From 374a7d59507652cfec9f36e9640832ea857d33b8 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Sun, 11 May 2003 21:08:13 +0000 Subject: [PATCH] Added set::ident::connect-timeout and set::ident::read-timeout, updated example.conf: added throttle block. --- Changes | 4 ++++ doc/example.conf | 7 +++++++ doc/unreal32docs.html | 4 ++++ include/dynconf.h | 5 +++++ include/h.h | 1 + src/s_auth.c | 43 ++++++++++++++++++++----------------------- src/s_bsd.c | 35 ++++++++++++++++++++++++----------- src/s_conf.c | 38 ++++++++++++++++++++++++++++++++++++++ 8 files changed, 103 insertions(+), 34 deletions(-) diff --git a/Changes b/Changes index 70f2e05cc..d9b3153b3 100644 --- a/Changes +++ b/Changes @@ -2157,3 +2157,7 @@ seen. gmtime warning still there - IPv6: Fixed unable-to-resolve-bug if both a A/AAAA record and NS/MX/etc records were present for the same hostname, reported by Byte (#0000972). - Updated flags in /version (and greeting), added 'Z' for zip links support, updated tech doc. +- Added set::ident::connect-timeout (default 10s) and set::ident::read-timeout (default 30s) to + have much more control over ident timeouts, this should also fix connection timeout problems + during connecting. +- Updated example.conf (added throttle block). diff --git a/doc/example.conf b/doc/example.conf index a06af2c8d..5a3796925 100644 --- a/doc/example.conf +++ b/doc/example.conf @@ -733,6 +733,13 @@ set { /* This allows you to make certain stats oper only, use * for all stats or leave this out to allow * all users to use any stats. */ oper-only-stats "okG"; + + /* Throttling: this example sets a limit of 3 connections per 60s. */ + throttle { + connections 3; + period 60s; + }; + }; /* diff --git a/doc/unreal32docs.html b/doc/unreal32docs.html index efdc57d43..98f50b30e 100644 --- a/doc/unreal32docs.html +++ b/doc/unreal32docs.html @@ -1727,6 +1727,10 @@ set { times.

set::throttle::connections <amount>;
How many times a user must connect with the same host to be throttled.

+

set::ident::connect-timeout <amount>;
+ Amount of seconds after which to give up connecting to the ident server (default: 10s).

+

set::ident::read-timeout <amount>;
+ Amount of seconds after which to give up waiting for a reply (default: 30s).

set::anti-flood::unknown-flood-bantime <timevalue>;
Specifies how long an unknown connection flooder is banned for.

