#include "newconf.h"
#include "ircd_defs.h"
-#include "sprintf_irc.h"
#include "common.h"
#include "logger.h"
#include "s_conf.h"
#include "ircd.h"
#include "snomask.h"
#include "blacklist.h"
+#include "sslproc.h"
+#include "privilege.h"
#define CF_TYPE(x) ((x) & CF_MTYPE)
static char *yy_blacklist_host = NULL;
static char *yy_blacklist_reason = NULL;
+static char *yy_privset_extends = NULL;
static const char *
conf_strtype(int type)
static void
conf_set_serverinfo_vhost(void *data)
{
- if(inetpton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0)
+ if(rb_inet_pton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0)
{
conf_report_error("Invalid netmask for server IPv4 vhost (%s)", (char *) data);
return;
conf_set_serverinfo_vhost6(void *data)
{
#ifdef RB_IPV6
- if(inetpton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0)
+ if(rb_inet_pton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0)
{
conf_report_error("Invalid netmask for server IPv6 vhost (%s)", (char *) data);
return;
#ifndef STATIC_MODULES
char *m_bn;
- m_bn = irc_basename((char *) data);
+ m_bn = rb_basename((char *) data);
if(findmodule_byname(m_bn) != -1)
return;
static struct mode_table oper_table[] = {
{"encrypted", OPER_ENCRYPTED },
- {"local_kill", OPER_LOCKILL },
- {"global_kill", OPER_GLOBKILL|OPER_LOCKILL },
- {"remote", OPER_REMOTE },
- {"kline", OPER_KLINE },
- {"unkline", OPER_UNKLINE },
- {"gline", OPER_GLINE },
- {"nick_changes", OPER_NICKS },
- {"rehash", OPER_REHASH },
- {"die", OPER_DIE },
- {"admin", OPER_ADMIN },
- {"hidden_admin", OPER_HADMIN },
- {"xline", OPER_XLINE },
- {"resv", OPER_RESV },
- {"operwall", OPER_OPERWALL },
- {"oper_spy", OPER_SPY },
- {"hidden_oper", OPER_INVIS },
- {"remoteban", OPER_REMOTEBAN },
- {"mass_notice", OPER_MASSNOTICE },
+ {"need_ssl", OPER_NEEDSSL },
{NULL, 0}
};
{"exceed_limit", CONF_FLAGS_NOLIMIT },
{"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL },
{"kline_exempt", CONF_FLAGS_EXEMPTKLINE },
- {"gline_exempt", CONF_FLAGS_EXEMPTGLINE },
{"flood_exempt", CONF_FLAGS_EXEMPTFLOOD },
{"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT },
{"shide_exempt", CONF_FLAGS_EXEMPTSHIDE },
{"no_tilde", CONF_FLAGS_NO_TILDE },
{"need_ident", CONF_FLAGS_NEED_IDENTD },
{"have_ident", CONF_FLAGS_NEED_IDENTD },
+ {"need_ssl", CONF_FLAGS_NEED_SSL },
{"need_sasl", CONF_FLAGS_NEED_SASL },
{NULL, 0}
};
{ "compressed", SERVER_COMPRESSED },
{ "encrypted", SERVER_ENCRYPTED },
{ "topicburst", SERVER_TB },
+ { "ssl", SERVER_SSL },
{ NULL, 0 },
};
{ "kline", SHARED_PKLINE|SHARED_TKLINE },
{ "xline", SHARED_PXLINE|SHARED_TXLINE },
{ "resv", SHARED_PRESV|SHARED_TRESV },
+ { "dline", SHARED_PDLINE|SHARED_TDLINE },
+ { "tdline", SHARED_TDLINE },
+ { "pdline", SHARED_PDLINE },
+ { "undline", SHARED_UNDLINE },
{ "tkline", SHARED_TKLINE },
{ "unkline", SHARED_UNKLINE },
{ "txline", SHARED_TXLINE },
}
}
+static void
+conf_set_privset_extends(void *data)
+{
+ yy_privset_extends = rb_strdup((char *) data);
+}
+
+static void
+conf_set_privset_privs(void *data)
+{
+ char *privs = NULL;
+ conf_parm_t *args = data;
+
+ for (; args; args = args->next)
+ {
+ if (privs == NULL)
+ privs = rb_strdup(args->v.string);
+ else
+ {
+ char *privs_old = privs;
+
+ privs = rb_malloc(strlen(privs_old) + 1 + strlen(args->v.string) + 1);
+ strcpy(privs, privs_old);
+ strcat(privs, " ");
+ strcat(privs, args->v.string);
+
+ rb_free(privs_old);
+ }
+ }
+
+ if (privs)
+ {
+ if (yy_privset_extends)
+ {
+ struct PrivilegeSet *set = privilegeset_get(yy_privset_extends);
+
+ if (!set)
+ {
+ conf_report_error("Warning -- unknown parent privilege set %s for %s; assuming defaults", yy_privset_extends, conf_cur_block_name);
+
