ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/trunk/src/conf.c
Revision: 9114
Committed: Sun Jan 5 09:43:16 2020 UTC (4 years, 3 months ago) by michael
Content type: text/x-csrc
File size: 38925 byte(s)
Log Message: 
- Merge conf_dns_lookup into conf_resolve_host

File Contents

# Content
1 /*
2 * ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3 *
4 * Copyright (c) 1997-2020 ircd-hybrid development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 */
21
22 /*! \file conf.c
23 * \brief Configuration file functions.
24 * \version $Id$
25 */
26
27 #include "stdinc.h"
28 #include "list.h"
29 #include "ircd_defs.h"
30 #include "parse.h"
31 #include "conf.h"
32 #include "conf_cluster.h"
33 #include "conf_gecos.h"
34 #include "conf_pseudo.h"
35 #include "conf_resv.h"
36 #include "conf_service.h"
37 #include "conf_shared.h"
38 #include "server.h"
39 #include "channel.h"
40 #include "client.h"
41 #include "event.h"
42 #include "irc_string.h"
43 #include "s_bsd.h"
44 #include "ircd.h"
45 #include "listener.h"
46 #include "hostmask.h"
47 #include "modules.h"
48 #include "numeric.h"
49 #include "fdlist.h"
50 #include "log.h"
51 #include "send.h"
52 #include "memory.h"
53 #include "res.h"
54 #include "user.h"
55 #include "channel_mode.h"
56 #include "misc.h"
57 #include "conf_db.h"
58 #include "conf_class.h"
59 #include "motd.h"
60 #include "ipcache.h"
61 #include "isupport.h"
62 #include "whowas.h"
63
64
65 struct config_channel_entry ConfigChannel;
66 struct config_serverhide_entry ConfigServerHide;
67 struct config_general_entry ConfigGeneral;
68 struct config_log_entry ConfigLog = { .use_logging = 1 };
69 struct config_serverinfo_entry ConfigServerInfo;
70 struct config_admin_entry ConfigAdminInfo;
71 struct conf_parser_context conf_parser_ctx;
72
73 /* general conf items link list root, other than k lines etc. */
74 dlink_list connect_items;
75 dlink_list operator_items;
76
77 extern unsigned int lineno;
78 extern char linebuf[];
79 extern char conffilebuf[IRCD_BUFSIZE];
80 extern int yyparse(); /* defined in y.tab.c */
81
82
83 /* conf_dns_callback()
84 *
85 * inputs - pointer to struct MaskItem
86 * - pointer to DNSReply reply
87 * output - none
88 * side effects - called when resolver query finishes
89 * if the query resulted in a successful search, hp will contain
90 * a non-null pointer, otherwise hp will be null.
91 * if successful save hp in the conf item it was called with
92 */
93 static void
94 conf_dns_callback(void *vptr, const struct irc_ssaddr *addr, const char *name, size_t namelength)
95 {
96 struct MaskItem *const conf = vptr;
97
98 conf->dns_pending = false;
99
100 if (addr)
101 memcpy(conf->addr, addr, sizeof(*conf->addr));
102 else
103 conf->dns_failed = true;
104 }
105
106 /* conf_resolve_host()
107 *
108 * start DNS lookups of all hostnames in the conf
109 * line and convert an IP addresses in a.b.c.d number for to IP#s.
110 */
111 void
112 conf_dns_lookup(struct MaskItem *conf)
113 {
114 struct addrinfo hints, *res;
115
116 /*
117 * Do name lookup now on hostnames given and store the
118 * ip numbers in conf structure.
119 */
120 memset(&hints, 0, sizeof(hints));
121
122 hints.ai_family = AF_UNSPEC;
123 hints.ai_socktype = SOCK_STREAM;
124
125 /* Get us ready for a bind() and don't bother doing dns lookup */
126 hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
127
128 if (getaddrinfo(conf->host, NULL, &hints, &res))
129 {
130 /*
131 * By this point conf->host possibly is not a numerical network address. Do a nameserver
132 * lookup of the conf host. If the conf entry is currently doing a ns lookup do nothing.
133 */
134 if (conf->dns_pending == true)
135 return;
136
137 conf->dns_pending = true;
138
139 if (conf->aftype == AF_INET)
140 gethost_byname_type(conf_dns_callback, conf, conf->host, T_A);
141 else
142 gethost_byname_type(conf_dns_callback, conf, conf->host, T_AAAA);
143 return;
144 }
145
146 assert(res);
147
148 memcpy(conf->addr, res->ai_addr, res->ai_addrlen);
149 conf->addr->ss_len = res->ai_addrlen;
150
151 freeaddrinfo(res);
152 }
153
154 /* map_to_list()
155 *
156 * inputs - ConfType conf
157 * output - pointer to dlink_list to use
158 * side effects - none
159 */
160 static dlink_list *
161 map_to_list(enum maskitem_type type)
162 {
163 switch (type)
164 {
165 case CONF_OPER:
166 return &operator_items;
167 break;
168 case CONF_SERVER:
169 return &connect_items;
170 break;
171 default:
172 return NULL;
173 }
174 }
175
176 struct MaskItem *
177 conf_make(enum maskitem_type type)
178 {
179 struct MaskItem *const conf = xcalloc(sizeof(*conf));
180 dlink_list *list = NULL;
181
182 conf->type = type;
183 conf->active = true;
184 conf->aftype = AF_INET;
185
186 if ((list = map_to_list(type)))
187 dlinkAdd(conf, &conf->node, list);
188 return conf;
189 }
190
191 void
192 conf_free(struct MaskItem *conf)
193 {
194 dlink_node *node = NULL, *node_next = NULL;
195 dlink_list *list = NULL;
196
197 if ((list = map_to_list(conf->type)))
198 dlinkFindDelete(list, conf);
199
200 xfree(conf->name);
201
202 if (conf->dns_pending == true)
203 delete_resolver_queries(conf);
204 if (conf->passwd)
205 memset(conf->passwd, 0, strlen(conf->passwd));
206 if (conf->spasswd)
207 memset(conf->spasswd, 0, strlen(conf->spasswd));
208
209 conf->class = NULL;
210
211 xfree(conf->passwd);
212 xfree(conf->spasswd);
213 xfree(conf->reason);
214 xfree(conf->certfp);
215 xfree(conf->whois);
216 xfree(conf->user);
217 xfree(conf->host);
218 xfree(conf->addr);
