#include "stdinc.h"
#ifdef HAVE_LIBCRYPTO
+#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+#include <openssl/decoder.h>
+#include <openssl/core.h>
+#endif
#endif
#include "newconf.h"
#include "ircd_defs.h"
-#include "common.h"
#include "logger.h"
#include "s_conf.h"
#include "s_user.h"
#include "cache.h"
#include "ircd.h"
#include "snomask.h"
-#include "blacklist.h"
#include "sslproc.h"
+#include "wsproc.h"
#include "privilege.h"
#include "chmode.h"
+#include "certfp.h"
#define CF_TYPE(x) ((x) & CF_MTYPE)
static int yy_defer_accept = 1;
+static int yy_wsock = 0;
struct TopConf *conf_cur_block;
static char *conf_cur_block_name = NULL;
static rb_dlink_list yy_aconf_list;
static rb_dlink_list yy_oper_list;
-static rb_dlink_list yy_shared_list;
static rb_dlink_list yy_cluster_list;
static struct oper_conf *yy_oper = NULL;
static struct alias_entry *yy_alias = NULL;
-static char *yy_blacklist_host = NULL;
-static char *yy_blacklist_reason = NULL;
-static int yy_blacklist_ipv4 = 1;
-static int yy_blacklist_ipv6 = 0;
-static rb_dlink_list yy_blacklist_filters;
+static char *yy_dnsbl_entry_host = NULL;
+static char *yy_dnsbl_entry_reason = NULL;
+static uint8_t yy_dnsbl_entry_iptype = 0;
+static rb_dlink_list yy_dnsbl_entry_filters = { NULL, NULL, 0 };
+
+static char *yy_opm_address_ipv4 = NULL;
+static char *yy_opm_address_ipv6 = NULL;
+static uint16_t yy_opm_port_ipv4 = 0;
+static uint16_t yy_opm_port_ipv6 = 0;
+static int yy_opm_timeout = 0;
+static rb_dlink_list yy_opm_scanner_list;
static char *yy_privset_extends = NULL;
RB_DLINK_FOREACH(d, conf_items.head)
{
tc = d->data;
- if(strcasecmp(tc->tc_name, name) == 0)
+ if(rb_strcasecmp(tc->tc_name, name) == 0)
return tc;
}
{
cf = &top->tc_entries[i];
- if(!strcasecmp(cf->cf_name, name))
+ if(!rb_strcasecmp(cf->cf_name, name))
return cf;
}
}
RB_DLINK_FOREACH(d, top->tc_items.head)
{
cf = d->data;
- if(strcasecmp(cf->cf_name, name) == 0)
+ if(rb_strcasecmp(cf->cf_name, name) == 0)
return cf;
}
return;
}
- strcpy(ServerInfo.sid, sid);
+ rb_strlcpy(ServerInfo.sid, sid, sizeof(ServerInfo.sid));
}
}
static void
conf_set_serverinfo_vhost(void *data)
{
- if(rb_inet_pton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0)
+ struct rb_sockaddr_storage addr;
+
+ if(rb_inet_pton_sock(data, &addr) <= 0 || GET_SS_FAMILY(&addr) != AF_INET)
{
conf_report_error("Invalid IPv4 address for server vhost (%s)", (char *) data);
return;
}
- ServerInfo.ip.sin_family = AF_INET;
- ServerInfo.specific_ipv4_vhost = 1;
+
+ ServerInfo.bind4 = addr;
}
static void
conf_set_serverinfo_vhost6(void *data)
{
-#ifdef RB_IPV6
- if(rb_inet_pton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0)
+
+ struct rb_sockaddr_storage addr;
+
+ if(rb_inet_pton_sock(data, &addr) <= 0 || GET_SS_FAMILY(&addr) != AF_INET6)
{
conf_report_error("Invalid IPv6 address for server vhost (%s)", (char *) data);
return;
}
- ServerInfo.specific_ipv6_vhost = 1;
- ServerInfo.ip6.sin6_family = AF_INET6;
-#else
- conf_report_error("Warning -- ignoring serverinfo::vhost6 -- IPv6 support not available.");
-#endif
+ ServerInfo.bind6 = addr;
}
static void
m_bn = rb_basename((char *) data);
- if(findmodule_byname(m_bn) == -1)
- load_one_module((char *) data, MAPI_ORIGIN_EXTENSION, 0);
+ if(findmodule_byname(m_bn) == NULL)
+ load_one_module((char *) data, MAPI_ORIGIN_EXTENSION, false);
rb_free(m_bn);
}
/* *INDENT-OFF* */
static struct mode_table umode_table[] = {
- {"callerid", UMODE_CALLERID },
{"deaf", UMODE_DEAF },
{"invisible", UMODE_INVISIBLE },
{"locops", UMODE_LOCOPS },
{"noforward", UMODE_NOFORWARD },
- {"regonlymsg", UMODE_REGONLYMSG},
{"servnotice", UMODE_SERVNOTICE},
{"wallop", UMODE_WALLOP },
{"operwall", UMODE_OPERWALL },
};
static struct mode_table auth_table[] = {
- {"encrypted", CONF_FLAGS_ENCRYPTED },
- {"spoof_notice", CONF_FLAGS_SPOOF_NOTICE },
- {"exceed_limit", CONF_FLAGS_NOLIMIT },
- {"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL },
- {"kline_exempt", CONF_FLAGS_EXEMPTKLINE },
- {"flood_exempt", CONF_FLAGS_EXEMPTFLOOD },
- {"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT },
- {"shide_exempt", CONF_FLAGS_EXEMPTSHIDE },
- {"jupe_exempt", CONF_FLAGS_EXEMPTJUPE },
- {"resv_exempt", CONF_FLAGS_EXEMPTRESV },
- {"no_tilde", CONF_FLAGS_NO_TILDE },
- {"need_ident", CONF_FLAGS_NEED_IDENTD },
- {"have_ident", CONF_FLAGS_NEED_IDENTD },
- {"need_ssl", CONF_FLAGS_NEED_SSL },
- {"need_sasl", CONF_FLAGS_NEED_SASL },
- {"extend_chans", CONF_FLAGS_EXTEND_CHANS },
+ {"encrypted", CONF_FLAGS_ENCRYPTED },
+ {"spoof_notice", CONF_FLAGS_SPOOF_NOTICE },
+ {"exceed_limit", CONF_FLAGS_NOLIMIT },
+ {"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL },
+ {"proxy_exempt", CONF_FLAGS_EXEMPTPROXY },
+ {"kline_exempt", CONF_FLAGS_EXEMPTKLINE },
+ {"flood_exempt", CONF_FLAGS_EXEMPTFLOOD },
+ {"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT },
+ {"shide_exempt", CONF_FLAGS_EXEMPTSHIDE },
+ {"jupe_exempt", CONF_FLAGS_EXEMPTJUPE },
+ {"resv_exempt", CONF_FLAGS_EXEMPTRESV },
+ {"no_tilde", CONF_FLAGS_NO_TILDE },
+ {"need_ident", CONF_FLAGS_NEED_IDENTD },
+ {"have_ident", CONF_FLAGS_NEED_IDENTD },
+ {"need_ssl", CONF_FLAGS_NEED_SSL },
+ {"need_sasl", CONF_FLAGS_NEED_SASL },
+ {"extend_chans", CONF_FLAGS_EXTEND_CHANS },
+ {"allow_sctp", CONF_FLAGS_ALLOW_SCTP },
+ {"kline_spoof_ip", CONF_FLAGS_KLINE_SPOOF },
{NULL, 0}
};
static struct mode_table connect_table[] = {
{ "autoconn", SERVER_AUTOCONN },
- { "compressed", SERVER_COMPRESSED },
+ { "compressed", 0 },
{ "encrypted", SERVER_ENCRYPTED },
{ "topicburst", SERVER_TB },
+ { "sctp", SERVER_SCTP },
{ "ssl", SERVER_SSL },
+ { "no-export", SERVER_NO_EXPORT },
{ NULL, 0 },
};
{ "all", CLUSTER_ALL },
{NULL, 0}
};
-
-static struct mode_table shared_table[] =
-{
- { "kline", SHARED_PKLINE|SHARED_TKLINE },
- { "xline", SHARED_PXLINE|SHARED_TXLINE },
- { "resv", SHARED_PRESV|SHARED_TRESV },
- { "dline", SHARED_PDLINE|SHARED_TDLINE },
- { "tdline", SHARED_TDLINE },
- { "pdline", SHARED_PDLINE },
- { "undline", SHARED_UNDLINE },
- { "tkline", SHARED_TKLINE },
- { "unkline", SHARED_UNKLINE },
- { "txline", SHARED_TXLINE },
- { "unxline", SHARED_UNXLINE },
- { "tresv", SHARED_TRESV },
- { "unresv", SHARED_UNRESV },
- { "locops", SHARED_LOCOPS },
