#include "sslproc.h"
#include "bandbi.h"
#include "operhash.h"
+#include "chmode.h"
+#include "hook.h"
+#include "s_assert.h"
struct config_server_hide ConfigServerHide;
/* internally defined functions */
static void set_default_conf(void);
static void validate_conf(void);
-static void read_conf(FILE *);
+static void read_conf(void);
static void clear_out_old_conf(void);
static void expire_prop_bans(void *list);
extern char yytext[];
static int verify_access(struct Client *client_p, const char *username);
+static struct ConfItem *find_address_conf_by_client(struct Client *client_p, const char *username);
static int attach_iline(struct Client *, struct ConfItem *);
void
if((i = verify_access(source_p, username)))
{
- ilog(L_FUSER, "Access denied: %s[%s]",
+ ilog(L_FUSER, "Access denied: %s[%s]",
source_p->name, source_p->sockhost);
}
-
+
switch (i)
{
case SOCKET_ERROR:
ilog(L_FUSER, "Too many local connections from %s!%s%s@%s",
source_p->name, IsGotId(source_p) ? "" : "~",
- source_p->username, source_p->sockhost);
+ source_p->username, source_p->sockhost);
ServerStats.is_ref++;
exit_client(client_p, source_p, &me, "Too many host connections (local)");
source_p->username, source_p->host,
show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : "255.255.255.255");
- ilog(L_FUSER, "Too many connections from %s!%s%s@%s.",
+ ilog(L_FUSER, "Too many connections from %s!%s%s@%s.",
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->sockhost);
else
#endif
port = ntohs(((struct sockaddr_in *)&source_p->localClient->listener->addr)->sin_port);
-
+
ServerStats.is_ref++;
/* jdc - lists server name & port connections are on */
/* a purely cosmetical change */
verify_access(struct Client *client_p, const char *username)
{
struct ConfItem *aconf;
- char non_ident[USERLEN + 1];
-
- if(IsGotId(client_p))
- {
- aconf = find_address_conf(client_p->host, client_p->sockhost,
- client_p->username, client_p->username,
- (struct sockaddr *) &client_p->localClient->ip,
- client_p->localClient->ip.ss_family,
- client_p->localClient->auth_user);
- }
- else
- {
- rb_strlcpy(non_ident, "~", sizeof(non_ident));
- rb_strlcat(non_ident, username, sizeof(non_ident));
- aconf = find_address_conf(client_p->host, client_p->sockhost,
- non_ident, client_p->username,
- (struct sockaddr *) &client_p->localClient->ip,
- client_p->localClient->ip.ss_family,
- client_p->localClient->auth_user);
- }
+ aconf = find_address_conf_by_client(client_p, username);
if(aconf == NULL)
return NOT_AUTHORISED;
}
+/*
+ * find_address_conf_by_client
+ */
+static struct ConfItem *
+find_address_conf_by_client(struct Client *client_p, const char *username)
+{
+ struct ConfItem *aconf;
+ char non_ident[USERLEN + 1];
+
+ if(IsGotId(client_p))
+ {
+ aconf = find_address_conf(client_p->host, client_p->sockhost,
+ client_p->username, client_p->username,
+ (struct sockaddr *) &client_p->localClient->ip,
+ client_p->localClient->ip.ss_family,
+ client_p->localClient->auth_user);
+ }
+ else
+ {
+ rb_strlcpy(non_ident, "~", sizeof(non_ident));
+ rb_strlcat(non_ident, username, sizeof(non_ident));
+ aconf = find_address_conf(client_p->host, client_p->sockhost,
