From e7256bb8acc5f6cd221f5cffb463ca7463de8d92 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sat, 25 Jun 2011 14:45:36 +0200 Subject: Restructure ngIRCd configuration, introduce [Limits] and [Options] The intention of this restructuring is to make the [Global] section much cleaner, so that it only contains variables that most installations must adjust to the local requirements. All the optional variables are moved to [Limits], for configurable limits and timers of ngIRCd, and [Options], for optional features. The old variables in the [Global] section are deprecated now, but still recognized. --- src/ngircd/conf.c | 739 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 406 insertions(+), 333 deletions(-) (limited to 'src') diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 326b433a..d19109fc 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -64,7 +64,8 @@ static bool Read_Config PARAMS(( bool ngircd_starting )); static bool Validate_Config PARAMS(( bool TestOnly, bool Rehash )); static void Handle_GLOBAL PARAMS(( int Line, char *Var, char *Arg )); -static void Handle_FEATURES PARAMS(( int Line, char *Var, char *Arg )); +static void Handle_LIMITS PARAMS(( int Line, char *Var, char *Arg )); +static void Handle_OPTIONS PARAMS(( int Line, char *Var, char *Arg )); static void Handle_OPERATOR PARAMS(( int Line, char *Var, char *Arg )); static void Handle_SERVER PARAMS(( int Line, char *Var, char *Arg )); static void Handle_CHANNEL PARAMS(( int Line, char *Var, char *Arg )); @@ -340,16 +341,13 @@ Conf_Test( void ) puts( "Ok, dump of your server configuration follows:\n" ); } - puts( "[GLOBAL]" ); + puts("[GLOBAL]"); printf(" Name = %s\n", Conf_ServerName); - printf(" Info = %s\n", Conf_ServerInfo); -#ifndef PAM - printf(" Password = %s\n", Conf_ServerPwd); -#endif - printf(" WebircPassword = %s\n", Conf_WebircPwd); printf(" AdminInfo1 = %s\n", Conf_ServerAdmin1); printf(" AdminInfo2 = %s\n", Conf_ServerAdmin2); printf(" AdminEMail = %s\n", Conf_ServerAdminMail); + printf(" Info = %s\n", Conf_ServerInfo); + printf(" Listen = %s\n", Conf_ListenAddress); if (Using_MotdFile) { printf(" MotdFile = %s\n", Conf_MotdFile); printf(" MotdPhrase =\n"); @@ -358,58 +356,74 @@ Conf_Test( void ) printf(" MotdPhrase = %s\n", array_bytes(&Conf_Motd) ? (const char*) array_start(&Conf_Motd) : ""); } - printf(" ChrootDir = %s\n", Conf_Chroot); +#ifndef PAM + printf(" Password = %s\n", Conf_ServerPwd); +#endif printf(" PidFile = %s\n", Conf_PidFile); - printf(" Listen = %s\n", Conf_ListenAddress); - fputs(" Ports = ", stdout); + printf(" Ports = "); ports_puts(&Conf_ListenPorts); -#ifdef SSL_SUPPORT - fputs(" SSLPorts = ", stdout); - ports_puts(&Conf_SSLOptions.ListenPorts); - if (!ConfSSL_Puts()) - config_valid = false; -#endif - - pwd = getpwuid(Conf_UID); - if (pwd) - printf(" ServerUID = %s\n", pwd->pw_name); - else - printf(" ServerUID = %ld\n", (long)Conf_UID); grp = getgrgid(Conf_GID); if (grp) printf(" ServerGID = %s\n", grp->gr_name); else printf(" ServerGID = %ld\n", (long)Conf_GID); -#ifdef SYSLOG - printf(" SyslogFacility = %s\n", - ngt_SyslogFacilityName(Conf_SyslogFacility)); -#endif - printf(" PingTimeout = %d\n", Conf_PingTimeout); - printf(" PongTimeout = %d\n", Conf_PongTimeout); + pwd = getpwuid(Conf_UID); + if (pwd) + printf(" ServerUID = %s\n", pwd->pw_name); + else + printf(" ServerUID = %ld\n", (long)Conf_UID); + puts(""); + + puts("[LIMITS]"); printf(" ConnectRetry = %d\n", Conf_ConnectRetry); - printf(" OperCanUseMode = %s\n", yesno_to_str(Conf_OperCanMode)); - printf(" OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); - printf(" AllowRemoteOper = %s\n", yesno_to_str(Conf_AllowRemoteOper)); - printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); -#ifdef WANT_IPV6 - printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); - printf(" ConnectIPv6 = %s\n", yesno_to_str(Conf_ConnectIPv4)); -#endif printf(" MaxConnections = %ld\n", Conf_MaxConnections); printf(" MaxConnectionsIP = %d\n", Conf_MaxConnectionsIP); printf(" MaxJoins = %d\n", Conf_MaxJoins > 0 ? Conf_MaxJoins : -1); printf(" MaxNickLength = %u\n", Conf_MaxNickLength - 1); - printf(" NoticeAuth = %s\n", yesno_to_str(Conf_NoticeAuth)); + printf(" PingTimeout = %d\n", Conf_PingTimeout); + printf(" PongTimeout = %d\n", Conf_PongTimeout); + puts(""); + + puts("[OPTIONS]"); + printf(" AllowRemoteOper = %s\n", yesno_to_str(Conf_AllowRemoteOper)); + printf(" ChrootDir = %s\n", Conf_Chroot); printf(" CloakHost = %s\n", Conf_CloakHost); printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick)); -#ifndef STRICT_RFC - printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); +#ifdef WANT_IPV6 + printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); + printf(" ConnectIPv6 = %s\n", yesno_to_str(Conf_ConnectIPv4)); #endif - - printf("\n[FEATURES]\n"); printf(" DNS = %s\n", yesno_to_str(Conf_DNS)); +#ifdef IDENT printf(" Ident = %s\n", yesno_to_str(Conf_Ident)); +#endif + printf(" NoticeAuth = %s\n", yesno_to_str(Conf_NoticeAuth)); + printf(" OperCanUseMode = %s\n", yesno_to_str(Conf_OperCanMode)); + printf(" OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); +#ifdef PAM printf(" PAM = %s\n", yesno_to_str(Conf_PAM)); +#endif + printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); +#ifndef STRICT_RFC + printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); +#endif +#ifdef SSL_SUPPORT + printf(" SSLCertFile = %s\n", Conf_SSLOptions.CertFile); + printf(" SSLDHFile = %s\n", Conf_SSLOptions.DHFile); + printf(" SSLKeyFile = %s\n", Conf_SSLOptions.KeyFile); + if (array_bytes(&Conf_SSLOptions.KeyFilePassword)) + puts(" SSLKeyFilePassword = "); + else + puts(" SSLKeyFilePassword = "); + array_free_wipe(&Conf_SSLOptions.KeyFilePassword); + printf(" SSLPorts = "); + ports_puts(&Conf_SSLOptions.ListenPorts); +#endif +#ifdef SYSLOG + printf(" SyslogFacility = %s\n", + ngt_SyslogFacilityName(Conf_SyslogFacility)); +#endif + printf(" WebircPassword = %s\n", Conf_WebircPwd); puts(""); opers_puts(); @@ -641,22 +655,6 @@ GLOBAL bool Conf_IsService(int ConfServer, const char *Nick) { return MatchCaseInsensitive(Conf_Server[ConfServer].svs_mask, Nick); -} /* Conf_IsService */ - - -static void -Set_Defaults_Optional(void) -{ -#ifdef IDENTAUTH - Conf_Ident = true; -#else - Conf_Ident = false; -#endif -#ifdef PAM - Conf_PAM = true; -#else - Conf_PAM = false; -#endif } /** @@ -667,50 +665,60 @@ Set_Defaults(bool InitServers) { int i; + /* Global */ strcpy(Conf_ServerName, ""); - snprintf(Conf_ServerInfo, sizeof Conf_ServerInfo, "%s %s", - PACKAGE_NAME, PACKAGE_VERSION); - strcpy(Conf_ServerPwd, ""); - strcpy(Conf_ServerAdmin1, ""); strcpy(Conf_ServerAdmin2, ""); strcpy(Conf_ServerAdminMail, ""); - + snprintf(Conf_ServerInfo, sizeof Conf_ServerInfo, "%s %s", + PACKAGE_NAME, PACKAGE_VERSION); + free(Conf_ListenAddress); + Conf_ListenAddress = NULL; + array_free(&Conf_Motd); strlcpy(Conf_MotdFile, SYSCONFDIR, sizeof(Conf_MotdFile)); strlcat(Conf_MotdFile, MOTD_FILE, sizeof(Conf_MotdFile)); - - Conf_UID = Conf_GID = 0; - strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot)); + strcpy(Conf_ServerPwd, ""); strlcpy(Conf_PidFile, PID_FILE, sizeof(Conf_PidFile)); + Conf_UID = Conf_GID = 0; - free(Conf_ListenAddress); - Conf_ListenAddress = NULL; - - Conf_PingTimeout = 120; - Conf_PongTimeout = 20; + /* Limits */ Conf_ConnectRetry = 60; - Conf_DNS = true; - Conf_NoticeAuth = false; - - Conf_Oper_Count = 0; - Conf_Channel_Count = 0; - - Conf_OperCanMode = false; - Conf_OperServerMode = false; - Conf_AllowRemoteOper = false; - Conf_PredefChannelsOnly = false; - - Conf_ConnectIPv4 = true; - Conf_ConnectIPv6 = true; - Conf_MaxConnections = 0; Conf_MaxConnectionsIP = 5; Conf_MaxJoins = 10; Conf_MaxNickLength = CLIENT_NICK_LEN_DEFAULT; + Conf_PingTimeout = 120; + Conf_PongTimeout = 20; + /* Options */ + Conf_AllowRemoteOper = false; +#ifndef STRICT_RFC + Conf_AuthPing = false; +#endif + strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot)); strcpy(Conf_CloakHost, ""); Conf_CloakUserToNick = false; - + Conf_ConnectIPv4 = true; +#ifdef WANT_IPV6 + Conf_ConnectIPv6 = true; +#else + Conf_ConnectIPv6 = false; +#endif + Conf_DNS = true; +#ifdef IDENTAUTH + Conf_Ident = true; +#else + Conf_Ident = false; +#endif + Conf_NoticeAuth = false; + Conf_OperCanMode = false; + Conf_OperServerMode = false; +#ifdef PAM + Conf_PAM = true; +#else + Conf_PAM = false; +#endif + Conf_PredefChannelsOnly = false; #ifdef SYSLOG #ifdef LOG_LOCAL5 Conf_SyslogFacility = LOG_LOCAL5; @@ -719,20 +727,15 @@ Set_Defaults(bool InitServers) #endif #endif -#ifndef STRICT_RFC - Conf_AuthPing = false; -#endif - - Set_Defaults_Optional(); + /* Initialize IRC operators and channels */ + Conf_Oper_Count = 0; + Conf_Channel_Count = 0; /* Initialize server configuration structures */ if (InitServers) { for (i = 0; i < MAX_SERVERS; Init_Server_Struct(&Conf_Server[i++])); } - - /* Free MOTD; this is important when reloading the configuration */ - array_free(&Conf_Motd); } /** @@ -872,8 +875,9 @@ Read_Config( bool ngircd_starting ) /* Is this the beginning of a new section? */ if(( str[0] == '[' ) && ( str[strlen( str ) - 1] == ']' )) { strlcpy( section, str, sizeof( section )); - if (strcasecmp( section, "[GLOBAL]" ) == 0 || - strcasecmp( section, "[FEATURES]") == 0) + if (strcasecmp(section, "[GLOBAL]") == 0 || + strcasecmp(section, "[LIMITS]") == 0 || + strcasecmp(section, "[OPTIONS]") == 0) continue; if( strcasecmp( section, "[SERVER]" ) == 0 ) { @@ -924,12 +928,22 @@ Read_Config( bool ngircd_starting ) var = str; ngt_TrimStr( var ); arg = ptr + 1; ngt_TrimStr( arg ); - if( strcasecmp( section, "[GLOBAL]" ) == 0 ) Handle_GLOBAL( line, var, arg ); - else if( strcasecmp( section, "[FEATURES]" ) == 0 ) Handle_FEATURES( line, var, arg ); - else if( strcasecmp( section, "[OPERATOR]" ) == 0 ) Handle_OPERATOR( line, var, arg ); - else if( strcasecmp( section, "[SERVER]" ) == 0 ) Handle_SERVER( line, var, arg ); - else if( strcasecmp( section, "[CHANNEL]" ) == 0 ) Handle_CHANNEL( line, var, arg ); - else Config_Error( LOG_ERR, "%s, line %d: Variable \"%s\" outside section!", NGIRCd_ConfFile, line, var ); + if(strcasecmp(section, "[GLOBAL]") == 0) + Handle_GLOBAL(line, var, arg); + else if(strcasecmp(section, "[LIMITS]") == 0) + Handle_LIMITS(line, var, arg); + else if(strcasecmp(section, "[OPTIONS]") == 0) + Handle_OPTIONS(line, var, arg); + else if(strcasecmp(section, "[OPERATOR]") == 0) + Handle_OPERATOR(line, var, arg); + else if(strcasecmp(section, "[SERVER]") == 0) + Handle_SERVER(line, var, arg); + else if(strcasecmp(section, "[CHANNEL]") == 0) + Handle_CHANNEL(line, var, arg); + else + Config_Error(LOG_ERR, + "%s, line %d: Variable \"%s\" outside section!", + NGIRCd_ConfFile, line, var); } /* Close configuration file */ @@ -1020,8 +1034,24 @@ WarnIdent(int UNUSED Line) if (Conf_Ident) { /* user has enabled ident lookups explicitly, but ... */ Config_Error(LOG_WARNING, - "%s: line %d: %s=True, but ngircd was built without support", - NGIRCd_ConfFile, Line, "Ident"); + "%s: line %d: \"Ident = yes\", but ngircd was built without IDENT support!", + NGIRCd_ConfFile, Line); + } +#endif +} + +/** + * Output a warning messages if IPv6 is configured but not compiled in. + */ +static void +WarnIPv6(int UNUSED Line) +{ +#ifndef WANT_IPV6 + if (Conf_ConnectIPv6) { + /* user has enabled IPv6 explicitly, but ... */ + Config_Error(LOG_WARNING, + "%s: line %d: \"ConnectIPv6 = yes\", but ngircd was built without IPv6 support!", + NGIRCd_ConfFile, Line); } #endif } @@ -1035,8 +1065,8 @@ WarnPAM(int UNUSED Line) #ifndef PAM if (Conf_PAM) { Config_Error(LOG_WARNING, - "%s: line %d: %s=True, but ngircd was built without support", - NGIRCd_ConfFile, Line, "PAM"); + "%s: line %d: \"PAM = yes\", but ngircd was built without PAM support!", + NGIRCd_ConfFile, Line); } #endif } @@ -1069,6 +1099,53 @@ CheckLegacyNoOption(const char *Var, const char *Arg) return false; } +/** + * Handle deprecated legacy options in [GLOBAL] section. + * + * TODO: This function and support for these options in the [Global] section + * could be removed starting with ngIRCd release 19 (one release after + * marking it "deprecated"). + * + * @param Var Variable name. + * @param Arg Argument string. + * @returns true if a legacy option has been processed; false otherwise. + */ +static const char* +CheckLegacyGlobalOption(int Line, char *Var, char *Arg) +{ + if (strcasecmp(Var, "AllowRemoteOper") == 0 + || strcasecmp(Var, "ChrootDir") == 0 + || strcasecmp(Var, "ConnectIPv4") == 0 + || strcasecmp(Var, "ConnectIPv6") == 0 + || strcasecmp(Var, "OperCanUseMode") == 0 + || strcasecmp(Var, "OperServerMode") == 0 + || strcasecmp(Var, "PredefChannelsOnly") == 0 +#ifdef SSL_SUPPORT + || strcasecmp(Var, "SSLCertFile") == 0 + || strcasecmp(Var, "SSLDHFile") == 0 + || strcasecmp(Var, "SSLKeyFile") == 0 + || strcasecmp(Var, "SSLKeyFilePassword") == 0 + || strcasecmp(Var, "SSLPorts") == 0 +#endif + || strcasecmp(Var, "SyslogFacility") == 0 + || strcasecmp(Var, "WebircPassword") == 0) { + Handle_OPTIONS(Line, Var, Arg); + return "[Options]"; + } + if (strcasecmp(Var, "ConnectRetry") == 0 + || strcasecmp(Var, "MaxConnections") == 0 + || strcasecmp(Var, "MaxConnectionsIP") == 0 + || strcasecmp(Var, "MaxJoins") == 0 + || strcasecmp(Var, "MaxNickLength") == 0 + || strcasecmp(Var, "PingTimeout") == 0 + || strcasecmp(Var, "PongTimeout") == 0) { + Handle_LIMITS(Line, Var, Arg); + return "[Limits]"; + } + + return NULL; +} + /** * Strip "no" prefix of a string. * @@ -1113,85 +1190,68 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) struct passwd *pwd; struct group *grp; size_t