Add secure{} blocks

diff --git a/include/s_conf.h b/include/s_conf.h
index c804dd40c5cd7c3b108f454d2cee21034db0503f..be3a254da0586f3fa025a7e5747d60bc7a298fb3 100644 (file)
--- a/include/s_conf.h
+++ b/include/s_conf.h
@@ -84,6 +84,7 @@ struct ConfItem
 
 #define CONF_DLINE             0x020000
 #define CONF_EXEMPTDLINE       0x100000
+#define CONF_SECURE            0x200000
 
 #define IsIllegal(x)    ((x)->status & CONF_ILLEGAL)
 

diff --git a/ircd/hostmask.c b/ircd/hostmask.c
index cfbab79cb8d053a8bb0709ca4f4c0bac36068ccd..67d26b51c7d74e68a408820c89bb3d01a41602d8 100644 (file)
--- a/ircd/hostmask.c
+++ b/ircd/hostmask.c
@@ -646,7 +646,7 @@ clear_out_address_conf(void)
                        /* We keep the temporary K-lines and destroy the
                         * permanent ones, just to be confusing :) -A1kmm */
                        if(arec->aconf->flags & CONF_FLAGS_TEMPORARY ||
-                          (arec->type != CONF_CLIENT && arec->type != CONF_EXEMPTDLINE))
+                          (arec->type != CONF_CLIENT && arec->type != CONF_EXEMPTDLINE && arec->type != CONF_SECURE))
                        {
                                *store_next = arec;
                                store_next = &arec->next;
@@ -679,7 +679,7 @@ clear_out_address_conf_bans(void)
                        /* We keep the temporary K-lines and destroy the
                         * permanent ones, just to be confusing :) -A1kmm */
                        if(arec->aconf->flags & CONF_FLAGS_TEMPORARY ||
-                          (arec->type == CONF_CLIENT || arec->type == CONF_EXEMPTDLINE))
+                          (arec->type == CONF_CLIENT || arec->type == CONF_EXEMPTDLINE || arec->type == CONF_SECURE))
                        {
                                *store_next = arec;
                                store_next = &arec->next;

diff --git a/ircd/listener.c b/ircd/listener.c
index 2cd2e8a2e5770dc3e1be09f32cb1612f48a2fbfe..f7466295c230b267245d161b3fc03bc52c08f98c 100644 (file)
--- a/ircd/listener.c
+++ b/ircd/listener.c
@@ -541,6 +541,14 @@ add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, str
                SetSSL(new_client);
                SetSecure(new_client);
        }
+       else
+       {
+               struct ConfItem *aconf;
+               aconf = find_conf_by_address(NULL, NULL, NULL, sai, CONF_SECURE | 1, sai->sa_family, NULL, NULL);
+
+               if (aconf != NULL)
+                       SetSecure(new_client);
+       }
 
        if (listener->wsock)
        {

diff --git a/ircd/newconf.c b/ircd/newconf.c
index 5b03cd3882ed90e5edfa77eb5b8ca698296dde9d..3dc3ef6c5cacebe95f968c4263930f80bcec6182 100644 (file)
--- a/ircd/newconf.c
+++ b/ircd/newconf.c
@@ -1536,6 +1536,25 @@ conf_set_exempt_ip(void *data)
        add_conf_by_address(yy_tmp->host, CONF_EXEMPTDLINE, NULL, NULL, yy_tmp);
 }
 
+static void
+conf_set_secure_ip(void *data)
+{
+       struct ConfItem *yy_tmp;
+       int masktype = parse_netmask_strict(data, NULL, NULL);
+
+       if(masktype != HM_IPV4 && masktype != HM_IPV6)
+       {
+               conf_report_error("Ignoring secure -- invalid secure::ip.");
+               return;
+       }
+
+       yy_tmp = make_conf();
+       yy_tmp->passwd = rb_strdup("*");
+       yy_tmp->host = rb_strdup(data);
+       yy_tmp->status = CONF_SECURE;
+       add_conf_by_address(yy_tmp->host, CONF_SECURE, NULL, NULL, yy_tmp);
+}
+
 static int
 conf_cleanup_cluster(struct TopConf *tc)
 {
@@ -2894,6 +2913,9 @@ newconf_init()
        add_top_conf("exempt", NULL, NULL, NULL);
        add_conf_item("exempt", "ip", CF_QSTRING, conf_set_exempt_ip);
 
+       add_top_conf("secure", NULL, NULL, NULL);
+       add_conf_item("secure", "ip", CF_QSTRING, conf_set_secure_ip);
+
        add_top_conf("cluster", conf_cleanup_cluster, conf_cleanup_cluster, NULL);
        add_conf_item("cluster", "name", CF_QSTRING, conf_set_cluster_name);
        add_conf_item("cluster", "flags", CF_STRING | CF_FLIST, conf_set_cluster_flags);