From eba14d937d7d8980a1d178ca0066c577bf66c806 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sat, 25 Jun 2011 14:58:12 +0200 Subject: Update sample config file and manual page for new config structure --- doc/sample-ngircd.conf.tmpl | 196 +++++++++++++++++++++++--------------------- 1 file changed, 103 insertions(+), 93 deletions(-) (limited to 'doc') diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index b5a36b84..b4a498d4 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -19,62 +19,29 @@ # The [Global] section of this file is used to define the main # configuration of the server, like the server name and the ports # on which the server should be listening. + # These settings depend on your personal preferences, so you should + # make sure that they correspond to your installation and setup! # Server name in the IRC network, must contain at least one dot # (".") and be unique in the IRC network. Required! Name = irc.example.net - # Info text of the server. This will be shown by WHOIS and - # LINKS requests for example. - Info = Server Info Text - - # Global password for all users needed to connect to the server. - # (Default: not set) - ;Password = abc - - # Password required for using the WEBIRC command used by some - # Web-to-IRC gateways. If not set/empty, the WEBIRC command can't - # be used. (Default: not set) - ;WebircPassword = xyz - # Information about the server and the administrator, used by the # ADMIN command. Not required by server but by RFC! ;AdminInfo1 = Description ;AdminInfo2 = Location ;AdminEMail = admin@irc.server - # Ports on which the server should listen. There may be more than - # one port, separated with ",". (Default: 6667) - ;Ports = 6667, 6668, 6669 - - # Additional Listen Ports that expect SSL/TLS encrypted connections - ;SSLPorts = 6697, 9999 - - # SSL Server Key - ;SSLKeyFile = :ETCDIR:/ssl/server-key.pem - - # password to decrypt SSLKeyFile (OpenSSL only) - ;SSLKeyFilePassword = secret - - # SSL Server Key Certificate - ;SSLCertFile = :ETCDIR:/ssl/server-cert.pem - - # Diffie-Hellman parameters - ;SSLDHFile = :ETCDIR:/ssl/dhparams.pem + # Info text of the server. This will be shown by WHOIS and + # LINKS requests for example. + Info = Server Info Text - # comma separated list of IP addresses on which the server should + # Comma separated list of IP addresses on which the server should # listen. Default values are: # "0.0.0.0" or (if compiled with IPv6 support) "::,0.0.0.0" # so the server listens on all IP addresses of the system by default. ;Listen = 127.0.0.1,192.168.0.1 - # Syslog "facility" to which ngIRCd should send log messages. - # Possible values are system dependant, but most probably auth, daemon, - # user and local1 through local7 are possible values; see syslog(3). - # Default is "local5" for historical reasons, you probably want to - # change this to "daemon", for example. - SyslogFacility = local1 - # Text file with the "message of the day" (MOTD). This message will # be shown to all users connecting to the server: ;MotdFile = :ETCDIR:/ngircd.motd @@ -82,6 +49,25 @@ # A simple Phrase (<256 chars) if you don't want to use a motd file. ;MotdPhrase = "Hello world!" + # Global password for all users needed to connect to the server. + # (Default: not set) + ;Password = abc + + # This tells ngIRCd to write its current process ID to a file. + # Note that the pidfile is written AFTER chroot and switching the + # user ID, e.g. the directory the pidfile resides in must be + # writeable by the ngIRCd user and exist in the chroot directory. + ;PidFile = /var/run/ngircd/ngircd.pid + + # Ports on which the server should listen. There may be more than + # one