ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/branches/8.2.x/src/conf.c
Revision: 9108
Committed: Sat Jan 4 14:45:57 2020 UTC (4 years, 2 months ago) by michael
Content type: text/x-csrc
File size: 38998 byte(s)
Log Message:
- Change conf:check_client() to a boolean type

File Contents

# Content
1 /*
2 * ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3 *
4 * Copyright (c) 1997-2020 ircd-hybrid development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 */
21
22 /*! \file conf.c
23 * \brief Configuration file functions.
24 * \version $Id$
25 */
26
27 #include "stdinc.h"
28 #include "list.h"
29 #include "ircd_defs.h"
30 #include "parse.h"
31 #include "conf.h"
32 #include "conf_cluster.h"
33 #include "conf_gecos.h"
34 #include "conf_pseudo.h"
35 #include "conf_resv.h"
36 #include "conf_service.h"
37 #include "conf_shared.h"
38 #include "server.h"
39 #include "channel.h"
40 #include "client.h"
41 #include "event.h"
42 #include "irc_string.h"
43 #include "s_bsd.h"
44 #include "ircd.h"
45 #include "listener.h"
46 #include "hostmask.h"
47 #include "modules.h"
48 #include "numeric.h"
49 #include "fdlist.h"
50 #include "log.h"
51 #include "send.h"
52 #include "memory.h"
53 #include "res.h"
54 #include "user.h"
55 #include "channel_mode.h"
56 #include "misc.h"
57 #include "conf_db.h"
58 #include "conf_class.h"
59 #include "motd.h"
60 #include "ipcache.h"
61 #include "isupport.h"
62 #include "whowas.h"
63
64
65 struct config_channel_entry ConfigChannel;
66 struct config_serverhide_entry ConfigServerHide;
67 struct config_general_entry ConfigGeneral;
68 struct config_log_entry ConfigLog = { .use_logging = 1 };
69 struct config_serverinfo_entry ConfigServerInfo;
70 struct config_admin_entry ConfigAdminInfo;
71 struct conf_parser_context conf_parser_ctx;
72
73 /* general conf items link list root, other than k lines etc. */
74 dlink_list connect_items;
75 dlink_list operator_items;
76
77 extern unsigned int lineno;
78 extern char linebuf[];
79 extern char conffilebuf[IRCD_BUFSIZE];
80 extern int yyparse(); /* defined in y.tab.c */
81
82
83 /* conf_dns_callback()
84 *
85 * inputs - pointer to struct MaskItem
86 * - pointer to DNSReply reply
87 * output - none
88 * side effects - called when resolver query finishes
89 * if the query resulted in a successful search, hp will contain
90 * a non-null pointer, otherwise hp will be null.
91 * if successful save hp in the conf item it was called with
92 */
93 static void
94 conf_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name, size_t namelength)
95 {
96 struct MaskItem *const conf = vptr;
97
98 conf->dns_pending = false;
99
100 if (addr)
101 memcpy(conf->addr, addr, sizeof(*conf->addr));
102 else
103 conf->dns_failed = true;
104 }
105
106 /* conf_dns_lookup()
107 *
108 * do a nameserver lookup of the conf host
109 * if the conf entry is currently doing a ns lookup do nothing, otherwise
110 * allocate a dns_query and start ns lookup.
111 */
112 static void
113 conf_dns_lookup(struct MaskItem *conf)
114 {
115 if (conf->dns_pending == true)
116 return;
117
118 conf->dns_pending = true;
119
120 if (conf->aftype == AF_INET)
121 gethost_byname_type(conf_dns_callback, conf, conf->host, T_A);
122 else
123 gethost_byname_type(conf_dns_callback, conf, conf->host, T_AAAA);
124 }
125
126 /* map_to_list()
127 *
128 * inputs - ConfType conf
129 * output - pointer to dlink_list to use
130 * side effects - none
131 */
132 static dlink_list *
133 map_to_list(enum maskitem_type type)
134 {
135 switch (type)
136 {
137 case CONF_OPER:
138 return &operator_items;
139 break;
140 case CONF_SERVER:
141 return &connect_items;
142 break;
143 default:
144 return NULL;
145 }
146 }
147
148 struct MaskItem *
149 conf_make(enum maskitem_type type)
150 {
151 struct MaskItem *const conf = xcalloc(sizeof(*conf));
152 dlink_list *list = NULL;
153
154 conf->type = type;
155 conf->active = true;
156 conf->aftype = AF_INET;
157
158 if ((list = map_to_list(type)))
159 dlinkAdd(conf, &conf->node, list);
160 return conf;
161 }
162
163 void
164 conf_free(struct MaskItem *conf)
165 {
166 dlink_node *node = NULL, *node_next = NULL;
167 dlink_list *list = NULL;
168
169 if ((list = map_to_list(conf->type)))
170 dlinkFindDelete(list, conf);
171
172 xfree(conf->name);
173
174 if (conf->dns_pending == true)
175 delete_resolver_queries(conf);
176 if (conf->passwd)
177 memset(conf->passwd, 0, strlen(conf->passwd));
178 if (conf->spasswd)
179 memset(conf->spasswd, 0, strlen(conf->spasswd));
180
181 conf->class = NULL;
182
183 xfree(conf->passwd);
184 xfree(conf->spasswd);
185 xfree(conf->reason);
186 xfree(conf->certfp);
187 xfree(conf->whois);
188 xfree(conf->user);
189 xfree(conf->host);
190 xfree(conf->addr);
191 xfree(conf->bind);
192 xfree(conf->cipher_list);
193
194 DLINK_FOREACH_SAFE(node, node_next, conf->hub_list.head)
195 {
196 xfree(node->data);
197 dlinkDelete(node, &conf->hub_list);
198 free_dlink_node(node);
199 }
200
201 DLINK_FOREACH_SAFE(node, node_next, conf->leaf_list.head)
202 {
203 xfree(node->data);
204 dlinkDelete(node, &conf->leaf_list);
205 free_dlink_node(node);
206 }
207
208 xfree(conf);
209 }
210
211 /* attach_iline()
212 *
213 * inputs - client pointer
214 * - conf pointer
215 * output -
216 * side effects - do actual attach
217 */
218 static int
219 attach_iline(struct Client *client_p, struct MaskItem *conf)
220 {
221 const struct ClassItem *const class = conf->class;
222 bool a_limit_reached = false;
223
224 struct ip_entry *ipcache = ipcache_record_find_or_add(&client_p->ip);
225 ++ipcache->count_local;
226 AddFlag(client_p, FLAGS_IPHASH);
227
228 if (class->max_total && class->ref_count >= class->max_total)
229 a_limit_reached = true;
230 else if (class->max_perip_local && ipcache->count_local > class->max_perip_local)
231 a_limit_reached = true;
232 else if (class->max_perip_global &&
233 (ipcache->count_local + ipcache->count_remote) > class->max_perip_global)
234 a_limit_reached = true;
235
236 if (a_limit_reached == true)
237 {
238 if (!IsConfExemptLimits(conf))
239 return TOO_MANY; /* Already at maximum allowed */
240
241 sendto_one_notice(client_p, &me, ":*** Your connection class is full, "
242 "but you have exceed_limit = yes;");
243 }
244
245 return conf_attach(client_p, conf);
246 }
247
248 /* verify_access()
249 *
250 * inputs - pointer to client to verify
251 * output - 0 if success -'ve if not
252 * side effect - find the first (best) I line to attach.
