From 4d94f914f8c8e6d3911c842b3fb6a14948021e36 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 16:10:14 +0200 Subject: [PATCH 001/113] chm_operonly extension: use Unreal's numeric (520) irssi still does not recognize this properly, oh well --- extensions/chm_operonly.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/chm_operonly.c b/extensions/chm_operonly.c index b46fd8a..5de15b3 100644 --- a/extensions/chm_operonly.c +++ b/extensions/chm_operonly.c @@ -58,7 +58,7 @@ h_can_join(hook_data_channel *data) struct Channel *chptr = data->chptr; if((chptr->mode.mode & chmode_flags['O']) && !IsOper(source_p)) { - sendto_one_notice(source_p, ":Only IRC Operators could join this channel!"); + sendto_one_numeric(source_p, 520, "%s :Cannot join channel (+O) - you are not an IRC operator", chptr->chname); data->approved = ERR_CUSTOM; } } From b3be8599aa90a40ebdf1b9cbd8b03c6036e677f3 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 17:55:23 +0200 Subject: [PATCH 002/113] Use channel_modes() to convert a new channel's modes to a string. --- modules/core/m_join.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/modules/core/m_join.c b/modules/core/m_join.c index ff4750f..5f8b981 100644 --- a/modules/core/m_join.c +++ b/modules/core/m_join.c @@ -137,6 +137,7 @@ m_join(struct Client *client_p, struct Client *source_p, int parc, const char *p struct ConfItem *aconf; char *name; char *key = NULL; + const char *modes; int i, flags = 0; char *p = NULL, *p2 = NULL; char *chanlist; @@ -341,16 +342,18 @@ m_join(struct Client *client_p, struct Client *source_p, int parc, const char *p chptr->channelts = rb_current_time(); chptr->mode.mode |= MODE_TOPICLIMIT; chptr->mode.mode |= MODE_NOPRIVMSGS; + modes = channel_modes(chptr, &me); - sendto_channel_local(ONLY_CHANOPS, chptr, ":%s MODE %s +nt", - me.name, chptr->chname); + sendto_channel_local(ONLY_CHANOPS, chptr, ":%s MODE %s %s", + me.name, chptr->chname, modes); if(*chptr->chname == '#') { sendto_server(client_p, chptr, CAP_TS6, NOCAPS, - ":%s SJOIN %ld %s +nt :@%s", + ":%s SJOIN %ld %s %s :@%s", me.id, (long) chptr->channelts, - chptr->chname, source_p->id); + chptr->chname, modes, + source_p->id); } } else From 060ea02eec94938954ec38b0815b15445726270c Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 18:11:36 +0200 Subject: [PATCH 003/113] Remove an unnecessary check for &channels -- sendto_server() already does it. --- modules/core/m_join.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/modules/core/m_join.c b/modules/core/m_join.c index 5f8b981..2f51663 100644 --- a/modules/core/m_join.c +++ b/modules/core/m_join.c @@ -347,14 +347,10 @@ m_join(struct Client *client_p, struct Client *source_p, int parc, const char *p sendto_channel_local(ONLY_CHANOPS, chptr, ":%s MODE %s %s", me.name, chptr->chname, modes); - if(*chptr->chname == '#') - { - sendto_server(client_p, chptr, CAP_TS6, NOCAPS, - ":%s SJOIN %ld %s %s :@%s", - me.id, (long) chptr->channelts, - chptr->chname, modes, - source_p->id); - } + sendto_server(client_p, chptr, CAP_TS6, NOCAPS, + ":%s SJOIN %ld %s %s :@%s", + me.id, (long) chptr->channelts, + chptr->chname, modes, source_p->id); } else { From bcd8cc02e12c429c670408c24ddbbaf1186c76d1 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 21:56:05 +0200 Subject: [PATCH 004/113] Fix some part of IPv6 dline checking. --- src/listener.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/listener.c b/src/listener.c index 60289fb..8841558 100644 --- a/src/listener.c +++ b/src/listener.c @@ -512,7 +512,7 @@ accept_precallback(rb_fde_t *F, struct sockaddr *addr, rb_socklen_t addrlen, voi return 0; } - aconf = find_dline(addr, AF_INET); + aconf = find_dline(addr, addr->sa_family); if(aconf != NULL && (aconf->status & CONF_EXEMPTDLINE)) return 1; From 404550224690e516b4eadbe25ab4f33f05ed7d04 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 22:25:17 +0200 Subject: [PATCH 005/113] Fix testline crashes, introduced by the auth_user patch. --- modules/m_testline.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/m_testline.c b/modules/m_testline.c index 993e995..0bcba6e 100644 --- a/modules/m_testline.c +++ b/modules/m_testline.c @@ -193,7 +193,8 @@ mo_testline(struct Client *client_p, struct Client *source_p, int parc, const ch if(aconf && aconf->status & CONF_CLIENT) { sendto_one_numeric(source_p, RPL_STATSILINE, form_str(RPL_STATSILINE), - aconf->name, show_iline_prefix(source_p, aconf, aconf->user), + aconf->name, EmptyString(aconf->spasswd) ? "" : aconf->spasswd, + show_iline_prefix(source_p, aconf, aconf->user), aconf->host, aconf->port, aconf->className); return 0; } From 70747af52417d57b52c4ad7a6b41f9d571f4c682 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 31 Jul 2008 22:47:53 +0200 Subject: [PATCH 006/113] Fix rejectcache and unknown_count. Unfortunately they are checked after SSL setup. --- src/listener.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/listener.c b/src/listener.c index 8841558..b5e7869 100644 --- a/src/listener.c +++ b/src/listener.c @@ -435,9 +435,10 @@ close_listeners() * any client list yet. */ static void -add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl, int exempt) +add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl) { struct Client *new_client; + struct ConfItem *aconf; s_assert(NULL != listener); /* @@ -467,7 +468,9 @@ add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, voi ++listener->ref_count; - if(!exempt) + /* XXX these should be done in accept_precallback */ + aconf = find_dline(sai, sai->sa_family); + if(aconf == NULL || aconf->status & CONF_EXEMPTDLINE) { if(check_reject(new_client)) return; @@ -549,7 +552,7 @@ accept_ssld(rb_fde_t *F, struct sockaddr *addr, struct sockaddr *laddr, struct L rb_fde_t *xF[2]; rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Incoming ssld Connection"); ctl = start_ssld_accept(F, xF[1], rb_get_fd(xF[0])); /* this will close F for us */ - add_connection(listener, xF[0], addr, ctl, 1); + add_connection(listener, xF[0], addr, ctl); } static void @@ -571,5 +574,5 @@ accept_callback(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t add if(listener->ssl) accept_ssld(F, addr, (struct sockaddr *)&lip, listener); else - add_connection(listener, F, addr, NULL, 1); + add_connection(listener, F, addr, NULL); } From d1275a8fd6d1fb76ef0eb67e2be48f5f7208202e Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 1 Aug 2008 01:59:08 +0200 Subject: [PATCH 007/113] Move to ratbox3 reject and throttle code. Throttle replaces max_unknown_ip, reject is like before (including the charybdis-specific unkline handling). Both of these now apply before SSL negotiation. This commit does not include the global_cidr and new dline code. m_webirc is a bit nasty with throttling (unlike before with max_unknown_ip), this may be fixed later (or the webirc IP needs to be exempt{}ed). --- doc/reference.conf | 10 ++- extensions/m_webirc.c | 1 - include/reject.h | 15 ++-- include/s_conf.h | 3 +- modules/m_info.c | 12 +++ modules/m_stats.c | 2 +- src/client.c | 1 - src/listener.c | 23 ++--- src/newconf.c | 3 +- src/reject.c | 195 +++++++++++++++++++++++------------------- src/s_conf.c | 3 +- src/s_serv.c | 1 - src/s_user.c | 1 - 13 files changed, 150 insertions(+), 120 deletions(-) diff --git a/doc/reference.conf b/doc/reference.conf index 4d54480..0b64947 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -1153,10 +1153,14 @@ general { /* reject duration: the amount of time to cache the rejection */ reject_duration = 5 minutes; - /* max_unknown_ip: maximum number of pending connections to the server - * that are allowed per IP address + /* throttle_duration: Amount of time that throttling will be applied to an IP + * address. */ - max_unknown_ip = 2; + throttle_duration = 60; + + /* throttle_count: Number of connections within throttle_duration that it takes + * for throttling to take effect */ + throttle_count = 4; }; modules { diff --git a/extensions/m_webirc.c b/extensions/m_webirc.c index 735be1e..584de67 100644 --- a/extensions/m_webirc.c +++ b/extensions/m_webirc.c @@ -125,7 +125,6 @@ mr_webirc(struct Client *client_p, struct Client *source_p, int parc, const char else rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host)); - del_unknown_ip(source_p); rb_inet_pton_sock(parv[4], (struct sockaddr *)&source_p->localClient->ip); /* Check dlines now, klines will be checked on registration */ diff --git a/include/reject.h b/include/reject.h index 2a36f9a..0f559bc 100644 --- a/include/reject.h +++ b/include/reject.h @@ -3,7 +3,7 @@ * reject.h: header to a file which rejects users with prejudice * * Copyright (C) 2003 Aaron Sethman - * Copyright (C) 2003-2004 ircd-ratbox development team + * Copyright (C) 2003-2005 ircd-ratbox development team * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,11 +17,11 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * USA * * - * $Id: reject.h 3446 2007-05-14 22:21:16Z jilles $ + * $Id: reject.h 25056 2008-02-06 20:47:40Z androsyn $ */ #ifndef INCLUDED_reject_h #define INCLUDED_reject_h @@ -29,17 +29,16 @@ /* amount of time to delay a rejected clients exit */ #define DELAYED_EXIT_TIME 10 -extern rb_dlink_list delay_exit; - void init_reject(void); -int check_reject(struct Client *); +int check_reject(rb_fde_t *F, struct sockaddr *addr); void add_reject(struct Client *, const char *mask1, const char *mask2); void flush_reject(void); int remove_reject_ip(const char *ip); int remove_reject_mask(const char *mask1, const char *mask2); +unsigned long delay_exit_length(void); + +int throttle_add(struct sockaddr *addr); -int add_unknown_ip(struct Client *client_p); -void del_unknown_ip(struct Client *client_p); #endif diff --git a/include/s_conf.h b/include/s_conf.h index 8ce8f01..5e6834f 100644 --- a/include/s_conf.h +++ b/include/s_conf.h @@ -210,12 +210,13 @@ struct config_file_entry int reject_ban_time; int reject_after_count; int reject_duration; + int throttle_count; + int throttle_duration; int target_change; int collision_fnc; int default_umodes; int global_snotices; int operspy_dont_care_user_info; - int max_unknown_ip; }; struct config_channel_entry diff --git a/modules/m_info.c b/modules/m_info.c index 870fe12..03671b4 100644 --- a/modules/m_info.c +++ b/modules/m_info.c @@ -446,6 +446,18 @@ static struct InfoStruct info_table[] = { &ConfigFileEntry.stats_y_oper_only, "STATS Y is only shown to operators", }, + { + "throttle_count", + OUTPUT_DECIMAL, + &ConfigFileEntry.throttle_count, + "Connection throttle threshold", + }, + { + "throttle_duration", + OUTPUT_DECIMAL, + &ConfigFileEntry.throttle_duration, + "Connection throttle duration", + }, { "tkline_expire_notices", OUTPUT_BOOLEAN, diff --git a/modules/m_stats.c b/modules/m_stats.c index 92fc3f2..b5738a7 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -875,7 +875,7 @@ stats_tstats (struct Client *source_p) "T :accepts %u refused %u", sp.is_ac, sp.is_ref); sendto_one_numeric(source_p, RPL_STATSDEBUG, "T :rejected %u delaying %lu", - sp.is_rej, rb_dlink_list_length(&delay_exit)); + sp.is_rej, delay_exit_length()); sendto_one_numeric(source_p, RPL_STATSDEBUG, "T :nicks being delayed %lu", get_nd_count()); diff --git a/src/client.c b/src/client.c index a1fd820..8e8dd68 100644 --- a/src/client.c +++ b/src/client.c @@ -1280,7 +1280,6 @@ exit_unknown_client(struct Client *client_p, struct Client *source_p, struct Cli delete_resolver_queries(source_p->localClient->dnsquery); rb_free(source_p->localClient->dnsquery); } - del_unknown_ip(source_p); rb_dlinkDelete(&source_p->localClient->tnode, &unknown_list); if(!IsIOError(source_p)) diff --git a/src/listener.c b/src/listener.c index b5e7869..0849ab6 100644 --- a/src/listener.c +++ b/src/listener.c @@ -438,7 +438,6 @@ static void add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl) { struct Client *new_client; - struct ConfItem *aconf; s_assert(NULL != listener); /* @@ -468,19 +467,11 @@ add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, voi ++listener->ref_count; - /* XXX these should be done in accept_precallback */ - aconf = find_dline(sai, sai->sa_family); - if(aconf == NULL || aconf->status & CONF_EXEMPTDLINE) - { - if(check_reject(new_client)) - return; - if(add_unknown_ip(new_client)) - return; - } - start_auth(new_client); } +static const char *toofast = "ERROR :Reconnecting too fast, throttled.\r\n"; + static int accept_precallback(rb_fde_t *F, struct sockaddr *addr, rb_socklen_t addrlen, void *data) { @@ -542,6 +533,16 @@ accept_precallback(rb_fde_t *F, struct sockaddr *addr, rb_socklen_t addrlen, voi return 0; } + if(check_reject(F, addr)) + return 0; + + if(throttle_add(addr)) + { + rb_write(F, toofast, strlen(toofast)); + rb_close(F); + return 0; + } + return 1; } diff --git a/src/newconf.c b/src/newconf.c index 92671f3..ed2dd9d 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -2064,7 +2064,6 @@ static struct ConfEntry conf_general_table[] = { "max_nick_time", CF_TIME, NULL, 0, &ConfigFileEntry.max_nick_time }, { "max_nick_changes", CF_INT, NULL, 0, &ConfigFileEntry.max_nick_changes }, { "max_targets", CF_INT, NULL, 0, &ConfigFileEntry.max_targets }, - { "max_unknown_ip", CF_INT, NULL, 0, &ConfigFileEntry.max_unknown_ip }, { "min_nonwildcard", CF_INT, NULL, 0, &ConfigFileEntry.min_nonwildcard }, { "nick_delay", CF_TIME, NULL, 0, &ConfigFileEntry.nick_delay }, { "no_oper_flood", CF_YESNO, NULL, 0, &ConfigFileEntry.no_oper_flood }, @@ -2076,6 +2075,8 @@ static struct ConfEntry conf_general_table[] = { "reject_after_count", CF_INT, NULL, 0, &ConfigFileEntry.reject_after_count }, { "reject_ban_time", CF_TIME, NULL, 0, &ConfigFileEntry.reject_ban_time }, { "reject_duration", CF_TIME, NULL, 0, &ConfigFileEntry.reject_duration }, + { "throttle_count", CF_INT, NULL, 0, &ConfigFileEntry.throttle_count }, + { "throttle_duration", CF_TIME, NULL, 0, &ConfigFileEntry.throttle_duration }, { "short_motd", CF_YESNO, NULL, 0, &ConfigFileEntry.short_motd }, { "stats_c_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_c_oper_only }, { "stats_e_disabled", CF_YESNO, NULL, 0, &ConfigFileEntry.stats_e_disabled }, diff --git a/src/reject.c b/src/reject.c index d2422a4..87ec318 100644 --- a/src/reject.c +++ b/src/reject.c @@ -17,70 +17,79 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * USA * - * $Id: reject.c 3456 2007-05-18 19:14:18Z jilles $ + * $Id: reject.c 25119 2008-03-13 16:57:05Z androsyn $ */ #include "stdinc.h" -#include "config.h" #include "client.h" #include "s_conf.h" #include "reject.h" #include "s_stats.h" -#include "msg.h" +#include "ircd.h" +#include "send.h" +#include "numeric.h" +#include "parse.h" +#include "hostmask.h" +#include "match.h" #include "hash.h" +static rb_patricia_tree_t *global_tree; static rb_patricia_tree_t *reject_tree; -rb_dlink_list delay_exit; +static rb_dlink_list delay_exit; static rb_dlink_list reject_list; +static rb_dlink_list throttle_list; +static rb_patricia_tree_t *throttle_tree; +static void throttle_expires(void *unused); -static rb_patricia_tree_t *unknown_tree; -struct reject_data +typedef struct _reject_data { rb_dlink_node rnode; time_t time; unsigned int count; uint32_t mask_hashv; -}; +} reject_t; + +typedef struct _delay_data +{ + rb_dlink_node node; + rb_fde_t *F; +} delay_t; + +typedef struct _throttle +{ + rb_dlink_node node; + time_t last; + int count; +} throttle_t; + +unsigned long +delay_exit_length(void) +{ + return rb_dlink_list_length(&delay_exit); +} static void reject_exit(void *unused) { - struct Client *client_p; rb_dlink_node *ptr, *ptr_next; - + delay_t *ddata; + static const char *errbuf = "ERROR :Closing Link: (*** Banned (cache))\r\n"; + RB_DLINK_FOREACH_SAFE(ptr, ptr_next, delay_exit.head) { - client_p = ptr->data; - if(IsDead(client_p)) - continue; + ddata = ptr->data; - /* this MUST be here, to prevent the possibility - * sendto_one() generates a write error, and then a client - * ends up on the dead_list and the abort_list --fl - * - * new disconnect notice stolen from ircu --nenolod - * no, this only happens when someone's IP has some - * ban on it and rejects them rather longer than the - * ircu message suggests --jilles - */ - if(!IsIOError(client_p)) - { - if(IsExUnknown(client_p)) - sendto_one(client_p, "ERROR :Closing Link: %s (*** Too many unknown connections)", client_p->host); - else - sendto_one(client_p, "ERROR :Closing Link: %s (*** Banned (cache))", client_p->host); - } - close_connection(client_p); - SetDead(client_p); - rb_dlinkAddAlloc(client_p, &dead_list); + rb_write(ddata->F, errbuf, strlen(errbuf)); + rb_close(ddata->F); + rb_free(ddata); } - delay_exit.head = delay_exit.tail = NULL; - delay_exit.length = 0; + delay_exit.head = delay_exit.tail = NULL; + delay_exit.length = 0; } static void @@ -88,7 +97,7 @@ reject_expires(void *unused) { rb_dlink_node *ptr, *next; rb_patricia_node_t *pnode; - struct reject_data *rdata; + reject_t *rdata; RB_DLINK_FOREACH_SAFE(ptr, next, reject_list.head) { @@ -108,9 +117,10 @@ void init_reject(void) { reject_tree = rb_new_patricia(PATRICIA_BITS); - unknown_tree = rb_new_patricia(PATRICIA_BITS); + throttle_tree = rb_new_patricia(PATRICIA_BITS); rb_event_add("reject_exit", reject_exit, NULL, DELAYED_EXIT_TIME); rb_event_add("reject_expires", reject_expires, NULL, 60); + rb_event_add("throttle_expires", throttle_expires, NULL, 10); } @@ -118,18 +128,18 @@ void add_reject(struct Client *client_p, const char *mask1, const char *mask2) { rb_patricia_node_t *pnode; - struct reject_data *rdata; + reject_t *rdata; uint32_t hashv; /* Reject is disabled */ - if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0) + if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_duration == 0) return; hashv = 0; if (mask1 != NULL) - hashv ^= fnv_hash_upper(mask1, 32); + hashv ^= fnv_hash_upper((const unsigned char *)mask1, 32); if (mask2 != NULL) - hashv ^= fnv_hash_upper(mask2, 32); + hashv ^= fnv_hash_upper((const unsigned char *)mask2, 32); if((pnode = rb_match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL) { @@ -141,11 +151,11 @@ add_reject(struct Client *client_p, const char *mask1, const char *mask2) { int bitlen = 32; #ifdef RB_IPV6 - if(client_p->localClient->ip.ss_family == AF_INET6) + if(GET_SS_FAMILY(&client_p->localClient->ip) == AF_INET6) bitlen = 128; #endif pnode = make_and_lookup_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip, bitlen); - pnode->data = rdata = rb_malloc(sizeof(struct reject_data)); + pnode->data = rdata = rb_malloc(sizeof(reject_t)); rb_dlinkAddTail(pnode, &rdata->rnode, &reject_list); rdata->time = rb_current_time(); rdata->count = 1; @@ -154,29 +164,28 @@ add_reject(struct Client *client_p, const char *mask1, const char *mask2) } int -check_reject(struct Client *client_p) +check_reject(rb_fde_t *F, struct sockaddr *addr) { rb_patricia_node_t *pnode; - struct reject_data *rdata; - + reject_t *rdata; + delay_t *ddata; /* Reject is disabled */ - if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0 || - ConfigFileEntry.reject_duration == 0) + if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_duration == 0) return 0; - pnode = rb_match_ip(reject_tree, (struct sockaddr *)&client_p->localClient->ip); + pnode = rb_match_ip(reject_tree, addr); if(pnode != NULL) { rdata = pnode->data; rdata->time = rb_current_time(); - if(rdata->count > ConfigFileEntry.reject_after_count) + if(rdata->count > (unsigned long)ConfigFileEntry.reject_after_count) { + ddata = rb_malloc(sizeof(delay_t)); ServerStats.is_rej++; - SetReject(client_p); - rb_setselect(client_p->localClient->F, RB_SELECT_WRITE | RB_SELECT_READ, NULL, NULL); - SetClosing(client_p); - rb_dlinkMoveNode(&client_p->localClient->tnode, &unknown_list, &delay_exit); + rb_setselect(F, RB_SELECT_WRITE | RB_SELECT_READ, NULL, NULL); + ddata->F = F; + rb_dlinkAdd(ddata, &ddata->node, &delay_exit); return 1; } } @@ -189,7 +198,7 @@ flush_reject(void) { rb_dlink_node *ptr, *next; rb_patricia_node_t *pnode; - struct reject_data *rdata; + reject_t *rdata; RB_DLINK_FOREACH_SAFE(ptr, next, reject_list.head) { @@ -207,13 +216,12 @@ remove_reject_ip(const char *ip) rb_patricia_node_t *pnode; /* Reject is disabled */ - if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_ban_time == 0 || - ConfigFileEntry.reject_duration == 0) + if(ConfigFileEntry.reject_after_count == 0 || ConfigFileEntry.reject_duration == 0) return -1; if((pnode = rb_match_string(reject_tree, ip)) != NULL) { - struct reject_data *rdata = pnode->data; + reject_t *rdata = pnode->data; rb_dlinkDelete(&rdata->rnode, &reject_list); rb_free(rdata); rb_patricia_remove(reject_tree, pnode); @@ -227,15 +235,15 @@ remove_reject_mask(const char *mask1, const char *mask2) { rb_dlink_node *ptr, *next; rb_patricia_node_t *pnode; - struct reject_data *rdata; + reject_t *rdata; uint32_t hashv; int n = 0; hashv = 0; if (mask1 != NULL) - hashv ^= fnv_hash_upper(mask1, 32); + hashv ^= fnv_hash_upper((const unsigned char *)mask1, 32); if (mask2 != NULL) - hashv ^= fnv_hash_upper(mask2, 32); + hashv ^= fnv_hash_upper((const unsigned char *)mask2, 32); RB_DLINK_FOREACH_SAFE(ptr, next, reject_list.head) { pnode = ptr->data; @@ -251,50 +259,57 @@ remove_reject_mask(const char *mask1, const char *mask2) return n; } - int -add_unknown_ip(struct Client *client_p) +throttle_add(struct sockaddr *addr) { + throttle_t *t; rb_patricia_node_t *pnode; - if((pnode = rb_match_ip(unknown_tree, (struct sockaddr *)&client_p->localClient->ip)) == NULL) + if((pnode = rb_match_ip(throttle_tree, addr)) != NULL) { + t = pnode->data; + + if(t->count > ConfigFileEntry.throttle_count) + return 1; + + /* Stop penalizing them after they've been throttled */ + t->last = rb_current_time(); + t->count++; + + } else { int bitlen = 32; #ifdef RB_IPV6 - if(client_p->localClient->ip.ss_family == AF_INET6) + if(GET_SS_FAMILY(addr) == AF_INET6) bitlen = 128; #endif - pnode = make_and_lookup_ip(unknown_tree, (struct sockaddr *)&client_p->localClient->ip, bitlen); - pnode->data = (void *)0; - } - - if((unsigned long)pnode->data >= ConfigFileEntry.max_unknown_ip) - { - SetExUnknown(client_p); - SetReject(client_p); - rb_setselect(client_p->localClient->F, RB_SELECT_WRITE | RB_SELECT_READ, NULL, NULL); - SetClosing(client_p); - rb_dlinkMoveNode(&client_p->localClient->tnode, &unknown_list, &delay_exit); - return 1; - } - - pnode->data = (void *)((unsigned long)pnode->data + 1); - + t = rb_malloc(sizeof(throttle_t)); + t->last = rb_current_time(); + t->count = 1; + pnode = make_and_lookup_ip(throttle_tree, addr, bitlen); + pnode->data = t; + rb_dlinkAdd(pnode, &t->node, &throttle_list); + } return 0; } -void -del_unknown_ip(struct Client *client_p) +static void +throttle_expires(void *unused) { + rb_dlink_node *ptr, *next; rb_patricia_node_t *pnode; - - if((pnode = rb_match_ip(unknown_tree, (struct sockaddr *)&client_p->localClient->ip)) != NULL) + throttle_t *t; + + RB_DLINK_FOREACH_SAFE(ptr, next, throttle_list.head) { - pnode->data = (void *)((unsigned long)pnode->data - 1); - if((unsigned long)pnode->data <= 0) - { - rb_patricia_remove(unknown_tree, pnode); - } + pnode = ptr->data; + t = pnode->data; + + if(t->last + ConfigFileEntry.throttle_duration > rb_current_time()) + continue; + + rb_dlinkDelete(ptr, &throttle_list); + rb_free(t); + rb_patricia_remove(throttle_tree, pnode); } - /* this can happen due to m_webirc.c's manipulations, for example */ } + diff --git a/src/s_conf.c b/src/s_conf.c index f27c6ab..71f1c56 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -820,7 +820,8 @@ set_default_conf(void) ConfigFileEntry.reject_after_count = 5; ConfigFileEntry.reject_ban_time = 300; ConfigFileEntry.reject_duration = 120; - ConfigFileEntry.max_unknown_ip = 2; + ConfigFileEntry.throttle_count = 4; + ConfigFileEntry.throttle_duration = 60; ServerInfo.default_max_clients = MAXCONNECTIONS; } diff --git a/src/s_serv.c b/src/s_serv.c index daff36c..e29fdba 100644 --- a/src/s_serv.c +++ b/src/s_serv.c @@ -760,7 +760,6 @@ server_estab(struct Client *client_p) set_chcap_usage_counts(client_p); rb_dlinkAdd(client_p, &client_p->lnode, &me.serv->servers); - del_unknown_ip(client_p); rb_dlinkMoveNode(&client_p->localClient->tnode, &unknown_list, &serv_list); rb_dlinkAddTailAlloc(client_p, &global_serv_list); diff --git a/src/s_user.c b/src/s_user.c index 6407c05..57f3432 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -527,7 +527,6 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char Count.invisi++; s_assert(!IsClient(source_p)); - del_unknown_ip(source_p); rb_dlinkMoveNode(&source_p->localClient->tnode, &unknown_list, &lclient_list); SetClient(source_p); From c3a82957dbb750bea1d83f3e32ffa187a8b5faf3 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 1 Aug 2008 02:54:36 +0200 Subject: [PATCH 008/113] Update example.conf for max_unknown_ip->throttle. --- doc/example.