#include "stdinc.h"
#include "ircd_defs.h"
#include "s_conf.h"
+#include "s_user.h"
#include "s_newconf.h"
#include "newconf.h"
#include "s_serv.h"
static rb_bh *confitem_heap = NULL;
-rb_dlink_list prop_bans;
-
rb_dlink_list temp_klines[LAST_TEMP_TYPE];
rb_dlink_list temp_dlines[LAST_TEMP_TYPE];
rb_dlink_list service_list;
+rb_dictionary *prop_bans_dict;
+
/* internally defined functions */
static void set_default_conf(void);
static void validate_conf(void);
static void read_conf(void);
static void clear_out_old_conf(void);
-static void expire_prop_bans(void *list);
+static void expire_prop_bans(void *);
static void expire_temp_kd(void *list);
static void reorganise_temp_kd(void *list);
+static int cmp_prop_ban(const void *, const void *);
+
FILE *conf_fbfile_in;
extern char yytext[];
init_s_conf(void)
{
confitem_heap = rb_bh_create(sizeof(struct ConfItem), CONFITEM_HEAP_SIZE, "confitem_heap");
+ prop_bans_dict = rb_dictionary_create("prop_bans", cmp_prop_ban);
- rb_event_addish("expire_prop_bans", expire_prop_bans, &prop_bans, 60);
+ rb_event_addish("expire_prop_bans", expire_prop_bans, NULL, 60);
rb_event_addish("expire_temp_klines", expire_temp_kd, &temp_klines[TEMP_MIN], 60);
rb_event_addish("expire_temp_dlines", expire_temp_kd, &temp_dlines[TEMP_MIN], 60);
rb_free(aconf->className);
rb_free(aconf->user);
rb_free(aconf->host);
+ rb_free(aconf->desc);
if(IsConfBan(aconf))
operhash_delete(aconf->info.oper);
* see the IP, we still cannot send it.
*/
sendto_realops_snomask(SNO_FULL, L_NETWIDE,
- "Too many local connections for %s!%s%s@%s",
+ "Too many local connections for %s[%s%s@%s] [%s]",
source_p->name, IsGotId(source_p) ? "" : "~",
- source_p->username,
- show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : source_p->host);
+ source_p->username, source_p->host,
+ show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : "0");
ilog(L_FUSER, "Too many local connections from %s!%s%s@%s",
source_p->name, IsGotId(source_p) ? "" : "~",
case TOO_MANY_GLOBAL:
sendto_realops_snomask(SNO_FULL, L_NETWIDE,
- "Too many global connections for %s!%s%s@%s",
+ "Too many global connections for %s[%s%s@%s] [%s]",
source_p->name, IsGotId(source_p) ? "" : "~",
- source_p->username,
- show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : source_p->host);
+ source_p->username, source_p->host,
+ show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : "0");
ilog(L_FUSER, "Too many global connections from %s!%s%s@%s",
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->sockhost);
case TOO_MANY_IDENT:
sendto_realops_snomask(SNO_FULL, L_NETWIDE,
- "Too many user connections for %s!%s%s@%s",
+ "Too many user connections for %s[%s%s@%s] [%s]",
source_p->name, IsGotId(source_p) ? "" : "~",
- source_p->username,
- show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : source_p->host);
+ source_p->username, source_p->host,
+ show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : "0");
ilog(L_FUSER, "Too many user connections from %s!%s%s@%s",
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->sockhost);
case I_LINE_FULL:
sendto_realops_snomask(SNO_FULL, L_NETWIDE,
- "I-line is full for %s!%s%s@%s (%s).",
+ "I-line is full for %s[%s%s@%s] [%s]",
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->host,
- show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : "255.255.255.255");
+ show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : "0");
ilog(L_FUSER, "Too many connections from %s!%s%s@%s.",
source_p->name, IsGotId(source_p) ? "" : "~",
static char ipaddr[HOSTIPLEN];
