trunk/src/dnsbl.c

/*
 *  Copyright (c) 2002-2003 Erik Fears
 *  Copyright (c) 2014-2015 ircd-hybrid development team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
 *  USA
 */

#include "setup.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <time.h>
#include <errno.h>
#include <assert.h>

#include "compat.h"
#include "config.h"
#include "dnsbl.h"
#include "list.h"
#include "log.h"
#include "main.h"
#include "match.h"
#include "memory.h"
#include "scan.h"
#include "irc.h"
#include "stats.h"


/*
 * Work out the DNSBL zones and send the dns query
 */
void
dnsbl_add(struct scan_struct *ss)
{
  struct in_addr in;
  unsigned char a, b, c, d;
  char lookup[128];
  node_t *p;
  int res;
  struct dnsbl_scan *ds;

  if (inet_pton(AF_INET, ss->ip, &in) <= 0)
  {
    log_printf("DNSBL -> Invalid address '%s', ignoring.", ss->ip);
    return;
  }

  d = (unsigned char)(in.s_addr >> 24) & 0xFF;
  c = (unsigned char)(in.s_addr >> 16) & 0xFF;
  b = (unsigned char)(in.s_addr >>  8) & 0xFF;
  a = (unsigned char) in.s_addr & 0xFF;

  LIST_FOREACH(p, OpmItem->blacklists->head)
  {
    struct BlacklistConf *bl = p->data;

#ifdef WORDS_BIGENDIAN
    snprintf(lookup, sizeof(lookup), "%d.%d.%d.%d.%s", a, b, c, d, bl->name);
#else
    snprintf(lookup, sizeof(lookup), "%d.%d.%d.%d.%s", d, c, b, a, bl->name);
#endif

    ds = xcalloc(sizeof *ds);
    ds->ss = ss;
    ds->bl = bl;

    if (OPT_DEBUG)
      log_printf("DNSBL -> Passed '%s' to resolver", lookup);

    res = firedns_getip(FDNS_QRY_A, lookup, ds);

    if (res == -1 && fdns_errno != FDNS_ERR_FDLIMIT)
    {
      log_printf("DNSBL -> Error sending dns lookup for '%s': %s", lookup, firedns_strerror(fdns_errno));
      MyFree(ds);
    }
    else
      ++ss->scans;  /* Increase scan count - one for each blacklist */
  }
}

static void
dnsbl_positive(struct scan_struct *ss, struct BlacklistConf *bl, unsigned char type)
{
  char text_type[128] = "";
  node_t *p;

  if (bl->type == A_BITMASK)
  {
    LIST_FOREACH(p, bl->reply->head)
    {
      const struct BlacklistReplyConf *item = p->data;

      if (item->number & type)
      {
        strncat(text_type, item->type, sizeof(text_type) - strlen(text_type) - 2);
        text_type[sizeof(text_type) - 2] = '\0';

        strncat(text_type, ", ", sizeof(text_type) - strlen(text_type) - 1);
        text_type[sizeof(text_type) - 1] = '\0';
      }
    }

    if (text_type[0])
      *(strrchr(text_type, ',')) = '\0';
  }
  else
  {
    LIST_FOREACH(p, bl->reply->head)
    {
      const struct BlacklistReplyConf *item = p->data;

      if (item->number == type)
      {
        strlcpy(text_type, item->type, sizeof(text_type));
        break;
      }
    }
  }

  if (text_type[0] == '\0' && bl->ban_unknown == 0)
  {
    if (OPT_DEBUG)
      log_printf("DNSBL -> Unknown result from BL zone %s (%d)", bl->name, type);

    return;
  }

  if (ss->manual_target)
    irc_send("PRIVMSG %s :CHECK -> DNSBL -> %s appears in BL zone %s (%s)",
             ss->manual_target->name, ss->ip, bl->name, text_type);
  else if (ss->positive == 0)
  {
    /* Only report it if no other scans have found positives yet. */
    scan_positive(ss, (bl->kline[0] ? bl->kline : IRCItem->kline), text_type);

    irc_send_channels("DNSBL -> %s!%s@%s appears in BL zone %s (%s)",
                      ss->irc_nick, ss->irc_username, ss->irc_hostname, bl->name,
                      text_type);
    log_printf("DNSBL -> %s!%s@%s appears in BL zone %s (%s)",
               ss->irc_nick, ss->irc_username, ss->irc_hostname, bl->name,
               text_type);
  }

