From eb463ef30979d79bc3482f8b49129af357547b26 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 16:10:14 +0200 Subject: [PATCH 001/113] chm_operonly extension: use Unreal's numeric (520) irssi still does not recognize this properly, oh well --- extensions/chm_operonly.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/chm_operonly.c b/extensions/chm_operonly.c index b46fd8ac6..5de15b3d4 100644 --- a/extensions/chm_operonly.c +++ b/extensions/chm_operonly.c @@ -58,7 +58,7 @@ h_can_join(hook_data_channel *data) struct Channel *chptr = data->chptr; if((chptr->mode.mode & chmode_flags['O']) && !IsOper(source_p)) { - sendto_one_notice(source_p, ":Only IRC Operators could join this channel!"); + sendto_one_numeric(source_p, 520, "%s :Cannot join channel (+O) - you are not an IRC operator", chptr->chname); data->approved = ERR_CUSTOM; } } From 095efcf0fc054a9cedcb14155058f7371e1ff178 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 17:55:23 +0200 Subject: [PATCH 002/113] Use channel_modes() to convert a new channel's modes to a string. --- modules/core/m_join.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/core/m_join.c b/modules/core/m_join.c index ff4750f33..5f8b98116 100644 --- a/modules/core/m_join.c +++ b/modules/core/m_join.c @@ -137,6 +137,7 @@ m_join(struct Client *client_p, struct Client *source_p, int parc, const char *p struct ConfItem *aconf; char *name; char *key = NULL; + const char *modes; int i, flags = 0; char *p = NULL, *p2 = NULL; char *chanlist; @@ -341,16 +342,18 @@ m_join(struct Client *client_p, struct Client *source_p, int parc, const char *p chptr->channelts = rb_current_time(); chptr->mode.mode |= MODE_TOPICLIMIT; chptr->mode.mode |= MODE_NOPRIVMSGS; + modes = channel_modes(chptr, &me); - sendto_channel_local(ONLY_CHANOPS, chptr, ":%s MODE %s +nt", - me.name, chptr->chname); + sendto_channel_local(ONLY_CHANOPS, chptr, ":%s MODE %s %s", + me.name, chptr->chname, modes); if(*chptr->chname == '#') { sendto_server(client_p, chptr, CAP_TS6, NOCAPS, - ":%s SJOIN %ld %s +nt :@%s", + ":%s SJOIN %ld %s %s :@%s", me.id, (long) chptr->channelts, - chptr->chname, source_p->id); + chptr->chname, modes, + source_p->id); } } else From db2545b11e343818fced4e2df843463e8b2e7970 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 18:11:36 +0200 Subject: [PATCH 003/113] Remove an unnecessary check for &channels -- sendto_server() already does it. --- modules/core/m_join.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/modules/core/m_join.c b/modules/core/m_join.c index 5f8b98116..2f51663d2 100644 --- a/modules/core/m_join.c +++ b/modules/core/m_join.c @@ -347,14 +347,10 @@ m_join(struct Client *client_p, struct Client *source_p, int parc, const char *p sendto_channel_local(ONLY_CHANOPS, chptr, ":%s MODE %s %s", me.name, chptr->chname, modes); - if(*chptr->chname == '#') - { - sendto_server(client_p, chptr, CAP_TS6, NOCAPS, - ":%s SJOIN %ld %s %s :@%s", - me.id, (long) chptr->channelts, - chptr->chname, modes, - source_p->id); - } + sendto_server(client_p, chptr, CAP_TS6, NOCAPS, + ":%s SJOIN %ld %s %s :@%s", + me.id, (long) chptr->channelts, + chptr->chname, modes, source_p->id); } else { From 41d7fefad121b82b1e2a6f599e7dcb9eec05d82b Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 21:56:05 +0200 Subject: [PATCH 004/113] Fix some part of IPv6 dline checking. --- src/listener.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/listener.c b/src/listener.c index 60289fb2c..884155839 100644 --- a/src/listener.c +++ b/src/listener.c @@ -512,7 +512,7 @@ accept_precallback(rb_fde_t *F, struct sockaddr *addr, rb_socklen_t addrlen, voi return 0; } - aconf = find_dline(addr, AF_INET); + aconf = find_dline(addr, addr->sa_family); if(aconf != NULL && (aconf->status & CONF_EXEMPTDLINE)) return 1; From 59c3d09ab5b8bd8625e4e5376fa955831c5c24a7 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 22:25:17 +0200 Subject: [PATCH 005/113] Fix testline crashes, introduced by the auth_user patch. --- modules/m_testline.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/m_testline.c b/modules/m_testline.c index 993e995d5..0bcba6ea3 100644 --- a/modules/m_testline.c +++ b/modules/m_testline.c @@ -193,7 +193,8 @@ mo_testline(struct Client *client_p, struct Client *source_p, int parc, const ch if(aconf && aconf->status & CONF_CLIENT) { sendto_one_numeric(source_p, RPL_STATSILINE, form_str(RPL_STATSILINE), - aconf->name, show_iline_prefix(source_p, aconf, aconf->user), + aconf->name, EmptyString(aconf->spasswd) ? "" : aconf->spasswd, + show_iline_prefix(source_p, aconf, aconf->user), aconf->host, aconf->port, aconf->className); return 0; } From 4679c2c1cc0bcdbc1a2ecaba62d2d9edfa5b1a1c Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 22:47:53 +0200 Subject: [PATCH 006/113] Fix rejectcache and unknown_count. Unfortunately they are checked after SSL setup. --- src/listener.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/listener.c b/src/listener.c index 884155839..b5e7869ee 100644 --- a/src/listener.c +++ b/src/listener.c @@ -435,9 +435,10 @@ close_listeners() * any client list yet. */ static void -add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl, int exempt) +add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl) { struct Client *new_client; + struct ConfItem *aconf; s_assert(NULL != listener); /* @@ -467,7 +468,9 @@ add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, voi ++listener->ref_count; - if(!exempt) + /* XXX these should be done in accept_precallback */ + aconf = find_dline(sai, sai->sa_family); + if(aconf == NULL || aconf->status & CONF_EXEMPTDLINE) { if(check_reject(new_client)) return; @@ -549,7 +552,7 @@ accept_ssld(rb_fde_t *F, struct sockaddr *addr, struct sockaddr *laddr, struct L rb_fde_t *xF[2]; rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Incoming ssld Connection"); ctl = start_ssld_accept(F, xF[1], rb_get_fd(xF[0])); /* this will close F for us */ - add_connection(listener, xF[0], addr, ctl, 1); + add_connection(listener, xF[0], addr, ctl); } static void @@ -571,5 +574,5 @@ accept_callback(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t add if(listener->ssl) accept_ssld(F, addr, (struct sockaddr *)&lip, listener); else - add_connection(listener, F, addr, NULL, 1); + add_connection(listener, F, addr, NULL); } From 43946961df9e7703c8877e4bbd9181507422429d Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 1 Aug 2008 01:59:08 +0200 Subject: [PATCH 007/113] Move to ratbox3 reject and throttle code. Throttle replaces max_unknown_ip, reject is like before (including the charybdis-specific unkline handling). Both of these now apply before SSL negotiation. This commit does not include the global_cidr and new dline code. m_webirc is a bit nasty with throttling (unlike before with max_unknown_ip), this may be fixed later (or the webirc IP needs to be exempt{}ed). --- doc/reference.conf | 10 ++- extensions/m_webirc.c | 1 - include/reject.h | 15 ++-- include/s_conf.h | 3 +- modules/m_info.c | 12 +++ modules/m_stats.c | 2 +- src/client.c | 1 - src/listener.c | 23 ++--- src/newconf.c | 3 +- src/reject.c | 195 +++++++++++++++++++++++------------------- src/s_conf.c | 3 +- src/s_serv.c | 1 - src/s_user.c | 1 - 13 files changed, 150 insertions(+), 120 deletions(-) diff --git a/doc/reference.conf b/doc/reference.conf index 4d5448057..0b64947bf 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -1153,10 +1153,14 @@ general { /* reject duration: the amount of time to cache the rejection */ reject_duration = 5 minutes; - /* max_unknown_ip: maximum number of pending connections to the server - * that are allowed per IP address + /* throttle_duration: Amount of time that throttling will be applied to an IP + * address. */ - max_unknown_ip = 2; + throttle_duration = 60; + + /* throttle_count: Number of connections within throttle_duration that it takes + * for throttling to take effect */ + throttle_count = 4; }; modules { diff --git a/extensions/m_webirc.c b/extensions/m_webirc.c index 735be1ed5..584de6738 100644 --- a/extensions/m_webirc.c +++ b/extensions/m_webirc.c @@ -125,7 +125,6 @@ mr_webirc(struct Client *client_p, struct Client *source_p, int parc, const char else rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host)); - del_unknown_ip(source_p); rb_inet_pton_sock(parv[4], (struct sockaddr *)&source_p->localClient->ip); /* Check dlines now, klines will be checked on registration */ diff --git a/include/reject.h b/include/reject.h index 2a36f9a36..0f559bc14 100644 --- a/include/reject.h +++ b/include/reject.h @@ -3,7 +3,7 @@ * reject.h: header to a file which rejects users with prejudice * * Copyright (C) 2003 Aaron Sethman - * Copyright (C) 2003-2004 ircd-ratbox development team + * Copyright (C) 2003-2005 ircd-ratbox development team * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,11 +17,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * USA * * - * $Id: reject.h 3446 2007-05-14 22:21:16Z jilles $ + * $Id: reject.h 25056 2008-02-06 20:47:40Z androsyn $ */ #ifndef INCLUDED_reject_h #define INCLUDED_reject_h @@ -29,17 +29,16 @@ /* amount of time to delay a rejected clients exit */ #define DELAYED_EXIT_TIME 10 -extern rb_dlink_list delay_exit; - void init_reject(void); -int check_reject(struct Client *); +int check_reject(rb_fde_t *F, struct sockaddr *addr); void add_reject(struct Client *, const char *mask1, const char *mask2); void flush_reject(void); int remove_reject_ip(const char *ip); int remove_reject_mask(const char *mask1, const char *mask2); +unsigned long delay_exit_length(void); + +int throttle_add(struct sockaddr *addr); -int add_unknown_ip(struct Client *client_p); -void del_unknown_ip(struct Client *client_p); #endif diff --git a/include/s_conf.h b/include/s_conf.h index 8ce8f01df..5e6834f34 100644 --- a/include/s_conf.h +++ b/include/s_conf.h @@ -210,12 +210,13 @@ struct config_file_entry int reject_ban_time; int reject_after_count; int reject_duration; + int throttle_count; + int throttle_duration; int target_change; int collision_fnc; int default_umodes; int global_snotices; int operspy_dont_care_user_info; - int max_unknown_ip; }; struct config_channel_entry diff --git a/modules/m_info.c b/modules/m_info.c index 870fe1219..03671b43f 100644 --- a/modules/m_info.c +++ b/modules/m_info.c @@ -446,6 +446,18 @@ static struct InfoStruct info_table[] = { &ConfigFileEntry.stats_y_oper_only, "STATS Y is only shown to operators", }, + { + "throttle_count", + OUTPUT_DECIMAL, + &ConfigFileEntry.throttle_count, + "Connection throttle threshold", + }, + { + "throttle_duration", + OUTPUT_DECIMAL, + &ConfigFileEntry.throttle_duration, + "Connection throttle duration", + }, { "tkline_expire_notices", OUTPUT_BOOLEAN, diff --git a/modules/m_stats.c b/modules/m_stats.c index 92fc3f24c..b5738a743 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -875,7 +875,7 @@ stats_tstats (struct Client *source_p) "T :accepts %u refused %u", sp.is_ac, sp.is_ref); sendto_one_numeric(source_p, RPL_STATSDEBUG, "T :rejected %u delaying %lu", - sp.is_rej, rb_dlink_list_length(&delay_exit)); + sp.is_rej, delay_exit_length()); sendto_one_numeric(source_p, RPL_STATSDEBUG, "T :nicks being delayed %lu", get_nd_count()); diff --git a/src/client.c b/src/client.c index a1fd820f5..8e8dd6810 100644 --- a/src/client.c +++ b/src/client.c @@ -1280,7 +1280,6 @@ exit_unknown_client(struct Client *client_p, struct Client *source_p, struct Cli delete_resolver_queries(source_p->localClient->dnsquery); rb_free(source_p->localClient->dnsquery); } - del_unknown_ip(source_p); rb_dlinkDelete(&source_p->localClient->tnode, &unknown_list); if(!IsIOError(source_p)) diff --git a/src/listener.c b/src/listener.c index b5e7869ee..0849ab63d 100644 --- a/src/listener.c +++ b/src/listener.c @@ -438,7 +438,6 @@ static void add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl) { struct Client *new_client; - struct ConfItem *aconf; s_assert(NULL != listener); /* @@ -468,19 +467,11 @@ add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, voi ++listener->ref_count; - /* XXX these should be done in accept_precallback */ - aconf = find_dline(sai, sai->sa_family); - if(aconf == NULL || aconf->status & CONF_EXEMPTDLINE) - { - if(check_reject(new_client)) - return; - if(add_unknown_ip(new_client)) - return; - } - start_auth(new_client); } +static const char *toofast = "ERROR :Reconnecting too fast, throttled.\r\n"; + static int accept_precallback(rb_fde_t *F, struct sockaddr *addr, rb_socklen_t addrlen, void *data) { @@ -542,6 +533,16 @@ accept_precallback(rb_fde_t *F, struct sockaddr *addr, rb_socklen_t addrlen, voi return 0; } + if(check_reject(F, addr)) + return 0; + + if(throttle_add(addr)) + { + rb_write(F, toofast, strlen(toofast)); + rb_close(F); + return 0; + } + return 1; } diff --git a/src/newconf.c b/src/newconf.c index 92671f393..ed2dd9d3b 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -2064,7 +2064,6 @@ static struct ConfEntry conf_general_table[] = { "max_nick_time", CF_TIME, NULL, 0, &ConfigFileEntry.max_nick_time }, { "max_nick_changes", CF_INT, NULL, 0, &ConfigFileEntry.max_nick_changes }, { "max_targets", CF_INT, NULL, 0, &ConfigFileEntry.max_targets }, - { "max_unknown_ip", CF_INT, NULL, 0, &ConfigFileEntry.max_unknown_ip }, { "min_nonwildcard", CF_INT, NULL, 0, &ConfigFileEntry.min_nonwildcard }, { "nick_delay", CF_TIME, NULL, 0, &ConfigFileEntry.nick_delay }, { "no_oper_flood", CF_YESNO, NULL, 0, &ConfigFileEntry.no_oper_flood }, @@ -2076,6 +2075,8 @@ static struct ConfEntry conf_general_table[] = { "reject_after_count", CF_INT, NULL, 0, &ConfigFileEntry.reject_after_count }, { "reject_ban_time", CF_TIME, NULL, 0, &ConfigFileEntry.reject_ban_time }, { "reject_duration", CF_TIME, NULL, 0, &ConfigFileEntry.reject_duration }, + { "throttle_count", CF_INT, NULL, 0, &ConfigFileEntry.throttle_count }, + { "throttle_duration", CF_TIME, NULL, 0, &ConfigFileEntry.throttle_duration }, { "short_motd", CF_YESNO, NULL, 0, &ConfigFileEntry.short_motd }, { "stats_c_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_c_oper_only }, { "stats_e_disabled", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_e_disabled }, diff --git a/src/reject.c b/src/reject.c index d2422a4c7..87ec31844 100644 --- a/src/reject.c +++ b/src/reject.c @@ -17,70 +17,79 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * USA * - * $Id: reject.c 3456 2007-05-18 19:14:18Z jilles $ + * $Id: reject.c 25119 2008-03-13 16:57:05Z androsyn $ */ #include "stdinc.h" -#include "config.h" #include "client.h" #include "s_conf.h" #include "reject.h" #include "s_stats.h" -#include "msg.h" +#include "ircd.h" +#include "send.h" +#include "numeric.h" +#include "parse.h" +#include "hostmask.h" +#include "match.h" #include "hash.h" +static rb_patricia_tree_t *global_tree; static rb_patricia_tree_t *reject_tree; -rb_dlink_list delay_exit; +static rb_dlink_list delay_exit; static rb_dlink_list reject_list; +static rb_dlink_list throttle_list; +static rb_patricia_tree_t *throttle_tree; +static void throttle_expires(void *unused); -static rb_patricia_tree_t *unknown_tree; -struct reject_data +typedef struct _reject_data { rb_dlink_node rnode; time_t time; unsigned int count; uint32_t mask_hashv; -}; +} reject_t; + +typedef struct _delay_data +{ + rb_dlink_node node; + rb_fde_t *F; +} delay_t; + +typedef struct _throttle +{ + rb_dlink_node node; + time_t last; + int count; +} throttle_t; + +unsigned long +delay_exit_length(void) +{ + return rb_dlink_list_length(&delay_exit); +} static void reject_exit(void *unused) { - struct Client *client_p; rb_dlink_node *ptr, *ptr_next; - + delay_t *ddata; + static const char *errbuf = "ERROR :Closing Link: (*** Banned (cache))\r\n"; + RB_DLINK_FOREACH_SAFE(ptr, ptr_next, delay_exit.head) { - client_p = ptr->data; - if(IsDead(client_p)) - continue; + ddata = ptr->data; - /* this MUST be here, to prevent the possibility - * sendto_one() generates a write error, and then a client - * ends up on the dead_list and the abort_list --fl - * - * new disconnect notice stolen from ircu --nenolod - * no, this only happens when someone's IP has some - * ban on it and rejects them rather longer than the - * ircu message suggests --jilles - */ - if(!IsIOError(client_p)) - { - if(IsExUnknown(client_p)) - sendto_one(client_p, "ERROR :Closing Link: %s (*** Too many unknown connections)", client_p->host); - else - sendto_one(client_p, "ERROR :Closing Link: %s (*** Banned (cache))", client_p->host); - } - close_connection(client_p); - SetDead(client_p); - rb_dlinkAddAlloc(client_p, &dead_list); + rb_write(ddata->F, errbuf, strlen(errbuf)); + rb_close(ddata->F); + rb_free(ddata); } - delay_exit.head = delay_exit.tail = NULL; - delay_exit.length = 0; + delay_exit.head = delay_exit.tail = NULL; + delay_exit.length = 0; } static void @@ -88,7 +97,7 @@ reject_expires(void *unused) { rb_dlink_node *ptr, *next; rb_patricia_node_t *pnode; - struct reject_data *rdata; + reject_t *rdata; RB_DLINK_FOREACH_SAFE(ptr, next, reject_list.head) { @@ -108,9 +117,10 @@ void init_reject(void) { reject_tree = rb_new_patricia(PATRICIA_BITS); - unknown_tree = rb_new_patricia(PATRICIA_BITS); + throttle_tree = rb_new_patricia(PATRICIA_BITS); rb_event_add("reject_exit", reject_exit, NULL, DELAYED_EXIT_TIME); rb_event_add("reject_expires", reject_expires, NULL, 60); + rb_event_add("throttle_expires", throttle_expires, NULL, 10); } @@ -118,18 +128,18 @@ void add_reject(struct Client *client_p, const char *mask1, const char *mask2) { rb_patricia_node_t *pnode; - struct reject_data *rdata; + reject_t *rdata; uint32_t hashv; /* Reject is disabled */ - if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0) + if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_duration == 0) return; hashv = 0; if (mask1 != NULL) - hashv ^= fnv_hash_upper(mask1, 32); + hashv ^= fnv_hash_upper((const unsigned char *)mask1, 32); if (mask2 != NULL) - hashv ^= fnv_hash_upper(mask2, 32); + hashv ^= fnv_hash_upper((const unsigned char *)mask2, 32); if((pnode = rb_match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL) { @@ -141,11 +151,11 @@ add_reject(struct Client *client_p, const char *mask1, const char *mask2) { int bitlen = 32; #ifdef RB_IPV6 - if(client_p->localClient->ip.ss_family == AF_INET6) + if(GET_SS_FAMILY(&client_p->localClient->ip) == AF_INET6) bitlen = 128; #endif pnode = make_and_lookup_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip, bitlen); - pnode->data = rdata = rb_malloc(sizeof(struct reject_data)); + pnode->data = rdata = rb_malloc(sizeof(reject_t)); rb_dlinkAddTail(pnode, &rdata->rnode, &reject_list); rdata->time = rb_current_time(); rdata->count = 1; @@ -154,29 +164,28 @@ add_reject(struct Client *client_p, const char *mask1, const char *mask2) } int -check_reject(struct Client *client_p) +check_reject(rb_fde_t *F, struct sockaddr *addr) { rb_patricia_node_t *pnode; - struct reject_data *rdata; - + reject_t *rdata; + delay_t *ddata; /* Reject is disabled */ - if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0 || - ConfigFileEntry.reject_duration == 0) + if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_duration == 0) return 0; - pnode = rb_match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip); + pnode = rb_match_ip(reject_tree, addr); if(pnode != NULL) { rdata = pnode->data; rdata->time = rb_current_time(); - if(rdata->count > ConfigFileEntry.reject_after_count) + if(rdata->count > (unsigned long)ConfigFileEntry.reject_after_count) { + ddata = rb_malloc(sizeof(delay_t)); ServerStats.is_rej++; - SetReject(client_p); - rb_setselect(client_p->localClient->F, RB_SELECT_WRITE | RB_SELECT_READ, NULL, NULL); - SetClosing(client_p); - rb_dlinkMoveNode(&client_p->localClient->tnode, &unknown_list, &delay_exit); + rb_setselect(F, RB_SELECT_WRITE | RB_SELECT_READ, NULL, NULL); + ddata->F = F; + rb_dlinkAdd(ddata, &ddata->node, &delay_exit); return 1; } } @@ -189,7 +198,7 @@ flush_reject(void) { rb_dlink_node *ptr, *next; rb_patricia_node_t *pnode; - struct reject_data *rdata; + reject_t *rdata; RB_DLINK_FOREACH_SAFE(ptr, next, reject_list.head) { @@ -207,13 +216,12 @@ remove_reject_ip(const char *ip) rb_patricia_node_t *pnode; /* Reject is disabled */ - if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0 || - ConfigFileEntry.reject_duration == 0) + if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_duration == 0) return -1; if((pnode = rb_match_string(reject_tree, ip)) != NULL) { - struct reject_data *rdata = pnode->data; + reject_t *rdata = pnode->data; rb_dlinkDelete(&rdata->rnode, &reject_list); rb_free(rdata); rb_patricia_remove(reject_tree, pnode); @@ -227,15 +235,15 @@ remove_reject_mask(const char *mask1, const char *mask2) { rb_dlink_node *ptr, *next; rb_patricia_node_t *pnode; - struct reject_data *rdata; + reject_t *rdata; uint32_t hashv; int n = 0; hashv = 0; if (mask1 != NULL) - hashv ^= fnv_hash_upper(mask1, 32); + hashv ^= fnv_hash_upper((const unsigned char *)mask1, 32); if (mask2 != NULL) - hashv ^= fnv_hash_upper(mask2, 32); + hashv ^= fnv_hash_upper((const unsigned char *)mask2, 32); RB_DLINK_FOREACH_SAFE(ptr, next, reject_list.head) { pnode = ptr->data; @@ -251,50 +259,57 @@ remove_reject_mask(const char *mask1, const char *mask2) return n; } - int -add_unknown_ip(struct Client *client_p) +throttle_add(struct sockaddr *addr) { + throttle_t *t; rb_patricia_node_t *pnode; - if((pnode = rb_match_ip(unknown_tree, (struct sockaddr *)&client_p->localClient->ip)) == NULL) + if((pnode = rb_match_ip(throttle_tree, addr)) != NULL) { + t = pnode->data; + + if(t->count > ConfigFileEntry.throttle_count) + return 1; + + /* Stop penalizing them after they've been throttled */ + t->last = rb_current_time(); + t->count++; + + } else { int bitlen = 32; #ifdef RB_IPV6 - if(client_p->localClient->ip.ss_family == AF_INET6) + if(GET_SS_FAMILY(addr) == AF_INET6) bitlen = 128; #endif - pnode = make_and_lookup_ip(unknown_tree, (struct sockaddr *)&client_p->localClient->ip, bitlen); - pnode->data = (void *)0; - } - - if((unsigned long)pnode->data >= ConfigFileEntry.max_unknown_ip) - { - SetExUnknown(client_p); - SetReject(client_p); - rb_setselect(client_p->localClient->F, RB_SELECT_WRITE | RB_SELECT_READ, NULL, NULL); - SetClosing(client_p); - rb_dlinkMoveNode(&client_p->localClient->tnode, &unknown_list, &delay_exit); - return 1; - } - - pnode->data = (void *)((unsigned long)pnode->data + 1); - + t = rb_malloc(sizeof(throttle_t)); + t->last = rb_current_time(); + t->count = 1; + pnode = make_and_lookup_ip(throttle_tree, addr, bitlen); + pnode->data = t; + rb_dlinkAdd(pnode, &t->node, &throttle_list); + } return 0; } -void -del_unknown_ip(struct Client *client_p) +static void +throttle_expires(void *unused) { + rb_dlink_node *ptr, *next; rb_patricia_node_t *pnode; - - if((pnode = rb_match_ip(unknown_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL) + throttle_t *t; + + RB_DLINK_FOREACH_SAFE(ptr, next, throttle_list.head) { - pnode->data = (void *)((unsigned long)pnode->data - 1); - if((unsigned long)pnode->data <= 0) - { - rb_patricia_remove(unknown_tree, pnode); - } + pnode = ptr->data; + t = pnode->data; + + if(t->last + ConfigFileEntry.throttle_duration > rb_current_time()) + continue; + + rb_dlinkDelete(ptr, &throttle_list); + rb_free(t); + rb_patricia_remove(throttle_tree, pnode); } - /* this can happen due to m_webirc.c's manipulations, for example */ } + diff --git a/src/s_conf.c b/src/s_conf.c index f27c6aba9..71f1c56c1 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -820,7 +820,8 @@ set_default_conf(void) ConfigFileEntry.reject_after_count = 5; ConfigFileEntry.reject_ban_time = 300; ConfigFileEntry.reject_duration = 120; - ConfigFileEntry.max_unknown_ip = 2; + ConfigFileEntry.throttle_count = 4; + ConfigFileEntry.throttle_duration = 60; ServerInfo.default_max_clients = MAXCONNECTIONS; } diff --git a/src/s_serv.c b/src/s_serv.c index daff36c78..e29fdba03 100644 --- a/src/s_serv.c +++ b/src/s_serv.c @@ -760,7 +760,6 @@ server_estab(struct Client *client_p) set_chcap_usage_counts(client_p); rb_dlinkAdd(client_p, &client_p->lnode, &me.serv->servers); - del_unknown_ip(client_p); rb_dlinkMoveNode(&client_p->localClient->tnode, &unknown_list, &serv_list); rb_dlinkAddTailAlloc(client_p, &global_serv_list); diff --git a/src/s_user.c b/src/s_user.c index 6407c0512..57f3432e1 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -527,7 +527,6 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char Count.invisi++; s_assert(!IsClient(source_p)); - del_unknown_ip(source_p); rb_dlinkMoveNode(&source_p->localClient->tnode, &unknown_list, &lclient_list); SetClient(source_p); From cc49daee1afafc754fb9801c37eab9f8c1dd72ea Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 1 Aug 2008 02:54:36 +0200 Subject: [PATCH 008/113] Update example.conf for max_unknown_ip->throttle. --- doc/example.