set::anti-flood::unknown-flood-amount <amount>;
diff --git a/include/dynconf.h b/include/dynconf.h index bd2073d85..dbb11a053 100644 --- a/include/dynconf.h +++ b/include/dynconf.h @@ -105,6 +105,8 @@ struct zConfiguration { unsigned char away_count; long away_period; #endif + int ident_connect_timeout; + int ident_read_timeout; aNetwork network; }; @@ -177,3 +179,6 @@ extern aConfiguration iConf; #define AWAY_PERIOD iConf.away_period #define AWAY_COUNT iConf.away_count #endif + +#define IDENT_CONNECT_TIMEOUT iConf.ident_connect_timeout +#define IDENT_READ_TIMEOUT iConf.ident_read_timeout diff --git a/include/h.h b/include/h.h index 7e211b0a5..defdd5bb9 100644 --- a/include/h.h +++ b/include/h.h @@ -569,3 +569,4 @@ extern char trouble_info[1024]; #define EVENT_DRUGS BASE_VERSION extern void rejoin_doparts(aClient *sptr); extern void rejoin_dojoinandmode(aClient *sptr); +extern void ident_failed(aClient *cptr); diff --git a/src/s_auth.c b/src/s_auth.c index 745f48a76..9fc2c0d76 100644 --- a/src/s_auth.c +++ b/src/s_auth.c @@ -44,6 +44,23 @@ static char sccsid[] = "@(#)s_auth.c 1.18 4/18/94 (C) 1992 Darren Reed"; #include "proto.h" #include +void ident_failed(aClient *cptr) +{ + Debug((DEBUG_NOTICE, "ident_failed() for %x", cptr)); + ircstp->is_abad++; + if (cptr->authfd != -1) + { + CLOSE_SOCK(cptr->authfd); + --OpenFiles; + cptr->authfd = -1; + } + cptr->flags &= ~(FLAGS_WRAUTH | FLAGS_AUTH); + if (!DoingDNS(cptr)) + SetAccess(cptr); + if (SHOWCONNECTINFO && !cptr->serv) + sendto_one(cptr, "%s", REPORT_FAIL_ID); +} + /* * start_auth * @@ -68,9 +85,7 @@ void start_auth(aClient *cptr) { Debug((DEBUG_ERROR, "Unable to create auth socket for %s:%s", get_client_name(cptr, TRUE), strerror(get_sockerr(cptr)))); - if (!DoingDNS(cptr)) - SetAccess(cptr); - ircstp->is_abad++; + ident_failed(cptr); return; } if (++OpenFiles >= (MAXCONNECTIONS - 2)) @@ -109,17 +124,7 @@ void start_auth(aClient *cptr) if (connect(cptr->authfd, (struct sockaddr *)&sock, sizeof(sock)) == -1 && !(ERRNO == P_EWORKING)) { - ircstp->is_abad++; - /* - * No error report from this... - */ - CLOSE_SOCK(cptr->authfd); - --OpenFiles; - cptr->authfd = -1; - if (!DoingDNS(cptr)) - SetAccess(cptr); - if (SHOWCONNECTINFO && !cptr->serv) - sendto_one(cptr, "%s", REPORT_FAIL_ID); + ident_failed(cptr); return; } cptr->flags |= (FLAGS_WRAUTH | FLAGS_AUTH); @@ -161,15 +166,7 @@ void send_authports(aClient *cptr) if (ERRNO == P_EAGAIN) return; /* Not connected yet, try again later */ authsenderr: - ircstp->is_abad++; - CLOSE_SOCK(cptr->authfd); - --OpenFiles; - cptr->authfd = -1; - cptr->flags &= ~FLAGS_AUTH; - if (SHOWCONNECTINFO && !cptr->serv) - sendto_one(cptr, "%s", REPORT_FAIL_ID); - if (!DoingDNS(cptr)) - SetAccess(cptr); + ident_failed(cptr); } cptr->flags &= ~FLAGS_WRAUTH; return; diff --git a/src/s_bsd.c b/src/s_bsd.c index e64b1b8eb..8aba14df1 100644 --- a/src/s_bsd.c +++ b/src/s_bsd.c @@ -1654,20 +1654,33 @@ int read_message(time_t delay, fdlist *listp) if (DoingAuth(cptr)) { - auth++; - Debug((DEBUG_NOTICE, "auth on %x %d", cptr, i)); - if (cptr->authfd >= 0) + int s = TStime() - cptr->firsttime, fail = 0; + /* Maybe they should be timed out. -- Syzop. */ + if ( ((s > IDENT_CONNECT_TIMEOUT) && (cptr->flags & FLAGS_WRAUTH)) || + (s > IDENT_READ_TIMEOUT)) { - FD_SET(cptr->authfd, &read_set); -#ifdef _WIN32 - FD_SET(cptr->authfd, &excpt_set); -#endif - if (cptr->flags & FLAGS_WRAUTH) - FD_SET(cptr->authfd, &write_set); + Debug((DEBUG_NOTICE, "ident timed out (cptr %x, %d sec)", cptr, s)); + ident_failed(cptr); + } + else + { + auth++; + Debug((DEBUG_NOTICE, "auth on %x %d %d", cptr, i, s)); + if (cptr->authfd >= 0) + { + FD_SET(cptr->authfd, &read_set); +#ifdef _WIN32 + FD_SET(cptr->authfd, &excpt_set); +#endif + if (cptr->flags & FLAGS_WRAUTH) + FD_SET(cptr->authfd, &write_set); + } } } - if (DoingDNS(cptr) || DoingAuth(cptr) - ) + /* (warning: don't merge the DoingAuth() here with the check + * above coz ident_failed() might have been called -- Syzop.) + */ + if (DoingDNS(cptr) || DoingAuth(cptr)) continue; if (IsMe(cptr) && IsListening(cptr)) { diff --git a/src/s_conf.c b/src/s_conf.c index 346497976..1318839ca 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -1147,6 +1147,8 @@ void config_setdefaultsettings(aConfiguration *i) i->unknown_flood_amount = 4; i->unknown_flood_bantime = 600; i->oper_snomask = strdup(SNO_DEFOPER); + i->ident_read_timeout = 30; + i->ident_connect_timeout = 10; } int init_conf(char *rootconf, int rehash) @@ -2296,6 +2298,10 @@ void report_dynconf(aClient *sptr) sptr->name, pretty_time_val(AWAY_PERIOD)); } #endif + sendto_one(sptr, ":%s %i %s :ident::connect-timeout: %s", me.name, RPL_TEXT, + sptr->name, pretty_time_val(IDENT_CONNECT_TIMEOUT)); + sendto_one(sptr, ":%s %i %s :ident::read-timeout: %s", me.name, RPL_TEXT, + sptr->name, pretty_time_val(IDENT_READ_TIMEOUT)); } @@ -5213,6 +5219,16 @@ int _conf_set(ConfigFile *conf, ConfigEntry *ce) tempiConf.network.key2, tempiConf.network.key3); tempiConf.network.keycrc = (long) our_crc32(temp, strlen(temp)); } + else if (!strcmp(cep->ce_varname, "ident")) + { + for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) + { + if (!strcmp(cepp->ce_varname, "connect-timeout")) + tempiConf.ident_connect_timeout = config_checkval(cepp->ce_vardata,CFG_TIME); + if (!strcmp(cepp->ce_varname, "read-timeout")) + tempiConf.ident_read_timeout = config_checkval(cepp->ce_vardata,CFG_TIME); + } + } else if (!strcmp(cep->ce_varname, "ssl")) { #ifdef USE_SSL for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) { @@ -5676,6 +5692,28 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce) "use BOPM instead: http://www.blitzed.org/bopm/ (*NIX) / http://vulnscan.org/winbopm/ (Windows)", cep->ce_fileptr->cf_filename, cep->ce_varlinenum); } + else if (!strcmp(cep->ce_varname, "ident")) { + for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) + { + CheckNull(cepp); + if (!strcmp(cepp->ce_varname, "connect-timeout") || !strcmp(cepp->ce_varname, "read-timeout")) + { + int v = config_checkval(cepp->ce_vardata,CFG_TIME);; + if ((v > 60) || (v < 1)) + { + config_error("%s:%i: set::ident::%s value out of range (%d), should be between 1 and 60.", + cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname, v); + errors++; + continue; + } + } else { + config_error("%s:%i: unknown directive set::ident::%s", + cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname); + errors++; + continue; + } + } + } else if (!strcmp(cep->ce_varname, "ssl")) { #ifdef USE_SSL for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {