X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/c1f4db3fb7928423ecc2606a1575c2a317535167..9dd98618d044c63ba4d30c79350f4b6a4a2c3453:/ircd/newconf.c diff --git a/ircd/newconf.c b/ircd/newconf.c index 3e3644e3..101942f9 100644 --- a/ircd/newconf.c +++ b/ircd/newconf.c @@ -28,6 +28,7 @@ #include "wsproc.h" #include "privilege.h" #include "chmode.h" +#include "certfp.h" #define CF_TYPE(x) ((x) & CF_MTYPE) @@ -48,16 +49,15 @@ static struct server_conf *yy_server = NULL; static rb_dlink_list yy_aconf_list; static rb_dlink_list yy_oper_list; -static rb_dlink_list yy_shared_list; static rb_dlink_list yy_cluster_list; static struct oper_conf *yy_oper = NULL; static struct alias_entry *yy_alias = NULL; -static char *yy_blacklist_host = NULL; -static char *yy_blacklist_reason = NULL; -static uint8_t yy_blacklist_iptype = 0; -static rb_dlink_list yy_blacklist_filters = { NULL, NULL, 0 }; +static char *yy_dnsbl_entry_host = NULL; +static char *yy_dnsbl_entry_reason = NULL; +static uint8_t yy_dnsbl_entry_iptype = 0; +static rb_dlink_list yy_dnsbl_entry_filters = { NULL, NULL, 0 }; static char *yy_opm_address_ipv4 = NULL; static char *yy_opm_address_ipv6 = NULL; @@ -114,7 +114,7 @@ find_top_conf(const char *name) RB_DLINK_FOREACH(d, conf_items.head) { tc = d->data; - if(strcasecmp(tc->tc_name, name) == 0) + if(rb_strcasecmp(tc->tc_name, name) == 0) return tc; } @@ -136,7 +136,7 @@ find_conf_item(const struct TopConf *top, const char *name) { cf = &top->tc_entries[i]; - if(!strcasecmp(cf->cf_name, name)) + if(!rb_strcasecmp(cf->cf_name, name)) return cf; } } @@ -144,7 +144,7 @@ find_conf_item(const struct TopConf *top, const char *name) RB_DLINK_FOREACH(d, top->tc_items.head) { cf = d->data; - if(strcasecmp(cf->cf_name, name) == 0) + if(rb_strcasecmp(cf->cf_name, name) == 0) return cf; } @@ -224,7 +224,7 @@ conf_set_serverinfo_sid(void *data) return; } - strcpy(ServerInfo.sid, sid); + rb_strlcpy(ServerInfo.sid, sid, sizeof(ServerInfo.sid)); } } @@ -243,30 +243,30 @@ conf_set_serverinfo_network_name(void *data) static void conf_set_serverinfo_vhost(void *data) { - if(rb_inet_pton(AF_INET, (char *) data, &ServerInfo.ip.sin_addr) <= 0) + struct rb_sockaddr_storage addr; + + if(rb_inet_pton_sock(data, &addr) <= 0 || GET_SS_FAMILY(&addr) != AF_INET) { conf_report_error("Invalid IPv4 address for server vhost (%s)", (char *) data); return; } - ServerInfo.ip.sin_family = AF_INET; - ServerInfo.specific_ipv4_vhost = 1; + + ServerInfo.bind4 = addr; } static void conf_set_serverinfo_vhost6(void *data) { -#ifdef RB_IPV6 - if(rb_inet_pton(AF_INET6, (char *) data, &ServerInfo.ip6.sin6_addr) <= 0) + + struct rb_sockaddr_storage addr; + + if(rb_inet_pton_sock(data, &addr) <= 0 || GET_SS_FAMILY(&addr) != AF_INET6) { conf_report_error("Invalid IPv6 address for server vhost (%s)", (char *) data); return; } - ServerInfo.specific_ipv6_vhost = 1; - ServerInfo.ip6.sin6_family = AF_INET6; -#else - conf_report_error("Warning -- ignoring serverinfo::vhost6 -- IPv6 support not available."); -#endif + ServerInfo.bind6 = addr; } static void @@ -295,8 +295,8 @@ conf_set_modules_module(void *data) m_bn = rb_basename((char *) data); - if(findmodule_byname(m_bn) == -1) - load_one_module((char *) data, MAPI_ORIGIN_EXTENSION, 0); + if(findmodule_byname(m_bn) == NULL) + load_one_module((char *) data, MAPI_ORIGIN_EXTENSION, false); rb_free(m_bn); } @@ -315,12 +315,10 @@ struct mode_table /* *INDENT-OFF* */ static struct mode_table umode_table[] = { - {"callerid", UMODE_CALLERID }, {"deaf", UMODE_DEAF }, {"invisible", UMODE_INVISIBLE }, {"locops", UMODE_LOCOPS }, {"noforward", UMODE_NOFORWARD }, - {"regonlymsg", UMODE_REGONLYMSG}, {"servnotice", UMODE_SERVNOTICE}, {"wallop", UMODE_WALLOP }, {"operwall", UMODE_OPERWALL }, @@ -351,15 +349,19 @@ static struct mode_table auth_table[] = { {"need_ssl", CONF_FLAGS_NEED_SSL }, {"need_sasl", CONF_FLAGS_NEED_SASL }, {"extend_chans", CONF_FLAGS_EXTEND_CHANS }, + {"allow_sctp", CONF_FLAGS_ALLOW_SCTP }, + {"kline_spoof_ip", CONF_FLAGS_KLINE_SPOOF }, {NULL, 0} }; static struct mode_table connect_table[] = { { "autoconn", SERVER_AUTOCONN }, - { "compressed", SERVER_COMPRESSED }, + { "compressed", 0 }, { "encrypted", SERVER_ENCRYPTED }, { "topicburst", SERVER_TB }, + { "sctp", SERVER_SCTP }, { "ssl", SERVER_SSL }, + { "no-export", SERVER_NO_EXPORT }, { NULL, 0 }, }; @@ -377,31 +379,6 @@ static struct mode_table cluster_table[] = { { "all", CLUSTER_ALL }, {NULL, 0} }; - -static struct mode_table shared_table[] = -{ - { "kline", SHARED_PKLINE|SHARED_TKLINE }, - { "xline", SHARED_PXLINE|SHARED_TXLINE }, - { "resv", SHARED_PRESV|SHARED_TRESV }, - { "dline", SHARED_PDLINE|SHARED_TDLINE }, - { "tdline", SHARED_TDLINE }, - { "pdline", SHARED_PDLINE }, - { "undline", SHARED_UNDLINE }, - { "tkline", SHARED_TKLINE }, - { "unkline", SHARED_UNKLINE }, - { "txline", SHARED_TXLINE }, - { "unxline", SHARED_UNXLINE }, - { "tresv", SHARED_TRESV }, - { "unresv", SHARED_UNRESV }, - { "locops", SHARED_LOCOPS }, - { "rehash", SHARED_REHASH }, - { "grant", SHARED_GRANT }, - { "die", SHARED_DIE }, - { "module", SHARED_MODULE }, - { "all", SHARED_ALL }, - { "none", 0 }, - {NULL, 0} -}; /* *INDENT-ON* */ static int @@ -461,6 +438,53 @@ set_modes_from_table(int *modes, const char *whatis, struct mode_table *tab, con } } +static void +parse_umodes(const char *pm, int *values, int *mask) +{ + int what = MODE_ADD, flag; + + *values = 0; + + if (NULL != mask) + *mask = 0; + + for (; *pm; pm++) + { + switch (*pm) + { + case '+': + what = MODE_ADD; + break; + case '-': + what = MODE_DEL; + break; + + /* don't allow +o */ + case 'o': + case 'S': + case 'Z': + case ' ': + break; + + default: + flag = user_modes[(unsigned char) *pm]; + if (flag) + { + /* Proper value has probably not yet been set + * so don't check oper_only_umodes -- jilles */ + if (what == MODE_ADD) + *values |= flag; + else + *values &= ~flag; + + if (NULL != mask) + *mask |= flag; + } + break; + } + } +} + static void conf_set_privset_extends(void *data) { @@ -744,7 +768,7 @@ conf_end_class(struct TopConf *tc) if(EmptyString(yy_class->class_name)) { - conf_report_error("Ignoring connect block -- missing name."); + conf_report_error("Ignoring class block -- missing name."); return 0; } @@ -772,7 +796,6 @@ conf_set_class_cidr_ipv4_bitlen(void *data) } -#ifdef RB_IPV6 static void conf_set_class_cidr_ipv6_bitlen(void *data) { @@ -785,7 +808,6 @@ conf_set_class_cidr_ipv6_bitlen(void *data) yy_class->cidr_ipv6_bitlen = *(unsigned int *) data; } -#endif static void conf_set_class_number_per_cidr(void *data) @@ -824,27 +846,41 @@ conf_set_class_max_number(void *data) yy_class->max_total = *(unsigned int *) data; } +static void +conf_set_class_max_autoconn(void *data) +{ + yy_class->max_autoconn = *(unsigned int *) data; +} + static void conf_set_class_sendq(void *data) { yy_class->max_sendq = *(unsigned int *) data; } -static char *listener_address; +static char *listener_address[2]; static int conf_begin_listen(struct TopConf *tc) { - rb_free(listener_address); - listener_address = NULL; + for (int i = 0; i < ARRAY_SIZE(listener_address); i++) { + rb_free(listener_address[i]); + listener_address[i] = NULL; + } + yy_wsock = 0; + yy_defer_accept = 0; return 0; } static int conf_end_listen(struct TopConf *tc) { - rb_free(listener_address); - listener_address = NULL; + for (int i = 0; i < ARRAY_SIZE(listener_address); i++) { + rb_free(listener_address[i]); + listener_address[i] = NULL; + } + yy_wsock = 0; + yy_defer_accept = 0; return 0; } @@ -861,46 +897,42 @@ conf_set_listen_wsock(void *data) } static void -conf_set_listen_port_both(void *data, int ssl) +conf_set_listen_port_both(void *data, int ssl, int sctp) { conf_parm_t *args = data; for (; args; args = args->next) { if(CF_TYPE(args->type) != CF_INT) { - conf_report_error - ("listener::port argument is not an integer " "-- ignoring."); + conf_report_error("listener::port argument is not an integer -- ignoring."); continue; } - if(listener_address == NULL) + if(listener_address[0] == NULL) { - if (!ssl) - { - conf_report_warning("listener 'ANY/%d': support for plaintext listeners may be removed in a future release per RFC 7194. " - "It is suggested that users be migrated to SSL/TLS connections.", args->v.number); + if (sctp) { + conf_report_error("listener::sctp_port has no addresses -- ignoring."); + } else { + add_tcp_listener(args->v.number, NULL, AF_INET, ssl, ssl || yy_defer_accept, yy_wsock); + add_tcp_listener(args->v.number, NULL, AF_INET6, ssl, ssl || yy_defer_accept, yy_wsock); } - add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept, yy_wsock); -#ifdef RB_IPV6 - add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept, yy_wsock); -#endif } else { int family; -#ifdef RB_IPV6 - if(strchr(listener_address, ':') != NULL) + if(strchr(listener_address[0], ':') != NULL) family = AF_INET6; else -#endif family = AF_INET; - if (!ssl) - { - conf_report_warning("listener '%s/%d': support for plaintext listeners may be removed in a future release per RFC 7194. " - "It is suggested that users be migrated to SSL/TLS connections.", listener_address, args->v.number); + if (sctp) { +#ifdef HAVE_LIBSCTP + add_sctp_listener(args->v.number, listener_address[0], listener_address[1], ssl, yy_wsock); +#else + conf_report_error("Warning -- ignoring listener::sctp_port -- SCTP support not available."); +#endif + } else { + add_tcp_listener(args->v.number, listener_address[0], family, ssl, ssl || yy_defer_accept, yy_wsock); } - - add_listener(args->v.number, listener_address, family, ssl, ssl || yy_defer_accept, yy_wsock); } } } @@ -908,20 +940,33 @@ conf_set_listen_port_both(void *data, int ssl) static void conf_set_listen_port(void *data) { - conf_set_listen_port_both(data, 0); + conf_set_listen_port_both(data, 0, 0); } static void conf_set_listen_sslport(void *data) { - conf_set_listen_port_both(data, 1); + conf_set_listen_port_both(data, 1, 0 ); +} + +static void +conf_set_listen_sctp_port(void *data) +{ + conf_set_listen_port_both(data, 0, 1); +} + +static void +conf_set_listen_sctp_sslport(void *data) +{ + conf_set_listen_port_both(data, 1, 1); } static void conf_set_listen_address(void *data) { - rb_free(listener_address); - listener_address = rb_strdup(data); + rb_free(listener_address[1]); + listener_address[1] = listener_address[0]; + listener_address[0] = rb_strdup(data); } static int @@ -1159,107 +1204,12 @@ conf_set_auth_class(void *data) yy_aconf->className = rb_strdup(data); } -/* ok, shared_oper handles the stacking, shared_flags handles adding - * things.. so all we need to do when we start and end a shared block, is - * clean up anything thats been left over. - */ -static int -conf_cleanup_shared(struct TopConf *tc) -{ - rb_dlink_node *ptr, *next_ptr; - - RB_DLINK_FOREACH_SAFE(ptr, next_ptr, yy_shared_list.head) - { - free_remote_conf(ptr->data); - rb_dlinkDestroy(ptr, &yy_shared_list); - } - - if(yy_shared != NULL) - { - free_remote_conf(yy_shared); - yy_shared = NULL; - } - - return 0; -} - static void -conf_set_shared_oper(void *data) +conf_set_auth_umodes(void *data) { - conf_parm_t *args = data; - const char *username; - char *p; - - if(yy_shared != NULL) - free_remote_conf(yy_shared); - - yy_shared = make_remote_conf(); + char *umodes = data; - if(args->next != NULL) - { - if(CF_TYPE(args->type) != CF_QSTRING) - { - conf_report_error("Ignoring shared::oper -- server is not a qstring"); - return; - } - - yy_shared->server = rb_strdup(args->v.string); - args = args->next; - } - else - yy_shared->server = rb_strdup("*"); - - if(CF_TYPE(args->type) != CF_QSTRING) - { - conf_report_error("Ignoring shared::oper -- oper is not a