#include "client.h"
#include "common.h"
#include "hash.h"
-#include "irc_string.h"
-#include "sprintf_irc.h"
+#include "match.h"
#include "ircd.h"
#include "listener.h"
#include "hostmask.h"
#include "modules.h"
#include "numeric.h"
-#include "s_log.h"
+#include "logger.h"
#include "send.h"
-#include "s_gline.h"
#include "reject.h"
#include "cache.h"
#include "blacklist.h"
+#include "privilege.h"
+#include "sslproc.h"
struct config_server_hide ConfigServerHide;
-extern int yyparse(); /* defined in y.tab.c */
+extern int yyparse(void); /* defined in y.tab.c */
extern char linebuf[];
#ifndef INADDR_NONE
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->sockhost);
- ServerStats->is_ref++;
+ ServerStats.is_ref++;
exit_client(client_p, source_p, &me, "Too many host connections (local)");
break;
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->sockhost);
- ServerStats->is_ref++;
+ ServerStats.is_ref++;
exit_client(client_p, source_p, &me, "Too many host connections (global)");
break;
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->sockhost);
- ServerStats->is_ref++;
+ ServerStats.is_ref++;
exit_client(client_p, source_p, &me, "Too many user connections (global)");
break;
source_p->name, IsGotId(source_p) ? "" : "~",
source_p->username, source_p->sockhost);
- ServerStats->is_ref++;
+ ServerStats.is_ref++;
exit_client(client_p, source_p, &me,
"No more connections allowed in your connection class");
break;
case NOT_AUTHORISED:
{
int port = -1;
-#ifdef IPV6
+#ifdef RB_IPV6
if(source_p->localClient->ip.ss_family == AF_INET6)
port = ntohs(((struct sockaddr_in6 *)&source_p->localClient->listener->addr)->sin6_port);
else
#endif
port = ntohs(((struct sockaddr_in *)&source_p->localClient->listener->addr)->sin_port);
- ServerStats->is_ref++;
+ ServerStats.is_ref++;
/* jdc - lists server name & port connections are on */
/* a purely cosmetical change */
/* why ipaddr, and not just source_p->sockhost? --fl */
#if 0
static char ipaddr[HOSTIPLEN];
- inetntop_sock(&source_p->localClient->ip, ipaddr, sizeof(ipaddr));
+ rb_inet_ntop_sock(&source_p->localClient->ip, ipaddr, sizeof(ipaddr));
#endif
sendto_realops_snomask(SNO_UNAUTH, L_ALL,
"Unauthorised client connection from "
}
case BANNED_CLIENT:
exit_client(client_p, client_p, &me, "*** Banned ");
- ServerStats->is_ref++;
+ ServerStats.is_ref++;
break;
case 0:
aconf = find_address_conf(client_p->host, client_p->sockhost,
client_p->username, client_p->username,
(struct sockaddr *) &client_p->localClient->ip,
- client_p->localClient->ip.ss_family);
+ client_p->localClient->ip.ss_family,
+ client_p->localClient->auth_user);
}
else
{
- strlcpy(non_ident, "~", sizeof(non_ident));
- strlcat(non_ident, username, sizeof(non_ident));
+ rb_strlcpy(non_ident, "~", sizeof(non_ident));
+ rb_strlcat(non_ident, username, sizeof(non_ident));
aconf = find_address_conf(client_p->host, client_p->sockhost,
non_ident, client_p->username,
(struct sockaddr *) &client_p->localClient->ip,
- client_p->localClient->ip.ss_family);
+ client_p->localClient->ip.ss_family,
+ client_p->localClient->auth_user);
}
if(aconf == NULL)
char *host = p+1;
*p = '\0';
- strlcpy(client_p->username, aconf->name,
+ rb_strlcpy(client_p->username, aconf->name,
sizeof(client_p->username));
- strlcpy(client_p->host, host,
+ rb_strlcpy(client_p->host, host,
sizeof(client_p->host));
*p = '@';
}
else
- strlcpy(client_p->host, aconf->name, sizeof(client_p->host));
+ rb_strlcpy(client_p->host, aconf->name, sizeof(client_p->host));
}
return (attach_iline(client_p, aconf));
}
add_reject(client_p, aconf->user, aconf->host);
return (BANNED_CLIENT);
}
- else if(aconf->status & CONF_GLINE)
- {
- sendto_one_notice(client_p, ":*** G-lined");
-
- if(ConfigFileEntry.kline_with_reason)
- sendto_one(client_p,
- form_str(ERR_YOUREBANNEDCREEP),
- me.name, client_p->name, aconf->passwd);
-
- add_reject(client_p, aconf->user, aconf->host);
- return (BANNED_CLIENT);
- }
return NOT_AUTHORISED;
}
add_ip_limit(struct Client *client_p, struct ConfItem *aconf)
{
rb_patricia_node_t *pnode;
+ int bitlen;
/* If the limits are 0 don't do anything.. */
- if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0)
+ if(ConfCidrAmount(aconf) == 0
+ || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0))
return -1;
pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip);
+ if(GET_SS_FAMILY(&client_p->localClient->ip) == AF_INET)
+ bitlen = ConfCidrIpv4Bitlen(aconf);
