X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/55eeaea101ce1d88287b0b4a41ccafb20e1cce57..1728a2acd0cc89dddb27ea92c4ff304e2f6b7a09:/src/newconf.c diff --git a/src/newconf.c b/src/newconf.c index e36882f..47f9569 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -11,9 +11,8 @@ #include "newconf.h" #include "ircd_defs.h" -#include "sprintf_irc.h" #include "common.h" -#include "s_log.h" +#include "logger.h" #include "s_conf.h" #include "s_user.h" #include "s_newconf.h" @@ -28,6 +27,7 @@ #include "ircd.h" #include "snomask.h" #include "blacklist.h" +#include "sslproc.h" #define CF_TYPE(x) ((x) & CF_MTYPE) @@ -229,7 +229,7 @@ conf_set_serverinfo_network_name(void *data) static void conf_set_serverinfo_vhost(void *data) { - if(inetpton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0) + if(rb_inet_pton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0) { conf_report_error("Invalid netmask for server IPv4 vhost (%s)", (char *) data); return; @@ -241,8 +241,8 @@ conf_set_serverinfo_vhost(void *data) static void conf_set_serverinfo_vhost6(void *data) { -#ifdef IPV6 - if(inetpton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0) +#ifdef RB_IPV6 + if(rb_inet_pton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0) { conf_report_error("Invalid netmask for server IPv6 vhost (%s)", (char *) data); return; @@ -311,7 +311,6 @@ static struct mode_table oper_table[] = { {"remote", OPER_REMOTE }, {"kline", OPER_KLINE }, {"unkline", OPER_UNKLINE }, - {"gline", OPER_GLINE }, {"nick_changes", OPER_NICKS }, {"rehash", OPER_REHASH }, {"die", OPER_DIE }, @@ -333,7 +332,6 @@ static struct mode_table auth_table[] = { {"exceed_limit", CONF_FLAGS_NOLIMIT }, {"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL }, {"kline_exempt", CONF_FLAGS_EXEMPTKLINE }, - {"gline_exempt", CONF_FLAGS_EXEMPTGLINE }, {"flood_exempt", CONF_FLAGS_EXEMPTFLOOD }, {"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT }, {"shide_exempt", CONF_FLAGS_EXEMPTSHIDE }, @@ -351,6 +349,7 @@ static struct mode_table connect_table[] = { { "compressed", SERVER_COMPRESSED }, { "encrypted", SERVER_ENCRYPTED }, { "topicburst", SERVER_TB }, + { "ssl", SERVER_SSL }, { NULL, 0 }, }; @@ -374,6 +373,10 @@ static struct mode_table shared_table[] = { "kline", SHARED_PKLINE|SHARED_TKLINE }, { "xline", SHARED_PXLINE|SHARED_TXLINE }, { "resv", SHARED_PRESV|SHARED_TRESV }, + { "dline", SHARED_PDLINE|SHARED_TDLINE }, + { "tdline", SHARED_TDLINE }, + { "pdline", SHARED_PDLINE }, + { "undline", SHARED_UNDLINE }, { "tkline", SHARED_TKLINE }, { "unkline", SHARED_UNKLINE }, { "txline", SHARED_TXLINE }, @@ -670,7 +673,7 @@ conf_set_class_ping_time(void *data) static void conf_set_class_cidr_bitlen(void *data) { -#ifdef IPV6 +#ifdef RB_IPV6 unsigned int maxsize = 128; #else unsigned int maxsize = 32; @@ -744,8 +747,10 @@ conf_end_listen(struct TopConf *tc) return 0; } + + static void -conf_set_listen_port(void *data) +conf_set_listen_port_both(void *data, int ssl) { conf_parm_t *args = data; for (; args; args = args->next) @@ -758,28 +763,40 @@ conf_set_listen_port(void *data) } if(listener_address == NULL) { - add_listener(args->v.number, listener_address, AF_INET); -#ifdef IPV6 - add_listener(args->v.number, listener_address, AF_INET6); + add_listener(args->v.number, listener_address, AF_INET, ssl); +#ifdef RB_IPV6 + add_listener(args->v.number, listener_address, AF_INET6, ssl); #endif } else { int family; -#ifdef IPV6 +#ifdef RB_IPV6 if(strchr(listener_address, ':') != NULL) family = AF_INET6; else #endif family = AF_INET; - add_listener(args->v.number, listener_address, family); + add_listener(args->v.number, listener_address, family, ssl); } } } +static void +conf_set_listen_port(void *data) +{ + conf_set_listen_port_both(data, 0); +} + +static void +conf_set_listen_sslport(void *data) +{ + conf_set_listen_port_both(data, 1); +} + static