+ non_ident, client_p->username,
+ (struct sockaddr *) &client_p->localClient->ip,
+ client_p->localClient->ip.ss_family,
+ client_p->localClient->auth_user);
+ }
+ return aconf;
+}
+
+
/*
* add_ip_limit
- *
+ *
* Returns 1 if successful 0 if not
*
* This checks if the user has exceed the limits for their class
int local_count = 0;
int global_count = 0;
int ident_count = 0;
- int unidented = 0;
+ int unidented;
if(IsConfExemptLimits(aconf))
return (attach_conf(client_p, aconf));
- if(*client_p->username == '~')
- unidented = 1;
-
+ unidented = !IsGotId(client_p) && !IsNoTilde(aconf) &&
+ (!IsConfDoSpoofIp(aconf) || !strchr(aconf->info.name, '@'));
/* find_hostname() returns the head of the list to search */
RB_DLINK_FOREACH(ptr, find_hostname(client_p->host))
/*
* attach_conf
- *
+ *
* inputs - client pointer
* - conf pointer
* output -
/* ServerInfo.name is not rehashable */
/* ServerInfo.name = ServerInfo.name; */
ServerInfo.description = NULL;
- ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT);
- ServerInfo.network_desc = rb_strdup(NETWORK_DESC_DEFAULT);
+ ServerInfo.network_name = NULL;
memset(&ServerInfo.ip, 0, sizeof(ServerInfo.ip));
ServerInfo.specific_ipv4_vhost = 0;
AdminInfo.email = NULL;
AdminInfo.description = NULL;
- ConfigFileEntry.default_operstring = rb_strdup("is an IRC operator");
- ConfigFileEntry.default_adminstring = rb_strdup("is a Server Administrator");
- ConfigFileEntry.servicestring = rb_strdup("is a Network Service");
+ ConfigFileEntry.default_operstring = NULL;
+ ConfigFileEntry.default_adminstring = NULL;
+ ConfigFileEntry.servicestring = NULL;
+ ConfigFileEntry.sasl_service = NULL;
- ConfigFileEntry.default_umodes = UMODE_INVISIBLE;
+ ConfigFileEntry.default_umodes = UMODE_INVISIBLE;
ConfigFileEntry.failed_oper_notice = YES;
ConfigFileEntry.anti_nick_flood = NO;
ConfigFileEntry.disable_fake_channels = NO;
ConfigFileEntry.fname_operlog = NULL;
ConfigFileEntry.fname_foperlog = NULL;
ConfigFileEntry.fname_serverlog = NULL;
+ ConfigFileEntry.fname_killlog = NULL;
ConfigFileEntry.fname_klinelog = NULL;
ConfigFileEntry.fname_operspylog = NULL;
ConfigFileEntry.fname_ioerrorlog = NULL;
- ConfigFileEntry.use_egd = NO;
ConfigFileEntry.hide_spoof_ips = YES;
ConfigFileEntry.hide_error_messages = 1;
ConfigFileEntry.dots_in_ident = 0;
ConfigFileEntry.max_targets = MAX_TARGETS_DEFAULT;
- ConfigFileEntry.egdpool_path = NULL;
ConfigFileEntry.use_whois_actually = YES;
ConfigFileEntry.burst_away = NO;
ConfigFileEntry.collision_fnc = YES;
+ ConfigFileEntry.resv_fnc = YES;
ConfigFileEntry.global_snotices = YES;
ConfigFileEntry.operspy_dont_care_user_info = NO;
+ ConfigFileEntry.use_propagated_bans = YES;
+ ConfigFileEntry.max_ratelimit_tokens = 30;
+ ConfigFileEntry.away_interval = 30;
#ifdef HAVE_LIBZ
ConfigFileEntry.compression_level = 4;
ConfigChannel.use_except = YES;
ConfigChannel.use_invex = YES;
- ConfigChannel.use_knock = YES;
ConfigChannel.use_forward = YES;
+ ConfigChannel.use_knock = YES;
ConfigChannel.knock_delay = 300;
ConfigChannel.knock_delay_channel = 60;
ConfigChannel.max_chans_per_user = 15;
ConfigChannel.no_join_on_split = NO;
ConfigChannel.no_create_on_split = YES;
