ViewVC Help

View File | Revision Log | Show Annotations | View Changeset | Root Listing

root/svn/ircd-hybrid/trunk/src/auth.c

Comparing:
ircd-hybrid-7.2/src/s_auth.c (file contents), Revision 650 by michael, Thu Jun 8 07:00:17 2006 UTC vs.
ircd-hybrid/trunk/src/s_auth.c (file contents), Revision 3168 by michael, Sat Mar 15 23:46:08 2014 UTC

#	Line 1 | Line 1
1		/*
2	<	*  ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3	<	*  s_auth.c: Functions for querying a users ident.
2	>	*  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3		*
4	<	*  Copyright (C) 2002 by the past and present ircd coders, and others.
4	>	*  Copyright (c) 1997-2014 ircd-hybrid development team
5		*
6		*  This program is free software; you can redistribute it and/or modify
7		*  it under the terms of the GNU General Public License as published by
#	Line 18 | Line 17
17		*  along with this program; if not, write to the Free Software
18		*  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
19		*  USA
20	<	*
21	<	*  $Id$
20	>	*/
21	>
22	>	/*! \file s_auth.c
23	>	* \brief Functions for querying a users ident.
24	>	* \version $Id$
25		*/
26
27		/*
#	Line 32 | Line 34
34		*     any messages from it.
35		*     --Bleep  Thomas Helvey <tomh@inxpress.net>
36		*/
37	+
38		#include "stdinc.h"
36	–	#include "tools.h"
39		#include "list.h"
40	+	#include "ircd_defs.h"
41	+	#include "fdlist.h"
42		#include "s_auth.h"
43	<	#include "s_conf.h"
43	>	#include "conf.h"
44		#include "client.h"
41	–	#include "common.h"
45		#include "event.h"
43	–	#include "fdlist.h"              /* fdlist_add */
46		#include "hook.h"
47		#include "irc_string.h"
46	–	#include "sprintf_irc.h"
48		#include "ircd.h"
48	–	#include "numeric.h"
49		#include "packet.h"
50		#include "irc_res.h"
51		#include "s_bsd.h"
52	<	#include "s_log.h"
53	<	#include "s_stats.h"
52	>	#include "log.h"
53		#include "send.h"
54	<	#include "memory.h"
54	>	#include "mempool.h"
55	>
56
57	<	static const char *HeaderMessages[] = {
58	<	":%s NOTICE AUTH :*** Looking up your hostname...",
59	<	":%s NOTICE AUTH :*** Found your hostname",
60	<	":%s NOTICE AUTH :*** Couldn't look up your hostname",
61	<	":%s NOTICE AUTH :*** Checking Ident",
62	<	":%s NOTICE AUTH :*** Got Ident response",
63	<	":%s NOTICE AUTH :*** No Ident response",
64	<	":%s NOTICE AUTH :*** Your forward and reverse DNS do not match, ignoring hostname.",
65	<	":%s NOTICE AUTH :*** Your hostname is too long, ignoring hostname"
57	>	static const char *HeaderMessages[] =
58	>	{
59	>	":*** Looking up your hostname...",
60	>	":*** Found your hostname",
61	>	":*** Couldn't look up your hostname",
62	>	":*** Checking Ident",
63	>	":*** Got Ident response",
64	>	":*** No Ident response",
65	>	":*** Your forward and reverse DNS do not match, ignoring hostname.",
66	>	":*** Your hostname is too long, ignoring hostname"
67		};
68
69	<	enum {
69	>	enum
70	>	{
71		REPORT_DO_DNS,
72		REPORT_FIN_DNS,
73		REPORT_FAIL_DNS,
#	Line 76 | Line 78 | enum {
78		REPORT_HOST_TOOLONG
79		};
80
81	<	#define sendheader(c, i) sendto_one((c), HeaderMessages[(i)], me.name)
81	>	#define sendheader(c, i) sendto_one_notice((c), &me, HeaderMessages[(i)])
82
83	<	/*
82	<	* Ok, the original was confusing.
83	<	* Now there are two lists, an auth request can be on both at the same time
84	<	* or only on one or the other.