219 xfree(conf->bind);
220 xfree(conf->cipher_list);
221
222 DLINK_FOREACH_SAFE(node, node_next, conf->hub_list.head)
223 {
224 xfree(node->data);
225 dlinkDelete(node, &conf->hub_list);
226 free_dlink_node(node);
227 }
228
229 DLINK_FOREACH_SAFE(node, node_next, conf->leaf_list.head)
230 {
231 xfree(node->data);
232 dlinkDelete(node, &conf->leaf_list);
233 free_dlink_node(node);
234 }
235
236 xfree(conf);
237 }
238
239 /* attach_iline()
240 *
241 * inputs - client pointer
242 * - conf pointer
243 * output -
244 * side effects - do actual attach
245 */
246 static int
247 attach_iline(struct Client *client_p, struct MaskItem *conf)
248 {
249 const struct ClassItem *const class = conf->class;
250 bool a_limit_reached = false;
251
252 struct ip_entry *ipcache = ipcache_record_find_or_add(&client_p->ip);
253 ++ipcache->count_local;
254 AddFlag(client_p, FLAGS_IPHASH);
255
256 if (class->max_total && class->ref_count >= class->max_total)
257 a_limit_reached = true;
258 else if (class->max_perip_local && ipcache->count_local > class->max_perip_local)
259 a_limit_reached = true;
260 else if (class->max_perip_global &&
261 (ipcache->count_local + ipcache->count_remote) > class->max_perip_global)
262 a_limit_reached = true;
263
264 if (a_limit_reached == true)
265 {
266 if (!IsConfExemptLimits(conf))
267 return TOO_MANY; /* Already at maximum allowed */
268
269 sendto_one_notice(client_p, &me, ":*** Your connection class is full, "
270 "but you have exceed_limit = yes;");
271 }
272
273 return conf_attach(client_p, conf);
274 }
275
276 /* verify_access()
277 *
278 * inputs - pointer to client to verify
279 * output - 0 if success -'ve if not
280 * side effect - find the first (best) I line to attach.
281 */
282 static int
283 verify_access(struct Client *client_p)
284 {
285 struct MaskItem *conf;
286
287 if (HasFlag(client_p, FLAGS_GOTID))
288 conf = find_address_conf(client_p->host, client_p->username, &client_p->ip,
289 client_p->connection->password);
290 else
291 {
292 char non_ident[USERLEN + 1] = "~";
293
294 strlcpy(non_ident + 1, client_p->username, sizeof(non_ident) - 1);
295 conf = find_address_conf(client_p->host, non_ident, &client_p->ip,
296 client_p->connection->password);
297 }
298
299 if (conf == NULL)
300 return NOT_AUTHORIZED;
301
302 assert(IsConfClient(conf) || IsConfKill(conf));
303
304 if (IsConfKill(conf))
305 {
306 sendto_one_notice(client_p, &me, ":*** Banned: %s", conf->reason);
307 return BANNED_CLIENT;
308 }
309
310 if (IsConfRedir(conf))
311 {
312 sendto_one_numeric(client_p, &me, RPL_REDIR,
313 conf->name ? conf->name : "",
314 conf->port);
315 return NOT_AUTHORIZED;
316 }
317
318 if (IsConfDoSpoofIp(conf))
319 {
320 if (IsConfSpoofNotice(conf))
321 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE, "%s spoofing: %s as %s",
322 client_p->name, client_p->host, conf->name);
323
324 strlcpy(client_p->host, conf->name, sizeof(client_p->host));
325 }
326
327 return attach_iline(client_p, conf);
328 }
329
330 /* check_client()
331 *
332 * inputs - pointer to client
333 * output - 0 = Success
334 * NOT_AUTHORIZED (-1) = Access denied (no I line match)
335 * IRCD_SOCKET_ERROR (-2) = Bad socket.
336 * I_LINE_FULL (-3) = I-line is full
337 * TOO_MANY (-4) = Too many connections from hostname
338 * BANNED_CLIENT (-5) = K-lined
339 * side effects - Ordinary client access check.
340 * Look for conf lines which have the same
341 * status as the flags passed.
342 */
343 bool
344 conf_check_client(struct Client *source_p)
345 {
346 int i;
347
348 if ((i = verify_access(source_p)))
349 ilog(LOG_TYPE_IRCD, "Access denied: %s[%s]",
350 source_p->name, source_p->sockhost);
351
352 switch (i)
353 {
354 case TOO_MANY:
355 sendto_realops_flags(UMODE_FULL, L_ALL, SEND_NOTICE,
356 "Too many on IP for %s (%s).",
357 client_get_name(source_p, SHOW_IP),
358 source_p->sockhost);
359 ilog(LOG_TYPE_IRCD, "Too many connections on IP from %s.",
360 client_get_name(source_p, SHOW_IP));
361 ++ServerStats.is_ref;
362 exit_client(source_p, "No more connections allowed on that IP");
363 break;
364
365 case I_LINE_FULL:
366 sendto_realops_flags(UMODE_FULL, L_ALL, SEND_NOTICE,
367 "auth {} block is full for %s (%s).",
368 client_get_name(source_p, SHOW_IP),
369 source_p->sockhost);
370 ilog(LOG_TYPE_IRCD, "Too many connections from %s.",
371 client_get_name(source_p, SHOW_IP));
372 ++ServerStats.is_ref;
373 exit_client(source_p, "No more connections allowed in your connection class");
374 break;
375
376 case NOT_AUTHORIZED:
377 /* jdc - lists server name & port connections are on */
378 /* a purely cosmetical change */
379 sendto_realops_flags(UMODE_UNAUTH, L_ALL, SEND_NOTICE,
380 "Unauthorized client connection from %s on [%s/%u].",
381 client_get_name(source_p, SHOW_IP),
382 source_p->connection->listener->name,
383 source_p->connection->listener->port);
384 ilog(LOG_TYPE_IRCD, "Unauthorized client connection from %s on [%s/%u].",
385 client_get_name(source_p, SHOW_IP),
386 source_p->connection->listener->name,
387 source_p->connection->listener->port);
388
389 ++ServerStats.is_ref;
390 exit_client(source_p, "You are not authorized to use this server");
391 break;
392
393 case BANNED_CLIENT:
394 ++ServerStats.is_ref;
395 exit_client(source_p, "Banned");
396 break;
397
398 case 0:
399 default:
400 break;
401 }
402
403 if (i < 0)
404 return false;
405 return true;
406 }
407
408 /*! \brief Disassociate configuration from the client. Also removes a class
409 * from the list if marked for deleting.
