1 |
|
/* |
2 |
|
* ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd) |
3 |
|
* |
4 |
< |
* Copyright (c) 1997-2015 ircd-hybrid development team |
4 |
> |
* Copyright (c) 1997-2016 ircd-hybrid development team |
5 |
|
* |
6 |
|
* This program is free software; you can redistribute it and/or modify |
7 |
|
* it under the terms of the GNU General Public License as published by |
28 |
|
#include "list.h" |
29 |
|
#include "ircd_defs.h" |
30 |
|
#include "conf.h" |
31 |
+ |
#include "conf_cluster.h" |
32 |
|
#include "conf_pseudo.h" |
33 |
+ |
#include "conf_shared.h" |
34 |
|
#include "server.h" |
35 |
|
#include "resv.h" |
36 |
|
#include "channel.h" |
71 |
|
/* general conf items link list root, other than k lines etc. */ |
72 |
|
dlink_list service_items; |
73 |
|
dlink_list server_items; |
72 |
– |
dlink_list cluster_items; |
74 |
|
dlink_list operator_items; |
74 |
– |
dlink_list shared_items; |
75 |
|
dlink_list gecos_items; |
76 |
|
dlink_list nresv_items; |
77 |
|
dlink_list cresv_items; |
139 |
|
case CONF_XLINE: |
140 |
|
return &gecos_items; |
141 |
|
break; |
142 |
– |
case CONF_SHARED: |
143 |
– |
return &shared_items; |
144 |
– |
break; |
142 |
|
case CONF_NRESV: |
143 |
|
return &nresv_items; |
144 |
|
break; |
154 |
|
case CONF_SERVICE: |
155 |
|
return &service_items; |
156 |
|
break; |
160 |
– |
case CONF_CLUSTER: |
161 |
– |
return &cluster_items; |
162 |
– |
break; |
157 |
|
default: |
158 |
|
return NULL; |
159 |
|
} |
162 |
|
struct MaskItem * |
163 |
|
conf_make(enum maskitem_type type) |
164 |
|
{ |
165 |
< |
struct MaskItem *const conf = MyCalloc(sizeof(*conf)); |
165 |
> |
struct MaskItem *const conf = xcalloc(sizeof(*conf)); |
166 |
|
dlink_list *list = NULL; |
167 |
|
|
168 |
|
conf->type = type; |
183 |
|
if ((list = map_to_list(conf->type))) |
184 |
|
dlinkFindDelete(list, conf); |
185 |
|
|
186 |
< |
MyFree(conf->name); |
186 |
> |
xfree(conf->name); |
187 |
|
|
188 |
|
if (conf->dns_pending) |
189 |
|
delete_resolver_queries(conf); |
194 |
|
|
195 |
|
conf->class = NULL; |
196 |
|
|
197 |
< |
MyFree(conf->passwd); |
198 |
< |
MyFree(conf->spasswd); |
199 |
< |
MyFree(conf->reason); |
200 |
< |
MyFree(conf->certfp); |
201 |
< |
MyFree(conf->whois); |
202 |
< |
MyFree(conf->user); |
203 |
< |
MyFree(conf->host); |
204 |
< |
#ifdef HAVE_LIBCRYPTO |
205 |
< |
MyFree(conf->cipher_list); |
212 |
< |
|
213 |
< |
if (conf->rsa_public_key) |
214 |
< |
RSA_free(conf->rsa_public_key); |
215 |
< |
#endif |
197 |
> |
xfree(conf->passwd); |
198 |
> |
xfree(conf->spasswd); |
199 |
> |
xfree(conf->reason); |
200 |
> |
xfree(conf->certfp); |
201 |
> |
xfree(conf->whois); |
202 |
> |
xfree(conf->user); |
203 |
> |
xfree(conf->host); |
204 |
> |
xfree(conf->cipher_list); |
205 |
> |
|
206 |
|
DLINK_FOREACH_SAFE(node, node_next, conf->hub_list.head) |
207 |
|
{ |
208 |
< |
MyFree(node->data); |