void conf_set_listen_address(void *data) { @@ -1150,6 +1167,13 @@ conf_end_connect(struct TopConf *tc) yy_server->flags &= ~SERVER_COMPRESSED; } #endif + if(ServerConfCompressed(yy_server) && ServerConfSSL(yy_server)) + { + conf_report_error("Ignoring compressed for connect block %s -- " + "ssl and compressed are mutually exclusive (OpenSSL does its own compression)", + yy_server->name); + yy_server->flags &= ~SERVER_COMPRESSED; + } add_server_conf(yy_server); rb_dlinkAdd(yy_server, &yy_server->node, &server_conf_list); @@ -1170,7 +1194,7 @@ conf_set_connect_host(void *data) static void conf_set_connect_vhost(void *data) { - if(inetpton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0) + if(rb_inet_pton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0) { conf_report_error("Invalid netmask for server vhost (%s)", (char *) data); @@ -1221,7 +1245,7 @@ conf_set_connect_aftype(void *data) if(strcasecmp(aft, "ipv4") == 0) yy_server->aftype = AF_INET; -#ifdef IPV6 +#ifdef RB_IPV6 else if(strcasecmp(aft, "ipv6") == 0) yy_server->aftype = AF_INET6; #endif @@ -1730,7 +1754,7 @@ conf_set_generic_string(void *data, int len, void *location) char **loc = location; char *input = data; - if(len && strlen(input) > len) + if(len && strlen(input) > (unsigned int)len) input[len] = '\0'; rb_free(*loc); @@ -1893,7 +1917,13 @@ static struct ConfEntry conf_serverinfo_table[] = { "vhost", CF_QSTRING, conf_set_serverinfo_vhost, 0, NULL }, { "vhost6", CF_QSTRING, conf_set_serverinfo_vhost6, 0, NULL }, - { "max_clients", CF_INT, NULL, 0, &ServerInfo.max_clients }, + { "ssl_private_key", CF_QSTRING, NULL, 0, &ServerInfo.ssl_private_key }, + { "ssl_ca_cert", CF_QSTRING, NULL, 0, &ServerInfo.ssl_ca_cert }, + { "ssl_cert", CF_QSTRING, NULL, 0, &ServerInfo.ssl_cert }, + { "ssl_dh_params", CF_QSTRING, NULL, 0, &ServerInfo.ssl_dh_params }, + { "ssld_count", CF_INT, NULL, 0, &ServerInfo.ssld_count }, + + { "default_max_clients",CF_INT, NULL, 0, &ServerInfo.default_max_clients }, { "\0", 0, NULL, 0, NULL } }; @@ -1914,7 +1944,6 @@ static struct ConfEntry conf_log_table[] = { "fname_foperlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_foperlog }, { "fname_serverlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_serverlog }, { "fname_killlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_killlog }, - { "fname_glinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_glinelog }, { "fname_klinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_klinelog }, { "fname_operspylog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_operspylog }, { "fname_ioerrorlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_ioerrorlog }, @@ -2012,10 +2041,6 @@ static struct ConfEntry conf_general_table[] = { "disable_auth", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_auth }, { "dots_in_ident", CF_INT, NULL, 0, &ConfigFileEntry.dots_in_ident }, { "failed_oper_notice", CF_YESNO, NULL, 0, &ConfigFileEntry.failed_oper_notice }, - { "glines", CF_YESNO, NULL, 0, &ConfigFileEntry.glines }, - { "gline_min_cidr", CF_INT, NULL, 0, &ConfigFileEntry.gline_min_cidr }, - { "gline_min_cidr6", CF_INT, NULL, 0, &ConfigFileEntry.gline_min_cidr6 }, - { "gline_time", CF_TIME, NULL, 0, &ConfigFileEntry.gline_time }, { "global_snotices", CF_YESNO, NULL, 0, &ConfigFileEntry.global_snotices }, { "hide_spoof_ips", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_spoof_ips }, { "dline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.dline_with_reason }, @@ -2099,6 +2124,7 @@ newconf_init() add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL); add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port); + add_conf_item("listen", "sslport", CF_INT | CF_FLIST, conf_set_listen_sslport); add_conf_item("listen", "ip", CF_QSTRING, conf_set_listen_address); add_conf_item("listen", "host", CF_QSTRING, conf_set_listen_address);