1 /* Copyright (C) 2009-2014, Martin Johansson <martin@fatbob.nu>
2 Copyright (C) 2005-2014, Thorvald Natvig <thorvald@natvig.com>
6 Redistribution and use in source and binary forms, with or without
7 modification, are permitted provided that the following conditions
10 - Redistributions of source code must retain the above copyright notice,
11 this list of conditions and the following disclaimer.
12 - Redistributions in binary form must reproduce the above copyright notice,
13 this list of conditions and the following disclaimer in the documentation
14 and/or other materials provided with the distribution.
15 - Neither the name of the Developers nor the names of its contributors may
16 be used to endorse or promote products derived from this software without
17 specific prior written permission.
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
23 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
27 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
29 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42 static void Ban_saveBanFile(void);
43 static void Ban_readBanFile(void);
46 declare_list(banlist);
47 static int bancount; /* = 0 */
48 static int ban_duration;
49 static bool_t banlist_changed;
53 ban_duration = getIntConf(BAN_LENGTH);
54 /* Read ban file here */
55 if (getStrConf(BANFILE) != NULL)
62 if (getStrConf(BANFILE) != NULL)
68 void Ban_UserBan(client_t *client, char *reason)
73 ban = calloc(1, sizeof(ban_t));
75 Log_fatal("Out of memory");
77 memcpy(ban->hash, client->hash, 20);
79 ban->address = client->remote_tcp;
80 ban->mask = (ban->address.ss_family == AF_INET) ? 32 : 128;
81 ban->reason = strdup(reason);
82 ban->name = strdup(client->username);
83 ban->time = time(NULL);
84 ban->duration = ban_duration;
85 list_add_tail(&ban->node, &banlist);
87 banlist_changed = true;
88 if(getBoolConf(SYNC_BANFILE))
91 SSLi_hash2hex(ban->hash, hexhash);
93 Log_info_client(client, "User kickbanned. Reason: '%s' Hash: %s IP: %s Banned for: %d seconds",
94 ban->reason, hexhash, Util_clientAddressToString(client), ban->duration);
98 void Ban_pruneBanned()
103 list_iterate(itr, &banlist) {
104 ban = list_get_entry(itr, ban_t, node);
106 SSLi_hash2hex(ban->hash, hexhash);
107 Log_debug("BL: User %s Reason: '%s' Hash: %s IP: %s Time left: %d",
108 ban->name, ban->reason, hexhash, Util_addressToString(&ban->address)),
109 ban->time + ban->duration - time(NULL));
111 /* Duration of 0 = forever */
112 if (ban->duration != 0 && ban->time + ban->duration - time(NULL) <= 0) {
115 list_del(&ban->node);
118 banlist_changed = true;
119 if(getBoolConf(SYNC_BANFILE))
125 bool_t Ban_isBanned(client_t *client)
129 list_iterate(itr, &banlist) {
130 ban = list_get_entry(itr, ban_t, node);
131 if (memcmp(ban->hash, client->hash, 20) == 0)
138 bool_t Ban_isBannedAddr(struct sockaddr_storage *address)
143 list_iterate(itr, &banlist) {
144 ban = list_get_entry(itr, ban_t, node);
145 if (ban->address.ss_family == address->ss_family) {
146 if (address->ss_family == AF_INET) {
147 uint32_t a1, a2, mask = 2 ^ ban->mask;
148 a1 = (uint32_t)((struct sockaddr_in *)&ban->address)->sin_addr.s_addr & mask;
149 a2 = (uint32_t)((struct sockaddr_in *)address)->sin_addr.s_addr & mask;
154 uint64_t *a1 = (uint64_t *) &((struct sockaddr_in6 *)&ban->address)->sin6_addr.s6_addr;
155 uint64_t *a2 = (uint64_t *) &((struct sockaddr_in6 *)address)->sin6_addr.s6_addr;
157 if (ban->mask == 128)
158 mask[0] = mask[1] = 0xffffffffffffffffULL;
159 else if (ban->mask > 64) {
160 mask[0] = 0xffffffffffffffffULL;
161 mask[1] = SWAPPED(~((1ULL << (128 - ban->mask)) - 1));
163 mask[0] = SWAPPED(~((1ULL << (64 - ban->mask)) - 1));
166 if ((a1[0] & mask[0]) == (a2[0] & mask[0]) &&
167 (a1[1] & mask[1]) == (a2[1] & mask[1]))
176 int Ban_getBanCount(void)
181 message_t *Ban_getBanList(void)
192 msg = Msg_banList_create(bancount);
193 list_iterate(itr, &banlist) {
194 ban = list_get_entry(itr, ban_t, node);
195 gmtime_r(&ban->time, ×pec);
196 strftime(timestr, 32, "%Y-%m-%dT%H:%M:%SZ", ×pec);
197 SSLi_hash2hex(ban->hash, hexhash);
198 memset(address, 0, 16);