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/example.conf b/doc/example.conf index 5e02e0dfa..48df57c51 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -460,7 +460,8 @@ general { reject_ban_time = 1 minute; reject_after_count = 3; reject_duration = 5 minutes; - max_unknown_ip = 2; + throttle_duration = 60; + throttle_count = 4; }; modules { From 72cedbce85418695bbe70c99b147b9078e627635 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 1 Aug 2008 17:00:00 -0500 Subject: [PATCH 009/113] rb_setup_fd_ports(): use correct prototype. --- libratbox/src/ports.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libratbox/src/ports.c b/libratbox/src/ports.c index 2bfcbbe1f..353b07b7f 100644 --- a/libratbox/src/ports.c +++ b/libratbox/src/ports.c @@ -45,7 +45,7 @@ static port_event_t *pelst; /* port buffer */ static int pemax; /* max structs to buffer */ int -rb_setup_fd_ports(int fd) +rb_setup_fd_ports(rb_fde_t *F) { return 0; } From 0bb036c05f9db49b62daeafaf7574415560ad227 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 1 Aug 2008 17:02:58 -0500 Subject: [PATCH 010/113] Add *sunos* conditional to solaris section for opensolaris, and add -D_XPG4_2 -D__EXTENSIONS__ to CFLAGS on these platforms. --- libratbox/configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libratbox/configure.ac b/libratbox/configure.ac index 86588c896..c6c40e589 100644 --- a/libratbox/configure.ac +++ b/libratbox/configure.ac @@ -80,7 +80,8 @@ case "$host_os" in CPPFLAGS="$CFLAGS -D_ALL_SOURCE -D_XOPEN_SOURCE=500" ;; *solaris*) - CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS" +*sunos*) + CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS -D_XPG4_2 -D__EXTENSIONS__" ;; *) ;; From 5f4f06c87ab77c8ff29061c8357832e8a39bc878 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 1 Aug 2008 17:03:18 -0500 Subject: [PATCH 011/113] Rerun autoconf. --- libratbox/configure | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libratbox/configure b/libratbox/configure index af408af2f..ab3c1ed53 100755 --- a/libratbox/configure +++ b/libratbox/configure @@ -21357,7 +21357,8 @@ fi CPPFLAGS="$CFLAGS -D_ALL_SOURCE -D_XOPEN_SOURCE=500" ;; *solaris*) - CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS" +*sunos*) + CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS -D_XPG4_2 -D__EXTENSIONS__" ;; *) ;; From d90702c9aac0cdf7a8e7a6670bdd55b0754e5d8d Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 2 Aug 2008 02:09:16 +0200 Subject: [PATCH 012/113] Fix shell syntax. --- libratbox/configure.ac | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libratbox/configure.ac b/libratbox/configure.ac index c6c40e589..b51ecb1b1 100644 --- a/libratbox/configure.ac +++ b/libratbox/configure.ac @@ -79,8 +79,7 @@ case "$host_os" in *interix*) CPPFLAGS="$CFLAGS -D_ALL_SOURCE -D_XOPEN_SOURCE=500" ;; -*solaris*) -*sunos*) +*solaris*|*sunos*) CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS -D_XPG4_2 -D__EXTENSIONS__" ;; *) From e5334f35e656a727cd50b3f80fcdba68932f484f Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 2 Aug 2008 02:09:23 +0200 Subject: [PATCH 013/113] Rerun autoconf. --- libratbox/configure | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libratbox/configure b/libratbox/configure index ab3c1ed53..c0875e3bc 100755 --- a/libratbox/configure +++ b/libratbox/configure @@ -21356,8 +21356,7 @@ fi *interix*) CPPFLAGS="$CFLAGS -D_ALL_SOURCE -D_XOPEN_SOURCE=500" ;; -*solaris*) -*sunos*) +*solaris*|*sunos*) CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS -D_XPG4_2 -D__EXTENSIONS__" ;; *) From 75f2de73207a3e9886e4bc5c86c656a36b5e823b Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 01:34:59 +0400 Subject: [PATCH 014/113] added privilege system and some new hooks in TODO --- TODO | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/TODO b/TODO index 77198bfc7..66ca9535c 100644 --- a/TODO +++ b/TODO @@ -22,10 +22,9 @@ [ ] acknowledgement message for SSL users like '* *** You are connected using SSL cipher "DHE RSA-AES 128 CBC-SHA"' [x] tool for generating ssl certificates and other stuff [x] gnutls backend for at least SSL connections (replacing libcrypto use in m_challenge would be nice too) -[/] merge some stuff from ircd-seven directly (to be determined what) +[x] merge some stuff from ircd-seven directly (to be determined what) [x] remote d:lines support [x] PASS selector:password for auth{} (useful for dynamic IPs) - [ ] +C (noctcp) channel/usermode [F] kline/xline/resv sync [F] make an ability of using bandb instead of .conf files as bans storage [x] drop non-TS6 (legacy protocol) support @@ -36,10 +35,21 @@ [x] some example modules [ ] think on how could we append privilege checking for simple chmode - like chm_staff, but additionaly limited (e. g. IsOperResv etc); possibly move the same code for all functions into separated one and make it extern? + another idea is too make that work with privilege groups, like "serveradmins" or "ircops" [ ] make nick/user/host validation functions/match tables able to work in separated modules, this will help us making support for native characters sets/slashes in host etc [ ] auth checker module [ ] resolver module + [ ] hooks + [ ] can_kick + which modules could we add in charybdis distro? + [ ] can_send_channel + [?] +C (ctcp) + [ ] can_send_user + [?] +C (ctcp) + [ ] privilege system for privilege groups, something like + in .conf: helper { kill_global, rehash, kline_local } + in modules: privilege_add("kill_global"), has_privilege("kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely [/] Bug fixes [x] Compilation without zlib headers fails - fixed From 3c77978bcdd7f1e68968a09822ec685628f4ad66 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 01:37:18 +0400 Subject: [PATCH 015/113] oups, missed param for has_privilege example function in TODO --- TODO | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TODO b/TODO index 66ca9535c..445d05c28 100644 --- a/TODO +++ b/TODO @@ -49,7 +49,7 @@ [?] +C (ctcp) [ ] privilege system for privilege groups, something like in .conf: helper { kill_global, rehash, kline_local } - in modules: privilege_add("kill_global"), has_privilege("kill_global") etc, should work the way dynamic cflags/umodes done + in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely [/] Bug fixes [x] Compilation without zlib headers fails - fixed From 6b67766849cf394e3ddb4e8580a7a95051f776c1 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 21:45:30 +0400 Subject: [PATCH 016/113] Removed global_tree declaration as unused from reject.c --- src/reject.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/reject.c b/src/reject.c index 87ec31844..b5035c656 100644 --- a/src/reject.c +++ b/src/reject.c @@ -36,7 +36,6 @@ #include "match.h" #include "hash.h" -static rb_patricia_tree_t *global_tree; static rb_patricia_tree_t *reject_tree; static rb_dlink_list delay_exit; static rb_dlink_list reject_list; From 392ae75ca9cd308a4c4ff9e152131d7435fbf949 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 21:51:15 +0400 Subject: [PATCH 017/113] Moved extern chmode_flags declaration from channel.h to chmode.h, as it's actually declared in the second one --- include/channel.h | 2 -- include/chmode.h | 2 ++ src/channel.c | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/channel.h b/include/channel.h index 236f49cf9..b4da1b6ed 100644 --- a/include/channel.h +++ b/include/channel.h @@ -255,8 +255,6 @@ extern void send_cap_mode_changes(struct Client *client_p, struct Client *source extern void set_channel_mode(struct Client *client_p, struct Client *source_p, struct Channel *chptr, struct membership *msptr, int parc, const char *parv[]); -extern int chmode_flags[256]; - extern struct ChannelMode chmode_table[256]; extern int add_id(struct Client *source_p, struct Channel *chptr, const char *banid, diff --git a/include/chmode.h b/include/chmode.h index e3b386b9c..a9c04a64e 100644 --- a/include/chmode.h +++ b/include/chmode.h @@ -34,6 +34,8 @@ */ #define ERR_CUSTOM 1000 +extern int chmode_flags[256]; + extern void chm_nosuch(struct Client *source_p, struct Channel *chptr, int alevel, int parc, int *parn, const char **parv, int *errors, int dir, char c, long mode_type); diff --git a/src/channel.c b/src/channel.c index e3e2c060b..52e4b50de 100644 --- a/src/channel.c +++ b/src/channel.c @@ -26,6 +26,7 @@ #include "stdinc.h" #include "channel.h" +#include "chmode.h" #include "client.h" #include "common.h" #include "hash.h" From fc8942feefc75ef3598e5937faf30c5793743177 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 21:59:58 +0400 Subject: [PATCH 018/113] Restricted +O (operonly) channel mode to be set only by ircops (chm_staff) --- extensions/chm_operonly.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/chm_operonly.c b/extensions/chm_operonly.c index 5de15b3d4..4912e5a74 100644 --- a/extensions/chm_operonly.c +++ b/extensions/chm_operonly.c @@ -28,7 +28,7 @@ _modinit(void) { /* add the channel mode to the available slot */ chmode_table['O'].mode_type = find_cflag_slot(); - chmode_table['O'].set_func = chm_simple; + chmode_table['O'].set_func = chm_staff; construct_noparam_modes(); From 6643434b59d0c4d93cae49749a5b887216e99d2f Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 6 Aug 2008 23:12:02 +0400 Subject: [PATCH 019/113] from ircd-ratbox r25799 by androsyn: give a bit more info when libratbox calls logging callbacks --- src/ircd.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/ircd.c b/src/ircd.c index cd20e7506..371d2b4b4 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -447,12 +447,13 @@ setup_corefile(void) static void ircd_log_cb(const char *str) { - ilog(L_MAIN, "%s", str); + ilog(L_MAIN, "libratbox reports: %s", str); } static void ircd_restart_cb(const char *str) { + ilog(L_MAIN, "libratbox has called the restart callback: %s", str); restart(str); } @@ -469,9 +470,11 @@ ircd_die_cb(const char *str) if(str != NULL) { /* Try to get the message out to currently logged in operators. */ - sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Server panic! %s", str); - inotice("server panic: %s", str); + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "libratbox has called the die callback..aborting: %s", str); + inotice("libratbox has called the die callback..aborting: %s", str); } + else + ilog(L_MAIN, "libratbox has called the die callback..aborting"); unlink(pidFileName); exit(EXIT_FAILURE); From 1a7848d87a89d19925d2ab5acfd0abb63d926dd8 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 6 Aug 2008 23:57:45 +0400 Subject: [PATCH 020/113] ilog -> inotice in ircd_restart_cb (ircd.c) --- CREDITS | 2 +- TODO | 1 + src/ircd.c | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CREDITS b/CREDITS index 97d1e95e2..8e19badcc 100644 --- a/CREDITS +++ b/CREDITS @@ -7,7 +7,7 @@ network configurations. The charybdis core team is listed in nick-alphabetical order: -dwr, Valery Yatsko +dwr, Valery Yatsko gxti, Michael Tharp jilles, Jilles Tjoelker nenolod, William Pitcock diff --git a/TODO b/TODO index 445d05c28..065879ae2 100644 --- a/TODO +++ b/TODO @@ -29,6 +29,7 @@ [F] make an ability of using bandb instead of .conf files as bans storage [x] drop non-TS6 (legacy protocol) support [F] Doxygen code documentation +[?] Patch or core-feature - libguess on-fly any-charset-to-utf8 translation [/] module engine rework [/] more beautiful way of adding new channel modes by module [x] basic functionality diff --git a/src/ircd.c b/src/ircd.c index 371d2b4b4..9089ae805 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -453,7 +453,7 @@ ircd_log_cb(const char *str) static void ircd_restart_cb(const char *str) { - ilog(L_MAIN, "libratbox has called the restart callback: %s", str); + inotice(L_MAIN, "libratbox has called the restart callback: %s", str); restart(str); } @@ -474,7 +474,7 @@ ircd_die_cb(const char *str) inotice("libratbox has called the die callback..aborting: %s", str); } else - ilog(L_MAIN, "libratbox has called the die callback..aborting"); + inotice(L_MAIN, "libratbox has called the die callback..aborting"); unlink(pidFileName); exit(EXIT_FAILURE); From b9249347117e7ef8775e511e0f3808ecb71797ef Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Fri, 8 Aug 2008 20:01:52 +0400 Subject: [PATCH 021/113] fixed typo in sslproc.c --- src/sslproc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sslproc.c b/src/sslproc.c index 5c2b46630..4f9af8bb3 100644 --- a/src/sslproc.c +++ b/src/sslproc.c @@ -234,7 +234,7 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co if(ssld_spin_count > 20 && (rb_current_time() - last_spin < 5)) { - ilog(L_MAIN, "ssld helper is spinning - will attempt to restart in 5 minutes"); + ilog(L_MAIN, "ssld helper is spinning - will attempt to restart in 1 minute"); sendto_realops_snomask(SNO_GENERAL, L_ALL, "ssld helper is spinning - will attempt to restart in 1 minute"); rb_event_add("restart_ssld_event", restart_ssld_event, NULL, 60); ssld_wait = 1; From 1be74e60380f14c9bcf41b910d8ea849c4f6d9fa Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Fri, 8 Aug 2008 20:06:00 +0400 Subject: [PATCH 022/113] TODO: test suite as in ircu? should include configuration files & certificates for setting up local debug network containing 3 servers in it + possibly configuration file for test services (atheme)? --- TODO | 1 + 1 file changed, 1 insertion(+) diff --git a/TODO b/TODO index 065879ae2..8dd0cb972 100644 --- a/TODO +++ b/TODO @@ -52,6 +52,7 @@ in .conf: helper { kill_global, rehash, kline_local } in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely +[?] test suite as in ircu [/] Bug fixes [x] Compilation without zlib headers fails - fixed [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage From b89f5f48458a0c354b683ee081f9f0772be1352f Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 9 Aug 2008 15:38:31 +0200 Subject: [PATCH 023/113] Add conf files to be used for automated testing. --- testsuite/ircd.conf.1 | 92 +++++++++++++++++++++++++++++++++++++++++++ testsuite/ircd.conf.2 | 92 +++++++++++++++++++++++++++++++++++++++++++ testsuite/ircd.conf.3 | 92 +++++++++++++++++++++++++++++++++++++++++++ testsuite/startall.sh | 8 ++++ 4 files changed, 284 insertions(+) create mode 100644 testsuite/ircd.conf.1 create mode 100644 testsuite/ircd.conf.2 create mode 100644 testsuite/ircd.conf.3 create mode 100755 testsuite/startall.sh diff --git a/testsuite/ircd.conf.1 b/testsuite/ircd.conf.1 new file mode 100644 index 000000000..a91ecd1e0 --- /dev/null +++ b/testsuite/ircd.conf.1 @@ -0,0 +1,92 @@ +loadmodule "extensions/extb_account.so"; +loadmodule "extensions/extb_channel.so"; +loadmodule "extensions/extb_oper.so"; +loadmodule "extensions/extb_realname.so"; +loadmodule "extensions/extb_server.so"; +#loadmodule "extensions/ip_cloaking.so"; +loadmodule "extensions/sno_farconnect.so"; +loadmodule "extensions/sno_globalkline.so"; +#loadmodule "extensions/sno_globaloper.so"; + +serverinfo { + name = "testsuite1."; + sid = "1TT"; + description = "Testsuite"; + network_name = "Testsuite"; + network_desc = "Testing"; + hub = yes; + vhost = "127.0.0.1"; +}; + +admin { + name = "Here"; + description = "Charybdis testsuite server"; + email = "root@localhost"; +}; + +class "users" { + ping_time = 5 minutes; + number_per_ip = 100; + max_number = 200; + sendq = 100kb; +}; + +class "server" { + ping_time = 5 minutes; + connectfreq = 5 minutes; + max_number = 3; + sendq = 5 megabytes; +}; + +listen { host = "127.0.0.1"; port = 7601; }; + +auth { user = "*@127.0.0.0/8"; class = "users"; }; + +operator "oper" { + user = "*@127.0.0.0/8"; + password = "oper"; + flags = global_kill, remote, kline, unkline, nick_changes, + die, rehash, admin, xline, operwall, oper_spy, ~encrypted; +}; + +connect "testsuite2." { + host = "127.0.0.1"; + port = 7602; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +connect "testsuite3." { + host = "127.0.0.1"; + port = 7603; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +shared { + oper = "*@*", "*"; + flags = all; +}; + +alias "NickServ" { + target = "NickServ"; +}; +alias "ChanServ" { + target = "ChanServ"; +}; +alias "OperServ" { + target = "OperServ"; +}; +alias "MemoServ" { + target = "MemoServ"; +}; + +service { + name = "services."; +}; diff --git a/testsuite/ircd.conf.2 b/testsuite/ircd.conf.2 new file mode 100644 index 000000000..184f0524e --- /dev/null +++ b/testsuite/ircd.conf.2 @@ -0,0 +1,92 @@ +loadmodule "extensions/extb_account.so"; +loadmodule "extensions/extb_channel.so"; +loadmodule "extensions/extb_oper.so"; +loadmodule "extensions/extb_realname.so"; +loadmodule "extensions/extb_server.so"; +#loadmodule "extensions/ip_cloaking.so"; +loadmodule "extensions/sno_farconnect.so"; +loadmodule "extensions/sno_globalkline.so"; +#loadmodule "extensions/sno_globaloper.so"; + +serverinfo { + name = "testsuite2."; + sid = "2TT"; + description = "Testsuite"; + network_name = "Testsuite"; + network_desc = "Testing"; + hub = yes; + vhost = "127.0.0.1"; +}; + +admin { + name = "Here"; + description = "Charybdis testsuite server"; + email = "root@localhost"; +}; + +class "users" { + ping_time = 5 minutes; + number_per_ip = 100; + max_number = 200; + sendq = 100kb; +}; + +class "server" { + ping_time = 5 minutes; + connectfreq = 5 minutes; + max_number = 3; + sendq = 5 megabytes; +}; + +listen { host = "127.0.0.1"; port = 7602; }; + +auth { user = "*@127.0.0.0/8"; class = "users"; }; + +operator "oper" { + user = "*@127.0.0.0/8"; + password = "oper"; + flags = global_kill, remote, kline, unkline, nick_changes, + die, rehash, admin, xline, operwall, oper_spy, ~encrypted; +}; + +connect "testsuite1." { + host = "127.0.0.1"; + port = 7601; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +connect "testsuite3." { + host = "127.0.0.1"; + port = 7603; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +shared { + oper = "*@*", "*"; + flags = all; +}; + +alias "NickServ" { + target = "NickServ"; +}; +alias "ChanServ" { + target = "ChanServ"; +}; +alias "OperServ" { + target = "OperServ"; +}; +alias "MemoServ" { + target = "MemoServ"; +}; + +service { + name = "services."; +}; diff --git a/testsuite/ircd.conf.3 b/testsuite/ircd.conf.3 new file mode 100644 index 000000000..cb8f379c6 --- /dev/null +++ b/testsuite/ircd.conf.3 @@ -0,0 +1,92 @@ +loadmodule "extensions/extb_account.so"; +loadmodule "extensions/extb_channel.so"; +loadmodule "extensions/extb_oper.so"; +loadmodule "extensions/extb_realname.so"; +loadmodule "extensions/extb_server.so"; +#loadmodule "extensions/ip_cloaking.so"; +loadmodule "extensions/sno_farconnect.so"; +loadmodule "extensions/sno_globalkline.so"; +#loadmodule "extensions/sno_globaloper.so"; + +serverinfo { + name = "testsuite3."; + sid = "3TT"; + description = "Testsuite"; + network_name = "Testsuite"; + network_desc = "Testing"; + hub = yes; + vhost = "127.0.0.1"; +}; + +admin { + name = "Here"; + description = "Charybdis testsuite server"; + email = "root@localhost"; +}; + +class "users" { + ping_time = 5 minutes; + number_per_ip = 100; + max_number = 200; + sendq = 100kb; +}; + +class "server" { + ping_time = 5 minutes; + connectfreq = 5 minutes; + max_number = 3; + sendq = 5 megabytes; +}; + +listen { host = "127.0.0.1"; port = 7603; }; + +auth { user = "*@127.0.0.0/8"; class = "users"; }; + +operator "oper" { + user = "*@127.0.0.0/8"; + password = "oper"; + flags = global_kill, remote, kline, unkline, nick_changes, + die, rehash, admin, xline, operwall, oper_spy, ~encrypted; +}; + +connect "testsuite1." { + host = "127.0.0.1"; + port = 7601; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +connect "testsuite2." { + host = "127.0.0.1"; + port = 7602; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +shared { + oper = "*@*", "*"; + flags = all; +}; + +alias "NickServ" { + target = "NickServ"; +}; +alias "ChanServ" { + target = "ChanServ"; +}; +alias "OperServ" { + target = "OperServ"; +}; +alias "MemoServ" { + target = "MemoServ"; +}; + +service { + name = "services."; +}; diff --git a/testsuite/startall.sh b/testsuite/startall.sh new file mode 100755 index 000000000..6f00e8c74 --- /dev/null +++ b/testsuite/startall.sh @@ -0,0 +1,8 @@ +#!/bin/sh +testdir=`pwd` +prefix=`sed -n -e 's/^#define IRCD_PREFIX "\(.*\)"/\1/p' "$testdir/../include/setup.h"` +[ -d $prefix ] || { echo Unable to find installation prefix; exit 1; } + +$prefix/bin/ircd -configfile $testdir/ircd.conf.1 -pidfile $testdir/ircd.pid.1 +$prefix/bin/ircd -configfile $testdir/ircd.conf.2 -pidfile $testdir/ircd.pid.2 +$prefix/bin/ircd -configfile $testdir/ircd.conf.3 -pidfile $testdir/ircd.pid.3 From b17d39da754dbc2edd510cb7e15925ee0f54f734 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 9 Aug 2008 18:46:05 +0400 Subject: [PATCH 024/113] Updated TODO --- TODO | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TODO b/TODO index 8dd0cb972..14b9041df 100644 --- a/TODO +++ b/TODO @@ -52,7 +52,7 @@ in .conf: helper { kill_global, rehash, kline_local } in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely -[?] test suite as in ircu +[x] test suite as in ircu [/] Bug fixes [x] Compilation without zlib headers fails - fixed [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage From ce1c921c956d441528c4721bcf83bd7209666bdd Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 11 Aug 2008 23:20:24 +0400 Subject: [PATCH 025/113] sync with libratbox upstream - r25870 --- libratbox/ChangeLog | 45 ++++++++++++++++++++++ libratbox/src/balloc.c | 84 ++++++++++++++++++++++-------------------- 2 files changed, 90 insertions(+), 39 deletions(-) diff --git a/libratbox/ChangeLog b/libratbox/ChangeLog index a31a4e856..78a85b809 100644 --- a/libratbox/ChangeLog +++ b/libratbox/ChangeLog @@ -1,3 +1,48 @@ +androsyn 2008/08/06 19:51:44 UTC (25861) + Log: + put back in the pad to even pointer boundaries stuff + + Modified: + libratbox/trunk/src/balloc.c (File Modified) + + +androsyn 2008/08/06 19:30:25 UTC (25859) + Log: + fix the block heap free code + + Modified: + libratbox/trunk/src/balloc.c (File Modified) + + +androsyn 2008/08/06 19:14:38 UTC (25857) + Log: + Fix a bug where we would get SIGBUS crashes when trying to use a long long. + The problem was we were only aligning pointers to 4 bytes, which isn't good + enough for long long on sparc when using gcc 4.x. Apparently gcc 3.x was more + tolerant of this. This fixes it correctly. + + + + Modified: + libratbox/trunk/src/balloc.c (File Modified) + + +androsyn 2008/08/05 04:12:26 UTC (25853) + Log: + fix a buffer overrun in the nossl case + + Modified: + libratbox/trunk/src/nossl.c (File Modified) + + +androsyn 2008/08/04 22:04:38 UTC (25833) + Log: + make GET_SS_FAMILY use const and add a SET_SS_FAMILY macro. ircd fixes coming shortly + + Modified: + libratbox/trunk/include/ratbox_lib.h (File Modified) + + androsyn 2008/07/29 15:26:55 UTC (25795) Log: some sanity checks in the rb_open path diff --git a/libratbox/src/balloc.c b/libratbox/src/balloc.c index 19e9a256e..0ba2608e4 100644 --- a/libratbox/src/balloc.c +++ b/libratbox/src/balloc.c @@ -28,7 +28,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * USA * - * $Id: balloc.c 25675 2008-07-06 04:13:05Z androsyn $ + * $Id: balloc.c 25861 2008-08-06 19:51:44Z androsyn $ */ /* @@ -69,6 +69,8 @@ #endif #endif +static uintptr_t offset_pad; + /* status information for an allocated block in heap */ struct rb_heap_block { @@ -79,17 +81,6 @@ struct rb_heap_block }; typedef struct rb_heap_block rb_heap_block; -struct rb_heap_memblock -{ - rb_heap_block *block; - union { - rb_dlink_node node; - char data[1]; /* stub pointer..this is ugly */ - } ndata; -}; - -typedef struct rb_heap_memblock rb_heap_memblock; - /* information for the root node of the heap */ struct rb_bh { @@ -155,6 +146,18 @@ void rb_init_bh(void) { heap_lists = rb_malloc(sizeof(rb_dlink_list)); + offset_pad = sizeof(void *); + /* XXX if you get SIGBUS when trying to use a long long..here is where you need to + * fix your shit + */ +#ifdef __sparc__ + if((offset_pad % __alignof__(long long)) != 0) + { + offset_pad += __alignof__(long long); + offset_pad &= ~(__alignof__(long long) - 1); + } +#endif + #ifndef NOBALLOC #ifdef WIN32 block_heap = HeapCreate(HEAP_NO_SERIALIZE, 0, 0); @@ -226,11 +229,11 @@ newblock(rb_bh * bh) rb_heap_block *b; unsigned long i; uintptr_t offset; - + rb_dlink_node *node; /* Setup the initial data structure. */ b = rb_malloc(sizeof(rb_heap_block)); - b->alloc_size = bh->elemsPerBlock * (bh->elemSize + sizeof(rb_heap_block *)); + b->alloc_size = bh->elemsPerBlock * bh->elemSize; b->elems = get_block(b->alloc_size); if(rb_unlikely(b->elems == NULL)) @@ -239,11 +242,11 @@ newblock(rb_bh * bh) } offset = (uintptr_t)b->elems; /* Setup our blocks now */ - for (i = 0; i < bh->elemsPerBlock; i++, offset += (bh->elemSize + sizeof(rb_heap_block *))) + for (i = 0; i < bh->elemsPerBlock; i++, offset += bh->elemSize) { - rb_heap_memblock *memblock = (rb_heap_memblock *)offset; - memblock->block = b; - rb_dlinkAdd(memblock, &memblock->ndata.node, &bh->free_list); + *((void **)offset) = b; + node = (void *)(offset + offset_pad); + rb_dlinkAdd((void *)offset, node, &bh->free_list); } rb_dlinkAdd(b, &b->node, &bh->block_list); b->free_count = bh->elemsPerBlock; @@ -272,26 +275,27 @@ rb_bh_create(size_t elemsize, int elemsperblock, const char *desc) rb_bh *bh; lrb_assert(elemsize > 0 && elemsperblock > 0); lrb_assert(elemsize >= sizeof(rb_dlink_node)); + /* Catch idiotic requests up front */ if((elemsize == 0) || (elemsperblock <= 0)) { rb_bh_fail("Attempting to rb_bh_create idiotic sizes"); } - + if(elemsize < sizeof(rb_dlink_node)) rb_bh_fail("Attempt to rb_bh_create smaller than sizeof(rb_dlink_node)"); /* Allocate our new rb_bh */ bh = rb_malloc(sizeof(rb_bh)); - #ifndef NOBALLOC + elemsize += offset_pad; if((elemsize % sizeof(void *)) != 0) { /* Pad to even pointer boundary */ elemsize += sizeof(void *); elemsize &= ~(sizeof(void *) - 1); } -#endif /* !NOBALLOC */ +#endif bh->elemSize = elemsize; bh->elemsPerBlock = elemsperblock; @@ -334,7 +338,8 @@ rb_bh_alloc(rb_bh * bh) { #ifndef NOBALLOC rb_dlink_node *new_node; - rb_heap_memblock *memblock; + rb_heap_block *block; + void *ptr; #endif lrb_assert(bh != NULL); if(rb_unlikely(bh == NULL)) @@ -363,11 +368,11 @@ rb_bh_alloc(rb_bh * bh) } new_node = bh->free_list.head; - memblock = new_node->data; + block = new_node->data; + ptr = new_node->data + offset_pad; rb_dlinkDelete(new_node, &bh->free_list); - memblock->block->free_count--; - memset((void *)memblock->ndata.data, 0, bh->elemSize); - return((void *)memblock->ndata.data); + memset(ptr, 0, bh->elemSize - offset_pad); + return(ptr); #endif } @@ -387,7 +392,8 @@ int rb_bh_free(rb_bh * bh, void *ptr) { #ifndef NOBALLOC - rb_heap_memblock *memblock; + rb_heap_block *block; + void *data; #endif lrb_assert(bh != NULL); lrb_assert(ptr != NULL); @@ -407,14 +413,15 @@ rb_bh_free(rb_bh * bh, void *ptr) #ifdef NOBALLOC rb_free(ptr); #else - memblock = (rb_heap_memblock *) ((uintptr_t)ptr - sizeof(rb_heap_block *)); + data = (void *)(ptr - offset_pad); + block = *(rb_heap_block **)data; /* XXX */ - if(rb_unlikely(!