/[svn]/ircd-hybrid/trunk/src/conf.c
ViewVC logotype

Contents of /ircd-hybrid/trunk/src/conf.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 9635 - (show annotations)
Sat Sep 19 11:45:43 2020 UTC (5 weeks, 2 days ago) by michael
File MIME type: text/x-chdr
File size: 38125 byte(s)
- conf.c:conf_check_client(): remove listener information from unauth server notice

1 /*
2 * ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3 *
4 * Copyright (c) 1997-2020 ircd-hybrid development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 */
21
22 /*! \file conf.c
23 * \brief Configuration file functions.
24 * \version $Id$
25 */
26
27 #include "stdinc.h"
28 #include "list.h"
29 #include "ircd_defs.h"
30 #include "parse.h"
31 #include "conf.h"
32 #include "conf_cluster.h"
33 #include "conf_gecos.h"
34 #include "conf_pseudo.h"
35 #include "conf_resv.h"
36 #include "conf_service.h"
37 #include "conf_shared.h"
38 #include "server.h"
39 #include "channel.h"
40 #include "client.h"
41 #include "event.h"
42 #include "irc_string.h"
43 #include "s_bsd.h"
44 #include "ircd.h"
45 #include "listener.h"
46 #include "hostmask.h"
47 #include "modules.h"
48 #include "numeric.h"
49 #include "fdlist.h"
50 #include "log.h"
51 #include "send.h"
52 #include "memory.h"
53 #include "res.h"
54 #include "user.h"
55 #include "channel_mode.h"
56 #include "misc.h"
57 #include "conf_db.h"
58 #include "conf_class.h"
59 #include "motd.h"
60 #include "ipcache.h"
61 #include "isupport.h"
62 #include "whowas.h"
63
64
65 struct config_channel_entry ConfigChannel;
66 struct config_serverhide_entry ConfigServerHide;
67 struct config_general_entry ConfigGeneral;
68 struct config_log_entry ConfigLog = { .use_logging = 1 };
69 struct config_serverinfo_entry ConfigServerInfo;
70 struct config_admin_entry ConfigAdminInfo;
71 struct conf_parser_context conf_parser_ctx;
72
73 /* general conf items link list root, other than k lines etc. */
74 dlink_list connect_items;
75 dlink_list operator_items;
76
77 extern unsigned int lineno;
78 extern char linebuf[];
79 extern char conffilebuf[IRCD_BUFSIZE];
80 extern int yyparse(); /* defined in y.tab.c */
81
82
83 /* conf_dns_callback()
84 *
85 * inputs - pointer to struct MaskItem
86 * - pointer to DNSReply reply
87 * output - none
88 * side effects - called when resolver query finishes
89 * if the query resulted in a successful search, hp will contain
90 * a non-null pointer, otherwise hp will be null.
91 * if successful save hp in the conf item it was called with
92 */
93 static void
94 conf_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name, size_t namelength)
95 {
96 struct MaskItem *const conf = vptr;
97
98 conf->dns_pending = false;
99
100 if (addr)
101 *conf->addr = *addr;
102 else
103 conf->dns_failed = true;
104 }
105
106 /* conf_resolve_host()
107 *
108 * start DNS lookups of all hostnames in the conf
109 * line and convert an IP addresses in a.b.c.d number for to IP#s.
110 */
111 void
112 conf_dns_lookup(struct MaskItem *conf)
113 {
114 struct addrinfo hints, *res;
115
116 /*
117 * Do name lookup now on hostnames given and store the
118 * ip numbers in conf structure.
119 */
120 memset(&hints, 0, sizeof(hints));
121
122 hints.ai_family = AF_UNSPEC;
123 hints.ai_socktype = SOCK_STREAM;
124
125 /* Get us ready for a bind() and don't bother doing dns lookup */
126 hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
127
128 if (getaddrinfo(conf->host, NULL, &hints, &res))
129 {
130 /*
131 * By this point conf->host possibly is not a numerical network address. Do a nameserver
132 * lookup of the conf host. If the conf entry is currently doing a ns lookup do nothing.
133 */
134 if (conf->dns_pending == true)
135 return;
136
137 conf->dns_pending = true;
138
139 if (conf->aftype == AF_INET)
140 gethost_byname_type(conf_dns_callback, conf, conf->host, T_A);
141 else
142 gethost_byname_type(conf_dns_callback, conf, conf->host, T_AAAA);
143 return;
144 }
145
146 assert(res);
147
148 memcpy(conf->addr, res->ai_addr, res->ai_addrlen);
149 conf->addr->ss_len = res->ai_addrlen;
150
151 freeaddrinfo(res);
152 }
153
154 /* map_to_list()
155 *
156 * inputs - ConfType conf
157 * output - pointer to dlink_list to use
158 * side effects - none
159 */
160 static dlink_list *
161 map_to_list(enum maskitem_type type)
162 {
163 switch (type)
164 {
165 case CONF_OPER:
166 return &operator_items;
167 break;
168 case CONF_SERVER:
169 return &connect_items;
170 break;
171 default:
172 return NULL;
173 }
174 }
175
176 struct MaskItem *
177 conf_make(enum maskitem_type type)
178 {
179 struct MaskItem *const conf = xcalloc(sizeof(*conf));
180 dlink_list *list = NULL;
181
182 conf->type = type;
183 conf->active = true;
184 conf->aftype = AF_INET;
185
186 if ((list = map_to_list(type)))
187 dlinkAdd(conf, &conf->node, list);
188 return conf;
189 }
190
191 void
192 conf_free(struct MaskItem *conf)
193 {
194 dlink_node *node = NULL, *node_next = NULL;
195 dlink_list *list = NULL;
196
197 if ((list = map_to_list(conf->type)))
198 dlinkFindDelete(list, conf);
199
200 xfree(conf->name);
201
202 if (conf->dns_pending == true)
203 delete_resolver_queries(conf);
204 if (conf->passwd)
205 memset(conf->passwd, 0, strlen(conf->passwd));
206 if (conf->spasswd)
207 memset(conf->spasswd, 0, strlen(conf->spasswd));
208