200 if(ban->address.ss_family == AF_INET) {
201 memcpy(&address[12], &((struct sockaddr_in *)&ban->address)->sin_addr, 4);
202 memset(&address[10], 0xff, 2);
203 Msg_banList_addEntry(msg, i++, address, ban->mask + 96, ban->name, hexhash, ban->reason, timestr, ban->duration);
205 memcpy(&address, &((struct sockaddr_in6 *)&ban->address)->sin6_addr, 16);
206 Msg_banList_addEntry(msg, i++, address, ban->mask, ban->name, hexhash, ban->reason, timestr, ban->duration);
213 void Ban_clearBanList(void)
216 struct dlist *itr, *save;
217 list_iterate_safe(itr, save, &banlist) {
218 ban = list_get_entry(itr, ban_t, node);
221 list_del(&ban->node);
227 void Ban_putBanList(message_t *msg, int n_bans)
232 char *hexhash, *name, *reason, *start;
233 uint32_t duration, mask;
235 char mappedBytes[12] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff};
238 for (i = 0; i < n_bans; i++) {
239 Msg_banList_getEntry(msg, i, &address, &mask, &name, &hexhash, &reason, &start, &duration);
240 ban = malloc(sizeof(ban_t));
242 Log_fatal("Out of memory");
243 SSLi_hex2hash(hexhash, ban->hash);
245 if(memcmp(address, mappedBytes, 12) == 0) {
246 memcpy(&((struct sockaddr_in *)&ban->address)->sin_addr, &address[12], 4);
247 ban->address.ss_family = AF_INET;
252 memcpy(&((struct sockaddr_in6 *)&ban->address)->sin6_addr, address, 16);
253 ban->address.ss_family = AF_INET6;
257 ban->reason = strdup(reason);
258 ban->name = strdup(name);
261 * Parse the timestring. We need to set TZ to UTC so that mktime() knows that the info in
262 * struct tm indeed is given in UTC. Otherwise it will use the current locale. There's
263 * apparently no other way to do this...
265 memset(×pec, 0, sizeof(struct tm));
266 strptime(start, "%Y-%m-%dT%H:%M:%S", ×pec);
268 setenv("TZ", "UTC", 1);
270 ban->time = mktime(×pec);
277 ban->duration = duration;
278 list_add_tail(&ban->node, &banlist);
281 banlist_changed = true;
282 if(getBoolConf(SYNC_BANFILE))
286 static void Ban_saveBanFile(void)
293 if (!banlist_changed)
295 file = fopen(getStrConf(BANFILE), "w");
297 Log_warn("Could not save banlist to file %s: %s", getStrConf(BANFILE), strerror(errno));
300 list_iterate(itr, &banlist) {
301 ban = list_get_entry(itr, ban_t, node);
302 SSLi_hash2hex(ban->hash, hexhash);
304 fprintf(file, "%s,%s,%d,%ld,%d,%s,%s\n", hexhash, Util_addressToString(&ban->address),ban->mask, (long int)ban->time, ban->duration, ban->name, ban->reason);
307 banlist_changed = false;
308 Log_info("Banlist file '%s': %d entries written", getStrConf(BANFILE), bancount);
311 static void Ban_readBanFile(void)
314 char line[1024], *hexhash, *address, *name, *reason;
315 uint32_t mask, duration;
320 file = fopen(getStrConf(BANFILE), "r");
322 Log_warn("Could not read banlist file %s: %s", getStrConf(BANFILE), strerror(errno));
325 while (fgets(line, 1024, file) != NULL) {
326 p = strtok(line, ",");
328 p = strtok(NULL, ",");
329 if (p == NULL) break;
331 p = strtok(NULL, ",");
332 if (p == NULL) break;
333 mask = strtoul(p, NULL, 0);
334 p = strtok(NULL, ",");
335 if (p == NULL) break;
336 time = strtoul(p, NULL, 0);
337 p = strtok(NULL, ",");
338 if (p == NULL) break;
339 duration = strtoul(p, NULL, 0);
340 p = strtok(NULL, ",");
341 if (p == NULL) break;
343 p = strtok(NULL, "\n");
344 if (p == NULL) break;
347 ban = malloc(sizeof(ban_t));
349 Log_fatal("Out of memory");
350 memset(ban, 0, sizeof(ban_t));
351 SSLi_hex2hash(hexhash, ban->hash);
352 if (inet_pton(AF_INET, address, &ban->address) == 0) {
353 if (inet_pton(AF_INET6, address, &ban->address) == 0) {
354 Log_warn("Address \"%s\" is illegal!", address);
356 ban->address.ss_family = AF_INET6;
359 ban->address.ss_family = AF_INET;
361 ban->name = strdup(name);
362 ban->reason = strdup(reason);
363 if (ban->name == NULL || ban->reason == NULL)
364 Log_fatal("Out of memory");
366 ban->duration = duration;
368 list_add_tail(&ban->node, &banlist);
370 Log_debug("Banfile: H = '%s' A = '%s' M = %d U = '%s' R = '%s'", hexhash, address, ban->mask, ban->name, ban->reason);
373 Log_info("Banlist file '%s': %d entries read", getStrConf(BANFILE), bancount);