1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-03 10:03:12 +02:00

Add /ELINE exception type 'm' to bypass allow::maxperip.

In the configuration item you can now achieve the same via:
except ban { mask 1.2.3.4; type maxperip; }
Or even:
except ban { mask { 1.2.3.4; 8.8.8.8; }; type maxperip; }
etc.

Suggested by The_Myth in https://bugs.unrealircd.org/view.php?id=5507

Also, fixed an issue where the IRCd was counting servers as
clients for maxperip, which doesn't make much sense in practice,
so it only counts users now.
This commit is contained in:
Bram Matthys
2019-12-30 18:19:09 +01:00
parent e4d9e001d8
commit fccb3b2f5b
3 changed files with 33 additions and 21 deletions
+5 -4
View File
@@ -861,10 +861,11 @@ typedef void (*OverrideCmdFunc)(CommandOverride *ovr, Client *client, MessageTag
/* these are not real tkl types, but only used for exceptions: */
#define TKL_BLACKLIST 0x0001000
#define TKL_CONNECT_FLOOD 0x0002000
#define TKL_UNKNOWN_DATA_FLOOD 0x0004000
#define TKL_ANTIRANDOM 0x0008000
#define TKL_ANTIMIXEDUTF8 0x0010000
#define TKL_BAN_VERSION 0x0020000
#define TKL_MAXPERIP 0x0004000
#define TKL_UNKNOWN_DATA_FLOOD 0x0008000
#define TKL_ANTIRANDOM 0x0010000
#define TKL_ANTIMIXEDUTF8 0x0020000
#define TKL_BAN_VERSION 0x0040000
#define TKLIsServerBan(tkl) ((tkl)->type & (TKL_KILL|TKL_ZAP|TKL_SHUN))
#define TKLIsServerBanType(tpe) ((tpe) & (TKL_KILL|TKL_ZAP|TKL_SHUN))
+26 -17
View File
@@ -1258,6 +1258,27 @@ int check_init(Client *client, char *sockn, size_t size)
return 1;
}
/** Returns 1 if allow::maxperip is exceeded by 'client' */
int exceeds_maxperip(Client *client, ConfigItem_allow *aconf)
{
Client *acptr;
int cnt = 1;
if (find_tkl_exception(TKL_MAXPERIP, client))
return 0; /* exempt */
list_for_each_entry(acptr, &lclient_list, lclient_node)
{
if (IsUser(acptr) && !strcmp(GetIP(acptr), GetIP(client)))
{
cnt++;
if (cnt > aconf->maxperip)
return 1;
}
}
return 0;
}
/** Allow or reject the client based on allow { } blocks and all other restrictions.
* @param client Client to check (local)
* @param username Username, for some reason...
@@ -1365,25 +1386,13 @@ int AllowClient(Client *client, char *username)
strlcpy(uhost, sockhost, sizeof(uhost));
set_sockhost(client, uhost);
if (aconf->maxperip)
if (aconf->maxperip && exceeds_maxperip(client, aconf))
{
Client *acptr, *acptr2;
int cnt = 1;
list_for_each_entry_safe(acptr, acptr2, &lclient_list, lclient_node)
{
if (!strcmp(GetIP(acptr), GetIP(client)))
{
cnt++;
if (cnt > aconf->maxperip)
{
/* Already got too many with that ip# */
exit_client(client, NULL, iConf.reject_message_too_many_connections);
return 0;
}
}
}
/* Already got too many with that ip# */
exit_client(client, NULL, iConf.reject_message_too_many_connections);
return 0;
}
if (aconf->auth && !Auth_Check(client, aconf->auth, client->local->passwd))
{
/* Always continue if password was wrong. */
+2
View File
@@ -124,6 +124,7 @@ TKLTypeTable tkl_types[] = {
{ "local-exception", 'f', TKL_SPAMF, "Local Spamfilter", 1, 0 },
{ "blacklist", 'b', TKL_BLACKLIST, "Blacklist", 0, 1 },
{ "connect-flood", 'c', TKL_CONNECT_FLOOD, "Connect flood", 0, 1 },
{ "maxperip", 'm', TKL_MAXPERIP, "Max-per-IP", 0, 1 },
{ "unknown-data-flood", 'd', TKL_UNKNOWN_DATA_FLOOD, "Unknown data flood", 0, 1 },
{ "antirandom", 'r', TKL_ANTIRANDOM, "Antirandom", 0, 1 },
{ "antimixedutf8", '8', TKL_ANTIMIXEDUTF8, "Antimixedutf8", 0, 1 },
@@ -1361,6 +1362,7 @@ void eline_syntax(Client *client)
sendnotice(client, "b: Blacklist checking");
sendnotice(client, "c: Connect flood (bypass set::anti-flood::connect-flood))");
sendnotice(client, "d: Unknown data flood (no ZLINE on too much data before registration)");
sendnotice(client, "m: Bypass allow::maxperip restriction");
sendnotice(client, "r: Bypass antirandom module");
sendnotice(client, "8: Bypass antimixedutf8 module");
sendnotice(client, "v: Bypass ban version { } blocks");