209 conf->class = NULL;
210
211 xfree(conf->passwd);
212 xfree(conf->spasswd);
213 xfree(conf->reason);
214 xfree(conf->certfp);
215 xfree(conf->whois);
216 xfree(conf->user);
217 xfree(conf->host);
218 xfree(conf->addr);
219 xfree(conf->bind);
220 xfree(conf->cipher_list);
221
222 DLINK_FOREACH_SAFE(node, node_next, conf->hub_list.head)
223 {
224 xfree(node->data);
225 dlinkDelete(node, &conf->hub_list);
226 free_dlink_node(node);
227 }
228
229 DLINK_FOREACH_SAFE(node, node_next, conf->leaf_list.head)
230 {
231 xfree(node->data);
232 dlinkDelete(node, &conf->leaf_list);
233 free_dlink_node(node);
234 }
235
236 xfree(conf);
237 }
238
239 /* attach_iline()
240 *
241 * inputs - client pointer
242 * - conf pointer
243 * output -
244 * side effects - do actual attach
245 */
246 static int
247 attach_iline(struct Client *client, struct MaskItem *conf)
248 {
249 const struct ClassItem *const class = conf->class;
250 bool a_limit_reached = false;
251
252 struct ip_entry *ipcache = ipcache_record_find_or_add(&client->ip);
253 ++ipcache->count_local;
254 AddFlag(client, FLAGS_IPHASH);
255
256 if (class->max_total && class->ref_count >= class->max_total)
257 a_limit_reached = true;
258 else if (class->max_perip_local && ipcache->count_local > class->max_perip_local)
259 a_limit_reached = true;
260 else if (class->max_perip_global &&
261 (ipcache->count_local + ipcache->count_remote) > class->max_perip_global)
262 a_limit_reached = true;
263
264 if (a_limit_reached == true)
265 {
266 if (!IsConfExemptLimits(conf))
267 return TOO_MANY; /* Already at maximum allowed */
268
269 sendto_one_notice(client, &me, ":*** Your connection class is full, "
270 "but you have exceed_limit = yes;");
271 }
272
273 return conf_attach(client, conf);
274 }
275
276 /* verify_access()
277 *
278 * inputs - pointer to client to verify
279 * output - 0 if success -'ve if not
280 * side effect - find the first (best) I line to attach.
281 */
282 static int
283 verify_access(struct Client *client)
284 {
285 struct MaskItem *conf;
286
287 if (HasFlag(client, FLAGS_GOTID))
288 conf = find_address_conf(client->host, client->username, &client->ip,
289 client->connection->password);
290 else
291 {
292 char non_ident[USERLEN + 1] = "~";
293
294 strlcpy(non_ident + 1, client->username, sizeof(non_ident) - 1);
295 conf = find_address_conf(client->host, non_ident, &client->ip,
296 client->connection->password);
297 }
298
299 if (conf == NULL)
300 return NOT_AUTHORIZED;
301
302 assert(IsConfClient(conf) || IsConfKill(conf));
303
304 if (IsConfKill(conf))
305 {
306 sendto_one_notice(client, &me, ":*** Banned: %s", conf->reason);
307 return BANNED_CLIENT;
308 }
309
310 if (IsConfRedir(conf))
311 {
312 sendto_one_numeric(client, &me, RPL_REDIR,
313 conf->name ? conf->name : "",
314 conf->port);
315 return NOT_AUTHORIZED;
316 }
317
318 /* Preserve x->host in x->realhost before it gets overwritten. */
319 strlcpy(client->realhost, client->host, sizeof(client->realhost));
320
321 if (IsConfDoSpoofIp(conf))
322 strlcpy(client->host, conf->name, sizeof(client->host));
323
324 return attach_iline(client, conf);
325 }
326
327 /* check_client()
328 *
329 * inputs - pointer to client
330 * output - 0 = Success
331 * NOT_AUTHORIZED (-1) = Access denied (no I line match)
332 * IRCD_SOCKET_ERROR (-2) = Bad socket.
333 * I_LINE_FULL (-3) = I-line is full
334 * TOO_MANY (-4) = Too many connections from hostname
335 * BANNED_CLIENT (-5) = K-lined
336 * side effects - Ordinary client access check.
337 * Look for conf lines which have the same
338 * status as the flags passed.
339 */
340 bool
341 conf_check_client(struct Client *client)
342 {
343 int i;
344
345 if ((i = verify_access(client)))
346 ilog(LOG_TYPE_IRCD, "Access denied: %s[%s]",
347 client->name, client->sockhost);
348
349 switch (i)
350 {
351 case TOO_MANY:
352 sendto_realops_flags(UMODE_FULL, L_ALL, SEND_NOTICE,
353 "Too many on IP for %s (%s).",
354 client_get_name(client, SHOW_IP),
355 client->sockhost);
356 ilog(LOG_TYPE_IRCD, "Too many connections on IP from %s.",
357 client_get_name(client, SHOW_IP));
358 ++ServerStats.is_ref;
359 exit_client(client, "No more connections allowed on that IP");
360 break;
361
362 case I_LINE_FULL:
363 sendto_realops_flags(UMODE_FULL, L_ALL, SEND_NOTICE,
364 "auth {} block is full for %s (%s).",
365 client_get_name(client, SHOW_IP),
366 client->sockhost);
367 ilog(LOG_TYPE_IRCD, "Too many connections from %s.",
368 client_get_name(client, SHOW_IP));
369 ++ServerStats.is_ref;
370 exit_client(client, "No more connections allowed in your connection class");
371 break;
372
373 case NOT_AUTHORIZED:
374 sendto_realops_flags(UMODE_UNAUTH, L_ALL, SEND_NOTICE,
375 "Unauthorized client connection from %s.",
376 client_get_name(client, SHOW_IP));
377 ilog(LOG_TYPE_IRCD, "Unauthorized client connection from %s.",
378 client_get_name(client, SHOW_IP));
379 ++ServerStats.is_ref;
380 exit_client(client, "You are not authorized to use this server");
381 break;
382
383 case BANNED_CLIENT:
384 ++ServerStats.is_ref;
385 exit_client(client, "Banned");
386 break;
387
388 case 0:
389 default:
390 break;
391 }
392
393 if (i < 0)
394 return false;
395 return true;
396 }
397
398 /*! \brief Disassociate configuration from the client. Also removes a class
399 * from the list if marked for deleting.
