X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Fconf.c;h=16275877a8d9e95f37cbf57ac1b395d55bb86d78;hb=5a424f60dad660815d89285da9a7a07e4991461a;hp=c08183de9c1c94861b6f646bdbf341615391a652;hpb=891dbd2acc59a6d9ff6dd8a5b12e91f5a8fa20ed;p=ngircd-alex.git diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index c08183de..16275877 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -93,6 +93,12 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server )); #define DEFAULT_LISTEN_ADDRSTR "0.0.0.0" #endif +#ifdef HAVE_LIBSSL +#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH" +#endif +#ifdef HAVE_LIBGNUTLS +#define DEFAULT_CIPHERS "SECURE128" +#endif #ifdef SSL_SUPPORT @@ -117,6 +123,9 @@ ConfSSL_Init(void) array_free_wipe(&Conf_SSLOptions.KeyFilePassword); array_free(&Conf_SSLOptions.ListenPorts); + + free(Conf_SSLOptions.CipherList); + Conf_SSLOptions.CipherList = NULL; } /** @@ -207,7 +216,7 @@ ports_puts(array *a) * Parse a comma separated string into an array of port numbers (integers). */ static void -ports_parse(array *a, int Line, char *Arg) +ports_parse(array *a, const char *File, int Line, char *Arg) { char *ptr; int port; @@ -223,10 +232,10 @@ ports_parse(array *a, int Line, char *Arg) port16 = (UINT16) port; if (!array_catb(a, (char*)&port16, sizeof port16)) Config_Error(LOG_ERR, "%s, line %d Could not add port number %ld: %s", - NGIRCd_ConfFile, Line, port, strerror(errno)); + File, Line, port, strerror(errno)); } else { Config_Error( LOG_ERR, "%s, line %d (section \"Global\"): Illegal port number %ld!", - NGIRCd_ConfFile, Line, port ); + File, Line, port ); } ptr = strtok( NULL, "," ); @@ -317,7 +326,7 @@ opers_puts(void) * This function waits for a keypress of the user when stdin/stdout are valid * tty's ("you can read our nice message and we can read in your keypress"). * - * @return 0 on succes, 1 on failure(s); therefore the result code can + * @return 0 on success, 1 on failure(s); therefore the result code can * directly be used by exit() when running "ngircd --configtest". */ GLOBAL int @@ -391,6 +400,7 @@ Conf_Test( void ) puts(""); puts("[OPTIONS]"); + printf(" AllowedChannelTypes = %s\n", Conf_AllowedChannelTypes); printf(" AllowRemoteOper = %s\n", yesno_to_str(Conf_AllowRemoteOper)); printf(" ChrootDir = %s\n", Conf_Chroot); printf(" CloakHost = %s\n", Conf_CloakHost); @@ -401,6 +411,7 @@ Conf_Test( void ) printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); printf(" ConnectIPv6 = %s\n", yesno_to_str(Conf_ConnectIPv4)); #endif + printf(" DefaultUserModes = %s\n", Conf_DefaultUserModes); printf(" DNS = %s\n", yesno_to_str(Conf_DNS)); #ifdef IDENT printf(" Ident = %s\n", yesno_to_str(Conf_Ident)); @@ -415,7 +426,6 @@ Conf_Test( void ) printf(" PAM = %s\n", yesno_to_str(Conf_PAM)); printf(" PAMIsOptional = %s\n", yesno_to_str(Conf_PAMIsOptional)); #endif - printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); #ifndef STRICT_RFC printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); #endif @@ -431,6 +441,8 @@ Conf_Test( void ) puts("[SSL]"); printf(" CertFile = %s\n", Conf_SSLOptions.CertFile ? Conf_SSLOptions.CertFile : ""); + printf(" CipherList = %s\n", Conf_SSLOptions.CipherList ? + Conf_SSLOptions.CipherList : DEFAULT_CIPHERS); printf(" DHFile = %s\n", Conf_SSLOptions.DHFile ? Conf_SSLOptions.DHFile : ""); printf(" KeyFile = %s\n", Conf_SSLOptions.KeyFile @@ -521,7 +533,11 @@ Conf_UnsetServer( CONN_ID Idx ) /* "Short" connection, enforce "ConnectRetry" * but randomize it a little bit: 15 seconds. */ Conf_Server[i].lasttry = +#ifdef HAVE_ARC4RANDOM + t + (arc4random() % 15); +#else t + rand() / (RAND_MAX / 15); +#endif } } } @@ -758,6 +774,8 @@ Set_Defaults(bool InitServers) Conf_PongTimeout = 20; /* Options */ + strlcpy(Conf_AllowedChannelTypes, CHANTYPES, + sizeof(Conf_AllowedChannelTypes)); Conf_AllowRemoteOper = false; #ifndef STRICT_RFC Conf_AuthPing = false; @@ -774,6 +792,7 @@ Set_Defaults(bool InitServers) #else Conf_ConnectIPv6 = false; #endif + strcpy(Conf_DefaultUserModes, ""); Conf_DNS = true; #ifdef IDENTAUTH Conf_Ident = true; @@ -792,7 +811,6 @@ Set_Defaults(bool InitServers) Conf_PAM = false; #endif Conf_PAMIsOptional = false; - Conf_PredefChannelsOnly = false; #ifdef SYSLOG Conf_ScrubCTCP = false; #ifdef LOG_LOCAL5 @@ -827,7 +845,7 @@ no_listenports(void) /** * Read contents of a text file into an array. * - * This function is used to read the MOTD and help text file, for exampe. + * This function is used to read the MOTD and help text file, for example. * * @param filename Name of the file to read. * @return true, when the file has been read in. @@ -947,33 +965,39 @@ Read_Config(bool TestOnly, bool IsStarting) fclose(fd); if (Conf_IncludeDir[0]) { - /* Include further configuration files, if any */ dh = opendir(Conf_IncludeDir); - if (dh) { - while ((entry = readdir(dh)) != NULL) { - ptr = strrchr(entry->d_name, '.'); - if (!ptr || strcasecmp(ptr, ".conf") != 0) - continue; - snprintf(file, sizeof(file), "%s/%s", - Conf_IncludeDir, entry->d_name); - if (TestOnly) - Config_Error(LOG_INFO, - "Reading configuration from \"%s\" ...", - file); - fd = fopen(file, "r"); - if (fd) { - Read_Config_File(file, fd); - fclose(fd); - } else - Config_Error(LOG_ALERT, - "Can't read configuration \"%s\": %s", - file, strerror(errno)); - } - closedir(dh); - } else + if (!dh) Config_Error(LOG_ALERT, "Can't open include directory \"%s\": %s", Conf_IncludeDir, strerror(errno)); + } else { + strlcpy(Conf_IncludeDir, SYSCONFDIR, sizeof(Conf_IncludeDir)); + strlcat(Conf_IncludeDir, CONFIG_DIR, sizeof(Conf_IncludeDir)); + dh = opendir(Conf_IncludeDir); + } + + /* Include further configuration files, if IncludeDir is available */ + if (dh) { + while ((entry = readdir(dh)) != NULL) { + ptr = strrchr(entry->d_name, '.'); + if (!ptr || strcasecmp(ptr, ".conf") != 0) + continue; + snprintf(file, sizeof(file), "%s/%s", + Conf_IncludeDir, entry->d_name); + if (TestOnly) + Config_Error(LOG_INFO, + "Reading configuration from \"%s\" ...", + file); + fd = fopen(file, "r"); + if (fd) { + Read_Config_File(file, fd); + fclose(fd); + } else + Config_Error(LOG_ALERT, + "Can't read configuration \"%s\": %s", + file, strerror(errno)); + } + closedir(dh); } /* Check if there is still a server to add */ @@ -1018,6 +1042,10 @@ Read_Config(bool TestOnly, bool IsStarting) CheckFileReadable("CertFile", Conf_SSLOptions.CertFile); CheckFileReadable("DHFile", Conf_SSLOptions.DHFile); CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile); + + /* Set the default ciphers if none were configured */ + if (!Conf_SSLOptions.CipherList) + Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS); #endif return true; @@ -1035,7 +1063,7 @@ static void Read_Config_File(const char *File, FILE *fd) /* Read configuration file */ section[0] = '\0'; while (true) { - if (!fgets(str, LINE_LEN, fd)) + if (!fgets(str, sizeof(str), fd)) break; ngt_TrimStr(str); line++; @@ -1044,6 +1072,12 @@ static void Read_Config_File(const char *File, FILE *fd) if (str[0] == ';' || str[0] == '#' || str[0] == '\0') continue; + if (strlen(str) >= sizeof(str) - 1) { + Config_Error(LOG_WARNING, "%s, line %d too long!", + File, line); + continue; + } + /* Is this the beginning of a new section? */ if ((str[0] == '[') && (str[strlen(str) - 1] == ']')) { strlcpy(section, str, sizeof(section)); @@ -1113,7 +1147,7 @@ static void Read_Config_File(const char *File, FILE *fd) Config_Error(LOG_ERR, "%s, line %d: Unknown section \"%s\"!", - NGIRCd_ConfFile, line, section); + File, line, section); section[0] = 0x1; } if (section[0] == 0x1) @@ -1123,7 +1157,7 @@ static void Read_Config_File(const char *File, FILE *fd) ptr = strchr(str, '='); if (!ptr) { Config_Error(LOG_ERR, "%s, line %d: Syntax error!", - NGIRCd_ConfFile, line); + File, line); continue; } *ptr = '\0'; @@ -1151,7 +1185,7 @@ static void Read_Config_File(const char *File, FILE *fd) else Config_Error(LOG_ERR, "%s, line %d: Variable \"%s\" outside section!", - NGIRCd_ConfFile, line, var); + File, line, var); } } @@ -1183,7 +1217,7 @@ Check_ArgIsTrue(const char *Arg) * @returns New configured maximum nickname length. */ static unsigned int -Handle_MaxNickLength(int Line, const char *Arg) +Handle_MaxNickLength(const char *File, int Line, const char *Arg) { unsigned new; @@ -1191,13 +1225,13 @@ Handle_MaxNickLength(int Line, const char *Arg) if (new > CLIENT_NICK_LEN) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"MaxNickLength\" exceeds %u!", - NGIRCd_ConfFile, Line, CLIENT_NICK_LEN - 1); + File, Line, CLIENT_NICK_LEN - 1); return CLIENT_NICK_LEN; } if (new < 2) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"MaxNickLength\" must be at least 1!", - NGIRCd_ConfFile, Line); + File, Line); return 2; } return new; @@ -1207,14 +1241,14 @@ Handle_MaxNickLength(int Line, const char *Arg) * Output a warning messages if IDENT is configured but not compiled in. */ static void -WarnIdent(int UNUSED Line) +WarnIdent(const char UNUSED *File, int UNUSED Line) { #ifndef IDENTAUTH if (Conf_Ident) { /* user has enabled ident lookups explicitly, but ... */ Config_Error(LOG_WARNING, "%s: line %d: \"Ident = yes\", but ngircd was built without IDENT support!", - NGIRCd_ConfFile, Line); + File, Line); } #endif } @@ -1223,14 +1257,14 @@ WarnIdent(int UNUSED Line) * Output a warning messages if IPv6 is configured but not compiled in. */ static void -WarnIPv6(int UNUSED Line) +WarnIPv6(const char UNUSED *File, int UNUSED Line) { #ifndef WANT_IPV6 if (Conf_ConnectIPv6) { /* user has enabled IPv6 explicitly, but ... */ Config_Error(LOG_WARNING, "%s: line %d: \"ConnectIPv6 = yes\", but ngircd was built without IPv6 support!", - NGIRCd_ConfFile, Line); + File, Line); } #endif } @@ -1239,13 +1273,13 @@ WarnIPv6(int UNUSED Line) * Output a warning messages if PAM is configured but not compiled in. */ static void -WarnPAM(int UNUSED Line) +WarnPAM(const char UNUSED *File, int UNUSED Line) { #ifndef PAM if (Conf_PAM) { Config_Error(LOG_WARNING, "%s: line %d: \"PAM = yes\", but ngircd was built without PAM support!", - NGIRCd_ConfFile, Line); + File, Line); } #endif } @@ -1446,14 +1480,14 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) len = strlen(Arg); if (len == 0) return; - if (len >= LINE_LEN) { + if (len >= 127) { Config_Error_TooLong(File, Line, Var); return; } if (!array_copyb(&Conf_Motd, Arg, len + 1)) Config_Error(LOG_WARNING, "%s, line %d: Could not append MotdPhrase: %s", - NGIRCd_ConfFile, Line, strerror(errno)); + File, Line, strerror(errno)); Using_MotdFile = false; return; } @@ -1470,7 +1504,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) return; } if (strcasecmp(Var, "Ports") == 0) { - ports_parse(&Conf_ListenPorts, Line, Arg); + ports_parse(&Conf_ListenPorts, File, Line, Arg); return; } if (strcasecmp(Var, "ServerGID") == 0) { @@ -1482,7 +1516,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) if (!Conf_GID && strcmp(Arg, "0")) Config_Error(LOG_WARNING, "%s, line %d: Value of \"%s\" is not a valid group name or ID!", - NGIRCd_ConfFile, Line, Var); + File, Line, Var); } return; } @@ -1495,7 +1529,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) if (!Conf_UID && strcmp(Arg, "0")) Config_Error(LOG_WARNING, "%s, line %d: Value of \"%s\" is not a valid user name or ID!", - NGIRCd_ConfFile, Line, Var); + File, Line, Var); } return; } @@ -1506,11 +1540,11 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) * after marking it "deprecated"). */ Config_Error(LOG_WARNING, "%s, line %d (section \"Global\"): \"No\"-Prefix is deprecated, use \"%s = %s\" in [Options] section!", - NGIRCd_ConfFile, Line, NoNo(Var), InvertArg(Arg)); + File, Line, NoNo(Var), InvertArg(Arg)); if (strcasecmp(Var, "NoIdent") == 0) - WarnIdent(Line); + WarnIdent(File, Line); else if (strcasecmp(Var, "NoPam") == 0) - WarnPAM(Line); + WarnPAM(File, Line); return; } if ((section = CheckLegacyGlobalOption(File, Line, Var, Arg))) { @@ -1520,12 +1554,12 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) if (strncasecmp(Var, "SSL", 3) == 0) { Config_Error(LOG_WARNING, "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s and rename to \"%s\"!", - NGIRCd_ConfFile, Line, Var, section, + File, Line, Var, section, Var + 3); } else { Config_Error(LOG_WARNING, "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s!", - NGIRCd_ConfFile, Line, Var, section); + File, Line, Var, section); } return; } @@ -1553,7 +1587,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) if (Conf_ConnectRetry < 5) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"ConnectRetry\" too low!", - NGIRCd_ConfFile, Line); + File, Line); Conf_ConnectRetry = 5; } return; @@ -1583,7 +1617,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) return; } if (strcasecmp(Var, "MaxNickLength") == 0) { - Conf_MaxNickLength = Handle_MaxNickLength(Line, Arg); + Conf_MaxNickLength = Handle_MaxNickLength(File, Line, Arg); return; } if (strcasecmp(Var, "MaxListSize") == 0) { @@ -1597,7 +1631,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) if (Conf_PingTimeout < 5) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"PingTimeout\" too low!", - NGIRCd_ConfFile, Line); + File, Line); Conf_PingTimeout = 5; } return; @@ -1607,7 +1641,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) if (Conf_PongTimeout < 5) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"PongTimeout\" too low!", - NGIRCd_ConfFile, Line); + File, Line); Conf_PongTimeout = 5; } return; @@ -1627,12 +1661,37 @@ static void Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) { size_t len; + char *p; assert(File != NULL); assert(Line > 0); assert(Var != NULL); assert(Arg != NULL); + if (strcasecmp(Var, "AllowedChannelTypes") == 0) { + p = Arg; + Conf_AllowedChannelTypes[0] = '\0'; + while (*p) { + if (strchr(Conf_AllowedChannelTypes, *p)) { + /* Prefix is already included; ignore it */ + p++; + continue; + } + + if (strchr(CHANTYPES, *p)) { + len = strlen(Conf_AllowedChannelTypes) + 1; + assert(len < sizeof(Conf_AllowedChannelTypes)); + Conf_AllowedChannelTypes[len - 1] = *p; + Conf_AllowedChannelTypes[len] = '\0'; + } else { + Config_Error(LOG_WARNING, + "%s, line %d: Unknown channel prefix \"%c\" in \"AllowedChannelTypes\"!", + File, Line, *p); + } + p++; + } + return; + } if (strcasecmp(Var, "AllowRemoteOper") == 0) { Conf_AllowRemoteOper = Check_ArgIsTrue(Arg); return; @@ -1667,20 +1726,44 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) } if (strcasecmp(Var, "ConnectIPv6") == 0) { Conf_ConnectIPv6 = Check_ArgIsTrue(Arg); - WarnIPv6(Line); + WarnIPv6(File, Line); return; } if (strcasecmp(Var, "ConnectIPv4") == 0) { Conf_ConnectIPv4 = Check_ArgIsTrue(Arg); return; } + if (strcasecmp(Var, "DefaultUserModes") == 0) { + p = Arg; + Conf_DefaultUserModes[0] = '\0'; + while (*p) { + if (strchr(Conf_DefaultUserModes, *p)) { + /* Mode is already included; ignore it */ + p++; + continue; + } + + if (strchr(USERMODES, *p)) { + len = strlen(Conf_DefaultUserModes) + 1; + assert(len < sizeof(Conf_DefaultUserModes)); + Conf_DefaultUserModes[len - 1] = *p; + Conf_DefaultUserModes[len] = '\0'; + } else { + Config_Error(LOG_WARNING, + "%s, line %d: Unknown user mode \"%c\" in \"DefaultUserModes\"!", + File, Line, *p); + } + p++; + } + return; + } if (strcasecmp(Var, "DNS") == 0) { Conf_DNS = Check_ArgIsTrue(Arg); return; } if (strcasecmp(Var, "Ident") == 0) { Conf_Ident = Check_ArgIsTrue(Arg); - WarnIdent(Line); + WarnIdent(File, Line); return; } if (strcasecmp(Var, "IncludeDir") == 0) { @@ -1717,7 +1800,7 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) } if (strcasecmp(Var, "PAM") == 0) { Conf_PAM = Check_ArgIsTrue(Arg); - WarnPAM(Line); + WarnPAM(File, Line); return; } if (strcasecmp(Var, "PAMIsOptional") == 0 ) { @@ -1725,7 +1808,19 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) return; } if (strcasecmp(Var, "PredefChannelsOnly") == 0) { - Conf_PredefChannelsOnly = Check_ArgIsTrue(Arg); + /* + * TODO: This section and support for "PredefChannelsOnly" + * could be removed starting with ngIRCd release 22 (one + * release after marking it "deprecated") ... + */ + Config_Error(LOG_WARNING, + "%s, line %d (section \"Options\"): \"%s\" is deprecated, please use \"AllowedChannelTypes\"!", + File, Line, Var); + if (Check_ArgIsTrue(Arg)) + Conf_AllowedChannelTypes[0] = '\0'; + else + strlcpy(Conf_AllowedChannelTypes, CHANTYPES, + sizeof(Conf_AllowedChannelTypes)); return; } #ifndef STRICT_RFC @@ -1796,7 +1891,12 @@ Handle_SSL(const char *File, int Line, char *Var, char *Arg) return; } if (strcasecmp(Var, "Ports") == 0) { - ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg); + ports_parse(&Conf_SSLOptions.ListenPorts, File, Line, Arg); + return; + } + if (strcasecmp(Var, "CipherList") == 0) { + assert(Conf_SSLOptions.CipherList == NULL); + Conf_SSLOptions.CipherList = strdup_warn(Arg); return; } @@ -1892,15 +1992,15 @@ Handle_SERVER(const char *File, int Line, char *Var, char *Arg ) return; Config_Error(LOG_ERR, "%s, line %d (section \"Server\"): Can't parse IP address \"%s\"", - NGIRCd_ConfFile, Line, Arg); + File, Line, Arg); return; } if( strcasecmp( Var, "MyPassword" ) == 0 ) { /* Password of this server which is sent to the peer */ if (*Arg == ':') { Config_Error(LOG_ERR, - "%s, line %d (section \"Server\"): MyPassword must not start with ':'!", - NGIRCd_ConfFile, Line); + "%s, line %d (section \"Server\"): MyPassword must not start with ':'!", + File, Line); } len = strlcpy( New_Server.pwd_in, Arg, sizeof( New_Server.pwd_in )); if (len >= sizeof( New_Server.pwd_in )) @@ -1921,8 +2021,8 @@ Handle_SERVER(const char *File, int Line, char *Var, char *Arg ) New_Server.port = (UINT16)port; else Config_Error(LOG_ERR, - "%s, line %d (section \"Server\"): Illegal port number %ld!", - NGIRCd_ConfFile, Line, port ); + "%s, line %d (section \"Server\"): Illegal port number %ld!", + File, Line, port ); return; } #ifdef SSL_SUPPORT @@ -2275,7 +2375,7 @@ Conf_DebugDump(void) #endif /** - * Initialize server configuration structur to default values. + * Initialize server configuration structure to default values. * * @param Server Pointer to server structure to initialize. */