Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KLine SSL Issue 177 #207

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

KLine SSL Issue 177 #207

wants to merge 1 commit into from
+14 −14

Conversation

holbrookb
Copy link
Member

Check for ban after SSL stuff done with, now get KLine/AKill info instead of SSL error instead.

@holbrookb
KLine SSL Issue 177
3ffc367 
Check for ban after SSL stuff done with, now get KLine/AKill info instead of SSL error instead.
@eaescob eaescob requested review from crigler and rscs April 4, 2022 14:40
@eaescob eaescob linked an issue Apr 6, 2022 that may be closed by this pull request
Handling of KLINE and AKILL errors when connecting with SSL #177
Open
crigler
crigler reviewed Apr 6, 2022
View reviewed changes
src/s_bsd.c
Comment on lines -1366 to -1377
ban = check_userbanned(acptr, UBAN_IP|UBAN_CIDR4|UBAN_WILDUSER, 0);
if(ban)
{
int loc = (ban->flags & UBAN_LOCAL) ? 1 : 0;

ircstp->is_ref++;
ircstp->is_ref_1++;
exit_banned_client(acptr, loc, loc ? 'K' : 'A', ban->reason, 0);

return NULL;
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like check_userbanned will be postponed until SERVER or USER is parsed even for non-SSL connections. Couldn't we just silently return here if it is a banned SSL connection, and add another ban check when the SSL handshake is finished?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True. By skipping this part, one less look through the banlist for a match, especially if the ban is placed on user@host, as we don't have the user info here yet.

src/s_user.c
if(!(ban = check_userbanned(sptr, UBAN_IP|UBAN_CIDR4, UBAN_WILDUSER)))
if(!(ban = check_userbanned(sptr, UBAN_IP|UBAN_CIDR4, 0)))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is removing UBAN_WILDUSER necessary?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you look in check_userbanned, with the flag, during my tests, only bans on *@host instead of both and *user@host are being matched.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crigler crigler crigler left review comments

@rscs rscs Awaiting requested review from rscs

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handling of KLINE and AKILL errors when connecting with SSL
2 participants
@holbrookb @crigler