253 */
254 static int
255 verify_access(struct Client *client_p)
256 {
257 struct MaskItem *conf;
258
259 if (HasFlag(client_p, FLAGS_GOTID))
260 conf = find_address_conf(client_p->host, client_p->username, &client_p->ip,
261 client_p->connection->password);
262 else
263 {
264 char non_ident[USERLEN + 1] = "~";
265
266 strlcpy(non_ident + 1, client_p->username, sizeof(non_ident) - 1);
267 conf = find_address_conf(client_p->host, non_ident, &client_p->ip,
268 client_p->connection->password);
269 }
270
271 if (conf == NULL)
272 return NOT_AUTHORIZED;
273
274 assert(IsConfClient(conf) || IsConfKill(conf));
275
276 if (IsConfKill(conf))
277 {
278 sendto_one_notice(client_p, &me, ":*** Banned: %s", conf->reason);
279 return BANNED_CLIENT;
280 }
281
282 if (IsConfRedir(conf))
283 {
284 sendto_one_numeric(client_p, &me, RPL_REDIR,
285 conf->name ? conf->name : "",
286 conf->port);
287 return NOT_AUTHORIZED;
288 }
289
290 if (IsConfDoSpoofIp(conf))
291 {
292 if (IsConfSpoofNotice(conf))
293 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE, "%s spoofing: %s as %s",
294 client_p->name, client_p->host, conf->name);
295
296 strlcpy(client_p->host, conf->name, sizeof(client_p->host));
297 }
298
299 return attach_iline(client_p, conf);
300 }
301
302 /* check_client()
303 *
304 * inputs - pointer to client
305 * output - 0 = Success
306 * NOT_AUTHORIZED (-1) = Access denied (no I line match)
307 * IRCD_SOCKET_ERROR (-2) = Bad socket.
308 * I_LINE_FULL (-3) = I-line is full
309 * TOO_MANY (-4) = Too many connections from hostname
310 * BANNED_CLIENT (-5) = K-lined
311 * side effects - Ordinary client access check.
312 * Look for conf lines which have the same
313 * status as the flags passed.
314 */
315 bool
316 check_client(struct Client *source_p)
317 {
318 int i;
319
320 if ((i = verify_access(source_p)))
321 ilog(LOG_TYPE_IRCD, "Access denied: %s[%s]",
322 source_p->name, source_p->sockhost);
323
324 switch (i)
325 {
326 case TOO_MANY:
327 sendto_realops_flags(UMODE_FULL, L_ALL, SEND_NOTICE,
328 "Too many on IP for %s (%s).",
329 client_get_name(source_p, SHOW_IP),
330 source_p->sockhost);
331 ilog(LOG_TYPE_IRCD, "Too many connections on IP from %s.",
332 client_get_name(source_p, SHOW_IP));
333 ++ServerStats.is_ref;
334 exit_client(source_p, "No more connections allowed on that IP");
335 break;
336
337 case I_LINE_FULL:
338 sendto_realops_flags(UMODE_FULL, L_ALL, SEND_NOTICE,
339 "auth {} block is full for %s (%s).",
340 client_get_name(source_p, SHOW_IP),
341 source_p->sockhost);
342 ilog(LOG_TYPE_IRCD, "Too many connections from %s.",
343 client_get_name(source_p, SHOW_IP));
344 ++ServerStats.is_ref;
345 exit_client(source_p, "No more connections allowed in your connection class");
346 break;
347
348 case NOT_AUTHORIZED:
349 /* jdc - lists server name & port connections are on */
350 /* a purely cosmetical change */
351 sendto_realops_flags(UMODE_UNAUTH, L_ALL, SEND_NOTICE,
352 "Unauthorized client connection from %s on [%s/%u].",
353 client_get_name(source_p, SHOW_IP),
354 source_p->connection->listener->name,
355 source_p->connection->listener->port);
356 ilog(LOG_TYPE_IRCD, "Unauthorized client connection from %s on [%s/%u].",
357 client_get_name(source_p, SHOW_IP),
358 source_p->connection->listener->name,
359 source_p->connection->listener->port);
360
361 ++ServerStats.is_ref;
362 exit_client(source_p, "You are not authorized to use this server");
363 break;
364
365 case BANNED_CLIENT:
366 ++ServerStats.is_ref;
367 exit_client(source_p, "Banned");
368 break;
369
370 case 0:
371 default:
372 break;
373 }
374
375 if (i < 0)
376 return false;
377 return true;
378 }
379
380 /*! \brief Disassociate configuration from the client. Also removes a class
381 * from the list if marked for deleting.