208 |
> |
xfree(node->data); |
209 |
|
dlinkDelete(node, &conf->hub_list); |
210 |
|
free_dlink_node(node); |
211 |
|
} |
212 |
|
|
213 |
|
DLINK_FOREACH_SAFE(node, node_next, conf->leaf_list.head) |
214 |
|
{ |
215 |
< |
MyFree(node->data); |
215 |
> |
xfree(node->data); |
216 |
|
dlinkDelete(node, &conf->leaf_list); |
217 |
|
free_dlink_node(node); |
218 |
|
} |
222 |
|
struct exempt *exptr = node->data; |
223 |
|
|
224 |
|
dlinkDelete(node, &conf->exempt_list); |
225 |
< |
MyFree(exptr->name); |
226 |
< |
MyFree(exptr->user); |
227 |
< |
MyFree(exptr->host); |
228 |
< |
MyFree(exptr); |
225 |
> |
xfree(exptr->name); |
226 |
> |
xfree(exptr->user); |
227 |
> |
xfree(exptr->host); |
228 |
> |
xfree(exptr); |
229 |
|
} |
230 |
|
|
231 |
< |
MyFree(conf); |
231 |
> |
xfree(conf); |
232 |
|
} |
233 |
|
|
234 |
|
/* attach_iline() |
579 |
|
break; |
580 |
|
|
581 |
|
case CONF_XLINE: |
592 |
– |
case CONF_SHARED: |
582 |
|
case CONF_NRESV: |
583 |
|
case CONF_CRESV: |
584 |
|
DLINK_FOREACH(node, list->head) |
591 |
|
{ |
592 |
|
if ((user == NULL && (host == NULL))) |
593 |
|
return conf; |
594 |
< |
if ((conf->flags & flags) != flags) |
594 |
> |
if ((conf->modes & flags) != flags) |
595 |
|
continue; |
596 |
|
if (EmptyString(conf->user) || EmptyString(conf->host)) |
597 |
|
return conf; |
639 |
|
switch(type) |
640 |
|
{ |
641 |
|
case CONF_XLINE: |
653 |
– |
case CONF_SHARED: |
642 |
|
case CONF_NRESV: |
643 |
|
case CONF_CRESV: |
644 |
|
|
750 |
|
*/ |
751 |
|
assert(class_default == class_get_list()->tail->data); |
752 |
|
|
765 |
– |
#ifdef HAVE_LIBCRYPTO |
766 |
– |
#if OPENSSL_VERSION_NUMBER >= 0x009080FFL && !defined(OPENSSL_NO_ECDH) |
767 |
– |
{ |
768 |
– |
EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
769 |
– |
|
770 |
– |
if (key) |
771 |
– |
{ |
772 |
– |
SSL_CTX_set_tmp_ecdh(ConfigServerInfo.server_ctx, key); |
773 |
– |
EC_KEY_free(key); |
774 |
– |
} |
775 |
– |
} |
776 |
– |
|
777 |
– |
SSL_CTX_set_options(ConfigServerInfo.server_ctx, SSL_OP_SINGLE_ECDH_USE); |
778 |
– |
#endif |
779 |
– |
|
780 |
– |
SSL_CTX_set_cipher_list(ConfigServerInfo.server_ctx, "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL"); |
781 |
– |
ConfigServerInfo.message_digest_algorithm = EVP_sha256(); |
782 |
– |
#endif |
783 |
– |
|
753 |
|
ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT); |
754 |
|
ConfigServerInfo.network_desc = xstrdup(NETWORK_DESC_DEFAULT); |
755 |
|
|
811 |
|
ConfigGeneral.max_nick_time = 20; |
812 |
|
ConfigGeneral.max_nick_changes = 5; |
813 |
|
ConfigGeneral.anti_spam_exit_message_time = 0; |
814 |
< |
ConfigGeneral.ts_warn_delta = TS_WARN_DELTA_DEFAULT; |
815 |
< |
ConfigGeneral.ts_max_delta = TS_MAX_DELTA_DEFAULT; |
814 |
> |
ConfigGeneral.ts_warn_delta = 30; |
815 |
> |
ConfigGeneral.ts_max_delta = 600; |
816 |
|
ConfigGeneral.warn_no_connect_block = 1; |
817 |
