X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/f28d832416f345ac6ecd0d3c2dc40bcb383a7546..63eb8567cb6b6b8b504b20ef6360d0cc79c18afb:/src/s_conf.c diff --git a/src/s_conf.c b/src/s_conf.c index 19f9f3e0..96559c13 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -28,6 +28,7 @@ #include "ircd_defs.h" #include "s_conf.h" #include "s_newconf.h" +#include "newconf.h" #include "s_serv.h" #include "s_stats.h" #include "channel.h" @@ -46,11 +47,17 @@ #include "reject.h" #include "cache.h" #include "blacklist.h" +#include "privilege.h" #include "sslproc.h" +#include "bandbi.h" +#include "operhash.h" +#include "chmode.h" +#include "hook.h" +#include "s_assert.h" struct config_server_hide ConfigServerHide; -extern int yyparse(); /* defined in y.tab.c */ +extern int yyparse(void); /* defined in y.tab.c */ extern char linebuf[]; #ifndef INADDR_NONE @@ -59,6 +66,8 @@ extern char linebuf[]; static rb_bh *confitem_heap = NULL; +rb_dlink_list prop_bans; + rb_dlink_list temp_klines[LAST_TEMP_TYPE]; rb_dlink_list temp_dlines[LAST_TEMP_TYPE]; rb_dlink_list service_list; @@ -66,9 +75,10 @@ rb_dlink_list service_list; /* internally defined functions */ static void set_default_conf(void); static void validate_conf(void); -static void read_conf(FILE *); +static void read_conf(void); static void clear_out_old_conf(void); +static void expire_prop_bans(void *list); static void expire_temp_kd(void *list); static void reorganise_temp_kd(void *list); @@ -76,6 +86,7 @@ FILE *conf_fbfile_in; extern char yytext[]; static int verify_access(struct Client *client_p, const char *username); +static struct ConfItem *find_address_conf_by_client(struct Client *client_p, const char *username); static int attach_iline(struct Client *, struct ConfItem *); void @@ -83,6 +94,8 @@ init_s_conf(void) { confitem_heap = rb_bh_create(sizeof(struct ConfItem), CONFITEM_HEAP_SIZE, "confitem_heap"); + rb_event_addish("expire_prop_bans", expire_prop_bans, &prop_bans, 60); + rb_event_addish("expire_temp_klines", expire_temp_kd, &temp_klines[TEMP_MIN], 60); rb_event_addish("expire_temp_dlines", expire_temp_kd, &temp_dlines[TEMP_MIN], 60); @@ -139,11 +152,15 @@ free_conf(struct ConfItem *aconf) rb_free(aconf->passwd); rb_free(aconf->spasswd); - rb_free(aconf->name); rb_free(aconf->className); rb_free(aconf->user); rb_free(aconf->host); + if(IsConfBan(aconf)) + operhash_delete(aconf->info.oper); + else + rb_free(aconf->info.name); + rb_bh_free(confitem_heap, aconf); } @@ -168,10 +185,10 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern if((i = verify_access(source_p, username))) { - ilog(L_FUSER, "Access denied: %s[%s]", + ilog(L_FUSER, "Access denied: %s[%s]", source_p->name, source_p->sockhost); } - + switch (i) { case SOCKET_ERROR: @@ -191,7 +208,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern ilog(L_FUSER, "Too many local connections from %s!%s%s@%s", source_p->name, IsGotId(source_p) ? "" : "~", - source_p->username, source_p->sockhost); + source_p->username, source_p->sockhost); ServerStats.is_ref++; exit_client(client_p, source_p, &me, "Too many host connections (local)"); @@ -232,7 +249,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern source_p->username, source_p->host, show_ip(NULL, source_p) && !IsIPSpoof(source_p) ? source_p->sockhost : "255.255.255.255"); - ilog(L_FUSER, "Too many connections from %s!%s%s@%s.", + ilog(L_FUSER, "Too many connections from %s!%s%s@%s.", source_p->name, IsGotId(source_p) ? "" : "~", source_p->username, source_p->sockhost); @@ -250,7 +267,7 @@ check_client(struct Client *client_p, struct Client *source_p, const char *usern else #endif port = ntohs(((struct sockaddr_in *)&source_p->localClient->listener->addr)->sin_port); - + ServerStats.is_ref++; /* jdc - lists server name & port connections are on */ /* a purely cosmetical change */ @@ -301,25 +318,8 @@ static int verify_access(struct Client *client_p, const char *username) { struct ConfItem *aconf; - char non_ident[USERLEN + 1]; - - if(IsGotId(client_p)) - { - aconf = find_address_conf(client_p->host, client_p->sockhost, - client_p->username, client_p->username, - (struct sockaddr *) &client_p->localClient->ip, - client_p->localClient->ip.ss_family); - } - else - { - rb_strlcpy(non_ident, "~", sizeof(non_ident)); - rb_strlcat(non_ident, username, sizeof(non_ident)); - aconf = find_address_conf(client_p->host, client_p->sockhost, - non_ident, client_p->username, - (struct sockaddr *) &client_p->localClient->ip, - client_p->localClient->ip.ss_family); - } + aconf = find_address_conf_by_client(client_p, username); if(aconf == NULL) return NOT_AUTHORISED; @@ -328,7 +328,7 @@ verify_access(struct Client *client_p, const char *username) if(aconf->flags & CONF_FLAGS_REDIR) { sendto_one_numeric(client_p, RPL_REDIR, form_str(RPL_REDIR), - aconf->name ? aconf->name : "", aconf->port); + aconf->info.name ? aconf->info.name : "", aconf->port); return (NOT_AUTHORISED); } @@ -345,35 +345,34 @@ verify_access(struct Client *client_p, const char *username) sendto_realops_snomask(SNO_GENERAL, L_ALL, "%s spoofing: %s as %s", client_p->name, - show_ip(NULL, client_p) ? client_p->host : aconf->name, - aconf->name); + show_ip(NULL, client_p) ? client_p->host : aconf->info.name, + aconf->info.name); } /* user@host spoof */ - if((p = strchr(aconf->name, '@')) != NULL) + if((p = strchr(aconf->info.name, '@')) != NULL) { char *host = p+1; *p = '\0'; - rb_strlcpy(client_p->username, aconf->name, + rb_strlcpy(client_p->username, aconf->info.name, sizeof(client_p->username)); rb_strlcpy(client_p->host, host, sizeof(client_p->host)); *p = '@'; } else - rb_strlcpy(client_p->host, aconf->name, sizeof(client_p->host)); + rb_strlcpy(client_p->host, aconf->info.name, sizeof(client_p->host)); } return (attach_iline(client_p, aconf)); } else if(aconf->status & CONF_KILL) { if(ConfigFileEntry.kline_with_reason) - { sendto_one(client_p, form_str(ERR_YOUREBANNEDCREEP), - me.name, client_p->name, aconf->passwd); - } + me.name, client_p->name, + get_user_ban_reason(aconf)); add_reject(client_p, aconf->user, aconf->host); return (BANNED_CLIENT); } @@ -382,9 +381,40 @@ verify_access(struct Client *client_p, const char *username) } +/* + * find_address_conf_by_client + */ +static struct ConfItem * +find_address_conf_by_client(struct Client *client_p, const char *username) +{ + struct ConfItem *aconf; + char non_ident[USERLEN + 1]; + + if(IsGotId(client_p)) + { + aconf = find_address_conf(client_p->host, client_p->sockhost, + client_p->username, client_p->username, + (struct sockaddr *) &client_p->localClient->ip, + client_p->localClient->ip.ss_family, + client_p->localClient->auth_user); + } + else + { + rb_strlcpy(non_ident, "~", sizeof(non_ident)); + rb_strlcat(non_ident, username, sizeof(non_ident)); + aconf = find_address_conf(client_p->host, client_p->sockhost, + non_ident, client_p->username, + (struct sockaddr *) &client_p->localClient->ip, + client_p->localClient->ip.ss_family, + client_p->localClient->auth_user); + } + return aconf; +} + + /* * add_ip_limit - * + * * Returns 1 if successful 0 if not * * This checks if the user has exceed the limits for their class @@ -395,32 +425,38 @@ static int add_ip_limit(struct Client *client_p, struct ConfItem *aconf) { rb_patricia_node_t *pnode; + int bitlen; /* If the limits are 0 don't do anything.. */ - if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0) + if(ConfCidrAmount(aconf) == 0 + || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0)) return -1; pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip); + if(GET_SS_FAMILY(&client_p->localClient->ip) == AF_INET) + bitlen = ConfCidrIpv4Bitlen(aconf); + else + bitlen = ConfCidrIpv6Bitlen(aconf); + if(pnode == NULL) - pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, ConfCidrBitlen(aconf)); + pnode = make_and_lookup_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip, bitlen); s_assert(pnode != NULL); if(pnode != NULL) { - if(((long) pnode->data) >= ConfCidrAmount(aconf) - && !IsConfExemptLimits(aconf)) + if(((intptr_t)pnode->data) >= ConfCidrAmount(aconf) && !IsConfExemptLimits(aconf)) { /* This should only happen if the limits are set to 0 */ - if((unsigned long) pnode->data == 0) + if((intptr_t)pnode->data == 0) { rb_patricia_remove(ConfIpLimits(aconf), pnode); } return (0); } - pnode->data++; + pnode->data = (void *)(((intptr_t)pnode->data) + 1); } return 1; } @@ -431,15 +467,16 @@ remove_ip_limit(struct Client *client_p, struct ConfItem *aconf) rb_patricia_node_t *pnode; /* If the limits are 0 don't do anything.. */ - if(ConfCidrAmount(aconf) == 0 || ConfCidrBitlen(aconf) == 0) + if(ConfCidrAmount(aconf) == 0 + || (ConfCidrIpv4Bitlen(aconf) == 0 && ConfCidrIpv6Bitlen(aconf) == 0)) return; pnode = rb_match_ip(ConfIpLimits(aconf), (struct sockaddr *)&client_p->localClient->ip); if(pnode == NULL) return; - pnode->data--; - if(((unsigned long) pnode->data) == 0) + pnode->data = (void *)(((intptr_t)pnode->data) - 