#include "ircd.h"
#include "snomask.h"
#include "sslproc.h"
+#include "wsproc.h"
#include "privilege.h"
#include "chmode.h"
#define CF_TYPE(x) ((x) & CF_MTYPE)
static int yy_defer_accept = 1;
+static int yy_wsock = 0;
struct TopConf *conf_cur_block;
static char *conf_cur_block_name = NULL;
static char *yy_opm_address_ipv6 = NULL;
static uint16_t yy_opm_port_ipv4 = 0;
static uint16_t yy_opm_port_ipv6 = 0;
+static int yy_opm_timeout = 0;
+static rb_dlink_list yy_opm_scanner_list;
static char *yy_privset_extends = NULL;
};
static struct mode_table auth_table[] = {
- {"encrypted", CONF_FLAGS_ENCRYPTED },
- {"spoof_notice", CONF_FLAGS_SPOOF_NOTICE },
- {"exceed_limit", CONF_FLAGS_NOLIMIT },
- {"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL },
- {"kline_exempt", CONF_FLAGS_EXEMPTKLINE },
- {"flood_exempt", CONF_FLAGS_EXEMPTFLOOD },
- {"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT },
- {"shide_exempt", CONF_FLAGS_EXEMPTSHIDE },
- {"jupe_exempt", CONF_FLAGS_EXEMPTJUPE },
- {"resv_exempt", CONF_FLAGS_EXEMPTRESV },
- {"no_tilde", CONF_FLAGS_NO_TILDE },
- {"need_ident", CONF_FLAGS_NEED_IDENTD },
- {"have_ident", CONF_FLAGS_NEED_IDENTD },
- {"need_ssl", CONF_FLAGS_NEED_SSL },
- {"need_sasl", CONF_FLAGS_NEED_SASL },
- {"extend_chans", CONF_FLAGS_EXTEND_CHANS },
+ {"encrypted", CONF_FLAGS_ENCRYPTED },
+ {"spoof_notice", CONF_FLAGS_SPOOF_NOTICE },
+ {"exceed_limit", CONF_FLAGS_NOLIMIT },
+ {"dnsbl_exempt", CONF_FLAGS_EXEMPTDNSBL },
+ {"proxy_exempt", CONF_FLAGS_EXEMPTPROXY },
+ {"kline_exempt", CONF_FLAGS_EXEMPTKLINE },
+ {"flood_exempt", CONF_FLAGS_EXEMPTFLOOD },
+ {"spambot_exempt", CONF_FLAGS_EXEMPTSPAMBOT },
+ {"shide_exempt", CONF_FLAGS_EXEMPTSHIDE },
+ {"jupe_exempt", CONF_FLAGS_EXEMPTJUPE },
+ {"resv_exempt", CONF_FLAGS_EXEMPTRESV },
+ {"no_tilde", CONF_FLAGS_NO_TILDE },
+ {"need_ident", CONF_FLAGS_NEED_IDENTD },
+ {"have_ident", CONF_FLAGS_NEED_IDENTD },
+ {"need_ssl", CONF_FLAGS_NEED_SSL },
+ {"need_sasl", CONF_FLAGS_NEED_SASL },
+ {"extend_chans", CONF_FLAGS_EXTEND_CHANS },
{NULL, 0}
};
{ "kline", SHARED_PKLINE|SHARED_TKLINE },
{ "xline", SHARED_PXLINE|SHARED_TXLINE },
{ "resv", SHARED_PRESV|SHARED_TRESV },
- { "dline", SHARED_PDLINE|SHARED_TDLINE },
- { "tdline", SHARED_TDLINE },
- { "pdline", SHARED_PDLINE },
+ { "dline", SHARED_PDLINE|SHARED_TDLINE },
+ { "tdline", SHARED_TDLINE },
+ { "pdline", SHARED_PDLINE },
{ "undline", SHARED_UNDLINE },
{ "tkline", SHARED_TKLINE },
{ "unkline", SHARED_UNKLINE },
yy_defer_accept = *(unsigned int *) data;
}
+static void
+conf_set_listen_wsock(void *data)
+{
+ yy_wsock = *(unsigned int *) data;
+}
+
static void
conf_set_listen_port_both(void *data, int ssl)
{
conf_report_warning("listener 'ANY/%d': support for plaintext listeners may be removed in a future release per RFC 7194. "
"It is suggested that users be migrated to SSL/TLS connections.", args->v.number);
}
- add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept);
+ add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept, yy_wsock);
#ifdef RB_IPV6
- add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept);
+ add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept, yy_wsock);
#endif
}
else
"It is suggested that users be migrated to SSL/TLS connections.", listener_address, args->v.number);
}
- add_listener(args->v.number, listener_address, family, ssl, ssl || yy_defer_accept);