  /* Record stat */
  stats_dnsblrecv(bl);
}

void
dnsbl_result(struct firedns_result *res)
{
  struct dnsbl_scan *const ds = res->info;

  if (OPT_DEBUG)
  {
    if (ds->ss->manual_target)
      log_printf("DNSBL -> Lookup result for %s (%s) %d.%d.%d.%d (error: %d)",
                 ds->ss->ip,
                 res->lookup,
                 (unsigned char)res->text[0],
                 (unsigned char)res->text[1],
                 (unsigned char)res->text[2],
                 (unsigned char)res->text[3], fdns_errno);
    else
      log_printf("DNSBL -> Lookup result for %s!%s@%s (%s) %d.%d.%d.%d (error: %d)",
                 ds->ss->irc_nick,
                 ds->ss->irc_username,
                 ds->ss->irc_hostname,
                 res->lookup,
                 (unsigned char)res->text[0],
                 (unsigned char)res->text[1],
                 (unsigned char)res->text[2],
                 (unsigned char)res->text[3], fdns_errno);
  }

  /* Everything is OK */
  if (res->text[0] == '\0' && fdns_errno == FDNS_ERR_NXDOMAIN)
  {
    if (ds->ss->manual_target)
      irc_send("PRIVMSG %s :CHECK -> DNSBL -> %s does not appear in BL zone %s",
               ds->ss->manual_target->name, ds->ss->ip,
               (strlen(ds->ss->ip) < strlen(res->lookup)) ? (res->lookup + strlen(ds->ss->ip) + 1) : res->lookup);

    --ds->ss->scans;  /* We are done with ss here */
    scan_checkfinished(ds->ss);  /* This could free ss, don't use ss after this point */
    MyFree(ds);  /* No longer need our information */
    return;
  }

  /* Either an error, or a positive lookup */
  if (fdns_errno == FDNS_ERR_NONE)
    dnsbl_positive(ds->ss, ds->bl, (unsigned char)res->text[3]);
  else
  {
    log_printf("DNSBL -> Lookup error on %s: %s", res->lookup,
               firedns_strerror(fdns_errno));

    if (fdns_errno != FDNS_ERR_TIMEOUT)
      irc_send_channels("DNSBL -> Lookup error on %s: %s", res->lookup,
                        firedns_strerror(fdns_errno));
  }

  /* Check if ss has any remaining scans */
  --ds->ss->scans;  /* We are done with ss here */
  scan_checkfinished(ds->ss);  /* This could free ss, don't use ss after this point */
  MyFree(ds);  /* Finished with dnsbl_scan too */
}

void
dnsbl_cycle(void)
{
  firedns_cycle();
}

#define DNSBL_REPORT_VERSION "3.1.3"

/*
 * Send an email to report this open proxy.
 */
void
dnsbl_report(const struct scan_struct *ss)
{
  char buf[4096], cmdbuf[512];
  FILE *fp;

  assert(ss->ip);

  if (EmptyString(OpmItem->dnsbl_to) || EmptyString(OpmItem->dnsbl_from) || EmptyString(OpmItem->sendmail))
    return;

  snprintf(cmdbuf, sizeof(cmdbuf), "%s -t", OpmItem->sendmail);
  snprintf(buf, sizeof(buf),
           "From: %s <%s>\n"
           "To: %s\n"
           "Subject: BOPM Report\n"
           "X-BOPM-Version: %s\n\n"
           "%s: %s:%d\n\n"
           "%s\n", IRCItem->nick, OpmItem->dnsbl_from, OpmItem->dnsbl_to,
           DNSBL_REPORT_VERSION, scan_gettype(ss->remote->protocol), ss->ip,
           ss->remote->port, ss->proof);

  if (OPT_DEBUG >= 3)
    log_printf("DNSBL -> Sending following email:\n%s\n", buf);

  if ((fp = popen(cmdbuf, "w")) == NULL)
  {
    log_printf("DNSBL -> Failed to create pipe to '%s' for email report!", cmdbuf);
    irc_send_channels("I was trying to create a pipe to '%s' to send a DNSBL "
                      "report, and it failed! I'll give up for now.",
                      cmdbuf);
    return;
  }

  fputs(buf, fp);
  pclose(fp);

  log_printf("DNSBL -> Sent report to %s [%s]", OpmItem->dnsbl_to, ss->ip);