qstring"); - return; - } - - if((p = strchr(args->v.string, '@')) == NULL) - { - conf_report_error("Ignoring shard::oper -- oper is not a user@host"); - return; - } - - username = args->v.string; - *p++ = '\0'; - - if(EmptyString(p)) - yy_shared->host = rb_strdup("*"); - else - yy_shared->host = rb_strdup(p); - - if(EmptyString(username)) - yy_shared->username = rb_strdup("*"); - else - yy_shared->username = rb_strdup(username); - - rb_dlinkAddAlloc(yy_shared, &yy_shared_list); - yy_shared = NULL; -} - -static void -conf_set_shared_flags(void *data) -{ - conf_parm_t *args = data; - int flags = 0; - rb_dlink_node *ptr, *next_ptr; - - if(yy_shared != NULL) - free_remote_conf(yy_shared); - - set_modes_from_table(&flags, "flag", shared_table, args); - - RB_DLINK_FOREACH_SAFE(ptr, next_ptr, yy_shared_list.head) - { - yy_shared = ptr->data; - - yy_shared->flags = flags; - rb_dlinkDestroy(ptr, &yy_shared_list); - rb_dlinkAddTail(yy_shared, &yy_shared->node, &shared_conf_list); - } - - yy_shared = NULL; + parse_umodes(umodes, &yy_aconf->umodes, &yy_aconf->umodes_mask); } static int @@ -1281,40 +1231,53 @@ conf_begin_connect(struct TopConf *tc) static int conf_end_connect(struct TopConf *tc) { - if(EmptyString(yy_server->name)) + if (EmptyString(yy_server->name)) { conf_report_error("Ignoring connect block -- missing name."); return 0; } - if(ServerInfo.name != NULL && !irccmp(ServerInfo.name, yy_server->name)) + if (ServerInfo.name != NULL && !irccmp(ServerInfo.name, yy_server->name)) { - conf_report_error("Ignoring connect block for %s -- name is equal to my own name.", - yy_server->name); + conf_report_error("Ignoring connect block for %s -- name is " + "equal to my own name.", yy_server->name); return 0; } - if((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) && EmptyString(yy_server->certfp)) + if ((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) + && EmptyString(yy_server->certfp)) { - conf_report_error("Ignoring connect block for %s -- no fingerprint or password credentials provided.", - yy_server->name); + conf_report_error("Ignoring connect block for %s -- no " + "fingerprint or password credentials " + "provided.", yy_server->name); return 0; } - if(EmptyString(yy_server->host)) + if ((yy_server->flags & SERVER_SSL) && EmptyString(yy_server->certfp)) { - conf_report_error("Ignoring connect block for %s -- missing host.", - yy_server->name); + conf_report_error("Ignoring connect block for %s -- no " + "fingerprint provided for SSL " + "connection.", yy_server->name); return 0; } -#ifndef HAVE_LIBZ - if(ServerConfCompressed(yy_server)) + if (! (yy_server->flags & SERVER_SSL) && ! EmptyString(yy_server->certfp)) { - conf_report_error("Ignoring connect::flags::compressed -- zlib not available."); - yy_server->flags &= ~SERVER_COMPRESSED; + conf_report_error("Ignoring connect block for %s -- " + "fingerprint authentication has " + "been requested; but the ssl flag " + "is not set.", yy_server->name); + return 0; + } + + if (EmptyString(yy_server->connect_host) + && GET_SS_FAMILY(&yy_server->connect4) != AF_INET + && GET_SS_FAMILY(&yy_server->connect6) != AF_INET6) + { + conf_report_error("Ignoring connect block for %s -- missing " + "host.", yy_server->name); + return 0; } -#endif add_server_conf(yy_server); rb_dlinkAdd(yy_server, &yy_server->node, &server_conf_list); @@ -1326,23 +1289,53 @@ conf_end_connect(struct TopConf *tc) static void conf_set_connect_host(void *data) { - rb_free(yy_server->host); - yy_server->host = rb_strdup(data); - if (strchr(yy_server->host, ':')) - yy_server->aftype = AF_INET6; + struct rb_sockaddr_storage addr; + + if(rb_inet_pton_sock(data, &addr) <= 0) + { + rb_free(yy_server->connect_host); + yy_server->connect_host = rb_strdup(data); + } + else if(GET_SS_FAMILY(&addr) == AF_INET) + { + yy_server->connect4 = addr; + } + else if(GET_SS_FAMILY(&addr) == AF_INET6) + { + yy_server->connect6 = addr; + } + else + { + conf_report_error("Unsupported IP address for server connect host (%s)", + (char *)data); + return; + } } static void conf_set_connect_vhost(void *data) { - if(rb_inet_pton_sock(data, (struct sockaddr *)&yy_server->my_ipnum) <= 0) + struct rb_sockaddr_storage addr; + + if(rb_inet_pton_sock(data, &addr) <= 0) + { + rb_free(yy_server->bind_host); + yy_server->bind_host = rb_strdup(data); + } + else if(GET_SS_FAMILY(&addr) == AF_INET) + { + yy_server->bind4 = addr; + } + else if(GET_SS_FAMILY(&addr) == AF_INET6) { - conf_report_error("Invalid IP address for server connect vhost (%s)", - (char *) data); + yy_server->bind6 = addr; + } + else + { + conf_report_error("Unsupported IP address for server connect vhost (%s)", + (char *)data); return; } - - yy_server->flags |= SERVER_VHOSTED; } static void @@ -1354,7 +1347,20 @@ conf_set_connect_send_password(void *data) rb_free(yy_server->spasswd); } - yy_server->spasswd = rb_strdup(data); + if (EmptyString((const char *) data)) + { + yy_server->spasswd = NULL; + conf_report_warning("Invalid send_password for connect " + "block; must not be empty if provided"); + } + else if (strpbrk(data, " :")) + { + yy_server->spasswd = NULL; + conf_report_error("Invalid send_password for connect " + "block; cannot contain spaces or colons"); + } + else + yy_server->spasswd = rb_strdup(data); } static void @@ -1365,7 +1371,21 @@ conf_set_connect_accept_password(void *data) memset(yy_server->passwd, 0, strlen(yy_server->passwd)); rb_free(yy_server->passwd); } - yy_server->passwd = rb_strdup(data); + + if (EmptyString((const char *) data)) + { + yy_server->passwd = NULL; + conf_report_warning("Invalid accept_password for connect " + "block; must not be empty if provided"); + } + else if (strpbrk(data, " :")) + { + yy_server->passwd = NULL; + conf_report_error("Invalid accept_password for connect " + "block; cannot contain spaces or colons"); + } + else + yy_server->passwd = rb_strdup(data); } static void @@ -1395,12 +1415,10 @@ conf_set_connect_aftype(void *data) { char *aft = data; - if(strcasecmp(aft, "ipv4") == 0) + if(rb_strcasecmp(aft, "ipv4") == 0) yy_server->aftype = AF_INET; -#ifdef RB_IPV6 - else if(strcasecmp(aft, "ipv6") == 0) + else if(rb_strcasecmp(aft, "ipv6") == 0) yy_server->aftype = AF_INET6; -#endif else conf_report_error("connect::aftype '%s' is unknown.", aft); } @@ -1410,44 +1428,9 @@ conf_set_connect_flags(void *data) { conf_parm_t *args = data; - /* note, we allow them to set compressed, then remove it later if - * they do and LIBZ isnt available - */ set_modes_from_table(&yy_server->flags, "flag", connect_table, args); } -static void -conf_set_connect_hub_mask(void *data) -{ - struct remote_conf *yy_hub; - - if(EmptyString(yy_server->name)) - return; - - yy_hub = make_remote_conf(); - yy_hub->flags = CONF_HUB; - - yy_hub->host = rb_strdup(data); - yy_hub->server = rb_strdup(yy_server->name); - rb_dlinkAdd(yy_hub, &yy_hub->node, &hubleaf_conf_list); -} - -static void -conf_set_connect_leaf_mask(void *data) -{ - struct remote_conf *yy_leaf; - - if(EmptyString(yy_server->name)) - return; - - yy_leaf = make_remote_conf(); - yy_leaf->flags = CONF_LEAF; - - yy_leaf->host = rb_strdup(data); - yy_leaf->server = rb_strdup(yy_server->name); - rb_dlinkAdd(yy_leaf, &yy_leaf->node, &hubleaf_conf_list); -} - static void conf_set_connect_class(void *data) { @@ -1459,8 +1442,9 @@ static void conf_set_exempt_ip(void *data) { struct ConfItem *yy_tmp; + int masktype = parse_netmask_strict(data, NULL, NULL); - if(parse_netmask(data, NULL, NULL) == HM_HOST) + if(masktype != HM_IPV4 && masktype != HM_IPV6) { conf_report_error("Ignoring exempt -- invalid exempt::ip."); return; @@ -1473,6 +1457,25 @@ conf_set_exempt_ip(void *data) add_conf_by_address(yy_tmp->host, CONF_EXEMPTDLINE, NULL, NULL, yy_tmp); } +static void +conf_set_secure_ip(void *data) +{ + struct ConfItem *yy_tmp; + int masktype = parse_netmask_strict(data, NULL, NULL); + + if(masktype != HM_IPV4 && masktype != HM_IPV6) + { + conf_report_error("Ignoring secure -- invalid secure::ip."); + return; + } + + yy_tmp = make_conf(); + yy_tmp->passwd = rb_strdup("*"); + yy_tmp->host = rb_strdup(data); + yy_tmp->status = CONF_SECURE; + add_conf_by_address(yy_tmp->host, CONF_SECURE, NULL, NULL, yy_tmp); +} + static int conf_cleanup_cluster(struct TopConf *tc) { @@ -1549,35 +1552,26 @@ conf_set_general_hide_error_messages(void *data) { char *val = data; - if(strcasecmp(val, "yes") == 0) + if(rb_strcasecmp(val, "yes") == 0) ConfigFileEntry.hide_error_messages = 2; - else if(strcasecmp(val, "opers") == 0) + else if(rb_strcasecmp(val, "opers") == 0) ConfigFileEntry.hide_error_messages = 1; - else if(strcasecmp(val, "no") == 0) + else if(rb_strcasecmp(val, "no") == 0) ConfigFileEntry.hide_error_messages = 0; else conf_report_error("Invalid setting '%s' for general::hide_error_messages.", val); } -static void -conf_set_general_kline_delay(void *data) -{ - ConfigFileEntry.kline_delay = *(unsigned int *) data; - - /* THIS MUST BE HERE to stop us being unable to check klines */ - kline_queued = false; -} - static void conf_set_general_stats_k_oper_only(void *data) { char *val = data; - if(strcasecmp(val, "yes") == 0) + if(rb_strcasecmp(val, "yes") == 0) ConfigFileEntry.stats_k_oper_only = 2; - else if(strcasecmp(val, "masked") == 0) + else if(rb_strcasecmp(val, "masked") == 0) ConfigFileEntry.stats_k_oper_only = 1; - else if(strcasecmp(val, "no") == 0) + else if(rb_strcasecmp(val, "no") == 0) ConfigFileEntry.stats_k_oper_only = 0; else conf_report_error("Invalid setting '%s' for general::stats_k_oper_only.", val); @@ -1588,72 +1582,37 @@ conf_set_general_stats_i_oper_only(void *data) { char *val = data; - if(strcasecmp(val, "yes") == 0) + if(rb_strcasecmp(val, "yes") == 0) ConfigFileEntry.stats_i_oper_only = 2; - else if(strcasecmp(val, "masked") == 0) + else if(rb_strcasecmp(val, "masked") == 0) ConfigFileEntry.stats_i_oper_only = 1; - else if(strcasecmp(val, "no") == 0) + else if(rb_strcasecmp(val, "no") == 0) ConfigFileEntry.stats_i_oper_only = 0; else conf_report_error("Invalid setting '%s' for general::stats_i_oper_only.", val); } static void -conf_set_general_compression_level(void *data) +conf_set_general_stats_l_oper_only(void *data) { -#ifdef HAVE_LIBZ - ConfigFileEntry.compression_level = *(unsigned int *) data; + char *val = data; - if((ConfigFileEntry.compression_level < 1) || (ConfigFileEntry.compression_level > 9)) - { - conf_report_error - ("Invalid general::compression_level %d -- using default.", - ConfigFileEntry.compression_level); - ConfigFileEntry.compression_level = 0; - } -#else - conf_report_error("Ignoring general::compression_level -- zlib not available."); -#endif + if(rb_strcasecmp(val, "yes") == 0) + ConfigFileEntry.stats_l_oper_only = STATS_L_OPER_ONLY_YES; + else if(rb_strcasecmp(val, "self") == 0) + ConfigFileEntry.stats_l_oper_only = STATS_L_OPER_ONLY_SELF; + else if(rb_strcasecmp(val, "no") == 0) + ConfigFileEntry.stats_l_oper_only = STATS_L_OPER_ONLY_NO; + else + conf_report_error("Invalid setting '%s' for general::stats_l_oper_only.", val); } static void conf_set_general_default_umodes(void *data) { - char *pm; - int what = MODE_ADD, flag; - - ConfigFileEntry.default_umodes = 0; - for (pm = (char *) data; *pm; pm++) - { - switch (*pm) - { - case '+': - what = MODE_ADD; - break; - case '-': - what = MODE_DEL; - break; - - /* don't allow +o */ - case 'o': - case 'S': - case 'Z': - case ' ': - break; + char *umodes = data; - default: - if ((flag = user_modes[(unsigned char) *pm])) - { - /* Proper value has probably not yet been set - * so don't check oper_only_umodes -- jilles */ - if (what == MODE_ADD) - ConfigFileEntry.default_umodes |= flag; - else - ConfigFileEntry.default_umodes &= ~flag; - } - break; - } - } + parse_umodes(umodes, &ConfigFileEntry.default_umodes, NULL); } static void @@ -1667,15 +1626,19 @@ conf_set_general_certfp_method(void *data) { char *method = data; - if (!strcasecmp(method, "sha1")) - ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1; - else if (!strcasecmp(method, "sha256")) - ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA256; - else if (!strcasecmp(method, "sha512")) - ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA512; + if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA1)) + ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1; + else if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA256)) + ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA256; + else if (!rb_strcasecmp(method, CERTFP_NAME_CERT_SHA512)) + ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA512; + else if (!rb_strcasecmp(method, CERTFP_NAME_SPKI_SHA256)) + ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SPKI_SHA256; + else if (!rb_strcasecmp(method, CERTFP_NAME_SPKI_SHA512)) + ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SPKI_SHA512; else { - ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1; + ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_CERT_SHA1; conf_report_error("Ignoring general::certfp_method -- bogus certfp method %s", method); } } @@ -1717,6 +1680,30 @@ conf_set_general_oper_snomask(void *data) } } +static void +conf_set_general_hidden_caps(void *data) +{ + size_t n = 0; + + for (conf_parm_t *arg = data; arg; arg = arg->next) + n += 1; + + if (ConfigFileEntry.hidden_caps != NULL) + { + for (n = 0; ConfigFileEntry.hidden_caps[n] != NULL; n++) + rb_free(ConfigFileEntry.hidden_caps[n]); + rb_free(ConfigFileEntry.hidden_caps); + } + ConfigFileEntry.hidden_caps = rb_malloc(sizeof *ConfigFileEntry.hidden_caps * (n + 1)); + + n = 0; + for (conf_parm_t *arg = data; arg; arg = arg->next) + { + ConfigFileEntry.hidden_caps[n++] = rb_strdup(arg->v.string); + } + ConfigFileEntry.hidden_caps[n] = NULL; +} + static void conf_set_serverhide_links_delay(void *data) { @@ -1763,7 +1750,6 @@ conf_begin_alias(struct TopConf *tc) yy_alias->name = rb_strdup(conf_cur_block_name); yy_alias->flags = 0; - yy_alias->hits = 0; return 0; } @@ -1852,57 +1838,64 @@ conf_set_channel_autochanmodes(void *data) } /* XXX for below */ -static void conf_set_blacklist_reason(void *data); +static void conf_set_dnsbl_entry_reason(void *data); #define IPTYPE_IPV4 1 #define IPTYPE_IPV6 2 +static int +conf_warn_blacklist_deprecation(struct TopConf *tc) +{ + conf_report_error("blacklist{} blocks have been deprecated -- use dnsbl{} blocks instead."); + return 0; +} + static void -conf_set_blacklist_host(void *data) +conf_set_dnsbl_entry_host(void *data) { - if (yy_blacklist_host) + if (yy_dnsbl_entry_host) { - conf_report_error("blacklist::host %s overlaps existing host %s", - (char *)data, yy_blacklist_host); + conf_report_error("dnsbl::host %s overlaps existing host %s", + (char *)data, yy_dnsbl_entry_host); /* Cleanup */ - conf_set_blacklist_reason(NULL); + conf_set_dnsbl_entry_reason(NULL); return; } - yy_blacklist_iptype |= IPTYPE_IPV4; - yy_blacklist_host = rb_strdup(data); + yy_dnsbl_entry_iptype |= IPTYPE_IPV4; + yy_dnsbl_entry_host = rb_strdup(data); } static void -conf_set_blacklist_type(void *data) +conf_set_dnsbl_entry_type(void *data) { conf_parm_t *args = data; /* Don't assume we have either if we got here */ - yy_blacklist_iptype = 0; + yy_dnsbl_entry_iptype = 0; for (; args; args = args->next) { - if (!strcasecmp(args->v.string, "ipv4")) - yy_blacklist_iptype |= IPTYPE_IPV4; - else if (!strcasecmp(args->v.string, "ipv6")) - yy_blacklist_iptype |= IPTYPE_IPV6; + if (!rb_strcasecmp(args->v.string, "ipv4")) + yy_dnsbl_entry_iptype |= IPTYPE_IPV4; + else if (!rb_strcasecmp(args->v.string, "ipv6")) + yy_dnsbl_entry_iptype |= IPTYPE_IPV6; else - conf_report_error("blacklist::type has unknown address family %s", + conf_report_error("dnsbl::type has unknown address family %s", args->v.string); } /* If we have neither, just default to IPv4 */ - if (!yy_blacklist_iptype) + if (!yy_dnsbl_entry_iptype) { - conf_report_warning("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)"); - yy_blacklist_iptype = IPTYPE_IPV4; + conf_report_warning("dnsbl::type has neither IPv4 nor IPv6 (defaulting to IPv4)"); + yy_dnsbl_entry_iptype = IPTYPE_IPV4; } } static void -conf_set_blacklist_matches(void *data) +conf_set_dnsbl_entry_matches(void *data) { conf_parm_t *args = data; enum filter_t { FILTER_NONE, FILTER_ALL, FILTER_LAST }; @@ -1915,19 +1908,19 @@ conf_set_blacklist_matches(void *data) if (CF_TYPE(args->type) != CF_QSTRING) { - conf_report_error("blacklist::matches -- must be quoted string"); + conf_report_error("dnsbl::matches -- must be quoted string"); continue; } if (str == NULL) { - conf_report_error("blacklist::matches -- invalid entry"); + conf_report_error("dnsbl::matches -- invalid entry"); continue; } if (strlen(str) > HOSTIPLEN) { - conf_report_error("blacklist::matches has an entry too long: %s", + conf_report_error("dnsbl::matches has an entry too long: %s", str); continue; } @@ -1939,7 +1932,7 @@ conf_set_blacklist_matches(void *data) type = FILTER_ALL; else if (!isdigit((unsigned char)*p)) { - conf_report_error("blacklist::matches has invalid IP match entry %s", + conf_report_error("dnsbl::matches has invalid IP match entry %s", str); type = FILTER_NONE; break; @@ -1952,7 +1945,7 @@ conf_set_blacklist_matches(void *data) struct rb_sockaddr_storage tmp; if (rb_inet_pton(AF_INET, str, &tmp) <= 0) { - conf_report_error("blacklist::matches has invalid IP match entry %s", + conf_report_error("dnsbl::matches has invalid IP match entry %s", str); continue; } @@ -1962,7 +1955,7 @@ conf_set_blacklist_matches(void *data) /* Verify it's the correct length */ if (strlen(str) > 3) { - conf_report_error("blacklist::matches has invalid octet match entry %s", + conf_report_error("dnsbl::matches has invalid octet match entry %s", str); continue; } @@ -1972,61 +1965,61 @@ conf_set_blacklist_matches(void *data) continue; /* Invalid entry */ } - rb_dlinkAddAlloc(rb_strdup(str), &yy_blacklist_filters); + rb_dlinkAddAlloc(rb_strdup(str), &yy_dnsbl_entry_filters); } } static void -conf_set_blacklist_reason(void *data) +conf_set_dnsbl_entry_reason(void *data) { rb_dlink_node *ptr, *nptr; - if (yy_blacklist_host && data) + if (yy_dnsbl_entry_host && data) { - yy_blacklist_reason = rb_strdup(data); - if (yy_blacklist_iptype & IPTYPE_IPV6) + yy_dnsbl_entry_reason = rb_strdup(data); + if (yy_dnsbl_entry_iptype & IPTYPE_IPV6) { /* Make sure things fit (magic number 64 = alnum count + dots) * Example: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa */ - if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) + if ((64 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN) { - conf_report_error("blacklist::host %s results in IPv6 queries that are too long", - yy_blacklist_host); + conf_report_error("dnsbl::host %s results in IPv6 queries that are too long", + yy_dnsbl_entry_host); goto cleanup_bl; } } /* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */ - if ((yy_blacklist_iptype & IPTYPE_IPV4) && !(yy_blacklist_iptype & IPTYPE_IPV6)) + if ((yy_dnsbl_entry_iptype & IPTYPE_IPV4) && !(yy_dnsbl_entry_iptype & IPTYPE_IPV6)) { /* Make sure things fit for worst case (magic number 16 = number of nums + dots) * Example: 127.127.127.127.in-addr.arpa */ - if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) + if ((16 + strlen(yy_dnsbl_entry_host)) > IRCD_RES_HOSTLEN) { - conf_report_error("blacklist::host %s results in IPv4 queries that are too long", - yy_blacklist_host); + conf_report_error("dnsbl::host %s results in IPv4 queries that are too long", + yy_dnsbl_entry_host); goto cleanup_bl; } } - add_blacklist(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_iptype, &yy_blacklist_filters); + add_dnsbl_entry(yy_dnsbl_entry_host, yy_dnsbl_entry_reason, yy_dnsbl_entry_iptype, &yy_dnsbl_entry_filters); } cleanup_bl: - RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_blacklist_filters.head) + RB_DLINK_FOREACH_SAFE(ptr, nptr, yy_dnsbl_entry_filters.head) { rb_free(ptr->data); - rb_dlinkDestroy(ptr, &yy_blacklist_filters); + rb_dlinkDestroy(ptr, &yy_dnsbl_entry_filters); } - yy_blacklist_filters = (rb_dlink_list){ NULL, NULL, 0 }; + yy_dnsbl_entry_filters = (rb_dlink_list){ NULL, NULL, 0 }; - rb_free(yy_blacklist_host); - rb_free(yy_blacklist_reason); - yy_blacklist_host = NULL; - yy_blacklist_reason = NULL; - yy_blacklist_iptype = 0; + rb_free(yy_dnsbl_entry_host); + rb_free(yy_dnsbl_entry_reason); + yy_dnsbl_entry_host = NULL; + yy_dnsbl_entry_reason = NULL; + yy_dnsbl_entry_iptype = 0; } @@ -2043,6 +2036,8 @@ conf_begin_opm(struct TopConf *tc) { yy_opm_address_ipv4 = yy_opm_address_ipv6 = NULL; yy_opm_port_ipv4 = yy_opm_port_ipv6 = yy_opm_timeout = 0; + delete_opm_proxy_scanner_all(); + delete_opm_listener_all(); return 0; } @@ -2052,7 +2047,7 @@ conf_end_opm(struct TopConf *tc) rb_dlink_node *ptr, *nptr; bool fail = false; - if(!rb_dlink_list_length(&yy_opm_scanner_list)) + if(rb_dlink_list_length(&yy_opm_scanner_list) == 0) { conf_report_error("No opm scanners configured -- disabling opm."); fail = true; @@ -2062,28 +2057,28 @@ conf_end_opm(struct TopConf *tc) if(yy_opm_port_ipv4 > 0) { if(yy_opm_address_ipv4 != NULL) - create_opm_listener(yy_opm_address_ipv4, yy_opm_port_ipv4); + conf_create_opm_listener(yy_opm_address_ipv4, yy_opm_port_ipv4); else { char ip[HOSTIPLEN]; - if(!rb_inet_ntop_sock((struct sockaddr *)&ServerInfo.ip, ip, sizeof(ip))) + if(!rb_inet_ntop_sock((struct sockaddr *)&ServerInfo.bind4, ip, sizeof(ip))) conf_report_error("No opm::listen_ipv4 nor serverinfo::vhost directive; cannot listen on IPv4"); else - create_opm_listener(ip, yy_opm_port_ipv4); + conf_create_opm_listener(ip, yy_opm_port_ipv4); } } if(yy_opm_port_ipv6 > 0) { if(yy_opm_address_ipv6 != NULL) - create_opm_listener(yy_opm_address_ipv6, yy_opm_port_ipv6); + conf_create_opm_listener(yy_opm_address_ipv6, yy_opm_port_ipv6); else { char ip[HOSTIPLEN]; - if(!rb_inet_ntop_sock((struct sockaddr *)&ServerInfo.ip6, ip, sizeof(ip))) + if(!rb_inet_ntop_sock((struct sockaddr *)&ServerInfo.bind6, ip, sizeof(ip))) conf_report_error("No opm::listen_ipv6 nor serverinfo::vhost directive; cannot listen on IPv6"); else - create_opm_listener(ip, yy_opm_port_ipv6); + conf_create_opm_listener(ip, yy_opm_port_ipv6); } } @@ -2109,6 +2104,9 @@ end: rb_free(scanner); } + if(!fail) + opm_check_enable(true); + rb_free(yy_opm_address_ipv4); rb_free(yy_opm_address_ipv6); return 0; @@ -2135,7 +2133,7 @@ conf_set_opm_listen_address_both(void *data, bool ipv6) const char *confstr = (ipv6 ? "opm::listen_ipv6" : "opm::listen_ipv4"); char *ip = data; - if(!rb_inet_pton_sock(ip, (struct sockaddr *)&addr)) + if(!rb_inet_pton_sock(ip, &addr)) { conf_report_error("%s is an invalid address: %s", confstr, ip); return; @@ -2143,7 +2141,6 @@ conf_set_opm_listen_address_both(void *data, bool ipv6) if(ipv6) { -#ifdef RB_IPV6 if(GET_SS_FAMILY(&addr) != AF_INET6) { conf_report_error("%s is of the wrong address type: %s", confstr, ip); @@ -2157,10 +2154,6 @@ conf_set_opm_listen_address_both(void *data, bool ipv6) } yy_opm_address_ipv6 = rb_strdup(ip); -#else - conf_report_error("%s requires IPv6 support in your ircd", confstr, ip); - return; -#endif } else { @@ -2198,14 +2191,6 @@ conf_set_opm_listen_port_both(void *data, bool ipv6) int port = *((int *)data); const char *confstr = (ipv6 ? "opm::port_ipv6" : "opm::port_ipv4"); -#ifndef RB_IPV6 - if(ipv6) - { - conf_report_error("%s requires IPv6 support in your ircd", confstr); - return; - } -#endif - if(port > 65535 || port <= 0) { conf_report_error("%s is out of range: %d", confstr, port); @@ -2269,7 +2254,7 @@ conf_set_opm_scan_ports_all(void *data, const char *node, const char *type) conf_report_error("%s argument is not an integer -- ignoring.", node); continue; } - + if(args->v.number > 65535 || args->v.number <= 0) { conf_report_error("%s argument is not an integer between 1 and 65535 -- ignoring.", node); @@ -2343,7 +2328,7 @@ conf_report_error(const char *fmt, ...) } ierror("\"%s\", line %d: %s", current_file, lineno + 1, msg); - sendto_realops_snomask(SNO_GENERAL, L_ALL, "error: \"%s\", line %d: %s", current_file, lineno + 1, msg); + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "error: \"%s\", line %d: %s", current_file, lineno + 1, msg); } void @@ -2363,7 +2348,7 @@ conf_report_warning(const char *fmt, ...) } iwarn("\"%s\", line %d: %s", current_file, lineno + 1, msg); - sendto_realops_snomask(SNO_GENERAL, L_ALL, "warning: \"%s\", line %d: %s", current_file, lineno + 1, msg); + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "warning: \"%s\", line %d: %s", current_file, lineno + 1, msg); } int @@ -2430,7 +2415,7 @@ conf_call_set(struct TopConf *tc, char *item, conf_parm_t * value) if((cf = find_conf_item(tc, item)) == NULL) { conf_report_error - ("Non-existant configuration setting %s::%s.", tc->tc_name, (char *) item); + ("Non-existent configuration setting %s::%s.", tc->tc_name, (char *) item); return -1; } @@ -2632,15 +2617,14 @@ static struct ConfEntry conf_class_table[] = { { "ping_time", CF_TIME, conf_set_class_ping_time, 0, NULL }, { "cidr_ipv4_bitlen", CF_INT, conf_set_class_cidr_ipv4_bitlen, 0, NULL }, -#ifdef RB_IPV6 { "cidr_ipv6_bitlen", CF_INT, conf_set_class_cidr_ipv6_bitlen, 0, NULL }, -#endif { "number_per_cidr", CF_INT, conf_set_class_number_per_cidr, 0, NULL }, { "number_per_ip", CF_INT, conf_set_class_number_per_ip, 0, NULL }, { "number_per_ip_global", CF_INT,conf_set_class_number_per_ip_global, 0, NULL }, { "number_per_ident", CF_INT, conf_set_class_number_per_ident, 0, NULL }, { "connectfreq", CF_TIME, conf_set_class_connectfreq, 0, NULL }, { "max_number", CF_INT, conf_set_class_max_number, 0, NULL }, + { "max_autoconn", CF_INT, conf_set_class_max_autoconn, 0, NULL }, { "sendq", CF_TIME, conf_set_class_sendq, 0, NULL }, { "\0", 0, NULL, 0, NULL } }; @@ -2655,6 +2639,7 @@ static struct ConfEntry conf_auth_table[] = { "redirserv", CF_QSTRING, conf_set_auth_redir_serv, 0, NULL }, { "redirport", CF_INT, conf_set_auth_redir_port, 0, NULL }, { "flags", CF_STRING | CF_FLIST, conf_set_auth_flags, 0, NULL }, + { "umodes", CF_QSTRING, conf_set_auth_umodes, 0, NULL}, { "\0", 0, NULL, 0, NULL } }; @@ -2668,8 +2653,6 @@ static struct ConfEntry conf_connect_table[] = { "vhost", CF_QSTRING, conf_set_connect_vhost, 0, NULL }, { "port", CF_INT, conf_set_connect_port, 0, NULL }, { "aftype", CF_STRING, conf_set_connect_aftype, 0, NULL }, - { "hub_mask", CF_QSTRING, conf_set_connect_hub_mask, 0, NULL }, - { "leaf_mask", CF_QSTRING, conf_set_connect_leaf_mask, 0, NULL }, { "class", CF_QSTRING, conf_set_connect_class, 0, NULL }, { "\0", 0, NULL, 0, NULL } }; @@ -2679,12 +2662,11 @@ static struct ConfEntry conf_general_table[] = { "oper_only_umodes", CF_STRING | CF_FLIST, conf_set_general_oper_only_umodes, 0, NULL }, { "oper_umodes", CF_STRING | CF_FLIST, conf_set_general_oper_umodes, 0, NULL }, { "oper_snomask", CF_QSTRING, conf_set_general_oper_snomask, 0, NULL }, - { "compression_level", CF_INT, conf_set_general_compression_level, 0, NULL }, { "havent_read_conf", CF_YESNO, conf_set_general_havent_read_conf, 0, NULL }, { "hide_error_messages",CF_STRING, conf_set_general_hide_error_messages,0, NULL }, - { "kline_delay", CF_TIME, conf_set_general_kline_delay, 0, NULL }, - { "stats_k_oper_only", CF_STRING, conf_set_general_stats_k_oper_only, 0, NULL }, { "stats_i_oper_only", CF_STRING, conf_set_general_stats_i_oper_only, 0, NULL }, + { "stats_k_oper_only", CF_STRING, conf_set_general_stats_k_oper_only, 0, NULL }, + { "stats_l_oper_only", CF_STRING, conf_set_general_stats_l_oper_only, 0, NULL }, { "default_umodes", CF_QSTRING, conf_set_general_default_umodes, 0, NULL }, { "default_operstring", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.default_operstring }, @@ -2701,12 +2683,15 @@ static struct ConfEntry conf_general_table[] = { "non_redundant_klines", CF_YESNO, NULL, 0, &ConfigFileEntry.non_redundant_klines }, { "tkline_expire_notices", CF_YESNO, NULL, 0, &ConfigFileEntry.tkline_expire_notices }, + { "hidden_caps", CF_QSTRING | CF_FLIST, conf_set_general_hidden_caps, 0, NULL }, + { "anti_nick_flood", CF_YESNO, NULL, 0, &ConfigFileEntry.anti_nick_flood }, { "burst_away", CF_YESNO, NULL, 0, &ConfigFileEntry.burst_away }, { "caller_id_wait", CF_TIME, NULL, 0, &ConfigFileEntry.caller_id_wait }, { "client_exit", CF_YESNO, NULL, 0, &ConfigFileEntry.client_exit }, { "collision_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.collision_fnc }, { "resv_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.resv_fnc }, + { "post_registration_delay", CF_TIME, NULL, 0, &ConfigFileEntry.post_registration_delay }, { "connect_timeout", CF_TIME, NULL, 0, &ConfigFileEntry.connect_timeout }, { "default_floodcount", CF_INT, NULL, 0, &ConfigFileEntry.default_floodcount }, { "default_ident_timeout", CF_INT, NULL, 0, &ConfigFileEntry.default_ident_timeout }, @@ -2717,6 +2702,7 @@ static struct ConfEntry conf_general_table[] = { "hide_spoof_ips", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_spoof_ips }, { "dline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.dline_with_reason }, { "kline_with_reason", CF_YESNO, NULL, 0, &ConfigFileEntry.kline_with_reason }, + { "hide_tkdline_duration", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_tkdline_duration }, { "map_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.map_oper_only }, { "max_accept", CF_INT, NULL, 0, &ConfigFileEntry.max_accept }, { "max_monitor", CF_INT, NULL, 0, &ConfigFileEntry.max_monitor }, @@ -2739,7 +2725,6 @@ static struct ConfEntry conf_general_table[] = { "short_motd", CF_YESNO, NULL, 0, &ConfigFileEntry.short_motd }, { "stats_c_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_c_oper_only }, { "stats_e_disabled", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_e_disabled }, - { "stats_h_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_h_oper_only }, { "stats_o_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_o_oper_only }, { "stats_P_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_P_oper_only }, { "stats_y_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_y_oper_only }, @@ -2757,7 +2742,20 @@ static struct ConfEntry conf_general_table[] = { "max_ratelimit_tokens", CF_INT, NULL, 0, &ConfigFileEntry.max_ratelimit_tokens }, { "away_interval", CF_INT, NULL, 0, &ConfigFileEntry.away_interval }, { "hide_opers_in_whois", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers_in_whois }, + { "hide_opers", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers }, { "certfp_method", CF_STRING, conf_set_general_certfp_method, 0, NULL }, + { "drain_reason", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.drain_reason }, + { "sasl_only_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.sasl_only_client_message }, + { "identd_only_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.identd_only_client_message }, + { "sctp_forbidden_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.sctp_forbidden_client_message }, + { "ssltls_only_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.ssltls_only_client_message }, + { "not_authorised_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.not_authorised_client_message }, + { "illegal_hostname_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.not_authorised_client_message }, + { "server_full_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.server_full_client_message }, + { "illegal_name_long_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.illegal_name_long_client_message }, + { "illegal_name_short_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.illegal_name_short_client_message }, + { "tls_ciphers_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.tls_ciphers_oper_only }, + { "oper_secure_only", CF_YESNO, NULL, 0, &ConfigFileEntry.oper_secure_only }, { "\0", 0, NULL, 0, NULL } }; @@ -2786,6 +2784,8 @@ static struct ConfEntry conf_channel_table[] = { "autochanmodes", CF_QSTRING, conf_set_channel_autochanmodes, 0, NULL }, { "displayed_usercount", CF_INT, NULL, 0, &ConfigChannel.displayed_usercount }, { "strip_topic_colors", CF_YESNO, NULL, 0, &ConfigChannel.strip_topic_colors }, + { "opmod_send_statusmsg", CF_YESNO, NULL, 0, &ConfigChannel.opmod_send_statusmsg }, + { "ip_bans_through_vhost", CF_YESNO, NULL, 0, &ConfigChannel.ip_bans_through_vhost }, { "\0", 0, NULL, 0, NULL } }; @@ -2818,20 +2818,21 @@ newconf_init() add_conf_item("listen", "wsock", CF_YESNO, conf_set_listen_wsock); add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port); add_conf_item("listen", "sslport", CF_INT | CF_FLIST, conf_set_listen_sslport); + add_conf_item("listen", "sctp_port", CF_INT | CF_FLIST, conf_set_listen_sctp_port); + add_conf_item("listen", "sctp_sslport", CF_INT | CF_FLIST, conf_set_listen_sctp_sslport); add_conf_item("listen", "ip", CF_QSTRING, conf_set_listen_address); add_conf_item("listen", "host", CF_QSTRING, conf_set_listen_address); add_top_conf("auth", conf_begin_auth, conf_end_auth, conf_auth_table); - add_top_conf("shared", conf_cleanup_shared, conf_cleanup_shared, NULL); - add_conf_item("shared", "oper", CF_QSTRING | CF_FLIST, conf_set_shared_oper); - add_conf_item("shared", "flags", CF_STRING | CF_FLIST, conf_set_shared_flags); - add_top_conf("connect", conf_begin_connect, conf_end_connect, conf_connect_table); add_top_conf("exempt", NULL, NULL, NULL); add_conf_item("exempt", "ip", CF_QSTRING, conf_set_exempt_ip); + add_top_conf("secure", NULL, NULL, NULL); + add_conf_item("secure", "ip", CF_QSTRING, conf_set_secure_ip); + add_top_conf("cluster", conf_cleanup_cluster, conf_cleanup_cluster, NULL); add_conf_item("cluster", "name", CF_QSTRING, conf_set_cluster_name); add_conf_item("cluster", "flags", CF_STRING | CF_FLIST, conf_set_cluster_flags); @@ -2847,11 +2848,17 @@ newconf_init() add_conf_item("alias", "name", CF_QSTRING, conf_set_alias_name); add_conf_item("alias", "target", CF_QSTRING, conf_set_alias_target); - add_top_conf("blacklist", NULL, NULL, NULL); - add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host); - add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type); - add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_blacklist_matches); - add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason); + add_top_conf("dnsbl", NULL, NULL, NULL); + add_conf_item("dnsbl", "host", CF_QSTRING, conf_set_dnsbl_entry_host); + add_conf_item("dnsbl", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type); + add_conf_item("dnsbl", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches); + add_conf_item("dnsbl", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason); + + add_top_conf("blacklist", conf_warn_blacklist_deprecation, NULL, NULL); + add_conf_item("blacklist", "host", CF_QSTRING, conf_set_dnsbl_entry_host); + add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_dnsbl_entry_type); + add_conf_item("blacklist", "matches", CF_QSTRING | CF_FLIST, conf_set_dnsbl_entry_matches); + add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_dnsbl_entry_reason); add_top_conf("opm", conf_begin_opm, conf_end_opm, NULL); add_conf_item("opm", "timeout", CF_INT, conf_set_opm_timeout);