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/example.conf b/doc/example.conf index 5e02e0d..48df57c 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -460,7 +460,8 @@ general { reject_ban_time = 1 minute; reject_after_count = 3; reject_duration = 5 minutes; - max_unknown_ip = 2; + throttle_duration = 60; + throttle_count = 4; }; modules { From 1f025cc3bf3b1bab10e4d79c4c7346258448328d Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 1 Aug 2008 17:00:00 -0500 Subject: [PATCH 009/113] rb_setup_fd_ports(): use correct prototype. --- libratbox/src/ports.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libratbox/src/ports.c b/libratbox/src/ports.c index 2bfcbbe..353b07b 100644 --- a/libratbox/src/ports.c +++ b/libratbox/src/ports.c @@ -45,7 +45,7 @@ static port_event_t *pelst; /* port buffer */ static int pemax; /* max structs to buffer */ int -rb_setup_fd_ports(int fd) +rb_setup_fd_ports(rb_fde_t *F) { return 0; } From d7e75f0ab93c35017caba257fa960e70292624e6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 1 Aug 2008 17:02:58 -0500 Subject: [PATCH 010/113] Add *sunos* conditional to solaris section for opensolaris, and add -D_XPG4_2 -D__EXTENSIONS__ to CFLAGS on these platforms. --- libratbox/configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libratbox/configure.ac b/libratbox/configure.ac index 86588c8..c6c40e5 100644 --- a/libratbox/configure.ac +++ b/libratbox/configure.ac @@ -80,7 +80,8 @@ case "$host_os" in CPPFLAGS="$CFLAGS -D_ALL_SOURCE -D_XOPEN_SOURCE=500" ;; *solaris*) - CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS" +*sunos*) + CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS -D_XPG4_2 -D__EXTENSIONS__" ;; *) ;; From 63ae37ccd1befa755f7dc0a505ec286df750c03e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 1 Aug 2008 17:03:18 -0500 Subject: [PATCH 011/113] Rerun autoconf. --- libratbox/configure | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libratbox/configure b/libratbox/configure index af408af..ab3c1ed 100755 --- a/libratbox/configure +++ b/libratbox/configure @@ -21357,7 +21357,8 @@ fi CPPFLAGS="$CFLAGS -D_ALL_SOURCE -D_XOPEN_SOURCE=500" ;; *solaris*) - CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS" +*sunos*) + CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS -D_XPG4_2 -D__EXTENSIONS__" ;; *) ;; From 4a387e786a9d2189ac27204206bc10be940233d3 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 2 Aug 2008 02:09:16 +0200 Subject: [PATCH 012/113] Fix shell syntax. --- libratbox/configure.ac | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libratbox/configure.ac b/libratbox/configure.ac index c6c40e5..b51ecb1 100644 --- a/libratbox/configure.ac +++ b/libratbox/configure.ac @@ -79,8 +79,7 @@ case "$host_os" in *interix*) CPPFLAGS="$CFLAGS -D_ALL_SOURCE -D_XOPEN_SOURCE=500" ;; -*solaris*) -*sunos*) +*solaris*|*sunos*) CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS -D_XPG4_2 -D__EXTENSIONS__" ;; *) From b62765e9a93bdadbfac99177968ae6bcc0525295 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 2 Aug 2008 02:09:23 +0200 Subject: [PATCH 013/113] Rerun autoconf. --- libratbox/configure | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libratbox/configure b/libratbox/configure index ab3c1ed..c0875e3 100755 --- a/libratbox/configure +++ b/libratbox/configure @@ -21356,8 +21356,7 @@ fi *interix*) CPPFLAGS="$CFLAGS -D_ALL_SOURCE -D_XOPEN_SOURCE=500" ;; -*solaris*) -*sunos*) +*solaris*|*sunos*) CPPFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS -D_XPG4_2 -D__EXTENSIONS__" ;; *) From 4d2ae0d06200bddfe97ff81e3ce0b1f0135ca64f Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 01:34:59 +0400 Subject: [PATCH 014/113] added privilege system and some new hooks in TODO --- TODO | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/TODO b/TODO index 77198bf..66ca953 100644 --- a/TODO +++ b/TODO @@ -22,10 +22,9 @@ [ ] acknowledgement message for SSL users like '* *** You are connected using SSL cipher "DHE RSA-AES 128 CBC-SHA"' [x] tool for generating ssl certificates and other stuff [x] gnutls backend for at least SSL connections (replacing libcrypto use in m_challenge would be nice too) -[/] merge some stuff from ircd-seven directly (to be determined what) +[x] merge some stuff from ircd-seven directly (to be determined what) [x] remote d:lines support [x] PASS selector:password for auth{} (useful for dynamic IPs) - [ ] +C (noctcp) channel/usermode [F] kline/xline/resv sync [F] make an ability of using bandb instead of .conf files as bans storage [x] drop non-TS6 (legacy protocol) support @@ -36,10 +35,21 @@ [x] some example modules [ ] think on how could we append privilege checking for simple chmode - like chm_staff, but additionaly limited (e. g. IsOperResv etc); possibly move the same code for all functions into separated one and make it extern? + another idea is too make that work with privilege groups, like "serveradmins" or "ircops" [ ] make nick/user/host validation functions/match tables able to work in separated modules, this will help us making support for native characters sets/slashes in host etc [ ] auth checker module [ ] resolver module + [ ] hooks + [ ] can_kick + which modules could we add in charybdis distro? + [ ] can_send_channel + [?] +C (ctcp) + [ ] can_send_user + [?] +C (ctcp) + [ ] privilege system for privilege groups, something like + in .conf: helper { kill_global, rehash, kline_local } + in modules: privilege_add("kill_global"), has_privilege("kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely [/] Bug fixes [x] Compilation without zlib headers fails - fixed From f48c47b76e9322f760a048527284b47173b7e6ee Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 01:37:18 +0400 Subject: [PATCH 015/113] oups, missed param for has_privilege example function in TODO --- TODO | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TODO b/TODO index 66ca953..445d05c 100644 --- a/TODO +++ b/TODO @@ -49,7 +49,7 @@ [?] +C (ctcp) [ ] privilege system for privilege groups, something like in .conf: helper { kill_global, rehash, kline_local } - in modules: privilege_add("kill_global"), has_privilege("kill_global") etc, should work the way dynamic cflags/umodes done + in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely [/] Bug fixes [x] Compilation without zlib headers fails - fixed From bee0998d33f9cc16a066e5f47840db9b5575c7bb Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 21:45:30 +0400 Subject: [PATCH 016/113] Removed global_tree declaration as unused from reject.c --- src/reject.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/reject.c b/src/reject.c index 87ec318..b5035c6 100644 --- a/src/reject.c +++ b/src/reject.c @@ -36,7 +36,6 @@ #include "match.h" #include "hash.h" -static rb_patricia_tree_t *global_tree; static rb_patricia_tree_t *reject_tree; static rb_dlink_list delay_exit; static rb_dlink_list reject_list; From fba62b015135e39d2c6261b37c9d7f93f551d578 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 21:51:15 +0400 Subject: [PATCH 017/113] Moved extern chmode_flags declaration from channel.h to chmode.h, as it's actually declared in the second one --- include/channel.h | 2 -- include/chmode.h | 2 ++ src/channel.c | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/channel.h b/include/channel.h index 236f49c..b4da1b6 100644 --- a/include/channel.h +++ b/include/channel.h @@ -255,8 +255,6 @@ extern void send_cap_mode_changes(struct Client *client_p, struct Client *source extern void set_channel_mode(struct Client *client_p, struct Client *source_p, struct Channel *chptr, struct membership *msptr, int parc, const char *parv[]); -extern int chmode_flags[256]; - extern struct ChannelMode chmode_table[256]; extern int add_id(struct Client *source_p, struct Channel *chptr, const char *banid, diff --git a/include/chmode.h b/include/chmode.h index e3b386b..a9c04a6 100644 --- a/include/chmode.h +++ b/include/chmode.h @@ -34,6 +34,8 @@ */ #define ERR_CUSTOM 1000 +extern int chmode_flags[256]; + extern void chm_nosuch(struct Client *source_p, struct Channel *chptr, int alevel, int parc, int *parn, const char **parv, int *errors, int dir, char c, long mode_type); diff --git a/src/channel.c b/src/channel.c index e3e2c06..52e4b50 100644 --- a/src/channel.c +++ b/src/channel.c @@ -26,6 +26,7 @@ #include "stdinc.h" #include "channel.h" +#include "chmode.h" #include "client.h" #include "common.h" #include "hash.h" From c870fa9f9ad1e925cea30f8afbc3eebbb5d1c2f8 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 4 Aug 2008 21:59:58 +0400 Subject: [PATCH 018/113] Restricted +O (operonly) channel mode to be set only by ircops (chm_staff) --- extensions/chm_operonly.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/chm_operonly.c b/extensions/chm_operonly.c index 5de15b3..4912e5a 100644 --- a/extensions/chm_operonly.c +++ b/extensions/chm_operonly.c @@ -28,7 +28,7 @@ _modinit(void) { /* add the channel mode to the available slot */ chmode_table['O'].mode_type = find_cflag_slot(); - chmode_table['O'].set_func = chm_simple; + chmode_table['O'].set_func = chm_staff; construct_noparam_modes(); From 94c100153cdcb68de04e28ac739c516dbbc95450 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 6 Aug 2008 23:12:02 +0400 Subject: [PATCH 019/113] from ircd-ratbox r25799 by androsyn: give a bit more info when libratbox calls logging callbacks --- src/ircd.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/ircd.c b/src/ircd.c index cd20e75..371d2b4 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -447,12 +447,13 @@ setup_corefile(void) static void ircd_log_cb(const char *str) { - ilog(L_MAIN, "%s", str); + ilog(L_MAIN, "libratbox reports: %s", str); } static void ircd_restart_cb(const char *str) { + ilog(L_MAIN, "libratbox has called the restart callback: %s", str); restart(str); } @@ -469,9 +470,11 @@ ircd_die_cb(const char *str) if(str != NULL) { /* Try to get the message out to currently logged in operators. */ - sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "Server panic! %s", str); - inotice("server panic: %s", str); + sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, "libratbox has called the die callback..aborting: %s", str); + inotice("libratbox has called the die callback..aborting: %s", str); } + else + ilog(L_MAIN, "libratbox has called the die callback..aborting"); unlink(pidFileName); exit(EXIT_FAILURE); From b01b826d266c4abd3cf2bb73d97c0d6cd3707bf9 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 6 Aug 2008 23:57:45 +0400 Subject: [PATCH 020/113] ilog -> inotice in ircd_restart_cb (ircd.c) --- CREDITS | 2 +- TODO | 1 + src/ircd.c | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CREDITS b/CREDITS index 97d1e95..8e19bad 100644 --- a/CREDITS +++ b/CREDITS @@ -7,7 +7,7 @@ network configurations. The charybdis core team is listed in nick-alphabetical order: -dwr, Valery Yatsko +dwr, Valery Yatsko gxti, Michael Tharp jilles, Jilles Tjoelker nenolod, William Pitcock diff --git a/TODO b/TODO index 445d05c..065879a 100644 --- a/TODO +++ b/TODO @@ -29,6 +29,7 @@ [F] make an ability of using bandb instead of .conf files as bans storage [x] drop non-TS6 (legacy protocol) support [F] Doxygen code documentation +[?] Patch or core-feature - libguess on-fly any-charset-to-utf8 translation [/] module engine rework [/] more beautiful way of adding new channel modes by module [x] basic functionality diff --git a/src/ircd.c b/src/ircd.c index 371d2b4..9089ae8 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -453,7 +453,7 @@ ircd_log_cb(const char *str) static void ircd_restart_cb(const char *str) { - ilog(L_MAIN, "libratbox has called the restart callback: %s", str); + inotice(L_MAIN, "libratbox has called the restart callback: %s", str); restart(str); } @@ -474,7 +474,7 @@ ircd_die_cb(const char *str) inotice("libratbox has called the die callback..aborting: %s", str); } else - ilog(L_MAIN, "libratbox has called the die callback..aborting"); + inotice(L_MAIN, "libratbox has called the die callback..aborting"); unlink(pidFileName); exit(EXIT_FAILURE); From a0775df0ed008df53f5ad813d7f80ad56320ac1c Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Fri, 8 Aug 2008 20:01:52 +0400 Subject: [PATCH 021/113] fixed typo in sslproc.c --- src/sslproc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sslproc.c b/src/sslproc.c index 5c2b466..4f9af8b 100644 --- a/src/sslproc.c +++ b/src/sslproc.c @@ -234,7 +234,7 @@ start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, co if(ssld_spin_count > 20 && (rb_current_time() - last_spin < 5)) { - ilog(L_MAIN, "ssld helper is spinning - will attempt to restart in 5 minutes"); + ilog(L_MAIN, "ssld helper is spinning - will attempt to restart in 1 minute"); sendto_realops_snomask(SNO_GENERAL, L_ALL, "ssld helper is spinning - will attempt to restart in 1 minute"); rb_event_add("restart_ssld_event", restart_ssld_event, NULL, 60); ssld_wait = 1; From 3ae41b440a9c636d58dcd8d8a5994ef7d5ac3a3d Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Fri, 8 Aug 2008 20:06:00 +0400 Subject: [PATCH 022/113] TODO: test suite as in ircu? should include configuration files & certificates for setting up local debug network containing 3 servers in it + possibly configuration file for test services (atheme)? --- TODO | 1 + 1 file changed, 1 insertion(+) diff --git a/TODO b/TODO index 065879a..8dd0cb9 100644 --- a/TODO +++ b/TODO @@ -52,6 +52,7 @@ in .conf: helper { kill_global, rehash, kline_local } in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely +[?] test suite as in ircu [/] Bug fixes [x] Compilation without zlib headers fails - fixed [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage From ade4ed6379af39e9a016fe06a46aea9d2f9cd815 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 9 Aug 2008 15:38:31 +0200 Subject: [PATCH 023/113] Add conf files to be used for automated testing. --- testsuite/ircd.conf.1 | 92 +++++++++++++++++++++++++++++++++++++++++++ testsuite/ircd.conf.2 | 92 +++++++++++++++++++++++++++++++++++++++++++ testsuite/ircd.conf.3 | 92 +++++++++++++++++++++++++++++++++++++++++++ testsuite/startall.sh | 8 ++++ 4 files changed, 284 insertions(+) create mode 100644 testsuite/ircd.conf.1 create mode 100644 testsuite/ircd.conf.2 create mode 100644 testsuite/ircd.conf.3 create mode 100755 testsuite/startall.sh diff --git a/testsuite/ircd.conf.1 b/testsuite/ircd.conf.1 new file mode 100644 index 0000000..a91ecd1 --- /dev/null +++ b/testsuite/ircd.conf.1 @@ -0,0 +1,92 @@ +loadmodule "extensions/extb_account.so"; +loadmodule "extensions/extb_channel.so"; +loadmodule "extensions/extb_oper.so"; +loadmodule "extensions/extb_realname.so"; +loadmodule "extensions/extb_server.so"; +#loadmodule "extensions/ip_cloaking.so"; +loadmodule "extensions/sno_farconnect.so"; +loadmodule "extensions/sno_globalkline.so"; +#loadmodule "extensions/sno_globaloper.so"; + +serverinfo { + name = "testsuite1."; + sid = "1TT"; + description = "Testsuite"; + network_name = "Testsuite"; + network_desc = "Testing"; + hub = yes; + vhost = "127.0.0.1"; +}; + +admin { + name = "Here"; + description = "Charybdis testsuite server"; + email = "root@localhost"; +}; + +class "users" { + ping_time = 5 minutes; + number_per_ip = 100; + max_number = 200; + sendq = 100kb; +}; + +class "server" { + ping_time = 5 minutes; + connectfreq = 5 minutes; + max_number = 3; + sendq = 5 megabytes; +}; + +listen { host = "127.0.0.1"; port = 7601; }; + +auth { user = "*@127.0.0.0/8"; class = "users"; }; + +operator "oper" { + user = "*@127.0.0.0/8"; + password = "oper"; + flags = global_kill, remote, kline, unkline, nick_changes, + die, rehash, admin, xline, operwall, oper_spy, ~encrypted; +}; + +connect "testsuite2." { + host = "127.0.0.1"; + port = 7602; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +connect "testsuite3." { + host = "127.0.0.1"; + port = 7603; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +shared { + oper = "*@*", "*"; + flags = all; +}; + +alias "NickServ" { + target = "NickServ"; +}; +alias "ChanServ" { + target = "ChanServ"; +}; +alias "OperServ" { + target = "OperServ"; +}; +alias "MemoServ" { + target = "MemoServ"; +}; + +service { + name = "services."; +}; diff --git a/testsuite/ircd.conf.2 b/testsuite/ircd.conf.2 new file mode 100644 index 0000000..184f052 --- /dev/null +++ b/testsuite/ircd.conf.2 @@ -0,0 +1,92 @@ +loadmodule "extensions/extb_account.so"; +loadmodule "extensions/extb_channel.so"; +loadmodule "extensions/extb_oper.so"; +loadmodule "extensions/extb_realname.so"; +loadmodule "extensions/extb_server.so"; +#loadmodule "extensions/ip_cloaking.so"; +loadmodule "extensions/sno_farconnect.so"; +loadmodule "extensions/sno_globalkline.so"; +#loadmodule "extensions/sno_globaloper.so"; + +serverinfo { + name = "testsuite2."; + sid = "2TT"; + description = "Testsuite"; + network_name = "Testsuite"; + network_desc = "Testing"; + hub = yes; + vhost = "127.0.0.1"; +}; + +admin { + name = "Here"; + description = "Charybdis testsuite server"; + email = "root@localhost"; +}; + +class "users" { + ping_time = 5 minutes; + number_per_ip = 100; + max_number = 200; + sendq = 100kb; +}; + +class "server" { + ping_time = 5 minutes; + connectfreq = 5 minutes; + max_number = 3; + sendq = 5 megabytes; +}; + +listen { host = "127.0.0.1"; port = 7602; }; + +auth { user = "*@127.0.0.0/8"; class = "users"; }; + +operator "oper" { + user = "*@127.0.0.0/8"; + password = "oper"; + flags = global_kill, remote, kline, unkline, nick_changes, + die, rehash, admin, xline, operwall, oper_spy, ~encrypted; +}; + +connect "testsuite1." { + host = "127.0.0.1"; + port = 7601; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +connect "testsuite3." { + host = "127.0.0.1"; + port = 7603; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +shared { + oper = "*@*", "*"; + flags = all; +}; + +alias "NickServ" { + target = "NickServ"; +}; +alias "ChanServ" { + target = "ChanServ"; +}; +alias "OperServ" { + target = "OperServ"; +}; +alias "MemoServ" { + target = "MemoServ"; +}; + +service { + name = "services."; +}; diff --git a/testsuite/ircd.conf.3 b/testsuite/ircd.conf.3 new file mode 100644 index 0000000..cb8f379 --- /dev/null +++ b/testsuite/ircd.conf.3 @@ -0,0 +1,92 @@ +loadmodule "extensions/extb_account.so"; +loadmodule "extensions/extb_channel.so"; +loadmodule "extensions/extb_oper.so"; +loadmodule "extensions/extb_realname.so"; +loadmodule "extensions/extb_server.so"; +#loadmodule "extensions/ip_cloaking.so"; +loadmodule "extensions/sno_farconnect.so"; +loadmodule "extensions/sno_globalkline.so"; +#loadmodule "extensions/sno_globaloper.so"; + +serverinfo { + name = "testsuite3."; + sid = "3TT"; + description = "Testsuite"; + network_name = "Testsuite"; + network_desc = "Testing"; + hub = yes; + vhost = "127.0.0.1"; +}; + +admin { + name = "Here"; + description = "Charybdis testsuite server"; + email = "root@localhost"; +}; + +class "users" { + ping_time = 5 minutes; + number_per_ip = 100; + max_number = 200; + sendq = 100kb; +}; + +class "server" { + ping_time = 5 minutes; + connectfreq = 5 minutes; + max_number = 3; + sendq = 5 megabytes; +}; + +listen { host = "127.0.0.1"; port = 7603; }; + +auth { user = "*@127.0.0.0/8"; class = "users"; }; + +operator "oper" { + user = "*@127.0.0.0/8"; + password = "oper"; + flags = global_kill, remote, kline, unkline, nick_changes, + die, rehash, admin, xline, operwall, oper_spy, ~encrypted; +}; + +connect "testsuite1." { + host = "127.0.0.1"; + port = 7601; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +connect "testsuite2." { + host = "127.0.0.1"; + port = 7602; + send_password = "testsuite"; + accept_password = "testsuite"; + hub_mask = "*"; + class = "server"; + flags = topicburst; +}; + +shared { + oper = "*@*", "*"; + flags = all; +}; + +alias "NickServ" { + target = "NickServ"; +}; +alias "ChanServ" { + target = "ChanServ"; +}; +alias "OperServ" { + target = "OperServ"; +}; +alias "MemoServ" { + target = "MemoServ"; +}; + +service { + name = "services."; +}; diff --git a/testsuite/startall.sh b/testsuite/startall.sh new file mode 100755 index 0000000..6f00e8c --- /dev/null +++ b/testsuite/startall.sh @@ -0,0 +1,8 @@ +#!/bin/sh +testdir=`pwd` +prefix=`sed -n -e 's/^#define IRCD_PREFIX "\(.*\)"/\1/p' "$testdir/../include/setup.h"` +[ -d $prefix ] || { echo Unable to find installation prefix; exit 1; } + +$prefix/bin/ircd -configfile $testdir/ircd.conf.1 -pidfile $testdir/ircd.pid.1 +$prefix/bin/ircd -configfile $testdir/ircd.conf.2 -pidfile $testdir/ircd.pid.2 +$prefix/bin/ircd -configfile $testdir/ircd.conf.3 -pidfile $testdir/ircd.pid.3 From cc430906e09398916c9e7282c9613f711b6a95c1 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 9 Aug 2008 18:46:05 +0400 Subject: [PATCH 024/113] Updated TODO --- TODO | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TODO b/TODO index 8dd0cb9..14b9041 100644 --- a/TODO +++ b/TODO @@ -52,7 +52,7 @@ in .conf: helper { kill_global, rehash, kline_local } in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely -[?] test suite as in ircu +[x] test suite as in ircu [/] Bug fixes [x] Compilation without zlib headers fails - fixed [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage From 670f0c247e8c6a9fc28e93c4a0ee180a363b5e79 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 11 Aug 2008 23:20:24 +0400 Subject: [PATCH 025/113] sync with libratbox upstream - r25870 --- libratbox/ChangeLog | 45 ++++++++++++++++++++++ libratbox/src/balloc.c | 84 ++++++++++++++++++++++-------------------- 2 files changed, 90 insertions(+), 39 deletions(-) diff --git a/libratbox/ChangeLog b/libratbox/ChangeLog index a31a4e8..78a85b8 100644 --- a/libratbox/ChangeLog +++ b/libratbox/ChangeLog @@ -1,3 +1,48 @@ +androsyn 2008/08/06 19:51:44 UTC (25861) + Log: + put back in the pad to even pointer boundaries stuff + + Modified: + libratbox/trunk/src/balloc.c (File Modified) + + +androsyn 2008/08/06 19:30:25 UTC (25859) + Log: + fix the block heap free code + + Modified: + libratbox/trunk/src/balloc.c (File Modified) + + +androsyn 2008/08/06 19:14:38 UTC (25857) + Log: + Fix a bug where we would get SIGBUS crashes when trying to use a long long. + The problem was we were only aligning pointers to 4 bytes, which isn't good + enough for long long on sparc when using gcc 4.x. Apparently gcc 3.x was more + tolerant of this. This fixes it correctly. + + + + Modified: + libratbox/trunk/src/balloc.c (File Modified) + + +androsyn 2008/08/05 04:12:26 UTC (25853) + Log: + fix a buffer overrun in the nossl case + + Modified: + libratbox/trunk/src/nossl.c (File Modified) + + +androsyn 2008/08/04 22:04:38 UTC (25833) + Log: + make GET_SS_FAMILY use const and add a SET_SS_FAMILY macro. ircd fixes coming shortly + + Modified: + libratbox/trunk/include/ratbox_lib.h (File Modified) + + androsyn 2008/07/29 15:26:55 UTC (25795) Log: some sanity checks in the rb_open path diff --git a/libratbox/src/balloc.c b/libratbox/src/balloc.c index 19e9a25..0ba2608 100644 --- a/libratbox/src/balloc.c +++ b/libratbox/src/balloc.c @@ -28,7 +28,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * USA * - * $Id: balloc.c 25675 2008-07-06 04:13:05Z androsyn $ + * $Id: balloc.c 25861 2008-08-06 19:51:44Z androsyn $ */ /* @@ -69,6 +69,8 @@ #endif #endif +static uintptr_t offset_pad; + /* status information for an allocated block in heap */ struct rb_heap_block { @@ -79,17 +81,6 @@ struct rb_heap_block }; typedef struct rb_heap_block rb_heap_block; -struct rb_heap_memblock -{ - rb_heap_block *block; - union { - rb_dlink_node node; - char data[1]; /* stub pointer..this is ugly */ - } ndata; -}; - -typedef struct rb_heap_memblock rb_heap_memblock; - /* information for the root node of the heap */ struct rb_bh { @@ -155,6 +146,18 @@ void rb_init_bh(void) { heap_lists = rb_malloc(sizeof(rb_dlink_list)); + offset_pad = sizeof(void *); + /* XXX if you get SIGBUS when trying to use a long long..here is where you need to + * fix your shit + */ +#ifdef __sparc__ + if((offset_pad % __alignof__(long long)) != 0) + { + offset_pad += __alignof__(long long); + offset_pad &= ~(__alignof__(long long) - 1); + } +#endif + #ifndef NOBALLOC #ifdef WIN32 block_heap = HeapCreate(HEAP_NO_SERIALIZE, 0, 0); @@ -226,11 +229,11 @@ newblock(rb_bh * bh) rb_heap_block *b; unsigned long i; uintptr_t offset; - + rb_dlink_node *node; /* Setup the initial data structure. */ b = rb_malloc(sizeof(rb_heap_block)); - b->alloc_size = bh->elemsPerBlock * (bh->elemSize + sizeof(rb_heap_block *)); + b->alloc_size = bh->elemsPerBlock * bh->elemSize; b->elems = get_block(b->alloc_size); if(rb_unlikely(b->elems == NULL)) @@ -239,11 +242,11 @@ newblock(rb_bh * bh) } offset = (uintptr_t)b->elems; /* Setup our blocks now */ - for (i = 0; i < bh->elemsPerBlock; i++, offset += (bh->elemSize + sizeof(rb_heap_block *))) + for (i = 0; i < bh->elemsPerBlock; i++, offset += bh->elemSize) { - rb_heap_memblock *memblock = (rb_heap_memblock *)offset; - memblock->block = b; - rb_dlinkAdd(memblock, &memblock->ndata.node, &bh->free_list); + *((void **)offset) = b; + node = (void *)(offset + offset_pad); + rb_dlinkAdd((void *)offset, node, &bh->free_list); } rb_dlinkAdd(b, &b->node, &bh->block_list); b->free_count = bh->elemsPerBlock; @@ -272,26 +275,27 @@ rb_bh_create(size_t elemsize, int elemsperblock, const char *desc) rb_bh *bh; lrb_assert(elemsize > 0 && elemsperblock > 0); lrb_assert(elemsize >= sizeof(rb_dlink_node)); + /* Catch idiotic requests up front */ if((elemsize == 0) || (elemsperblock <= 0)) { rb_bh_fail("Attempting to rb_bh_create idiotic sizes"); } - + if(elemsize < sizeof(rb_dlink_node)) rb_bh_fail("Attempt to rb_bh_create smaller than sizeof(rb_dlink_node)"); /* Allocate our new rb_bh */ bh = rb_malloc(sizeof(rb_bh)); - #ifndef NOBALLOC + elemsize += offset_pad; if((elemsize % sizeof(void *)) != 0) { /* Pad to even pointer boundary */ elemsize += sizeof(void *); elemsize &= ~(sizeof(void *) - 1); } -#endif /* !NOBALLOC */ +#endif bh->elemSize = elemsize; bh->elemsPerBlock = elemsperblock; @@ -334,7 +338,8 @@ rb_bh_alloc(rb_bh * bh) { #ifndef NOBALLOC rb_dlink_node *new_node; - rb_heap_memblock *memblock; + rb_heap_block *block; + void *ptr; #endif lrb_assert(bh != NULL); if(rb_unlikely(bh == NULL)) @@ -363,11 +368,11 @@ rb_bh_alloc(rb_bh * bh) } new_node = bh->free_list.head; - memblock = new_node->data; + block = new_node->data; + ptr = new_node->data + offset_pad; rb_dlinkDelete(new_node, &bh->free_list); - memblock->block->free_count--; - memset((void *)memblock->ndata.data, 0, bh->elemSize); - return((void *)memblock->ndata.data); + memset(ptr, 0, bh->elemSize - offset_pad); + return(ptr); #endif } @@ -387,7 +392,8 @@ int rb_bh_free(rb_bh * bh, void *ptr) { #ifndef NOBALLOC - rb_heap_memblock *memblock; + rb_heap_block *block; + void *data; #endif lrb_assert(bh != NULL); lrb_assert(ptr != NULL); @@ -407,14 +413,15 @@ rb_bh_free(rb_bh * bh, void *ptr) #ifdef NOBALLOC rb_free(ptr); #else - memblock = (rb_heap_memblock *) ((uintptr_t)ptr - sizeof(rb_heap_block *)); + data = (void *)(ptr - offset_pad); + block = *(rb_heap_block **)data; /* XXX */ - if(rb_unlikely(!