- { "rehash", SHARED_REHASH },
- { "grant", SHARED_GRANT },
- { "die", SHARED_DIE },
- { "module", SHARED_MODULE },
- { "all", SHARED_ALL },
- { "none", 0 },
- {NULL, 0}
-};
/* *INDENT-ON* */
static int
}
}
+static void
+parse_umodes(const char *pm, int *values, int *mask)
+{
+ int what = MODE_ADD, flag;
+
+ *values = 0;
+
+ if (NULL != mask)
+ *mask = 0;
+
+ for (; *pm; pm++)
+ {
+ switch (*pm)
+ {
+ case '+':
+ what = MODE_ADD;
+ break;
+ case '-':
+ what = MODE_DEL;
+ break;
+
+ /* don't allow +o */
+ case 'o':
+ case 'S':
+ case 'Z':
+ case ' ':
+ break;
+
+ default:
+ flag = user_modes[(unsigned char) *pm];
+ if (flag)
+ {
+ /* Proper value has probably not yet been set
+ * so don't check oper_only_umodes -- jilles */
+ if (what == MODE_ADD)
+ *values |= flag;
+ else
+ *values &= ~flag;
+
+ if (NULL != mask)
+ *mask |= flag;
+ }
+ break;
+ }
+ }
+}
+
static void
conf_set_privset_extends(void *data)
{
return 0;
}
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ OSSL_DECODER_CTX *const ctx = OSSL_DECODER_CTX_new_for_pkey(
+ &yy_tmpoper->rsa_pubkey, "PEM", NULL, "RSA",
+ OSSL_KEYMGMT_SELECT_PUBLIC_KEY, NULL, NULL);
+
+ if(ctx != NULL)
+ {
+ if(OSSL_DECODER_CTX_get_num_decoders(ctx) < 1 ||
+ OSSL_DECODER_from_bio(ctx, file) < 1)
+ {
+ EVP_PKEY_free(yy_tmpoper->rsa_pubkey);
+ yy_tmpoper->rsa_pubkey = NULL;
+ }
+
+ OSSL_DECODER_CTX_free(ctx);
+ }
+#else
yy_tmpoper->rsa_pubkey =
(RSA *) PEM_read_bio_RSA_PUBKEY(file, NULL, 0, NULL);
+#endif
(void)BIO_set_close(file, BIO_CLOSE);
BIO_free(file);
if(EmptyString(yy_class->class_name))
{
- conf_report_error("Ignoring connect block -- missing name.");
+ conf_report_error("Ignoring class block -- missing name.");
return 0;
}
}
-#ifdef RB_IPV6
static void
conf_set_class_cidr_ipv6_bitlen(void *data)
{
yy_class->cidr_ipv6_bitlen = *(unsigned int *) data;
}
-#endif
static void
conf_set_class_number_per_cidr(void *data)
yy_class->max_total = *(unsigned int *) data;
}
+static void
+conf_set_class_max_autoconn(void *data)
+{
+ yy_class->max_autoconn = *(unsigned int *) data;
+}
+
static void
conf_set_class_sendq(void *data)
{
yy_class->max_sendq = *(unsigned int *) data;
}
-static char *listener_address;
+static char *listener_address[2];
static int
conf_begin_listen(struct TopConf *tc)
{
- rb_free(listener_address);
- listener_address = NULL;
+ for (int i = 0; i < ARRAY_SIZE(listener_address); i++) {
+ rb_free(listener_address[i]);
+ listener_address[i] = NULL;
+ }
+ yy_wsock = 0;
+ yy_defer_accept = 0;
return 0;
}
static int
conf_end_listen(struct TopConf *tc)
{
- rb_free(listener_address);
- listener_address = NULL;
+ for (int i = 0; i < ARRAY_SIZE(listener_address); i++) {
+ rb_free(listener_address[i]);
+ listener_address[i] = NULL;
+ }
+ yy_wsock = 0;
+ yy_defer_accept = 0;
return 0;
}
}
static void
-conf_set_listen_port_both(void *data, int ssl)
+conf_set_listen_wsock(void *data)
+{
+ yy_wsock = *(unsigned int *) data;
+}
+
+static void
+conf_set_listen_port_both(void *data, int ssl, int sctp)
{
conf_parm_t *args = data;
for (; args; args = args->next)
{
if(CF_TYPE(args->type) != CF_INT)
{
- conf_report_error
- ("listener::port argument is not an integer " "-- ignoring.");
+ conf_report_error("listener::port argument is not an integer -- ignoring.");
continue;
}
- if(listener_address == NULL)
+ if(listener_address[0] == NULL)
{
- if (!ssl)
- {
- conf_report_warning("listener 'ANY/%d': support for plaintext listeners may be removed in a future release per RFC 7194. "
- "It is suggested that users be migrated to SSL/TLS connections.", args->v.number);
+ if (sctp) {
+ conf_report_error("listener::sctp_port has no addresses -- ignoring.");
+ } else {
+ add_tcp_listener(args->v.number, NULL, AF_INET, ssl, ssl || yy_defer_accept, yy_wsock);
+ add_tcp_listener(args->v.number, NULL, AF_INET6, ssl, ssl || yy_defer_accept, yy_wsock);
}
- add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept);
-#ifdef RB_IPV6
- add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept);
-#endif
}
else
{
int family;
-#ifdef RB_IPV6
- if(strchr(listener_address, ':') != NULL)
+ if(strchr(listener_address[0], ':') != NULL)
family = AF_INET6;
else
-#endif
family = AF_INET;
- if (!ssl)
- {
- conf_report_warning("listener '%s/%d': support for plaintext listeners may be removed in a future release per RFC 7194. "
- "It is suggested that users be migrated to SSL/TLS connections.", listener_address, args->v.number);
+ if (sctp) {
+#ifdef HAVE_LIBSCTP
+ add_sctp_listener(args->v.number, listener_address[0], listener_address[1], ssl, yy_wsock);
+#else
+ conf_report_error("Warning -- ignoring listener::sctp_port -- SCTP support not available.");
+#endif
+ } else {
+ add_tcp_listener(args->v.number, listener_address[0], family, ssl, ssl || yy_defer_accept, yy_wsock);
}
-
- add_listener(args->v.number, listener_address, family, ssl, ssl || yy_defer_accept);
}
-
}
}
static void
conf_set_listen_port(void *data)
{
- conf_set_listen_port_both(data, 0);
+ conf_set_listen_port_both(data, 0, 0);
}
static void
conf_set_listen_sslport(void *data)
{
- conf_set_listen_port_both(data, 1);
+ conf_set_listen_port_both(data, 1, 0 );
+}
+
+static void
+conf_set_listen_sctp_port(void *data)
+{
+ conf_set_listen_port_both(data, 0, 1);
+}
+
+static void
+conf_set_listen_sctp_sslport(void *data)
+{
+ conf_set_listen_port_both(data, 1, 1);
}
static void
conf_set_listen_address(void *data)
{
- rb_free(listener_address);
- listener_address = rb_strdup(data);
+ rb_free(listener_address[1]);
+ listener_address[1] = listener_address[0];
+ listener_address[0] = rb_strdup(data);
}
static int
if(yy_aconf->className)
yy_tmp->className = rb_strdup(yy_aconf->className);
+ if(yy_aconf->desc)
+ yy_tmp->desc = rb_strdup(yy_aconf->desc);
+
yy_tmp->flags = yy_aconf->flags;
yy_tmp->port = yy_aconf->port;
yy_aconf->flags |= CONF_FLAGS_SPOOF_IP;
}
+static void
+conf_set_auth_desc(void *data)
+{
+ rb_free(yy_aconf->desc);
+ yy_aconf->desc = rb_strdup(data);
+}
+
static void
conf_set_auth_flags(void *data)
{
yy_aconf->className = rb_strdup(data);
}
-/* ok, shared_oper handles the stacking, shared_flags handles adding
- * things.. so all we need to do when we start and end a shared block, is
- * clean up anything thats been left over.