port, separated with ",". (Default: 6667) + ;Ports = 6667, 6668, 6669 + + # Group ID under which the ngIRCd should run; you can use the name + # of the group or the numerical ID. ATTENTION: For this to work the + # server must have been started with root privileges! + ;ServerGID = 65534 + # User ID under which the server should run; you can use the name # of the user or the numerical ID. ATTENTION: For this to work the # server must have been started with root privileges! In addition, @@ -89,55 +75,14 @@ # otherwise RESTART and REHASH won't work! ;ServerUID = 65534 - # Group ID under which the ngircd should run; you can use the name - # of the group or the numerical ID. ATTENTION: For this to work the - # server must have been started with root privileges! - ;ServerGID = 65534 - - # A directory to chroot in when everything is initialized. It - # doesn't need to be populated if ngIRCd is compiled as a static - # binary. By default ngIRCd won't use the chroot() feature. - # ATTENTION: For this to work the server must have been started - # with root privileges! - ;ChrootDir = /var/empty - - # This tells ngircd to write its current process id to a file. - # Note that the pidfile is written AFTER chroot and switching uid, - # i. e. the Directory the pidfile resides in must be writeable by - # the ngircd user and exist in the chroot directory. - ;PidFile = /var/run/ngircd/ngircd.pid - - # After seconds of inactivity the server will send a - # PING to the peer to test whether it is alive or not. - ;PingTimeout = 120 - - # If a client fails to answer a PING with a PONG within - # seconds, it will be disconnected by the server. - ;PongTimeout = 20 +[Limits] + # Define some limits and timeouts for this ngIRCd instance. Default + # values should be safe, but it is wise to double-check :-) # The server tries every seconds to establish a link # to not yet (or no longer) connected servers. ;ConnectRetry = 60 - # Should IRC Operators be allowed to use the MODE command even if - # they are not(!) channel-operators? - ;OperCanUseMode = no - - # Mask IRC Operator mode requests as if they were coming from the - # server? (This is a compatibility hack for ircd-irc2 servers) - ;OperServerMode = no - - # Are remote IRC operators allowed to control this server, e. g. - # use commands like CONNECT, SQUIT, DIE, ...? - ;AllowRemoteOper = no - - # Allow Pre-Defined Channels only (see Section [Channels]) - ;PredefChannelsOnly = no - - # try to connect to other irc servers using ipv4 and ipv6, if possible - ;ConnectIPv6 = yes - ;ConnectIPv4 = yes - # Maximum number of simultaneous in- and outbound connections the # server is allowed to accept (0: unlimited): ;MaxConnections = 0 @@ -154,15 +99,29 @@ # maximum nick name length! ;MaxNickLength = 9 - # Normally ngIRCd doesn't send any messages to a client until it is - # registered. Enable this option to let the daemon send "NOTICE AUTH" - # messages to clients while connecting. - ;NoticeAuth = no + # After seconds of inactivity the server will send a + # PING to the peer to test whether it is alive or not. + ;PingTimeout = 120 - # Let ngIRCd send an "authentication PING" when a new client connects, - # and register this client only after receiving the corresponding - # "PONG" reply. - ;RequireAuthPing = no + # If a client fails to answer a PING with a PONG within + # seconds, it will be disconnected by the server. + ;PongTimeout = 20 + +[Options] + # Optional features and configuration options to further tweak the + # behavior of ngIRCd. If you wan't to get started quickly, you most + # probably don't have to make changes here -- they are all optional. + + # Are remote IRC operators allowed to control