X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Fconf.c;h=62b5044c87be0daa7569846c6d07d42f1bf67417;hp=70c96092a12912c7042d4d36226f3f6b099dcb64;hb=85dc4d87770f821b777f5dbf6372956dbffc770c;hpb=5258fb7f7c3d92a35083f869bae4f05ab988d2da diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 70c96092..62b5044c 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -1,6 +1,6 @@ /* * ngIRCd -- The Next Generation IRC Daemon - * Copyright (c)2001-2013 Alexander Barton (alex@barton.de) and Contributors. + * Copyright (c)2001-2014 Alexander Barton (alex@barton.de) and Contributors. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,7 @@ * Configuration management (reading, parsing & validation) */ -#include "imp.h" #include -#include #include #ifdef PROTOTYPES # include @@ -29,23 +27,19 @@ #include #include #include +#include #include #include #include #include -#include #include -#include "array.h" #include "ngircd.h" #include "conn.h" #include "channel.h" -#include "defines.h" #include "log.h" #include "match.h" -#include "tool.h" -#include "exp.h" #include "conf.h" @@ -93,6 +87,12 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server )); #define DEFAULT_LISTEN_ADDRSTR "0.0.0.0" #endif +#ifdef HAVE_LIBSSL +#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH:!SSLv3" +#endif +#ifdef HAVE_LIBGNUTLS +#define DEFAULT_CIPHERS "SECURE128:-VERS-SSL3.0" +#endif #ifdef SSL_SUPPORT @@ -117,6 +117,9 @@ ConfSSL_Init(void) array_free_wipe(&Conf_SSLOptions.KeyFilePassword); array_free(&Conf_SSLOptions.ListenPorts); + + free(Conf_SSLOptions.CipherList); + Conf_SSLOptions.CipherList = NULL; } /** @@ -207,7 +210,7 @@ ports_puts(array *a) * Parse a comma separated string into an array of port numbers (integers). */ static void -ports_parse(array *a, int Line, char *Arg) +ports_parse(array *a, const char *File, int Line, char *Arg) { char *ptr; int port; @@ -223,10 +226,10 @@ ports_parse(array *a, int Line, char *Arg) port16 = (UINT16) port; if (!array_catb(a, (char*)&port16, sizeof port16)) Config_Error(LOG_ERR, "%s, line %d Could not add port number %ld: %s", - NGIRCd_ConfFile, Line, port, strerror(errno)); + File, Line, port, strerror(errno)); } else { Config_Error( LOG_ERR, "%s, line %d (section \"Global\"): Illegal port number %ld!", - NGIRCd_ConfFile, Line, port ); + File, Line, port ); } ptr = strtok( NULL, "," ); @@ -317,7 +320,7 @@ opers_puts(void) * This function waits for a keypress of the user when stdin/stdout are valid * tty's ("you can read our nice message and we can read in your keypress"). * - * @return 0 on succes, 1 on failure(s); therefore the result code can + * @return 0 on success, 1 on failure(s); therefore the result code can * directly be used by exit() when running "ngircd --configtest". */ GLOBAL int @@ -360,9 +363,9 @@ Conf_Test( void ) printf(" MotdPhrase = %s\n", array_bytes(&Conf_Motd) ? (const char*) array_start(&Conf_Motd) : ""); } -#ifndef PAM - printf(" Password = %s\n", Conf_ServerPwd); -#endif + printf(" Network = %s\n", Conf_Network); + if (!Conf_PAM) + printf(" Password = %s\n", Conf_ServerPwd); printf(" PidFile = %s\n", Conf_PidFile); printf(" Ports = "); ports_puts(&Conf_ListenPorts); @@ -402,13 +405,14 @@ Conf_Test( void ) printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); printf(" ConnectIPv6 = %s\n", yesno_to_str(Conf_ConnectIPv4)); #endif + printf(" DefaultUserModes = %s\n", Conf_DefaultUserModes); printf(" DNS = %s\n", yesno_to_str(Conf_DNS)); #ifdef IDENT printf(" Ident = %s\n", yesno_to_str(Conf_Ident)); #endif printf(" IncludeDir = %s\n", Conf_IncludeDir); printf(" MorePrivacy = %s\n", yesno_to_str(Conf_MorePrivacy)); - printf(" NoticeAuth = %s\n", yesno_to_str(Conf_NoticeAuth)); + printf(" NoticeBeforeRegistration = %s\n", yesno_to_str(Conf_NoticeBeforeRegistration)); printf(" OperCanUseMode = %s\n", yesno_to_str(Conf_OperCanMode)); printf(" OperChanPAutoOp = %s\n", yesno_to_str(Conf_OperChanPAutoOp)); printf(" OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); @@ -431,6 +435,8 @@ Conf_Test( void ) puts("[SSL]"); printf(" CertFile = %s\n", Conf_SSLOptions.CertFile ? Conf_SSLOptions.CertFile : ""); + printf(" CipherList = %s\n", Conf_SSLOptions.CipherList ? + Conf_SSLOptions.CipherList : DEFAULT_CIPHERS); printf(" DHFile = %s\n", Conf_SSLOptions.DHFile ? Conf_SSLOptions.DHFile : ""); printf(" KeyFile = %s\n", Conf_SSLOptions.KeyFile @@ -521,7 +527,11 @@ Conf_UnsetServer( CONN_ID Idx ) /* "Short" connection, enforce "ConnectRetry" * but randomize it a little bit: 15 seconds. */ Conf_Server[i].lasttry = +#ifdef HAVE_ARC4RANDOM + t + (arc4random() % 15); +#else t + rand() / (RAND_MAX / 15); +#endif } } } @@ -608,6 +618,7 @@ Conf_EnablePassiveServer(const char *Name) && (Conf_Server[i].port > 0)) { /* BINGO! Enable server */ Conf_Server[i].flags &= ~CONF_SFLAG_DISABLED; + Conf_Server[i].lasttry = 0; return true; } } @@ -733,6 +744,7 @@ Set_Defaults(bool InitServers) strcpy(Conf_ServerAdminMail, ""); snprintf(Conf_ServerInfo, sizeof Conf_ServerInfo, "%s %s", PACKAGE_NAME, PACKAGE_VERSION); + strcpy(Conf_Network, ""); free(Conf_ListenAddress); Conf_ListenAddress = NULL; array_free(&Conf_ListenPorts); @@ -776,6 +788,7 @@ Set_Defaults(bool InitServers) #else Conf_ConnectIPv6 = false; #endif + strcpy(Conf_DefaultUserModes, ""); Conf_DNS = true; #ifdef IDENTAUTH Conf_Ident = true; @@ -784,7 +797,7 @@ Set_Defaults(bool InitServers) #endif strcpy(Conf_IncludeDir, ""); Conf_MorePrivacy = false; - Conf_NoticeAuth = false; + Conf_NoticeBeforeRegistration = false; Conf_OperCanMode = false; Conf_OperChanPAutoOp = true; Conf_OperServerMode = false; @@ -794,8 +807,8 @@ Set_Defaults(bool InitServers) Conf_PAM = false; #endif Conf_PAMIsOptional = false; -#ifdef SYSLOG Conf_ScrubCTCP = false; +#ifdef SYSLOG #ifdef LOG_LOCAL5 Conf_SyslogFacility = LOG_LOCAL5; #else @@ -1025,15 +1038,23 @@ Read_Config(bool TestOnly, bool IsStarting) CheckFileReadable("CertFile", Conf_SSLOptions.CertFile); CheckFileReadable("DHFile", Conf_SSLOptions.DHFile); CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile); + + /* Set the default ciphers if none were configured */ + if (!Conf_SSLOptions.CipherList) + Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS); #endif return true; } /** - * ... + * Read in and handle a configuration file. + * + * @param File Name of the configuration file. + * @param fd File descriptor already opened for reading. */ -static void Read_Config_File(const char *File, FILE *fd) +static void +Read_Config_File(const char *File, FILE *fd) { char section[LINE_LEN], str[LINE_LEN], *var, *arg, *ptr; int i, line = 0; @@ -1042,7 +1063,7 @@ static void Read_Config_File(const char *File, FILE *fd) /* Read configuration file */ section[0] = '\0'; while (true) { - if (!fgets(str, LINE_LEN, fd)) + if (!fgets(str, sizeof(str), fd)) break; ngt_TrimStr(str); line++; @@ -1051,6 +1072,12 @@ static void Read_Config_File(const char *File, FILE *fd) if (str[0] == ';' || str[0] == '#' || str[0] == '\0') continue; + if (strlen(str) >= sizeof(str) - 1) { + Config_Error(LOG_WARNING, "%s, line %d too long!", + File, line); + continue; + } + /* Is this the beginning of a new section? */ if ((str[0] == '[') && (str[strlen(str) - 1] == ']')) { strlcpy(section, str, sizeof(section)); @@ -1120,7 +1147,7 @@ static void Read_Config_File(const char *File, FILE *fd) Config_Error(LOG_ERR, "%s, line %d: Unknown section \"%s\"!", - NGIRCd_ConfFile, line, section); + File, line, section); section[0] = 0x1; } if (section[0] == 0x1) @@ -1130,7 +1157,7 @@ static void Read_Config_File(const char *File, FILE *fd) ptr = strchr(str, '='); if (!ptr) { Config_Error(LOG_ERR, "%s, line %d: Syntax error!", - NGIRCd_ConfFile, line); + File, line); continue; } *ptr = '\0'; @@ -1158,7 +1185,7 @@ static void Read_Config_File(const char *File, FILE *fd) else Config_Error(LOG_ERR, "%s, line %d: Variable \"%s\" outside section!", - NGIRCd_ConfFile, line, var); + File, line, var); } } @@ -1190,7 +1217,7 @@ Check_ArgIsTrue(const char *Arg) * @returns New configured maximum nickname length. */ static unsigned int -Handle_MaxNickLength(int Line, const char *Arg) +Handle_MaxNickLength(const char *File, int Line, const char *Arg) { unsigned new; @@ -1198,13 +1225,13 @@ Handle_MaxNickLength(int Line, const char *Arg) if (new > CLIENT_NICK_LEN) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"MaxNickLength\" exceeds %u!", - NGIRCd_ConfFile, Line, CLIENT_NICK_LEN - 1); + File, Line, CLIENT_NICK_LEN - 1); return CLIENT_NICK_LEN; } if (new < 2) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"MaxNickLength\" must be at least 1!", - NGIRCd_ConfFile, Line); + File, Line); return 2; } return new; @@ -1214,14 +1241,14 @@ Handle_MaxNickLength(int Line, const char *Arg) * Output a warning messages if IDENT is configured but not compiled in. */ static void -WarnIdent(int UNUSED Line) +WarnIdent(const char UNUSED *File, int UNUSED Line) { #ifndef IDENTAUTH if (Conf_Ident) { /* user has enabled ident lookups explicitly, but ... */ Config_Error(LOG_WARNING, "%s: line %d: \"Ident = yes\", but ngircd was built without IDENT support!", - NGIRCd_ConfFile, Line); + File, Line); } #endif } @@ -1230,14 +1257,14 @@ WarnIdent(int UNUSED Line) * Output a warning messages if IPv6 is configured but not compiled in. */ static void -WarnIPv6(int UNUSED Line) +WarnIPv6(const char UNUSED *File, int UNUSED Line) { #ifndef WANT_IPV6 if (Conf_ConnectIPv6) { /* user has enabled IPv6 explicitly, but ... */ Config_Error(LOG_WARNING, "%s: line %d: \"ConnectIPv6 = yes\", but ngircd was built without IPv6 support!", - NGIRCd_ConfFile, Line); + File, Line); } #endif } @@ -1246,13 +1273,13 @@ WarnIPv6(int UNUSED Line) * Output a warning messages if PAM is configured but not compiled in. */ static void -WarnPAM(int UNUSED Line) +WarnPAM(const char UNUSED *File, int UNUSED Line) { #ifndef PAM if (Conf_PAM) { Config_Error(LOG_WARNING, "%s: line %d: \"PAM = yes\", but ngircd was built without PAM support!", - NGIRCd_ConfFile, Line); + File, Line); } #endif } @@ -1382,6 +1409,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) struct group *grp; size_t len; const char *section; + char *ptr; assert(File != NULL); assert(Line > 0); @@ -1453,17 +1481,30 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) len = strlen(Arg); if (len == 0) return; - if (len >= LINE_LEN) { + if (len >= 127) { Config_Error_TooLong(File, Line, Var); return; } if (!array_copyb(&Conf_Motd, Arg, len + 1)) Config_Error(LOG_WARNING, "%s, line %d: Could not append MotdPhrase: %s", - NGIRCd_ConfFile, Line, strerror(errno)); + File, Line, strerror(errno)); Using_MotdFile = false; return; } + if (strcasecmp(Var, "Network") == 0) { + len = strlcpy(Conf_Network, Arg, sizeof(Conf_Network)); + if (len >= sizeof(Conf_Network)) + Config_Error_TooLong(File, Line, Var); + ptr = strchr(Conf_Network, ' '); + if (ptr) { + Config_Error(LOG_WARNING, + "%s, line %d: \"Network\" can't contain spaces!", + File, Line); + *ptr = '\0'; + } + return; + } if(strcasecmp(Var, "Password") == 0) { len = strlcpy(Conf_ServerPwd, Arg, sizeof(Conf_ServerPwd)); if (len >= sizeof(Conf_ServerPwd)) @@ -1477,7 +1518,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) return; } if (strcasecmp(Var, "Ports") == 0) { - ports_parse(&Conf_ListenPorts, Line, Arg); + ports_parse(&Conf_ListenPorts, File, Line, Arg); return; } if (strcasecmp(Var, "ServerGID") == 0) { @@ -1489,7 +1530,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) if (!Conf_GID && strcmp(Arg, "0")) Config_Error(LOG_WARNING, "%s, line %d: Value of \"%s\" is not a valid group name or ID!", - NGIRCd_ConfFile, Line, Var); + File, Line, Var); } return; } @@ -1502,7 +1543,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) if (!Conf_UID && strcmp(Arg, "0")) Config_Error(LOG_WARNING, "%s, line %d: Value of \"%s\" is not a valid user name or ID!", - NGIRCd_ConfFile, Line, Var); + File, Line, Var); } return; } @@ -1513,11 +1554,11 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) * after marking it "deprecated"). */ Config_Error(LOG_WARNING, "%s, line %d (section \"Global\"): \"No\"-Prefix is deprecated, use \"%s = %s\" in [Options] section!", - NGIRCd_ConfFile, Line, NoNo(Var), InvertArg(Arg)); + File, Line, NoNo(Var), InvertArg(Arg)); if (strcasecmp(Var, "NoIdent") == 0) - WarnIdent(Line); + WarnIdent(File, Line); else if (strcasecmp(Var, "NoPam") == 0) - WarnPAM(Line); + WarnPAM(File, Line); return; } if ((section = CheckLegacyGlobalOption(File, Line, Var, Arg))) { @@ -1527,12 +1568,12 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) if (strncasecmp(Var, "SSL", 3) == 0) { Config_Error(LOG_WARNING, "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s and rename to \"%s\"!", - NGIRCd_ConfFile, Line, Var, section, + File, Line, Var, section, Var + 3); } else { Config_Error(LOG_WARNING, "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s!", - NGIRCd_ConfFile, Line, Var, section); + File, Line, Var, section); } return; } @@ -1560,7 +1601,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) if (Conf_ConnectRetry < 5) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"ConnectRetry\" too low!", - NGIRCd_ConfFile, Line); + File, Line); Conf_ConnectRetry = 5; } return; @@ -1590,7 +1631,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) return; } if (strcasecmp(Var, "MaxNickLength") == 0) { - Conf_MaxNickLength = Handle_MaxNickLength(Line, Arg); + Conf_MaxNickLength = Handle_MaxNickLength(File, Line, Arg); return; } if (strcasecmp(Var, "MaxListSize") == 0) { @@ -1604,7 +1645,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) if (Conf_PingTimeout < 5) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"PingTimeout\" too low!", - NGIRCd_ConfFile, Line); + File, Line); Conf_PingTimeout = 5; } return; @@ -1614,7 +1655,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) if (Conf_PongTimeout < 5) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"PongTimeout\" too low!", - NGIRCd_ConfFile, Line); + File, Line); Conf_PongTimeout = 5; } return; @@ -1699,20 +1740,44 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) } if (strcasecmp(Var, "ConnectIPv6") == 0) { Conf_ConnectIPv6 = Check_ArgIsTrue(Arg); - WarnIPv6(Line); + WarnIPv6(File, Line); return; } if (strcasecmp(Var, "ConnectIPv4") == 0) { Conf_ConnectIPv4 = Check_ArgIsTrue(Arg); return; } + if (strcasecmp(Var, "DefaultUserModes") == 0) { + p = Arg; + Conf_DefaultUserModes[0] = '\0'; + while (*p) { + if (strchr(Conf_DefaultUserModes, *p)) { + /* Mode