bool IPBanner::Add(const char * ip, uint32 dur)
{
string sip = string(ip);
string::size_type i = sip.find("/");
if( i == string::npos )
return false;
string stmp = sip.substr(0, i);
string smask = sip.substr(i+1);
unsigned int ipraw = MakeIP(stmp.c_str());
unsigned int ipmask = atoi(smask.c_str());
if( ipraw == 0 || ipmask == 0 )
return false;
IPBan ipb;
ipb.db_ip = sip;
ipb.Bytes = ipmask;
ipb.Mask = ipraw;
listBusy.Acquire();
banList.push_back(ipb);
listBusy.Release();
return true;
}
void IPBanner::Reload()
{
listBusy.Acquire();
banList.clear();
QueryResult* result = sLogonSQL->Query("SELECT ip, expire FROM ipbans");
if(result != NULL)
{
do
{
IPBan ipb;
std::string smask = "32";
std::string ip = result->Fetch()[0].GetString();
std::string::size_type i = ip.find("/");
std::string stmp = ip.substr(0, i);
if(i == std::string::npos)
{
LOG_DETAIL("IP ban \"%s\" netmask not specified. assuming /32", ip.c_str());
}
else
smask = ip.substr(i + 1);
unsigned int ipraw = MakeIP(stmp.c_str());
unsigned int ipmask = atoi(smask.c_str());
if(ipraw == 0 || ipmask == 0)
{
LOG_ERROR("IP ban \"%s\" could not be parsed. Ignoring", ip.c_str());
continue;
}
ipb.Bytes = static_cast<unsigned char>(ipmask);
ipb.Mask = ipraw;
ipb.Expire = result->Fetch()[1].GetUInt32();
ipb.db_ip = ip;
banList.push_back(ipb);
}
while(result->NextRow());
delete result;
}
listBusy.Release();
}
Curl_addrinfo *Curl_getaddrinfo(struct SessionHandle *data,
char *hostname,
int port,
char **bufp)
{
struct hostent *h = NULL;
in_addr_t in;
int ret; /* this variable is unused on several platforms but used on some */
#define CURL_NAMELOOKUP_SIZE 9000
/* Allocate enough memory to hold the full name information structs and
* everything. OSF1 is known to require at least 8872 bytes. The buffer
* required for storing all possible aliases and IP numbers is according to
* Stevens' Unix Network Programming 2nd editor, p. 304: 8192 bytes! */
int *buf = (int *)malloc(CURL_NAMELOOKUP_SIZE);
if(!buf)
return NULL; /* major failure */
*bufp = (char *)buf;
port=0; /* unused in IPv4 code */
ret = 0; /* to prevent the compiler warning */
if ( (in=inet_addr(hostname)) != INADDR_NONE ) {
struct in_addr *addrentry;
h = (struct hostent*)buf;
h->h_addr_list = (char**)(buf + sizeof(*h));
addrentry = (struct in_addr*)(h->h_addr_list + 2);
addrentry->s_addr = in;
h->h_addr_list[0] = (char*)addrentry;
h->h_addr_list[1] = NULL;
h->h_addrtype = AF_INET;
h->h_length = sizeof(*addrentry);
h->h_name = *(h->h_addr_list) + h->h_length;
/* bad one h->h_name = (char*)(h->h_addr_list + h->h_length); */
MakeIP(ntohl(in),h->h_name, CURL_NAMELOOKUP_SIZE - (long)(h->h_name) + (long)buf);
}
#if defined(HAVE_GETHOSTBYNAME_R)
else {
int h_errnop;
/* Workaround for gethostbyname_r bug in qnx nto. It is also _required_
for some of these functions. */
memset(buf, 0, CURL_NAMELOOKUP_SIZE);
#ifdef HAVE_GETHOSTBYNAME_R_5
/* Solaris, IRIX and more */
if ((h = gethostbyname_r(hostname,
(struct hostent *)buf,
(char *)buf + sizeof(struct hostent),
CURL_NAMELOOKUP_SIZE - sizeof(struct hostent),
&h_errnop)) == NULL )
#endif
#ifdef HAVE_GETHOSTBYNAME_R_6
/* Linux */
if( gethostbyname_r(hostname,
(struct hostent *)buf,
(char *)buf + sizeof(struct hostent),
CURL_NAMELOOKUP_SIZE - sizeof(struct hostent),
&h, /* DIFFERENCE */
&h_errnop))
#endif
#ifdef HAVE_GETHOSTBYNAME_R_3
/* AIX, Digital Unix, HPUX 10, more? */
if(CURL_NAMELOOKUP_SIZE >=
(sizeof(struct hostent)+sizeof(struct hostent_data)))
/* August 22nd, 2000: Albert Chin-A-Young brought an updated version