+ else
+ bitlen = ConfCidrIpv6Bitlen(aconf);
+
if(pnode == NULL)
- pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, ConfCidrBitlen(aconf));
+ pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, bitlen);
s_assert(pnode != NULL);
if(pnode != NULL)
{
- if(((long) pnode->data) >= ConfCidrAmount(aconf)
- && !IsConfExemptLimits(aconf))
+ if(((intptr_t)pnode->data) >= ConfCidrAmount(aconf) && !IsConfExemptLimits(aconf))
{
/* This should only happen if the limits are set to 0 */
- if((unsigned long) pnode->data == 0)
+ if((intptr_t)pnode->data == 0)
{
rb_patricia_remove(ConfIpLimits(aconf), pnode);
}
return (0);
}
- pnode->data++;
+ pnode->data = (void *)(((intptr_t)pnode->data) + 1);
}
return 1;
}
rb_patricia_node_t *pnode;
/* If the limits are 0 don't do anything.. */
- if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0)
+ if(ConfCidrAmount(aconf) == 0
+ || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0))
return;
pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip);
if(pnode == NULL)
return;
- pnode->data--;
- if(((unsigned long) pnode->data) == 0)
+ pnode->data = (void *)(((intptr_t)pnode->data) - 1);
+ if(((intptr_t)pnode->data) == 0)
{
rb_patricia_remove(ConfIpLimits(aconf), pnode);
}
read_conf_files(NO);
if(ServerInfo.description != NULL)
- strlcpy(me.info, ServerInfo.description, sizeof(me.info));
+ rb_strlcpy(me.info, ServerInfo.description, sizeof(me.info));
else
- strlcpy(me.info, "unknown", sizeof(me.info));
+ rb_strlcpy(me.info, "unknown", sizeof(me.info));
open_logfiles();
return (0);
memset(&ServerInfo.ip, 0, sizeof(ServerInfo.ip));
ServerInfo.specific_ipv4_vhost = 0;
-#ifdef IPV6
+#ifdef RB_IPV6
memset(&ServerInfo.ip6, 0, sizeof(ServerInfo.ip6));
ServerInfo.specific_ipv6_vhost = 0;
#endif
ConfigFileEntry.fname_operlog = NULL;
ConfigFileEntry.fname_foperlog = NULL;
ConfigFileEntry.fname_serverlog = NULL;
- ConfigFileEntry.fname_glinelog = NULL;
ConfigFileEntry.fname_klinelog = NULL;
ConfigFileEntry.fname_operspylog = NULL;
ConfigFileEntry.fname_ioerrorlog = NULL;
- ConfigFileEntry.glines = NO;
ConfigFileEntry.use_egd = NO;
- ConfigFileEntry.gline_time = 12 * 3600;
- ConfigFileEntry.gline_min_cidr = 16;
- ConfigFileEntry.gline_min_cidr6 = 48;
ConfigFileEntry.hide_spoof_ips = YES;
ConfigFileEntry.hide_error_messages = 1;
ConfigFileEntry.dots_in_ident = 0;
ConfigFileEntry.max_targets = MAX_TARGETS_DEFAULT;
- ConfigFileEntry.servlink_path = rb_strdup(SLPATH);
ConfigFileEntry.egdpool_path = NULL;
ConfigFileEntry.use_whois_actually = YES;
ConfigFileEntry.burst_away = NO;
ConfigFileEntry.reject_after_count = 5;
ConfigFileEntry.reject_ban_time = 300;
ConfigFileEntry.reject_duration = 120;
- ConfigFileEntry.max_unknown_ip = 2;
+ ConfigFileEntry.throttle_count = 4;
+ ConfigFileEntry.throttle_duration = 60;
- ServerInfo.max_clients = maxconnections - MAX_BUFFER;
+ ServerInfo.default_max_clients = MAXCONNECTIONS;
}
#undef YES
validate_conf(); /* Check to make sure some values are still okay. */
/* Some global values are also loaded here. */
check_class(); /* Make sure classes are valid */
+ privilegeset_delete_all_illegal();
}
static void
if(ConfigFileEntry.ts_max_delta < TS_MAX_DELTA_MIN)
ConfigFileEntry.ts_max_delta = TS_MAX_DELTA_DEFAULT;
- if(ConfigFileEntry.servlink_path == NULL)
- ConfigFileEntry.servlink_path = rb_strdup(SLPATH);
-
if(ServerInfo.network_name == NULL)
ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT);
if(ServerInfo.network_desc == NULL)
ServerInfo.network_desc = rb_strdup(NETWORK_DESC_DEFAULT);
+ if(ServerInfo.ssld_count < 1)
+ ServerInfo.ssld_count = 1;
+
+ if(!rb_setup_ssl_server(ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params))
+ {
+ ilog(L_MAIN, "WARNING: Unable to setup SSL.");
+ ssl_ok = 0;
+ } else {
+ ssl_ok = 1;
+ send_new_ssl_certs(ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params);
+ }
+
+ if(ServerInfo.ssld_count > get_ssld_count())
+ {
+ int start = ServerInfo.ssld_count - get_ssld_count();
+ /* start up additional ssld if needed */
+ start_ssldaemon(start, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params);
+
+ }
+
if((ConfigFileEntry.client_flood < CLIENT_FLOOD_MIN) ||
(ConfigFileEntry.client_flood > CLIENT_FLOOD_MAX))
ConfigFileEntry.client_flood = CLIENT_FLOOD_MAX;
}
}
-/*
- * lookup_confhost - start DNS lookups of all hostnames in the conf
- * line and convert an IP addresses in a.b.c.d number for to IP#s.