is already included; ignore it */ + p++; + continue; + } + + if (strchr(USERMODES, *p)) { + len = strlen(Conf_DefaultUserModes) + 1; + assert(len < sizeof(Conf_DefaultUserModes)); + Conf_DefaultUserModes[len - 1] = *p; + Conf_DefaultUserModes[len] = '\0'; + } else { + Config_Error(LOG_WARNING, + "%s, line %d: Unknown user mode \"%c\" in \"DefaultUserModes\"!", + File, Line, *p); + } + p++; + } + return; + } if (strcasecmp(Var, "DNS") == 0) { Conf_DNS = Check_ArgIsTrue(Arg); return; } if (strcasecmp(Var, "Ident") == 0) { Conf_Ident = Check_ArgIsTrue(Arg); - WarnIdent(Line); + WarnIdent(File, Line); return; } if (strcasecmp(Var, "IncludeDir") == 0) { @@ -1732,7 +1797,19 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) return; } if (strcasecmp(Var, "NoticeAuth") == 0) { - Conf_NoticeAuth = Check_ArgIsTrue(Arg); + /* + * TODO: This section and support for "NoticeAuth" variable + * could be removed starting with ngIRCd release 24 (one + * release after marking it "deprecated") ... + */ + Config_Error(LOG_WARNING, + "%s, line %d (section \"Options\"): \"%s\" is deprecated, please use \"NoticeBeforeRegistration\"!", + File, Line, Var); + Conf_NoticeBeforeRegistration = Check_ArgIsTrue(Arg); + return; + } + if (strcasecmp(Var, "NoticeBeforeRegistration") == 0) { + Conf_NoticeBeforeRegistration = Check_ArgIsTrue(Arg); return; } if (strcasecmp(Var, "OperCanUseMode") == 0) { @@ -1749,7 +1826,7 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) } if (strcasecmp(Var, "PAM") == 0) { Conf_PAM = Check_ArgIsTrue(Arg); - WarnPAM(Line); + WarnPAM(File, Line); return; } if (strcasecmp(Var, "PAMIsOptional") == 0 ) { @@ -1840,7 +1917,12 @@ Handle_SSL(const char *File, int Line, char *Var, char *Arg) return; } if (strcasecmp(Var, "Ports") == 0) { - ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg); + ports_parse(&Conf_SSLOptions.ListenPorts, File, Line, Arg); + return; + } + if (strcasecmp(Var, "CipherList") == 0) { + assert(Conf_SSLOptions.CipherList == NULL); + Conf_SSLOptions.CipherList = strdup_warn(Arg); return; } @@ -1936,15 +2018,15 @@ Handle_SERVER(const char *File, int Line, char *Var, char *Arg ) return; Config_Error(LOG_ERR, "%s, line %d (section \"Server\"): Can't parse IP address \"%s\"", - NGIRCd_ConfFile, Line, Arg); + File, Line, Arg); return; } if( strcasecmp( Var, "MyPassword" ) == 0 ) { /* Password of this server which is sent to the peer */ if (*Arg == ':') { Config_Error(LOG_ERR, - "%s, line %d (section \"Server\"): MyPassword must not start with ':'!", - NGIRCd_ConfFile, Line); + "%s, line %d (section \"Server\"): MyPassword must not start with ':'!", + File, Line); } len = strlcpy( New_Server.pwd_in, Arg, sizeof( New_Server.pwd_in )); if (len >= sizeof( New_Server.pwd_in )) @@ -1965,8 +2047,8 @@ Handle_SERVER(const char *File, int Line, char *Var, char *Arg ) New_Server.port = (UINT16)port; else Config_Error(LOG_ERR, - "%s, line %d (section \"Server\"): Illegal port number %ld!", - NGIRCd_ConfFile, Line, port ); + "%s, line %d (section \"Server\"): Illegal port number %ld!", + File, Line, port ); return; } #ifdef SSL_SUPPORT @@ -2187,7 +2269,7 @@ Validate_Config(bool Configtest, bool Rehash) } #ifdef PAM - if (Conf_ServerPwd[0]) + if (Conf_PAM && Conf_ServerPwd[0]) Config_Error(LOG_ERR, "This server uses PAM, \"Password\" in [Global] section will be ignored!"); #endif @@ -2319,7 +2401,7 @@ Conf_DebugDump(void) #endif /** - * Initialize server configuration structur to default values. + * Initialize server configuration structure to default values. * * @param Server Pointer to server structure to initialize. */