ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/branches/8.2.x/src/conf.c
Revision: 9595
Committed: Fri Sep 4 16:48:45 2020 UTC (3 years, 7 months ago) by michael
Content type: text/x-csrc
File size: 38467 byte(s)
Log Message: 
- Cleanup ip address matching routine in various places

File Contents

# Content
1 /*
2 * ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3 *
4 * Copyright (c) 1997-2020 ircd-hybrid development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 */
21
22 /*! \file conf.c
23 * \brief Configuration file functions.
24 * \version $Id$
25 */
26
27 #include "stdinc.h"
28 #include "list.h"
29 #include "ircd_defs.h"
30 #include "parse.h"
31 #include "conf.h"
32 #include "conf_cluster.h"
33 #include "conf_gecos.h"
34 #include "conf_pseudo.h"
35 #include "conf_resv.h"
36 #include "conf_service.h"
37 #include "conf_shared.h"
38 #include "server.h"
39 #include "channel.h"
40 #include "client.h"
41 #include "event.h"
42 #include "irc_string.h"
43 #include "s_bsd.h"
44 #include "ircd.h"
45 #include "listener.h"
46 #include "hostmask.h"
47 #include "modules.h"
48 #include "numeric.h"
49 #include "fdlist.h"
50 #include "log.h"
51 #include "send.h"
52 #include "memory.h"
53 #include "res.h"
54 #include "user.h"
55 #include "channel_mode.h"
56 #include "misc.h"
57 #include "conf_db.h"
58 #include "conf_class.h"
59 #include "motd.h"
60 #include "ipcache.h"
61 #include "isupport.h"
62 #include "whowas.h"
63
64
65 struct config_channel_entry ConfigChannel;
66 struct config_serverhide_entry ConfigServerHide;
67 struct config_general_entry ConfigGeneral;
68 struct config_log_entry ConfigLog = { .use_logging = 1 };
69 struct config_serverinfo_entry ConfigServerInfo;
70 struct config_admin_entry ConfigAdminInfo;
71 struct conf_parser_context conf_parser_ctx;
72
73 /* general conf items link list root, other than k lines etc. */
74 dlink_list connect_items;
75 dlink_list operator_items;
76
77 extern unsigned int lineno;
78 extern char linebuf[];
79 extern char conffilebuf[IRCD_BUFSIZE];
80 extern int yyparse(); /* defined in y.tab.c */
81
82
83 /* conf_dns_callback()
84 *
85 * inputs - pointer to struct MaskItem
86 * - pointer to DNSReply reply
87 * output - none
88 * side effects - called when resolver query finishes
89 * if the query resulted in a successful search, hp will contain
90 * a non-null pointer, otherwise hp will be null.
91 * if successful save hp in the conf item it was called with
92 */
93 static void
94 conf_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name, size_t namelength)
95 {
96 struct MaskItem *const conf = vptr;
97
98 conf->dns_pending = false;
99
100 if (addr)
101 *conf->addr = *addr;
102 else
103 conf->dns_failed = true;
104 }
105
106 /* conf_resolve_host()
107 *
108 * start DNS lookups of all hostnames in the conf
109 * line and convert an IP addresses in a.b.c.d number for to IP#s.
110 */
111 void
112 conf_dns_lookup(struct MaskItem *conf)
113 {
114 struct addrinfo hints, *res;
115
116 /*
117 * Do name lookup now on hostnames given and store the
118 * ip numbers in conf structure.
119 */
120 memset(&hints, 0, sizeof(hints));
121
122 hints.ai_family = AF_UNSPEC;
123 hints.ai_socktype = SOCK_STREAM;
124
125 /* Get us ready for a bind() and don't bother doing dns lookup */
126 hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
127
128 if (getaddrinfo(conf->host, NULL, &hints, &res))
129 {
130 /*
131 * By this point conf->host possibly is not a numerical network address. Do a nameserver
132 * lookup of the conf host. If the conf entry is currently doing a ns lookup do nothing.
133 */
134 if (conf->dns_pending == true)
135 return;
136
137 conf->dns_pending = true;
138
139 if (conf->aftype == AF_INET)
140 gethost_byname_type(conf_dns_callback, conf, conf->host, T_A);
141 else
142 gethost_byname_type(conf_dns_callback, conf, conf->host, T_AAAA);
143 return;
144 }
145
146 assert(res);
147
148 memcpy(conf->addr, res->ai_addr, res->ai_addrlen);
149 conf->addr->ss_len = res->ai_addrlen;
150
151 freeaddrinfo(res);
152 }
153
154 /* map_to_list()
155 *
156 * inputs - ConfType conf
157 * output - pointer to dlink_list to use
158 * side effects - none
159 */
160 static dlink_list *
161 map_to_list(enum maskitem_type type)
162 {
163 switch (type)
164 {
165 case CONF_OPER:
166 return &operator_items;
167 break;
168 case CONF_SERVER:
169 return &connect_items;
170 break;
171 default:
172 return NULL;
173 }
174 }
175
176 struct MaskItem *
177 conf_make(enum maskitem_type type)
178 {
179 struct MaskItem *const conf = xcalloc(sizeof(*conf));
180 dlink_list *list = NULL;
181
182 conf->type = type;
183 conf->active = true;
184 conf->aftype = AF_INET;
185
186 if ((list = map_to_list(type)))
187 dlinkAdd(conf, &conf->node, list);
188 return conf;
189 }
190
191 void
192 conf_free(struct MaskItem *conf)
193 {
194 dlink_node *node = NULL, *node_next = NULL;
195 dlink_list *list = NULL;
196
197 if ((list = map_to_list(conf->type)))
198 dlinkFindDelete(list, conf);
199
200 xfree(conf->name);
201
202 if (conf->dns_pending == true)
203 delete_resolver_queries(conf);
204 if (conf->passwd)
205 memset(conf->passwd, 0, strlen(conf->passwd));
206 if (conf->spasswd)
207 memset(conf->spasswd, 0, strlen(conf->spasswd));
208
209 conf->class = NULL;
210
211 xfree(conf->passwd);
212 xfree(conf->spasswd);
213 xfree(conf->reason);
214 xfree(conf->certfp);
215 xfree(conf->whois);
216 xfree(conf->user);
