void dotrustdenydel(long unum, char *tail) { int res; char tmps2[TMPSSIZE], tmps3[TMPSSIZE]; long i; trustdeny * td; unsigned long snet, smask; res=sscanf(tail,"%s %s",tmps2,tmps3); if (res<2) { msgtouser(unum,"Syntax: trustdenydel subnet/[netmask]"); msgtouser(unum,"if netmask is omitted, then /32 (a single IP) is assumed."); return; } if (!ischarinstr('/',tmps3)) { smask=32; snet=parseipv4(tmps3); } else { char h1[TMPSSIZE]; char h2[TMPSSIZE]; char dumc; int r2; r2=sscanf(tmps3,"%[0-9.]%c%[0-9]",h1,&dumc,h2); if (r2!=3) { msgtouser(unum,"Invalid subnetmask."); return; } snet=parseipv4(h1); smask=strtoul(h2,NULL,10); if (smask>32) { msgtouser(unum,"Invalid subnetmask."); return; } } td=(trustdeny *)deniedtrusts.content; for (i=0;i<deniedtrusts.cursi;i++) { if ((td[i].v4net==snet) && (td[i].v4mask==smask)) { array_delslot(&deniedtrusts,i); msgtouser(unum,"trustdeny removed."); return; } } msgtouser(unum,"No such trustdeny"); }
void dotrustadd(long unum, char *tail) { int res; char tmps2[TMPSSIZE], tmps3[TMPSSIZE], tmps4[TMPSSIZE], tmps5[TMPSSIZE]; trustedgroup *tg; trustedhost *th; long i; userdata *u; trustdeny * td; unsigned long theip; res=sscanf(tail,"%s %s %s %s",tmps2,tmps3,tmps4,tmps5); if (res!=3) { msgtouser(unum,"Syntax: trustadd <groupname OR #groupid> IP"); return; } toLowerCase(tmps3); if (tmps3[0]=='#') { tg=findtrustgroupbyID(strtol(&tmps3[1],NULL,10)); } else { tg=findtrustgroupbyname(tmps3); } if (tg==NULL) { sprintf(tmps2,"A trustgroup with that %s does not exist.",(tmps3[0]=='#') ? "ID" : "name"); msgtouser(unum,tmps2); return; } if (tg->id==0) { msgtouser(unum,"Internal error: Trustgroup has ID 0"); return; } if (!isvalidipv4(tmps4)) { msgtouser(unum,"Not a valid IP(v4)."); return; } theip=parseipv4(tmps4); if (istrusted(theip)>0) { msgtouser(unum,"That IP already belongs to some trustgroup"); return; } td=gettrustdeny(theip); if (td!=NULL) { if (td->type==TRUSTDENY_DENY) { msgtouser(unum,"Trusting this IP is DENIED!"); } else { /* Warn only */ msgtouser(unum,"WARNING: There is a trustdeny-warning for this IP."); } newmsgtouser(unum,"The entry was last updated by %s, reason: %s",td->creator,td->reason); if (td->type==TRUSTDENY_DENY) { return; } } /* OK so we have a valid group and host - create new hostentry */ th=(trustedhost *)malloc(sizeof(trustedhost)); th->IPv4=theip; th->id=tg->id; th->lastused=0; th->maxused=0; th->maxreset=0; th->currentlyon=0; th->next=(void *)trustedhosts[tlhash(theip)]; trustedhosts[tlhash(theip)]=th; /* Recount the host, add it to the trustgroup */ for (i=0;i<SIZEOFUL;i++) { u=uls[i]; while (u!=NULL) { if (theip==u->realip) { addtotrustedhost(u->ident,tg->id); updatetrustedhost(theip,+1); } u=(void *)u->next; } } numtonick(unum,tmps3); sprintf(tmps2,"%s added IP %s to trustgroup %s (#%lu)",tmps3,tmps4,tg->name,tg->id); sendtonoticemask(NM_TRUSTS,tmps2); recreateimpsntrusts(); sprintf(tmps2,"Added IP %s to trustgroup %s (#%lu)",tmps4,tg->name,tg->id); msgtouser(unum,tmps2); }
/* * Parse IP address, return IP version */ int parseip(char *from, uchar *to) { /* '.' is v4 separator; ':' is v6 */ return strchr(from, '.') ? parseipv4(from, to) : parseipv6(from, to); }
void dotrustdel(long unum, char *tail) { int res; char tmps2[TMPSSIZE], tmps3[TMPSSIZE], tmps4[TMPSSIZE]; trustedgroup *tg; trustedhost *th, *t2; unsigned long theip; int arw=0; res=sscanf(tail,"%s %s %s",tmps2,tmps3,tmps4); if (res!=2) { msgtouser(unum,"Syntax: trustdel IP"); return; } theip=parseipv4(tmps3); th=trustedhosts[tlhash(theip)]; t2=NULL; while (th!=NULL) { if (th->IPv4==theip) { long i; userdata *u; tg=findtrustgroupbyID(th->id); if (t2==NULL) { trustedhosts[tlhash(theip)]=(void *)th->next; } else { t2->next=th->next; } free(th); /* Recount the host */ for (i=0;i<SIZEOFUL;i++) { u=uls[i]; while (u!=NULL) { if (u->realip==theip) { int currenton; delfromtrustedhost(u->ident,tg->id); updatetrustedhost(theip,-1); currenton=sncget(theip,32); if (currenton>=mf4warn[32]) { /* Clonelimit for that host exceeded */ if ((mf4warn[32]>=0) && (arw==0)) { char * mycip=printipv4(u->realip); sprintf(tmps2,"[%d] clones detected from (previously trusted host) %s(=%s)",currenton,u->host,mycip); noticeallircops(tmps2); putlog("[clones] %d clones detected from (now) untrusted host %s(=%s)",currenton,u->host,mycip); free(mycip); arw++; } } } u=(void *)u->next; } } recreateimpsntrusts(); numtonick(unum,tmps4); sprintf(tmps2,"%s removed trust for IP %s",tmps4,tmps3); sendtonoticemask(NM_TRUSTS,tmps2); sprintf(tmps2,"IP removed from Trustgroup %s (#%lu)",tg->name,tg->id); msgtouser(unum,tmps2); return; } else { t2=th; th=(void *)th->next; } } msgtouser(unum,"That IP was not trusted."); }
