X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/0cca1f52c46ee9e258ac9a41118d1a12935138ea..4b4fc78cfba459be6bd20cbaafff3f0606ae4116:/src/s_conf.c diff --git a/src/s_conf.c b/src/s_conf.c index e34a77e..b03a130 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -28,30 +28,34 @@ #include "ircd_defs.h" #include "s_conf.h" #include "s_newconf.h" +#include "newconf.h" #include "s_serv.h" +#include "s_user.h" #include "s_stats.h" #include "channel.h" #include "class.h" #include "client.h" #include "common.h" #include "hash.h" -#include "irc_string.h" -#include "sprintf_irc.h" +#include "match.h" #include "ircd.h" #include "listener.h" #include "hostmask.h" #include "modules.h" #include "numeric.h" -#include "s_log.h" +#include "logger.h" #include "send.h" -#include "s_gline.h" #include "reject.h" #include "cache.h" #include "blacklist.h" +#include "privilege.h" +#include "sslproc.h" +#include "bandbi.h" +#include "operhash.h" struct config_server_hide ConfigServerHide; -extern int yyparse(); /* defined in y.tab.c */ +extern int yyparse(void); /* defined in y.tab.c */ extern char linebuf[]; #ifndef INADDR_NONE @@ -60,6 +64,8 @@ extern char linebuf[]; static rb_bh *confitem_heap = NULL; +rb_dlink_list prop_bans; + rb_dlink_list temp_klines[LAST_TEMP_TYPE]; rb_dlink_list temp_dlines[LAST_TEMP_TYPE]; rb_dlink_list service_list; @@ -70,6 +76,7 @@ static void validate_conf(void); static void read_conf(FILE *); static void clear_out_old_conf(void); +static void expire_prop_bans(void *list); static void expire_temp_kd(void *list); static void reorganise_temp_kd(void *list); @@ -84,6 +91,8 @@ init_s_conf(void) { confitem_heap = rb_bh_create(sizeof(struct ConfItem), CONFITEM_HEAP_SIZE, "confitem_heap"); + rb_event_addish("expire_prop_bans", expire_prop_bans, &prop_bans, 60); + rb_event_addish("expire_temp_klines", expire_temp_kd, &temp_klines[TEMP_MIN], 60); rb_event_addish("expire_temp_dlines", expire_temp_kd, &temp_dlines[TEMP_MIN], 60); @@ -140,11 +149,15 @@ free_conf(struct ConfItem *aconf) rb_free(aconf->passwd); rb_free(aconf->spasswd); - rb_free(aconf->name); rb_free(aconf->className); rb_free(aconf->user); rb_free(aconf->host); + if(IsConfBan(aconf)) + operhash_delete(aconf->info.oper); + else + rb_free(aconf->info.name); + rb_bh_free(confitem_heap, aconf); } @@ -194,7 +207,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost); - ServerStats->is_ref++; + ServerStats.is_ref++; exit_client(client_p, source_p, &me, "Too many host connections (local)"); break; @@ -208,7 +221,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost); - ServerStats->is_ref++; + ServerStats.is_ref++; exit_client(client_p, source_p, &me, "Too many host connections (global)"); break; @@ -222,7 +235,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost); - ServerStats->is_ref++; + ServerStats.is_ref++; exit_client(client_p, source_p, &me, "Too many user connections (global)"); break; @@ -237,7 +250,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost); - ServerStats->is_ref++; + ServerStats.is_ref++; exit_client(client_p, source_p, &me, "No more connections allowed in your connection class"); break; @@ -245,20 +258,20 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern case NOT_AUTHORISED: { int port = -1; -#ifdef IPV6 +#ifdef RB_IPV6 if(source_p->localClient->ip.ss_family == AF_INET6) port = ntohs(((struct sockaddr_in6 *)&source_p->localClient->listener->addr)->sin6_port); else #endif port = ntohs(((struct sockaddr_in *)&source_p->localClient->listener->addr)->sin_port); - ServerStats->is_ref++; + ServerStats.is_ref++; /* jdc - lists server name & port connections are on */ /* a purely cosmetical change */ /* why ipaddr, and not just source_p->sockhost? --fl */ #if 0 static char ipaddr[HOSTIPLEN]; - inetntop_sock(&source_p->localClient->ip, ipaddr, sizeof(ipaddr)); + rb_inet_ntop_sock(&source_p->localClient->ip, ipaddr, sizeof(ipaddr)); #endif sendto_realops_snomask(SNO_UNAUTH, L_ALL, "Unauthorised client connection from " @@ -280,7 +293,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern } case BANNED_CLIENT: exit_client(client_p, client_p, &me, "*** Banned "); - ServerStats->is_ref++; + ServerStats.is_ref++; break; case 0: @@ -309,16 +322,18 @@ verify_access(struct Client *client_p, const char *username) aconf = find_address_conf(client_p->host, client_p->sockhost, client_p->username, client_p->username, (struct sockaddr *) &client_p->localClient->ip, - client_p->localClient->ip.ss_family); + client_p->localClient->ip.ss_family, + client_p->localClient->auth_user); } else { - strlcpy(non_ident, "~", sizeof(non_ident)); - strlcat(non_ident, username, sizeof(non_ident)); + rb_strlcpy(non_ident, "~", sizeof(non_ident)); + rb_strlcat(non_ident, username, sizeof(non_ident)); aconf = find_address_conf(client_p->host, client_p->sockhost, non_ident, client_p->username, (struct sockaddr *) &client_p->localClient->ip, - client_p->localClient->ip.ss_family); + client_p->localClient->ip.ss_family, + client_p->localClient->auth_user); } if(aconf == NULL) @@ -329,7 +344,7 @@ verify_access(struct Client *client_p, const char *username) if(aconf->flags & CONF_FLAGS_REDIR) { sendto_one_numeric(client_p, RPL_REDIR, form_str(RPL_REDIR), - aconf->name ? aconf->name : "", aconf->port); + aconf->info.name ? aconf->info.name : "", aconf->port); return (NOT_AUTHORISED); } @@ -346,47 +361,34 @@ verify_access(struct Client *client_p, const char *username) sendto_realops_snomask(SNO_GENERAL, L_ALL, "%s spoofing: %s as %s", client_p->name, - show_ip(NULL, client_p) ? client_p->host : aconf->name, - aconf->name); + show_ip(NULL, client_p) ? client_p->host : aconf->info.name, + aconf->info.name); } /* user@host spoof */ - if((p = strchr(aconf->name, '@')) != NULL) + if((p = strchr(aconf->info.name, '@')) != NULL) { char *host = p+1; *p = '\0'; - strlcpy(client_p->username, aconf->name, + rb_strlcpy(client_p->username, aconf->info.name, sizeof(client_p->username)); - strlcpy(client_p->host, host, + rb_strlcpy(client_p->host, host, sizeof(client_p->host)); *p = '@'; } else - strlcpy(client_p->host, aconf->name, sizeof(client_p->host)); + rb_strlcpy(client_p->host, aconf->info.name, sizeof(client_p->host)); } return (attach_iline(client_p, aconf)); } else if(aconf->status & CONF_KILL) { - if(ConfigFileEntry.kline_with_reason) - { - sendto_one(client_p, - form_str(ERR_YOUREBANNEDCREEP), - me.name, client_p->name, aconf->passwd); - } - add_reject(client_p, aconf->user, aconf->host); - return (BANNED_CLIENT); - } - else if(aconf->status & CONF_GLINE) - { - sendto_one_notice(client_p, ":*** G-lined"); - if(ConfigFileEntry.kline_with_reason) sendto_one(client_p, form_str(ERR_YOUREBANNEDCREEP), - me.name, client_p->name, aconf->passwd); - + me.name, client_p->name, + get_user_ban_reason(aconf)); add_reject(client_p, aconf->user, aconf->host); return (BANNED_CLIENT); } @@ -408,32 +410,38 @@ static int add_ip_limit(struct Client *client_p, struct ConfItem *aconf) { rb_patricia_node_t *pnode; + int bitlen; /* If the limits are 0 don't do anything.. */ - if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0) + if(ConfCidrAmount(aconf) == 0 + || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0)) return -1; pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip); + if(GET_SS_FAMILY(&client_p->localClient->ip) == AF_INET) + bitlen = ConfCidrIpv4Bitlen(aconf); + else + bitlen = ConfCidrIpv6Bitlen(aconf); + if(pnode == NULL) - pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, ConfCidrBitlen(aconf)); + pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, bitlen); s_assert(pnode != NULL); if(pnode != NULL) { - if(((long) pnode->data) >= ConfCidrAmount(aconf) - && !IsConfExemptLimits(aconf)) + if(((intptr_t)pnode->data) >= ConfCidrAmount(aconf) && !IsConfExemptLimits(aconf)) { /* This should only happen if the limits are set to 0 */ - if((unsigned long) pnode->data == 0) + if((intptr_t)pnode->data == 0) { rb_patricia_remove(ConfIpLimits(aconf), pnode); } return (0); } - pnode->data++; + pnode->data = (void *)(((intptr_t)pnode->data) + 