X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=src%2Fngircd%2Fconf.c;h=a60a10e7a250586ce6b51e21f8b9ddb8004bba56;hb=ef3327d372c159bd2a395d6854843982a5e9c54d;hp=554fee4a92d12e973c8b1f94864c8360e1dff6cf;hpb=4ed2cb1a0248130f476ff9afd4fd4ed887fee376;p=ngircd-alex.git diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 554fee4a..a60a10e7 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -14,8 +14,6 @@ #include "portab.h" -static char UNUSED id[] = "$Id: conf.c,v 1.105 2008/03/18 20:12:47 fw Exp $"; - #include "imp.h" #include #include @@ -56,21 +54,9 @@ static CONF_SERVER New_Server; static int New_Server_Idx; -#ifdef WANT_IPV6 -/* - * these options appeared in ngircd 0.12; they are here - * for backwards compatibility. They should be removed - * in the future. Instead of setting these options, - * the "Listen" option should be set accordingly. - */ -static bool Conf_ListenIPv6; -static bool Conf_ListenIPv4; -#endif - - static void Set_Defaults PARAMS(( bool InitServers )); static bool Read_Config PARAMS(( bool ngircd_starting )); -static void Validate_Config PARAMS(( bool TestOnly, bool Rehash )); +static bool Validate_Config PARAMS(( bool TestOnly, bool Rehash )); static void Handle_GLOBAL PARAMS(( int Line, char *Var, char *Arg )); static void Handle_OPERATOR PARAMS(( int Line, char *Var, char *Arg )); @@ -84,6 +70,44 @@ static void Config_Error_TooLong PARAMS(( const int LINE, const char *Value )); static void Init_Server_Struct PARAMS(( CONF_SERVER *Server )); +#ifdef WANT_IPV6 +#define DEFAULT_LISTEN_ADDRSTR "::,0.0.0.0" +#else +#define DEFAULT_LISTEN_ADDRSTR "0.0.0.0" +#endif + +#ifdef SSL_SUPPORT +struct SSLOptions Conf_SSLOptions; + +static void +ConfSSL_Init(void) +{ + free(Conf_SSLOptions.KeyFile); + Conf_SSLOptions.KeyFile = NULL; + + free(Conf_SSLOptions.CertFile); + Conf_SSLOptions.CertFile = NULL; + + free(Conf_SSLOptions.DHFile); + Conf_SSLOptions.DHFile = NULL; + array_free_wipe(&Conf_SSLOptions.KeyFilePassword); +} + + +static void +ConfSSL_Puts(void) +{ + if (Conf_SSLOptions.KeyFile) + printf( " SSLKeyFile = %s\n", Conf_SSLOptions.KeyFile); + if (Conf_SSLOptions.CertFile) + printf( " SSLCertFile = %s\n", Conf_SSLOptions.CertFile); + if (Conf_SSLOptions.DHFile) + printf( " SSLDHFile = %s\n", Conf_SSLOptions.DHFile); + if (array_bytes(&Conf_SSLOptions.KeyFilePassword)) + puts(" SSLKeyFilePassword = " ); + array_free_wipe(&Conf_SSLOptions.KeyFilePassword); +} +#endif static char * strdup_warn(const char *str) @@ -182,11 +206,14 @@ Conf_Test( void ) struct group *grp; unsigned int i; char *topic; + bool config_valid; Use_Log = false; - Read_Config( true ); - Validate_Config(true, false); + if (! Read_Config(true)) + return 1; + + config_valid = Validate_Config(true, false); /* If stdin and stdout ("you can read our nice message and we can * read in your keypress") are valid tty's, wait for a key: */ @@ -208,10 +235,16 @@ Conf_Test( void ) printf( " MotdPhrase = %s\n", Conf_MotdPhrase ); printf( " ChrootDir = %s\n", Conf_Chroot ); printf( " PidFile = %s\n", Conf_PidFile); + printf(" Listen = %s\n", Conf_ListenAddress); fputs(" Ports = ", stdout); ports_puts(&Conf_ListenPorts); - printf(" Listen = %s\n", Conf_ListenAddress); +#ifdef SSL_SUPPORT + fputs(" SSLPorts = ", stdout); + ports_puts(&Conf_SSLOptions.ListenPorts); + ConfSSL_Puts(); +#endif + pwd = getpwuid( Conf_UID ); if( pwd ) printf( " ServerUID = %s\n", pwd->pw_name ); else printf( " ServerUID = %ld\n", (long)Conf_UID ); @@ -227,11 +260,6 @@ Conf_Test( void ) printf( " NoDNS = %s\n", yesno_to_str(Conf_NoDNS)); #ifdef WANT_IPV6 - /* both are deprecated, only mention them if their default value changed. */ - if (!Conf_ListenIPv6) - puts(" ListenIPv6 = no"); - if (!Conf_ListenIPv4) - puts(" ListenIPv4 = no"); printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); printf(" ConnectIPv6 = %s\n", yesno_to_str(Conf_ConnectIPv4)); #endif @@ -259,6 +287,9 @@ Conf_Test( void ) printf( " Name = %s\n", Conf_Server[i].name ); printf( " Host = %s\n", Conf_Server[i].host ); printf( " Port = %u\n", (unsigned int)Conf_Server[i].port ); +#ifdef SSL_SUPPORT + printf( " SSLConnect = %s\n", Conf_Server[i].SSLConnect?"yes":"no"); +#endif printf( " MyPassword = %s\n", Conf_Server[i].pwd_in ); printf( " PeerPassword = %s\n", Conf_Server[i].pwd_out ); printf( " Group = %d\n", Conf_Server[i].group ); @@ -279,7 +310,7 @@ Conf_Test( void ) printf( " Topic = %s\n\n", topic ? topic : ""); } - return 0; + return (config_valid ? 0 : 1); } /* Conf_Test */ @@ -480,9 +511,7 @@ Set_Defaults( bool InitServers ) Conf_OperServerMode = false; Conf_ConnectIPv4 = true; - Conf_ListenIPv4 = true; Conf_ConnectIPv6 = true; - Conf_ListenIPv6 = true; Conf_MaxConnections = 0; Conf_MaxConnectionsIP = 5; @@ -556,7 +585,9 @@ Read_Config( bool ngircd_starting ) strcpy( section, "" ); Init_Server_Struct( &New_Server ); New_Server_Idx = NONE; - +#ifdef SSL_SUPPORT + ConfSSL_Init(); +#endif /* Read configuration file */ while( true ) { if( ! fgets( str, LINE_LEN, fd )) break; @@ -665,18 +696,9 @@ Read_Config( bool ngircd_starting ) } } - if (!Conf_ListenAddress) { - /* no Listen addresses configured, use default */ -#ifdef WANT_IPV6 - /* Conf_ListenIPv6/4 should no longer be used */ - if (Conf_ListenIPv6 && Conf_ListenIPv4) - Conf_ListenAddress = strdup_warn("::,0.0.0.0"); - else if (Conf_ListenIPv6) - Conf_ListenAddress = strdup_warn("::"); - else -#endif - Conf_ListenAddress = strdup_warn("0.0.0.0"); - } + if (!Conf_ListenAddress) + Conf_ListenAddress = strdup_warn(DEFAULT_LISTEN_ADDRSTR); + if (!Conf_ListenAddress) { Config_Error(LOG_ALERT, "%s exiting due to fatal errors!", PACKAGE_NAME); exit(1); @@ -871,27 +893,6 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) } #ifdef WANT_IPV6 /* the default setting for all the WANT_IPV6 special options is 'true' */ - if (strcasecmp(Var, "ListenIPv6") == 0) { /* DEPRECATED, option appeared in 0.12.0 */ - /* - * listen on ipv6 sockets, if available? - * Deprecated use "Listen = 0.0.0.0" (or, rather, do not list "::") - */ - Conf_ListenIPv6 = Check_ArgIsTrue( Arg ); - Config_Error(LOG_WARNING, "%s, line %d: %s=%s is deprecated, %sinclude '::' in \"Listen =\" option instead", - NGIRCd_ConfFile, Line, Var, yesno_to_str(Conf_ListenIPv6), Conf_ListenIPv6 ? " ":"do not "); - return; - } - if (strcasecmp(Var, "ListenIPv4") == 0) { /* DEPRECATED, option appeared in 0.12.0 */ - /* - * listen on ipv4 sockets, if available? - * this allows "ipv6-only" setups - * Deprecated use "Listen = ::" (or, rather, do not list "0.0.0.0") - */ - Conf_ListenIPv4 = Check_ArgIsTrue( Arg ); - Config_Error(LOG_WARNING, "%s, line %d: %s=%s is deprecated, %sinclude '0.0.0.0' in \"Listen =\" option instead", - NGIRCd_ConfFile, Line, Var, yesno_to_str(Conf_ListenIPv4), Conf_ListenIPv4 ? " ":"do not "); - return; - } if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) { /* connect to other hosts using ipv6, if they have an AAAA record? */ Conf_ConnectIPv6 = Check_ArgIsTrue( Arg ); @@ -966,6 +967,37 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) } return; } + +#ifdef SSL_SUPPORT + if( strcasecmp( Var, "SSLPorts" ) == 0 ) { + ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg); + return; + } + + if( strcasecmp( Var, "SSLKeyFile" ) == 0 ) { + assert(Conf_SSLOptions.KeyFile == NULL ); + Conf_SSLOptions.KeyFile = strdup_warn(Arg); + return; + } + if( strcasecmp( Var, "SSLCertFile" ) == 0 ) { + assert(Conf_SSLOptions.CertFile == NULL ); + Conf_SSLOptions.CertFile = strdup_warn(Arg); + return; + } + + if( strcasecmp( Var, "SSLKeyFilePassword" ) == 0 ) { + assert(array_bytes(&Conf_SSLOptions.KeyFilePassword) == 0); + if (!array_copys(&Conf_SSLOptions.KeyFilePassword, Arg)) + Config_Error( LOG_ERR, "%s, line %d (section \"Global\"): Could not copy %s: %s!", + NGIRCd_ConfFile, Line, Var, strerror(errno)); + return; + } + if( strcasecmp( Var, "SSLDHFile" ) == 0 ) { + assert(Conf_SSLOptions.DHFile == NULL); + Conf_SSLOptions.DHFile = strdup_warn( Arg ); + return; + } +#endif Config_Error(LOG_ERR, "%s, line %d (section \"Global\"): Unknown variable \"%s\"!", NGIRCd_ConfFile, Line, Var); } /* Handle_GLOBAL */ @@ -1075,6 +1107,12 @@ Handle_SERVER( int Line, char *Var, char *Arg ) NGIRCd_ConfFile, Line, port ); return; } +#ifdef SSL_SUPPORT + if( strcasecmp( Var, "SSLConnect" ) == 0 ) { + New_Server.SSLConnect = Check_ArgIsTrue(Arg); + return; + } +#endif if( strcasecmp( Var, "Group" ) == 0 ) { /* Server group */ #ifdef HAVE_ISDIGIT @@ -1163,7 +1201,7 @@ Handle_CHANNEL( int Line, char *Var, char *Arg ) } /* Handle_CHANNEL */ -static void +static bool Validate_Config(bool Configtest, bool Rehash) { /* Validate configuration settings. */ @@ -1171,6 +1209,7 @@ Validate_Config(bool Configtest, bool Rehash) #ifdef DEBUG int i, servers, servers_once; #endif + bool config_valid = true; char *ptr; /* Validate configured server name, see RFC 2812 section 2.3.1 */ @@ -1189,6 +1228,7 @@ Validate_Config(bool Configtest, bool Rehash) if (!Conf_ServerName[0]) { /* No server name configured! */ + config_valid = false; Config_Error(LOG_ALERT, "No (valid) server name configured in \"%s\" (section 'Global': 'Name')!", NGIRCd_ConfFile); @@ -1202,6 +1242,7 @@ Validate_Config(bool Configtest, bool Rehash) if (Conf_ServerName[0] && !strchr(Conf_ServerName, '.')) { /* No dot in server name! */ + config_valid = false; Config_Error(LOG_ALERT, "Invalid server name configured in \"%s\" (section 'Global': 'Name'): Dot missing!", NGIRCd_ConfFile); @@ -1216,6 +1257,7 @@ Validate_Config(bool Configtest, bool Rehash) #ifdef STRICT_RFC if (!Conf_ServerAdminMail[0]) { /* No administrative contact configured! */ + config_valid = false; Config_Error(LOG_ALERT, "No administrator email address configured in \"%s\" ('AdminEMail')!", NGIRCd_ConfFile); @@ -1248,6 +1290,8 @@ Validate_Config(bool Configtest, bool Rehash) "Configuration: Operators=%d, Servers=%d[%d], Channels=%d", Conf_Oper_Count, servers, servers_once, Conf_Channel_Count); #endif + + return config_valid; } /* Validate_Config */