X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/a64c5173a79fe18b4d2ae28d824b785a888ddada..8e3b2b85c7221f2f9f1ca6d5e48880d521d2a1a3:/src/s_conf.c diff --git a/src/s_conf.c b/src/s_conf.c index cfa4cb2..bbe78c4 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -28,6 +28,7 @@ #include "ircd_defs.h" #include "s_conf.h" #include "s_newconf.h" +#include "newconf.h" #include "s_serv.h" #include "s_stats.h" #include "channel.h" @@ -35,8 +36,7 @@ #include "client.h" #include "common.h" #include "hash.h" -#include "irc_string.h" -#include "sprintf_irc.h" +#include "match.h" #include "ircd.h" #include "listener.h" #include "hostmask.h" @@ -47,11 +47,13 @@ #include "reject.h" #include "cache.h" #include "blacklist.h" +#include "privilege.h" #include "sslproc.h" +#include "bandbi.h" struct config_server_hide ConfigServerHide; -extern int yyparse(); /* defined in y.tab.c */ +extern int yyparse(void); /* defined in y.tab.c */ extern char linebuf[]; #ifndef INADDR_NONE @@ -258,7 +260,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern /* why ipaddr, and not just source_p->sockhost? --fl */ #if 0 static char ipaddr[HOSTIPLEN]; - inetntop_sock(&source_p->localClient->ip, ipaddr, sizeof(ipaddr)); + rb_inet_ntop_sock(&source_p->localClient->ip, ipaddr, sizeof(ipaddr)); #endif sendto_realops_snomask(SNO_UNAUTH, L_ALL, "Unauthorised client connection from " @@ -309,7 +311,8 @@ verify_access(struct Client *client_p, const char *username) aconf = find_address_conf(client_p->host, client_p->sockhost, client_p->username, client_p->username, (struct sockaddr *) &client_p->localClient->ip, - client_p->localClient->ip.ss_family); + client_p->localClient->ip.ss_family, + client_p->localClient->auth_user); } else { @@ -318,7 +321,8 @@ verify_access(struct Client *client_p, const char *username) aconf = find_address_conf(client_p->host, client_p->sockhost, non_ident, client_p->username, (struct sockaddr *) &client_p->localClient->ip, - client_p->localClient->ip.ss_family); + client_p->localClient->ip.ss_family, + client_p->localClient->auth_user); } if(aconf == NULL) @@ -396,32 +400,38 @@ static int add_ip_limit(struct Client *client_p, struct ConfItem *aconf) { rb_patricia_node_t *pnode; + int bitlen; /* If the limits are 0 don't do anything.. */ - if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0) + if(ConfCidrAmount(aconf) == 0 + || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0)) return -1; pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip); + if(GET_SS_FAMILY(&client_p->localClient->ip) == AF_INET) + bitlen = ConfCidrIpv4Bitlen(aconf); + else + bitlen = ConfCidrIpv6Bitlen(aconf); + if(pnode == NULL) - pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, ConfCidrBitlen(aconf)); + pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, bitlen); s_assert(pnode != NULL); if(pnode != NULL) { - if(((long) pnode->data) >= ConfCidrAmount(aconf) - && !IsConfExemptLimits(aconf)) + if(((intptr_t)pnode->data) >= ConfCidrAmount(aconf) && !IsConfExemptLimits(aconf)) { /* This should only happen if the limits are set to 0 */ - if((unsigned long) pnode->data == 0) + if((intptr_t)pnode->data == 0) { rb_patricia_remove(ConfIpLimits(aconf), pnode); } return (0); } - pnode->data++; + pnode->data = (void *)(((intptr_t)pnode->data) + 1); } return 1; } @@ -432,15 +442,16 @@ remove_ip_limit(struct Client *client_p, struct ConfItem *aconf) rb_patricia_node_t *pnode; /* If the limits are 