  /* Record send in stats */
  stats_dnsblsend();
}
Revision:	5383
Committed:	Sat Jan 17 19:22:21 2015 UTC (10 years, 7 months ago) by michael
Content type:	text/x-csrc
File size:	7952 byte(s)
Log Message:	- dnsbl.c:dnsbl_report(): added missing space in channel message
#	User	Rev	Content
1	michael	5052	/*
2	michael	5351	* Copyright (c) 2002-2003 Erik Fears
3			* Copyright (c) 2014-2015 ircd-hybrid development team
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License
16			* along with this program; if not, write to the Free Software
17			* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
18			* USA
19			*/
20	michael	5052
21			#include "setup.h"
22
23			#include <stdio.h>
24			#include <stdlib.h>
25			#include <string.h>
26			#include <sys/types.h>
27			#include <sys/socket.h>
28			#include <netinet/in.h>
29			#include <arpa/inet.h>
30			#include <time.h>
31			#include <errno.h>
32	michael	5318	#include <assert.h>
33	michael	5052
34			#include "compat.h"
35			#include "config.h"
36			#include "dnsbl.h"
37			#include "list.h"
38			#include "log.h"
39	michael	5202	#include "main.h"
40	michael	5378	#include "match.h"
41	michael	5333	#include "memory.h"
42	michael	5052	#include "scan.h"
43			#include "irc.h"
44			#include "stats.h"
45
46
47			/*
48			* Work out the DNSBL zones and send the dns query
49			*/
50	michael	5114	void
51			dnsbl_add(struct scan_struct *ss)
52	michael	5052	{
53	michael	5114	struct in_addr in;
54			unsigned char a, b, c, d;
55			char lookup[128];
56			node_t *p;
57			int res;
58			struct dnsbl_scan *ds;
59	michael	5052
60	michael	5170	if (inet_pton(AF_INET, ss->ip, &in) <= 0)
61	michael	5114	{
62			log_printf("DNSBL -> Invalid address '%s', ignoring.", ss->ip);
63			return;
64			}
65	michael	5052
66	michael	5114	d = (unsigned char)(in.s_addr >> 24) & 0xFF;
67			c = (unsigned char)(in.s_addr >> 16) & 0xFF;
68			b = (unsigned char)(in.s_addr >> 8) & 0xFF;
69			a = (unsigned char) in.s_addr & 0xFF;
70	michael	5052
71	michael	5114	LIST_FOREACH(p, OpmItem->blacklists->head)
72			{
73			struct BlacklistConf *bl = p->data;
74
75	michael	5052	#ifdef WORDS_BIGENDIAN
76	michael	5285	snprintf(lookup, sizeof(lookup), "%d.%d.%d.%d.%s", a, b, c, d, bl->name);
77	michael	5052	#else
78	michael	5285	snprintf(lookup, sizeof(lookup), "%d.%d.%d.%d.%s", d, c, b, a, bl->name);
79	michael	5052	#endif
80
81	michael	5274	ds = xcalloc(sizeof *ds);
82	michael	5114	ds->ss = ss;
83			ds->bl = bl;
84	michael	5052
85	michael	5114	if (OPT_DEBUG)
86			log_printf("DNSBL -> Passed '%s' to resolver", lookup);
87	michael	5052
88	michael	5315	res = firedns_getip(FDNS_QRY_A, lookup, ds);
89	michael	5052
90	michael	5114	if (res == -1 && fdns_errno != FDNS_ERR_FDLIMIT)
91			{
92			log_printf("DNSBL -> Error sending dns lookup for '%s': %s", lookup, firedns_strerror(fdns_errno));
93	michael	5315	MyFree(ds);
94	michael	5114	}
95			else
96			++ss->scans; /* Increase scan count - one for each blacklist */
97			}
98	michael	5052	}
99
100	michael	5114	static void
101			dnsbl_positive(struct scan_struct ss, struct BlacklistConf bl, unsigned char type)
102	michael	5052	{
