3 Index: src/config-lexer.l
4 ===================================================================
5 RCS file: /data/cvs/bopm/src/config-lexer.l,v
6 retrieving revision 1.6
7 diff -u -6 -r1.6 config-lexer.l
8 --- src/config-lexer.l 19 Jun 2003 23:07:57 -0000 1.6
9 +++ src/config-lexer.l 26 Jun 2003 21:06:49 -0000
17 +ALERT { return ALERT; }
19 BAN_UNKNOWN { return BAN_UNKNOWN; }
20 BLACKLIST { return BLACKLIST; }
21 CHANNEL { return CHANNEL; }
22 CONNREGEX { return CONNREGEX; }
23 DNS_FDLIMIT { return DNS_FDLIMIT; }
25 TARGET_STRING { return TARGET_STRING;}
26 TIMEOUT { return TIMEOUT; }
29 USERNAME { return USERNAME; }
30 VHOST { return VHOST; }
31 +WHITELIST { return WHITELIST; }
35 yylval.number = OPM_TYPE_HTTP;
38 Index: src/config-parser.y
39 ===================================================================
40 RCS file: /data/cvs/bopm/src/config-parser.y,v
41 retrieving revision 1.7
42 diff -u -6 -r1.7 config-parser.y
43 --- src/config-parser.y 22 Jun 2003 13:19:39 -0000 1.7
44 +++ src/config-parser.y 26 Jun 2003 21:06:49 -0000
48 void *tmp; /* Variable to temporarily hold nodes before insertion to list */
75 item = MyMalloc(sizeof *item);
77 item->name = DupString("");
78 item->kline = DupString("");
79 item->ban_unknown = 0;
80 + item->whitelist = 0;
82 item->type = A_BITMASK;
83 item->reply = list_create();
85 node = node_create(item);
86 list_add(OpmItem->blacklists, node);
89 blacklist_items: /* Empty */ |
90 blacklist_items blacklist_item |
93 blacklist_item: blacklist_name |
95 + blacklist_whitelist |
97 blacklist_ban_unknown |
102 blacklist_name: NAME '=' STRING ';' {
103 struct BlacklistConf *item = tmp;
105 @@ -570,12 +576,24 @@
106 if(strcmp("A record bitmask", $3) == 0)
107 item->type = A_BITMASK;
108 else if(strcmp("A record reply", $3) == 0)
109 item->type = A_REPLY;
111 yyerror("Unknown blacklist type defined");
114 +blacklist_whitelist: WHITELIST '=' NUMBER ';' {
115 + struct BlacklistConf *item = tmp;
117 + item->whitelist = $3;
120 +blacklist_alert: ALERT '=' NUMBER ';' {
121 + struct BlacklistConf *item = tmp;
126 blacklist_ban_unknown: BAN_UNKNOWN '=' NUMBER ';' {
127 struct BlacklistConf *item = tmp;
129 item->ban_unknown = $3;
131 ===================================================================
132 RCS file: /data/cvs/bopm/src/config.h,v
133 retrieving revision 1.9
134 diff -u -6 -r1.9 config.h
135 --- src/config.h 21 Jun 2003 00:57:28 -0000 1.9
136 +++ src/config.h 26 Jun 2003 21:06:49 -0000
137 @@ -101,13 +101,15 @@
143 enum BlacklistType type;
148 unsigned int stats_recv;
151 struct BlacklistReplyConf
154 ===================================================================
155 RCS file: /data/cvs/bopm/src/dnsbl.c,v
156 retrieving revision 1.29
157 diff -u -6 -r1.29 dnsbl.c
158 --- src/dnsbl.c 22 Jun 2003 18:03:41 -0000 1.29
159 +++ src/dnsbl.c 26 Jun 2003 21:06:49 -0000
162 if(res == -1 && fdns_errno != FDNS_ERR_FDLIMIT)
164 log_printf("DNSBL -> Error sending dns lookup for '%s': %s", lookup, firedns_strerror(fdns_errno));