((uintptr_t)ptr >= (uintptr_t)memblock->block->elems && (uintptr_t)ptr < (uintptr_t)memblock->block->elems + (uintptr_t)memblock->block->alloc_size))) + if(rb_unlikely(!((uintptr_t)ptr >= (uintptr_t)block->elems && (uintptr_t)ptr < (uintptr_t)block->elems + (uintptr_t)block->alloc_size))) { rb_bh_fail("rb_bh_free() bogus pointer"); } - memblock->block->free_count++; - rb_dlinkAdd(memblock, &memblock->ndata.node, &bh->free_list); + block->free_count++; + rb_dlinkAdd(data, (rb_dlink_node *)ptr, &bh->free_list); #endif /* !NOBALLOC */ return (0); } @@ -468,7 +475,7 @@ rb_bh_usage(rb_bh * bh, size_t * bused, size_t * bfree, size_t * bmemusage, cons freem = rb_dlink_list_length(&bh->free_list); used = (rb_dlink_list_length(&bh->block_list) * bh->elemsPerBlock) - freem; - memusage = used * (bh->elemSize + sizeof(void *)); + memusage = used * bh->elemSize; if(bused != NULL) *bused = used; if(bfree != NULL) @@ -495,8 +502,8 @@ void rb_bh_usage_all(rb_bh_usage_cb *cb, void *data) bh = (rb_bh *)ptr->data; freem = rb_dlink_list_length(&bh->free_list); used = (rb_dlink_list_length(&bh->block_list) * bh->elemsPerBlock) - freem; - memusage = used * (bh->elemSize + sizeof(void *)); - heapalloc = (freem + used) * (bh->elemSize + sizeof(void *)); + memusage = used * bh->elemSize; + heapalloc = (freem + used) * bh->elemSize; if(bh->desc != NULL) desc = bh->desc; cb(used, freem, memusage, heapalloc, desc, data); @@ -516,8 +523,8 @@ rb_bh_total_usage(size_t *total_alloc, size_t *total_used) bh = (rb_bh *)ptr->data; freem = rb_dlink_list_length(&bh->free_list); used = (rb_dlink_list_length(&bh->block_list) * bh->elemsPerBlock) - freem; - used_memory += used * (bh->elemSize + sizeof(void *)); - total_memory += (freem + used) * (bh->elemSize + sizeof(void *)); + used_memory += used * bh->elemSize; + total_memory += (freem + used) * bh->elemSize; } if(total_alloc != NULL) @@ -558,10 +565,9 @@ rb_bh_gc(rb_bh * bh) /* i'm seriously going to hell for this.. */ offset = (uintptr_t)b->elems; - for (i = 0; i < bh->elemsPerBlock; i++, offset += ((uintptr_t)bh->elemSize + sizeof(rb_heap_memblock *))) + for (i = 0; i < bh->elemsPerBlock; i++, offset += (uintptr_t)bh->elemSize) { - rb_heap_memblock *memblock = (rb_heap_memblock *)offset; - rb_dlinkDelete(&memblock->ndata.node, &bh->free_list); + rb_dlinkDelete(((rb_dlink_node *)(offset + offset_pad)), &bh->free_list); } rb_dlinkDelete(&b->node, &bh->block_list); free_block(b->elems, b->alloc_size); From b61d17a68a45147234d78acae1e9b500bacf97b3 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Mon, 11 Aug 2008 23:29:22 +0400 Subject: [PATCH 026/113] Made README.FIRST much actual (most copied from ircd-ratbox) --- README.FIRST | 56 ++++++++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/README.FIRST b/README.FIRST index 6f58113..6c3d77a 100644 --- a/README.FIRST +++ b/README.FIRST @@ -8,7 +8,7 @@ If you don't read this first, we won't help you. * when configure is run. * * You now need to ./configure --prefix="/path/to/install/it" * * - The old config format WILL NOT WORK. Please see doc/example.conf ! * - * - The old kline format WILL NOT WORK. Please use convertklines which * + * - The old kline format WILL NOT WORK. Please use bantool which * * will be installed with your ircd! * ************************************************************************* @@ -18,6 +18,15 @@ If you don't read this first, we won't help you. ******************************* REQUIREMENTS ********************************** +New Features - A short introduction: +- charybdis-3.x now has several major changes over previous version that you + will notice right away. + o SSL Client support. + o Connection Throttling. + +- Please see NEWS for more detailed changes. + + Necessary Requirements: - A supported platform (look below) @@ -33,41 +42,27 @@ Necessary Requirements: Feature Specific Requirements: -- For the SSL Challenge controlled OPER feature and encrypted server links, +- For SSL Clients, SSL Challenge controlled OPER feature, and encrypted server links, a working OpenSSL library -- For encrypted oper and (optional) server passwords, a working DES and/or - MD5 library +- For encrypted oper and (optional) server passwords, a working DES, MD5, or SHA library. ******************************************************************************* -- To report bugs in ircd-ratbox, send the bug report to ircd-ratbox@lists.ratbox.org +- To report bugs in charybdis, visit us at irc.atheme.org #charybdis - Known bugs are listed in the BUGS file - See the INSTALL document for info on configuring and compiling - ircd-ratbox. + charybdis. - Please read doc/index.txt to get an overview of the current documentation. -- Old Hybrid 5/6 configuration files are no longer supported. All conf - files will have to be converted to the new format. A convertconf - utility is provided and installed into bin/. - -- If you are wondering why config.h is practically empty, its because many - things that were once in config.h are now specified in the 'general' - block of ircd.conf. Look at example.conf for more information about - these options. - - The files, /etc/services, /etc/protocols, and /etc/resolv.conf, MUST be readable by the user running the server in order for ircd to start. Errors from adns causing the ircd to refuse to start up are often related to permission problems on these files. -- There is a mailing list for ircd-ratbox. To subscribe to this list - visit http://lists.ratbox.org/cgi-bin/mailman/listinfo/ircd-ratbox - Note that this list also gets the commit emails from the CVS server. - - FREEBSD USERS: if you are compiling with ipv6 you may experience problems with ipv4 due to the way the socket code is written. To fix this you must: "sysctl net.inet6.ip6.v6only=0" @@ -77,26 +72,35 @@ Feature Specific Requirements: work fine, and any gcc or SunPro compiled on 32bit. - DARWIN AND MACOS X USERS: You must be using at least the December 2001 - Development Tools from Apple to build ircd-ratbox with shared modules. + Development Tools from Apple to build charybdis with shared modules. Before then you MUST disable shared modules, as we do not have the proper flags for cc(1) prior to that point to produce shared modules. -- SUPPORTED PLATFORMS: this code should compile without any warnings - on FreeBSD 3.x/4.x, RedHat 6.2, Debian Potato and Solaris 7/8 sparc. +- SUPPORTED PLATFORMS: this code should compile without any warnings on: + FreeBSD 6.x/7.x, + Gentoo & Gentoo Hardened ~x86/~amd64/~fbsd + Fedora 8/9 / CentOS 4/5 / Redhat Enterprise 5 + Debian Etch, + OpenSuSE 10/11, + OpenSolaris 2008.x? + Solaris 10 sparc. + Please let us know if you find otherwise. It probably does not compile on AIX, IRIX or libc5 Linux. - TESTED PLATFORMS: The code has been tested on the following platforms, and is known to run properly. - FreeBSD 3.x/4.x - Linux glibc + FreeBSD 6.x/7.x + Linux glibc-2.6, glibc-2.7 Solaris 2.6/7/8 OpenBSD 2.8 NetBSD 1.4 + Cygwin 1.3+ (static modules, no servlink) + OpenVMS/Alpha 7.2 (static modules, no servlink) -- Please read doc/whats-new.txt for information about what is in this release +- Please read NEWS for information about what is in this release - Other files recommended for reading: BUGS, INSTALL -------------------------------------------------------------------------------- -$Id: README.FIRST 1837 2006-08-22 14:05:58Z nenolod $ +$Id$ From 77cc3211c74e673fd1f3173e31f1fe19b01a0393 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Tue, 12 Aug 2008 18:09:30 +0400 Subject: [PATCH 027/113] Charybdis never had old kline/config format - removed notes about them --- README.FIRST | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.FIRST b/README.FIRST index 6c3d77a..923f3f5 100644 --- a/README.FIRST +++ b/README.FIRST @@ -7,8 +7,6 @@ If you don't read this first, we won't help you. * - Reading INSTALL is now a must, as the old DPATH is now specified * * when configure is run. * * You now need to ./configure --prefix="/path/to/install/it" * - * - The old config format WILL NOT WORK. Please see doc/example.conf ! * - * - The old kline format WILL NOT WORK. Please use bantool which * * will be installed with your ircd! * ************************************************************************* From 97a6160b45dfbe04ca4f046a5e4c2f37ff04136f Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 12 Aug 2008 22:34:37 +0200 Subject: [PATCH 028/113] Allow /list on a named +p channel. A full /list already included +p channels. --- modules/m_list.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/m_list.c b/modules/m_list.c index db397a2..ab05e40 100644 --- a/modules/m_list.c +++ b/modules/m_list.c @@ -324,7 +324,7 @@ static void safelist_channel_named(struct Client *source_p, const char *name) return; } - if (ShowChannel(source_p, chptr)) + if (!SecretChannel(chptr) || IsMember(source_p, chptr)) sendto_one(source_p, form_str(RPL_LIST), me.name, source_p->name, chptr->chname, rb_dlink_list_length(&chptr->members), chptr->topic == NULL ? "" : chptr->topic); From 74e0c6e66057cc13d0c008fc125384814eec43f8 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 12 Aug 2008 22:37:29 +0200 Subject: [PATCH 029/113] fix a crash in the rb_bh_gc code from libratbox svn r25871 (androsyn) --- libratbox/src/balloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libratbox/src/balloc.c b/libratbox/src/balloc.c index 0ba2608..7c06e30 100644 --- a/libratbox/src/balloc.c +++ b/libratbox/src/balloc.c @@ -567,7 +567,7 @@ rb_bh_gc(rb_bh * bh) offset = (uintptr_t)b->elems; for (i = 0; i < bh->elemsPerBlock; i++, offset += (uintptr_t)bh->elemSize) { - rb_dlinkDelete(((rb_dlink_node *)(offset + offset_pad)), &bh->free_list); + rb_dlinkDelete(((rb_dlink_node *)offset), &bh->free_list); } rb_dlinkDelete(&b->node, &bh->block_list); free_block(b->elems, b->alloc_size); From 3df643b14042e02154a307c54461908554f55b76 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 13 Aug 2008 21:04:27 +0400 Subject: [PATCH 030/113] Extension for +A (admin only) channel mode, currently belongs to type chm_staff as operonly, seen in various networks. --- extensions/Makefile.in | 1 + extensions/chm_adminonly.c | 52 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 extensions/chm_adminonly.c diff --git a/extensions/Makefile.in b/extensions/Makefile.in index ca7b808..13c58db 100644 --- a/extensions/Makefile.in +++ b/extensions/Makefile.in @@ -27,6 +27,7 @@ INCLUDES = -I. -I../include -I../libratbox/include $(SSL_INCLUDES) CPPFLAGS = ${INCLUDES} @CPPFLAGS@ SRCS = \ + chm_adminonly.c \ chm_operonly.c \ chm_operonly_compat.c \ chm_quietunreg_compat.c \ diff --git a/extensions/chm_adminonly.c b/extensions/chm_adminonly.c new file mode 100644 index 0000000..f018de2 --- /dev/null +++ b/extensions/chm_adminonly.c @@ -0,0 +1,52 @@ +#include "stdinc.h" +#include "modules.h" +#include "hook.h" +#include "client.h" +#include "ircd.h" +#include "send.h" +#include "s_conf.h" +#include "s_user.h" +#include "s_serv.h" +#include "numeric.h" +#include "chmode.h" + +static void h_can_join(hook_data_channel *); + +mapi_hfn_list_av1 adminonly_hfnlist[] = { + { "can_join", (hookfn) h_can_join }, + { NULL, NULL } +}; + +static int +_modinit(void) +{ + chmode_table['A'].mode_type = find_cflag_slot(); + chmode_table['A'].set_func = chm_staff; + + construct_noparam_modes(); + + return 0; +} + +static void +_moddeinit(void) +{ + chmode_table['A'].mode_type = 0; + + construct_noparam_modes(); +} + +DECLARE_MODULE_AV1(chm_adminonly, _modinit, _moddeinit, NULL, NULL, adminonly_hfnlist, "$Revision$"); + +static void +h_can_join(hook_data_channel *data) +{ + struct Client *source_p = data->client; + struct Channel *chptr = data->chptr; + + if((chptr->mode.mode & chmode_flags['A']) && !IsOperAdmin(source_p)) { + sendto_one_numeric(source_p, 519, "%s :Cannot join channel (+A) - you are not an IRC server administrator", chptr->chname); + data->approved = ERR_CUSTOM; + } +} + From 8932c8d84ed35d38eb433e950d86442063a9709e Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 13 Aug 2008 22:53:36 +0400 Subject: [PATCH 031/113] atheme-services -> charybdis for application.sh script --- scripts/application.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/application.sh b/scripts/application.sh index f3da0b7..203bb64 100755 --- a/scripts/application.sh +++ b/scripts/application.sh @@ -26,7 +26,7 @@ fi # Charybdis wants the hg tip to be in include/serno.h, in its own format. MYTIP=`hg parents --template '#date|shortdate#_#node|short#' 2>/dev/null | sed -e s/-//g -e s/_/-/` -echo "[atheme-services] Generating include/serno.h for tip $MYTIP." +echo "[charybdis] Generating include/serno.h for tip $MYTIP." cat << _EOF_ > include/serno.h /* Generated automatically by makepackage. Any changes made here will be lost. */ #define SERNO "$MYTIP" From 1080ffb01535fb441306b06907d64d0a10af3195 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 13 Aug 2008 22:57:09 +0400 Subject: [PATCH 032/113] Removed note that we support cygwin (no, we don't) --- README.FIRST | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.FIRST b/README.FIRST index 923f3f5..266bde3 100644 --- a/README.FIRST +++ b/README.FIRST @@ -93,8 +93,7 @@ Feature Specific Requirements: Solaris 2.6/7/8 OpenBSD 2.8 NetBSD 1.4 - Cygwin 1.3+ (static modules, no servlink) - OpenVMS/Alpha 7.2 (static modules, no servlink) + OpenVMS/Alpha 7.2 (static modules, no ssld) - Please read NEWS for information about what is in this release From 02be96f211f3342ae9e6f1da306ef3329f4e8c99 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Wed, 13 Aug 2008 23:17:43 +0400 Subject: [PATCH 033/113] Updated reference.conf --- doc/reference.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/reference.conf b/doc/reference.conf index 0b64947..f87d101 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -41,6 +41,9 @@ * Charybdis contains several extensions that are not enabled by default. * To use them, uncomment the lines below. * + * Channel mode +-A (admin only) -- chm_adminonly.so + * Channel mode +-O (oper only) -- chm_operonly.so + * Channel mode +-S (ssl only) -- chm_sslonly.so * Emulates channel mode +-O (oper only) (+-iI $o) -- chm_operonly_compat.so * Emulates channel mode +-R (quiet unreg) (+-q $~a) -- chm_quietunreg_compat.so * Emulates channel mode +-S (ssl only) (+-b $~z) -- chm_sslonly_compat.so @@ -63,6 +66,9 @@ * Remote oper up notices -- sno_globaloper.so * /whois notifications (snomask +W) -- sno_whois.so */ +#loadmodule "extensions/chm_adminonly.so"; +#loadmodule "extensions/chm_operonly.so"; +#loadmodule "extensions/chm_sslonly.so"; #loadmodule "extensions/chm_operonly_compat.so"; #loadmodule "extensions/chm_quietunreg_compat.so"; #loadmodule "extensions/chm_sslonly_compat.so"; From 6145bb602743d055e5e1d5725e9ea35b3f8d0c2b Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:23:56 +0400 Subject: [PATCH 034/113] no more servlink - removed 'servlink_path' from reference.conf and source files --- doc/reference.conf | 7 ------- include/client.h | 19 +++++++++---------- include/config.h | 1 - include/config.h.dist | 1 - src/newconf.c | 1 - src/s_conf.c | 7 ------- 6 files changed, 9 insertions(+), 27 deletions(-) diff --git a/doc/reference.conf b/doc/reference.conf index f87d101..02a9ef0 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -1106,13 +1106,6 @@ general { * provided they have umode +s set */ oper_snomask = "+s"; - /* servlink path: path to 'servlink' program used by ircd to handle - * encrypted/compressed server <-> server links. - * - * only define if servlink is not in same directory as ircd itself. - */ - #servlink_path = "/usr/local/ircd/bin/servlink"; - /* use egd: if your system does not have *random devices yet you * want to use OpenSSL and encrypted links, enable this. Beware - * EGD is *very* CPU intensive when gathering data for its pool diff --git a/include/client.h b/include/client.h index 7027dde..02b39f9 100644 --- a/include/client.h +++ b/include/client.h @@ -400,16 +400,15 @@ struct exit_client_hook #define FLAGS_FLOODDONE 0x0100 /* flood grace period over / reported */ #define FLAGS_NORMALEX 0x0400 /* Client exited normally */ #define FLAGS_SENDQEX 0x0800 /* Sendq exceeded */ -#define FLAGS_SERVLINK 0x10000 /* servlink has servlink process */ -#define FLAGS_MARK 0x20000 /* marked client */ -#define FLAGS_HIDDEN 0x40000 /* hidden server */ -#define FLAGS_EOB 0x80000 /* EOB */ -#define FLAGS_MYCONNECT 0x100000 /* MyConnect */ -#define FLAGS_IOERROR 0x200000 /* IO error */ -#define FLAGS_SERVICE 0x400000 /* network service */ -#define FLAGS_TGCHANGE 0x800000 /* we're allowed to clear something */ -#define FLAGS_DYNSPOOF 0x1000000 /* dynamic spoof, only opers see ip */ -#define FLAGS_EXUNKNOWN 0x2000000 /* too many unknowns exit.. */ +#define FLAGS_MARK 0x10000 /* marked client */ +#define FLAGS_HIDDEN 0x20000 /* hidden server */ +#define FLAGS_EOB 0x40000 /* EOB */ +#define FLAGS_MYCONNECT 0x80000 /* MyConnect */ +#define FLAGS_IOERROR 0x100000 /* IO error */ +#define FLAGS_SERVICE 0x200000 /* network service */ +#define FLAGS_TGCHANGE 0x400000 /* we're allowed to clear something */ +#define FLAGS_DYNSPOOF 0x800000 /* dynamic spoof, only opers see ip */ +#define FLAGS_EXUNKNOWN 0x1000000 /* too many unknowns exit.. */ /* flags for local clients, this needs stuff moved from above to here at some point */ #define LFLAGS_SSL 0x00000001 diff --git a/include/config.h b/include/config.h index daa8652..04fcfdb 100644 --- a/include/config.h +++ b/include/config.h @@ -61,7 +61,6 @@ /* files */ #define SPATH BINPATH "/ircd" /* ircd executable */ #define LIPATH LIBPATH "/libircd" SHARED_SUFFIX /* ircd library */ -#define SLPATH BINPATH "/servlink" /* servlink executable */ #define CPATH ETCPATH "/ircd.conf" /* ircd.conf file */ #define KPATH ETCPATH "/kline.conf" /* kline file */ #define DLPATH ETCPATH "/dline.conf" /* dline file */ diff --git a/include/config.h.dist b/include/config.h.dist index daa8652..04fcfdb 100644 --- a/include/config.h.dist +++ b/include/config.h.dist @@ -61,7 +61,6 @@ /* files */ #define SPATH BINPATH "/ircd" /* ircd executable */ #define LIPATH LIBPATH "/libircd" SHARED_SUFFIX /* ircd library */ -#define SLPATH BINPATH "/servlink" /* servlink executable */ #define CPATH ETCPATH "/ircd.conf" /* ircd.conf file */ #define KPATH ETCPATH "/kline.conf" /* kline file */ #define DLPATH ETCPATH "/dline.conf" /* dline file */ diff --git a/src/newconf.c b/src/newconf.c index ed2dd9d..6e66204 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -2035,7 +2035,6 @@ static struct ConfEntry conf_general_table[] = { "kline_reason", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.kline_reason }, { "identify_service", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifyservice }, { "identify_command", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifycommand }, - { "servlink_path", CF_QSTRING, NULL, MAXPATHLEN, &ConfigFileEntry.servlink_path }, { "anti_spam_exit_message_time", CF_TIME, NULL, 0, &ConfigFileEntry.anti_spam_exit_message_time }, { "disable_fake_channels", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_fake_channels }, diff --git a/src/s_conf.c b/src/s_conf.c index 71f1c56..9b98fd5 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -772,7 +772,6 @@ set_default_conf(void) ConfigFileEntry.hide_error_messages = 1; ConfigFileEntry.dots_in_ident = 0; ConfigFileEntry.max_targets = MAX_TARGETS_DEFAULT; - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); ConfigFileEntry.egdpool_path = NULL; ConfigFileEntry.use_whois_actually = YES; ConfigFileEntry.burst_away = NO; @@ -858,9 +857,6 @@ validate_conf(void) if(ConfigFileEntry.ts_max_delta < TS_MAX_DELTA_MIN) ConfigFileEntry.ts_max_delta = TS_MAX_DELTA_DEFAULT; - if(ConfigFileEntry.servlink_path == NULL) - ConfigFileEntry.servlink_path = rb_strdup(SLPATH); - if(ServerInfo.network_name == NULL) ServerInfo.network_name = rb_strdup(NETWORK_NAME_DEFAULT); @@ -1235,9 +1231,6 @@ clear_out_old_conf(void) */ /* clean out general */ - rb_free(ConfigFileEntry.servlink_path); - ConfigFileEntry.servlink_path = NULL; - RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head) { rb_free(ptr->data); From 5d2fe5036edadb7476799923fbaa59d99335d98f Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:24:28 +0400 Subject: [PATCH 035/113] comment to fix egd (not work currently) --- src/ircd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ircd.c b/src/ircd.c index 9089ae8..5eac695 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -67,6 +67,8 @@ #include "sslproc.h" #include "chmode.h" +/* XXX fix egd!!! */ + /* /quote set variables */ struct SetOptions GlobalSetOptions; From 2b454b76dcea9b870fe373a6d010aec70ac63b70 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:29:33 +0400 Subject: [PATCH 036/113] egd fixed --- src/ircd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ircd.c b/src/ircd.c index 5eac695..170ea9d 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -67,8 +67,6 @@ #include "sslproc.h" #include "chmode.h" -/* XXX fix egd!!! */ - /* /quote set variables */ struct SetOptions GlobalSetOptions; @@ -633,6 +631,12 @@ main(int argc, char *argv[]) rb_lib_init(ircd_log_cb, ircd_restart_cb, ircd_die_cb, !server_state_foreground, maxconnections, DNODE_HEAP_SIZE, FD_HEAP_SIZE); rb_linebuf_init(LINEBUF_HEAP_SIZE); + if(ConfigFileEntry.use_egd && (ConfigFileEntry.egdpool_path != NULL)) + { + rb_init_prng(ConfigFileEntry.egdpool_path, RB_PRNG_EGD); + } else + rb_init_prng(NULL, RB_PRNG_DEFAULT); + init_main_logfile(); newconf_init(); init_s_conf(); From 2a64312fdc512ec4e591d8cffa0c7dddb6fa13f1 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:30:28 +0400 Subject: [PATCH 037/113] seed random not even every 300 seconds, but on startup also --- src/ircd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ircd.c b/src/ircd.c index 170ea9d..19d7aae 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -637,6 +637,8 @@ main(int argc, char *argv[]) } else rb_init_prng(NULL, RB_PRNG_DEFAULT); + seed_random(NULL); + init_main_logfile(); newconf_init(); init_s_conf(); From 9b37ad07c382919c22345cec587788a86bac7ab6 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:38:13 +0400 Subject: [PATCH 038/113] ircd-ratbox -> charybdis --- configure.ac | 2 +- src/ircd.