BOOL CSecurity::IsDenied(const CQuerySearch* pQuery, const CString& strContent) { const DWORD tNow = static_cast< DWORD >( time( NULL ) ); CQuickLock oLock( m_pSection ); for ( POSITION pos = GetIterator() ; pos ; ) { POSITION posLast = pos; CSecureRule* pRule = GetNext( pos ); if ( pRule->IsExpired( tNow ) ) { m_pRules.RemoveAt( posLast ); delete pRule; } else if ( pRule->Match( pQuery, strContent ) ) { pRule->m_nToday ++; pRule->m_nEver ++; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } return m_bDenyPolicy; }
void CSecurity::Expire() { CQuickLock oLock( m_pSection ); const DWORD tNow = static_cast< DWORD >( time( NULL ) ); for ( POSITION pos = m_Complains.GetStartPosition() ; pos ; ) { DWORD pAddress; CComplain* pComplain; m_Complains.GetNextAssoc( pos, pAddress, pComplain ); if ( pComplain->m_nExpire < tNow ) { m_Complains.RemoveKey( pAddress ); delete pComplain; } } for ( POSITION pos = GetIterator() ; pos ; ) { POSITION posLast = pos; CSecureRule* pRule = GetNext( pos ); if ( pRule->IsExpired( tNow ) ) { m_pRules.RemoveAt( posLast ); delete pRule; } } }
BOOL CSecurity::IsDenied(const IN_ADDR* pAddress) { if ( m_Cache.count( *(DWORD*)pAddress ) ) return m_bDenyPolicy; //theApp.Message( MSG_DEBUG, _T("Skipped Repeat IP Security Check (%i Cached)"), m_Cache.size() ); if ( BYTE nIndex = GetAddressMap( *(DWORD*)pAddress ) ) { if ( CSecureRule* pRule = m_pRuleIndexMap[ nIndex ] ) { pRule->m_nToday ++; pRule->m_nEver ++; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } const DWORD tNow = static_cast< DWORD >( time( NULL ) ); { CQuickLock oLock( m_pSection ); for ( POSITION pos = GetIterator() ; pos ; ) { POSITION posLast = pos; CSecureRule* pRule = GetNext( pos ); if ( pRule->IsExpired( tNow ) ) { m_pRules.RemoveAt( posLast ); delete pRule; continue; } if ( pRule->Match( pAddress ) ) { pRule->m_nToday ++; pRule->m_nEver ++; // Add 5 min penalty for early access if ( pRule->m_nExpire > CSecureRule::srSession && pRule->m_nExpire < tNow + 300 ) pRule->m_nExpire = tNow + 300; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } } m_Cache.insert( *(DWORD*)pAddress ); // Skip future lookups return m_bDenyPolicy; }
void CSecurity::Ban(const CPeerProjectFile* pFile, int nBanLength, BOOL bMessage) { CQuickLock oLock( m_pSection ); const DWORD tNow = static_cast< DWORD >( time( NULL ) ); for ( POSITION pos = GetIterator() ; pos ; ) { POSITION posCurrent = pos; CSecureRule* pRule = GetNext( pos ); if ( pRule->IsExpired( tNow ) ) { m_pRules.RemoveAt( posCurrent ); delete pRule; continue; } if ( pRule->Match( pFile ) ) // Non-regexp name, hash, or size:ext:0000 { if ( pRule->m_nAction == CSecureRule::srDeny ) { if ( nBanLength == banWeek && ( pRule->m_nExpire < tNow + 604000 ) ) pRule->m_nExpire = tNow + 604800; else if ( nBanLength == banCustom && ( pRule->m_nExpire < tNow + Settings.Security.DefaultBan + 3600 ) ) pRule->m_nExpire = tNow + Settings.Security.DefaultBan + 3600; else if ( nBanLength == banForever && ( pRule->m_nExpire != CSecureRule::srIndefinite ) ) pRule->m_nExpire = CSecureRule::srIndefinite; return; } } } CSecureRule* pRule = NewBanRule( nBanLength ); if ( pFile->m_oSHA1 || pFile->m_oTiger || pFile->m_oED2K || pFile->m_oBTH || pFile->m_oMD5 ) { pRule->m_nType = CSecureRule::srContentHash; pRule->SetContentWords( ( pFile->m_oSHA1 ? pFile->m_oSHA1.toUrn() + _T(" ") : CString() ) + ( pFile->m_oTiger ? pFile->m_oTiger.toUrn() + _T(" ") : CString() ) + ( pFile->m_oED2K ? pFile->m_oED2K.toUrn() + _T(" ") : CString() ) + ( pFile->m_oMD5 ? pFile->m_oMD5.toUrn() + _T(" ") : CString() ) + ( pFile->m_oBTH ? pFile->m_oBTH.toUrn() : CString() ) ); } Add( pRule ); if ( bMessage && pFile ) theApp.Message( MSG_NOTICE, IDS_NETWORK_SECURITY_BLOCKED, (LPCTSTR)pFile->m_sName ); }
BOOL CSecurity::IsDenied(LPCTSTR pszContent) { if ( CString(pszContent).GetLength() > 30 && StartsWith( pszContent, _PT("urn:") ) ) { if ( BYTE nIndex = GetHashMap( pszContent ) ) { if ( CSecureRule* pRule = GetRuleByIndex( nIndex ) ) { pRule->m_nToday ++; pRule->m_nEver ++; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } return m_bDenyPolicy; } const DWORD tNow = static_cast< DWORD >( time( NULL ) ); CQuickLock oLock( m_pSection ); for ( POSITION pos = GetIterator() ; pos ; ) { POSITION posLast = pos; CSecureRule* pRule = GetNext( pos ); if ( pRule->IsExpired( tNow ) ) { m_pRules.RemoveAt( posLast ); delete pRule; } else if ( pRule->Match( pszContent ) ) { pRule->m_nToday ++; pRule->m_nEver ++; // Add 5 min penalty for early access if ( pRule->m_nExpire > CSecureRule::srSession && pRule->m_nExpire < tNow + 300 ) pRule->m_nExpire = tNow + 300; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } return m_bDenyPolicy; }
void CSecurity::Ban(const IN_ADDR* pAddress, int nBanLength, BOOL bMessage, LPCTSTR szComment) { CQuickLock oLock( m_pSection ); const DWORD tNow = static_cast< DWORD >( time( NULL ) ); for ( POSITION pos = GetIterator() ; pos ; ) { POSITION posCurrent = pos; CSecureRule* pRule = GetNext( pos ); if ( pRule->IsExpired( tNow ) ) { m_pRules.RemoveAt( posCurrent ); delete pRule; continue; } if ( pRule->Match( pAddress ) && pRule->m_nAction == CSecureRule::srDeny ) { if ( nBanLength == banWeek && ( pRule->m_nExpire < tNow + 604000 ) ) pRule->m_nExpire = tNow + 604800; else if ( nBanLength == banCustom && ( pRule->m_nExpire < tNow + Settings.Security.DefaultBan + 3600 ) ) pRule->m_nExpire = tNow + Settings.Security.DefaultBan + 3600; else if ( nBanLength == banForever && ( pRule->m_nExpire != CSecureRule::srIndefinite ) ) pRule->m_nExpire = CSecureRule::srIndefinite; else if ( bMessage && pAddress ) theApp.Message( MSG_NOTICE, IDS_NETWORK_SECURITY_ALREADY_BLOCKED, (LPCTSTR)CString( inet_ntoa( *pAddress ) ) ); return; } } CSecureRule* pRule = NewBanRule( nBanLength, szComment ); pRule->m_nType = CSecureRule::srAddress; CopyMemory( pRule->m_nIP, pAddress, sizeof pRule->m_nIP ); Add( pRule ); if ( bMessage ) theApp.Message( MSG_NOTICE, IDS_NETWORK_SECURITY_BLOCKED, (LPCTSTR)CString( inet_ntoa( *pAddress ) ) ); }
