From da7cba69389c3c90cb9e02ac2d18f62d3e83a944 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Tue, 19 Jan 2021 01:43:24 +0000 Subject: Fix the DNS socket not being closed when core_dns is unloaded. --- src/coremods/core_dns.cpp | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/coremods/core_dns.cpp b/src/coremods/core_dns.cpp index 11c2c823c..aec413207 100644 --- a/src/coremods/core_dns.cpp +++ b/src/coremods/core_dns.cpp @@ -409,6 +409,19 @@ class MyManager : public Manager, public Timer, public EventHandler this->cache[r.question] = r; } + void Close() + { + // Shutdown the socket if it exists. + if (HasFd()) + { + SocketEngine::Shutdown(this, 2); + SocketEngine::Close(this); + } + + // Remove all entries from the cache. + cache.clear(); + } + public: DNS::Request* requests[MAX_REQUEST_ID+1]; @@ -423,6 +436,7 @@ class MyManager : public Manager, public Timer, public EventHandler ~MyManager() { // Ensure Process() will fail for new requests + Close(); unloading = true; for (unsigned int i = 0; i <= MAX_REQUEST_ID; ++i) @@ -703,23 +717,15 @@ class MyManager : public Manager, public Timer, public EventHandler void Rehash(const std::string& dnsserver, std::string sourceaddr, unsigned int sourceport) { - if (this->HasFd()) - { - SocketEngine::Shutdown(this, 2); - SocketEngine::Close(this); - - // Remove all entries from the cache. - cache.clear(); - } - irc::sockets::aptosa(dnsserver, DNS::PORT, myserver); /* Initialize mastersocket */ + Close(); int s = socket(myserver.family(), SOCK_DGRAM, 0); this->SetFd(s); /* Have we got a socket? */ - if (this->GetFd() != -1) + if (this->HasFd()) { SocketEngine::SetReuse(s); SocketEngine::NonBlocking(s); -- cgit v1.3.1-10-gc9f91 From 5fe9da839cc387244f9d34aececd6aa28f551c90 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Tue, 19 Jan 2021 07:05:51 +0000 Subject: Refactor the globalload module. - Require that a non-empty last parameter is given to the commands. - Use WriteRemoteNumeric instead of WriteNumeric so opers actually see the response. - Store instead of looking it up every time. --- src/modules/m_globalload.cpp | 56 ++++++++++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/modules/m_globalload.cpp b/src/modules/m_globalload.cpp index 71a455a34..f1961f6b4 100644 --- a/src/modules/m_globalload.cpp +++ b/src/modules/m_globalload.cpp @@ -26,13 +26,13 @@ #include "inspircd.h" -/** Handle /GLOADMODULE - */ -class CommandGloadmodule : public Command +class CommandGLoadModule : public Command { public: - CommandGloadmodule(Module* Creator) : Command(Creator,"GLOADMODULE", 1) + CommandGLoadModule(Module* Creator) + : Command(Creator,"GLOADMODULE", 1) { + allow_empty_last_param = false; flags_needed = 'o'; syntax = " []"; } @@ -46,11 +46,11 @@ class CommandGloadmodule : public Command if (ServerInstance->Modules->Load(parameters[0].c_str())) { ServerInstance->SNO->WriteToSnoMask('a', "NEW MODULE '%s' GLOBALLY LOADED BY '%s'",parameters[0].c_str(), user->nick.c_str()); - user->WriteNumeric(RPL_LOADEDMODULE, parameters[0], "Module successfully loaded."); + user->WriteRemoteNumeric(RPL_LOADEDMODULE, parameters[0], "Module successfully loaded."); } else { - user->WriteNumeric(ERR_CANTLOADMODULE, parameters[0], ServerInstance->Modules->LastError()); + user->WriteRemoteNumeric(ERR_CANTLOADMODULE, parameters[0], ServerInstance->Modules->LastError()); } } else @@ -65,23 +65,24 @@ class CommandGloadmodule : public Command } }; -/** Handle /GUNLOADMODULE - */ -class CommandGunloadmodule : public Command +class CommandGUnloadModule : public Command { public: - CommandGunloadmodule(Module* Creator) : Command(Creator,"GUNLOADMODULE", 1) + bool allowcoreunload; + + CommandGUnloadModule(Module* Creator) + : Command(Creator,"GUNLOADMODULE", 1) { + allow_empty_last_param = false; flags_needed = 'o'; syntax = " []"; } CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE { - if (!ServerInstance->Config->ConfValue("security")->getBool("allowcoreunload") && - InspIRCd::Match(parameters[0], "core_*.so", ascii_case_insensitive_map)) + if (!allowcoreunload && InspIRCd::Match(parameters[0], "core_*.so", ascii_case_insensitive_map)) { - user->WriteNumeric(ERR_CANTUNLOADMODULE, parameters[0], "You cannot unload core commands!"); + user->WriteRemoteNumeric(ERR_CANTUNLOADMODULE, parameters[0], "You cannot unload core commands!"); return CMD_FAILURE; } @@ -99,7 +100,7 @@ class CommandGunloadmodule : public Command } else { - user->WriteNumeric(ERR_CANTUNLOADMODULE, parameters[0], ServerInstance->Modules->LastError()); + user->WriteRemoteNumeric(ERR_CANTUNLOADMODULE, parameters[0], ServerInstance->Modules->LastError()); } } else @@ -117,13 +118,13 @@ class CommandGunloadmodule : public Command } }; -/** Handle /GRELOADMODULE - */ -class CommandGreloadmodule : public Command +class CommandGReloadModule : public Command { public: - CommandGreloadmodule(Module* Creator) : Command(Creator, "GRELOADMODULE", 1) + CommandGReloadModule(Module* Creator) + : Command(Creator, "GRELOADMODULE", 1) { + allow_empty_last_param = false; flags_needed = 'o'; syntax = " []"; } @@ -142,7 +143,7 @@ class CommandGreloadmodule : public Command } else { - user->WriteNumeric(RPL_LOADEDMODULE, parameters[0], "Could not find module by that name"); + user->WriteRemoteNumeric(RPL_LOADEDMODULE, parameters[0], "Could not find module by that name"); return CMD_FAILURE; } } @@ -160,14 +161,23 @@ class CommandGreloadmodule : public Command class ModuleGlobalLoad : public Module { - CommandGloadmodule cmd1; - CommandGunloadmodule cmd2; - CommandGreloadmodule cmd3; + private: + CommandGLoadModule cmdgloadmodule; + CommandGUnloadModule cmdgunloadmodule; + CommandGReloadModule cmdgreloadmodule; public: ModuleGlobalLoad() - : cmd1(this), cmd2(this), cmd3(this) + : cmdgloadmodule(this) + , cmdgunloadmodule(this) + , cmdgreloadmodule(this) + { + } + + void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE { + ConfigTag* securitytag = ServerInstance->Config->ConfValue("security"); + cmdgunloadmodule.allowcoreunload = securitytag->getBool("allowcoreunload"); } Version GetVersion() CXX11_OVERRIDE -- cgit v1.3.1-10-gc9f91 From 28fef58b882e34369c935d56cb4ac50429cba8c7 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Tue, 19 Jan 2021 07:19:48 +0000 Subject: Send ERR_CANTUNLOADMODULE when unloading a module on reload fails. --- src/coremods/core_reloadmodule.cpp | 9 ++++++--- src/modules/m_globalload.cpp | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/coremods/core_reloadmodule.cpp b/src/coremods/core_reloadmodule.cpp index 98bf2ab40..34eaeae18 100644 --- a/src/coremods/core_reloadmodule.cpp +++ b/src/coremods/core_reloadmodule.cpp @@ -736,7 +736,10 @@ class ReloadAction : public ActionBase ServerInstance->SNO->WriteGlobalSno('a', "RELOAD MODULE: %s %ssuccessfully reloaded", passedname.c_str(), result ? "" : "un"); User* user = ServerInstance->FindUUID(uuid); if (user) - user->WriteNumeric(RPL_LOADEDMODULE, passedname, InspIRCd::Format("Module %ssuccessfully reloaded.", (result ? "" : "un"))); + { + int numeric = result ? RPL_LOADEDMODULE : ERR_CANTUNLOADMODULE; + user->WriteNumeric(numeric, passedname, InspIRCd::Format("Module %ssuccessfully reloaded.", (result ? "" : "un"))); + } ServerInstance->GlobalCulls.AddItem(this); } @@ -747,7 +750,7 @@ CmdResult CommandReloadmodule::Handle(User* user, const Params& parameters) Module* m = ServerInstance->Modules->Find(parameters[0]); if (m == creator) { - user->WriteNumeric(RPL_LOADEDMODULE, parameters[0], "You cannot reload core_reloadmodule (unload and load it)"); + user->WriteNumeric(ERR_CANTUNLOADMODULE, parameters[0], "You cannot reload core_reloadmodule (unload and load it)"); return CMD_FAILURE; } @@ -761,7 +764,7 @@ CmdResult CommandReloadmodule::Handle(User* user, const Params& parameters) } else { - user->WriteNumeric(RPL_LOADEDMODULE, parameters[0], "Could not find module by that name"); + user->WriteNumeric(ERR_CANTUNLOADMODULE, parameters[0], "Could not find module by that name"); return CMD_FAILURE; } } diff --git a/src/modules/m_globalload.cpp b/src/modules/m_globalload.cpp index f1961f6b4..15c41502f 100644 --- a/src/modules/m_globalload.cpp +++ b/src/modules/m_globalload.cpp @@ -143,7 +143,7 @@ class CommandGReloadModule : public Command } else { - user->WriteRemoteNumeric(RPL_LOADEDMODULE, parameters[0], "Could not find module by that name"); + user->WriteRemoteNumeric(ERR_CANTUNLOADMODULE, parameters[0], "Could not find module by that name"); return CMD_FAILURE; } } -- cgit v1.3.1-10-gc9f91 From a601cf2f0d9754e4bb11a28ce8954a86ad4e367e Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Tue, 19 Jan 2021 08:42:44 +0000 Subject: Add ; allows disabling DNS lookups entirely. Ref: #1839. --- include/modules/dns.h | 1 + src/coremods/core_dns.cpp | 56 +++++++++++++++++++++++++++++++++-------------- 2 files changed, 40 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/include/modules/dns.h b/include/modules/dns.h index 8ac90f7de..6e7527a55 100644 --- a/include/modules/dns.h +++ b/include/modules/dns.h @@ -57,6 +57,7 @@ namespace DNS enum Error { ERROR_NONE, + ERROR_DISABLED, ERROR_UNKNOWN, ERROR_UNLOADED, ERROR_TIMEDOUT, diff --git a/src/coremods/core_dns.cpp b/src/coremods/core_dns.cpp index aec413207..dbfb0b582 100644 --- a/src/coremods/core_dns.cpp +++ b/src/coremods/core_dns.cpp @@ -409,19 +409,6 @@ class MyManager : public Manager, public Timer, public EventHandler this->cache[r.question] = r; } - void Close() - { - // Shutdown the socket if it exists. - if (HasFd()) - { - SocketEngine::Shutdown(this, 2); - SocketEngine::Close(this); - } - - // Remove all entries from the cache. - cache.clear(); - } - public: DNS::Request* requests[MAX_REQUEST_ID+1]; @@ -453,11 +440,32 @@ class MyManager : public Manager, public Timer, public EventHandler } } + void Close() + { + // Shutdown the socket if it exists. + if (HasFd()) + { + SocketEngine::Shutdown(this, 2); + SocketEngine::Close(this); + } + + // Remove all entries from the cache. + cache.clear(); + } + void Process(DNS::Request* req) CXX11_OVERRIDE { if ((unloading) || (req->creator->dying)) throw Exception("Module is being unloaded"); + if (!HasFd()) + { + Query rr(req->question); + rr.error = ERROR_DISABLED; + req->OnError(&rr); + return; + } + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Processing request to lookup " + req->question.name + " of type " + ConvToStr(req->question.type) + " to " + this->myserver.addr()); /* Create an id */ @@ -547,6 +555,8 @@ class MyManager : public Manager, public Timer, public EventHandler case ERROR_DOMAIN_NOT_FOUND: case ERROR_NO_RECORDS: return "Domain not found"; + case ERROR_DISABLED: + return "DNS lookups are disabled"; case ERROR_NONE: case ERROR_UNKNOWN: default: @@ -838,13 +848,25 @@ class ModuleDNS : public Module