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index efd1e79..4efdbb7 100644 --- a/configure.ac +++ b/configure.ac @@ -315,7 +315,7 @@ fi AC_C_BIGENDIAN dnl Check for stdarg.h - if we can't find it, halt configure -AC_CHECK_HEADER(stdarg.h, , [AC_MSG_ERROR([** stdarg.h could not be found - ircd-ratbox will not compile without it **])]) +AC_CHECK_HEADER(stdarg.h, , [AC_MSG_ERROR([** stdarg.h could not be found - charybdis will not compile without it **])]) dnl Checks for the existence of strlcat, strlcpy, basename... dnl This more reliable test only works with gcc though. diff --git a/src/ircd.c b/src/ircd.c index 19d7aae..3036778 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -188,7 +188,7 @@ init_sys(void) if(maxconnections <= MAX_BUFFER) { fprintf(stderr, "ERROR: Shell FD limits are too low.\n"); - fprintf(stderr, "ERROR: ircd-ratbox reserves %d FDs, shell limits must be above this\n", MAX_BUFFER); + fprintf(stderr, "ERROR: charybdis reserves %d FDs, shell limits must be above this\n", MAX_BUFFER); exit(EXIT_FAILURE); } return; From 77c9f49528ccb7ab669e880588b377d942dd2b88 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:45:09 +0400 Subject: [PATCH 039/113] removed cygwin check from configure.ac --- configure.ac | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 4efdbb7..d5c6a2f 100644 --- a/configure.ac +++ b/configure.ac @@ -81,7 +81,7 @@ esac fi -AC_MSG_CHECKING([uname -s for Cygwin, Solaris, AIX or HPUX]) +AC_MSG_CHECKING([uname -s for Solaris, AIX or HPUX]) OSNAME=`uname -s` case "$OSNAME" in HP-UX*) @@ -96,10 +96,6 @@ case "$OSNAME" in AC_MSG_RESULT(already using newer HPUX) fi ;; - CYGWIN*) - AC_MSG_RESULT(Cygwin) - CYGWIN=yes - ;; SunOS*) AC_MSG_RESULT(SunOS or Solaris) AC_DEFINE(__EXTENSIONS__, 1, [This is needed to use strtok_r on Solaris.]) From 5f5fc333fb401718b27d2d22543df9a4ede7859c Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:50:22 +0400 Subject: [PATCH 040/113] forgot to remove check for cygwin from configure.ac --- configure.ac | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configure.ac b/configure.ac index d5c6a2f..910dc99 100644 --- a/configure.ac +++ b/configure.ac @@ -889,12 +889,6 @@ AC_DEFINE_UNQUOTED(NICKLEN, (${NICKLEN}+1), [Nickname length]) shared_modules="yes" dnl Some first-stage sanity checks. if test "$shared_modules" = yes; then - - if test "$CYGWIN" = yes; then - AC_MSG_WARN([disabling shared modules; Cygwin is at present unable to build them.]) - shared_modules="no" - fi - dnl TenDRA's cc is called tcc too. if test "$CC" = tcc -a "$TenDRA" = "no"; then AC_MSG_WARN([disabling shared modules: Tiny C Compiler can't create PIC]) From 2b97b8ed5292ff36a246e13bdeb53333cf7e3c1e Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 22:52:31 +0400 Subject: [PATCH 041/113] put cygwin/mingw/native win32 (+shared modules) support in TODO (need discussion), currently ratbox3 could be compiled under cygwin/mingw --- TODO | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/TODO b/TODO index 14b9041..93169f9 100644 --- a/TODO +++ b/TODO @@ -53,6 +53,10 @@ in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done [x] Remove glines entirely [x] test suite as in ircu +[?] win32 + [?] cygwin support + [?] mingw support + [?] native win32 (VS2005/VS2008) [/] Bug fixes [x] Compilation without zlib headers fails - fixed [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage From 200e53e8f2b4d9e585d142e7bb14dac47308a2cc Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 23:24:28 +0400 Subject: [PATCH 042/113] added improvement in TODO related to support compilation without parser/lexer generators present in OS --- TODO | 2 ++ 1 file changed, 2 insertions(+) diff --git a/TODO b/TODO index 93169f9..d31508a 100644 --- a/TODO +++ b/TODO @@ -60,6 +60,8 @@ [/] Bug fixes [x] Compilation without zlib headers fails - fixed [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage +[ ] Improvments + [ ] ircd shouldn't need bison/byacc/yacc or flex for compilation --- other stuff [ ] allow to set up configfiles path (etc/) instead of separated configfiles names (kline.conf, ircd.conf etc) like it is in ratbox3? [?] internally split out +o/+v "ranks" into a series of permissions. this could allow for configure-defined From 767fdd62fec307e1bc358dea59dbed1376df5e12 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sat, 16 Aug 2008 23:34:32 +0400 Subject: [PATCH 043/113] fixed chm_adminonly extension - IsOperAdmin replaced with IsAdmin.. hm.. but possibly we need to allow hidden opers/admins to enter protected channels? --- extensions/chm_adminonly.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/chm_adminonly.c b/extensions/chm_adminonly.c index f018de2..9380c3d 100644 --- a/extensions/chm_adminonly.c +++ b/extensions/chm_adminonly.c @@ -44,7 +44,7 @@ h_can_join(hook_data_channel *data) struct Client *source_p = data->client; struct Channel *chptr = data->chptr; - if((chptr->mode.mode & chmode_flags['A']) && !IsOperAdmin(source_p)) { + if((chptr->mode.mode & chmode_flags['A']) && !IsAdmin(source_p)) { sendto_one_numeric(source_p, 519, "%s :Cannot join channel (+A) - you are not an IRC server administrator", chptr->chname); data->approved = ERR_CUSTOM; } From 40b8b28e1bfb520db8329794beb6a12974db3e9a Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sun, 17 Aug 2008 09:27:15 +0400 Subject: [PATCH 044/113] run autoreconf --- configure | 105 ++++++++++++++++++++++++++++++++++--------- libratbox/aclocal.m4 | 2 +- 2 files changed, 85 insertions(+), 22 deletions(-) diff --git a/configure b/configure index 26e094a..0b455ab 100755 --- a/configure +++ b/configure @@ -2802,8 +2802,8 @@ esac fi -{ echo "$as_me:$LINENO: checking uname -s for Cygwin, Solaris, AIX or HPUX" >&5 -echo $ECHO_N "checking uname -s for Cygwin, Solaris, AIX or HPUX... $ECHO_C" >&6; } +{ echo "$as_me:$LINENO: checking uname -s for Solaris, AIX or HPUX" >&5 +echo $ECHO_N "checking uname -s for Solaris, AIX or HPUX... $ECHO_C" >&6; } OSNAME=`uname -s` case "$OSNAME" in HP-UX*) @@ -2818,11 +2818,6 @@ echo "${ECHO_T}assuming old HPUX with its own cc" >&6; } echo "${ECHO_T}already using newer HPUX" >&6; } fi ;; - CYGWIN*) - { echo "$as_me:$LINENO: result: Cygwin" >&5 -echo "${ECHO_T}Cygwin" >&6; } - CYGWIN=yes - ;; SunOS*) { echo "$as_me:$LINENO: result: SunOS or Solaris" >&5 echo "${ECHO_T}SunOS or Solaris" >&6; } @@ -7613,8 +7608,8 @@ fi if test $ac_cv_header_stdarg_h = yes; then : else - { { echo "$as_me:$LINENO: error: ** stdarg.h could not be found - ircd-ratbox will not compile without it **" >&5 -echo "$as_me: error: ** stdarg.h could not be found - ircd-ratbox will not compile without it **" >&2;} + { { echo "$as_me:$LINENO: error: ** stdarg.h could not be found - charybdis will not compile without it **" >&5 +echo "$as_me: error: ** stdarg.h could not be found - charybdis will not compile without it **" >&2;} { (exit 1); exit 1; }; } fi @@ -10833,13 +10828,6 @@ _ACEOF shared_modules="yes" if test "$shared_modules" = yes; then - - if test "$CYGWIN" = yes; then - { echo "$as_me:$LINENO: WARNING: disabling shared modules; Cygwin is at present unable to build them." >&5 -echo "$as_me: WARNING: disabling shared modules; Cygwin is at present unable to build them." >&2;} - shared_modules="no" - fi - if test "$CC" = tcc -a "$TenDRA" = "no"; then { echo "$as_me:$LINENO: WARNING: disabling shared modules: Tiny C Compiler can't create PIC" >&5 echo "$as_me: WARNING: disabling shared modules: Tiny C Compiler can't create PIC" >&2;} @@ -12079,7 +12067,7 @@ echo "${ECHO_T}no" >&6; } echo $ECHO_N "checking GCC flag(s) -Wwrite-strings... $ECHO_C" >&6; } if test "${GCC-no}" = yes then - if test "${charybdis_cv_c_gcc_w_float_equal+set}" = set; then + if test "${charybdis_cv_c_gcc_w_write_strings+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else @@ -12123,24 +12111,99 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then - charybdis_cv_c_gcc_w_float_equal=yes + charybdis_cv_c_gcc_w_write_strings=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - charybdis_cv_c_gcc_w_float_equal=no + charybdis_cv_c_gcc_w_write_strings=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="${oldcflags}" fi - if test "x$charybdis_cv_c_gcc_w_float_equal" = xyes; then + if test "x$charybdis_cv_c_gcc_w_write_strings" = xyes; then CWARNS="${CWARNS}-Wwrite-strings " { echo "$as_me:$LINENO: result: ok" >&5 echo "${ECHO_T}ok" >&6; } else - charybdis_cv_c_gcc_w_float_equal='' + charybdis_cv_c_gcc_w_write_strings='' + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + fi + else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + fi + + + { echo "$as_me:$LINENO: checking GCC flag(s) -Werror-implicit-function-declaration" >&5 +echo $ECHO_N "checking GCC flag(s) -Werror-implicit-function-declaration... $ECHO_C" >&6; } + if test "${GCC-no}" = yes + then + if test "${charybdis_cv_c_gcc_w_error_implicit_function_declaration+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + + oldcflags="${CFLAGS-}" + CFLAGS="${CFLAGS-} ${CWARNS} -Werror-implicit-function-declaration -Werror" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#include +#include +int main(void); + +int +main () +{ + + (void)strcmp("a","b"); fprintf(stdout,"test ok\n"); + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + charybdis_cv_c_gcc_w_error_implicit_function_declaration=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + charybdis_cv_c_gcc_w_error_implicit_function_declaration=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS="${oldcflags}" +fi + + if test "x$charybdis_cv_c_gcc_w_error_implicit_function_declaration" = xyes; then + CWARNS="${CWARNS}-Werror-implicit-function-declaration " + { echo "$as_me:$LINENO: result: ok" >&5 +echo "${ECHO_T}ok" >&6; } + else + charybdis_cv_c_gcc_w_error_implicit_function_declaration='' { echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6; } fi diff --git a/libratbox/aclocal.m4 b/libratbox/aclocal.m4 index cce9fea..083883e 100644 --- a/libratbox/aclocal.m4 +++ b/libratbox/aclocal.m4 @@ -21,7 +21,7 @@ To do so, use the procedure documented by the package, typically `autoreconf'.]) # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- -# serial 52 Debian 1.5.26-1ubuntu1 AC_PROG_LIBTOOL +# serial 52 Debian 1.5.26-4 AC_PROG_LIBTOOL # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED) From 2d9a60fe7e5cbad190d41214b2d4280b34f99cd0 Mon Sep 17 00:00:00 2001 From: Valery V Yatsko Date: Sun, 17 Aug 2008 09:33:05 +0400 Subject: [PATCH 045/113] fixed warnings on src/ircd.c compilation --- src/ircd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ircd.c b/src/ircd.c index 3036778..1f89227 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -453,7 +453,7 @@ ircd_log_cb(const char *str) static void ircd_restart_cb(const char *str) { - inotice(L_MAIN, "libratbox has called the restart callback: %s", str); + inotice("libratbox has called the restart callback: %s", str); restart(str); } @@ -474,7 +474,7 @@ ircd_die_cb(const char *str) inotice("libratbox has called the die callback..aborting: %s", str); } else - inotice(L_MAIN, "libratbox has called the die callback..aborting"); + inotice("libratbox has called the die callback..aborting"); unlink(pidFileName); exit(EXIT_FAILURE); From 9291987bba2e61795ad1603541641caae0591676 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 06:27:59 -0500 Subject: [PATCH 046/113] Add basic PrivilegeSet API. --- include/privilege.h | 47 +++++++++++++++++++++++ src/Makefile.in | 1 + src/privilege.c | 93 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 include/privilege.h create mode 100644 src/privilege.c diff --git a/include/privilege.h b/include/privilege.h new file mode 100644 index 0000000..b033839 --- /dev/null +++ b/include/privilege.h @@ -0,0 +1,47 @@ +/* + * charybdis: an advanced ircd. + * privilege.h: Dynamic privileges API. + * + * Copyright (c) 2008 William Pitcock + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice is present in all copies. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __CHARYBDIS_PRIVILEGE_H +#define __CHARYBDIS_PRIVILEGE_H + +#include "stdinc.h" + +typedef enum { + PRIV_NEEDOPER = 1 +} PrivilegeFlags; + +struct PrivilegeSet { + int refs; + char *name; + char *privs; + PrivilegeFlags flags; + rb_dlink_node node; +}; + +int privilegeset_in_set(struct PrivilegeSet *set, const char *priv); +struct PrivilegeSet *privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags); +struct PrivilegeSet *privilegeset_get(const char *name); +void privilegeset_ref(struct PrivilegeSet *set); +void privilegeset_unref(struct PrivilegeSet *set); + +#endif diff --git a/src/Makefile.in b/src/Makefile.in index 5322b5a..be06853 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -78,6 +78,7 @@ SRCS = \ numeric.c \ packet.c \ parse.c \ + privilege.c \ res.c \ reslib.c \ reject.c \ diff --git a/src/privilege.c b/src/privilege.c new file mode 100644 index 0000000..91cc39d --- /dev/null +++ b/src/privilege.c @@ -0,0 +1,93 @@ +/* + * charybdis: an advanced ircd. + * privilege.c: Dynamic privileges API. + * + * Copyright (c) 2008 William Pitcock + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice is present in all copies. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include "privilege.h" + +static rb_dlink_list privilegeset_list = {}; + +int +privilegeset_in_set(struct PrivilegeSet *set, const char *priv) +{ + s_assert(set != NULL); + s_assert(priv != NULL); + + return strstr(set->privs, priv) != NULL; +} + +struct PrivilegeSet * +privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags) +{ + struct PrivilegeSet *set; + + set = rb_malloc(sizeof(struct PrivilegeSet)); + set->refs = 1; + set->name = rb_strdup(name); + set->privs = rb_strdup(privs); + set->flags = flags; + + rb_dlinkAdd(set, &set->node, &privilegeset_list); + + return set; +} + +struct PrivilegeSet * +privilegeset_get(const char *name) +{ + rb_dlink_node *iter; + + s_assert(name != NULL); + + RB_DLINK_FOREACH(iter, privilegeset_list.head) + { + struct PrivilegeSet *set = (struct PrivilegeSet *) iter->data; + + if (!strcasecmp(set->name, name)) + return set; + } + + return NULL; +} + +void +privilegeset_ref(struct PrivilegeSet *set) +{ + s_assert(set != NULL); + + set->refs++; +} + +void +privilegeset_unref(struct PrivilegeSet *set) +{ + s_assert(set != NULL); + + if (--set->refs == 0) + { + rb_dlinkDelete(&set->node, &privilegeset_list); + + rb_free(set->name); + rb_free(set->privs); + rb_free(set); + } +} From 0e52880760189a58d23f57918208843af2c9ce49 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 06:35:49 -0500 Subject: [PATCH 047/113] Add privilegeset_extend(). --- include/privilege.h | 1 + src/privilege.c | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/include/privilege.h b/include/privilege.h index b033839..4eb7564 100644 --- a/include/privilege.h +++ b/include/privilege.h @@ -40,6 +40,7 @@ struct PrivilegeSet { int privilegeset_in_set(struct PrivilegeSet *set, const char *priv); struct PrivilegeSet *privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags); +struct PrivilegeSet *privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *privs, PrivilegeFlags flags); struct PrivilegeSet *privilegeset_get(const char *name); void privilegeset_ref(struct PrivilegeSet *set); void privilegeset_unref(struct PrivilegeSet *set); diff --git a/src/privilege.c b/src/privilege.c index 91cc39d..c2ce6e2 100644 --- a/src/privilege.c +++ b/src/privilege.c @@ -40,6 +40,8 @@ privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags) { struct PrivilegeSet *set; + s_assert(privilegeset_get(name) == NULL); + set = rb_malloc(sizeof(struct PrivilegeSet)); set->refs = 1; set->name = rb_strdup(name); @@ -51,6 +53,28 @@ privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags) return set; } +struct PrivilegeSet * +privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *privs, PrivilegeFlags flags) +{ + struct PrivilegeSet *set; + + s_assert(parent != NULL); + s_assert(name != NULL); + s_assert(privs != NULL); + s_assert(privilegeset_get(name) == NULL); + + set = rb_malloc(sizeof(struct PrivilegeSet)); + set->refs = 1; + set->name = rb_strdup(name); + set->flags = flags; + set->privs = rb_malloc(strlen(parent->privs) + 1 + strlen(privs) + 1); + strcpy(parent->privs, set->privs); + strcat(set->privs, " "); + strcat(set->privs, privs); + + return set; +} + struct PrivilegeSet * privilegeset_get(const char *name) { From de0e9f373b0dc06ea1d8403d6cec72eab1634b64 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:10:23 -0500 Subject: [PATCH 048/113] Add config magic for privset{} parsing. --- src/newconf.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/src/newconf.c b/src/newconf.c index 6e66204..651361a 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -28,6 +28,7 @@ #include "snomask.h" #include "blacklist.h" #include "sslproc.h" +#include "privilege.h" #define CF_TYPE(x) ((x) & CF_MTYPE) @@ -53,6 +54,7 @@ static struct alias_entry *yy_alias = NULL; static char *yy_blacklist_host = NULL; static char *yy_blacklist_reason = NULL; +static char *yy_privset_extends = NULL; static const char * conf_strtype(int type) @@ -448,6 +450,64 @@ set_modes_from_table(int *modes, const char *whatis, struct mode_table *tab, con } } +static void +conf_set_privset_extends(void *data) +{ + yy_privset_extends = rb_strdup((char *) data); +} + +static void +conf_set_privset_privs(void *data) +{ + char *privs = NULL; + conf_parm_t *args = data; + + for (; args; args = args->next) + { + if (privs == NULL) + privs = rb_strdup(args->v.string); + else + { + char *privs_old = privs; + + privs = rb_malloc(strlen(privs_old) + 1 + strlen(args->v.string) + 1); + strcpy(privs_old, privs); + strcat(privs, " "); + strcat(privs, args->v.string); + + rb_free(privs_old); + } + } + + if (privs) + { + if (yy_privset_extends) + { + struct PrivilegeSet *set = privilegeset_get(yy_privset_extends); + + if (!set) + { + conf_report_error("Warning -- unknown parent privilege set %s for %s; ignored.", yy_privset_extends, conf_cur_block_name); + + rb_free(yy_privset_extends); + rb_free(privs); + + yy_privset_extends = NULL; + return; + } + + privilegeset_extend(set, conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); + + rb_free(yy_privset_extends); + yy_privset_extends = NULL; + } + else + privilegeset_set_new(conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); + + rb_free(privs); + } +} + static int conf_begin_oper(struct TopConf *tc) { @@ -1973,6 +2033,13 @@ static struct ConfEntry conf_operator_table[] = { "\0", 0, NULL, 0, NULL } }; +static struct ConfEntry conf_privset_table[] = +{ + { "extends", CF_QSTRING, conf_set_privset_extends, 0, NULL }, + { "privs", CF_STRING | CF_FLIST, conf_set_privset_privs, 0, NULL }, + { "\0", 0, NULL, 0, NULL } +}; + static struct ConfEntry conf_class_table[] = { { "ping_time", CF_TIME, conf_set_class_ping_time, 0, NULL }, @@ -2134,6 +2201,7 @@ newconf_init() add_top_conf("log", NULL, NULL, conf_log_table); add_top_conf("operator", conf_begin_oper, conf_end_oper, conf_operator_table); add_top_conf("class", conf_begin_class, conf_end_class, conf_class_table); + add_top_conf("privset", NULL, NULL, conf_privset_table); add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL); add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port); From 48de3c18524f2345ccb5dad878c0cfa9cca08348 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:17:25 -0500 Subject: [PATCH 049/113] Add some privsets for opers here. --- doc/example.conf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/doc/example.conf b/doc/example.conf index 48df57c..3b92a77 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -185,6 +185,22 @@ auth { class = "users"; }; +/* privsets... XXX document me later */ +privset "local_op" { + privs = oper:local_kill, oper:operwall; +}; + +privset "global_op" { + extends = "local_op"; + privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, + oper:resv, oper:mass_notice, oper:remote_ban; +}; + +privset "admin" { + extends = "global_op"; + privs = oper:admin, oper:die, oper:rehash, oper:adminwall, oper:spy; +}; + operator "god" { /* name: the name of the oper must go above */ @@ -253,6 +269,9 @@ operator "god" { */ flags = global_kill, remote, kline, unkline, die, rehash, admin, xline, operwall; + + /* privset: replaces flags */ + privset = "admin"; }; connect "irc.uplink.com" { From 120b37f94fc994053c7d69e3ccdd7f3aae6550d1 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:32:30 -0500 Subject: [PATCH 050/113] oper_conf structure: add privset association. --- include/s_newconf.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/s_newconf.h b/include/s_newconf.h index 402887e..ef2887f 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -36,6 +36,7 @@ #define INCLUDED_s_newconf_h #include "setup.h" +#include "privilege.h" #ifdef HAVE_LIBCRYPTO #include @@ -120,6 +121,8 @@ struct oper_conf unsigned int snomask; + struct PrivilegeSet *privset; + #ifdef HAVE_LIBCRYPTO char *rsa_pubkey_file; RSA *rsa_pubkey; From b8be4a3f4cc6f82d13e62079813fef37eed24683 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:40:27 -0500 Subject: [PATCH 051/113] Initial work on getting privsets working. --- src/newconf.c | 8 ++++++++ src/s_newconf.c | 49 ------------------------------------------------- src/s_user.c | 3 ++- 3 files changed, 10 insertions(+), 50 deletions(-) diff --git a/src/newconf.c b/src/newconf.c index 651361a..e6a1d56 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -581,6 +581,7 @@ conf_end_oper(struct TopConf *tc) yy_tmpoper->flags = yy_oper->flags; yy_tmpoper->umodes = yy_oper->umodes; yy_tmpoper->snomask = yy_oper->snomask; + yy_tmpoper->privset = yy_oper->privset; #ifdef HAVE_LIBCRYPTO if(yy_oper->rsa_pubkey_file) @@ -629,6 +630,12 @@ conf_set_oper_flags(void *data) set_modes_from_table(&yy_oper->flags, "flag", oper_table, args); } +static void +conf_set_oper_privset(void *data) +{ + yy_oper->privset = privilegeset_get((char *) data); +} + static void conf_set_oper_user(void *data) { @@ -2027,6 +2034,7 @@ static struct ConfEntry conf_operator_table[] = { "rsa_public_key_file", CF_QSTRING, conf_set_oper_rsa_public_key_file, 0, NULL }, { "flags", CF_STRING | CF_FLIST, conf_set_oper_flags, 0, NULL }, { "umodes", CF_STRING | CF_FLIST, conf_set_oper_umodes, 0, NULL }, + { "privset", CF_QSTRING, conf_set_oper_privset, 0, NULL }, { "snomask", CF_QSTRING, conf_set_oper_snomask, 0, NULL }, { "user", CF_QSTRING, conf_set_oper_user, 0, NULL }, { "password", CF_QSTRING, conf_set_oper_password, 0, NULL }, diff --git a/src/s_newconf.c b/src/s_newconf.c index af81101..93f5896 100644 --- a/src/s_newconf.c +++ b/src/s_newconf.c @@ -318,55 +318,6 @@ find_oper_conf(const char *username, const char *host, const char *locip, const return NULL; } -struct oper_flags -{ - int flag; - const char *name; -}; -static struct oper_flags oper_flagtable[] = -{ - { OPER_KLINE, "kline" }, - { OPER_XLINE, "xline" }, - { OPER_RESV, "resv" }, - { OPER_GLOBKILL, "global_kill" }, - { OPER_LOCKILL, "local_kill" }, - { OPER_REMOTE, "remote" }, - { OPER_UNKLINE, "unkline" }, - { OPER_REHASH, "rehash" }, - { OPER_DIE, "die" }, - { OPER_ADMIN, "admin" }, - { OPER_HADMIN, "hidden_admin" }, - { OPER_NICKS, "nick_changes" }, - { OPER_OPERWALL, "operwall" }, - { OPER_SPY, "spy" }, - { OPER_INVIS, "hidden_oper" }, - { OPER_REMOTEBAN, "remoteban" }, - { OPER_MASSNOTICE, "mass_notice" }, - { 0, NULL } -}; - -const char * -get_oper_privs(int flags) -{ - static char buf[BUFSIZE]; - char *p; - int i; - - p = buf; - *p = '\0'; - - for(i = 0; oper_flagtable[i].flag; i++) - if (flags & oper_flagtable[i].flag) - { - if(*buf != '\0') - rb_strlcat(buf, ", ", sizeof(buf)); - - rb_strlcat(buf, oper_flagtable[i].name, sizeof(buf)); - } - - return buf; -} - struct server_conf * make_server_conf(void) { diff --git a/src/s_user.c b/src/s_user.c index 57f3432..fa6ce1b 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -1276,7 +1276,8 @@ oper_up(struct Client *source_p, struct oper_conf *oper_p) sendto_one_numeric(source_p, RPL_SNOMASK, form_str(RPL_SNOMASK), construct_snobuf(source_p->snomask)); sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, source_p->name); - sendto_one_notice(source_p, ":*** Oper privs are %s", get_oper_privs(oper_p->flags)); + sendto_one_notice(source_p, ":*** Oper privilege set is %s", oper_p->privset->name); + sendto_one_notice(source_p, ":*** Oper privs are %s", oper_p->privset->privs); send_oper_motd(source_p); return (1); From 7ce46e04475e29298f180f69e22cc6fa766b1001 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:41:52 -0500 Subject: [PATCH 052/113] Allow : to be in 'string' values. --- src/ircd_lexer.l | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ircd_lexer.l b/src/ircd_lexer.l index 4770c3e..e7df1da 100644 --- a/src/ircd_lexer.l +++ b/src/ircd_lexer.l @@ -91,7 +91,7 @@ ws [ \t]* digit [0-9] comment #.* qstring \"[^\"\n]*[\"\n] -string [a-zA-Z_\~][a-zA-Z0-9_]* +string [a-zA-Z_\~\:][a-zA-Z0-9_\:]* include \.include{ws}(\<.*\>|\".*\") %% From 76eca655f921edde2fb8d11bbcb1aafa9b72cbc9 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:44:46 -0500 Subject: [PATCH 053/113] Make sure extended privilege sets are added to the registry. --- src/privilege.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/privilege.c b/src/privilege.c index c2ce6e2..aa6febe 100644 --- a/src/privilege.c +++ b/src/privilege.c @@ -72,6 +72,8 @@ privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *p strcat(set->privs, " "); strcat(set->privs, privs); + rb_dlinkAdd(set, &set->node, &privilegeset_list); + return set; } From 39352a39f2b2f538859402f72ae5cef09f23d5fa Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:46:18 -0500 Subject: [PATCH 054/113] fix another stupid bug, gah --- src/newconf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/newconf.c b/src/newconf.c index e6a1d56..40515e1 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -471,7 +471,7 @@ conf_set_privset_privs(void *data) char *privs_old = privs; privs = rb_malloc(strlen(privs_old) + 1 + strlen(args->v.string) + 1); - strcpy(privs_old, privs); + strcpy(privs, privs_old); strcat(privs, " "); strcat(privs, args->v.string); From c73d9995762cb5cbe6a4ee6110ca889f138c2662 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sun, 17 Aug 2008 14:46:29 +0200 Subject: [PATCH 055/113] Remove another servlink remnant. --- include/s_conf.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/s_conf.h b/include/s_conf.h index 5e6834f..b556ff0 100644 --- a/include/s_conf.h +++ b/include/s_conf.h @@ -134,7 +134,6 @@ struct config_file_entry const char *xlinefile; const char *resvfile; - char *servlink_path; char *egdpool_path; char *default_operstring; From f6189c43ab97f26375d238984a2fd501326a9f2a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:47:06 -0500 Subject: [PATCH 056/113] same bug --- src/privilege.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/privilege.c b/src/privilege.c index aa6febe..40bdbcd 100644 --- a/src/privilege.c +++ b/src/privilege.c @@ -68,7 +68,7 @@ privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *p set->name = rb_strdup(name); set->flags = flags; set->privs = rb_malloc(strlen(parent->privs) + 1 + strlen(privs) + 1); - strcpy(parent->privs, set->privs); + strcpy(set->privs, parent->privs); strcat(set->privs, " "); strcat(set->privs, privs); From d2e6d8d715189a45441774365458fff1991648cf Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sun, 17 Aug 2008 14:49:01 +0200 Subject: [PATCH 057/113] Add 328 numeric (ChanServ channel URL) to the header files. --- include/numeric.h | 2 ++ src/messages.tab | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/numeric.h b/include/numeric.h index af9435d..b80c200 100644 --- a/include/numeric.h +++ b/include/numeric.h @@ -154,6 +154,8 @@ extern const char *form_str(int); #define RPL_LISTEND 323 #define RPL_CHANNELMODEIS 324 +#define RPL_CHANNELURL 328 /* to be sent by services */ + #define RPL_CREATIONTIME 329 #define RPL_WHOISLOGGEDIN 330 diff --git a/src/messages.tab b/src/messages.tab index 2166b64..2424e0f 100644 --- a/src/messages.tab +++ b/src/messages.tab @@ -349,7 +349,7 @@ static const char * replies[] = { /* 325 */ NULL, /* 326 */ NULL, /* 327 */ NULL, -/* 328 */ NULL, +/* 328 RPL_CHANNELURL */ NULL, /* 329 RPL_CREATIONTIME, */ ":%s 329 %s %s %lu", /* 330 RPL_WHOISLOGGEDIN */ ":%s 330 %s %s %s :is logged in as", /* 331 RPL_NOTOPIC, */ ":%s 331 %s %s :No topic is set.", From 3ddb54d9054fc67d207d3d0d607e1464522665fd Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 07:53:29 -0500 Subject: [PATCH 058/113] update oper line --- src/messages.tab | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/messages.tab b/src/messages.tab index 2166b64..a55c459 100644 --- a/src/messages.tab +++ b/src/messages.tab @@ -402,7 +402,7 @@ static const char * replies[] = { /* 378 RPL_WHOISHOST, */ "%s :is connecting from *@%s %s", /* 379 */ NULL, /* 380 */ NULL, -/* 381 RPL_YOUREOPER, */ ":%s 381 %s :Congratulations! You are now an mIRC warrior.", +/* 381 RPL_YOUREOPER, */ ":%s 381 %s :I can't work under these conditions anymore! The charybdis developers' jokes are just too lame!!! I quit! Really!", /* 382 RPL_REHASHING, */ ":%s 382 %s %s :Rehashing", /* 383 */ NULL, /* 384 RPL_MYPORTIS, */ NULL, From 001f5f6731c115719fff5ffe27931596a2679d69 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:06:28 -0500 Subject: [PATCH 059/113] ircd initialization: add a "default" privset with no privs. --- src/ircd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ircd.c b/src/ircd.c index 1f89227..a5c7bcd 100644 --- a/src/ircd.c +++ b/src/ircd.c @@ -66,6 +66,7 @@ #include "serno.h" #include "sslproc.h" #include "chmode.h" +#include "privilege.h" /* /quote set variables */ struct SetOptions GlobalSetOptions; @@ -662,6 +663,7 @@ main(int argc, char *argv[]) #endif init_auth(); /* Initialise the auth code */ init_resolver(); /* Needs to be setup before the io loop */ + privilegeset_set_new("default", "", 0); if (testing_conf) fprintf(stderr, "\nBeginning config test\n"); From 5a6d4202d18af7db2b00de2dcbeb2285325e23a2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:08:23 -0500 Subject: [PATCH 060/113] Make use of the new default privset!! --- src/newconf.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/newconf.c b/src/newconf.c index 40515e1..b8fcee1 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -487,13 +487,9 @@ conf_set_privset_privs(void *data) if (!set) { - conf_report_error("Warning -- unknown parent privilege set %s for %s; ignored.", yy_privset_extends, conf_cur_block_name); + conf_report_error("Warning -- unknown parent privilege set %s for %s; assuming defaults", yy_privset_extends, conf_cur_block_name); - rb_free(yy_privset_extends); - rb_free(privs); - - yy_privset_extends = NULL; - return; + set = privilegeset_get("default"); } privilegeset_extend(set, conf_cur_block_name != NULL ? conf_cur_block_name : "", privs, 0); @@ -634,6 +630,9 @@ static void conf_set_oper_privset(void *data) { yy_oper->privset = privilegeset_get((char *) data); + + if (!yy_oper->privset) + yy_oper->privset = privilegeset_get("default"); } static void From 665e79e9995073df77660df656b255576f98759e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:22:56 -0500 Subject: [PATCH 061/113] privilegeset_ref(): return the privilegeset --- include/privilege.h | 2 +- src/privilege.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/privilege.h b/include/privilege.h index 4eb7564..c454efc 100644 --- a/include/privilege.h +++ b/include/privilege.h @@ -42,7 +42,7 @@ int privilegeset_in_set(struct PrivilegeSet *set, const char *priv); struct PrivilegeSet *privilegeset_set_new(const char *name, const char *privs, PrivilegeFlags flags); struct PrivilegeSet *privilegeset_extend(struct PrivilegeSet *parent, const char *name, const char *privs, PrivilegeFlags flags); struct PrivilegeSet *privilegeset_get(const char *name); -void privilegeset_ref(struct PrivilegeSet *set); +struct PrivilegeSet *privilegeset_ref(struct PrivilegeSet *set); void privilegeset_unref(struct PrivilegeSet *set); #endif diff --git a/src/privilege.c b/src/privilege.c index 40bdbcd..060cf48 100644 --- a/src/privilege.c +++ b/src/privilege.c @@ -95,12 +95,14 @@ privilegeset_get(const char *name) return NULL; } -void +struct PrivilegeSet * privilegeset_ref(struct PrivilegeSet *set) { s_assert(set != NULL); set->refs++; + + return set; } void From 34cb09ceeacbf1fbffbe7d06e3364e56f4cc269b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:23:40 -0500 Subject: [PATCH 062/113] Make a reference to privset in Client.localClient. --- include/client.h | 3 +++ src/s_user.c | 1 + 2 files changed, 4 insertions(+) diff --git a/include/client.h b/include/client.h index 02b39f9..6c85649 100644 --- a/include/client.h +++ b/include/client.h @@ -40,6 +40,7 @@ #include "snomask.h" #include "match.h" #include "ircd.h" +#include "privilege.h" /* other structs */ struct Blacklist; @@ -281,6 +282,8 @@ struct LocalUser struct ZipStats *zipstats; /* zipstats */ uint16_t cork_count; /* used for corking/uncorking connections */ struct ev_entry *event; /* used for associated events */ + + struct PrivilegeSet *privset; /* privset... */ }; struct PreClient diff --git a/src/s_user.c b/src/s_user.c index fa6ce1b..01a21e8 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -1250,6 +1250,7 @@ oper_up(struct Client *source_p, struct oper_conf *oper_p) source_p->flags2 |= oper_p->flags; source_p->localClient->opername = rb_strdup(oper_p->name); + source_p->localClient->privset = privilegeset_ref(oper_p->privset); rb_dlinkAddAlloc(source_p, &local_oper_list); rb_dlinkAddAlloc(source_p, &oper_list); From 73a34351095642cd490a92fe09f9faa2678719e3 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:36:17 -0500 Subject: [PATCH 063/113] All modules converted to use privsets by porting the macro over. New macro, HasPrivilege() does most of the work here, the old IsOper*() macros are deprecated, and will likely be removed later. --- include/s_newconf.h | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/include/s_newconf.h b/include/s_newconf.h index ef2887f..0e135f2 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -167,24 +167,25 @@ extern void cluster_generic(struct Client *, const char *, int cltype, #define IsOperConfEncrypted(x) ((x)->flags & OPER_ENCRYPTED) -#define IsOperGlobalKill(x) ((x)->flags2 & OPER_GLOBKILL) -#define IsOperLocalKill(x) ((x)->flags2 & OPER_LOCKILL) -#define IsOperRemote(x) ((x)->flags2 & OPER_REMOTE) -#define IsOperUnkline(x) ((x)->flags2 & OPER_UNKLINE) -#define IsOperN(x) ((x)->flags2 & OPER_NICKS) -#define IsOperK(x) ((x)->flags2 & OPER_KLINE) -#define IsOperXline(x) ((x)->flags2 & OPER_XLINE) -#define IsOperResv(x) ((x)->flags2 & OPER_RESV) -#define IsOperDie(x) ((x)->flags2 & OPER_DIE) -#define IsOperRehash(x) ((x)->flags2 & OPER_REHASH) -#define IsOperHiddenAdmin(x) ((x)->flags2 & OPER_HADMIN) -#define IsOperAdmin(x) (((x)->flags2 & OPER_ADMIN) || \ - ((x)->flags2 & OPER_HADMIN)) -#define IsOperOperwall(x) ((x)->flags2 & OPER_OPERWALL) -#define IsOperSpy(x) ((x)->flags2 & OPER_SPY) -#define IsOperInvis(x) ((x)->flags2 & OPER_INVIS) -#define IsOperRemoteBan(x) ((x)->flags2 & OPER_REMOTEBAN) -#define IsOperMassNotice(x) ((x)->flags2 & OPER_MASSNOTICE) +#define HasPrivilege(x, y) (privilegeset_in_set((x)->localClient->privset, (y))) + +#define IsOperGlobalKill(x) (HasPrivilege((x), "oper:global_kill")) +#define IsOperLocalKill(x) (HasPrivilege((x), "oper:local_kill")) +#define IsOperRemote(x) (HasPrivilege((x), "oper:routing")) +#define IsOperUnkline(x) (HasPrivilege((x), "oper:unkline")) +#define IsOperN(x) (HasPrivilege((x), "snomask:nick_changes")) +#define IsOperK(x) (HasPrivilege((x), "oper:kline")) +#define IsOperXline(x) (HasPrivilege((x), "oper:xline")) +#define IsOperResv(x) (HasPrivilege((x), "oper:resv")) +#define IsOperDie(x) (HasPrivilege((x), "oper:die")) +#define IsOperRehash(x) (HasPrivilege((x), "oper:rehash")) +#define IsOperHiddenAdmin(x) (HasPrivilege((x), "oper:hidden_admin")) +#define IsOperAdmin(x) (HasPrivilege((x), "oper:admin") || HasPrivilege((x), "oper:hidden_admin")) +#define IsOperOperwall(x) (HasPrivilege((x), "oper:operwall")) +#define IsOperSpy(x) (HasPrivilege((x), "oper:spy")) +#define IsOperInvis(x) (HasPrivilege((x), "oper:hidden")) +#define IsOperRemoteBan(x) (HasPrivilege((x), "oper:remoteban")) +#define IsOperMassNotice(x) (HasPrivilege((x), "oper:mass_notice")) extern struct oper_conf *make_oper_conf(void); extern void free_oper_conf(struct oper_conf *); From e2d7f73174cab5c15bf4ffd73d3d3e10b989e3ba Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:40:10 -0500 Subject: [PATCH 064/113] /stats o: display name of privset instead of privs --- modules/m_stats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/m_stats.c b/modules/m_stats.c index b5738a7..653a0e1 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -674,7 +674,7 @@ stats_oper(struct Client *source_p) sendto_one_numeric(source_p, RPL_STATSOLINE, form_str(RPL_STATSOLINE), oper_p->username, oper_p->host, oper_p->name, - IsOper(source_p) ? get_oper_privs(oper_p->flags) : "0", "-1"); + IsOper(source_p) ? oper_p->privset->name : "0", "-1"); } } From 4db97a82636c22ea24016b665a1a547a8434d5e6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:52:04 -0500 Subject: [PATCH 065/113] HasPrivilege(): check to make sure localClient and localClient.privset are non-NULL. --- include/s_newconf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/s_newconf.h b/include/s_newconf.h index 0e135f2..d3f9b1f 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -167,7 +167,7 @@ extern void cluster_generic(struct Client *, const char *, int cltype, #define IsOperConfEncrypted(x) ((x)->flags & OPER_ENCRYPTED) -#define HasPrivilege(x, y) (privilegeset_in_set((x)->localClient->privset, (y))) +#define HasPrivilege(x, y) ((x)->localClient != NULL && (x)->localClient->privset != NULL && privilegeset_in_set((x)->localClient->privset, (y))) #define IsOperGlobalKill(x) (HasPrivilege((x), "oper:global_kill")) #define IsOperLocalKill(x) (HasPrivilege((x), "oper:local_kill")) From 028aef6ed686e114fa771a934b1df07562e3a0e2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:56:40 -0500 Subject: [PATCH 066/113] m_privs: Add stuff for privsets here too. --- modules/m_privs.c | 43 ++++++++++--------------------------------- 1 file changed, 10 insertions(+), 33 deletions(-) diff --git a/modules/m_privs.c b/modules/m_privs.c index e4479f6..1d24aad 100644 --- a/modules/m_privs.c +++ b/modules/m_privs.c @@ -60,28 +60,6 @@ struct mode_table int mode; }; -static struct mode_table oper_table[] = { - /*{"encrypted", OPER_ENCRYPTED },*/ - {"local_kill", OPER_LOCKILL }, - {"global_kill", OPER_GLOBKILL/*|OPER_LOCKILL*/ }, - {"remote", OPER_REMOTE }, - {"kline", OPER_KLINE }, - {"unkline", OPER_UNKLINE }, - {"nick_changes", OPER_NICKS }, - {"rehash", OPER_REHASH }, - {"die", OPER_DIE }, - {"admin", OPER_ADMIN }, - {"hidden_admin", OPER_HADMIN }, - {"xline", OPER_XLINE }, - {"resv", OPER_RESV }, - {"operwall", OPER_OPERWALL }, - {"oper_spy", OPER_SPY }, - {"hidden_oper", OPER_INVIS }, - {"remoteban", OPER_REMOTEBAN }, - {"mass_notice", OPER_MASSNOTICE }, - {NULL, 0} -}; - /* there is no such table like this anywhere else */ static struct mode_table auth_client_table[] = { {"resv_exempt", FLAGS2_EXEMPTRESV }, @@ -101,23 +79,22 @@ static void show_privs(struct Client *source_p, struct Client *target_p) struct mode_table *p; buf[0] = '\0'; - p = &oper_table[0]; - while (p->name != NULL) - { - if (target_p->flags2 & p->mode) - { - if (buf[0] != '\0') - rb_strlcat(buf, " ", sizeof buf); - rb_strlcat(buf, p->name, sizeof buf); - } - p++; - } + if (target_p->localClient->privset) + rb_strlcat(buf, target_p->localClient->privset->privs, sizeof buf); if (IsOper(target_p)) { if (buf[0] != '\0') rb_strlcat(buf, " ", sizeof buf); rb_strlcat(buf, "operator:", sizeof buf); rb_strlcat(buf, target_p->localClient->opername, sizeof buf); + + if (target_p->localClient->privset) + { + if (buf[0] != '\0') + rb_strlcat(buf, " ", sizeof buf); + rb_strlcat(buf, "privset:", sizeof buf); + rb_strlcat(buf, target_p->localClient->privset->name, sizeof buf); + } } p = &auth_client_table[0]; while (p->name != NULL) From 6e915bfe068e65daca7d193ce48a55912231ee6b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 08:58:34 -0500 Subject: [PATCH 067/113] privset example: Add a privset for local bots like BOPM and TCMs. --- doc/example.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/example.conf b/doc/example.conf index 3b92a77..eba8168 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -190,6 +190,11 @@ privset "local_op" { privs = oper:local_kill, oper:operwall; }; +privset "server_bot" { + extends = "local_op"; + privs = oper:global_kill, oper:kline, oper:remote_ban, snomask:nick_changes; +}; + privset "global_op" { extends = "local_op"; privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, From 858646f1f8f4d163d75df71228fecf7679baa17c Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 17 Aug 2008 09:30:31 -0500 Subject: [PATCH 068/113] update TODO --- TODO | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/TODO b/TODO index d31508a..661c35d 100644 --- a/TODO +++ b/TODO @@ -14,12 +14,11 @@ [x] in-process SSL [x] port and use ratbox ssld for server links [x] merge with libratbox SVN -[/] ssl stuff +[x] ssl stuff [x] client-to-client ssl [x] server-to-server ssl [x] ssl usermode (+Z) [x] ssl channelmode (done by extban and chm_compat) - [ ] acknowledgement message for SSL users like '* *** You are connected using SSL cipher "DHE RSA-AES 128 CBC-SHA"' [x] tool for generating ssl certificates and other stuff [x] gnutls backend for at least SSL connections (replacing libcrypto use in m_challenge would be nice too) [x] merge some stuff from ircd-seven directly (to be determined what) @@ -32,27 +31,28 @@ [?] Patch or core-feature - libguess on-fly any-charset-to-utf8 translation [/] module engine rework [/] more beautiful way of adding new channel modes by module - [x] basic functionality - [x] some example modules - [ ] think on how could we append privilege checking for simple chmode - like chm_staff, but additionaly limited (e. g. IsOperResv etc); - possibly move the same code for all functions into separated one and make it extern? - another idea is too make that work with privilege groups, like "serveradmins" or "ircops" + [x] basic functionality + [x] some example modules + [ ] think on how could we append privilege checking for simple chmode - like chm_staff, but additionaly limited (e. g. IsOperResv etc); + possibly move the same code for all functions into separated one and make it extern? + [x] another idea is too make that work with privilege groups, like "serveradmins" or "ircops" [ ] make nick/user/host validation functions/match tables able to work in separated modules, this will help us making support for native characters sets/slashes in host etc [ ] auth checker module [ ] resolver module [ ] hooks - [ ] can_kick - which modules could we add in charybdis distro? - [ ] can_send_channel - [?] +C (ctcp) - [ ] can_send_user - [?] +C (ctcp) - [ ] privilege system for privilege groups, something like + [ ] can_kick + which modules could we add in charybdis distro? + [ ] can_send_channel + [?] +C (ctcp) + [ ] can_send_user + [?] +C (ctcp) + [x] privilege system for privilege groups, something like in .conf: helper { kill_global, rehash, kline_local } in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done + -- this is done kinda like this, but not really. See HasPrivilege() calls. privilege_add() was not needed ~nenolod [x] Remove glines entirely -[x] test suite as in ircu +[/] test suite as in ircu [?] win32 [?] cygwin support [?] mingw support From c08e7f2dbd97c09e5f78b020f66b08308b85a604 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sun, 17 Aug 2008 22:55:57 +0200 Subject: [PATCH 069/113] Use C locale for the compilation date. --- TODO | 2 +- src/version.c.SH | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/TODO b/TODO index 661c35d..76eb97c 100644 --- a/TODO +++ b/TODO @@ -59,7 +59,7 @@ [?] native win32 (VS2005/VS2008) [/] Bug fixes [x] Compilation without zlib headers fails - fixed - [ ] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage + [x] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage [ ] Improvments [ ] ircd shouldn't need bison/byacc/yacc or flex for compilation --- other stuff diff --git a/src/version.c.SH b/src/version.c.SH index 769daf8..59a5ee8 100644 --- a/src/version.c.SH +++ b/src/version.c.SH @@ -19,7 +19,7 @@ generation=`expr $generation + 1` uname=`uname -a` -creation=`date | \ +creation=`LC_ALL=C date | \ awk '{if (NF == 6) \ { print $1 " " $2 " " $3 " " $6 " at " $4 " " $5 } \ else \ From 220c63400a837d5a042614dab18e7d14620af868 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Mon, 18 Aug 2008 00:55:12 +0200 Subject: [PATCH 070/113] Fix crash if there is no privset= in an operator{}. --- src/newconf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/newconf.c b/src/newconf.c index b8fcee1..33bd7e0 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -560,6 +560,10 @@ conf_end_oper(struct TopConf *tc) return 0; } + + if (!yy_oper->privset) + yy_oper->privset = privilegeset_get("default"); + /* now, yy_oper_list contains a stack of oper_conf's with just user * and host in, yy_oper contains the rest of the information which * we need to copy into each element in yy_oper_list @@ -630,9 +634,6 @@ static void conf_set_oper_privset(void *data) { yy_oper->privset = privilegeset_get((char *) data); - - if (!yy_oper->privset) - yy_oper->privset = privilegeset_get("default"); } static void From 6acb39cb1a9b7034748ccab7abc698c895a50151 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Mon, 25 Aug 2008 18:24:24 +0200 Subject: [PATCH 071/113] Clear privset on deoper. --- src/s_user.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/s_user.c b/src/s_user.c index 01a21e8..319e933 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -965,6 +965,8 @@ user_mode(struct Client *client_p, struct Client *source_p, int parc, const char source_p->localClient->opername = NULL; rb_dlinkFindDestroy(source_p, &local_oper_list); + privilegeset_unref(source_p->localClient->privset); + source_p->localClient->privset = NULL; } rb_dlinkFindDestroy(source_p, &oper_list); From 79fae8dbc031ab05f6d24bceeef2d17a5cd81e37 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Mon, 25 Aug 2008 18:48:30 +0200 Subject: [PATCH 072/113] ssld: un #if 0 the /dev/null stuff out --- ssld/ssld.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ssld/ssld.c b/ssld/ssld.c index 58e1bd0..83ba765 100644 --- a/ssld/ssld.c +++ b/ssld/ssld.c @@ -1076,7 +1076,6 @@ main(int argc, char **argv) close(x); } -#if 0 x = open("/dev/null", O_RDWR); if(x >= 0) { @@ -1089,7 +1088,7 @@ main(int argc, char **argv) if(x > 2) close(x); } -#endif + setup_signals(); rb_lib_init(NULL, NULL, NULL, 0, maxfd, 1024, 4096); rb_init_rawbuffers(1024); From 509c9ee183c613ec028eb1a1e347ac8e841594c1 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 26 Aug 2008 00:00:11 +0200 Subject: [PATCH 073/113] Remove another remnant of server hostmasking. --- modules/core/m_server.