1); } return 1; } @@ -444,15 +452,16 @@ remove_ip_limit(struct Client *client_p, struct ConfItem *aconf) rb_patricia_node_t *pnode; /* If the limits are 0 don't do anything.. */ - if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0) + if(ConfCidrAmount(aconf) == 0 + || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0)) return; pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip); if(pnode == NULL) return; - pnode->data--; - if(((unsigned long) pnode->data) == 0) + pnode->data = (void *)(((intptr_t)pnode->data) - 1); + if(((intptr_t)pnode->data) == 0) { rb_patricia_remove(ConfIpLimits(aconf), pnode); } @@ -628,71 +637,18 @@ rehash(int sig) read_conf_files(NO); if(ServerInfo.description != NULL) - strlcpy(me.info, ServerInfo.description, sizeof(me.info)); + rb_strlcpy(me.info, ServerInfo.description, sizeof(me.info)); else - strlcpy(me.info, "unknown", sizeof(me.info)); + rb_strlcpy(me.info, "unknown", sizeof(me.info)); open_logfiles(); return (0); } -static struct banconf_entry -{ - const char **filename; - void (*func) (FILE *); - int perm; -} banconfs[] = { - { &ConfigFileEntry.klinefile, parse_k_file, 0 }, - { &ConfigFileEntry.klinefile, parse_k_file, 1 }, - { &ConfigFileEntry.dlinefile, parse_d_file, 0 }, - { &ConfigFileEntry.dlinefile, parse_d_file, 1 }, - { &ConfigFileEntry.xlinefile, parse_x_file, 0 }, - { &ConfigFileEntry.xlinefile, parse_x_file, 1 }, - { &ConfigFileEntry.resvfile, parse_resv_file,0 }, - { &ConfigFileEntry.resvfile, parse_resv_file,1 }, - { NULL, NULL, 0 } -}; - void rehash_bans(int sig) { - FILE *file; - char buf[MAXPATHLEN]; - int i; - - if(sig != 0) - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Got signal SIGUSR2, reloading ban confs"); - - clear_out_address_conf_bans(); - clear_s_newconf_bans(); - - for(i = 0; banconfs[i].filename; i++) - { - if(banconfs[i].perm) - snprintf(buf, sizeof(buf), "%s.perm", *banconfs[i].filename); - else - snprintf(buf, sizeof(buf), "%s", *banconfs[i].filename); - - if((file = fopen(buf, "r")) == NULL) - { - if(banconfs[i].perm) - continue; - - ilog(L_MAIN, "Failed reading ban file %s", - *banconfs[i].filename); - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Can't open %s file bans could be missing!", - *banconfs[i].filename); - } - else - { - (banconfs[i].func)(file); - fclose(file); - } - } - - check_banned_lines(); + bandb_rehash_bans(); } /* @@ -718,10 +674,12 @@ set_default_conf(void) ServerInfo.description = NULL; ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT); ServerInfo.network_desc = rb_strdup(NETWORK_DESC_DEFAULT); + ServerInfo.helpchan = rb_strdup(""); + ServerInfo.helpurl = rb_strdup(""); memset(&ServerInfo.ip, 0, sizeof(ServerInfo.ip)); ServerInfo.specific_ipv4_vhost = 0; -#ifdef IPV6 +#ifdef RB_IPV6 memset(&ServerInfo.ip6, 0, sizeof(ServerInfo.ip6)); ServerInfo.specific_ipv6_vhost = 0; #endif @@ -734,6 +692,8 @@ set_default_conf(void) ConfigFileEntry.default_operstring = rb_strdup("is an IRC operator"); ConfigFileEntry.default_adminstring = rb_strdup("is a Server Administrator"); + ConfigFileEntry.default_operhost = rb_strdup(""); + ConfigFileEntry.static_quit = rb_strdup(""); ConfigFileEntry.servicestring = rb_strdup("is a Network Service"); ConfigFileEntry.default_umodes = UMODE_INVISIBLE; @@ -747,6 +707,7 @@ set_default_conf(void) ConfigFileEntry.nick_delay = 900; /* 15 minutes */ ConfigFileEntry.target_change = YES; ConfigFileEntry.anti_spam_exit_message_time = 0; + ConfigFileEntry.use_part_messages = YES; ConfigFileEntry.ts_warn_delta = TS_WARN_DELTA_DEFAULT; ConfigFileEntry.ts_max_delta = TS_MAX_DELTA_DEFAULT; ConfigFileEntry.client_exit = YES; @@ -770,31 +731,28 @@ set_default_conf(void) ConfigFileEntry.pace_wait_simple = 1; ConfigFileEntry.short_motd = NO; ConfigFileEntry.no_oper_flood = NO; + ConfigFileEntry.true_no_oper_flood = NO; ConfigFileEntry.fname_userlog = NULL; ConfigFileEntry.fname_fuserlog = NULL; ConfigFileEntry.fname_operlog = NULL; ConfigFileEntry.fname_foperlog = NULL; ConfigFileEntry.fname_serverlog = NULL; - ConfigFileEntry.fname_glinelog = NULL; ConfigFileEntry.fname_klinelog = NULL; ConfigFileEntry.fname_operspylog = NULL; ConfigFileEntry.fname_ioerrorlog = NULL; - ConfigFileEntry.glines = NO; ConfigFileEntry.use_egd = NO; - ConfigFileEntry.gline_time = 12 * 3600; - ConfigFileEntry.gline_min_cidr = 16; - ConfigFileEntry.gline_min_cidr6 = 48; ConfigFileEntry.hide_spoof_ips = YES; ConfigFileEntry.hide_error_messages = 1; ConfigFileEntry.dots_in_ident = 0; ConfigFileEntry.max_targets = MAX_TARGETS_DEFAULT; - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); ConfigFileEntry.egdpool_path = NULL; ConfigFileEntry.use_whois_actually = YES; ConfigFileEntry.burst_away = NO; ConfigFileEntry.collision_fnc = YES; ConfigFileEntry.global_snotices = YES; ConfigFileEntry.operspy_dont_care_user_info = NO; + ConfigFileEntry.use_propagated_bans = YES; + ConfigFileEntry.secret_channels_in_whois = NO; #ifdef HAVE_LIBZ ConfigFileEntry.compression_level = 4; @@ -805,15 +763,23 @@ set_default_conf(void) ConfigFileEntry.oper_only_umodes = UMODE_SERVNOTICE; ConfigFileEntry.oper_snomask = SNO_GENERAL; + ConfigChannel.autochanmodes = rb_strdup("nt"); + ConfigChannel.exemptchanops = rb_strdup(""); + ConfigChannel.use_halfop = YES; + ConfigChannel.use_admin = YES; ConfigChannel.use_except = YES; ConfigChannel.use_invex = YES; ConfigChannel.use_knock = YES; ConfigChannel.use_forward = YES; + ConfigChannel.use_local_channels = YES; ConfigChannel.knock_delay = 300; ConfigChannel.knock_delay_channel = 60; ConfigChannel.max_chans_per_user = 15; ConfigChannel.max_bans = 25; ConfigChannel.max_bans_large = 500; + ConfigChannel.only_ascii_channels = NO; + ConfigChannel.cycle_host_change = YES; + ConfigChannel.host_in_topic = YES; ConfigChannel.burst_topicwho = NO; ConfigChannel.kick_on_split_riding = NO; @@ -821,6 +787,16 @@ set_default_conf(void) ConfigChannel.default_split_server_count = 10; ConfigChannel.no_join_on_split = NO; ConfigChannel.no_create_on_split = YES; + ConfigChannel.resv_forcepart = YES; + ConfigChannel.kick_no_rejoin_time = 30; + + ConfigChannel.exempt_cmode_c = NO; + ConfigChannel.exempt_cmode_C = NO; + ConfigChannel.exempt_cmode_D = NO; + ConfigChannel.exempt_cmode_T = NO; + ConfigChannel.exempt_cmode_N = NO; + ConfigChannel.exempt_cmode_G = NO; + ConfigChannel.exempt_cmode_K = NO; ConfigServerHide.flatten_links = 0; ConfigServerHide.links_delay = 300; @@ -830,15 +806,21 @@ set_default_conf(void) ConfigFileEntry.min_nonwildcard = 4; ConfigFileEntry.min_nonwildcard_simple = 3; ConfigFileEntry.default_floodcount = 8; + ConfigFileEntry.default_ident_timeout = 5; ConfigFileEntry.client_flood = CLIENT_FLOOD_DEFAULT; ConfigFileEntry.tkline_expire_notices = 0; ConfigFileEntry.reject_after_count = 5; ConfigFileEntry.reject_ban_time = 300; ConfigFileEntry.reject_duration = 120; - ConfigFileEntry.max_unknown_ip = 2; + ConfigFileEntry.throttle_count = 4; + ConfigFileEntry.throttle_duration = 60; + ConfigFileEntry.expire_override_time = 300; + + ServerInfo.default_max_clients = MAXCONNECTIONS; - ServerInfo.max_clients = maxconnections - MAX_BUFFER; + if (!alias_dict) + alias_dict = irc_dictionary_create(strcasecmp); } #undef YES @@ -862,6 +844,7 @@ read_conf(FILE * file) validate_conf(); /* Check to make sure some values are still okay. */ /* Some global values are also loaded here. */ check_class(); /* Make sure classes are valid */ + privilegeset_delete_all_illegal(); } static void @@ -873,15 +856,32 @@ validate_conf(void) if(ConfigFileEntry.ts_max_delta < TS_MAX_DELTA_MIN) ConfigFileEntry.ts_max_delta = TS_MAX_DELTA_DEFAULT; - if(ConfigFileEntry.servlink_path == NULL) - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); - if(ServerInfo.network_name == NULL) ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT); if(ServerInfo.network_desc == NULL) ServerInfo.network_desc = rb_strdup(NETWORK_DESC_DEFAULT); + if(ServerInfo.ssld_count < 1) + ServerInfo.ssld_count = 1; + + if(!rb_setup_ssl_server(ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params)) + { + ilog(L_MAIN, "WARNING: Unable to setup SSL."); + ssl_ok = 0; + } else { + ssl_ok = 1; + send_new_ssl_certs(ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params); + } + + if(ServerInfo.ssld_count > get_ssld_count()) + { + int start = ServerInfo.ssld_count - get_ssld_count(); + /* start up additional ssld if needed */ + start_ssldaemon(start, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params); + + } + if((ConfigFileEntry.client_flood < CLIENT_FLOOD_MIN) || (ConfigFileEntry.client_flood > CLIENT_FLOOD_MAX)) ConfigFileEntry.client_flood = CLIENT_FLOOD_MAX; @@ -894,35 +894,52 @@ validate_conf(void) splitmode = 0; splitchecking = 0; } -} - -/* - * lookup_confhost - start DNS lookups of all hostnames in the conf - * line and convert an IP addresses in a.b.c.d number for to IP#s. - * - */ -/* - * conf_connect_allowed - * - * inputs - pointer to inaddr - * - int type ipv4 or ipv6 - * output - ban info or NULL - * side effects - none - */ -struct ConfItem * -conf_connect_allowed(struct sockaddr *addr, int aftype) -{ - struct ConfItem *aconf = find_dline(addr, aftype); - - /* DLINE exempt also gets you out of static limits/pacing... */ - if(aconf && (aconf->status & CONF_EXEMPTDLINE)) - return NULL; + if(!valid_hostname(ConfigFileEntry.default_operhost) && !EmptyString(ConfigFileEntry.default_operhost)) + { + conf_report_error("Warning -- invalid default_operhost specified, ignoring."); + ConfigFileEntry.default_operhost = rb_strdup(""); + } - if(aconf != NULL) - return aconf; + /* Parse the exemptchanops option and set the internal variables + * that we will use. */ + char * ech; - return NULL; + for(ech = ConfigChannel.exemptchanops; *ech; ech++) + { + if(*ech == 'c') + { + ConfigChannel.exempt_cmode_c = 1; + continue; + } + if(*ech == 'C') + { + ConfigChannel.exempt_cmode_C = 1; + continue; + } + if(*ech == 'D') + { + ConfigChannel.exempt_cmode_D = 1; + continue; + } + if(*ech == 'T') + { + ConfigChannel.exempt_cmode_T = 1; + continue; + } + if(*ech == 'N') + { + ConfigChannel.exempt_cmode_N = 1; + continue; + } + if(*ech == 'G') + { + ConfigChannel.exempt_cmode_G = 1; + continue; + } + if(*ech == 'K') + ConfigChannel.exempt_cmode_K = 1; + } } /* add_temp_kline() @@ -957,7 +974,7 @@ add_temp_kline(struct ConfItem *aconf) } aconf->flags |= CONF_FLAGS_TEMPORARY; - add_conf_by_address(aconf->host, CONF_KILL, aconf->user, aconf); + add_conf_by_address(aconf->host, CONF_KILL, aconf->user, NULL, aconf); } /* add_temp_dline() @@ -991,7 +1008,193 @@ add_temp_dline(struct ConfItem *aconf) } aconf->flags |= CONF_FLAGS_TEMPORARY; - add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, aconf); + add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, NULL, aconf); +} + +/* valid_wild_card() + * + * input - user buffer, host buffer + * output - 0 if invalid, 1 if valid + * side effects - + */ +int +valid_wild_card(const char *luser, const char *lhost) +{ + const char *p; + char tmpch; + int nonwild = 0; + int bitlen; + + /* user has no wildcards, always accept -- jilles */ + if(!strchr(luser, '?') && !strchr(luser, '*')) + return 1; + + /* check there are enough non wildcard chars */ + p = luser; + while((tmpch = *p++)) + { + if(!IsKWildChar(tmpch)) + { + /* found enough chars, return */ + if(++nonwild >= ConfigFileEntry.min_nonwildcard) + return 1; + } + } + + /* try host, as user didnt contain enough */ + /* special case for cidr masks -- jilles */ + if((p = strrchr(lhost, '/')) != NULL && IsDigit(p[1])) + { + bitlen = atoi(p + 1); + /* much like non-cidr for ipv6, rather arbitrary for ipv4 */ + if(bitlen > 0 + && bitlen >= + (strchr(lhost, ':') ? 