- */
-static int
-conf_cleanup_shared(struct TopConf *tc)
-{
- rb_dlink_node *ptr, *next_ptr;
-
- RB_DLINK_FOREACH_SAFE(ptr, next_ptr, yy_shared_list.head)
- {
- free_remote_conf(ptr->data);
- rb_dlinkDestroy(ptr, &yy_shared_list);
- }
-
- if(yy_shared != NULL)
- {
- free_remote_conf(yy_shared);
- yy_shared = NULL;
- }
-
- return 0;
-}
-
-static void
-conf_set_shared_oper(void *data)
-{
- conf_parm_t *args = data;
- const char *username;
- char *p;
-
- if(yy_shared != NULL)
- free_remote_conf(yy_shared);
-
- yy_shared = make_remote_conf();
-
- if(args->next != NULL)
- {
- if(CF_TYPE(args->type) != CF_QSTRING)
- {
- conf_report_error("Ignoring shared::oper -- server is not a qstring");
- return;
- }
-
- yy_shared->server = rb_strdup(args->v.string);
- args = args->next;
- }
- else
- yy_shared->server = rb_strdup("*");
-
- if(CF_TYPE(args->type) != CF_QSTRING)
- {
- conf_report_error("Ignoring shared::oper -- oper is not a qstring");
- return;
- }
-
- if((p = strchr(args->v.string, '@')) == NULL)
- {
- conf_report_error("Ignoring shard::oper -- oper is not a user@host");
- return;
- }
-
- username = args->v.string;
- *p++ = '\0';
-
- if(EmptyString(p))
- yy_shared->host = rb_strdup("*");
- else
- yy_shared->host = rb_strdup(p);
-
- if(EmptyString(username))
- yy_shared->username = rb_strdup("*");
- else
- yy_shared->username = rb_strdup(username);
-
- rb_dlinkAddAlloc(yy_shared, &yy_shared_list);
- yy_shared = NULL;
-}
-
static void
-conf_set_shared_flags(void *data)
+conf_set_auth_umodes(void *data)
{
- conf_parm_t *args = data;
- int flags = 0;
- rb_dlink_node *ptr, *next_ptr;
-
- if(yy_shared != NULL)
- free_remote_conf(yy_shared);
-
- set_modes_from_table(&flags, "flag", shared_table, args);
-
- RB_DLINK_FOREACH_SAFE(ptr, next_ptr, yy_shared_list.head)
- {
- yy_shared = ptr->data;
-
- yy_shared->flags = flags;
- rb_dlinkDestroy(ptr, &yy_shared_list);
- rb_dlinkAddTail(yy_shared, &yy_shared->node, &shared_conf_list);
- }
+ char *umodes = data;
- yy_shared = NULL;
+ parse_umodes(umodes, &yy_aconf->umodes, &yy_aconf->umodes_mask);
}
static int
static int
conf_end_connect(struct TopConf *tc)
{
- if(EmptyString(yy_server->name))
+ if (EmptyString(yy_server->name))
{
conf_report_error("Ignoring connect block -- missing name.");
return 0;
}
- if(ServerInfo.name != NULL && !irccmp(ServerInfo.name, yy_server->name))
+ if (ServerInfo.name != NULL && !irccmp(ServerInfo.name, yy_server->name))
{
- conf_report_error("Ignoring connect block for %s -- name is equal to my own name.",
- yy_server->name);
+ conf_report_error("Ignoring connect block for %s -- name is "
+ "equal to my own name.", yy_server->name);
return 0;
}
- if((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) && EmptyString(yy_server->certfp))
+ if ((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd))
+ && EmptyString(yy_server->certfp))
{
- conf_report_error("Ignoring connect block for %s -- no fingerprint or password credentials provided.",
- yy_server->name);
+ conf_report_error("Ignoring connect block for %s -- no "
+ "fingerprint or password credentials "
+ "provided.", yy_server->name);
return 0;
}
- if(EmptyString(yy_server->host))
+ if ((yy_server->flags & SERVER_SSL) && EmptyString(yy_server->certfp))
{
- conf_report_error("Ignoring connect block for %s -- missing host.",
- yy_server->name);
+ conf_report_error("Ignoring connect block for %s -- no "
+ "fingerprint provided for SSL "
+ "connection.", yy_server->name);
return 0;
}
-#ifndef HAVE_LIBZ
- if(ServerConfCompressed(yy_server))
+ if (! (yy_server->flags & SERVER_SSL) && ! EmptyString(yy_server->certfp))
{
- conf_report_error("Ignoring connect::flags::compressed -- zlib not available.");
- yy_server->flags &= ~SERVER_COMPRESSED;
+ conf_report_error("Ignoring connect block for %s -- "
+ "fingerprint authentication has "
+ "been requested; but the ssl flag "
+ "is not set.", yy_server->name);
+ return 0;
+ }
+
+ if (EmptyString(yy_server->connect_host)
+ && GET_SS_FAMILY(&yy_server->connect4) != AF_INET
+ && GET_SS_FAMILY(&yy_server->connect6) != AF_INET6)
+ {
+ conf_report_error("Ignoring connect block for %s -- missing "
+ "host.", yy_server->name);
+ return 0;
}
-#endif
add_server_conf(yy_server);
rb_dlinkAdd(yy_server, &yy_server->node, &server_conf_list);
static void
conf_set_connect_host(void *data)
{
- rb_free(yy_server->host);
- yy_server->host = rb_strdup(data);
- if (strchr(yy_server->host, ':'))
- yy_server->aftype = AF_INET6;
+ struct rb_sockaddr_storage addr;
+
+ if(rb_inet_pton_sock(data, &addr) <= 0)
+ {
+ rb_free(yy_server->connect_host);
+ yy_server->connect_host = rb_strdup(data);
+ }
+ else if(GET_SS_FAMILY(&addr) == AF_INET)
+ {
+ yy_server->connect4 = addr;
+ }
+ else if(GET_SS_FAMILY(&addr) == AF_INET6)
+ {
+ yy_server->connect6 = addr;
+ }
+ else
+ {
+ conf_report_error("Unsupported IP address for server connect host (%s)",
+ (char *)data);
+ return;
+ }
}
static void
conf_set_connect_vhost(void *data)
{
- if(rb_inet_pton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0)
+ struct rb_sockaddr_storage addr;
+
+ if(rb_inet_pton_sock(data, &addr) <= 0)
+ {
+ rb_free(yy_server->bind_host);
+ yy_server->bind_host = rb_strdup(data);
+ }
+ else if(GET_SS_FAMILY(&addr) == AF_INET)
+ {
+ yy_server->bind4 = addr;
+ }
+ else if(GET_SS_FAMILY(&addr) == AF_INET6)
+ {
+ yy_server->bind6 = addr;
+ }
+ else
{
- conf_report_error("Invalid IP address for server connect vhost (%s)",
- (char *) data);
+ conf_report_error("Unsupported IP address for server connect vhost (%s)",
+ (char *)data);
return;
}
-
- yy_server->flags |= SERVER_VHOSTED;
}
static void
rb_free(yy_server->spasswd);
}
- yy_server->spasswd = rb_strdup(data);
+ if (EmptyString((const char *) data))
+ {
