static char *yy_blacklist_host = NULL;
static char *yy_blacklist_reason = NULL;
+static int yy_blacklist_ipv4 = 1;
+static int yy_blacklist_ipv6 = 0;
+
static char *yy_privset_extends = NULL;
static const char *
return 0;
}
}
+
+ if(!EmptyString(yy_oper->certfp))
+ yy_tmpoper->certfp = rb_strdup(yy_oper->certfp);
#endif
/* all is ok, put it on oper_conf_list */
set_modes_from_table(&yy_oper->flags, "flag", oper_table, args);
}
+static void
+conf_set_oper_fingerprint(void *data)
+{
+ if (yy_oper->certfp)
+ rb_free(yy_oper->certfp);
+ yy_oper->certfp = rb_strdup((char *) data);
+}
+
static void
conf_set_oper_privset(void *data)
{
static int
conf_end_auth(struct TopConf *tc)
{
- struct ConfItem *yy_tmp;
+ struct ConfItem *yy_tmp, *found_conf;
rb_dlink_node *ptr;
rb_dlink_node *next_ptr;
- if(EmptyString(yy_aconf->name))
- yy_aconf->name = rb_strdup("NOMATCH");
+ if(EmptyString(yy_aconf->info.name))
+ yy_aconf->info.name = rb_strdup("NOMATCH");
/* didnt even get one ->host? */
if(EmptyString(yy_aconf->host))
collapse(yy_aconf->user);
collapse(yy_aconf->host);
conf_add_class_to_conf(yy_aconf);
- add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf->spasswd, yy_aconf);
+ if ((found_conf = find_exact_conf_by_address("*", CONF_CLIENT, "*")) && found_conf->spasswd == NULL)
+ conf_report_error("Ignoring redundant auth block (after *@*)");
+ else if ((found_conf = find_exact_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user)) &&
+ (!found_conf->spasswd || (yy_aconf->spasswd &&
+ 0 == irccmp(found_conf->spasswd, yy_aconf->spasswd))))
+ conf_report_error("Ignoring duplicate auth block for %s@%s",
+ yy_aconf->user, yy_aconf->host);
+ else
+ add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf->spasswd, yy_aconf);
RB_DLINK_FOREACH_SAFE(ptr, next_ptr, yy_aconf_list.head)
{
yy_tmp->spasswd = rb_strdup(yy_aconf->spasswd);
/* this will always exist.. */
- yy_tmp->name = rb_strdup(yy_aconf->name);
+ yy_tmp->info.name = rb_strdup(yy_aconf->info.name);
if(yy_aconf->className)
yy_tmp->className = rb_strdup(yy_aconf->className);
conf_add_class_to_conf(yy_tmp);
- add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp->spasswd, yy_tmp);
+ if (find_exact_conf_by_address("*", CONF_CLIENT, "*"))
+ conf_report_error("Ignoring redundant auth block (after *@*)");
+ else if (find_exact_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user))
+ conf_report_error("Ignoring duplicate auth block for %s@%s",
+ yy_tmp->user, yy_tmp->host);
+ else
+ add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp->spasswd, yy_tmp);
rb_dlinkDestroy(ptr, &yy_aconf_list);
}
return;
}
- rb_free(yy_aconf->name);
- yy_aconf->name = rb_strdup(data);
+ rb_free(yy_aconf->info.name);
+ yy_aconf->info.name = rb_strdup(data);
yy_aconf->flags |= CONF_FLAGS_SPOOF_IP;
}
conf_set_auth_redir_serv(void *data)
{
yy_aconf->flags |= CONF_FLAGS_REDIR;
- rb_free(yy_aconf->name);
- yy_aconf->name = rb_strdup(data);
+ rb_free(yy_aconf->info.name);
+ yy_aconf->info.name = rb_strdup(data);
}
static void
return 0;
}
- if(EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd))
+ if((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) && EmptyString(yy_server->certfp))
{
- conf_report_error("Ignoring connect block for %s -- missing password.",