217 xfree(conf->host);
218 xfree(conf->addr);
219 xfree(conf->bind);
220 xfree(conf->cipher_list);
221
222 DLINK_FOREACH_SAFE(node, node_next, conf->hub_list.head)
223 {
224 xfree(node->data);
225 dlinkDelete(node, &conf->hub_list);
226 free_dlink_node(node);
227 }
228
229 DLINK_FOREACH_SAFE(node, node_next, conf->leaf_list.head)
230 {
231 xfree(node->data);
232 dlinkDelete(node, &conf->leaf_list);
233 free_dlink_node(node);
234 }
235
236 xfree(conf);
237 }
238
239 /* attach_iline()
240 *
241 * inputs - client pointer
242 * - conf pointer
243 * output -
244 * side effects - do actual attach
245 */
246 static int
247 attach_iline(struct Client *client, struct MaskItem *conf)
248 {
249 const struct ClassItem *const class = conf->class;
250 bool a_limit_reached = false;
251
252 struct ip_entry *ipcache = ipcache_record_find_or_add(&client->ip);
253 ++ipcache->count_local;
254 AddFlag(client, FLAGS_IPHASH);
255
256 if (class->max_total && class->ref_count >= class->max_total)
257 a_limit_reached = true;
258 else if (class->max_perip_local && ipcache->count_local > class->max_perip_local)
259 a_limit_reached = true;
260 else if (class->max_perip_global &&
261 (ipcache->count_local + ipcache->count_remote) > class->max_perip_global)
262 a_limit_reached = true;
263
264 if (a_limit_reached == true)
265 {
266 if (!IsConfExemptLimits(conf))
267 return TOO_MANY; /* Already at maximum allowed */
268
269 sendto_one_notice(client, &me, ":*** Your connection class is full, "
270 "but you have exceed_limit = yes;");
271 }
272
273 return conf_attach(client, conf);
274 }
275
276 /* verify_access()
277 *
278 * inputs - pointer to client to verify
279 * output - 0 if success -'ve if not
280 * side effect - find the first (best) I line to attach.
281 */
282 static int
283 verify_access(struct Client *client)
284 {
285 struct MaskItem *conf;
286
287 if (HasFlag(client, FLAGS_GOTID))
288 conf = find_address_conf(client->host, client->username, &client->ip,
289 client->connection->password);
290 else
291 {
292 char non_ident[USERLEN + 1] = "~";
293
294 strlcpy(non_ident + 1, client->username, sizeof(non_ident) - 1);
295 conf = find_address_conf(client->host, non_ident, &client->ip,
296 client->connection->password);
297 }
298
299 if (conf == NULL)
300 return NOT_AUTHORIZED;
301
302 assert(IsConfClient(conf) || IsConfKill(conf));
303
304 if (IsConfKill(conf))
305 {
306 sendto_one_notice(client, &me, ":*** Banned: %s", conf->reason);
307 return BANNED_CLIENT;
308 }
309
310 if (IsConfRedir(conf))
311 {
312 sendto_one_numeric(client, &me, RPL_REDIR,
313 conf->name ? conf->name : "",
314 conf->port);
315 return NOT_AUTHORIZED;
316 }
317
318 /* Preserve x->host in x->realhost before it gets overwritten. */
319 strlcpy(client->realhost, client->host, sizeof(client->realhost));
320
321 if (IsConfDoSpoofIp(conf))
322 strlcpy(client->host, conf->name, sizeof(client->host));
323
324 return attach_iline(client, conf);
325 }
326
327 /* check_client()
328 *
329 * inputs - pointer to client
330 * output - 0 = Success
331 * NOT_AUTHORIZED (-1) = Access denied (no I line match)
332 * IRCD_SOCKET_ERROR (-2) = Bad socket.
333 * I_LINE_FULL (-3) = I-line is full
334 * TOO_MANY (-4) = Too many connections from hostname
335 * BANNED_CLIENT (-5) = K-lined
336 * side effects - Ordinary client access check.
337 * Look for conf lines which have the same
338 * status as the flags passed.
339 */
340 bool
341 conf_check_client(struct Client *client)
342 {
343 int i;
344
345 if ((i = verify_access(client)))
346 ilog(LOG_TYPE_IRCD, "Access denied: %s[%s]",
347 client->name, client->sockhost);
348
349 switch (i)
350 {
351 case TOO_MANY:
352 sendto_realops_flags(UMODE_FULL, L_ALL, SEND_NOTICE,
353 "Too many on IP for %s (%s).",
354 client_get_name(client, SHOW_IP),
355 client->sockhost);
356 ilog(LOG_TYPE_IRCD, "Too many connections on IP from %s.",
357 client_get_name(client, SHOW_IP));
358 ++ServerStats.is_ref;
359 exit_client(client, "No more connections allowed on that IP");
360 break;
361
362 case I_LINE_FULL:
363 sendto_realops_flags(UMODE_FULL, L_ALL, SEND_NOTICE,
364 "auth {} block is full for %s (%s).",
365 client_get_name(client, SHOW_IP),
366 client->sockhost);
367 ilog(LOG_TYPE_IRCD, "Too many connections from %s.",
368 client_get_name(client, SHOW_IP));
369 ++ServerStats.is_ref;
370 exit_client(client, "No more connections allowed in your connection class");
371 break;
372
373 case NOT_AUTHORIZED:
374 /* jdc - lists server name & port connections are on */
375 /* a purely cosmetical change */
376 sendto_realops_flags(UMODE_UNAUTH, L_ALL, SEND_NOTICE,
377 "Unauthorized client connection from %s on [%s/%u].",
378 client_get_name(client, SHOW_IP),
379 client->connection->listener->name,
380 client->connection->listener->port);
381 ilog(LOG_TYPE_IRCD, "Unauthorized client connection from %s on [%s/%u].",
382 client_get_name(client, SHOW_IP),
383 client->connection->listener->name,
384 client->connection->listener->port);
385
386 ++ServerStats.is_ref;
387 exit_client(client, "You are not authorized to use this server");
388 break;
389
390 case BANNED_CLIENT:
391 ++ServerStats.is_ref;
392 exit_client(client, "Banned");
393 break;
394
395 case 0:
396 default:
397 break;
398 }
399
400 if (i < 0)
401 return false;
402 return true;
403 }
404
405 /*! \brief Disassociate configuration from the client. Also removes a class
406 * from the list if marked for deleting.