+ add_listener(args->v.number, listener_address, family, ssl, ssl || yy_defer_accept, yy_wsock);
}
-
}
}
yy_blacklist_iptype = 0;
}
+
+struct opm_scanner
+{
+ const char *type;
+ uint16_t port;
+
+ rb_dlink_node node;
+};
+
static int
conf_begin_opm(struct TopConf *tc)
{
yy_opm_address_ipv4 = yy_opm_address_ipv6 = NULL;
- yy_opm_port_ipv4 = yy_opm_port_ipv6 = 0;
+ yy_opm_port_ipv4 = yy_opm_port_ipv6 = yy_opm_timeout = 0;
return 0;
}
static int
conf_end_opm(struct TopConf *tc)
{
+ rb_dlink_node *ptr, *nptr;
+ bool fail = false;
+
+ if(!rb_dlink_list_length(&yy_opm_scanner_list))
+ {
+ conf_report_error("No opm scanners configured, disabling opm.");
+ fail = true;
+ goto end;
+ }
+
if(yy_opm_port_ipv4 > 0)
{
if(yy_opm_address_ipv4 != NULL)
{
char ip[HOSTIPLEN];
if(!rb_inet_ntop_sock((struct sockaddr *)&ServerInfo.ip, ip, sizeof(ip)))
- {
conf_report_error("No opm::listen_ipv4 nor serverinfo::vhost directive; cannot listen on IPv4");
- return 1;
- }
else
- {
create_opm_listener(ip, yy_opm_port_ipv4);
- }
}
}
{
char ip[HOSTIPLEN];
if(!rb_inet_ntop_sock((struct sockaddr *)&ServerInfo.ip6, ip, sizeof(ip)))
- {
conf_report_error("No opm::listen_ipv6 nor serverinfo::vhost directive; cannot listen on IPv6");
- return 1;
- }
else
- {
create_opm_listener(ip, yy_opm_port_ipv6);
- }
}
}
+ /* If there's no listeners... */
+ fail = (yy_opm_port_ipv4 == 0 || yy_opm_port_ipv6 == 0);
+
+ if(!fail && yy_opm_timeout > 0)
+ /* Send timeout */
+ set_authd_timeout("opm_timeout", yy_opm_timeout);
+
+end:
+ RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_opm_scanner_list.head)
+ {
+ struct opm_scanner *scanner = ptr->data;
+
+ if(!fail)
+ create_opm_proxy_scanner(scanner->type, scanner->port);
+
+ rb_dlinkDelete(&scanner->node, &yy_opm_scanner_list);
+ rb_free(scanner);
+ }
+
rb_free(yy_opm_address_ipv4);
rb_free(yy_opm_address_ipv6);
return 0;
}
static void
-conf_set_opm_listen_address_ipv4(void *data)
+conf_set_opm_timeout(void *data)
{
- struct rb_sockaddr_storage addr;
- char *ip = data;
+ int timeout = *((int *)data);
- if(ip == NULL)
+ if(timeout <= 0 || timeout > 60)
{
- conf_report_error("opm::listen_ipv4 cannot be empty");
+ conf_report_error("opm::timeout value %d is bogus, ignoring", timeout);
return;
}
- /* Test the address for validity */
+ yy_opm_timeout = timeout;
+}
+
+static void
+conf_set_opm_listen_address_both(void *data, bool ipv6)
+{
+ struct rb_sockaddr_storage addr;
+ const char *confstr = (ipv6 ? "opm::listen_ipv6" : "opm::listen_ipv4");
+ char *ip = data;
+
if(!rb_inet_pton_sock(ip, (struct sockaddr *)&addr))
{
- conf_report_error("opm::listen_ipv4 is invalid: %s", ip);
+ conf_report_error("%s is an invalid address: %s", confstr, ip);
return;
}
-#ifdef RB_IPV6
- if(GET_SS_FAMILY(&addr) == AF_INET6)
+ if(ipv6)
{
- conf_report_error("opm::listen_ipv4 is an IPv6 address: %s", ip);
+#ifdef RB_IPV6
+ if(GET_SS_FAMILY(&addr) != AF_INET6)
+ {
+ conf_report_error("%s is of the wrong address type: %s", confstr, ip);
+ return;
+ }
+
+ if(yy_opm_address_ipv6 != NULL)
+ {
+ conf_report_error("%s overwrites previous address %s", confstr, ip);
+ return;
+ }
+
+ yy_opm_address_ipv6 = rb_strdup(ip);
+#else
+ conf_report_error("%s requires IPv6 support in your ircd", confstr, ip);
return;
- }
#endif
-
- if(yy_opm_address_ipv4 != NULL)
+ }
+ else
{
- conf_report_error("opm::listen_ipv4 %s overwrites previous one: %s",
