static struct alias_entry *yy_alias = NULL;
-static char *yy_blacklist_host = NULL;
-static char *yy_blacklist_reason = NULL;
-static uint8_t yy_blacklist_iptype = 0;
-static rb_dlink_list yy_blacklist_filters = { NULL, NULL, 0 };
+static char *yy_dnsbl_entry_host = NULL;
+static char *yy_dnsbl_entry_reason = NULL;
+static uint8_t yy_dnsbl_entry_iptype = 0;
+static rb_dlink_list yy_dnsbl_entry_filters = { NULL, NULL, 0 };
static char *yy_opm_address_ipv4 = NULL;
static char *yy_opm_address_ipv6 = NULL;
{
struct rb_sockaddr_storage addr;
- if(rb_inet_pton_sock(data, (struct sockaddr *)&addr) <= 0 || GET_SS_FAMILY(&addr) != AF_INET)
+ if(rb_inet_pton_sock(data, &addr) <= 0 || GET_SS_FAMILY(&addr) != AF_INET)
{
conf_report_error("Invalid IPv4 address for server vhost (%s)", (char *) data);
return;
struct rb_sockaddr_storage addr;
- if(rb_inet_pton_sock(data, (struct sockaddr *)&addr) <= 0 || GET_SS_FAMILY(&addr) != AF_INET6)
+ if(rb_inet_pton_sock(data, &addr) <= 0 || GET_SS_FAMILY(&addr) != AF_INET6)
{
conf_report_error("Invalid IPv6 address for server vhost (%s)", (char *) data);
return;
/* *INDENT-OFF* */
static struct mode_table umode_table[] = {
- {"callerid", UMODE_CALLERID },
{"deaf", UMODE_DEAF },
{"invisible", UMODE_INVISIBLE },
{"locops", UMODE_LOCOPS },
{"noforward", UMODE_NOFORWARD },
- {"regonlymsg", UMODE_REGONLYMSG},
{"servnotice", UMODE_SERVNOTICE},
{"wallop", UMODE_WALLOP },
{"operwall", UMODE_OPERWALL },
{"need_ssl", CONF_FLAGS_NEED_SSL },
{"need_sasl", CONF_FLAGS_NEED_SASL },
{"extend_chans", CONF_FLAGS_EXTEND_CHANS },
+ {"allow_sctp", CONF_FLAGS_ALLOW_SCTP },
+ {"kline_spoof_ip", CONF_FLAGS_KLINE_SPOOF },
{NULL, 0}
};
{ "compressed", SERVER_COMPRESSED },
{ "encrypted", SERVER_ENCRYPTED },
{ "topicburst", SERVER_TB },
+ { "sctp", SERVER_SCTP },
{ "ssl", SERVER_SSL },
{ "no-export", SERVER_NO_EXPORT },
{ NULL, 0 },
yy_class->max_sendq = *(unsigned int *) data;
}
-static char *listener_address;
+static char *listener_address[2];
static int
conf_begin_listen(struct TopConf *tc)
{
- rb_free(listener_address);
- listener_address = NULL;
+ for (int i = 0; i < ARRAY_SIZE(listener_address); i++) {
+ rb_free(listener_address[i]);
+ listener_address[i] = NULL;
+ }
yy_wsock = 0;
yy_defer_accept = 0;
return 0;
static int
conf_end_listen(struct TopConf *tc)
{
- rb_free(listener_address);
- listener_address = NULL;
+ for (int i = 0; i < ARRAY_SIZE(listener_address); i++) {
+ rb_free(listener_address[i]);
+ listener_address[i] = NULL;
+ }
yy_wsock = 0;
yy_defer_accept = 0;
return 0;
}
static void
-conf_set_listen_port_both(void *data, int ssl)
+conf_set_listen_port_both(void *data, int ssl, int sctp)
{
conf_parm_t *args = data;
for (; args; args = args->next)
{
if(CF_TYPE(args->type) != CF_INT)
{
- conf_report_error
- ("listener::port argument is not an integer " "-- ignoring.");
+ conf_report_error("listener::port argument is not an integer -- ignoring.");
continue;
}
- if(listener_address == NULL)
+ if(listener_address[0] == NULL)
{
- if (!ssl)
- {
- conf_report_warning("listener 'ANY/%d': support for plaintext listeners may be removed in a future release per RFCs 7194 & 7258. "
- "It is suggested that users be migrated to SSL/TLS connections.", args->v.number);
+ if (sctp) {
+ conf_report_error("listener::sctp_port has no addresses -- ignoring.");
+ } else {