ConfigChannel.resv_forcepart = YES;
+ ConfigChannel.channel_target_change = YES;
+ ConfigChannel.disable_local_channels = NO;
+
+ ConfigChannel.autochanmodes = MODE_TOPICLIMIT | MODE_NOPRIVMSGS;
ConfigServerHide.flatten_links = 0;
ConfigServerHide.links_delay = 300;
ConfigFileEntry.min_nonwildcard = 4;
ConfigFileEntry.min_nonwildcard_simple = 3;
ConfigFileEntry.default_floodcount = 8;
- ConfigFileEntry.client_flood = CLIENT_FLOOD_DEFAULT;
+ ConfigFileEntry.default_ident_timeout = IDENT_TIMEOUT_DEFAULT;
ConfigFileEntry.tkline_expire_notices = 0;
ConfigFileEntry.reject_after_count = 5;
- ConfigFileEntry.reject_ban_time = 300;
+ ConfigFileEntry.reject_ban_time = 300;
ConfigFileEntry.reject_duration = 120;
ConfigFileEntry.throttle_count = 4;
ConfigFileEntry.throttle_duration = 60;
+ ConfigFileEntry.client_flood_max_lines = CLIENT_FLOOD_DEFAULT;
+ ConfigFileEntry.client_flood_burst_rate = 5;
+ ConfigFileEntry.client_flood_burst_max = 5;
+ ConfigFileEntry.client_flood_message_time = 1;
+ ConfigFileEntry.client_flood_message_num = 2;
+
ServerInfo.default_max_clients = MAXCONNECTIONS;
+ ConfigFileEntry.nicklen = NICKLEN;
+ ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1;
+
if (!alias_dict)
alias_dict = irc_dictionary_create(strcasecmp);
}
#undef NO
/*
- * read_conf()
+ * read_conf()
*
*
- * inputs - file descriptor pointing to config file to use
+ * inputs - None
* output - None
* side effects - Read configuration file.
*/
static void
-read_conf(FILE * file)
+read_conf(void)
{
lineno = 0;
/* Some global values are also loaded here. */
check_class(); /* Make sure classes are valid */
privilegeset_delete_all_illegal();
+ construct_cflags_strings();
}
static void
validate_conf(void)
{
+ if(ConfigFileEntry.default_ident_timeout < 1)
+ ConfigFileEntry.default_ident_timeout = IDENT_TIMEOUT_DEFAULT;
+
if(ConfigFileEntry.ts_warn_delta < TS_WARN_DELTA_MIN)
ConfigFileEntry.ts_warn_delta = TS_WARN_DELTA_DEFAULT;
if(ServerInfo.network_name == NULL)
ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT);
- if(ServerInfo.network_desc == NULL)
- ServerInfo.network_desc = rb_strdup(NETWORK_DESC_DEFAULT);
-
if(ServerInfo.ssld_count < 1)
ServerInfo.ssld_count = 1;
int start = ServerInfo.ssld_count - get_ssld_count();
/* start up additional ssld if needed */
start_ssldaemon(start, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params);
-
+
}
- if((ConfigFileEntry.client_flood < CLIENT_FLOOD_MIN) ||
- (ConfigFileEntry.client_flood > CLIENT_FLOOD_MAX))
- ConfigFileEntry.client_flood = CLIENT_FLOOD_MAX;
+ /* General conf */
+ if (ConfigFileEntry.default_operstring == NULL)
+ ConfigFileEntry.default_operstring = rb_strdup("is an IRC operator");
+
+ if (ConfigFileEntry.default_adminstring == NULL)
+ ConfigFileEntry.default_adminstring = rb_strdup("is a Server Administrator");
+
+ if (ConfigFileEntry.servicestring == NULL)
+ ConfigFileEntry.servicestring = rb_strdup("is a Network Service");
+
+ if (ConfigFileEntry.sasl_service == NULL)
+ ConfigFileEntry.sasl_service = rb_strdup("SaslServ");
+
+ /* RFC 1459 says 1 message per 2 seconds on average and bursts of
+ * 5 messages are acceptable, so allow at least that.