void dotrustdenylist(long unum, char *tail) { int res; char tmps2[TMPSSIZE], tmps3[TMPSSIZE]; long i, j; trustdeny *td; unsigned long snet, smask; char * mycip; res=sscanf(tail,"%s %s",tmps2,tmps3); if (res<2) { strcpy(tmps3,"0.0.0.0/0"); } if (!ischarinstr('/',tmps3)) { smask=32; snet=parseipv4(tmps3); } else { char h1[TMPSSIZE]; char h2[TMPSSIZE]; char dumc; int r2; r2=sscanf(tmps3,"%[0-9.]%c%[0-9]",h1,&dumc,h2); if (r2!=3) { msgtouser(unum,"Invalid subnetmask."); return; } snet=parseipv4(h1); smask=strtoul(h2,NULL,10); if (smask>32) { msgtouser(unum,"Invalid subnetmask."); return; } } trustdenyexpire(); td=(trustdeny *)deniedtrusts.content; j=0; for (i=0;i<deniedtrusts.cursi;i++) { if (((td[i].v4net&netmasks[smask])==(snet&netmasks[smask])) || ((td[i].v4net&netmasks[td[i].v4mask])==(snet&netmasks[td[i].v4mask]))) { if (j==0) { newmsgtouser(unum,"%-30s %-15s %-17s %-1s %s","IP/mask","by","expires in","t","Reason"); } longtoduration(tmps2,td[i].expires-getnettime()); mycip=printipv4(td[i].v4net); newmsgtouser(unum,"%-27s/%02u %-15s %-17s %s %s",mycip,td[i].v4mask,td[i].creator, tmps2,(td[i].type==TRUSTDENY_DENY) ? "D" : "W", td[i].reason); free(mycip); j++; } } if (j==0) { msgtouser(unum,"--- No matches ---"); } else { newmsgtouser(unum,"--- End of list - %ld matches ---",j); } }
void dotrustdenyadd(long unum, char *tail) { int res; long i; trustdeny *td; long expires; char tmps2[TMPSSIZE], tmps3[TMPSSIZE], tmps4[TMPSSIZE], tmps5[TMPSSIZE], tmps6[TMPSSIZE]; unsigned long snet, smask; res=sscanf(tail,"%s %s %s %s %[^\n]",tmps2,tmps3,tmps4,tmps5,tmps6); if (res<5) { msgtouser(unum,"Syntax: trustdenyadd warn|deny subnet[/netmask] duration reason"); msgtouser(unum,"if netmask is omitted, then /32 (a single IP) is assumed."); return; } toLowerCase(tmps3); if (strcmp(tmps3,"warn")==0) { res=TRUSTDENY_WARN; } if (strcmp(tmps3,"deny")==0) { res=TRUSTDENY_DENY; } if ((res!=TRUSTDENY_WARN) && (res!=TRUSTDENY_DENY)) { msgtouser(unum,"You can only warn or deny."); return; } if (!ischarinstr('/',tmps4)) { smask=32; snet=parseipv4(tmps4); } else { char h1[TMPSSIZE]; char h2[TMPSSIZE]; char dumc; int r2; r2=sscanf(tmps4,"%[0-9.]%c%[0-9]",h1,&dumc,h2); if (r2!=3) { msgtouser(unum,"Invalid subnetmask."); return; } snet=parseipv4(h1); smask=strtoul(h2,NULL,10); if (smask>32) { msgtouser(unum,"Invalid subnetmask."); return; } } expires=durationtolong(tmps5); if (expires<1) { msgtouser(unum,"Invalid duration."); return; } expires+=getnettime(); td=(trustdeny *)deniedtrusts.content; for (i=0;i<deniedtrusts.cursi;i++) { if ((td[i].v4net==snet) && (td[i].v4mask=smask)) { longtoduration(tmps2,getnettime()-td[i].created); longtoduration(tmps3,td[i].expires-getnettime()); msgtouser(unum,"a trustdeny for that hostmask already exists - replacing values"); newmsgtouser(unum,"Old one was created by %s %s ago, expiring in %s and mode %s", td[i].creator,tmps2,tmps3,(td[i].type==TRUSTDENY_WARN) ? "WARN" : "DENY"); getauthedas(tmps2,unum); mystrncpy(td[i].creator,tmps2,AUTHUSERLEN); mystrncpy(td[i].reason,tmps6,RNGREAS); td[i].expires=expires; td[i].created=getnettime(); td[i].type=res; msgtouser(unum,"Done."); return; } } /* Not existing yet - allocate new entry */ i=array_getfreeslot(&deniedtrusts); td=(trustdeny *)deniedtrusts.content; getauthedas(tmps2,unum); mystrncpy(td[i].creator,tmps2,AUTHUSERLEN); mystrncpy(td[i].reason,tmps6,RNGREAS); td[i].expires=expires; td[i].created=getnettime(); td[i].v4net=snet; td[i].v4mask=smask; td[i].type=res; recreateimpsntrusts(); msgtouser(unum,"Done."); }