382 * \param client_p Client to operate on
383 * \param type Type of conf to detach
384 */
385 void
386 conf_detach(struct Client *client_p, enum maskitem_type type)
387 {
388 dlink_node *node, *node_next;
389
390 DLINK_FOREACH_SAFE(node, node_next, client_p->connection->confs.head)
391 {
392 struct MaskItem *conf = node->data;
393
394 assert(conf->type & (CONF_CLIENT | CONF_OPER | CONF_SERVER));
395 assert(conf->ref_count > 0);
396 assert(conf->class->ref_count > 0);
397
398 if (!(conf->type & type))
399 continue;
400
401 dlinkDelete(node, &client_p->connection->confs);
402 free_dlink_node(node);
403
404 if (conf->type == CONF_CLIENT)
405 class_ip_limit_remove(conf->class, &client_p->ip);
406
407 if (--conf->class->ref_count == 0 && conf->class->active == false)
408 {
409 class_free(conf->class);
410 conf->class = NULL;
411 }
412
413 if (--conf->ref_count == 0 && conf->active == false)
414 conf_free(conf);
415 }
416 }
417
418 /*! \brief Associate a specific configuration entry to a *local* client (this
419 * is the one which used in accepting the connection). Note, that this
420 * automatically changes the attachment if there was an old one.
421 * \param client_p Client to attach the conf to
422 * \param conf Configuration record to attach
423 */
424 int
425 conf_attach(struct Client *client_p, struct MaskItem *conf)
426 {
427 if (dlinkFind(&client_p->connection->confs, conf))
428 return 1;
429
430 if (conf->type == CONF_CLIENT)
431 if (class_ip_limit_add(conf->class, &client_p->ip, IsConfExemptLimits(conf)) == true)
432 return TOO_MANY; /* Already at maximum allowed */
433
434 conf->class->ref_count++;
435 conf->ref_count++;
436
437 dlinkAdd(conf, make_dlink_node(), &client_p->connection->confs);
438
439 return 0;
440 }
441
442 /* find_conf_name()
443 *
444 * inputs - pointer to conf link list to search
445 * - pointer to name to find
446 * - int mask of type of conf to find
447 * output - NULL or pointer to conf found
448 * side effects - find a conf entry which matches the name
449 * and has the given mask.
450 */
451 struct MaskItem *
452 find_conf_name(dlink_list *list, const char *name, enum maskitem_type type)
453 {
454 dlink_node *node = NULL;
455
456 DLINK_FOREACH(node, list->head)
457 {
458 struct MaskItem *conf = node->data;
459
460 if (conf->type == type)
461 {
462 if (conf->name && !irccmp(conf->name, name))
463 return conf;
464 }
465 }
466
467 return NULL;
468 }
469
470 /*! \brief Find a connect {} conf that has a name that matches \a name.
471 * \param name Name to match
472 * \param compare Pointer to function to be used for string matching
473 */
474 struct MaskItem *
475 connect_find(const char *name, int (*compare)(const char *, const char *))
476 {
477 dlink_node *node;
478
479 DLINK_FOREACH(node, connect_items.head)
480 {
481 struct MaskItem *conf = node->data;
482
483 if (!compare(name, conf->name))
484 return conf;
485 }
486
487 return NULL;
488 }
489
490 /* find_exact_name_conf()
491 *
492 * inputs - type of link list to look in
493 * - pointer to name string to find
494 * - pointer to user
495 * - pointer to host
496 * output - NULL or pointer to found struct MaskItem
497 * side effects - looks for an exact match on name field
498 */
499 struct MaskItem *
500 operator_find(const struct Client *who, const char *name)
501 {
502 dlink_node *node = NULL;
503
504 DLINK_FOREACH(node, operator_items.head)
505 {
506 struct MaskItem *conf = node->data;
507
508 if (!irccmp(conf->name, name))
509 {
510 if (!who)
511 return conf;
512
513 if (!match(conf->user, who->username))
514 {
515 switch (conf->htype)
516 {
517 case HM_HOST:
518 if (!match(conf->host, who->host) || !match(conf->host, who->sockhost))
519 if (!conf->class->max_total || conf->class->ref_count < conf->class->max_total)
520 return conf;
521 break;
522 case HM_IPV4:
523 if (who->ip.ss.ss_family == AF_INET)
524 if (match_ipv4(&who->ip, conf->addr, conf->bits))
525 if (!conf->class->max_total || conf->class->ref_count < conf->class->max_total)
526 return conf;
527 break;
528 case HM_IPV6:
529 if (who->ip.ss.ss_family == AF_INET6)
530 if (match_ipv6(&who->ip, conf->addr, conf->bits))
531 if (!conf->class->max_total || conf->class->ref_count < conf->class->max_total)
532 return conf;
533 break;
534 default:
535 assert(0);
536 }
537 }
538 }
539 }
540
541 return NULL;
542 }
543
544 /* set_default_conf()
545 *
546 * inputs - NONE
547 * output - NONE
548 * side effects - Set default values here.
549 * This is called **PRIOR** to parsing the
550 * configuration file. If you want to do some validation
551 * of values later, put them in validate_conf().
552 */
553 static void
554 set_default_conf(void)
555 {
556 /* verify init_class() ran, this should be an unnecessary check
557 * but its not much work.