rb_inet_ntop_sock(&source_p->localClient->ip, ipaddr, sizeof(ipaddr));
#endif
- sendto_realops_snomask(SNO_UNAUTH, L_ALL,
+ sendto_realops_snomask(SNO_UNAUTH, L_NETWIDE,
"Unauthorised client connection from "
"%s!%s%s@%s [%s] on [%s/%u].",
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->sockhost,
source_p->localClient->listener->name, port);
- add_reject(client_p, NULL, NULL);
- exit_client(client_p, source_p, &me,
- "You are not authorised to use this server");
+ add_reject(client_p, NULL, NULL, NULL, "You are not authorised to use this server.");
+ exit_client(client_p, source_p, &me, "You are not authorised to use this server.");
break;
}
case BANNED_CLIENT:
if(IsConfSpoofNotice(aconf))
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"%s spoofing: %s as %s",
client_p->name,
show_ip(NULL, client_p) ? client_p->host : aconf->info.name,
form_str(ERR_YOUREBANNEDCREEP),
me.name, client_p->name,
get_user_ban_reason(aconf));
- add_reject(client_p, aconf->user, aconf->host);
+
+ sendto_realops_snomask(SNO_BANNED, L_NETWIDE,
+ "Rejecting K-Lined user %s [%s] (%s@%s)", get_client_name(client_p, HIDE_IP),
+ show_ip(NULL, client_p) ? client_p->sockhost : "255.255.255.255", aconf->user, aconf->host);
+ add_reject(client_p, aconf->user, aconf->host, aconf, NULL);
return (BANNED_CLIENT);
}
return (attach_conf(client_p, aconf));
}
+/*
+ * deref_conf
+ *
+ * inputs - ConfItem that is referenced by something other than a client
+ * side effects - Decrement and free ConfItem if appropriate
+ */
+void
+deref_conf(struct ConfItem *aconf)
+{
+ aconf->clients--;
+ if(!aconf->clients && IsIllegal(aconf) && !lookup_prop_ban(aconf))
+ free_conf(aconf);
+}
+
/*
* detach_conf
*
bool
rehash(bool sig)
{
+ rb_dlink_node *n;
+
hook_data_rehash hdata = { sig };
if(sig)
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Got signal SIGHUP, reloading ircd conf. file");
rehash_authd();
+ privilegeset_prepare_rehash();
+
/* don't close listeners until we know we can go ahead with the rehash */
read_conf_files(false);
open_logfiles();
+ RB_DLINK_FOREACH(n, local_oper_list.head)
+ {
+ struct Client *oper = n->data;
+ struct PrivilegeSet *privset = oper->user->privset;
+ report_priv_change(oper, privset ? privset->shadow : NULL, privset);
+ }
+
+ privilegeset_cleanup_rehash();
+
call_hook(h_rehash, &hdata);
return false;
}
ConfigFileEntry.stats_e_disabled = false;
ConfigFileEntry.stats_o_oper_only = false;
ConfigFileEntry.stats_k_oper_only = 1; /* masked */
+ ConfigFileEntry.stats_l_oper_only = 1; /* self */
ConfigFileEntry.stats_i_oper_only = 1; /* masked */
ConfigFileEntry.stats_P_oper_only = false;
ConfigFileEntry.stats_c_oper_only = false;
ConfigFileEntry.stats_y_oper_only = false;
- ConfigFileEntry.stats_h_oper_only = false;
ConfigFileEntry.map_oper_only = true;
ConfigFileEntry.operspy_admin_only = false;
ConfigFileEntry.pace_wait = 10;
ConfigFileEntry.use_propagated_bans = true;
ConfigFileEntry.max_ratelimit_tokens = 30;
ConfigFileEntry.away_interval = 30;
-
-#ifdef HAVE_LIBZ
- ConfigFileEntry.compression_level = 4;
-#endif
+ ConfigFileEntry.tls_ciphers_oper_only = false;
+ ConfigFileEntry.oper_secure_only = false;
ConfigFileEntry.oper_umodes = UMODE_LOCOPS | UMODE_SERVNOTICE |
UMODE_OPERWALL | UMODE_WALLOP;
ConfigChannel.channel_target_change = true;
ConfigChannel.disable_local_channels = false;
ConfigChannel.displayed_usercount = 3;
+ ConfigChannel.opmod_send_statusmsg = false;
+ ConfigChannel.ip_bans_through_vhost= true;
ConfigChannel.autochanmodes = MODE_TOPICLIMIT | MODE_NOPRIVMSGS;
