Return to check.c CVS log

Up to [local] / acopm / src

Initial revision

/*
 * Copyright (C) 2017 Aaron M. D. Jones <aaronmdjones@gmail.com>
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following
 * conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the copyright holder nor the names of its
 *    contributors may be used to endorse or promote products derived from
 *    this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED.
 *
 * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include "acopm-common.h"

#include <assert.h> /* assert() */
#include <errno.h> /* errno */
#include <inttypes.h> /* PRIu16 */
#include <string.h> /* strerror(), memset() */
#include <strings.h> /* strcasecmp() */
#include <time.h> /* struct timeval, time_t */

#include <event2/event.h> /* event_*(), struct event */

#include "check.h" /* decls for own functions */
#include "exec.h" /* acopm_exec_proxy_program() */
#include "vars.h" /* global variable definitions */

#include "3rdparty/utlist.h" /* LL_*() */
#include "irc/client.h" /* acopm_irc_writev() */
#include "dnsbl/lookup.h" /* acopm_dnsbl_lookup_new() */
#include "proxy/host.h" /* acopm_proxy_host_new() */
#include "utils/cidr.h" /* acopm_cidr_*(), struct acopm_cidr_address */
#include "utils/log.h" /* acopm_log_*() */
#include "utils/siphash24.h" /* HASH_*() */

#define DNSBL_HIT_STR       "IP address %s is listed on DNSBL %s (%s, %s)"
#define OPEN_PROXY_STR      "IP address %s has open proxy on port %" PRIu16 " of type %s"
#define ACOPM_ADDR_GC_AGE   300U

struct acopm_cached_address
{
	UT_hash_handle              hh;
	time_t                      timestamp;
	char                        address[INET6_ADDRSTRLEN];
} acopm_attr_packed;

static struct acopm_cached_address *cached_addresses = NULL;
static struct acopm_cidr_address *exempt_addresses = NULL;
static struct event *ev_cached_gc = NULL;

static void
acopm_cached_gc(const evutil_socket_t fd, const short events, void *const restrict data)
{
	(void) fd;
	(void) events;
	(void) data;

	assert(fd == -1);
	assert(events == EV_TIMEOUT);
	assert(data == NULL);

	if (! cached_addresses)
		return;

	(void) acopm_log_debug("%s: executing cached addresses garbage collector", __func__);

	const time_t time_now = time(NULL);
	if (time_now == -1)
	{
		(void) acopm_log_error("%s: time: %s", __func__, strerror(errno));
		return;
	}

	struct acopm_cached_address *cached, *tmp;
	HASH_ITER(hh, cached_addresses, cached, tmp)
	{
		if (! cached_addresses)
			break;

		if (cached->timestamp >= 0 && ((time_now - cached->timestamp) < ACOPM_ADDR_GC_AGE))
			continue;

		(void) acopm_log_debug("%s: freeing address %s", __func__, cached->address);
		HASH_DELETE(hh, cached_addresses, cached);
		(void) free(cached);
	}
}

static void
acopm_dnsbl_hit_cb(struct acopm_dnsbl_client *const restrict client, const char *const restrict domain,
                   const char *const restrict address, const char *const restrict dnsbl_ip,
                   const char *restrict description)
{
	assert(client == acopm_dnsbl_client);

	(void) client;

	if (! description)
		description = "<unknown>";

	if (! acopm_irc_log(acopm_irc_client, DNSBL_HIT_STR, address, domain, dnsbl_ip, description))
	{
		(void) event_base_loopbreak(ev_base);
		return;
	}

	if (! *dnsbl_hit_cmd)
		return;

#ifdef __GNUC__
#  pragma GCC diagnostic push
#  pragma GCC diagnostic ignored "-Wformat-nonliteral"
#endif
	if (! acopm_irc_writev(acopm_irc_client, dnsbl_hit_cmd, address, domain, description))
#ifdef __GNUC__
#  pragma GCC diagnostic pop
#endif
	{
		(void) event_base_loopbreak(ev_base);
		return;
	}
}

static void
acopm_proxy_hit_cb(struct acopm_proxy_client *const restrict client, const char *const restrict address,
                   const uint16_t port, const enum acopm_proxy_type type)
{
	assert(client == acopm_proxy_client);
	assert(port != 0);
	assert(type != ACOPM_PROXY_TYPE_NONE);
	assert(address != NULL);
	assert(*address != 0x00);

	(void) client;

	if (type == ACOPM_PROXY_TYPE_NONE)
		return;

	if (! acopm_irc_log(acopm_irc_client, OPEN_PROXY_STR, address, port, acopm_proxy_type_str(type)))
	{
		(void) event_base_loopbreak(ev_base);
		return;
	}

