X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/d3455e2c7e2f9040e1b7628d9cf52b26a24dcefc..3aa4e417b9c71f99f573ba298efbf208148cfad5:/src/s_conf.c diff --git a/src/s_conf.c b/src/s_conf.c index 47141e8..47d8034 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -28,6 +28,7 @@ #include "ircd_defs.h" #include "s_conf.h" #include "s_newconf.h" +#include "newconf.h" #include "s_serv.h" #include "s_stats.h" #include "channel.h" @@ -35,8 +36,7 @@ #include "client.h" #include "common.h" #include "hash.h" -#include "irc_string.h" -#include "sprintf_irc.h" +#include "match.h" #include "ircd.h" #include "listener.h" #include "hostmask.h" @@ -44,14 +44,15 @@ #include "numeric.h" #include "logger.h" #include "send.h" -#include "s_gline.h" #include "reject.h" #include "cache.h" #include "blacklist.h" +#include "privilege.h" +#include "sslproc.h" struct config_server_hide ConfigServerHide; -extern int yyparse(); /* defined in y.tab.c */ +extern int yyparse(void); /* defined in y.tab.c */ extern char linebuf[]; #ifndef INADDR_NONE @@ -194,7 +195,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost); - ServerStats->is_ref++; + ServerStats.is_ref++; exit_client(client_p, source_p, &me, "Too many host connections (local)"); break; @@ -208,7 +209,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost); - ServerStats->is_ref++; + ServerStats.is_ref++; exit_client(client_p, source_p, &me, "Too many host connections (global)"); break; @@ -222,7 +223,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost); - ServerStats->is_ref++; + ServerStats.is_ref++; exit_client(client_p, source_p, &me, "Too many user connections (global)"); break; @@ -237,7 +238,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost); - ServerStats->is_ref++; + ServerStats.is_ref++; exit_client(client_p, source_p, &me, "No more connections allowed in your connection class"); break; @@ -245,20 +246,20 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern case NOT_AUTHORISED: { int port = -1; -#ifdef IPV6 +#ifdef RB_IPV6 if(source_p->localClient->ip.ss_family == AF_INET6) port = ntohs(((struct sockaddr_in6 *)&source_p->localClient->listener->addr)->sin6_port); else #endif port = ntohs(((struct sockaddr_in *)&source_p->localClient->listener->addr)->sin_port); - ServerStats->is_ref++; + ServerStats.is_ref++; /* jdc - lists server name & port connections are on */ /* a purely cosmetical change */ /* why ipaddr, and not just source_p->sockhost? --fl */ #if 0 static char ipaddr[HOSTIPLEN]; - inetntop_sock(&source_p->localClient->ip, ipaddr, sizeof(ipaddr)); + rb_inet_ntop_sock(&source_p->localClient->ip, ipaddr, sizeof(ipaddr)); #endif sendto_realops_snomask(SNO_UNAUTH, L_ALL, "Unauthorised client connection from " @@ -280,7 +281,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern } case BANNED_CLIENT: exit_client(client_p, client_p, &me, "*** Banned "); - ServerStats->is_ref++; + ServerStats.is_ref++; break; case 0: @@ -309,16 +310,18 @@ verify_access(struct Client *client_p, const char *username) aconf = find_address_conf(client_p->host, client_p->sockhost, client_p->username, client_p->username, (struct sockaddr *) &client_p->localClient->ip, - client_p->localClient->ip.ss_family); + client_p->localClient->ip.ss_family, + client_p->localClient->auth_user); } else { - strlcpy(non_ident, "~", sizeof(non_ident)); - strlcat(non_ident, username, sizeof(non_ident)); + rb_strlcpy(non_ident, "~", sizeof(non_ident)); + rb_strlcat(non_ident, username, sizeof(non_ident)); aconf = find_address_conf(client_p->host, client_p->sockhost, non_ident, client_p->username, (struct sockaddr *) &client_p->localClient->ip, - client_p->localClient->ip.ss_family); + client_p->localClient->ip.ss_family, + client_p->localClient->auth_user); } if(aconf == NULL) @@ -356,14 +359,14 @@ verify_access(struct Client *client_p, const char *username) char *host = p+1; *p = '\0'; - strlcpy(client_p->username, aconf->name, + rb_strlcpy(client_p->username, aconf->name, sizeof(client_p->username)); - strlcpy(client_p->host, host, + rb_strlcpy(client_p->host, host, sizeof(client_p->host)); *p = '@'; } else - strlcpy(client_p->host, aconf->name, sizeof(client_p->host)); + rb_strlcpy(client_p->host, aconf->name, sizeof(client_p->host)); } return (attach_iline(client_p, aconf)); } @@ -378,18 +381,6 @@ verify_access(struct Client *client_p, const char *username) add_reject(client_p, aconf->user, aconf->host); return (BANNED_CLIENT); } - else if(aconf->status & CONF_GLINE) - { - sendto_one_notice(client_p, ":*** G-lined"); - - if(ConfigFileEntry.kline_with_reason) - sendto_one(client_p, - form_str(ERR_YOUREBANNEDCREEP), - me.name, client_p->name, aconf->passwd); - - add_reject(client_p, aconf->user, aconf->host); - return (BANNED_CLIENT); - } return NOT_AUTHORISED; } @@ -408,32 +399,38 @@ static int add_ip_limit(struct Client *client_p, struct ConfItem *aconf) { rb_patricia_node_t *pnode; + int bitlen; /* If the limits are 0 don't do anything.. */ - if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0) + if(ConfCidrAmount(aconf) == 0 + || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0)) return -1; pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip); + if(GET_SS_FAMILY(&client_p->localClient->ip) == AF_INET) + bitlen = ConfCidrIpv4Bitlen(aconf); + else + bitlen = ConfCidrIpv6Bitlen(aconf); + if(pnode == NULL) - pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, ConfCidrBitlen(aconf)); + pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, bitlen); s_assert(pnode != NULL); if(pnode != NULL) { - if(((long) pnode->data) >= ConfCidrAmount(aconf) - && !IsConfExemptLimits(aconf)) + if(((intptr_t)pnode->data) >= ConfCidrAmount(aconf) && !IsConfExemptLimits(aconf)) { /* This should only happen if the limits are set to 0 */ - if((unsigned long) pnode->data == 0) + if((intptr_t)pnode->data == 0) { rb_patricia_remove(ConfIpLimits(aconf), pnode); } return (0); } - pnode->data++; + pnode->data = (void *)(((intptr_t)pnode->data) + 1); } return 1; } @@ -444,15 +441,16 @@ remove_ip_limit(struct Client *client_p, struct ConfItem *aconf) rb_patricia_node_t *pnode; /* If the limits are 0 don't do anything.. */ - if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0) + if(ConfCidrAmount(aconf) == 0 + || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0)) return; pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip); if(pnode == NULL) return; - pnode->data--; - if(((unsigned long) pnode->data) == 0) + pnode->data = (void *)(((intptr_t)pnode->data) - 1); + if(((intptr_t)pnode->data) == 0) { rb_patricia_remove(ConfIpLimits(aconf), pnode); } @@ -628,9 +626,9 @@ rehash(int sig) read_conf_files(NO); if(ServerInfo.description != NULL) - strlcpy(me.info, ServerInfo.description, sizeof(me.info)); + rb_strlcpy(me.info, ServerInfo.description, sizeof(me.info)); else - strlcpy(me.info, "unknown", sizeof(me.info)); + rb_strlcpy(me.info, "unknown", sizeof(me.info)); open_logfiles(); return (0); @@ -721,7 +719,7 @@ set_default_conf(void) memset(&ServerInfo.ip, 0, sizeof(ServerInfo.ip)); ServerInfo.specific_ipv4_vhost = 0; -#ifdef IPV6 +#ifdef RB_IPV6 memset(&ServerInfo.ip6, 0, sizeof(ServerInfo.ip6)); ServerInfo.specific_ipv6_vhost = 0; #endif @@ -775,20 +773,14 @@ set_default_conf(void) ConfigFileEntry.fname_operlog = NULL; ConfigFileEntry.fname_foperlog = NULL; ConfigFileEntry.fname_serverlog = NULL; - ConfigFileEntry.fname_glinelog = NULL; ConfigFileEntry.fname_klinelog = NULL; ConfigFileEntry.fname_operspylog = NULL; ConfigFileEntry.fname_ioerrorlog = NULL; - ConfigFileEntry.glines = NO; ConfigFileEntry.use_egd = NO; - ConfigFileEntry.gline_time = 12 * 3600; - ConfigFileEntry.gline_min_cidr = 16; - ConfigFileEntry.gline_min_cidr6 = 48; ConfigFileEntry.hide_spoof_ips = YES; ConfigFileEntry.hide_error_messages = 1; ConfigFileEntry.dots_in_ident = 0; ConfigFileEntry.max_targets = MAX_TARGETS_DEFAULT; - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); ConfigFileEntry.egdpool_path = NULL; ConfigFileEntry.use_whois_actually = YES; ConfigFileEntry.burst_away = NO; @@ -814,6 +806,7 @@ set_default_conf(void) ConfigChannel.max_chans_per_user = 15; ConfigChannel.max_bans = 25; ConfigChannel.max_bans_large = 500; + ConfigChannel.only_ascii_channels = NO; ConfigChannel.burst_topicwho = NO; ConfigChannel.kick_on_split_riding = NO; @@ -821,6 +814,7 @@ set_default_conf(void) ConfigChannel.default_split_server_count = 10; ConfigChannel.no_join_on_split = NO; ConfigChannel.no_create_on_split = YES; + ConfigChannel.resv_forcepart = YES; ConfigServerHide.flatten_links = 0; ConfigServerHide.links_delay = 300; @@ -836,9 +830,13 @@ set_default_conf(void) ConfigFileEntry.reject_after_count = 5; ConfigFileEntry.reject_ban_time = 300; ConfigFileEntry.reject_duration = 120; - ConfigFileEntry.max_unknown_ip = 2; + ConfigFileEntry.throttle_count = 4; + ConfigFileEntry.throttle_duration = 60; + + ServerInfo.default_max_clients = MAXCONNECTIONS; - ServerInfo.max_clients = maxconnections - MAX_BUFFER; + if (!alias_dict) + alias_dict = irc_dictionary_create(strcasecmp); } #undef YES @@ -862,6 +860,7 @@ read_conf(FILE * file) validate_conf(); /* Check to make sure some values are still okay. */ /* Some global values are also loaded here. */ check_class(); /* Make sure classes are valid */ + privilegeset_delete_all_illegal(); } static void @@ -873,15 +872,32 @@ validate_conf(void) if(ConfigFileEntry.ts_max_delta < TS_MAX_DELTA_MIN) ConfigFileEntry.ts_max_delta = TS_MAX_DELTA_DEFAULT; - if(ConfigFileEntry.servlink_path == NULL) - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); - if(ServerInfo.network_name == NULL) ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT); if(ServerInfo.network_desc == NULL) ServerInfo.network_desc = rb_strdup(NETWORK_DESC_DEFAULT); + if(ServerInfo.ssld_count < 1) + ServerInfo.ssld_count = 1; + + if(!rb_setup_ssl_server(ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params)) + { + ilog(L_MAIN, "WARNING: Unable to setup SSL."); + ssl_ok = 0; + } else { + ssl_ok = 1; + send_new_ssl_certs(ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params); + } + + if(ServerInfo.ssld_count > get_ssld_count()) + { + int start = ServerInfo.ssld_count - get_ssld_count(); + /* start up additional ssld if needed */ + start_ssldaemon(start, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params); + + } + if((ConfigFileEntry.client_flood < CLIENT_FLOOD_MIN) || (ConfigFileEntry.client_flood > CLIENT_FLOOD_MAX)) ConfigFileEntry.client_flood = CLIENT_FLOOD_MAX; @@ -896,35 +912,6 @@ validate_conf(void) } } -/* - * lookup_confhost - start DNS lookups of all hostnames in the conf - * line and convert an IP addresses in a.b.c.d number for to IP#s. - * - */ - -/* - * conf_connect_allowed - * - * inputs - pointer to inaddr - * - int type ipv4 or ipv6 - * output - ban info or NULL - * side effects - none - */ -struct ConfItem * -conf_connect_allowed(struct sockaddr *addr, int aftype) -{ - struct ConfItem *aconf = find_dline(addr, aftype); - - /* DLINE exempt also gets you out of static limits/pacing... */ - if(aconf && (aconf->status & CONF_EXEMPTDLINE)) - return NULL; - - if(aconf != NULL) - return aconf; - - return NULL; -} - /* add_temp_kline() * * inputs - pointer to struct ConfItem @@ -957,7 +944,7 @@ add_temp_kline(struct ConfItem *aconf) } aconf->flags |= CONF_FLAGS_TEMPORARY; - add_conf_by_address(aconf->host, CONF_KILL, aconf->user, aconf); + add_conf_by_address(aconf->host, CONF_KILL, aconf->user, NULL, aconf); } /* add_temp_dline() @@ -991,7 +978,7 @@ add_temp_dline(struct ConfItem *aconf) } aconf->flags |= CONF_FLAGS_TEMPORARY; - add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, aconf); + add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, NULL, aconf); } /* expire_tkline() @@ -1159,7 +1146,7 @@ read_conf_files(int cold) - Gozem 2002-07-21 */ - strlcpy(conffilebuf, filename, sizeof(conffilebuf)); + rb_strlcpy(conffilebuf, filename, sizeof(conffilebuf)); if((conf_fbfile_in = fopen(filename, "r")) == NULL) { @@ -1240,6 +1227,8 @@ clear_out_old_conf(void) rb_free(ServerInfo.network_desc); ServerInfo.network_desc = NULL; + ServerInfo.ssld_count = 1; + /* clean out AdminInfo */ rb_free(AdminInfo.name); AdminInfo.name = NULL; @@ -1257,8 +1246,8 @@ clear_out_old_conf(void) */ /* clean out general */ - rb_free(ConfigFileEntry.servlink_path); - ConfigFileEntry.servlink_path = NULL; + rb_free(ConfigFileEntry.kline_reason); + ConfigFileEntry.kline_reason = NULL; RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head) { @@ -1272,6 +1261,8 @@ clear_out_old_conf(void) destroy_blacklists(); + privilegeset_mark_all_illegal(); + /* OK, that should be everything... */ } @@ -1377,18 +1368,18 @@ write_confitem(KlineType type, struct Client *source_p, char *user, rb_snprintf(buffer, sizeof(buffer), "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n", user, host, reason, oper_reason, current_date, - get_oper_name(source_p), rb_current_time()); + get_oper_name(source_p), (long int)rb_current_time()); } else if(type == DLINE_TYPE) { rb_snprintf(buffer, sizeof(buffer), "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n", host, - reason, oper_reason, current_date, get_oper_name(source_p), rb_current_time()); + reason, oper_reason, current_date, get_oper_name(source_p), (long int)rb_current_time()); } else if(type == RESV_TYPE) { rb_snprintf(buffer, sizeof(buffer), "\"%s\",\"%s\",\"%s\",%ld\n", - host, reason, get_oper_name(source_p), rb_current_time()); + host, reason, get_oper_name(source_p), (long int)rb_current_time()); } if(fputs(buffer, out) == -1) @@ -1455,8 +1446,8 @@ conf_add_class_to_conf(struct ConfItem *aconf) { if(aconf->status == CONF_CLIENT) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Warning -- Using default class for missing class \"%s\" in auth{} for %s@%s", + conf_report_error( + "Using default class for missing class \"%s\" in auth{} for %s@%s", aconf->className, aconf->user, aconf->host); } @@ -1499,10 +1490,28 @@ conf_add_d_conf(struct ConfItem *aconf) } else { - add_conf_by_address(aconf->host, CONF_DLINE, NULL, aconf); + add_conf_by_address(aconf->host, CONF_DLINE, NULL, NULL, aconf); } } +static char * +strip_tabs(char *dest, const char *src, size_t len) +{ + char *d = dest; + + if(dest == NULL || src == NULL) + return NULL; + + rb_strlcpy(dest, src, len); + + while(*d) + { + if(*d == '\t') + *d = ' '; + d++; + } + return dest; +} /* * yyerror @@ -1516,12 +1525,12 @@ yyerror(const char *msg) { char newlinebuf[BUFSIZE]; - strip_tabs(newlinebuf, (const unsigned char *) linebuf, strlen(linebuf)); + strip_tabs(newlinebuf, linebuf, strlen(linebuf)); + ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); - ilog(L_MAIN, "\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); } int