len; + const char *section; assert( Line > 0 ); assert( Var != NULL ); assert( Arg != NULL ); - if( strcasecmp( Var, "Name" ) == 0 ) { - /* Server name */ - len = strlcpy( Conf_ServerName, Arg, sizeof( Conf_ServerName )); - if (len >= sizeof( Conf_ServerName )) - Config_Error_TooLong( Line, Var ); - return; - } - if( strcasecmp( Var, "CloakHost" ) == 0 ) { - /* Client hostname */ - len = strlcpy( Conf_CloakHost, Arg, sizeof( Conf_CloakHost )); - if (len >= sizeof( Conf_CloakHost )) - Config_Error_TooLong( Line, Var ); - return; - } - if( strcasecmp( Var, "CloakUserToNick" ) == 0 ) { - /* Use client nick name as user name */ - Conf_CloakUserToNick = Check_ArgIsTrue( Arg ); - return; - } - if( strcasecmp( Var, "Info" ) == 0 ) { - /* Info text of server */ - len = strlcpy( Conf_ServerInfo, Arg, sizeof( Conf_ServerInfo )); - if (len >= sizeof( Conf_ServerInfo )) - Config_Error_TooLong ( Line, Var ); - return; - } - if( strcasecmp( Var, "Password" ) == 0 ) { - /* Global server password */ - len = strlcpy( Conf_ServerPwd, Arg, sizeof( Conf_ServerPwd )); - if (len >= sizeof( Conf_ServerPwd )) - Config_Error_TooLong( Line, Var ); + if (strcasecmp(Var, "Name") == 0) { + len = strlcpy(Conf_ServerName, Arg, sizeof(Conf_ServerName)); + if (len >= sizeof(Conf_ServerName)) + Config_Error_TooLong(Line, Var); return; } - if (strcasecmp(Var, "WebircPassword") == 0) { - /* Password required for WEBIRC command */ - len = strlcpy(Conf_WebircPwd, Arg, sizeof(Conf_WebircPwd)); - if (len >= sizeof(Conf_WebircPwd)) + if (strcasecmp(Var, "AdminInfo1") == 0) { + len = strlcpy(Conf_ServerAdmin1, Arg, sizeof(Conf_ServerAdmin1)); + if (len >= sizeof(Conf_ServerAdmin1)) Config_Error_TooLong(Line, Var); return; } - if( strcasecmp( Var, "AdminInfo1" ) == 0 ) { - /* Administrative info #1 */ - len = strlcpy( Conf_ServerAdmin1, Arg, sizeof( Conf_ServerAdmin1 )); - if (len >= sizeof( Conf_ServerAdmin1 )) - Config_Error_TooLong ( Line, Var ); + if (strcasecmp(Var, "AdminInfo2") == 0) { + len = strlcpy(Conf_ServerAdmin2, Arg, sizeof(Conf_ServerAdmin2)); + if (len >= sizeof(Conf_ServerAdmin2)) + Config_Error_TooLong(Line, Var); return; } - if( strcasecmp( Var, "AdminInfo2" ) == 0 ) { - /* Administrative info #2 */ - len = strlcpy( Conf_ServerAdmin2, Arg, sizeof( Conf_ServerAdmin2 )); - if (len >= sizeof( Conf_ServerAdmin2 )) - Config_Error_TooLong ( Line, Var ); + if (strcasecmp(Var, "AdminEMail") == 0) { + len = strlcpy(Conf_ServerAdminMail, Arg, + sizeof(Conf_ServerAdminMail)); + if (len >= sizeof(Conf_ServerAdminMail)) + Config_Error_TooLong(Line, Var); return; } - if( strcasecmp( Var, "AdminEMail" ) == 0 ) { - /* Administrative email contact */ - len = strlcpy( Conf_ServerAdminMail, Arg, sizeof( Conf_ServerAdminMail )); - if (len >= sizeof( Conf_ServerAdminMail )) - Config_Error_TooLong( Line, Var ); + if (strcasecmp(Var, "Info") == 0) { + len = strlcpy(Conf_ServerInfo, Arg, sizeof(Conf_ServerInfo)); + if (len >= sizeof(Conf_ServerInfo)) + Config_Error_TooLong(Line, Var); return; } - - if( strcasecmp( Var, "Ports" ) == 0 ) { - ports_parse(&Conf_ListenPorts, Line, Arg); + if (strcasecmp(Var, "Listen") == 0) { + if (Conf_ListenAddress) { + Config_Error(LOG_ERR, + "Multiple Listen= options, ignoring: %s", + Arg); + return; + } + Conf_ListenAddress = strdup_warn(Arg); + /* If allocation fails, we're in trouble: we cannot ignore the + * error -- otherwise ngircd would listen on all interfaces. */ + if (!Conf_ListenAddress) { + Config_Error(LOG_ALERT, + "%s exiting due to fatal errors!", + PACKAGE_NAME); + exit(1); + } return; } - if( strcasecmp( Var, "MotdFile" ) == 0 ) { - len = strlcpy( Conf_MotdFile, Arg, sizeof( Conf_MotdFile )); - if (len >= sizeof( Conf_MotdFile )) - Config_Error_TooLong( Line, Var ); + if (strcasecmp(Var, "MotdFile") == 0) { + len = strlcpy(Conf_MotdFile, Arg, sizeof(Conf_MotdFile)); + if (len >= sizeof(Conf_MotdFile)) + Config_Error_TooLong(Line, Var); return; } - if( strcasecmp( Var, "MotdPhrase" ) == 0 ) { - /* "Message of the day" phrase (instead of file) */ + if (strcasecmp(Var, "MotdPhrase") == 0) { len = strlen(Arg); if (len == 0) return; @@ -1205,77 +1265,44 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) Using_MotdFile = false; return; } - if( strcasecmp( Var, "ChrootDir" ) == 0 ) { - /* directory for chroot() */ - len = strlcpy( Conf_Chroot, Arg, sizeof( Conf_Chroot )); - if (len >= sizeof( Conf_Chroot )) - Config_Error_TooLong( Line, Var ); + if(strcasecmp(Var, "Password") == 0) { + len = strlcpy(Conf_ServerPwd, Arg, sizeof(Conf_ServerPwd)); + if (len >= sizeof(Conf_ServerPwd)) + Config_Error_TooLong(Line, Var); return; } - if ( strcasecmp( Var, "PidFile" ) == 0 ) { - /* name of pidfile */ - len = strlcpy( Conf_PidFile, Arg, sizeof( Conf_PidFile )); - if (len >= sizeof( Conf_PidFile )) - Config_Error_TooLong( Line, Var ); + if (strcasecmp(Var, "PidFile") == 0) { + len = strlcpy(Conf_PidFile, Arg, sizeof(Conf_PidFile)); + if (len >= sizeof(Conf_PidFile)) + Config_Error_TooLong(Line, Var); return; } - if( strcasecmp( Var, "ServerUID" ) == 0 ) { - /* UID the daemon should switch to */ - pwd = getpwnam( Arg ); - if( pwd ) Conf_UID = pwd->pw_uid; - else { - Conf_UID = (unsigned int)atoi( Arg ); - if (!Conf_UID && strcmp(Arg, "0")) - Config_Error_NaN(Line, Var); - } + if (strcasecmp(Var, "Ports") == 0) { + ports_parse(&Conf_ListenPorts, Line, Arg); return; } - if( strcasecmp( Var, "ServerGID" ) == 0 ) { - /* GID the daemon should use */ - grp = getgrnam( Arg ); - if( grp ) Conf_GID = grp->gr_gid; + if (strcasecmp(Var, "ServerGID") == 0) { + grp = getgrnam(Arg); + if (grp) + Conf_GID = grp->gr_gid; else { Conf_GID = (unsigned int)atoi(Arg); if (!Conf_GID && strcmp(Arg, "0")) - Config_Error_NaN( Line, Var ); - } - return; - } - if( strcasecmp( Var, "PingTimeout" ) == 0 ) { - /* PING timeout */ - Conf_PingTimeout = atoi( Arg ); - if( Conf_PingTimeout < 5 ) { - Config_Error( LOG_WARNING, "%s, line %d: Value of \"PingTimeout\" too low!", - NGIRCd_ConfFile, Line ); - Conf_PingTimeout = 5; - } - return; - } - if( strcasecmp( Var, "PongTimeout" ) == 0 ) { - /* PONG timeout */ - Conf_PongTimeout = atoi( Arg ); - if( Conf_PongTimeout < 5 ) { - Config_Error( LOG_WARNING, "%s, line %d: Value of \"PongTimeout\" too low!", - NGIRCd_ConfFile, Line ); - Conf_PongTimeout = 5; + Config_Error_NaN(Line, Var); } return; } - if( strcasecmp( Var, "ConnectRetry" ) == 0 ) { - /* Seconds between connection attempts to other servers */ - Conf_ConnectRetry = atoi( Arg ); - if( Conf_ConnectRetry < 5 ) { - Config_Error( LOG_WARNING, "%s, line %d: Value of \"ConnectRetry\" too low!", - NGIRCd_ConfFile, Line ); - Conf_ConnectRetry = 5; + if (strcasecmp(Var, "ServerUID") == 0) { + pwd = getpwnam(Arg); + if (pwd) + Conf_UID = pwd->pw_uid; + else { + Conf_UID = (unsigned int)atoi(Arg); + if (!Conf_UID && strcmp(Arg, "0")) + Config_Error_NaN(Line, Var); } return; } - if( strcasecmp( Var, "PredefChannelsOnly" ) == 0 ) { - /* Should we only allow pre-defined-channels? (i.e. users cannot create their own channels) */ - Conf_PredefChannelsOnly = Check_ArgIsTrue( Arg ); - return; - } if (CheckLegacyNoOption(Var, Arg)) { Config_Error(LOG_WARNING, "%s, line %d: \"No\"-Prefix has been removed, use \"%s = %s\" in [FEATURES] section instead", @@ -1286,167 +1313,213 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) WarnPAM(Line); return; } -#ifdef WANT_IPV6 - /* the default setting for all the WANT_IPV6 special options is 'true' */ - if( strcasecmp( Var, "ConnectIPv6" ) == 0 ) { - /* connect to other hosts using ipv6, if they have an AAAA record? */ - Conf_ConnectIPv6 = Check_ArgIsTrue( Arg ); - return; - } - if( strcasecmp( Var, "ConnectIPv4" ) == 0 ) { - /* connect to other hosts using ipv4. - * again, this can be used for ipv6-only setups */ - Conf_ConnectIPv4 = Check_ArgIsTrue( Arg ); - return; - } -#endif - if( strcasecmp( Var, "OperCanUseMode" ) == 0 ) { - /* Are IRC operators allowed to use MODE in channels they aren't Op in? */ - Conf_OperCanMode = Check_ArgIsTrue( Arg ); - return; - } - if( strcasecmp( Var, "OperServerMode" ) == 0 ) { - /* Mask IRC operator as if coming from the server? (ircd-irc2 compat hack) */ - Conf_OperServerMode = Check_ArgIsTrue( Arg ); + if ((section = CheckLegacyGlobalOption(Line, Var, Arg))) { + /** TODO: This function and support for these options in the + * [Global] section could be removed starting with ngIRCd + * release 19 (one release after marking it "deprecated"). */ + Config_Error(LOG_WARNING, + "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s!", + NGIRCd_ConfFile, Line, Var, section); return; } - if(strcasecmp(Var, "AllowRemoteOper") == 0) { - /* Are remote IRC operators allowed to control this server? */ - Conf_AllowRemoteOper = Check_ArgIsTrue(Arg); + + Config_Error_Section(Line, Var, "Global"); +} + +/** + * Handle variable in [Limits] configuration section. + * + * @param Line Line numer in configuration file. + * @param Var Variable name. + * @param Arg Variable argument. + */ +static void +Handle_LIMITS(int Line, char *Var, char *Arg) +{ + assert(Line > 0); + assert(Var != NULL); + assert(Arg != NULL); + + if (strcasecmp(Var, "ConnectRetry") == 0) { + Conf_ConnectRetry = atoi(Arg); + if (Conf_ConnectRetry < 5) { + Config_Error(LOG_WARNING, + "%s, line %d: Value of \"ConnectRetry\" too low!", + NGIRCd_ConfFile, Line); + Conf_ConnectRetry = 5; + } return; } - if( strcasecmp( Var, "MaxConnections" ) == 0 ) { - /* Maximum number of connections. 0 -> "no limit". */ - Conf_MaxConnections = atol( Arg ); + if (strcasecmp(Var, "MaxConnections") == 0) { + Conf_MaxConnections = atol(Arg); if (!Conf_MaxConnections && strcmp(Arg, "0")) Config_Error_NaN(Line, Var); return; } - if( strcasecmp( Var, "MaxConnectionsIP" ) == 0 ) { - /* Maximum number of simultaneous connections from one IP. 0 -> "no limit" */ - Conf_MaxConnectionsIP = atoi( Arg ); + if (strcasecmp(Var, "MaxConnectionsIP") == 0) { + Conf_MaxConnectionsIP = atoi(Arg); if (!Conf_MaxConnectionsIP && strcmp(Arg, "0")) Config_Error_NaN(Line, Var); return; } - if( strcasecmp( Var, "MaxJoins" ) == 0 ) { - /* Maximum number of channels a user can join. 0 -> "no limit". */ - Conf_MaxJoins = atoi( Arg ); + if (strcasecmp(Var, "MaxJoins") == 0) { + Conf_MaxJoins = atoi(Arg); if (!Conf_MaxJoins && strcmp(Arg, "0")) Config_Error_NaN(Line, Var); return; } - if( strcasecmp( Var, "MaxNickLength" ) == 0 ) { - /* Maximum length of a nick name; must be same on all servers - * within the IRC network! */ + if (strcasecmp(Var, "MaxNickLength") == 0) { Conf_MaxNickLength = Handle_MaxNickLength(Line, Arg); return; } - if(strcasecmp(Var, "NoticeAuth") == 0) { - /* send NOTICE AUTH messages to clients on connect */ - Conf_NoticeAuth = Check_ArgIsTrue(Arg); + if (strcasecmp(Var, "PingTimeout") == 0) { + Conf_PingTimeout = atoi(Arg); + if (Conf_PingTimeout < 5) { + Config_Error(LOG_WARNING, + "%s, line %d: Value of \"PingTimeout\" too low!", + NGIRCd_ConfFile, Line); + Conf_PingTimeout = 5; + } return; } - - if( strcasecmp( Var, "Listen" ) == 0 ) { - /* IP-Address to bind sockets */ - if (Conf_ListenAddress) { - Config_Error(LOG_ERR, "Multiple Listen= options, ignoring: %s", Arg); - return; - } - Conf_ListenAddress = strdup_warn(Arg); - /* - * if allocation fails, we're in trouble: - * we cannot ignore the error -- otherwise ngircd - * would listen on all interfaces. - */ - if (!Conf_ListenAddress) { - Config_Error(LOG_ALERT, "%s exiting due to fatal errors!", PACKAGE_NAME); - exit(1); + if (strcasecmp(Var, "PongTimeout") == 0) { + Conf_PongTimeout = atoi(Arg); + if (Conf_PongTimeout < 5) { + Config_Error(LOG_WARNING, + "%s, line %d: Value of \"PongTimeout\" too low!", + NGIRCd_ConfFile, Line); + Conf_PongTimeout = 5; } return; } -#ifdef SSL_SUPPORT - if( strcasecmp( Var, "SSLPorts" ) == 0 ) { - ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg); + Config_Error_Section(Line, Var, "Limits"); +} + +/** + * Handle variable in [Options] configuration section. + * + * @param Line Line numer in configuration file. + * @param Var Variable name. + * @param Arg Variable argument. + */ +static void +Handle_OPTIONS(int Line, char *Var, char *Arg) +{ + size_t len; + + assert(Line > 0); + assert(Var != NULL); + assert(Arg != NULL); + + if (strcasecmp(Var, "AllowRemoteOper") == 0) { + Conf_AllowRemoteOper = Check_ArgIsTrue(Arg); return; } - - if( strcasecmp( Var, "SSLKeyFile" ) == 0 ) { - assert(Conf_SSLOptions.KeyFile == NULL ); - Conf_SSLOptions.KeyFile = strdup_warn(Arg); + if (strcasecmp(Var, "ChrootDir") == 0) { + len = strlcpy(Conf_Chroot, Arg, sizeof(Conf_Chroot)); + if (len >= sizeof(Conf_Chroot)) + Config_Error_TooLong(Line, Var); return; } - if( strcasecmp( Var, "SSLCertFile" ) == 0 ) { - assert(Conf_SSLOptions.CertFile == NULL ); - Conf_SSLOptions.CertFile = strdup_warn(Arg); + if (strcasecmp(Var, "CloakHost") == 0) { + len = strlcpy(Conf_CloakHost, Arg, sizeof(Conf_CloakHost)); + if (len >= sizeof(Conf_CloakHost)) + Config_Error_TooLong(Line, Var); return; } - - if( strcasecmp( Var, "SSLKeyFilePassword" ) == 0 ) { - assert(array_bytes(&Conf_SSLOptions.KeyFilePassword) == 0); - if (!array_copys(&Conf_SSLOptions.KeyFilePassword, Arg)) - Config_Error( LOG_ERR, "%s, line %d (section \"Global\"): Could not copy %s: %s!", - NGIRCd_ConfFile, Line, Var, strerror(errno)); + if (strcasecmp(Var, "CloakUserToNick") == 0) { + Conf_CloakUserToNick = Check_ArgIsTrue(Arg); return; } - if( strcasecmp( Var, "SSLDHFile" ) == 0 ) { - assert(Conf_SSLOptions.DHFile == NULL); - Conf_SSLOptions.DHFile = strdup_warn( Arg ); - return; - } -#endif -#ifdef SYSLOG - if (strcasecmp(Var, "SyslogFacility") == 0) { - Conf_SyslogFacility = ngt_SyslogFacilityID(Arg, - Conf_SyslogFacility); + if (strcasecmp(Var, "ConnectIPv6") == 0) { + Conf_ConnectIPv6 = Check_ArgIsTrue(Arg); + WarnIPv6(Line); return; } -#endif -#ifndef STRICT_RFC - if (strcasecmp(Var, "RequireAuthPing") == 0 ) { - /* Require new clients to do an "autheticatin PING-PONG" */ - Conf_AuthPing = Check_ArgIsTrue(Arg); + if (strcasecmp(Var, "ConnectIPv4") == 0) { + Conf_ConnectIPv4 = Check_ArgIsTrue(Arg); return; } -#endif - - Config_Error_Section(Line, Var, "Global"); -} - - -/** - * Handle variable in [Features] configuration section. - * - * @param Line Line numer in configuration file. - * @param Var Variable name. - * @param Arg Variable argument. - */ -static void -Handle_FEATURES(int Line, char *Var, char *Arg) -{ - assert( Line > 0 ); - assert( Var != NULL ); - assert( Arg != NULL ); - - if( strcasecmp( Var, "DNS" ) == 0 ) { - /* do reverse dns lookups when clients connect? */ - Conf_DNS = Check_ArgIsTrue( Arg ); + if (strcasecmp(Var, "DNS") == 0) { + Conf_DNS = Check_ArgIsTrue(Arg); return; } if (strcasecmp(Var, "Ident") == 0) { - /* do IDENT lookups when clients connect? */ Conf_Ident = Check_ArgIsTrue(Arg); WarnIdent(Line); return; } - if(strcasecmp(Var, "PAM") == 0) { - /* use PAM library to authenticate users */ + if (strcasecmp(Var, "NoticeAuth") == 0) { + Conf_NoticeAuth = Check_ArgIsTrue(Arg); + return; + } + if (strcasecmp(Var, "OperCanUseMode") == 0) { + Conf_OperCanMode = Check_ArgIsTrue(Arg); + return; + } + if (strcasecmp(Var, "OperServerMode") == 0) { + Conf_OperServerMode = Check_ArgIsTrue(Arg); + return; + } + if (strcasecmp(Var, "PAM") == 0) { Conf_PAM = Check_ArgIsTrue(Arg); WarnPAM(Line); return; } + if (strcasecmp(Var, "PredefChannelsOnly") == 0) { + Conf_PredefChannelsOnly = Check_ArgIsTrue(Arg); + return; + } +#ifndef STRICT_RFC + if (strcasecmp(Var, "RequireAuthPing") == 0) { + Conf_AuthPing = Check_ArgIsTrue(Arg); + return; + } +#endif +#ifdef SSL_SUPPORT + if (strcasecmp(Var, "SSLCertFile") == 0) { + assert(Conf_SSLOptions.CertFile == NULL); + Conf_SSLOptions.CertFile = strdup_warn(Arg); + return; + } + if (strcasecmp(Var, "SSLDHFile") == 0) { + assert(Conf_SSLOptions.DHFile == NULL); + Conf_SSLOptions.DHFile = strdup_warn(Arg); + return; + } + if (strcasecmp(Var, "SSLKeyFile") == 0) { + assert(Conf_SSLOptions.KeyFile == NULL); + Conf_SSLOptions.KeyFile = strdup_warn(Arg); + return; + } + if (strcasecmp(Var, "SSLKeyFilePassword") == 0) { + assert(array_bytes(&Conf_SSLOptions.KeyFilePassword) == 0); + if (!array_copys(&Conf_SSLOptions.KeyFilePassword, Arg)) + Config_Error(LOG_ERR, + "%s, line %d (section \"Global\"): Could not copy %s: %s!", + NGIRCd_ConfFile, Line, Var, + strerror(errno)); + return; + } + if (strcasecmp(Var, "SSLPorts") == 0) { + ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg); + return; + } +#endif +#ifdef SYSLOG + if (strcasecmp(Var, "SyslogFacility") == 0) { + Conf_SyslogFacility = ngt_SyslogFacilityID(Arg, + Conf_SyslogFacility); + return; + } +#endif + if (strcasecmp(Var, "WebircPassword") == 0) { + len = strlcpy(Conf_WebircPwd, Arg, sizeof(Conf_WebircPwd)); + if (len >= sizeof(Conf_WebircPwd)) + Config_Error_TooLong(Line, Var); + return; + } Config_Error_Section(Line, Var, "Options"); } -- cgit 1.4.1 From 7ef6cb4584c8604b73cbc82d07162757217dc08c Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sat, 25 Jun 2011 14:50:52 +0200 Subject: Check for redability of SSL-related files like for MOTD file Remove functions ssl_print_configvar() and ConfSSL_Puts(), introduce new function CheckFileReadable(). --- src/ngircd/conf.c | 60 +++++++++++++++++-------------------------------------- 1 file changed, 18 insertions(+), 42 deletions(-) (limited to 'src') diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index d19109fc..b79715d9 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -109,56 +109,24 @@ ConfSSL_Init(void) } /** - * Output SSL configuration variable containing a file name. - * And make sure that the given file is readable. + * Make sure that a configured file is readable. * - * @returns true when the file is readable. + * Currently, this function is only used for SSL-related options ... + * + * @param Var Configuration variable + * @param Filename Configured filename */ -static bool -ssl_print_configvar(const char *name, const char *file) +static void +CheckFileReadable(const char *Var, const char *Filename) { FILE *fp; - if (!file) { - printf(" %s =\n", name); - return true; - } - - fp = fopen(file, "r"); + fp = fopen(Filename, "r"); if (fp) fclose(fp); else - fprintf(stderr, "ERROR: %s \"%s\": %s\n", - name, file, strerror(errno)); - - printf(" %s = %s\n", name, file); - return fp != NULL; -} - -/** - * Output SSL-related configuration variables. - * - * @returns true when all SSL-related configuration variables are valid. - */ -static bool -ConfSSL_Puts(void) -{ - bool ret; - - ret = ssl_print_configvar("SSLKeyFile", Conf_SSLOptions.KeyFile); - - if (!ssl_print_configvar("SSLCertFile", Conf_SSLOptions.CertFile)) - ret = false; - - if (!ssl_print_configvar("SSLDHFile", Conf_SSLOptions.DHFile)) - ret = false; - - if (array_bytes(&Conf_SSLOptions.KeyFilePassword)) - puts(" SSLKeyFilePassword = "); - - array_free_wipe(&Conf_SSLOptions.KeyFilePassword); - - return ret; + Config_Error(LOG_ERR, "Can't read \"%s\" (\"%s\"): %s", + Filename, Var, strerror(errno)); } #endif @@ -977,6 +945,14 @@ Read_Config( bool ngircd_starting ) /* No MOTD phrase configured? (re)try motd file. */ if (array_bytes(&Conf_Motd) == 0) Read_Motd(Conf_MotdFile); + +#ifdef SSL_SUPPORT + /* Make sure that all SSL-related files are readable */ + CheckFileReadable("SSLCertFile", Conf_SSLOptions.CertFile); + CheckFileReadable("SSLDHFile", Conf_SSLOptions.DHFile); + CheckFileReadable("SSLKeyFile", Conf_SSLOptions.KeyFile); +#endif + return true; } -- cgit 1.4.1 From 391cf4e2a11a1ca3969cb01db062037a9cd8caf3 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sat, 25 Jun 2011 14:55:34 +0200 Subject: conf.c: code cleanup --- src/ngircd/conf.c | 42 ++++++++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 18 deletions(-) (limited to 'src') diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index b79715d9..4da5b9e0 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -302,12 +302,11 @@ Conf_Test( void ) config_valid = Validate_Config(true, false); /* Valid tty? */ - if( isatty( fileno( stdin )) && isatty( fileno( stdout ))) { - puts( "OK, press enter to see a dump of your service configuration ..." ); - getchar( ); - } else { - puts( "Ok, dump of your server configuration follows:\n" ); - } + if(isatty(fileno(stdin)) && isatty(fileno(stdout))) { + puts("OK, press enter to see a dump of your server configuration ..."); + getchar(); + } else + puts("Ok, dump of your server configuration follows:\n"); puts("[GLOBAL]"); printf(" Name = %s\n", Conf_ServerName); @@ -881,7 +880,9 @@ Read_Config( bool ngircd_starting ) continue; } - Config_Error( LOG_ERR, "%s, line %d: Unknown section \"%s\"!", NGIRCd_ConfFile, line, section ); + Config_Error(LOG_ERR, + "%s, line %d: Unknown section \"%s\"!", + NGIRCd_ConfFile, line, section); section[0] = 0x1; } if( section[0] == 0x1 ) continue; @@ -1050,8 +1051,8 @@ WarnPAM(int UNUSED Line) /** * Handle legacy "NoXXX" options in [GLOBAL] section. * - * TODO: This function and support for "NoXXX" should be removed starting - * with ngIRCd release 19! (One release after marking it "deprecated"). + * TODO: This function and support for "NoXXX" could be removed starting + * with ngIRCd release 19 (one release after marking it "deprecated"). * * @param Var Variable name. * @param Arg Argument string. @@ -1060,7 +1061,7 @@ WarnPAM(int UNUSED Line) static bool CheckLegacyNoOption(const char *Var, const char *Arg) { - if( strcasecmp( Var, "NoDNS" ) == 0 ) { + if(strcasecmp(Var, "NoDNS") == 0) { Conf_DNS = !Check_ArgIsTrue( Arg ); return true; } @@ -1168,9 +1169,9 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) size_t len; const char *section; - assert( Line > 0 ); - assert( Var != NULL ); - assert( Arg != NULL ); + assert(Line > 0); + assert(Var != NULL); + assert(Arg != NULL); if (strcasecmp(Var, "Name") == 0) { len = strlcpy(Conf_ServerName, Arg, sizeof(Conf_ServerName)); @@ -1232,12 +1233,13 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) if (len == 0) return; if (len >= LINE_LEN) { - Config_Error_TooLong( Line, Var ); + Config_Error_TooLong(Line, Var); return; } if (!array_copyb(&Conf_Motd, Arg, len + 1)) - Config_Error(LOG_WARNING, "%s, line %d: Could not append MotdPhrase: %s", - NGIRCd_ConfFile, Line, strerror(errno)); + Config_Error(LOG_WARNING, + "%s, line %d: Could not append MotdPhrase: %s", + NGIRCd_ConfFile, Line, strerror(errno)); Using_MotdFile = false; return; } @@ -1281,8 +1283,12 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) } if (CheckLegacyNoOption(Var, Arg)) { - Config_Error(LOG_WARNING, "%s, line %d: \"No\"-Prefix has been removed, use \"%s = %s\" in [FEATURES] section instead", - NGIRCd_ConfFile, Line, NoNo(Var), InvertArg(Arg)); + /* TODO: This function and support for "NoXXX" could be + * be removed starting with ngIRCd release 19 (one release + * after marking it "deprecated"). */ + Config_Error(LOG_WARNING, + "%s, line %d (section \"Global\"): \"No\"-Prefix is deprecated, use \"%s = %s\" in [Options] section!", + NGIRCd_ConfFile, Line, NoNo(Var), InvertArg(Arg)); if (strcasecmp(Var, "NoIdent") == 0) WarnIdent(Line); else if (strcasecmp(Var, "NoPam") == 0) -- cgit 1.4.1 From d41f4d6d20797c9dfdde272b8689f4cc7622fe38 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sat, 25 Jun 2011 14:56:27 +0200 Subject: Display configuration errors more prominent on "--configtest" --- src/ngircd/conf.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 4da5b9e0..9e3fe13d 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -1933,8 +1933,13 @@ va_dcl vsnprintf( msg, MAX_LOG_MSG_LEN, Format, ap ); va_end( ap ); - if (Use_Log) Log( Level, "%s", msg ); - else puts( msg ); + if (!Use_Log) { + if (Level <= LOG_WARNING) + printf(" - %s\n", msg); + else + puts(msg); + } else + Log(Level, "%s", msg); } #ifdef DEBUG -- cgit 1.4.1 From c438c227b554684f4fc92c1548f42731469696c7 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sat, 25 Jun 2011 14:57:26 +0200 Subject: Testsuite: update configuration files for new config file format --- src/testsuite/ngircd-test1.conf | 6 ++++-- src/testsuite/ngircd-test2.conf | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/testsuite/ngircd-test1.conf b/src/testsuite/ngircd-test1.conf index 43851f65..f65f7065 100644 --- a/src/testsuite/ngircd-test1.conf +++ b/src/testsuite/ngircd-test1.conf @@ -7,11 +7,13 @@ Ports = 6789 MotdFile = ngircd-test1.motd AdminEMail = admin@irc.server + +[Limits] MaxConnectionsIP = 0 - OperCanUseMode = yes MaxJoins = 4 -[Features] +[Options] + OperCanUseMode = yes Ident = no PAM = no diff --git a/src/testsuite/ngircd-test2.conf b/src/testsuite/ngircd-test2.conf index 54c1232d..5d2e28f2 100644 --- a/src/testsuite/ngircd-test2.conf +++ b/src/testsuite/ngircd-test2.conf @@ -7,11 +7,13 @@ Ports = 6790 MotdFile = ngircd-test2.motd AdminEMail = admin@irc.server2 + +[Limits] MaxConnectionsIP = 0 - OperCanUseMode = yes MaxJoins = 4 -[Features] +[Options] + OperCanUseMode = yes Ident = no PAM = no -- cgit 1.4.1 From 449ad1eeea20b08d2fe049725f71e98e105ec5f4 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sat, 25 Jun 2011 23:55:54 +0200 Subject: PAM: make clear which "Password" config option is ignored --- src/ngircd/conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 9e3fe13d..f5ddec8e 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -1842,7 +1842,7 @@ Validate_Config(bool Configtest, bool Rehash) #ifdef PAM if (Conf_ServerPwd[0]) Config_Error(LOG_ERR, - "This server uses PAM, \"Password\" will be ignored!"); + "This server uses PAM, \"Password\" in [Global] section will be ignored!"); #endif #ifdef DEBUG -- cgit 1.4.1 From a085444035016061ca71d43f077d715138708f4e Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sun, 26 Jun 2011 00:07:47 +0200 Subject: CheckFileReadable(): only check when a filename is given ... --- src/ngircd/conf.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index f5ddec8e..0a814a76 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -121,6 +121,9 @@ CheckFileReadable(const char *Var, const char *Filename) { FILE *fp; + if (!Filename) + return; + fp = fopen(Filename, "r"); if (fp) fclose(fp); -- cgit 1.4.1 From 946d838de4b6aee588e1136dcea018259a17e778 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Sun, 26 Jun 2011 00:09:36 +0200 Subject: Move SSL-related configuration variables to new [SSL] section --- INSTALL | 14 ++--- doc/sample-ngircd.conf.tmpl | 32 ++++++----- man/ngircd.conf.5.tmpl | 41 +++++++------ src/ngircd/conf.c | 137 +++++++++++++++++++++++++++++--------------- 4 files changed, 140 insertions(+), 84 deletions(-) (limited to 'src') diff --git a/INSTALL b/INSTALL index ea77bd92..1e96e16e 100644 --- a/INSTALL +++ b/INSTALL @@ -17,8 +17,8 @@ Differences to version 17 - Support for ZeroConf/Bonjour/Rendezvous service registration has been removed. The configuration option "NoZeroconf" is no longer available. -- The structure of ngircd.conf has been cleaned up and two new configuration - sections have been introduced: [Limits] and [Options]. +- The structure of ngircd.conf has been cleaned up and three new configuration + sections have been introduced: [Limits], [Options], and [SSL]. Lots of configuration variables stored in the [Global] section are now deprecated there and should be stored in one of these new sections (but still work