+ add_tcp_listener(args->v.number, NULL, AF_INET, ssl, ssl || yy_defer_accept, yy_wsock);
+ add_tcp_listener(args->v.number, NULL, AF_INET6, ssl, ssl || yy_defer_accept, yy_wsock);
}
- add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept, yy_wsock);
- add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept, yy_wsock);
}
else
{
int family;
- if(strchr(listener_address, ':') != NULL)
+ if(strchr(listener_address[0], ':') != NULL)
family = AF_INET6;
else
family = AF_INET;
- if (!ssl)
- {
- conf_report_warning("listener '%s/%d': support for plaintext listeners may be removed in a future release per RFCs 7194 & 7258. "
- "It is suggested that users be migrated to SSL/TLS connections.", listener_address, args->v.number);
+ if (sctp) {
+#ifdef HAVE_LIBSCTP
+ add_sctp_listener(args->v.number, listener_address[0], listener_address[1], ssl, yy_wsock);
+#else
+ conf_report_error("Warning -- ignoring listener::sctp_port -- SCTP support not available.");
+#endif
+ } else {
+ add_tcp_listener(args->v.number, listener_address[0], family, ssl, ssl || yy_defer_accept, yy_wsock);
}
-
- add_listener(args->v.number, listener_address, family, ssl, ssl || yy_defer_accept, yy_wsock);
}
}
}
static void
conf_set_listen_port(void *data)
{
- conf_set_listen_port_both(data, 0);
+ conf_set_listen_port_both(data, 0, 0);
}
static void
conf_set_listen_sslport(void *data)
{
- conf_set_listen_port_both(data, 1);
+ conf_set_listen_port_both(data, 1, 0 );
+}
+
+static void
+conf_set_listen_sctp_port(void *data)
+{
+ conf_set_listen_port_both(data, 0, 1);
+}
+
+static void
+conf_set_listen_sctp_sslport(void *data)
+{
+ conf_set_listen_port_both(data, 1, 1);
}
static void
conf_set_listen_address(void *data)
{
- rb_free(listener_address);
- listener_address = rb_strdup(data);
+ rb_free(listener_address[1]);
+ listener_address[1] = listener_address[0];
+ listener_address[0] = rb_strdup(data);
}
static int
{
struct rb_sockaddr_storage addr;
- if(rb_inet_pton_sock(data, (struct sockaddr *)&addr) <= 0)
+ if(rb_inet_pton_sock(data, &addr) <= 0)
{
rb_free(yy_server->connect_host);
yy_server->connect_host = rb_strdup(data);
{
struct rb_sockaddr_storage addr;
- if(rb_inet_pton_sock(data, (struct sockaddr *)&addr) <= 0)
+ if(rb_inet_pton_sock(data, &addr) <= 0)
{
rb_free(yy_server->bind_host);
yy_server->bind_host = rb_strdup(data);
conf_report_error("Invalid setting '%s' for general::hide_error_messages.", val);
}
-static void
-conf_set_general_kline_delay(void *data)
-{
- ConfigFileEntry.kline_delay = *(unsigned int *) data;
-
- /* THIS MUST BE HERE to stop us being unable to check klines */
- kline_queued = false;
-}
-
static void
conf_set_general_stats_k_oper_only(void *data)
{
}
/* XXX for below */
-static void conf_set_blacklist_reason(void *data);
+static void conf_set_dnsbl_entry_reason(void *data);
#define IPTYPE_IPV4 1
#define IPTYPE_IPV6 2
+static int
+conf_warn_blacklist_deprecation(struct TopConf *tc)
+{
+ conf_report_error("blacklist{} blocks have been deprecated -- use dnsbl{} blocks instead.");
+ return 0;
+}
+
static void
-conf_set_blacklist_host(void *data)
+conf_set_dnsbl_entry_host(void *data)
{
- if (yy_blacklist_host)
+ if (yy_dnsbl_entry_host)
{
- conf_report_error("blacklist::host %s overlaps existing host %s",
- (char *)data, yy_blacklist_host);
+ conf_report_error("dnsbl::host %s overlaps existing host %s",