407 * \param client Client to operate on
408 * \param type Type of conf to detach
409 */
410 void
411 conf_detach(struct Client *client, enum maskitem_type type)
412 {
413 dlink_node *node, *node_next;
414
415 DLINK_FOREACH_SAFE(node, node_next, client->connection->confs.head)
416 {
417 struct MaskItem *conf = node->data;
418
419 assert(conf->type & (CONF_CLIENT | CONF_OPER | CONF_SERVER));
420 assert(conf->ref_count > 0);
421 assert(conf->class->ref_count > 0);
422
423 if (!(conf->type & type))
424 continue;
425
426 dlinkDelete(node, &client->connection->confs);
427 free_dlink_node(node);
428
429 if (conf->type == CONF_CLIENT)
430 class_ip_limit_remove(conf->class, &client->ip);
431
432 if (--conf->class->ref_count == 0 && conf->class->active == false)
433 {
434 class_free(conf->class);
435 conf->class = NULL;
436 }
437
438 if (--conf->ref_count == 0 && conf->active == false)
439 conf_free(conf);
440 }
441 }
442
443 /*! \brief Associate a specific configuration entry to a *local* client (this
444 * is the one which used in accepting the connection). Note, that this
445 * automatically changes the attachment if there was an old one.
446 * \param client Client to attach the conf to
447 * \param conf Configuration record to attach
448 */
449 int
450 conf_attach(struct Client *client, struct MaskItem *conf)
451 {
452 if (dlinkFind(&client->connection->confs, conf))
453 return 1;
454
455 if (conf->type == CONF_CLIENT)
456 if (class_ip_limit_add(conf->class, &client->ip, IsConfExemptLimits(conf)) == true)
457 return TOO_MANY; /* Already at maximum allowed */
458
459 conf->class->ref_count++;
460 conf->ref_count++;
461
462 dlinkAdd(conf, make_dlink_node(), &client->connection->confs);
463
464 return 0;
465 }
466
467 /* find_conf_name()
468 *
469 * inputs - pointer to conf link list to search
470 * - pointer to name to find
471 * - int mask of type of conf to find
472 * output - NULL or pointer to conf found
473 * side effects - find a conf entry which matches the name
474 * and has the given mask.
475 */
476 struct MaskItem *
477 find_conf_name(dlink_list *list, const char *name, enum maskitem_type type)
478 {
479 dlink_node *node = NULL;
480
481 DLINK_FOREACH(node, list->head)
482 {
483 struct MaskItem *conf = node->data;
484
485 if (conf->type == type)
486 {
487 if (conf->name && !irccmp(conf->name, name))
488 return conf;
489 }
490 }
491
492 return NULL;
493 }
494
495 /*! \brief Find a connect {} conf that has a name that matches \a name.
496 * \param name Name to match
497 * \param compare Pointer to function to be used for string matching
498 */
499 struct MaskItem *
500 connect_find(const char *name, int (*compare)(const char *, const char *))
501 {
502 dlink_node *node;
503
504 DLINK_FOREACH(node, connect_items.head)
505 {
506 struct MaskItem *conf = node->data;
507
508 if (compare(name, conf->name) == 0)
509 return conf;
510 }
511
512 return NULL;
513 }
514
515 /* find_exact_name_conf()
516 *
517 * inputs - type of link list to look in
518 * - pointer to name string to find
519 * - pointer to user
520 * - pointer to host
521 * output - NULL or pointer to found struct MaskItem
522 * side effects - looks for an exact match on name field
523 */
524 struct MaskItem *
525 operator_find(const struct Client *client, const char *name)
526 {
527 dlink_node *node;
528
529 DLINK_FOREACH(node, operator_items.head)
530 {
531 struct MaskItem *conf = node->data;
532
533 if (irccmp(conf->name, name) == 0)
534 {
535 if (client == NULL)
536 return conf;
537
538 if (conf->class->max_total &&
539 conf->class->max_total <= conf->class->ref_count)
540 continue;
541
542 if (match(conf->user, client->username) == 0)
543 {
544 switch (conf->htype)
545 {
546 case HM_HOST:
547 if (match(conf->host, client->realhost) == 0 ||
548 match(conf->host, client->sockhost) == 0 || match(conf->host, client->host) == 0)
549 return conf;
550 break;
551 case HM_IPV6:
552 case HM_IPV4:
553 if (address_compare(&client->ip, conf->addr, false, false, conf->bits))
554 return conf;
555 break;
556 default:
557 assert(0);
558 }
559 }
560 }
561 }
562
563 return NULL;
564 }
565
566 /* conf_set_defaults()
567 *
568 * inputs - NONE
569 * output - NONE
570 * side effects - Set default values here.
571 * This is called **PRIOR** to parsing the
572 * configuration file. If you want to do some validation
573 * of values later, put them in validate_conf().
574 */
575 static void
576 conf_set_defaults(void)
577 {
578 /*
579 * Verify init_class() ran, this should be an unnecessary check
580 * but it's not much work.
