) ? "WARN" : "DENY");
getauthedas(tmps2,unum);
mystrncpy(td[i].creator,tmps2,AUTHUSERLEN);
mystrncpy(td[i].reason,tmps6,RNGREAS);
td[i].expires=expires;
td[i].created=getnettime();
td[i].type=res;
msgtouser(unum,"Done.");
return;
}
}
/* Not existing yet - allocate new entry */
i=array_getfreeslot(&deniedtrusts);
td=(trustdeny *)deniedtrusts.content;
getauthedas(tmps2,unum);
mystrncpy(td[i].creator,tmps2,AUTHUSERLEN);
mystrncpy(td[i].reason,tmps6,RNGREAS);
td[i].expires=expires;
td[i].created=getnettime();
td[i].v4net=snet;
td[i].v4mask=smask;
td[i].type=res;
recreateimpsntrusts();
msgtouser(unum,"Done.");
}
