File: [local] / acopm / src / check.c (download)
Revision 1.1, Sat May 8 15:42:17 2021 UTC (3 years ago) by bountyht
Branch point for: MAIN
Initial revision
|
/*
* Copyright (C) 2017 Aaron M. D. Jones <aaronmdjones@gmail.com>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following
* conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the copyright holder nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED.
*
* IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "acopm-common.h"
#include <assert.h> /* assert() */
#include <errno.h> /* errno */
#include <inttypes.h> /* PRIu16 */
#include <string.h> /* strerror(), memset() */
#include <strings.h> /* strcasecmp() */
#include <time.h> /* struct timeval, time_t */
#include <event2/event.h> /* event_*(), struct event */
#include "check.h" /* decls for own functions */
#include "exec.h" /* acopm_exec_proxy_program() */
#include "vars.h" /* global variable definitions */
#include "3rdparty/utlist.h" /* LL_*() */
#include "irc/client.h" /* acopm_irc_writev() */
#include "dnsbl/lookup.h" /* acopm_dnsbl_lookup_new() */
#include "proxy/host.h" /* acopm_proxy_host_new() */
#include "utils/cidr.h" /* acopm_cidr_*(), struct acopm_cidr_address */
#include "utils/log.h" /* acopm_log_*() */
#include "utils/siphash24.h" /* HASH_*() */
#define DNSBL_HIT_STR "IP address %s is listed on DNSBL %s (%s, %s)"
#define OPEN_PROXY_STR "IP address %s has open proxy on port %" PRIu16 " of type %s"
#define ACOPM_ADDR_GC_AGE 300U
struct acopm_cached_address
{
UT_hash_handle hh;
time_t timestamp;
char address[INET6_ADDRSTRLEN];
} acopm_attr_packed;
static struct acopm_cached_address *cached_addresses = NULL;
static struct acopm_cidr_address *exempt_addresses = NULL;
static struct event *ev_cached_gc = NULL;
static void
acopm_cached_gc(const evutil_socket_t fd, const short events, void *const restrict data)
{
(void) fd;
(void) events;
(void) data;
assert(fd == -1);
assert(events == EV_TIMEOUT);
assert(data == NULL);
if (! cached_addresses)
return;
(void) acopm_log_debug("%s: executing cached addresses garbage collector", __func__);
const time_t time_now = time(NULL);
if (time_now == -1)
{
(void) acopm_log_error("%s: time: %s", __func__, strerror(errno));
return;
}
struct acopm_cached_address *cached, *tmp;
HASH_ITER(hh, cached_addresses, cached, tmp)
{
if (! cached_addresses)
break;
if (cached->timestamp >= 0 && ((time_now - cached->timestamp) < ACOPM_ADDR_GC_AGE))
continue;
(void) acopm_log_debug("%s: freeing address %s", __func__, cached->address);
HASH_DELETE(hh, cached_addresses, cached);
(void) free(cached);
}
}
static void
acopm_dnsbl_hit_cb(struct acopm_dnsbl_client *const restrict client, const char *const restrict domain,
const char *const restrict address, const char *const restrict dnsbl_ip,
const char *restrict description)
{
assert(client == acopm_dnsbl_client);
(void) client;
if (! description)
description = "<unknown>";
if (! acopm_irc_log(acopm_irc_client, DNSBL_HIT_STR, address, domain, dnsbl_ip, description))
{
(void) event_base_loopbreak(ev_base);
return;
}
if (! *dnsbl_hit_cmd)
return;
#ifdef __GNUC__
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wformat-nonliteral"
#endif
if (! acopm_irc_writev(acopm_irc_client, dnsbl_hit_cmd, address, domain, description))
#ifdef __GNUC__
# pragma GCC diagnostic pop
#endif
{
(void) event_base_loopbreak(ev_base);
return;
}
}
static void
acopm_proxy_hit_cb(struct acopm_proxy_client *const restrict client, const char *const restrict address,
const uint16_t port, const enum acopm_proxy_type type)
{
assert(client == acopm_proxy_client);
assert(port != 0);
assert(type != ACOPM_PROXY_TYPE_NONE);
assert(address != NULL);
assert(*address != 0x00);
(void) client;
if (type == ACOPM_PROXY_TYPE_NONE)