581 */
582 assert(class_default == class_get_list()->tail->data);
583
584 ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT);
585 ConfigServerInfo.network_desc = xstrdup(NETWORK_DESC_DEFAULT);
586 ConfigServerInfo.default_max_clients = MAXCLIENTS_MAX;
587 ConfigServerInfo.max_nick_length = 9;
588 ConfigServerInfo.max_topic_length = 80;
589 ConfigServerInfo.hub = 0;
590
591 log_iterate(log_free);
592
593 ConfigLog.use_logging = 1;
594
595 ConfigChannel.enable_extbans = 0;
596 ConfigChannel.disable_fake_channels = 0;
597 ConfigChannel.invite_client_count = 10;
598 ConfigChannel.invite_client_time = 300;
599 ConfigChannel.invite_delay_channel = 5;
600 ConfigChannel.invite_expire_time = 1800;
601 ConfigChannel.knock_client_count = 1;
602 ConfigChannel.knock_client_time = 300;
603 ConfigChannel.knock_delay_channel = 60;
604 ConfigChannel.max_channels = 25;
605 ConfigChannel.max_invites = 20;
606 ConfigChannel.max_bans = 100;
607 ConfigChannel.max_bans_large = 500;
608 ConfigChannel.default_join_flood_count = 18;
609 ConfigChannel.default_join_flood_time = 6;
610
611 ConfigServerHide.flatten_links = 0;
612 ConfigServerHide.flatten_links_delay = 300;
613 ConfigServerHide.hidden = 0;
614 ConfigServerHide.hide_servers = 0;
615 ConfigServerHide.hide_services = 0;
616 ConfigServerHide.hidden_name = xstrdup(NETWORK_NAME_DEFAULT);
617 ConfigServerHide.hide_server_ips = 0;
618 ConfigServerHide.disable_remote_commands = 0;
619
620 ConfigGeneral.away_count = 2;
621 ConfigGeneral.away_time = 10;
622 ConfigGeneral.max_watch = 50;
623 ConfigGeneral.whowas_history_length = 15000;
624 ConfigGeneral.cycle_on_host_change = 1;
625 ConfigGeneral.dline_min_cidr = 16;
626 ConfigGeneral.dline_min_cidr6 = 48;
627 ConfigGeneral.kline_min_cidr = 16;
628 ConfigGeneral.kline_min_cidr6 = 48;
629 ConfigGeneral.invisible_on_connect = 1;
630 ConfigGeneral.disable_auth = 0;
631 ConfigGeneral.kill_chase_time_limit = 90;
632 ConfigGeneral.default_floodcount = 8;
633 ConfigGeneral.default_floodtime = 1;
634 ConfigGeneral.failed_oper_notice = 1;
635 ConfigGeneral.dots_in_ident = 0;
636 ConfigGeneral.min_nonwildcard = 4;
637 ConfigGeneral.min_nonwildcard_simple = 3;
638 ConfigGeneral.max_accept = 50;
639 ConfigGeneral.anti_nick_flood = 0;
640 ConfigGeneral.max_nick_time = 20;
641 ConfigGeneral.max_nick_changes = 5;
642 ConfigGeneral.anti_spam_exit_message_time = 0;
643 ConfigGeneral.ts_warn_delta = 30;
644 ConfigGeneral.ts_max_delta = 600;
645 ConfigGeneral.warn_no_connect_block = 1;
646 ConfigGeneral.stats_e_disabled = 0;
647 ConfigGeneral.stats_i_oper_only = 1; /* 1 = masked */
648 ConfigGeneral.stats_k_oper_only = 1; /* 1 = masked */
649 ConfigGeneral.stats_o_oper_only = 1;
650 ConfigGeneral.stats_m_oper_only = 1;
651 ConfigGeneral.stats_P_oper_only = 0;
652 ConfigGeneral.stats_u_oper_only = 0;
653 ConfigGeneral.caller_id_wait = 60;
654 ConfigGeneral.opers_bypass_callerid = 1;
655 ConfigGeneral.pace_wait = 10;
656 ConfigGeneral.pace_wait_simple = 1;
657 ConfigGeneral.short_motd = 0;
658 ConfigGeneral.ping_cookie = 0;
659 ConfigGeneral.no_oper_flood = 0;
660 ConfigGeneral.max_targets = MAX_TARGETS_DEFAULT;
661 ConfigGeneral.oper_only_umodes = UMODE_DEBUG | UMODE_LOCOPS | UMODE_HIDDEN | UMODE_FARCONNECT |
662 UMODE_UNAUTH | UMODE_EXTERNAL | UMODE_BOTS | UMODE_NCHANGE |
663 UMODE_SPY | UMODE_FULL | UMODE_SKILL | UMODE_REJ | UMODE_CCONN;
664 ConfigGeneral.oper_umodes = UMODE_BOTS | UMODE_LOCOPS | UMODE_SERVNOTICE | UMODE_WALLOP;
665 ConfigGeneral.throttle_count = 1;
666 ConfigGeneral.throttle_time = 1;
667 }
668
669 static void
670 conf_validate(void)
671 {
672 if (EmptyString(ConfigServerInfo.network_name))
673 ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT);
674
675 if (EmptyString(ConfigServerInfo.network_desc))
676 ConfigServerInfo.network_desc = xstrdup(NETWORK_DESC_DEFAULT);
677 }
678
679 /* conf_read()
680 *
681 * inputs - file descriptor pointing to config file to use
682 * output - None
683 * side effects - Read configuration file.
684 */
685 static void
686 conf_read(FILE *file)
687 {
688 lineno = 1;
689
690 conf_set_defaults(); /* Set default values prior to conf parsing */
691 conf_parser_ctx.pass = 1;
692 yyparse(); /* Pick up the classes first */
693
694 rewind(file);
695
696 conf_parser_ctx.pass = 2;
697 yyparse(); /* Load the values from the conf */
698 conf_validate(); /* Check to make sure some values are still okay. */
699 /* Some global values are also loaded here. */
700 whowas_trim(); /* Attempt to trim whowas list if necessary */
701 class_delete_marked(); /* Delete unused classes that are marked for deletion */
702 }
703
704 /* conf_rehash()
705 *
706 * Actual REHASH service routine. Called with sig == 0 if it has been called
707 * as a result of an operator issuing this command, else assume it has been
708 * called as a result of the server receiving a HUP signal.