validate_conf(); /* Check to make sure some values are still okay. */
/* Some global values are also loaded here. */
check_class(); /* Make sure classes are valid */
- privilegeset_delete_all_illegal();
construct_cflags_strings();
}
return 0;
}
-rb_dlink_node *
-find_prop_ban(unsigned int status, const char *user, const char *host)
+
+int cmp_prop_ban(const void *a_, const void *b_)
{
- rb_dlink_node *ptr;
- struct ConfItem *aconf;
+ const struct ConfItem *a = a_, *b = b_;
+ int r;
- RB_DLINK_FOREACH(ptr, prop_bans.head)
- {
- aconf = ptr->data;
+ if ((a->status & ~CONF_ILLEGAL) > (int)(b->status & ~CONF_ILLEGAL)) return 1;
+ if ((a->status & ~CONF_ILLEGAL) < (int)(b->status & ~CONF_ILLEGAL)) return -1;
- if((aconf->status & ~CONF_ILLEGAL) == status &&
- (!user || !aconf->user ||
- !irccmp(aconf->user, user)) &&
- !irccmp(aconf->host, host))
- return ptr;
- }
- return NULL;
+ r = irccmp(a->host, b->host);
+ if (r) return r;
+
+ if (a->user && b->user)
+ return irccmp(a->user, b->user);
+
+ return 0;
}
void
-deactivate_conf(struct ConfItem *aconf, rb_dlink_node *ptr, time_t now)
+add_prop_ban(struct ConfItem *aconf)
{
- int i;
+ rb_dictionary_add(prop_bans_dict, aconf, aconf);
+}
- s_assert(ptr->data == aconf);
+struct ConfItem *
+find_prop_ban(unsigned status, const char *user, const char *host)
+{
+ struct ConfItem key = {.status = status, .user = (char *)user, .host = (char *)host};
+ return rb_dictionary_retrieve(prop_bans_dict, &key);
+}
+
+void
+remove_prop_ban(struct ConfItem *aconf)
+{
+ rb_dictionary_delete(prop_bans_dict, aconf);
+}
+
+bool lookup_prop_ban(struct ConfItem *aconf)
+{
+ return rb_dictionary_retrieve(prop_bans_dict, aconf) == aconf;
+}
+
+void
+deactivate_conf(struct ConfItem *aconf, time_t now)
+{
+ int i;
switch (aconf->status)
{
break;
}
if (aconf->lifetime != 0 && now < aconf->lifetime)
+ {
aconf->status |= CONF_ILLEGAL;
+ }
else
{
if (aconf->lifetime != 0)
- rb_dlinkDestroy(ptr, &prop_bans);
- free_conf(aconf);
+ remove_prop_ban(aconf);
+ if (aconf->clients == 0)
+ free_conf(aconf);
+ else
+ aconf->status |= CONF_ILLEGAL;
}
}
void
replace_old_ban(struct ConfItem *aconf)
{
- rb_dlink_node *ptr;
struct ConfItem *oldconf;
- ptr = find_prop_ban(aconf->status, aconf->user, aconf->host);
- if(ptr != NULL)
+ oldconf = find_prop_ban(aconf->status, aconf->user, aconf->host);
+ if (oldconf != NULL)
{
- oldconf = ptr->data;
/* Remember at least as long as the old one. */
if(oldconf->lifetime > aconf->lifetime)
aconf->lifetime = oldconf->lifetime;
aconf->lifetime = aconf->hold;
/* Tell deactivate_conf() to destroy it. */
oldconf->lifetime = rb_current_time();
- deactivate_conf(oldconf, ptr, oldconf->lifetime);
+ deactivate_conf(oldconf, oldconf->lifetime);
}
}
static void
-expire_prop_bans(void *list)
+expire_prop_bans(void *unused)
{
- rb_dlink_node *ptr;
- rb_dlink_node *next_ptr;
struct ConfItem *aconf;
time_t now;
+ rb_dictionary_iter state;
now = rb_current_time();
- RB_DLINK_FOREACH_SAFE(ptr, next_ptr, ((rb_dlink_list *) list)->head)
- {
- aconf = ptr->data;
+ RB_DICTIONARY_FOREACH(aconf, &state, prop_bans_dict)
+ {
if(aconf->lifetime <= now ||
(aconf->hold <= now &&
!(aconf->status & CONF_ILLEGAL)))
aconf->host ? aconf->host : "*");
/* will destroy or mark illegal */
- deactivate_conf(aconf, ptr, now);
+ deactivate_conf(aconf, now);
}
}
}
/* const char* get_oper_name(struct Client *client_p)
* Input: A client to find the active oper{} name for.
* Output: The nick!user@host{oper} of the oper.
- * "oper" is server name for remote opers
+ * "oper" is server name for unknown opers
* Side effects: None.