+ conf_report_error("Ignoring connect block for %s -- no fingerprint or password credentials provided.",
yy_server->name);
return 0;
}
yy_server->passwd = rb_strdup(data);
}
+static void
+conf_set_connect_fingerprint(void *data)
+{
+ if (yy_server->certfp)
+ rb_free(yy_server->certfp);
+ yy_server->certfp = rb_strdup((char *) data);
+
+ /* force SSL to be enabled if fingerprint is enabled. */
+ yy_server->flags |= SERVER_SSL;
+}
+
static void
conf_set_connect_port(void *data)
{
/* don't allow +o */
case 'o':
case 'S':
+ case 'Z':
case ' ':
break;
return -1;
}
- if (!alias_dict)
- alias_dict = irc_dictionary_create(strcasecmp);
-
irc_dictionary_add(alias_dict, yy_alias->name, yy_alias);
return 0;
yy_blacklist_host = rb_strdup(data);
}
+static void
+conf_set_blacklist_type(void *data)
+{
+ conf_parm_t *args = data;
+
+ /* Don't assume we have either if we got here */
+ yy_blacklist_ipv4 = 0;
+ yy_blacklist_ipv6 = 0;
+
+ for (; args; args = args->next)
+ {
+ if (!strcasecmp(args->v.string, "ipv4"))
+ yy_blacklist_ipv4 = 1;
+ else if (!strcasecmp(args->v.string, "ipv6"))
+ yy_blacklist_ipv6 = 1;
+ else
+ conf_report_error("blacklist::type has unknown address family %s",
+ args->v.string);
+ }
+
+ /* If we have neither, just default to IPv4 */
+ if (!yy_blacklist_ipv4 && !yy_blacklist_ipv6)
+ {
+ conf_report_error("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
+ yy_blacklist_ipv4 = 1;
+ }
+}
+
static void
conf_set_blacklist_reason(void *data)
{
if (yy_blacklist_host && yy_blacklist_reason)
{
- new_blacklist(yy_blacklist_host, yy_blacklist_reason);
+ if (yy_blacklist_ipv6)
+ {
+ /* Make sure things fit (64 = alnum count + dots) */
+ if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
+ {
+ conf_report_error("blacklist::host %s results in IPv6 queries that are too long",
+ yy_blacklist_host);
+ goto cleanup_bl;
+ }
+ }
+ /* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */
+ if (yy_blacklist_ipv4 && !yy_blacklist_ipv6)
+ {
+ /* Make sure things fit (16 = number of nums + dots) */
+ if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
+ {
+ conf_report_error("blacklist::host %s results in IPv4 queries that are too long",
+ yy_blacklist_host);
+ goto cleanup_bl;
+ }
+ }
+
+ new_blacklist(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_ipv4, yy_blacklist_ipv6);
+
+cleanup_bl:
rb_free(yy_blacklist_host);
rb_free(yy_blacklist_reason);
yy_blacklist_host = NULL;
yy_blacklist_reason = NULL;
+ yy_blacklist_ipv4 = 1;
+ yy_blacklist_ipv6 = 0;
}
}
ierror("\"%s\", line %d: %s", current_file, lineno + 1, msg);
sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s", current_file, lineno + 1, msg);
- if (remote_rehash_oper_p)
- sendto_one_notice(remote_rehash_oper_p, ":*** Notice -- \"%s\", line %d: %s", current_file, lineno + 1, msg);
}
int
/* if it takes one thing, make sure they only passed one thing,
and handle as needed. */
- if(value->type & CF_FLIST && !cf->cf_type & CF_FLIST)
+ if((value->v.list->type & CF_FLIST) && !(cf->cf_type & CF_FLIST))
{
conf_report_error
("Option %s::%s does not take a list of values.", tc->tc_name, item);
{ "snomask", CF_QSTRING, conf_set_oper_snomask, 0, NULL },
{ "user", CF_QSTRING, conf_set_oper_user, 0, NULL },
{ "password", CF_QSTRING, conf_set_oper_password, 0, NULL },
