1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 20:13:12 +02:00

Add ASN as extended server ban, mask item, secgroup. Eg: GLINE ~asn:64496 0 Bye!

This also automatically adds it as a security group and mask item:

ban user {
        mask { asn 64496; }
        reason "Testing ASN ban";
}

And yeah, it is a normal extban too (in +b and +I). Users usually
don't know the AS Number of other users, though, unless you change
the default configuration (at the cost of privacy).

Updated release notes a bit... more will follow.
This commit is contained in:
Bram Matthys
2024-07-12 10:58:25 +02:00
parent f33a0d2c1b
commit 0844f7243f
5 changed files with 160 additions and 1 deletions
+14
View File
@@ -11,6 +11,20 @@ in progress and may not always be a stable version.
[Mask item](https://www.unrealircd.org/docs/Mask_item).
This means you can use all the power of mask items and security groups and
multiple matching criteria.
* The GeoIP module now contains info about
[Autonomous system numbers](https://en.wikipedia.org/wiki/Autonomous_system_(Internet))
and this is exposed in:
* [Extended server ban](https://www.unrealircd.org/docs/Extended_server_bans)
so you can do things like `GLINE ~asn:64496 0 This ISP is banned`.
* In security groups and Mask items so you can do like:
```
ban user {
mask { asn { 64496; 64497; 64498; } }
reason "Your ISP is banned.";
}
```
* It is shown in the user connecting notice, WHOIS (for IRCOps) and
expanded in JSON data such as JSON Logging and JSON-RPC.
* New option [set::tls::certificate-expiry-notification](https://www.unrealircd.org/docs/Set_block#set::tls::certificate-expiry-notification):
since UnrealIRCd 5.0.8 we warn if a SSL/TLS certificate is (nearly) expired.
This new option allows turning it off, it is (still) on by default.
+1
View File
@@ -221,6 +221,7 @@ loadmodule "extbans/securitygroup"; /* +b ~security-group (old ~G mode, security
loadmodule "extbans/country"; /* +b ~country (country/geoip) */
loadmodule "extbans/msgbypass"; /* +e ~msgbypass (old ~m mode, bypass message restrictions) */
loadmodule "extbans/flood"; /* +e ~flood (flood exemption for chanmode +f/+F) */
loadmodule "extbans/asn"; /* +b ~asn (country/asn) */
/*** IRCv3 extensions ***/
+1 -1
View File
@@ -35,7 +35,7 @@ R_MODULES= \
join.so quiet.so nickchange.so inchannel.so realname.so \
account.so operclass.so certfp.so textban.so msgbypass.so \
timedban.so partmsg.so securitygroup.so \
country.so flood.so
country.so asn.so flood.so
MODULES=$(R_MODULES)
MODULEFLAGS=@MODULEFLAGS@
+143
View File
@@ -0,0 +1,143 @@
/*
* Extended ban to ban/exempt by asn/geoip info (+b ~asn:64496)
* (C) Copyright 2024 The UnrealIRCd Team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "unrealircd.h"
ModuleHeader MOD_HEADER
= {
"extbans/asn",
"6.0",
"ExtBan ~asn - Ban/exempt by ASN (geoip)",
"UnrealIRCd Team",
"unrealircd-6",
};
/* Forward declarations */
int extban_asn_is_ok(BanContext *b);
const char *extban_asn_conv_param(BanContext *b, Extban *extban);
int extban_asn_is_banned(BanContext *b);
Extban *register_asn_extban(ModuleInfo *modinfo)
{
ExtbanInfo req;
memset(&req, 0, sizeof(req));
req.letter = 'A';
req.name = "asn";
req.is_ok = extban_asn_is_ok;
req.conv_param = extban_asn_conv_param;
req.is_banned = extban_asn_is_banned;
req.is_banned_events = BANCHK_ALL|BANCHK_TKL;
req.options = EXTBOPT_INVEX|EXTBOPT_TKL;
return ExtbanAdd(modinfo->handle, req);
}
/* Called upon module test */
MOD_TEST()
{
if (!register_asn_extban(modinfo))
{
config_error("could not register extended ban type");
return MOD_FAILED;
}
return MOD_SUCCESS;
}
/* Called upon module init */
MOD_INIT()
{
if (!register_asn_extban(modinfo))
{
config_error("could not register extended ban type");
return MOD_FAILED;
}
MARK_AS_OFFICIAL_MODULE(modinfo);
return MOD_SUCCESS;
}
/* Called upon module load */
MOD_LOAD()
{
return MOD_SUCCESS;
}
/* Called upon unload */
MOD_UNLOAD()
{
return MOD_SUCCESS;
}
int extban_asn_usage(Client *client)
{
sendnotice(client, "ERROR: ExtBan ~asn expects the AS number (all digits). "
"For example: +b ~asn:64496");
return EX_DENY;
}
int extban_asn_is_ok(BanContext *b)
{
if (b->is_ok_check == EXCHK_PARAM)
{
const char *p;
if (!strcmp(b->banstr, "*"))
return EX_ALLOW;
if (!*b->banstr)
return extban_asn_usage(b->client);
for (p = b->banstr; *p; p++)
if (!isdigit(*p))
return extban_asn_usage(b->client);
return EX_ALLOW;
}
return EX_ALLOW;
}
/* Obtain targeted asn from the ban string */
const char *extban_asn_conv_param(BanContext *b, Extban *extban)
{
static char retbuf[32];
unsigned int asn;
char *p=NULL;
if (!isdigit(b->banstr[0]))
return NULL;
asn = strtoul(b->banstr, &p, 10);
if (!BadPtr(p))
return NULL; /* contains invalid characters */
snprintf(retbuf, sizeof(retbuf), "%u", asn);
return retbuf;
}
int extban_asn_is_banned(BanContext *b)
{
unsigned int banned_asn = strtoul(b->banstr, NULL, 10);
GeoIPResult *geo = geoip_client(b->client);
if (geo)
return banned_asn == geo->asn;
return banned_asn == 0; /* ASN 0 is for unknown */
}
+1
View File
@@ -961,6 +961,7 @@ void free_geoip_result(GeoIPResult *r)
return;
safe_free(r->country_code);
safe_free(r->country_name);
safe_free(r->asname);
safe_free(r);
}