|
@@ -7,41 +7,27 @@ import (
|
7
|
7
|
"strings"
|
8
|
8
|
|
9
|
9
|
"github.com/oragono/oragono/irc/sno"
|
|
10
|
+ "github.com/oragono/oragono/irc/utils"
|
10
|
11
|
)
|
11
|
12
|
|
12
|
13
|
// Constants
|
|
14
|
+type DnsblActionType uint
|
|
15
|
+
|
13
|
16
|
const (
|
14
|
|
- DnsblRequireSaslReply uint = iota
|
|
17
|
+ DnsblRequireSaslReply DnsblActionType = iota
|
15
|
18
|
DnsblAllowReply
|
16
|
19
|
DnsblBlockReply
|
17
|
20
|
DnsblNotifyReply
|
18
|
21
|
DnsblUnknownReply
|
19
|
22
|
)
|
20
|
23
|
|
21
|
|
-// ReverseAddress returns IPv4 addresses reversed
|
22
|
|
-func ReverseAddress(ip net.IP) string {
|
23
|
|
- // This is a IPv4 address
|
24
|
|
- if ip.To4() != nil {
|
25
|
|
- address := strings.Split(ip.String(), ".")
|
26
|
|
-
|
27
|
|
- for i, j := 0, len(address)-1; i < j; i, j = i+1, j-1 {
|
28
|
|
- address[i], address[j] = address[j], address[i]
|
29
|
|
- }
|
30
|
|
-
|
31
|
|
- return strings.Join(address, ".")
|
32
|
|
- }
|
33
|
|
-
|
34
|
|
- // fallback to returning the String of IP if it is not an IPv4 address
|
35
|
|
- return ip.String()
|
36
|
|
-}
|
37
|
|
-
|
38
|
24
|
// LookupBlacklistEntry performs a lookup on the dnsbl on the client IP
|
39
|
25
|
func (server *Server) LookupBlacklistEntry(list *DnsblListEntry, client *Client) []string {
|
40
|
|
- res, err := net.LookupHost(fmt.Sprintf("%s.%s", ReverseAddress(client.IP()), list.Host))
|
|
26
|
+ res, err := net.LookupHost(fmt.Sprintf("%s.%s", utils.ReverseAddress(client.IP()), list.Host))
|
41
|
27
|
|
42
|
28
|
var entries []string
|
43
|
29
|
if err != nil {
|
44
|
|
- server.logger.Info("dnsbl-lookup", fmt.Sprintf("DNSBL loopup failed: %s", err))
|
|
30
|
+ // An error may indicate that the A record was not found
|
45
|
31
|
return entries
|
46
|
32
|
}
|
47
|
33
|
|
|
@@ -65,12 +51,11 @@ func (server *Server) ProcessBlacklist(client *Client) {
|
65
|
51
|
return
|
66
|
52
|
}
|
67
|
53
|
|
68
|
|
- channel := server.DnsblConfig().Channel
|
69
|
54
|
lists := server.DnsblConfig().Lists
|
70
|
55
|
|
71
|
56
|
type DnsblTypeResponse struct {
|
72
|
57
|
Host string
|
73
|
|
- ActionType uint
|
|
58
|
+ ActionType DnsblActionType
|
74
|
59
|
Reason string
|
75
|
60
|
}
|
76
|
61
|
var items = []DnsblTypeResponse{}
|
|
@@ -98,54 +83,46 @@ func (server *Server) ProcessBlacklist(client *Client) {
|
98
|
83
|
item := items[0]
|
99
|
84
|
switch item.ActionType {
|
100
|
85
|
case DnsblRequireSaslReply:
|
101
|
|
- client.sendServerMessage("", channel, sno.Dnsbl, fmt.Sprintf("Connecting client %s matched %s, requiring SASL to proceed", client.IP(), item.Host))
|
|
86
|
+ dnsblSendServiceMessage(server, fmt.Sprintf("Connecting client %s matched %s, requiring SASL to proceed", client.IP(), item.Host))
|
102
|
87
|
client.SetRequireSasl(true, item.Reason)
|
103
|
88
|
|
104
|
89
|
case DnsblBlockReply:
|
105
|
|
- client.sendServerMessage("", channel, sno.Dnsbl, fmt.Sprintf("Connecting client %s matched %s - killing", client.IP(), item.Host))