+ yy_server->spasswd = NULL;
+ conf_report_warning("Invalid send_password for connect "
+ "block; must not be empty if provided");
+ }
+ else if (strpbrk(data, " :"))
+ {
+ yy_server->spasswd = NULL;
+ conf_report_error("Invalid send_password for connect "
+ "block; cannot contain spaces or colons");
+ }
+ else
+ yy_server->spasswd = rb_strdup(data);
}
static void
memset(yy_server->passwd, 0, strlen(yy_server->passwd));
rb_free(yy_server->passwd);
}
- yy_server->passwd = rb_strdup(data);
+
+ if (EmptyString((const char *) data))
+ {
+ yy_server->passwd = NULL;
+ conf_report_warning("Invalid accept_password for connect "
+ "block; must not be empty if provided");
+ }
+ else if (strpbrk(data, " :"))
+ {
+ yy_server->passwd = NULL;
+ conf_report_error("Invalid accept_password for connect "
+ "block; cannot contain spaces or colons");
+ }
+ else
+ yy_server->passwd = rb_strdup(data);
}
static void
{
char *aft = data;
- if(strcasecmp(aft, "ipv4") == 0)
+ if(rb_strcasecmp(aft, "ipv4") == 0)
yy_server->aftype = AF_INET;
-#ifdef RB_IPV6
- else if(strcasecmp(aft, "ipv6") == 0)
+ else if(rb_strcasecmp(aft, "ipv6") == 0)
yy_server->aftype = AF_INET6;
-#endif
else
conf_report_error("connect::aftype '%s' is unknown.", aft);
}
{
conf_parm_t *args = data;
- /* note, we allow them to set compressed, then remove it later if
- * they do and LIBZ isnt available
- */
set_modes_from_table(&yy_server->flags, "flag", connect_table, args);
}
-static void
-conf_set_connect_hub_mask(void *data)
-{
- struct remote_conf *yy_hub;
-
- if(EmptyString(yy_server->name))
- return;
-
- yy_hub = make_remote_conf();
- yy_hub->flags = CONF_HUB;
-
- yy_hub->host = rb_strdup(data);
- yy_hub->server = rb_strdup(yy_server->name);
- rb_dlinkAdd(yy_hub, &yy_hub->node, &hubleaf_conf_list);
-}
-
-static void
-conf_set_connect_leaf_mask(void *data)
-{
- struct remote_conf *yy_leaf;
-
- if(EmptyString(yy_server->name))
- return;
-
- yy_leaf = make_remote_conf();
- yy_leaf->flags = CONF_LEAF;
-
- yy_leaf->host = rb_strdup(data);
- yy_leaf->server = rb_strdup(yy_server->name);
- rb_dlinkAdd(yy_leaf, &yy_leaf->node, &hubleaf_conf_list);
-}
-
static void
conf_set_connect_class(void *data)
{
conf_set_exempt_ip(void *data)
{
struct ConfItem *yy_tmp;
+ int masktype = parse_netmask_strict(data, NULL, NULL);
- if(parse_netmask(data, NULL, NULL) == HM_HOST)
+ if(masktype != HM_IPV4 && masktype != HM_IPV6)
{
conf_report_error("Ignoring exempt -- invalid exempt::ip.");
return;
add_conf_by_address(yy_tmp->host, CONF_EXEMPTDLINE, NULL, NULL, yy_tmp);
}
+static void
+conf_set_secure_ip(void *data)
+{
+ struct ConfItem *yy_tmp;
+ int masktype = parse_netmask_strict(data, NULL, NULL);
+
+ if(masktype != HM_IPV4 && masktype != HM_IPV6)
+ {
+ conf_report_error("Ignoring secure -- invalid secure::ip.");
+ return;
+ }
+
+ yy_tmp = make_conf();
+ yy_tmp->passwd = rb_strdup("*");
+ yy_tmp->host = rb_strdup(data);
+ yy_tmp->status = CONF_SECURE;
+ add_conf_by_address(yy_tmp->host, CONF_SECURE, NULL, NULL, yy_tmp);
+}
+
static int
conf_cleanup_cluster(struct TopConf *tc)
{
{
char *val = data;
- if(strcasecmp(val, "yes") == 0)
+ if(rb_strcasecmp(val, "yes") == 0)
ConfigFileEntry.hide_error_messages = 2;
- else if(strcasecmp(val, "opers") == 0)
+ else if(rb_strcasecmp(val, "opers") == 0)
ConfigFileEntry.hide_error_messages = 1;
- else if(strcasecmp(val, "no") == 0)
+ else if(rb_strcasecmp(val, "no") == 0)
ConfigFileEntry.hide_error_messages = 0;
else
conf_report_error("Invalid setting '%s' for general::hide_error_messages.", val);
}
-static void
-conf_set_general_kline_delay(void *data)
-{
- ConfigFileEntry.kline_delay = *(unsigned int *) data;
-
- /* THIS MUST BE HERE to stop us being unable to check klines */
- kline_queued = false;
-}
-
static void
conf_set_general_stats_k_oper_only(void *data)
{
char *val = data;
- if(strcasecmp(val, "yes") == 0)
+ if(rb_strcasecmp(val, "yes") == 0)
ConfigFileEntry.stats_k_oper_only = 2;
- else if(strcasecmp(val, "masked") == 0)
+ else if(rb_strcasecmp(val, "masked") == 0)
ConfigFileEntry.stats_k_oper_only = 1;
- else if(strcasecmp(val, "no") == 0)
+ else if(rb_strcasecmp(val, "no") == 0)
ConfigFileEntry.stats_k_oper_only = 0;
else
conf_report_error("Invalid setting '%s' for general::stats_k_oper_only.", val);
{
char *val = data;
- if(strcasecmp(val, "yes") == 0)
+ if(rb_strcasecmp(val, "yes") == 0)
ConfigFileEntry.stats_i_oper_only = 2;
- else if(strcasecmp(val, "masked") == 0)
+ else if(rb_strcasecmp(val, "masked") == 0)
ConfigFileEntry.stats_i_oper_only = 1;
- else if(strcasecmp(val, "no") == 0)
+ else if(rb_strcasecmp(val, "no") == 0)
ConfigFileEntry.stats_i_oper_only = 0;
else
conf_report_error("Invalid setting '%s' for general::stats_i_oper_only.", val);
}
static void
-conf_set_general_compression_level(void *data)
+conf_set_general_stats_l_oper_only(void *data)
{
-#ifdef HAVE_LIBZ
- ConfigFileEntry.compression_level = *(unsigned int *) data;
+ char *val = data;
- if((ConfigFileEntry.compression_level < 1) || (ConfigFileEntry.compression_level > 9))
- {
- conf_report_error
- ("Invalid general::compression_level %d -- using default.",
- ConfigFileEntry.compression_level);
- ConfigFileEntry.compression_level = 0;
- }
-#else
- conf_report_error("Ignoring general::compression_level -- zlib not available.");
-#endif
+ if(rb_strcasecmp(val, "yes") == 0)
+ ConfigFileEntry.stats_l_oper_only = STATS_L_OPER_ONLY_YES;
+ else if(rb_strcasecmp(val, "self") == 0)
+ ConfigFileEntry.stats_l_oper_only = STATS_L_OPER_ONLY_SELF;
+ else if(rb_strcasecmp(val, "no") == 0)
+ ConfigFileEntry.stats_l_oper_only = STATS_L_OPER_ONLY_NO;
+ else
+ conf_report_error("Invalid setting '%s' for general::stats_l_oper_only.", val);
}
static void