+ */
+ if(ConfigFileEntry.client_flood_burst_rate < 5)
+ ConfigFileEntry.client_flood_burst_rate = 5;
+ if(ConfigFileEntry.client_flood_burst_max < 5)
+ ConfigFileEntry.client_flood_burst_max = 5;
+ if(ConfigFileEntry.client_flood_message_time >
+ ConfigFileEntry.client_flood_message_num * 2)
+ ConfigFileEntry.client_flood_message_time =
+ ConfigFileEntry.client_flood_message_num * 2;
+
+ if((ConfigFileEntry.client_flood_max_lines < CLIENT_FLOOD_MIN) ||
+ (ConfigFileEntry.client_flood_max_lines > CLIENT_FLOOD_MAX))
+ ConfigFileEntry.client_flood_max_lines = CLIENT_FLOOD_MAX;
if(!split_users || !split_servers ||
(!ConfigChannel.no_create_on_split && !ConfigChannel.no_join_on_split))
*
* inputs - pointer to struct ConfItem
* output - none
- * Side effects - links in given struct ConfItem into
+ * Side effects - links in given struct ConfItem into
* temporary kline link list
*/
void
add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, NULL, aconf);
}
+/* valid_wild_card()
+ *
+ * input - user buffer, host buffer
+ * output - 0 if invalid, 1 if valid
+ * side effects -
+ */
+int
+valid_wild_card(const char *luser, const char *lhost)
+{
+ const char *p;
+ char tmpch;
+ int nonwild = 0;
+ int bitlen;
+
+ /* user has no wildcards, always accept -- jilles */
+ if(!strchr(luser, '?') && !strchr(luser, '*'))
+ return 1;
+
+ /* check there are enough non wildcard chars */
+ p = luser;
+ while((tmpch = *p++))
+ {
+ if(!IsKWildChar(tmpch))
+ {
+ /* found enough chars, return */
+ if(++nonwild >= ConfigFileEntry.min_nonwildcard)
+ return 1;
+ }
+ }
+
+ /* try host, as user didnt contain enough */
+ /* special case for cidr masks -- jilles */
+ if((p = strrchr(lhost, '/')) != NULL && IsDigit(p[1]))
+ {
+ bitlen = atoi(p + 1);
+ /* much like non-cidr for ipv6, rather arbitrary for ipv4 */
+ if(bitlen > 0
+ && bitlen >=
+ (strchr(lhost, ':') ? 4 * (ConfigFileEntry.min_nonwildcard - nonwild) : 6 -
+ 2 * nonwild))
+ return 1;
+ }
+ else
+ {
+ p = lhost;
+ while((tmpch = *p++))
+ {
+ if(!IsKWildChar(tmpch))
+ if(++nonwild >= ConfigFileEntry.min_nonwildcard)
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
rb_dlink_node *
find_prop_ban(unsigned int status, const char *user, const char *host)
{
}
void
-deactivate_conf(struct ConfItem *aconf, rb_dlink_node *ptr)
+deactivate_conf(struct ConfItem *aconf, rb_dlink_node *ptr, time_t now)
{
int i;
del_from_resv_hash(aconf->host, aconf);
break;
}
- if (aconf->lifetime != 0 && rb_current_time() < aconf->lifetime)
+ if (aconf->lifetime != 0 && now < aconf->lifetime)
aconf->status |= CONF_ILLEGAL;
else
{
}
}
+/* Given a new ban ConfItem, look for any matching ban, update the lifetime
+ * from it and delete it.