169 ss->scans++; /* Increase scan count - one for each blacklist */
171 + ss->dnsbl_whitelist_count++; /* Increase whitelist count
172 + * for each whitelist */
177 +/* This function gets called when:
178 + * - a positive result was obtained from a blacklist
179 + * - the last result from the whitelist has been received,
180 + * and a previous blacklist result was positive
183 static void dnsbl_positive(struct scan_struct *ss, struct BlacklistConf *bl,
187 struct BlacklistReplyConf *item;
189 @@ -142,43 +152,66 @@
193 if(text_type[0] == '\0' && bl->ban_unknown == 0)
196 - log_printf("DNSBL -> Unknown result from BL zone %s (%d)", bl->name, type);
197 + log_printf("DNSBL -> Unknown result from %s zone %s (%d)",
198 + (bl->whitelist ? "WL" : "BL"), bl->name, type);
203 + stats_dnsblrecv(bl);
205 + /* If this was a positive result from a whitelist, flag this user
206 + * as whitelisted in the scan struct. This will prevent any future
207 + * positive DNSBL blacklist result from klining.
210 + ss->dnsbl_whitelisted = 1; /* Mark this user as whitelisted */
211 + else if(ss->dnsbl_whitelist_count > 0) /* Store data */
213 + ss->dnsbl_positive_bl = bl;
214 + ss->dnsbl_positive_type = type;
215 + return; /* Wait until whitelists have finished */
218 if(ss->manual_target)
220 - irc_send("PRIVMSG %s :CHECK -> DNSBL -> %s appears in BL zone %s (%s)",
221 - ss->manual_target->name, ss->ip, bl->name, text_type);
222 + irc_send("PRIVMSG %s :CHECK -> DNSBL -> %s appears in %s zone %s (%s)",
223 + ss->manual_target->name, ss->ip, (bl->whitelist ? "WL" : "BL"),
224 + bl->name, text_type);
226 else if(!ss->positive)
228 - /* Only report it if no other scans have found positives yet. */
229 - scan_positive(ss, (bl->kline[0] ? bl->kline : IRCItem->kline),
232 - irc_send_channels("DNSBL -> %s!%s@%s appears in BL zone %s (%s)",
233 - ss->irc_nick, ss->irc_username, ss->irc_hostname, bl->name,
235 - log_printf("DNSBL -> %s!%s@%s appears in BL zone %s (%s)",
236 - ss->irc_nick, ss->irc_username, ss->irc_hostname, bl->name,
238 + /* Only report it if no other scans have found positives yet,
239 + * all whitelists are done, and the user has not been whitelisted. */
240 + if(ss->dnsbl_whitelist_count == 0 && !ss->dnsbl_whitelisted)
242 + scan_positive(ss, (bl->kline[0] ? bl->kline : IRCItem->kline), text_type);
245 + irc_send_channels("DNSBL -> %s!%s@%s appears in %s zone %s (%s)",
246 + ss->irc_nick, ss->irc_username, ss->irc_hostname,
247 + (bl->whitelist ? "WL" : "BL"), bl->name, text_type);
250 + log_printf("DNSBL -> %s!%s@%s appears in %s zone %s (%s)",
251 + ss->irc_nick, ss->irc_username, ss->irc_hostname,
252 + (bl->whitelist ? "WL" : "BL"), bl->name, text_type);
256 - stats_dnsblrecv(bl);
259 void dnsbl_result(struct firedns_result *res)
261 struct dnsbl_scan *ds = res->info;
263 + if(ds->bl->whitelist)
264 + ds->ss->dnsbl_whitelist_count--; /* one less whitelist to wait for */
