X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/c71a6e3bed32689256460fb072d31696eb8cf4cc..e2606551a2853e90cffa264d70a159ba61e0cbe4:/src/newconf.c diff --git a/src/newconf.c b/src/newconf.c index 1769d35d..95013c53 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -54,6 +54,9 @@ static struct alias_entry *yy_alias = NULL; static char *yy_blacklist_host = NULL; static char *yy_blacklist_reason = NULL; +static int yy_blacklist_ipv4 = 1; +static int yy_blacklist_ipv6 = 0; + static char *yy_privset_extends = NULL; static const char * @@ -595,6 +598,9 @@ conf_end_oper(struct TopConf *tc) return 0; } } + + if(!EmptyString(yy_oper->certfp)) + yy_tmpoper->certfp = rb_strdup(yy_oper->certfp); #endif /* all is ok, put it on oper_conf_list */ @@ -618,6 +624,8 @@ conf_set_oper_flags(void *data) static void conf_set_oper_fingerprint(void *data) { + if (yy_oper->certfp) + rb_free(yy_oper->certfp); yy_oper->certfp = rb_strdup((char *) data); } @@ -1242,9 +1250,9 @@ conf_end_connect(struct TopConf *tc) return 0; } - if(EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) + if((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) && EmptyString(yy_server->certfp)) { - conf_report_error("Ignoring connect block for %s -- missing password.", + conf_report_error("Ignoring connect block for %s -- no fingerprint or password credentials provided.", yy_server->name); return 0; } @@ -1316,6 +1324,17 @@ conf_set_connect_accept_password(void *data) yy_server->passwd = rb_strdup(data); } +static void +conf_set_connect_fingerprint(void *data) +{ + if (yy_server->certfp) + rb_free(yy_server->certfp); + yy_server->certfp = rb_strdup((char *) data); + + /* force SSL to be enabled if fingerprint is enabled. */ + yy_server->flags |= SERVER_SSL; +} + static void conf_set_connect_port(void *data) { @@ -1574,6 +1593,7 @@ conf_set_general_default_umodes(void *data) /* don't allow +o */ case 'o': case 'S': + case 'Z': case ' ': break; @@ -1759,6 +1779,34 @@ conf_set_blacklist_host(void *data) yy_blacklist_host = rb_strdup(data); } +static void +conf_set_blacklist_type(void *data) +{ + conf_parm_t *args = data; + + /* Don't assume we have either if we got here */ + yy_blacklist_ipv4 = 0; + yy_blacklist_ipv6 = 0; + + for (; args; args = args->next) + { + if (!strcasecmp(args->v.string, "ipv4")) + yy_blacklist_ipv4 = 1; + else if (!strcasecmp(args->v.string, "ipv6")) + yy_blacklist_ipv6 = 1; + else + conf_report_error("blacklist::type has unknown address family %s", + args->v.string); + } + + /* If we have neither, just default to IPv4 */ + if (!yy_blacklist_ipv4 && !yy_blacklist_ipv6) + { + conf_report_error("blacklist::type has neither IPv4 nor IPv6 (defaulting to IPv4)"); + yy_blacklist_ipv4 = 1; + } +} + static void conf_set_blacklist_reason(void *data) { @@ -1766,11 +1814,37 @@ conf_set_blacklist_reason(void *data) if (yy_blacklist_host && yy_blacklist_reason) { - new_blacklist(yy_blacklist_host, yy_blacklist_reason); + if (yy_blacklist_ipv6) + { + /* Make sure things fit (64 = alnum count + dots) */ + if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) + { + conf_report_error("blacklist::host %s results in IPv6 queries that are too long", + yy_blacklist_host); + goto cleanup_bl; + } + } + /* Avoid doing redundant check, IPv6 is bigger than IPv4 --Elizabeth */ + if (yy_blacklist_ipv4 && !yy_blacklist_ipv6) + { + /* Make sure things fit (16 = number of nums + dots) */ + if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN) + { + conf_report_error("blacklist::host %s results in IPv4 queries that are too long", + yy_blacklist_host); + goto cleanup_bl; + } + } + + new_blacklist(yy_blacklist_host, yy_blacklist_reason, yy_blacklist_ipv4, yy_blacklist_ipv6); + +cleanup_bl: rb_free(yy_blacklist_host); rb_free(yy_blacklist_reason); yy_blacklist_host = NULL; yy_blacklist_reason = NULL; + yy_blacklist_ipv4 = 1; + yy_blacklist_ipv6 = 0; } } @@ -1865,7 +1939,7 @@ conf_call_set(struct TopConf *tc, char *item, conf_parm_t * value, int type) /* if it takes one thing, make sure they only passed one thing, and handle as needed. */ - if(value->type & CF_FLIST && !cf->cf_type & CF_FLIST) + if((value->v.list->type & CF_FLIST) && !