X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/45be325cd2a8fcedc7fe71adbe70208d0d16aec2..dc83edfac4cf3f5725f7e1f8ba512a524953bce6:/src/newconf.c diff --git a/src/newconf.c b/src/newconf.c index 5e72684..ce954c4 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -28,6 +28,7 @@ #include "snomask.h" #include "blacklist.h" #include "sslproc.h" +#include "privilege.h" #define CF_TYPE(x) ((x) & CF_MTYPE) @@ -53,6 +54,7 @@ static struct alias_entry *yy_alias = NULL; static char *yy_blacklist_host = NULL; static char *yy_blacklist_reason = NULL; +static char *yy_privset_extends = NULL; static const char * conf_strtype(int type) @@ -261,7 +263,7 @@ conf_set_modules_module(void *data) #ifndef STATIC_MODULES char *m_bn; - m_bn = irc_basename((char *) data); + m_bn = rb_basename((char *) data); if(findmodule_byname(m_bn) != -1) return; @@ -306,23 +308,7 @@ static struct mode_table umode_table[] = { static struct mode_table oper_table[] = { {"encrypted", OPER_ENCRYPTED }, - {"local_kill", OPER_LOCKILL }, - {"global_kill", OPER_GLOBKILL|OPER_LOCKILL }, - {"remote", OPER_REMOTE }, - {"kline", OPER_KLINE }, - {"unkline", OPER_UNKLINE }, - {"nick_changes", OPER_NICKS }, - {"rehash", OPER_REHASH }, - {"die", OPER_DIE }, - {"admin", OPER_ADMIN }, - {"hidden_admin", OPER_HADMIN }, - {"xline", OPER_XLINE }, - {"resv", OPER_RESV }, - {"operwall", OPER_OPERWALL }, - {"oper_spy", OPER_SPY }, - {"hidden_oper", OPER_INVIS }, - {"remoteban", OPER_REMOTEBAN }, - {"mass_notice", OPER_MASSNOTICE }, + {"need_ssl", OPER_NEEDSSL }, {NULL, 0} }; @@ -340,6 +326,7 @@ static struct mode_table auth_table[] = { {"no_tilde", CONF_FLAGS_NO_TILDE }, {"need_ident", CONF_FLAGS_NEED_IDENTD }, {"have_ident", CONF_FLAGS_NEED_IDENTD }, + {"need_ssl", CONF_FLAGS_NEED_SSL }, {"need_sasl", CONF_FLAGS_NEED_SASL }, {NULL, 0} }; @@ -448,6 +435,60 @@ set_modes_from_table(int *modes, const char *whatis, struct mode_table *tab, con } } +static void +conf_set_privset_extends(void *data) +{ + yy_privset_extends = rb_strdup((char *) data); +} + +static void +conf_set_privset_privs(void *data) +{ + char *privs = NULL; + conf_parm_t *args = data; + + for (; args; args = args->next) + { + if (privs == NULL) + privs = rb_strdup(args->v.string); + else + { + char *privs_old = privs; + + privs = rb_malloc(strlen(privs_old) + 1 + strlen(args->v.string) + 1); + strcpy(privs, privs_old); + strcat(privs, " "); + strcat(privs, args->v.string); + + rb_free(privs_old); + } + } + + if (privs) + { + if (yy_privset_extends) + { + struct PrivilegeSet *set = privilegeset_get(yy_privset_extends); + + if (!set) + { + conf_report_error("Warning -- unknown parent privilege set %s for %s; assuming defaults", yy_privset_extends, conf_cur_block_name); + + set = privilegeset_get("default"); + } + + privilegeset_extend(set, conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); + + rb_free(yy_privset_extends); + yy_privset_extends = NULL; + } + else + privilegeset_set_new(conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); + + rb_free(privs); + } +} + static int conf_begin_oper(struct TopConf *tc) { @@ -467,7 +508,7 @@ conf_begin_oper(struct TopConf *tc) } yy_oper = make_oper_conf(); - yy_oper->flags |= OPER_ENCRYPTED|OPER_RESV|OPER_OPERWALL|OPER_REMOTEBAN|OPER_MASSNOTICE; + yy_oper->flags |= OPER_ENCRYPTED; return 0; } @@ -504,6 +545,10 @@ conf_end_oper(struct TopConf *tc) return 0; } + + if (!yy_oper->privset) + yy_oper->privset = privilegeset_get("default"); + /* now, yy_oper_list contains a stack of oper_conf's with just user * and host in, yy_oper contains the rest of the information which * we need to copy into each element in yy_oper_list @@ -521,6 +566,7 @@ conf_end_oper(struct TopConf *tc) yy_tmpoper->flags = yy_oper->flags; yy_tmpoper->umodes = yy_oper->umodes; yy_tmpoper->snomask = yy_oper->snomask; + yy_tmpoper->privset = yy_oper->privset; #ifdef HAVE_LIBCRYPTO if(yy_oper->rsa_pubkey_file) @@ -569,6 +615,12 @@ conf_set_oper_flags(void *data) set_modes_from_table(&yy_oper->flags, "flag", oper_table, args); } +static void +conf_set_oper_privset(void *data) +{ + yy_oper->privset = privilegeset_get((char *) data); +} + static void conf_set_oper_user(void *data) { @@ -671,21 +723,33 @@ conf_set_class_ping_time(void *data) } static void -conf_set_class_cidr_bitlen(void *data) +conf_set_class_cidr_ipv4_bitlen(void *data) { + unsigned int maxsize = 32; + if(*(unsigned int *) data > maxsize) + conf_report_error + ("class::cidr_ipv4_bitlen argument exceeds maxsize (%d > %d) - ignoring.", + *(unsigned int *) data, maxsize); + else + yy_class->cidr_ipv4_bitlen = *(unsigned int *) data; + +} + #ifdef RB_IPV6 +static void +conf_set_class_cidr_ipv6_bitlen(void *data) +{ unsigned int maxsize = 128; -#else - unsigned int maxsize = 32; -#endif if(*(unsigned int *) data > maxsize) conf_report_error - ("class::cidr_bitlen argument exceeds maxsize (%d > %d) - ignoring.", + ("class::cidr_ipv6_bitlen argument exceeds maxsize (%d > %d) - ignoring.", *(unsigned int *) data, maxsize); else - yy_class->cidr_bitlen = *(unsigned int *) data; + yy_class->cidr_ipv6_bitlen = *(unsigned int *) data; } +#endif + static void conf_set_class_number_per_cidr(void *data) { @@ -846,7 +910,7 @@ conf_end_auth(struct TopConf *tc) collapse(yy_aconf->user); collapse(yy_aconf->host); conf_add_class_to_conf(yy_aconf); - add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf); + add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf->spasswd, yy_aconf); RB_DLINK_FOREACH_SAFE(ptr, next_ptr, yy_aconf_list.head) { @@ -855,6 +919,9 @@ conf_end_auth(struct TopConf *tc) if(yy_aconf->passwd) yy_tmp->passwd = rb_strdup(yy_aconf->passwd); + if(yy_aconf->spasswd) + yy_tmp->spasswd = rb_strdup(yy_aconf->spasswd); + /* this will always exist.. */ yy_tmp->name = rb_strdup(yy_aconf->name); @@ -869,7 +936,7 @@ conf_end_auth(struct TopConf *tc) conf_add_class_to_conf(yy_tmp); - add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp); + add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp->spasswd, yy_tmp); rb_dlinkDestroy(ptr, &yy_aconf_list); } @@ -909,6 +976,15 @@ conf_set_auth_user(void *data) rb_dlinkAddAlloc(yy_tmp, &yy_aconf_list); } +static void +conf_set_auth_auth_user(void *data) +{ + if(yy_aconf->spasswd) + memset(yy_aconf->spasswd, 0, strlen(yy_aconf->spasswd)); + rb_free(yy_aconf->spasswd); + yy_aconf->spasswd = rb_strdup(data); +} + static void conf_set_auth_passwd(void *data) { @@ -1167,13 +1243,6 @@ conf_end_connect(struct TopConf *tc) yy_server->flags &= ~SERVER_COMPRESSED; } #endif - if(ServerConfCompressed(yy_server) && ServerConfSSL(yy_server)) - { - conf_report_error("Ignoring compressed for connect block %s -- " - "ssl and compressed are mutually exclusive (OpenSSL does its own compression)", - yy_server->name); - yy_server->flags &= ~SERVER_COMPRESSED; - } add_server_conf(yy_server); rb_dlinkAdd(yy_server, &yy_server->node, &server_conf_list); @@ -1318,7 +1387,7 @@ conf_set_exempt_ip(void *data) yy_tmp->passwd = rb_strdup("*"); yy_tmp->host = rb_strdup(data); yy_tmp->status = CONF_EXEMPTDLINE; - add_conf_by_address(yy_tmp->host, CONF_EXEMPTDLINE, NULL, yy_tmp); + add_conf_by_address(yy_tmp->host, CONF_EXEMPTDLINE, NULL, NULL, yy_tmp); } static int @@ -1709,6 +1778,8 @@ conf_report_error(const char *fmt, ...) ierror("\"%s\", line %d: %s", current_file, lineno + 1, msg); sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s", current_file, lineno + 1, msg); + if (remote_rehash_oper_p) + sendto_one_notice(remote_rehash_oper_p, ":*** Notice -- \"%s\", line %d: %s", current_file, lineno + 1, msg); } int @@ -1754,7 +1825,7 @@ conf_set_generic_string(void *data, int len, void *location) char **loc = location; char *input = data; - if(len && strlen(input) > len) + if(len && strlen(input) > (unsigned int)len) input[len] = '\0'; rb_free(*loc); @@ -1955,16 +2026,27 @@ static struct ConfEntry