this server, e.g. + # use commands like CONNECT, SQUIT, DIE, ...? + ;AllowRemoteOper = no + + # A directory to chroot in when everything is initialized. It + # doesn't need to be populated if ngIRCd is compiled as a static + # binary. By default ngIRCd won't use the chroot() feature. + # ATTENTION: For this to work the server must have been started + # with root privileges! + ;ChrootDir = /var/empty # Set this hostname for every client instead of the real one. # Please note: don't use the percentage sign ("%"), it is reserved for @@ -172,16 +131,67 @@ # Set every clients' user name to their nick name ;CloakUserToNick = yes -[Features] + # Try to connect to other IRC servers using IPv4 and IPv6, if possible. + ;ConnectIPv6 = yes + ;ConnectIPv4 = yes + # Do any DNS lookups when a client connects to the server. ;DNS = yes - # Do any IDENT lookups if ngIRCd has been compiled with support for it. + # Do IDENT lookups if ngIRCd has been compiled with support for it. ;Ident = yes + # Normally ngIRCd doesn't send any messages to a client until it is + # registered. Enable this option to let the daemon send "NOTICE AUTH" + # messages to clients while connecting. + ;NoticeAuth = no + + # Should IRC Operators be allowed to use the MODE command even if + # they are not(!) channel-operators? + ;OperCanUseMode = no + + # Mask IRC Operator mode requests as if they were coming from the + # server? (This is a compatibility hack for ircd-irc2 servers) + ;OperServerMode = no + # Use PAM if ngIRCd has been compiled with support for it. ;PAM = no + # Allow Pre-Defined Channels only (see Section [Channels]) + ;PredefChannelsOnly = no + + # Let ngIRCd send an "authentication PING" when a new client connects, + # and register this client only after receiving the corresponding + # "PONG" reply. + ;RequireAuthPing = no + + # SSL Server Key Certificate + ;SSLCertFile = :ETCDIR:/ssl/server-cert.pem + + # Diffie-Hellman parameters + ;SSLDHFile = :ETCDIR:/ssl/dhparams.pem + + # SSL Server Key + ;SSLKeyFile = :ETCDIR:/ssl/server-key.pem + + # password to decrypt SSLKeyFile (OpenSSL only) + ;SSLKeyFilePassword = secret + + # Additional Listen Ports that expect SSL/TLS encrypted connections + ;SSLPorts = 6697, 9999 + + # Syslog "facility" to which ngIRCd should send log messages. + # Possible values are system dependent, but most probably auth, daemon, + # user and local1 through local7 are possible values; see syslog(3). + # Default is "local5" for historical reasons, you probably want to + # change this to "daemon", for example. + SyslogFacility = local1 + + # Password required for using the WEBIRC command used by some + # Web-to-IRC gateways. If not set/empty, the WEBIRC command can't + # be used. (Default: not set) + ;WebircPassword = xyz + [Operator] # [Operator] sections are used to define IRC Operators. There may be # more than one [Operator] block, one for each local operator. -- cgit 1.4.1 From 946d838de4b6aee588e1136dcea018259a17e778 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sun, 26 Jun 2011 00:09:36 +0200 Subject: Move SSL-related configuration variables to new [SSL] section --- INSTALL | 14 ++--- doc/sample-ngircd.conf.tmpl | 32 ++++++----- man/ngircd.conf.5.tmpl | 41 +++++++------ src/ngircd/conf.c | 137 +++++++++++++++++++++++++++++--------------- 4 files changed, 140 insertions(+), 84 deletions(-) (limited to 'doc') diff --git a/INSTALL b/INSTALL index ea77bd92..1e96e16e 100644 --- a/INSTALL +++ b/INSTALL @@ -17,8 +17,8 @@ Differences to version 17 - Support for ZeroConf/Bonjour/Rendezvous service registration has been removed. The configuration option "NoZeroconf" is no longer available. -- The structure of ngircd.conf