((uintptr_t)ptr >= (uintptr_t)memblock->block->elems && (uintptr_t)ptr < (uintptr_t)memblock->block->elems + (uintptr_t)memblock->block->alloc_size))) + if(rb_unlikely(!((uintptr_t)ptr >= (uintptr_t)block->elems && (uintptr_t)ptr < (uintptr_t)block->elems + (uintptr_t)block->alloc_size))) { rb_bh_fail("rb_bh_free() bogus pointer"); } - memblock->block->free_count++; - rb_dlinkAdd(memblock, &memblock->ndata.node, &bh->free_list); + block->free_count++; + rb_dlinkAdd(data, (rb_dlink_node *)ptr, &bh->free_list); #endif /* !NOBALLOC */ return (0); } @@ -468,7 +475,7 @@ rb_bh_usage(rb_bh * bh, size_t * bused, size_t * bfree, size_t * bmemusage, cons freem = rb_dlink_list_length(&bh->free_list); used = (rb_dlink_list_length(&bh->block_list) * bh->elemsPerBlock) - freem; - memusage = used * (bh->elemSize + sizeof(void *)); + memusage = used * bh->elemSize; if(bused != NULL) *bused = used; if(bfree != NULL) @@ -495,8 +502,8 @@ void rb_bh_usage_all(rb_bh_usage_cb *cb, void *data) bh = (rb_bh *)ptr->data; freem = rb_dlink_list_length(&bh->free_list); used = (rb_dlink_list_length(&bh->block_list) * bh->elemsPerBlock) - freem; - memusage = used * (bh->elemSize + sizeof(void *)); - heapalloc = (freem + used) * (bh->elemSize + sizeof(void *)); + memusage = used * bh->elemSize; + heapalloc = (freem + used) * bh->elemSize; if(bh->desc != NULL) desc = bh->desc; cb(used, freem, memusage, heapalloc, desc, data); @@ -516,8 +523,8 @@ rb_bh_total_usage(size_t *total_alloc, size_t *total_used) bh = (rb_bh *)ptr->data; freem = rb_dlink_list_length(&bh->free_list); used = (rb_dlink_list_length(&bh->block_list) * bh->elemsPerBlock) - freem; - used_memory += used * (bh->elemSize + sizeof(void *)); - total_memory += (freem + used) * (bh->elemSize + sizeof(void *)); + used_memory += used * bh->elemSize; + total_memory += (freem + used) * bh->elemSize; } if(total_alloc != NULL) @@ -558,10 +565,9 @@ rb_bh_gc(rb_bh * bh) /* i'm seriously going to hell for this.. */ offset = (uintptr_t)b->elems; - for (i = 0; i < bh->elemsPerBlock; i++, offset += ((uintptr_t)bh->elemSize + sizeof(rb_heap_memblock *))) + for (i = 0; i < bh->elemsPerBlock; i++, offset += (uintptr_t)bh->elemSize) { - rb_heap_memblock *memblock = (rb_heap_memblock *)offset; - rb_dlinkDelete(&memblock->ndata.node, &bh->free_list); + rb_dlinkDelete(((rb_dlink_node *)(offset + offset_pad)), &bh->free_list); } rb_dlinkDelete(&b->node, &bh->block_list); free_block(b->elems, b->alloc_size); From fbdcbb74c9d55202b65b14f64bcbaa8f507547ba Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 11 Aug 2008 23:29:22 +0400 Subject: [PATCH 026/113] Made README.FIRST much actual (most copied from ircd-ratbox) --- README.FIRST | 56 ++++++++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/README.FIRST b/README.FIRST index 6f581136e..6c3d77a72 100644 --- a/README.FIRST +++ b/README.FIRST @@ -8,7 +8,7 @@ If you don't read this first, we won't help you. * when configure is run. * * You now need to ./configure --prefix="/path/to/install/it" * * - The old config format WILL NOT WORK. Please see doc/example.conf ! * - * - The old kline format WILL NOT WORK. Please use convertklines which * + * - The old kline format WILL NOT WORK. Please use bantool which * * will be installed with your ircd! * ************************************************************************* @@ -18,6 +18,15 @@ If you don't read this first, we won't help you. ******************************* REQUIREMENTS ********************************** +New Features - A short introduction: +- charybdis-3.x now has several major changes over previous version that you + will notice right away. + o SSL Client support. + o Connection Throttling. + +- Please see NEWS for more detailed changes. + + Necessary Requirements: - A supported platform (look below) @@ -33,41 +42,27 @@ Necessary Requirements: Feature Specific Requirements: -- For the SSL Challenge controlled OPER feature and encrypted server links, +- For SSL Clients, SSL Challenge controlled OPER feature, and encrypted server links, a working OpenSSL library -- For encrypted oper and (optional) server passwords, a working DES and/or - MD5 library +- For encrypted oper and (optional) server passwords, a working DES, MD5, or SHA library. ******************************************************************************* -- To report bugs in ircd-ratbox, send the bug report to ircd-ratbox@lists.ratbox.org +- To report bugs in charybdis, visit us at irc.atheme.org #charybdis - Known bugs are listed in the BUGS file - See the INSTALL document for info on configuring and compiling - ircd-ratbox. + charybdis. - Please read doc/index.txt to get an overview of the current documentation. -- Old Hybrid 5/6 configuration files are no longer supported. All conf - files will have to be converted to the new format. A convertconf - utility is provided and installed into bin/. - -- If you are wondering why config.h is practically empty, its because many - things that were once in config.h are now specified in the 'general' - block of ircd.conf. Look at example.conf for more information about - these options. - - The files, /etc/services, /etc/protocols, and /etc/resolv.conf, MUST be readable by the user running the server in order for ircd to start. Errors from adns causing the ircd to refuse to start up are often related to permission problems on these files. -- There is a mailing list for ircd-ratbox. To subscribe to this list - visit http://lists.ratbox.org/cgi-bin/mailman/listinfo/ircd-ratbox - Note that this list also gets the commit emails from the CVS server. - - FREEBSD USERS: if you are compiling with ipv6 you may experience problems with ipv4 due to the way the socket code is written. To fix this you must: "sysctl net.inet6.ip6.v6only=0" @@ -77,26 +72,35 @@ Feature Specific Requirements: work fine, and any gcc or SunPro compiled on 32bit. - DARWIN AND MACOS X USERS: You must be using at least the December 2001 - Development Tools from Apple to build ircd-ratbox with shared modules. + Development Tools from Apple to build charybdis with shared modules. Before then you MUST disable shared modules, as we do not have the proper flags for cc(1) prior to that point to produce shared modules. -- SUPPORTED PLATFORMS: this code should compile without any warnings - on FreeBSD 3.x/4.x, RedHat 6.2, Debian Potato and Solaris 7/8 sparc. +- SUPPORTED PLATFORMS: this code should compile without any warnings on: + FreeBSD 6.x/7.x, + Gentoo & Gentoo Hardened ~x86/~amd64/~fbsd + Fedora 8/9 / CentOS 4/5 / Redhat Enterprise 5 + Debian Etch, + OpenSuSE 10/11, + OpenSolaris 2008.x? + Solaris 10 sparc. + Please let us know if you find otherwise. It probably does not compile on AIX, IRIX or libc5 Linux. - TESTED PLATFORMS: The code has been tested on the following platforms, and is known to run properly. - FreeBSD 3.x/4.x - Linux glibc + FreeBSD 6.x/7.x + Linux glibc-2.6, glibc-2.7 Solaris 2.6/7/8 OpenBSD 2.8 NetBSD 1.4 + Cygwin 1.3+ (static modules, no servlink) + OpenVMS/Alpha 7.2 (static modules, no servlink) -- Please read doc/whats-new.txt for information about what is in this release +- Please read NEWS for information about what is in this release - Other files recommended for reading: BUGS, INSTALL -------------------------------------------------------------------------------- -$Id: README.FIRST 1837 2006-08-22 14:05:58Z nenolod $ +$Id$ From 877d1eb0ebb7a49d3381794e82a5201dc59790d2 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Tue, 12 Aug 2008 18:09:30 +0400 Subject: [PATCH 027/113] Charybdis never had old kline/config format - removed notes about them --- README.FIRST | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.FIRST b/README.FIRST index 6c3d77a72..923f3f53d 100644 --- a/README.FIRST +++ b/README.FIRST @@ -7,8 +7,6 @@ If you don't read this first, we won't help you. * - Reading INSTALL is now a must, as the old DPATH is now specified * * when configure is run. * * You now need to ./configure --prefix="/path/to/install/it" * - * - The old config format WILL NOT WORK. Please see doc/example.conf ! * - * - The old kline format WILL NOT WORK. Please use bantool which * * will be installed with your ircd! * ************************************************************************* From 2bad578999ada27eecb9f4903f79ab5ed59a7650 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 12 Aug 2008 22:34:37 +0200 Subject: [PATCH 028/113] Allow /list on a named +p channel. A full /list already included +p channels. --- modules/m_list.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/m_list.c b/modules/m_list.c index db397a2b7..ab05e405f 100644 --- a/modules/m_list.c +++ b/modules/m_list.c @@ -324,7 +324,7 @@ static void safelist_channel_named(struct Client *source_p, const char *name) return; } - if (ShowChannel(source_p, chptr)) + if (!SecretChannel(chptr) || IsMember(source_p, chptr)) sendto_one(source_p, form_str(RPL_LIST), me.name, source_p->name, chptr->chname, rb_dlink_list_length(&chptr->members), chptr->topic == NULL ? "" : chptr->topic); From 25bf7285812b5cc8112d3a9bb580cae4d5ac0a08 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 12 Aug 2008 22:37:29 +0200 Subject: [PATCH 029/113] fix a crash in the rb_bh_gc code from libratbox svn r25871 (androsyn) --- libratbox/src/balloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libratbox/src/balloc.c b/libratbox/src/balloc.c index 0ba2608e4..7c06e3070 100644 --- a/libratbox/src/balloc.c +++ b/libratbox/src/balloc.c @@ -567,7 +567,7 @@ rb_bh_gc(rb_bh * bh) offset = (uintptr_t)b->elems; for (i = 0; i < bh->elemsPerBlock; i++, offset += (uintptr_t)bh->elemSize) { - rb_dlinkDelete(((rb_dlink_node *)(offset + offset_pad)), &bh->free_list); + rb_dlinkDelete(((rb_dlink_node *)offset), &bh->free_list); } rb_dlinkDelete(&b->node, &bh->block_list); free_block(b->elems, b->alloc_size); From 6538a4cb03fe89fa429364a3854cb4b4e3c5a9a3 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 13 Aug 2008 21:04:27 +0400 Subject: [PATCH 030/113] Extension for +A (admin only) channel mode, currently belongs to type chm_staff as operonly, seen in various networks. --- extensions/Makefile.in | 1 + extensions/chm_adminonly.c | 52 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 extensions/chm_adminonly.c diff --git a/extensions/Makefile.in b/extensions/Makefile.in index ca7b80884..13c58db68 100644 --- a/extensions/Makefile.in +++ b/extensions/Makefile.in @@ -27,6 +27,7 @@ INCLUDES = -I. -I../include -I../libratbox/include $(SSL_INCLUDES) CPPFLAGS = ${INCLUDES} @CPPFLAGS@ SRCS = \ + chm_adminonly.c \ chm_operonly.c \ chm_operonly_compat.c \ chm_quietunreg_compat.c \ diff --git a/extensions/chm_adminonly.c b/extensions/chm_adminonly.c new file mode 100644 index 000000000..f018de207 --- /dev/null +++ b/extensions/chm_adminonly.c @@ -0,0 +1,52 @@ +#include "stdinc.h" +#include "modules.h" +#include "hook.h" +#include "client.h" +#include "ircd.h" +#include "send.h" +#include "s_conf.h" +#include "s_user.h" +#include "s_serv.h" +#include "numeric.h" +#include "chmode.h" + +static void h_can_join(hook_data_channel *); + +mapi_hfn_list_av1 adminonly_hfnlist[] = { + { "can_join", (hookfn) h_can_join }, + { NULL, NULL } +}; + +static int +_modinit(void) +{ + chmode_table['A'].mode_type = find_cflag_slot(); + chmode_table['A'].set_func = chm_staff; + + construct_noparam_modes(); + + return 0; +} + +static void +_moddeinit(void) +{ + chmode_table['A'].mode_type = 0; + + construct_noparam_modes(); +} + +DECLARE_MODULE_AV1(chm_adminonly, _modinit, _moddeinit, NULL, NULL, adminonly_hfnlist, "$Revision$"); + +static void +h_can_join(hook_data_channel *data) +{ + struct Client *source_p = data->client; + struct Channel *chptr = data->chptr; + + if((chptr->mode.mode & chmode_flags['A']) && !IsOperAdmin(source_p)) { + sendto_one_numeric(source_p, 519, "%s :Cannot join channel (+A) - you are not an IRC server administrator", chptr->chname); + data->approved = ERR_CUSTOM; + } +} + From 15fbe3346576d9f6395ec95313e0dc824ac40a55 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 13 Aug 2008 22:53:36 +0400 Subject: [PATCH 031/113] atheme-services -> charybdis for application.sh script --- scripts/application.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/application.sh b/scripts/application.sh index f3da0b7dd..203bb6406 100755 --- a/scripts/application.sh +++ b/scripts/application.sh @@ -26,7 +26,7 @@ fi # Charybdis wants the hg tip to be in include/serno.h, in its own format. MYTIP=`hg parents --template '#date|shortdate#_#node|short#' 2>/dev/null | sed -e s/-//g -e s/_/-/` -echo "[atheme-services] Generating include/serno.h for tip $MYTIP." +echo "[charybdis] Generating include/serno.h for tip $MYTIP." cat << _EOF_ > include/serno.h /* Generated automatically by makepackage. Any changes made here will be lost. */ #define SERNO "$MYTIP" From a967a1579254bbaf74d0e37065caacf9a64c39fe Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 13 Aug 2008 22:57:09 +0400 Subject: [PATCH 032/113] Removed note that we support cygwin (no, we don't) --- README.FIRST | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.FIRST b/README.FIRST index 923f3f53d..266bde31a 100644 --- a/README.FIRST +++ b/README.FIRST @@ -93,8 +93,7 @@ Feature Specific Requirements: Solaris 2.6/7/8 OpenBSD 2.8 NetBSD 1.4 - Cygwin 1.3+ (static modules, no servlink) - OpenVMS/Alpha 7.2 (static modules, no servlink) + OpenVMS/Alpha 7.2 (static modules, no ssld) - Please read NEWS for information about what is in this release From 67e6f4df3ba174d32ff1d1e36e9c3d4449c51dd0 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 13 Aug 2008 23:17:43 +0400 Subject: [PATCH 033/113] Updated reference.conf --- doc/reference.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/reference.conf b/doc/reference.conf index 0b64947bf..f87d10104 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -41,6 +41,9 @@ * Charybdis contains several extensions that are not enabled by default. * To use them, uncomment the lines below. * + * Channel mode +-A (admin only) -- chm_adminonly.so + * Channel mode +-O (oper only) -- chm_operonly.so + * Channel mode +-S (ssl only) -- chm_sslonly.so * Emulates channel mode +-O (oper only) (+-iI $o) -- chm_operonly_compat.so * Emulates channel mode +-R (quiet unreg) (+-q $~a) -- chm_quietunreg_compat.so * Emulates channel mode +-S (ssl only) (+-b $~z) -- chm_sslonly_compat.so @@ -63,6 +66,9 @@ * Remote oper up notices -- sno_globaloper.so * /whois notifications (snomask +W) -- sno_whois.so */ +#loadmodule "extensions/chm_adminonly.so"; +#loadmodule "extensions/chm_operonly.so"; +#loadmodule "extensions/chm_sslonly.so"; #loadmodule "extensions/chm_operonly_compat.so"; #loadmodule "extensions/chm_quietunreg_compat.so"; #loadmodule "extensions/chm_sslonly_compat.so"; From 33e65f000468644723689cef9d16d4955e7d969c Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:23:56 +0400 Subject: [PATCH 034/113] no more servlink - removed 'servlink_path' from reference.conf and source files --- doc/reference.conf | 7 ------- include/client.h | 19 +++++++++---------- include/config.h | 1 - include/config.h.dist | 1 - src/newconf.c | 1 - src/s_conf.c | 7 ------- 6 files changed, 9 insertions(+), 27 deletions(-) diff --git a/doc/reference.conf b/doc/reference.conf index f87d10104..02a9ef07e 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -1106,13 +1106,6 @@ general { * provided they have umode +s set */ oper_snomask = "+s"; - /* servlink path: path to 'servlink' program used by ircd to handle - * encrypted/compressed server <-> server links. - * - * only define if servlink is not in same directory as ircd itself. - */ - #servlink_path = "/usr/local/ircd/bin/servlink"; - /* use egd: if your system does not have *random devices yet you * want to use OpenSSL and encrypted links, enable this. Beware - * EGD is *very* CPU intensive when gathering data for its pool diff --git a/include/client.h b/include/client.h index 7027dde6d..02b39f908 100644 --- a/include/client.h +++ b/include/client.h @@ -400,16 +400,15 @@ struct exit_client_hook #define FLAGS_FLOODDONE 0x0100 /* flood grace period over / reported */ #define FLAGS_NORMALEX 0x0400 /* Client exited normally */ #define FLAGS_SENDQEX 0x0800 /* Sendq exceeded */ -#define FLAGS_SERVLINK 0x10000 /* servlink has servlink process */ -#define FLAGS_MARK 0x20000 /* marked client */ -#define FLAGS_HIDDEN 0x40000 /* hidden server */ -#define FLAGS_EOB 0x80000 /* EOB */ -#define FLAGS_MYCONNECT 0x100000 /* MyConnect */ -#define FLAGS_IOERROR 0x200000 /* IO error */ -#define FLAGS_SERVICE 0x400000 /* network service */ -#define FLAGS_TGCHANGE 0x800000 /* we're allowed to clear something */ -#define FLAGS_DYNSPOOF 0x1000000 /* dynamic spoof, only opers see ip */ -#define FLAGS_EXUNKNOWN 0x2000000 /* too many unknowns exit.. */ +#define FLAGS_MARK 0x10000 /* marked client */ +#define FLAGS_HIDDEN 0x20000 /* hidden server */ +#define FLAGS_EOB 0x40000 /* EOB */ +#define FLAGS_MYCONNECT 0x80000 /* MyConnect */ +#define FLAGS_IOERROR 0x100000 /* IO error */ +#define FLAGS_SERVICE 0x200000 /* network service */ +#define FLAGS_TGCHANGE 0x400000 /* we're allowed to clear something */ +#define FLAGS_DYNSPOOF 0x800000 /* dynamic spoof, only opers see ip */ +#define FLAGS_EXUNKNOWN 0x1000000 /* too many unknowns exit.. */ /* flags for local clients, this needs stuff moved from above to here at some point */ #define LFLAGS_SSL 0x00000001 diff --git a/include/config.h b/include/config.h index daa8652a6..04fcfdb16 100644 --- a/include/config.h +++ b/include/config.h @@ -61,7 +61,6 @@ /* files */ #define SPATH BINPATH "/ircd" /* ircd executable */ #define LIPATH LIBPATH "/libircd" SHARED_SUFFIX /* ircd library */ -#define SLPATH BINPATH "/servlink" /* servlink executable */ #define CPATH ETCPATH "/ircd.conf" /* ircd.conf file */ #define KPATH ETCPATH "/kline.conf" /* kline file */ #define DLPATH ETCPATH "/dline.conf" /* dline file */ diff --git a/include/config.h.dist b/include/config.h.dist index daa8652a6..04fcfdb16 100644 --- a/include/config.h.dist +++ b/include/config.h.dist @@ -61,7 +61,6 @@ /* files */ #define SPATH BINPATH "/ircd" /* ircd executable */ #define LIPATH LIBPATH "/libircd" SHARED_SUFFIX /* ircd library */ -#define SLPATH BINPATH "/servlink" /* servlink executable */ #define CPATH ETCPATH "/ircd.conf" /* ircd.conf file */ #define KPATH ETCPATH "/kline.conf" /* kline file */ #define DLPATH ETCPATH "/dline.conf" /* dline file */ diff --git a/src/newconf.c b/src/newconf.c index ed2dd9d3b..6e66204ef 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -2035,7 +2035,6 @@ static struct ConfEntry conf_general_table[] = { "kline_reason", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.kline_reason }, { "identify_service", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifyservice }, { "identify_command", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifycommand }, - { "servlink_path", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.servlink_path }, { "anti_spam_exit_message_time", CF_TIME, NULL, 0, &ConfigFileEntry.anti_spam_exit_message_time }, { "disable_fake_channels", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_fake_channels }, diff --git a/src/s_conf.c b/src/s_conf.c index 71f1c56c1..9b98fd5ee 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -772,7 +772,6 @@ set_default_conf(void) ConfigFileEntry.hide_error_messages = 1; ConfigFileEntry.dots_in_ident = 0; ConfigFileEntry.max_targets = MAX_TARGETS_DEFAULT; - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); ConfigFileEntry.egdpool_path = NULL; ConfigFileEntry.use_whois_actually = YES; ConfigFileEntry.burst_away = NO; @@ -858,9 +857,6 @@ validate_conf(void) if(ConfigFileEntry.ts_max_delta < TS_MAX_DELTA_MIN) ConfigFileEntry.ts_max_delta = TS_MAX_DELTA_DEFAULT; - if(ConfigFileEntry.servlink_path == NULL) - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); - if(ServerInfo.network_name == NULL) ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT); @@ -1235,9 +1231,6 @@ clear_out_old_conf(void) */ /* clean out general */ - rb_free(ConfigFileEntry.servlink_path); - ConfigFileEntry.servlink_path = NULL; - RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head) { rb_free(ptr->data); From f01a7ff1e94272ea309829f6bccb90d4e6f510d9 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:24:28 +0400 Subject: [PATCH 035/113] comment to fix egd (not work currently) --- src/ircd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ircd.c b/src/ircd.c index 9089ae805..5eac695f3 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -67,6 +67,8 @@ #include "sslproc.h" #include "chmode.h" +/* XXX fix egd!!! */ + /* /quote set variables */ struct SetOptions GlobalSetOptions; From 37cd159e9400e297c5d6c1a4da8aca5fda6a40e4 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:29:33 +0400 Subject: [PATCH 036/113] egd fixed --- src/ircd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ircd.c b/src/ircd.c index 5eac695f3..170ea9dd3 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -67,8 +67,6 @@ #include "sslproc.h" #include "chmode.h" -/* XXX fix egd!!! */ - /* /quote set variables */ struct SetOptions GlobalSetOptions; @@ -633,6 +631,12 @@ main(int argc, char *argv[]) rb_lib_init(ircd_log_cb, ircd_restart_cb, ircd_die_cb, !server_state_foreground, maxconnections, DNODE_HEAP_SIZE, FD_HEAP_SIZE); rb_linebuf_init(LINEBUF_HEAP_SIZE); + if(ConfigFileEntry.use_egd && (ConfigFileEntry.egdpool_path != NULL)) + { + rb_init_prng(ConfigFileEntry.egdpool_path, RB_PRNG_EGD); + } else + rb_init_prng(NULL, RB_PRNG_DEFAULT); + init_main_logfile(); newconf_init(); init_s_conf(); From e1db84d87d17b97abd2bb43c46e083c580a92309 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:30:28 +0400 Subject: [PATCH 037/113] seed random not even every 300 seconds, but on startup also --- src/ircd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ircd.c b/src/ircd.c index 170ea9dd3..19d7aaeb2 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -637,6 +637,8 @@ main(int argc, char *argv[]) } else rb_init_prng(NULL, RB_PRNG_DEFAULT); + seed_random(NULL); + init_main_logfile(); newconf_init(); init_s_conf(); From ec86417cee9890cd8c504aec293a250e8740a4d3 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:38:13 +0400 Subject: [PATCH 038/113] ircd-ratbox -> charybdis --- configure.ac | 2 +- src/ircd.