4 * (ConfigFileEntry.min_nonwildcard - nonwild) : 6 - + 2 * nonwild)) + return 1; + } + else + { + p = lhost; + while((tmpch = *p++)) + { + if(!IsKWildChar(tmpch)) + if(++nonwild >= ConfigFileEntry.min_nonwildcard) + return 1; + } + } + + return 0; +} + +rb_dlink_node * +find_prop_ban(unsigned int status, const char *user, const char *host) +{ + rb_dlink_node *ptr; + struct ConfItem *aconf; + + RB_DLINK_FOREACH(ptr, prop_bans.head) + { + aconf = ptr->data; + + if((aconf->status & ~CONF_ILLEGAL) == status && + (!user || !aconf->user || + !irccmp(aconf->user, user)) && + !irccmp(aconf->host, host)) + return ptr; + } + return NULL; +} + +void +deactivate_conf(struct ConfItem *aconf, rb_dlink_node *ptr) +{ + int i; + + s_assert(ptr->data == aconf); + + switch (aconf->status) + { + case CONF_KILL: + if (aconf->lifetime == 0 && + aconf->flags & CONF_FLAGS_TEMPORARY) + for (i = 0; i < LAST_TEMP_TYPE; i++) + rb_dlinkFindDestroy(aconf, &temp_klines[i]); + /* Make sure delete_one_address_conf() does not + * free the aconf. + */ + aconf->clients++; + delete_one_address_conf(aconf->host, aconf); + aconf->clients--; + break; + case CONF_DLINE: + if (aconf->lifetime == 0 && + aconf->flags & CONF_FLAGS_TEMPORARY) + for (i = 0; i < LAST_TEMP_TYPE; i++) + rb_dlinkFindDestroy(aconf, &temp_dlines[i]); + aconf->clients++; + delete_one_address_conf(aconf->host, aconf); + aconf->clients--; + break; + case CONF_XLINE: + rb_dlinkFindDestroy(aconf, &xline_conf_list); + break; + case CONF_RESV_NICK: + rb_dlinkFindDestroy(aconf, &resv_conf_list); + break; + case CONF_RESV_CHANNEL: + del_from_resv_hash(aconf->host, aconf); + break; + } + if (aconf->lifetime != 0 && rb_current_time() < aconf->lifetime) + aconf->status |= CONF_ILLEGAL; + else + { + if (aconf->lifetime != 0) + rb_dlinkDestroy(ptr, &prop_bans); + free_conf(aconf); + } +} + +/* Given a new ban ConfItem, look for any matching ban, update the lifetime + * from it and delete it. + */ +void +replace_old_ban(struct ConfItem *aconf) +{ + rb_dlink_node *ptr; + struct ConfItem *oldconf; + + ptr = find_prop_ban(aconf->status, aconf->user, aconf->host); + if(ptr != NULL) + { + oldconf = ptr->data; + /* Remember at least as long as the old one. */ + if(oldconf->lifetime > aconf->lifetime) + aconf->lifetime = oldconf->lifetime; + /* Force creation time to increase. */ + if(oldconf->created >= aconf->created) + aconf->created = oldconf->created + 1; + /* Leave at least one second of validity. */ + if(aconf->hold <= aconf->created) + aconf->hold = aconf->created + 1; + if(aconf->lifetime < aconf->hold) + aconf->lifetime = aconf->hold; + /* Tell deactivate_conf() to destroy it. */ + oldconf->lifetime = rb_current_time(); + deactivate_conf(oldconf, ptr); + } +} + +static void +expire_prop_bans(void *list) +{ + rb_dlink_node *ptr; + rb_dlink_node *next_ptr; + struct ConfItem *aconf; + + RB_DLINK_FOREACH_SAFE(ptr, next_ptr, ((rb_dlink_list *) list)->head) + { + aconf = ptr->data; + + if(aconf->lifetime <= rb_current_time() || + (aconf->hold <= rb_current_time() && + !(aconf->status & CONF_ILLEGAL))) + { + /* Alert opers that a TKline expired - Hwy */ + /* XXX show what type of ban it is */ + if(ConfigFileEntry.tkline_expire_notices && + !(aconf->status & CONF_ILLEGAL)) + sendto_realops_snomask(SNO_GENERAL, L_ALL, + "Propagated ban for [%s%s%s] expired", + aconf->user ? aconf->user : "", + aconf->user ? "@" : "", + aconf->host ? aconf->host : "*"); + + /* will destroy or mark illegal */ + deactivate_conf(aconf, ptr); + } + } } /* expire_tkline() @@ -1112,7 +1315,7 @@ get_printable_conf(struct ConfItem *aconf, char **name, char **host, static char null[] = ""; static char zero[] = "default"; - *name = EmptyString(aconf->name) ? null : aconf->name; + *name = EmptyString(aconf->info.name) ? null : aconf->info.name; *host = EmptyString(aconf->host) ? null : aconf->host; *pass = EmptyString(aconf->passwd) ? null : aconf->passwd; *user = EmptyString(aconf->user) ? null : aconf->user; @@ -1120,21 +1323,55 @@ get_printable_conf(struct ConfItem *aconf, char **name, char **host, *port = (int) aconf->port; } +char * +get_user_ban_reason(struct ConfItem *aconf) +{ + static char reasonbuf[BUFSIZE]; + + if (aconf->flags & CONF_FLAGS_TEMPORARY && + (aconf->status == CONF_KILL || aconf->status == CONF_DLINE)) + rb_snprintf(reasonbuf, sizeof reasonbuf, + "Temporary %c-line %d min. - ", + aconf->status == CONF_DLINE ? 