558 */
559 assert(class_default == class_get_list()->tail->data);
560
561 ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT);
562 ConfigServerInfo.network_desc = xstrdup(NETWORK_DESC_DEFAULT);
563 ConfigServerInfo.default_max_clients = MAXCLIENTS_MAX;
564 ConfigServerInfo.max_nick_length = 9;
565 ConfigServerInfo.max_topic_length = 80;
566 ConfigServerInfo.hub = 0;
567
568 log_iterate(log_free);
569
570 ConfigLog.use_logging = 1;
571
572 ConfigChannel.disable_fake_channels = 0;
573 ConfigChannel.invite_client_count = 10;
574 ConfigChannel.invite_client_time = 300;
575 ConfigChannel.invite_delay_channel = 5;
576 ConfigChannel.invite_expire_time = 1800;
577 ConfigChannel.knock_client_count = 1;
578 ConfigChannel.knock_client_time = 300;
579 ConfigChannel.knock_delay_channel = 60;
580 ConfigChannel.max_channels = 25;
581 ConfigChannel.max_invites = 20;
582 ConfigChannel.max_bans = 100;
583 ConfigChannel.max_bans_large = 500;
584 ConfigChannel.default_join_flood_count = 18;
585 ConfigChannel.default_join_flood_time = 6;
586
587 ConfigServerHide.flatten_links = 0;
588 ConfigServerHide.flatten_links_delay = 300;
589 ConfigServerHide.hidden = 0;
590 ConfigServerHide.hide_servers = 0;
591 ConfigServerHide.hide_services = 0;
592 ConfigServerHide.hidden_name = xstrdup(NETWORK_NAME_DEFAULT);
593 ConfigServerHide.hide_server_ips = 0;
594 ConfigServerHide.disable_remote_commands = 0;
595
596 ConfigGeneral.away_count = 2;
597 ConfigGeneral.away_time = 10;
598 ConfigGeneral.max_watch = 50;
599 ConfigGeneral.whowas_history_length = 15000;
600 ConfigGeneral.cycle_on_host_change = 1;
601 ConfigGeneral.dline_min_cidr = 16;
602 ConfigGeneral.dline_min_cidr6 = 48;
603 ConfigGeneral.kline_min_cidr = 16;
604 ConfigGeneral.kline_min_cidr6 = 48;
605 ConfigGeneral.invisible_on_connect = 1;
606 ConfigGeneral.disable_auth = 0;
607 ConfigGeneral.kill_chase_time_limit = 90;
608 ConfigGeneral.default_floodcount = 8;
609 ConfigGeneral.default_floodtime = 1;
610 ConfigGeneral.failed_oper_notice = 1;
611 ConfigGeneral.dots_in_ident = 0;
612 ConfigGeneral.min_nonwildcard = 4;
613 ConfigGeneral.min_nonwildcard_simple = 3;
614 ConfigGeneral.max_accept = 50;
615 ConfigGeneral.anti_nick_flood = 0;
616 ConfigGeneral.max_nick_time = 20;
617 ConfigGeneral.max_nick_changes = 5;
618 ConfigGeneral.anti_spam_exit_message_time = 0;
619 ConfigGeneral.ts_warn_delta = 30;
620 ConfigGeneral.ts_max_delta = 600;
621 ConfigGeneral.warn_no_connect_block = 1;
622 ConfigGeneral.stats_e_disabled = 0;
623 ConfigGeneral.stats_i_oper_only = 1; /* 1 = masked */
624 ConfigGeneral.stats_k_oper_only = 1; /* 1 = masked */
625 ConfigGeneral.stats_o_oper_only = 1;
626 ConfigGeneral.stats_m_oper_only = 1;
627 ConfigGeneral.stats_P_oper_only = 0;
628 ConfigGeneral.stats_u_oper_only = 0;
629 ConfigGeneral.caller_id_wait = 60;
630 ConfigGeneral.opers_bypass_callerid = 1;
631 ConfigGeneral.pace_wait = 10;
632 ConfigGeneral.pace_wait_simple = 1;
633 ConfigGeneral.short_motd = 0;
634 ConfigGeneral.ping_cookie = 0;
635 ConfigGeneral.no_oper_flood = 0;
636 ConfigGeneral.max_targets = MAX_TARGETS_DEFAULT;
637 ConfigGeneral.oper_only_umodes = UMODE_DEBUG | UMODE_LOCOPS | UMODE_HIDDEN | UMODE_FARCONNECT |
638 UMODE_UNAUTH | UMODE_EXTERNAL | UMODE_BOTS | UMODE_NCHANGE |
639 UMODE_SPY | UMODE_FULL | UMODE_SKILL | UMODE_REJ | UMODE_CCONN;
640 ConfigGeneral.oper_umodes = UMODE_BOTS | UMODE_LOCOPS | UMODE_SERVNOTICE | UMODE_WALLOP;
641 ConfigGeneral.throttle_count = 1;
642 ConfigGeneral.throttle_time = 1;
643 }
644
645 static void
646 validate_conf(void)
647 {
648 if (EmptyString(ConfigServerInfo.network_name))
649 ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT);
650
651 if (EmptyString(ConfigServerInfo.network_desc))
652 ConfigServerInfo.network_desc = xstrdup(NETWORK_DESC_DEFAULT);
653 }
654
655 /* read_conf()
656 *
657 * inputs - file descriptor pointing to config file to use
658 * output - None
659 * side effects - Read configuration file.
660 */
661 static void
662 read_conf(FILE *file)
663 {
664 lineno = 1;
665
666 set_default_conf(); /* Set default values prior to conf parsing */
667 conf_parser_ctx.pass = 1;
668 yyparse(); /* Pick up the classes first */
669
670 rewind(file);
671
672 conf_parser_ctx.pass = 2;
673 yyparse(); /* Load the values from the conf */
674 validate_conf(); /* Check to make sure some values are still okay. */
675 /* Some global values are also loaded here. */
676 whowas_trim(); /* Attempt to trim whowas list if necessary */
677 class_delete_marked(); /* Delete unused classes that are marked for deletion */
678 }
679
680 /* conf_rehash()
681 *
682 * Actual REHASH service routine. Called with sig == 0 if it has been called
683 * as a result of an operator issuing this command, else assume it has been
684 * called as a result of the server receiving a HUP signal.
685 */
686 void
687 conf_rehash(bool sig)
688 {
689 if (sig == true)
690 {
691 sendto_realops_flags(UMODE_SERVNOTICE, L_ALL, SEND_NOTICE,
692 "Got signal SIGHUP, reloading configuration file(s)");
693 ilog(LOG_TYPE_IRCD, "Got signal SIGHUP, reloading configuration file(s)");
694 }
695
696 restart_resolver();
697
698 /* don't close listeners until we know we can go ahead with the rehash */
699
700 read_conf_files(false);
701
702 load_conf_modules();
703 check_conf_klines();
704 }
705
706 /* lookup_confhost()
707 *
708 * start DNS lookups of all hostnames in the conf
709 * line and convert an IP addresses in a.b.c.d number for to IP#s.