85	<	* - Dianora
86	<	*/
87	<	static dlink_list auth_doing_dns_list   = { NULL, NULL, 0 };
88	<	static dlink_list auth_doing_ident_list = { NULL, NULL, 0 };
83	>	static dlink_list auth_doing_list = { NULL, NULL, 0 };
84
85		static EVH timeout_auth_queries_event;
86
87		static PF read_auth_reply;
88		static CNCB auth_connect_callback;
94	–	static CBFUNC start_auth;
89
90	<	struct Callback *auth_cb = NULL;
97	<
98	<	/* init_auth()
90	>	/* auth_init
91		*
92		* Initialise the auth code
93		*/
94		void
95	<	init_auth(void)
95	>	auth_init(void)
96		{
105	–	auth_cb = register_callback("start_auth", start_auth);
97		eventAddIsh("timeout_auth_queries_event", timeout_auth_queries_event, NULL, 1);
98		}
99
#	Line 112 | Line 103 | init_auth(void)
103		static struct AuthRequest *
104		make_auth_request(struct Client *client)
105		{
106	<	struct AuthRequest *request = MyMalloc(sizeof(struct AuthRequest));
106	>	struct AuthRequest *request = &client->localClient->auth;
107	>
108	>	memset(request, 0, sizeof(*request));
109
110		request->client  = client;
111		request->timeout = CurrentTime + CONNECTTIMEOUT;
#	Line 126 | Line 119 | make_auth_request(struct Client *client)
119		* the main io processing loop
120		*/
121		void
122	<	release_auth_client(struct Client *client)
122	>	release_auth_client(struct AuthRequest *auth)
123		{
124	+	struct Client *client = auth->client;
125	+
126	+	if (IsDoingAuth(auth) || IsDNSPending(auth))
127	+	return;
128	+
129	+	if (IsInAuth(auth))
130	+	{
131	+	dlinkDelete(&auth->node, &auth_doing_list);
132	+	ClearInAuth(auth);
133	+	}
134	+
135		/*
136		* When a client has auth'ed, we want to start reading what it sends
137		* us. This is what read_packet() does.
#	Line 136 | Line 140 | release_auth_client(struct Client *clien
140		client->localClient->allow_read = MAX_FLOOD;
141		comm_setflush(&client->localClient->fd, 1000, flood_recalc, client);
142
143	<	if ((client->node.prev != NULL) || (client->node.next != NULL))
140	<	{
141	<	sendto_realops_flags(UMODE_ALL, L_OPER,
142	<	"already linked %s at %s:%d", client->name,
143	<	__FILE__, __LINE__);
144	<	ilog(L_ERROR, "already linked %s at %s:%d", client->name,
145	<	__FILE__, __LINE__);
146	<	assert(0==5);
147	<	}
148	<	else
149	<	dlinkAdd(client, &client->node, &global_client_list);
143	>	dlinkAdd(client, &client->node, &global_client_list);
144
145	<	client_p->since  = client_p->lasttime = client_p->firsttime = CurrentTime;
146	<	client_p->flags |= FLAGS_FINISHED_AUTH;
145	>	client->localClient->since     = CurrentTime;
146	>	client->localClient->lasttime  = CurrentTime;
147	>	client->localClient->firsttime = CurrentTime;
148	>	client->flags |= FLAGS_FINISHED_AUTH;
149
150		read_packet(&client->localClient->fd, client);
151		}
152	<
152	>
153		/*
154		* auth_dns_callback - called when resolver query finishes
155	<	* if the query resulted in a successful search, hp will contain
156	<	* a non-null pointer, otherwise hp will be null.
155	>	* if the query resulted in a successful search, name will contain
156	>	* a non-NULL pointer, otherwise name will be NULL.