+ set = privilegeset_get("default");
+ }
+
+ privilegeset_extend(set, conf_cur_block_name != NULL ? conf_cur_block_name : "<unknown>", privs, 0);
+
+ rb_free(yy_privset_extends);
+ yy_privset_extends = NULL;
+ }
+ else
+ privilegeset_set_new(conf_cur_block_name != NULL ? conf_cur_block_name : "<unknown>", privs, 0);
+
+ rb_free(privs);
+ }
+}
+
static int
conf_begin_oper(struct TopConf *tc)
{
}
yy_oper = make_oper_conf();
- yy_oper->flags |= OPER_ENCRYPTED|OPER_RESV|OPER_OPERWALL|OPER_REMOTEBAN|OPER_MASSNOTICE;
+ yy_oper->flags |= OPER_ENCRYPTED;
return 0;
}
return 0;
}
+
+ if (!yy_oper->privset)
+ yy_oper->privset = privilegeset_get("default");
+
/* now, yy_oper_list contains a stack of oper_conf's with just user
* and host in, yy_oper contains the rest of the information which
* we need to copy into each element in yy_oper_list
yy_tmpoper->flags = yy_oper->flags;
yy_tmpoper->umodes = yy_oper->umodes;
yy_tmpoper->snomask = yy_oper->snomask;
+ yy_tmpoper->privset = yy_oper->privset;
#ifdef HAVE_LIBCRYPTO
if(yy_oper->rsa_pubkey_file)
set_modes_from_table(&yy_oper->flags, "flag", oper_table, args);
}
+static void
+conf_set_oper_privset(void *data)
+{
+ yy_oper->privset = privilegeset_get((char *) data);
+}
+
static void
conf_set_oper_user(void *data)
{
}
static void
-conf_set_class_cidr_bitlen(void *data)
+conf_set_class_cidr_ipv4_bitlen(void *data)
{
+ unsigned int maxsize = 32;
+ if(*(unsigned int *) data > maxsize)
+ conf_report_error
+ ("class::cidr_ipv4_bitlen argument exceeds maxsize (%d > %d) - ignoring.",
+ *(unsigned int *) data, maxsize);
+ else
+ yy_class->cidr_ipv4_bitlen = *(unsigned int *) data;
+
+}
+
#ifdef RB_IPV6
+static void
+conf_set_class_cidr_ipv6_bitlen(void *data)
+{
unsigned int maxsize = 128;
-#else
- unsigned int maxsize = 32;
-#endif
if(*(unsigned int *) data > maxsize)
conf_report_error
- ("class::cidr_bitlen argument exceeds maxsize (%d > %d) - ignoring.",
+ ("class::cidr_ipv6_bitlen argument exceeds maxsize (%d > %d) - ignoring.",
*(unsigned int *) data, maxsize);
else
- yy_class->cidr_bitlen = *(unsigned int *) data;
+ yy_class->cidr_ipv6_bitlen = *(unsigned int *) data;
}
+#endif
+
static void
conf_set_class_number_per_cidr(void *data)
{
return 0;
}
+
+
static void
-conf_set_listen_port(void *data)
+conf_set_listen_port_both(void *data, int ssl)
{
conf_parm_t *args = data;
for (; args; args = args->next)
}
if(listener_address == NULL)
{
- add_listener(args->v.number, listener_address, AF_INET);
+ add_listener(args->v.number, listener_address, AF_INET, ssl);
#ifdef RB_IPV6
- add_listener(args->v.number, listener_address, AF_INET6);
+ add_listener(args->v.number, listener_address, AF_INET6, ssl);
#endif
}
else
#endif
family = AF_INET;
- add_listener(args->v.number, listener_address, family);
+ add_listener(args->v.number, listener_address, family, ssl);
}
}
}
+static void
+conf_set_listen_port(void *data)
+{
+ conf_set_listen_port_both(data, 0);
+}
+
+static void
+conf_set_listen_sslport(void *data)
+{
+ conf_set_listen_port_both(data, 1);
+}
+
static void
conf_set_listen_address(void *data)
{
collapse(yy_aconf->user);
collapse(yy_aconf->host);
conf_add_class_to_conf(yy_aconf);
- add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf);
+ add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf->spasswd, yy_aconf);
RB_DLINK_FOREACH_SAFE(ptr, next_ptr, yy_aconf_list.head)
{
if(yy_aconf->passwd)
yy_tmp->passwd = rb_strdup(yy_aconf->passwd);
+ if(yy_aconf->spasswd)
+ yy_tmp->spasswd = rb_strdup(yy_aconf->spasswd);
+
/* this will always exist.. */
yy_tmp->name = rb_strdup(yy_aconf->name);
conf_add_class_to_conf(yy_tmp);
- add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp);