410 * \param client_p Client to operate on
411 * \param type Type of conf to detach
412 */
413 void
414 conf_detach(struct Client *client_p, enum maskitem_type type)
415 {
416 dlink_node *node, *node_next;
417
418 DLINK_FOREACH_SAFE(node, node_next, client_p->connection->confs.head)
419 {
420 struct MaskItem *conf = node->data;
421
422 assert(conf->type & (CONF_CLIENT | CONF_OPER | CONF_SERVER));
423 assert(conf->ref_count > 0);
424 assert(conf->class->ref_count > 0);
425
426 if (!(conf->type & type))
427 continue;
428
429 dlinkDelete(node, &client_p->connection->confs);
430 free_dlink_node(node);
431
432 if (conf->type == CONF_CLIENT)
433 class_ip_limit_remove(conf->class, &client_p->ip);
434
435 if (--conf->class->ref_count == 0 && conf->class->active == false)
436 {
437 class_free(conf->class);
438 conf->class = NULL;
439 }
440
441 if (--conf->ref_count == 0 && conf->active == false)
442 conf_free(conf);
443 }
444 }
445
446 /*! \brief Associate a specific configuration entry to a *local* client (this
447 * is the one which used in accepting the connection). Note, that this
448 * automatically changes the attachment if there was an old one.
449 * \param client_p Client to attach the conf to
450 * \param conf Configuration record to attach
451 */
452 int
453 conf_attach(struct Client *client_p, struct MaskItem *conf)
454 {
455 if (dlinkFind(&client_p->connection->confs, conf))
456 return 1;
457
458 if (conf->type == CONF_CLIENT)
459 if (class_ip_limit_add(conf->class, &client_p->ip, IsConfExemptLimits(conf)) == true)
460 return TOO_MANY; /* Already at maximum allowed */
461
462 conf->class->ref_count++;
463 conf->ref_count++;
464
465 dlinkAdd(conf, make_dlink_node(), &client_p->connection->confs);
466
467 return 0;
468 }
469
470 /* find_conf_name()
471 *
472 * inputs - pointer to conf link list to search
473 * - pointer to name to find
474 * - int mask of type of conf to find
475 * output - NULL or pointer to conf found
476 * side effects - find a conf entry which matches the name
477 * and has the given mask.
478 */
479 struct MaskItem *
480 find_conf_name(dlink_list *list, const char *name, enum maskitem_type type)
481 {
482 dlink_node *node = NULL;
483
484 DLINK_FOREACH(node, list->head)
485 {
486 struct MaskItem *conf = node->data;
487
488 if (conf->type == type)
489 {
490 if (conf->name && !irccmp(conf->name, name))
491 return conf;
492 }
493 }
494
495 return NULL;
496 }
497
498 /*! \brief Find a connect {} conf that has a name that matches \a name.
499 * \param name Name to match
500 * \param compare Pointer to function to be used for string matching
501 */
502 struct MaskItem *
503 connect_find(const char *name, int (*compare)(const char *, const char *))
504 {
505 dlink_node *node;
506
507 DLINK_FOREACH(node, connect_items.head)
508 {
509 struct MaskItem *conf = node->data;
510
511 if (!compare(name, conf->name))
512 return conf;
513 }
514
515 return NULL;
516 }
517
518 /* find_exact_name_conf()
519 *
520 * inputs - type of link list to look in
521 * - pointer to name string to find
522 * - pointer to user
523 * - pointer to host
524 * output - NULL or pointer to found struct MaskItem
525 * side effects - looks for an exact match on name field
526 */
527 struct MaskItem *
528 operator_find(const struct Client *who, const char *name)
529 {
530 dlink_node *node = NULL;
531
532 DLINK_FOREACH(node, operator_items.head)
533 {
534 struct MaskItem *conf = node->data;
535
536 if (!irccmp(conf->name, name))
537 {
538 if (!who)
539 return conf;
540
541 if (!match(conf->user, who->username))
542 {
543 switch (conf->htype)
544 {
545 case HM_HOST:
546 if (!match(conf->host, who->host) || !match(conf->host, who->sockhost))
547 if (!conf->class->max_total || conf->class->ref_count < conf->class->max_total)
548 return conf;
549 break;
550 case HM_IPV4:
551 if (who->ip.ss.ss_family == AF_INET)
552 if (match_ipv4(&who->ip, conf->addr, conf->bits))
553 if (!conf->class->max_total || conf->class->ref_count < conf->class->max_total)
554 return conf;
555 break;
556 case HM_IPV6:
557 if (who->ip.ss.ss_family == AF_INET6)
558 if (match_ipv6(&who->ip, conf->addr, conf->bits))
559 if (!conf->class->max_total || conf->class->ref_count < conf->class->max_total)
560 return conf;
561 break;
562 default:
563 assert(0);
564 }
565 }
566 }
567 }
568
569 return NULL;
570 }
571
572 /* conf_set_defaults()
573 *
574 * inputs - NONE
575 * output - NONE
576 * side effects - Set default values here.
577 * This is called **PRIOR** to parsing the
578 * configuration file. If you want to do some validation
579 * of values later, put them in validate_conf().
