X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/21c9d815d7293b2fa7e531e8f9f69db2e3399554..d3b22631c1a1258f658369629402b3625333f777:/src/newconf.c diff --git a/src/newconf.c b/src/newconf.c index e36882f..33bd7e0 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -11,9 +11,8 @@ #include "newconf.h" #include "ircd_defs.h" -#include "sprintf_irc.h" #include "common.h" -#include "s_log.h" +#include "logger.h" #include "s_conf.h" #include "s_user.h" #include "s_newconf.h" @@ -28,6 +27,8 @@ #include "ircd.h" #include "snomask.h" #include "blacklist.h" +#include "sslproc.h" +#include "privilege.h" #define CF_TYPE(x) ((x) & CF_MTYPE) @@ -53,6 +54,7 @@ static struct alias_entry *yy_alias = NULL; static char *yy_blacklist_host = NULL; static char *yy_blacklist_reason = NULL; +static char *yy_privset_extends = NULL; static const char * conf_strtype(int type) @@ -229,7 +231,7 @@ conf_set_serverinfo_network_name(void *data) static void conf_set_serverinfo_vhost(void *data) { - if(inetpton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0) + if(rb_inet_pton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0) { conf_report_error("Invalid netmask for server IPv4 vhost (%s)", (char *) data); return; @@ -241,8 +243,8 @@ conf_set_serverinfo_vhost(void *data) static void conf_set_serverinfo_vhost6(void *data) { -#ifdef IPV6 - if(inetpton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0) +#ifdef RB_IPV6 + if(rb_inet_pton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0) { conf_report_error("Invalid netmask for server IPv6 vhost (%s)", (char *) data); return; @@ -311,7 +313,6 @@ static struct mode_table oper_table[] = { {"remote", OPER_REMOTE }, {"kline", OPER_KLINE }, {"unkline", OPER_UNKLINE }, - {"gline", OPER_GLINE }, {"nick_changes", OPER_NICKS }, {"rehash", OPER_REHASH }, {"die", OPER_DIE }, @@ -333,7 +334,6 @@ static struct mode_table auth_table[] = { {"exceed_limit", CONF_FLAGS_NOLIMIT }, {"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL }, {"kline_exempt", CONF_FLAGS_EXEMPTKLINE }, - {"gline_exempt", CONF_FLAGS_EXEMPTGLINE }, {"flood_exempt", CONF_FLAGS_EXEMPTFLOOD }, {"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT }, {"shide_exempt", CONF_FLAGS_EXEMPTSHIDE }, @@ -351,6 +351,7 @@ static struct mode_table connect_table[] = { { "compressed", SERVER_COMPRESSED }, { "encrypted", SERVER_ENCRYPTED }, { "topicburst", SERVER_TB }, + { "ssl", SERVER_SSL }, { NULL, 0 }, }; @@ -374,6 +375,10 @@ static struct mode_table shared_table[] = { "kline", SHARED_PKLINE|SHARED_TKLINE }, { "xline", SHARED_PXLINE|SHARED_TXLINE }, { "resv", SHARED_PRESV|SHARED_TRESV }, + { "dline", SHARED_PDLINE|SHARED_TDLINE }, + { "tdline", SHARED_TDLINE }, + { "pdline", SHARED_PDLINE }, + { "undline", SHARED_UNDLINE }, { "tkline", SHARED_TKLINE }, { "unkline", SHARED_UNKLINE }, { "txline", SHARED_TXLINE }, @@ -445,6 +450,60 @@ set_modes_from_table(int *modes, const char *whatis, struct mode_table *tab, con } } +static void +conf_set_privset_extends(void *data) +{ + yy_privset_extends = rb_strdup((char *) data); +} + +static void +conf_set_privset_privs(void *data) +{ + char *privs = NULL; + conf_parm_t *args = data; + + for (; args; args = args->next) + { + if (privs == NULL) + privs = rb_strdup(args->v.string); + else + { + char *privs_old = privs; + + privs = rb_malloc(strlen(privs_old) + 1 + strlen(args->v.string) + 1); + strcpy(privs, privs_old); + strcat(privs, " "); + strcat(privs, args->v.string); + + rb_free(privs_old); + } + } + + if (privs) + { + if (yy_privset_extends) + { + struct PrivilegeSet *set = privilegeset_get(yy_privset_extends); + + if (!set) + { + conf_report_error("Warning -- unknown parent privilege set %s for %s; assuming defaults", yy_privset_extends, conf_cur_block_name); + + set = privilegeset_get("default"); + } + + privilegeset_extend(set, conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); + + rb_free(yy_privset_extends); + yy_privset_extends = NULL; + } + else + privilegeset_set_new(conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); + + rb_free(privs); + } +} + static int conf_begin_oper(struct TopConf *tc) { @@ -501,6 +560,10 @@ conf_end_oper(struct TopConf *tc) return 0; } + + if (!yy_oper->privset) + yy_oper->privset = privilegeset_get("default"); + /* now, yy_oper_list contains a stack of oper_conf's with just user * and host in, yy_oper contains the rest of the information which * we need to copy into each element in yy_oper_list @@ -518,6 +581,7 @@ conf_end_oper(struct TopConf *tc) yy_tmpoper->flags = yy_oper->flags; yy_tmpoper->umodes = yy_oper->umodes; yy_tmpoper->snomask = yy_oper->snomask; + yy_tmpoper->privset = yy_oper->privset; #ifdef HAVE_LIBCRYPTO if(yy_oper->rsa_pubkey_file) @@ -566,6 +630,12 @@ conf_set_oper_flags(void *data) set_modes_from_table(&yy_oper->flags, "flag", oper_table, args); } +static void +conf_set_oper_privset(void *data) +{ + yy_oper->privset = privilegeset_get((char *) data); +} + static void conf_set_oper_user(void *data) { @@ -670,7 +740,7 @@ conf_set_class_ping_time(void *data) static void conf_set_class_cidr_bitlen(void *data) { -#ifdef IPV6 +#ifdef RB_IPV6 unsigned int maxsize = 128; #else unsigned int maxsize = 32; @@ -744,8 +814,10 @@ conf_end_listen(struct TopConf *tc) return 0; } + + static void -conf_set_listen_port(void *data) +conf_set_listen_port_both(void *data, int ssl) { conf_parm_t *args = data; for (; args; args = args->next) @@ -758,28 +830,40 @@ conf_set_listen_port(void *data) } if(listener_address == NULL) { - add_listener(args->v.number, listener_address, AF_INET); -#ifdef IPV6 - add_listener(args->v.number, listener_address, AF_INET6); + add_listener(args->v.number, listener_address, AF_INET, ssl); +#ifdef RB_IPV6 + add_listener(args->v.number, listener_address, AF_INET6, ssl); #endif } else { int family; -#ifdef IPV6 +#ifdef RB_IPV6 if(strchr(listener_address, ':') != NULL) family = AF_INET6; else #endif family = AF_INET; - add_listener(args->v.number, listener_address, family); + add_listener(args->v.number, listener_address, family, ssl); } } } +static void +conf_set_listen_port(void *data) +{ + conf_set_listen_port_both(data, 0); +} + +static void +conf_set_listen_sslport(void *data) +{ + conf_set_listen_port_both(data, 1); +} + static void conf_set_listen_address(void *data) { @@ -829,7 +913,7 @@ conf_end_auth(struct TopConf *tc) collapse(yy_aconf->user); collapse(yy_aconf->host); conf_add_class_to_conf(yy_aconf); - add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf); + add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf->spasswd, yy_aconf); RB_DLINK_FOREACH_SAFE(ptr, next_ptr, yy_aconf_list.head) { @@ -838,6 +922,9 @@ conf_end_auth(struct TopConf *tc) if(yy_aconf->passwd) yy_tmp->passwd = rb_strdup(yy_aconf->passwd); + if(yy_aconf->spasswd) + yy_tmp->spasswd = rb_strdup(yy_aconf->spasswd); + /* this will always exist.. */ yy_tmp->name = rb_strdup(yy_aconf->name); @@ -852,7 +939,7 @@ conf_end_auth(struct TopConf *tc) conf_add_class_to_conf(yy_tmp); - add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp); + add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp->spasswd, yy_tmp); rb_dlinkDestroy(ptr, &yy_aconf_list); } @@ -892,6 +979,15 @@ conf_set_auth_user(void *data) rb_dlinkAddAlloc(yy_tmp, &yy_aconf_list); } +static void +conf_set_auth_auth_user(void *data) +{ + if(yy_aconf->spasswd) + memset(yy_aconf->spasswd, 0, strlen(yy_aconf->spasswd)); + rb_free(yy_aconf->spasswd); + yy_aconf->spasswd = rb_strdup(data); +} + static void conf_set_auth_passwd(void *data) { @@ -1150,6 +1246,13 @@ conf_end_connect(struct TopConf *tc) yy_server->flags &= ~SERVER_COMPRESSED; } #endif + if(ServerConfCompressed(yy_server) && ServerConfSSL(yy_server)) + { + conf_report_error("Ignoring compressed for connect block %s -- " + "ssl and compressed are mutually exclusive (OpenSSL does its own compression)", + yy_server->name); + yy_server->flags &= ~SERVER_COMPRESSED; + } add_server_conf(yy_server); rb_dlinkAdd(yy_server, &yy_server->node, &server_conf_list); @@ -1170,7 +1273,7 @@ conf_set_connect_host(void *data) static void conf_set_connect_vhost(void *data) { - if(inetpton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0) + if(rb_inet_pton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0) { conf_report_error("Invalid netmask for server vhost (%s)", (char *) data); @@ -1221,7 +1324,7 @@ conf_set_connect_aftype(void *data) if(strcasecmp(aft, "ipv4") == 0) yy_server->aftype = AF_INET; -#ifdef IPV6 +#ifdef RB_IPV6 else if(strcasecmp(aft, "ipv6") == 0) yy_server->aftype = AF_INET6; #endif @@ -1294,7 +1397,7 @@ conf_set_exempt_ip(void *data) yy_tmp->passwd = rb_strdup("*"); yy_tmp->host = rb_strdup(data); yy_tmp->status = CONF_EXEMPTDLINE; - add_conf_by_address(yy_tmp->host, CONF_EXEMPTDLINE, NULL, yy_tmp); + add_conf_by_address(yy_tmp->host, CONF_EXEMPTDLINE, NULL, NULL, yy_tmp); } static int @@ -1730,7 +1833,7 @@ conf_set_generic_string(void *data, int len, void *location) char **loc = location; char *input = data; - if(len && strlen(input) > len) + if(len && strlen(input) > (unsigned int)len) input[len] = '\0'; rb_free(*loc); @@ -1893,7 +1996,13 @@ static struct ConfEntry conf_serverinfo_table[] = { "vhost", CF_QSTRING, conf_set_serverinfo_vhost, 0, NULL }, { "vhost6", CF_QSTRING, conf_set_serverinfo_vhost6, 0, NULL }, - { "max_clients", CF_INT, NULL, 0, &ServerInfo.max_clients }, + { "ssl_private_key", CF_QSTRING, NULL, 0, &ServerInfo.ssl_private_key }, + { "ssl_ca_cert", CF_QSTRING, NULL, 0, &ServerInfo.ssl_ca_cert }, + { "ssl_cert", CF_QSTRING, NULL, 0, &ServerInfo.ssl_cert }, + { "ssl_dh_params", CF_QSTRING, NULL, 0, &ServerInfo.ssl_dh_params }, + { "ssld_count", CF_INT, NULL, 0, &ServerInfo.ssld_count }, + + { "default_max_clients",CF_INT, NULL, 0, &ServerInfo.default_max_clients }, { "\0", 0, NULL, 0, NULL } }; @@ -1914,7 +2023,6 @@ static struct ConfEntry conf_log_table[] = { "fname_foperlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_foperlog }, { "fname_serverlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_serverlog }, { "fname_killlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_killlog }, - { "fname_glinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_glinelog }, { "fname_klinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_klinelog }, { "fname_operspylog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_operspylog }, { "fname_ioerrorlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_ioerrorlog }, @@ -1926,12 +2034,20 @@ static struct ConfEntry conf_operator_table[] = { "rsa_public_key_file", CF_QSTRING, conf_set_oper_rsa_public_key_file, 0, NULL }, { "flags", CF_STRING | CF_FLIST, conf_set_oper_flags, 0, NULL }, { "umodes", CF_STRING | CF_FLIST, conf_set_oper_umodes, 0, NULL }, + { "privset", CF_QSTRING, conf_set_oper_privset, 0, NULL }, { "snomask", CF_QSTRING, conf_set_oper_snomask, 0, NULL }, { "user", CF_QSTRING, conf_set_oper_user, 0, NULL }, { "password", CF_QSTRING, conf_set_oper_password, 0, NULL }, { "\0", 0, NULL, 0, NULL } }; +static struct ConfEntry conf_privset_table[] = +{ + { "extends", CF_QSTRING, conf_set_privset_extends, 0, NULL }, + { "privs", CF_STRING | CF_FLIST, conf_set_privset_privs, 0, NULL }, + { "\0", 0, NULL, 0, NULL } +}; + static struct ConfEntry conf_class_table[] = { { "ping_time", CF_TIME, conf_set_class_ping_time, 