1); + if(((intptr_t)pnode->data) == 0) { rb_patricia_remove(ConfIpLimits(aconf), pnode); } @@ -462,14 +499,13 @@ attach_iline(struct Client *client_p, struct ConfItem *aconf) int local_count = 0; int global_count = 0; int ident_count = 0; - int unidented = 0; + int unidented; if(IsConfExemptLimits(aconf)) return (attach_conf(client_p, aconf)); - if(*client_p->username == '~') - unidented = 1; - + unidented = !IsGotId(client_p) && !IsNoTilde(aconf) && + (!IsConfDoSpoofIp(aconf) || !strchr(aconf->info.name, '@')); /* find_hostname() returns the head of the list to search */ RB_DLINK_FOREACH(ptr, find_hostname(client_p->host)) @@ -549,7 +585,7 @@ detach_conf(struct Client *client_p) /* * attach_conf - * + * * inputs - client pointer * - conf pointer * output - @@ -623,63 +659,10 @@ rehash(int sig) return (0); } -static struct banconf_entry -{ - const char **filename; - void (*func) (FILE *); - int perm; -} banconfs[] = { - { &ConfigFileEntry.klinefile, parse_k_file, 0 }, - { &ConfigFileEntry.klinefile, parse_k_file, 1 }, - { &ConfigFileEntry.dlinefile, parse_d_file, 0 }, - { &ConfigFileEntry.dlinefile, parse_d_file, 1 }, - { &ConfigFileEntry.xlinefile, parse_x_file, 0 }, - { &ConfigFileEntry.xlinefile, parse_x_file, 1 }, - { &ConfigFileEntry.resvfile, parse_resv_file,0 }, - { &ConfigFileEntry.resvfile, parse_resv_file,1 }, - { NULL, NULL, 0 } -}; - void rehash_bans(int sig) { - FILE *file; - char buf[MAXPATHLEN]; - int i; - - if(sig != 0) - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Got signal SIGUSR2, reloading ban confs"); - - clear_out_address_conf_bans(); - clear_s_newconf_bans(); - - for(i = 0; banconfs[i].filename; i++) - { - if(banconfs[i].perm) - snprintf(buf, sizeof(buf), "%s.perm", *banconfs[i].filename); - else - snprintf(buf, sizeof(buf), "%s", *banconfs[i].filename); - - if((file = fopen(buf, "r")) == NULL) - { - if(banconfs[i].perm) - continue; - - ilog(L_MAIN, "Failed reading ban file %s", - *banconfs[i].filename); - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Can't open %s file bans could be missing!", - *banconfs[i].filename); - } - else - { - (banconfs[i].func)(file); - fclose(file); - } - } - - check_banned_lines(); + bandb_rehash_bans(); } /* @@ -703,8 +686,7 @@ set_default_conf(void) /* ServerInfo.name is not rehashable */ /* ServerInfo.name = ServerInfo.name; */ ServerInfo.description = NULL; - ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT); - ServerInfo.network_desc = rb_strdup(NETWORK_DESC_DEFAULT); + ServerInfo.network_name = NULL; memset(&ServerInfo.ip, 0, sizeof(ServerInfo.ip)); ServerInfo.specific_ipv4_vhost = 0; @@ -719,11 +701,12 @@ set_default_conf(void) AdminInfo.email = NULL; AdminInfo.description = NULL; - ConfigFileEntry.default_operstring = rb_strdup("is an IRC operator"); - ConfigFileEntry.default_adminstring = rb_strdup("is a Server Administrator"); - ConfigFileEntry.servicestring = rb_strdup("is a Network Service"); + ConfigFileEntry.default_operstring = NULL; + ConfigFileEntry.default_adminstring = NULL; + ConfigFileEntry.servicestring = NULL; + ConfigFileEntry.sasl_service = NULL; - ConfigFileEntry.default_umodes = UMODE_INVISIBLE; + ConfigFileEntry.default_umodes = UMODE_INVISIBLE; ConfigFileEntry.failed_oper_notice = YES; ConfigFileEntry.anti_nick_flood = NO; ConfigFileEntry.disable_fake_channels = NO; @@ -762,21 +745,23 @@ set_default_conf(void) ConfigFileEntry.fname_operlog = NULL; ConfigFileEntry.fname_foperlog = NULL; ConfigFileEntry.fname_serverlog = NULL; + ConfigFileEntry.fname_killlog = NULL; ConfigFileEntry.fname_klinelog = NULL; ConfigFileEntry.fname_operspylog = NULL; ConfigFileEntry.fname_ioerrorlog = NULL; - ConfigFileEntry.use_egd = NO; ConfigFileEntry.hide_spoof_ips = YES; ConfigFileEntry.hide_error_messages = 1; ConfigFileEntry.dots_in_ident = 0; ConfigFileEntry.max_targets = MAX_TARGETS_DEFAULT; - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); - ConfigFileEntry.egdpool_path = NULL; ConfigFileEntry.use_whois_actually = YES; ConfigFileEntry.burst_away = NO; ConfigFileEntry.collision_fnc = YES; + ConfigFileEntry.resv_fnc = YES; ConfigFileEntry.global_snotices = YES; ConfigFileEntry.operspy_dont_care_user_info = NO; + ConfigFileEntry.use_propagated_bans = YES; + ConfigFileEntry.max_ratelimit_tokens = 30; + ConfigFileEntry.away_interval = 30; #ifdef HAVE_LIBZ ConfigFileEntry.compression_level = 4; @@ -789,13 +774,14 @@ set_default_conf(void) ConfigChannel.use_except = YES; ConfigChannel.use_invex = YES; - ConfigChannel.use_knock = YES; ConfigChannel.use_forward = YES; + ConfigChannel.use_knock = YES; ConfigChannel.knock_delay = 300; ConfigChannel.knock_delay_channel = 60; ConfigChannel.max_chans_per_user = 15; ConfigChannel.max_bans = 25; ConfigChannel.max_bans_large = 500; + ConfigChannel.only_ascii_channels = NO; ConfigChannel.burst_topicwho = NO; ConfigChannel.kick_on_split_riding = NO; @@ -803,6 +789,11 @@ set_default_conf(void) ConfigChannel.default_split_server_count = 10; ConfigChannel.no_join_on_split = NO; ConfigChannel.no_create_on_split = YES; + ConfigChannel.resv_forcepart = YES; + ConfigChannel.channel_target_change = YES; + ConfigChannel.disable_local_channels = NO; + + ConfigChannel.autochanmodes = MODE_TOPICLIMIT | MODE_NOPRIVMSGS; ConfigServerHide.flatten_links = 0; ConfigServerHide.links_delay = 300; @@ -812,30 +803,43 @@ set_default_conf(void) ConfigFileEntry.min_nonwildcard = 4; ConfigFileEntry.min_nonwildcard_simple = 3; ConfigFileEntry.default_floodcount = 8; - ConfigFileEntry.client_flood = CLIENT_FLOOD_DEFAULT; + ConfigFileEntry.default_ident_timeout = IDENT_TIMEOUT_DEFAULT; ConfigFileEntry.tkline_expire_notices = 0; ConfigFileEntry.reject_after_count = 5; - ConfigFileEntry.reject_ban_time = 300; + ConfigFileEntry.reject_ban_time = 300; ConfigFileEntry.reject_duration = 120; - ConfigFileEntry.max_unknown_ip = 2; + ConfigFileEntry.throttle_count = 4; + ConfigFileEntry.throttle_duration = 60; + + ConfigFileEntry.client_flood_max_lines = CLIENT_FLOOD_DEFAULT; + ConfigFileEntry.client_flood_burst_rate = 5; + ConfigFileEntry.client_flood_burst_max = 5; + ConfigFileEntry.client_flood_message_time = 1; + ConfigFileEntry.client_flood_message_num = 2; ServerInfo.default_max_clients = MAXCONNECTIONS; + + ConfigFileEntry.nicklen = NICKLEN; + ConfigFileEntry.certfp_method = RB_SSL_CERTFP_METH_SHA1; + + if (!alias_dict) + alias_dict = irc_dictionary_create(strcasecmp); } #undef YES #undef NO /* - * read_conf() + * read_conf() * * - * inputs - file descriptor pointing to config file to use + * inputs - None * output - None * side effects - Read configuration file. */ static void -read_conf(FILE * file) +read_conf(void) { lineno = 0; @@ -844,26 +848,25 @@ read_conf(FILE * file) validate_conf(); /* Check to make sure some values are still okay. */ /* Some global values are also loaded here. */ check_class(); /* Make sure classes are valid */ + privilegeset_delete_all_illegal(); + construct_cflags_strings(); } static void validate_conf(void) { + if(ConfigFileEntry.default_ident_timeout < 1) + ConfigFileEntry.default_ident_timeout = IDENT_TIMEOUT_DEFAULT; + if(ConfigFileEntry.ts_warn_delta < TS_WARN_DELTA_MIN) ConfigFileEntry.ts_warn_delta = TS_WARN_DELTA_DEFAULT; if(ConfigFileEntry.ts_max_delta < TS_MAX_DELTA_MIN) ConfigFileEntry.ts_max_delta = TS_MAX_DELTA_DEFAULT; - if(ConfigFileEntry.servlink_path == NULL) - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); - if(ServerInfo.network_name == NULL) ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT); - if(ServerInfo.network_desc == NULL) - ServerInfo.network_desc = rb_strdup(NETWORK_DESC_DEFAULT); - if(ServerInfo.ssld_count < 1) ServerInfo.ssld_count = 1; @@ -881,12 +884,37 @@ validate_conf(void) int start = ServerInfo.ssld_count - get_ssld_count(); /* start up additional ssld if needed */ start_ssldaemon(start, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params); - + } - if((ConfigFileEntry.client_flood < CLIENT_FLOOD_MIN) || - (ConfigFileEntry.client_flood > CLIENT_FLOOD_MAX)) - ConfigFileEntry.client_flood = CLIENT_FLOOD_MAX; + /* General conf */ + if (ConfigFileEntry.default_operstring == NULL) + ConfigFileEntry.default_operstring = rb_strdup("is an IRC operator"); + + if (ConfigFileEntry.default_adminstring == NULL) + ConfigFileEntry.default_adminstring = rb_strdup("is a Server Administrator"); + + if (ConfigFileEntry.servicestring == NULL) + ConfigFileEntry.servicestring = rb_strdup("is a Network Service"); + + if (ConfigFileEntry.sasl_service == NULL) + ConfigFileEntry.sasl_service = rb_strdup("SaslServ"); + + /* RFC 1459 says 1 message per 2 seconds on average and bursts of + * 5 messages are acceptable, so allow at least that. + */ + if(ConfigFileEntry.client_flood_burst_rate < 5) + ConfigFileEntry.client_flood_burst_rate = 5; + if(ConfigFileEntry.client_flood_burst_max < 5) + ConfigFileEntry.client_flood_burst_max = 5; + if(ConfigFileEntry.client_flood_message_time > + ConfigFileEntry.client_flood_message_num * 2) + ConfigFileEntry.client_flood_message_time = + ConfigFileEntry.client_flood_message_num * 2; + + if((ConfigFileEntry.client_flood_max_lines < CLIENT_FLOOD_MIN) || + (ConfigFileEntry.client_flood_max_lines > CLIENT_FLOOD_MAX)) + ConfigFileEntry.client_flood_max_lines = CLIENT_FLOOD_MAX; if(!split_users || !split_servers || (!ConfigChannel.no_create_on_split && !ConfigChannel.no_join_on_split)) @@ -902,7 +930,7 @@ validate_conf(void) * * inputs - pointer to struct ConfItem * output - none - * Side effects - links in given struct ConfItem into + * Side effects - links in given struct ConfItem into * temporary kline link list */ void @@ -930,7 +958,7 @@ add_temp_kline(struct ConfItem *aconf) } aconf->flags |= CONF_FLAGS_TEMPORARY; - add_conf_by_address(aconf->host, CONF_KILL, aconf->user, aconf); + add_conf_by_address(aconf->host, CONF_KILL, aconf->user, NULL, aconf); } /* add_temp_dline() @@ -964,7 +992,195 @@ add_temp_dline(struct ConfItem *aconf) } aconf->flags |= CONF_FLAGS_TEMPORARY; - add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, aconf); + add_conf_by_address(aconf->host, CONF_DLINE, aconf->user, NULL, aconf); +} + +/* valid_wild_card() + * + * input - user buffer, host buffer + * output - 0 if invalid, 1 if valid + * side effects - + */ +int +valid_wild_card(const char *luser, const char *lhost) +{ + const char *p; + char tmpch; + int nonwild = 0; + int bitlen; + + /* user has no wildcards, always accept -- jilles */ + if(!strchr(luser, '?') && !strchr(luser, '*')) + return 1; + + /* check there are enough non wildcard chars */ + p = luser; + while((tmpch = *p++)) + { + if(!IsKWildChar(tmpch)) + { + /* found enough chars, return */ + if(++nonwild >= ConfigFileEntry.min_nonwildcard) + return 1; + } + } + + /* try host, as user didnt contain enough */ + /* special case for cidr masks -- jilles */ + if((p = strrchr(lhost, '/')) != NULL && IsDigit(p[1])) + { + bitlen = atoi(p + 1); + /* much like non-cidr for ipv6, rather arbitrary for ipv4 */ + if(bitlen > 0 + && bitlen >= + (strchr(lhost, ':') ? 4 * (ConfigFileEntry.min_nonwildcard - nonwild) : 6 - + 2 * nonwild)) + return 1; + } + else + { + p = lhost; + while((tmpch = *p++)) + { + if(!IsKWildChar(tmpch)) + if(++nonwild >= ConfigFileEntry.min_nonwildcard) + return 1; + } + } + + return 0; +} + +rb_dlink_node * +find_prop_ban(unsigned int status, const char *user, const char *host) +{ + rb_dlink_node *ptr; + struct ConfItem *aconf; + + RB_DLINK_FOREACH(ptr, prop_bans.head) + { + aconf = ptr->data; + + if((aconf->status & ~CONF_ILLEGAL) == status && + (!user || !aconf->user || + !irccmp(aconf->user, user)) && + !irccmp(aconf->host, host)) + return ptr; + } + return NULL; +} + +void +deactivate_conf(struct ConfItem *aconf, rb_dlink_node *ptr, time_t now) +{ + int i; + + s_assert(ptr->data == aconf); + + switch (aconf->status) + { + case CONF_KILL: + if (aconf->lifetime == 0 && + aconf->flags & CONF_FLAGS_TEMPORARY) + for (i = 0; i < LAST_TEMP_TYPE; i++) + rb_dlinkFindDestroy(aconf, &temp_klines[i]); + /* Make sure delete_one_address_conf() does not + * free the aconf. + */ + aconf->clients++; + delete_one_address_conf(aconf->host, aconf); + aconf->clients--; + break; + case CONF_DLINE: + if (aconf->lifetime == 0 && + aconf->flags & CONF_FLAGS_TEMPORARY) + for (i = 0; i < LAST_TEMP_TYPE; i++) + rb_dlinkFindDestroy(aconf, &temp_dlines[i]); + aconf->clients++; + delete_one_address_conf(aconf->host, aconf); + aconf->clients--; + break; + case CONF_XLINE: + rb_dlinkFindDestroy(aconf, &xline_conf_list); + break; + case CONF_RESV_NICK: + rb_dlinkFindDestroy(aconf, &resv_conf_list); + break; + case CONF_RESV_CHANNEL: + del_from_resv_hash(aconf->host, aconf); + break; + } + if (aconf->lifetime != 0 && now < aconf->lifetime) + aconf->status |= CONF_ILLEGAL; + else + { + if (aconf->lifetime != 0) + rb_dlinkDestroy(ptr, &prop_bans); + free_conf(aconf); + } +} + +/* Given a new ban ConfItem, look for any matching ban, update the lifetime + * from it and delete it. + */ +void +replace_old_ban(struct ConfItem *aconf) +{ + rb_dlink_node *ptr; + struct ConfItem *oldconf; + + ptr = find_prop_ban(aconf->status, aconf->user, aconf->host); + if(ptr != NULL) + { + oldconf = ptr->data; + /* Remember at least as long as the old one. */ + if(oldconf->lifetime > aconf->lifetime) + aconf->lifetime = oldconf->lifetime; + /* Force creation time to increase. */ + if(oldconf->created >= aconf->created) + aconf->created = oldconf->created + 1; + /* Leave at least one second of validity. */ + if(aconf->hold <= aconf->created) + aconf->hold = aconf->created + 1; + if(aconf->lifetime < aconf->hold) + aconf->lifetime = aconf->hold; + /* Tell deactivate_conf() to destroy it. */ + oldconf->lifetime = rb_current_time(); + deactivate_conf(oldconf, ptr, oldconf->lifetime); + } +} + +static void +expire_prop_bans(void *list) +{ + rb_dlink_node *ptr; + rb_dlink_node *next_ptr; + struct ConfItem *aconf; + time_t now; + + now = rb_current_time(); + RB_DLINK_FOREACH_SAFE(ptr, next_ptr, ((rb_dlink_list *) list)->head) + { + aconf = ptr->data; + + if(aconf->lifetime <= now || + (aconf->hold <= now && + !(aconf->status & CONF_ILLEGAL))) + { + /* Alert opers that a TKline expired - Hwy */ + /* XXX show what type of ban it is */ + if(ConfigFileEntry.tkline_expire_notices && + !(aconf->status & CONF_ILLEGAL)) + sendto_realops_snomask(SNO_GENERAL, L_ALL, + "Propagated ban for [%s%s%s] expired", + aconf->user ? aconf->user : "", + aconf->user ? "@" : "", + aconf->host ? aconf->host : "*"); + + /* will destroy or mark illegal */ + deactivate_conf(aconf, ptr, now); + } + } } /* expire_tkline() @@ -1012,7 +1228,7 @@ reorganise_temp_kd(void *list) if(aconf->hold < (rb_current_time() + (60 * 60))) { - rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ? + rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ? &temp_klines[TEMP_MIN] : &temp_dlines[TEMP_MIN]); aconf->port = TEMP_MIN; } @@ -1020,14 +1236,14 @@ reorganise_temp_kd(void *list) { if(aconf->hold < (rb_current_time() + (1440 * 60))) { - rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ? + rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ? &temp_klines[TEMP_HOUR] : &temp_dlines[TEMP_HOUR]); aconf->port = TEMP_HOUR; } - else if(aconf->port > TEMP_DAY && + else if(aconf->port > TEMP_DAY && (aconf->hold < (rb_current_time() + (10080 * 60)))) { - rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ? + rb_dlinkMoveNode(ptr, list, (aconf->status == CONF_KILL) ? &temp_klines[TEMP_DAY] : &temp_dlines[TEMP_DAY]); aconf->port = TEMP_DAY; } @@ -1057,7 +1273,7 @@ get_oper_name(struct Client *client_p) } rb_snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}", - client_p->name, client_p->username, + client_p->name, client_p->username, client_p->host, client_p->servptr->name); return buffer; } @@ -1067,7 +1283,7 @@ get_oper_name(struct Client *client_p) * * inputs - struct ConfItem * - * output - name + * output - name * - host * - pass * - user @@ -1080,12 +1296,12 @@ get_oper_name(struct Client *client_p) */ void get_printable_conf(struct ConfItem *aconf, char **name, char **host, - char **pass, char **user, int *port, char **classname) + const char **pass, char **user, int *port, char **classname) { static char null[] = ""; static char zero[] = "default"; - *name = EmptyString(aconf->name) ? null : aconf->name; + *name = EmptyString(aconf->info.name) ? null : aconf->info.name; *host = EmptyString(aconf->host) ? null : aconf->host; *pass = EmptyString(aconf->passwd) ? null : aconf->passwd; *user = EmptyString(aconf->user) ? null : aconf->user; @@ -1093,21 +1309,55 @@ get_printable_conf(struct ConfItem *aconf, char **name, char **host, *port = (int) aconf->port; } +char * +get_user_ban_reason(struct ConfItem *aconf) +{ + static char reasonbuf[BUFSIZE]; + + if (aconf->flags & CONF_FLAGS_TEMPORARY && + (aconf->status == CONF_KILL || aconf->status == CONF_DLINE)) + rb_snprintf(reasonbuf, sizeof reasonbuf, + "Temporary %c-line %d min. - ", + aconf->status == CONF_DLINE ? 'D' : 'K', + (int)((aconf->hold - aconf->created) / 60)); + else + reasonbuf[0] = '\0'; + if (aconf->passwd) + rb_strlcat(reasonbuf, aconf->passwd, sizeof reasonbuf); + else + rb_strlcat(reasonbuf, "No Reason", sizeof reasonbuf); + if (aconf->created) + { + rb_strlcat(reasonbuf, " (", sizeof reasonbuf); + rb_strlcat(reasonbuf, smalldate(aconf->created), + sizeof reasonbuf); + rb_strlcat(reasonbuf, ")", sizeof reasonbuf); + } + return reasonbuf; +} + void -get_printable_kline(struct Client *source_p, struct ConfItem *aconf, +get_printable_kline(struct Client *source_p, struct ConfItem *aconf, char **host, char **reason, char **user, char **oper_reason) { static char null[] = ""; + static char operreasonbuf[BUFSIZE]; *host = EmptyString(aconf->host) ? null : aconf->host; - *reason = EmptyString(aconf->passwd) ? null : aconf->passwd; *user = EmptyString(aconf->user) ? null : aconf->user; + *reason = get_user_ban_reason(aconf); - if(EmptyString(aconf->spasswd) || !IsOper(source_p)) + if(!IsOper(source_p)) *oper_reason = NULL; else - *oper_reason = aconf->spasswd; + { + rb_snprintf(operreasonbuf, sizeof operreasonbuf, "%s%s(%s)", + EmptyString(aconf->spasswd) ? "" : aconf->spasswd, + EmptyString(aconf->spasswd) ? "" : " ", + aconf->info.oper); + *oper_reason = operreasonbuf; + } } /* @@ -1124,13 +1374,15 @@ read_conf_files(int cold) conf_fbfile_in = NULL; - filename = get_conf_name(CONF_TYPE); + filename = ConfigFileEntry.configfile; /* We need to know the initial filename for the yyerror() to report FIXME: The full path is in conffilenamebuf first time since we dont know anything else - - Gozem 2002-07-21 + - Gozem 2002-07-21 + + */ rb_strlcpy(conffilebuf, filename, sizeof(conffilebuf)); @@ -1138,7 +1390,15 @@ read_conf_files(int cold) { if(cold) { + inotice("Failed in reading configuration file %s, aborting", filename); ilog(L_MAIN, "Failed in reading configuration file %s", filename); + + int e; + e = errno; + + inotice("FATAL: %s %s", strerror(e), filename); + ilog(L_MAIN, "FATAL: %s %s", strerror(e), filename); + exit(-1); } else @@ -1154,7 +1414,10 @@ read_conf_files(int cold) clear_out_old_conf(); } - read_conf(conf_fbfile_in); + call_hook(h_conf_read_start, NULL); + read_conf(); + call_hook(h_conf_read_end, NULL); + fclose(conf_fbfile_in); } @@ -1210,8 +1473,6 @@ clear_out_old_conf(void) ServerInfo.description = NULL; rb_free(ServerInfo.network_name); ServerInfo.network_name = NULL; - rb_free(ServerInfo.network_desc); - ServerInfo.network_desc = NULL; ServerInfo.ssld_count = 1; @@ -1232,8 +1493,36 @@ clear_out_old_conf(void) */ /* clean out general */ - rb_free(ConfigFileEntry.servlink_path); - ConfigFileEntry.servlink_path = NULL; + rb_free(ConfigFileEntry.default_operstring); + ConfigFileEntry.default_operstring = NULL; + rb_free(ConfigFileEntry.default_adminstring); + ConfigFileEntry.default_adminstring = NULL; + rb_free(ConfigFileEntry.servicestring); + ConfigFileEntry.servicestring = NULL; + rb_free(ConfigFileEntry.kline_reason); + ConfigFileEntry.kline_reason = NULL; + rb_free(ConfigFileEntry.sasl_service); + ConfigFileEntry.sasl_service = NULL; + + /* clean out log */ + rb_free(ConfigFileEntry.fname_userlog); + ConfigFileEntry.fname_userlog = NULL; + rb_free(ConfigFileEntry.fname_fuserlog); + ConfigFileEntry.fname_fuserlog = NULL; + rb_free(ConfigFileEntry.fname_operlog); + ConfigFileEntry.fname_operlog = NULL; + rb_free(ConfigFileEntry.fname_foperlog); + ConfigFileEntry.fname_foperlog = NULL; + rb_free(ConfigFileEntry.fname_serverlog); + ConfigFileEntry.fname_serverlog = NULL; + rb_free(ConfigFileEntry.fname_killlog); + ConfigFileEntry.fname_killlog = NULL; + rb_free(ConfigFileEntry.fname_klinelog); + ConfigFileEntry.fname_klinelog = NULL; + rb_free(ConfigFileEntry.fname_operspylog); + ConfigFileEntry.fname_operspylog = NULL; + rb_free(ConfigFileEntry.fname_ioerrorlog); + ConfigFileEntry.fname_ioerrorlog = NULL; RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head) { @@ -1242,176 +1531,25 @@ clear_out_old_conf(void) } /* remove any aliases... -- nenolod */ - irc_dictionary_destroy(alias_dict, free_alias_cb, NULL); - alias_dict = NULL; - - destroy_blacklists(); - - /* OK, that should be everything... */ -} - - -/* write_confitem() - * - * inputs - kline, dline or resv type flag - * - client pointer to report to - * - user name of target - * - host name of target - * - reason for target - * - time string - * - type of xline - * output - NONE - * side effects - This function takes care of finding the right conf - * file and adding the line to it, as well as notifying - * opers and the user. - */ -void -write_confitem(KlineType type, struct Client *source_p, char *user, - char *host, const char *reason, const char *oper_reason, - const char *current_date, int xtype) -{ - char buffer[1024]; - FILE *out; - const char *filename; /* filename to use for kline */ - - filename = get_conf_name(type); - - if(type == KLINE_TYPE) - { - if(EmptyString(oper_reason)) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added K-Line for [%s@%s] [%s]", - get_oper_name(source_p), user, - host, reason); - ilog(L_KLINE, "K %s 0 %s %s %s", - get_oper_name(source_p), user, host, reason); - } - else - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added K-Line for [%s@%s] [%s|%s]", - get_oper_name(source_p), user, - host, reason, oper_reason); - ilog(L_KLINE, "K %s 0 %s %s %s|%s", - get_oper_name(source_p), user, host, - reason, oper_reason); - } - - sendto_one_notice(source_p, ":Added K-Line [%s@%s]", - user, host); - } - else if(type == DLINE_TYPE) - { - if(EmptyString(oper_reason)) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added D-Line for [%s] [%s]", - get_oper_name(source_p), host, reason); - ilog(L_KLINE, "D %s 0 %s %s", - get_oper_name(source_p), host, reason); - } - else - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added D-Line for [%s] [%s|%s]", - get_oper_name(source_p), host, - reason, oper_reason); - ilog(L_KLINE, "D %s 0 %s %s|%s", - get_oper_name(source_p), host, - reason, oper_reason); - } - - sendto_one_notice(source_p, ":Added D-Line [%s] to %s", host, filename); - - } - else if(type == RESV_TYPE) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "%s added RESV for [%s] [%s]", - get_oper_name(source_p), host, reason); - ilog(L_KLINE, "R %s 0 %s %s", - get_oper_name(source_p), host, reason); - - sendto_one_notice(source_p, ":Added RESV for [%s] [%s]", - host, reason); - } - - if((out = fopen(filename, "a")) == NULL) + if (alias_dict != NULL) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "*** Problem opening %s ", filename); - sendto_one_notice(source_p, ":*** Problem opening file, added temporarily only"); - return; + irc_dictionary_destroy(alias_dict, free_alias_cb, NULL); + alias_dict = NULL; } - if(oper_reason == NULL) - oper_reason = ""; - - if(type == KLINE_TYPE) - { - rb_snprintf(buffer, sizeof(buffer), - "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n", - user, host, reason, oper_reason, current_date, - get_oper_name(source_p), (long int)rb_current_time()); - } - else if(type == DLINE_TYPE) - { - rb_snprintf(buffer, sizeof(buffer), - "\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",%ld\n", host, - reason, oper_reason, current_date, get_oper_name(source_p), (long int)rb_current_time()); - } - else if(type == RESV_TYPE) - { - rb_snprintf(buffer, sizeof(buffer), "\"%s\",\"%s\",\"%s\",%ld\n", - host, reason, get_oper_name(source_p), (long int)rb_current_time()); - } + destroy_blacklists(); - if(fputs(buffer, out) == -1) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "*** Problem writing to %s", filename); - sendto_one_notice(source_p, ":*** Problem writing to file, added temporarily only"); - fclose(out); - return; - } + privilegeset_mark_all_illegal(); - if (fclose(out)) - { - sendto_realops_snomask(SNO_GENERAL, L_ALL, "*** Problem writing to %s", filename); - sendto_one_notice(source_p, ":*** Problem writing to file, added temporarily only"); - return; - } + /* OK, that should be everything... */ } -/* get_conf_name - * - * inputs - type of conf file to return name of file for - * output - pointer to filename for type of conf - * side effects - none - */ -const char * -get_conf_name(KlineType type) -{ - if(type == CONF_TYPE) - { - return (ConfigFileEntry.configfile); - } - else if(type == DLINE_TYPE) - { - return (ConfigFileEntry.dlinefile); - } - else if(type == RESV_TYPE) - { - return (ConfigFileEntry.resvfile); - } - - return ConfigFileEntry.klinefile; -} /* * conf_add_class_to_conf * inputs - pointer to config item * output - NONE - * side effects - Add a class pointer to a conf + * side effects - Add a class pointer to a conf */ void @@ -1430,8 +1568,8 @@ conf_add_class_to_conf(struct ConfItem *aconf) { if(aconf->status == CONF_CLIENT) { - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Warning -- Using default class for missing class \"%s\" in auth{} for %s@%s", + conf_report_error( + "Using default class for missing class \"%s\" in auth{} for %s@%s", aconf->className, aconf->user, aconf->host); } @@ -1474,7 +1612,7 @@ conf_add_d_conf(struct ConfItem *aconf) } else { - add_conf_by_address(aconf->host, CONF_DLINE, NULL, aconf); + add_conf_by_address(aconf->host, CONF_DLINE, NULL, NULL, aconf); } } @@ -1511,18 +1649,16 @@ yyerror(const char *msg) strip_tabs(newlinebuf, linebuf, strlen(linebuf)); + ierror("\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); sendto_realops_snomask(SNO_GENERAL, L_ALL, "\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); - ilog(L_MAIN, "\"%s\", line %d: %s at '%s'", conffilebuf, lineno + 1, msg, newlinebuf); } int conf_fgets(char *lbuf, int max_size, FILE * fb) { - char *buff; - - if((buff = fgets(lbuf, max_size, fb)) == NULL) + if(fgets(lbuf, max_size, fb) == NULL) return (0); return (strlen(lbuf));