+ add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp->spasswd, yy_tmp);
rb_dlinkDestroy(ptr, &yy_aconf_list);
}
rb_dlinkAddAlloc(yy_tmp, &yy_aconf_list);
}
+static void
+conf_set_auth_auth_user(void *data)
+{
+ if(yy_aconf->spasswd)
+ memset(yy_aconf->spasswd, 0, strlen(yy_aconf->spasswd));
+ rb_free(yy_aconf->spasswd);
+ yy_aconf->spasswd = rb_strdup(data);
+}
+
static void
conf_set_auth_passwd(void *data)
{
yy_server->flags &= ~SERVER_COMPRESSED;
}
#endif
+ if(ServerConfCompressed(yy_server) && ServerConfSSL(yy_server))
+ {
+ conf_report_error("Ignoring compressed for connect block %s -- "
+ "ssl and compressed are mutually exclusive (OpenSSL does its own compression)",
+ yy_server->name);
+ yy_server->flags &= ~SERVER_COMPRESSED;
+ }
add_server_conf(yy_server);
rb_dlinkAdd(yy_server, &yy_server->node, &server_conf_list);
static void
conf_set_connect_vhost(void *data)
{
- if(inetpton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0)
+ if(rb_inet_pton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0)
{
conf_report_error("Invalid netmask for server vhost (%s)",
(char *) data);
yy_tmp->passwd = rb_strdup("*");
yy_tmp->host = rb_strdup(data);
yy_tmp->status = CONF_EXEMPTDLINE;
- add_conf_by_address(yy_tmp->host, CONF_EXEMPTDLINE, NULL, yy_tmp);
+ add_conf_by_address(yy_tmp->host, CONF_EXEMPTDLINE, NULL, NULL, yy_tmp);
}
static int
char **loc = location;
char *input = data;
- if(len && strlen(input) > len)
+ if(len && strlen(input) > (unsigned int)len)
input[len] = '\0';
rb_free(*loc);
{ "vhost", CF_QSTRING, conf_set_serverinfo_vhost, 0, NULL },
{ "vhost6", CF_QSTRING, conf_set_serverinfo_vhost6, 0, NULL },
- { "max_clients", CF_INT, NULL, 0, &ServerInfo.max_clients },
+ { "ssl_private_key", CF_QSTRING, NULL, 0, &ServerInfo.ssl_private_key },
+ { "ssl_ca_cert", CF_QSTRING, NULL, 0, &ServerInfo.ssl_ca_cert },
+ { "ssl_cert", CF_QSTRING, NULL, 0, &ServerInfo.ssl_cert },
+ { "ssl_dh_params", CF_QSTRING, NULL, 0, &ServerInfo.ssl_dh_params },
+ { "ssld_count", CF_INT, NULL, 0, &ServerInfo.ssld_count },
+
+ { "default_max_clients",CF_INT, NULL, 0, &ServerInfo.default_max_clients },
{ "\0", 0, NULL, 0, NULL }
};
{ "fname_foperlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_foperlog },
{ "fname_serverlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_serverlog },
{ "fname_killlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_killlog },
- { "fname_glinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_glinelog },
{ "fname_klinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_klinelog },
{ "fname_operspylog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_operspylog },
{ "fname_ioerrorlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_ioerrorlog },
{ "rsa_public_key_file", CF_QSTRING, conf_set_oper_rsa_public_key_file, 0, NULL },
{ "flags", CF_STRING | CF_FLIST, conf_set_oper_flags, 0, NULL },
{ "umodes", CF_STRING | CF_FLIST, conf_set_oper_umodes, 0, NULL },
+ { "privset", CF_QSTRING, conf_set_oper_privset, 0, NULL },
{ "snomask", CF_QSTRING, conf_set_oper_snomask, 0, NULL },
{ "user", CF_QSTRING, conf_set_oper_user, 0, NULL },
{ "password", CF_QSTRING, conf_set_oper_password, 0, NULL },
{ "\0", 0, NULL, 0, NULL }
};
+static struct ConfEntry conf_privset_table[] =
+{
+ { "extends", CF_QSTRING, conf_set_privset_extends, 0, NULL },
+ { "privs", CF_STRING | CF_FLIST, conf_set_privset_privs, 0, NULL },
+ { "\0", 0, NULL, 0, NULL }
+};
+
static struct ConfEntry conf_class_table[] =
{
{ "ping_time", CF_TIME, conf_set_class_ping_time, 0, NULL },
- { "cidr_bitlen", CF_INT, conf_set_class_cidr_bitlen, 0, NULL },
+ { "cidr_ipv4_bitlen", CF_INT, conf_set_class_cidr_ipv4_bitlen, 0, NULL },