'D' : 'K', + (int)((aconf->hold - aconf->created) / 60)); + else + reasonbuf[0] = '\0'; + if (aconf->passwd) + rb_strlcat(reasonbuf, aconf->passwd, sizeof reasonbuf); + else + rb_strlcat(reasonbuf, "No Reason", sizeof reasonbuf); + if (aconf->created) + { + rb_strlcat(reasonbuf, " (", sizeof reasonbuf); + rb_strlcat(reasonbuf, smalldate(aconf->created), + sizeof reasonbuf); + rb_strlcat(reasonbuf, ")", sizeof reasonbuf); + } + return reasonbuf; +} + void get_printable_kline(struct Client *source_p, struct ConfItem *aconf, char **host, char **reason, char **user, char **oper_reason) { static char null[] = ""; + static char operreasonbuf[BUFSIZE]; *host = EmptyString(aconf->host) ? null : aconf->host; - *reason = EmptyString(aconf->passwd) ? null : aconf->passwd; *user = EmptyString(aconf->user) ? null : aconf->user; + *reason = get_user_ban_reason(aconf); - if(EmptyString(aconf->spasswd) || !IsOper(source_p)) + if(!IsOper(source_p)) *oper_reason = NULL; else - *oper_reason = aconf->spasswd; + { + rb_snprintf(operreasonbuf, sizeof operreasonbuf, "%s%s(%s)", + EmptyString(aconf->spasswd) ? "" : aconf->spasswd, + EmptyString(aconf->spasswd) ? "" : " ", + aconf->info.oper); + *oper_reason = operreasonbuf; + } } /* @@ -1151,7 +1388,7 @@ read_conf_files(int cold) conf_fbfile_in = NULL; - filename = get_conf_name(CONF_TYPE); + filename = ConfigFileEntry.configfile; /* We need to know the initial filename for the yyerror() to report FIXME: The full path is in conffilenamebuf first time since we @@ -1159,7 +1396,7 @@ read_conf_files(int cold) - Gozem 2002-07-21 */ - strlcpy(conffilebuf, filename, sizeof(conffilebuf)); + rb_strlcpy(conffilebuf, filename, sizeof(conffilebuf)); if((conf_fbfile_in = fopen(filename, "r")) == NULL) { @@ -1239,6 +1476,12 @@ clear_out_old_conf(void) ServerInfo.network_name = NULL; rb_free(ServerInfo.network_desc); ServerInfo.network_desc = NULL; + rb_free(ServerInfo.helpchan); + ServerInfo.helpchan = NULL; + rb_free(ServerInfo.helpurl); + ServerInfo.helpurl = NULL; + + ServerInfo.ssld_count = 1; /* clean out AdminInfo */ rb_free(AdminInfo.name); @@ -1257,8 +1500,8 @@ clear_out_old_conf(void) */ /* clean out general */ - rb_free(ConfigFileEntry.servlink_path); - ConfigFileEntry.servlink_path = NULL; + rb_free(ConfigFileEntry.kline_reason); + ConfigFileEntry.kline_reason = NULL; RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head) { @@ -1267,170 +1510,19 @@ clear_out_old_conf(void) } /* remove any aliases... -- nenolod */ - irc_dictionary_destroy(alias_dict, free_alias_cb, NULL); - alias_dict = NULL; - - destroy_blacklists(); - - /* OK, that should be everything... */ -} - - -/* write_confitem() - * - * inputs - kline, dline or resv type flag - * - client pointer to report to - * - user name of target - * - host name of target - * - reason for target - * - time string - * - type of xline - * output - NONE - * side effects - This function takes care of finding the right conf - * file and adding the line to it, as well as notifying - * opers and the user. - */ -void -write_confitem(KlineType type, struct Client *source_p, char *user, - char *host, const char *reason, const char *oper_reason, - const char *current_date, int xtype) -{ - char buffer[1024]; - FILE *out; - const char *filename; /* filename to use for kline */ - - filename = get_conf_name(type); - - if(type == KLINE_TYPE) + if (alias_dict != NULL) { - if(EmptyString(oper_reason)) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added K-Line for [%s@%s] [%s]", - get_oper_name(source_p), user, - host, reason); - ilog(L_KLINE, "K %s 0 %s %s %s", - get_oper_name(source_p), user, host, reason); - } - else - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added K-Line for [%s@%s] [%s|%s]", - get_oper_name(source_p), user, - host, reason, oper_reason); - ilog(L_KLINE, "K %s 0 %s %s %s|%s", - get_oper_name(source_p), user, host, - reason, oper_reason); - } - - sendto_one_notice(source_p, ":Added K-Line [%s@%s]", - user, host); + irc_dictionary_destroy(alias_dict, free_alias_cb, NULL); + alias_dict = NULL; } - else