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index efd1e79a9..4efdbb766 100644 --- a/configure.ac +++ b/configure.ac @@ -315,7 +315,7 @@ fi AC_C_BIGENDIAN dnl Check for stdarg.h - if we can't find it, halt configure -AC_CHECK_HEADER(stdarg.h, , [AC_MSG_ERROR([** stdarg.h could not be found - ircd-ratbox will not compile without it **])]) +AC_CHECK_HEADER(stdarg.h, , [AC_MSG_ERROR([** stdarg.h could not be found - charybdis will not compile without it **])]) dnl Checks for the existence of strlcat, strlcpy, basename... dnl This more reliable test only works with gcc though. diff --git a/src/ircd.c b/src/ircd.c index 19d7aaeb2..303677829 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -188,7 +188,7 @@ init_sys(void) if(maxconnections <= MAX_BUFFER) { fprintf(stderr, "ERROR: Shell FD limits are too low.\n"); - fprintf(stderr, "ERROR: ircd-ratbox reserves %d FDs, shell limits must be above this\n", MAX_BUFFER); + fprintf(stderr, "ERROR: charybdis reserves %d FDs, shell limits must be above this\n", MAX_BUFFER); exit(EXIT_FAILURE); } return; From d3faa80afe7b57b5d76ccca5b6bc31b1e4e39524 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:45:09 +0400 Subject: [PATCH 039/113] removed cygwin check from configure.ac --- configure.ac | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 4efdbb766..d5c6a2f0e 100644 --- a/configure.ac +++ b/configure.ac @@ -81,7 +81,7 @@ esac fi -AC_MSG_CHECKING([uname -s for Cygwin, Solaris, AIX or HPUX]) +AC_MSG_CHECKING([uname -s for Solaris, AIX or HPUX]) OSNAME=`uname -s` case "$OSNAME" in HP-UX*) @@ -96,10 +96,6 @@ case "$OSNAME" in AC_MSG_RESULT(already using newer HPUX) fi ;; - CYGWIN*) - AC_MSG_RESULT(Cygwin) - CYGWIN=yes - ;; SunOS*) AC_MSG_RESULT(SunOS or Solaris) AC_DEFINE(__EXTENSIONS__, 1, [This is needed to use strtok_r on Solaris.]) From 108f730f58375c08371e40b5eec6d2196f3ec447 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:50:22 +0400 Subject: [PATCH 040/113] forgot to remove check for cygwin from configure.ac --- configure.ac | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configure.ac b/configure.ac index d5c6a2f0e..910dc99c2 100644 --- a/configure.ac +++ b/configure.ac @@ -889,12 +889,6 @@ AC_DEFINE_UNQUOTED(NICKLEN, (${NICKLEN}+1), [Nickname length]) shared_modules="yes" dnl Some first-stage sanity checks. if test "$shared_modules" = yes; then - - if test "$CYGWIN" = yes; then - AC_MSG_WARN([disabling shared modules; Cygwin is at present unable to build them.]) - shared_modules="no" - fi - dnl TenDRA's cc is called tcc too. if test "$CC" = tcc -a "$TenDRA" = "no"; then AC_MSG_WARN([disabling shared modules: Tiny C Compiler can't create PIC]) From 1c390fbdf33142474ee646f91ccc049f51bfbcf4 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:52:31 +0400 Subject: [PATCH 041/113] put cygwin/mingw/native win32 (+shared modules) support in TODO (need discussion), currently ratbox3 could be compiled under cygwin/mingw --- TODO | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/TODO b/TODO index 14b9041df..93169f9b4 100644 --- a/TODO +++ b/TODO @@ -53,6 +53,10 @@ in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely [x] test suite as in ircu +[?] win32 + [?] cygwin support + [?] mingw support + [?] native win32 (VS2005/VS2008) [/] Bug fixes [x] Compilation without zlib headers fails - fixed [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage From df33f222b5b77ea088ec09fa1fba2a3e5b3b59f4 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 23:24:28 +0400 Subject: [PATCH 042/113] added improvement in TODO related to support compilation without parser/lexer generators present in OS --- TODO | 2 ++ 1 file changed, 2 insertions(+) diff --git a/TODO b/TODO index 93169f9b4..d31508ab7 100644 --- a/TODO +++ b/TODO @@ -60,6 +60,8 @@ [/] Bug fixes [x] Compilation without zlib headers fails - fixed [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage +[ ] Improvments + [ ] ircd shouldn't need bison/byacc/yacc or flex for compilation --- other stuff [ ] allow to set up configfiles path (etc/) instead of separated configfiles names (kline.conf, ircd.conf etc) like it is in ratbox3? [?] internally split out +o/+v "ranks" into a series of permissions. this could allow for configure-defined From f1651c905a83742f125ce9ea1383e411b090a9a9 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 23:34:32 +0400 Subject: [PATCH 043/113] fixed chm_adminonly extension - IsOperAdmin replaced with IsAdmin.. hm.. but possibly we need to allow hidden opers/admins to enter protected channels? --- extensions/chm_adminonly.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/chm_adminonly.c b/extensions/chm_adminonly.c index f018de207..9380c3df7 100644 --- a/extensions/chm_adminonly.c +++ b/extensions/chm_adminonly.c @@ -44,7 +44,7 @@ h_can_join(hook_data_channel *data) struct Client *source_p = data->client; struct Channel *chptr = data->chptr; - if((chptr->mode.mode & chmode_flags['A']) && !IsOperAdmin(source_p)) { + if((chptr->mode.mode & chmode_flags['A']) && !IsAdmin(source_p)) { sendto_one_numeric(source_p, 519, "%s :Cannot join channel (+A) - you are not an IRC server administrator", chptr->chname); data->approved = ERR_CUSTOM; } From bbe588880f2c32bcffad05b7f6a77609d6f413f5 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sun, 17 Aug 2008 09:27:15 +0400 Subject: [PATCH 044/113] run autoreconf --- configure | 105 ++++++++++++++++++++++++++++++++++--------- libratbox/aclocal.m4 | 2 +- 2 files changed, 85 insertions(+), 22 deletions(-) diff --git a/configure b/configure index 26e094a1d..0b455ab7d 100755 --- a/configure +++ b/configure @@ -2802,8 +2802,8 @@ esac fi -{ echo "$as_me:$LINENO: checking uname -s for Cygwin, Solaris, AIX or HPUX" >&5 -echo $ECHO_N "checking uname -s for Cygwin, Solaris, AIX or HPUX... $ECHO_C" >&6; } +{ echo "$as_me:$LINENO: checking uname -s for Solaris, AIX or HPUX" >&5 +echo $ECHO_N "checking uname -s for Solaris, AIX or HPUX... $ECHO_C" >&6; } OSNAME=`uname -s` case "$OSNAME" in HP-UX*) @@ -2818,11 +2818,6 @@ echo "${ECHO_T}assuming old HPUX with its own cc" >&6; } echo "${ECHO_T}already using newer HPUX" >&6; } fi ;; - CYGWIN*) - { echo "$as_me:$LINENO: result: Cygwin" >&5 -echo "${ECHO_T}Cygwin" >&6; } - CYGWIN=yes - ;; SunOS*) { echo "$as_me:$LINENO: result: SunOS or Solaris" >&5 echo "${ECHO_T}SunOS or Solaris" >&6; } @@ -7613,8 +7608,8 @@ fi if test $ac_cv_header_stdarg_h = yes; then : else - { { echo "$as_me:$LINENO: error: ** stdarg.h could not be found - ircd-ratbox will not compile without it **" >&5 -echo "$as_me: error: ** stdarg.h could not be found - ircd-ratbox will not compile without it **" >&2;} + { { echo "$as_me:$LINENO: error: ** stdarg.h could not be found - charybdis will not compile without it **" >&5 +echo "$as_me: error: ** stdarg.h could not be found - charybdis will not compile without it **" >&2;} { (exit 1); exit 1; }; } fi @@ -10833,13 +10828,6 @@ _ACEOF shared_modules="yes" if test "$shared_modules" = yes; then - - if test "$CYGWIN" = yes; then - { echo "$as_me:$LINENO: WARNING: disabling shared modules; Cygwin is at present unable to build them." >&5 -echo "$as_me: WARNING: disabling shared modules; Cygwin is at present unable to build them." >&2;} - shared_modules="no" - fi - if test "$CC" = tcc -a "$TenDRA" = "no"; then { echo "$as_me:$LINENO: WARNING: disabling shared modules: Tiny C Compiler can't create PIC" >&5 echo "$as_me: WARNING: disabling shared modules: Tiny C Compiler can't create PIC" >&2;} @@ -12079,7 +12067,7 @@ echo "${ECHO_T}no" >&6; } echo $ECHO_N "checking GCC flag(s) -Wwrite-strings... $ECHO_C" >&6; } if test "${GCC-no}" = yes then - if test "${charybdis_cv_c_gcc_w_float_equal+set}" = set; then + if test "${charybdis_cv_c_gcc_w_write_strings+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else @@ -12123,24 +12111,99 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then - charybdis_cv_c_gcc_w_float_equal=yes + charybdis_cv_c_gcc_w_write_strings=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - charybdis_cv_c_gcc_w_float_equal=no + charybdis_cv_c_gcc_w_write_strings=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="${oldcflags}" fi - if test "x$charybdis_cv_c_gcc_w_float_equal" = xyes; then + if test "x$charybdis_cv_c_gcc_w_write_strings" = xyes; then CWARNS="${CWARNS}-Wwrite-strings " { echo "$as_me:$LINENO: result: ok" >&5 echo "${ECHO_T}ok" >&6; } else - charybdis_cv_c_gcc_w_float_equal='' + charybdis_cv_c_gcc_w_write_strings='' + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + fi + else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + fi + + + { echo "$as_me:$LINENO: checking GCC flag(s) -Werror-implicit-function-declaration" >&5 +echo $ECHO_N "checking GCC flag(s) -Werror-implicit-function-declaration... $ECHO_C" >&6; } + if test "${GCC-no}" = yes + then + if test "${charybdis_cv_c_gcc_w_error_implicit_function_declaration+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + + oldcflags="${CFLAGS-}" + CFLAGS="${CFLAGS-} ${CWARNS} -Werror-implicit-function-declaration -Werror" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#include +#include +int main(void); + +int +main () +{ + + (void)strcmp("a","b"); fprintf(stdout,"test ok\n"); + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + charybdis_cv_c_gcc_w_error_implicit_function_declaration=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + charybdis_cv_c_gcc_w_error_implicit_function_declaration=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS="${oldcflags}" +fi + + if test "x$charybdis_cv_c_gcc_w_error_implicit_function_declaration" = xyes; then + CWARNS="${CWARNS}-Werror-implicit-function-declaration " + { echo "$as_me:$LINENO: result: ok" >&5 +echo "${ECHO_T}ok" >&6; } + else + charybdis_cv_c_gcc_w_error_implicit_function_declaration='' { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi diff --git a/libratbox/aclocal.m4 b/libratbox/aclocal.m4 index cce9fea95..083883edc 100644 --- a/libratbox/aclocal.m4 +++ b/libratbox/aclocal.m4 @@ -21,7 +21,7 @@ To do so, use the procedure documented by the package, typically `autoreconf'.]) # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- -# serial 52 Debian 1.5.26-1ubuntu1 AC_PROG_LIBTOOL +# serial 52 Debian 1.5.26-4 AC_PROG_LIBTOOL # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED) From b1daa815bd09eadfe546daf7fdf54fda17413a15 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sun, 17 Aug 2008 09:33:05 +0400 Subject: [PATCH 045/113] fixed warnings on src/ircd.c compilation --- src/ircd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ircd.c b/src/ircd.c index 303677829..1f8922799 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -453,7 +453,7 @@ ircd_log_cb(const char *str) static void ircd_restart_cb(const char *str) { - inotice(L_MAIN, "libratbox has called the restart callback: %s", str); + inotice("libratbox has called the restart callback: %s", str); restart(str); } @@ -474,7 +474,7 @@ ircd_die_cb(const char *str) inotice("libratbox has called the die callback..aborting: %s", str); } else - inotice(L_MAIN, "libratbox has called the die callback..aborting"); + inotice("libratbox has called the die callback..aborting"); unlink(pidFileName); exit(EXIT_FAILURE); From 9c3f080b992e4082b3ee8ec9133c042cdec9f33d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 06:27:59 -0500 Subject: [PATCH 046/113] Add basic PrivilegeSet API. --- include/privilege.h | 47 +++++++++++++++++++++++ src/Makefile.in | 1 + src/privilege.c | 93 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 include/privilege.h create mode 100644 src/privilege.c diff --git a/include/privilege.h b/include/privilege.h new file mode 100644 index 000000000..b033839ad --- /dev/null +++ b/include/privilege.h @@ -0,0 +1,47 @@ +/* + * charybdis: an advanced ircd. + * privilege.h: Dynamic privileges API. + * + * Copyright (c) 2008 William Pitcock + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice is present in all copies. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __CHARYBDIS_PRIVILEGE_H +#define __CHARYBDIS_PRIVILEGE_H + +#include "stdinc.h" + +typedef enum { + PRIV_NEEDOPER = 1 +} PrivilegeFlags; + +struct PrivilegeSet { + int refs; + char *name; + char *privs; + PrivilegeFlags flags; + rb_dlink_node node; +}; + +int privilegeset_in_set(struct PrivilegeSet *set, const char *priv); +struct PrivilegeSet *privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags); +struct PrivilegeSet *privilegeset_get(const char *name); +void privilegeset_ref(struct PrivilegeSet *set); +void privilegeset_unref(struct PrivilegeSet *set); + +#endif diff --git a/src/Makefile.in b/src/Makefile.in index 5322b5a2c..be06853c0 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -78,6 +78,7 @@ SRCS = \ numeric.c \ packet.c \ parse.c \ + privilege.c \ res.c \ reslib.c \ reject.c \ diff --git a/src/privilege.c b/src/privilege.c new file mode 100644 index 000000000..91cc39d22 --- /dev/null +++ b/src/privilege.c @@ -0,0 +1,93 @@ +/* + * charybdis: an advanced ircd. + * privilege.c: Dynamic privileges API. + * + * Copyright (c) 2008 William Pitcock + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice is present in all copies. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include "privilege.h" + +static rb_dlink_list privilegeset_list = {}; + +int +privilegeset_in_set(struct PrivilegeSet *set, const char *priv) +{ + s_assert(set != NULL); + s_assert(priv != NULL); + + return strstr(set->privs, priv) != NULL; +} + +struct PrivilegeSet * +privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags) +{ + struct PrivilegeSet *set; + + set = rb_malloc(sizeof(struct PrivilegeSet)); + set->refs = 1; + set->name = rb_strdup(name); + set->privs = rb_strdup(privs); + set->flags = flags; + + rb_dlinkAdd(set, &set->node, &privilegeset_list); + + return set; +} + +struct PrivilegeSet * +privilegeset_get(const char *name) +{ + rb_dlink_node *iter; + + s_assert(name != NULL); + + RB_DLINK_FOREACH(iter, privilegeset_list.head) + { + struct PrivilegeSet *set = (struct PrivilegeSet *) iter->data; + + if (!strcasecmp(set->name, name)) + return set; + } + + return NULL; +} + +void +privilegeset_ref(struct PrivilegeSet *set) +{ + s_assert(set != NULL); + + set->refs++; +} + +void +privilegeset_unref(struct PrivilegeSet *set) +{ + s_assert(set != NULL); + + if (--set->refs == 0) + { + rb_dlinkDelete(&set->node, &privilegeset_list); + + rb_free(set->name); + rb_free(set->privs); + rb_free(set); + } +} From 353f8625531e7363e2768c026f941e706ab0dafa Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 06:35:49 -0500 Subject: [PATCH 047/113] Add privilegeset_extend(). --- include/privilege.h | 1 + src/privilege.c | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/include/privilege.h b/include/privilege.h index b033839ad..4eb7564bc 100644 --- a/include/privilege.h +++ b/include/privilege.h @@ -40,6 +40,7 @@ struct PrivilegeSet { int privilegeset_in_set(struct PrivilegeSet *set, const char *priv); struct PrivilegeSet *privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags); +struct PrivilegeSet *privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *privs, PrivilegeFlags flags); struct PrivilegeSet *privilegeset_get(const char *name); void privilegeset_ref(struct PrivilegeSet *set); void privilegeset_unref(struct PrivilegeSet *set); diff --git a/src/privilege.c b/src/privilege.c index 91cc39d22..c2ce6e2b4 100644 --- a/src/privilege.c +++ b/src/privilege.c @@ -40,6 +40,8 @@ privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags) { struct PrivilegeSet *set; + s_assert(privilegeset_get(name) == NULL); + set = rb_malloc(sizeof(struct PrivilegeSet)); set->refs = 1; set->name = rb_strdup(name); @@ -51,6 +53,28 @@ privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags) return set; } +struct PrivilegeSet * +privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *privs, PrivilegeFlags flags) +{ + struct PrivilegeSet *set; + + s_assert(parent != NULL); + s_assert(name != NULL); + s_assert(privs != NULL); + s_assert(privilegeset_get(name) == NULL); + + set = rb_malloc(sizeof(struct PrivilegeSet)); + set->refs = 1; + set->name = rb_strdup(name); + set->flags = flags; + set->privs = rb_malloc(strlen(parent->privs) + 1 + strlen(privs) + 1); + strcpy(parent->privs, set->privs); + strcat(set->privs, " "); + strcat(set->privs, privs); + + return set; +} + struct PrivilegeSet * privilegeset_get(const char *name) { From f860687514717c5500c0fba6c0485d4c026172a1 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:10:23 -0500 Subject: [PATCH 048/113] Add config magic for privset{} parsing. --- src/newconf.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/src/newconf.c b/src/newconf.c index 6e66204ef..651361aa8 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -28,6 +28,7 @@ #include "snomask.h" #include "blacklist.h" #include "sslproc.h" +#include "privilege.h" #define CF_TYPE(x) ((x) & CF_MTYPE) @@ -53,6 +54,7 @@ static struct alias_entry *yy_alias = NULL; static char *yy_blacklist_host = NULL; static char *yy_blacklist_reason = NULL; +static char *yy_privset_extends = NULL; static const char * conf_strtype(int type) @@ -448,6 +450,64 @@ set_modes_from_table(int *modes, const char *whatis, struct mode_table *tab, con } } +static void +conf_set_privset_extends(void *data) +{ + yy_privset_extends = rb_strdup((char *) data); +} + +static void +conf_set_privset_privs(void *data) +{ + char *privs = NULL; + conf_parm_t *args = data; + + for (; args; args = args->next) + { + if (privs == NULL) + privs = rb_strdup(args->v.string); + else + { + char *privs_old = privs; + + privs = rb_malloc(strlen(privs_old) + 1 + strlen(args->v.string) + 1); + strcpy(privs_old, privs); + strcat(privs, " "); + strcat(privs, args->v.string); + + rb_free(privs_old); + } + } + + if (privs) + { + if (yy_privset_extends) + { + struct PrivilegeSet *set = privilegeset_get(yy_privset_extends); + + if (!set) + { + conf_report_error("Warning -- unknown parent privilege set %s for %s; ignored.", yy_privset_extends, conf_cur_block_name); + + rb_free(yy_privset_extends); + rb_free(privs); + + yy_privset_extends = NULL; + return; + } + + privilegeset_extend(set, conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); + + rb_free(yy_privset_extends); + yy_privset_extends = NULL; + } + else + privilegeset_set_new(conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); + + rb_free(privs); + } +} + static int conf_begin_oper(struct TopConf *tc) { @@ -1973,6 +2033,13 @@ static struct ConfEntry conf_operator_table[] = { "\0", 0, NULL, 0, NULL } }; +static struct ConfEntry conf_privset_table[] = +{ + { "extends", CF_QSTRING, conf_set_privset_extends, 0, NULL }, + { "privs", CF_STRING | CF_FLIST, conf_set_privset_privs, 0, NULL }, + { "\0", 0, NULL, 0, NULL } +}; + static struct ConfEntry conf_class_table[] = { { "ping_time", CF_TIME, conf_set_class_ping_time, 0, NULL }, @@ -2134,6 +2201,7 @@ newconf_init() add_top_conf("log", NULL, NULL, conf_log_table); add_top_conf("operator", conf_begin_oper, conf_end_oper, conf_operator_table); add_top_conf("class", conf_begin_class, conf_end_class, conf_class_table); + add_top_conf("privset", NULL, NULL, conf_privset_table); add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL); add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port); From be525828053526602c859fa7770f242e2ae2ea09 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:17:25 -0500 Subject: [PATCH 049/113] Add some privsets for opers here. --- doc/example.conf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/doc/example.conf b/doc/example.conf index 48df57c51..3b92a77fd 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -185,6 +185,22 @@ auth { class = "users"; }; +/* privsets... XXX document me later */ +privset "local_op" { + privs = oper:local_kill, oper:operwall; +}; + +privset "global_op" { + extends = "local_op"; + privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, + oper:resv, oper:mass_notice, oper:remote_ban; +}; + +privset "admin" { + extends = "global_op"; + privs = oper:admin, oper:die, oper:rehash, oper:adminwall, oper:spy; +}; + operator "god" { /* name: the name of the oper must go above */ @@ -253,6 +269,9 @@ operator "god" { */ flags = global_kill, remote, kline, unkline, die, rehash, admin, xline, operwall; + + /* privset: replaces flags */ + privset = "admin"; }; connect "irc.uplink.com" { From a2e1310cbeaf6ce4858bd81baf669177a3e9b4d7 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:32:30 -0500 Subject: [PATCH 050/113] oper_conf structure: add privset association. --- include/s_newconf.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/s_newconf.h b/include/s_newconf.h index 402887e80..ef2887fbb 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -36,6 +36,7 @@ #define INCLUDED_s_newconf_h #include "setup.h" +#include "privilege.h" #ifdef HAVE_LIBCRYPTO #include @@ -120,6 +121,8 @@ struct oper_conf unsigned int snomask; + struct PrivilegeSet *privset; + #ifdef HAVE_LIBCRYPTO char *rsa_pubkey_file; RSA *rsa_pubkey; From 22c3b270ca5c332b286c64731571dec3ad9daeae Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:40:27 -0500 Subject: [PATCH 051/113] Initial work on getting privsets working. --- src/newconf.c | 8 ++++++++ src/s_newconf.c | 49 ------------------------------------------------- src/s_user.c | 3 ++- 3 files changed, 10 insertions(+), 50 deletions(-) diff --git a/src/newconf.c b/src/newconf.c index 651361aa8..e6a1d5652 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -581,6 +581,7 @@ conf_end_oper(struct TopConf *tc) yy_tmpoper->flags = yy_oper->flags; yy_tmpoper->umodes = yy_oper->umodes; yy_tmpoper->snomask = yy_oper->snomask; + yy_tmpoper->privset = yy_oper->privset; #ifdef HAVE_LIBCRYPTO if(yy_oper->rsa_pubkey_file) @@ -629,6 +630,12 @@ conf_set_oper_flags(void *data) set_modes_from_table(&yy_oper->flags, "flag", oper_table, args); } +static void +conf_set_oper_privset(void *data) +{ + yy_oper->privset = privilegeset_get((char *) data); +} + static void conf_set_oper_user(void *data) { @@ -2027,6 +2034,7 @@ static struct ConfEntry conf_operator_table[] = { "rsa_public_key_file", CF_QSTRING, conf_set_oper_rsa_public_key_file, 0, NULL }, { "flags", CF_STRING | CF_FLIST, conf_set_oper_flags, 0, NULL }, { "umodes", CF_STRING | CF_FLIST, conf_set_oper_umodes, 0, NULL }, + { "privset", CF_QSTRING, conf_set_oper_privset, 0, NULL }, { "snomask", CF_QSTRING, conf_set_oper_snomask, 0, NULL }, { "user", CF_QSTRING, conf_set_oper_user, 0, NULL }, { "password", CF_QSTRING, conf_set_oper_password, 0, NULL }, diff --git a/src/s_newconf.c b/src/s_newconf.c index af8110100..93f589684 100644 --- a/src/s_newconf.c +++ b/src/s_newconf.c @@ -318,55 +318,6 @@ find_oper_conf(const char *username, const char *host, const char *locip, const return NULL; } -struct oper_flags -{ - int flag; - const char *name; -}; -static struct oper_flags oper_flagtable[] = -{ - { OPER_KLINE, "kline" }, - { OPER_XLINE, "xline" }, - { OPER_RESV, "resv" }, - { OPER_GLOBKILL, "global_kill" }, - { OPER_LOCKILL, "local_kill" }, - { OPER_REMOTE, "remote" }, - { OPER_UNKLINE, "unkline" }, - { OPER_REHASH, "rehash" }, - { OPER_DIE, "die" }, - { OPER_ADMIN, "admin" }, - { OPER_HADMIN, "hidden_admin" }, - { OPER_NICKS, "nick_changes" }, - { OPER_OPERWALL, "operwall" }, - { OPER_SPY, "spy" }, - { OPER_INVIS, "hidden_oper" }, - { OPER_REMOTEBAN, "remoteban" }, - { OPER_MASSNOTICE, "mass_notice" }, - { 0, NULL } -}; - -const char * -get_oper_privs(int flags) -{ - static char buf[BUFSIZE]; - char *p; - int i; - - p = buf; - *p = '\0'; - - for(i = 0; oper_flagtable[i].flag; i++) - if (flags & oper_flagtable[i].flag) - { - if(*buf != '\0') - rb_strlcat(buf, ", ", sizeof(buf)); - - rb_strlcat(buf, oper_flagtable[i].name, sizeof(buf)); - } - - return buf; -} - struct server_conf * make_server_conf(void) { diff --git a/src/s_user.c b/src/s_user.c index 57f3432e1..fa6ce1bcb 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -1276,7 +1276,8 @@ oper_up(struct Client *source_p, struct oper_conf *oper_p) sendto_one_numeric(source_p, RPL_SNOMASK, form_str(RPL_SNOMASK), construct_snobuf(source_p->snomask)); sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, source_p->name); - sendto_one_notice(source_p, ":*** Oper privs are %s", get_oper_privs(oper_p->flags)); + sendto_one_notice(source_p, ":*** Oper privilege set is %s", oper_p->privset->name); + sendto_one_notice(source_p, ":*** Oper privs are %s", oper_p->privset->privs); send_oper_motd(source_p); return (1); From 3d8f7aa7b469592ec132bb50e13403817c7d735d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:41:52 -0500 Subject: [PATCH 052/113] Allow : to be in 'string' values. --- src/ircd_lexer.l | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ircd_lexer.l b/src/ircd_lexer.l index 4770c3e77..e7df1da93 100644 --- a/src/ircd_lexer.l +++ b/src/ircd_lexer.l @@ -91,7 +91,7 @@ ws [ \t]* digit [0-9] comment #.