709 */
710 void
711 conf_rehash(bool sig)
712 {
713 if (sig == true)
714 {
715 sendto_realops_flags(UMODE_SERVNOTICE, L_ALL, SEND_NOTICE,
716 "Got signal SIGHUP, reloading configuration file(s)");
717 ilog(LOG_TYPE_IRCD, "Got signal SIGHUP, reloading configuration file(s)");
718 }
719
720 restart_resolver();
721
722 /* don't close listeners until we know we can go ahead with the rehash */
723
724 conf_read_files(false);
725
726 load_conf_modules();
727 check_conf_klines();
728 }
729
730 /* conf_connect_allowed()
731 *
732 * inputs - pointer to inaddr
733 * - int type ipv4 or ipv6
734 * output - BANNED or accepted
735 * side effects - none
736 */
737 int
738 conf_connect_allowed(struct irc_ssaddr *addr)
739 {
740 const struct MaskItem *conf = find_dline_conf(addr);
741
742 if (conf)
743 {
744 /* DLINE exempt also gets you out of static limits/pacing... */
745 if (conf->type == CONF_EXEMPT)
746 return 0;
747 return BANNED_CLIENT;
748 }
749
750 struct ip_entry *ip_found = ipcache_record_find_or_add(addr);
751 if ((event_base->time.sec_monotonic - ip_found->last_attempt) < ConfigGeneral.throttle_time)
752 {
753 if (ip_found->connection_count >= ConfigGeneral.throttle_count)
754 return TOO_FAST;
755
756 ++ip_found->connection_count;
757 }
758 else
759 ip_found->connection_count = 1;
760
761 ip_found->last_attempt = event_base->time.sec_monotonic;
762 return 0;
763 }
764
765 /* cleanup_tklines()
766 *
767 * inputs - NONE
768 * output - NONE
769 * side effects - call function to expire temporary k/d lines
770 * This is an event started off in ircd.c
771 */
772 void
773 cleanup_tklines(void *unused)
774 {
775 hostmask_expire_temporary();
776 gecos_expire();
777 resv_expire();
778 }
779
780 /*
781 * Input: A client to find the active operator {} name for.
782 * Output: The nick!user@host{oper} of the oper.
783 * "oper" is server name for remote opers
784 * Side effects: None.
785 */
786 const char *
787 get_oper_name(const struct Client *client)
788 {
789 static char buffer[IRCD_BUFSIZE];
790
791 if (IsServer(client))
792 return client->name;
793
794 if (MyConnect(client))
795 {
796 const dlink_node *const node = client->connection->confs.head;
797
798 if (node)
799 {
800 const struct MaskItem *const conf = node->data;
801
802 if (conf->type == CONF_OPER)
803 {
804 snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}", client->name,
805 client->username, client->host, conf->name);
806 return buffer;
807 }
808 }
809
810 /*
811 * Probably should assert here for now. If there is an oper out there
812 * with no operator {} conf attached, it would be good for us to know...
813 */
814 assert(0); /* Oper without oper conf! */
815 }
816
817 snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}", client->name,
818 client->username, client->host, client->servptr->name);
819 return buffer;
820 }
821
822 /* conf_clear()
823 *
824 * inputs - none
825 * output - none
826 * side effects - Clear out the old configuration
827 */
828 static void
829 conf_clear(void)
830 {
831 dlink_node *node = NULL, *node_next = NULL;
832 dlink_list *free_items [] = {
833 &connect_items, &operator_items, NULL
834 };
835
836 dlink_list ** iterator = free_items; /* C is dumb */
837
838 /* We only need to free anything allocated by yyparse() here.
839 * Resetting structs, etc, is taken care of by conf_set_defaults().
840 */
841
842 for (; *iterator; iterator++)
843 {
844 DLINK_FOREACH_SAFE(node, node_next, (*iterator)->head)
845 {
846 struct MaskItem *conf = node->data;
847
848 conf->active = false;
849 dlinkDelete(&conf->node, *iterator);
850
851 if (!conf->ref_count)
852 conf_free(conf);
853 }
854 }
855
856 /*
857 * Don't delete the class table, rather mark all entries for deletion.