*/
-char *
+const char *
get_oper_name(struct Client *client_p)
{
/* +5 for !,@,{,} and null */
- static char buffer[NAMELEN + USERLEN + HOSTLEN + HOSTLEN + 5];
+ static char buffer[NAMELEN + USERLEN + HOSTLEN + MAX(HOSTLEN, OPERNICKLEN) + 5];
- if(MyOper(client_p))
- {
- snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}",
- client_p->name, client_p->username,
- client_p->host, client_p->localClient->opername);
- return buffer;
- }
+ const char *opername = EmptyString(client_p->user->opername)
+ ? client_p->servptr->name
+ : client_p->user->opername;
- snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}",
- client_p->name, client_p->username,
- client_p->host, client_p->servptr->name);
+ snprintf(buffer, sizeof buffer, "%s!%s@%s{%s}",
+ client_p->name, client_p->username,
+ client_p->host, opername);
return buffer;
}
*/
void
get_printable_conf(struct ConfItem *aconf, char **name, char **host,
- const char **pass, char **user, int *port, char **classname)
+ const char **pass, char **user, int *port,
+ char **classname, char **desc)
{
static char null[] = "<NULL>";
static char zero[] = "default";
*pass = EmptyString(aconf->passwd) ? null : aconf->passwd;
*user = EmptyString(aconf->user) ? null : aconf->user;
*classname = EmptyString(aconf->className) ? zero : aconf->className;
+ *desc = CheckEmpty(aconf->desc);
*port = (int) aconf->port;
}
{
static char reasonbuf[BUFSIZE];
- if (aconf->flags & CONF_FLAGS_TEMPORARY &&
+ if (!ConfigFileEntry.hide_tkdline_duration &&
+ aconf->flags & CONF_FLAGS_TEMPORARY &&
(aconf->status == CONF_KILL || aconf->status == CONF_DLINE))
snprintf(reasonbuf, sizeof reasonbuf,
"Temporary %c-line %d min. - ",
*user = EmptyString(aconf->user) ? null : aconf->user;
*reason = get_user_ban_reason(aconf);
- if(!IsOper(source_p))
+ if(!IsOperGeneral(source_p))
*oper_reason = NULL;
else
{
}
else
{
- sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Can't open file '%s' - aborting rehash!", filename);
return;
}
MaxUsers(cltmp) = -1;
}
- clear_out_address_conf();
+ clear_out_address_conf(AC_CONFIG);
clear_s_newconf();
/* clean out module paths */
ConfigFileEntry.kline_reason = NULL;
rb_free(ConfigFileEntry.sasl_service);
ConfigFileEntry.sasl_service = NULL;
+ rb_free(ConfigFileEntry.drain_reason);
+ ConfigFileEntry.drain_reason = NULL;
+ rb_free(ConfigFileEntry.sasl_only_client_message);
+ ConfigFileEntry.sasl_only_client_message = NULL;
+ rb_free(ConfigFileEntry.identd_only_client_message);
+ ConfigFileEntry.identd_only_client_message = NULL;
+ rb_free(ConfigFileEntry.sctp_forbidden_client_message);
+ ConfigFileEntry.sctp_forbidden_client_message = NULL;
+ rb_free(ConfigFileEntry.ssltls_only_client_message);
+ ConfigFileEntry.ssltls_only_client_message = NULL;
+ rb_free(ConfigFileEntry.not_authorised_client_message);
+ ConfigFileEntry.not_authorised_client_message = NULL;
+ rb_free(ConfigFileEntry.illegal_hostname_client_message);
+ ConfigFileEntry.illegal_hostname_client_message = NULL;
+ rb_free(ConfigFileEntry.server_full_client_message);
+ ConfigFileEntry.server_full_client_message = NULL;
+ rb_free(ConfigFileEntry.illegal_name_long_client_message);
+ ConfigFileEntry.illegal_name_long_client_message = NULL;
+ rb_free(ConfigFileEntry.illegal_name_short_client_message);
+ ConfigFileEntry.illegal_name_short_client_message = NULL;
+
+ if (ConfigFileEntry.hidden_caps != NULL)
+ {
+ for (size_t i = 0; ConfigFileEntry.hidden_caps[i] != NULL; i++)
+ rb_free(ConfigFileEntry.hidden_caps[i]);
+ rb_free(ConfigFileEntry.hidden_caps);
+ }
+ ConfigFileEntry.hidden_caps = NULL;
/* clean out log */
rb_free(ConfigFileEntry.fname_userlog);
alias_dict = NULL;
}
- del_blacklist_all();
-
- privilegeset_mark_all_illegal();
+ del_dnsbl_entry_all();
/* OK, that should be everything... */
}
strip_tabs(newlinebuf, yy_linebuf, sizeof(newlinebuf));
ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf);
- sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'",
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "\"%s\", line %d: %s at '%s'",
conffilebuf, lineno + 1, msg, newlinebuf);
}