conf_set_general_default_umodes(void *data)
{
- char *pm;
- int what = MODE_ADD, flag;
+ char *umodes = data;
- ConfigFileEntry.default_umodes = 0;
- for (pm = (char *) data; *pm; pm++)
- {
- switch (*pm)
- {
- case '+':
- what = MODE_ADD;
- break;
- case '-':
- what = MODE_DEL;
- break;
-
- /* don't allow +o */
- case 'o':
- case 'S':
- case 'Z':
- case ' ':
- break;
-
- default:
- if ((flag = user_modes[(unsigned char) *pm]))
- {
- /* Proper value has probably not yet been set
- * so don't check oper_only_umodes -- jilles */
- if (what == MODE_ADD)
- ConfigFileEntry.default_umodes |= flag;
- else
- ConfigFileEntry.default_umodes &= ~flag;
- }
- break;
- }
- }
+ parse_umodes(umodes, &ConfigFileEntry.default_umodes, NULL);
}
static void
{
char *method = data;
- if (!strcasecmp(method, "sha1"))
- ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1;
- else if (!strcasecmp(method, "sha256"))
- ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA256;
- else if (!strcasecmp(method, "sha512"))
- ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA512;
+ if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA1))
+ ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1;
+ else if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA256))
+ ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA256;
+ else if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA512))
+ ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA512;
+ else if (!rb_strcasecmp(method, CERTFP_NAME_SPKI_SHA256))
+ ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SPKI_SHA256;
+ else if (!rb_strcasecmp(method, CERTFP_NAME_SPKI_SHA512))
+ ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SPKI_SHA512;
else
{
- ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1;
+ ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1;
conf_report_error("Ignoring general::certfp_method -- bogus certfp method %s", method);
}
}
}
}
+static void
+conf_set_general_hidden_caps(void *data)
+{
+ size_t n = 0;
+
+ for (conf_parm_t *arg = data; arg; arg = arg->next)
+ n += 1;
+
+ if (ConfigFileEntry.hidden_caps != NULL)
+ {
+ for (n = 0; ConfigFileEntry.hidden_caps[n] != NULL; n++)
+ rb_free(ConfigFileEntry.hidden_caps[n]);
+ rb_free(ConfigFileEntry.hidden_caps);
+ }
+ ConfigFileEntry.hidden_caps = rb_malloc(sizeof *ConfigFileEntry.hidden_caps * (n + 1));
+
+ n = 0;
+ for (conf_parm_t *arg = data; arg; arg = arg->next)
+ {
+ ConfigFileEntry.hidden_caps[n++] = rb_strdup(arg->v.string);
+ }
+ ConfigFileEntry.hidden_caps[n] = NULL;
+}
+
static void
conf_set_serverhide_links_delay(void *data)
{
yy_alias->name = rb_strdup(conf_cur_block_name);
yy_alias->flags = 0;
- yy_alias->hits = 0;
return 0;
}
}
/* XXX for below */
-static void conf_set_blacklist_reason(void *data);
+static void conf_set_dnsbl_entry_reason(void *data);
+
+#define IPTYPE_IPV4 1
+#define IPTYPE_IPV6 2
+
+static int
+conf_warn_blacklist_deprecation(struct TopConf *tc)
+{
+ conf_report_error("blacklist{} blocks have been deprecated -- use dnsbl{} blocks instead.");
+ return 0;
+}
static void
-conf_set_blacklist_host(void *data)
+conf_set_dnsbl_entry_host(void *data)
{
- if (yy_blacklist_host)
+ if (yy_dnsbl_entry_host)
{
- conf_report_error("blacklist::host %s overlaps existing host %s",
- (char *)data, yy_blacklist_host);
+ conf_report_error("dnsbl::host %s overlaps existing host %s",
+ (char *)data, yy_dnsbl_entry_host);
/* Cleanup */
- conf_set_blacklist_reason(NULL);
+ conf_set_dnsbl_entry_reason(NULL);
return;
}
- yy_blacklist_ipv4 = 1;
- yy_blacklist_ipv6 = 0;
- yy_blacklist_host = rb_strdup(data);
+ yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
+ yy_dnsbl_entry_host = rb_strdup(data);
}
static void
-conf_set_blacklist_type(void *data)
+conf_set_dnsbl_entry_type(void *data)
{
conf_parm_t *args = data;
/* Don't assume we have either if we got here */
- yy_blacklist_ipv4 = 0;
- yy_blacklist_ipv6 = 0;
+ yy_dnsbl_entry_iptype = 0;
for (; args; args = args->next)
{
- if (!strcasecmp(args->v.string, "ipv4"))
- yy_blacklist_ipv4 = 1;
- else if (!strcasecmp(args->v.string, "ipv6"))
- yy_blacklist_ipv6 = 1;
+ if (!rb_strcasecmp(args->v.string, "ipv4"))
+ yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
+ else if (!rb_strcasecmp(args->v.string, "ipv6"))
+ yy_dnsbl_entry_iptype |= IPTYPE_IPV6;
else
- conf_report_error("blacklist::type has unknown address family %s",
+ conf_report_error("dnsbl::type has unknown address family %s",
args->v.string);
}
/* If we have neither, just default to IPv4 */
- if (!yy_blacklist_ipv4 && !yy_blacklist_ipv6)
+ if (!yy_dnsbl_entry_iptype)
{
- conf_report_error("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
- yy_blacklist_ipv4 = 1;
+ conf_report_warning("dnsbl::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
+ yy_dnsbl_entry_iptype = IPTYPE_IPV4;
}
}
static void
-conf_set_blacklist_matches(void *data)
+conf_set_dnsbl_entry_matches(void *data)
{
conf_parm_t *args = data;
+ enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST };
for (; args; args = args->next)
{
- struct BlacklistFilter *filter;
char *str = args->v.string;
char *p;
- int type = BLACKLIST_FILTER_LAST;
+ enum filter_t type = FILTER_LAST;
if (CF_TYPE(args->type) != CF_QSTRING)
{
- conf_report_error("blacklist::matches -- must be quoted string");
+ conf_report_error("dnsbl::matches -- must be quoted string");
continue;
}
if (str == NULL)
{
- conf_report_error("blacklist::matches -- invalid entry");
+ conf_report_error("dnsbl::matches -- invalid entry");
continue;
}
if (strlen(str) > HOSTIPLEN)
{
- conf_report_error("blacklist::matches has an entry too long: %s",
+ conf_report_error("dnsbl::matches has an entry too long: %s",
str);
continue;
}
{
/* Check for validity */
if (*p == '.')