0, NULL }, @@ -1949,6 +2065,7 @@ static struct ConfEntry conf_class_table[] = static struct ConfEntry conf_auth_table[] = { { "user", CF_QSTRING, conf_set_auth_user, 0, NULL }, + { "auth_user", CF_QSTRING, conf_set_auth_auth_user, 0, NULL }, { "password", CF_QSTRING, conf_set_auth_passwd, 0, NULL }, { "class", CF_QSTRING, conf_set_auth_class, 0, NULL }, { "spoof", CF_QSTRING, conf_set_auth_spoof, 0, NULL }, @@ -1993,7 +2110,6 @@ static struct ConfEntry conf_general_table[] = { "kline_reason", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.kline_reason }, { "identify_service", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifyservice }, { "identify_command", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifycommand }, - { "servlink_path", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.servlink_path }, { "anti_spam_exit_message_time", CF_TIME, NULL, 0, &ConfigFileEntry.anti_spam_exit_message_time }, { "disable_fake_channels", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_fake_channels }, @@ -2012,10 +2128,6 @@ static struct ConfEntry conf_general_table[] = { "disable_auth", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_auth }, { "dots_in_ident", CF_INT, NULL, 0, &ConfigFileEntry.dots_in_ident }, { "failed_oper_notice", CF_YESNO, NULL, 0, &ConfigFileEntry.failed_oper_notice }, - { "glines", CF_YESNO, NULL, 0, &ConfigFileEntry.glines }, - { "gline_min_cidr", CF_INT, NULL, 0, &ConfigFileEntry.gline_min_cidr }, - { "gline_min_cidr6", CF_INT, NULL, 0, &ConfigFileEntry.gline_min_cidr6 }, - { "gline_time", CF_TIME, NULL, 0, &ConfigFileEntry.gline_time }, { "global_snotices", CF_YESNO, NULL, 0, &ConfigFileEntry.global_snotices }, { "hide_spoof_ips", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_spoof_ips }, { "dline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.dline_with_reason }, @@ -2026,7 +2138,6 @@ static struct ConfEntry conf_general_table[] = { "max_nick_time", CF_TIME, NULL, 0, &ConfigFileEntry.max_nick_time }, { "max_nick_changes", CF_INT, NULL, 0, &ConfigFileEntry.max_nick_changes }, { "max_targets", CF_INT, NULL, 0, &ConfigFileEntry.max_targets }, - { "max_unknown_ip", CF_INT, NULL, 0, &ConfigFileEntry.max_unknown_ip }, { "min_nonwildcard", CF_INT, NULL, 0, &ConfigFileEntry.min_nonwildcard }, { "nick_delay", CF_TIME, NULL, 0, &ConfigFileEntry.nick_delay }, { "no_oper_flood", CF_YESNO, NULL, 0, &ConfigFileEntry.no_oper_flood }, @@ -2038,6 +2149,8 @@ static struct ConfEntry conf_general_table[] = { "reject_after_count", CF_INT, NULL, 0, &ConfigFileEntry.reject_after_count }, { "reject_ban_time", CF_TIME, NULL, 0, &ConfigFileEntry.reject_ban_time }, { "reject_duration", CF_TIME, NULL, 0, &ConfigFileEntry.reject_duration }, + { "throttle_count", CF_INT, NULL, 0, &ConfigFileEntry.throttle_count }, + { "throttle_duration", CF_TIME, NULL, 0, &ConfigFileEntry.throttle_duration }, { "short_motd", CF_YESNO, NULL, 0, &ConfigFileEntry.short_motd }, { "stats_c_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_c_oper_only }, { "stats_e_disabled", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_e_disabled }, @@ -2096,9 +2209,11 @@ newconf_init() add_top_conf("log", NULL, NULL, conf_log_table); add_top_conf("operator", conf_begin_oper, conf_end_oper, conf_operator_table); add_top_conf("class", conf_begin_class, conf_end_class, conf_class_table); + add_top_conf("privset", NULL, NULL, conf_privset_table); add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL); add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port); + add_conf_item("listen", "sslport", CF_INT | CF_FLIST, conf_set_listen_sslport); add_conf_item("listen", "ip", CF_QSTRING, conf_set_listen_address); add_conf_item("listen", "host", CF_QSTRING, conf_set_listen_address);