return;
if (! acopm_irc_log(acopm_irc_client, OPEN_PROXY_STR, address, port, acopm_proxy_type_str(type)))
{
(void) event_base_loopbreak(ev_base);
return;
}
#ifdef __GNUC__
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wformat-nonliteral"
#endif
if (*proxy_hit_cmd && ! acopm_irc_writev(acopm_irc_client, proxy_hit_cmd, address))
#ifdef __GNUC__
# pragma GCC diagnostic pop
#endif
{
(void) event_base_loopbreak(ev_base);
return;
}
if (*proxy_hit_exe)
(void) acopm_exec_proxy_program(address, port, type);
}
bool
acopm_check_init(void)
{
(void) acopm_log_debug("%s: initialising negative cache garbage collector", __func__);
assert(ev_cached_gc == NULL);
struct timeval timeout;
(void) memset(&timeout, 0x00, sizeof timeout);
timeout.tv_sec = ACOPM_ADDR_GC_AGE;
if (! (ev_cached_gc = event_new(ev_base, -1, EV_PERSIST, acopm_cached_gc, NULL)))
{
(void) acopm_log_error("%s: event_new: %s", __func__, strerror(errno));
return false;
}
if (event_add(ev_cached_gc, &timeout) != 0)
{
(void) acopm_log_error("%s: event_add: %s", __func__, strerror(errno));
(void) event_free(ev_cached_gc);
ev_cached_gc = NULL;
return false;
}
return true;
}
bool
acopm_check_add_exemption(const char *const restrict address)
{
assert(address != NULL);
struct acopm_cidr_address *const exemption = acopm_cidr_new(address);
if (! exemption)
return false;
const struct acopm_cidr_address *match;
LL_FOREACH(exempt_addresses, match)
{
if (match->family == exemption->family && acopm_cidr_match(address, match))
{
(void) acopm_log_warning("Cannot add exemption for address '%s': already exempt", address);
(void) acopm_cidr_free(exemption);
return true;
}
}
LL_APPEND(exempt_addresses, exemption);
return true;
}
void
acopm_check_user(const char *const restrict nickname, const char *const restrict address)
{
assert(nickname != NULL);
assert(address != NULL);
(void) acopm_log_info("Client connection detected: %s (%s)", nickname, address);
const struct acopm_cidr_address *match;
LL_FOREACH(exempt_addresses, match)
{
if (acopm_cidr_match(address, match))
{
(void) acopm_log_info("Not checking address %s because it is exempt", address);
return;
}
}
struct acopm_cached_address *cached = NULL;
HASH_FIND_STR(cached_addresses, address, cached);
if (cached)
{
assert(strcasecmp(cached->address, address) == 0);
(void) acopm_log_debug("%s: not checking %s (%s): cached", __func__, nickname, address);
if ((cached->timestamp = time(NULL)) == -1)
(void) acopm_log_warning("%s: time: %s", __func__, strerror(errno));
return;
}
else if (! (cached = calloc(1, sizeof *cached)))
{
(void) acopm_log_warning("%s: calloc: %s", __func__, strerror(errno));
}
else
{
(void) acopm_strset_buf(cached->address, address);
if ((cached->timestamp = time(NULL)) == -1)
(void) acopm_log_warning("%s: time: %s", __func__, strerror(errno));
HASH_ADD_STR(cached_addresses, address, cached);
}
if (*client_notice_msg)
(void) acopm_irc_writev(acopm_irc_client, "NOTICE %s :%s", nickname, client_notice_msg);
(void) acopm_dnsbl_lookup_new(acopm_dnsbl_client, address, acopm_dnsbl_hit_cb);
(void) acopm_proxy_host_new(acopm_proxy_client, address, acopm_proxy_hit_cb);
}
void
acopm_check_free(void)
{
(void) acopm_log_debug("%s: destroying negative cache and garbage collector", __func__);
if (cached_addresses)
{
struct acopm_cached_address *copy = cached_addresses;
HASH_CLEAR(hh, copy);
struct acopm_cached_address *cached, *tmp;
HASH_ITER(hh, cached_addresses, cached, tmp)
(void) free(cached);
cached_addresses = NULL;
}
if (exempt_addresses)
{
struct acopm_cidr_address *cur, *tmp;
LL_FOREACH_SAFE(exempt_addresses, cur, tmp)
{
LL_DELETE(exempt_addresses, cur);
(void) acopm_cidr_free(cur);
}
}
if (ev_cached_gc)
{
(void) event_free(ev_cached_gc);
ev_cached_gc = NULL;
}
}