|
ConfigGeneral.stats_e_disabled = 0; |
818 |
|
ConfigGeneral.stats_i_oper_only = 1; /* 1 = masked */ |
840 |
|
static void |
841 |
|
validate_conf(void) |
842 |
|
{ |
874 |
– |
if (ConfigGeneral.ts_warn_delta < TS_WARN_DELTA_MIN) |
875 |
– |
ConfigGeneral.ts_warn_delta = TS_WARN_DELTA_DEFAULT; |
876 |
– |
|
877 |
– |
if (ConfigGeneral.ts_max_delta < TS_MAX_DELTA_MIN) |
878 |
– |
ConfigGeneral.ts_max_delta = TS_MAX_DELTA_DEFAULT; |
879 |
– |
|
843 |
|
if (EmptyString(ConfigServerInfo.network_name)) |
844 |
|
ConfigServerInfo.network_name = xstrdup(NETWORK_NAME_DEFAULT); |
845 |
|
|
1015 |
|
* output - pointer to static string showing oper privs |
1016 |
|
* side effects - return as string, the oper privs as derived from port |
1017 |
|
*/ |
1018 |
< |
static const struct oper_privs |
1018 |
> |
static const struct oper_flags |
1019 |
|
{ |
1020 |
|
const unsigned int flag; |
1021 |
|
const unsigned char c; |
1022 |
< |
} flag_list[] = { |
1022 |
> |
} flag_table[] = { |
1023 |
|
{ OPER_FLAG_ADMIN, 'A' }, |
1024 |
|
{ OPER_FLAG_CLOSE, 'B' }, |
1025 |
|
{ OPER_FLAG_CONNECT, 'C' }, |
1052 |
|
}; |
1053 |
|
|
1054 |
|
const char * |
1055 |
< |
oper_privs_as_string(const unsigned int port) |
1055 |
> |
oper_privs_as_string(const unsigned int flags) |
1056 |
|
{ |
1057 |
< |
static char privs_out[IRCD_BUFSIZE]; |
1058 |
< |
char *privs_ptr = privs_out; |
1057 |
> |
static char buf[sizeof(flag_table) / sizeof(struct oper_flags)]; |
1058 |
> |
char *p = buf; |
1059 |
|
|
1060 |
< |
for (const struct oper_privs *opriv = flag_list; opriv->flag; ++opriv) |
1061 |
< |
if (port & opriv->flag) |
1062 |
< |
*privs_ptr++ = opriv->c; |
1060 |
> |
for (const struct oper_flags *tab = flag_table; tab->flag; ++tab) |
1061 |
> |
if (flags & tab->flag) |
1062 |
> |
*p++ = tab->c; |
1063 |
|
|
1064 |
< |
if (privs_ptr == privs_out) |
1065 |
< |
*privs_ptr++ = '0'; |
1064 |
> |
if (p == buf) |
1065 |
> |
*p++ = '0'; |
1066 |
|
|
1067 |
< |
*privs_ptr = '\0'; |
1067 |
> |
*p = '\0'; |
1068 |
|
|
1069 |
< |
return privs_out; |
1069 |
> |
return buf; |
1070 |
|
} |
1071 |
|
|
1072 |
|
/* |
1123 |
|
dlink_node *node = NULL, *node_next = NULL; |
1124 |
|
dlink_list *free_items [] = { |
1125 |
|
&server_items, &operator_items, |
1126 |
< |
&shared_items, &gecos_items, |
1127 |
< |
&nresv_items, &cluster_items, &service_items, &cresv_items, NULL |
1126 |
> |
&gecos_items, |
1127 |
> |
&nresv_items, &service_items, &cresv_items, NULL |
1128 |
|
}; |
1129 |
|
|
1130 |
|
dlink_list ** iterator = free_items; /* C is dumb */ |
1151 |
|
} |
1152 |
|
} |
1153 |
|
|
1154 |
< |
motd_clear(); |
1154 |
> |
motd_clear(); /* Clear motd {} items and re-cache default motd */ |
1155 |
|
|
1156 |
|
/* |
1157 |
|
* Don't delete the class table, rather mark all entries for deletion. |
1161 |
|
|
1162 |
|
clear_out_address_conf(); |
1163 |
|
|
1164 |
< |