0 don't do anything.. */ - if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0) + if(ConfCidrAmount(aconf) == 0 + || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0)) return; pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip); if(pnode == NULL) return; - pnode->data--; - if(((unsigned long) pnode->data) == 0) + pnode->data = (void *)(((intptr_t)pnode->data) - 1); + if(((intptr_t)pnode->data) == 0) { rb_patricia_remove(ConfIpLimits(aconf), pnode); } @@ -624,63 +635,10 @@ rehash(int sig) return (0); } -static struct banconf_entry -{ - const char **filename; - void (*func) (FILE *); - int perm; -} banconfs[] = { - { &ConfigFileEntry.klinefile, parse_k_file, 0 }, - { &ConfigFileEntry.klinefile, parse_k_file, 1 }, - { &ConfigFileEntry.dlinefile, parse_d_file, 0 }, - { &ConfigFileEntry.dlinefile, parse_d_file, 1 }, - { &ConfigFileEntry.xlinefile, parse_x_file, 0 }, - { &ConfigFileEntry.xlinefile, parse_x_file, 1 }, - { &ConfigFileEntry.resvfile, parse_resv_file,0 }, - { &ConfigFileEntry.resvfile, parse_resv_file,1 }, - { NULL, NULL, 0 } -}; - void rehash_bans(int sig) { - FILE *file; - char buf[MAXPATHLEN]; - int i; - - if(sig != 0) - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Got signal SIGUSR2, reloading ban confs"); - - clear_out_address_conf_bans(); - clear_s_newconf_bans(); - - for(i = 0; banconfs[i].filename; i++) - { - if(banconfs[i].perm) - snprintf(buf, sizeof(buf), "%s.perm", *banconfs[i].filename); - else - snprintf(buf, sizeof(buf), "%s", *banconfs[i].filename); - - if((file = fopen(buf, "r")) == NULL) - { - if(banconfs[i].perm) - continue; - - ilog(L_MAIN, "Failed reading ban file %s", - *banconfs[i].filename); - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Can't open %s file bans could be missing!", - *banconfs[i].filename); - } - else - { - (banconfs[i].func)(file); - fclose(file); - } - } - - check_banned_lines(); + bandb_rehash_bans(); } /* @@ -722,6 +680,7 @@ set_default_conf(void) ConfigFileEntry.default_operstring = rb_strdup("is an IRC operator"); ConfigFileEntry.default_adminstring = rb_strdup("is a Server Administrator"); + ConfigFileEntry.default_operhost = rb_strdup(""); ConfigFileEntry.servicestring = rb_strdup("is a Network Service"); ConfigFileEntry.default_umodes = UMODE_INVISIBLE; @@ -771,13 +730,13 @@ set_default_conf(void) ConfigFileEntry.hide_error_messages = 1; ConfigFileEntry.dots_in_ident = 0; ConfigFileEntry.max_targets = MAX_TARGETS_DEFAULT; - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); ConfigFileEntry.egdpool_path = NULL; ConfigFileEntry.use_whois_actually = YES; ConfigFileEntry.burst_away = NO; ConfigFileEntry.collision_fnc = YES; ConfigFileEntry.global_snotices = YES; ConfigFileEntry.operspy_dont_care_user_info = NO; + ConfigFileEntry.secret_channels_in_whois = NO; #ifdef HAVE_LIBZ ConfigFileEntry.compression_level = 4; @@ -788,15 +747,23 @@ set_default_conf(void) ConfigFileEntry.oper_only_umodes = UMODE_SERVNOTICE; ConfigFileEntry.oper_snomask = SNO_GENERAL; + ConfigChannel.autochanmodes = rb_strdup("nt"); + ConfigChannel.exemptchanops = rb_strdup(""); + ConfigChannel.use_halfop = YES; + ConfigChannel.use_owner = YES; ConfigChannel.use_except = YES; ConfigChannel.use_invex = YES; ConfigChannel.use_knock = YES; ConfigChannel.use_forward = YES; + ConfigChannel.use_local_channels = YES; ConfigChannel.knock_delay = 300; ConfigChannel.knock_delay_channel = 60; ConfigChannel.max_chans_per_user = 