From: Martin Johansson Date: Sun, 7 Dec 2014 13:19:10 +0000 (+0100) Subject: Merge pull request #49 from fmorgner/master X-Git-Url: http://git.code-monkey.de/?a=commitdiff_plain;h=d3b46bdd65307efa15cef4a7e97e4e19cdf0efad;hp=f66c0c3d630aaff1c4d589bc4d884067f00b6529;p=umurmur.git Merge pull request #49 from fmorgner/master Fix banning --- diff --git a/src/ban.c b/src/ban.c index 3c7c4ff..c8b8688 100644 --- a/src/ban.c +++ b/src/ban.c @@ -8,7 +8,7 @@ are met: - Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + this list of conditions and the following disclaimer. - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -27,10 +27,11 @@ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ + */ #include #include +#include #include "log.h" #include "list.h" #include "ban.h" @@ -69,24 +70,18 @@ void Ban_UserBan(client_t *client, char *reason) ban_t *ban; char hexhash[41]; - ban = malloc(sizeof(ban_t)); + ban = calloc(1, sizeof(ban_t)); if (ban == NULL) Log_fatal("Out of memory"); - memset(ban, 0, sizeof(ban_t)); memcpy(ban->hash, client->hash, 20); - if (client->remote_tcp.ss_family == AF_INET) { - memcpy(&ban->address, &(((struct sockaddr_in*)&client->remote_tcp)->sin_addr), sizeof(in_addr_t)); - ban->mask = sizeof(in_addr_t); - } else { - memcpy(&ban->address, &(((struct sockaddr_in6*)&client->remote_tcp)->sin6_addr), 4 * sizeof(in_addr_t)); - ban->mask = 4 * sizeof(in_addr_t); - } + + ban->address = client->remote_tcp; + ban->mask = (ban->address.ss_family == AF_INET) ? 32 : 128; ban->reason = strdup(reason); ban->name = strdup(client->username); ban->time = time(NULL); ban->duration = ban_duration; - Timer_init(&ban->startTime); list_add_tail(&ban->node, &banlist); bancount++; banlist_changed = true; @@ -104,20 +99,17 @@ void Ban_pruneBanned() { struct dlist *itr; ban_t *ban; - char hexhash[41]; - uint64_t bantime_long; list_iterate(itr, &banlist) { ban = list_get_entry(itr, ban_t, node); - bantime_long = ban->duration * 1000000LL; #ifdef DEBUG SSLi_hash2hex(ban->hash, hexhash); Log_debug("BL: User %s Reason: '%s' Hash: %s IP: %s Time left: %d", - ban->name, ban->reason, hexhash, inet_ntoa(*((struct in_addr *)&ban->address)), - bantime_long / 1000000LL - Timer_elapsed(&ban->startTime) / 1000000LL); + ban->name, ban->reason, hexhash, Util_addressToString(&ban->address)), + ban->time + ban->duration - time(NULL)); #endif /* Duration of 0 = forever */ - if (ban->duration != 0 && Timer_isElapsed(&ban->startTime, bantime_long)) { + if (ban->duration != 0 && ban->time + ban->duration - time(NULL) <= 0) { free(ban->name); free(ban->reason); list_del(&ban->node); @@ -147,20 +139,38 @@ bool_t Ban_isBannedAddr(struct sockaddr_storage *address) { struct dlist *itr; ban_t *ban; - in_addr_t tempaddr1, tempaddr2; list_iterate(itr, &banlist) { ban = list_get_entry(itr, ban_t, node); - - if(ban->mask == sizeof(in_addr_t)) { - if(memcmp(ban->address, &((struct sockaddr_in *)address)->sin_addr, ban->mask) == 0) - return true; - } - else { - if(memcmp(ban->address, &((struct sockaddr_in6 *)address)->sin6_addr, ban->mask) == 0) - return true; + if (ban->address.ss_family == address->ss_family) { + if (address->ss_family == AF_INET) { + uint32_t a1, a2, mask; + mask = (ban->mask == 32) ? UINT32_MAX : (1u << ban->mask) - 1; + a1 = (uint32_t)((struct sockaddr_in *)&ban->address)->sin_addr.s_addr & mask; + a2 = (uint32_t)((struct sockaddr_in *)address)->sin_addr.s_addr & mask; + if (a1 == a2) + return true; + } else { + uint64_t mask[2]; + uint64_t *a1 = (uint64_t *) &((struct sockaddr_in6 *)&ban->address)->sin6_addr.s6_addr; + uint64_t *a2 = (uint64_t *) &((struct sockaddr_in6 *)address)->sin6_addr.s6_addr; + + if (ban->mask == 128) + mask[0] = mask[1] = 0xffffffffffffffffULL; + else if (ban->mask > 64) { + mask[0] = 0xffffffffffffffffULL; + mask[1] = SWAPPED(~((1ULL << (128 - ban->mask)) - 1)); + } else { + mask[0] = SWAPPED(~((1ULL << (64 - ban->mask)) - 1)); + mask[1] = 0ULL; + } + if ((a1[0] & mask[0]) == (a2[0] & mask[0]) && + (a1[1] & mask[1]) == (a2[1] & mask[1])) + return true; + } } } + return false; } @@ -184,14 +194,19 @@ message_t *Ban_getBanList(void) list_iterate(itr, &banlist) { ban = list_get_entry(itr, ban_t, node); gmtime_r(&ban->time, ×pec); - strftime(timestr, 32, "%Y-%m-%dT%H:%M:%S", ×pec); + strftime(timestr, 32, "%Y-%m-%dT%H:%M:%SZ", ×pec); SSLi_hash2hex(ban->hash, hexhash); - /* ipv4 representation as ipv6 address. */ memset(address, 0, 16); - memcpy(&address[12], &ban->address, 4); - memset(&address[10], 0xff, 2); /* IPv4 */ - Msg_banList_addEntry(msg, i++, address, ban->mask, ban->name, - hexhash, ban->reason, timestr, ban->duration); + + if(ban->address.ss_family == AF_INET) { + memcpy(&address[12], &((struct sockaddr_in *)&ban->address)->sin_addr, 4); + memset(&address[10], 0xff, 2); + Msg_banList_addEntry(msg, i++, address, ban->mask + 96, ban->name, hexhash, ban->reason, timestr, ban->duration); + } else { + memcpy(&address, &((struct sockaddr_in6 *)&ban->address)->sin6_addr, 16); + Msg_banList_addEntry(msg, i++, address, ban->mask, ban->name, hexhash, ban->reason, timestr, ban->duration); + } + } return msg; } @@ -218,21 +233,48 @@ void Ban_putBanList(message_t *msg, int n_bans) char *hexhash, *name, *reason, *start; uint32_t duration, mask; uint8_t *address; + char mappedBytes[12] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff}; + char *tz; for (i = 0; i < n_bans; i++) { Msg_banList_getEntry(msg, i, &address, &mask, &name, &hexhash, &reason, &start, &duration); ban = malloc(sizeof(ban_t)); if (ban == NULL) Log_fatal("Out of memory"); - memset(ban, 0, sizeof(ban_t)); SSLi_hex2hash(hexhash, ban->hash); - memcpy(&ban->address, &address[12], 4); + + if(memcmp(address, mappedBytes, 12) == 0) { + memcpy(&((struct sockaddr_in *)&ban->address)->sin_addr, &address[12], 4); + ban->address.ss_family = AF_INET; + if (mask > 32) { + mask = 32; + } + } else { + memcpy(&((struct sockaddr_in6 *)&ban->address)->sin6_addr, address, 16); + ban->address.ss_family = AF_INET6; + } + ban->mask = mask; ban->reason = strdup(reason); ban->name = strdup(name); + + /* + * Parse the timestring. We need to set TZ to UTC so that mktime() knows that the info in + * struct tm indeed is given in UTC. Otherwise it will use the current locale. There's + * apparently no other way to do this... + */ + memset(×pec, 0, sizeof(struct tm)); strptime(start, "%Y-%m-%dT%H:%M:%S", ×pec); + tz = getenv("TZ"); + setenv("TZ", "UTC", 1); + tzset(); ban->time = mktime(×pec); - ban->startTime = ban->time * 1000000LL; + if (tz) + setenv("TZ", tz, 1); + else + unsetenv("TZ"); + tzset(); + ban->duration = duration; list_add_tail(&ban->node, &banlist); bancount++; @@ -259,8 +301,8 @@ static void