|
|
90
|
+ dnsblSendServiceMessage(server, fmt.Sprintf("Connecting client %s matched %s - killing", client.IP(), item.Host))
|
106
|
91
|
client.Quit(strings.Replace(item.Reason, "{ip}", client.IPString(), -1))
|
107
|
92
|
|
108
|
93
|
case DnsblNotifyReply:
|
109
|
|
- client.sendServerMessage("", channel, sno.Dnsbl, fmt.Sprintf("Connecting client %s matched %s", client.IP(), item.Host))
|
|
94
|
+ dnsblSendServiceMessage(server, fmt.Sprintf("Connecting client %s matched %s", client.IP(), item.Host))
|
110
|
95
|
|
111
|
96
|
case DnsblAllowReply:
|
112
|
|
- client.sendServerMessage("", channel, sno.Dnsbl, fmt.Sprintf("Allowing host %s [%s]", client.IP(), item.Host))
|
|
97
|
+ dnsblSendServiceMessage(server, fmt.Sprintf("Allowing host %s [%s]", client.IP(), item.Host))
|
113
|
98
|
}
|
114
|
99
|
}
|
115
|
100
|
|
116
|
101
|
return
|
117
|
102
|
}
|
118
|
103
|
|
119
|
|
-func connectionRequiresSasl(client *Client) bool {
|
|
104
|
+func ConnectionRequiresSasl(client *Client) bool {
|
120
|
105
|
sasl, reason := client.RequireSasl()
|
121
|
106
|
|
122
|
107
|
if !sasl {
|
123
|
108
|
return false
|
124
|
109
|
}
|
125
|
110
|
|
126
|
|
- channel := client.server.DnsblConfig().Channel
|
127
|
|
-
|
128
|
111
|
if client.Account() == "" {
|
129
|
|
- //client.sendServerMessage("", channel, sno.Dnsbl, fmt.Sprintf("Connecting client %s and did not authenticate through SASL - blocking connection", client.IP()))
|
|
112
|
+ dnsblSendServiceMessage(client.server, fmt.Sprintf("Connecting client %s and did not authenticate through SASL - blocking connection", client.IP()))
|
130
|
113
|
client.Quit(strings.Replace(reason, "{ip}", client.IPString(), -1))
|
131
|
114
|
return true
|
132
|
115
|
}
|
133
|
116
|
|
134
|
|
- client.sendServerMessage("", channel, sno.Dnsbl, fmt.Sprintf("Connecting client %s authenticated through SASL - allowing", client.IP()))
|
|
117
|
+ dnsblSendServiceMessage(client.server, fmt.Sprintf("Connecting client %s authenticated through SASL - allowing", client.IP()))
|
135
|
118
|
|
136
|
119
|
return false
|
137
|
120
|
}
|
138
|
121
|
|
139
|
|
-func (client *Client) sendServerMessage(pseudo string, channel string, mask sno.Mask, message string) {
|
140
|
|
- /*
|
141
|
|
- This causes an out of bounds error - possibly in client.Send() - investigate further
|
142
|
|
- if pseudo == "" {
|
143
|
|
- pseudo = client.server.name
|
144
|
|
- }
|
145
|
|
-
|
146
|
|
- if channel != "" {
|
147
|
|
- client.Send(nil, pseudo, "PRIVMSG", channel, message)
|
148
|
|
- }
|
149
|
|
- */
|
150
|
|
- client.server.snomasks.Send(mask, message)
|
|
122
|
+func dnsblSendServiceMessage(server *Server, message string) {
|
|
123
|
+ channel := server.DnsblConfig().Channel
|
|
124
|
+ if channel != "" {
|
|
125
|
+ server.serviceNotifyChannel(server.name, channel, message)
|
|
126
|
+ }
|
|
127
|
+ server.snomasks.Send(sno.Dnsbl, message)
|
151
|
128
|
}
|