- ip, yy_opm_address_ipv4);
- return;
+ if(GET_SS_FAMILY(&addr) != AF_INET)
+ {
+ conf_report_error("%s is of the wrong address type: %s", confstr, ip);
+ return;
+ }
+
+ if(yy_opm_address_ipv4 != NULL)
+ {
+ conf_report_error("%s overwrites previous address %s", confstr, ip);
+ return;
+ }
+
+ yy_opm_address_ipv4 = rb_strdup(ip);
}
+}
- yy_opm_address_ipv4 = rb_strdup(ip);
+static void
+conf_set_opm_listen_address_ipv4(void *data)
+{
+ conf_set_opm_listen_address_both(data, false);
}
static void
conf_set_opm_listen_address_ipv6(void *data)
{
-#ifndef RB_IPV6
- conf_report_error("opm::listen_ipv6 requires IPv6 support in your ircd");
- return;
-#else
- struct rb_sockaddr_storage addr;
- char *ip = data;
+ conf_set_opm_listen_address_both(data, true);
+}
- if(ip == NULL)
- {
- conf_report_error("opm::listen_ipv4 cannot be empty");
- return;
- }
+static void
+conf_set_opm_listen_port_both(void *data, bool ipv6)
+{
+ int port = *((int *)data);
+ const char *confstr = (ipv6 ? "opm::port_ipv6" : "opm::port_ipv4");
- /* Test the address for validity */
- if(!rb_inet_pton_sock(ip, (struct sockaddr *)&addr))
+#ifndef RB_IPV6
+ if(ipv6)
{
- conf_report_error("opm::listen_ipv6 is invalid: %s", ip);
+ conf_report_error("%s requires IPv6 support in your ircd", confstr);
return;
}
+#endif
- if(GET_SS_FAMILY(&addr) == AF_INET)
+ if(port > 65535 || port <= 0)
{
- conf_report_error("opm::listen_ipv6 is an IPv4 address: %s", ip);
+ conf_report_error("%s is out of range: %d", confstr, port);
return;
}
- if(yy_opm_address_ipv6 != NULL)
+ if(ipv6)
{
- conf_report_error("opm::listen_ipv6 %s overwrites previous one: %s",
- ip, yy_opm_address_ipv6);
- return;
+ if(yy_opm_port_ipv4)
+ {
+ conf_report_error("%s overwrites existing port %hu",
+ confstr, yy_opm_port_ipv4);
+ return;
+ }
+
+ yy_opm_port_ipv4 = port;
}
+ else
+ {
+ if(yy_opm_port_ipv6)
+ {
+ conf_report_error("%s overwrites existing port %hu",
+ confstr, yy_opm_port_ipv6);
+ return;
+ }
- yy_opm_address_ipv6 = rb_strdup(ip);
-#endif
+ yy_opm_port_ipv6 = port;
+ }
}
static void
conf_set_opm_listen_port_ipv4(void *data)
{
-#ifndef RB_IPV6
- conf_report_error("opm::listen_ipv6 requires IPv6 support in your ircd");
- return;
-#else
- int port = *((int *)data);
-
- if(port > 65535 || port <= 0)
- {
- conf_report_error("opm::port_ipv4 is out of range: %d", port);
- return;
- }
-
- if(yy_opm_port_ipv4)
- {
- conf_report_error("opm::port_ipv4 %d overwrites existing port %hu",
- port, yy_opm_port_ipv4);
- return;
- }
-
- yy_opm_port_ipv4 = (uint16_t)port;
-#endif
+ conf_set_opm_listen_port_both(data, false);
}
static void
conf_set_opm_listen_port_ipv6(void *data)
{
- int port = *((int *)data);
-
- if(port > 65535 || port <= 0)
- {
- conf_report_error("opm::port_ipv6 is out of range: %d", port);
- return;
- }
-
- if(yy_opm_port_ipv6)
- {
- conf_report_error("opm::port_ipv6 %d overwrites existing port %hu",
- port, yy_opm_port_ipv6);
- return;
- }
-
- yy_opm_port_ipv6 = (uint16_t)port;
+ conf_set_opm_listen_port_both(data, true);
}
static void
conf_set_opm_listen_port(void *data)
{
- int port = *((int *)data);
- bool fail = false; /* Allow us to report shadowing of IPv4 and IPv6 port */
+ conf_set_opm_listen_port_both(data, true);
+ conf_set_opm_listen_port_both(data, false);
+}
- if(port > 65535 || port <= 0)
+static void
+conf_set_opm_scan_ports_all(void *data, const char *node, const char *type)