Ban_saveBanFile(void) list_iterate(itr, &banlist) { ban = list_get_entry(itr, ban_t, node); SSLi_hash2hex(ban->hash, hexhash); - fprintf(file, "%s,%s,%d,%ld,%d,%s,%s\n", hexhash, inet_ntoa(*((struct in_addr *)&ban->address)), - ban->mask, (long int)ban->time, ban->duration, ban->name, ban->reason); + + fprintf(file, "%s,%s,%d,%ld,%d,%s,%s\n", hexhash, Util_addressToString(&ban->address),ban->mask, (long int)ban->time, ban->duration, ban->name, ban->reason); } fclose(file); banlist_changed = false; @@ -269,7 +311,6 @@ static void Ban_saveBanFile(void) static void Ban_readBanFile(void) { - struct dlist *itr; ban_t *ban; char line[1024], *hexhash, *address, *name, *reason; uint32_t mask, duration; @@ -309,7 +350,15 @@ static void Ban_readBanFile(void) Log_fatal("Out of memory"); memset(ban, 0, sizeof(ban_t)); SSLi_hex2hash(hexhash, ban->hash); - inet_aton(address, (struct in_addr *)&ban->address); + if (inet_pton(AF_INET, address, &ban->address) == 0) { + if (inet_pton(AF_INET6, address, &ban->address) == 0) { + Log_warn("Address \"%s\" is illegal!", address); + } else { + ban->address.ss_family = AF_INET6; + } + } else { + ban->address.ss_family = AF_INET; + } ban->name = strdup(name); ban->reason = strdup(reason); if (ban->name == NULL || ban->reason == NULL) @@ -317,7 +366,6 @@ static void Ban_readBanFile(void) ban->time = time; ban->duration = duration; ban->mask = mask; - ban->startTime = ban->time * 1000000LL; list_add_tail(&ban->node, &banlist); bancount++; Log_debug("Banfile: H = '%s' A = '%s' M = %d U = '%s' R = '%s'", hexhash, address, ban->mask, ban->name, ban->reason); diff --git a/src/ban.h b/src/ban.h index dccf26f..3390b83 100644 --- a/src/ban.h +++ b/src/ban.h @@ -38,13 +38,12 @@ typedef struct { uint8_t hash[20]; - uint8_t address[16]; + struct sockaddr_storage address; uint32_t mask; char *reason; char *name; time_t time; uint32_t duration; - etimer_t startTime; struct dlist node; } ban_t; diff --git a/src/messages.c b/src/messages.c index d621d4e..704f20d 100644 --- a/src/messages.c +++ b/src/messages.c @@ -427,7 +427,8 @@ void Msg_banList_addEntry(message_t *msg, int index, uint8_t *address, uint32_t entry->duration = duration; entry->has_duration = true; } - Log_debug("Msg_banList_addEntry: %s %s %s %s %s", entry->name, entry->hash, entry->address.data, entry->reason, entry->start); + Log_debug("Msg_banList_addEntry: %s %s %s %s %s", + entry->name, entry->hash, entry->address.data, entry->reason, entry->start); } void Msg_banList_getEntry(message_t *msg, int index, uint8_t **address, uint32_t *mask, diff --git a/src/server.c b/src/server.c index 09e05dd..836621a 100644 --- a/src/server.c +++ b/src/server.c @@ -171,8 +171,8 @@ void Server_runLoop(struct pollfd* pollfds) /* Check for new connection */ for (i = 0; i < nofServerSocks / 2; i++) { if (pollfds[i].revents) { - static int tcpfd; - static uint32_t addrlen = sizeof(struct sockaddr_storage); + int tcpfd; + uint32_t addrlen = sizeof(struct sockaddr_storage); tcpfd = accept(pollfds[i].fd, (struct sockaddr *)&remote, &addrlen); fcntl(tcpfd, F_SETFL, O_NONBLOCK); setsockopt(tcpfd, IPPROTO_TCP, TCP_NODELAY, (char *) &on, sizeof(int)); diff --git a/src/util.c b/src/util.c index 74af117..29792e4 100644 --- a/src/util.c +++ b/src/util.c @@ -71,3 +71,4 @@ int Util_clientAddressToPortUDP(client_t *client) { return Util_addressToPort(&client->remote_udp); } +