710 */
711 void
712 lookup_confhost(struct MaskItem *conf)
713 {
714 struct addrinfo hints, *res;
715
716 /*
717 * Do name lookup now on hostnames given and store the
718 * ip numbers in conf structure.
719 */
720 memset(&hints, 0, sizeof(hints));
721
722 hints.ai_family = AF_UNSPEC;
723 hints.ai_socktype = SOCK_STREAM;
724
725 /* Get us ready for a bind() and don't bother doing dns lookup */
726 hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
727
728 if (getaddrinfo(conf->host, NULL, &hints, &res))
729 {
730 conf_dns_lookup(conf);
731 return;
732 }
733
734 assert(res);
735
736 memcpy(conf->addr, res->ai_addr, res->ai_addrlen);
737 conf->addr->ss_len = res->ai_addrlen;
738
739 freeaddrinfo(res);
740 }
741
742 /* conf_connect_allowed()
743 *
744 * inputs - pointer to inaddr
745 * - int type ipv4 or ipv6
746 * output - BANNED or accepted
747 * side effects - none
748 */
749 int
750 conf_connect_allowed(struct irc_ssaddr *addr)
751 {
752 struct ip_entry *ip_found = NULL;
753 const struct MaskItem *conf = find_dline_conf(addr);
754
755 if (conf)
756 {
757 /* DLINE exempt also gets you out of static limits/pacing... */
758 if (conf->type == CONF_EXEMPT)
759 return 0;
760 return BANNED_CLIENT;
761 }
762
763 ip_found = ipcache_record_find_or_add(addr);
764
765 if ((event_base->time.sec_monotonic - ip_found->last_attempt) < ConfigGeneral.throttle_time)
766 {
767 if (ip_found->connection_count >= ConfigGeneral.throttle_count)
768 return TOO_FAST;
769
770 ++ip_found->connection_count;
771 }
772 else
773 ip_found->connection_count = 1;
774
775 ip_found->last_attempt = event_base->time.sec_monotonic;
776 return 0;
777 }
778
779 /* cleanup_tklines()
780 *
781 * inputs - NONE
782 * output - NONE
783 * side effects - call function to expire temporary k/d lines
784 * This is an event started off in ircd.c
785 */
786 void
787 cleanup_tklines(void *unused)
788 {
789 hostmask_expire_temporary();
790 gecos_expire();
791 resv_expire();
792 }
793
794 /*
795 * Input: A client to find the active operator {} name for.
796 * Output: The nick!user@host{oper} of the oper.
797 * "oper" is server name for remote opers
798 * Side effects: None.
799 */
800 const char *
801 get_oper_name(const struct Client *client_p)
802 {
803 static char buffer[IRCD_BUFSIZE];
804
805 if (IsServer(client_p))
806 return client_p->name;
807
808 if (MyConnect(client_p))
809 {
810 const dlink_node *const node = client_p->connection->confs.head;
811
812 if (node)
813 {
814 const struct MaskItem *const conf = node->data;
815
816 if (conf->type == CONF_OPER)
817 {
818 snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}", client_p->name,
819 client_p->username, client_p->host, conf->name);
820 return buffer;
821 }
822 }
823
824 /*
825 * Probably should assert here for now. If there is an oper out there
826 * with no operator {} conf attached, it would be good for us to know...
827 */
828 assert(0); /* Oper without oper conf! */
829 }
830
831 snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}", client_p->name,
832 client_p->username, client_p->host, client_p->servptr->name);
833 return buffer;
834 }
835
836 /* clear_out_old_conf()
837 *
838 * inputs - none
839 * output - none
840 * side effects - Clear out the old configuration
841 */
842 static void
843 clear_out_old_conf(void)
844 {
845 dlink_node *node = NULL, *node_next = NULL;
846 dlink_list *free_items [] = {
847 &connect_items, &operator_items, NULL
848 };
849
850 dlink_list ** iterator = free_items; /* C is dumb */
851
852 /* We only need to free anything allocated by yyparse() here.
853 * Resetting structs, etc, is taken care of by set_default_conf().
854 */
855
856 for (; *iterator; iterator++)
857 {
858 DLINK_FOREACH_SAFE(node, node_next, (*iterator)->head)
859 {
860 struct MaskItem *conf = node->data;
861
862 conf->active = false;
863 dlinkDelete(&conf->node, *iterator);
864
865 if (!conf->ref_count)
866 conf_free(conf);
867 }
868 }
869
870 /*
871 * Don't delete the class table, rather mark all entries for deletion.