580 */
581 static void
582 conf_set_defaults(void)
583 {
584 /* verify init_class() ran, this should be an unnecessary check
585 * but its not much work.
586 */
587 assert(class_default == class_get_list()->tail->data);
588
589 ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT);
590 ConfigServerInfo.network_desc = xstrdup(NETWORK_DESC_DEFAULT);
591 ConfigServerInfo.default_max_clients = MAXCLIENTS_MAX;
592 ConfigServerInfo.max_nick_length = 9;
593 ConfigServerInfo.max_topic_length = 80;
594 ConfigServerInfo.hub = 0;
595
596 log_iterate(log_free);
597
598 ConfigLog.use_logging = 1;
599
600 ConfigChannel.disable_fake_channels = 0;
601 ConfigChannel.invite_client_count = 10;
602 ConfigChannel.invite_client_time = 300;
603 ConfigChannel.invite_delay_channel = 5;
604 ConfigChannel.invite_expire_time = 1800;
605 ConfigChannel.knock_client_count = 1;
606 ConfigChannel.knock_client_time = 300;
607 ConfigChannel.knock_delay_channel = 60;
608 ConfigChannel.max_channels = 25;
609 ConfigChannel.max_invites = 20;
610 ConfigChannel.max_bans = 100;
611 ConfigChannel.max_bans_large = 500;
612 ConfigChannel.default_join_flood_count = 18;
613 ConfigChannel.default_join_flood_time = 6;
614
615 ConfigServerHide.flatten_links = 0;
616 ConfigServerHide.flatten_links_delay = 300;
617 ConfigServerHide.hidden = 0;
618 ConfigServerHide.hide_servers = 0;
619 ConfigServerHide.hide_services = 0;
620 ConfigServerHide.hidden_name = xstrdup(NETWORK_NAME_DEFAULT);
621 ConfigServerHide.hide_server_ips = 0;
622 ConfigServerHide.disable_remote_commands = 0;
623
624 ConfigGeneral.away_count = 2;
625 ConfigGeneral.away_time = 10;
626 ConfigGeneral.max_watch = 50;
627 ConfigGeneral.whowas_history_length = 15000;
628 ConfigGeneral.cycle_on_host_change = 1;
629 ConfigGeneral.dline_min_cidr = 16;
630 ConfigGeneral.dline_min_cidr6 = 48;
631 ConfigGeneral.kline_min_cidr = 16;
632 ConfigGeneral.kline_min_cidr6 = 48;
633 ConfigGeneral.invisible_on_connect = 1;
634 ConfigGeneral.disable_auth = 0;
635 ConfigGeneral.kill_chase_time_limit = 90;
636 ConfigGeneral.default_floodcount = 8;
637 ConfigGeneral.default_floodtime = 1;
638 ConfigGeneral.failed_oper_notice = 1;
639 ConfigGeneral.dots_in_ident = 0;
640 ConfigGeneral.min_nonwildcard = 4;
641 ConfigGeneral.min_nonwildcard_simple = 3;
642 ConfigGeneral.max_accept = 50;
643 ConfigGeneral.anti_nick_flood = 0;
644 ConfigGeneral.max_nick_time = 20;
645 ConfigGeneral.max_nick_changes = 5;
646 ConfigGeneral.anti_spam_exit_message_time = 0;
647 ConfigGeneral.ts_warn_delta = 30;
648 ConfigGeneral.ts_max_delta = 600;
649 ConfigGeneral.warn_no_connect_block = 1;
650 ConfigGeneral.stats_e_disabled = 0;
651 ConfigGeneral.stats_i_oper_only = 1; /* 1 = masked */
652 ConfigGeneral.stats_k_oper_only = 1; /* 1 = masked */
653 ConfigGeneral.stats_o_oper_only = 1;
654 ConfigGeneral.stats_m_oper_only = 1;
655 ConfigGeneral.stats_P_oper_only = 0;
656 ConfigGeneral.stats_u_oper_only = 0;
657 ConfigGeneral.caller_id_wait = 60;
658 ConfigGeneral.opers_bypass_callerid = 1;
659 ConfigGeneral.pace_wait = 10;
660 ConfigGeneral.pace_wait_simple = 1;
661 ConfigGeneral.short_motd = 0;
662 ConfigGeneral.ping_cookie = 0;
663 ConfigGeneral.no_oper_flood = 0;
664 ConfigGeneral.max_targets = MAX_TARGETS_DEFAULT;
665 ConfigGeneral.oper_only_umodes = UMODE_DEBUG | UMODE_LOCOPS | UMODE_HIDDEN | UMODE_FARCONNECT |
666 UMODE_UNAUTH | UMODE_EXTERNAL | UMODE_BOTS | UMODE_NCHANGE |
667 UMODE_SPY | UMODE_FULL | UMODE_SKILL | UMODE_REJ | UMODE_CCONN;
668 ConfigGeneral.oper_umodes = UMODE_BOTS | UMODE_LOCOPS | UMODE_SERVNOTICE | UMODE_WALLOP;
669 ConfigGeneral.throttle_count = 1;
670 ConfigGeneral.throttle_time = 1;
671 }
672
673 static void
674 conf_validate(void)
675 {
676 if (EmptyString(ConfigServerInfo.network_name))
677 ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT);
678
679 if (EmptyString(ConfigServerInfo.network_desc))
680 ConfigServerInfo.network_desc = xstrdup(NETWORK_DESC_DEFAULT);
681 }
682
683 /* conf_read()
684 *
685 * inputs - file descriptor pointing to config file to use
686 * output - None
687 * side effects - Read configuration file.