157		* set the client on it's way to a connection completion, regardless
158		* of success of failure
159		*/
160		static void
161	<	auth_dns_callback(void *vptr, struct DNSReply *reply)
161	>	auth_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name)
162		{
163	<	struct AuthRequest *auth = (struct AuthRequest *)vptr;
163	>	struct AuthRequest *auth = vptr;
164
169	–	dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
165		ClearDNSPending(auth);
166
167	<	if (reply != NULL)
167	>	if (name != NULL)
168		{
169	<	struct sockaddr_in *v4, *v4dns;
169	>	const struct sockaddr_in *v4, *v4dns;
170		#ifdef IPV6
171	<	struct sockaddr_in6 *v6, *v6dns;
171	>	const struct sockaddr_in6 *v6, *v6dns;
172		#endif
173		int good = 1;
174
175		#ifdef IPV6
176		if (auth->client->localClient->ip.ss.ss_family == AF_INET6)
177		{
178	<	v6 = (struct sockaddr_in6 *)&auth->client->localClient->ip;
179	<	v6dns = (struct sockaddr_in6 *)&reply->addr;
178	>	v6 = (const struct sockaddr_in6 *)&auth->client->localClient->ip;
179	>	v6dns = (const struct sockaddr_in6 *)addr;
180		if (memcmp(&v6->sin6_addr, &v6dns->sin6_addr, sizeof(struct in6_addr)) != 0)
181		{
182		sendheader(auth->client, REPORT_IP_MISMATCH);
#	Line 191 | Line 186 | auth_dns_callback(void *vptr, struct DNS
186		else
187		#endif
188		{
189	<	v4 = (struct sockaddr_in *)&auth->client->localClient->ip;
190	<	v4dns = (struct sockaddr_in *)&reply->addr;
189	>	v4 = (const struct sockaddr_in *)&auth->client->localClient->ip;
190	>	v4dns = (const struct sockaddr_in *)addr;
191		if(v4->sin_addr.s_addr != v4dns->sin_addr.s_addr)
192		{
193		sendheader(auth->client, REPORT_IP_MISMATCH);
194		good = 0;
195		}
196		}
197	<	if (good && strlen(reply->h_name) <= HOSTLEN)
197	>	if (good && strlen(name) <= HOSTLEN)
198		{
199	<	strlcpy(auth->client->host, reply->h_name,
200	<	sizeof(auth->client->host));
199	>	strlcpy(auth->client->host, name,
200	>	sizeof(auth->client->host));
201		sendheader(auth->client, REPORT_FIN_DNS);
202		}
203	<	else if (strlen(reply->h_name) > HOSTLEN)
203	>	else if (strlen(name) > HOSTLEN)
204		sendheader(auth->client, REPORT_HOST_TOOLONG);
205		}
206		else
207	<	sendheader(auth->client, REPORT_FAIL_DNS);
207	>	sendheader(auth->client, REPORT_FAIL_DNS);
208
209	<	MyFree(auth->client->localClient->dns_query);
215	<	auth->client->localClient->dns_query = NULL;
216	<
217	<	if (!IsDoingAuth(auth))
218	<	{
219	<	struct Client *client_p = auth->client;
220	<	MyFree(auth);
221	<	release_auth_client(client_p);
222	<	}
209	>	release_auth_client(auth);
210		}
211
212		/*
#	Line 228 | Line 215 | auth_dns_callback(void *vptr, struct DNS
215		static void
216		auth_error(struct AuthRequest *auth)
217		{
218	<	++ServerStats->is_abad;
218	>	++ServerStats.is_abad;
219
220		fd_close(&auth->fd);
221
235	–	dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
222		ClearAuth(auth);
223
224		sendheader(auth->client, REPORT_FAIL_ID);
225
226	<	if (!IsDNSPending(auth) && !IsCrit(auth))
241	<	{
242	<	release_auth_client(auth->client);
243	<	MyFree(auth);
244	<	}
226	>	release_auth_client(auth);
227		}
228
229		/*
230	<	* start_auth_query - Flag the client to show that an attempt to
230	>	* start_auth_query - Flag the client to show that an attempt to
231		* contact the ident server on
232		* the client's host.  The connect and subsequently the socket are all put
233		* into 'non-blocking' mode.  Should the connect or any later phase of the
#	Line 267 | Line 249 | start_auth_query(struct AuthRequest *aut
249		if (comm_open(&auth->fd, auth->client->localClient->ip.ss.ss_family,