* that should work! September 20: Richard Prescott worked on the buffer
* size dilemma. */
ret = gethostbyname_r(hostname,
(struct hostent *)buf,
(struct hostent_data *)(buf + sizeof(struct hostent)));
else
ret = -1; /* failure, too smallish buffer size */
/* result expected in h */
h = (struct hostent*)buf;
h_errnop= errno; /* we don't deal with this, but set it anyway */
if(ret)
#endif
{
infof(data, "gethostbyname_r(2) failed for %s\n", hostname);
h = NULL; /* set return code to NULL */
free(buf);
*bufp=NULL;
}
#else
else {
if ((h = gethostbyname(hostname)) == NULL ) {
infof(data, "gethostbyname(2) failed for %s\n", hostname);
free(buf);
*bufp=NULL;
}
else
/* we make a copy of the hostent right now, right here, as the
static one we got a pointer to might get removed when we don't
want/expect that */
h = pack_hostent((char *)buf, h);
#endif
}
return (h);
}
/* The original code to this function was once stolen from the Dancer source
code, written by Bjorn Reese, it has since been patched and modified
considerably. */
static Curl_addrinfo *my_getaddrinfo(struct connectdata *conn,
char *hostname,
int port,
int *waitp)
{
struct hostent *h = NULL;
in_addr_t in;
struct SessionHandle *data = conn->data;
(void)port; /* unused in IPv4 code */
*waitp = 0; /* don't wait, we act synchronously */
in=inet_addr(hostname);
if (in != CURL_INADDR_NONE) {
struct in_addr *addrentry;
struct namebuf {
struct hostent hostentry;
char *h_addr_list[2];
struct in_addr addrentry;
char h_name[128];
} *buf = (struct namebuf *)malloc(sizeof(struct namebuf));
if(!buf)
return NULL; /* major failure */
h = &buf->hostentry;
h->h_addr_list = &buf->h_addr_list[0];
addrentry = &buf->addrentry;
addrentry->s_addr = in;
h->h_addr_list[0] = (char*)addrentry;
h->h_addr_list[1] = NULL;
h->h_addrtype = AF_INET;
h->h_length = sizeof(*addrentry);
h->h_name = &buf->h_name[0];
MakeIP(ntohl(in), (char *)h->h_name, sizeof(buf->h_name));
}
#if defined(HAVE_GETHOSTBYNAME_R)
else {
int h_errnop;
int res=ERANGE;
int step_size=200;
int *buf = (int *)malloc(CURL_NAMELOOKUP_SIZE);
if(!buf)
return NULL; /* major failure */
/* Workaround for gethostbyname_r bug in qnx nto. It is also _required_
for some of these functions. */
memset(buf, 0, CURL_NAMELOOKUP_SIZE);
#ifdef HAVE_GETHOSTBYNAME_R_5
/* Solaris, IRIX and more */
(void)res; /* prevent compiler warning */
while(!h) {
h = gethostbyname_r(hostname,
(struct hostent *)buf,
(char *)buf + sizeof(struct hostent),
step_size - sizeof(struct hostent),
&h_errnop);
/* If the buffer is too small, it returns NULL and sets errno to
ERANGE. The errno is thread safe if this is compiled with
-D_REENTRANT as then the 'errno' variable is a macro defined to
get used properly for threads. */
if(h || (errno != ERANGE))
break;
step_size+=200;
}
#ifdef CURLDEBUG
infof(data, "gethostbyname_r() uses %d bytes\n", step_size);
#endif
if(h) {
int offset;
h=(struct hostent *)realloc(buf, step_size);
offset=(long)h-(long)buf;
hostcache_fixoffset(h, offset);
buf=(int *)h;
}
else
#endif /* HAVE_GETHOSTBYNAME_R_5 */
#ifdef HAVE_GETHOSTBYNAME_R_6
/* Linux */
do {
res=gethostbyname_r(hostname,
(struct hostent *)buf,
(char *)buf + sizeof(struct hostent),
step_size - sizeof(struct hostent),
&h, /* DIFFERENCE */
&h_errnop);
/* Redhat 8, using glibc 2.2.93 changed the behavior. Now all of a
sudden this function returns EAGAIN if the given buffer size is too
small. Previous versions are known to return ERANGE for the same
problem.