/* Clean out module paths */ |
1165 |
< |
mod_clear_paths(); |
1164 |
> |
mod_clear_paths(); /* Clear modules {} items */ |
1165 |
> |
|
1166 |
> |
motd_clear(); /* Clear motd {} items and re-cache default motd */ |
1167 |
> |
|
1168 |
> |
cluster_clear(); /* Clear cluster {} items */ |
1169 |
|
|
1170 |
< |
pseudo_clear(); |
1170 |
> |
shared_clear(); /* Clear shared {} items */ |
1171 |
> |
|
1172 |
> |
pseudo_clear(); /* Clear pseudo {} items */ |
1173 |
|
|
1174 |
|
/* Clean out ConfigServerInfo */ |
1175 |
< |
MyFree(ConfigServerInfo.description); |
1175 |
> |
xfree(ConfigServerInfo.description); |
1176 |
|
ConfigServerInfo.description = NULL; |
1177 |
< |
MyFree(ConfigServerInfo.network_name); |
1177 |
> |
xfree(ConfigServerInfo.network_name); |
1178 |
|
ConfigServerInfo.network_name = NULL; |
1179 |
< |
MyFree(ConfigServerInfo.network_desc); |
1179 |
> |
xfree(ConfigServerInfo.network_desc); |
1180 |
|
ConfigServerInfo.network_desc = NULL; |
1213 |
– |
#ifdef HAVE_LIBCRYPTO |
1214 |
– |
if (ConfigServerInfo.rsa_private_key) |
1215 |
– |
{ |
1216 |
– |
RSA_free(ConfigServerInfo.rsa_private_key); |
1217 |
– |
ConfigServerInfo.rsa_private_key = NULL; |
1218 |
– |
} |
1181 |
|
|
1182 |
< |
MyFree(ConfigServerInfo.rsa_private_key_file); |
1182 |
> |
xfree(ConfigServerInfo.rsa_private_key_file); |
1183 |
|
ConfigServerInfo.rsa_private_key_file = NULL; |
1184 |
< |
#endif |
1184 |
> |
xfree(ConfigServerInfo.ssl_certificate_file); |
1185 |
> |
ConfigServerInfo.ssl_certificate_file = NULL; |
1186 |
> |
xfree(ConfigServerInfo.ssl_dh_param_file); |
1187 |
> |
ConfigServerInfo.ssl_dh_param_file = NULL; |
1188 |
> |
xfree(ConfigServerInfo.ssl_dh_elliptic_curve); |
1189 |
> |
ConfigServerInfo.ssl_dh_elliptic_curve = NULL; |
1190 |
> |
xfree(ConfigServerInfo.ssl_cipher_list); |
1191 |
> |
ConfigServerInfo.ssl_cipher_list = NULL; |
1192 |
> |
xfree(ConfigServerInfo.ssl_message_digest_algorithm); |
1193 |
> |
ConfigServerInfo.ssl_message_digest_algorithm = NULL; |
1194 |
|
|
1195 |
|
/* Clean out ConfigAdminInfo */ |
1196 |
< |
MyFree(ConfigAdminInfo.name); |
1196 |
> |
xfree(ConfigAdminInfo.name); |
1197 |
|
ConfigAdminInfo.name = NULL; |
1198 |
< |
MyFree(ConfigAdminInfo.email); |
1198 |
> |
xfree(ConfigAdminInfo.email); |
1199 |
|
ConfigAdminInfo.email = NULL; |
1200 |
< |
MyFree(ConfigAdminInfo.description); |
1200 |
> |
xfree(ConfigAdminInfo.description); |
1201 |
|
ConfigAdminInfo.description = NULL; |
1202 |
|
|
1203 |
< |
MyFree(ConfigServerHide.flatten_links_file); |
1203 |
> |
xfree(ConfigServerHide.flatten_links_file); |
1204 |
|
ConfigServerHide.flatten_links_file = NULL; |
1205 |
|
|
1206 |
|
/* Clean out listeners */ |
1207 |
|
listener_close_marked(); |
1208 |
|
} |
1209 |
|
|
1210 |
+ |
static void |
1211 |
+ |
conf_handle_tls(int cold) |
1212 |
+ |
{ |
1213 |
+ |
if (!tls_new_cred()) |
1214 |
+ |