400 * \param client Client to operate on
401 * \param type Type of conf to detach
402 */
403 void
404 conf_detach(struct Client *client, enum maskitem_type type)
405 {
406 dlink_node *node, *node_next;
407
408 DLINK_FOREACH_SAFE(node, node_next, client->connection->confs.head)
409 {
410 struct MaskItem *conf = node->data;
411
412 assert(conf->type & (CONF_CLIENT | CONF_OPER | CONF_SERVER));
413 assert(conf->ref_count > 0);
414 assert(conf->class->ref_count > 0);
415
416 if (!(conf->type & type))
417 continue;
418
419 dlinkDelete(node, &client->connection->confs);
420 free_dlink_node(node);
421
422 if (conf->type == CONF_CLIENT)
423 class_ip_limit_remove(conf->class, &client->ip);
424
425 if (--conf->class->ref_count == 0 && conf->class->active == false)
426 {
427 class_free(conf->class);
428 conf->class = NULL;
429 }
430
431 if (--conf->ref_count == 0 && conf->active == false)
432 conf_free(conf);
433 }
434 }
435
436 /*! \brief Associate a specific configuration entry to a *local* client (this
437 * is the one which used in accepting the connection). Note, that this
438 * automatically changes the attachment if there was an old one.
439 * \param client Client to attach the conf to
440 * \param conf Configuration record to attach
441 */
442 int
443 conf_attach(struct Client *client, struct MaskItem *conf)
444 {
445 if (dlinkFind(&client->connection->confs, conf))
446 return 1;
447
448 if (conf->type == CONF_CLIENT)
449 if (class_ip_limit_add(conf->class, &client->ip, IsConfExemptLimits(conf)) == true)
450 return TOO_MANY; /* Already at maximum allowed */
451
452 conf->class->ref_count++;
453 conf->ref_count++;
454
455 dlinkAdd(conf, make_dlink_node(), &client->connection->confs);
456
457 return 0;
458 }
459
460 /* find_conf_name()
461 *
462 * inputs - pointer to conf link list to search
463 * - pointer to name to find
464 * - int mask of type of conf to find
465 * output - NULL or pointer to conf found
466 * side effects - find a conf entry which matches the name
467 * and has the given mask.
468 */
469 struct MaskItem *
470 find_conf_name(dlink_list *list, const char *name, enum maskitem_type type)
471 {
472 dlink_node *node = NULL;
473
474 DLINK_FOREACH(node, list->head)
475 {
476 struct MaskItem *conf = node->data;
477
478 if (conf->type == type)
479 {
480 if (conf->name && !irccmp(conf->name, name))
481 return conf;
482 }
483 }
484
485 return NULL;
486 }
487
488 /*! \brief Find a connect {} conf that has a name that matches \a name.
489 * \param name Name to match
490 * \param compare Pointer to function to be used for string matching
491 */
492 struct MaskItem *
493 connect_find(const char *name, int (*compare)(const char *, const char *))
494 {
495 dlink_node *node;
496
497 DLINK_FOREACH(node, connect_items.head)
498 {
499 struct MaskItem *conf = node->data;
500
501 if (compare(name, conf->name) == 0)
502 return conf;
503 }
504
505 return NULL;
506 }
507
508 /* find_exact_name_conf()
509 *
510 * inputs - type of link list to look in
511 * - pointer to name string to find
512 * - pointer to user
513 * - pointer to host
514 * output - NULL or pointer to found struct MaskItem
515 * side effects - looks for an exact match on name field
516 */
517 struct MaskItem *
518 operator_find(const struct Client *client, const char *name)
519 {
520 dlink_node *node;
521
522 DLINK_FOREACH(node, operator_items.head)
523 {
524 struct MaskItem *conf = node->data;
525
526 if (irccmp(conf->name, name) == 0)
527 {
528 if (client == NULL)
529 return conf;
530
531 if (conf->class->max_total &&
532 conf->class->max_total <= conf->class->ref_count)
533 continue;
534
535 if (match(conf->user, client->username) == 0)
536 {
537 switch (conf->htype)
538 {
539 case HM_HOST:
540 if (match(conf->host, client->realhost) == 0 ||
541 match(conf->host, client->sockhost) == 0 || match(conf->host, client->host) == 0)
542 return conf;
543 break;
544 case HM_IPV6:
545 case HM_IPV4:
546 if (address_compare(&client->ip, conf->addr, false, false, conf->bits) == true)
547 return conf;
548 break;
549 default:
550 assert(0);
551 }
552 }
553 }
554 }
555
556 return NULL;
557 }
558
559 /* conf_set_defaults()
560 *
561 * inputs - NONE
562 * output - NONE
563 * side effects - Set default values here.
564 * This is called **PRIOR** to parsing the
565 * configuration file. If you want to do some validation
566 * of values later, put them in validate_conf().
567 */
568 static void
569 conf_set_defaults(void)
570 {
571 /*
572 * Verify init_class() ran, this should be an unnecessary check
573 * but it's not much work.