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 95926f1..e9362df 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -292,12 +292,6 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * doesnt exist, although ircd can handle it, its not a realistic * solution.. --fl_ */ - /* It is behind a host-masked server. Completely ignore the - * server message(don't propagate or we will delink from whoever - * we propagate to). -A1kmm */ - if(irccmp(target_p->name, name) && target_p->from == client_p) - return 0; - sendto_one(client_p, "ERROR :Server %s already exists", name); sendto_realops_snomask(SNO_GENERAL, L_ALL, From 07c8448a5b5d1a4a82c42d17ac08f296f5b2d077 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 28 Aug 2008 00:49:04 +0200 Subject: [PATCH 074/113] Fix ident for ssl connections. --- include/client.h | 2 ++ src/listener.c | 7 ++++--- src/s_auth.c | 10 +--------- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/include/client.h b/include/client.h index 6c85649..3349144 100644 --- a/include/client.h +++ b/include/client.h @@ -298,6 +298,8 @@ struct PreClient rb_dlink_list dnsbl_queries; /* list of struct BlacklistClient * */ struct Blacklist *dnsbl_listed; /* first dnsbl where it's listed */ + + struct rb_sockaddr_storage lip; /* address of our side of the connection */ }; struct ListClient diff --git a/src/listener.c b/src/listener.c index 0849ab6..e8dfb27 100644 --- a/src/listener.c +++ b/src/listener.c @@ -435,7 +435,7 @@ close_listeners() * any client list yet. */ static void -add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, void *ssl_ctl) +add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, struct sockaddr *lai, void *ssl_ctl) { struct Client *new_client; s_assert(NULL != listener); @@ -447,6 +447,7 @@ add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, voi new_client = make_client(NULL); memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage)); + memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage)); /* * copy address to 'sockhost' as a string, copy it to host too @@ -553,7 +554,7 @@ accept_ssld(rb_fde_t *F, struct sockaddr *addr, struct sockaddr *laddr, struct L rb_fde_t *xF[2]; rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Incoming ssld Connection"); ctl = start_ssld_accept(F, xF[1], rb_get_fd(xF[0])); /* this will close F for us */ - add_connection(listener, xF[0], addr, ctl); + add_connection(listener, xF[0], addr, laddr, ctl); } static void @@ -575,5 +576,5 @@ accept_callback(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t add if(listener->ssl) accept_ssld(F, addr, (struct sockaddr *)&lip, listener); else - add_connection(listener, F, addr, NULL); + add_connection(listener, F, addr, (struct sockaddr *)&lip, NULL); } diff --git a/src/s_auth.c b/src/s_auth.c index 83407b3..a6143bb 100644 --- a/src/s_auth.c +++ b/src/s_auth.c @@ -297,7 +297,6 @@ static int start_auth_query(struct AuthRequest *auth) { struct rb_sockaddr_storage localaddr, destaddr; - socklen_t locallen = sizeof(struct rb_sockaddr_storage); rb_fde_t *F; int family; @@ -333,14 +332,7 @@ start_auth_query(struct AuthRequest *auth) * since the ident request must originate from that same address-- * and machines with multiple IP addresses are common now */ - memset(&localaddr, 0, locallen); - if(getsockname(rb_get_fd(auth->client->localClient->F), - (struct sockaddr *) &localaddr, &locallen) == -1) - { - /* can happen if connection was just closed */ - rb_close(F); - return 0; - } + localaddr = auth->client->preClient->lip; /* XXX mangle_mapped_sockaddr((struct sockaddr *)&localaddr); */ #ifdef RB_IPV6 From c80be1ec80c25489f06718921caad5194980ef55 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 28 Aug 2008 01:05:41 +0200 Subject: [PATCH 075/113] Don't try to add a closed connection. ircd-ratbox r25965 (jilles) --- src/listener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/listener.c b/src/listener.c index e8dfb27..cc8f3ae 100644 --- a/src/listener.c +++ b/src/listener.c @@ -571,6 +571,7 @@ accept_callback(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t add /* this shouldn't fail so... */ /* XXX add logging of this */ rb_close(F); + return; } if(listener->ssl) From 0cdd90ce79ecb6a636be3fe69ede9506ac8fd839 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 28 Aug 2008 01:06:19 +0200 Subject: [PATCH 076/113] Fix comment, getsockname() can fail legitimately. from ircd-ratbox r25967 (jilles) --- src/listener.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/listener.c b/src/listener.c index cc8f3ae..7f270a1 100644 --- a/src/listener.c +++ b/src/listener.c @@ -568,8 +568,7 @@ accept_callback(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t add if(getsockname(rb_get_fd(F), (struct sockaddr *) &lip, &locallen) < 0) { - /* this shouldn't fail so... */ - /* XXX add logging of this */ + /* this can fail if the connection disappeared in the meantime */ rb_close(F); return; } From d3b22631c1a1258f658369629402b3625333f777 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 29 Aug 2008 01:34:18 +0200 Subject: [PATCH 077/113] Make genssl.sh work. Submitted by jdhore. --- tools/genssl.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tools/genssl.sh b/tools/genssl.sh index a55ae97..5e43548 100755 --- a/tools/genssl.sh +++ b/tools/genssl.sh @@ -1,9 +1,6 @@ #!/bin/sh -echo "Generating certificate request .. " -openssl req -new -nodes -out ../etc/req.pem - echo "Generating self-signed certificate .. " -openssl req -x509 -days 365 -in ../etc/req.pem -key ../etc/rsa.key -out ../etc/cert.pem +openssl req -x509 -nodes -newkey rsa:1024 -keyout ../etc/test.key -out ../etc/test.cert echo "Generating Diffie-Hellman file for secure SSL/TLS negotiation .. " openssl dhparam -out ../etc/dh.pem 1024 @@ -11,8 +8,8 @@ openssl dhparam -out ../etc/dh.pem 1024 echo " Now change these lines in the IRCd config file: - ssl_private_key = "etc/rsa.key"; - ssl_cert = "etc/cert.pem"; + ssl_private_key = "etc/test.key"; + ssl_cert = "etc/test.cert"; ssl_dh_params = "etc/dh.pem"; Enjoy using ssl. From ef8e4220ec071dd0d3df0a903f9547219ee5aea7 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 29 Aug 2008 01:58:10 +0200 Subject: [PATCH 078/113] Fix a memory leak. found using llvm static analyzer --- src/hostmask.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/hostmask.c b/src/hostmask.c index a0a193d..d024048 100644 --- a/src/hostmask.c +++ b/src/hostmask.c @@ -446,7 +446,6 @@ find_exact_conf_by_address(const char *address, int type, const char *username) if(address == NULL) address = "/NOMATCH!/"; - arec = rb_malloc(sizeof(struct AddressRec)); masktype = parse_netmask(address, (struct sockaddr *)&addr, &bits); #ifdef RB_IPV6 if(masktype == HM_IPV6) From 628eee0041a53378a1debc275a34d14b88210735 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 29 Aug 2008 02:53:52 +0200 Subject: [PATCH 079/113] Remove some dead code. found using llvm static analyzer --- modules/core/m_message.c | 3 --- modules/m_whois.c | 7 ------- src/client.c | 3 --- src/extban.c | 5 +---- 4 files changed, 1 insertion(+), 17 deletions(-) diff --git a/modules/core/m_message.c b/modules/core/m_message.c index fc0896f..658a2a3 100644 --- a/modules/core/m_message.c +++ b/modules/core/m_message.c @@ -916,7 +916,6 @@ handle_special(int p_or_n, const char *command, struct Client *client_p, struct Client *target_p; char *server; char *s; - int count; /* user[%host]@server addressed? * NOTE: users can send to user@server, but not user%host@server @@ -931,8 +930,6 @@ handle_special(int p_or_n, const char *command, struct Client *client_p, return; } - count = 0; - if(!IsOper(source_p)) { if(strchr(nick, '%') || (strncmp(nick, "opers", 5) == 0)) diff --git a/modules/m_whois.c b/modules/m_whois.c index 54c71a1..40a8d52 100644 --- a/modules/m_whois.c +++ b/modules/m_whois.c @@ -239,16 +239,9 @@ single_whois(struct Client *source_p, struct Client *target_p, int operspy) char *t; int tlen; hook_data_client hdata; - char *name; - char quest[] = "?"; int visible; int extra_space = 0; - if(target_p->name[0] == '\0') - name = quest; - else - name = target_p->name; - if(target_p->user == NULL) { s_assert(0); diff --git a/src/client.c b/src/client.c index 8e8dd68..0f717bc 100644 --- a/src/client.c +++ b/src/client.c @@ -1361,15 +1361,12 @@ static int qs_server(struct Client *client_p, struct Client *source_p, struct Client *from, const char *comment) { - struct Client *target_p; - if(source_p->servptr && source_p->servptr->serv) rb_dlinkDelete(&source_p->lnode, &source_p->servptr->serv->servers); else s_assert(0); rb_dlinkFindDestroy(source_p, &global_serv_list); - target_p = source_p->from; if(has_id(source_p)) del_from_id_hash(source_p->id, source_p); diff --git a/src/extban.c b/src/extban.c index c8a04df..8890fcc 100644 --- a/src/extban.c +++ b/src/extban.c @@ -68,17 +68,14 @@ int valid_extban(const char *banstr, struct Client *client_p, struct Channel *chptr, long mode_type) { const char *p; - int invert = 0, result = EXTBAN_INVALID; + int result = EXTBAN_INVALID; ExtbanFunc f; if (*banstr != '$') return 0; p = banstr + 1; if (*p == '~') - { - invert = 1; p++; - } f = extban_table[(unsigned char) ToLower(*p)]; if (*p != '\0') { From 299ad32f98f8081aa084bc2f311f1373f95626ff Mon Sep 17 00:00:00 2001 From: Stephen Bennett Date: Fri, 29 Aug 2008 14:45:22 -0500 Subject: [PATCH 080/113] If auth_user and server password were given and not used, use auth_user as an account name in the nickserv identify command --- doc/sgml/oper-guide/charybdis-oper-guide.sgml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/sgml/oper-guide/charybdis-oper-guide.sgml b/doc/sgml/oper-guide/charybdis-oper-guide.sgml index 2c9c1a9..6dd8a17 100644 --- a/doc/sgml/oper-guide/charybdis-oper-guide.sgml +++ b/doc/sgml/oper-guide/charybdis-oper-guide.sgml @@ -5,6 +5,7 @@ + ]> @@ -37,6 +38,7 @@ &cmodes; &ucommands; &commands; + &extensions; &oprivs; &config; From 645103ac52e1ad2c9ce032f140a3897b319b3de9 Mon Sep 17 00:00:00 2001 From: Stephen Bennett Date: Fri, 29 Aug 2008 14:45:30 -0500 Subject: [PATCH 081/113] If auth_user and server password were given and not used, use auth_user as an account name in the nickserv identify command --- src/s_user.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/s_user.c b/src/s_user.c index 01a21e8..adbcea6 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -649,11 +649,21 @@ introduce_client(struct Client *client_p, struct Client *source_p, struct User * else identifyservice_p = NULL; if (identifyservice_p != NULL) - sendto_one(identifyservice_p, ":%s PRIVMSG %s :%s %s", - get_id(source_p, identifyservice_p), - ConfigFileEntry.identifyservice, - ConfigFileEntry.identifycommand, - source_p->localClient->passwd); + { + if (!EmptyString(source_p->localClient->auth_user)) + sendto_one(identifyservice_p, ":%s PRIVMSG %s :%s %s %s", + get_id(source_p, identifyservice_p), + ConfigFileEntry.identifyservice, + ConfigFileEntry.identifycommand, + source_p->localClient->auth_user, + source_p->localClient->passwd); + else + sendto_one(identifyservice_p, ":%s PRIVMSG %s :%s %s", + get_id(source_p, identifyservice_p), + ConfigFileEntry.identifyservice, + ConfigFileEntry.identifycommand, + source_p->localClient->passwd); + } } memset(source_p->localClient->passwd, 0, strlen(source_p->localClient->passwd)); rb_free(source_p->localClient->passwd); From 016746cfc222a0df1fc8892e0930ab9c2790b69e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 29 Aug 2008 14:46:19 -0500 Subject: [PATCH 082/113] Backed out changeset 7f24e5f3fb86 --- doc/sgml/oper-guide/charybdis-oper-guide.sgml | 2 -- 1 file changed, 2 deletions(-) diff --git a/doc/sgml/oper-guide/charybdis-oper-guide.sgml b/doc/sgml/oper-guide/charybdis-oper-guide.sgml index 6dd8a17..2c9c1a9 100644 --- a/doc/sgml/oper-guide/charybdis-oper-guide.sgml +++ b/doc/sgml/oper-guide/charybdis-oper-guide.sgml @@ -5,7 +5,6 @@ - ]> @@ -38,7 +37,6 @@ &cmodes; &ucommands; &commands; - &extensions; &oprivs; &config; From 1d53b4283b109ad1fb261a6f25fe20abac016cb6 Mon Sep 17 00:00:00 2001 From: Stephen Bennett Date: Fri, 29 Aug 2008 14:47:51 -0500 Subject: [PATCH 083/113] don't set an empty password or auth_user --- modules/m_pass.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/m_pass.c b/modules/m_pass.c index 0cc0747..b66de73 100644 --- a/modules/m_pass.c +++ b/modules/m_pass.c @@ -83,9 +83,9 @@ mr_pass(struct Client *client_p, struct Client *source_p, int parc, const char * auth_user = NULL; } - client_p->localClient->passwd = rb_strndup(pass, PASSWDLEN); + client_p->localClient->passwd = *pass ? rb_strndup(pass, PASSWDLEN) : NULL; - if(auth_user) + if(auth_user && *auth_user) client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN); /* These are for servers only */ From 17ad49a96ad0bb3c4340a61100486b6a2eb60b80 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 29 Aug 2008 15:27:34 -0500 Subject: [PATCH 084/113] Add change_isupport() to change the value of an ISUPPORT token. --- include/supported.h | 1 + src/supported.c | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/include/supported.h b/include/supported.h index d92c9b1..beeb89c 100644 --- a/include/supported.h +++ b/include/supported.h @@ -36,6 +36,7 @@ #define INCLUDED_supported_h extern void add_isupport(const char *, const char *(*)(const void *), const void *); +extern void change_isupport(const char *, const char *(*)(const void *), const void *); extern void delete_isupport(const char *); extern void show_isupport(struct Client *); extern void init_isupport(void); diff --git a/src/supported.c b/src/supported.c index e0f617e..2f52479 100644 --- a/src/supported.c +++ b/src/supported.c @@ -111,6 +111,27 @@ add_isupport(const char *name, const char *(*func)(const void *), const void *pa rb_dlinkAddTail(item, &item->node, &isupportlist); } +void +change_isupport(const char *name, const char *(*func)(const void *), const void *param) +{ + rb_dlink_node *ptr; + struct isupportitem *item; + + RB_DLINK_FOREACH(ptr, isupportlist.head) + { + item = ptr->data; + + if (!strcmp(item->name, name)) + { + item->name = name; + item->func = func; + item->param = param; + + break; + } + } +} + void delete_isupport(const char *name) { From 508c7c41fecfec319aa099de0fb9660b04a6e140 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 29 Aug 2008 15:36:41 -0500 Subject: [PATCH 085/113] Make change_isupport() return the old value!!! --- include/supported.h | 2 +- src/supported.c | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/include/supported.h b/include/supported.h index beeb89c..1ed7c0d 100644 --- a/include/supported.h +++ b/include/supported.h @@ -36,7 +36,7 @@ #define INCLUDED_supported_h extern void add_isupport(const char *, const char *(*)(const void *), const void *); -extern void change_isupport(const char *, const char *(*)(const void *), const void *); +extern const void *change_isupport(const char *, const char *(*)(const void *), const void *); extern void delete_isupport(const char *); extern void show_isupport(struct Client *); extern void init_isupport(void); diff --git a/src/supported.c b/src/supported.c index 2f52479..6c6b33c 100644 --- a/src/supported.c +++ b/src/supported.c @@ -111,11 +111,12 @@ add_isupport(const char *name, const char *(*func)(const void *), const void *pa rb_dlinkAddTail(item, &item->node, &isupportlist); } -void +const void * change_isupport(const char *name, const char *(*func)(const void *), const void *param) { rb_dlink_node *ptr; struct isupportitem *item; + void *oldvalue; RB_DLINK_FOREACH(ptr, isupportlist.head) { @@ -123,6 +124,8 @@ change_isupport(const char *name, const char *(*func)(const void *), const void if (!strcmp(item->name, name)) { + oldvalue = item->param; + item->name = name; item->func = func; item->param = param; @@ -130,6 +133,8 @@ change_isupport(const char *name, const char *(*func)(const void *), const void break; } } + + return oldvalue; } void From d05e3e3a7b8562c266add3e1c4cfd745d8e78690 Mon Sep 17 00:00:00 2001 From: Valeriy Yatsko Date: Sun, 31 Aug 2008 03:57:27 +0400 Subject: [PATCH 086/113] We don't want to leave the isupport name in the extension memory space on changing it - fixed a bug (tnx Artem@IrcNet(RU)) --- src/supported.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/supported.c b/src/supported.c index 6c6b33c..e788ad5 100644 --- a/src/supported.c +++ b/src/supported.c @@ -126,7 +126,7 @@ change_isupport(const char *name, const char *(*func)(const void *), const void { oldvalue = item->param; - item->name = name; + // item->name = name; item->func = func; item->param = param; From 0d499ee5f968654301cffbba4a5b60cd8a401f86 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 2 Sep 2008 23:40:22 +0200 Subject: [PATCH 087/113] oper:adminwall priv seems meaningless, remove it. --- doc/example.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/example.conf b/doc/example.conf index eba8168..3f8b0c3 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -203,7 +203,7 @@ privset "global_op" { privset "admin" { extends = "global_op"; - privs = oper:admin, oper:die, oper:rehash, oper:adminwall, oper:spy; + privs = oper:admin, oper:die, oper:rehash, oper:spy; }; operator "god" { From 44d450f2423bb02999b1ce521af4f30b28bd4198 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 2 Sep 2008 23:42:51 +0200 Subject: [PATCH 088/113] Correct spelling of oper:remoteban in example.conf. --- doc/example.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/example.conf b/doc/example.conf index 3f8b0c3..09a5189 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -192,13 +192,13 @@ privset "local_op" { privset "server_bot" { extends = "local_op"; - privs = oper:global_kill, oper:kline, oper:remote_ban, snomask:nick_changes; + privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes; }; privset "global_op" { extends = "local_op"; privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, - oper:resv, oper:mass_notice, oper:remote_ban; + oper:resv, oper:mass_notice, oper:remoteban; }; privset "admin" { From 64973a71e67d846a5ce4de8e45e702840e17ce8d Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 2 Sep 2008 23:44:06 +0200 Subject: [PATCH 089/113] Do not use get_oper_name() for a netwide server notice, it may be confusing. --- extensions/m_sendbans.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/extensions/m_sendbans.c b/extensions/m_sendbans.c index f8829a0..00ff7da 100644 --- a/extensions/m_sendbans.c +++ b/extensions/m_sendbans.c @@ -126,8 +126,9 @@ static int mo_sendbans(struct Client *client_p, struct Client *source_p, int par } sendto_realops_snomask(SNO_GENERAL, L_NETWIDE, - "%s is sending resvs and xlines to %s", - get_oper_name(source_p), target); + "%s!%s@%s is sending resvs and xlines to %s", + source_p->name, source_p->username, source_p->host, + target); RB_DLINK_FOREACH(ptr, resv_conf_list.head) { From 9649981ba73c3fa107d78c7949a2b43f2c5679a7 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Thu, 4 Sep 2008 01:41:49 +0200 Subject: [PATCH 090/113] Improve server notices about duplicate SIDs. Note that this is checked after duplicate server names, so it can only happen if multiple servers have the same SID configured. --- modules/core/m_server.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index e9362df..4429718 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -220,14 +220,15 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char if(has_id(client_p) && (target_p = find_id(client_p->id)) != NULL) { sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, - "Attempt to re-introduce SID %s from %s%s", + "Attempt to re-introduce SID %s from %s%s (already in use by %s)", client_p->id, EmptyString(client_p->name) ? name : "", - client_p->name); - ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s", + client_p->name, target_p->name); + ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)", client_p->id, EmptyString(client_p->name) ? name : "", - log_client_name(client_p, SHOW_IP)); + log_client_name(client_p, SHOW_IP), + target_p->name); sendto_one(client_p, "ERROR :SID already exists."); exit_client(client_p, client_p, client_p, "SID Exists"); @@ -467,6 +468,7 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p int hop; int hlined = 0; int llined = 0; + char squitreason[160]; hop = atoi(parv[2]); @@ -487,14 +489,19 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p /* collision on the SID? */ if((target_p = find_id(parv[3])) != NULL) { - sendto_one(client_p, "ERROR :SID %s already exists", parv[3]); - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s cancelled, SID %s already exists", - client_p->name, parv[3]); - ilog(L_SERVER, "Link %s cancelled, SID %s already exists", - client_p->name, parv[3]); + sendto_wallops_flags(UMODE_WALLOP, &me, + "Link %s cancelled, SID %s for server %s already in use by %s", + client_p->name, parv[3], parv[1], target_p->name); + sendto_server(NULL, NULL, CAP_TS6, NOCAPS, + ":%s WALLOPS :Link %s cancelled, SID %s for server %s already in use by %s", + me.id, client_p->name, parv[3], parv[1], target_p->name); + ilog(L_SERVER, "Link %s cancelled, SID %s for server %s already in use by %s", + client_p->name, parv[3], parv[1], target_p->name); - exit_client(NULL, client_p, &me, "SID Exists"); + snprintf(squitreason, sizeof squitreason, + "SID %s for %s already in use by %s", + parv[3], parv[1], target_p->name); + exit_client(NULL, client_p, &me, squitreason); return 0; } From deb744947122c8e76c05aa4e5621b85f5dd4eaa2 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 5 Sep 2008 22:52:39 +0200 Subject: [PATCH 091/113] Improve server notices for servers introducing existing servers. --- modules/core/m_server.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 4429718..d2c40a9 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -268,6 +268,7 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char int hlined = 0; int llined = 0; rb_dlink_node *ptr; + char squitreason[160]; name = parv[1]; hop = atoi(parv[2]); @@ -293,15 +294,13 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * doesnt exist, although ircd can handle it, its not a realistic * solution.. --fl_ */ - sendto_one(client_p, "ERROR :Server %s already exists", name); - - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s cancelled, server %s already exists", - client_p->name, name); ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, name); - exit_client(client_p, client_p, &me, "Server Exists"); + snprintf(squitreason, sizeof squitreason, + "Server %s already exists", + name); + exit_client(client_p, client_p, &me, squitreason); return 0; } @@ -475,14 +474,13 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p /* collision on the name? */ if((target_p = find_server(NULL, parv[1])) != NULL) { - sendto_one(client_p, "ERROR :Server %s already exists", parv[1]); - sendto_realops_snomask(SNO_GENERAL, L_ALL, - "Link %s cancelled, server %s already exists", - client_p->name, parv[1]); ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, parv[1]); - exit_client(NULL, client_p, &me, "Server Exists"); + snprintf(squitreason, sizeof squitreason, + "Server %s already exists", + parv[1]); + exit_client(NULL, client_p, &me, squitreason); return 0; } From bdfc9ce6262f8f37614406b84a9d6369d7561c2e Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Fri, 5 Sep 2008 22:56:59 +0200 Subject: [PATCH 092/113] Avoid empty strings in various notices about rejected server connections. These come from the name field which is empty for unknown connections attempting to become a server. Instead, put [@255.255.255.255] just like ratbox3 does. --- modules/core/m_server.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index d2c40a9..4009500 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -119,7 +119,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char sendto_realops_snomask(SNO_GENERAL, L_ALL, "Unauthorised server connection attempt from %s: " "No entry for servername %s", - client_p->name, name); + "[@255.255.255.255]", name); ilog(L_SERVER, "Access denied, no connect block for server %s%s", EmptyString(client_p->name) ? name : "", @@ -135,7 +135,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL, "Unauthorised server connection attempt from %s: " "Bad password for server %s", - client_p->name, name); + "[@255.255.255.255]", name); ilog(L_SERVER, "Access denied, invalid password for server %s%s", EmptyString(client_p->name) ? name : "", @@ -150,7 +150,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char sendto_realops_snomask(SNO_GENERAL, L_ALL, "Unauthorised server connection attempt from %s: " "Invalid host for server %s", - client_p->name, name); + "[@255.255.255.255]", name); ilog(L_SERVER, "Access denied, invalid host for server %s%s", EmptyString(client_p->name) ? name : "", @@ -165,7 +165,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char case -4: sendto_realops_snomask(SNO_GENERAL, L_ALL, "Invalid servername %s from %s", - name, client_p->name); + name, "[@255.255.255.255]"); ilog(L_SERVER, "Access denied, invalid servername from %s", log_client_name(client_p, SHOW_IP)); @@ -208,7 +208,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char */ sendto_realops_snomask(SNO_GENERAL, L_ALL, "Attempt to re-introduce server %s from %s", - name, client_p->name); + name, "[@255.255.255.255]"); ilog(L_SERVER, "Attempt to re-introduce server %s from %s", name, log_client_name(client_p, SHOW_IP)); From 341504a70230b034cb36b0d24c5824be29e6b496 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 00:44:09 +0200 Subject: [PATCH 093/113] Remove comment referencing LazyLeaf. --- modules/core/m_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 4009500..6ab85de 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -379,7 +379,7 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * .edu's */ - /* Ok, check client_p can hub the new server, and make sure it's not a LL */ + /* Ok, check client_p can hub the new server */ if(!hlined) { /* OOOPs nope can't HUB */ From 5b0a527927c6c5f4decdc33cc06c24f4bc17f61f Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 01:00:20 +0200 Subject: [PATCH 094/113] Use rb_snprintf() in various places. --- extensions/ip_cloaking.c | 4 ++-- modules/core/m_error.c | 2 +- modules/core/m_server.c | 6 +++--- modules/m_monitor.c | 4 ++-- modules/m_services.c | 2 +- modules/m_signon.c | 2 +- modules/m_svinfo.c | 4 ++-- modules/m_whois.c | 2 +- src/irc_dictionary.c | 6 +++--- src/parse.c | 2 +- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/extensions/ip_cloaking.c b/extensions/ip_cloaking.c index e80a19a..1939395 100644 --- a/extensions/ip_cloaking.c +++ b/extensions/ip_cloaking.c @@ -121,11 +121,11 @@ do_host_cloak_ip(const char *inbuf, char *outbuf) if(ipv6) { - snprintf(outbuf, HOSTLEN, "%s:%x", buf, accum); + rb_snprintf(outbuf, HOSTLEN, "%s:%x", buf, accum); } else { - snprintf(outbuf, HOSTLEN, "%s.