has been cleaned up and two new configuration - sections have been introduced: [Limits] and [Options]. +- The structure of ngircd.conf has been cleaned up and three new configuration + sections have been introduced: [Limits], [Options], and [SSL]. Lots of configuration variables stored in the [Global] section are now deprecated there and should be stored in one of these new sections (but still work in [Global]): @@ -39,11 +39,11 @@ Differences to version 17 "PingTimeout" -> [Limits] "PongTimeout" -> [Limits] "PredefChannelsOnly" -> [Options] - "SSLCertFile" -> [Options] - "SSLDHFile" -> [Options] - "SSLKeyFile" -> [Options] - "SSLKeyFilePassword" -> [Options] - "SSLPorts" -> [Options] + "SSLCertFile" -> [SSL], and renamed to "CertFile" + "SSLDHFile" -> [SSL], and renamed to "DHFile" + "SSLKeyFile" -> [SSL], and renamed to "KeyFile" + "SSLKeyFilePassword" -> [SSL], and renamed to "KeyFilePassword" + "SSLPorts" -> [SSL], and renamed to "Ports" "SyslogFacility" -> [Options] "WebircPassword" -> [Options] You should adjust your ngircd.conf and run "ngircd --configtest" to make diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index b4a498d4..40797241 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -12,7 +12,8 @@ # Use "ngircd --configtest" (see manual page ngircd(8)) to validate that the # server interprets the configuration file as expected! # -# Please see ngircd.conf(5) for a complete list of configuration options. +# Please see ngircd.conf(5) for a complete list of configuration options +# and their descriptions. # [Global] @@ -165,6 +166,23 @@ # "PONG" reply. ;RequireAuthPing = no + # Syslog "facility" to which ngIRCd should send log messages. + # Possible values are system dependent, but most probably auth, daemon, + # user and local1 through local7 are possible values; see syslog(3). + # Default is "local5" for historical reasons, you probably want to + # change this to "daemon", for example. + SyslogFacility = local1 + + # Password required for using the WEBIRC command used by some + # Web-to-IRC gateways. If not set/empty, the WEBIRC command can't + # be used. (Default: not set) + ;WebircPassword = xyz + +;[SSL] + # SSL-related configuration options. Please note that this section + # is only available when ngIRCd is compiled with support for SSL! + # So don't forget to remove the ";" above if this is the case ... + # SSL Server Key Certificate ;SSLCertFile = :ETCDIR:/ssl/server-cert.pem @@ -180,18 +198,6 @@ # Additional Listen Ports that expect SSL/TLS encrypted connections ;SSLPorts = 6697, 9999 - # Syslog "facility" to which ngIRCd should send log messages. - # Possible values are system dependent, but most probably auth, daemon, - # user and local1 through local7 are possible values; see syslog(3). - # Default is "local5" for historical reasons, you probably want to - # change this to "daemon", for example. - SyslogFacility = local1 - - # Password required for using the WEBIRC command used by some - # Web-to-IRC gateways. If not set/empty, the WEBIRC command can't - # be used. (Default: not set) - ;WebircPassword = xyz - [Operator] # [Operator] sections are used to define IRC Operators. There may be # more than one [Operator] block, one for each local operator. diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 41cc08ef..68b40800 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -52,8 +52,8 @@ for numbers all decimal integer values are valid. In addition, some string or numerical variables accept lists of values, separated by commas (","). .SH "SECTION OVERVIEW" -The file can contain blocks of four types: [Global], [Limits], [Options], -[Operator], [Server], and [Channel]. +The file can