+ { "fingerprint", CF_QSTRING, conf_set_oper_fingerprint, 0, NULL },
{ "\0", 0, NULL, 0, NULL }
};
{
{ "send_password", CF_QSTRING, conf_set_connect_send_password, 0, NULL },
{ "accept_password", CF_QSTRING, conf_set_connect_accept_password, 0, NULL },
+ { "fingerprint", CF_QSTRING, conf_set_connect_fingerprint, 0, NULL },
{ "flags", CF_STRING | CF_FLIST, conf_set_connect_flags, 0, NULL },
{ "host", CF_QSTRING, conf_set_connect_host, 0, NULL },
{ "vhost", CF_QSTRING, conf_set_connect_vhost, 0, NULL },
{ "burst_away", CF_YESNO, NULL, 0, &ConfigFileEntry.burst_away },
{ "caller_id_wait", CF_TIME, NULL, 0, &ConfigFileEntry.caller_id_wait },
{ "client_exit", CF_YESNO, NULL, 0, &ConfigFileEntry.client_exit },
- { "client_flood", CF_INT, NULL, 0, &ConfigFileEntry.client_flood },
{ "collision_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.collision_fnc },
{ "connect_timeout", CF_TIME, NULL, 0, &ConfigFileEntry.connect_timeout },
{ "default_floodcount", CF_INT, NULL, 0, &ConfigFileEntry.default_floodcount },
+ { "default_ident_timeout", CF_INT, NULL, 0, &ConfigFileEntry.default_ident_timeout },
{ "disable_auth", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_auth },
{ "dots_in_ident", CF_INT, NULL, 0, &ConfigFileEntry.dots_in_ident },
{ "failed_oper_notice", CF_YESNO, NULL, 0, &ConfigFileEntry.failed_oper_notice },
{ "ts_warn_delta", CF_TIME, NULL, 0, &ConfigFileEntry.ts_warn_delta },
{ "use_whois_actually", CF_YESNO, NULL, 0, &ConfigFileEntry.use_whois_actually },
{ "warn_no_nline", CF_YESNO, NULL, 0, &ConfigFileEntry.warn_no_nline },
+ { "use_propagated_bans",CF_YESNO, NULL, 0, &ConfigFileEntry.use_propagated_bans },
+ { "client_flood_max_lines", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_max_lines },
+ { "client_flood_burst_rate", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_rate },
+ { "client_flood_burst_max", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_max },
+ { "client_flood_message_num", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_num },
+ { "client_flood_message_time", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_time },
{ "\0", 0, NULL, 0, NULL }
};
{ "max_chans_per_user", CF_INT, NULL, 0, &ConfigChannel.max_chans_per_user },
{ "no_create_on_split", CF_YESNO, NULL, 0, &ConfigChannel.no_create_on_split },
{ "no_join_on_split", CF_YESNO, NULL, 0, &ConfigChannel.no_join_on_split },
+ { "only_ascii_channels", CF_YESNO, NULL, 0, &ConfigChannel.only_ascii_channels },
{ "use_except", CF_YESNO, NULL, 0, &ConfigChannel.use_except },
{ "use_invex", CF_YESNO, NULL, 0, &ConfigChannel.use_invex },
- { "use_knock", CF_YESNO, NULL, 0, &ConfigChannel.use_knock },
{ "use_forward", CF_YESNO, NULL, 0, &ConfigChannel.use_forward },
+ { "use_knock", CF_YESNO, NULL, 0, &ConfigChannel.use_knock },
+ { "resv_forcepart", CF_YESNO, NULL, 0, &ConfigChannel.resv_forcepart },
+ { "channel_target_change", CF_YESNO, NULL, 0, &ConfigChannel.channel_target_change },
+ { "disable_local_channels", CF_YESNO, NULL, 0, &ConfigChannel.disable_local_channels },
{ "\0", 0, NULL, 0, NULL }
};
add_top_conf("blacklist", NULL, NULL, NULL);
add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host);
+ add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type);
add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason);
}