if(type == DLINE_TYPE) - { - if(EmptyString(oper_reason)) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added D-Line for [%s] [%s]", - get_oper_name(source_p), host, reason); - ilog(L_KLINE, "D %s 0 %s %s", - get_oper_name(source_p), host, reason); - } - else - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added D-Line for [%s] [%s|%s]", - get_oper_name(source_p), host, - reason, oper_reason); - ilog(L_KLINE, "D %s 0 %s %s|%s", - get_oper_name(source_p), host, - reason, oper_reason); - } - sendto_one_notice(source_p, ":Added D-Line [%s] to %s", host, filename); - - } - else if(type == RESV_TYPE) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added RESV for [%s] [%s]", - get_oper_name(source_p), host, reason); - ilog(L_KLINE, "R %s 0 %s %s", - get_oper_name(source_p), host, reason); - - sendto_one_notice(source_p, ":Added RESV for [%s] [%s]", - host, reason); - } - - if((out = fopen(filename, "a")) == NULL) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "*** Problem opening %s ", filename); - sendto_one_notice(source_p, ":*** Problem opening file, added temporarily only"); - return; - } - - if(oper_reason == NULL) - oper_reason = ""; - - if(type == KLINE_TYPE) - { - rb_snprintf(buffer, sizeof(buffer), - "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n", - user, host, reason, oper_reason, current_date, - get_oper_name(source_p), rb_current_time()); - } - else if(type == DLINE_TYPE) - { - rb_snprintf(buffer, sizeof(buffer), - "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n", host, - reason, oper_reason, current_date, get_oper_name(source_p), rb_current_time()); - } - else if(type == RESV_TYPE) - { - rb_snprintf(buffer, sizeof(buffer), "\"%s\",\"%s\",\"%s\",%ld\n", - host, reason, get_oper_name(source_p), rb_current_time()); - } + destroy_blacklists(); - if(fputs(buffer, out) == -1) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "*** Problem writing to %s", filename); - sendto_one_notice(source_p, ":*** Problem writing to file, added temporarily only"); - fclose(out); - return; - } + privilegeset_mark_all_illegal(); - if (fclose(out)) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "*** Problem writing to %s", filename); - sendto_one_notice(source_p, ":*** Problem writing to file, added temporarily only"); - return; - } + /* OK, that should be everything... */ } -/* get_conf_name - * - * inputs - type of conf file to return name of file for - * output - pointer to filename for type of conf - * side effects - none - */ -const char * -get_conf_name(KlineType type) -{ - if(type == CONF_TYPE) - { - return (ConfigFileEntry.configfile); - } - else if(type == DLINE_TYPE) - { - return (ConfigFileEntry.dlinefile); - } - else if(type == RESV_TYPE) - { - return (ConfigFileEntry.resvfile); - } - - return ConfigFileEntry.klinefile; -} /* * conf_add_class_to_conf @@ -1455,8 +1547,8 @@ conf_add_class_to_conf(struct ConfItem *aconf) { if(aconf->status == CONF_CLIENT) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Warning -- Using default class for missing class \"%s\" in auth{} for %s@%s", + conf_report_error( + "Using default class for missing class \"%s\" in auth{} for %s@%s", aconf->className, aconf->user, aconf->host); } @@ -1499,10 +1591,28 @@ conf_add_d_conf(struct ConfItem *aconf) } else { - add_conf_by_address(aconf->host, CONF_DLINE, NULL, aconf); + add_conf_by_address(aconf->host, CONF_DLINE, NULL, NULL, aconf); } } +static char * +strip_tabs(char *dest, const char *src, size_t len) +{ + char *d = dest; + + if(dest == NULL || src == NULL) + return NULL; + + rb_strlcpy(dest, src, len); + + while(*d) + { + if(*d == '\t') + *d = ' '; + d++; + } + return dest; +} /* * yyerror @@ -1516,12 +1626,12 @@ yyerror(const char *msg) { char newlinebuf[BUFSIZE]; - strip_tabs(newlinebuf, (const unsigned char *) linebuf, strlen(linebuf)); + strip_tabs(newlinebuf, linebuf, strlen(linebuf)); + ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); - ilog(L_MAIN, "\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); } int