250		SOCK_STREAM, 0, "ident") == -1)
251		{
252	<	report_error(L_ALL, "creating auth stream socket %s:%s",
253	<	get_client_name(auth->client, SHOW_IP), errno);
254	<	ilog(L_ERROR, "Unable to create auth socket for %s",
252	>	report_error(L_ALL, "creating auth stream socket %s:%s",
253	>	get_client_name(auth->client, SHOW_IP), errno);
254	>	ilog(LOG_TYPE_IRCD, "Unable to create auth socket for %s",
255		get_client_name(auth->client, SHOW_IP));
256	<	++ServerStats->is_abad;
256	>	++ServerStats.is_abad;
257		return 0;
258		}
259
260		sendheader(auth->client, REPORT_DO_ID);
261
262	<	/*
262	>	/*
263		* get the local address of the client and bind to that to
264		* make the auth request.  This used to be done only for
265		* ifdef VIRTUAL_HOST, but needs to be done for all clients
#	Line 299 | Line 281 | start_auth_query(struct AuthRequest *aut
281		#endif
282		localaddr.ss_port = htons(0);
283
284	<	SetDoingAuth(auth);
285	<	dlinkAdd(auth, &auth->ident_node, &auth_doing_ident_list);
286	<
305	<	comm_connect_tcp(&auth->fd, auth->client->sockhost, 113,
306	<	(struct sockaddr *)&localaddr, localaddr.ss_len, auth_connect_callback,
307	<	auth, auth->client->localClient->ip.ss.ss_family,
284	>	comm_connect_tcp(&auth->fd, auth->client->sockhost, 113,
285	>	(struct sockaddr *)&localaddr, localaddr.ss_len, auth_connect_callback,
286	>	auth, auth->client->localClient->ip.ss.ss_family,
287		GlobalSetOptions.ident_timeout);
288		return 1; /* We suceed here for now */
289		}
290
291		/*
292		* GetValidIdent - parse ident query reply from identd server
293	<	*
293	>	*
294		* Inputs        - pointer to ident buf
295		* Output        - NULL if no valid ident found, otherwise pointer to name
296		* Side effects  -
#	Line 344 | Line 323 | GetValidIdent(char *buf)
323
324		/* All this to get rid of a sscanf() fun. */
325		remotePortString = buf;
326	<
326	>
327		if ((colon1Ptr = strchr(remotePortString,':')) == NULL)
328		return 0;
329		*colon1Ptr = '\0';
#	Line 354 | Line 333 | GetValidIdent(char *buf)
333		return 0;
334		*colon2Ptr = '\0';
335		colon2Ptr++;
336	<
336	>
337		if ((commaPtr = strchr(remotePortString, ',')) == NULL)
338		return 0;
339		*commaPtr = '\0';
#	Line 362 | Line 341 | GetValidIdent(char *buf)
341
342		if ((remp = atoi(remotePortString)) == 0)
343		return 0;
344	<
344	>
345		if ((locp = atoi(commaPtr)) == 0)
346		return 0;
347
#	Line 378 | Line 357 | GetValidIdent(char *buf)
357		}
358
359		/*
360	<	* start_auth
360	>	* start_auth
361		*
362		* inputs       - pointer to client to auth
363		* output       - NONE
364		* side effects - starts auth (identd) and dns queries for a client
365		*/
366	<	static void *
367	<	start_auth(va_list args)
366	>	void
367	>	start_auth(struct Client *client)
368		{
390	–	struct Client *client = va_arg(args, struct Client *);
369		struct AuthRequest *auth = NULL;
370
371		assert(client != NULL);
372
373		auth = make_auth_request(client);
374	<	SetCrit(auth);
375	<
398	<	client->localClient->dns_query = MyMalloc(sizeof(struct DNSQuery));
399	<	client->localClient->dns_query->ptr = auth;
400	<	client->localClient->dns_query->callback = auth_dns_callback;
374	>	SetInAuth(auth);
375	>	dlinkAddTail(auth, &auth->node, &auth_doing_list);
376
377		sendheader(client, REPORT_DO_DNS);
378
379	+	SetDNSPending(auth);
380	+
381		if (ConfigFileEntry.disable_auth == 0)
382	+	{
383	+	SetDoingAuth(auth);
384		start_auth_query(auth);
385	+	}
386
387	<	/* auth order changed, before gethost_byaddr can immediately call
408	<	* dns callback under win32 when the lookup cannot be started.