574 */
575 assert(class_default == class_get_list()->tail->data);
576
577 ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT);
578 ConfigServerInfo.network_desc = xstrdup(NETWORK_DESC_DEFAULT);
579 ConfigServerInfo.default_max_clients = MAXCLIENTS_MAX;
580 ConfigServerInfo.max_nick_length = 9;
581 ConfigServerInfo.max_topic_length = 80;
582 ConfigServerInfo.hub = 0;
583
584 log_iterate(log_free);
585
586 ConfigLog.use_logging = 1;
587
588 ConfigChannel.enable_extbans = 0;
589 ConfigChannel.disable_fake_channels = 0;
590 ConfigChannel.invite_client_count = 10;
591 ConfigChannel.invite_client_time = 300;
592 ConfigChannel.invite_delay_channel = 5;
593 ConfigChannel.invite_expire_time = 1800;
594 ConfigChannel.knock_client_count = 1;
595 ConfigChannel.knock_client_time = 300;
596 ConfigChannel.knock_delay_channel = 60;
597 ConfigChannel.max_channels = 25;
598 ConfigChannel.max_invites = 20;
599 ConfigChannel.max_bans = 100;
600 ConfigChannel.max_bans_large = 500;
601 ConfigChannel.default_join_flood_count = 18;
602 ConfigChannel.default_join_flood_time = 6;
603
604 ConfigServerHide.flatten_links = 0;
605 ConfigServerHide.flatten_links_delay = 300;
606 ConfigServerHide.hidden = 0;
607 ConfigServerHide.hide_servers = 0;
608 ConfigServerHide.hide_services = 0;
609 ConfigServerHide.hidden_name = xstrdup(NETWORK_NAME_DEFAULT);
610 ConfigServerHide.hide_server_ips = 0;
611 ConfigServerHide.disable_remote_commands = 0;
612
613 ConfigGeneral.away_count = 2;
614 ConfigGeneral.away_time = 10;
615 ConfigGeneral.max_watch = 50;
616 ConfigGeneral.whowas_history_length = 15000;
617 ConfigGeneral.cycle_on_host_change = 1;
618 ConfigGeneral.dline_min_cidr = 16;
619 ConfigGeneral.dline_min_cidr6 = 48;
620 ConfigGeneral.kline_min_cidr = 16;
621 ConfigGeneral.kline_min_cidr6 = 48;
622 ConfigGeneral.invisible_on_connect = 1;
623 ConfigGeneral.disable_auth = 0;
624 ConfigGeneral.kill_chase_time_limit = 90;
625 ConfigGeneral.default_floodcount = 8;
626 ConfigGeneral.default_floodtime = 1;
627 ConfigGeneral.failed_oper_notice = 1;
628 ConfigGeneral.dots_in_ident = 0;
629 ConfigGeneral.min_nonwildcard = 4;
630 ConfigGeneral.min_nonwildcard_simple = 3;
631 ConfigGeneral.max_accept = 50;
632 ConfigGeneral.anti_nick_flood = 0;
633 ConfigGeneral.max_nick_time = 20;
634 ConfigGeneral.max_nick_changes = 5;
635 ConfigGeneral.anti_spam_exit_message_time = 0;
636 ConfigGeneral.ts_warn_delta = 30;
637 ConfigGeneral.ts_max_delta = 600;
638 ConfigGeneral.warn_no_connect_block = 1;
639 ConfigGeneral.stats_e_disabled = 0;
640 ConfigGeneral.stats_i_oper_only = 1; /* 1 = masked */
641 ConfigGeneral.stats_k_oper_only = 1; /* 1 = masked */
642 ConfigGeneral.stats_o_oper_only = 1;
643 ConfigGeneral.stats_m_oper_only = 1;
644 ConfigGeneral.stats_P_oper_only = 0;
645 ConfigGeneral.stats_u_oper_only = 0;
646 ConfigGeneral.caller_id_wait = 60;
647 ConfigGeneral.opers_bypass_callerid = 1;
648 ConfigGeneral.pace_wait = 10;
649 ConfigGeneral.pace_wait_simple = 1;
650 ConfigGeneral.short_motd = 0;
651 ConfigGeneral.ping_cookie = 0;
652 ConfigGeneral.no_oper_flood = 0;
653 ConfigGeneral.max_targets = MAX_TARGETS_DEFAULT;
654 ConfigGeneral.oper_only_umodes = UMODE_DEBUG | UMODE_LOCOPS | UMODE_HIDDEN | UMODE_FARCONNECT |
655 UMODE_UNAUTH | UMODE_EXTERNAL | UMODE_BOTS | UMODE_NCHANGE |
656 UMODE_SPY | UMODE_FULL | UMODE_SKILL | UMODE_REJ | UMODE_CCONN;
657 ConfigGeneral.oper_umodes = UMODE_BOTS | UMODE_LOCOPS | UMODE_SERVNOTICE | UMODE_WALLOP;
658 ConfigGeneral.throttle_count = 1;
659 ConfigGeneral.throttle_time = 1;
660 }
661
662 static void
663 conf_validate(void)
664 {
665 if (EmptyString(ConfigServerInfo.network_name))
666 ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT);
667
668 if (EmptyString(ConfigServerInfo.network_desc))
669 ConfigServerInfo.network_desc = xstrdup(NETWORK_DESC_DEFAULT);
670 }
671
672 /* conf_read()
673 *
674 * inputs - file descriptor pointing to config file to use
675 * output - None
676 * side effects - Read configuration file.
677 */
678 static void
679 conf_read(FILE *file)
680 {
681 lineno = 1;
682
683 conf_set_defaults(); /* Set default values prior to conf parsing */
684 conf_parser_ctx.pass = 1;
685 yyparse(); /* Pick up the classes first */
686
687 rewind(file);
688
689 conf_parser_ctx.pass = 2;
690 yyparse(); /* Load the values from the conf */
691 conf_validate(); /* Check to make sure some values are still okay. */
692 /* Some global values are also loaded here. */
693 whowas_trim(); /* Attempt to trim whowas list if necessary */
694 class_delete_marked(); /* Delete unused classes that are marked for deletion */
695 }
696
697 /* conf_rehash()
698 *
699 * Actual REHASH service routine. Called with sig == 0 if it has been called
700 * as a result of an operator issuing this command, else assume it has been
701 * called as a result of the server receiving a HUP signal.