- type = BLACKLIST_FILTER_ALL;
- else if (!isalnum((unsigned char)*p))
+ type = FILTER_ALL;
+ else if (!isdigit((unsigned char)*p))
{
- conf_report_error("blacklist::matches has invalid IP match entry %s",
+ conf_report_error("dnsbl::matches has invalid IP match entry %s",
str);
- type = 0;
+ type = FILTER_NONE;
break;
}
}
- if (type == BLACKLIST_FILTER_ALL)
+ if (type == FILTER_ALL)
{
/* Basic IP sanity check */
struct rb_sockaddr_storage tmp;
if (rb_inet_pton(AF_INET, str, &tmp) <= 0)
{
- conf_report_error("blacklist::matches has invalid IP match entry %s",
+ conf_report_error("dnsbl::matches has invalid IP match entry %s",
str);
continue;
}
}
- else if (type == BLACKLIST_FILTER_LAST)
+ else if (type == FILTER_LAST)
{
/* Verify it's the correct length */
if (strlen(str) > 3)
{
- conf_report_error("blacklist::matches has invalid octet match entry %s",
+ conf_report_error("dnsbl::matches has invalid octet match entry %s",
str);
continue;
}
continue; /* Invalid entry */
}
- filter = rb_malloc(sizeof(struct BlacklistFilter));
- filter->type = type;
- rb_strlcpy(filter->filterstr, str, sizeof(filter->filterstr));
-
- rb_dlinkAdd(filter, &filter->node, &yy_blacklist_filters);
+ rb_dlinkAddAlloc(rb_strdup(str), &yy_dnsbl_entry_filters);
}
}
static void
-conf_set_blacklist_reason(void *data)
+conf_set_dnsbl_entry_reason(void *data)
{
rb_dlink_node *ptr, *nptr;
- if (yy_blacklist_host && data)
+ if (yy_dnsbl_entry_host && data)
{
- yy_blacklist_reason = rb_strdup(data);
- if (yy_blacklist_ipv6)
+ yy_dnsbl_entry_reason = rb_strdup(data);
+ if (yy_dnsbl_entry_iptype & IPTYPE_IPV6)
{
- /* Make sure things fit (64 = alnum count + dots) */
- if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
+ /* Make sure things fit (magic number 64 = alnum count + dots)
+ * Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
+ */
+ if ((64 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
{
- conf_report_error("blacklist::host %s results in IPv6 queries that are too long",
- yy_blacklist_host);
+ conf_report_error("dnsbl::host %s results in IPv6 queries that are too long",
+ yy_dnsbl_entry_host);
goto cleanup_bl;
}
}
/* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */
- if (yy_blacklist_ipv4 && !yy_blacklist_ipv6)
+ if ((yy_dnsbl_entry_iptype & IPTYPE_IPV4) && !(yy_dnsbl_entry_iptype & IPTYPE_IPV6))
{
- /* Make sure things fit (16 = number of nums + dots) */
- if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
+ /* Make sure things fit for worst case (magic number 16 = number of nums + dots)
+ * Example: 127.127.127.127.in-addr.arpa
+ */
+ if ((16 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
{
- conf_report_error("blacklist::host %s results in IPv4 queries that are too long",
- yy_blacklist_host);
+ conf_report_error("dnsbl::host %s results in IPv4 queries that are too long",
+ yy_dnsbl_entry_host);
goto cleanup_bl;
}
}
- new_blacklist(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_ipv4, yy_blacklist_ipv6,
- &yy_blacklist_filters);
+ add_dnsbl_entry(yy_dnsbl_entry_host, yy_dnsbl_entry_reason, yy_dnsbl_entry_iptype, &yy_dnsbl_entry_filters);
}
cleanup_bl:
- if (data == NULL)
+ RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_dnsbl_entry_filters.head)
+ {
+ rb_free(ptr->data);
+ rb_dlinkDestroy(ptr, &yy_dnsbl_entry_filters);
+ }
+
+ yy_dnsbl_entry_filters = (rb_dlink_list){ NULL, NULL, 0 };
+
+ rb_free(yy_dnsbl_entry_host);
+ rb_free(yy_dnsbl_entry_reason);
+ yy_dnsbl_entry_host = NULL;
+ yy_dnsbl_entry_reason = NULL;
+ yy_dnsbl_entry_iptype = 0;
+}
+
+
+struct opm_scanner
+{
+ const char *type;
+ uint16_t port;
+
+ rb_dlink_node node;
+};
+
+static int
+conf_begin_opm(struct TopConf *tc)
+{
+ yy_opm_address_ipv4 = yy_opm_address_ipv6 = NULL;
+ yy_opm_port_ipv4 = yy_opm_port_ipv6 = yy_opm_timeout = 0;
+ delete_opm_proxy_scanner_all();
+ delete_opm_listener_all();
+ return 0;
+}
+
+static int
+conf_end_opm(struct TopConf *tc)
+{
+ rb_dlink_node *ptr, *nptr;
+ bool fail = false;
+
+ if(rb_dlink_list_length(&yy_opm_scanner_list) == 0)
+ {
+ conf_report_error("No opm scanners configured -- disabling opm.");
+ fail = true;
+ goto end;
+ }
+
+ if(yy_opm_port_ipv4 > 0)
+ {
+ if(yy_opm_address_ipv4 != NULL)
+ conf_create_opm_listener(yy_opm_address_ipv4, yy_opm_port_ipv4);
+ else
+ {
+ char ip[HOSTIPLEN];
+ if(!rb_inet_ntop_sock((struct sockaddr *)&ServerInfo.bind4, ip, sizeof(ip)))
+ conf_report_error("No opm::listen_ipv4 nor serverinfo::vhost directive; cannot listen on IPv4");
+ else
+ conf_create_opm_listener(ip, yy_opm_port_ipv4);
+ }
+ }
+
+ if(yy_opm_port_ipv6 > 0)
+ {
+ if(yy_opm_address_ipv6 != NULL)
+ conf_create_opm_listener(yy_opm_address_ipv6, yy_opm_port_ipv6);
+ else
+ {
+ char ip[HOSTIPLEN];
+ if(!rb_inet_ntop_sock((struct sockaddr *)&ServerInfo.bind6, ip, sizeof(ip)))
+ conf_report_error("No opm::listen_ipv6 nor serverinfo::vhost directive; cannot listen on IPv6");
+ else
+ conf_create_opm_listener(ip, yy_opm_port_ipv6);
+ }
+ }
+
+ /* If there's no listeners... */
+ fail = (yy_opm_port_ipv4 == 0 || yy_opm_port_ipv6 == 0);
+ if(!fail && yy_opm_timeout > 0 && yy_opm_timeout < 60)
+ /* Send timeout */
+ set_authd_timeout("opm_timeout", yy_opm_timeout);
+ else if(fail)
+ conf_report_error("No opm listeners -- disabling");
+ else if(yy_opm_timeout <= 0 || yy_opm_timeout >= 60)
+ conf_report_error("opm::timeout value is invalid -- ignoring");
+
+end:
+ RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_opm_scanner_list.head)
+ {
+ struct opm_scanner *scanner = ptr->data;
+
+ if(!fail)
+ create_opm_proxy_scanner(scanner->type, scanner->port);
+
+ rb_dlinkDelete(&scanner->node, &yy_opm_scanner_list);
+ rb_free(scanner);
+ }
+
+ if(!fail)
+ opm_check_enable(true);
+
+ rb_free(yy_opm_address_ipv4);
+ rb_free(yy_opm_address_ipv6);
+ return 0;
+}
+
+static void
+conf_set_opm_timeout(void *data)
+{
+ int timeout = *((int *)data);
+
+ if(timeout <= 0 || timeout > 60)
+ {
+ conf_report_error("opm::timeout value %d is bogus, ignoring", timeout);
+ return;
+ }
+
+ yy_opm_timeout = timeout;
+}
+
+static void
+conf_set_opm_listen_address_both(void *data, bool ipv6)
+{
+ struct rb_sockaddr_storage addr;
+ const char *confstr = (ipv6 ? "opm::listen_ipv6" : "opm::listen_ipv4");
+ char *ip = data;
+
+ if(!rb_inet_pton_sock(ip, &addr))
{
- RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_blacklist_filters.head)
+ conf_report_error("%s is an invalid address: %s", confstr, ip);
+ return;
+ }
+
+ if(ipv6)
+ {
+ if(GET_SS_FAMILY(&addr) != AF_INET6)
{
- rb_dlinkDelete(ptr, &yy_blacklist_filters);
- rb_free(ptr);
+ conf_report_error("%s is of the wrong address type: %s", confstr, ip);
+ return;
+ }
+
+ if(yy_opm_address_ipv6 != NULL)
+ {
+ conf_report_error("%s overwrites previous address %s", confstr, ip);
+ return;
}
+
+ yy_opm_address_ipv6 = rb_strdup(ip);
}
else
{
- yy_blacklist_filters = (rb_dlink_list){ NULL, NULL, 0 };
+ if(GET_SS_FAMILY(&addr) != AF_INET)
+ {
+ conf_report_error("%s is of the wrong address type: %s", confstr, ip);
+ return;
+ }
+
+ if(yy_opm_address_ipv4 != NULL)
+ {
+ conf_report_error("%s overwrites previous address %s", confstr, ip);
+ return;
+ }
+
+ yy_opm_address_ipv4 = rb_strdup(ip);
+ }
+}
+
+static void
+conf_set_opm_listen_address_ipv4(void *data)
+{
