From a7c9ecb4e74f89368732ec39fbbcda659d60ff27 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Mon, 20 Mar 2023 09:17:52 +0100 Subject: [PATCH] Add deny link::reason (optional) and display it in oper warnings and to the other side of the link. --- src/modules/connect.c | 5 +++-- src/modules/rpc/server.c | 5 +++-- src/modules/server.c | 26 ++++++++++++++++++++------ 3 files changed, 26 insertions(+), 10 deletions(-) diff --git a/src/modules/connect.c b/src/modules/connect.c index fc6a15054..14306f02b 100644 --- a/src/modules/connect.c +++ b/src/modules/connect.c @@ -63,6 +63,7 @@ CMD_FUNC(cmd_connect) int retval; ConfigItem_link *aconf; Client *server; + const char *str; if (!IsServer(client) && MyConnect(client) && !ValidatePermissionsForPath("route:global",client,NULL,NULL,NULL) && parc > 3) { /* Only allow LocOps to make */ @@ -108,9 +109,9 @@ CMD_FUNC(cmd_connect) return; } - if (check_deny_link(aconf, 0)) + if ((str = check_deny_link(aconf, 0))) { - sendnotice(client, "*** Connect: Disallowed by connection rule"); + sendnotice(client, "*** Connect: Disallowed by connection rule: %s", str); return; } diff --git a/src/modules/rpc/server.c b/src/modules/rpc/server.c index d97d52c56..c60d517f9 100644 --- a/src/modules/rpc/server.c +++ b/src/modules/rpc/server.c @@ -234,6 +234,7 @@ RPC_CALL_FUNC(rpc_server_connect) const char *server, *link_name; Client *acptr; ConfigItem_link *link; + const char *err; OPTIONAL_PARAM_STRING("server", server); if (server) @@ -275,9 +276,9 @@ RPC_CALL_FUNC(rpc_server_connect) return; } - if (check_deny_link(link, 0)) + if ((err = check_deny_link(link, 0))) { - rpc_error(client, request, JSON_RPC_ERROR_DENIED, "Server linking is denied via a deny link { } block"); + rpc_error_fmt(client, request, JSON_RPC_ERROR_DENIED, "Server linking is denied via a deny link { } block: %s", err); return; } diff --git a/src/modules/server.c b/src/modules/server.c index d2b29a002..cf65b5df9 100644 --- a/src/modules/server.c +++ b/src/modules/server.c @@ -43,6 +43,7 @@ struct ConfigItem_deny_link { ConfigItem_mask *mask; CRuleNode *rule; /**< parsed crule */ char *prettyrule; /**< human printable version */ + char *reason; /**< Reason for the deny link */ }; /* Forward declarations */ @@ -179,9 +180,10 @@ void server_config_free(void) for (d = conf_deny_link; d; d = d_next) { d_next = d->next; - safe_free(d->prettyrule); unreal_delete_masks(d->mask); crule_free(&d->rule); + safe_free(d->prettyrule); + safe_free(d->reason); DelListItem(d, conf_deny_link); safe_free(d); } @@ -325,6 +327,8 @@ int server_config_test_deny_link(ConfigFile *cf, ConfigEntry *ce, int type, int cep->file->filename, cep->line_number); errors++; } + } else if (!strcmp(cep->name, "reason")) + { } else { @@ -391,6 +395,10 @@ int server_config_run_deny_link(ConfigFile *cf, ConfigEntry *ce, int type) deny->rule = crule_parse(cep->value); safe_strdup(deny->prettyrule, cep->value); } + else if (!strcmp(cep->name, "reason")) + { + safe_strdup(deny->reason, cep->value); + } else if (!strcmp(cep->name, "type")) { if (!strcmp(cep->value, "all")) deny->flag.type = CRULE_ALL; @@ -399,6 +407,10 @@ int server_config_run_deny_link(ConfigFile *cf, ConfigEntry *ce, int type) } } + /* Set a default reason, if needed */ + if (!deny->reason) + safe_strdup(deny->reason, "Denied"); + AddListItem(deny, conf_deny_link); return 1; } @@ -1050,6 +1062,7 @@ CMD_FUNC(cmd_server) ConfigItem_link *aconf = NULL; char *flags = NULL, *protocol = NULL, *inf = NULL, *num = NULL; int incoming; + const char *err; if (IsUser(client)) { @@ -1167,12 +1180,13 @@ CMD_FUNC(cmd_server) strlcpy(client->info, info[0] ? info : "server", sizeof(client->info)); } - if (check_deny_link(aconf, 0)) + if ((err = check_deny_link(aconf, 0))) { unreal_log(ULOG_ERROR, "link", "LINK_DENIED_DENY_LINK_BLOCK", client, - "Server link $servername rejected by deny link { } block.", - log_data_string("servername", servername)); - exit_client(client, NULL, "Disallowed by connection rule"); + "Server link $servername rejected by deny link { } block: $reason", + log_data_string("servername", servername), + log_data_string("reason", err)); + exit_client_fmt(client, NULL, "Disallowed by connection rule: %s", err); return; } @@ -2198,7 +2212,7 @@ const char *_check_deny_link(ConfigItem_link *link, int auto_connect) if (unreal_mask_match_string(link->servername, d->mask) && crule_eval(d->rule)) { - return "Denied"; // TODO: implement deny link::reason + return d->reason; } } return NULL;