702 */
703 void
704 conf_rehash(bool sig)
705 {
706 if (sig == true)
707 {
708 sendto_realops_flags(UMODE_SERVNOTICE, L_ALL, SEND_NOTICE,
709 "Got signal SIGHUP, reloading configuration file(s)");
710 ilog(LOG_TYPE_IRCD, "Got signal SIGHUP, reloading configuration file(s)");
711 }
712
713 restart_resolver();
714
715 /* don't close listeners until we know we can go ahead with the rehash */
716
717 conf_read_files(false);
718
719 load_conf_modules();
720 check_conf_klines();
721 }
722
723 /* conf_connect_allowed()
724 *
725 * inputs - pointer to inaddr
726 * - int type ipv4 or ipv6
727 * output - BANNED or accepted
728 * side effects - none
729 */
730 int
731 conf_connect_allowed(struct irc_ssaddr *addr)
732 {
733 const struct MaskItem *conf = find_dline_conf(addr);
734
735 if (conf)
736 {
737 /* DLINE exempt also gets you out of static limits/pacing... */
738 if (conf->type == CONF_EXEMPT)
739 return 0;
740 return BANNED_CLIENT;
741 }
742
743 struct ip_entry *ip_found = ipcache_record_find_or_add(addr);
744 if ((event_base->time.sec_monotonic - ip_found->last_attempt) < ConfigGeneral.throttle_time)
745 {
746 if (ip_found->connection_count >= ConfigGeneral.throttle_count)
747 return TOO_FAST;
748
749 ++ip_found->connection_count;
750 }
751 else
752 ip_found->connection_count = 1;
753
754 ip_found->last_attempt = event_base->time.sec_monotonic;
755 return 0;
756 }
757
758 /* cleanup_tklines()
759 *
760 * inputs - NONE
761 * output - NONE
762 * side effects - call function to expire temporary k/d lines
763 * This is an event started off in ircd.c
764 */
765 void
766 cleanup_tklines(void *unused)
767 {
768 hostmask_expire_temporary();
769 gecos_expire();
770 resv_expire();
771 }
772
773 /*
774 * Input: A client to find the active operator {} name for.
775 * Output: The nick!user@host{oper} of the oper.
776 * "oper" is server name for remote opers
777 * Side effects: None.
778 */
779 const char *
780 get_oper_name(const struct Client *client)
781 {
782 static char buffer[IRCD_BUFSIZE];
783
784 if (IsServer(client))
785 return client->name;
786
787 if (MyConnect(client))
788 {
789 const dlink_node *const node = client->connection->confs.head;
790
791 if (node)
792 {
793 const struct MaskItem *const conf = node->data;
794
795 if (conf->type == CONF_OPER)
796 {
797 snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}", client->name,
798 client->username, client->host, conf->name);
799 return buffer;
800 }
801 }
802
803 /*
804 * Probably should assert here for now. If there is an oper out there
805 * with no operator {} conf attached, it would be good for us to know...
806 */
807 assert(0); /* Oper without oper conf! */
808 }
809
810 snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}", client->name,
811 client->username, client->host, client->servptr->name);
812 return buffer;
813 }
814
815 /* conf_clear()
816 *
817 * inputs - none
818 * output - none
819 * side effects - Clear out the old configuration
820 */
821 static void
822 conf_clear(void)
823 {
824 dlink_node *node = NULL, *node_next = NULL;
825 dlink_list *free_items [] = {
826 &connect_items, &operator_items, NULL
827 };
828
829 dlink_list ** iterator = free_items; /* C is dumb */
830
831 /* We only need to free anything allocated by yyparse() here.
832 * Resetting structs, etc, is taken care of by conf_set_defaults().
833 */
834
835 for (; *iterator; iterator++)
836 {
837 DLINK_FOREACH_SAFE(node, node_next, (*iterator)->head)
838 {
839 struct MaskItem *conf = node->data;
840
841 conf->active = false;
842 dlinkDelete(&conf->node, *iterator);
843
844 if (!conf->ref_count)
845 conf_free(conf);
846 }
847 }
848
849 /*
850 * Don't delete the class table, rather mark all entries for deletion.