+ (char *)data, yy_dnsbl_entry_host);
/* Cleanup */
- conf_set_blacklist_reason(NULL);
+ conf_set_dnsbl_entry_reason(NULL);
return;
}
- yy_blacklist_iptype |= IPTYPE_IPV4;
- yy_blacklist_host = rb_strdup(data);
+ yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
+ yy_dnsbl_entry_host = rb_strdup(data);
}
static void
-conf_set_blacklist_type(void *data)
+conf_set_dnsbl_entry_type(void *data)
{
conf_parm_t *args = data;
/* Don't assume we have either if we got here */
- yy_blacklist_iptype = 0;
+ yy_dnsbl_entry_iptype = 0;
for (; args; args = args->next)
{
if (!rb_strcasecmp(args->v.string, "ipv4"))
- yy_blacklist_iptype |= IPTYPE_IPV4;
+ yy_dnsbl_entry_iptype |= IPTYPE_IPV4;
else if (!rb_strcasecmp(args->v.string, "ipv6"))
- yy_blacklist_iptype |= IPTYPE_IPV6;
+ yy_dnsbl_entry_iptype |= IPTYPE_IPV6;
else
- conf_report_error("blacklist::type has unknown address family %s",
+ conf_report_error("dnsbl::type has unknown address family %s",
args->v.string);
}
/* If we have neither, just default to IPv4 */
- if (!yy_blacklist_iptype)
+ if (!yy_dnsbl_entry_iptype)
{
- conf_report_warning("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
- yy_blacklist_iptype = IPTYPE_IPV4;
+ conf_report_warning("dnsbl::type has neither IPv4 nor IPv6 (defaulting to IPv4)");
+ yy_dnsbl_entry_iptype = IPTYPE_IPV4;
}
}
static void
-conf_set_blacklist_matches(void *data)
+conf_set_dnsbl_entry_matches(void *data)
{
conf_parm_t *args = data;
enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST };
if (CF_TYPE(args->type) != CF_QSTRING)
{
- conf_report_error("blacklist::matches -- must be quoted string");
+ conf_report_error("dnsbl::matches -- must be quoted string");
continue;
}
if (str == NULL)
{
- conf_report_error("blacklist::matches -- invalid entry");
+ conf_report_error("dnsbl::matches -- invalid entry");
continue;
}
if (strlen(str) > HOSTIPLEN)
{
- conf_report_error("blacklist::matches has an entry too long: %s",
+ conf_report_error("dnsbl::matches has an entry too long: %s",
str);
continue;
}
type = FILTER_ALL;
else if (!isdigit((unsigned char)*p))
{
- conf_report_error("blacklist::matches has invalid IP match entry %s",
+ conf_report_error("dnsbl::matches has invalid IP match entry %s",
str);
type = FILTER_NONE;
break;
struct rb_sockaddr_storage tmp;
if (rb_inet_pton(AF_INET, str, &tmp) <= 0)
{
- conf_report_error("blacklist::matches has invalid IP match entry %s",
+ conf_report_error("dnsbl::matches has invalid IP match entry %s",
str);
continue;
}
/* Verify it's the correct length */
if (strlen(str) > 3)
{
- conf_report_error("blacklist::matches has invalid octet match entry %s",
+ conf_report_error("dnsbl::matches has invalid octet match entry %s",
str);
continue;
}
continue; /* Invalid entry */
}
- rb_dlinkAddAlloc(rb_strdup(str), &yy_blacklist_filters);
+ rb_dlinkAddAlloc(rb_strdup(str), &yy_dnsbl_entry_filters);
}
}
static void
-conf_set_blacklist_reason(void *data)
+conf_set_dnsbl_entry_reason(void *data)
{
rb_dlink_node *ptr, *nptr;
- if (yy_blacklist_host && data)
+ if (yy_dnsbl_entry_host && data)
{
- yy_blacklist_reason = rb_strdup(data);
- if (yy_blacklist_iptype & IPTYPE_IPV6)
+ yy_dnsbl_entry_reason = rb_strdup(data);
+ if (yy_dnsbl_entry_iptype & IPTYPE_IPV6)
{
/* Make sure things fit (magic number 64 = alnum count + dots)
* Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
*/