conf_operator_table[] = { "rsa_public_key_file", CF_QSTRING, conf_set_oper_rsa_public_key_file, 0, NULL }, { "flags", CF_STRING | CF_FLIST, conf_set_oper_flags, 0, NULL }, { "umodes", CF_STRING | CF_FLIST, conf_set_oper_umodes, 0, NULL }, + { "privset", CF_QSTRING, conf_set_oper_privset, 0, NULL }, { "snomask", CF_QSTRING, conf_set_oper_snomask, 0, NULL }, { "user", CF_QSTRING, conf_set_oper_user, 0, NULL }, { "password", CF_QSTRING, conf_set_oper_password, 0, NULL }, { "\0", 0, NULL, 0, NULL } }; +static struct ConfEntry conf_privset_table[] = +{ + { "extends", CF_QSTRING, conf_set_privset_extends, 0, NULL }, + { "privs", CF_STRING | CF_FLIST, conf_set_privset_privs, 0, NULL }, + { "\0", 0, NULL, 0, NULL } +}; + static struct ConfEntry conf_class_table[] = { { "ping_time", CF_TIME, conf_set_class_ping_time, 0, NULL }, - { "cidr_bitlen", CF_INT, conf_set_class_cidr_bitlen, 0, NULL }, + { "cidr_ipv4_bitlen", CF_INT, conf_set_class_cidr_ipv4_bitlen, 0, NULL }, +#ifdef RB_IPV6 + { "cidr_ipv6_bitlen", CF_INT, conf_set_class_cidr_ipv6_bitlen, 0, NULL }, +#endif { "number_per_cidr", CF_INT, conf_set_class_number_per_cidr, 0, NULL }, { "number_per_ip", CF_INT, conf_set_class_number_per_ip, 0, NULL }, { "number_per_ip_global", CF_INT,conf_set_class_number_per_ip_global, 0, NULL }, @@ -1978,6 +2060,7 @@ static struct ConfEntry conf_class_table[] = static struct ConfEntry conf_auth_table[] = { { "user", CF_QSTRING, conf_set_auth_user, 0, NULL }, + { "auth_user", CF_QSTRING, conf_set_auth_auth_user, 0, NULL }, { "password", CF_QSTRING, conf_set_auth_passwd, 0, NULL }, { "class", CF_QSTRING, conf_set_auth_class, 0, NULL }, { "spoof", CF_QSTRING, conf_set_auth_spoof, 0, NULL }, @@ -2022,7 +2105,6 @@ static struct ConfEntry conf_general_table[] = { "kline_reason", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.kline_reason }, { "identify_service", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifyservice }, { "identify_command", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifycommand }, - { "servlink_path", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.servlink_path }, { "anti_spam_exit_message_time", CF_TIME, NULL, 0, &ConfigFileEntry.anti_spam_exit_message_time }, { "disable_fake_channels", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_fake_channels }, @@ -2051,7 +2133,6 @@ static struct ConfEntry conf_general_table[] = { "max_nick_time", CF_TIME, NULL, 0, &ConfigFileEntry.max_nick_time }, { "max_nick_changes", CF_INT, NULL, 0, &ConfigFileEntry.max_nick_changes }, { "max_targets", CF_INT, NULL, 0, &ConfigFileEntry.max_targets }, - { "max_unknown_ip", CF_INT, NULL, 0, &ConfigFileEntry.max_unknown_ip }, { "min_nonwildcard", CF_INT, NULL, 0, &ConfigFileEntry.min_nonwildcard }, { "nick_delay", CF_TIME, NULL, 0, &ConfigFileEntry.nick_delay }, { "no_oper_flood", CF_YESNO, NULL, 0, &ConfigFileEntry.no_oper_flood }, @@ -2063,6 +2144,8 @@ static struct ConfEntry conf_general_table[] = { "reject_after_count", CF_INT, NULL, 0, &ConfigFileEntry.reject_after_count }, { "reject_ban_time", CF_TIME, NULL, 0, &ConfigFileEntry.reject_ban_time }, { "reject_duration", CF_TIME, NULL, 0, &ConfigFileEntry.reject_duration }, + { "throttle_count", CF_INT, NULL, 0, &ConfigFileEntry.throttle_count }, + { "throttle_duration", CF_TIME, NULL, 0, &ConfigFileEntry.throttle_duration }, { "short_motd", CF_YESNO, NULL, 0, &ConfigFileEntry.short_motd }, { "stats_c_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_c_oper_only }, { "stats_e_disabled", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_e_disabled }, @@ -2121,6 +2204,7 @@ newconf_init() add_top_conf("log", NULL, NULL, conf_log_table); add_top_conf("operator", conf_begin_oper, conf_end_oper, conf_operator_table); add_top_conf("class", conf_begin_class, conf_end_class, conf_class_table); + add_top_conf("privset", NULL, NULL, conf_privset_table); add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL); add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port);