This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Undernet IRC Server Source Code.".
The branch, u2_10_12_branch has been updated
via adcd4386e4b28bc805f746dc9d806f9e56714215 (commit)
from 1f5142dc4133a2885ac221d51977b542c5680a97 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit adcd4386e4b28bc805f746dc9d806f9e56714215
Author: Michael Poole <[email protected]>
Date: Tue Mar 12 20:44:56 2019 -0400
s_auth: Replace FLAG_DOID with DoIdentLookups.
Ever since commit bdd001c7946:
s_auth: Let IAuth assign class without connection-limit or password
checks.
we have called preregister_user() (and indirectly attach_iline()) after
all the other authorization checks are done. This means that FLAG_DOID
was being set after it was being checked.
There was a Gordian knot:
- We want IAuthd to be able to set a connection class.
- We want to check G-lines before sending enough information to IAuthd
to trigger an XQUERY lookup (meaning network traffic).
- We use clients' usernames to check G-lines.
- We add ~ to the client's username if their connection class needs a
username, but the identd lookup failed for that cilent.
I think the simplest, least-surprising way to break that loop is to add a
~ prefix if *any* class needs a username. Most servers will continue to
behave the same as with u2.10.12.18, and this makes the server's behavior
more consistent across clients who fall into different connection classes.
diff --git a/doc/example.conf b/doc/example.conf
index bb62fe7f..661edd0b 100644
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -172,6 +172,10 @@ Class {
# limits the number of matching clients allowed from a particular IP
# address.
#
+# If any Client block contains a non-empty username, IDENT lookups are
+# performed for all clients, and clients for whom an IDENT lookup fails
+# are given the username they claim in the USER command with a ~ prefix.
+#
# Take the following class blocks only as a guide.
Class {
name = "Local";
diff --git a/include/client.h b/include/client.h
index 971a928d..751d0fc3 100644
--- a/include/client.h
+++ b/include/client.h
@@ -147,7 +147,6 @@ enum Flag
FLAG_IPV6, /**< server understands P10 IPv6 addrs */
FLAG_SERVICE, /**< server is a service */
FLAG_GOTID, /**< successful ident lookup achieved */
- FLAG_DOID, /**< I-lines say must use ident return */
FLAG_NONL, /**< No \n in buffer */
FLAG_TS8, /**< Why do you want to know? */
FLAG_MAP, /**< Show server on the map */
diff --git a/include/s_conf.h b/include/s_conf.h
index d3389654..4a2070f6 100644
--- a/include/s_conf.h
+++ b/include/s_conf.h
@@ -172,6 +172,7 @@ extern int GlobalConfCount;
extern struct s_map* GlobalServiceMapList;
extern struct qline* GlobalQuarantineList;
extern struct wline* GlobalWebircList;
+extern int DoIdentLookups;
/*
* Proto types
diff --git a/ircd/ircd_parser.y b/ircd/ircd_parser.y
index 4516ed99..9347e136 100644
--- a/ircd/ircd_parser.y
+++ b/ircd/ircd_parser.y
@@ -840,6 +840,8 @@ clientblock: CLIENT
MyFree(ip);
MyFree(pass);
}
+ if (username)
+ DoIdentLookups = 1;
host = NULL;
username = NULL;
c_class = NULL;
diff --git a/ircd/s_auth.c b/ircd/s_auth.c
index 87f015ee..f2e3d920 100644
--- a/ircd/s_auth.c
+++ b/ircd/s_auth.c
@@ -442,7 +442,7 @@ static int check_auth_finished(struct AuthRequest *auth,
int bitclr)
{
clean_username(user->username, cli_username(sptr));
}
- else if (HasFlag(sptr, FLAG_DOID))
+ else if (DoIdentLookups)
{
/* Prepend ~ to user->username. */
char *s = user->username;
@@ -1157,7 +1157,8 @@ void start_auth(struct Client* client)
start_dns_query(auth);
/* Try to start ident lookup. */
- start_auth_query(auth);
+ if (DoIdentLookups)
+ start_auth_query(auth);
}
/* Add client to GlobalClientList. */
@@ -1320,8 +1321,6 @@ int auth_spoof_user(struct AuthRequest *auth, const char
*username, const char *
if (username) {
ircd_strncpy(cli_username(sptr), username, USERLEN);
SetGotId(sptr);
- } else {
- SetFlag(sptr, FLAG_DOID);
}
start_iauth_query(auth);
@@ -2058,7 +2057,6 @@ static int iauth_cmd_done_client(struct IAuth *iauth,
struct Client *cli,
acr = attach_conf(cli, aconf);
switch (acr) {
case ACR_OK:
- /* There should maybe be some way to set FLAG_DOID here.. */
case ACR_TOO_MANY_IN_CLASS:
/* Take iauth's word for it. */
break;
diff --git a/ircd/s_conf.c b/ircd/s_conf.c
index 1e8ac1e9..5ed26ded 100644
--- a/ircd/s_conf.c
+++ b/ircd/s_conf.c
@@ -80,6 +80,9 @@ struct wline* GlobalWebircList;
/** Current line number in scanner input. */
int lineno;
+/** Flag for whether to perform ident lookups. */
+int DoIdentLookups;
+
/** Configuration information for #me. */
struct LocalConf localConf;
/** Global list of connection rules. */
@@ -371,8 +374,6 @@ enum AuthorizationCheckResult attach_iline(struct Client*
cptr)
continue;
if (IPcheck_nr(cptr) > aconf->maximum)
return ACR_TOO_MANY_FROM_IP;
- if (aconf->username)
- SetFlag(cptr, FLAG_DOID);
return attach_conf(cptr, aconf);
}
return ACR_NO_AUTHORIZATION;
@@ -989,6 +990,7 @@ int rehash(struct Client *cptr, int sig)
auth_mark_closing();
webirc_mark_stale();
close_mappings();
+ DoIdentLookups = 0;
read_configuration_file();
-----------------------------------------------------------------------
Summary of changes:
doc/example.conf | 4 ++++
include/client.h | 1 -
include/s_conf.h | 1 +
ircd/ircd_parser.y | 2 ++
ircd/s_auth.c | 8 +++-----
ircd/s_conf.c | 6 ++++--
6 files changed, 14 insertions(+), 8 deletions(-)
hooks/post-receive
--
Undernet IRC Server Source Code.
_______________________________________________
Patches mailing list
[email protected]
http://undernet.sbg.org/mailman/listinfo/patches