+ conf_set_opm_listen_address_both(data, false);
+}
+
+static void
+conf_set_opm_listen_address_ipv6(void *data)
+{
+ conf_set_opm_listen_address_both(data, true);
+}
+
+static void
+conf_set_opm_listen_port_both(void *data, bool ipv6)
+{
+ int port = *((int *)data);
+ const char *confstr = (ipv6 ? "opm::port_ipv6" : "opm::port_ipv4");
+
+ if(port > 65535 || port <= 0)
+ {
+ conf_report_error("%s is out of range: %d", confstr, port);
+ return;
+ }
+
+ if(ipv6)
+ {
+ if(yy_opm_port_ipv4)
+ {
+ conf_report_error("%s overwrites existing port %hu",
+ confstr, yy_opm_port_ipv4);
+ return;
+ }
+
+ yy_opm_port_ipv4 = port;
+ }
+ else
+ {
+ if(yy_opm_port_ipv6)
+ {
+ conf_report_error("%s overwrites existing port %hu",
+ confstr, yy_opm_port_ipv6);
+ return;
+ }
+
+ yy_opm_port_ipv6 = port;
+ }
+}
+
+static void
+conf_set_opm_listen_port_ipv4(void *data)
+{
+ conf_set_opm_listen_port_both(data, false);
+}
+
+static void
+conf_set_opm_listen_port_ipv6(void *data)
+{
+ conf_set_opm_listen_port_both(data, true);
+}
+
+static void
+conf_set_opm_listen_port(void *data)
+{
+ conf_set_opm_listen_port_both(data, true);
+ conf_set_opm_listen_port_both(data, false);
+}
+
+static void
+conf_set_opm_scan_ports_all(void *data, const char *node, const char *type)
+{
+ conf_parm_t *args = data;
+ for (; args; args = args->next)
+ {
+ rb_dlink_node *ptr;
+ bool dup = false;
+
+ if(CF_TYPE(args->type) != CF_INT)
+ {
+ conf_report_error("%s argument is not an integer -- ignoring.", node);
+ continue;
+ }
+
+ if(args->v.number > 65535 || args->v.number <= 0)
+ {
+ conf_report_error("%s argument is not an integer between 1 and 65535 -- ignoring.", node);
+ continue;
+ }
+
+ /* Check for duplicates */
+ RB_DLINK_FOREACH(ptr, yy_opm_scanner_list.head)
+ {
+ struct opm_scanner *scanner = ptr->data;
+
+ if(scanner->port == args->v.number && strcmp(type, scanner->type) == 0)
+ {
+ conf_report_error("%s argument is duplicate", node);
+ dup = true;
+ break;
+ }
+ }
+
+ if(!dup)
+ {
+ struct opm_scanner *scanner = rb_malloc(sizeof(struct opm_scanner));
+ scanner->port = args->v.number;
+ scanner->type = type;
+ rb_dlinkAdd(scanner, &scanner->node, &yy_opm_scanner_list);
+ }
}
+}
+
+static void
+conf_set_opm_scan_ports_socks4(void *data)
+{
+ conf_set_opm_scan_ports_all(data, "opm::socks4_ports", "socks4");
+}
+
+static void
+conf_set_opm_scan_ports_socks5(void *data)
+{
+ conf_set_opm_scan_ports_all(data, "opm::socks5_ports", "socks5");
+}
- rb_free(yy_blacklist_host);
- rb_free(yy_blacklist_reason);
- yy_blacklist_host = NULL;
- yy_blacklist_reason = NULL;
- yy_blacklist_ipv4 = 1;
- yy_blacklist_ipv6 = 0;
+static void
+conf_set_opm_scan_ports_httpconnect(void *data)
+{
+ conf_set_opm_scan_ports_all(data, "opm::httpconnect_ports", "httpconnect");
+}
+
+static void
+conf_set_opm_scan_ports_httpsconnect(void *data)
+{
+ conf_set_opm_scan_ports_all(data, "opm::httpsconnect_ports", "httpsconnect");
}
/* public functions */
char msg[BUFSIZE + 1] = { 0 };
va_start(ap, fmt);
- vsnprintf(msg, BUFSIZE, fmt, ap);
+ vsnprintf(msg, sizeof msg, fmt, ap);
va_end(ap);
if (testing_conf)
}
ierror("\"%s\", line %d: %s", current_file, lineno + 1, msg);
- sendto_realops_snomask(SNO_GENERAL, L_ALL, "error: \"%s\", line %d: %s", current_file, lineno + 1, msg);
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "error: \"%s\", line %d: %s", current_file, lineno + 1, msg);
}
void
char msg[BUFSIZE + 1] = { 0 };
va_start(ap, fmt);
- vsnprintf(msg, BUFSIZE, fmt, ap);
+ vsnprintf(msg, sizeof msg, fmt, ap);
va_end(ap);
if (testing_conf)
}
iwarn("\"%s\", line %d: %s", current_file, lineno + 1, msg);
- sendto_realops_snomask(SNO_GENERAL, L_ALL, "warning: \"%s\", line %d: %s", current_file, lineno + 1, msg);
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "warning: \"%s\", line %d: %s", current_file, lineno + 1, msg);
}
int
if((cf = find_conf_item(tc, item)) == NULL)
{
conf_report_error
- ("Non-existant configuration setting %s::%s.", tc->tc_name, (char *) item);
+ ("Non-existent configuration setting %s::%s.", tc->tc_name, (char *) item);
return -1;
}
{
{ "ping_time", CF_TIME, conf_set_class_ping_time, 0, NULL },
{ "cidr_ipv4_bitlen", CF_INT, conf_set_class_cidr_ipv4_bitlen, 0, NULL },
-#ifdef RB_IPV6
{ "cidr_ipv6_bitlen", CF_INT, conf_set_class_cidr_ipv6_bitlen, 0, NULL },
-#endif
{ "number_per_cidr", CF_INT, conf_set_class_number_per_cidr, 0, NULL },
{ "number_per_ip", CF_INT, conf_set_class_number_per_ip, 0, NULL },
{ "number_per_ip_global", CF_INT,conf_set_class_number_per_ip_global, 0, NULL },
{ "number_per_ident", CF_INT, conf_set_class_number_per_ident, 0, NULL },
{ "connectfreq", CF_TIME, conf_set_class_connectfreq, 0, NULL },
{ "max_number", CF_INT, conf_set_class_max_number, 0, NULL },
+ { "max_autoconn", CF_INT, conf_set_class_max_autoconn, 0, NULL },
{ "sendq", CF_TIME, conf_set_class_sendq, 0, NULL },
{ "\0", 0, NULL, 0, NULL }
};
{ "redirserv", CF_QSTRING, conf_set_auth_redir_serv, 0, NULL },
{ "redirport", CF_INT, conf_set_auth_redir_port, 0, NULL },
{ "flags", CF_STRING | CF_FLIST, conf_set_auth_flags, 0, NULL },
+ { "umodes", CF_QSTRING, conf_set_auth_umodes, 0, NULL},
+ { "description",CF_QSTRING, conf_set_auth_desc, 0, NULL},
{ "\0", 0, NULL, 0, NULL }
};
{ "vhost", CF_QSTRING, conf_set_connect_vhost, 0, NULL },
{ "port", CF_INT, conf_set_connect_port, 0, NULL },
{ "aftype", CF_STRING, conf_set_connect_aftype, 0, NULL },
- { "hub_mask", CF_QSTRING, conf_set_connect_hub_mask, 0, NULL },
- { "leaf_mask", CF_QSTRING, conf_set_connect_leaf_mask, 0, NULL },
{ "class", CF_QSTRING, conf_set_connect_class, 0, NULL },
{ "\0", 0, NULL, 0, NULL }
};
{ "oper_only_umodes", CF_STRING | CF_FLIST, conf_set_general_oper_only_umodes, 0, NULL },
{ "oper_umodes", CF_STRING | CF_FLIST, conf_set_general_oper_umodes, 0, NULL },
{ "oper_snomask", CF_QSTRING, conf_set_general_oper_snomask, 0, NULL },
- { "compression_level", CF_INT, conf_set_general_compression_level, 0, NULL },
{ "havent_read_conf", CF_YESNO, conf_set_general_havent_read_conf, 0, NULL },
{ "hide_error_messages",CF_STRING, conf_set_general_hide_error_messages,0, NULL },
- { "kline_delay", CF_TIME, conf_set_general_kline_delay, 0, NULL },
- { "stats_k_oper_only", CF_STRING, conf_set_general_stats_k_oper_only, 0, NULL },
{ "stats_i_oper_only", CF_STRING, conf_set_general_stats_i_oper_only, 0, NULL },
+ { "stats_k_oper_only", CF_STRING, conf_set_general_stats_k_oper_only, 0, NULL },
+ { "stats_l_oper_only", CF_STRING, conf_set_general_stats_l_oper_only, 0, NULL },
{ "default_umodes", CF_QSTRING, conf_set_general_default_umodes, 0, NULL },
{ "default_operstring", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.default_operstring },
{ "non_redundant_klines", CF_YESNO, NULL, 0, &ConfigFileEntry.non_redundant_klines },
{ "tkline_expire_notices", CF_YESNO, NULL, 0, &ConfigFileEntry.tkline_expire_notices },
+ { "hidden_caps", CF_QSTRING | CF_FLIST, conf_set_general_hidden_caps, 0, NULL },
+
{ "anti_nick_flood", CF_YESNO, NULL, 0, &ConfigFileEntry.anti_nick_flood },
{ "burst_away", CF_YESNO, NULL, 0, &ConfigFileEntry.burst_away },
{ "caller_id_wait", CF_TIME, NULL, 0, &ConfigFileEntry.caller_id_wait },
{ "client_exit", CF_YESNO, NULL, 0, &ConfigFileEntry.client_exit },