267 log_printf("DNSBL -> Lookup result for %s!%s@%s (%s) %d.%d.%d.%d (error: %d)",
269 ds->ss->irc_username,
270 ds->ss->irc_hostname,
272 @@ -187,15 +220,21 @@
273 (unsigned char)res->text[2],
274 (unsigned char)res->text[3], fdns_errno);
276 /* Everything is OK */
277 if(res->text[0] == '\0' && fdns_errno == FDNS_ERR_NXDOMAIN)
279 + /* If any previous positive blacklist result was blocked, waiting
280 + * for whitelists, handle it now
282 + if(ds->bl->whitelist && ds->ss->dnsbl_whitelist_count == 0 && ds->ss->dnsbl_positive_bl != NULL)
283 + dnsbl_positive(ds->ss, ds->ss->dnsbl_positive_bl, ds->ss->dnsbl_positive_type);
285 if(ds->ss->manual_target != NULL)
286 - irc_send("PRIVMSG %s :CHECK -> DNSBL -> %s does not appear in BL zone %s",
287 - ds->ss->manual_target->name, ds->ss->ip,
288 + irc_send("PRIVMSG %s :CHECK -> DNSBL -> %s does not appear in %s zone %s",
289 + ds->ss->manual_target->name, ds->ss->ip, (ds->bl->whitelist ? "WL" : "BL"),
290 (strlen(ds->ss->ip) < strlen(res->lookup))
291 ? (res->lookup + strlen(ds->ss->ip) + 1)
295 ds->ss->scans--; /* we are done with ss here */
296 @@ -207,12 +246,18 @@
297 /* Either an error, or a positive lookup */
299 if(fdns_errno == FDNS_ERR_NONE)
300 dnsbl_positive(ds->ss, ds->bl, (unsigned char)res->text[3]);
303 + /* If any previous positive blacklist result was blocked, waiting
304 + * for whitelists, handle it now
306 + if(ds->bl->whitelist && ds->ss->dnsbl_whitelist_count == 0 && ds->ss->dnsbl_positive_bl != NULL)
307 + dnsbl_positive(ds->ss, ds->ss->dnsbl_positive_bl, ds->ss->dnsbl_positive_type);
309 log_printf("DNSBL -> Lookup error on %s: %s", res->lookup,
310 firedns_strerror(fdns_errno));
311 if(fdns_errno != FDNS_ERR_TIMEOUT)
312 irc_send_channels("DNSBL -> Lookup error on %s: %s", res->lookup,
313 firedns_strerror(fdns_errno));
316 ===================================================================
317 RCS file: /data/cvs/bopm/src/scan.c,v
318 retrieving revision 1.33
319 diff -u -6 -r1.33 scan.c
320 --- src/scan.c 22 Jun 2003 17:05:30 -0000 1.33
321 +++ src/scan.c 26 Jun 2003 21:06:49 -0000
322 @@ -477,13 +477,18 @@
323 ss->ip = (char *) DupString(user[3]);
324 ss->proof = (char *) DupString(msg);
326 ss->remote = opm_remote_create(ss->ip);
331 + ss->dnsbl_whitelist_count = 0;
332 + ss->dnsbl_whitelisted = 0;
333 + ss->dnsbl_positive_bl = NULL;
334 + ss->dnsbl_positive_type = '\0';
336 ss->manual_target = NULL;
343 ===================================================================
344 RCS file: /data/cvs/bopm/src/scan.h,v
345 retrieving revision 1.7
346 diff -u -6 -r1.7 scan.h
347 --- src/scan.h 20 Jun 2003 04:18:38 -0000 1.7
348 +++ src/scan.h 26 Jun 2003 21:06:49 -0000
352 OPM_REMOTE_T *remote;
354 unsigned short scans;
355 unsigned short positive;
357 + unsigned short dnsbl_whitelisted;
358 + unsigned short dnsbl_whitelist_count;
359 + unsigned char dnsbl_positive_type;
360 + struct BlacklistConf *dnsbl_positive_bl;
362 struct ChannelConf *manual_target;
366 struct scanner_struct