103	michael	5114	char text_type[128] = "";
104			node_t *p;
105
106			if (bl->type == A_BITMASK)
107			{
108			LIST_FOREACH(p, bl->reply->head)
109			{
110	michael	5279	const struct BlacklistReplyConf *item = p->data;
111	michael	5114
112			if (item->number & type)
113	michael	5052	{
114	michael	5114	strncat(text_type, item->type, sizeof(text_type) - strlen(text_type) - 2);
115			text_type[sizeof(text_type) - 2] = '\0';
116
117			strncat(text_type, ", ", sizeof(text_type) - strlen(text_type) - 1);
118			text_type[sizeof(text_type) - 1] = '\0';
119	michael	5052	}
120	michael	5114	}
121
122			if (text_type[0])
123			*(strrchr(text_type, ',')) = '\0';
124			}
125			else
126			{
127			LIST_FOREACH(p, bl->reply->head)
128			{
129	michael	5279	const struct BlacklistReplyConf *item = p->data;
130	michael	5114
131			if (item->number == type)
132	michael	5052	{
133	michael	5114	strlcpy(text_type, item->type, sizeof(text_type));
134			break;
135	michael	5052	}
136	michael	5114	}
137			}
138	michael	5052
139	michael	5114	if (text_type[0] == '\0' && bl->ban_unknown == 0)
140			{
141			if (OPT_DEBUG)
142			log_printf("DNSBL -> Unknown result from BL zone %s (%d)", bl->name, type);
143	michael	5052
144	michael	5114	return;
145			}
146	michael	5052
147	michael	5114	if (ss->manual_target)
148			irc_send("PRIVMSG %s :CHECK -> DNSBL -> %s appears in BL zone %s (%s)",
149			ss->manual_target->name, ss->ip, bl->name, text_type);
150	michael	5322	else if (ss->positive == 0)
151	michael	5114	{
152			/* Only report it if no other scans have found positives yet. */
153			scan_positive(ss, (bl->kline[0] ? bl->kline : IRCItem->kline), text_type);
154
155			irc_send_channels("DNSBL -> %s!%s@%s appears in BL zone %s (%s)",
156			ss->irc_nick, ss->irc_username, ss->irc_hostname, bl->name,
157			text_type);
158			log_printf("DNSBL -> %s!%s@%s appears in BL zone %s (%s)",
159			ss->irc_nick, ss->irc_username, ss->irc_hostname, bl->name,
160			text_type);
161			}
162
163			/* Record stat */
164			stats_dnsblrecv(bl);
165	michael	5052	}
166
167	michael	5114	void
168			dnsbl_result(struct firedns_result *res)
169	michael	5052	{
170	michael	5319	struct dnsbl_scan *const ds = res->info;
171	michael	5052
172	michael	5114	if (OPT_DEBUG)
173			{
174	michael	5090	if (ds->ss->manual_target)
175			log_printf("DNSBL -> Lookup result for %s (%s) %d.%d.%d.%d (error: %d)",
176	michael	5114	ds->ss->ip,
177			res->lookup,
178			(unsigned char)res->text[0],
179			(unsigned char)res->text[1],
180			(unsigned char)res->text[2],
181			(unsigned char)res->text[3], fdns_errno);
182	michael	5090	else
183	michael	5052	log_printf("DNSBL -> Lookup result for %s!%s@%s (%s) %d.%d.%d.%d (error: %d)",
184	michael	5114	ds->ss->irc_nick,
185			ds->ss->irc_username,
186			ds->ss->irc_hostname,
187			res->lookup,
188			(unsigned char)res->text[0],
189			(unsigned char)res->text[1],
190			(unsigned char)res->text[2],
191			(unsigned char)res->text[3], fdns_errno);
192			}
193	michael	5052
194	michael	5114	/* Everything is OK */
195			if (res->text[0] == '\0' && fdns_errno == FDNS_ERR_NXDOMAIN)
196			{
197			if (ds->ss->manual_target)
