repo: ngircd
action: commit
revision: 
path_from: 
revision_from: cccd8fc957e893e250324b65146df8fca4680f11:
path_to: 
revision_to:
git.thebackupbox.net
ngircd
git clone git://git.thebackupbox.net/ngircd
commit cccd8fc957e893e250324b65146df8fca4680f11
Author: Alexander Barton 
Date:   Thu Sep 26 02:26:24 2013 +0200

    Adjust log messages for invalid and spoofed prefixes

    Now invalid prefixes aren't logged no more when originating from an other
    server (besides in debug mode), and spoofed prefixes are correctly logged
    using LOG_WARNING (from an other server) or LOG_ERR (from a client) levels.

    In addition, the log message texts have been adjusted to better reflect
    what will happen: commands with invalid prefixes are ignored and logged,
    commands with spoofed prefixes will result in the client being disconncted
    (regular users) or the command being ignored (other servers).

    This cleans up logging of commands related to already KILL'ed clients.

diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c
index bc01e093c015ad7340205b879f0b834d8fa5c756..
index ..5006d2ff2b73e58e521c8cdfc409b1a59c8ec036 100644
--- a/src/ngircd/parse.c
+++ b/src/ngircd/parse.c
@@ -325,15 +325,20 @@ Validate_Prefix( CONN_ID Idx, REQUEST *Req, bool *Closed )
 	}

 	/* check if client in prefix is known */
-	c = Client_Search( Req->prefix );
+	c = Client_Search(Req->prefix);
 	if (!c) {
-		Log(LOG_ERR,
-		    "Invalid prefix \"%s\", client not known (connection %d, command \"%s\")!?",
-		    Req->prefix, Idx, Req->command);
-		if (!Conn_WriteStr(Idx,
-				   "ERROR :Invalid prefix \"%s\", client not known",
-				   Req->prefix))
-			*Closed = true;
+		if (Client_Type(client) != CLIENT_SERVER) {
+			Log(LOG_ERR,
+			    "Ignoring command with invalid prefix \"%s\" from \"%s\" (connection %d, command \"%s\")!",
+			    Req->prefix, Client_ID(client), Idx, Req->command);
+			if (!Conn_WriteStr(Idx,
+					   "ERROR :Invalid prefix \"%s\"",
+					   Req->prefix))
+				*Closed = true;
+			IRC_SetPenalty(client, 2);
+		} else
+			LogDebug("Ignoring command with invalid prefix \"%s\" from \"%s\" (connection %d, command \"%s\")!",
+			    Req->prefix, Client_ID(client), Idx, Req->command);
 		return false;
 	}

@@ -342,19 +347,16 @@ Validate_Prefix( CONN_ID Idx, REQUEST *Req, bool *Closed )
 	if (Client_NextHop(c) != client) {
 		if (Client_Type(c) != CLIENT_SERVER) {
 			Log(LOG_ERR,
-			    "Spoofed prefix \"%s\" from \"%s\" (connection %d, command \"%s\")!",
-			    Req->prefix, Client_Mask(Conn_GetClient(Idx)), Idx,
-			    Req->command);
+			    "Spoofed prefix \"%s\" from \"%s\" (connection %d, command \"%s\"), closing connection!",
+			    Req->prefix, Client_ID(client), Idx, Req->command);
 			Conn_Close(Idx, NULL, "Spoofed prefix", true);
 			*Closed = true;
 		} else {
-			Log(LOG_INFO,
-			    "Ignoring spoofed prefix \"%s\" from \"%s\" (connection %d, command \"%s\").",
-			    Req->prefix, Client_Mask(Conn_GetClient(Idx)), Idx,
-			    Req->command);
+			Log(LOG_WARNING,
+			    "Ignoring command with spoofed prefix \"%s\" from \"%s\" (connection %d, command \"%s\")!",
+			    Req->prefix, Client_ID(client), Idx, Req->command);
 		}
 		return false;
-
 	}

 	return true;

-----END OF PAGE-----