X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/10847f65d321282aa84bcf057774e920f073df84..e2606551a2853e90cffa264d70a159ba61e0cbe4:/src/newconf.c diff --git a/src/newconf.c b/src/newconf.c index 6fe62ddd..95013c53 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -54,6 +54,9 @@ static struct alias_entry *yy_alias = NULL; static char *yy_blacklist_host = NULL; static char *yy_blacklist_reason = NULL; +static int yy_blacklist_ipv4 = 1; +static int yy_blacklist_ipv6 = 0; + static char *yy_privset_extends = NULL; static const char * @@ -263,7 +266,7 @@ conf_set_modules_module(void *data) #ifndef STATIC_MODULES char *m_bn; - m_bn = irc_basename((char *) data); + m_bn = rb_basename((char *) data); if(findmodule_byname(m_bn) != -1) return; @@ -595,6 +598,9 @@ conf_end_oper(struct TopConf *tc) return 0; } } + + if(!EmptyString(yy_oper->certfp)) + yy_tmpoper->certfp = rb_strdup(yy_oper->certfp); #endif /* all is ok, put it on oper_conf_list */ @@ -615,6 +621,14 @@ conf_set_oper_flags(void *data) set_modes_from_table(&yy_oper->flags, "flag", oper_table, args); } +static void +conf_set_oper_fingerprint(void *data) +{ + if (yy_oper->certfp) + rb_free(yy_oper->certfp); + yy_oper->certfp = rb_strdup((char *) data); +} + static void conf_set_oper_privset(void *data) { @@ -723,21 +737,33 @@ conf_set_class_ping_time(void *data) } static void -conf_set_class_cidr_bitlen(void *data) +conf_set_class_cidr_ipv4_bitlen(void *data) { + unsigned int maxsize = 32; + if(*(unsigned int *) data > maxsize) + conf_report_error + ("class::cidr_ipv4_bitlen argument exceeds maxsize (%d > %d) - ignoring.", + *(unsigned int *) data, maxsize); + else + yy_class->cidr_ipv4_bitlen = *(unsigned int *) data; + +} + #ifdef RB_IPV6 +static void +conf_set_class_cidr_ipv6_bitlen(void *data) +{ unsigned int maxsize = 128; -#else - unsigned int maxsize = 32; -#endif if(*(unsigned int *) data > maxsize) conf_report_error - ("class::cidr_bitlen argument exceeds maxsize (%d > %d) - ignoring.", + ("class::cidr_ipv6_bitlen argument exceeds maxsize (%d > %d) - ignoring.", *(unsigned int *) data, maxsize); else - yy_class->cidr_bitlen = *(unsigned int *) data; + yy_class->cidr_ipv6_bitlen = *(unsigned int *) data; } +#endif + static void conf_set_class_number_per_cidr(void *data) { @@ -880,12 +906,12 @@ conf_begin_auth(struct TopConf *tc) static int conf_end_auth(struct TopConf *tc) { - struct ConfItem *yy_tmp; + struct ConfItem *yy_tmp, *found_conf; rb_dlink_node *ptr; rb_dlink_node *next_ptr; - if(EmptyString(yy_aconf->name)) - yy_aconf->name = rb_strdup("NOMATCH"); + if(EmptyString(yy_aconf->info.name)) + yy_aconf->info.name = rb_strdup("NOMATCH"); /* didnt even get one ->host? */ if(EmptyString(yy_aconf->host)) @@ -898,7 +924,15 @@ conf_end_auth(struct TopConf *tc) collapse(yy_aconf->user); collapse(yy_aconf->host); conf_add_class_to_conf(yy_aconf); - add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf->spasswd, yy_aconf); + if ((found_conf = find_exact_conf_by_address("*", CONF_CLIENT, "*")) && found_conf->spasswd == NULL) + conf_report_error("Ignoring redundant auth block (after *@*)"); + else if ((found_conf = find_exact_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user)) && + (!found_conf->spasswd || (yy_aconf->spasswd && + 0 == irccmp(found_conf->spasswd, yy_aconf->spasswd)))) + conf_report_error("Ignoring duplicate auth block for %s@%s", + yy_aconf->user, yy_aconf->host); + else + add_conf_by_address(yy_aconf->host, CONF_CLIENT, yy_aconf->user, yy_aconf->spasswd, yy_aconf); RB_DLINK_FOREACH_SAFE(ptr, next_ptr, yy_aconf_list.head) { @@ -911,7 +945,7 @@ conf_end_auth(struct TopConf *tc) yy_tmp->spasswd = rb_strdup(yy_aconf->spasswd); /* this will always exist.. */ - yy_tmp->name = rb_strdup(yy_aconf->name); + yy_tmp->info.name = rb_strdup(yy_aconf->info.name); if(yy_aconf->className) yy_tmp->className = rb_strdup(yy_aconf->className); @@ -924,7 +958,13 @@ conf_end_auth(struct TopConf *tc) conf_add_class_to_conf(yy_tmp); - add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp->spasswd, yy_tmp); + if (find_exact_conf_by_address("*", CONF_CLIENT, "*")) + conf_report_error("Ignoring redundant auth block (after *@*)"); + else if (find_exact_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user)) + conf_report_error("Ignoring duplicate auth block for %s@%s", + yy_tmp->user, yy_tmp->host); + else + add_conf_by_address(yy_tmp->host, CONF_CLIENT, yy_tmp->user, yy_tmp->spasswd, yy_tmp); rb_dlinkDestroy(ptr, &yy_aconf_list); } @@ -1038,8 +1078,8 @@ conf_set_auth_spoof(void *data) return; } - rb_free(yy_aconf->name); - yy_aconf->name = rb_strdup(data); + rb_free(yy_aconf->info.name); + yy_aconf->info.name = rb_strdup(data); yy_aconf->flags |= CONF_FLAGS_SPOOF_IP; } @@ -1055,8 +1095,8 @@ static void conf_set_auth_redir_serv(void *data) { yy_aconf->flags |= CONF_FLAGS_REDIR; - rb_free(yy_aconf->name); - yy_aconf->name = rb_strdup(data); + rb_free(yy_aconf->info.name); + yy_aconf->info.name = rb_strdup(data); } static void @@ -1210,9 +1250,9 @@ conf_end_connect(struct TopConf *tc) return 0; } - if(EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) + if((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) && EmptyString(yy_server->certfp)) { - conf_report_error("Ignoring connect block for %s -- missing password.", + conf_report_error("Ignoring connect block for %s -- no fingerprint or password credentials provided.", yy_server->name); return 0; } @@ -1231,13 +1271,6 @@ conf_end_connect(struct TopConf *tc) yy_server->flags &= ~SERVER_COMPRESSED; } #endif - if(ServerConfCompressed(yy_server) && ServerConfSSL(yy_server)) - { - conf_report_error("Ignoring compressed for connect block %s -- " - "ssl and compressed are mutually exclusive (OpenSSL does its own compression)", - yy_server->name); - yy_server->flags &= ~SERVER_COMPRESSED; - } add_server_conf(yy_server); rb_dlinkAdd(yy_server, &yy_server->node, &server_conf_list); @@ -1291,6 +1324,17 @@ conf_set_connect_accept_password(void *data) yy_server->passwd = rb_strdup(data); } +static void +conf_set_connect_fingerprint(void *data) +{ + if (yy_server->certfp) + rb_free(yy_server->certfp); + yy_server->certfp = rb_strdup((char *) data); + + /* force SSL to be enabled if fingerprint is enabled. */ + yy_server->flags |= SERVER_SSL; +} + static void conf_set_connect_port(void *data) { @@ -1549,6 +1593,7 @@ conf_set_general_default_umodes(void *data) /* don't allow +o */ case 'o': case 'S': + case 'Z': case ' ': break; @@ -1705,9 +1750,6 @@ conf_end_alias(struct TopConf *tc) return -1; } - if (!alias_dict) - alias_dict = irc_dictionary_create(strcasecmp); - irc_dictionary_add(alias_dict, yy_alias->name, yy_alias); return 0; @@ -1737,6 +1779,34 @@ conf_set_blacklist_host(void *data) yy_blacklist_host = rb_strdup(data); } +static void +conf_set_blacklist_type(void *data) +{ + conf_parm_t *args = data; + + /* Don't assume we have either if we got here */ + yy_blacklist_ipv4 = 0; + yy_blacklist_ipv6 = 0; + + for (; args; args = args->next) + { + if (!strcasecmp(args->v.string, "ipv4")) + yy_blacklist_ipv4 = 1; + else if (!strcasecmp(args->v.string, "ipv6")) + yy_blacklist_ipv6 = 1; + else + conf_report_error("blacklist::type has unknown address family %s", + args->v.string); + } + + /* If we have neither, just default to IPv4 */ + if (!yy_blacklist_ipv4 && !yy_blacklist_ipv6) + { + conf_report_error("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)"); + yy_blacklist_ipv4 = 1; + } +} + static void conf_set_blacklist_reason(void *data) { @@ -1744,11 +1814,37 @@ conf_set_blacklist_reason(void *data) if (yy_blacklist_host && yy_blacklist_reason) { - new_blacklist(yy_blacklist_host, yy_blacklist_reason); + if (yy_blacklist_ipv6) + { + /* Make sure things fit (64 = alnum count + dots) */ + if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) + { + conf_report_error("blacklist::host %s results in IPv6 queries that are too long", + yy_blacklist_host); + goto cleanup_bl; + } + } + /* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */ + if (yy_blacklist_ipv4 && !yy_blacklist_ipv6) + { + /* Make sure things fit (16 = number of nums + dots) */ + if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) + { + conf_report_error("blacklist::host %s results in IPv4 queries that are too long", + yy_blacklist_host); + goto cleanup_bl; + } + } + + new_blacklist(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_ipv4, yy_blacklist_ipv6); + +cleanup_bl: rb_free(yy_blacklist_host); rb_free(yy_blacklist_reason); yy_blacklist_host = NULL; yy_blacklist_reason = NULL; + yy_blacklist_ipv4 = 1; + yy_blacklist_ipv6 = 0; } } @@ -1843,7 +1939,7 @@ conf_call_set(struct TopConf *tc, char *item, conf_parm_t * value, int type) /* if it takes one thing, make sure they only passed one thing, and handle as needed. */ - if(value->type & CF_FLIST && !cf->cf_type & CF_FLIST) + if((value->v.list->type & CF_FLIST) && !(cf->cf_type & CF_FLIST)) { conf_report_error ("Option %s::%s does not take a list of values.", tc->tc_name, item); @@ -2002,15 +2098,15 @@ static struct ConfEntry conf_admin_table[] = static struct ConfEntry conf_log_table[] = { - { "fname_userlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_userlog }, - { "fname_fuserlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_fuserlog }, - { "fname_operlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_operlog }, - { "fname_foperlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_foperlog }, - { "fname_serverlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_serverlog }, - { "fname_killlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_killlog }, - { "fname_klinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_klinelog }, - { "fname_operspylog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_operspylog }, - { "fname_ioerrorlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_ioerrorlog }, + { "fname_userlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_userlog }, + { "fname_fuserlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_fuserlog }, + { "fname_operlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_operlog }, + { "fname_foperlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_foperlog }, + { "fname_serverlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_serverlog }, + { "fname_killlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_killlog }, + { "fname_klinelog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_klinelog }, + { "fname_operspylog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_operspylog }, + { "fname_ioerrorlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_ioerrorlog }, { "\0", 0, NULL, 0, NULL } }; @@ -2023,6 +2119,7 @@ static struct ConfEntry conf_operator_table[] = { "snomask", CF_QSTRING, conf_set_oper_snomask, 0, NULL }, { "user", CF_QSTRING, conf_set_oper_user, 0, NULL }, { "password", CF_QSTRING, conf_set_oper_password, 0, NULL }, + { "fingerprint", CF_QSTRING, conf_set_oper_fingerprint, 0, NULL }, { "\0", 0, NULL, 0, NULL } }; @@ -2036,7 +2133,10 @@ static struct ConfEntry conf_privset_table[] = static struct ConfEntry conf_class_table[] = { { "ping_time", CF_TIME, conf_set_class_ping_time, 0, NULL }, - { "cidr_bitlen", CF_INT, conf_set_class_cidr_bitlen, 0, NULL }, + { "cidr_ipv4_bitlen", CF_INT, conf_set_class_cidr_ipv4_bitlen, 0, NULL }, +#ifdef RB_IPV6 + { "cidr_ipv6_bitlen", CF_INT, conf_set_class_cidr_ipv6_bitlen, 0, NULL }, +#endif { "number_per_cidr", CF_INT, conf_set_class_number_per_cidr, 0, NULL }, { "number_per_ip", CF_INT, conf_set_class_number_per_ip, 0, NULL }, { "number_per_ip_global", CF_INT,conf_set_class_number_per_ip_global, 0, NULL }, @@ -2064,6 +2164,7 @@ static struct ConfEntry conf_connect_table[] = { { "send_password", CF_QSTRING, conf_set_connect_send_password, 0, NULL }, { "accept_password", CF_QSTRING, conf_set_connect_accept_password, 0, NULL }, + { "fingerprint", CF_QSTRING, conf_set_connect_fingerprint, 0, NULL }, { "flags", CF_STRING | CF_FLIST, conf_set_connect_flags, 