872 * The table is cleaned up by class_delete_marked. - avalon
873 */
874 class_mark_for_deletion();
875
876 clear_out_address_conf();
877
878 modules_conf_clear(); /* Clear modules {} items */
879
880 motd_clear(); /* Clear motd {} items and re-cache default motd */
881
882 cluster_clear(); /* Clear cluster {} items */
883
884 gecos_clear(); /* Clear gecos {} items */
885
886 resv_clear(); /* Clear resv {} items */
887
888 service_clear(); /* Clear service {} items */
889
890 shared_clear(); /* Clear shared {} items */
891
892 pseudo_clear(); /* Clear pseudo {} items */
893
894 /* Clean out ConfigServerInfo */
895 xfree(ConfigServerInfo.description);
896 ConfigServerInfo.description = NULL;
897 xfree(ConfigServerInfo.network_name);
898 ConfigServerInfo.network_name = NULL;
899 xfree(ConfigServerInfo.network_desc);
900 ConfigServerInfo.network_desc = NULL;
901 xfree(ConfigServerInfo.rsa_private_key_file);
902 ConfigServerInfo.rsa_private_key_file = NULL;
903 xfree(ConfigServerInfo.ssl_certificate_file);
904 ConfigServerInfo.ssl_certificate_file = NULL;
905 xfree(ConfigServerInfo.ssl_dh_param_file);
906 ConfigServerInfo.ssl_dh_param_file = NULL;
907 xfree(ConfigServerInfo.ssl_dh_elliptic_curve);
908 ConfigServerInfo.ssl_dh_elliptic_curve = NULL;
909 xfree(ConfigServerInfo.ssl_cipher_list);
910 ConfigServerInfo.ssl_cipher_list = NULL;
911 xfree(ConfigServerInfo.ssl_message_digest_algorithm);
912 ConfigServerInfo.ssl_message_digest_algorithm = NULL;
913
914 /* Clean out ConfigAdminInfo */
915 xfree(ConfigAdminInfo.name);
916 ConfigAdminInfo.name = NULL;
917 xfree(ConfigAdminInfo.email);
918 ConfigAdminInfo.email = NULL;
919 xfree(ConfigAdminInfo.description);
920 ConfigAdminInfo.description = NULL;
921
922 /* Clean out ConfigServerHide */
923 xfree(ConfigServerHide.flatten_links_file);
924 ConfigServerHide.flatten_links_file = NULL;
925 xfree(ConfigServerHide.hidden_name);
926 ConfigServerHide.hidden_name = NULL;
927
928 /* Clean out listeners */
929 listener_close_marked();
930 }
931
932 static void
933 conf_handle_tls(bool cold)
934 {
935 if (tls_new_cred() == false)
936 {
937 if (cold == true)
938 {
939 ilog(LOG_TYPE_IRCD, "Error while initializing TLS");
940 exit(EXIT_FAILURE);
941 }
942 else
943 {
944 /* Failed to load new settings/certs, old ones remain active */
945 sendto_realops_flags(UMODE_SERVNOTICE, L_ALL, SEND_NOTICE,
946 "Error reloading TLS settings, check the ircd log"); // report_crypto_errors logs this
947 }
948 }
949 }
950
951 /* read_conf_files()
952 *
953 * inputs - cold start YES or NO
954 * output - none
955 * side effects - read all conf files needed, ircd.conf kline.conf etc.
956 */
957 void
958 read_conf_files(bool cold)
959 {
960 const char *filename = NULL;
961 char chanmodes[IRCD_BUFSIZE] = "";
962 char chanlimit[IRCD_BUFSIZE] = "";
963
964 conf_parser_ctx.boot = cold;
965 filename = ConfigGeneral.configfile;
966
967 /* We need to know the initial filename for the yyerror() to report
968 FIXME: The full path is in conffilenamebuf first time since we
969 don't know anything else
970
971 - Gozem 2002-07-21
972 */
973 strlcpy(conffilebuf, filename, sizeof(conffilebuf));
974
975 if ((conf_parser_ctx.conf_file = fopen(filename, "r")) == NULL)
976 {
977 if (cold == true)
978 {
979 ilog(LOG_TYPE_IRCD, "Unable to read configuration file '%s': %s",
980 filename, strerror(errno));
981 exit(EXIT_FAILURE);
982 }
983 else
984 {
985 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
986 "Unable to read configuration file '%s': %s",
987 filename, strerror(errno));
988 return;
989 }
990 }
991
992 if (cold == false)
993 clear_out_old_conf();
994
995 read_conf(conf_parser_ctx.conf_file);
996 fclose(conf_parser_ctx.conf_file);
997
998 log_iterate(log_reopen);
999 conf_handle_tls(cold);
1000
1001 isupport_add("NICKLEN", NULL, ConfigServerInfo.max_nick_length);
1002 isupport_add("NETWORK", ConfigServerInfo.network_name, -1);
1003
1004 snprintf(chanmodes, sizeof(chanmodes), "beI:%u", ConfigChannel.max_bans);
1005 isupport_add("MAXLIST", chanmodes, -1);
1006 isupport_add("MAXTARGETS", NULL, ConfigGeneral.max_targets);
1007 isupport_add("CHANTYPES", "#", -1);
1008
1009 snprintf(chanlimit, sizeof(chanlimit), "#:%u",
1010 ConfigChannel.max_channels);
1011 isupport_add("CHANLIMIT", chanlimit, -1);
1012 snprintf(chanmodes, sizeof(chanmodes), "%s", "beI,k,l,cimnprstuCLMNORST");
1013 isupport_add("CHANNELLEN", NULL, CHANNELLEN);
1014 isupport_add("TOPICLEN", NULL, ConfigServerInfo.max_topic_length);
1015 isupport_add("CHANMODES", chanmodes, -1);
1016 }
1017
1018 /* conf_add_class_to_conf()
1019 *
1020 * inputs - pointer to config item
1021 * output - NONE
1022 * side effects - Add a class pointer to a conf
1023 */
1024 void
1025 conf_add_class_to_conf(struct MaskItem *conf, const char *name)
1026 {
1027 if (EmptyString(name) || (conf->class = class_find(name, true)) == NULL)
1028 {
1029 conf->class = class_default;
1030
1031 if (conf->type == CONF_CLIENT || conf->type == CONF_OPER)
1032 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1033 "Warning *** Defaulting to default class for %s@%s",
1034 conf->user, conf->host);
1035 else
1036 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1037 "Warning *** Defaulting to default class for %s",
1038 conf->name);
1039 }
1040 }
1041
1042 /* yyerror()
1043 *
1044 * inputs - message from parser
1045 * output - NONE
1046 * side effects - message to opers and log file entry is made