851 * The table is cleaned up by class_delete_marked. - avalon
852 */
853 class_mark_for_deletion();
854
855 clear_out_address_conf();
856
857 modules_conf_clear(); /* Clear modules {} items */
858
859 motd_clear(); /* Clear motd {} items and re-cache default motd */
860
861 cluster_clear(); /* Clear cluster {} items */
862
863 gecos_clear(); /* Clear gecos {} items */
864
865 resv_clear(); /* Clear resv {} items */
866
867 service_clear(); /* Clear service {} items */
868
869 shared_clear(); /* Clear shared {} items */
870
871 pseudo_clear(); /* Clear pseudo {} items */
872
873 /* Clean out ConfigServerInfo */
874 xfree(ConfigServerInfo.description);
875 ConfigServerInfo.description = NULL;
876 xfree(ConfigServerInfo.network_name);
877 ConfigServerInfo.network_name = NULL;
878 xfree(ConfigServerInfo.network_desc);
879 ConfigServerInfo.network_desc = NULL;
880 xfree(ConfigServerInfo.rsa_private_key_file);
881 ConfigServerInfo.rsa_private_key_file = NULL;
882 xfree(ConfigServerInfo.tls_certificate_file);
883 ConfigServerInfo.tls_certificate_file = NULL;
884 xfree(ConfigServerInfo.tls_dh_param_file);
885 ConfigServerInfo.tls_dh_param_file = NULL;
886 xfree(ConfigServerInfo.tls_supported_groups);
887 ConfigServerInfo.tls_supported_groups = NULL;
888 xfree(ConfigServerInfo.tls_cipher_list);
889 ConfigServerInfo.tls_cipher_list = NULL;
890 xfree(ConfigServerInfo.tls_cipher_suites);
891 ConfigServerInfo.tls_cipher_suites = NULL;
892 xfree(ConfigServerInfo.tls_message_digest_algorithm);
893 ConfigServerInfo.tls_message_digest_algorithm = NULL;
894
895 /* Clean out ConfigAdminInfo */
896 xfree(ConfigAdminInfo.name);
897 ConfigAdminInfo.name = NULL;
898 xfree(ConfigAdminInfo.email);
899 ConfigAdminInfo.email = NULL;
900 xfree(ConfigAdminInfo.description);
901 ConfigAdminInfo.description = NULL;
902
903 /* Clean out ConfigServerHide */
904 xfree(ConfigServerHide.flatten_links_file);
905 ConfigServerHide.flatten_links_file = NULL;
906 xfree(ConfigServerHide.hidden_name);
907 ConfigServerHide.hidden_name = NULL;
908
909 /* Clean out listeners */
910 listener_close_marked();
911 }
912
913 static void
914 conf_handle_tls(bool cold)
915 {
916 if (tls_new_credentials() == false)
917 {
918 if (cold == true)
919 {
920 ilog(LOG_TYPE_IRCD, "Error while initializing TLS");
921 exit(EXIT_FAILURE);
922 }
923 else
924 {
925 /* Failed to load new settings/certs, old ones remain active */
926 sendto_realops_flags(UMODE_SERVNOTICE, L_ALL, SEND_NOTICE,
927 "Error reloading TLS settings, check the ircd log"); // report_crypto_errors logs this
928 }
929 }
930 }
931
932 /* read_conf_files()
933 *
934 * inputs - cold start YES or NO
935 * output - none
936 * side effects - read all conf files needed, ircd.conf kline.conf etc.
937 */
938 void
939 conf_read_files(bool cold)
940 {
941 char buf[IRCD_BUFSIZE];
942
943 conf_parser_ctx.boot = cold;
944 conf_parser_ctx.conf_file = fopen(ConfigGeneral.configfile, "r");
945
946 if (conf_parser_ctx.conf_file == NULL)
947 {
948 if (cold == true)
949 {
950 ilog(LOG_TYPE_IRCD, "Unable to read configuration file '%s': %s",
951 ConfigGeneral.configfile, strerror(errno));
952 exit(EXIT_FAILURE);
953 }
954 else
955 {
956 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
957 "Unable to read configuration file '%s': %s",
958 ConfigGeneral.configfile, strerror(errno));
959 return;
960 }
961 }
962
963 /*
964 * We need to know the initial filename for the yyerror() to report
965 *
966 * FIXME: The full path is in conffilenamebuf first time since we
967 * don't know anything else
968 *
969 * - Gozem 2002-07-21
970 */
971 strlcpy(conffilebuf, ConfigGeneral.configfile, sizeof(conffilebuf));
972
973 if (cold == false)
974 conf_clear();
975
976 conf_read(conf_parser_ctx.conf_file);
977 fclose(conf_parser_ctx.conf_file);
978
979 log_iterate(log_reopen);
980 conf_handle_tls(cold);
981
982 isupport_add("NICKLEN", NULL, ConfigServerInfo.max_nick_length);
983 isupport_add("NETWORK", ConfigServerInfo.network_name, -1);
984
985 snprintf(buf, sizeof(buf), "beI:%u", ConfigChannel.max_bans);
986 isupport_add("MAXLIST", buf, -1);
987
988 isupport_add("MAXTARGETS", NULL, ConfigGeneral.max_targets);
989 isupport_add("CHANTYPES", "#", -1);
990
991 snprintf(buf, sizeof(buf), "#:%u", ConfigChannel.max_channels);
992 isupport_add("CHANLIMIT", buf, -1);
993
994 isupport_add("CHANNELLEN", NULL, CHANNELLEN);
995 isupport_add("TOPICLEN", NULL, ConfigServerInfo.max_topic_length);
996
997 snprintf(buf, sizeof(buf), "%s", "beI,k,l,cimnprstuCKLMNORST");
998 isupport_add("CHANMODES", buf, -1);
999 }
1000
1001 /* conf_add_class_to_conf()
1002 *
1003 * inputs - pointer to config item
1004 * output - NONE
1005 * side effects - Add a class pointer to a conf
1006 */
1007 void
1008 conf_add_class_to_conf(struct MaskItem *conf, const char *name)
1009 {
1010 if (EmptyString(name) || (conf->class = class_find(name, true)) == NULL)
1011 {
1012 conf->class = class_default;
1013
1014 if (conf->type == CONF_CLIENT || conf->type == CONF_OPER)
1015 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1016 "Warning *** Defaulting to default class for %s@%s",
1017 conf->user, conf->host);
1018 else
1019 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1020 "Warning *** Defaulting to default class for %s",
1021 conf->name);
1022 }
1023 }
1024
1025 /* yyerror()
1026 *
1027 * inputs - message from parser
1028 * output - NONE
1029 * side effects - message to opers and log file entry is made