858 * The table is cleaned up by class_delete_marked. - avalon
859 */
860 class_mark_for_deletion();
861
862 clear_out_address_conf();
863
864 modules_conf_clear(); /* Clear modules {} items */
865
866 motd_clear(); /* Clear motd {} items and re-cache default motd */
867
868 cluster_clear(); /* Clear cluster {} items */
869
870 gecos_clear(); /* Clear gecos {} items */
871
872 resv_clear(); /* Clear resv {} items */
873
874 service_clear(); /* Clear service {} items */
875
876 shared_clear(); /* Clear shared {} items */
877
878 pseudo_clear(); /* Clear pseudo {} items */
879
880 /* Clean out ConfigServerInfo */
881 xfree(ConfigServerInfo.description);
882 ConfigServerInfo.description = NULL;
883 xfree(ConfigServerInfo.network_name);
884 ConfigServerInfo.network_name = NULL;
885 xfree(ConfigServerInfo.network_desc);
886 ConfigServerInfo.network_desc = NULL;
887 xfree(ConfigServerInfo.rsa_private_key_file);
888 ConfigServerInfo.rsa_private_key_file = NULL;
889 xfree(ConfigServerInfo.tls_certificate_file);
890 ConfigServerInfo.tls_certificate_file = NULL;
891 xfree(ConfigServerInfo.tls_dh_param_file);
892 ConfigServerInfo.tls_dh_param_file = NULL;
893 xfree(ConfigServerInfo.tls_supported_groups);
894 ConfigServerInfo.tls_supported_groups = NULL;
895 xfree(ConfigServerInfo.tls_cipher_list);
896 ConfigServerInfo.tls_cipher_list = NULL;
897 xfree(ConfigServerInfo.tls_cipher_suites);
898 ConfigServerInfo.tls_cipher_suites = NULL;
899 xfree(ConfigServerInfo.tls_message_digest_algorithm);
900 ConfigServerInfo.tls_message_digest_algorithm = NULL;
901
902 /* Clean out ConfigAdminInfo */
903 xfree(ConfigAdminInfo.name);
904 ConfigAdminInfo.name = NULL;
905 xfree(ConfigAdminInfo.email);
906 ConfigAdminInfo.email = NULL;
907 xfree(ConfigAdminInfo.description);
908 ConfigAdminInfo.description = NULL;
909
910 /* Clean out ConfigServerHide */
911 xfree(ConfigServerHide.flatten_links_file);
912 ConfigServerHide.flatten_links_file = NULL;
913 xfree(ConfigServerHide.hidden_name);
914 ConfigServerHide.hidden_name = NULL;
915
916 /* Clean out listeners */
917 listener_close_marked();
918 }
919
920 static void
921 conf_handle_tls(bool cold)
922 {
923 if (tls_new_credentials() == false)
924 {
925 if (cold == true)
926 {
927 ilog(LOG_TYPE_IRCD, "Error while initializing TLS");
928 exit(EXIT_FAILURE);
929 }
930 else
931 {
932 /* Failed to load new settings/certs, old ones remain active */
933 sendto_realops_flags(UMODE_SERVNOTICE, L_ALL, SEND_NOTICE,
934 "Error reloading TLS settings, check the ircd log"); // report_crypto_errors logs this
935 }
936 }
937 }
938
939 /* read_conf_files()
940 *
941 * inputs - cold start YES or NO
942 * output - none
943 * side effects - read all conf files needed, ircd.conf kline.conf etc.
944 */
945 void
946 conf_read_files(bool cold)
947 {
948 char buf[IRCD_BUFSIZE];
949
950 conf_parser_ctx.boot = cold;
951 conf_parser_ctx.conf_file = fopen(ConfigGeneral.configfile, "r");
952
953 if (conf_parser_ctx.conf_file == NULL)
954 {
955 if (cold == true)
956 {
957 ilog(LOG_TYPE_IRCD, "Unable to read configuration file '%s': %s",
958 ConfigGeneral.configfile, strerror(errno));
959 exit(EXIT_FAILURE);
960 }
961 else
962 {
963 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
964 "Unable to read configuration file '%s': %s",
965 ConfigGeneral.configfile, strerror(errno));
966 return;
967 }
968 }
969
970 /*
971 * We need to know the initial filename for the yyerror() to report
972 *
973 * FIXME: The full path is in conffilenamebuf first time since we
974 * don't know anything else
975 *
976 * - Gozem 2002-07-21
977 */
978 strlcpy(conffilebuf, ConfigGeneral.configfile, sizeof(conffilebuf));
979
980 if (cold == false)
981 conf_clear();
982
983 conf_read(conf_parser_ctx.conf_file);
984 fclose(conf_parser_ctx.conf_file);
985
986 log_iterate(log_reopen);
987 conf_handle_tls(cold);
988
989 isupport_add("NICKLEN", NULL, ConfigServerInfo.max_nick_length);
990 isupport_add("NETWORK", ConfigServerInfo.network_name, -1);
991
992 snprintf(buf, sizeof(buf), "beI:%u", ConfigChannel.max_bans);
993 isupport_add("MAXLIST", buf, -1);
994
995 isupport_add("MAXTARGETS", NULL, ConfigGeneral.max_targets);
996 isupport_add("CHANTYPES", "#", -1);
997
998 snprintf(buf, sizeof(buf), "#:%u", ConfigChannel.max_channels);
999 isupport_add("CHANLIMIT", buf, -1);
1000
1001 isupport_add("CHANNELLEN", NULL, CHANNELLEN);
1002 isupport_add("TOPICLEN", NULL, ConfigServerInfo.max_topic_length);
1003
1004 snprintf(buf, sizeof(buf), "%s", "beI,k,l,cimnprstuCKLMNORST");
1005 isupport_add("CHANMODES", buf, -1);
1006 }
1007
1008 /* conf_add_class_to_conf()
1009 *
1010 * inputs - pointer to config item
1011 * output - NONE
1012 * side effects - Add a class pointer to a conf
1013 */
1014 void
1015 conf_add_class_to_conf(struct MaskItem *conf, const char *name)
1016 {
1017 if (EmptyString(name) || (conf->class = class_find(name, true)) == NULL)
1018 {
1019 conf->class = class_default;
1020
1021 if (conf->type == CONF_CLIENT || conf->type == CONF_OPER)
1022 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1023 "Warning *** Defaulting to default class for %s@%s",
1024 conf->user, conf->host);
1025 else
1026 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1027 "Warning *** Defaulting to default class for %s",
1028 conf->name);
1029 }
1030 }
1031
1032 /* yyerror()
1033 *
1034 * inputs - message from parser
1035 * output - NONE