(cf->cf_type & CF_FLIST)) { conf_report_error ("Option %s::%s does not take a list of values.", tc->tc_name, item); @@ -2024,15 +2098,15 @@ static struct ConfEntry conf_admin_table[] = static struct ConfEntry conf_log_table[] = { - { "fname_userlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_userlog }, - { "fname_fuserlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_fuserlog }, - { "fname_operlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_operlog }, - { "fname_foperlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_foperlog }, - { "fname_serverlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_serverlog }, - { "fname_killlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_killlog }, - { "fname_klinelog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_klinelog }, - { "fname_operspylog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_operspylog }, - { "fname_ioerrorlog", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.fname_ioerrorlog }, + { "fname_userlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_userlog }, + { "fname_fuserlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_fuserlog }, + { "fname_operlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_operlog }, + { "fname_foperlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_foperlog }, + { "fname_serverlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_serverlog }, + { "fname_killlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_killlog }, + { "fname_klinelog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_klinelog }, + { "fname_operspylog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_operspylog }, + { "fname_ioerrorlog", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.fname_ioerrorlog }, { "\0", 0, NULL, 0, NULL } }; @@ -2090,6 +2164,7 @@ static struct ConfEntry conf_connect_table[] = { { "send_password", CF_QSTRING, conf_set_connect_send_password, 0, NULL }, { "accept_password", CF_QSTRING, conf_set_connect_accept_password, 0, NULL }, + { "fingerprint", CF_QSTRING, conf_set_connect_fingerprint, 0, NULL }, { "flags", CF_STRING | CF_FLIST, conf_set_connect_flags, 0, NULL }, { "host", CF_QSTRING, conf_set_connect_host, 0, NULL }, { "vhost", CF_QSTRING, conf_set_connect_vhost, 0, NULL }, @@ -2117,7 +2192,7 @@ static struct ConfEntry conf_general_table[] = { "default_operstring", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.default_operstring }, { "default_adminstring",CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.default_adminstring }, { "servicestring", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.servicestring }, - { "egdpool_path", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.egdpool_path }, + { "egdpool_path", CF_QSTRING, NULL, PATH_MAX, &ConfigFileEntry.egdpool_path }, { "kline_reason", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.kline_reason }, { "identify_service", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifyservice }, { "identify_command", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifycommand }, @@ -2132,7 +2207,6 @@ static struct ConfEntry conf_general_table[] = { "burst_away", CF_YESNO, NULL, 0, &ConfigFileEntry.burst_away }, { "caller_id_wait", CF_TIME, NULL, 0, &ConfigFileEntry.caller_id_wait }, { "client_exit", CF_YESNO, NULL, 0, &ConfigFileEntry.client_exit }, - { "client_flood", CF_INT, NULL, 0, &ConfigFileEntry.client_flood }, { "collision_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.collision_fnc }, { "connect_timeout", CF_TIME, NULL, 0, &ConfigFileEntry.connect_timeout }, { "default_floodcount", CF_INT, NULL, 0, &ConfigFileEntry.default_floodcount }, @@ -2177,6 +2251,11 @@ static struct ConfEntry conf_general_table[] = { "use_whois_actually", CF_YESNO, NULL, 0, &ConfigFileEntry.use_whois_actually }, { "warn_no_nline", CF_YESNO, NULL, 0, &ConfigFileEntry.warn_no_nline }, { "use_propagated_bans",CF_YESNO, NULL, 0, &ConfigFileEntry.use_propagated_bans }, + { "client_flood_max_lines", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_max_lines }, + { "client_flood_burst_rate", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_rate }, + { "client_flood_burst_max", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_max }, + { "client_flood_message_num", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_num }, + { "client_flood_message_time", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_time }, { "\0", 0, NULL, 0, NULL } }; @@ -2196,9 +2275,11 @@ static struct ConfEntry conf_channel_table[] = { "only_ascii_channels", CF_YESNO, NULL, 0, &ConfigChannel.only_ascii_channels }, { "use_except", CF_YESNO, NULL, 0, &ConfigChannel.use_except }, { "use_invex", CF_YESNO, NULL, 0, &ConfigChannel.use_invex }, - { "use_knock", CF_YESNO, NULL, 0, &ConfigChannel.use_knock }, { "use_forward", CF_YESNO, NULL, 0, &ConfigChannel.use_forward }, + { "use_knock", CF_YESNO, NULL, 0, &ConfigChannel.use_knock }, { "resv_forcepart", CF_YESNO, NULL, 0, &ConfigChannel.resv_forcepart }, + { "channel_target_change", CF_YESNO, NULL, 0, &ConfigChannel.channel_target_change }, + { "disable_local_channels", CF_YESNO, NULL, 0, &ConfigChannel.disable_local_channels }, { "\0", 0, NULL, 0, NULL } }; @@ -2260,5 +2341,6 @@ newconf_init() add_top_conf("blacklist", NULL, NULL, NULL); add_conf_item("blacklist", "host", CF_QSTRING, conf_set_blacklist_host); + add_conf_item("blacklist", "type", CF_STRING | CF_FLIST, conf_set_blacklist_type); add_conf_item("blacklist", "reject_reason", CF_QSTRING, conf_set_blacklist_reason); }