This wouldn't be such a big problem if older versions wouldn't
sometimes return EAGAIN on a common failure case. Alas, we can't
assume that EAGAIN *or* ERANGE means ERANGE for any given version of
glibc.
For now, we do that and thus we may call the function repeatedly and
fail for older glibc versions that return EAGAIN, until we run out
of buffer size (step_size grows beyond CURL_NAMELOOKUP_SIZE).
If anyone has a better fix, please tell us!
-------------------------------------------------------------------
On October 23rd 2003, Dan C dug up more details on the mysteries of
gethostbyname_r() in glibc:
In glibc 2.2.5 the interface is different (this has also been
discovered in glibc 2.1.1-6 as shipped by Redhat 6). What I can't
explain, is that tests performed on glibc 2.2.4-34 and 2.2.4-32
(shipped/upgraded by Redhat 7.2) don't show this behavior!
In this "buggy" version, the return code is -1 on error and 'errno'
is set to the ERANGE or EAGAIN code. Note that 'errno' is not a
thread-safe variable.
*/
if(((ERANGE == res) || (EAGAIN == res)) ||
((res<0) && ((ERANGE == errno) || (EAGAIN == errno))))
step_size+=200;
else
break;
} while(step_size <= CURL_NAMELOOKUP_SIZE);
if(!h) /* failure */
res=1;
#ifdef CURLDEBUG
infof(data, "gethostbyname_r() uses %d bytes\n", step_size);
#endif
if(!res) {
int offset;
h=(struct hostent *)realloc(buf, step_size);
offset=(long)h-(long)buf;
hostcache_fixoffset(h, offset);
buf=(int *)h;
}
else
#endif/* HAVE_GETHOSTBYNAME_R_6 */
#ifdef HAVE_GETHOSTBYNAME_R_3
/* AIX, Digital Unix/Tru64, HPUX 10, more? */
/* For AIX 4.3 or later, we don't use gethostbyname_r() at all, because of
the plain fact that it does not return unique full buffers on each
call, but instead several of the pointers in the hostent structs will
point to the same actual data! This have the unfortunate down-side that
our caching system breaks down horribly. Luckily for us though, AIX 4.3
and more recent versions have a completely thread-safe libc where all
the data is stored in thread-specific memory areas making calls to the
plain old gethostbyname() work fine even for multi-threaded programs.
This AIX 4.3 or later detection is all made in the configure script.
Troels Walsted Hansen helped us work this out on March 3rd, 2003. */
if(CURL_NAMELOOKUP_SIZE >=
(sizeof(struct hostent)+sizeof(struct hostent_data))) {
/* August 22nd, 2000: Albert Chin-A-Young brought an updated version
* that should work! September 20: Richard Prescott worked on the buffer
* size dilemma. */
res = gethostbyname_r(hostname,
(struct hostent *)buf,
(struct hostent_data *)((char *)buf +
sizeof(struct hostent)));
h_errnop= errno; /* we don't deal with this, but set it anyway */
}
else
res = -1; /* failure, too smallish buffer size */
if(!res) { /* success */
h = (struct hostent*)buf; /* result expected in h */
/* This is the worst kind of the different gethostbyname_r() interfaces.