* qstring \"[^\"\n]*[\"\n] -string [a-zA-Z_\~][a-zA-Z0-9_]* +string [a-zA-Z_\~\:][a-zA-Z0-9_\:]* include \.include{ws}(\<.*\>|\".*\") %% From f80958276f3042f8fbdde7c3b9eccad659769e4a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:44:46 -0500 Subject: [PATCH 053/113] Make sure extended privilege sets are added to the registry. --- src/privilege.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/privilege.c b/src/privilege.c index c2ce6e2b4..aa6febe6b 100644 --- a/src/privilege.c +++ b/src/privilege.c @@ -72,6 +72,8 @@ privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *p strcat(set->privs, " "); strcat(set->privs, privs); + rb_dlinkAdd(set, &set->node, &privilegeset_list); + return set; } From 065f67db89592e0a803d9b7d45f9c840a20768af Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:46:18 -0500 Subject: [PATCH 054/113] fix another stupid bug, gah --- src/newconf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/newconf.c b/src/newconf.c index e6a1d5652..40515e189 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -471,7 +471,7 @@ conf_set_privset_privs(void *data) char *privs_old = privs; privs = rb_malloc(strlen(privs_old) + 1 + strlen(args->v.string) + 1); - strcpy(privs_old, privs); + strcpy(privs, privs_old); strcat(privs, " "); strcat(privs, args->v.string); From f11d08a4051db23aa6a87718b7b3cb805b78a272 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sun, 17 Aug 2008 14:46:29 +0200 Subject: [PATCH 055/113] Remove another servlink remnant. --- include/s_conf.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/s_conf.h b/include/s_conf.h index 5e6834f34..b556ff087 100644 --- a/include/s_conf.h +++ b/include/s_conf.h @@ -134,7 +134,6 @@ struct config_file_entry const char *xlinefile; const char *resvfile; - char *servlink_path; char *egdpool_path; char *default_operstring; From 76de88805d5fbb1a7ebf602dcd91fa76847c57f8 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:47:06 -0500 Subject: [PATCH 056/113] same bug --- src/privilege.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/privilege.c b/src/privilege.c index aa6febe6b..40bdbcd8a 100644 --- a/src/privilege.c +++ b/src/privilege.c @@ -68,7 +68,7 @@ privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *p set->name = rb_strdup(name); set->flags = flags; set->privs = rb_malloc(strlen(parent->privs) + 1 + strlen(privs) + 1); - strcpy(parent->privs, set->privs); + strcpy(set->privs, parent->privs); strcat(set->privs, " "); strcat(set->privs, privs); From 8c59a8403bd519cc8342de1978be2fcd27755fd1 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sun, 17 Aug 2008 14:49:01 +0200 Subject: [PATCH 057/113] Add 328 numeric (ChanServ channel URL) to the header files. --- include/numeric.h | 2 ++ src/messages.tab | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/numeric.h b/include/numeric.h index af9435d05..b80c200d2 100644 --- a/include/numeric.h +++ b/include/numeric.h @@ -154,6 +154,8 @@ extern const char *form_str(int); #define RPL_LISTEND 323 #define RPL_CHANNELMODEIS 324 +#define RPL_CHANNELURL 328 /* to be sent by services */ + #define RPL_CREATIONTIME 329 #define RPL_WHOISLOGGEDIN 330 diff --git a/src/messages.tab b/src/messages.tab index 2166b6462..2424e0f74 100644 --- a/src/messages.tab +++ b/src/messages.tab @@ -349,7 +349,7 @@ static const char * replies[] = { /* 325 */ NULL, /* 326 */ NULL, /* 327 */ NULL, -/* 328 */ NULL, +/* 328 RPL_CHANNELURL */ NULL, /* 329 RPL_CREATIONTIME, */ ":%s 329 %s %s %lu", /* 330 RPL_WHOISLOGGEDIN */ ":%s 330 %s %s %s :is logged in as", /* 331 RPL_NOTOPIC, */ ":%s 331 %s %s :No topic is set.", From e62b8b4a537fa3176e33639824d73518640cba86 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:53:29 -0500 Subject: [PATCH 058/113] update oper line --- src/messages.tab | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/messages.tab b/src/messages.tab index 2166b6462..a55c45929 100644 --- a/src/messages.tab +++ b/src/messages.tab @@ -402,7 +402,7 @@ static const char * replies[] = { /* 378 RPL_WHOISHOST, */ "%s :is connecting from *@%s %s", /* 379 */ NULL, /* 380 */ NULL, -/* 381 RPL_YOUREOPER, */ ":%s 381 %s :Congratulations! You are now an mIRC warrior.", +/* 381 RPL_YOUREOPER, */ ":%s 381 %s :I can't work under these conditions anymore! The charybdis developers' jokes are just too lame!!! I quit! Really!", /* 382 RPL_REHASHING, */ ":%s 382 %s %s :Rehashing", /* 383 */ NULL, /* 384 RPL_MYPORTIS, */ NULL, From 39a68b537643295178794359c626106589dc484c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:06:28 -0500 Subject: [PATCH 059/113] ircd initialization: add a "default" privset with no privs. --- src/ircd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ircd.c b/src/ircd.c index 1f8922799..a5c7bcdbe 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -66,6 +66,7 @@ #include "serno.h" #include "sslproc.h" #include "chmode.h" +#include "privilege.h" /* /quote set variables */ struct SetOptions GlobalSetOptions; @@ -662,6 +663,7 @@ main(int argc, char *argv[]) #endif init_auth(); /* Initialise the auth code */ init_resolver(); /* Needs to be setup before the io loop */ + privilegeset_set_new("default", "", 0); if (testing_conf) fprintf(stderr, "\nBeginning config test\n"); From 49b0375d62ea781f117369ce68d0827e591e0c43 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:08:23 -0500 Subject: [PATCH 060/113] Make use of the new default privset!! --- src/newconf.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/newconf.c b/src/newconf.c index 40515e189..b8fcee13b 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -487,13 +487,9 @@ conf_set_privset_privs(void *data) if (!set) { - conf_report_error("Warning -- unknown parent privilege set %s for %s; ignored.", yy_privset_extends, conf_cur_block_name); + conf_report_error("Warning -- unknown parent privilege set %s for %s; assuming defaults", yy_privset_extends, conf_cur_block_name); - rb_free(yy_privset_extends); - rb_free(privs); - - yy_privset_extends = NULL; - return; + set = privilegeset_get("default"); } privilegeset_extend(set, conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); @@ -634,6 +630,9 @@ static void conf_set_oper_privset(void *data) { yy_oper->privset = privilegeset_get((char *) data); + + if (!yy_oper->privset) + yy_oper->privset = privilegeset_get("default"); } static void From 598b4cf10cedbf07552deaad0c43792f0300bc3b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:22:56 -0500 Subject: [PATCH 061/113] privilegeset_ref(): return the privilegeset --- include/privilege.h | 2 +- src/privilege.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/privilege.h b/include/privilege.h index 4eb7564bc..c454efca4 100644 --- a/include/privilege.h +++ b/include/privilege.h @@ -42,7 +42,7 @@ int privilegeset_in_set(struct PrivilegeSet *set, const char *priv); struct PrivilegeSet *privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags); struct PrivilegeSet *privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *privs, PrivilegeFlags flags); struct PrivilegeSet *privilegeset_get(const char *name); -void privilegeset_ref(struct PrivilegeSet *set); +struct PrivilegeSet *privilegeset_ref(struct PrivilegeSet *set); void privilegeset_unref(struct PrivilegeSet *set); #endif diff --git a/src/privilege.c b/src/privilege.c index 40bdbcd8a..060cf4895 100644 --- a/src/privilege.c +++ b/src/privilege.c @@ -95,12 +95,14 @@ privilegeset_get(const char *name) return NULL; } -void +struct PrivilegeSet * privilegeset_ref(struct PrivilegeSet *set) { s_assert(set != NULL); set->refs++; + + return set; } void From ef24271618d11dbffd941623156bfe07b06d5078 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:23:40 -0500 Subject: [PATCH 062/113] Make a reference to privset in Client.localClient. --- include/client.h | 3 +++ src/s_user.c | 1 + 2 files changed, 4 insertions(+) diff --git a/include/client.h b/include/client.h index 02b39f908..6c8564928 100644 --- a/include/client.h +++ b/include/client.h @@ -40,6 +40,7 @@ #include "snomask.h" #include "match.h" #include "ircd.h" +#include "privilege.h" /* other structs */ struct Blacklist; @@ -281,6 +282,8 @@ struct LocalUser struct ZipStats *zipstats; /* zipstats */ uint16_t cork_count; /* used for corking/uncorking connections */ struct ev_entry *event; /* used for associated events */ + + struct PrivilegeSet *privset; /* privset... */ }; struct PreClient diff --git a/src/s_user.c b/src/s_user.c index fa6ce1bcb..01a21e879 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -1250,6 +1250,7 @@ oper_up(struct Client *source_p, struct oper_conf *oper_p) source_p->flags2 |= oper_p->flags; source_p->localClient->opername = rb_strdup(oper_p->name); + source_p->localClient->privset = privilegeset_ref(oper_p->privset); rb_dlinkAddAlloc(source_p, &local_oper_list); rb_dlinkAddAlloc(source_p, &oper_list); From 6ac9e53ee47928ea4e934754b4d4b0d4e68d51bf Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:36:17 -0500 Subject: [PATCH 063/113] All modules converted to use privsets by porting the macro over. New macro, HasPrivilege() does most of the work here, the old IsOper*() macros are deprecated, and will likely be removed later. --- include/s_newconf.h | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/include/s_newconf.h b/include/s_newconf.h index ef2887fbb..0e135f2ef 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -167,24 +167,25 @@ extern void cluster_generic(struct Client *, const char *, int cltype, #define IsOperConfEncrypted(x) ((x)->flags & OPER_ENCRYPTED) -#define IsOperGlobalKill(x) ((x)->flags2 & OPER_GLOBKILL) -#define IsOperLocalKill(x) ((x)->flags2 & OPER_LOCKILL) -#define IsOperRemote(x) ((x)->flags2 & OPER_REMOTE) -#define IsOperUnkline(x) ((x)->flags2 & OPER_UNKLINE) -#define IsOperN(x) ((x)->flags2 & OPER_NICKS) -#define IsOperK(x) ((x)->flags2 & OPER_KLINE) -#define IsOperXline(x) ((x)->flags2 & OPER_XLINE) -#define IsOperResv(x) ((x)->flags2 & OPER_RESV) -#define IsOperDie(x) ((x)->flags2 & OPER_DIE) -#define IsOperRehash(x) ((x)->flags2 & OPER_REHASH) -#define IsOperHiddenAdmin(x) ((x)->flags2 & OPER_HADMIN) -#define IsOperAdmin(x) (((x)->flags2 & OPER_ADMIN) || \ - ((x)->flags2 & OPER_HADMIN)) -#define IsOperOperwall(x) ((x)->flags2 & OPER_OPERWALL) -#define IsOperSpy(x) ((x)->flags2 & OPER_SPY) -#define IsOperInvis(x) ((x)->flags2 & OPER_INVIS) -#define IsOperRemoteBan(x) ((x)->flags2 & OPER_REMOTEBAN) -#define IsOperMassNotice(x) ((x)->flags2 & OPER_MASSNOTICE) +#define HasPrivilege(x, y) (privilegeset_in_set((x)->localClient->privset, (y))) + +#define IsOperGlobalKill(x) (HasPrivilege((x), "oper:global_kill")) +#define IsOperLocalKill(x) (HasPrivilege((x), "oper:local_kill")) +#define IsOperRemote(x) (HasPrivilege((x), "oper:routing")) +#define IsOperUnkline(x) (HasPrivilege((x), "oper:unkline")) +#define IsOperN(x) (HasPrivilege((x), "snomask:nick_changes")) +#define IsOperK(x) (HasPrivilege((x), "oper:kline")) +#define IsOperXline(x) (HasPrivilege((x), "oper:xline")) +#define IsOperResv(x) (HasPrivilege((x), "oper:resv")) +#define IsOperDie(x) (HasPrivilege((x), "oper:die")) +#define IsOperRehash(x) (HasPrivilege((x), "oper:rehash")) +#define IsOperHiddenAdmin(x) (HasPrivilege((x), "oper:hidden_admin")) +#define IsOperAdmin(x) (HasPrivilege((x), "oper:admin") || HasPrivilege((x), "oper:hidden_admin")) +#define IsOperOperwall(x) (HasPrivilege((x), "oper:operwall")) +#define IsOperSpy(x) (HasPrivilege((x), "oper:spy")) +#define IsOperInvis(x) (HasPrivilege((x), "oper:hidden")) +#define IsOperRemoteBan(x) (HasPrivilege((x), "oper:remoteban")) +#define IsOperMassNotice(x) (HasPrivilege((x), "oper:mass_notice")) extern struct oper_conf *make_oper_conf(void); extern void free_oper_conf(struct oper_conf *); From 880c94adb426a7e85ad2826c9562c05c5714d0e9 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:40:10 -0500 Subject: [PATCH 064/113] /stats o: display name of privset instead of privs --- modules/m_stats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/m_stats.c b/modules/m_stats.c index b5738a743..653a0e1c5 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -674,7 +674,7 @@ stats_oper(struct Client *source_p) sendto_one_numeric(source_p, RPL_STATSOLINE, form_str(RPL_STATSOLINE), oper_p->username, oper_p->host, oper_p->name, - IsOper(source_p) ? get_oper_privs(oper_p->flags) : "0", "-1"); + IsOper(source_p) ? oper_p->privset->name : "0", "-1"); } } From f37fc9389b8810936985fc02afac0ef5d0e42a18 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:52:04 -0500 Subject: [PATCH 065/113] HasPrivilege(): check to make sure localClient and localClient.privset are non-NULL. --- include/s_newconf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/s_newconf.h b/include/s_newconf.h index 0e135f2ef..d3f9b1f51 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -167,7 +167,7 @@ extern void cluster_generic(struct Client *, const char *, int cltype, #define IsOperConfEncrypted(x) ((x)->flags & OPER_ENCRYPTED) -#define HasPrivilege(x, y) (privilegeset_in_set((x)->localClient->privset, (y))) +#define HasPrivilege(x, y) ((x)->localClient != NULL && (x)->localClient->privset != NULL && privilegeset_in_set((x)->localClient->privset, (y))) #define IsOperGlobalKill(x) (HasPrivilege((x), "oper:global_kill")) #define IsOperLocalKill(x) (HasPrivilege((x), "oper:local_kill")) From 50f257926491cb48806c5bd9aa635aaf9383154a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:56:40 -0500 Subject: [PATCH 066/113] m_privs: Add stuff for privsets here too. --- modules/m_privs.c | 43 ++++++++++--------------------------------- 1 file changed, 10 insertions(+), 33 deletions(-) diff --git a/modules/m_privs.c b/modules/m_privs.c index e4479f6de..1d24aad5a 100644 --- a/modules/m_privs.c +++ b/modules/m_privs.c @@ -60,28 +60,6 @@ struct mode_table int mode; }; -static struct mode_table oper_table[] = { - /*{"encrypted", OPER_ENCRYPTED },*/ - {"local_kill", OPER_LOCKILL }, - {"global_kill", OPER_GLOBKILL/*|OPER_LOCKILL*/ }, - {"remote", OPER_REMOTE }, - {"kline", OPER_KLINE }, - {"unkline", OPER_UNKLINE }, - {"nick_changes", OPER_NICKS }, - {"rehash", OPER_REHASH }, - {"die", OPER_DIE }, - {"admin", OPER_ADMIN }, - {"hidden_admin", OPER_HADMIN }, - {"xline", OPER_XLINE }, - {"resv", OPER_RESV }, - {"operwall", OPER_OPERWALL }, - {"oper_spy", OPER_SPY }, - {"hidden_oper", OPER_INVIS }, - {"remoteban", OPER_REMOTEBAN }, - {"mass_notice", OPER_MASSNOTICE }, - {NULL, 0} -}; - /* there is no such table like this anywhere else */ static struct mode_table auth_client_table[] = { {"resv_exempt", FLAGS2_EXEMPTRESV }, @@ -101,23 +79,22 @@ static void show_privs(struct Client *source_p, struct Client *target_p) struct mode_table *p; buf[0] = '\0'; - p = &oper_table[0]; - while (p->name != NULL) - { - if (target_p->flags2 & p->mode) - { - if (buf[0] != '\0') - rb_strlcat(buf, " ", sizeof buf); - rb_strlcat(buf, p->name, sizeof buf); - } - p++; - } + if (target_p->localClient->privset) + rb_strlcat(buf, target_p->localClient->privset->privs, sizeof buf); if (IsOper(target_p)) { if (buf[0] != '\0') rb_strlcat(buf, " ", sizeof buf); rb_strlcat(buf, "operator:", sizeof buf); rb_strlcat(buf, target_p->localClient->opername, sizeof buf); + + if (target_p->localClient->privset) + { + if (buf[0] != '\0') + rb_strlcat(buf, " ", sizeof buf); + rb_strlcat(buf, "privset:", sizeof buf); + rb_strlcat(buf, target_p->localClient->privset->name, sizeof buf); + } } p = &auth_client_table[0]; while (p->name != NULL) From b50109703085bb99a1672b4b7b9b8cb0d7e52551 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:58:34 -0500 Subject: [PATCH 067/113] privset example: Add a privset for local bots like BOPM and TCMs. --- doc/example.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/example.conf b/doc/example.conf index 3b92a77fd..eba8168d2 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -190,6 +190,11 @@ privset "local_op" { privs = oper:local_kill, oper:operwall; }; +privset "server_bot" { + extends = "local_op"; + privs = oper:global_kill, oper:kline, oper:remote_ban, snomask:nick_changes; +}; + privset "global_op" { extends = "local_op"; privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, From a8240d5c433812befc2752db5a26e03aaf357eac Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 09:30:31 -0500 Subject: [PATCH 068/113] update TODO --- TODO | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/TODO b/TODO index d31508ab7..661c35dda 100644 --- a/TODO +++ b/TODO @@ -14,12 +14,11 @@ [x] in-process SSL [x] port and use ratbox ssld for server links [x] merge with libratbox SVN -[/] ssl stuff +[x] ssl stuff [x] client-to-client ssl [x] server-to-server ssl [x] ssl usermode (+Z) [x] ssl channelmode (done by extban and chm_compat) - [ ] acknowledgement message for SSL users like '* *** You are connected using SSL cipher "DHE RSA-AES 128 CBC-SHA"' [x] tool for generating ssl certificates and other stuff [x] gnutls backend for at least SSL connections (replacing libcrypto use in m_challenge would be nice too) [x] merge some stuff from ircd-seven directly (to be determined what) @@ -32,27 +31,28 @@ [?] Patch or core-feature - libguess on-fly any-charset-to-utf8 translation [/] module engine rework [/] more beautiful way of adding new channel modes by module - [x] basic functionality - [x] some example modules - [ ] think on how could we append privilege checking for simple chmode - like chm_staff, but additionaly limited (e. g. IsOperResv etc); - possibly move the same code for all functions into separated one and make it extern? - another idea is too make that work with privilege groups, like "serveradmins" or "ircops" + [x] basic functionality + [x] some example modules + [ ] think on how could we append privilege checking for simple chmode - like chm_staff, but additionaly limited (e. g. IsOperResv etc); + possibly move the same code for all functions into separated one and make it extern? + [x] another idea is too make that work with privilege groups, like "serveradmins" or "ircops" [ ] make nick/user/host validation functions/match tables able to work in separated modules, this will help us making support for native characters sets/slashes in host etc [ ] auth checker module [ ] resolver module [ ] hooks - [ ] can_kick - which modules could we add in charybdis distro? - [ ] can_send_channel - [?] +C (ctcp) - [ ] can_send_user - [?] +C (ctcp) - [ ] privilege system for privilege groups, something like + [ ] can_kick + which modules could we add in charybdis distro? + [ ] can_send_channel + [?] +C (ctcp) + [ ] can_send_user + [?] +C (ctcp) + [x] privilege system for privilege groups, something like in .conf: helper { kill_global, rehash, kline_local } in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done + -- this is done kinda like this, but not really. See HasPrivilege() calls. privilege_add() was not needed ~nenolod [x] Remove glines entirely -[x] test suite as in ircu +[/] test suite as in ircu [?] win32 [?] cygwin support [?] mingw support From bdd296d5b920c6fe3e0dc6f9b876199566cd0dfb Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sun, 17 Aug 2008 22:55:57 +0200 Subject: [PATCH 069/113] Use C locale for the compilation date. --- TODO | 2 +- src/version.c.SH | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/TODO b/TODO index 661c35dda..76eb97c43 100644 --- a/TODO +++ b/TODO @@ -59,7 +59,7 @@ [?] native win32 (VS2005/VS2008) [/] Bug fixes [x] Compilation without zlib headers fails - fixed - [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage + [x] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage [ ] Improvments [ ] ircd shouldn't need bison/byacc/yacc or flex for compilation --- other stuff diff --git a/src/version.c.SH b/src/version.c.SH index 769daf83e..59a5ee820 100644 --- a/src/version.c.SH +++ b/src/version.c.SH @@ -19,7 +19,7 @@ generation=`expr $generation + 1` uname=`uname -a` -creation=`date | \ +creation=`LC_ALL=C date | \ awk '{if (NF == 6) \ { print $1 " " $2 " " $3 " " $6 " at " $4 " " $5 } \ else \ From 7d5acab766e675a92bfaae053c68f16175f4ad5d Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Mon, 18 Aug 2008 00:55:12 +0200 Subject: [PATCH 070/113] Fix crash if there is no privset= in an operator{}. --- src/newconf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/newconf.c b/src/newconf.c index b8fcee13b..33bd7e023 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -560,6 +560,10 @@ conf_end_oper(struct TopConf *tc) return 0; } + + if (!yy_oper->privset) + yy_oper->privset = privilegeset_get("default"); + /* now, yy_oper_list contains a stack of oper_conf's with just user * and host in, yy_oper contains the rest of the information which * we need to copy into each element in yy_oper_list @@ -630,9 +634,6 @@ static void conf_set_oper_privset(void *data) { yy_oper->privset = privilegeset_get((char *) data); - - if (!yy_oper->privset) - yy_oper->privset = privilegeset_get("default"); } static void From 83dfad0e75374fb1e5a7f54290f613bd861da4cd Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Mon, 25 Aug 2008 18:24:24 +0200 Subject: [PATCH 071/113] Clear privset on deoper. --- src/s_user.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/s_user.c b/src/s_user.c index 01a21e879..319e933f7 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -965,6 +965,8 @@ user_mode(struct Client *client_p, struct Client *source_p, int parc, const char source_p->localClient->opername = NULL; rb_dlinkFindDestroy(source_p, &local_oper_list); + privilegeset_unref(source_p->localClient->privset); + source_p->localClient->privset = NULL; } rb_dlinkFindDestroy(source_p, &oper_list); From e27ac6024d19bb2a385e9f66f0d2641ab4a10b4d Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Mon, 25 Aug 2008 18:48:30 +0200 Subject: [PATCH 072/113] ssld: un #if 0 the /dev/null stuff out --- ssld/ssld.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ssld/ssld.c b/ssld/ssld.c index 58e1bd0f9..83ba7655e 100644 --- a/ssld/ssld.c +++ b/ssld/ssld.c @@ -1076,7 +1076,6 @@ main(int argc, char **argv) close(x); } -#if 0 x = open("/dev/null", O_RDWR); if(x >= 0) { @@ -1089,7 +1088,7 @@ main(int argc, char **argv) if(x > 2) close(x); } -#endif + setup_signals(); rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096); rb_init_rawbuffers(1024); From e4bb4f3645d972bfbfe283c7580d9a98ca5460f2 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 26 Aug 2008 00:00:11 +0200 Subject: [PATCH 073/113] Remove another remnant of server hostmasking. --- modules/core/m_server.