in [Global]): @@ -39,11 +39,11 @@ Differences to version 17 "PingTimeout" -> [Limits] "PongTimeout" -> [Limits] "PredefChannelsOnly" -> [Options] - "SSLCertFile" -> [Options] - "SSLDHFile" -> [Options] - "SSLKeyFile" -> [Options] - "SSLKeyFilePassword" -> [Options] - "SSLPorts" -> [Options] + "SSLCertFile" -> [SSL], and renamed to "CertFile" + "SSLDHFile" -> [SSL], and renamed to "DHFile" + "SSLKeyFile" -> [SSL], and renamed to "KeyFile" + "SSLKeyFilePassword" -> [SSL], and renamed to "KeyFilePassword" + "SSLPorts" -> [SSL], and renamed to "Ports" "SyslogFacility" -> [Options] "WebircPassword" -> [Options] You should adjust your ngircd.conf and run "ngircd --configtest" to make diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index b4a498d4..40797241 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -12,7 +12,8 @@ # Use "ngircd --configtest" (see manual page ngircd(8)) to validate that the # server interprets the configuration file as expected! # -# Please see ngircd.conf(5) for a complete list of configuration options. +# Please see ngircd.conf(5) for a complete list of configuration options +# and their descriptions. # [Global] @@ -165,6 +166,23 @@ # "PONG" reply. ;RequireAuthPing = no + # Syslog "facility" to which ngIRCd should send log messages. + # Possible values are system dependent, but most probably auth, daemon, + # user and local1 through local7 are possible values; see syslog(3). + # Default is "local5" for historical reasons, you probably want to + # change this to "daemon", for example. + SyslogFacility = local1 + + # Password required for using the WEBIRC command used by some + # Web-to-IRC gateways. If not set/empty, the WEBIRC command can't + # be used. (Default: not set) + ;WebircPassword = xyz + +;[SSL] + # SSL-related configuration options. Please note that this section + # is only available when ngIRCd is compiled with support for SSL! + # So don't forget to remove the ";" above if this is the case ... + # SSL Server Key Certificate ;SSLCertFile = :ETCDIR:/ssl/server-cert.pem @@ -180,18 +198,6 @@ # Additional Listen Ports that expect SSL/TLS encrypted connections ;SSLPorts = 6697, 9999 - # Syslog "facility" to which ngIRCd should send log messages. - # Possible values are system dependent, but most probably auth, daemon, - # user and local1 through local7 are possible values; see syslog(3). - # Default is "local5" for historical reasons, you probably want to - # change this to "daemon", for example. - SyslogFacility = local1 - - # Password required for using the WEBIRC command used by some - # Web-to-IRC gateways. If not set/empty, the WEBIRC command can't - # be used. (Default: not set) - ;WebircPassword = xyz - [Operator] # [Operator] sections are used to define IRC Operators. There may be # more than one [Operator] block, one for each local operator. diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 41cc08ef..68b40800 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -52,8 +52,8 @@ for numbers all decimal integer values are valid. In addition, some string or numerical variables accept lists of values, separated by commas (","). .SH "SECTION OVERVIEW" -The file can contain blocks of four types: [Global], [Limits], [Options], -[Operator], [Server], and [Channel]. +The file can contain blocks of seven types: [Global], [Limits], [Options], +[SSL], [Operator], [Server], and [Channel]. .PP The main configuration of the server is stored in the .I [Global] @@ -68,8 +68,10 @@ block are used to tweak different limits and timeouts of the daemon, like the maximum number of clients allowed to connect to this server. Variables in the .I [Options] section can be used to enable or disable specific features of ngIRCd, like -support for IDENT, PAM, IPv6, SSL, and protocol and cloaking features. These -two sections are both optional. +support for IDENT, PAM, IPv6, and protocol and cloaking features. The +.I [SSL] +block contains all SSL-related configuration variables. These three sections +are all optional. .PP IRC operators of this server are defined in .I [Operator] @@ -81,7 +83,7 @@ blocks are used to configure pre-defined ("persistent") IRC channels. .PP There can be more than one [Operator], [Server] and [Channel] section per configuration file (one for each operator, server, and channel), but only -exactly one [Global], one [Limits], and one [Options] section. +exactly one [Global], one [Limits], one [Options], and one [SSL] section. .SH [GLOBAL] The .I [Global] @@ -276,6 +278,23 @@ Let ngIRCd send an "authentication PING" when a new client connects, and register this client only after receiving the corresponding "PONG" reply. Default: no. .TP +\fBSyslogFacility\fR (string) +Syslog "facility" to which ngIRCd should send log messages. Possible +values are system dependent, but most probably "auth", "daemon", "user" +and "local1" through "local7" are possible values; see syslog(3). +Default is "local5" for historical reasons, you probably want to +change this to "daemon", for example. +.TP +\fBWebircPassword\fR (string) +Password required for using the WEBIRC command used by some Web-to-IRC +gateways. If not set or empty, the WEBIRC command can't be used. +Default: not set. +.SH [SSL] +All SSL-related configuration variables are located in the +.I [SSL] +section. Please note that this whole section is only recognized by ngIRCd +when it is compiled with support for SSL using OpenSSL or GnuTLS! +.TP \fBSSLCertFile\fR (string) SSL Certificate file of the private server key. .TP @@ -298,18 +317,6 @@ OpenSSL only: Password to decrypt the private key file. Same as \fBPorts\fR , except that ngIRCd will expect incoming connections to be SSL/TLS encrypted. Common port numbers for SSL-encrypted IRC are 6669 and 6697. Default: none. -.TP -\fBSyslogFacility\fR (string) -Syslog "facility" to which ngIRCd should send log messages. Possible -values are system dependent, but most probably "auth", "daemon", "user" -and "local1" through "local7" are possible values; see syslog(3). -Default is "local5" for historical reasons, you probably want to -change this to "daemon", for example. -.TP -\fBWebircPassword\fR (string) -Password required for using the WEBIRC command used by some Web-to-IRC -gateways. If not set or empty, the WEBIRC command can't be used. -Default: not set. .SH [OPERATOR] .I [Operator] sections are used to define IRC Operators. There may be more than one diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 0a814a76..92409409 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -89,6 +89,8 @@ static void Init_Server_Struct PARAMS(( CONF_SERVER *Server )); #ifdef SSL_SUPPORT +static void Handle_SSL PARAMS(( int Line, char *Var, char *Ark )); + struct SSLOptions Conf_SSLOptions; /** @@ -377,18 +379,6 @@ Conf_Test( void ) #ifndef STRICT_RFC printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); #endif -#ifdef SSL_SUPPORT - printf(" SSLCertFile = %s\n", Conf_SSLOptions.CertFile); - printf(" SSLDHFile = %s\n", Conf_SSLOptions.DHFile); - printf(" SSLKeyFile = %s\n", Conf_SSLOptions.KeyFile); - if (array_bytes(&Conf_SSLOptions.KeyFilePassword)) - puts(" SSLKeyFilePassword = "); - else - puts(" SSLKeyFilePassword = "); - array_free_wipe(&Conf_SSLOptions.KeyFilePassword); - printf(" SSLPorts = "); - ports_puts(&Conf_SSLOptions.ListenPorts); -#endif #ifdef SYSLOG printf(" SyslogFacility = %s\n", ngt_SyslogFacilityName(Conf_SyslogFacility)); @@ -396,6 +386,24 @@ Conf_Test( void ) printf(" WebircPassword = %s\n", Conf_WebircPwd); puts(""); +#ifdef SSL_SUPPORT + puts("[SSL]"); + printf(" CertFile = %s\n", Conf_SSLOptions.CertFile + ? Conf_SSLOptions.CertFile : ""); + printf(" DHFile = %s\n", Conf_SSLOptions.DHFile + ? Conf_SSLOptions.DHFile : ""); + printf(" KeyFile = %s\n", Conf_SSLOptions.KeyFile + ? Conf_SSLOptions.KeyFile : ""); + if (array_bytes(&Conf_SSLOptions.KeyFilePassword)) + puts(" KeyFilePassword = "); + else + puts(" KeyFilePassword = "); + array_free_wipe(&Conf_SSLOptions.KeyFilePassword); + printf(" Ports = "); + ports_puts(&Conf_SSLOptions.ListenPorts); + puts(""); +#endif + opers_puts(); for( i = 0; i < MAX_SERVERS; i++ ) { @@ -847,7 +855,8 @@ Read_Config( bool ngircd_starting ) strlcpy( section, str, sizeof( section )); if (strcasecmp(section, "[GLOBAL]") == 0 || strcasecmp(section, "[LIMITS]") == 0 || - strcasecmp(section, "[OPTIONS]") == 0) + strcasecmp(section, "[OPTIONS]") == 0 || + strcasecmp(section, "[SSL]") == 0) continue; if( strcasecmp( section, "[SERVER]" ) == 0 ) { @@ -906,6 +915,10 @@ Read_Config( bool ngircd_starting ) Handle_LIMITS(line, var, arg); else if(strcasecmp(section, "[OPTIONS]") == 0) Handle_OPTIONS(line, var, arg); +#ifdef SSL_SUPPORT + else if(strcasecmp(section, "[SSL]") == 0) + Handle_SSL(line, var, arg); +#endif else if(strcasecmp(section, "[OPERATOR]") == 0) Handle_OPERATOR(line, var, arg); else if(strcasecmp(section, "[SERVER]") == 0) @@ -952,9 +965,9 @@ Read_Config( bool ngircd_starting ) #ifdef SSL_SUPPORT /* Make sure that all SSL-related files are readable */ - CheckFileReadable("SSLCertFile", Conf_SSLOptions.CertFile); - CheckFileReadable("SSLDHFile", Conf_SSLOptions.DHFile); - CheckFileReadable("SSLKeyFile", Conf_SSLOptions.KeyFile); + CheckFileReadable("CertFile", Conf_SSLOptions.CertFile); + CheckFileReadable("DHFile", Conf_SSLOptions.DHFile); + CheckFileReadable("KeyFile", Conf_SSLOptions.KeyFile); #endif return true; @@ -1100,13 +1113,6 @@ CheckLegacyGlobalOption(int Line, char *Var, char *Arg) || strcasecmp(Var, "OperCanUseMode") == 0 || strcasecmp(Var, "OperServerMode") == 0 || strcasecmp(Var, "PredefChannelsOnly") == 0 -#ifdef SSL_SUPPORT - || strcasecmp(Var, "SSLCertFile") == 0 - || strcasecmp(Var, "SSLDHFile") == 0 - || strcasecmp(Var, "SSLKeyFile") == 0 - || strcasecmp(Var, "SSLKeyFilePassword") == 0 - || strcasecmp(Var, "SSLPorts") == 0 -#endif || strcasecmp(Var, "SyslogFacility") == 0 || strcasecmp(Var, "WebircPassword") == 0) { Handle_OPTIONS(Line, Var, Arg); @@ -1122,6 +1128,16 @@ CheckLegacyGlobalOption(int Line, char *Var, char *Arg) Handle_LIMITS(Line, Var, Arg); return "[Limits]"; } +#ifdef SSL_SUPPORT + if (strcasecmp(Var, "SSLCertFile") == 0 + || strcasecmp(Var, "SSLDHFile") == 0 + || strcasecmp(Var, "SSLKeyFile") == 0 + || strcasecmp(Var, "SSLKeyFilePassword") == 0 + || strcasecmp(Var, "SSLPorts") == 0) { + Handle_SSL(Line, Var + 3, Arg); + return "[SSL]"; + } +#endif return NULL; } @@ -1302,9 +1318,16 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) /** TODO: This function and support for these options in the * [Global] section could be removed starting with ngIRCd * release 19 (one release after marking it "deprecated"). */ - Config_Error(LOG_WARNING, - "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s!", - NGIRCd_ConfFile, Line, Var, section); + if (strncasecmp(Var, "SSL", 3) == 0) { + Config_Error(LOG_WARNING, + "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s and rename to \"%s\"!", + NGIRCd_ConfFile, Line, Var, section, + Var + 3); + } else { + Config_Error(LOG_WARNING, + "%s, line %d (section \"Global\"): \"%s\" is deprecated here, move it to %s!", + NGIRCd_ConfFile, Line, Var, section); + } return; } @@ -1462,53 +1485,73 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) return; } #endif +#ifdef SYSLOG + if (strcasecmp(Var, "SyslogFacility") == 0) { + Conf_SyslogFacility = ngt_SyslogFacilityID(Arg, + Conf_SyslogFacility); + return; + } +#endif + if (strcasecmp(Var, "WebircPassword") == 0) { + len = strlcpy(Conf_WebircPwd, Arg, sizeof(Conf_WebircPwd)); + if (len >= sizeof(Conf_WebircPwd)) + Config_Error_TooLong(Line, Var); + return; + } + + Config_Error_Section(Line, Var, "Options"); +} + #ifdef SSL_SUPPORT - if (strcasecmp(Var, "SSLCertFile") == 0) { + +/** + * Handle variable in [SSL] configuration section. + * + * @param Line Line numer in configuration file. + * @param Var Variable name. + * @param Arg Variable argument. + */ +static void +Handle_SSL(int Line, char *Var, char *Arg) +{ + assert(Line > 0); + assert(Var != NULL); + assert(Arg != NULL); + + if (strcasecmp(Var, "CertFile") == 0) { assert(Conf_SSLOptions.CertFile == NULL); Conf_SSLOptions.CertFile = strdup_warn(Arg); return; } - if (strcasecmp(Var, "SSLDHFile") == 0) { + if (strcasecmp(Var, "DHFile") == 0) { assert(Conf_SSLOptions.DHFile == NULL); Conf_SSLOptions.DHFile = strdup_warn(Arg); return; } - if (strcasecmp(Var, "SSLKeyFile") == 0) { + if (strcasecmp(Var, "KeyFile") == 0) { assert(Conf_SSLOptions.KeyFile == NULL); Conf_SSLOptions.KeyFile = strdup_warn(Arg); return; } - if (strcasecmp(Var, "SSLKeyFilePassword") == 0) { + if (strcasecmp(Var, "KeyFilePassword") == 0) { assert(array_bytes(&Conf_SSLOptions.KeyFilePassword) == 0); if (!array_copys(&Conf_SSLOptions.KeyFilePassword, Arg)) Config_Error(LOG_ERR, - "%s, line %d (section \"Global\"): Could not copy %s: %s!", + "%s, line %d (section \"SSL\"): Could not copy %s: %s!", NGIRCd_ConfFile, Line, Var, strerror(errno)); return; } - if (strcasecmp(Var, "SSLPorts") == 0) { + if (strcasecmp(Var, "Ports") == 0) { ports_parse(&Conf_SSLOptions.ListenPorts, Line, Arg); return; } -#endif -#ifdef SYSLOG - if (strcasecmp(Var, "SyslogFacility") == 0) { - Conf_SyslogFacility = ngt_SyslogFacilityID(Arg, - Conf_SyslogFacility); - return; - } -#endif - if (strcasecmp(Var, "WebircPassword") == 0) { - len = strlcpy(Conf_WebircPwd, Arg, sizeof(Conf_WebircPwd)); - if (len >= sizeof(Conf_WebircPwd)) - Config_Error_TooLong(Line, Var); - return; - } - Config_Error_Section(Line, Var, "Options"); + Config_Error_Section(Line, Var, "SSL"); } +#endif + /** * Handle variable in [Operator] configuration section. * -- cgit 1.4.1