15; ConfigChannel.max_bans = 25; ConfigChannel.max_bans_large = 500; + ConfigChannel.only_ascii_channels = NO; + ConfigChannel.cycle_host_change = YES; + ConfigChannel.host_in_topic = YES; ConfigChannel.burst_topicwho = NO; ConfigChannel.kick_on_split_riding = NO; @@ -804,6 +771,16 @@ set_default_conf(void) ConfigChannel.default_split_server_count = 10; ConfigChannel.no_join_on_split = NO; ConfigChannel.no_create_on_split = YES; + ConfigChannel.resv_forcepart = YES; + ConfigChannel.kick_no_rejoin_time = 30; + + ConfigChannel.exempt_cmode_c = NO; + ConfigChannel.exempt_cmode_C = NO; + ConfigChannel.exempt_cmode_D = NO; + ConfigChannel.exempt_cmode_T = NO; + ConfigChannel.exempt_cmode_N = NO; + ConfigChannel.exempt_cmode_G = NO; + ConfigChannel.exempt_cmode_K = NO; ConfigServerHide.flatten_links = 0; ConfigServerHide.links_delay = 300; @@ -819,9 +796,14 @@ set_default_conf(void) ConfigFileEntry.reject_after_count = 5; ConfigFileEntry.reject_ban_time = 300; ConfigFileEntry.reject_duration = 120; - ConfigFileEntry.max_unknown_ip = 2; + ConfigFileEntry.throttle_count = 4; + ConfigFileEntry.throttle_duration = 60; + ConfigFileEntry.expire_override_time = 300; ServerInfo.default_max_clients = MAXCONNECTIONS; + + if (!alias_dict) + alias_dict = irc_dictionary_create(strcasecmp); } #undef YES @@ -845,6 +827,7 @@ read_conf(FILE * file) validate_conf(); /* Check to make sure some values are still okay. */ /* Some global values are also loaded here. */ check_class(); /* Make sure classes are valid */ + privilegeset_delete_all_illegal(); } static void @@ -856,9 +839,6 @@ validate_conf(void) if(ConfigFileEntry.ts_max_delta < TS_MAX_DELTA_MIN) ConfigFileEntry.ts_max_delta = TS_MAX_DELTA_DEFAULT; - if(ConfigFileEntry.servlink_path == NULL) - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); - if(ServerInfo.network_name == NULL) ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT); @@ -897,35 +877,52 @@ validate_conf(void) splitmode = 0; splitchecking = 0; } -} -/* - * lookup_confhost - start DNS lookups of all hostnames in the conf - * line and convert an IP addresses in a.b.c.d number for to IP#s. - * - */ - -/* - * conf_connect_allowed - * - * inputs - pointer to inaddr - * - int type ipv4 or ipv6 - * output - ban info or NULL - * side effects - none - */ -struct ConfItem * -conf_connect_allowed(struct sockaddr *addr, int aftype) -{ - struct ConfItem *aconf = find_dline(addr, aftype); + if(!valid_hostname(ConfigFileEntry.default_operhost)) + { + conf_report_error("Warning -- invalid default_operhost specified, ignoring."); + ConfigFileEntry.default_operhost = rb_strdup(""); + } - /* DLINE exempt also gets you out of static limits/pacing... */ - if(aconf && (aconf->status & CONF_EXEMPTDLINE)) - return NULL; + /* Parse the exemptchanops option and set the internal variables + * that we will use. */ + char * ech; - if(aconf != NULL) - return aconf; - - return NULL; + for(ech = ConfigChannel.exemptchanops; *ech; ech++) + { + if(*ech == 'c') + { + ConfigChannel.exempt_cmode_c = 1; + continue; + } + if(*ech == 'C') + { + ConfigChannel.exempt_cmode_C = 1; + continue; + } + if(*ech == 'D') + { + ConfigChannel.exempt_cmode_D = 1; + continue; + } + if(*ech == 'T') + { + ConfigChannel.exempt_cmode_T = 1; + continue; + } + if(*ech == 'N') + { + ConfigChannel.exempt_cmode_N = 1; + continue; + } + if(*ech == 'G') + { + ConfigChannel.exempt_cmode_G = 1; + continue; + } + if(*ech == 'K') + ConfigChannel.exempt_cmode_K = 1; + } } /* add_temp_kline() @@ -960,7 +957,7 @@ add_temp_kline(struct ConfItem *aconf) } aconf->flags |= CONF_FLAGS_TEMPORARY; - add_conf_by_address(aconf->host, CONF_KILL, aconf->user, aconf); + add_conf_by_address(aconf->host, CONF_KILL, aconf->user, NULL, aconf); } /* add_temp_dline() @@ -994,7 +991,7 @@ add_temp_dline(struct ConfItem *aconf) } aconf->flags |= CONF_FLAGS_TEMPORARY; - add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, aconf); + add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, NULL, aconf); } /* expire_tkline() @@ -1154,7 +1151,7 @@ read_conf_files(int cold) conf_fbfile_in = NULL; - filename = get_conf_name(CONF_TYPE); + filename = ConfigFileEntry.configfile; /* We need to know the initial filename for the yyerror() to report FIXME: The full path is in conffilenamebuf first time since we @@ -1262,8 +1259,8 @@ clear_out_old_conf(void) */ /* clean out general */ - rb_free(ConfigFileEntry.servlink_path); - ConfigFileEntry.servlink_path = NULL; + rb_free(ConfigFileEntry.kline_reason); + ConfigFileEntry.kline_reason = NULL; RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head) { @@ -1272,170 +1269,19 @@ clear_out_old_conf(void) } /* remove any aliases... -- nenolod */ - irc_dictionary_destroy(alias_dict, free_alias_cb, NULL); - alias_dict = NULL; - - destroy_blacklists(); - - /* OK, that should be everything... */ -} - - -/* write_confitem() - * - * inputs - kline, dline or resv type flag - * - client pointer to report to - * - user name of target - * - host name of target - * - reason for target - * - time string - * - type of xline - * output - NONE - * side effects - This function takes care of finding the right conf - * file and adding the line to it, as well as notifying - * opers and the user. - */ -void -write_confitem(KlineType type, struct Client *source_p, char *user, - char *host, const char *reason, const char *oper_reason, - const char *current_date, int xtype) -{ - char buffer[1024]; - FILE *out; - const char *filename; /* filename to use for kline */ - - filename = get_conf_name(type); - - if(type == KLINE_TYPE) - { - if(EmptyString(oper_reason)) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added K-Line for [%s@%s] [%s]", - get_oper_name(source_p), user, - host, reason); - ilog(L_KLINE, "K %s 0 %s %s %s", - get_oper_name(source_p), user, host, reason); - } - else - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added K-Line for [%s@%s] [%s|%s]", - get_oper_name(source_p), user, - host, reason, oper_reason); - ilog(L_KLINE, "K %s 0 %s %s %s|%s", - get_oper_name(source_p), user, host, - reason, oper_reason); - } - - sendto_one_notice(source_p, ":Added K-Line [%s@%s]", - user, host); - } - else if(type == DLINE_TYPE) - { - if(EmptyString(oper_reason)) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added D-Line for [%s] [%s]", - get_oper_name(source_p), host, reason); - ilog(L_KLINE, "D %s 0 %s %s", - get_oper_name(source_p), host, reason); - } - else - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added D-Line for [%s] [%s|%s]", - get_oper_name(source_p), host, - reason, oper_reason); - ilog(L_KLINE, "D %s 0 %s %s|%s", - get_oper_name(source_p), host, - reason, oper_reason); - } - - sendto_one_notice(source_p, ":Added D-Line [%s] to %s", host, filename); - - } - else if(type == RESV_TYPE) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added RESV for [%s] [%s]", - get_oper_name(source_p), host, reason); - ilog(L_KLINE, "R %s 0 %s %s", - get_oper_name(source_p), host, reason); - - sendto_one_notice(source_p, ":Added RESV for [%s] [%s]", - host, reason); - } - - if((out = fopen(filename, "a")) == NULL) + if (alias_dict != NULL) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "*** Problem opening %s ", filename); - sendto_one_notice(source_p, ":*** Problem opening file, added temporarily only"); - return; + irc_dictionary_destroy(alias_dict, free_alias_cb, NULL); + alias_dict = NULL; } - if(oper_reason == NULL) - oper_reason = ""; - - if(type == KLINE_TYPE) - { - rb_snprintf(buffer, sizeof(buffer), - "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n", - user, host, reason, oper_reason, current_date, - get_oper_name(source_p), (long int)rb_current_time()); - } - else if(type == DLINE_TYPE) - { - rb_snprintf(buffer, sizeof(buffer), - "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n", host, - reason, oper_reason, current_date, get_oper_name(source_p), (long int)rb_current_time()); - } - else if(type == RESV_TYPE) - { - rb_snprintf(buffer, sizeof(buffer), "\"%s\",\"%s\",\"%s\",%ld\n", - host, reason, get_oper_name(source_p), (long int)rb_current_time()); - } + destroy_blacklists(); - if(fputs(buffer, out) == -1) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "*** Problem writing to %s", filename); - sendto_one_notice(source_p, ":*** Problem writing to file, added temporarily only"); - fclose(out); - return; - } + privilegeset_mark_all_illegal(); - if (fclose(out)) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "*** Problem writing to %s", filename); - sendto_one_notice(source_p, ":*** Problem writing to file, added temporarily only"); - return; - } + /* OK, that should be everything... */ } -/* get_conf_name - * - * inputs - type of conf file to return name of file for - * output - pointer to filename for type of conf - * side effects - none - */ -const char * -get_conf_name(KlineType type) -{ - if(type == CONF_TYPE) - { - return (ConfigFileEntry.configfile); - } - else if(type == DLINE_TYPE) - { - return (ConfigFileEntry.dlinefile); - } - else if(type == RESV_TYPE) - { - return (ConfigFileEntry.resvfile); - } - - return ConfigFileEntry.klinefile; -} /* * conf_add_class_to_conf @@ -1460,8 +1306,8 @@ conf_add_class_to_conf(struct ConfItem *aconf) { if(aconf->status == CONF_CLIENT) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Warning -- Using default class for missing class \"%s\" in auth{} for %s@%s", + conf_report_error( + "Using default class for missing class \"%s\" in auth{} for %s@%s", aconf->className, aconf->user, aconf->host); } @@ -1504,10 +1350,28 @@ conf_add_d_conf(struct ConfItem *aconf) } else { - add_conf_by_address(aconf->host, CONF_DLINE, NULL, aconf); + add_conf_by_address(aconf->host, CONF_DLINE, NULL, NULL, aconf); } } +static char * +strip_tabs(char *dest, const char *src, size_t len) +{ + char *d = dest; + + if(dest == NULL || src == NULL) + return NULL; + + rb_strlcpy(dest, src, len); + + while(*d) + { + if(*d == '\t') + *d = ' '; + d++; + } + return dest; +} /* * yyerror @@ -1521,12 +1385,12 @@ yyerror(const char *msg) { char newlinebuf[BUFSIZE]; - strip_tabs(newlinebuf, (const unsigned char *) linebuf, strlen(linebuf)); + strip_tabs(newlinebuf, linebuf, strlen(linebuf)); + ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); - ilog(L_MAIN, "\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); } int