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 95926f10c..e9362df01 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -292,12 +292,6 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * doesnt exist, although ircd can handle it, its not a realistic * solution.. --fl_ */ - /* It is behind a host-masked server. Completely ignore the - * server message(don't propagate or we will delink from whoever - * we propagate to). -A1kmm */ - if(irccmp(target_p->name, name) && target_p->from == client_p) - return 0; - sendto_one(client_p, "ERROR :Server %s already exists", name); sendto_realops_snomask(SNO_GENERAL, L_ALL, From 3540120ad5651aad3a12a0fe50860335681195fd Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 28 Aug 2008 00:49:04 +0200 Subject: [PATCH 074/113] Fix ident for ssl connections. --- include/client.h | 2 ++ src/listener.c | 7 ++++--- src/s_auth.c | 10 +--------- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/include/client.h b/include/client.h index 6c8564928..33491442a 100644 --- a/include/client.h +++ b/include/client.h @@ -298,6 +298,8 @@ struct PreClient rb_dlink_list dnsbl_queries; /* list of struct BlacklistClient * */ struct Blacklist *dnsbl_listed; /* first dnsbl where it's listed */ + + struct rb_sockaddr_storage lip; /* address of our side of the connection */ }; struct ListClient diff --git a/src/listener.c b/src/listener.c index 0849ab63d..e8dfb270d 100644 --- a/src/listener.c +++ b/src/listener.c @@ -435,7 +435,7 @@ close_listeners() * any client list yet. */ static void -add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl) +add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, struct sockaddr *lai, void *ssl_ctl) { struct Client *new_client; s_assert(NULL != listener); @@ -447,6 +447,7 @@ add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, voi new_client = make_client(NULL); memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage)); + memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage)); /* * copy address to 'sockhost' as a string, copy it to host too @@ -553,7 +554,7 @@ accept_ssld(rb_fde_t *F, struct sockaddr *addr, struct sockaddr *laddr, struct L rb_fde_t *xF[2]; rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Incoming ssld Connection"); ctl = start_ssld_accept(F, xF[1], rb_get_fd(xF[0])); /* this will close F for us */ - add_connection(listener, xF[0], addr, ctl); + add_connection(listener, xF[0], addr, laddr, ctl); } static void @@ -575,5 +576,5 @@ accept_callback(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t add if(listener->ssl) accept_ssld(F, addr, (struct sockaddr *)&lip, listener); else - add_connection(listener, F, addr, NULL); + add_connection(listener, F, addr, (struct sockaddr *)&lip, NULL); } diff --git a/src/s_auth.c b/src/s_auth.c index 83407b37b..a6143bb11 100644 --- a/src/s_auth.c +++ b/src/s_auth.c @@ -297,7 +297,6 @@ static int start_auth_query(struct AuthRequest *auth) { struct rb_sockaddr_storage localaddr, destaddr; - socklen_t locallen = sizeof(struct rb_sockaddr_storage); rb_fde_t *F; int family; @@ -333,14 +332,7 @@ start_auth_query(struct AuthRequest *auth) * since the ident request must originate from that same address-- * and machines with multiple IP addresses are common now */ - memset(&localaddr, 0, locallen); - if(getsockname(rb_get_fd(auth->client->localClient->F), - (struct sockaddr *) &localaddr, &locallen) == -1) - { - /* can happen if connection was just closed */ - rb_close(F); - return 0; - } + localaddr = auth->client->preClient->lip; /* XXX mangle_mapped_sockaddr((struct sockaddr *)&localaddr); */ #ifdef RB_IPV6 From 9692f954c646f302fc81feae1e6083d581f45586 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 28 Aug 2008 01:05:41 +0200 Subject: [PATCH 075/113] Don't try to add a closed connection. ircd-ratbox r25965 (jilles) --- src/listener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/listener.c b/src/listener.c index e8dfb270d..cc8f3aebf 100644 --- a/src/listener.c +++ b/src/listener.c @@ -571,6 +571,7 @@ accept_callback(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t add /* this shouldn't fail so... */ /* XXX add logging of this */ rb_close(F); + return; } if(listener->ssl) From d60a42a27fcf0d9757d35292b188aa9a9954b5f8 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 28 Aug 2008 01:06:19 +0200 Subject: [PATCH 076/113] Fix comment, getsockname() can fail legitimately. from ircd-ratbox r25967 (jilles) --- src/listener.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/listener.c b/src/listener.c index cc8f3aebf..7f270a153 100644 --- a/src/listener.c +++ b/src/listener.c @@ -568,8 +568,7 @@ accept_callback(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t add if(getsockname(rb_get_fd(F), (struct sockaddr *) &lip, &locallen) < 0) { - /* this shouldn't fail so... */ - /* XXX add logging of this */ + /* this can fail if the connection disappeared in the meantime */ rb_close(F); return; } From 03c1fe215336e081f549486ddd74ff3035a0add6 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 29 Aug 2008 01:34:18 +0200 Subject: [PATCH 077/113] Make genssl.sh work. Submitted by jdhore. --- tools/genssl.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tools/genssl.sh b/tools/genssl.sh index a55ae97ae..5e435487d 100755 --- a/tools/genssl.sh +++ b/tools/genssl.sh @@ -1,9 +1,6 @@ #!/bin/sh -echo "Generating certificate request .. " -openssl req -new -nodes -out ../etc/req.pem - echo "Generating self-signed certificate .. " -openssl req -x509 -days 365 -in ../etc/req.pem -key ../etc/rsa.key -out ../etc/cert.pem +openssl req -x509 -nodes -newkey rsa:1024 -keyout ../etc/test.key -out ../etc/test.cert echo "Generating Diffie-Hellman file for secure SSL/TLS negotiation .. " openssl dhparam -out ../etc/dh.pem 1024 @@ -11,8 +8,8 @@ openssl dhparam -out ../etc/dh.pem 1024 echo " Now change these lines in the IRCd config file: - ssl_private_key = "etc/rsa.key"; - ssl_cert = "etc/cert.pem"; + ssl_private_key = "etc/test.key"; + ssl_cert = "etc/test.cert"; ssl_dh_params = "etc/dh.pem"; Enjoy using ssl. From ab2b9e23cc9c24bf72adbdcd5402eaa0868e65a2 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 29 Aug 2008 01:58:10 +0200 Subject: [PATCH 078/113] Fix a memory leak. found using llvm static analyzer --- src/hostmask.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/hostmask.c b/src/hostmask.c index a0a193d5c..d02404882 100644 --- a/src/hostmask.c +++ b/src/hostmask.c @@ -446,7 +446,6 @@ find_exact_conf_by_address(const char *address, int type, const char *username) if(address == NULL) address = "/NOMATCH!/"; - arec = rb_malloc(sizeof(struct AddressRec)); masktype = parse_netmask(address, (struct sockaddr *)&addr, &bits); #ifdef RB_IPV6 if(masktype == HM_IPV6) From d7dc7ae6c1563a32d2002a5ac8a6ab6b997ddd7f Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 29 Aug 2008 02:53:52 +0200 Subject: [PATCH 079/113] Remove some dead code. found using llvm static analyzer --- modules/core/m_message.c | 3 --- modules/m_whois.c | 7 ------- src/client.c | 3 --- src/extban.c | 5 +---- 4 files changed, 1 insertion(+), 17 deletions(-) diff --git a/modules/core/m_message.c b/modules/core/m_message.c index fc0896ff3..658a2a309 100644 --- a/modules/core/m_message.c +++ b/modules/core/m_message.c @@ -916,7 +916,6 @@ handle_special(int p_or_n, const char *command, struct Client *client_p, struct Client *target_p; char *server; char *s; - int count; /* user[%host]@server addressed? * NOTE: users can send to user@server, but not user%host@server @@ -931,8 +930,6 @@ handle_special(int p_or_n, const char *command, struct Client *client_p, return; } - count = 0; - if(!IsOper(source_p)) { if(strchr(nick, '%') || (strncmp(nick, "opers", 5) == 0)) diff --git a/modules/m_whois.c b/modules/m_whois.c index 54c71a1d5..40a8d52e6 100644 --- a/modules/m_whois.c +++ b/modules/m_whois.c @@ -239,16 +239,9 @@ single_whois(struct Client *source_p, struct Client *target_p, int operspy) char *t; int tlen; hook_data_client hdata; - char *name; - char quest[] = "?"; int visible; int extra_space = 0; - if(target_p->name[0] == '\0') - name = quest; - else - name = target_p->name; - if(target_p->user == NULL) { s_assert(0); diff --git a/src/client.c b/src/client.c index 8e8dd6810..0f717bc77 100644 --- a/src/client.c +++ b/src/client.c @@ -1361,15 +1361,12 @@ static int qs_server(struct Client *client_p, struct Client *source_p, struct Client *from, const char *comment) { - struct Client *target_p; - if(source_p->servptr && source_p->servptr->serv) rb_dlinkDelete(&source_p->lnode, &source_p->servptr->serv->servers); else s_assert(0); rb_dlinkFindDestroy(source_p, &global_serv_list); - target_p = source_p->from; if(has_id(source_p)) del_from_id_hash(source_p->id, source_p); diff --git a/src/extban.c b/src/extban.c index c8a04df98..8890fccaf 100644 --- a/src/extban.c +++ b/src/extban.c @@ -68,17 +68,14 @@ int valid_extban(const char *banstr, struct Client *client_p, struct Channel *chptr, long mode_type) { const char *p; - int invert = 0, result = EXTBAN_INVALID; + int result = EXTBAN_INVALID; ExtbanFunc f; if (*banstr != '$') return 0; p = banstr + 1; if (*p == '~') - { - invert = 1; p++; - } f = extban_table[(unsigned char) ToLower(*p)]; if (*p != '\0') { From 81c7f48295e0e6da4174cf98e971b66a99bb6465 Mon Sep 17 00:00:00 2001 From: Stephen Bennett Date: Fri, 29 Aug 2008 14:45:22 -0500 Subject: [PATCH 080/113] If auth_user and server password were given and not used, use auth_user as an account name in the nickserv identify command --- doc/sgml/oper-guide/charybdis-oper-guide.sgml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/sgml/oper-guide/charybdis-oper-guide.sgml b/doc/sgml/oper-guide/charybdis-oper-guide.sgml index 2c9c1a9fd..6dd8a17ef 100644 --- a/doc/sgml/oper-guide/charybdis-oper-guide.sgml +++ b/doc/sgml/oper-guide/charybdis-oper-guide.sgml @@ -5,6 +5,7 @@ + ]> @@ -37,6 +38,7 @@ &cmodes; &ucommands; &commands; + &extensions; &oprivs; &config; From 12f4addbed9b4946cf9ff16aa118c351fed0a37c Mon Sep 17 00:00:00 2001 From: Stephen Bennett Date: Fri, 29 Aug 2008 14:45:30 -0500 Subject: [PATCH 081/113] If auth_user and server password were given and not used, use auth_user as an account name in the nickserv identify command --- src/s_user.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/s_user.c b/src/s_user.c index 01a21e879..adbcea69b 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -649,11 +649,21 @@ introduce_client(struct Client *client_p, struct Client *source_p, struct User * else identifyservice_p = NULL; if (identifyservice_p != NULL) - sendto_one(identifyservice_p, ":%s PRIVMSG %s :%s %s", - get_id(source_p, identifyservice_p), - ConfigFileEntry.identifyservice, - ConfigFileEntry.identifycommand, - source_p->localClient->passwd); + { + if (!EmptyString(source_p->localClient->auth_user)) + sendto_one(identifyservice_p, ":%s PRIVMSG %s :%s %s %s", + get_id(source_p, identifyservice_p), + ConfigFileEntry.identifyservice, + ConfigFileEntry.identifycommand, + source_p->localClient->auth_user, + source_p->localClient->passwd); + else + sendto_one(identifyservice_p, ":%s PRIVMSG %s :%s %s", + get_id(source_p, identifyservice_p), + ConfigFileEntry.identifyservice, + ConfigFileEntry.identifycommand, + source_p->localClient->passwd); + } } memset(source_p->localClient->passwd, 0, strlen(source_p->localClient->passwd)); rb_free(source_p->localClient->passwd); From 917e9b1ab4a4127ffb3848d7b9ad7bca9466a01a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 29 Aug 2008 14:46:19 -0500 Subject: [PATCH 082/113] Backed out changeset 7f24e5f3fb86 --- doc/sgml/oper-guide/charybdis-oper-guide.sgml | 2 -- 1 file changed, 2 deletions(-) diff --git a/doc/sgml/oper-guide/charybdis-oper-guide.sgml b/doc/sgml/oper-guide/charybdis-oper-guide.sgml index 6dd8a17ef..2c9c1a9fd 100644 --- a/doc/sgml/oper-guide/charybdis-oper-guide.sgml +++ b/doc/sgml/oper-guide/charybdis-oper-guide.sgml @@ -5,7 +5,6 @@ - ]> @@ -38,7 +37,6 @@ &cmodes; &ucommands; &commands; - &extensions; &oprivs; &config; From 9f1bde2683916a2ef8911298a637b54ad5a76d35 Mon Sep 17 00:00:00 2001 From: Stephen Bennett Date: Fri, 29 Aug 2008 14:47:51 -0500 Subject: [PATCH 083/113] don't set an empty password or auth_user --- modules/m_pass.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/m_pass.c b/modules/m_pass.c index 0cc0747ba..b66de738f 100644 --- a/modules/m_pass.c +++ b/modules/m_pass.c @@ -83,9 +83,9 @@ mr_pass(struct Client *client_p, struct Client *source_p, int parc, const char * auth_user = NULL; } - client_p->localClient->passwd = rb_strndup(pass, PASSWDLEN); + client_p->localClient->passwd = *pass ? rb_strndup(pass, PASSWDLEN) : NULL; - if(auth_user) + if(auth_user && *auth_user) client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN); /* These are for servers only */ From 474b0d3515db52ecd7cb1b2ef30bd445f703a516 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 29 Aug 2008 15:27:34 -0500 Subject: [PATCH 084/113] Add change_isupport() to change the value of an ISUPPORT token. --- include/supported.h | 1 + src/supported.c | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/include/supported.h b/include/supported.h index d92c9b1f3..beeb89cc8 100644 --- a/include/supported.h +++ b/include/supported.h @@ -36,6 +36,7 @@ #define INCLUDED_supported_h extern void add_isupport(const char *, const char *(*)(const void *), const void *); +extern void change_isupport(const char *, const char *(*)(const void *), const void *); extern void delete_isupport(const char *); extern void show_isupport(struct Client *); extern void init_isupport(void); diff --git a/src/supported.c b/src/supported.c index e0f617e49..2f5247933 100644 --- a/src/supported.c +++ b/src/supported.c @@ -111,6 +111,27 @@ add_isupport(const char *name, const char *(*func)(const void *), const void *pa rb_dlinkAddTail(item, &item->node, &isupportlist); } +void +change_isupport(const char *name, const char *(*func)(const void *), const void *param) +{ + rb_dlink_node *ptr; + struct isupportitem *item; + + RB_DLINK_FOREACH(ptr, isupportlist.head) + { + item = ptr->data; + + if (!strcmp(item->name, name)) + { + item->name = name; + item->func = func; + item->param = param; + + break; + } + } +} + void delete_isupport(const char *name) { From 5d47bdca0fceaab8de7bd210a50a98d6e22ee2f2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 29 Aug 2008 15:36:41 -0500 Subject: [PATCH 085/113] Make change_isupport() return the old value!!! --- include/supported.h | 2 +- src/supported.c | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/supported.h b/include/supported.h index beeb89cc8..1ed7c0d42 100644 --- a/include/supported.h +++ b/include/supported.h @@ -36,7 +36,7 @@ #define INCLUDED_supported_h extern void add_isupport(const char *, const char *(*)(const void *), const void *); -extern void change_isupport(const char *, const char *(*)(const void *), const void *); +extern const void *change_isupport(const char *, const char *(*)(const void *), const void *); extern void delete_isupport(const char *); extern void show_isupport(struct Client *); extern void init_isupport(void); diff --git a/src/supported.c b/src/supported.c index 2f5247933..6c6b33c05 100644 --- a/src/supported.c +++ b/src/supported.c @@ -111,11 +111,12 @@ add_isupport(const char *name, const char *(*func)(const void *), const void *pa rb_dlinkAddTail(item, &item->node, &isupportlist); } -void +const void * change_isupport(const char *name, const char *(*func)(const void *), const void *param) { rb_dlink_node *ptr; struct isupportitem *item; + void *oldvalue; RB_DLINK_FOREACH(ptr, isupportlist.head) { @@ -123,6 +124,8 @@ change_isupport(const char *name, const char *(*func)(const void *), const void if (!strcmp(item->name, name)) { + oldvalue = item->param; + item->name = name; item->func = func; item->param = param; @@ -130,6 +133,8 @@ change_isupport(const char *name, const char *(*func)(const void *), const void break; } } + + return oldvalue; } void From 41d8802e8438a4d741fbb1a7d73827949ca6898c Mon Sep 17 00:00:00 2001 From: Valeriy Yatsko Date: Sun, 31 Aug 2008 03:57:27 +0400 Subject: [PATCH 086/113] We don't want to leave the isupport name in the extension memory space on changing it - fixed a bug (tnx Artem@IrcNet(RU)) --- src/supported.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/supported.c b/src/supported.c index 6c6b33c05..e788ad5e6 100644 --- a/src/supported.c +++ b/src/supported.c @@ -126,7 +126,7 @@ change_isupport(const char *name, const char *(*func)(const void *), const void { oldvalue = item->param; - item->name = name; + // item->name = name; item->func = func; item->param = param; From 3fe1c7281992f40f527ea252577b6154089b1f65 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 2 Sep 2008 23:40:22 +0200 Subject: [PATCH 087/113] oper:adminwall priv seems meaningless, remove it. --- doc/example.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/example.conf b/doc/example.conf index eba8168d2..3f8b0c393 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -203,7 +203,7 @@ privset "global_op" { privset "admin" { extends = "global_op"; - privs = oper:admin, oper:die, oper:rehash, oper:adminwall, oper:spy; + privs = oper:admin, oper:die, oper:rehash, oper:spy; }; operator "god" { From 477dc2e926e1e37fe00b0988ba7e3089af6ba84a Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 2 Sep 2008 23:42:51 +0200 Subject: [PATCH 088/113] Correct spelling of oper:remoteban in example.conf. --- doc/example.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/example.conf b/doc/example.conf index 3f8b0c393..09a518965 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -192,13 +192,13 @@ privset "local_op" { privset "server_bot" { extends = "local_op"; - privs = oper:global_kill, oper:kline, oper:remote_ban, snomask:nick_changes; + privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes; }; privset "global_op" { extends = "local_op"; privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, - oper:resv, oper:mass_notice, oper:remote_ban; + oper:resv, oper:mass_notice, oper:remoteban; }; privset "admin" { From b92d34adc15d0121dcc6d8d173976bd73eef16a6 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 2 Sep 2008 23:44:06 +0200 Subject: [PATCH 089/113] Do not use get_oper_name() for a netwide server notice, it may be confusing. --- extensions/m_sendbans.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/extensions/m_sendbans.c b/extensions/m_sendbans.c index f8829a08e..00ff7da8c 100644 --- a/extensions/m_sendbans.c +++ b/extensions/m_sendbans.c @@ -126,8 +126,9 @@ static int mo_sendbans(struct Client *client_p, struct Client *source_p, int par } sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, - "%s is sending resvs and xlines to %s", - get_oper_name(source_p), target); + "%s!%s@%s is sending resvs and xlines to %s", + source_p->name, source_p->username, source_p->host, + target); RB_DLINK_FOREACH(ptr, resv_conf_list.head) { From 8e34ffc66e91667197cd94025bc6299b36dd7c35 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 4 Sep 2008 01:41:49 +0200 Subject: [PATCH 090/113] Improve server notices about duplicate SIDs. Note that this is checked after duplicate server names, so it can only happen if multiple servers have the same SID configured. --- modules/core/m_server.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index e9362df01..4429718c1 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -220,14 +220,15 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char if(has_id(client_p) && (target_p = find_id(client_p->id)) != NULL) { sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, - "Attempt to re-introduce SID %s from %s%s", + "Attempt to re-introduce SID %s from %s%s (already in use by %s)", client_p->id, EmptyString(client_p->name) ? name : "", - client_p->name); - ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s", + client_p->name, target_p->name); + ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)", client_p->id, EmptyString(client_p->name) ? name : "", - log_client_name(client_p, SHOW_IP)); + log_client_name(client_p, SHOW_IP), + target_p->name); sendto_one(client_p, "ERROR :SID already exists."); exit_client(client_p, client_p, client_p, "SID Exists"); @@ -467,6 +468,7 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p int hop; int hlined = 0; int llined = 0; + char squitreason[160]; hop = atoi(parv[2]); @@ -487,14 +489,19 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p /* collision on the SID? */ if((target_p = find_id(parv[3])) != NULL) { - sendto_one(client_p, "ERROR :SID %s already exists", parv[3]); - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s cancelled, SID %s already exists", - client_p->name, parv[3]); - ilog(L_SERVER, "Link %s cancelled, SID %s already exists", - client_p->name, parv[3]); + sendto_wallops_flags(UMODE_WALLOP, &me, + "Link %s cancelled, SID %s for server %s already in use by %s", + client_p->name, parv[3], parv[1], target_p->name); + sendto_server(NULL, NULL, CAP_TS6, NOCAPS, + ":%s WALLOPS :Link %s cancelled, SID %s for server %s already in use by %s", + me.id, client_p->name, parv[3], parv[1], target_p->name); + ilog(L_SERVER, "Link %s cancelled, SID %s for server %s already in use by %s", + client_p->name, parv[3], parv[1], target_p->name); - exit_client(NULL, client_p, &me, "SID Exists"); + snprintf(squitreason, sizeof squitreason, + "SID %s for %s already in use by %s", + parv[3], parv[1], target_p->name); + exit_client(NULL, client_p, &me, squitreason); return 0; } From 7d4287591f9abc80a268f89a0f964e4ea05d959d Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 5 Sep 2008 22:52:39 +0200 Subject: [PATCH 091/113] Improve server notices for servers introducing existing servers. --- modules/core/m_server.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 4429718c1..d2c40a93f 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -268,6 +268,7 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char int hlined = 0; int llined = 0; rb_dlink_node *ptr; + char squitreason[160]; name = parv[1]; hop = atoi(parv[2]); @@ -293,15 +294,13 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * doesnt exist, although ircd can handle it, its not a realistic * solution.. --fl_ */ - sendto_one(client_p, "ERROR :Server %s already exists", name); - - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s cancelled, server %s already exists", - client_p->name, name); ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, name); - exit_client(client_p, client_p, &me, "Server Exists"); + snprintf(squitreason, sizeof squitreason, + "Server %s already exists", + name); + exit_client(client_p, client_p, &me, squitreason); return 0; } @@ -475,14 +474,13 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p /* collision on the name? */ if((target_p = find_server(NULL, parv[1])) != NULL) { - sendto_one(client_p, "ERROR :Server %s already exists", parv[1]); - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s cancelled, server %s already exists", - client_p->name, parv[1]); ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, parv[1]); - exit_client(NULL, client_p, &me, "Server Exists"); + snprintf(squitreason, sizeof squitreason, + "Server %s already exists", + parv[1]); + exit_client(NULL, client_p, &me, squitreason); return 0; } From b1ace057a79ec5a2777a53470b22a5fc519231a0 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 5 Sep 2008 22:56:59 +0200 Subject: [PATCH 092/113] Avoid empty strings in various notices about rejected server connections. These come from the name field which is empty for unknown connections attempting to become a server. Instead, put [@255.255.255.255] just like ratbox3 does. --- modules/core/m_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index d2c40a93f..400950014 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -119,7 +119,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char sendto_realops_snomask(SNO_GENERAL, L_ALL, "Unauthorised server connection attempt from %s: " "No entry for servername %s", - client_p->name, name); + "[@255.255.255.255]", name); ilog(L_SERVER, "Access denied, no connect block for server %s%s", EmptyString(client_p->name) ? name : "", @@ -135,7 +135,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, "Unauthorised server connection attempt from %s: " "Bad password for server %s", - client_p->name, name); + "[@255.255.255.255]", name); ilog(L_SERVER, "Access denied, invalid password for server %s%s", EmptyString(client_p->name) ? name : "", @@ -150,7 +150,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char sendto_realops_snomask(SNO_GENERAL, L_ALL, "Unauthorised server connection attempt from %s: " "Invalid host for server %s", - client_p->name, name); + "[@255.255.255.255]", name); ilog(L_SERVER, "Access denied, invalid host for server %s%s", EmptyString(client_p->name) ? name : "", @@ -165,7 +165,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char case -4: sendto_realops_snomask(SNO_GENERAL, L_ALL, "Invalid servername %s from %s", - name, client_p->name); + name, "[@255.255.255.255]"); ilog(L_SERVER, "Access denied, invalid servername from %s", log_client_name(client_p, SHOW_IP)); @@ -208,7 +208,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char */ sendto_realops_snomask(SNO_GENERAL, L_ALL, "Attempt to re-introduce server %s from %s", - name, client_p->name); + name, "[@255.255.255.255]"); ilog(L_SERVER, "Attempt to re-introduce server %s from %s", name, log_client_name(client_p, SHOW_IP)); From 847ce0e98deb5f3f0e952d454324e0371780ca62 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 00:44:09 +0200 Subject: [PATCH 093/113] Remove comment referencing LazyLeaf. --- modules/core/m_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 400950014..6ab85deab 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -379,7 +379,7 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * .edu's */ - /* Ok, check client_p can hub the new server, and make sure it's not a LL */ + /* Ok, check client_p can hub the new server */ if(!hlined) { /* OOOPs nope can't HUB */ From c2f73e5dbc9a287c6c8fd0a94c86f4e8d9067898 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 01:00:20 +0200 Subject: [PATCH 094/113] Use rb_snprintf() in various places. --- extensions/ip_cloaking.c | 4 ++-- modules/core/m_error.c | 2 +- modules/core/m_server.c | 6 +++--- modules/m_monitor.c | 4 ++-- modules/m_services.c | 2 +- modules/m_signon.c | 2 +- modules/m_svinfo.c | 4 ++-- modules/m_whois.c | 2 +- src/irc_dictionary.c | 6 +++--- src/parse.c | 2 +- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/extensions/ip_cloaking.c b/extensions/ip_cloaking.c index e80a19a45..193939567 100644 --- a/extensions/ip_cloaking.c +++ b/extensions/ip_cloaking.c @@ -121,11 +121,11 @@ do_host_cloak_ip(const char *inbuf, char *outbuf) if(ipv6) { - snprintf(outbuf, HOSTLEN, "%s:%x", buf, accum); + rb_snprintf(outbuf, HOSTLEN, "%s:%x", buf, accum); } else { - snprintf(outbuf, HOSTLEN, "%s.