198			irc_send("PRIVMSG %s :CHECK -> DNSBL -> %s does not appear in BL zone %s",
199			ds->ss->manual_target->name, ds->ss->ip,
200			(strlen(ds->ss->ip) < strlen(res->lookup)) ? (res->lookup + strlen(ds->ss->ip) + 1) : res->lookup);
201	michael	5052
202	michael	5114	--ds->ss->scans; /* We are done with ss here */
203			scan_checkfinished(ds->ss); /* This could free ss, don't use ss after this point */
204			MyFree(ds); /* No longer need our information */
205			return;
206			}
207	michael	5052
208	michael	5114	/* Either an error, or a positive lookup */
209			if (fdns_errno == FDNS_ERR_NONE)
210			dnsbl_positive(ds->ss, ds->bl, (unsigned char)res->text[3]);
211			else
212			{
213			log_printf("DNSBL -> Lookup error on %s: %s", res->lookup,
214			firedns_strerror(fdns_errno));
215	michael	5052
216	michael	5114	if (fdns_errno != FDNS_ERR_TIMEOUT)
217			irc_send_channels("DNSBL -> Lookup error on %s: %s", res->lookup,
218			firedns_strerror(fdns_errno));
219			}
220	michael	5052
221	michael	5114	/* Check if ss has any remaining scans */
222			--ds->ss->scans; /* We are done with ss here */
223			scan_checkfinished(ds->ss); /* This could free ss, don't use ss after this point */
224			MyFree(ds); /* Finished with dnsbl_scan too */
225	michael	5052	}
226
227	michael	5114	void
228			dnsbl_cycle(void)
229	michael	5052	{
230	michael	5114	firedns_cycle();
231	michael	5052	}
232
233	michael	5256	#define DNSBL_REPORT_VERSION "3.1.3"
234
235	michael	5052	/*
236			* Send an email to report this open proxy.
237			*/
238	michael	5114	void
239	michael	5319	dnsbl_report(const struct scan_struct *ss)
240	michael	5052	{
241	michael	5114	char buf[4096], cmdbuf[512];
242			FILE *fp;
243	michael	5052
244	michael	5318	assert(ss->ip);
245	michael	5052
246	michael	5114	if (EmptyString(OpmItem->dnsbl_to) \|\| EmptyString(OpmItem->dnsbl_from) \|\| EmptyString(OpmItem->sendmail))
247			return;
248	michael	5052
249	michael	5114	snprintf(cmdbuf, sizeof(cmdbuf), "%s -t", OpmItem->sendmail);
250			snprintf(buf, sizeof(buf),
251			"From: %s <%s>\n"
252			"To: %s\n"
253			"Subject: BOPM Report\n"
254			"X-BOPM-Version: %s\n\n"
255			"%s: %s:%d\n\n"
256			"%s\n", IRCItem->nick, OpmItem->dnsbl_from, OpmItem->dnsbl_to,
257	michael	5256	DNSBL_REPORT_VERSION, scan_gettype(ss->remote->protocol), ss->ip,
258	michael	5114	ss->remote->port, ss->proof);
259	michael	5052
260	michael	5114	if (OPT_DEBUG >= 3)
261			log_printf("DNSBL -> Sending following email:\n%s\n", buf);
262	michael	5052
263	michael	5114	if ((fp = popen(cmdbuf, "w")) == NULL)
264			{
265			log_printf("DNSBL -> Failed to create pipe to '%s' for email report!", cmdbuf);
266	michael	5383	irc_send_channels("I was trying to create a pipe to '%s' to send a DNSBL "
267	michael	5114	"report, and it failed! I'll give up for now.",
268			cmdbuf);
269			return;
270			}
271	michael	5052
272	michael	5114	fputs(buf, fp);
273			pclose(fp);
274	michael	5052
275	michael	5114	log_printf("DNSBL -> Sent report to %s [%s]", OpmItem->dnsbl_to, ss->ip);
276	michael	5052
277	michael	5114	/* Record send in stats */
278			stats_dnsblsend();
279	michael	5052	}