1047 */
1048 void
1049 yyerror(const char *msg)
1050 {
1051 if (conf_parser_ctx.pass != 1)
1052 return;
1053
1054 const char *p = stripws(linebuf);
1055 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1056 "\"%s\", line %u: %s: %s",
1057 conffilebuf, lineno, msg, p);
1058 ilog(LOG_TYPE_IRCD, "\"%s\", line %u: %s: %s",
1059 conffilebuf, lineno, msg, p);
1060 }
1061
1062 void
1063 conf_error_report(const char *msg)
1064 {
1065 const char *p = stripws(linebuf);
1066 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1067 "\"%s\", line %u: %s: %s",
1068 conffilebuf, lineno, msg, p);
1069 ilog(LOG_TYPE_IRCD, "\"%s\", line %u: %s: %s",
1070 conffilebuf, lineno, msg, p);
1071 }
1072
1073 /*
1074 * valid_tkline()
1075 *
1076 * inputs - pointer to ascii string to check
1077 * - whether the specified time is in seconds or minutes
1078 * output - -1 not enough parameters
1079 * - 0 if not an integer number, else the number
1080 * side effects - none
1081 * Originally written by Dianora (Diane, db@db.net)
1082 */
1083 uintmax_t
1084 valid_tkline(const char *data, const int minutes)
1085 {
1086 const unsigned char *p = (const unsigned char *)data;
1087 unsigned char tmpch = '\0';
1088 uintmax_t result = 0;
1089
1090 while ((tmpch = *p++))
1091 {
1092 if (!IsDigit(tmpch))
1093 return 0;
1094
1095 result *= 10;
1096 result += (tmpch & 0xF);
1097 }
1098
1099 /*
1100 * In the degenerate case where oper does a /quote kline 0 user@host :reason
1101 * i.e. they specifically use 0, I am going to return 1 instead as a return
1102 * value of non-zero is used to flag it as a temporary kline
1103 */
1104 if (result == 0)
1105 result = 1;
1106
1107 /*
1108 * If the incoming time is in seconds convert it to minutes for the purpose
1109 * of this calculation
1110 */
1111 if (minutes == 0)
1112 result = result / 60;
1113
1114 if (result > MAX_TDKLINE_TIME)
1115 result = MAX_TDKLINE_TIME;
1116
1117 result = result * 60; /* Turn it into seconds */
1118
1119 return result;
1120 }
1121
1122 /* valid_wild_card_simple()
1123 *
1124 * inputs - data to check for sufficient non-wildcard characters
1125 * outputs - 1 if valid, else 0
1126 * side effects - none
1127 */
1128 bool
1129 valid_wild_card_simple(const char *data)
1130 {
1131 const unsigned char *p = (const unsigned char *)data;
1132 unsigned char tmpch = '\0';
1133 unsigned int nonwild = 0, wild = 0;
1134
1135 while ((tmpch = *p++))
1136 {
1137 if (tmpch == '\\' && *p)
1138 {
1139 ++p;
1140 if (++nonwild >= ConfigGeneral.min_nonwildcard_simple)
1141 return true;
1142 }
1143 else if (!IsMWildChar(tmpch))
1144 {
1145 if (++nonwild >= ConfigGeneral.min_nonwildcard_simple)
1146 return true;
1147 }
1148 else
1149 ++wild;
1150 }
1151
1152 return wild == 0;
1153 }
1154
1155 /* valid_wild_card()
1156 *
1157 * input - pointer to client
1158 * - int flag, 0 for no warning oper 1 for warning oper
1159 * - count of following varargs to check
1160 * output - 0 if not valid, 1 if valid
1161 * side effects - NOTICE is given to source_p if warn is 1
1162 */
1163 bool
1164 valid_wild_card(int count, ...)
1165 {
1166 unsigned char tmpch = '\0';
1167 unsigned int nonwild = 0;
1168 va_list args;
1169
1170 /*
1171 * Now we must check the user and host to make sure there
1172 * are at least NONWILDCHARS non-wildcard characters in
1173 * them, otherwise assume they are attempting to kline
1174 * *@* or some variant of that. This code will also catch
1175 * people attempting to kline *@*.tld, as long as NONWILDCHARS
1176 * is greater than 3. In that case, there are only 3 non-wild
1177 * characters (tld), so if NONWILDCHARS is 4, the kline will
1178 * be disallowed.
1179 * -wnder
1180 */
1181
1182 va_start(args, count);
1183
1184 while (count--)
1185 {
1186 const unsigned char *p = va_arg(args, const unsigned char *);
1187 if (p == NULL)
1188 continue;
1189
1190 while ((tmpch = *p++))
1191 {
1192 if (!IsKWildChar(tmpch))
1193 {
1194 /*
1195 * If we find enough non-wild characters, we can
1196 * break - no point in searching further.
1197 */
1198 if (++nonwild >= ConfigGeneral.min_nonwildcard)
1199 {
1200 va_end(args);
1201 return true;
1202 }
1203 }
1204 }
1205 }
1206
1207 va_end(args);
1208 return false;
1209 }
1210
1211 /* XXX should this go into a separate file ? -Dianora */
1212 /* parse_aline
1213 *
1214 * input - pointer to cmd name being used
1215 * - pointer to client using cmd
1216 * - parc parameter count
1217 * - parv[] list of parameters to parse
1218 * - parse_flags bit map of things to test
1219 * - pointer to user or string to parse into
1220 * - pointer to host or NULL to parse into if non NULL
1221 * - pointer to optional tkline time or NULL
1222 * - pointer to target_server to parse into if non NULL
1223 * - pointer to reason to parse into
1224 *
1225 * output - 1 if valid, 0 if not valid
1226 * side effects - A generalised k/d/x etc. line parser,
1227 * "ALINE [time] user@host|string [ON] target :reason"
1228 * will parse returning a parsed user, host if
1229 * h_p pointer is non NULL, string otherwise.
1230 * if tkline_time pointer is non NULL a tk line will be set
1231 * to non zero if found.
1232 * if tkline_time pointer is NULL and tk line is found,
1233 * error is reported.
1234 * if target_server is NULL and an "ON" is found error
1235 * is reported.
1236 * if reason pointer is NULL ignore pointer,
1237 * this allows use of parse_a_line in unkline etc.
