unrealircd

- supernets unrealircd source & configuration
git clone git://git.acid.vegas/unrealircd.git
securitygroup.c (4046B)
      1 /*
      2  * Extended ban to ban based on security groups such as "unknown-users"
      3  * (C) Copyright 2020 Bram Matthys (Syzop) and the UnrealIRCd team
      4  *
      5  * This program is free software; you can redistribute it and/or modify
      6  * it under the terms of the GNU General Public License as published by
      7  * the Free Software Foundation; either version 1, or (at your option)
      8  * any later version.
      9  *
     10  * This program is distributed in the hope that it will be useful,
     11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
     12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     13  * GNU General Public License for more details.
     14  *
     15  * You should have received a copy of the GNU General Public License
     16  * along with this program; if not, write to the Free Software
     17  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     18  */
     19 #include "unrealircd.h"
     20 
     21 ModuleHeader MOD_HEADER
     22 = {
     23 	"extbans/securitygroup",
     24 	"4.2",
     25 	"ExtBan ~G - Ban based on security-group",
     26 	"UnrealIRCd Team",
     27 	"unrealircd-6",
     28 };
     29 
     30 /* Forward declarations */
     31 const char *extban_securitygroup_conv_param(BanContext *b, Extban *extban);
     32 int extban_securitygroup_is_ok(BanContext *b);
     33 int extban_securitygroup_is_banned(BanContext *b);
     34 
     35 Extban *register_securitygroup_extban(ModuleInfo *modinfo)
     36 {
     37 	ExtbanInfo req;
     38 
     39 	memset(&req, 0, sizeof(req));
     40 	req.letter = 'G';
     41 	req.name = "security-group";
     42 	req.conv_param = extban_securitygroup_conv_param;
     43 	req.is_ok = extban_securitygroup_is_ok;
     44 	req.is_banned = extban_securitygroup_is_banned;
     45 	req.is_banned_events = BANCHK_ALL|BANCHK_TKL;
     46 	req.options = EXTBOPT_INVEX|EXTBOPT_TKL;
     47 	return ExtbanAdd(modinfo->handle, req);
     48 }
     49 
     50 /** Called upon module test */
     51 MOD_TEST()
     52 {
     53 	if (!register_securitygroup_extban(modinfo))
     54 	{
     55 		config_error("could not register extended ban type ~G");
     56 		return MOD_FAILED;
     57 	}
     58 
     59 	return MOD_SUCCESS;
     60 }
     61 
     62 /** Called upon module init */
     63 MOD_INIT()
     64 {
     65 	if (!register_securitygroup_extban(modinfo))
     66 	{
     67 		config_error("could not register extended ban type ~G");
     68 		return MOD_FAILED;
     69 	}
     70 
     71 	MARK_AS_OFFICIAL_MODULE(modinfo);
     72 	
     73 	return MOD_SUCCESS;
     74 }
     75 
     76 /** Called upon module load */
     77 MOD_LOAD()
     78 {
     79 	return MOD_SUCCESS;
     80 }
     81 
     82 /** Called upon unload */
     83 MOD_UNLOAD()
     84 {
     85 	return MOD_SUCCESS;
     86 }
     87 
     88 /* Helper function for extban_securitygroup_is_ok() and extban_securitygroup_conv_param()
     89  * to do ban validation.
     90  */
     91 int extban_securitygroup_generic(char *mask, int strict)
     92 {
     93 	/* ! at the start means negative match */
     94 	if (*mask == '!')
     95 		mask++;
     96 
     97 	/* Check if the rest of the security group name is valid */
     98 	if (strict)
     99 	{
    100 		if (!security_group_exists(mask))
    101 			return 0; /* security group does not exist */
    102 	} else {
    103 		if (!security_group_valid_name(mask))
    104 			return 0; /* invalid characters or too long */
    105 	}
    106 
    107 	if (!*mask)
    108 		return 0; /* don't allow "~G:" nor "~G:!" */
    109 
    110 	return 1;
    111 }
    112 
    113 int extban_securitygroup_is_ok(BanContext *b)
    114 {
    115 	if (MyUser(b->client) && (b->what == MODE_ADD) && (b->is_ok_check == EXBCHK_PARAM))
    116 	{
    117 		char banbuf[SECURITYGROUPLEN+8];
    118 		strlcpy(banbuf, b->banstr, sizeof(banbuf));
    119 		if (!extban_securitygroup_generic(banbuf, 1))
    120 		{
    121 			SecurityGroup *s;
    122 			sendnotice(b->client, "ERROR: Unknown security-group '%s'. Syntax: +b ~G:securitygroup or +b ~G:!securitygroup", b->banstr);
    123 			sendnotice(b->client, "Available security groups:");
    124 			for (s = securitygroups; s; s = s->next)
    125 				sendnotice(b->client, "%s", s->name);
    126 			sendnotice(b->client, "unknown-users");
    127 			sendnotice(b->client, "End of security group list.");
    128 			return 0;
    129 		}
    130 	}
    131 	return 1;
    132 }
    133 
    134 /** Security group extban - conv_param */
    135 const char *extban_securitygroup_conv_param(BanContext *b, Extban *extban)
    136 {
    137 	static char retbuf[SECURITYGROUPLEN + 8];
    138 
    139 	strlcpy(retbuf, b->banstr, sizeof(retbuf));
    140 	if (!extban_securitygroup_generic(retbuf, 0))
    141 		return NULL;
    142 
    143 	return retbuf;
    144 }
    145 
    146 /** Is the user banned by ~G:something ? */
    147 int extban_securitygroup_is_banned(BanContext *b)
    148 {
    149 	if (*b->banstr == '!')
    150 		return !user_allowed_by_security_group_name(b->client, b->banstr+1);
    151 	return user_allowed_by_security_group_name(b->client, b->banstr);
    152 }