View Issue Details

IDProjectCategoryView StatusLast Update
0002850unrealircdpublic2006-03-14 14:23
ReporterdevilAssigned Tosyzop 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformOSDebian 4.0.2-8OS VersionLinux v 2.6.15.6
Product Version3.2.4 
Target VersionFixed in Version3.2.5 
Summary0002850: Z-Lines is not checked when a CGI:IRC client is connecting (CVS) but is on rehash/kills
DescriptionOn the server I've had the following Z-Lines for weeks and years:

[18:03:27] Z 200.* IP chain is banned
[18:03:27] Z 203.* IP chain is banned

Since we had problems with proxies from them, and since we are 99% swedish it's not a problem. I recently switched to CVS for CGI:IRC support (webirc) and it works great, with some minor problems:

On /rehash (when adding the banblock again) (and also on kill it would appear? is zlines check then?):

[17:52:48] -chat.snyggast.se- *** Notice -- Loading IRCd configuration ..
[17:52:48] -chat.snyggast.se- *** Notice -- Configuration loaded without any problems ..
[17:52:48] -chat.snyggast.se- *** Notice -- Ban active for _bus__[200.84.203.197] (IP chain is banned)

Or, in channel:
[17:52:48] *** _bus__ (snyggast@2E071079.CE7B3D58.64889B64.IP) has left IRC (User has been banned (IP chain is banned))

So far so good, he should be banned. However, he can return:

[17:54:21] *** _bus__ (snyggast@2E071079.CE7B3D58.64889B64.IP) has joined #snyggast

And then, on the next kill:

[18:00:41] *** _kt_kille (snyggast@snyggast-A52AC565.bredband.skanova.com) has left IRC ([chat.snyggast.se] Local kill by Triax ([K](9.0) Användaren blir utkastad på grund av att han/hon har haft namn som inte är acceptabla.))
[18:00:41] *** jessss_19 (snyggast@snyggast-9ED34878.ji-net.com) has left IRC (User has been banned (IP chain is banned))
[18:00:41] *** snygg_kristian (snyggast@snyggast-AD567602.ip.gvtel.com) has left IRC (User has been banned (You are banned from this server (IP-Chain is banned)))
[18:00:41] *** _bus__ (snyggast@2E071079.CE7B3D58.64889B64.IP) has left IRC (User has been banned (IP chain is banned))

And then he can return, and is Zlined again and kicked on the next kill/rehash...
Steps To ReproduceZ-Line an IP, let it connect via CGI:IRC and /rehash, then let the client connect again.
Additional InformationNothing major, just weird...
TagsNo tags attached.
3rd party modulesPrivDef and AntiRandom

Activities

syzop

2006-03-13 11:08

administrator   ~0011357

I'll take a look

syzop

2006-03-13 15:30

administrator   ~0011358

Hm, I wonder why it works here :P

What CGI:IRC method are you using? 'webirc' or 'old'?

What type of "zline" is it?
- gzline
- zline
- ban ip (in conf)
- something else

Thanks.

syzop

2006-03-13 16:41

administrator   ~0011359

Maybe you can paste the specific conf entry :P.
{I actually tried ban ip { } before my previous post btw}

I wonder in what circumstances things are missed etc..

devil

2006-03-14 04:36

reporter   ~0011360

Sorry for not suplying these answers in the first report, guess I missed it:

Type: webirc
And in banblock.conf (included by unrealircd.conf) is:


ban ip {
        mask 200.*;
        reason "IP chain is banned";
};

I noticed it when I rehashed, that a couple of users got "IP chain is banned" and I thought nothing to it, they where matching 200.* IPs so they were suppose to be banned.

Then I edited some more in the conf, rehashed again and saw they being kicked out (IP chain is banned) again. Then I saw them returning..

So it would appear as if Unreal is checking the ban IP block on CGI:IRC connect on rehash and on kill (kill (or possible shun) seems to trigger the kicks as well but I havent verified it 100%) but not on connect...

I confirmed this again today, by adding a ban IP on myself and connect.. I was let in without problems, and when I rehashed I got kicked off (but could reconnect).

My CGI:IRC block:

cgiirc {
        type webirc;
        hostname "194.237.110.189";
        password "xxx";
};

Otherwise the ip ban works good, I couldn't connect via a regular client, just cgiirc.

syzop

2006-03-14 05:40

administrator   ~0011361

Last edited: 2006-03-14 07:39

Hmmm. Annoying that I cannot reproduce :(
- I tried your block, except using 192.* instead of 200.*
- I'm using the webirc method as well

What I did:
- let a cgiirc client connect
- put the ban ip { } in the conf
- rehash
- the cgiirc client disconnects ("not welcome on this server blabla")
- retry connecting the cgiirc client
- error ("not welcome on this server blabla")

Anyway, I got a fix in the queue to fix some other issues as well. I wonder if this will fix your thing too. I'll put it in CVS today (and let you know when :P).

EDIT: Actually all I need to wait for is our CVS server to come back online! :(

devil

2006-03-14 13:28

reporter   ~0011362

Let me know when you've fixed it and I get a second Unreal going on some weird obscene port to try it :) Or if you'd like give me your IP and I can try adding it in the ban ip block so you can check it out.

Regards,
Niklas

syzop

2006-03-14 13:50

administrator   ~0011363

CVS Server is back ;)

I've commited my fix [in .475].

devil

2006-03-14 14:22

reporter   ~0011364

That seems to have done it, the problem is gone in the latest CVS (I compiled a secondary ircd on port 6669 with same conf and same modules and it seems to work just fine).

Thank you,

Regards,
Niklas

syzop

2006-03-14 14:23

administrator   ~0011365

Ok, good then ;)

Issue History

Date Modified Username Field Change
2006-03-13 11:07 devil New Issue
2006-03-13 11:07 devil 3rd party modules => PrivDef and AntiRandom
2006-03-13 11:08 syzop Note Added: 0011357
2006-03-13 11:08 syzop Status new => acknowledged
2006-03-13 15:30 syzop Note Added: 0011358
2006-03-13 16:41 syzop Note Added: 0011359
2006-03-14 04:36 devil Note Added: 0011360
2006-03-14 05:40 syzop Note Added: 0011361
2006-03-14 07:39 syzop Note Edited: 0011361
2006-03-14 13:28 devil Note Added: 0011362
2006-03-14 13:50 syzop Note Added: 0011363
2006-03-14 14:22 devil Note Added: 0011364
2006-03-14 14:23 syzop Status acknowledged => resolved
2006-03-14 14:23 syzop Fixed in Version => 3.2.5
2006-03-14 14:23 syzop Resolution open => fixed
2006-03-14 14:23 syzop Assigned To => syzop
2006-03-14 14:23 syzop Note Added: 0011365