{ "collision_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.collision_fnc },
{ "resv_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.resv_fnc },
+ { "post_registration_delay", CF_TIME, NULL, 0, &ConfigFileEntry.post_registration_delay },
{ "connect_timeout", CF_TIME, NULL, 0, &ConfigFileEntry.connect_timeout },
{ "default_floodcount", CF_INT, NULL, 0, &ConfigFileEntry.default_floodcount },
{ "default_ident_timeout", CF_INT, NULL, 0, &ConfigFileEntry.default_ident_timeout },
{ "hide_spoof_ips", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_spoof_ips },
{ "dline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.dline_with_reason },
{ "kline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.kline_with_reason },
+ { "hide_tkdline_duration", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_tkdline_duration },
{ "map_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.map_oper_only },
{ "max_accept", CF_INT, NULL, 0, &ConfigFileEntry.max_accept },
{ "max_monitor", CF_INT, NULL, 0, &ConfigFileEntry.max_monitor },
{ "short_motd", CF_YESNO, NULL, 0, &ConfigFileEntry.short_motd },
{ "stats_c_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_c_oper_only },
{ "stats_e_disabled", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_e_disabled },
- { "stats_h_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_h_oper_only },
{ "stats_o_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_o_oper_only },
{ "stats_P_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_P_oper_only },
{ "stats_y_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_y_oper_only },
{ "max_ratelimit_tokens", CF_INT, NULL, 0, &ConfigFileEntry.max_ratelimit_tokens },
{ "away_interval", CF_INT, NULL, 0, &ConfigFileEntry.away_interval },
{ "hide_opers_in_whois", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers_in_whois },
+ { "hide_opers", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers },
{ "certfp_method", CF_STRING, conf_set_general_certfp_method, 0, NULL },
+ { "drain_reason", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.drain_reason },
+ { "sasl_only_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.sasl_only_client_message },
+ { "identd_only_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.identd_only_client_message },
+ { "sctp_forbidden_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.sctp_forbidden_client_message },
+ { "ssltls_only_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.ssltls_only_client_message },
+ { "not_authorised_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.not_authorised_client_message },
+ { "illegal_hostname_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.not_authorised_client_message },
+ { "server_full_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.server_full_client_message },
+ { "illegal_name_long_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.illegal_name_long_client_message },
+ { "illegal_name_short_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.illegal_name_short_client_message },
+ { "tls_ciphers_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.tls_ciphers_oper_only },
+ { "oper_secure_only", CF_YESNO, NULL, 0, &ConfigFileEntry.oper_secure_only },
{ "\0", 0, NULL, 0, NULL }
};
{ "autochanmodes", CF_QSTRING, conf_set_channel_autochanmodes, 0, NULL },
{ "displayed_usercount", CF_INT, NULL, 0, &ConfigChannel.displayed_usercount },
{ "strip_topic_colors", CF_YESNO, NULL, 0, &ConfigChannel.strip_topic_colors },
+ { "opmod_send_statusmsg", CF_YESNO, NULL, 0, &ConfigChannel.opmod_send_statusmsg },
+ { "ip_bans_through_vhost", CF_YESNO, NULL, 0, &ConfigChannel.ip_bans_through_vhost },
{ "\0", 0, NULL, 0, NULL }
};
add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL);
add_conf_item("listen", "defer_accept", CF_YESNO, conf_set_listen_defer_accept);
+ add_conf_item("listen", "wsock", CF_YESNO, conf_set_listen_wsock);
add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port);
add_conf_item("listen", "sslport", CF_INT | CF_FLIST, conf_set_listen_sslport);
+ add_conf_item("listen", "sctp_port", CF_INT | CF_FLIST, conf_set_listen_sctp_port);
+ add_conf_item("listen", "sctp_sslport", CF_INT | CF_FLIST, conf_set_listen_sctp_sslport);
add_conf_item("listen", "ip", CF_QSTRING, conf_set_listen_address);
add_conf_item("listen", "host", CF_QSTRING, conf_set_listen_address);
add_top_conf("auth", conf_begin_auth, conf_end_auth, conf_auth_table);
- add_top_conf("shared", conf_cleanup_shared, conf_cleanup_shared, NULL);
- add_conf_item("shared", "oper", CF_QSTRING | CF_FLIST, conf_set_shared_oper);
- add_conf_item("shared", "flags", CF_STRING | CF_FLIST, conf_set_shared_flags);
-
add_top_conf("connect", conf_begin_connect, conf_end_connect, conf_connect_table);
add_top_conf("exempt", NULL, NULL, NULL);
add_conf_item("exempt", "ip", CF_QSTRING, conf_set_exempt_ip);
+ add_top_conf("secure", NULL, NULL, NULL);
+ add_conf_item("secure", "ip", CF_QSTRING, conf_set_secure_ip);
+
add_top_conf("cluster", conf_cleanup_cluster, conf_cleanup_cluster, NULL);
add_conf_item("cluster", "name", CF_QSTRING, conf_set_cluster_name);
add_conf_item("cluster", "flags", CF_STRING | CF_FLIST, conf_set_cluster_flags);
add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name);
add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target);
- add_top_conf("blacklist", NULL, NULL, NULL);
- add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host);
- add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type);
- add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_blacklist_matches);
- add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason);
+ add_top_conf("dnsbl", NULL, NULL, NULL);
+ add_conf_item("dnsbl", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
+ add_conf_item("dnsbl", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
+ add_conf_item("dnsbl", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
+ add_conf_item("dnsbl", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
+
+ add_top_conf("blacklist", conf_warn_blacklist_deprecation, NULL, NULL);
+ add_conf_item("blacklist", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
+ add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
+ add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
+ add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
+
+ add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL);
+ add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);
+ add_conf_item("opm", "listen_ipv4", CF_QSTRING, conf_set_opm_listen_address_ipv4);
+ add_conf_item("opm", "listen_ipv6", CF_QSTRING, conf_set_opm_listen_address_ipv6);
+ add_conf_item("opm", "port_v4", CF_INT, conf_set_opm_listen_port_ipv4);
+ add_conf_item("opm", "port_v6", CF_INT, conf_set_opm_listen_port_ipv6);
+ add_conf_item("opm", "listen_port", CF_INT, conf_set_opm_listen_port);
+ add_conf_item("opm", "socks4_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks4);
+ add_conf_item("opm", "socks5_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks5);
+ add_conf_item("opm", "httpconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpconnect);
+ add_conf_item("opm", "httpsconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpsconnect);
}
projects / solanum.git / blobdiff