+ */
+void
+replace_old_ban(struct ConfItem *aconf)
+{
+ rb_dlink_node *ptr;
+ struct ConfItem *oldconf;
+
+ ptr = find_prop_ban(aconf->status, aconf->user, aconf->host);
+ if(ptr != NULL)
+ {
+ oldconf = ptr->data;
+ /* Remember at least as long as the old one. */
+ if(oldconf->lifetime > aconf->lifetime)
+ aconf->lifetime = oldconf->lifetime;
+ /* Force creation time to increase. */
+ if(oldconf->created >= aconf->created)
+ aconf->created = oldconf->created + 1;
+ /* Leave at least one second of validity. */
+ if(aconf->hold <= aconf->created)
+ aconf->hold = aconf->created + 1;
+ if(aconf->lifetime < aconf->hold)
+ aconf->lifetime = aconf->hold;
+ /* Tell deactivate_conf() to destroy it. */
+ oldconf->lifetime = rb_current_time();
+ deactivate_conf(oldconf, ptr, oldconf->lifetime);
+ }
+}
+
static void
expire_prop_bans(void *list)
{
rb_dlink_node *ptr;
rb_dlink_node *next_ptr;
struct ConfItem *aconf;
+ time_t now;
+ now = rb_current_time();
RB_DLINK_FOREACH_SAFE(ptr, next_ptr, ((rb_dlink_list *) list)->head)
{
aconf = ptr->data;
- if(aconf->lifetime <= rb_current_time() ||
- (aconf->hold <= rb_current_time() &&
+ if(aconf->lifetime <= now ||
+ (aconf->hold <= now &&
!(aconf->status & CONF_ILLEGAL)))
{
/* Alert opers that a TKline expired - Hwy */
aconf->host ? aconf->host : "*");
/* will destroy or mark illegal */
- deactivate_conf(aconf, ptr);
+ deactivate_conf(aconf, ptr, now);
}
}
}
if(aconf->hold < (rb_current_time() + (60 * 60)))
{
- rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ?
+ rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ?
&temp_klines[TEMP_MIN] : &temp_dlines[TEMP_MIN]);
aconf->port = TEMP_MIN;
}
{
if(aconf->hold < (rb_current_time() + (1440 * 60)))
{
- rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ?
+ rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ?
&temp_klines[TEMP_HOUR] : &temp_dlines[TEMP_HOUR]);
aconf->port = TEMP_HOUR;
}
- else if(aconf->port > TEMP_DAY &&
+ else if(aconf->port > TEMP_DAY &&
(aconf->hold < (rb_current_time() + (10080 * 60))))
{
- rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ?
+ rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ?
&temp_klines[TEMP_DAY] : &temp_dlines[TEMP_DAY]);
aconf->port = TEMP_DAY;
}
}
rb_snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}",
- client_p->name, client_p->username,
+ client_p->name, client_p->username,
client_p->host, client_p->servptr->name);
return buffer;
}
*
* inputs - struct ConfItem
*
- * output - name
+ * output - name
* - host
* - pass
* - user
*/
void
get_printable_conf(struct ConfItem *aconf, char **name, char **host,
- char **pass, char **user, int *port, char **classname)
+ const char **pass, char **user, int *port, char **classname)
{
static char null[] = "<NULL>";
static char zero[] = "default";
rb_snprintf(reasonbuf, sizeof reasonbuf,
"Temporary %c-line %d min. - ",
aconf->status == CONF_DLINE ? 'D' : 'K',
- (aconf->hold - aconf->created) / 60);
+ (int)((aconf->hold - aconf->created) / 60));
else
reasonbuf[0] = '\0';
if (aconf->passwd)
}
void
-get_printable_kline(struct Client *source_p, struct ConfItem *aconf,
+get_printable_kline(struct Client *source_p, struct ConfItem *aconf,
char **host, char **reason,