1030 */
1031 void
1032 yyerror(const char *msg)
1033 {
1034 if (conf_parser_ctx.pass != 1)
1035 return;
1036
1037 const char *p = stripws(linebuf);
1038 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1039 "\"%s\", line %u: %s: %s",
1040 conffilebuf, lineno, msg, p);
1041 ilog(LOG_TYPE_IRCD, "\"%s\", line %u: %s: %s",
1042 conffilebuf, lineno, msg, p);
1043 }
1044
1045 void
1046 conf_error_report(const char *msg)
1047 {
1048 const char *p = stripws(linebuf);
1049 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1050 "\"%s\", line %u: %s: %s",
1051 conffilebuf, lineno, msg, p);
1052 ilog(LOG_TYPE_IRCD, "\"%s\", line %u: %s: %s",
1053 conffilebuf, lineno, msg, p);
1054 }
1055
1056 /*
1057 * valid_tkline()
1058 *
1059 * inputs - pointer to ascii string to check
1060 * - whether the specified time is in seconds or minutes
1061 * output - -1 not enough parameters
1062 * - 0 if not an integer number, else the number
1063 * side effects - none
1064 * Originally written by Dianora (Diane, db@db.net)
1065 */
1066 uintmax_t
1067 valid_tkline(const char *data, const int minutes)
1068 {
1069 const unsigned char *p = (const unsigned char *)data;
1070 unsigned char tmpch = '\0';
1071 uintmax_t result = 0;
1072
1073 while ((tmpch = *p++))
1074 {
1075 if (!IsDigit(tmpch))
1076 return 0;
1077
1078 result *= 10;
1079 result += (tmpch & 0xF);
1080 }
1081
1082 /*
1083 * In the degenerate case where oper does a /quote kline 0 user@host :reason
1084 * i.e. they specifically use 0, I am going to return 1 instead as a return
1085 * value of non-zero is used to flag it as a temporary kline
1086 */
1087 if (result == 0)
1088 result = 1;
1089
1090 /*
1091 * If the incoming time is in seconds convert it to minutes for the purpose
1092 * of this calculation
1093 */
1094 if (minutes == 0)
1095 result = result / 60;
1096
1097 if (result > MAX_TDKLINE_TIME)
1098 result = MAX_TDKLINE_TIME;
1099
1100 result = result * 60; /* Turn it into seconds */
1101
1102 return result;
1103 }
1104
1105 /* valid_wild_card_simple()
1106 *
1107 * inputs - data to check for sufficient non-wildcard characters
1108 * outputs - 1 if valid, else 0
1109 * side effects - none
1110 */
1111 bool
1112 valid_wild_card_simple(const char *data)
1113 {
1114 const unsigned char *p = (const unsigned char *)data;
1115 unsigned char tmpch = '\0';
1116 unsigned int nonwild = 0, wild = 0;
1117
1118 while ((tmpch = *p++))
1119 {
1120 if (tmpch == '\\' && *p)
1121 {
1122 ++p;
1123 if (++nonwild >= ConfigGeneral.min_nonwildcard_simple)
1124 return true;
1125 }
1126 else if (!IsMWildChar(tmpch))
1127 {
1128 if (++nonwild >= ConfigGeneral.min_nonwildcard_simple)
1129 return true;
1130 }
1131 else
1132 ++wild;
1133 }
1134
1135 return wild == 0;
1136 }
1137
1138 /* valid_wild_card()
1139 *
1140 * input - pointer to client
1141 * - int flag, 0 for no warning oper 1 for warning oper
1142 * - count of following varargs to check
1143 * output - 0 if not valid, 1 if valid
1144 * side effects - NOTICE is given to client if warn is 1
1145 */
1146 bool
1147 valid_wild_card(int count, ...)
1148 {
1149 unsigned char tmpch = '\0';
1150 unsigned int nonwild = 0;
1151 va_list args;
1152
1153 /*
1154 * Now we must check the user and host to make sure there
1155 * are at least NONWILDCHARS non-wildcard characters in
1156 * them, otherwise assume they are attempting to kline
1157 * *@* or some variant of that. This code will also catch
1158 * people attempting to kline *@*.tld, as long as NONWILDCHARS
1159 * is greater than 3. In that case, there are only 3 non-wild
1160 * characters (tld), so if NONWILDCHARS is 4, the kline will
1161 * be disallowed.
1162 * -wnder
1163 */
1164
1165 va_start(args, count);
1166
1167 while (count--)
1168 {
1169 const unsigned char *p = va_arg(args, const unsigned char *);
1170 if (p == NULL)
1171 continue;
1172
1173 while ((tmpch = *p++))
1174 {
1175 if (!IsKWildChar(tmpch))
1176 {
1177 /*
1178 * If we find enough non-wild characters, we can
1179 * break - no point in searching further.
1180 */
1181 if (++nonwild >= ConfigGeneral.min_nonwildcard)
1182 {
1183 va_end(args);
1184 return true;
1185 }
1186 }
1187 }
1188 }
1189
1190 va_end(args);
1191 return false;
1192 }
1193
1194 /* XXX should this go into a separate file ? -Dianora */
1195 /* parse_aline
1196 *
1197 * input - pointer to cmd name being used
1198 * - pointer to client using cmd
1199 * - parc parameter count
1200 * - parv[] list of parameters to parse
1201 * - parse_flags bit map of things to test
1202 * - pointer to user or string to parse into
1203 * - pointer to host or NULL to parse into if non NULL
1204 * - pointer to optional tkline time or NULL
1205 * - pointer to target_server to parse into if non NULL
1206 * - pointer to reason to parse into
1207 *
1208 * output - 1 if valid, 0 if not valid
1209 * side effects - A generalised k/d/x etc. line parser,
1210 * "ALINE [time] user@host|string [ON] target :reason"
1211 * will parse returning a parsed user, host if
1212 * h_p pointer is non NULL, string otherwise.
1213 * if tkline_time pointer is non NULL a tk line will be set
1214 * to non zero if found.
1215 * if tkline_time pointer is NULL and tk line is found,
1216 * error is reported.
1217 * if target_server is NULL and an "ON" is found error
1218 * is reported.
1219 * if reason pointer is NULL ignore pointer,
1220 * this allows use of parse_a_line in unkline etc.