688 */
689 static void
690 conf_read(FILE *file)
691 {
692 lineno = 1;
693
694 conf_set_defaults(); /* Set default values prior to conf parsing */
695 conf_parser_ctx.pass = 1;
696 yyparse(); /* Pick up the classes first */
697
698 rewind(file);
699
700 conf_parser_ctx.pass = 2;
701 yyparse(); /* Load the values from the conf */
702 conf_validate(); /* Check to make sure some values are still okay. */
703 /* Some global values are also loaded here. */
704 whowas_trim(); /* Attempt to trim whowas list if necessary */
705 class_delete_marked(); /* Delete unused classes that are marked for deletion */
706 }
707
708 /* conf_rehash()
709 *
710 * Actual REHASH service routine. Called with sig == 0 if it has been called
711 * as a result of an operator issuing this command, else assume it has been
712 * called as a result of the server receiving a HUP signal.
713 */
714 void
715 conf_rehash(bool sig)
716 {
717 if (sig == true)
718 {
719 sendto_realops_flags(UMODE_SERVNOTICE, L_ALL, SEND_NOTICE,
720 "Got signal SIGHUP, reloading configuration file(s)");
721 ilog(LOG_TYPE_IRCD, "Got signal SIGHUP, reloading configuration file(s)");
722 }
723
724 restart_resolver();
725
726 /* don't close listeners until we know we can go ahead with the rehash */
727
728 conf_read_files(false);
729
730 load_conf_modules();
731 check_conf_klines();
732 }
733
734 /* conf_connect_allowed()
735 *
736 * inputs - pointer to inaddr
737 * - int type ipv4 or ipv6
738 * output - BANNED or accepted
739 * side effects - none
740 */
741 int
742 conf_connect_allowed(struct irc_ssaddr *addr)
743 {
744 struct ip_entry *ip_found = NULL;
745 const struct MaskItem *conf = find_dline_conf(addr);
746
747 if (conf)
748 {
749 /* DLINE exempt also gets you out of static limits/pacing... */
750 if (conf->type == CONF_EXEMPT)
751 return 0;
752 return BANNED_CLIENT;
753 }
754
755 ip_found = ipcache_record_find_or_add(addr);
756
757 if ((event_base->time.sec_monotonic - ip_found->last_attempt) < ConfigGeneral.throttle_time)
758 {
759 if (ip_found->connection_count >= ConfigGeneral.throttle_count)
760 return TOO_FAST;
761
762 ++ip_found->connection_count;
763 }
764 else
765 ip_found->connection_count = 1;
766
767 ip_found->last_attempt = event_base->time.sec_monotonic;
768 return 0;
769 }
770
771 /* cleanup_tklines()
772 *
773 * inputs - NONE
774 * output - NONE
775 * side effects - call function to expire temporary k/d lines
776 * This is an event started off in ircd.c
777 */
778 void
779 cleanup_tklines(void *unused)
780 {
781 hostmask_expire_temporary();
782 gecos_expire();
783 resv_expire();
784 }
785
786 /*
787 * Input: A client to find the active operator {} name for.
788 * Output: The nick!user@host{oper} of the oper.
789 * "oper" is server name for remote opers
790 * Side effects: None.
791 */
792 const char *
793 get_oper_name(const struct Client *client_p)
794 {
795 static char buffer[IRCD_BUFSIZE];
796
797 if (IsServer(client_p))
798 return client_p->name;
799
800 if (MyConnect(client_p))
801 {
802 const dlink_node *const node = client_p->connection->confs.head;
803
804 if (node)
805 {
806 const struct MaskItem *const conf = node->data;
807
808 if (conf->type == CONF_OPER)
809 {
810 snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}", client_p->name,
811 client_p->username, client_p->host, conf->name);
812 return buffer;
813 }
814 }
815
816 /*
817 * Probably should assert here for now. If there is an oper out there
818 * with no operator {} conf attached, it would be good for us to know...
819 */
820 assert(0); /* Oper without oper conf! */
821 }
822
823 snprintf(buffer, sizeof(buffer), "%s!%s@%s{%s}", client_p->name,
824 client_p->username, client_p->host, client_p->servptr->name);
825 return buffer;
826 }
827
828 /* conf_clear()
829 *
830 * inputs - none
831 * output - none
832 * side effects - Clear out the old configuration
833 */
834 static void
835 conf_clear(void)
836 {
837 dlink_node *node = NULL, *node_next = NULL;
838 dlink_list *free_items [] = {
839 &connect_items, &operator_items, NULL
840 };
841
842 dlink_list ** iterator = free_items; /* C is dumb */
843
844 /* We only need to free anything allocated by yyparse() here.
845 * Resetting structs, etc, is taken care of by conf_set_defaults().
846 */
847
848 for (; *iterator; iterator++)
849 {
850 DLINK_FOREACH_SAFE(node, node_next, (*iterator)->head)
851 {
852 struct MaskItem *conf = node->data;
853
854 conf->active = false;
855 dlinkDelete(&conf->node, *iterator);
856
857 if (!conf->ref_count)
858 conf_free(conf);
859 }
860 }
861
862 /*
863 * Don't delete the class table, rather mark all entries for deletion.