- *
- */
-
-/*
- * conf_connect_allowed
- *
- * inputs - pointer to inaddr
- * - int type ipv4 or ipv6
- * output - ban info or NULL
- * side effects - none
- */
-struct ConfItem *
-conf_connect_allowed(struct sockaddr *addr, int aftype)
-{
- struct ConfItem *aconf = find_dline(addr, aftype);
-
- /* DLINE exempt also gets you out of static limits/pacing... */
- if(aconf && (aconf->status & CONF_EXEMPTDLINE))
- return NULL;
-
- if(aconf != NULL)
- return aconf;
-
- return NULL;
-}
-
/* add_temp_kline()
*
* inputs - pointer to struct ConfItem
}
aconf->flags |= CONF_FLAGS_TEMPORARY;
- add_conf_by_address(aconf->host, CONF_KILL, aconf->user, aconf);
+ add_conf_by_address(aconf->host, CONF_KILL, aconf->user, NULL, aconf);
}
/* add_temp_dline()
}
aconf->flags |= CONF_FLAGS_TEMPORARY;
- add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, aconf);
+ add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, NULL, aconf);
}
/* expire_tkline()
- Gozem 2002-07-21
*/
- strlcpy(conffilebuf, filename, sizeof(conffilebuf));
+ rb_strlcpy(conffilebuf, filename, sizeof(conffilebuf));
if((conf_fbfile_in = fopen(filename, "r")) == NULL)
{
rb_free(ServerInfo.network_desc);
ServerInfo.network_desc = NULL;
+ ServerInfo.ssld_count = 1;
+
/* clean out AdminInfo */
rb_free(AdminInfo.name);
AdminInfo.name = NULL;
*/
/* clean out general */
- rb_free(ConfigFileEntry.servlink_path);
- ConfigFileEntry.servlink_path = NULL;
+ rb_free(ConfigFileEntry.kline_reason);
+ ConfigFileEntry.kline_reason = NULL;
RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head)
{
destroy_blacklists();
+ privilegeset_mark_all_illegal();
+
/* OK, that should be everything... */
}
rb_snprintf(buffer, sizeof(buffer),
"\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n",
user, host, reason, oper_reason, current_date,
- get_oper_name(source_p), rb_current_time());
+ get_oper_name(source_p), (long int)rb_current_time());
}
else if(type == DLINE_TYPE)
{
rb_snprintf(buffer, sizeof(buffer),
"\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n", host,
- reason, oper_reason, current_date, get_oper_name(source_p), rb_current_time());
+ reason, oper_reason, current_date, get_oper_name(source_p), (long int)rb_current_time());
}
else if(type == RESV_TYPE)
{
rb_snprintf(buffer, sizeof(buffer), "\"%s\",\"%s\",\"%s\",%ld\n",
- host, reason, get_oper_name(source_p), rb_current_time());
+ host, reason, get_oper_name(source_p), (long int)rb_current_time());
}
if(fputs(buffer, out) == -1)
}
else
{
- add_conf_by_address(aconf->host, CONF_DLINE, NULL, aconf);
+ add_conf_by_address(aconf->host, CONF_DLINE, NULL, NULL, aconf);
}
}
+static char *
+strip_tabs(char *dest, const char *src, size_t len)
+{
+ char *d = dest;
+
+ if(dest == NULL || src == NULL)
+ return NULL;
+
+ rb_strlcpy(dest, src, len);
+
+ while(*d)
+ {
+ if(*d == '\t')
+ *d = ' ';
+ d++;
+ }
+ return dest;
+}
/*
* yyerror
{
char newlinebuf[BUFSIZE];
- strip_tabs(newlinebuf, (const unsigned char *) linebuf, strlen(linebuf));
+ strip_tabs(newlinebuf, linebuf, strlen(linebuf));
sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'",
conffilebuf, lineno + 1, msg, newlinebuf);