- if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
+ if ((64 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
{
- conf_report_error("blacklist::host %s results in IPv6 queries that are too long",
- yy_blacklist_host);
+ conf_report_error("dnsbl::host %s results in IPv6 queries that are too long",
+ yy_dnsbl_entry_host);
goto cleanup_bl;
}
}
/* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */
- if ((yy_blacklist_iptype & IPTYPE_IPV4) && !(yy_blacklist_iptype & IPTYPE_IPV6))
+ if ((yy_dnsbl_entry_iptype & IPTYPE_IPV4) && !(yy_dnsbl_entry_iptype & IPTYPE_IPV6))
{
/* Make sure things fit for worst case (magic number 16 = number of nums + dots)
* Example: 127.127.127.127.in-addr.arpa
*/
- if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
+ if ((16 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN)
{
- conf_report_error("blacklist::host %s results in IPv4 queries that are too long",
- yy_blacklist_host);
+ conf_report_error("dnsbl::host %s results in IPv4 queries that are too long",
+ yy_dnsbl_entry_host);
goto cleanup_bl;
}
}
- add_blacklist(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_iptype, &yy_blacklist_filters);
+ add_dnsbl_entry(yy_dnsbl_entry_host, yy_dnsbl_entry_reason, yy_dnsbl_entry_iptype, &yy_dnsbl_entry_filters);
}
cleanup_bl:
- RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_blacklist_filters.head)
+ RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_dnsbl_entry_filters.head)
{
rb_free(ptr->data);
- rb_dlinkDestroy(ptr, &yy_blacklist_filters);
+ rb_dlinkDestroy(ptr, &yy_dnsbl_entry_filters);
}
- yy_blacklist_filters = (rb_dlink_list){ NULL, NULL, 0 };
+ yy_dnsbl_entry_filters = (rb_dlink_list){ NULL, NULL, 0 };
- rb_free(yy_blacklist_host);
- rb_free(yy_blacklist_reason);
- yy_blacklist_host = NULL;
- yy_blacklist_reason = NULL;
- yy_blacklist_iptype = 0;
+ rb_free(yy_dnsbl_entry_host);
+ rb_free(yy_dnsbl_entry_reason);
+ yy_dnsbl_entry_host = NULL;
+ yy_dnsbl_entry_reason = NULL;
+ yy_dnsbl_entry_iptype = 0;
}
const char *confstr = (ipv6 ? "opm::listen_ipv6" : "opm::listen_ipv4");
char *ip = data;
- if(!rb_inet_pton_sock(ip, (struct sockaddr *)&addr))
+ if(!rb_inet_pton_sock(ip, &addr))
{
conf_report_error("%s is an invalid address: %s", confstr, ip);
return;
{ "compression_level", CF_INT, conf_set_general_compression_level, 0, NULL },
{ "havent_read_conf", CF_YESNO, conf_set_general_havent_read_conf, 0, NULL },
{ "hide_error_messages",CF_STRING, conf_set_general_hide_error_messages,0, NULL },
- { "kline_delay", CF_TIME, conf_set_general_kline_delay, 0, NULL },
{ "stats_k_oper_only", CF_STRING, conf_set_general_stats_k_oper_only, 0, NULL },
{ "stats_i_oper_only", CF_STRING, conf_set_general_stats_i_oper_only, 0, NULL },
{ "default_umodes", CF_QSTRING, conf_set_general_default_umodes, 0, NULL },
{ "client_exit", CF_YESNO, NULL, 0, &ConfigFileEntry.client_exit },
{ "collision_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.collision_fnc },
{ "resv_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.resv_fnc },
+ { "post_registration_delay", CF_TIME, NULL, 0, &ConfigFileEntry.post_registration_delay },
{ "connect_timeout", CF_TIME, NULL, 0, &ConfigFileEntry.connect_timeout },
{ "default_floodcount", CF_INT, NULL, 0, &ConfigFileEntry.default_floodcount },
{ "default_ident_timeout", CF_INT, NULL, 0, &ConfigFileEntry.default_ident_timeout },