864 * The table is cleaned up by class_delete_marked. - avalon
865 */
866 class_mark_for_deletion();
867
868 clear_out_address_conf();
869
870 modules_conf_clear(); /* Clear modules {} items */
871
872 motd_clear(); /* Clear motd {} items and re-cache default motd */
873
874 cluster_clear(); /* Clear cluster {} items */
875
876 gecos_clear(); /* Clear gecos {} items */
877
878 resv_clear(); /* Clear resv {} items */
879
880 service_clear(); /* Clear service {} items */
881
882 shared_clear(); /* Clear shared {} items */
883
884 pseudo_clear(); /* Clear pseudo {} items */
885
886 /* Clean out ConfigServerInfo */
887 xfree(ConfigServerInfo.description);
888 ConfigServerInfo.description = NULL;
889 xfree(ConfigServerInfo.network_name);
890 ConfigServerInfo.network_name = NULL;
891 xfree(ConfigServerInfo.network_desc);
892 ConfigServerInfo.network_desc = NULL;
893 xfree(ConfigServerInfo.rsa_private_key_file);
894 ConfigServerInfo.rsa_private_key_file = NULL;
895 xfree(ConfigServerInfo.ssl_certificate_file);
896 ConfigServerInfo.ssl_certificate_file = NULL;
897 xfree(ConfigServerInfo.ssl_dh_param_file);
898 ConfigServerInfo.ssl_dh_param_file = NULL;
899 xfree(ConfigServerInfo.ssl_dh_elliptic_curve);
900 ConfigServerInfo.ssl_dh_elliptic_curve = NULL;
901 xfree(ConfigServerInfo.ssl_cipher_list);
902 ConfigServerInfo.ssl_cipher_list = NULL;
903 xfree(ConfigServerInfo.ssl_message_digest_algorithm);
904 ConfigServerInfo.ssl_message_digest_algorithm = NULL;
905
906 /* Clean out ConfigAdminInfo */
907 xfree(ConfigAdminInfo.name);
908 ConfigAdminInfo.name = NULL;
909 xfree(ConfigAdminInfo.email);
910 ConfigAdminInfo.email = NULL;
911 xfree(ConfigAdminInfo.description);
912 ConfigAdminInfo.description = NULL;
913
914 /* Clean out ConfigServerHide */
915 xfree(ConfigServerHide.flatten_links_file);
916 ConfigServerHide.flatten_links_file = NULL;
917 xfree(ConfigServerHide.hidden_name);
918 ConfigServerHide.hidden_name = NULL;
919
920 /* Clean out listeners */
921 listener_close_marked();
922 }
923
924 static void
925 conf_handle_tls(bool cold)
926 {
927 if (tls_new_cred() == false)
928 {
929 if (cold == true)
930 {
931 ilog(LOG_TYPE_IRCD, "Error while initializing TLS");
932 exit(EXIT_FAILURE);
933 }
934 else
935 {
936 /* Failed to load new settings/certs, old ones remain active */
937 sendto_realops_flags(UMODE_SERVNOTICE, L_ALL, SEND_NOTICE,
938 "Error reloading TLS settings, check the ircd log"); // report_crypto_errors logs this
939 }
940 }
941 }
942
943 /* read_conf_files()
944 *
945 * inputs - cold start YES or NO
946 * output - none
947 * side effects - read all conf files needed, ircd.conf kline.conf etc.
948 */
949 void
950 conf_read_files(bool cold)
951 {
952 const char *filename = NULL;
953 char chanmodes[IRCD_BUFSIZE] = "";
954 char chanlimit[IRCD_BUFSIZE] = "";
955
956 conf_parser_ctx.boot = cold;
957 filename = ConfigGeneral.configfile;
958
959 /* We need to know the initial filename for the yyerror() to report
960 FIXME: The full path is in conffilenamebuf first time since we
961 don't know anything else
962
963 - Gozem 2002-07-21
964 */
965 strlcpy(conffilebuf, filename, sizeof(conffilebuf));
966
967 if ((conf_parser_ctx.conf_file = fopen(filename, "r")) == NULL)
968 {
969 if (cold == true)
970 {
971 ilog(LOG_TYPE_IRCD, "Unable to read configuration file '%s': %s",
972 filename, strerror(errno));
973 exit(EXIT_FAILURE);
974 }
975 else
976 {
977 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
978 "Unable to read configuration file '%s': %s",
979 filename, strerror(errno));
980 return;
981 }
982 }
983
984 if (cold == false)
985 conf_clear();
986
987 conf_read(conf_parser_ctx.conf_file);
988 fclose(conf_parser_ctx.conf_file);
989
990 log_iterate(log_reopen);
991 conf_handle_tls(cold);
992
993 isupport_add("NICKLEN", NULL, ConfigServerInfo.max_nick_length);
994 isupport_add("NETWORK", ConfigServerInfo.network_name, -1);
995
996 snprintf(chanmodes, sizeof(chanmodes), "beI:%u", ConfigChannel.max_bans);
997 isupport_add("MAXLIST", chanmodes, -1);
998 isupport_add("MAXTARGETS", NULL, ConfigGeneral.max_targets);
999 isupport_add("CHANTYPES", "#", -1);
1000
1001 snprintf(chanlimit, sizeof(chanlimit), "#:%u",
1002 ConfigChannel.max_channels);
1003 isupport_add("CHANLIMIT", chanlimit, -1);
1004 snprintf(chanmodes, sizeof(chanmodes), "%s", "beI,k,l,cimnprstuCLMNORST");
1005 isupport_add("CHANNELLEN", NULL, CHANNELLEN);
1006 isupport_add("TOPICLEN", NULL, ConfigServerInfo.max_topic_length);
1007 isupport_add("CHANMODES", chanmodes, -1);
1008 }
1009
1010 /* conf_add_class_to_conf()
1011 *
1012 * inputs - pointer to config item
1013 * output - NONE
1014 * side effects - Add a class pointer to a conf
1015 */
1016 void
1017 conf_add_class_to_conf(struct MaskItem *conf, const char *name)
1018 {
1019 if (EmptyString(name) || (conf->class = class_find(name, true)) == NULL)
1020 {
1021 conf->class = class_default;
1022
1023 if (conf->type == CONF_CLIENT || conf->type == CONF_OPER)
1024 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1025 "Warning *** Defaulting to default class for %s@%s",
1026 conf->user, conf->host);
1027 else
1028 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1029 "Warning *** Defaulting to default class for %s",
1030 conf->name);
1031 }
1032 }
1033
1034 /* yyerror()
1035 *
1036 * inputs - message from parser
1037 * output - NONE
1038 * side effects - message to opers and log file entry is made