1238 *
1239 * - Dianora
1240 */
1241 bool
1242 parse_aline(const char *cmd, struct Client *source_p, int parc, char **parv, struct aline_ctx *aline)
1243 {
1244 static char default_reason[] = CONF_NOREASON;
1245 static char user[USERLEN * 2 + 1];
1246 static char host[HOSTLEN * 2 + 1];
1247
1248 ++parv;
1249 --parc;
1250
1251 if (aline->add == true && (aline->duration = valid_tkline(*parv, TK_MINUTES)))
1252 {
1253 ++parv;
1254 --parc;
1255 }
1256
1257 if (parc == 0)
1258 {
1259 sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, cmd);
1260 return false;
1261 }
1262
1263 if (aline->simple_mask == true)
1264 {
1265 aline->mask = *parv;
1266 aline->user = NULL;
1267 aline->host = NULL;
1268 }
1269 else
1270 {
1271 struct split_nuh_item nuh;
1272
1273 nuh.nuhmask = *parv;
1274 nuh.nickptr = NULL;
1275 nuh.userptr = user;
1276 nuh.hostptr = host;
1277
1278 nuh.nicksize = 0;
1279 nuh.usersize = sizeof(user);
1280 nuh.hostsize = sizeof(host);
1281
1282 split_nuh(&nuh);
1283
1284 aline->mask = NULL;
1285 aline->user = user;
1286 aline->host = host;
1287 }
1288
1289 ++parv;
1290 --parc;
1291
1292 if (parc)
1293 {
1294 if (irccmp(*parv, "ON") == 0)
1295 {
1296 ++parv;
1297 --parc;
1298
1299 if (!HasOFlag(source_p, OPER_FLAG_REMOTEBAN))
1300 {
1301 sendto_one_numeric(source_p, &me, ERR_NOPRIVS, "remoteban");
1302 return false;
1303 }
1304
1305 if (parc == 0 || EmptyString(*parv))
1306 {
1307 sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, cmd);
1308 return false;
1309 }
1310
1311 aline->server = *parv;
1312 ++parv;
1313 --parc;
1314 }
1315 else
1316 aline->server = NULL;
1317 }
1318
1319 if (aline->add == true)
1320 {
1321 if (parc == 0 || EmptyString(*parv))
1322 aline->reason = default_reason;
1323 else
1324 aline->reason = *parv;
1325 }
1326
1327 return true;
1328 }
1329
1330 /* match_conf_password()
1331 *
1332 * inputs - pointer to given password
1333 * - pointer to Conf
1334 * output - 1 or 0 if match
1335 * side effects - none
1336 */
1337 bool
1338 match_conf_password(const char *password, const struct MaskItem *conf)
1339 {
1340 const char *encr = NULL;
1341
1342 if (EmptyString(password) || EmptyString(conf->passwd))
1343 return false;
1344
1345 if (conf->flags & CONF_FLAGS_ENCRYPTED)
1346 encr = crypt(password, conf->passwd);
1347 else
1348 encr = password;
1349
1350 return encr && strcmp(encr, conf->passwd) == 0;
1351 }
1352
1353 /*
1354 * split_nuh
1355 *
1356 * inputs - pointer to original mask (modified in place)
1357 * - pointer to pointer where nick should go
1358 * - pointer to pointer where user should go
1359 * - pointer to pointer where host should go
1360 * output - NONE
1361 * side effects - mask is modified in place
1362 * If nick pointer is NULL, ignore writing to it
1363 * this allows us to use this function elsewhere.
1364 *
1365 * mask nick user host
1366 * ---------------------- ------- ------- ------
1367 * Dianora!db@db.net Dianora db db.net
1368 * Dianora Dianora * *
1369 * db.net * * db.net
1370 * OR if nick pointer is NULL
1371 * Dianora - * Dianora
1372 * Dianora! Dianora * *
1373 * Dianora!@ Dianora * *
1374 * Dianora!db Dianora db *
1375 * Dianora!@db.net Dianora * db.net
1376 * db@db.net * db db.net
1377 * !@ * * *
1378 * @ * * *
1379 * ! * * *
1380 */
1381 void
1382 split_nuh(struct split_nuh_item *const iptr)
1383 {
1384 char *p = NULL, *q = NULL;
1385
1386 if (iptr->nickptr)
1387 strlcpy(iptr->nickptr, "*", iptr->nicksize);
1388
1389 if (iptr->userptr)
1390 strlcpy(iptr->userptr, "*", iptr->usersize);
1391
1392 if (iptr->hostptr)
1393 strlcpy(iptr->hostptr, "*", iptr->hostsize);
1394
1395 if ((p = strchr(iptr->nuhmask, '!')))
1396 {
1397 *p = '\0';
1398
1399 if (iptr->nickptr && *iptr->nuhmask)
1400 strlcpy(iptr->nickptr, iptr->nuhmask, iptr->nicksize);
1401
1402 if ((q = strchr(++p, '@')))
1403 {
1404 *q++ = '\0';
1405
1406 if (*p)
1407 strlcpy(iptr->userptr, p, iptr->usersize);
1408
1409 if (*q)
1410 strlcpy(iptr->hostptr, q, iptr->hostsize);
1411 }
1412 else
1413 {
1414 if (*p)
1415 strlcpy(iptr->userptr, p, iptr->usersize);
1416 }
1417 }
1418 else
1419 {
1420 /* No ! found so lets look for a user@host */
1421 if ((p = strchr(iptr->nuhmask, '@')))
1422 {
1423 /* if found a @ */
1424 *p++ = '\0';
1425
1426 if (*iptr->nuhmask)
1427 strlcpy(iptr->userptr, iptr->nuhmask, iptr->usersize);
1428
1429 if (*p)
1430 strlcpy(iptr->hostptr, p, iptr->hostsize);
1431 }
1432 else
1433 {
1434 /* No @ found */
1435 if (iptr->nickptr == NULL || strpbrk(iptr->nuhmask, ".:"))
1436 strlcpy(iptr->hostptr, iptr->nuhmask, iptr->hostsize);
1437 else
1438 strlcpy(iptr->nickptr, iptr->nuhmask, iptr->nicksize);
1439 }
1440 }
1441 }

Properties

Name Value
svn:eol-style native
svn:keywords Id