+{
+ conf_parm_t *args = data;
+ for (; args; args = args->next)
{
- conf_report_error("opm::port is out of range: %d", port);
- return;
- }
+ rb_dlink_node *ptr;
+ bool dup = false;
- if(yy_opm_port_ipv4)
- {
- conf_report_error("opm::port %d overwrites existing IPv4 port %hu",
- port, yy_opm_port_ipv4);
- fail = true;
- }
+ if(CF_TYPE(args->type) != CF_INT)
+ {
+ conf_report_error("%s argument is not an integer -- ignoring.", node);
+ continue;
+ }
+
+ if(args->v.number > 65535 || args->v.number <= 0)
+ {
+ conf_report_error("%s argument is not an integer between 1 and 65535 -- ignoring.", node);
+ continue;
+ }
- if(yy_opm_port_ipv6)
- {
- conf_report_error("opm::port %d overwrites existing IPv6 port %hu",
- port, yy_opm_port_ipv6);
- fail = true;
+ /* Check for duplicates */
+ RB_DLINK_FOREACH(ptr, yy_opm_scanner_list.head)
+ {
+ struct opm_scanner *scanner = ptr->data;
+
+ if(scanner->port == args->v.number && strcmp(type, scanner->type) == 0)
+ {
+ conf_report_error("%s argument is duplicate", node);
+ dup = true;
+ break;
+ }
+ }
+
+ if(!dup)
+ {
+ struct opm_scanner *scanner = rb_malloc(sizeof(struct opm_scanner));
+ scanner->port = args->v.number;
+ scanner->type = type;
+ rb_dlinkAdd(scanner, &scanner->node, &yy_opm_scanner_list);
+ }
}
+}
- if(fail)
- return;
+static void
+conf_set_opm_scan_ports_socks4(void *data)
+{
+ conf_set_opm_scan_ports_all(data, "opm::socks4_ports", "socks4");
+}
- yy_opm_port_ipv4 = yy_opm_port_ipv6 = (uint16_t)port;
+static void
+conf_set_opm_scan_ports_socks5(void *data)
+{
+ conf_set_opm_scan_ports_all(data, "opm::socks5_ports", "socks5");
+}
+
+static void
+conf_set_opm_scan_ports_httpconnect(void *data)
+{
+ conf_set_opm_scan_ports_all(data, "opm::httpconnect_ports", "httpconnect");
+}
+
+static void
+conf_set_opm_scan_ports_httpsconnect(void *data)
+{
+ conf_set_opm_scan_ports_all(data, "opm::httpsconnect_ports", "httpsconnect");
}
/* public functions */
add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL);
add_conf_item("listen", "defer_accept", CF_YESNO, conf_set_listen_defer_accept);
+ add_conf_item("listen", "wsock", CF_YESNO, conf_set_listen_wsock);
add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port);
add_conf_item("listen", "sslport", CF_INT | CF_FLIST, conf_set_listen_sslport);
add_conf_item("listen", "ip", CF_QSTRING, conf_set_listen_address);
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason);
add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL);
+ add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);
add_conf_item("opm", "listen_ipv4", CF_QSTRING, conf_set_opm_listen_address_ipv4);
- add_conf_item("opm", "port_v4", CF_INT, conf_set_opm_listen_port_ipv4);
add_conf_item("opm", "listen_ipv6", CF_QSTRING, conf_set_opm_listen_address_ipv6);
+ add_conf_item("opm", "port_v4", CF_INT, conf_set_opm_listen_port_ipv4);
add_conf_item("opm", "port_v6", CF_INT, conf_set_opm_listen_port_ipv6);
add_conf_item("opm", "listen_port", CF_INT, conf_set_opm_listen_port);
+ add_conf_item("opm", "socks4_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks4);
+ add_conf_item("opm", "socks5_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_socks5);
+ add_conf_item("opm", "httpconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpconnect);
+ add_conf_item("opm", "httpsconnect_ports", CF_INT | CF_FLIST, conf_set_opm_scan_ports_httpsconnect);
}