1039 */
1040 void
1041 yyerror(const char *msg)
1042 {
1043 if (conf_parser_ctx.pass != 1)
1044 return;
1045
1046 const char *p = stripws(linebuf);
1047 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1048 "\"%s\", line %u: %s: %s",
1049 conffilebuf, lineno, msg, p);
1050 ilog(LOG_TYPE_IRCD, "\"%s\", line %u: %s: %s",
1051 conffilebuf, lineno, msg, p);
1052 }
1053
1054 void
1055 conf_error_report(const char *msg)
1056 {
1057 const char *p = stripws(linebuf);
1058 sendto_realops_flags(UMODE_SERVNOTICE, L_ADMIN, SEND_NOTICE,
1059 "\"%s\", line %u: %s: %s",
1060 conffilebuf, lineno, msg, p);
1061 ilog(LOG_TYPE_IRCD, "\"%s\", line %u: %s: %s",
1062 conffilebuf, lineno, msg, p);
1063 }
1064
1065 /*
1066 * valid_tkline()
1067 *
1068 * inputs - pointer to ascii string to check
1069 * - whether the specified time is in seconds or minutes
1070 * output - -1 not enough parameters
1071 * - 0 if not an integer number, else the number
1072 * side effects - none
1073 * Originally written by Dianora (Diane, db@db.net)
1074 */
1075 uintmax_t
1076 valid_tkline(const char *data, const int minutes)
1077 {
1078 const unsigned char *p = (const unsigned char *)data;
1079 unsigned char tmpch = '\0';
1080 uintmax_t result = 0;
1081
1082 while ((tmpch = *p++))
1083 {
1084 if (!IsDigit(tmpch))
1085 return 0;
1086
1087 result *= 10;
1088 result += (tmpch & 0xF);
1089 }
1090
1091 /*
1092 * In the degenerate case where oper does a /quote kline 0 user@host :reason
1093 * i.e. they specifically use 0, I am going to return 1 instead as a return
1094 * value of non-zero is used to flag it as a temporary kline
1095 */
1096 if (result == 0)
1097 result = 1;
1098
1099 /*
1100 * If the incoming time is in seconds convert it to minutes for the purpose
1101 * of this calculation
1102 */
1103 if (minutes == 0)
1104 result = result / 60;
1105
1106 if (result > MAX_TDKLINE_TIME)
1107 result = MAX_TDKLINE_TIME;
1108
1109 result = result * 60; /* Turn it into seconds */
1110
1111 return result;
1112 }
1113
1114 /* valid_wild_card_simple()
1115 *
1116 * inputs - data to check for sufficient non-wildcard characters
1117 * outputs - 1 if valid, else 0
1118 * side effects - none
1119 */
1120 bool
1121 valid_wild_card_simple(const char *data)
1122 {
1123 const unsigned char *p = (const unsigned char *)data;
1124 unsigned char tmpch = '\0';
1125 unsigned int nonwild = 0, wild = 0;
1126
1127 while ((tmpch = *p++))
1128 {
1129 if (tmpch == '\\' && *p)
1130 {
1131 ++p;
1132 if (++nonwild >= ConfigGeneral.min_nonwildcard_simple)
1133 return true;
1134 }
1135 else if (!IsMWildChar(tmpch))
1136 {
1137 if (++nonwild >= ConfigGeneral.min_nonwildcard_simple)
1138 return true;
1139 }
1140 else
1141 ++wild;
1142 }
1143
1144 return wild == 0;
1145 }
1146
1147 /* valid_wild_card()
1148 *
1149 * input - pointer to client
1150 * - int flag, 0 for no warning oper 1 for warning oper
1151 * - count of following varargs to check
1152 * output - 0 if not valid, 1 if valid
1153 * side effects - NOTICE is given to source_p if warn is 1
1154 */
1155 bool
1156 valid_wild_card(int count, ...)
1157 {
1158 unsigned char tmpch = '\0';
1159 unsigned int nonwild = 0;
1160 va_list args;
1161
1162 /*
1163 * Now we must check the user and host to make sure there
1164 * are at least NONWILDCHARS non-wildcard characters in
1165 * them, otherwise assume they are attempting to kline
1166 * *@* or some variant of that. This code will also catch
1167 * people attempting to kline *@*.tld, as long as NONWILDCHARS
1168 * is greater than 3. In that case, there are only 3 non-wild
1169 * characters (tld), so if NONWILDCHARS is 4, the kline will
1170 * be disallowed.
1171 * -wnder
1172 */
1173
1174 va_start(args, count);
1175
1176 while (count--)
1177 {
1178 const unsigned char *p = va_arg(args, const unsigned char *);
1179 if (p == NULL)
1180 continue;
1181
1182 while ((tmpch = *p++))
1183 {
1184 if (!IsKWildChar(tmpch))
1185 {
1186 /*
1187 * If we find enough non-wild characters, we can
1188 * break - no point in searching further.
1189 */
1190 if (++nonwild >= ConfigGeneral.min_nonwildcard)
1191 {
1192 va_end(args);
1193 return true;
1194 }
1195 }
1196 }
1197 }
1198
1199 va_end(args);
1200 return false;
1201 }
1202
1203 /* XXX should this go into a separate file ? -Dianora */
1204 /* parse_aline
1205 *
1206 * input - pointer to cmd name being used
1207 * - pointer to client using cmd
1208 * - parc parameter count
1209 * - parv[] list of parameters to parse
1210 * - parse_flags bit map of things to test
1211 * - pointer to user or string to parse into
1212 * - pointer to host or NULL to parse into if non NULL
1213 * - pointer to optional tkline time or NULL
1214 * - pointer to target_server to parse into if non NULL
1215 * - pointer to reason to parse into
1216 *
1217 * output - 1 if valid, 0 if not valid
1218 * side effects - A generalised k/d/x etc. line parser,
1219 * "ALINE [time] user@host|string [ON] target :reason"
1220 * will parse returning a parsed user, host if
1221 * h_p pointer is non NULL, string otherwise.
1222 * if tkline_time pointer is non NULL a tk line will be set
1223 * to non zero if found.
1224 * if tkline_time pointer is NULL and tk line is found,
1225 * error is reported.
1226 * if target_server is NULL and an "ON" is found error
1227 * is reported.
1228 * if reason pointer is NULL ignore pointer,
1229 * this allows use of parse_a_line in unkline etc.
