X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=src%2Fngircd%2Fconf.c;h=bdbb506fcfcd39e391b6f967078804c10167a65d;hp=9ab66e54cf194b3c7afe68c90104d62e309e8ae1;hb=0fc822d8c44be42a62d3c26bbab99d5d0bc88346;hpb=d0977258ee14a5178e98c9a00c064d90f0eac9d6 diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 9ab66e54..bdbb506f 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -93,6 +93,12 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server )); #define DEFAULT_LISTEN_ADDRSTR "0.0.0.0" #endif +#ifdef HAVE_LIBSSL +#define DEFAULT_CIPHERS "HIGH:!aNULL:@STRENGTH" +#endif +#ifdef HAVE_LIBGNUTLS +#define DEFAULT_CIPHERS "SECURE128" +#endif #ifdef SSL_SUPPORT @@ -210,7 +216,7 @@ ports_puts(array *a) * Parse a comma separated string into an array of port numbers (integers). */ static void -ports_parse(array *a, int Line, char *Arg) +ports_parse(array *a, const char *File, int Line, char *Arg) { char *ptr; int port; @@ -226,10 +232,10 @@ ports_parse(array *a, int Line, char *Arg) port16 = (UINT16) port; if (!array_catb(a, (char*)&port16, sizeof port16)) Config_Error(LOG_ERR, "%s, line %d Could not add port number %ld: %s", - NGIRCd_ConfFile, Line, port, strerror(errno)); + File, Line, port, strerror(errno)); } else { Config_Error( LOG_ERR, "%s, line %d (section \"Global\"): Illegal port number %ld!", - NGIRCd_ConfFile, Line, port ); + File, Line, port ); } ptr = strtok( NULL, "," ); @@ -363,6 +369,7 @@ Conf_Test( void ) printf(" MotdPhrase = %s\n", array_bytes(&Conf_Motd) ? (const char*) array_start(&Conf_Motd) : ""); } + printf(" Network = %s\n", Conf_Network); #ifndef PAM printf(" Password = %s\n", Conf_ServerPwd); #endif @@ -435,8 +442,8 @@ Conf_Test( void ) puts("[SSL]"); printf(" CertFile = %s\n", Conf_SSLOptions.CertFile ? Conf_SSLOptions.CertFile : ""); - printf(" CipherList = %s\n", Conf_SSLOptions.CipherList - ? Conf_SSLOptions.CipherList : ""); + printf(" CipherList = %s\n", Conf_SSLOptions.CipherList ? + Conf_SSLOptions.CipherList : DEFAULT_CIPHERS); printf(" DHFile = %s\n", Conf_SSLOptions.DHFile ? Conf_SSLOptions.DHFile : ""); printf(" KeyFile = %s\n", Conf_SSLOptions.KeyFile @@ -527,7 +534,11 @@ Conf_UnsetServer( CONN_ID Idx ) /* "Short" connection, enforce "ConnectRetry" * but randomize it a little bit: 15 seconds. */ Conf_Server[i].lasttry = +#ifdef HAVE_ARC4RANDOM + t + (arc4random() % 15); +#else t + rand() / (RAND_MAX / 15); +#endif } } } @@ -739,6 +750,7 @@ Set_Defaults(bool InitServers) strcpy(Conf_ServerAdminMail, ""); snprintf(Conf_ServerInfo, sizeof Conf_ServerInfo, "%s %s", PACKAGE_NAME, PACKAGE_VERSION); + strcpy(Conf_Network, ""); free(Conf_ListenAddress); Conf_ListenAddress = NULL; array_free(&Conf_ListenPorts); @@ -1032,6 +1044,10 @@ Read_Config(bool TestOnly, bool IsStarting) CheckFileReadable("CertFile", Conf_SSLOptions.CertFile); CheckFileReadable("DHFile", Conf_SSLOptions.DHFile); CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile); + + /* Set the default ciphers if none were configured */ + if (!Conf_SSLOptions.CipherList) + Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS); #endif return true; @@ -1049,7 +1065,7 @@ static void Read_Config_File(const char *File, FILE *fd) /* Read configuration file */ section[0] = '\0'; while (true) { - if (!fgets(str, LINE_LEN, fd)) + if (!fgets(str, sizeof(str), fd)) break; ngt_TrimStr(str); line++; @@ -1058,6 +1074,12 @@ static void Read_Config_File(const char *File, FILE *fd) if (str[0] == ';' || str[0] == '#' || str[0] == '\0') continue; + if (strlen(str) >= sizeof(str) - 1) { + Config_Error(LOG_WARNING, "%s, line %d too long!", + File, line); + continue; + } + /* Is this the beginning of a new section? */ if ((str[0] == '[') && (str[strlen(str) - 1] == ']')) { strlcpy(section, str, sizeof(section)); @@ -1127,7 +1149,7 @@ static void Read_Config_File(const char *File, FILE *fd) Config_Error(LOG_ERR, "%s, line %d: Unknown section \"%s\"!", - NGIRCd_ConfFile, line, section); + File, line, section); section[0] = 0x1; } if (section[0] == 0x1) @@ -1137,7 +1159,7 @@ static void Read_Config_File(const char *File, FILE *fd) ptr = strchr(str, '='); if (!ptr) { Config_Error(LOG_ERR, "%s, line %d: Syntax error!", - NGIRCd_ConfFile, line); + File, line); continue; } *ptr = '\0'; @@ -1165,7 +1187,7 @@ static void Read_Config_File(const char *File, FILE *fd) else Config_Error(LOG_ERR, "%s, line %d: Variable \"%s\" outside section!", - NGIRCd_ConfFile, line, var); + File, line, var); } } @@ -1197,7 +1219,7 @@ Check_ArgIsTrue(const char *Arg) * @returns New configured maximum nickname length. */ static unsigned int -Handle_MaxNickLength(int Line, const char *Arg) +Handle_MaxNickLength(const char *File, int Line, const char *Arg) { unsigned new; @@ -1205,13 +1227,13 @@ Handle_MaxNickLength(int Line, const char *Arg) if (new > CLIENT_NICK_LEN) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"MaxNickLength\" exceeds %u!", - NGIRCd_ConfFile, Line, CLIENT_NICK_LEN - 1); + File, Line, CLIENT_NICK_LEN - 1); return CLIENT_NICK_LEN; } if (new < 2) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"MaxNickLength\" must be at least 1!", - NGIRCd_ConfFile, Line); + File, Line); return 2; } return new; @@ -1221,14 +1243,14 @@ Handle_MaxNickLength(int Line, const char *Arg) * Output a warning messages if IDENT is configured but not compiled in. */ static void -WarnIdent(int UNUSED Line) +WarnIdent(const char UNUSED *File, int UNUSED Line) { #ifndef IDENTAUTH if (Conf_Ident) { /* user has enabled ident lookups explicitly, but ... */ Config_Error(LOG_WARNING, "%s: line %d: \"Ident = yes\", but ngircd was built without IDENT support!", - NGIRCd_ConfFile, Line); + File, Line); } #endif } @@ -1237,14 +1259,14 @@ WarnIdent(int UNUSED Line) * Output a warning messages if IPv6 is configured but not compiled in. */ static void -WarnIPv6(int UNUSED Line) +WarnIPv6(const char UNUSED *File, int UNUSED Line) { #ifndef WANT_IPV6 if (Conf_ConnectIPv6) { /* user has enabled IPv6 explicitly, but ... */ Config_Error(LOG_WARNING, "%s: line %d: \"ConnectIPv6 = yes\", but ngircd was built without IPv6 support!", - NGIRCd_ConfFile, Line); + File, Line); } #endif } @@ -1253,13 +1275,13 @@ WarnIPv6(int UNUSED Line) * Output a warning messages if PAM is configured but not compiled in. */ static void -WarnPAM(int UNUSED Line) +WarnPAM(const char UNUSED *File, int UNUSED Line) { #ifndef PAM if (Conf_PAM) { Config_Error(LOG_WARNING, "%s: line %d: \"PAM = yes\", but ngircd was built without PAM support!", - NGIRCd_ConfFile, Line); + File, Line); } #endif } @@ -1389,6 +1411,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) struct group *grp; size_t len; const char *section; + char *ptr; assert(File != NULL); assert(Line > 0); @@ -1460,17 +1483,30 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) len = strlen(Arg); if (len == 0) return; - if (len >= LINE_LEN) { + if (len >= 127) { Config_Error_TooLong(File, Line, Var); return; } if (!array_copyb(&Conf_Motd, Arg, len + 1)) Config_Error(LOG_WARNING, "%s, line %d: Could not append MotdPhrase: %s", - NGIRCd_ConfFile, Line, strerror(errno)); + File, Line, strerror(errno)); Using_MotdFile = false; return; } + if (strcasecmp(Var, "Network") == 0) { + len = strlcpy(Conf_Network, Arg, sizeof(Conf_Network)); + if (len >= sizeof(Conf_Network)) + Config_Error_TooLong(File, Line, Var); + ptr = strchr(Conf_Network, ' '); + if (ptr) { + Config_Error(LOG_WARNING, + "%s, line %d: \"Network\" can't contain spaces!", + File, Line); + *ptr = '\0'; + } + return; + } if(strcasecmp(Var, "Password") == 0) { len = strlcpy(Conf_ServerPwd, Arg, sizeof(Conf_ServerPwd)); if (len >= sizeof(Conf_ServerPwd)) @@ -1484,7 +1520,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) return; } if (strcasecmp(Var, "Ports") == 0) { - ports_parse(&Conf_ListenPorts, Line, Arg); + ports_parse(&Conf_ListenPorts, File, Line, Arg); return; } if (strcasecmp(Var, "ServerGID") == 0) { @@ -1496,7 +1532,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) if (!Conf_GID && strcmp(Arg, "0")) Config_Error(LOG_WARNING, "%s, line %d: Value of \"%s\" is not a valid group name or ID!", - NGIRCd_ConfFile, Line, Var); + File, Line, Var); } return; } @@ -1509,7 +1545,7 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) if (!Conf_UID && strcmp(Arg, "0")) Config_Error(LOG_WARNING, "%s, line %d: Value of \"%s\" is not a valid user name or ID!", - NGIRCd_ConfFile, Line, Var); + File, Line, Var); } return; } @@ -1520,11 +1556,11 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) * after marking it "deprecated"). */ Config_Error(LOG_WARNING, "%s, line %d (section \"Global\"): \"No\"-Prefix is deprecated, use \"%s = %s\" in [Options] section!", - NGIRCd_ConfFile, Line, NoNo(Var), InvertArg(Arg)); + File, Line, NoNo(Var), InvertArg(Arg)); if (strcasecmp(Var, "NoIdent") == 0) - WarnIdent(Line); + WarnIdent(File, Line); else if (strcasecmp(Var, "NoPam") == 0) - WarnPAM(Line); + WarnPAM(File, Line); return; } if ((section = CheckLegacyGlobalOption(File, Line, Var, Arg))) { @@ -1534,12 +1570,12 @@ Handle_GLOBAL(const char *File, int Line, char *Var, char *Arg ) if (strncasecmp(Var, "SSL", 3) == 0) { Config_Error(LOG_WARNING, "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s and rename to \"%s\"!", - NGIRCd_ConfFile, Line, Var, section, + File, Line, Var, section, Var + 3); } else { Config_Error(LOG_WARNING, "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s!", - NGIRCd_ConfFile, Line, Var, section); + File, Line, Var, section); } return; } @@ -1567,7 +1603,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) if (Conf_ConnectRetry < 5) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"ConnectRetry\" too low!", - NGIRCd_ConfFile, Line); + File, Line); Conf_ConnectRetry = 5; } return; @@ -1597,7 +1633,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) return; } if (strcasecmp(Var, "MaxNickLength") == 0) { - Conf_MaxNickLength = Handle_MaxNickLength(Line, Arg); + Conf_MaxNickLength = Handle_MaxNickLength(File, Line, Arg); return; } if (strcasecmp(Var, "MaxListSize") == 0) { @@ -1611,7 +1647,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) if (Conf_PingTimeout < 5) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"PingTimeout\" too low!", - NGIRCd_ConfFile, Line); + File, Line); Conf_PingTimeout = 5; } return; @@ -1621,7 +1657,7 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg) if (Conf_PongTimeout < 5) { Config_Error(LOG_WARNING, "%s, line %d: Value of \"PongTimeout\" too low!", - NGIRCd_ConfFile, Line); + File, Line); Conf_PongTimeout = 5; } return; @@ -1706,7 +1742,7 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) } if (strcasecmp(Var, "ConnectIPv6") == 0) { Conf_ConnectIPv6 = Check_ArgIsTrue(Arg); - WarnIPv6(Line); + WarnIPv6(File, Line); return; } if (strcasecmp(Var, "ConnectIPv4") == 0) { @@ -1743,7 +1779,7 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) } if (strcasecmp(Var, "Ident") == 0) { Conf_Ident = Check_ArgIsTrue(Arg); - WarnIdent(Line); + WarnIdent(File, Line); return; } if (strcasecmp(Var, "IncludeDir") == 0) { @@ -1780,7 +1816,7 @@ Handle_OPTIONS(const char *File, int Line, char *Var, char *Arg) } if (strcasecmp(Var, "PAM") == 0) { Conf_PAM = Check_ArgIsTrue(Arg); - WarnPAM(Line); + WarnPAM(File, Line); return; } if (strcasecmp(Var, "PAMIsOptional") == 0 ) { @@ -1871,7 +1907,7 @@ Handle_SSL(const char *File, int Line, char *Var, char *Arg) return; } if (strcasecmp(Var, "Ports") == 0) { - ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg); + ports_parse(&Conf_SSLOptions.ListenPorts, File, Line, Arg); return; } if (strcasecmp(Var, "CipherList") == 0) { @@ -1972,15 +2008,15 @@ Handle_SERVER(const char *File, int Line, char *Var, char *Arg ) return; Config_Error(LOG_ERR, "%s, line %d (section \"Server\"): Can't parse IP address \"%s\"", - NGIRCd_ConfFile, Line, Arg); + File, Line, Arg); return; } if( strcasecmp( Var, "MyPassword" ) == 0 ) { /* Password of this server which is sent to the peer */ if (*Arg == ':') { Config_Error(LOG_ERR, - "%s, line %d (section \"Server\"): MyPassword must not start with ':'!", - NGIRCd_ConfFile, Line); + "%s, line %d (section \"Server\"): MyPassword must not start with ':'!", + File, Line); } len = strlcpy( New_Server.pwd_in, Arg, sizeof( New_Server.pwd_in )); if (len >= sizeof( New_Server.pwd_in )) @@ -2001,8 +2037,8 @@ Handle_SERVER(const char *File, int Line, char *Var, char *Arg ) New_Server.port = (UINT16)port; else Config_Error(LOG_ERR, - "%s, line %d (section \"Server\"): Illegal port number %ld!", - NGIRCd_ConfFile, Line, port ); + "%s, line %d (section \"Server\"): Illegal port number %ld!", + File, Line, port ); return; } #ifdef SSL_SUPPORT