1 /*
2 * InspIRCd -- Internet Relay Chat Daemon
3 *
4 * Copyright (C) 2019 Sadie Powell <sadie@witchery.services>
5 * Copyright (C) 2014-2015 Attila Molnar <attilamolnar@hush.com>
6 * Copyright (C) 2012 Robby <robby@chatbelgie.be>
7 * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
8 * Copyright (C) 2009 Uli Schlachter <psychon@inspircd.org>
9 * Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
10 * Copyright (C) 2008 Craig Edwards <brain@inspircd.org>
11 *
12 * This file is part of InspIRCd. InspIRCd is free software: you can
13 * redistribute it and/or modify it under the terms of the GNU General Public
14 * License as published by the Free Software Foundation, version 2.
15 *
16 * This program is distributed in the hope that it will be useful, but WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
18 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
19 * details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program. If not, see <http://www.gnu.org/licenses/>.
23 */
24
25
26 #include "inspircd.h"
27
28 /* Match CIDR strings, e.g. 127.0.0.1 to 127.0.0.0/8 or 3ffe:1:5:6::8 to 3ffe:1::0/32
29 *
30 * This will also attempt to match any leading usernames or nicknames on the mask, using
31 * match(), when match_with_username is true.
32 */
MatchCIDR(const std::string & address,const std::string & cidr_mask,bool match_with_username)33 bool irc::sockets::MatchCIDR(const std::string &address, const std::string &cidr_mask, bool match_with_username)
34 {
35 std::string address_copy;
36 std::string cidr_copy;
37
38 /* The caller is trying to match ident@<mask>/bits.
39 * Chop off the ident@ portion, use match() on it
40 * separately.
41 */
42 if (match_with_username)
43 {
44 /* Use strchr not strrchr, because its going to be nearer to the left */
45 std::string::size_type username_mask_pos = cidr_mask.rfind('@');
46 std::string::size_type username_addr_pos = address.rfind('@');
47
48 /* Both strings have an @ symbol in them */
49 if (username_mask_pos != std::string::npos && username_addr_pos != std::string::npos)
50 {
51 /* Try and match() the strings before the @
52 * symbols, and recursively call MatchCIDR without
53 * username matching enabled to match the host part.
54 */
55 return (InspIRCd::Match(address.substr(0, username_addr_pos), cidr_mask.substr(0, username_mask_pos), ascii_case_insensitive_map) &&
56 MatchCIDR(address.substr(username_addr_pos + 1), cidr_mask.substr(username_mask_pos + 1), false));
57 }
58 else
59 {
60 address_copy.assign(address, username_addr_pos + 1, std::string::npos);
61 cidr_copy.assign(cidr_mask, username_mask_pos + 1, std::string::npos);
62 }
63 }
64 else
65 {
66 address_copy.assign(address);
67 cidr_copy.assign(cidr_mask);
68 }
69
70 const std::string::size_type per_pos = cidr_copy.rfind('/');
71 if ((per_pos == std::string::npos) || (per_pos == cidr_copy.length()-1)
72 || (cidr_copy.find_first_not_of("0123456789", per_pos+1) != std::string::npos)
73 || (cidr_copy.find_first_not_of("0123456789abcdefABCDEF.:") < per_pos))
74 {
75 // The CIDR mask is invalid
76 return false;
77 }
78
79 irc::sockets::sockaddrs addr;
80 if (!irc::sockets::aptosa(address_copy, 0, addr))
81 {
82 // The address could not be parsed.
83 return false;
84 }
85
86 irc::sockets::cidr_mask mask(cidr_copy);
87 irc::sockets::cidr_mask mask2(addr, mask.length);
88
89 return mask == mask2;
90 }
91