contain blocks of seven types: [Global], [Limits], [Options], +[SSL], [Operator], [Server], and [Channel]. .PP The main configuration of the server is stored in the .I [Global] @@ -68,8 +68,10 @@ block are used to tweak different limits and timeouts of the daemon, like the maximum number of clients allowed to connect to this server. Variables in the .I [Options] section can be used to enable or disable specific features of ngIRCd, like -support for IDENT, PAM, IPv6, SSL, and protocol and cloaking features. These -two sections are both optional. +support for IDENT, PAM, IPv6, and protocol and cloaking features. The +.I [SSL] +block contains all SSL-related configuration variables. These three sections +are all optional. .PP IRC operators of this server are defined in .I [Operator] @@ -81,7 +83,7 @@ blocks are used to configure pre-defined ("persistent") IRC channels. .PP There can be more than one [Operator], [Server] and [Channel] section per configuration file (one for each operator, server, and channel), but only -exactly one [Global], one [Limits], and one [Options] section. +exactly one [Global], one [Limits], one [Options], and one [SSL] section. .SH [GLOBAL] The .I [Global] @@ -276,6 +278,23 @@ Let ngIRCd send an "authentication PING" when a new client connects, and register this client only after receiving the corresponding "PONG" reply. Default: no. .TP +\fBSyslogFacility\fR (string) +Syslog "facility" to which ngIRCd should send log messages. Possible +values are system dependent, but most probably "auth", "daemon", "user" +and "local1" through "local7" are possible values; see syslog(3). +Default is "local5" for historical reasons, you probably want to +change this to "daemon", for example. +.TP +\fBWebircPassword\fR (string) +Password required for using the WEBIRC command used by some Web-to-IRC +gateways. If not set or empty, the WEBIRC command can't be used. +Default: not set. +.SH [SSL] +All SSL-related configuration variables are located in the +.I [SSL] +section. Please note that this whole section is only recognized by ngIRCd +when it is compiled with support for SSL using OpenSSL or GnuTLS! +.TP \fBSSLCertFile\fR (string) SSL Certificate file of the private server key. .TP @@ -298,18 +317,6 @@ OpenSSL only: Password to decrypt the private key file. Same as \fBPorts\fR , except that ngIRCd will expect incoming connections to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669 and 6697. Default: none. -.TP -\fBSyslogFacility\fR (string) -Syslog "facility" to which ngIRCd should send log messages. Possible -values are system dependent, but most probably "auth", "daemon", "user" -and "local1" through "local7" are possible values; see syslog(3). -Default is "local5" for historical reasons, you probably want to -change this to "daemon", for example. -.TP -\fBWebircPassword\fR (string) -Password required for using the WEBIRC command used by some Web-to-IRC -gateways. If not set or empty, the WEBIRC command can't be used. -Default: not set. .SH [OPERATOR] .I [Operator] sections are used to define IRC Operators. There may be more than one diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 0a814a76..92409409 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -89,6 +89,8 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server )); #ifdef SSL_SUPPORT +static void Handle_SSL PARAMS(( int Line, char *Var, char *Ark )); + struct SSLOptions Conf_SSLOptions; /** @@ -377,18 +379,6 @@ Conf_Test( void ) #ifndef STRICT_RFC printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); #endif -#ifdef SSL_SUPPORT - printf(" SSLCertFile = %s\n", Conf_SSLOptions.CertFile); - printf(" SSLDHFile = %s\n", Conf_SSLOptions.DHFile); - printf(" SSLKeyFile = %s\n", Conf_SSLOptions.KeyFile); - if (array_bytes(&Conf_SSLOptions.KeyFilePassword)) - puts(" SSLKeyFilePassword = "); - else - puts(" SSLKeyFilePassword = "); - array_free_wipe(&Conf_SSLOptions.KeyFilePassword); - printf(" SSLPorts = "); - ports_puts(&Conf_SSLOptions.ListenPorts); -#endif #ifdef SYSLOG printf(" SyslogFacility = %s\n", ngt_SyslogFacilityName(Conf_SyslogFacility)); @@ -396,6 +386,24 @@ Conf_Test( void ) printf(" WebircPassword = %s\n", Conf_WebircPwd); puts(""); +#ifdef SSL_SUPPORT + puts("[SSL]"); + printf(" CertFile = %s\n", Conf_SSLOptions.CertFile + ? Conf_SSLOptions.CertFile : ""); + printf(" DHFile = %s\n", Conf_SSLOptions.DHFile + ? Conf_SSLOptions.DHFile : ""); + printf(" KeyFile = %s\n", Conf_SSLOptions.KeyFile + ? Conf_SSLOptions.KeyFile : ""); + if (array_bytes(&Conf_SSLOptions.KeyFilePassword)) + puts(" KeyFilePassword = "); + else + puts(" KeyFilePassword = "); + array_free_wipe(&Conf_SSLOptions.KeyFilePassword); + printf(" Ports = "); + ports_puts(&Conf_SSLOptions.ListenPorts); + puts(""); +#endif + opers_puts(); for( i = 0; i < MAX_SERVERS; i++ ) { @@ -847,7 +855,8 @@ Read_Config( bool ngircd_starting ) strlcpy( section, str, sizeof( section )); if (strcasecmp(section, "[GLOBAL]") == 0 || strcasecmp(section, "[LIMITS]") == 0 || - strcasecmp(section, "[OPTIONS]") == 0) + strcasecmp(section, "[OPTIONS]") == 0 || + strcasecmp(section, "[SSL]") == 0) continue; if( strcasecmp( section, "[SERVER]" ) == 0 ) { @@ -906,6 +915,10 @@ Read_Config( bool ngircd_starting ) Handle_LIMITS(line, var, arg); else if(strcasecmp(section, "[OPTIONS]") == 0) Handle_OPTIONS(line, var, arg); +#ifdef SSL_SUPPORT + else if(strcasecmp(section, "[SSL]") == 0) + Handle_SSL(line, var, arg); +#endif else if(strcasecmp(section, "[OPERATOR]") == 0) Handle_OPERATOR(line, var, arg); else if(strcasecmp(section, "[SERVER]") == 0) @@ -952,9 +965,9 @@ Read_Config( bool ngircd_starting ) #ifdef SSL_SUPPORT /* Make sure that all SSL-related files are readable */ - CheckFileReadable("SSLCertFile", Conf_SSLOptions.CertFile); - CheckFileReadable("SSLDHFile", Conf_SSLOptions.DHFile); - CheckFileReadable("SSLKeyFile", Conf_SSLOptions.KeyFile); + CheckFileReadable("CertFile", Conf_SSLOptions.CertFile); + CheckFileReadable("DHFile", Conf_SSLOptions.DHFile); + CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile); #endif return true; @@ -1100,13 +1113,6 @@ CheckLegacyGlobalOption(int Line, char *Var, char *Arg) || strcasecmp(Var, "OperCanUseMode") == 0 || strcasecmp(Var, "OperServerMode") == 0 || strcasecmp(Var, "PredefChannelsOnly") == 0 -#ifdef SSL_SUPPORT - || strcasecmp(Var, "SSLCertFile") == 0 - || strcasecmp(Var, "SSLDHFile") == 0 - || strcasecmp(Var, "SSLKeyFile") == 0 - || strcasecmp(Var, "SSLKeyFilePassword") == 0 - || strcasecmp(Var, "SSLPorts") == 0 -#endif || strcasecmp(Var, "SyslogFacility") == 0 || strcasecmp(Var, "WebircPassword") == 0) { Handle_OPTIONS(Line, Var, Arg); @@ -1122,6 +1128,16 @@ CheckLegacyGlobalOption(int Line, char *Var, char *Arg) Handle_LIMITS(Line, Var, Arg); return "[Limits]"; } +#ifdef SSL_SUPPORT + if (strcasecmp(Var, "SSLCertFile") == 0 + || strcasecmp(Var, "SSLDHFile") == 0 + || strcasecmp(Var, "SSLKeyFile") == 0 + || strcasecmp(Var, "SSLKeyFilePassword") == 0 + || strcasecmp(Var, "SSLPorts") == 0) { + Handle_SSL(Line, Var + 3, Arg); + return "[SSL]"; + } +#endif return NULL; } @@ -1302,9 +1318,16 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) /** TODO: This function and support for these options in the * [Global] section could be removed starting with ngIRCd * release 19 (one release after marking it "deprecated"). */ - Config_Error(LOG_WARNING, - "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s!", - NGIRCd_ConfFile, Line, Var, section); + if (strncasecmp(Var, "SSL", 3) == 0) { + Config_Error(LOG_WARNING, + "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s and rename to \"%s\"!", + NGIRCd_ConfFile, Line, Var, section, + Var + 3); + } else { + Config_Error(LOG_WARNING, + "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s!", + NGIRCd_ConfFile, Line, Var, section); + } return; } @@ -1462,53 +1485,73 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) return; } #endif +#ifdef SYSLOG + if (strcasecmp(Var, "SyslogFacility") == 0) { + Conf_SyslogFacility = ngt_SyslogFacilityID(Arg, + Conf_SyslogFacility); + return; + } +#endif + if (strcasecmp(Var, "WebircPassword") == 0) { + len = strlcpy(Conf_WebircPwd, Arg, sizeof(Conf_WebircPwd)); + if (len >= sizeof(Conf_WebircPwd)) + Config_Error_TooLong(Line, Var); + return; + } + + Config_Error_Section(Line, Var, "Options"); +} + #ifdef SSL_SUPPORT - if (strcasecmp(Var, "SSLCertFile") == 0) { + +/** + * Handle variable in [SSL] configuration section. + * + * @param Line Line numer in configuration file. + * @param Var Variable name. + * @param Arg Variable argument. + */ +static void +Handle_SSL(int Line, char *Var, char *Arg) +{ + assert(Line > 0); + assert(Var != NULL); + assert(Arg != NULL); + + if (strcasecmp(Var, "CertFile") == 0) { assert(Conf_SSLOptions.CertFile == NULL); Conf_SSLOptions.CertFile = strdup_warn(Arg); return; } - if (strcasecmp(Var, "SSLDHFile") == 0) { + if (strcasecmp(Var, "DHFile") == 0) { assert(Conf_SSLOptions.DHFile == NULL); Conf_SSLOptions.DHFile = strdup_warn(Arg); return; } - if (strcasecmp(Var, "SSLKeyFile") == 0) { + if (strcasecmp(Var, "KeyFile") == 0) { assert(Conf_SSLOptions.KeyFile == NULL); Conf_SSLOptions.KeyFile = strdup_warn(Arg); return; } - if (strcasecmp(Var, "SSLKeyFilePassword") == 0) { + if (strcasecmp(Var, "KeyFilePassword") == 0) { assert(array_bytes(&Conf_SSLOptions.KeyFilePassword) == 0); if (!array_copys(&Conf_SSLOptions.KeyFilePassword, Arg)) Config_Error(LOG_ERR, - "%s, line %d (section \"Global\"): Could not copy %s: %s!", + "%s, line %d (section \"SSL\"): Could not copy %s: %s!", NGIRCd_ConfFile, Line, Var, strerror(errno)); return; } - if (strcasecmp(Var, "SSLPorts") == 0) { + if (strcasecmp(Var, "Ports") == 0) { ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg); return; } -#endif -#ifdef SYSLOG - if (strcasecmp(Var, "SyslogFacility") == 0) { - Conf_SyslogFacility = ngt_SyslogFacilityID(Arg, - Conf_SyslogFacility); - return; - } -#endif - if (strcasecmp(Var, "WebircPassword") == 0) { - len = strlcpy(Conf_WebircPwd, Arg, sizeof(Conf_WebircPwd)); - if (len >= sizeof(Conf_WebircPwd)) - Config_Error_TooLong(Line, Var); - return; - } - Config_Error_Section(Line, Var, "Options"); + Config_Error_Section(Line, Var, "SSL"); } +#endif + /** * Handle variable in [Operator] configuration section. * -- cgit 1.4.1 From 3d0ce77f12117df9e12d364c725c3c54332901bd Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sun, 26 Jun 2011 00:10:22 +0200 Subject: sample-ngircd.conf: "SyslogFacility" should be commented out --- doc/sample-ngircd.conf.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index 40797241..0f2e7ee8 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -171,7 +171,7 @@ # user and local1 through local7 are possible values; see syslog(3). # Default is "local5" for historical reasons, you probably want to # change this to "daemon", for example. - SyslogFacility = local1 + ;SyslogFacility = local1 # Password required for using the WEBIRC command used by some # Web-to-IRC gateways. If not set/empty, the WEBIRC command can't -- cgit 1.4.1