#ifdef __GNUC__
#  pragma GCC diagnostic push
#  pragma GCC diagnostic ignored "-Wformat-nonliteral"
#endif
	if (*proxy_hit_cmd && ! acopm_irc_writev(acopm_irc_client, proxy_hit_cmd, address))
#ifdef __GNUC__
#  pragma GCC diagnostic pop
#endif
	{
		(void) event_base_loopbreak(ev_base);
		return;
	}

	if (*proxy_hit_exe)
		(void) acopm_exec_proxy_program(address, port, type);
}

bool
acopm_check_init(void)
{
	(void) acopm_log_debug("%s: initialising negative cache garbage collector", __func__);

	assert(ev_cached_gc == NULL);

	struct timeval timeout;
	(void) memset(&timeout, 0x00, sizeof timeout);
	timeout.tv_sec = ACOPM_ADDR_GC_AGE;

	if (! (ev_cached_gc = event_new(ev_base, -1, EV_PERSIST, acopm_cached_gc, NULL)))
	{
		(void) acopm_log_error("%s: event_new: %s", __func__, strerror(errno));
		return false;
	}

	if (event_add(ev_cached_gc, &timeout) != 0)
	{
		(void) acopm_log_error("%s: event_add: %s", __func__, strerror(errno));
		(void) event_free(ev_cached_gc);
		ev_cached_gc = NULL;
		return false;
	}

	return true;
}

bool
acopm_check_add_exemption(const char *const restrict address)
{
	assert(address != NULL);

	struct acopm_cidr_address *const exemption = acopm_cidr_new(address);

	if (! exemption)
		return false;

	const struct acopm_cidr_address *match;
	LL_FOREACH(exempt_addresses, match)
	{
		if (match->family == exemption->family && acopm_cidr_match(address, match))
		{
			(void) acopm_log_warning("Cannot add exemption for address '%s': already exempt", address);
			(void) acopm_cidr_free(exemption);
			return true;
		}
	}

	LL_APPEND(exempt_addresses, exemption);
	return true;
}

void
acopm_check_user(const char *const restrict nickname, const char *const restrict address)
{
	assert(nickname != NULL);
	assert(address != NULL);

	(void) acopm_log_info("Client connection detected: %s (%s)", nickname, address);

	const struct acopm_cidr_address *match;
	LL_FOREACH(exempt_addresses, match)
	{
		if (acopm_cidr_match(address, match))
		{
			(void) acopm_log_info("Not checking address %s because it is exempt", address);
			return;
		}
	}

	struct acopm_cached_address *cached = NULL;
	HASH_FIND_STR(cached_addresses, address, cached);
	if (cached)
	{
		assert(strcasecmp(cached->address, address) == 0);
		(void) acopm_log_debug("%s: not checking %s (%s): cached", __func__, nickname, address);

		if ((cached->timestamp = time(NULL)) == -1)
			(void) acopm_log_warning("%s: time: %s", __func__, strerror(errno));

		return;
	}
	else if (! (cached = calloc(1, sizeof *cached)))
	{
		(void) acopm_log_warning("%s: calloc: %s", __func__, strerror(errno));
	}
	else
	{
		(void) acopm_strset_buf(cached->address, address);

		if ((cached->timestamp = time(NULL)) == -1)
			(void) acopm_log_warning("%s: time: %s", __func__, strerror(errno));

		HASH_ADD_STR(cached_addresses, address, cached);
	}

	if (*client_notice_msg)
		(void) acopm_irc_writev(acopm_irc_client, "NOTICE %s :%s", nickname, client_notice_msg);

	(void) acopm_dnsbl_lookup_new(acopm_dnsbl_client, address, acopm_dnsbl_hit_cb);
	(void) acopm_proxy_host_new(acopm_proxy_client, address, acopm_proxy_hit_cb);
}

void
acopm_check_free(void)
{
	(void) acopm_log_debug("%s: destroying negative cache and garbage collector", __func__);

	if (cached_addresses)
	{
		struct acopm_cached_address *copy = cached_addresses;
		HASH_CLEAR(hh, copy);

		struct acopm_cached_address *cached, *tmp;
		HASH_ITER(hh, cached_addresses, cached, tmp)
        		(void) free(cached);

		cached_addresses = NULL;
	}

	if (exempt_addresses)
	{
		struct acopm_cidr_address *cur, *tmp;
		LL_FOREACH_SAFE(exempt_addresses, cur, tmp)
		{
			LL_DELETE(exempt_addresses, cur);
			(void) acopm_cidr_free(cur);
		}
	}

	if (ev_cached_gc)
	{
		(void) event_free(ev_cached_gc);
		ev_cached_gc = NULL;
	}
}