{ |
1215 |
+ |
if (cold) |
1216 |
+ |
{ |
1217 |
+ |
ilog(LOG_TYPE_IRCD, "Error while initializing TLS"); |
1218 |
+ |
exit(EXIT_FAILURE); |
1219 |
+ |
} |
1220 |
+ |
else |
1221 |
+ |
{ |
1222 |
+ |
/* Failed to load new settings/certs, old ones remain active */ |
1223 |
+ |
sendto_realops_flags(UMODE_SERVNOTICE, L_ALL, SEND_NOTICE, |
1224 |
+ |
"Error reloading TLS settings, check the ircd log"); // report_crypto_errors logs this |
1225 |
+ |
} |
1226 |
+ |
} |
1227 |
+ |
} |
1228 |
+ |
|
1229 |
|
/* read_conf_files() |
1230 |
|
* |
1231 |
|
* inputs - cold start YES or NO |
1274 |
|
fclose(conf_parser_ctx.conf_file); |
1275 |
|
|
1276 |
|
log_reopen_all(); |
1277 |
+ |
conf_handle_tls(cold); |
1278 |
|
|
1279 |
|
isupport_add("NICKLEN", NULL, ConfigServerInfo.max_nick_length); |
1280 |
|
isupport_add("NETWORK", ConfigServerInfo.network_name, -1); |
1287 |
|
snprintf(chanlimit, sizeof(chanlimit), "#:%u", |
1288 |
|
ConfigChannel.max_channels); |
1289 |
|
isupport_add("CHANLIMIT", chanlimit, -1); |
1290 |
< |
snprintf(chanmodes, sizeof(chanmodes), "%s", "beI,k,l,cimnprstCMORS"); |
1290 |
> |
snprintf(chanmodes, sizeof(chanmodes), "%s", "beI,k,l,cimnprstCMORST"); |
1291 |
|
isupport_add("CHANNELLEN", NULL, CHANNELLEN); |
1292 |
|
isupport_add("TOPICLEN", NULL, ConfigServerInfo.max_topic_length); |
1293 |
|
isupport_add("CHANMODES", chanmodes, -1); |
1742 |
|
} |
1743 |
|
|
1744 |
|
/* |
1754 |
– |
* cluster_a_line |
1755 |
– |
* |
1756 |
– |
* inputs - client sending the cluster |
1757 |
– |
* - command name "KLINE" "XLINE" etc. |
1758 |
– |
* - capab -- CAPAB_KLN etc. from server.h |
1759 |
– |
* - cluster type -- CLUSTER_KLINE etc. from conf.h |
1760 |
– |
* - pattern and args to send along |
1761 |
– |
* output - none |
1762 |
– |
* side effects - Take source_p send the pattern with args given |
1763 |
– |
* along to all servers that match capab and cluster type |
1764 |
– |
*/ |
1765 |
– |
void |
1766 |
– |
cluster_a_line(struct Client *source_p, const char *command, unsigned int capab, |
1767 |
– |
unsigned int cluster_type, const char *pattern, ...) |
1768 |
– |
{ |
1769 |
– |
va_list args; |
1770 |
– |
char buffer[IRCD_BUFSIZE] = ""; |
1771 |
– |
const dlink_node *node = NULL; |
1772 |
– |
|
1773 |
– |
va_start(args, pattern); |
1774 |
– |
vsnprintf(buffer, sizeof(buffer), pattern, args); |
1775 |
– |
va_end(args); |
1776 |
– |
|
1777 |
– |
DLINK_FOREACH(node, cluster_items.head) |
1778 |
– |
{ |
1779 |
– |
const struct MaskItem *conf = node->data; |
1780 |
– |
|
1781 |
– |
if (conf->flags & cluster_type) |
1782 |
– |
sendto_match_servs(source_p, conf->name, CAPAB_CLUSTER | capab, |
1783 |
– |
"%s %s %s", command, conf->name, buffer); |
1784 |
– |
} |
1785 |
– |
} |
1786 |
– |
|
1787 |
– |
/* |
1745 |
|
* split_nuh |
1746 |
|
* |
1747 |
|
* inputs - pointer to original mask (modified in place) |