%x", buf, accum); + rb_snprintf(outbuf, HOSTLEN, "%s.%x", buf, accum); } } diff --git a/modules/core/m_error.c b/modules/core/m_error.c index 9659f11..5a5bd67 100644 --- a/modules/core/m_error.c +++ b/modules/core/m_error.c @@ -58,7 +58,7 @@ is_safe_error(const char *message) if (!strncmp(message, "Closing Link: 127.0.0.1 (", 25)) return 1; - snprintf(prefix2, sizeof prefix2, + rb_snprintf(prefix2, sizeof prefix2, "Closing Link: 127.0.0.1 %s (", me.name); if (!strncmp(message, prefix2, strlen(prefix2))) return 1; diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 6ab85de..72c9b84 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -297,7 +297,7 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, name); - snprintf(squitreason, sizeof squitreason, + rb_snprintf(squitreason, sizeof squitreason, "Server %s already exists", name); exit_client(client_p, client_p, &me, squitreason); @@ -477,7 +477,7 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p ilog(L_SERVER, "Link %s cancelled, server %s already exists", client_p->name, parv[1]); - snprintf(squitreason, sizeof squitreason, + rb_snprintf(squitreason, sizeof squitreason, "Server %s already exists", parv[1]); exit_client(NULL, client_p, &me, squitreason); @@ -496,7 +496,7 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p ilog(L_SERVER, "Link %s cancelled, SID %s for server %s already in use by %s", client_p->name, parv[3], parv[1], target_p->name); - snprintf(squitreason, sizeof squitreason, + rb_snprintf(squitreason, sizeof squitreason, "SID %s for %s already in use by %s", parv[3], parv[1], target_p->name); exit_client(NULL, client_p, &me, squitreason); diff --git a/modules/m_monitor.c b/modules/m_monitor.c index 1193c69..a6ce575 100644 --- a/modules/m_monitor.c +++ b/modules/m_monitor.c @@ -89,9 +89,9 @@ add_monitor(struct Client *client_p, const char *nicks) sendto_one(client_p, "%s", offbuf); if(p) - snprintf(buf, sizeof(buf), "%s,%s", name, p); + rb_snprintf(buf, sizeof(buf), "%s,%s", name, p); else - snprintf(buf, sizeof(buf), "%s", name); + rb_snprintf(buf, sizeof(buf), "%s", name); sendto_one(client_p, form_str(ERR_MONLISTFULL), me.name, client_p->name, diff --git a/modules/m_services.c b/modules/m_services.c index a78cc7f..ffc77cd 100644 --- a/modules/m_services.c +++ b/modules/m_services.c @@ -195,7 +195,7 @@ me_rsfnc(struct Client *client_p, struct Client *source_p, kill_client_serv_butone(NULL, exist_p, "%s (Nickname regained by services)", me.name); - snprintf(buf, sizeof(buf), "Killed (%s (Nickname regained by services))", + rb_snprintf(buf, sizeof(buf), "Killed (%s (Nickname regained by services))", me.name); exit_client(NULL, exist_p, &me, buf); } diff --git a/modules/m_signon.c b/modules/m_signon.c index d57d953..f28021f 100644 --- a/modules/m_signon.c +++ b/modules/m_signon.c @@ -214,7 +214,7 @@ me_svslogin(struct Client *client_p, struct Client *source_p, kill_client_serv_butone(NULL, exist_p, "%s (Nickname regained by services)", me.name); - snprintf(buf, sizeof(buf), "Killed (%s (Nickname regained by services))", + rb_snprintf(buf, sizeof(buf), "Killed (%s (Nickname regained by services))", me.name); exit_client(NULL, exist_p, &me, buf); }else if((exist_p = find_client(nick)) && IsUnknown(exist_p) && exist_p != target_p) { diff --git a/modules/m_svinfo.c b/modules/m_svinfo.c index 740f8d7..27ff525 100644 --- a/modules/m_svinfo.c +++ b/modules/m_svinfo.c @@ -71,7 +71,7 @@ ms_svinfo(struct Client *client_p, struct Client *source_p, int parc, const char sendto_realops_snomask(SNO_GENERAL, L_ALL, "Link %s dropped, wrong TS protocol version (%s,%s)", source_p->name, parv[1], parv[2]); - snprintf(squitreason, sizeof squitreason, "Incompatible TS version (%s,%s)", + rb_snprintf(squitreason, sizeof squitreason, "Incompatible TS version (%s,%s)", parv[1], parv[2]); exit_client(source_p, source_p, source_p, squitreason); return 0; @@ -95,7 +95,7 @@ ms_svinfo(struct Client *client_p, struct Client *source_p, int parc, const char "Link %s dropped, excessive TS delta" " (my TS=%ld, their TS=%ld, delta=%d)", log_client_name(source_p, SHOW_IP), (long) rb_current_time(), (long) theirtime, deltat); - snprintf(squitreason, sizeof squitreason, "Excessive TS delta (my TS=%ld, their TS=%ld, delta=%d)", + rb_snprintf(squitreason, sizeof squitreason, "Excessive TS delta (my TS=%ld, their TS=%ld, delta=%d)", (long) rb_current_time(), (long) theirtime, deltat); exit_client(source_p, source_p, source_p, squitreason); return 0; diff --git a/modules/m_whois.c b/modules/m_whois.c index 40a8d52..085e4d6 100644 --- a/modules/m_whois.c +++ b/modules/m_whois.c @@ -200,7 +200,7 @@ do_whois(struct Client *client_p, struct Client *source_p, int parc, const char { char buffer[BUFSIZE]; - snprintf(buffer, sizeof(buffer), "%s!%s@%s %s", + rb_snprintf(buffer, sizeof(buffer), "%s!%s@%s %s", target_p->name, target_p->username, target_p->host, target_p->servptr->name); report_operspy(source_p, "WHOIS", buffer); diff --git a/src/irc_dictionary.c b/src/irc_dictionary.c index 0de08b6..89a0a7b 100644 --- a/src/irc_dictionary.c +++ b/src/irc_dictionary.c @@ -850,15 +850,15 @@ void irc_dictionary_stats(struct Dictionary *dict, void (*cb)(const char *line, s_assert(dict != NULL); if (dict->id != NULL) - snprintf(str, sizeof str, "Dictionary stats for %s (%d)", + rb_snprintf(str, sizeof str, "Dictionary stats for %s (%d)", dict->id, dict->count); else - snprintf(str, sizeof str, "Dictionary stats for <%p> (%d)", + rb_snprintf(str, sizeof str, "Dictionary stats for <%p> (%d)", (void *)dict, dict->count); cb(str, privdata); maxdepth = 0; sum = stats_recurse(dict->root, 0, &maxdepth); - snprintf(str, sizeof str, "Depth sum %d Avg depth %d Max depth %d", sum, sum / dict->count, maxdepth); + rb_snprintf(str, sizeof str, "Depth sum %d Avg depth %d Max depth %d", sum, sum / dict->count, maxdepth); cb(str, privdata); return; } diff --git a/src/parse.c b/src/parse.c index 970ad7f..5fe0585 100644 --- a/src/parse.c +++ b/src/parse.c @@ -364,7 +364,7 @@ handle_command(struct Message *mptr, struct Client *client_p, ilog(L_SERVER, "Insufficient parameters (%d < %d) for command '%s' from %s.", i, ehandler.min_para, mptr->cmd, client_p->name); - snprintf(squitreason, sizeof squitreason, + rb_snprintf(squitreason, sizeof squitreason, "Insufficient parameters (%d < %d) for command '%s'", i, ehandler.min_para, mptr->cmd); exit_client(client_p, client_p, client_p, squitreason); From c71ae7f0dcf0827c956015ccdaabd9f0e3ab6200 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 01:21:16 +0200 Subject: [PATCH 095/113] Improve server notices for hub_mask/leaf_mask. Local-only server notices kept here because hub_mask/leaf_mask tends to be specific to a (hub) server. The same information is now available in Netsplit notices. --- modules/core/m_server.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index 72c9b84..ba3d446 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -388,7 +388,10 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char ilog(L_SERVER, "Non-Hub link %s introduced %s.", client_p->name, name); - exit_client(NULL, client_p, &me, "No matching hub_mask."); + rb_snprintf(squitreason, sizeof squitreason, + "No matching hub_mask for %s", + name); + exit_client(NULL, client_p, &me, squitreason); return 0; } @@ -402,7 +405,10 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char ilog(L_SERVER, "Link %s introduced leafed server %s.", client_p->name, name); - exit_client(NULL, client_p, &me, "Leafed Server."); + rb_snprintf(squitreason, sizeof squitreason, + "Matching leaf_mask for %s", + name); + exit_client(NULL, client_p, &me, squitreason); return 0; } @@ -550,26 +556,32 @@ ms_sid(struct Client *client_p, struct Client *source_p, int parc, const char *p /* no matching hub_mask */ if(!hlined) { - sendto_one(client_p, "ERROR :No matching hub_mask"); sendto_realops_snomask(SNO_GENERAL, L_ALL, "Non-Hub link %s introduced %s.", client_p->name, parv[1]); ilog(L_SERVER, "Non-Hub link %s introduced %s.", client_p->name, parv[1]); - exit_client(NULL, client_p, &me, "No matching hub_mask."); + + rb_snprintf(squitreason, sizeof squitreason, + "No matching hub_mask for %s", + parv[1]); + exit_client(NULL, client_p, &me, squitreason); return 0; } /* matching leaf_mask */ if(llined) { - sendto_one(client_p, "ERROR :Matching leaf_mask"); sendto_realops_snomask(SNO_GENERAL, L_ALL, "Link %s introduced leafed server %s.", client_p->name, parv[1]); ilog(L_SERVER, "Link %s introduced leafed server %s.", client_p->name, parv[1]); - exit_client(NULL, client_p, &me, "Leafed Server."); + + rb_snprintf(squitreason, sizeof squitreason, + "Matching leaf_mask for %s", + parv[1]); + exit_client(NULL, client_p, &me, squitreason); return 0; } From 77a742c11c00cbcff4ab93f82412514cb2f7cddc Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 01:33:18 +0200 Subject: [PATCH 096/113] Remove check that cannot happen due to minparc in Message struct. --- modules/core/m_server.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/core/m_server.c b/modules/core/m_server.c index ba3d446..dc05c00 100644 --- a/modules/core/m_server.c +++ b/modules/core/m_server.c @@ -332,11 +332,6 @@ ms_server(struct Client *client_p, struct Client *source_p, int parc, const char * add it to list and propagate word to my other * server links... */ - if(parc == 1 || EmptyString(info)) - { - sendto_one(client_p, "ERROR :No server info specified for %s", name); - return 0; - } /* * See if the newly found server is behind a guaranteed From 4137c21c963affbdc4d26c2e0b28460551b1863e Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 15:13:28 +0200 Subject: [PATCH 097/113] Close the link that sends an invalid UID. It does not make sense to send a kill using an invlid identifier to an obviously broken server, as was previously done. --- modules/core/m_nick.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/modules/core/m_nick.c b/modules/core/m_nick.c index 7d0996c..292d5ca 100644 --- a/modules/core/m_nick.c +++ b/modules/core/m_nick.c @@ -404,6 +404,7 @@ ms_uid(struct Client *client_p, struct Client *source_p, int parc, const char *p { struct Client *target_p; time_t newts = 0; + char squitreason[120]; newts = atol(parv[3]); @@ -425,6 +426,15 @@ ms_uid(struct Client *client_p, struct Client *source_p, int parc, const char *p return 0; } + if(!clean_uid(parv[8])) + { + rb_snprintf(squitreason, sizeof squitreason, + "Invalid UID %s for nick %s on %s", + parv[8], parv[1], source_p->name); + exit_client(client_p, client_p, client_p, squitreason); + return 0; + } + if(!clean_username(parv[5]) || !clean_host(parv[6])) { ServerStats.is_kill++; @@ -435,16 +445,6 @@ ms_uid(struct Client *client_p, struct Client *source_p, int parc, const char *p return 0; } - if(!clean_uid(parv[8])) - { - ServerStats.is_kill++; - sendto_realops_snomask(SNO_DEBUG, L_ALL, - "Bad UID: %s From: %s(via %s)", - parv[8], source_p->name, client_p->name); - sendto_one(client_p, ":%s KILL %s :%s (Bad UID)", me.id, parv[8], me.name); - return 0; - } - /* check length of clients gecos */ if(strlen(parv[9]) > REALLEN) { @@ -492,6 +492,7 @@ ms_euid(struct Client *client_p, struct Client *source_p, int parc, const char * { struct Client *target_p; time_t newts = 0; + char squitreason[120]; newts = atol(parv[3]); @@ -513,6 +514,15 @@ ms_euid(struct Client *client_p, struct Client *source_p, int parc, const char * return 0; } + if(!clean_uid(parv[8])) + { + rb_snprintf(squitreason, sizeof squitreason, + "Invalid UID %s for nick %s on %s", + parv[8], parv[1], source_p->name); + exit_client(client_p, client_p, client_p, squitreason); + return 0; + } + if(!clean_username(parv[5]) || !clean_host(parv[6])) { ServerStats.is_kill++; @@ -523,16 +533,6 @@ ms_euid(struct Client *client_p, struct Client *source_p, int parc, const char * return 0; } - if(!clean_uid(parv[8])) - { - ServerStats.is_kill++; - sendto_realops_snomask(SNO_DEBUG, L_ALL, - "Bad UID: %s From: %s(via %s)", - parv[8], source_p->name, client_p->name); - sendto_one(client_p, ":%s KILL %s :%s (Bad UID)", me.id, parv[8], me.name); - return 0; - } - if(strcmp(parv[9], "*") && !clean_host(parv[9])) { ServerStats.is_kill++; From 73f50e08ea1c1ceec9af51f8e8d8a127d25d40cc Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 6 Sep 2008 21:49:45 +0200 Subject: [PATCH 098/113] Fix possible crash with m_mkpasswd extension. --- extensions/m_mkpasswd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/m_mkpasswd.c b/extensions/m_mkpasswd.c index b59997b..16b76f1 100644 --- a/extensions/m_mkpasswd.c +++ b/extensions/m_mkpasswd.c @@ -56,7 +56,7 @@ m_mkpasswd(struct Client *client_p, struct Client *source_p, int parc, const cha if((last_used + ConfigFileEntry.pace_wait) > rb_current_time()) { /* safe enough to give this on a local connect only */ - sendto_one(source_p, form_str(RPL_LOAD2HI), me.name, parv[0]); + sendto_one(source_p, form_str(RPL_LOAD2HI), me.name, parv[0], "MKPASSWD"); return 0; } else From 663bbb2836ae406fadd19d8807519f5bb7071a8a Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sun, 7 Sep 2008 01:18:58 +0200 Subject: [PATCH 099/113] Add need_ssl to auth{} and operator{}. Specifying need_ssl on auth{} denies the connection if it is not SSL/TLS, much like need_ident or need_sasl. Specifying need_ssl on operator{} refuses opering with ERR_NOOPERHOST if the connection is not SSL/TLS. from ircd-ratbox --- doc/reference.conf | 2 ++ include/s_conf.h | 2 ++ include/s_newconf.h | 2 ++ modules/m_challenge.c | 16 ++++++++++++++++ modules/m_oper.c | 16 ++++++++++++++++ src/newconf.c | 2 ++ src/s_user.c | 8 ++++++++ 7 files changed, 48 insertions(+) diff --git a/doc/reference.conf b/doc/reference.conf index 02a9ef0..eae53c1 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -332,6 +332,7 @@ auth { * USE WITH CAUTION. * no_tilde (old - flag) | don't prefix ~ to username if no ident * need_ident (old + flag) | require ident for user in this class + * need_ssl | require SSL/TLS for user in this class * need_sasl | require SASL id for user in this class */ flags = kline_exempt, exceed_limit; @@ -407,6 +408,7 @@ operator "god" { * Available options: * * encrypted: the password above is encrypted [DEFAULT] + * need_ssl: must be using SSL/TLS to oper up * local_kill: allows local users to be /KILL'd * global_kill: allows local and remote users to be * /KILL'd (OLD 'O' flag) diff --git a/include/s_conf.h b/include/s_conf.h index b556ff0..bb2e162 100644 --- a/include/s_conf.h +++ b/include/s_conf.h @@ -89,6 +89,7 @@ struct ConfItem /* Generic flags... */ #define CONF_FLAGS_TEMPORARY 0x00800000 +#define CONF_FLAGS_NEED_SSL 0x00000002 /* auth{} flags... */ #define CONF_FLAGS_NO_TILDE 0x00000004 #define CONF_FLAGS_NEED_IDENTD 0x00000008 @@ -122,6 +123,7 @@ struct ConfItem #define IsConfEncrypted(x) ((x)->flags & CONF_FLAGS_ENCRYPTED) #define IsNeedSasl(x) ((x)->flags & CONF_FLAGS_NEED_SASL) #define IsConfExemptDNSBL(x) ((x)->flags & CONF_FLAGS_EXEMPTDNSBL) +#define IsConfSSLNeeded(x) ((x)->flags & CONF_FLAGS_NEED_SSL) /* flag definitions for opers now in client.h */ diff --git a/include/s_newconf.h b/include/s_newconf.h index d3f9b1f..0598343 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -157,6 +157,7 @@ extern void cluster_generic(struct Client *, const char *, int cltype, #define OPER_SPY 0x10000 #define OPER_REMOTEBAN 0x20000 #define OPER_MASSNOTICE 0x40000 +#define OPER_NEEDSSL 0x80000 /* 0x400000 and above are in client.h */ #define OPER_FLAGS (OPER_KLINE|OPER_UNKLINE|OPER_LOCKILL|OPER_GLOBKILL|\ @@ -166,6 +167,7 @@ extern void cluster_generic(struct Client *, const char *, int cltype, OPER_REMOTEBAN|OPER_MASSNOTICE) #define IsOperConfEncrypted(x) ((x)->flags & OPER_ENCRYPTED) +#define IsOperConfNeedSSL(x) ((x)->flags & OPER_NEEDSSL) #define HasPrivilege(x, y) ((x)->localClient != NULL && (x)->localClient->privset != NULL && privilegeset_in_set((x)->localClient->privset, (y))) diff --git a/modules/m_challenge.c b/modules/m_challenge.c index ea7c128..e0b9dbe 100644 --- a/modules/m_challenge.c +++ b/modules/m_challenge.c @@ -223,6 +223,22 @@ m_challenge(struct Client *client_p, struct Client *source_p, int parc, const ch return 0; } + if(IsOperConfNeedSSL(oper_p) && !IsSSLClient(source_p)) + { + sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); + ilog(L_FOPER, "FAILED CHALLENGE (%s) by (%s!%s@%s) (%s) -- requires SSL/TLS", + parv[1], source_p->name, source_p->username, source_p->host, + source_p->sockhost); + + if(ConfigFileEntry.failed_oper_notice) + { + sendto_realops_snomask(SNO_GENERAL, L_ALL, + "Failed CHALLENGE attempt - missing SSL/TLS by %s (%s@%s)", + source_p->name, source_p->username, source_p->host); + } + return 0; + } + if(!generate_challenge(&challenge, &(source_p->localClient->challenge), oper_p->rsa_pubkey)) { char *chal = challenge; diff --git a/modules/m_oper.c b/modules/m_oper.c index 2a8a2f0..1b0b7c9 100644 --- a/modules/m_oper.c +++ b/modules/m_oper.c @@ -100,6 +100,22 @@ m_oper(struct Client *client_p, struct Client *source_p, int parc, const char *p return 0; } + if(IsOperConfNeedSSL(oper_p) && !IsSSLClient(source_p)) + { + sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name); + ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s) -- requires SSL/TLS", + name, source_p->name, + source_p->username, source_p->host, source_p->sockhost); + + if(ConfigFileEntry.failed_oper_notice) + { + sendto_realops_snomask(SNO_GENERAL, L_ALL, + "Failed OPER attempt - missing SSL/TLS by %s (%s@%s)", + source_p->name, source_p->username, source_p->host); + } + return 0; + } + if(match_oper_password(password, oper_p)) { oper_up(source_p, oper_p); diff --git a/src/newconf.c b/src/newconf.c index 33bd7e0..2cde3ad 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -325,6 +325,7 @@ static struct mode_table oper_table[] = { {"hidden_oper", OPER_INVIS }, {"remoteban", OPER_REMOTEBAN }, {"mass_notice", OPER_MASSNOTICE }, + {"need_ssl", OPER_NEEDSSL }, {NULL, 0} }; @@ -342,6 +343,7 @@ static struct mode_table auth_table[] = { {"no_tilde", CONF_FLAGS_NO_TILDE }, {"need_ident", CONF_FLAGS_NEED_IDENTD }, {"have_ident", CONF_FLAGS_NEED_IDENTD }, + {"need_ssl", CONF_FLAGS_NEED_SSL }, {"need_sasl", CONF_FLAGS_NEED_SASL }, {NULL, 0} }; diff --git a/src/s_user.c b/src/s_user.c index 6c81df8..7405256 100644 --- a/src/s_user.c +++ b/src/s_user.c @@ -314,6 +314,14 @@ register_local_user(struct Client *client_p, struct Client *source_p, const char return (CLIENT_EXITED); } + if(IsConfSSLNeeded(aconf) && !IsSSL(source_p)) + { + ServerStats.is_ref++; + sendto_one_notice(source_p, ":*** Notice -- You need to use SSL/TLS to use this server"); + exit_client(client_p, source_p, &me, "Use SSL/TLS"); + return (CLIENT_EXITED); + } + if(!IsGotId(source_p)) { const char *p; From 90b9ef6c6df5c851418d40e6cb4d33061cb3ccaf Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 18:40:57 +0200 Subject: [PATCH 100/113] Fix indentation. --- modules/m_stats.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/m_stats.c b/modules/m_stats.c index 653a0e1..8a8ba47 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -949,9 +949,9 @@ static struct shared_flags shared_flagtable[] = { SHARED_UNRESV, 'R' }, { SHARED_LOCOPS, 'L' }, { SHARED_REHASH, 'H' }, - { SHARED_TDLINE, 'd' }, - { SHARED_PDLINE, 'D' }, - { SHARED_UNDLINE, 'E' }, + { SHARED_TDLINE, 'd' }, + { SHARED_PDLINE, 'D' }, + { SHARED_UNDLINE, 'E' }, { 0, '\0'} }; From 3c80e9d634777b98f91ab22120066fdf965ffe6e Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 18:42:59 +0200 Subject: [PATCH 101/113] Avoid hardcoding the number of shared{} flags another time. --- modules/m_stats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/m_stats.c b/modules/m_stats.c index 8a8ba47..b1c68ec 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -961,7 +961,7 @@ stats_shared (struct Client *source_p) { struct remote_conf *shared_p; rb_dlink_node *ptr; - char buf[15]; + char buf[sizeof(shared_flagtable)/sizeof(shared_flagtable[0])]; char *p; int i; From 92ee45c4b8cfd8d5b3d04b4c2565319e1743a6dd Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 21:46:12 +0200 Subject: [PATCH 102/113] Document need_ssl flags in example.conf. --- doc/example.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/example.conf b/doc/example.conf index 09a5189..57354ac 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -172,6 +172,7 @@ auth { * USE WITH CAUTION. * no_tilde (old - flag) | don't prefix ~ to username if no ident * need_ident (old + flag) | require ident for user in this class + * need_ssl | require SSL/TLS for user in this class * need_sasl | require SASL id for user in this class */ flags = kline_exempt, exceed_limit; @@ -247,6 +248,7 @@ operator "god" { * Available options: * * encrypted: the password above is encrypted [DEFAULT] + * need_ssl: must be using SSL/TLS to oper up * local_kill: allows local users to be /KILL'd * global_kill: allows local and remote users to be * /KILL'd (OLD 'O' flag) From 850b23f3a94759a861c6aea35440e09d6e7cc916 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 21:51:26 +0200 Subject: [PATCH 103/113] Remove old oper privilege flags. --- doc/example.conf | 28 ++-------------------------- doc/reference.conf | 24 ------------------------ include/s_newconf.h | 23 +---------------------- src/newconf.c | 19 +------------------ 4 files changed, 4 insertions(+), 90 deletions(-) diff --git a/doc/example.conf b/doc/example.conf index 57354ac..6b11a56 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -241,38 +241,14 @@ operator "god" { /* privileges: controls the activities and commands an oper is * allowed to do on the server. You may prefix an option with ~ to - * disable it, ie ~operwall + * disable it, ie ~encrypted. * - * Default flags are operwall, remoteban and encrypted. + * Default flags are encrypted. * * Available options: * * encrypted: the password above is encrypted [DEFAULT] * need_ssl: must be using SSL/TLS to oper up - * local_kill: allows local users to be /KILL'd - * global_kill: allows local and remote users to be - * /KILL'd (OLD 'O' flag) - * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) - * kline: allows KLINE and DLINE (OLD 'K' flag) - * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) - * nick_changes: allows oper to see nickchanges (OLD 'N' flag) - * via snomask +n - * rehash: allows oper to REHASH config (OLD 'H' flag) - * die: allows DIE and RESTART (OLD 'D' flag) - * admin: gives admin privileges. admins - * may (un)load modules and see the - * real IPs of servers. - * hidden_admin: gives admin privileges except - * will not have the admin lines in - * stats p and whois. - * xline: allows use of /quote xline/unxline - * resv: allows /quote resv/unresv and cmode +LP [DEFAULT] - * operwall: allows the oper to send/receive operwalls [DEFAULT] - * oper_spy: allows 'operspy' features to see through +s - * channels etc. see /quote help operspy - * hidden_oper: hides the oper from /stats p (OLD UMODE +p) - * remoteban: allows remote kline etc [DEFAULT] - * mass_notice: allows sending wallops and mass notices [DEFAULT] */ flags = global_kill, remote, kline, unkline, die, rehash, admin, xline, operwall; diff --git a/doc/reference.conf b/doc/reference.conf index eae53c1..0ddf1c7 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -409,30 +409,6 @@ operator "god" { * * encrypted: the password above is encrypted [DEFAULT] * need_ssl: must be using SSL/TLS to oper up - * local_kill: allows local users to be /KILL'd - * global_kill: allows local and remote users to be - * /KILL'd (OLD 'O' flag) - * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) - * kline: allows KLINE and DLINE (OLD 'K' flag) - * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) - * nick_changes: allows oper to see nickchanges (OLD 'N' flag) - * via snomask +n - * rehash: allows oper to REHASH config (OLD 'H' flag) - * die: allows DIE and RESTART (OLD 'D' flag) - * admin: gives admin privileges. admins - * may (un)load modules and see the - * real IPs of servers. - * hidden_admin: gives admin