#include "wsproc.h"
#include "privilege.h"
#include "chmode.h"
+#include "certfp.h"
#define CF_TYPE(x) ((x) & CF_MTYPE)
return;
}
- strcpy(ServerInfo.sid, sid);
+ rb_strlcpy(ServerInfo.sid, sid, sizeof(ServerInfo.sid));
}
}
conf_set_serverinfo_vhost6(void *data)
{
-#ifdef RB_IPV6
struct rb_sockaddr_storage addr;
if(rb_inet_pton_sock(data, (struct sockaddr *)&addr) <= 0 || GET_SS_FAMILY(&addr) != AF_INET6)
}
ServerInfo.bind6 = addr;
-#else
- conf_report_error("Warning -- ignoring serverinfo::vhost6 -- IPv6 support not available.");
-#endif
}
static void
m_bn = rb_basename((char *) data);
- if(findmodule_byname(m_bn) == -1)
+ if(findmodule_byname(m_bn) == NULL)
load_one_module((char *) data, MAPI_ORIGIN_EXTENSION, false);
rb_free(m_bn);
{ "encrypted", SERVER_ENCRYPTED },
{ "topicburst", SERVER_TB },
{ "ssl", SERVER_SSL },
+ { "no-export", SERVER_NO_EXPORT },
{ NULL, 0 },
};
}
-#ifdef RB_IPV6
static void
conf_set_class_cidr_ipv6_bitlen(void *data)
{
yy_class->cidr_ipv6_bitlen = *(unsigned int *) data;
}
-#endif
static void
conf_set_class_number_per_cidr(void *data)
{
rb_free(listener_address);
listener_address = NULL;
+ yy_wsock = 0;
+ yy_defer_accept = 0;
return 0;
}
{
rb_free(listener_address);
listener_address = NULL;
+ yy_wsock = 0;
+ yy_defer_accept = 0;
return 0;
}
{
if (!ssl)
{
- conf_report_warning("listener 'ANY/%d': support for plaintext listeners may be removed in a future release per RFC 7194. "
+ conf_report_warning("listener 'ANY/%d': support for plaintext listeners may be removed in a future release per RFCs 7194 & 7258. "
"It is suggested that users be migrated to SSL/TLS connections.", args->v.number);
}
add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept, yy_wsock);
-#ifdef RB_IPV6
add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept, yy_wsock);
-#endif
}
else
{
int family;
-#ifdef RB_IPV6
if(strchr(listener_address, ':') != NULL)
family = AF_INET6;
else
-#endif
family = AF_INET;
if (!ssl)
{
- conf_report_warning("listener '%s/%d': support for plaintext listeners may be removed in a future release per RFC 7194. "
+ conf_report_warning("listener '%s/%d': support for plaintext listeners may be removed in a future release per RFCs 7194 & 7258. "
"It is suggested that users be migrated to SSL/TLS connections.", listener_address, args->v.number);
}
return 0;
}
+ if((yy_server->flags & SERVER_SSL) && EmptyString(yy_server->certfp))
+ {
+ conf_report_error("Ignoring connect block for %s -- no fingerprint provided for SSL connection.",
+ yy_server->name);
+ return 0;
+ }
+
if(EmptyString(yy_server->connect_host)
&& GET_SS_FAMILY(&yy_server->connect4) != AF_INET
-#ifdef RB_IPV6
&& GET_SS_FAMILY(&yy_server->connect6) != AF_INET6
-#endif
)
{
conf_report_error("Ignoring connect block for %s -- missing host.",
{
yy_server->connect4 = addr;
}
-#ifdef RB_IPV6
else if(GET_SS_FAMILY(&addr) == AF_INET6)
{
yy_server->connect6 = addr;
}
-#endif
else
{
conf_report_error("Unsupported IP address for server connect host (%s)",
{
yy_server->bind4 = addr;
}
-#ifdef RB_IPV6
else if(GET_SS_FAMILY(&addr) == AF_INET6)
{
yy_server->bind6 = addr;
}
-#endif
else
{
conf_report_error("Unsupported IP address for server connect vhost (%s)",
if(rb_strcasecmp(aft, "ipv4") == 0)
yy_server->aftype = AF_INET;
-#ifdef RB_IPV6
else if(rb_strcasecmp(aft, "ipv6") == 0)
yy_server->aftype = AF_INET6;
-#endif
else
conf_report_error("connect::aftype '%s' is unknown.", aft);
}
{
char *method = data;
- if (!rb_strcasecmp(method, "sha1"))
+ if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA1))
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1;
- else if (!rb_strcasecmp(method, "sha256"))
+ else if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA256))
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA256;
- else if (!rb_strcasecmp(method, "sha512"))
+ else if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA512))
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA512;
- else if (!rb_strcasecmp(method, "spki_sha256"))
+ else if (!rb_strcasecmp(method, CERTFP_NAME_SPKI_SHA256))
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SPKI_SHA256;
- else if (!rb_strcasecmp(method, "spki_sha512"))
+ else if (!rb_strcasecmp(method, CERTFP_NAME_SPKI_SHA512))
ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SPKI_SHA512;
else
{
if(ipv6)
{
-#ifdef RB_IPV6
if(GET_SS_FAMILY(&addr) != AF_INET6)
{
conf_report_error("%s is of the wrong address type: %s", confstr, ip);
}
yy_opm_address_ipv6 = rb_strdup(ip);
-#else
- conf_report_error("%s requires IPv6 support in your ircd", confstr, ip);
- return;
-#endif
}
else
{
int port = *((int *)data);
const char *confstr = (ipv6 ? "opm::port_ipv6" : "opm::port_ipv4");
-#ifndef RB_IPV6
- if(ipv6)
- {
- conf_report_error("%s requires IPv6 support in your ircd", confstr);
- return;
- }
-#endif
-
if(port > 65535 || port <= 0)
{
conf_report_error("%s is out of range: %d", confstr, port);
{
{ "ping_time", CF_TIME, conf_set_class_ping_time, 0, NULL },
{ "cidr_ipv4_bitlen", CF_INT, conf_set_class_cidr_ipv4_bitlen, 0, NULL },
-#ifdef RB_IPV6
{ "cidr_ipv6_bitlen", CF_INT, conf_set_class_cidr_ipv6_bitlen, 0, NULL },
-#endif
{ "number_per_cidr", CF_INT, conf_set_class_number_per_cidr, 0, NULL },
{ "number_per_ip", CF_INT, conf_set_class_number_per_ip, 0, NULL },
{ "number_per_ip_global", CF_INT,conf_set_class_number_per_ip_global, 0, NULL },
projects / solanum.git / blobdiff