1036 * side effects - message to opers and log file entry is made
1037 */
1038 void
1039 yyerror(const char *msg)
1040 {
1041 if (conf_parser_ctx.pass != 1)
1042 return;
1043
1044 const char *p = stripws(linebuf);
1045 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1046 "\"%s\", line %u: %s: %s",
1047 conffilebuf, lineno, msg, p);
1048 ilog(LOG_TYPE_IRCD, "\"%s\", line %u: %s: %s",
1049 conffilebuf, lineno, msg, p);
1050 }
1051
1052 void
1053 conf_error_report(const char *msg)
1054 {
1055 const char *p = stripws(linebuf);
1056 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1057 "\"%s\", line %u: %s: %s",
1058 conffilebuf, lineno, msg, p);
1059 ilog(LOG_TYPE_IRCD, "\"%s\", line %u: %s: %s",
1060 conffilebuf, lineno, msg, p);
1061 }
1062
1063 /*
1064 * valid_tkline()
1065 *
1066 * inputs - pointer to ascii string to check
1067 * - whether the specified time is in seconds or minutes
1068 * output - -1 not enough parameters
1069 * - 0 if not an integer number, else the number
1070 * side effects - none
1071 * Originally written by Dianora (Diane, db@db.net)
1072 */
1073 uintmax_t
1074 valid_tkline(const char *data, const int minutes)
1075 {
1076 const unsigned char *p = (const unsigned char *)data;
1077 unsigned char tmpch = '\0';
1078 uintmax_t result = 0;
1079
1080 while ((tmpch = *p++))
1081 {
1082 if (!IsDigit(tmpch))
1083 return 0;
1084
1085 result *= 10;
1086 result += (tmpch & 0xF);
1087 }
1088
1089 /*
1090 * In the degenerate case where oper does a /quote kline 0 user@host :reason
1091 * i.e. they specifically use 0, I am going to return 1 instead as a return
1092 * value of non-zero is used to flag it as a temporary kline
1093 */
1094 if (result == 0)
1095 result = 1;
1096
1097 /*
1098 * If the incoming time is in seconds convert it to minutes for the purpose
1099 * of this calculation
1100 */
1101 if (minutes == 0)
1102 result = result / 60;
1103
1104 if (result > MAX_TDKLINE_TIME)
1105 result = MAX_TDKLINE_TIME;
1106
1107 result = result * 60; /* Turn it into seconds */
1108
1109 return result;
1110 }
1111
1112 /* valid_wild_card_simple()
1113 *
1114 * inputs - data to check for sufficient non-wildcard characters
1115 * outputs - 1 if valid, else 0
1116 * side effects - none
1117 */
1118 bool
1119 valid_wild_card_simple(const char *data)
1120 {
1121 const unsigned char *p = (const unsigned char *)data;
1122 unsigned char tmpch = '\0';
1123 unsigned int nonwild = 0, wild = 0;
1124
1125 while ((tmpch = *p++))
1126 {
1127 if (tmpch == '\\' && *p)
1128 {
1129 ++p;
1130 if (++nonwild >= ConfigGeneral.min_nonwildcard_simple)
1131 return true;
1132 }
1133 else if (!IsMWildChar(tmpch))
1134 {
1135 if (++nonwild >= ConfigGeneral.min_nonwildcard_simple)
1136 return true;
1137 }
1138 else
1139 ++wild;
1140 }
1141
1142 return wild == 0;
1143 }
1144
1145 /* valid_wild_card()
1146 *
1147 * input - pointer to client
1148 * - int flag, 0 for no warning oper 1 for warning oper
1149 * - count of following varargs to check
1150 * output - 0 if not valid, 1 if valid
1151 * side effects - NOTICE is given to client if warn is 1
1152 */
1153 bool
1154 valid_wild_card(int count, ...)
1155 {
1156 unsigned char tmpch = '\0';
1157 unsigned int nonwild = 0;
1158 va_list args;
1159
1160 /*
1161 * Now we must check the user and host to make sure there
1162 * are at least NONWILDCHARS non-wildcard characters in
1163 * them, otherwise assume they are attempting to kline
1164 * *@* or some variant of that. This code will also catch
1165 * people attempting to kline *@*.tld, as long as NONWILDCHARS
1166 * is greater than 3. In that case, there are only 3 non-wild
1167 * characters (tld), so if NONWILDCHARS is 4, the kline will
1168 * be disallowed.
1169 * -wnder
1170 */
1171
1172 va_start(args, count);
1173
1174 while (count--)
1175 {
1176 const unsigned char *p = va_arg(args, const unsigned char *);
1177 if (p == NULL)
1178 continue;
1179
1180 while ((tmpch = *p++))
1181 {
1182 if (!IsKWildChar(tmpch))
1183 {
1184 /*
1185 * If we find enough non-wild characters, we can
1186 * break - no point in searching further.
1187 */
1188 if (++nonwild >= ConfigGeneral.min_nonwildcard)
1189 {
1190 va_end(args);
1191 return true;
1192 }
1193 }
1194 }
1195 }
1196
1197 va_end(args);
1198 return false;
1199 }
1200
1201 /* XXX should this go into a separate file ? -Dianora */
1202 /* parse_aline
1203 *
1204 * input - pointer to cmd name being used
1205 * - pointer to client using cmd
1206 * - parc parameter count
1207 * - parv[] list of parameters to parse
1208 * - parse_flags bit map of things to test
1209 * - pointer to user or string to parse into
1210 * - pointer to host or NULL to parse into if non NULL
1211 * - pointer to optional tkline time or NULL
1212 * - pointer to target_server to parse into if non NULL
1213 * - pointer to reason to parse into
1214 *
1215 * output - 1 if valid, 0 if not valid
1216 * side effects - A generalised k/d/x etc. line parser,
1217 * "ALINE [time] user@host|string [ON] target :reason"
1218 * will parse returning a parsed user, host if
1219 * h_p pointer is non NULL, string otherwise.
1220 * if tkline_time pointer is non NULL a tk line will be set
1221 * to non zero if found.
1222 * if tkline_time pointer is NULL and tk line is found,
1223 * error is reported.
1224 * if target_server is NULL and an "ON" is found error
1225 * is reported.
1226 * if reason pointer is NULL ignore pointer,
1227 * this allows use of parse_a_line in unkline etc.