1230 *
1231 * - Dianora
1232 */
1233 bool
1234 parse_aline(const char *cmd, struct Client *source_p, int parc, char **parv, struct aline_ctx *aline)
1235 {
1236 static char default_reason[] = CONF_NOREASON;
1237 static char user[USERLEN * 2 + 1];
1238 static char host[HOSTLEN * 2 + 1];
1239
1240 ++parv;
1241 --parc;
1242
1243 if (aline->add == true && (aline->duration = valid_tkline(*parv, TK_MINUTES)))
1244 {
1245 ++parv;
1246 --parc;
1247 }
1248
1249 if (parc == 0)
1250 {
1251 sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, cmd);
1252 return false;
1253 }
1254
1255 if (aline->simple_mask == true)
1256 {
1257 aline->mask = *parv;
1258 aline->user = NULL;
1259 aline->host = NULL;
1260 }
1261 else
1262 {
1263 struct split_nuh_item nuh;
1264
1265 nuh.nuhmask = *parv;
1266 nuh.nickptr = NULL;
1267 nuh.userptr = user;
1268 nuh.hostptr = host;
1269
1270 nuh.nicksize = 0;
1271 nuh.usersize = sizeof(user);
1272 nuh.hostsize = sizeof(host);
1273
1274 split_nuh(&nuh);
1275
1276 aline->mask = NULL;
1277 aline->user = user;
1278 aline->host = host;
1279 }
1280
1281 ++parv;
1282 --parc;
1283
1284 if (parc)
1285 {
1286 if (irccmp(*parv, "ON") == 0)
1287 {
1288 ++parv;
1289 --parc;
1290
1291 if (!HasOFlag(source_p, OPER_FLAG_REMOTEBAN))
1292 {
1293 sendto_one_numeric(source_p, &me, ERR_NOPRIVS, "remoteban");
1294 return false;
1295 }
1296
1297 if (parc == 0 || EmptyString(*parv))
1298 {
1299 sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, cmd);
1300 return false;
1301 }
1302
1303 aline->server = *parv;
1304 ++parv;
1305 --parc;
1306 }
1307 else
1308 aline->server = NULL;
1309 }
1310
1311 if (aline->add == true)
1312 {
1313 if (parc == 0 || EmptyString(*parv))
1314 aline->reason = default_reason;
1315 else
1316 aline->reason = *parv;
1317 }
1318
1319 return true;
1320 }
1321
1322 /* match_conf_password()
1323 *
1324 * inputs - pointer to given password
1325 * - pointer to Conf
1326 * output - 1 or 0 if match
1327 * side effects - none
1328 */
1329 bool
1330 match_conf_password(const char *password, const struct MaskItem *conf)
1331 {
1332 const char *encr = NULL;
1333
1334 if (EmptyString(password) || EmptyString(conf->passwd))
1335 return false;
1336
1337 if (conf->flags & CONF_FLAGS_ENCRYPTED)
1338 encr = crypt(password, conf->passwd);
1339 else
1340 encr = password;
1341
1342 return encr && strcmp(encr, conf->passwd) == 0;
1343 }
1344
1345 /*
1346 * split_nuh
1347 *
1348 * inputs - pointer to original mask (modified in place)
1349 * - pointer to pointer where nick should go
1350 * - pointer to pointer where user should go
1351 * - pointer to pointer where host should go
1352 * output - NONE
1353 * side effects - mask is modified in place
1354 * If nick pointer is NULL, ignore writing to it
1355 * this allows us to use this function elsewhere.
1356 *
1357 * mask nick user host
1358 * ---------------------- ------- ------- ------
1359 * Dianora!db@db.net Dianora db db.net
1360 * Dianora Dianora * *
1361 * db.net * * db.net
1362 * OR if nick pointer is NULL
1363 * Dianora - * Dianora
1364 * Dianora! Dianora * *
1365 * Dianora!@ Dianora * *
1366 * Dianora!db Dianora db *
1367 * Dianora!@db.net Dianora * db.net
1368 * db@db.net * db db.net
1369 * !@ * * *
1370 * @ * * *
1371 * ! * * *
1372 */
1373 void
1374 split_nuh(struct split_nuh_item *const iptr)
1375 {
1376 char *p = NULL, *q = NULL;
1377
1378 if (iptr->nickptr)
1379 strlcpy(iptr->nickptr, "*", iptr->nicksize);
1380
1381 if (iptr->userptr)
1382 strlcpy(iptr->userptr, "*", iptr->usersize);
1383
1384 if (iptr->hostptr)
1385 strlcpy(iptr->hostptr, "*", iptr->hostsize);
1386
1387 if ((p = strchr(iptr->nuhmask, '!')))
1388 {
1389 *p = '\0';
1390
1391 if (iptr->nickptr && *iptr->nuhmask)
1392 strlcpy(iptr->nickptr, iptr->nuhmask, iptr->nicksize);
1393
1394 if ((q = strchr(++p, '@')))
1395 {
1396 *q++ = '\0';
1397
1398 if (*p)
1399 strlcpy(iptr->userptr, p, iptr->usersize);
1400
1401 if (*q)
1402 strlcpy(iptr->hostptr, q, iptr->hostsize);
1403 }
1404 else
1405 {
1406 if (*p)
1407 strlcpy(iptr->userptr, p, iptr->usersize);
1408 }
1409 }
1410 else
1411 {
1412 /* No ! found so lets look for a user@host */
1413 if ((p = strchr(iptr->nuhmask, '@')))
1414 {
1415 /* if found a @ */
1416 *p++ = '\0';
1417
1418 if (*iptr->nuhmask)
1419 strlcpy(iptr->userptr, iptr->nuhmask, iptr->usersize);
1420
1421 if (*p)
1422 strlcpy(iptr->hostptr, p, iptr->hostsize);
1423 }
1424 else
1425 {
1426 /* No @ found */
1427 if (iptr->nickptr == NULL || strpbrk(iptr->nuhmask, ".:"))
1428 strlcpy(iptr->hostptr, iptr->nuhmask, iptr->hostsize);
1429 else
1430 strlcpy(iptr->nickptr, iptr->nuhmask, iptr->nicksize);
1431 }
1432 }
1433 }

Properties

Name Value
svn:eol-style native
svn:keywords Id