409	<	* And that would do MyFree(auth) etc -adx */
410	<	SetDNSPending(auth);
411	<	dlinkAdd(auth, &auth->dns_node, &auth_doing_dns_list);
412	<	ClearCrit(auth);
413	<	gethost_byaddr(&client->localClient->ip, client->localClient->dns_query);
414	<
415	<	return NULL;
387	>	gethost_byaddr(auth_dns_callback, auth, &client->localClient->ip);
388		}
389
390		/*
#	Line 422 | Line 394 | start_auth(va_list args)
394		static void
395		timeout_auth_queries_event(void *notused)
396		{
397	<	dlink_node *ptr;
426	<	dlink_node *next_ptr;
427	<	struct AuthRequest* auth;
397	>	dlink_node *ptr = NULL, *next_ptr = NULL;
398
399	<	DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_ident_list.head)
399	>	DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_list.head)
400		{
401	<	auth = ptr->data;
401	>	struct AuthRequest *auth = ptr->data;
402	>
403	>	if (auth->timeout > CurrentTime)
404	>	break;
405
406	<	if (auth->timeout <= CurrentTime)
406	>	if (IsDoingAuth(auth))
407		{
408	+	++ServerStats.is_abad;
409		fd_close(&auth->fd);
410	<
437	<	++ServerStats->is_abad;
410	>	ClearAuth(auth);
411		sendheader(auth->client, REPORT_FAIL_ID);
412	+	}
413
414	<	if (IsDNSPending(auth))
415	<	{
416	<	struct Client *client_p = auth->client;
417	<
418	<	dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
445	<	if (client_p->localClient->dns_query != NULL)
446	<	{
447	<	delete_resolver_queries(client_p->localClient->dns_query);
448	<	MyFree(client_p->localClient->dns_query);
449	<	}
450	<	auth->client->localClient->dns_query = NULL;
451	<	sendheader(client_p, REPORT_FAIL_DNS);
452	<	}
453	<
454	<	ilog(L_INFO, "DNS/AUTH timeout %s",
455	<	get_client_name(auth->client, SHOW_IP));
456	<
457	<	dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
458	<	release_auth_client(auth->client);
459	<	MyFree(auth);
414	>	if (IsDNSPending(auth))
415	>	{
416	>	delete_resolver_queries(auth);
417	>	ClearDNSPending(auth);
418	>	sendheader(auth->client, REPORT_FAIL_DNS);
419		}
420	+
421	+	ilog(LOG_TYPE_IRCD, "DNS/AUTH timeout %s",
422	+	get_client_name(auth->client, SHOW_IP));
423	+	release_auth_client(auth);
424		}
425		}
426
#	Line 481 | Line 444 | auth_connect_callback(fde_t *fd, int err
444		char authbuf[32];
445		socklen_t ulen = sizeof(struct irc_ssaddr);
446		socklen_t tlen = sizeof(struct irc_ssaddr);
447	<	u_int16_t uport, tport;
447	>	uint16_t uport, tport;
448		#ifdef IPV6
449		struct sockaddr_in6 *v6;
450		#else
#	Line 494 | Line 457 | auth_connect_callback(fde_t *fd, int err
457		return;
458		}
459
460	<	if (getsockname(auth->client->localClient->fd.fd, (struct sockaddr *) &us,
461	<	(socklen_t *) &ulen) ||
462	<	getpeername(auth->client->localClient->fd.fd, (struct sockaddr *) &them,
463	<	(socklen_t *) &tlen))
460	>	if (getsockname(auth->client->localClient->fd.fd, (struct sockaddr *)&us,
461	>	&ulen) ||
462	>	getpeername(auth->client->localClient->fd.fd, (struct sockaddr *)&them,
463	>	&tlen))
464		{
465	<	ilog(L_INFO, "auth get{sock,peer}name error for %s",
465	>	ilog(LOG_TYPE_IRCD, "auth get{sock,peer}name error for %s",
466		get_client_name(auth->client, SHOW_IP));
467		auth_error(auth);
468		return;
#	Line 520 | Line 483 | auth_connect_callback(fde_t *fd, int err
483		us.ss_len = ulen;
484		them.ss_len = tlen;
485		#endif
486	<
487	<	ircsprintf(authbuf, "%u , %u\r\n", tport, uport);
486	>
487	>	snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n", tport, uport);
488
489		if (send(fd->fd, authbuf, strlen(authbuf), 0) == -1)
490		{
491		auth_error(auth);
492		return;
493		}
494	+
495		read_auth_reply(&auth->fd, auth);
496		}
497
498		/*
499	<	* read_auth_reply - read the reply (if any) from the ident server
499	>	* read_auth_reply - read the reply (if any) from the ident server
500		* we connected to.