void CSecurity::Serialize(CArchive& ar) { int nVersion = SECURITY_SER_VERSION; if ( ar.IsStoring() ) { ar << nVersion; ar << m_bDenyPolicy; ar.WriteCount( GetCount() ); for ( POSITION pos = GetIterator() ; pos ; ) { GetNext( pos )->Serialize( ar, nVersion ); } // Unimplemented //for ( CAddressRuleMap::const_iterator i = m_pIPRules.begin() ; i != m_pIPRules.end() ; ++i ) //{ // (*i).second->Serialize( ar, nVersion ); //} } else // Loading { Clear(); ar >> nVersion; ar >> m_bDenyPolicy; const DWORD tNow = static_cast< DWORD >( time( NULL ) ); for ( DWORD_PTR nCount = ar.ReadCount() ; nCount > 0 ; nCount-- ) { CSecureRule* pRule = new CSecureRule( FALSE ); pRule->Serialize( ar, nVersion ); if ( pRule->IsExpired( tNow, TRUE ) ) { delete pRule; continue; } // Special handling for single-IP security rules if ( pRule->m_nType == CSecureRule::srAddress && pRule->m_nAction == CSecureRule::srDeny && *(DWORD*)pRule->m_nMask == 0xffffffff ) { SetAddressMap( *(DWORD*)pRule->m_nIP, SetRuleIndex( pRule ) ); continue; } if ( pRule->m_nType == CSecureRule::srContentHash && pRule->m_nAction == CSecureRule::srDeny ) { SetHashMap( pRule->GetContentWords(), SetRuleIndex( pRule ) ); continue; } if ( pRule->m_nType == CSecureRule::srExternal ) ListLoader.AddList( pRule ); m_pRules.AddTail( pRule ); } } }
BOOL CSecurity::IsDenied(const CPeerProjectFile* pFile) { if ( pFile->m_oSHA1 && ! m_HashMap[urnSHA].empty() ) if ( BYTE nIndex = GetHashMap( pFile->m_oSHA1.toUrn() ) ) { if ( CSecureRule* pRule = GetRuleByIndex( nIndex ) ) { pRule->m_nToday ++; pRule->m_nEver ++; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } if ( pFile->m_oTiger && ! m_HashMap[urnTiger].empty() ) if ( BYTE nIndex = GetHashMap( pFile->m_oTiger.toUrn() ) ) { if ( CSecureRule* pRule = GetRuleByIndex( nIndex ) ) { pRule->m_nToday ++; pRule->m_nEver ++; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } if ( pFile->m_oED2K && ! m_HashMap[urnED2K].empty() ) if ( BYTE nIndex = GetHashMap( pFile->m_oED2K.toUrn() ) ) { if ( CSecureRule* pRule = GetRuleByIndex( nIndex ) ) { pRule->m_nToday ++; pRule->m_nEver ++; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } if ( pFile->m_oBTH && ! m_HashMap[urnBTH].empty() ) if ( BYTE nIndex = GetHashMap( pFile->m_oBTH.toUrn() ) ) { if ( CSecureRule* pRule = GetRuleByIndex( nIndex ) ) { pRule->m_nToday ++; pRule->m_nEver ++; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } if ( pFile->m_oMD5 && ! m_HashMap[urnMD5].empty() ) if ( BYTE nIndex = GetHashMap( pFile->m_oMD5.toUrn() ) ) { if ( CSecureRule* pRule = GetRuleByIndex( nIndex ) ) { pRule->m_nToday ++; pRule->m_nEver ++; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } const DWORD tNow = static_cast< DWORD >( time( NULL ) ); CQuickLock oLock( m_pSection ); for ( POSITION pos = GetIterator() ; pos ; ) { POSITION posLast = pos; CSecureRule* pRule = GetNext( pos ); if ( pRule->IsExpired( tNow ) ) { m_pRules.RemoveAt( posLast ); delete pRule; } else if ( pRule->Match( pFile ) ) // Non-regexp name, hash, or size:ext:0000 { pRule->m_nToday ++; pRule->m_nEver ++; // Add 5 min penalty for early access if ( pRule->m_nExpire > CSecureRule::srSession && pRule->m_nExpire < tNow + 300 ) pRule->m_nExpire = tNow + 300; if ( pRule->m_nAction == CSecureRule::srDeny ) return TRUE; if ( pRule->m_nAction == CSecureRule::srAccept ) return FALSE; } } return m_bDenyPolicy; }