%x", buf, accum); + rb_snprintf(outbuf, HOSTLEN, "%s.%x", buf, accum); } } diff --git a/modules/core/m_error.c b/modules/core/m_error.c index 9659f11b2..5a5bd67a6 100644 --- a/modules/core/m_error.c +++ b/modules/core/m_error.c @@ -58,7 +58,7 @@ is_safe_error(const char *message) if (!strncmp(message, "Closing Link: 127.0.0.1 (", 25)) return 1; - snprintf(prefix2, sizeof prefix2, + rb_snprintf(prefix2, sizeof prefix2, "Closing Link: 127.0.0.1 %s (", me.name); if (!strncmp(message, prefix2, strlen(prefix2))) return 1; diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 6ab85deab..72c9b8497 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -297,7 +297,7 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, name); - snprintf(squitreason, sizeof squitreason, + rb_snprintf(squitreason, sizeof squitreason, "Server %s already exists", name); exit_client(client_p, client_p, &me, squitreason); @@ -477,7 +477,7 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, parv[1]); - snprintf(squitreason, sizeof squitreason, + rb_snprintf(squitreason, sizeof squitreason, "Server %s already exists", parv[1]); exit_client(NULL, client_p, &me, squitreason); @@ -496,7 +496,7 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p ilog(L_SERVER, "Link %s cancelled, SID %s for server %s already in use by %s", client_p->name, parv[3], parv[1], target_p->name); - snprintf(squitreason, sizeof squitreason, + rb_snprintf(squitreason, sizeof squitreason, "SID %s for %s already in use by %s", parv[3], parv[1], target_p->name); exit_client(NULL, client_p, &me, squitreason); diff --git a/modules/m_monitor.c b/modules/m_monitor.c index 1193c69e2..a6ce57551 100644 --- a/modules/m_monitor.c +++ b/modules/m_monitor.c @@ -89,9 +89,9 @@ add_monitor(struct Client *client_p, const char *nicks) sendto_one(client_p, "%s", offbuf); if(p) - snprintf(buf, sizeof(buf), "%s,%s", name, p); + rb_snprintf(buf, sizeof(buf), "%s,%s", name, p); else - snprintf(buf, sizeof(buf), "%s", name); + rb_snprintf(buf, sizeof(buf), "%s", name); sendto_one(client_p, form_str(ERR_MONLISTFULL), me.name, client_p->name, diff --git a/modules/m_services.c b/modules/m_services.c index a78cc7f25..ffc77cd5f 100644 --- a/modules/m_services.c +++ b/modules/m_services.c @@ -195,7 +195,7 @@ me_rsfnc(struct Client *client_p, struct Client *source_p, kill_client_serv_butone(NULL, exist_p, "%s (Nickname regained by services)", me.name); - snprintf(buf, sizeof(buf), "Killed (%s (Nickname regained by services))", + rb_snprintf(buf, sizeof(buf), "Killed (%s (Nickname regained by services))", me.name); exit_client(NULL, exist_p, &me, buf); } diff --git a/modules/m_signon.c b/modules/m_signon.c index d57d953a9..f28021ff0 100644 --- a/modules/m_signon.c +++ b/modules/m_signon.c @@ -214,7 +214,7 @@ me_svslogin(struct Client *client_p, struct Client *source_p, kill_client_serv_butone(NULL, exist_p, "%s (Nickname regained by services)", me.name); - snprintf(buf, sizeof(buf), "Killed (%s (Nickname regained by services))", + rb_snprintf(buf, sizeof(buf), "Killed (%s (Nickname regained by services))", me.name); exit_client(NULL, exist_p, &me, buf); }else if((exist_p = find_client(nick)) && IsUnknown(exist_p) && exist_p != target_p) { diff --git a/modules/m_svinfo.c b/modules/m_svinfo.c index 740f8d7df..27ff52570 100644 --- a/modules/m_svinfo.c +++ b/modules/m_svinfo.c @@ -71,7 +71,7 @@ ms_svinfo(struct Client *client_p, struct Client *source_p, int parc, const char sendto_realops_snomask(SNO_GENERAL, L_ALL, "Link %s dropped, wrong TS protocol version (%s,%s)", source_p->name, parv[1], parv[2]); - snprintf(squitreason, sizeof squitreason, "Incompatible TS version (%s,%s)", + rb_snprintf(squitreason, sizeof squitreason, "Incompatible TS version (%s,%s)", parv[1], parv[2]); exit_client(source_p, source_p, source_p, squitreason); return 0; @@ -95,7 +95,7 @@ ms_svinfo(struct Client *client_p, struct Client *source_p, int parc, const char "Link %s dropped, excessive TS delta" " (my TS=%ld, their TS=%ld, delta=%d)", log_client_name(source_p, SHOW_IP), (long) rb_current_time(), (long) theirtime, deltat); - snprintf(squitreason, sizeof squitreason, "Excessive TS delta (my TS=%ld, their TS=%ld, delta=%d)", + rb_snprintf(squitreason, sizeof squitreason, "Excessive TS delta (my TS=%ld, their TS=%ld, delta=%d)", (long) rb_current_time(), (long) theirtime, deltat); exit_client(source_p, source_p, source_p, squitreason); return 0; diff --git a/modules/m_whois.c b/modules/m_whois.c index 40a8d52e6..085e4d64d 100644 --- a/modules/m_whois.c +++ b/modules/m_whois.c @@ -200,7 +200,7 @@ do_whois(struct Client *client_p, struct Client *source_p, int parc, const char { char buffer[BUFSIZE]; - snprintf(buffer, sizeof(buffer), "%s!%s@%s %s", + rb_snprintf(buffer, sizeof(buffer), "%s!%s@%s %s", target_p->name, target_p->username, target_p->host, target_p->servptr->name); report_operspy(source_p, "WHOIS", buffer); diff --git a/src/irc_dictionary.c b/src/irc_dictionary.c index 0de08b6d8..89a0a7bb7 100644 --- a/src/irc_dictionary.c +++ b/src/irc_dictionary.c @@ -850,15 +850,15 @@ void irc_dictionary_stats(struct Dictionary *dict, void (*cb)(const char *line, s_assert(dict != NULL); if (dict->id != NULL) - snprintf(str, sizeof str, "Dictionary stats for %s (%d)", + rb_snprintf(str, sizeof str, "Dictionary stats for %s (%d)", dict->id, dict->count); else - snprintf(str, sizeof str, "Dictionary stats for <%p> (%d)", + rb_snprintf(str, sizeof str, "Dictionary stats for <%p> (%d)", (void *)dict, dict->count); cb(str, privdata); maxdepth = 0; sum = stats_recurse(dict->root, 0, &maxdepth); - snprintf(str, sizeof str, "Depth sum %d Avg depth %d Max depth %d", sum, sum / dict->count, maxdepth); + rb_snprintf(str, sizeof str, "Depth sum %d Avg depth %d Max depth %d", sum, sum / dict->count, maxdepth); cb(str, privdata); return; } diff --git a/src/parse.c b/src/parse.c index 970ad7f63..5fe0585dc 100644 --- a/src/parse.c +++ b/src/parse.c @@ -364,7 +364,7 @@ handle_command(struct Message *mptr, struct Client *client_p, ilog(L_SERVER, "Insufficient parameters (%d < %d) for command '%s' from %s.", i, ehandler.min_para, mptr->cmd, client_p->name); - snprintf(squitreason, sizeof squitreason, + rb_snprintf(squitreason, sizeof squitreason, "Insufficient parameters (%d < %d) for command '%s'", i, ehandler.min_para, mptr->cmd); exit_client(client_p, client_p, client_p, squitreason); From 8f7ca682ec35dd02e834c27aa06ed671294c041b Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 01:21:16 +0200 Subject: [PATCH 095/113] Improve server notices for hub_mask/leaf_mask. Local-only server notices kept here because hub_mask/leaf_mask tends to be specific to a (hub) server. The same information is now available in Netsplit notices. --- modules/core/m_server.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 72c9b8497..ba3d4467d 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -388,7 +388,10 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char ilog(L_SERVER, "Non-Hub link %s introduced %s.", client_p->name, name); - exit_client(NULL, client_p, &me, "No matching hub_mask."); + rb_snprintf(squitreason, sizeof squitreason, + "No matching hub_mask for %s", + name); + exit_client(NULL, client_p, &me, squitreason); return 0; } @@ -402,7 +405,10 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char ilog(L_SERVER, "Link %s introduced leafed server %s.", client_p->name, name); - exit_client(NULL, client_p, &me, "Leafed Server."); + rb_snprintf(squitreason, sizeof squitreason, + "Matching leaf_mask for %s", + name); + exit_client(NULL, client_p, &me, squitreason); return 0; } @@ -550,26 +556,32 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p /* no matching hub_mask */ if(!hlined) { - sendto_one(client_p, "ERROR :No matching hub_mask"); sendto_realops_snomask(SNO_GENERAL, L_ALL, "Non-Hub link %s introduced %s.", client_p->name, parv[1]); ilog(L_SERVER, "Non-Hub link %s introduced %s.", client_p->name, parv[1]); - exit_client(NULL, client_p, &me, "No matching hub_mask."); + + rb_snprintf(squitreason, sizeof squitreason, + "No matching hub_mask for %s", + parv[1]); + exit_client(NULL, client_p, &me, squitreason); return 0; } /* matching leaf_mask */ if(llined) { - sendto_one(client_p, "ERROR :Matching leaf_mask"); sendto_realops_snomask(SNO_GENERAL, L_ALL, "Link %s introduced leafed server %s.", client_p->name, parv[1]); ilog(L_SERVER, "Link %s introduced leafed server %s.", client_p->name, parv[1]); - exit_client(NULL, client_p, &me, "Leafed Server."); + + rb_snprintf(squitreason, sizeof squitreason, + "Matching leaf_mask for %s", + parv[1]); + exit_client(NULL, client_p, &me, squitreason); return 0; } From 8c29ec4eeba32195e03d807d4d3c216aa70bf7d3 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 01:33:18 +0200 Subject: [PATCH 096/113] Remove check that cannot happen due to minparc in Message struct. --- modules/core/m_server.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index ba3d4467d..dc05c005b 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -332,11 +332,6 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * add it to list and propagate word to my other * server links... */ - if(parc == 1 || EmptyString(info)) - { - sendto_one(client_p, "ERROR :No server info specified for %s", name); - return 0; - } /* * See if the newly found server is behind a guaranteed From 4a5655b20da68d4b4de7d7dae432ba6f50f02cc7 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 15:13:28 +0200 Subject: [PATCH 097/113] Close the link that sends an invalid UID. It does not make sense to send a kill using an invlid identifier to an obviously broken server, as was previously done. --- modules/core/m_nick.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/modules/core/m_nick.c b/modules/core/m_nick.c index 7d0996c65..292d5ca5d 100644 --- a/modules/core/m_nick.c +++ b/modules/core/m_nick.c @@ -404,6 +404,7 @@ ms_uid(struct Client *client_p, struct Client *source_p, int parc, const char *p { struct Client *target_p; time_t newts = 0; + char squitreason[120]; newts = atol(parv[3]); @@ -425,6 +426,15 @@ ms_uid(struct Client *client_p, struct Client *source_p, int parc, const char *p return 0; } + if(!clean_uid(parv[8])) + { + rb_snprintf(squitreason, sizeof squitreason, + "Invalid UID %s for nick %s on %s", + parv[8], parv[1], source_p->name); + exit_client(client_p, client_p, client_p, squitreason); + return 0; + } + if(!clean_username(parv[5]) || !clean_host(parv[6])) { ServerStats.is_kill++; @@ -435,16 +445,6 @@ ms_uid(struct Client *client_p, struct Client *source_p, int parc, const char *p return 0; } - if(!clean_uid(parv[8])) - { - ServerStats.is_kill++; - sendto_realops_snomask(SNO_DEBUG, L_ALL, - "Bad UID: %s From: %s(via %s)", - parv[8], source_p->name, client_p->name); - sendto_one(client_p, ":%s KILL %s :%s (Bad UID)", me.id, parv[8], me.name); - return 0; - } - /* check length of clients gecos */ if(strlen(parv[9]) > REALLEN) { @@ -492,6 +492,7 @@ ms_euid(struct Client *client_p, struct Client *source_p, int parc, const char * { struct Client *target_p; time_t newts = 0; + char squitreason[120]; newts = atol(parv[3]); @@ -513,6 +514,15 @@ ms_euid(struct Client *client_p, struct Client *source_p, int parc, const char * return 0; } + if(!clean_uid(parv[8])) + { + rb_snprintf(squitreason, sizeof squitreason, + "Invalid UID %s for nick %s on %s", + parv[8], parv[1], source_p->name); + exit_client(client_p, client_p, client_p, squitreason); + return 0; + } + if(!clean_username(parv[5]) || !clean_host(parv[6])) { ServerStats.is_kill++; @@ -523,16 +533,6 @@ ms_euid(struct Client *client_p, struct Client *source_p, int parc, const char * return 0; } - if(!clean_uid(parv[8])) - { - ServerStats.is_kill++; - sendto_realops_snomask(SNO_DEBUG, L_ALL, - "Bad UID: %s From: %s(via %s)", - parv[8], source_p->name, client_p->name); - sendto_one(client_p, ":%s KILL %s :%s (Bad UID)", me.id, parv[8], me.name); - return 0; - } - if(strcmp(parv[9], "*") && !clean_host(parv[9])) { ServerStats.is_kill++; From 17b97f302459c170570c830c6acc19b5297ff830 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 21:49:45 +0200 Subject: [PATCH 098/113] Fix possible crash with m_mkpasswd extension. --- extensions/m_mkpasswd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/m_mkpasswd.c b/extensions/m_mkpasswd.c index b59997b09..16b76f1c2 100644 --- a/extensions/m_mkpasswd.c +++ b/extensions/m_mkpasswd.c @@ -56,7 +56,7 @@ m_mkpasswd(struct Client *client_p, struct Client *source_p, int parc, const cha if((last_used + ConfigFileEntry.pace_wait) > rb_current_time()) { /* safe enough to give this on a local connect only */ - sendto_one(source_p, form_str(RPL_LOAD2HI), me.name, parv[0]); + sendto_one(source_p, form_str(RPL_LOAD2HI), me.name, parv[0], "MKPASSWD"); return 0; } else From b159441429117d7dee27e1fc73763369a1bfd747 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sun, 7 Sep 2008 01:18:58 +0200 Subject: [PATCH 099/113] Add need_ssl to auth{} and operator{}. Specifying need_ssl on auth{} denies the connection if it is not SSL/TLS, much like need_ident or need_sasl. Specifying need_ssl on operator{} refuses opering with ERR_NOOPERHOST if the connection is not SSL/TLS. from ircd-ratbox --- doc/reference.conf | 2 ++ include/s_conf.h | 2 ++ include/s_newconf.h | 2 ++ modules/m_challenge.c | 16 ++++++++++++++++ modules/m_oper.c | 16 ++++++++++++++++ src/newconf.c | 2 ++ src/s_user.c | 8 ++++++++ 7 files changed, 48 insertions(+) diff --git a/doc/reference.conf b/doc/reference.conf index 02a9ef07e..eae53c114 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -332,6 +332,7 @@ auth { * USE WITH CAUTION. * no_tilde (old - flag) | don't prefix ~ to username if no ident * need_ident (old + flag) | require ident for user in this class + * need_ssl | require SSL/TLS for user in this class * need_sasl | require SASL id for user in this class */ flags = kline_exempt, exceed_limit; @@ -407,6 +408,7 @@ operator "god" { * Available options: * * encrypted: the password above is encrypted [DEFAULT] + * need_ssl: must be using SSL/TLS to oper up * local_kill: allows local users to be /KILL'd * global_kill: allows local and remote users to be * /KILL'd (OLD 'O' flag) diff --git a/include/s_conf.h b/include/s_conf.h index b556ff087..bb2e162d7 100644 --- a/include/s_conf.h +++ b/include/s_conf.h @@ -89,6 +89,7 @@ struct ConfItem /* Generic flags... */ #define CONF_FLAGS_TEMPORARY 0x00800000 +#define CONF_FLAGS_NEED_SSL 0x00000002 /* auth{} flags... */ #define CONF_FLAGS_NO_TILDE 0x00000004 #define CONF_FLAGS_NEED_IDENTD 0x00000008 @@ -122,6 +123,7 @@ struct ConfItem #define IsConfEncrypted(x) ((x)->flags & CONF_FLAGS_ENCRYPTED) #define IsNeedSasl(x) ((x)->flags & CONF_FLAGS_NEED_SASL) #define IsConfExemptDNSBL(x) ((x)->flags & CONF_FLAGS_EXEMPTDNSBL) +#define IsConfSSLNeeded(x) ((x)->flags & CONF_FLAGS_NEED_SSL) /* flag definitions for opers now in client.h */ diff --git a/include/s_newconf.h b/include/s_newconf.h index d3f9b1f51..059834366 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -157,6 +157,7 @@ extern void cluster_generic(struct Client *, const char *, int cltype, #define OPER_SPY 0x10000 #define OPER_REMOTEBAN 0x20000 #define OPER_MASSNOTICE 0x40000 +#define OPER_NEEDSSL 0x80000 /* 0x400000 and above are in client.h */ #define OPER_FLAGS (OPER_KLINE|OPER_UNKLINE|OPER_LOCKILL|OPER_GLOBKILL|\ @@ -166,6 +167,7 @@ extern void cluster_generic(struct Client *, const char *, int cltype, OPER_REMOTEBAN|OPER_MASSNOTICE) #define IsOperConfEncrypted(x) ((x)->flags & OPER_ENCRYPTED) +#define IsOperConfNeedSSL(x) ((x)->flags & OPER_NEEDSSL) #define HasPrivilege(x, y) ((x)->localClient != NULL && (x)->localClient->privset != NULL && privilegeset_in_set((x)->localClient->privset, (y))) diff --git a/modules/m_challenge.c b/modules/m_challenge.c index ea7c1280e..e0b9dbe05 100644 --- a/modules/m_challenge.c +++ b/modules/m_challenge.c @@ -223,6 +223,22 @@ m_challenge(struct Client *client_p, struct Client *source_p, int parc, const ch return 0; } + if(IsOperConfNeedSSL(oper_p) && !IsSSLClient(source_p)) + { + sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); + ilog(L_FOPER, "FAILED CHALLENGE (%s) by (%s!%s@%s) (%s) -- requires SSL/TLS", + parv[1], source_p->name, source_p->username, source_p->host, + source_p->sockhost); + + if(ConfigFileEntry.failed_oper_notice) + { + sendto_realops_snomask(SNO_GENERAL, L_ALL, + "Failed CHALLENGE attempt - missing SSL/TLS by %s (%s@%s)", + source_p->name, source_p->username, source_p->host); + } + return 0; + } + if(!generate_challenge(&challenge, &(source_p->localClient->challenge), oper_p->rsa_pubkey)) { char *chal = challenge; diff --git a/modules/m_oper.c b/modules/m_oper.c index 2a8a2f0e7..1b0b7c928 100644 --- a/modules/m_oper.c +++ b/modules/m_oper.c @@ -100,6 +100,22 @@ m_oper(struct Client *client_p, struct Client *source_p, int parc, const char *p return 0; } + if(IsOperConfNeedSSL(oper_p) && !IsSSLClient(source_p)) + { + sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); + ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s) -- requires SSL/TLS", + name, source_p->name, + source_p->username, source_p->host, source_p->sockhost); + + if(ConfigFileEntry.failed_oper_notice) + { + sendto_realops_snomask(SNO_GENERAL, L_ALL, + "Failed OPER attempt - missing SSL/TLS by %s (%s@%s)", + source_p->name, source_p->username, source_p->host); + } + return 0; + } + if(match_oper_password(password, oper_p)) { oper_up(source_p, oper_p); diff --git a/src/newconf.c b/src/newconf.c index 33bd7e023..2cde3ad2c 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -325,6 +325,7 @@ static struct mode_table oper_table[] = { {"hidden_oper", OPER_INVIS }, {"remoteban", OPER_REMOTEBAN }, {"mass_notice", OPER_MASSNOTICE }, + {"need_ssl", OPER_NEEDSSL }, {NULL, 0} }; @@ -342,6 +343,7 @@ static struct mode_table auth_table[] = { {"no_tilde", CONF_FLAGS_NO_TILDE }, {"need_ident", CONF_FLAGS_NEED_IDENTD }, {"have_ident", CONF_FLAGS_NEED_IDENTD }, + {"need_ssl", CONF_FLAGS_NEED_SSL }, {"need_sasl", CONF_FLAGS_NEED_SASL }, {NULL, 0} }; diff --git a/src/s_user.c b/src/s_user.c index 6c81df8ea..740525605 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -314,6 +314,14 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char return (CLIENT_EXITED); } + if(IsConfSSLNeeded(aconf) && !IsSSL(source_p)) + { + ServerStats.is_ref++; + sendto_one_notice(source_p, ":*** Notice -- You need to use SSL/TLS to use this server"); + exit_client(client_p, source_p, &me, "Use SSL/TLS"); + return (CLIENT_EXITED); + } + if(!IsGotId(source_p)) { const char *p; From 7d91f0da0009947387d18245bff1818ac3bd9c90 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 18:40:57 +0200 Subject: [PATCH 100/113] Fix indentation. --- modules/m_stats.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/m_stats.c b/modules/m_stats.c index 653a0e1c5..8a8ba4706 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -949,9 +949,9 @@ static struct shared_flags shared_flagtable[] = { SHARED_UNRESV, 'R' }, { SHARED_LOCOPS, 'L' }, { SHARED_REHASH, 'H' }, - { SHARED_TDLINE, 'd' }, - { SHARED_PDLINE, 'D' }, - { SHARED_UNDLINE, 'E' }, + { SHARED_TDLINE, 'd' }, + { SHARED_PDLINE, 'D' }, + { SHARED_UNDLINE, 'E' }, { 0, '\0'} }; From 591342826a8566c3a5426e16d63afb96f0d6e097 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 18:42:59 +0200 Subject: [PATCH 101/113] Avoid hardcoding the number of shared{} flags another time. --- modules/m_stats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/m_stats.c b/modules/m_stats.c index 8a8ba4706..b1c68ec0a 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -961,7 +961,7 @@ stats_shared (struct Client *source_p) { struct remote_conf *shared_p; rb_dlink_node *ptr; - char buf[15]; + char buf[sizeof(shared_flagtable)/sizeof(shared_flagtable[0])]; char *p; int i; From 3e664be37514398b517d6899ab04bcf122d82c98 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 21:46:12 +0200 Subject: [PATCH 102/113] Document need_ssl flags in example.conf. --- doc/example.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/example.conf b/doc/example.conf index 09a518965..57354ac60 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -172,6 +172,7 @@ auth { * USE WITH CAUTION. * no_tilde (old - flag) | don't prefix ~ to username if no ident * need_ident (old + flag) | require ident for user in this class + * need_ssl | require SSL/TLS for user in this class * need_sasl | require SASL id for user in this class */ flags = kline_exempt, exceed_limit; @@ -247,6 +248,7 @@ operator "god" { * Available options: * * encrypted: the password above is encrypted [DEFAULT] + * need_ssl: must be using SSL/TLS to oper up * local_kill: allows local users to be /KILL'd * global_kill: allows local and remote users to be * /KILL'd (OLD 'O' flag) From 10847f65d321282aa84bcf057774e920f073df84 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 21:51:26 +0200 Subject: [PATCH 103/113] Remove old oper privilege flags. --- doc/example.conf | 28 ++-------------------------- doc/reference.conf | 24 ------------------------ include/s_newconf.h | 23 +---------------------- src/newconf.c | 19 +------------------ 4 files changed, 4 insertions(+), 90 deletions(-) diff --git a/doc/example.conf b/doc/example.conf index 57354ac60..6b11a5671 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -241,38 +241,14 @@ operator "god" { /* privileges: controls the activities and commands an oper is * allowed to do on the server. You may prefix an option with ~ to - * disable it, ie ~operwall + * disable it, ie ~encrypted. * - * Default flags are operwall, remoteban and encrypted. + * Default flags are encrypted. * * Available options: * * encrypted: the password above is encrypted [DEFAULT] * need_ssl: must be using SSL/TLS to oper up - * local_kill: allows local users to be /KILL'd - * global_kill: allows local and remote users to be - * /KILL'd (OLD 'O' flag) - * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) - * kline: allows KLINE and DLINE (OLD 'K' flag) - * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) - * nick_changes: allows oper to see nickchanges (OLD 'N' flag) - * via snomask +n - * rehash: allows oper to REHASH config (OLD 'H' flag) - * die: allows DIE and RESTART (OLD 'D' flag) - * admin: gives admin privileges. admins - * may (un)load modules and see the - * real IPs of servers. - * hidden_admin: gives admin privileges except - * will not have the admin lines in - * stats p and whois. - * xline: allows use of /quote xline/unxline - * resv: allows /quote resv/unresv and cmode +LP [DEFAULT] - * operwall: allows the oper to send/receive operwalls [DEFAULT] - * oper_spy: allows 'operspy' features to see through +s - * channels etc. see /quote help operspy - * hidden_oper: hides the oper from /stats p (OLD UMODE +p) - * remoteban: allows remote kline etc [DEFAULT] - * mass_notice: allows sending wallops and mass notices [DEFAULT] */ flags = global_kill, remote, kline, unkline, die, rehash, admin, xline, operwall; diff --git a/doc/reference.conf b/doc/reference.conf index eae53c114..0ddf1c7ba 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -409,30 +409,6 @@ operator "god" { * * encrypted: the password above is encrypted [DEFAULT] * need_ssl: must be using SSL/TLS to oper up - * local_kill: allows local users to be /KILL'd - * global_kill: allows local and remote users to be - * /KILL'd (OLD 'O' flag) - * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) - * kline: allows KLINE and DLINE (OLD 'K' flag) - * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) - * nick_changes: allows oper to see nickchanges (OLD 'N' flag) - * via snomask +n - * rehash: allows oper to REHASH config (OLD 'H' flag) - * die: allows DIE and RESTART (OLD 'D' flag) - * admin: gives admin privileges. admins - * may (un)load modules and see the - * real IPs of servers. - * hidden_admin: gives