changeset 280:2b77295fb9a7 stable-6-0-37

add limits on unique ip addresses per hour per authenticated user
author Carl Byington <carl@five-ten-sg.com>
date Thu, 19 Dec 2013 09:47:00 -0800
parents 3d894d09c198
children e11f99e10957
files src/dnsbl.cpp
diffstat 1 files changed, 16 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/src/dnsbl.cpp	Tue Dec 17 15:37:13 2013 -0800
+++ b/src/dnsbl.cpp	Thu Dec 19 09:47:00 2013 -0800
@@ -195,28 +195,30 @@
 void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip);
 void add_auth_address(const char *user, int &hourly, int &daily, int32_t ip) {
     pthread_mutex_lock(&rate_mutex);
-        auth_addresses::iterator ii = auth_hourly_addresses.find(user);
-        if (ii == auth_hourly_addresses.end()) {
+        auth_addresses::iterator i = auth_hourly_addresses.find(user);
+        if (i == auth_hourly_addresses.end()) {
+            user = strdup(user);
             auth_hourly_addresses[user] = new int32_t_set;
             auth_hourly_addresses[user]->insert(ip);
             hourly = 1;
         }
         else {
-            int32_t_set::iterator i = ((*ii).second)->find(ip);
-            if (i == ((*ii).second)->end()) ((*ii).second)->insert(ip);
-            hourly = ((*ii).second)->size();
+            int32_t_set::iterator k = ((*i).second)->find(ip);
+            if (k == ((*i).second)->end()) ((*i).second)->insert(ip);
+            hourly = ((*i).second)->size();
         }
 
-        auth_addresses::iterator jj = auth_daily_addresses.find(user);
-        if (jj == auth_daily_addresses.end()) {
+        auth_addresses::iterator j = auth_daily_addresses.find(user);
+        if (j == auth_daily_addresses.end()) {
+            user = strdup(user);
             auth_daily_addresses[user] = new int32_t_set;
             auth_daily_addresses[user]->insert(ip);
             daily = 1;
         }
         else {
-            int32_t_set::iterator i = ((*jj).second)->find(ip);
-            if (i == ((*jj).second)->end()) ((*jj).second)->insert(ip);
-            daily = ((*jj).second)->size();
+            int32_t_set::iterator k = ((*j).second)->find(ip);
+            if (k == ((*j).second)->end()) ((*j).second)->insert(ip);
+            daily = ((*j).second)->size();
         }
     pthread_mutex_unlock(&rate_mutex);
 }
@@ -1649,26 +1651,28 @@
         loop2++;
         if (loop1 == 20) {
             // three minutes thru each loop, 20 loops per hour
-            // clear the recipient hourly counts
+            // clear the recipient hourly counts and hourly sets of ip connection addresses
             pthread_mutex_lock(&rate_mutex);
                 for (rates::iterator i=rcpt_hourly_counts.begin(); i!=rcpt_hourly_counts.end(); i++) {
                     (*i).second = 0;
                 }
                 for (auth_addresses::iterator j=auth_hourly_addresses.begin(); j!=auth_hourly_addresses.end(); j++) {
                     delete (*j).second;
+                    (*j).second = new int32_t_set;
                 }
             pthread_mutex_unlock(&rate_mutex);
             loop1 = 0;
         }
         if (loop2 == 480) {
             // three minutes thru each loop, 480 loops per day
-            // clear the recipient daily counts
+            // clear the recipient daily counts and daily sets of connection ip addresses
             pthread_mutex_lock(&rate_mutex);
                 for (rates::iterator i=rcpt_daily_counts.begin(); i!=rcpt_daily_counts.end(); i++) {
                     (*i).second = 0;
                 }
                 for (auth_addresses::iterator j=auth_daily_addresses.begin(); j!=auth_daily_addresses.end(); j++) {
                     delete (*j).second;
+                    (*j).second = new int32_t_set;
                 }
             pthread_mutex_unlock(&rate_mutex);
             loop2 = 0;