1228 *
1229 * - Dianora
1230 */
1231 bool
1232 parse_aline(const char *cmd, struct Client *client, int parc, char **parv, struct aline_ctx *aline)
1233 {
1234 static char default_reason[] = CONF_NOREASON;
1235 static char user[USERLEN * 2 + 1];
1236 static char host[HOSTLEN * 2 + 1];
1237
1238 ++parv;
1239 --parc;
1240
1241 if (aline->add == true && (aline->duration = valid_tkline(*parv, TK_MINUTES)))
1242 {
1243 ++parv;
1244 --parc;
1245 }
1246
1247 if (parc == 0)
1248 {
1249 sendto_one_numeric(client, &me, ERR_NEEDMOREPARAMS, cmd);
1250 return false;
1251 }
1252
1253 if (aline->simple_mask == true)
1254 {
1255 aline->mask = *parv;
1256 aline->user = NULL;
1257 aline->host = NULL;
1258 }
1259 else
1260 {
1261 struct split_nuh_item nuh;
1262
1263 nuh.nuhmask = *parv;
1264 nuh.nickptr = NULL;
1265 nuh.userptr = user;
1266 nuh.hostptr = host;
1267
1268 nuh.nicksize = 0;
1269 nuh.usersize = sizeof(user);
1270 nuh.hostsize = sizeof(host);
1271
1272 split_nuh(&nuh);
1273
1274 aline->mask = NULL;
1275 aline->user = user;
1276 aline->host = host;
1277 }
1278
1279 ++parv;
1280 --parc;
1281
1282 if (parc)
1283 {
1284 if (irccmp(*parv, "ON") == 0)
1285 {
1286 ++parv;
1287 --parc;
1288
1289 if (!HasOFlag(client, OPER_FLAG_REMOTEBAN))
1290 {
1291 sendto_one_numeric(client, &me, ERR_NOPRIVS, "remoteban");
1292 return false;
1293 }
1294
1295 if (parc == 0 || EmptyString(*parv))
1296 {
1297 sendto_one_numeric(client, &me, ERR_NEEDMOREPARAMS, cmd);
1298 return false;
1299 }
1300
1301 aline->server = *parv;
1302 ++parv;
1303 --parc;
1304 }
1305 else
1306 aline->server = NULL;
1307 }
1308
1309 if (aline->add == true)
1310 {
1311 if (parc == 0 || EmptyString(*parv))
1312 aline->reason = default_reason;
1313 else
1314 aline->reason = *parv;
1315 }
1316
1317 return true;
1318 }
1319
1320 /* match_conf_password()
1321 *
1322 * inputs - pointer to given password
1323 * - pointer to Conf
1324 * output - 1 or 0 if match
1325 * side effects - none
1326 */
1327 bool
1328 match_conf_password(const char *password, const struct MaskItem *conf)
1329 {
1330 const char *encr = NULL;
1331
1332 if (EmptyString(password) || EmptyString(conf->passwd))
1333 return false;
1334
1335 if (conf->flags & CONF_FLAGS_ENCRYPTED)
1336 encr = crypt(password, conf->passwd);
1337 else
1338 encr = password;
1339
1340 return encr && strcmp(encr, conf->passwd) == 0;
1341 }
1342
1343 /*
1344 * split_nuh
1345 *
1346 * inputs - pointer to original mask (modified in place)
1347 * - pointer to pointer where nick should go
1348 * - pointer to pointer where user should go
1349 * - pointer to pointer where host should go
1350 * output - NONE
1351 * side effects - mask is modified in place
1352 * If nick pointer is NULL, ignore writing to it
1353 * this allows us to use this function elsewhere.
1354 *
1355 * mask nick user host
1356 * ---------------------- ------- ------- ------
1357 * Dianora!db@db.net Dianora db db.net
1358 * Dianora Dianora * *
1359 * db.net * * db.net
1360 * OR if nick pointer is NULL
1361 * Dianora - * Dianora
1362 * Dianora! Dianora * *
1363 * Dianora!@ Dianora * *
1364 * Dianora!db Dianora db *
1365 * Dianora!@db.net Dianora * db.net
1366 * db@db.net * db db.net
1367 * !@ * * *
1368 * @ * * *
1369 * ! * * *
1370 */
1371 void
1372 split_nuh(struct split_nuh_item *const iptr)
1373 {
1374 char *p = NULL, *q = NULL;
1375
1376 if (iptr->nickptr)
1377 strlcpy(iptr->nickptr, "*", iptr->nicksize);
1378
1379 if (iptr->userptr)
1380 strlcpy(iptr->userptr, "*", iptr->usersize);
1381
1382 if (iptr->hostptr)
1383 strlcpy(iptr->hostptr, "*", iptr->hostsize);
1384
1385 if ((p = strchr(iptr->nuhmask, '!')))
1386 {
1387 *p = '\0';
1388
1389 if (iptr->nickptr && *iptr->nuhmask)
1390 strlcpy(iptr->nickptr, iptr->nuhmask, iptr->nicksize);
1391
1392 if ((q = strchr(++p, '@')))
1393 {
1394 *q++ = '\0';
1395
1396 if (*p)
1397 strlcpy(iptr->userptr, p, iptr->usersize);
1398
1399 if (*q)
1400 strlcpy(iptr->hostptr, q, iptr->hostsize);
1401 }
1402 else
1403 {
1404 if (*p)
1405 strlcpy(iptr->userptr, p, iptr->usersize);
1406 }
1407 }
1408 else
1409 {
1410 /* No ! found so lets look for a user@host */
1411 if ((p = strchr(iptr->nuhmask, '@')))
1412 {
1413 /* if found a @ */
1414 *p++ = '\0';
1415
1416 if (*iptr->nuhmask)
1417 strlcpy(iptr->userptr, iptr->nuhmask, iptr->usersize);
1418
1419 if (*p)
1420 strlcpy(iptr->hostptr, p, iptr->hostsize);
1421 }
1422 else
1423 {
1424 /* No @ found */
1425 if (iptr->nickptr == NULL || strpbrk(iptr->nuhmask, ".:"))
1426 strlcpy(iptr->hostptr, iptr->nuhmask, iptr->hostsize);
1427 else
1428 strlcpy(iptr->nickptr, iptr->nuhmask, iptr->nicksize);
1429 }
1430 }
1431 }

Properties

Name Value
svn:eol-style native
svn:keywords Id