501		* We only give it one shot, if the reply isn't good the first time
502		* fail the authentication entirely. --Bleep
#	Line 560 | Line 524 | read_auth_reply(fde_t *fd, void *data)
524		*
525		*    --nenolod
526		*/
563	–	#ifndef _WIN32
527		len = read(fd->fd, buf, AUTH_BUFSIZ);
528	<	#else
566	<	len = recv(fd->fd, buf, AUTH_BUFSIZ, 0);
567	<	#endif
568	<
528	>
529		if (len < 0)
530		{
571	–	#ifdef _WIN32
572	–	errno = WSAGetLastError();
573	–	#endif
531		if (ignoreErrno(errno))
532		comm_setselect(fd, COMM_SELECT_READ, read_auth_reply, auth, 0);
533		else
#	Line 606 | Line 563 | read_auth_reply(fde_t *fd, void *data)
563
564		fd_close(fd);
565
609	–	dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
566		ClearAuth(auth);
567
568		if (s == NULL)
569		{
570		sendheader(auth->client, REPORT_FAIL_ID);
571	<	++ServerStats->is_abad;
571	>	++ServerStats.is_abad;
572		}
573		else
574		{
575		sendheader(auth->client, REPORT_FIN_ID);
576	<	++ServerStats->is_asuc;
576	>	++ServerStats.is_asuc;
577		SetGotId(auth->client);
578		}
579
580	<	if (!IsDNSPending(auth) && !IsCrit(auth))
625	<	{
626	<	release_auth_client(auth->client);
627	<	MyFree(auth);
628	<	}
580	>	release_auth_client(auth);
581		}
582
583		/*
584		* delete_auth()
585		*/
586	<	void
587	<	delete_auth(struct Client *target_p)
586	>	void
587	>	delete_auth(struct AuthRequest *auth)
588		{
589	<	dlink_node *ptr;
590	<	dlink_node *next_ptr;
639	<	struct AuthRequest *auth;
640	<
641	<	if (!IsUnknown(target_p))
642	<	return;
589	>	if (IsDNSPending(auth))
590	>	delete_resolver_queries(auth);
591
592	<	if (target_p->localClient->dns_query != NULL)
593	<	DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_dns_list.head)
646	<	{
647	<	auth = ptr->data;
592	>	if (IsDoingAuth(auth))
593	>	fd_close(&auth->fd);
594
595	<	if (auth->client == target_p)
650	<	{
651	<	delete_resolver_queries(target_p->localClient->dns_query);
652	<
653	<	dlinkDelete(&auth->dns_node, &auth_doing_dns_list);
654	<	if (!IsDoingAuth(auth))
655	<	{
656	<	MyFree(auth);
657	<	return;
658	<	}
659	<	}
660	<	}
661	<
662	<	DLINK_FOREACH_SAFE(ptr, next_ptr, auth_doing_ident_list.head)
595	>	if (IsInAuth(auth))
596		{
597	<	auth = ptr->data;
598	<
666	<	if (auth->client == target_p)
667	<	{
668	<	fd_close(&auth->fd);
669	<
670	<	dlinkDelete(&auth->ident_node, &auth_doing_ident_list);
671	<	MyFree(auth);
672	<	}
597	>	dlinkDelete(&auth->node, &auth_doing_list);
598	>	ClearInAuth(auth);
599		}
600		}

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines (old)
>	Changed lines (new)