add mod_pgsql iauth module

it allows logging connections to pgsql table, and querying another pgsql
table for ip-based klines.

Author: Piotr Kucharski

Diff for: doc/iauth.conf.5

@@ -1,5 +1,5 @@
-.\" @(#)$Id: iauth.conf.5,v 1.24 2014/08/25 14:08:57 bif Exp $
-.TH IAUTH.CONF 5 "$Date: 2014/08/25 14:08:57 $"
+.\" @(#)$Id: iauth.conf.5,v 1.25 2014/09/03 10:50:01 bif Exp $
+.TH IAUTH.CONF 5 "$Date: 2014/09/03 10:50:01 $"
 .SH NAME
 iauth.conf \- The Internet Relay Chat Authentication Configuration File
 .SH DESCRIPTION
@@ -165,22 +165,50 @@ This module checks client IP against DNS BL.
 
 This module understands three options:
 .B log
-to log IP and connect date
+to log IP and connect date;
 .B reject
-to reject connections based on DNS BL
+to reject connections based on DNS BL;
 .B servers
 comma separated list of DNS BL servers to query
-against for rejecting connecting hosts
+against for rejecting connecting hosts.
+
+.TP
+.B pgsql
+This module performs a basic logging of IPs to a PostgreSQL database and
+can reject clients based on their IP. This module will not create tables
+for you, you have to create them like this:
+.RS
+.RS
+.nf
+CREATE TABLE ircd_conn (ip cidr, date timestamp);
+CREATE TABLE ircd_kline (ip cidr);
+.fi
+.RE
+Also, you have to populate ircd_kline with IPs by other means, this module
+will not do it for you. For performance sake, put the database on localhost.
+
+This module understands three options:
+.B log
+to log IP and connect date to database (into ircd_conn table);
+.B reject
+to reject connections based on IP (searching ircd_kline table);
+.B conn
+is the database connection string; it is taken verbatim and as such must be the
+last option.
+
+Queries are not configurable. If you need different tables, field names
+or queries, you have to edit the source.
 
 .SH EXAMPLE
 The following file will cause the IRC daemon to reject all connections
 originating from a system where an open proxy is running for hosts within
 *.fr and *.enserb.u-bordeaux.fr but not for other hosts matching
 *.u-bordeaux.fr.  For all connections, an ident lookup (RFC 1413) will be
-performed as well as checking for WWW proxy on port 8080 and 3128.
-In addition, every connection is authenticated with the LHEx
-server at IP-address 127.0.0.1. Client will be let in after ident and
-lhex are done but if socks or webproxy finds an open proxy, client will
+performed, inserting connection logs to postgres, querying postgres for
+banned IPs, as well as checking for WWW proxy on port 8080 and 3128 and
+querying DNSBL. In addition, every connection is authenticated with the LHEx
+server at IP-address 127.0.0.1. Client will be let in after ident, lhex and
+pgsql are done but if socks, webproxy or dnsbl finds an open proxy, client will
 be removed asap.
 
 .RS
@@ -190,6 +218,10 @@ module rfc931
 module lhex
         option = 127.0.0.1
 
+module pgsql
+        option = log,reject,conn=dbname=ircd password=secret host=localhost
+        reason = Denied access (SQL)
+
 delayed
 
 module socks

Diff for: doc/iauth.conf.example

@@ -1,7 +1,7 @@
 #
 # Default iauth configuration file
 #
-# $Id: iauth.conf.example,v 1.5 2014/08/25 14:08:57 bif Exp $
+# $Id: iauth.conf.example,v 1.6 2014/09/03 10:50:01 bif Exp $
 #
 
 # Important note: there must be one tab only before modules options.
@@ -15,6 +15,11 @@ notimeout
 # in order for a new user connection to be accepted
 required
 
+# Log connection to database and reject based on IP.
+#module pgsql
+#	option = log,reject,conn=dbname=ircd password=sikret
+#	reason = Denied access (SQL)
+
 # Perform ident lookups
 module rfc931
 

Diff for: iauth/a_conf.c

@@ -18,7 +18,7 @@
  */
 
 #ifndef lint
-static const volatile char rcsid[] = "@(#)$Id: a_conf.c,v 1.40 2014/08/25 14:08:57 bif Exp $";
+static const volatile char rcsid[] = "@(#)$Id: a_conf.c,v 1.41 2014/09/03 10:50:02 bif Exp $";
 #endif
 
 #include "os.h"
@@ -83,6 +83,9 @@ char	*conf_read(char *cfile)
 	Mlist[Mcnt++] = &Module_lhex;
 	Mlist[Mcnt++] = &Module_webproxy;
 	Mlist[Mcnt++] = &Module_dnsbl;
+#ifdef USE_PGSQL
+	Mlist[Mcnt++] = &Module_pgsql;
+#endif
 	Mlist[Mcnt] = NULL;
 
 	cfh = fopen((cfile) ? cfile : IAUTHCONF_PATH, "r");

Diff for: iauth/a_externs.h

@@ -34,3 +34,6 @@
 #include "mod_lhex_ext.h"
 #include "mod_webproxy_ext.h"
 #include "mod_dnsbl_ext.h"
+#ifdef USE_PGSQL
+# include "mod_pgsql_ext.h"
+#endif