void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE { - std::string oldserver = DNSServer; - const std::string oldip = SourceIP; - const unsigned int oldport = SourcePort; - ConfigTag* tag = ServerInstance->Config->ConfValue("dns"); + if (!tag->getBool("enabled", true)) + { + // Clear these so they get reset if DNS is enabled again. + DNSServer.clear(); + SourceIP.clear(); + SourcePort = 0; + + this->manager.Close(); + return; + } + + const std::string oldserver = DNSServer; DNSServer = tag->getString("server"); + + const std::string oldip = SourceIP; SourceIP = tag->getString("sourceip"); + + const unsigned int oldport = SourcePort; SourcePort = tag->getUInt("sourceport", 0, 0, UINT16_MAX); if (DNSServer.empty()) -- cgit v1.3.1-10-gc9f91 From cc28ba0f2164ea68db1bc373ee06fc58f82c3314 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Wed, 20 Jan 2021 11:50:41 +0000 Subject: Make the UNIX socket listener path relative to the runtime path. This is not a breaking change because unless the runtime path is explicitly set it defaults to the same as the data path. --- src/socket.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/socket.cpp b/src/socket.cpp index 78b7f2de9..37d0fb73b 100644 --- a/src/socket.cpp +++ b/src/socket.cpp @@ -105,7 +105,7 @@ size_t InspIRCd::BindPorts(FailedPortList& failed_ports) if (!path.empty()) { // Expand the path relative to the config directory. - const std::string fullpath = ServerInstance->Config->Paths.PrependData(path); + const std::string fullpath = ServerInstance->Config->Paths.PrependRuntime(path); // UNIX socket paths are length limited to less than PATH_MAX. irc::sockets::sockaddrs bindspec; -- cgit v1.3.1-10-gc9f91 From 05fe4bdd1dbe3162abb6efe830bc21bb94c73fa8 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Wed, 27 Jan 2021 19:31:48 +0000 Subject: Allow disabling connectban for specific connect classes. Ref: #1841. --- docs/conf/inspircd.conf.example | 4 ++++ src/modules/m_connectban.cpp | 14 ++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index 06ad9669d..fecaafdc2 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -304,6 +304,10 @@ # in this class. This can save a lot of resources on very busy servers. resolvehostnames="yes" + # useconnectban: Defines if users in this class should be exempt from connectban limits. + # This setting only has effect when the connectban module is loaded. + #useconnectban="yes" + # usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes. # This setting only has effect when the dnsbl module is loaded. #usednsbl="yes" diff --git a/src/modules/m_connectban.cpp b/src/modules/m_connectban.cpp index 81b0fcfa7..b4b16f539 100644 --- a/src/modules/m_connectban.cpp +++ b/src/modules/m_connectban.cpp @@ -61,6 +61,16 @@ class ModuleConnectBan return 0; } + static bool IsExempt(LocalUser* user) + { + // E-lined and already banned users shouldn't be hit. + if (user->exempt || user->quitting) + return true; + + // Users in an exempt class shouldn't be hit. + return user->GetClass() && !user->GetClass()->config->getBool("useconnectban", true); + } + public: ModuleConnectBan() : WebIRC::EventListener(this) @@ -91,7 +101,7 @@ class ModuleConnectBan void OnWebIRCAuth(LocalUser* user, const WebIRC::FlagMap* flags) CXX11_OVERRIDE { - if (user->exempt) + if (IsExempt(user)) return; // HACK: Lower the connection attempts for the gateway IP address. The user @@ -105,7 +115,7 @@ class ModuleConnectBan void OnSetUserIP(LocalUser* u) CXX11_OVERRIDE { - if (u->exempt || u->quitting) + if (IsExempt(u)) return; irc::sockets::cidr_mask mask(u->client_sa, GetRange(u)); -- cgit v1.3.1-10-gc9f91