{ "hide_spoof_ips", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_spoof_ips },
{ "dline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.dline_with_reason },
{ "kline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.kline_with_reason },
+ { "hide_tkdline_duration", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_tkdline_duration },
{ "map_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.map_oper_only },
{ "max_accept", CF_INT, NULL, 0, &ConfigFileEntry.max_accept },
{ "max_monitor", CF_INT, NULL, 0, &ConfigFileEntry.max_monitor },
{ "max_ratelimit_tokens", CF_INT, NULL, 0, &ConfigFileEntry.max_ratelimit_tokens },
{ "away_interval", CF_INT, NULL, 0, &ConfigFileEntry.away_interval },
{ "hide_opers_in_whois", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers_in_whois },
+ { "hide_opers", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers },
{ "certfp_method", CF_STRING, conf_set_general_certfp_method, 0, NULL },
+ { "drain_reason", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.drain_reason },
+ { "tls_ciphers_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.tls_ciphers_oper_only },
{ "\0", 0, NULL, 0, NULL }
};
{ "autochanmodes", CF_QSTRING, conf_set_channel_autochanmodes, 0, NULL },
{ "displayed_usercount", CF_INT, NULL, 0, &ConfigChannel.displayed_usercount },
{ "strip_topic_colors", CF_YESNO, NULL, 0, &ConfigChannel.strip_topic_colors },
+ { "opmod_send_statusmsg", CF_YESNO, NULL, 0, &ConfigChannel.opmod_send_statusmsg },
{ "\0", 0, NULL, 0, NULL }
};
add_conf_item("listen", "wsock", CF_YESNO, conf_set_listen_wsock);
add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port);
add_conf_item("listen", "sslport", CF_INT | CF_FLIST, conf_set_listen_sslport);
+ add_conf_item("listen", "sctp_port", CF_INT | CF_FLIST, conf_set_listen_sctp_port);
+ add_conf_item("listen", "sctp_sslport", CF_INT | CF_FLIST, conf_set_listen_sctp_sslport);
add_conf_item("listen", "ip", CF_QSTRING, conf_set_listen_address);
add_conf_item("listen", "host", CF_QSTRING, conf_set_listen_address);
add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name);
add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target);
- add_top_conf("blacklist", NULL, NULL, NULL);
- add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host);
- add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type);
- add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_blacklist_matches);
- add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason);
+ add_top_conf("dnsbl", NULL, NULL, NULL);
+ add_conf_item("dnsbl", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
+ add_conf_item("dnsbl", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
+ add_conf_item("dnsbl", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
+ add_conf_item("dnsbl", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
+
+ add_top_conf("blacklist", conf_warn_blacklist_deprecation, NULL, NULL);
+ add_conf_item("blacklist", "host", CF_QSTRING, conf_set_dnsbl_entry_host);
+ add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type);
+ add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches);
+ add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason);
add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL);
add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);