View Issue Details

IDProjectCategoryView StatusLast Update
0006058unrealircdpublic2022-01-17 09:57
ReporterCaoS Assigned Tosyzop  
PrioritynormalSeverityblockReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version6.0.1 
Fixed in Version6.0.2 
Summary0006058: Problem with Except ban & Webirc
DescriptionHello, i have get a problem when i have written in Unrealircd.conf an except ban.

I have wantted to except ban for all users from Spain ussing an extended server ban excepcion, and when i connect with my mIRC, i can connect without problem, but if i try to connect with the Kiwiircd webirc, i get glinned.
In both cases, i connect with my real IP, but when i connect with the kiwiircd webirc, the except ban doesn't works and i get glinned.

What i have done in unrealircd.conf is that:

ban user {
    mask *;
    reason "You can't connect from your country.";
}

except ban {
     mask ~country:ES;
    type { kline; };
}

Here i write you both connections:

With my mirc:
001 UID CaoS 0 1642337077 Devil 119.12.233.16 001WSC405 0 +iwxzGT * 93D2C342.AE4ACB68.2AD1C654.IP dwzpEA== :mIRC

With kiwiirc:
Closing Link: RadioCL-21963[119.12.233.16] (Banned (K-Lined): You can't connect from your country.)

The Webirc configuration is OK, because if i delete the ban user { mask *; } block, i can normal connect with the Kiwiirc, but if i write the ban user { mask *; }, in that case, it isn't posible connect with the Kiwiirc... the except ban doesn't work. With mIRC yes, you can connect, but with Kiwiirc it's imposible, and in both cases with the same IP.

I hope you can understand all (my english it's regular) and you can solved it.

Thanks you very much.
TagsNo tags attached.
3rd party modules

Activities

syzop

2022-01-16 19:05

administrator   ~0022378

Last edited: 2022-01-16 19:08

Yeah I think you are right. It's not so much the ban / except ban thing (that works fine with an exempt on *@IP for example). I think the problem is the country lookup:
It is 1) first it looks up the country of the webirc gateway, 2) then is the ban/exempt check, and 3) we lookup the country again. So the problem here is that check 2 happens before lookup 3.

Easy to fix, BUT.. i am thinking a bit further on fixing the general issue instead of this individual issue. So, let me think about this for a few more days ;)

CaoS

2022-01-16 19:22

reporter   ~0022379

Ok thanks you for your help Syzop!

syzop

2022-01-17 09:57

administrator   ~0022380

Last edited: 2022-01-17 09:57

Thanks for the report! This issue is now fixed in git and will be in the UnrealIRCd 6.0.2 release later this month.

It is spread out over several commits for readability but this is the actual piece fixing it:
https://github.com/unrealircd/unrealircd/commit/83e74893da98907e4b26f722e784177cda323198

commit 83e74893da98907e4b26f722e784177cda323198
Author: Bram Matthys <syzop@vulnscan.org>
Date: Mon Jan 17 08:09:15 2022 +0100

    Relookup reputation and geo information when client IP changes due to WEBIRC
    or another type of proxy request.
    This fixes a problem where ban user { } or except ban { } is not working
    for ~country:XX when the request comes via a WEBIRC or other proxy.
    Reported by CaoS in https://bugs.unrealircd.org/view.php?id=6058
    It should also fix security-group being incorrect for ~security-group bans
    or exempts.

Issue History

Date Modified Username Field Change
2022-01-16 17:26 CaoS New Issue
2022-01-16 19:05 syzop Assigned To => syzop
2022-01-16 19:05 syzop Status new => acknowledged
2022-01-16 19:05 syzop Note Added: 0022378
2022-01-16 19:08 syzop Note Edited: 0022378
2022-01-16 19:22 CaoS Note Added: 0022379
2022-01-17 09:57 syzop Status acknowledged => resolved
2022-01-17 09:57 syzop Resolution open => fixed
2022-01-17 09:57 syzop Fixed in Version => 6.0.2
2022-01-17 09:57 syzop Note Added: 0022380
2022-01-17 09:57 syzop Note Edited: 0022380