admin privileges except - * will not have the admin lines in - * stats p and whois. - * xline: allows use of /quote xline/unxline - * resv: allows /quote resv/unresv and cmode +LP [DEFAULT] - * operwall: allows the oper to send/receive operwalls [DEFAULT] - * oper_spy: allows 'operspy' features to see through +s - * channels etc. see /quote help operspy - * hidden_oper: hides the oper from /stats p (OLD UMODE +p) - * remoteban: allows remote kline etc [DEFAULT] - * mass_notice: allows sending wallops and mass notices [DEFAULT] */ flags = global_kill, remote, kline, unkline, die, rehash, admin, xline, operwall; diff --git a/include/s_newconf.h b/include/s_newconf.h index 059834366..916cf77e3 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -140,31 +140,10 @@ extern void cluster_generic(struct Client *, const char *, int cltype, int cap, const char *format, ...); #define OPER_ENCRYPTED 0x00001 -#define OPER_KLINE 0x00002 -#define OPER_UNKLINE 0x00004 -#define OPER_LOCKILL 0x00008 -#define OPER_GLOBKILL 0x00010 -#define OPER_REMOTE 0x00020 -#define OPER_XLINE 0x00080 -#define OPER_RESV 0x00100 -#define OPER_NICKS 0x00200 -#define OPER_REHASH 0x00400 -#define OPER_DIE 0x00800 -#define OPER_ADMIN 0x01000 -#define OPER_HADMIN 0x02000 -#define OPER_OPERWALL 0x04000 -#define OPER_INVIS 0x08000 -#define OPER_SPY 0x10000 -#define OPER_REMOTEBAN 0x20000 -#define OPER_MASSNOTICE 0x40000 #define OPER_NEEDSSL 0x80000 /* 0x400000 and above are in client.h */ -#define OPER_FLAGS (OPER_KLINE|OPER_UNKLINE|OPER_LOCKILL|OPER_GLOBKILL|\ - OPER_REMOTE|OPER_XLINE|OPER_RESV|\ - OPER_NICKS|OPER_REHASH|OPER_DIE|OPER_ADMIN|\ - OPER_HADMIN|OPER_OPERWALL|OPER_INVIS|OPER_SPY|\ - OPER_REMOTEBAN|OPER_MASSNOTICE) +#define OPER_FLAGS 0 /* no oper privs in Client.flags2/oper_conf.flags currently */ #define IsOperConfEncrypted(x) ((x)->flags & OPER_ENCRYPTED) #define IsOperConfNeedSSL(x) ((x)->flags & OPER_NEEDSSL) diff --git a/src/newconf.c b/src/newconf.c index 2cde3ad2c..6fe62dddd 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -308,23 +308,6 @@ static struct mode_table umode_table[] = { static struct mode_table oper_table[] = { {"encrypted", OPER_ENCRYPTED }, - {"local_kill", OPER_LOCKILL }, - {"global_kill", OPER_GLOBKILL|OPER_LOCKILL }, - {"remote", OPER_REMOTE }, - {"kline", OPER_KLINE }, - {"unkline", OPER_UNKLINE }, - {"nick_changes", OPER_NICKS }, - {"rehash", OPER_REHASH }, - {"die", OPER_DIE }, - {"admin", OPER_ADMIN }, - {"hidden_admin", OPER_HADMIN }, - {"xline", OPER_XLINE }, - {"resv", OPER_RESV }, - {"operwall", OPER_OPERWALL }, - {"oper_spy", OPER_SPY }, - {"hidden_oper", OPER_INVIS }, - {"remoteban", OPER_REMOTEBAN }, - {"mass_notice", OPER_MASSNOTICE }, {"need_ssl", OPER_NEEDSSL }, {NULL, 0} }; @@ -525,7 +508,7 @@ conf_begin_oper(struct TopConf *tc) } yy_oper = make_oper_conf(); - yy_oper->flags |= OPER_ENCRYPTED|OPER_RESV|OPER_OPERWALL|OPER_REMOTEBAN|OPER_MASSNOTICE; + yy_oper->flags |= OPER_ENCRYPTED; return 0; } From 5b5e9c89eae3cee4c0747e93737ee4a82c1b4975 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 23:32:19 +0200 Subject: [PATCH 104/113] Update SGML docs for need_ssl and new oper priv system. --- doc/sgml/oper-guide/config.sgml | 65 +++++++++++++++++++++++++++++---- doc/sgml/oper-guide/oprivs.sgml | 45 ++++++++++------------- 2 files changed, 77 insertions(+), 33 deletions(-) diff --git a/doc/sgml/oper-guide/config.sgml b/doc/sgml/oper-guide/config.sgml index fc44fb73e..4c6207ffc 100644 --- a/doc/sgml/oper-guide/config.sgml +++ b/doc/sgml/oper-guide/config.sgml @@ -410,6 +410,12 @@ auth { Users in this auth{} block must have identd, otherwise they will be rejected. + + need_ssl + + Users in this auth{} block must be connected via SSL/TLS, otherwise they will be rejected. + + need_sasl @@ -442,6 +448,33 @@ exempt { + + privset {} block + +privset { + extends = "name"; + privs = list; +}; + + A privset (privilege set) block specifies a set of + operator privileges. + + + privset {} variables + + extends + + An optional privset to inherit. The new privset will have all privileges that the given privset has. + + + + privs + + Privileges to grant to this privset. These are described in the operator privileges section. + + + + operator {} block @@ -510,19 +543,35 @@ operator "name" { - flags + privset - A listing of privileges granted to operators using this block. - By default, the mass_notice, operwall, remoteban and resv privileges are granted; - use ~mass_notice, ~operwall, ~remoteban and ~resv to disable them if necessary. - - - In addition, a flag designating if the password is encrypted is here. - Privileges are documented elsewhere in this guide. + The privilege set granted to successfully opered clients. + This must be defined before this operator{} block. + + flags + + A list of flags to apply to this operator{} block. They are listed below. + + + + + operator {} flags + + encrypted + + The password used has been encrypted. This is enabled by default, use ~encrypted to disable it. + + + + need_ssl + + Restricts use of this operator{} block to SSL/TLS connections only. + + diff --git a/doc/sgml/oper-guide/oprivs.sgml b/doc/sgml/oper-guide/oprivs.sgml index fb5213e41..1e776b1bb 100644 --- a/doc/sgml/oper-guide/oprivs.sgml +++ b/doc/sgml/oper-guide/oprivs.sgml @@ -3,12 +3,10 @@ Meanings of oper privileges - These are flags in operator{}. - The letter appears after opering up and in /stats o; an uppercase - letter means the privilege is possessed, lowercase means it is not. + These are specified in privset{}. - admin (A), server administrator + oper:admin, server administrator Various privileges intended for server administrators. Among other things, this automatically sets umode +a and allows @@ -16,7 +14,7 @@ - remoteban (B), set remote bans + oper:remoteban, set remote bans This grants the ability to use the ON argument on DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set @@ -26,46 +24,46 @@ If a cluster{} block is present, bans are sent remotely even - if the oper does not have remoteban privilege. + if the oper does not have oper:remoteban privilege. - local_kill (C), kill local users + oper:local_kill, kill local users This grants permission to use KILL on users on the same server, disconnecting them from the network. - die (D), die and restart + oper:die, die and restart This grants permission to use DIE and RESTART, shutting down or restarting the server. - rehash (H), rehash + oper:rehash, rehash Allows using the REHASH command, to rehash various configuration files or clear certain lists. - kline (K), kline and dline + oper:kline, kline and dline Allows using KLINE and DLINE, to ban users by user@host mask or IP address. - operwall (L), send/receive operwall + oper:operwall, send/receive operwall Allows using the OPERWALL command and umode +z to send and receive operwalls. - mass_notice (M), global notices and wallops + oper:mass_notice, global notices and wallops Allows using server name ($$mask) and hostname ($#mask) masks in NOTICE and PRIVMSG to send a message to all matching users, and @@ -74,20 +72,20 @@ - nick_changes (N), see nick changes + snomask:nick_changes, see nick changes Allows using snomask +n to see local client nick changes. This is designed for monitor bots. - global_kill (O), global kill + oper:global_kill, global kill Allows using KILL on users on any server. - hidden_oper (P), hide from /stats p + oper:hidden, hide from /stats p This privilege currently does nothing, but was designed to hide bots from /stats p so users will not message them @@ -95,14 +93,14 @@ - resv (Q), channel control + oper:resv, channel control This allows using /resv, /unresv and changing the channel modes +L and +P. - remote (R), remote routing + oper:remote, remote routing This allows using the third argument of the CONNECT command, to instruct another server to connect somewhere, and using SQUIT @@ -111,7 +109,7 @@ - oper_spy (S), use operspy + oper:spy, use operspy This allows using /mode !#channel, /whois !nick, /who !#channel, /chantrace !#channel, /who !mask, /masktrace !user@host :gecos @@ -133,27 +131,24 @@ - unkline (U), unkline and undline + oper:unkline, unkline and undline Allows using UNKLINE and UNDLINE. - xline (X), xline and unxline + oper:xline, xline and unxline Allows using XLINE and UNXLINE, to ban/unban users by realname. - hidden_admin, hidden administrator + oper:hidden_admin, hidden administrator This grants everything granted to the admin privilege, - except the ability to set umode +a. If both admin and hidden_admin + except the ability to set umode +a. If both oper:admin and oper:hidden_admin are possessed, umode +a can still not be used. - - This privilege does not appear in /stats o or oper up notices. - From d7703c583eaa9ee9d760f2c8f37a186eb9ef382b Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 00:29:15 +0200 Subject: [PATCH 105/113] Pick up remote to oper:routing change. --- doc/sgml/oper-guide/oprivs.sgml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/sgml/oper-guide/oprivs.sgml b/doc/sgml/oper-guide/oprivs.sgml index 1e776b1bb..de3a1cfe4 100644 --- a/doc/sgml/oper-guide/oprivs.sgml +++ b/doc/sgml/oper-guide/oprivs.sgml @@ -100,7 +100,7 @@ - oper:remote, remote routing + oper:routing, remote routing This allows using the third argument of the CONNECT command, to instruct another server to connect somewhere, and using SQUIT From da77b103ef02829944bdc1b425ea2742bb5dbbd7 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 00:32:22 +0200 Subject: [PATCH 106/113] Document privsets in the example confs. --- doc/example.conf | 14 ++++----- doc/reference.conf | 71 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 68 insertions(+), 17 deletions(-) diff --git a/doc/example.conf b/doc/example.conf index 6b11a5671..688c2de49 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -186,7 +186,9 @@ auth { class = "users"; }; -/* privsets... XXX document me later */ +/* privset {} blocks MUST be specified before anything that uses them. That + * means they must be defined before operator {}. + */ privset "local_op" { privs = oper:local_kill, oper:operwall; }; @@ -239,9 +241,8 @@ operator "god" { */ snomask = "+Zbfkrsuy"; - /* privileges: controls the activities and commands an oper is - * allowed to do on the server. You may prefix an option with ~ to - * disable it, ie ~encrypted. + /* flags: misc options for the operator. You may prefix an option + * with ~ to disable it, e.g. ~encrypted. * * Default flags are encrypted. * @@ -250,10 +251,9 @@ operator "god" { * encrypted: the password above is encrypted [DEFAULT] * need_ssl: must be using SSL/TLS to oper up */ - flags = global_kill, remote, kline, unkline, - die, rehash, admin, xline, operwall; + flags = encrypted; - /* privset: replaces flags */ + /* privset: privileges set to grant */ privset = "admin"; }; diff --git a/doc/reference.conf b/doc/reference.conf index 0ddf1c7ba..5ff7fdc39 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -18,6 +18,9 @@ * that matches a user will be used. So place spoofs first, then specials, * then general access, then restricted. * + * privset {} blocks MUST be specified before anything that uses them. That + * means they must be defined before operator {}. + * * Both shell style (#) and C style comments are supported. * * Files may be included by either: @@ -362,10 +365,57 @@ auth { flags = need_ident; }; -/* operator {}: defines ircd operators. (OLD O:) - * charybdis no longer supports local operators, privileges are - * controlled via flags. - */ +/* privset{}: defines operator privilege sets. */ +privset "local_op" { + /* privs: controls the activities and commands an oper is + * allowed to do on the server + * + * Available options: + * + * oper:local_kill: allows local users to be /KILL'd + * oper:global_kill: allows local and remote users to be /KILL'd + * oper:remote: allows remote SQUIT and CONNECT + * oper:kline: allows KLINE and DLINE + * oper:unkline: allows UNKLINE and UNDLINE + * snomask:nick_changes: allows oper to see nickchanges via snomask +n + * oper:rehash: allows oper to REHASH config + * oper:die: allows DIE and RESTART + * oper:admin: gives admin privileges. admins + * may (un)load modules and see various + * additional information. + * oper:hidden_admin: gives admin privileges except + * will not have the admin lines in + * whois. + * oper:xline: allows use of /quote xline/unxline + * oper:resv: allows /quote resv/unresv and cmode +LP + * oper:operwall: allows the oper to send/receive operwalls + * oper:spy: allows 'operspy' features to see through +s + * channels etc. see /quote help operspy + * oper:hidden: hides the oper from /stats p + * oper:remoteban: allows remote kline etc + * oper:mass_notice: allows sending wallops and mass notices + */ + privs = oper:local_kill, oper:operwall; +}; + +privset "server_bot" { + /* extends: a privset to inherit in this privset */ + extends = "local_op"; + privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes; +}; + +privset "global_op" { + extends = "local_op"; + privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, + oper:resv, oper:mass_notice, oper:remoteban; +}; + +privset "admin" { + extends = "global_op"; + privs = oper:admin, oper:die, oper:rehash, oper:spy; +}; + +/* operator {}: defines ircd operators. (OLD O:) */ operator "god" { /* name: the name of the oper must go above */ @@ -399,19 +449,20 @@ operator "god" { */ snomask = "+Zbfkrsuy"; - /* privileges: controls the activities and commands an oper is - * allowed to do on the server. You may prefix an option with ~ to - * disable it, ie ~operwall + /* flags: misc options for the operator. You may prefix an option + * with ~ to disable it, e.g. ~encrypted. * - * Default flags are operwall, remoteban and encrypted. + * Default flags are encrypted. * * Available options: * * encrypted: the password above is encrypted [DEFAULT] * need_ssl: must be using SSL/TLS to oper up */ - flags = global_kill, remote, kline, unkline, - die, rehash, admin, xline, operwall; + flags = encrypted; + + /* privset: privileges set to grant */ + privset = "admin"; }; /* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */ From 3eae266ca388698754713ee01dcf7904285d257d Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 00:34:52 +0200 Subject: [PATCH 107/113] Fix oper:remote in reference.conf. --- doc/reference.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/reference.conf b/doc/reference.conf index 5ff7fdc39..08d95088e 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -374,7 +374,7 @@ privset "local_op" { * * oper:local_kill: allows local users to be /KILL'd * oper:global_kill: allows local and remote users to be /KILL'd - * oper:remote: allows remote SQUIT and CONNECT + * oper:routing: allows remote SQUIT and CONNECT * oper:kline: allows KLINE and DLINE * oper:unkline: allows UNKLINE and UNDLINE * snomask:nick_changes: allows oper to see nickchanges via snomask +n From 17f9c74a0a6bb6dd14e9983d2d88b51e6f75731b Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 00:46:20 +0200 Subject: [PATCH 108/113] Put oper privileges in alphabetical order in the sgml docs. --- doc/sgml/oper-guide/oprivs.sgml | 124 ++++++++++++++++---------------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/doc/sgml/oper-guide/oprivs.sgml b/doc/sgml/oper-guide/oprivs.sgml index de3a1cfe4..a35824008 100644 --- a/doc/sgml/oper-guide/oprivs.sgml +++ b/doc/sgml/oper-guide/oprivs.sgml @@ -13,27 +13,6 @@ loading modules. - - oper:remoteban, set remote bans - - This grants the ability to use the ON argument on - DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set - and unset bans on other servers, and the server argument on REHASH. - This is only allowed if the oper may perform the action locally, - and if the remote server has a shared{} block. - - - If a cluster{} block is present, bans are sent remotely even - if the oper does not have oper:remoteban privilege. - - - - oper:local_kill, kill local users - - This grants permission to use KILL on users on the same server, - disconnecting them from the network. - - oper:die, die and restart @@ -41,43 +20,6 @@ or restarting the server. - - oper:rehash, rehash - - Allows using the REHASH command, to rehash various configuration - files or clear certain lists. - - - - oper:kline, kline and dline - - Allows using KLINE and DLINE, to ban users by user@host mask - or IP address. - - - - oper:operwall, send/receive operwall - - Allows using the OPERWALL command and umode +z to send and - receive operwalls. - - - - oper:mass_notice, global notices and wallops - - Allows using server name ($$mask) and hostname ($#mask) masks in - NOTICE and PRIVMSG to send a message to all matching users, and - allows using the WALLOPS command to send a message to all users - with umode +w set. - - - - snomask:nick_changes, see nick changes - - Allows using snomask +n to see local client nick changes. - This is designed for monitor bots. - - oper:global_kill, global kill @@ -92,6 +34,65 @@ for help. + + oper:hidden_admin, hidden administrator + + This grants everything granted to the oper:admin privilege, + except the ability to set umode +a. If both oper:admin and oper:hidden_admin + are possessed, umode +a can still not be used. + + + + oper:kline, kline and dline + + Allows using KLINE and DLINE, to ban users by user@host mask + or IP address. + + + + oper:local_kill, kill local users + + This grants permission to use KILL on users on the same server, + disconnecting them from the network. + + + + oper:mass_notice, global notices and wallops + + Allows using server name ($$mask) and hostname ($#mask) masks in + NOTICE and PRIVMSG to send a message to all matching users, and + allows using the WALLOPS command to send a message to all users + with umode +w set. + + + + oper:operwall, send/receive operwall + + Allows using the OPERWALL command and umode +z to send and + receive operwalls. + + + + oper:rehash, rehash + + Allows using the REHASH command, to rehash various configuration + files or clear certain lists. + + + + oper:remoteban, set remote bans + + This grants the ability to use the ON argument on + DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set + and unset bans on other servers, and the server argument on REHASH. + This is only allowed if the oper may perform the action locally, + and if the remote server has a shared{} block. + + + If a cluster{} block is present, bans are sent remotely even + if the oper does not have oper:remoteban privilege. + + oper:resv, channel control @@ -143,11 +144,10 @@ - oper:hidden_admin, hidden administrator + snomask:nick_changes, see nick changes - This grants everything granted to the admin privilege, - except the ability to set umode +a. If both oper:admin and oper:hidden_admin - are possessed, umode +a can still not be used. + Allows using snomask +n to see local client nick changes. + This is designed for monitor bots. From 842fdfb1c331832aa6a2fbc08d418936d45ef1d5 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 18:46:03 +0200 Subject: [PATCH 109/113] Note extra server wallops in recent versions. --- doc/sgml/oper-guide/umodes.sgml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/sgml/oper-guide/umodes.sgml b/doc/sgml/oper-guide/umodes.sgml index 6d64c546e..5cbfae740 100644 --- a/doc/sgml/oper-guide/umodes.sgml +++ b/doc/sgml/oper-guide/umodes.sgml @@ -165,7 +165,8 @@ Users with the +w umode set will receive WALLOPS messages sent by opers. Opers with +w additionally receive WALLOPS sent by servers (e.g. - remote CONNECT, remote SQUIT, many services packages). + remote CONNECT, remote SQUIT, various severe misconfigurations, + many services packages). From 65662fdff8e6c83c5655d691e67645069995ad29 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 19:10:57 +0200 Subject: [PATCH 110/113] Enhance description of umode +S. --- doc/sgml/oper-guide/umodes.sgml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/sgml/oper-guide/umodes.sgml b/doc/sgml/oper-guide/umodes.sgml index 5cbfae740..720e38a6b 100644 --- a/doc/sgml/oper-guide/umodes.sgml +++ b/doc/sgml/oper-guide/umodes.sgml @@ -147,8 +147,10 @@ This umode grants various features useful for services. For example, clients with this umode cannot be kicked or deopped on channels, - do not show channels the querying user is not on in WHOIS, - and do not appear in /stats p. + can send to any channel, do not show channels in WHOIS, + can be the target of services aliases and do not appear in /stats p. + No server notices are sent for hostname changes by services clients; + server notices about kills are sent to snomask +k instead of +s. The exact effects of this umode are variable; no user or oper on From 56023eb2e8854478992703c789ad2d4f0a8cd7fe Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 16 Sep 2008 22:53:44 +0200 Subject: [PATCH 111/113] Add more detail in squit reason for certain invalid NICK/UID/EUID commands. --- modules/core/m_nick.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/modules/core/m_nick.c b/modules/core/m_nick.c index 292d5ca5d..9db4a7702 100644 --- a/modules/core/m_nick.c +++ b/modules/core/m_nick.c @@ -318,6 +318,7 @@ ms_nick(struct Client *client_p, struct Client *source_p, int parc, const char * { struct Client *target_p; time_t newts = 0; + char squitreason[100]; if(parc != 9) { @@ -326,7 +327,10 @@ ms_nick(struct Client *client_p, struct Client *source_p, int parc, const char * "with %d arguments (expecting 9)", client_p->name, parc); ilog(L_SERVER, "Excess parameters (%d) for command 'NICK' from %s.", parc, client_p->name); - exit_client(client_p, client_p, client_p, "Excess parameters to NICK command"); + rb_snprintf(squitreason, sizeof squitreason, + "Excess parameters (%d) to %s command, expecting %d", + parc, "NICK", 9); + exit_client(client_p, client_p, client_p, squitreason); return 0; } @@ -415,7 +419,10 @@ ms_uid(struct Client *client_p, struct Client *source_p, int parc, const char *p "with %d arguments (expecting 10)", client_p->name, parc); ilog(L_SERVER, "Excess parameters (%d) for command 'UID' from %s.", parc, client_p->name); - exit_client(client_p, client_p, client_p, "Excess parameters to UID command"); + rb_snprintf(squitreason, sizeof squitreason, + "Excess parameters (%d) to %s command, expecting %d", + parc, "UID", 10); + exit_client(client_p, client_p, client_p, squitreason); return 0; } @@ -503,7 +510,10 @@ ms_euid(struct Client *client_p, struct Client *source_p, int parc, const char * "with %d arguments (expecting 12)", client_p->name, parc); ilog(L_SERVER, "Excess parameters (%d) for command 'EUID' from %s.", parc, client_p->name); - exit_client(client_p, client_p, client_p, "Excess parameters to EUID command"); + rb_snprintf(squitreason, sizeof squitreason, + "Excess parameters (%d) to %s command, expecting %d", + parc, "EUID", 12); + exit_client(client_p, client_p, client_p, squitreason); return 0; } From d61a1c7e130366cfbc619ffb82d5178bab7958e6 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Wed, 17 Sep 2008 00:21:00 +0200 Subject: [PATCH 112/113] Allow clearing general::kline_reason via a rehash. --- src/s_conf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/s_conf.c b/src/s_conf.c index 9b98fd5ee..11f6f2a9e 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -1231,6 +1231,9 @@ clear_out_old_conf(void) */ /* clean out general */ + rb_free(ConfigFileEntry.kline_reason); + ConfigFileEntry.kline_reason = NULL; + RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head) { rb_free(ptr->data); From fb47b366635fc3ae846c3fe1f63d0b8d99996018 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Wed, 17 Sep 2008 00:24:50 +0200 Subject: [PATCH 113/113] Make sno_globalkline work for servers without kline_reason, but only for temps. --- extensions/sno_globalkline.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/extensions/sno_globalkline.c b/extensions/sno_globalkline.c index 487044ec0..a654c4889 100644 --- a/extensions/sno_globalkline.c +++ b/extensions/sno_globalkline.c @@ -48,4 +48,16 @@ h_gla_client_exit(hook_data_client_exit *hdata) "K/DLINE active for %s[%s@%s]", source_p->name, source_p->username, source_p->host); } + else if (!strncmp(hdata->comment, "Temporary K-line ", 17)) + { + sendto_realops_snomask_from(SNO_GENERAL, L_ALL, source_p->servptr, + "K/DLINE active for %s[%s@%s]", + source_p->name, source_p->username, source_p->host); + } + else if (!strncmp(hdata->comment, "Temporary D-line ", 17)) + { + sendto_realops_snomask_from(SNO_GENERAL, L_ALL, source_p->servptr, + "K/DLINE active for %s[%s@%s]", + source_p->name, source_p->username, source_p->host); + } }