#include "newconf.h"
#include "ircd_defs.h"
-#include "sprintf_irc.h"
#include "common.h"
#include "logger.h"
#include "s_conf.h"
#include "ircd.h"
#include "snomask.h"
#include "blacklist.h"
+#include "sslproc.h"
#define CF_TYPE(x) ((x) & CF_MTYPE)
static void
conf_set_serverinfo_vhost(void *data)
{
- if(inetpton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0)
+ if(rb_inet_pton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0)
{
conf_report_error("Invalid netmask for server IPv4 vhost (%s)", (char *) data);
return;
conf_set_serverinfo_vhost6(void *data)
{
#ifdef RB_IPV6
- if(inetpton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0)
+ if(rb_inet_pton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0)
{
conf_report_error("Invalid netmask for server IPv6 vhost (%s)", (char *) data);
return;
{"remote", OPER_REMOTE },
{"kline", OPER_KLINE },
{"unkline", OPER_UNKLINE },
- {"gline", OPER_GLINE },
{"nick_changes", OPER_NICKS },
{"rehash", OPER_REHASH },
{"die", OPER_DIE },
{"exceed_limit", CONF_FLAGS_NOLIMIT },
{"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL },
{"kline_exempt", CONF_FLAGS_EXEMPTKLINE },
- {"gline_exempt", CONF_FLAGS_EXEMPTGLINE },
{"flood_exempt", CONF_FLAGS_EXEMPTFLOOD },
{"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT },
{"shide_exempt", CONF_FLAGS_EXEMPTSHIDE },
{ "compressed", SERVER_COMPRESSED },
{ "encrypted", SERVER_ENCRYPTED },
{ "topicburst", SERVER_TB },
+ { "ssl", SERVER_SSL },
{ NULL, 0 },
};
{ "kline", SHARED_PKLINE|SHARED_TKLINE },
{ "xline", SHARED_PXLINE|SHARED_TXLINE },
{ "resv", SHARED_PRESV|SHARED_TRESV },
+ { "dline", SHARED_PDLINE|SHARED_TDLINE },
+ { "tdline", SHARED_TDLINE },
+ { "pdline", SHARED_PDLINE },
+ { "undline", SHARED_UNDLINE },
{ "tkline", SHARED_TKLINE },
{ "unkline", SHARED_UNKLINE },
{ "txline", SHARED_TXLINE },
return 0;
}
+
+
static void
-conf_set_listen_port(void *data)
+conf_set_listen_port_both(void *data, int ssl)
{
conf_parm_t *args = data;
for (; args; args = args->next)
}
if(listener_address == NULL)
{
- add_listener(args->v.number, listener_address, AF_INET);
+ add_listener(args->v.number, listener_address, AF_INET, ssl);
#ifdef RB_IPV6
- add_listener(args->v.number, listener_address, AF_INET6);
+ add_listener(args->v.number, listener_address, AF_INET6, ssl);
#endif
}
else
#endif
family = AF_INET;
- add_listener(args->v.number, listener_address, family);
+ add_listener(args->v.number, listener_address, family, ssl);
}
}
}
+static void
+conf_set_listen_port(void *data)
+{
+ conf_set_listen_port_both(data, 0);
+}
+
+static void
+conf_set_listen_sslport(void *data)
+{
+ conf_set_listen_port_both(data, 1);
+}
+
static void
conf_set_listen_address(void *data)
{
yy_server->flags &= ~SERVER_COMPRESSED;
}
#endif
+ if(ServerConfCompressed(yy_server) && ServerConfSSL(yy_server))
+ {
+ conf_report_error("Ignoring compressed for connect block %s -- "
+ "ssl and compressed are mutually exclusive (OpenSSL does its own compression)",
+ yy_server->name);
+ yy_server->flags &= ~SERVER_COMPRESSED;
+ }
add_server_conf(yy_server);
rb_dlinkAdd(yy_server, &yy_server->node, &server_conf_list);
static void
conf_set_connect_vhost(void *data)
{
- if(inetpton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0)
+ if(rb_inet_pton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0)
{
conf_report_error("Invalid netmask for server vhost (%s)",
(char *) data);
{ "vhost", CF_QSTRING, conf_set_serverinfo_vhost, 0, NULL },
{ "vhost6", CF_QSTRING, conf_set_serverinfo_vhost6, 0, NULL },
+ { "ssl_private_key", CF_QSTRING, NULL, 0, &ServerInfo.ssl_private_key },
+ { "ssl_ca_cert", CF_QSTRING, NULL, 0, &ServerInfo.ssl_ca_cert },
+ { "ssl_cert", CF_QSTRING, NULL, 0, &ServerInfo.ssl_cert },
+ { "ssl_dh_params", CF_QSTRING, NULL, 0, &ServerInfo.ssl_dh_params },
+ { "ssld_count", CF_INT, NULL, 0, &ServerInfo.ssld_count },
+
{ "default_max_clients",CF_INT, NULL, 0, &ServerInfo.default_max_clients },
{ "\0", 0, NULL, 0, NULL }
{ "fname_foperlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_foperlog },
{ "fname_serverlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_serverlog },
{ "fname_killlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_killlog },
- { "fname_glinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_glinelog },
{ "fname_klinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_klinelog },
{ "fname_operspylog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_operspylog },
{ "fname_ioerrorlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_ioerrorlog },
{ "disable_auth", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_auth },
{ "dots_in_ident", CF_INT, NULL, 0, &ConfigFileEntry.dots_in_ident },
{ "failed_oper_notice", CF_YESNO, NULL, 0, &ConfigFileEntry.failed_oper_notice },
- { "glines", CF_YESNO, NULL, 0, &ConfigFileEntry.glines },
- { "gline_min_cidr", CF_INT, NULL, 0, &ConfigFileEntry.gline_min_cidr },
- { "gline_min_cidr6", CF_INT, NULL, 0, &ConfigFileEntry.gline_min_cidr6 },
- { "gline_time", CF_TIME, NULL, 0, &ConfigFileEntry.gline_time },
{ "global_snotices", CF_YESNO, NULL, 0, &ConfigFileEntry.global_snotices },
{ "hide_spoof_ips", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_spoof_ips },
{ "dline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.dline_with_reason },
add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL);
add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port);
+ add_conf_item("listen", "sslport", CF_INT | CF_FLIST, conf_set_listen_sslport);
add_conf_item("listen", "ip", CF_QSTRING, conf_set_listen_address);
add_conf_item("listen", "host", CF_QSTRING, conf_set_listen_address);