1221 *
1222 * - Dianora
1223 */
1224 bool
1225 parse_aline(const char *cmd, struct Client *client, int parc, char **parv, struct aline_ctx *aline)
1226 {
1227 static char default_reason[] = CONF_NOREASON;
1228 static char user[USERLEN * 2 + 1];
1229 static char host[HOSTLEN * 2 + 1];
1230
1231 ++parv;
1232 --parc;
1233
1234 if (aline->add == true && (aline->duration = valid_tkline(*parv, TK_MINUTES)))
1235 {
1236 ++parv;
1237 --parc;
1238 }
1239
1240 if (parc == 0)
1241 {
1242 sendto_one_numeric(client, &me, ERR_NEEDMOREPARAMS, cmd);
1243 return false;
1244 }
1245
1246 if (aline->simple_mask == true)
1247 {
1248 aline->mask = *parv;
1249 aline->user = NULL;
1250 aline->host = NULL;
1251 }
1252 else
1253 {
1254 struct split_nuh_item nuh;
1255
1256 nuh.nuhmask = *parv;
1257 nuh.nickptr = NULL;
1258 nuh.userptr = user;
1259 nuh.hostptr = host;
1260
1261 nuh.nicksize = 0;
1262 nuh.usersize = sizeof(user);
1263 nuh.hostsize = sizeof(host);
1264
1265 split_nuh(&nuh);
1266
1267 aline->mask = NULL;
1268 aline->user = user;
1269 aline->host = host;
1270 }
1271
1272 ++parv;
1273 --parc;
1274
1275 if (parc)
1276 {
1277 if (irccmp(*parv, "ON") == 0)
1278 {
1279 ++parv;
1280 --parc;
1281
1282 if (!HasOFlag(client, OPER_FLAG_REMOTEBAN))
1283 {
1284 sendto_one_numeric(client, &me, ERR_NOPRIVS, "remoteban");
1285 return false;
1286 }
1287
1288 if (parc == 0 || EmptyString(*parv))
1289 {
1290 sendto_one_numeric(client, &me, ERR_NEEDMOREPARAMS, cmd);
1291 return false;
1292 }
1293
1294 aline->server = *parv;
1295 ++parv;
1296 --parc;
1297 }
1298 else
1299 aline->server = NULL;
1300 }
1301
1302 if (aline->add == true)
1303 {
1304 if (parc == 0 || EmptyString(*parv))
1305 aline->reason = default_reason;
1306 else
1307 aline->reason = *parv;
1308 }
1309
1310 return true;
1311 }
1312
1313 /* match_conf_password()
1314 *
1315 * inputs - pointer to given password
1316 * - pointer to Conf
1317 * output - 1 or 0 if match
1318 * side effects - none
1319 */
1320 bool
1321 match_conf_password(const char *password, const struct MaskItem *conf)
1322 {
1323 const char *encr = NULL;
1324
1325 if (EmptyString(password) || EmptyString(conf->passwd))
1326 return false;
1327
1328 if (conf->flags & CONF_FLAGS_ENCRYPTED)
1329 encr = crypt(password, conf->passwd);
1330 else
1331 encr = password;
1332
1333 return encr && strcmp(encr, conf->passwd) == 0;
1334 }
1335
1336 /*
1337 * split_nuh
1338 *
1339 * inputs - pointer to original mask (modified in place)
1340 * - pointer to pointer where nick should go
1341 * - pointer to pointer where user should go
1342 * - pointer to pointer where host should go
1343 * output - NONE
1344 * side effects - mask is modified in place
1345 * If nick pointer is NULL, ignore writing to it
1346 * this allows us to use this function elsewhere.
1347 *
1348 * mask nick user host
1349 * ---------------------- ------- ------- ------
1350 * Dianora!db@db.net Dianora db db.net
1351 * Dianora Dianora * *
1352 * db.net * * db.net
1353 * OR if nick pointer is NULL
1354 * Dianora - * Dianora
1355 * Dianora! Dianora * *
1356 * Dianora!@ Dianora * *
1357 * Dianora!db Dianora db *
1358 * Dianora!@db.net Dianora * db.net
1359 * db@db.net * db db.net
1360 * !@ * * *
1361 * @ * * *
1362 * ! * * *
1363 */
1364 void
1365 split_nuh(struct split_nuh_item *const iptr)
1366 {
1367 char *p = NULL, *q = NULL;
1368
1369 if (iptr->nickptr)
1370 strlcpy(iptr->nickptr, "*", iptr->nicksize);
1371
1372 if (iptr->userptr)
1373 strlcpy(iptr->userptr, "*", iptr->usersize);
1374
1375 if (iptr->hostptr)
1376 strlcpy(iptr->hostptr, "*", iptr->hostsize);
1377
1378 if ((p = strchr(iptr->nuhmask, '!')))
1379 {
1380 *p = '\0';
1381
1382 if (iptr->nickptr && *iptr->nuhmask)
1383 strlcpy(iptr->nickptr, iptr->nuhmask, iptr->nicksize);
1384
1385 if ((q = strchr(++p, '@')))
1386 {
1387 *q++ = '\0';
1388
1389 if (*p)
1390 strlcpy(iptr->userptr, p, iptr->usersize);
1391
1392 if (*q)
1393 strlcpy(iptr->hostptr, q, iptr->hostsize);
1394 }
1395 else
1396 {
1397 if (*p)
1398 strlcpy(iptr->userptr, p, iptr->usersize);
1399 }
1400 }
1401 else
1402 {
1403 /* No ! found so lets look for a user@host */
1404 if ((p = strchr(iptr->nuhmask, '@')))
1405 {
1406 /* if found a @ */
1407 *p++ = '\0';
1408
1409 if (*iptr->nuhmask)
1410 strlcpy(iptr->userptr, iptr->nuhmask, iptr->usersize);
1411
1412 if (*p)
1413 strlcpy(iptr->hostptr, p, iptr->hostsize);
1414 }
1415 else
1416 {
1417 /* No @ found */
1418 if (iptr->nickptr == NULL || strpbrk(iptr->nuhmask, ".:"))
1419 strlcpy(iptr->hostptr, iptr->nuhmask, iptr->hostsize);
1420 else
1421 strlcpy(iptr->nickptr, iptr->nuhmask, iptr->nicksize);
1422 }
1423 }
1424 }

Properties

Name Value
svn:eol-style native
svn:keywords Id

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.28