+#ifdef RB_IPV6
+ { "cidr_ipv6_bitlen", CF_INT, conf_set_class_cidr_ipv6_bitlen, 0, NULL },
+#endif
{ "number_per_cidr", CF_INT, conf_set_class_number_per_cidr, 0, NULL },
{ "number_per_ip", CF_INT, conf_set_class_number_per_ip, 0, NULL },
{ "number_per_ip_global", CF_INT,conf_set_class_number_per_ip_global, 0, NULL },
static struct ConfEntry conf_auth_table[] =
{
{ "user", CF_QSTRING, conf_set_auth_user, 0, NULL },
+ { "auth_user", CF_QSTRING, conf_set_auth_auth_user, 0, NULL },
{ "password", CF_QSTRING, conf_set_auth_passwd, 0, NULL },
{ "class", CF_QSTRING, conf_set_auth_class, 0, NULL },
{ "spoof", CF_QSTRING, conf_set_auth_spoof, 0, NULL },
{ "kline_reason", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.kline_reason },
{ "identify_service", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifyservice },
{ "identify_command", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifycommand },
- { "servlink_path", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.servlink_path },
{ "anti_spam_exit_message_time", CF_TIME, NULL, 0, &ConfigFileEntry.anti_spam_exit_message_time },
{ "disable_fake_channels", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_fake_channels },
{ "disable_auth", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_auth },
{ "dots_in_ident", CF_INT, NULL, 0, &ConfigFileEntry.dots_in_ident },
{ "failed_oper_notice", CF_YESNO, NULL, 0, &ConfigFileEntry.failed_oper_notice },
- { "glines", CF_YESNO, NULL, 0, &ConfigFileEntry.glines },
- { "gline_min_cidr", CF_INT, NULL, 0, &ConfigFileEntry.gline_min_cidr },
- { "gline_min_cidr6", CF_INT, NULL, 0, &ConfigFileEntry.gline_min_cidr6 },
- { "gline_time", CF_TIME, NULL, 0, &ConfigFileEntry.gline_time },
{ "global_snotices", CF_YESNO, NULL, 0, &ConfigFileEntry.global_snotices },
{ "hide_spoof_ips", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_spoof_ips },
{ "dline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.dline_with_reason },
{ "max_nick_time", CF_TIME, NULL, 0, &ConfigFileEntry.max_nick_time },
{ "max_nick_changes", CF_INT, NULL, 0, &ConfigFileEntry.max_nick_changes },
{ "max_targets", CF_INT, NULL, 0, &ConfigFileEntry.max_targets },
- { "max_unknown_ip", CF_INT, NULL, 0, &ConfigFileEntry.max_unknown_ip },
{ "min_nonwildcard", CF_INT, NULL, 0, &ConfigFileEntry.min_nonwildcard },
{ "nick_delay", CF_TIME, NULL, 0, &ConfigFileEntry.nick_delay },
{ "no_oper_flood", CF_YESNO, NULL, 0, &ConfigFileEntry.no_oper_flood },
{ "reject_after_count", CF_INT, NULL, 0, &ConfigFileEntry.reject_after_count },
{ "reject_ban_time", CF_TIME, NULL, 0, &ConfigFileEntry.reject_ban_time },
{ "reject_duration", CF_TIME, NULL, 0, &ConfigFileEntry.reject_duration },
+ { "throttle_count", CF_INT, NULL, 0, &ConfigFileEntry.throttle_count },
+ { "throttle_duration", CF_TIME, NULL, 0, &ConfigFileEntry.throttle_duration },
{ "short_motd", CF_YESNO, NULL, 0, &ConfigFileEntry.short_motd },
{ "stats_c_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_c_oper_only },
{ "stats_e_disabled", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_e_disabled },
add_top_conf("log", NULL, NULL, conf_log_table);
add_top_conf("operator", conf_begin_oper, conf_end_oper, conf_operator_table);
add_top_conf("class", conf_begin_class, conf_end_class, conf_class_table);
+ add_top_conf("privset", NULL, NULL, conf_privset_table);
add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL);
add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port);
+ add_conf_item("listen", "sslport", CF_INT | CF_FLIST, conf_set_listen_sslport);
add_conf_item("listen", "ip", CF_QSTRING, conf_set_listen_address);
add_conf_item("listen", "host", CF_QSTRING, conf_set_listen_address);