privileges except - * will not have the admin lines in - * stats p and whois. - * xline: allows use of /quote xline/unxline - * resv: allows /quote resv/unresv and cmode +LP [DEFAULT] - * operwall: allows the oper to send/receive operwalls [DEFAULT] - * oper_spy: allows 'operspy' features to see through +s - * channels etc. see /quote help operspy - * hidden_oper: hides the oper from /stats p (OLD UMODE +p) - * remoteban: allows remote kline etc [DEFAULT] - * mass_notice: allows sending wallops and mass notices [DEFAULT] */ flags = global_kill, remote, kline, unkline, die, rehash, admin, xline, operwall; diff --git a/include/s_newconf.h b/include/s_newconf.h index 0598343..916cf77 100644 --- a/include/s_newconf.h +++ b/include/s_newconf.h @@ -140,31 +140,10 @@ extern void cluster_generic(struct Client *, const char *, int cltype, int cap, const char *format, ...); #define OPER_ENCRYPTED 0x00001 -#define OPER_KLINE 0x00002 -#define OPER_UNKLINE 0x00004 -#define OPER_LOCKILL 0x00008 -#define OPER_GLOBKILL 0x00010 -#define OPER_REMOTE 0x00020 -#define OPER_XLINE 0x00080 -#define OPER_RESV 0x00100 -#define OPER_NICKS 0x00200 -#define OPER_REHASH 0x00400 -#define OPER_DIE 0x00800 -#define OPER_ADMIN 0x01000 -#define OPER_HADMIN 0x02000 -#define OPER_OPERWALL 0x04000 -#define OPER_INVIS 0x08000 -#define OPER_SPY 0x10000 -#define OPER_REMOTEBAN 0x20000 -#define OPER_MASSNOTICE 0x40000 #define OPER_NEEDSSL 0x80000 /* 0x400000 and above are in client.h */ -#define OPER_FLAGS (OPER_KLINE|OPER_UNKLINE|OPER_LOCKILL|OPER_GLOBKILL|\ - OPER_REMOTE|OPER_XLINE|OPER_RESV|\ - OPER_NICKS|OPER_REHASH|OPER_DIE|OPER_ADMIN|\ - OPER_HADMIN|OPER_OPERWALL|OPER_INVIS|OPER_SPY|\ - OPER_REMOTEBAN|OPER_MASSNOTICE) +#define OPER_FLAGS 0 /* no oper privs in Client.flags2/oper_conf.flags currently */ #define IsOperConfEncrypted(x) ((x)->flags & OPER_ENCRYPTED) #define IsOperConfNeedSSL(x) ((x)->flags & OPER_NEEDSSL) diff --git a/src/newconf.c b/src/newconf.c index 2cde3ad..6fe62dd 100644 --- a/src/newconf.c +++ b/src/newconf.c @@ -308,23 +308,6 @@ static struct mode_table umode_table[] = { static struct mode_table oper_table[] = { {"encrypted", OPER_ENCRYPTED }, - {"local_kill", OPER_LOCKILL }, - {"global_kill", OPER_GLOBKILL|OPER_LOCKILL }, - {"remote", OPER_REMOTE }, - {"kline", OPER_KLINE }, - {"unkline", OPER_UNKLINE }, - {"nick_changes", OPER_NICKS }, - {"rehash", OPER_REHASH }, - {"die", OPER_DIE }, - {"admin", OPER_ADMIN }, - {"hidden_admin", OPER_HADMIN }, - {"xline", OPER_XLINE }, - {"resv", OPER_RESV }, - {"operwall", OPER_OPERWALL }, - {"oper_spy", OPER_SPY }, - {"hidden_oper", OPER_INVIS }, - {"remoteban", OPER_REMOTEBAN }, - {"mass_notice", OPER_MASSNOTICE }, {"need_ssl", OPER_NEEDSSL }, {NULL, 0} }; @@ -525,7 +508,7 @@ conf_begin_oper(struct TopConf *tc) } yy_oper = make_oper_conf(); - yy_oper->flags |= OPER_ENCRYPTED|OPER_RESV|OPER_OPERWALL|OPER_REMOTEBAN|OPER_MASSNOTICE; + yy_oper->flags |= OPER_ENCRYPTED; return 0; } From 1a745bf1a55185ccbba09fd6e4fa0202cef9b58d Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 9 Sep 2008 23:32:19 +0200 Subject: [PATCH 104/113] Update SGML docs for need_ssl and new oper priv system. --- doc/sgml/oper-guide/config.sgml | 65 +++++++++++++++++++++++++++++---- doc/sgml/oper-guide/oprivs.sgml | 45 ++++++++++------------- 2 files changed, 77 insertions(+), 33 deletions(-) diff --git a/doc/sgml/oper-guide/config.sgml b/doc/sgml/oper-guide/config.sgml index fc44fb7..4c6207f 100644 --- a/doc/sgml/oper-guide/config.sgml +++ b/doc/sgml/oper-guide/config.sgml @@ -410,6 +410,12 @@ auth { Users in this auth{} block must have identd, otherwise they will be rejected. + + need_ssl + + Users in this auth{} block must be connected via SSL/TLS, otherwise they will be rejected. + + need_sasl @@ -442,6 +448,33 @@ exempt { + + privset {} block + +privset { + extends = "name"; + privs = list; +}; + + A privset (privilege set) block specifies a set of + operator privileges. + + + privset {} variables + + extends + + An optional privset to inherit. The new privset will have all privileges that the given privset has. + + + + privs + + Privileges to grant to this privset. These are described in the operator privileges section. + + + + operator {} block @@ -510,19 +543,35 @@ operator "name" { - flags + privset - A listing of privileges granted to operators using this block. - By default, the mass_notice, operwall, remoteban and resv privileges are granted; - use ~mass_notice, ~operwall, ~remoteban and ~resv to disable them if necessary. - - - In addition, a flag designating if the password is encrypted is here. - Privileges are documented elsewhere in this guide. + The privilege set granted to successfully opered clients. + This must be defined before this operator{} block. + + flags + + A list of flags to apply to this operator{} block. They are listed below. + + + + + operator {} flags + + encrypted + + The password used has been encrypted. This is enabled by default, use ~encrypted to disable it. + + + + need_ssl + + Restricts use of this operator{} block to SSL/TLS connections only. + + diff --git a/doc/sgml/oper-guide/oprivs.sgml b/doc/sgml/oper-guide/oprivs.sgml index fb5213e..1e776b1 100644 --- a/doc/sgml/oper-guide/oprivs.sgml +++ b/doc/sgml/oper-guide/oprivs.sgml @@ -3,12 +3,10 @@ Meanings of oper privileges - These are flags in operator{}. - The letter appears after opering up and in /stats o; an uppercase - letter means the privilege is possessed, lowercase means it is not. + These are specified in privset{}. - admin (A), server administrator + oper:admin, server administrator Various privileges intended for server administrators. Among other things, this automatically sets umode +a and allows @@ -16,7 +14,7 @@ - remoteban (B), set remote bans + oper:remoteban, set remote bans This grants the ability to use the ON argument on DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set @@ -26,46 +24,46 @@ If a cluster{} block is present, bans are sent remotely even - if the oper does not have remoteban privilege. + if the oper does not have oper:remoteban privilege. - local_kill (C), kill local users + oper:local_kill, kill local users This grants permission to use KILL on users on the same server, disconnecting them from the network. - die (D), die and restart + oper:die, die and restart This grants permission to use DIE and RESTART, shutting down or restarting the server. - rehash (H), rehash + oper:rehash, rehash Allows using the REHASH command, to rehash various configuration files or clear certain lists. - kline (K), kline and dline + oper:kline, kline and dline Allows using KLINE and DLINE, to ban users by user@host mask or IP address. - operwall (L), send/receive operwall + oper:operwall, send/receive operwall Allows using the OPERWALL command and umode +z to send and receive operwalls. - mass_notice (M), global notices and wallops + oper:mass_notice, global notices and wallops Allows using server name ($$mask) and hostname ($#mask) masks in NOTICE and PRIVMSG to send a message to all matching users, and @@ -74,20 +72,20 @@ - nick_changes (N), see nick changes + snomask:nick_changes, see nick changes Allows using snomask +n to see local client nick changes. This is designed for monitor bots. - global_kill (O), global kill + oper:global_kill, global kill Allows using KILL on users on any server. - hidden_oper (P), hide from /stats p + oper:hidden, hide from /stats p This privilege currently does nothing, but was designed to hide bots from /stats p so users will not message them @@ -95,14 +93,14 @@ - resv (Q), channel control + oper:resv, channel control This allows using /resv, /unresv and changing the channel modes +L and +P. - remote (R), remote routing + oper:remote, remote routing This allows using the third argument of the CONNECT command, to instruct another server to connect somewhere, and using SQUIT @@ -111,7 +109,7 @@ - oper_spy (S), use operspy + oper:spy, use operspy This allows using /mode !#channel, /whois !nick, /who !#channel, /chantrace !#channel, /who !mask, /masktrace !user@host :gecos @@ -133,27 +131,24 @@ - unkline (U), unkline and undline + oper:unkline, unkline and undline Allows using UNKLINE and UNDLINE. - xline (X), xline and unxline + oper:xline, xline and unxline Allows using XLINE and UNXLINE, to ban/unban users by realname. - hidden_admin, hidden administrator + oper:hidden_admin, hidden administrator This grants everything granted to the admin privilege, - except the ability to set umode +a. If both admin and hidden_admin + except the ability to set umode +a. If both oper:admin and oper:hidden_admin are possessed, umode +a can still not be used. - - This privilege does not appear in /stats o or oper up notices. - From d2e3bb4a19285635d8da71558795956d0168a007 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 00:29:15 +0200 Subject: [PATCH 105/113] Pick up remote to oper:routing change. --- doc/sgml/oper-guide/oprivs.sgml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/sgml/oper-guide/oprivs.sgml b/doc/sgml/oper-guide/oprivs.sgml index 1e776b1..de3a1cf 100644 --- a/doc/sgml/oper-guide/oprivs.sgml +++ b/doc/sgml/oper-guide/oprivs.sgml @@ -100,7 +100,7 @@ - oper:remote, remote routing + oper:routing, remote routing This allows using the third argument of the CONNECT command, to instruct another server to connect somewhere, and using SQUIT From ebe5601796be4881523149bba1fced167fdf210e Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 00:32:22 +0200 Subject: [PATCH 106/113] Document privsets in the example confs. --- doc/example.conf | 14 ++++----- doc/reference.conf | 71 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 68 insertions(+), 17 deletions(-) diff --git a/doc/example.conf b/doc/example.conf index 6b11a56..688c2de 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -186,7 +186,9 @@ auth { class = "users"; }; -/* privsets... XXX document me later */ +/* privset {} blocks MUST be specified before anything that uses them. That + * means they must be defined before operator {}. + */ privset "local_op" { privs = oper:local_kill, oper:operwall; }; @@ -239,9 +241,8 @@ operator "god" { */ snomask = "+Zbfkrsuy"; - /* privileges: controls the activities and commands an oper is - * allowed to do on the server. You may prefix an option with ~ to - * disable it, ie ~encrypted. + /* flags: misc options for the operator. You may prefix an option + * with ~ to disable it, e.g. ~encrypted. * * Default flags are encrypted. * @@ -250,10 +251,9 @@ operator "god" { * encrypted: the password above is encrypted [DEFAULT] * need_ssl: must be using SSL/TLS to oper up */ - flags = global_kill, remote, kline, unkline, - die, rehash, admin, xline, operwall; + flags = encrypted; - /* privset: replaces flags */ + /* privset: privileges set to grant */ privset = "admin"; }; diff --git a/doc/reference.conf b/doc/reference.conf index 0ddf1c7..5ff7fdc 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -18,6 +18,9 @@ * that matches a user will be used. So place spoofs first, then specials, * then general access, then restricted. * + * privset {} blocks MUST be specified before anything that uses them. That + * means they must be defined before operator {}. + * * Both shell style (#) and C style comments are supported. * * Files may be included by either: @@ -362,10 +365,57 @@ auth { flags = need_ident; }; -/* operator {}: defines ircd operators. (OLD O:) - * charybdis no longer supports local operators, privileges are - * controlled via flags. - */ +/* privset{}: defines operator privilege sets. */ +privset "local_op" { + /* privs: controls the activities and commands an oper is + * allowed to do on the server + * + * Available options: + * + * oper:local_kill: allows local users to be /KILL'd + * oper:global_kill: allows local and remote users to be /KILL'd + * oper:remote: allows remote SQUIT and CONNECT + * oper:kline: allows KLINE and DLINE + * oper:unkline: allows UNKLINE and UNDLINE + * snomask:nick_changes: allows oper to see nickchanges via snomask +n + * oper:rehash: allows oper to REHASH config + * oper:die: allows DIE and RESTART + * oper:admin: gives admin privileges. admins + * may (un)load modules and see various + * additional information. + * oper:hidden_admin: gives admin privileges except + * will not have the admin lines in + * whois. + * oper:xline: allows use of /quote xline/unxline + * oper:resv: allows /quote resv/unresv and cmode +LP + * oper:operwall: allows the oper to send/receive operwalls + * oper:spy: allows 'operspy' features to see through +s + * channels etc. see /quote help operspy + * oper:hidden: hides the oper from /stats p + * oper:remoteban: allows remote kline etc + * oper:mass_notice: allows sending wallops and mass notices + */ + privs = oper:local_kill, oper:operwall; +}; + +privset "server_bot" { + /* extends: a privset to inherit in this privset */ + extends = "local_op"; + privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes; +}; + +privset "global_op" { + extends = "local_op"; + privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, + oper:resv, oper:mass_notice, oper:remoteban; +}; + +privset "admin" { + extends = "global_op"; + privs = oper:admin, oper:die, oper:rehash, oper:spy; +}; + +/* operator {}: defines ircd operators. (OLD O:) */ operator "god" { /* name: the name of the oper must go above */ @@ -399,19 +449,20 @@ operator "god" { */ snomask = "+Zbfkrsuy"; - /* privileges: controls the activities and commands an oper is - * allowed to do on the server. You may prefix an option with ~ to - * disable it, ie ~operwall + /* flags: misc options for the operator. You may prefix an option + * with ~ to disable it, e.g. ~encrypted. * - * Default flags are operwall, remoteban and encrypted. + * Default flags are encrypted. * * Available options: * * encrypted: the password above is encrypted [DEFAULT] * need_ssl: must be using SSL/TLS to oper up */ - flags = global_kill, remote, kline, unkline, - die, rehash, admin, xline, operwall; + flags = encrypted; + + /* privset: privileges set to grant */ + privset = "admin"; }; /* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */ From 88d08e8496c97ba4a451456deff902e6fd5d987b Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 00:34:52 +0200 Subject: [PATCH 107/113] Fix oper:remote in reference.conf. --- doc/reference.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/reference.conf b/doc/reference.conf index 5ff7fdc..08d9508 100755 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -374,7 +374,7 @@ privset "local_op" { * * oper:local_kill: allows local users to be /KILL'd * oper:global_kill: allows local and remote users to be /KILL'd - * oper:remote: allows remote SQUIT and CONNECT + * oper:routing: allows remote SQUIT and CONNECT * oper:kline: allows KLINE and DLINE * oper:unkline: allows UNKLINE and UNDLINE * snomask:nick_changes: allows oper to see nickchanges via snomask +n From 637b590f9ea45a66dfb056dd3bdea18a302f8a84 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 00:46:20 +0200 Subject: [PATCH 108/113] Put oper privileges in alphabetical order in the sgml docs. --- doc/sgml/oper-guide/oprivs.sgml | 124 ++++++++++++++++---------------- 1 file changed, 62 insertions(+), 62 deletions(-) diff --git a/doc/sgml/oper-guide/oprivs.sgml b/doc/sgml/oper-guide/oprivs.sgml index de3a1cf..a358240 100644 --- a/doc/sgml/oper-guide/oprivs.sgml +++ b/doc/sgml/oper-guide/oprivs.sgml @@ -13,27 +13,6 @@ loading modules. - - oper:remoteban, set remote bans - - This grants the ability to use the ON argument on - DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set - and unset bans on other servers, and the server argument on REHASH. - This is only allowed if the oper may perform the action locally, - and if the remote server has a shared{} block. - - - If a cluster{} block is present, bans are sent remotely even - if the oper does not have oper:remoteban privilege. - - - - oper:local_kill, kill local users - - This grants permission to use KILL on users on the same server, - disconnecting them from the network. - - oper:die, die and restart @@ -41,43 +20,6 @@ or restarting the server. - - oper:rehash, rehash - - Allows using the REHASH command, to rehash various configuration - files or clear certain lists. - - - - oper:kline, kline and dline - - Allows using KLINE and DLINE, to ban users by user@host mask - or IP address. - - - - oper:operwall, send/receive operwall - - Allows using the OPERWALL command and umode +z to send and - receive operwalls. - - - - oper:mass_notice, global notices and wallops - - Allows using server name ($$mask) and hostname ($#mask) masks in - NOTICE and PRIVMSG to send a message to all matching users, and - allows using the WALLOPS command to send a message to all users - with umode +w set. - - - - snomask:nick_changes, see nick changes - - Allows using snomask +n to see local client nick changes. - This is designed for monitor bots. - - oper:global_kill, global kill @@ -92,6 +34,65 @@ for help. + + oper:hidden_admin, hidden administrator + + This grants everything granted to the oper:admin privilege, + except the ability to set umode +a. If both oper:admin and oper:hidden_admin + are possessed, umode +a can still not be used. + + + + oper:kline, kline and dline + + Allows using KLINE and DLINE, to ban users by user@host mask + or IP address. + + + + oper:local_kill, kill local users + + This grants permission to use KILL on users on the same server, + disconnecting them from the network. + + + + oper:mass_notice, global notices and wallops + + Allows using server name ($$mask) and hostname ($#mask) masks in + NOTICE and PRIVMSG to send a message to all matching users, and + allows using the WALLOPS command to send a message to all users + with umode +w set. + + + + oper:operwall, send/receive operwall + + Allows using the OPERWALL command and umode +z to send and + receive operwalls. + + + + oper:rehash, rehash + + Allows using the REHASH command, to rehash various configuration + files or clear certain lists. + + + + oper:remoteban, set remote bans + + This grants the ability to use the ON argument on + DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set + and unset bans on other servers, and the server argument on REHASH. + This is only allowed if the oper may perform the action locally, + and if the remote server has a shared{} block. + + + If a cluster{} block is present, bans are sent remotely even + if the oper does not have oper:remoteban privilege. + + oper:resv, channel control @@ -143,11 +144,10 @@ - oper:hidden_admin, hidden administrator + snomask:nick_changes, see nick changes - This grants everything granted to the admin privilege, - except the ability to set umode +a. If both oper:admin and oper:hidden_admin - are possessed, umode +a can still not be used. + Allows using snomask +n to see local client nick changes. + This is designed for monitor bots. From 5ee5c31c51e51ad1f5968caa04c6dde4176eef33 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 18:46:03 +0200 Subject: [PATCH 109/113] Note extra server wallops in recent versions. --- doc/sgml/oper-guide/umodes.sgml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/sgml/oper-guide/umodes.sgml b/doc/sgml/oper-guide/umodes.sgml index 6d64c54..5cbfae7 100644 --- a/doc/sgml/oper-guide/umodes.sgml +++ b/doc/sgml/oper-guide/umodes.sgml @@ -165,7 +165,8 @@ Users with the +w umode set will receive WALLOPS messages sent by opers. Opers with +w additionally receive WALLOPS sent by servers (e.g. - remote CONNECT, remote SQUIT, many services packages). + remote CONNECT, remote SQUIT, various severe misconfigurations, + many services packages). From 72bb40038d2c77aa1ef78c1a154a60d361b6f4a9 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Sat, 13 Sep 2008 19:10:57 +0200 Subject: [PATCH 110/113] Enhance description of umode +S. --- doc/sgml/oper-guide/umodes.sgml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/sgml/oper-guide/umodes.sgml b/doc/sgml/oper-guide/umodes.sgml index 5cbfae7..720e38a 100644 --- a/doc/sgml/oper-guide/umodes.sgml +++ b/doc/sgml/oper-guide/umodes.sgml @@ -147,8 +147,10 @@ This umode grants various features useful for services. For example, clients with this umode cannot be kicked or deopped on channels, - do not show channels the querying user is not on in WHOIS, - and do not appear in /stats p. + can send to any channel, do not show channels in WHOIS, + can be the target of services aliases and do not appear in /stats p. + No server notices are sent for hostname changes by services clients; + server notices about kills are sent to snomask +k instead of +s. The exact effects of this umode are variable; no user or oper on From 18c12212b773feed647a5e0b1fe1a0af3d308267 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Tue, 16 Sep 2008 22:53:44 +0200 Subject: [PATCH 111/113] Add more detail in squit reason for certain invalid NICK/UID/EUID commands. --- modules/core/m_nick.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/modules/core/m_nick.c b/modules/core/m_nick.c index 292d5ca..9db4a77 100644 --- a/modules/core/m_nick.c +++ b/modules/core/m_nick.c @@ -318,6 +318,7 @@ ms_nick(struct Client *client_p, struct Client *source_p, int parc, const char * { struct Client *target_p; time_t newts = 0; + char squitreason[100]; if(parc != 9) { @@ -326,7 +327,10 @@ ms_nick(struct Client *client_p, struct Client *source_p, int parc, const char * "with %d arguments (expecting 9)", client_p->name, parc); ilog(L_SERVER, "Excess parameters (%d) for command 'NICK' from %s.", parc, client_p->name); - exit_client(client_p, client_p, client_p, "Excess parameters to NICK command"); + rb_snprintf(squitreason, sizeof squitreason, + "Excess parameters (%d) to %s command, expecting %d", + parc, "NICK", 9); + exit_client(client_p, client_p, client_p, squitreason); return 0; } @@ -415,7 +419,10 @@ ms_uid(struct Client *client_p, struct Client *source_p, int parc, const char *p "with %d arguments (expecting 10)", client_p->name, parc); ilog(L_SERVER, "Excess parameters (%d) for command 'UID' from %s.", parc, client_p->name); - exit_client(client_p, client_p, client_p, "Excess parameters to UID command"); + rb_snprintf(squitreason, sizeof squitreason, + "Excess parameters (%d) to %s command, expecting %d", + parc, "UID", 10); + exit_client(client_p, client_p, client_p, squitreason); return 0; } @@ -503,7 +510,10 @@ ms_euid(struct Client *client_p, struct Client *source_p, int parc, const char * "with %d arguments (expecting 12)", client_p->name, parc); ilog(L_SERVER, "Excess parameters (%d) for command 'EUID' from %s.", parc, client_p->name); - exit_client(client_p, client_p, client_p, "Excess parameters to EUID command"); + rb_snprintf(squitreason, sizeof squitreason, + "Excess parameters (%d) to %s command, expecting %d", + parc, "EUID", 12); + exit_client(client_p, client_p, client_p, squitreason); return 0; } From 4f2b6c0b38c14c1e93e599e3dc26e7e3554a934b Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Wed, 17 Sep 2008 00:21:00 +0200 Subject: [PATCH 112/113] Allow clearing general::kline_reason via a rehash. --- src/s_conf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/s_conf.c b/src/s_conf.c index 9b98fd5..11f6f2a 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -1231,6 +1231,9 @@ clear_out_old_conf(void) */ /* clean out general */ + rb_free(ConfigFileEntry.kline_reason); + ConfigFileEntry.kline_reason = NULL; + RB_DLINK_FOREACH_SAFE(ptr, next_ptr, service_list.head) { rb_free(ptr->data); From 1f24b3b1c2e860285e8abef027ace5391bf96f19 Mon Sep 17 00:00:00 2001 From: Jilles Tjoelker Date: Wed, 17 Sep 2008 00:24:50 +0200 Subject: [PATCH 113/113] Make sno_globalkline work for servers without kline_reason, but only for temps. --- extensions/sno_globalkline.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/extensions/sno_globalkline.c b/extensions/sno_globalkline.c index 487044e..a654c48 100644 --- a/extensions/sno_globalkline.c +++ b/extensions/sno_globalkline.c @@ -48,4 +48,16 @@ h_gla_client_exit(hook_data_client_exit *hdata) "K/DLINE active for %s[%s@%s]", source_p->name, source_p->username, source_p->host); } + else if (!strncmp(hdata->comment, "Temporary K-line ", 17)) + { + sendto_realops_snomask_from(SNO_GENERAL, L_ALL, source_p->servptr, + "K/DLINE active for %s[%s@%s]", + source_p->name, source_p->username, source_p->host); + } + else if (!strncmp(hdata->comment, "Temporary D-line ", 17)) + { + sendto_realops_snomask_from(SNO_GENERAL, L_ALL, source_p->servptr, + "K/DLINE active for %s[%s@%s]", + source_p->name, source_p->username, source_p->host); + } }