char **user, char **oper_reason)
{
static char null[] = "<NULL>";
+ static char operreasonbuf[BUFSIZE];
*host = EmptyString(aconf->host) ? null : aconf->host;
*user = EmptyString(aconf->user) ? null : aconf->user;
*reason = get_user_ban_reason(aconf);
- if(EmptyString(aconf->spasswd) || !IsOper(source_p))
+ if(!IsOper(source_p))
*oper_reason = NULL;
else
- *oper_reason = aconf->spasswd;
+ {
+ rb_snprintf(operreasonbuf, sizeof operreasonbuf, "%s%s(%s)",
+ EmptyString(aconf->spasswd) ? "" : aconf->spasswd,
+ EmptyString(aconf->spasswd) ? "" : " ",
+ aconf->info.oper);
+ *oper_reason = operreasonbuf;
+ }
}
/*
FIXME: The full path is in conffilenamebuf first time since we
dont know anything else
- - Gozem 2002-07-21
+ - Gozem 2002-07-21
+
+
*/
rb_strlcpy(conffilebuf, filename, sizeof(conffilebuf));
{
if(cold)
{
+ inotice("Failed in reading configuration file %s, aborting", filename);
ilog(L_MAIN, "Failed in reading configuration file %s", filename);
+
+ int e;
+ e = errno;
+
+ inotice("FATAL: %s %s", strerror(e), filename);
+ ilog(L_MAIN, "FATAL: %s %s", strerror(e), filename);
+
exit(-1);
}
else
clear_out_old_conf();
}
- read_conf(conf_fbfile_in);
+ call_hook(h_conf_read_start, NULL);
+ read_conf();
+ call_hook(h_conf_read_end, NULL);
+
fclose(conf_fbfile_in);
}
ServerInfo.description = NULL;
rb_free(ServerInfo.network_name);
ServerInfo.network_name = NULL;
- rb_free(ServerInfo.network_desc);
- ServerInfo.network_desc = NULL;
ServerInfo.ssld_count = 1;
*/
/* clean out general */
+ rb_free(ConfigFileEntry.default_operstring);
+ ConfigFileEntry.default_operstring = NULL;
+ rb_free(ConfigFileEntry.default_adminstring);
+ ConfigFileEntry.default_adminstring = NULL;
+ rb_free(ConfigFileEntry.servicestring);
+ ConfigFileEntry.servicestring = NULL;
rb_free(ConfigFileEntry.kline_reason);
ConfigFileEntry.kline_reason = NULL;
+ rb_free(ConfigFileEntry.sasl_service);
+ ConfigFileEntry.sasl_service = NULL;
+
+ /* clean out log */
+ rb_free(ConfigFileEntry.fname_userlog);
+ ConfigFileEntry.fname_userlog = NULL;
+ rb_free(ConfigFileEntry.fname_fuserlog);
+ ConfigFileEntry.fname_fuserlog = NULL;
+ rb_free(ConfigFileEntry.fname_operlog);
+ ConfigFileEntry.fname_operlog = NULL;
+ rb_free(ConfigFileEntry.fname_foperlog);
+ ConfigFileEntry.fname_foperlog = NULL;
+ rb_free(ConfigFileEntry.fname_serverlog);
+ ConfigFileEntry.fname_serverlog = NULL;
+ rb_free(ConfigFileEntry.fname_killlog);
+ ConfigFileEntry.fname_killlog = NULL;
+ rb_free(ConfigFileEntry.fname_klinelog);
+ ConfigFileEntry.fname_klinelog = NULL;
+ rb_free(ConfigFileEntry.fname_operspylog);
+ ConfigFileEntry.fname_operspylog = NULL;
+ rb_free(ConfigFileEntry.fname_ioerrorlog);
+ ConfigFileEntry.fname_ioerrorlog = NULL;
RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head)
{
* conf_add_class_to_conf
* inputs - pointer to config item
* output - NONE
- * side effects - Add a class pointer to a conf
+ * side effects - Add a class pointer to a conf
*/
void
int
conf_fgets(char *lbuf, int max_size, FILE * fb)
{
- char *buff;
-
- if((buff = fgets(lbuf, max_size, fb)) == NULL)
+ if(fgets(lbuf, max_size, fb) == NULL)
return (0);
return (strlen(lbuf));
projects / solanum.git / blobdiff