Since we don't know how big buffer this particular lookup required,
we can't realloc down the huge alloc without doing closer analysis of
the returned data. Thus, we always use CURL_NAMELOOKUP_SIZE for every
name lookup. Fixing this would require an extra malloc() and then
calling pack_hostent() that subsequent realloc()s down the new memory
area to the actually used amount. */
}
else
#endif /* HAVE_GETHOSTBYNAME_R_3 */
{
infof(data, "gethostbyname_r(2) failed for %s\n", hostname);
h = NULL; /* set return code to NULL */
free(buf);
}
#else /* HAVE_GETHOSTBYNAME_R */
else {
#ifdef USE_THREADING_GETHOSTBYNAME
if (init_gethostbyname_thread(conn,hostname,port)) {
*waitp = TRUE; /* please wait for the response */
return NULL;
}
infof(data, "init_gethostbyname_thread() failed for %s; code %lu\n",
hostname, GetLastError());
#endif
h = gethostbyname(hostname);
if (!h)
infof(data, "gethostbyname(2) failed for %s\n", hostname);
else {
char *buf=(char *)malloc(CURL_NAMELOOKUP_SIZE);
/* we make a copy of the hostent right now, right here, as the static
one we got a pointer to might get removed when we don't want/expect
that */
h = pack_hostent(&buf, h);
}
#endif /*HAVE_GETHOSTBYNAME_R */
}
return h;
}
bool Rehash()
{
#ifdef WIN32
char * config_file = "configs/logon.conf";
#else
char * config_file = (char*)CONFDIR "/logon.conf";
#endif
if(!Config.MainConfig.SetSource(config_file))
{
printf("Config file could not be rehashed.\n");
return false;
}
// re-set the allowed server IP's
string ips = Config.MainConfig.GetStringDefault("LogonServer", "AllowedIPs", "");
string ipsmod = Config.MainConfig.GetStringDefault("LogonServer", "AllowedModIPs", "");
vector<string> vips = StrSplit(ips, " ");
vector<string> vipsmod = StrSplit(ips, " ");
m_allowedIpLock.Acquire();
m_allowedIps.clear();
m_allowedModIps.clear();
vector<string>::iterator itr;
for(itr = vips.begin(); itr != vips.end(); ++itr)
{
string::size_type i = itr->find("/");
if( i == string::npos )
{
printf("IP: %s could not be parsed. Ignoring\n", itr->c_str());
continue;
}
string stmp = itr->substr(0, i);
string smask = itr->substr(i+1);
unsigned int ipraw = MakeIP(stmp.c_str());
unsigned char ipmask = (char)atoi(smask.c_str());
if( ipraw == 0 || ipmask == 0 )
{
printf("IP: %s could not be parsed. Ignoring\n", itr->c_str());
continue;
}
AllowedIP tmp;
tmp.Bytes = ipmask;
tmp.IP = ipraw;
m_allowedIps.push_back(tmp);
}
for(itr = vipsmod.begin(); itr != vipsmod.end(); ++itr)
{
string::size_type i = itr->find("/");
if( i == string::npos )
{
printf("IP: %s could not be parsed. Ignoring\n", itr->c_str());
continue;
}
string stmp = itr->substr(0, i);
string smask = itr->substr(i+1);
unsigned int ipraw = MakeIP(stmp.c_str());
unsigned char ipmask = (char)atoi(smask.c_str());
if( ipraw == 0 || ipmask == 0 )
{
printf("IP: %s could not be parsed. Ignoring\n", itr->c_str());
continue;
}
AllowedIP tmp;
tmp.Bytes = ipmask;
tmp.IP = ipraw;
m_allowedModIps.push_back(tmp);
}
if( InformationCore::getSingletonPtr() != NULL )
sInfoCore.CheckServers();
m_allowedIpLock.Release();
return true;
}