0, NULL }, { "host", CF_QSTRING, conf_set_connect_host, 0, NULL }, { "vhost", CF_QSTRING, conf_set_connect_vhost, 0, NULL }, @@ -2091,7 +2192,7 @@ static struct ConfEntry conf_general_table[] = { "default_operstring", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.default_operstring }, { "default_adminstring",CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.default_adminstring }, { "servicestring", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.servicestring }, - { "egdpool_path", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.egdpool_path }, + { "egdpool_path", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.egdpool_path }, { "kline_reason", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.kline_reason }, { "identify_service", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifyservice }, { "identify_command", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifycommand }, @@ -2106,10 +2207,10 @@ static struct ConfEntry conf_general_table[] = { "burst_away", CF_YESNO, NULL, 0, &ConfigFileEntry.burst_away }, { "caller_id_wait", CF_TIME, NULL, 0, &ConfigFileEntry.caller_id_wait }, { "client_exit", CF_YESNO, NULL, 0, &ConfigFileEntry.client_exit }, - { "client_flood", CF_INT, NULL, 0, &ConfigFileEntry.client_flood }, { "collision_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.collision_fnc }, { "connect_timeout", CF_TIME, NULL, 0, &ConfigFileEntry.connect_timeout }, { "default_floodcount", CF_INT, NULL, 0, &ConfigFileEntry.default_floodcount }, + { "default_ident_timeout", CF_INT, NULL, 0, &ConfigFileEntry.default_ident_timeout }, { "disable_auth", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_auth }, { "dots_in_ident", CF_INT, NULL, 0, &ConfigFileEntry.dots_in_ident }, { "failed_oper_notice", CF_YESNO, NULL, 0, &ConfigFileEntry.failed_oper_notice }, @@ -2149,6 +2250,12 @@ static struct ConfEntry conf_general_table[] = { "ts_warn_delta", CF_TIME, NULL, 0, &ConfigFileEntry.ts_warn_delta }, { "use_whois_actually", CF_YESNO, NULL, 0, &ConfigFileEntry.use_whois_actually }, { "warn_no_nline", CF_YESNO, NULL, 0, &ConfigFileEntry.warn_no_nline }, + { "use_propagated_bans",CF_YESNO, NULL, 0, &ConfigFileEntry.use_propagated_bans }, + { "client_flood_max_lines", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_max_lines }, + { "client_flood_burst_rate", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_rate }, + { "client_flood_burst_max", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_max }, + { "client_flood_message_num", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_num }, + { "client_flood_message_time", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_time }, { "\0", 0, NULL, 0, NULL } }; @@ -2165,10 +2272,14 @@ static struct ConfEntry conf_channel_table[] = { "max_chans_per_user", CF_INT, NULL, 0, &ConfigChannel.max_chans_per_user }, { "no_create_on_split", CF_YESNO, NULL, 0, &ConfigChannel.no_create_on_split }, { "no_join_on_split", CF_YESNO, NULL, 0, &ConfigChannel.no_join_on_split }, + { "only_ascii_channels", CF_YESNO, NULL, 0, &ConfigChannel.only_ascii_channels }, { "use_except", CF_YESNO, NULL, 0, &ConfigChannel.use_except }, { "use_invex", CF_YESNO, NULL, 0, &ConfigChannel.use_invex }, - { "use_knock", CF_YESNO, NULL, 0, &ConfigChannel.use_knock }, { "use_forward", CF_YESNO, NULL, 0, &ConfigChannel.use_forward }, + { "use_knock", CF_YESNO, NULL, 0, &ConfigChannel.use_knock }, + { "resv_forcepart", CF_YESNO, NULL, 0, &ConfigChannel.resv_forcepart }, + { "channel_target_change", CF_YESNO, NULL, 0, &ConfigChannel.channel_target_change }, + { "disable_local_channels", CF_YESNO, NULL, 0, &ConfigChannel.disable_local_channels }, { "\0", 0, NULL, 0, NULL } }; @@ -2230,5 +2341,6 @@ newconf_init() add_top_conf("blacklist", NULL, NULL, NULL); add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host); + add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type); add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason); }