diff options
-rw-r--r-- | include/configreader.h | 5 | ||||
-rw-r--r-- | include/modules.h | 2 | ||||
-rw-r--r-- | src/commands/cmd_motd.cpp | 2 | ||||
-rw-r--r-- | src/commands/cmd_rules.cpp | 2 | ||||
-rw-r--r-- | src/commands/cmd_whois.cpp | 2 | ||||
-rw-r--r-- | src/configparser.cpp | 9 | ||||
-rw-r--r-- | src/configreader.cpp | 10 | ||||
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 50 | ||||
-rw-r--r-- | src/modules/m_spanningtree/idle.cpp | 2 | ||||
-rw-r--r-- | src/modules/m_spanningtree/treesocket2.cpp | 6 | ||||
-rw-r--r-- | src/server.cpp | 11 |
11 files changed, 83 insertions, 18 deletions
diff --git a/include/configreader.h b/include/configreader.h index 1edacfe13..b01a979a7 100644 --- a/include/configreader.h +++ b/include/configreader.h @@ -197,6 +197,9 @@ class CoreExport ServerConfig ConfigTagList ConfTags(const std::string& tag); + /** An empty configuration tag. */ + ConfigTag* EmptyTag; + /** Error stream, contains error output from any failed configuration parsing. */ std::stringstream errstr; @@ -527,6 +530,8 @@ class CoreExport ServerConfig */ ServerConfig(); + ~ServerConfig(); + /** Get server ID as string with required leading zeroes */ const std::string& GetSID(); diff --git a/include/modules.h b/include/modules.h index eef8c61c9..cd0d5aad0 100644 --- a/include/modules.h +++ b/include/modules.h @@ -116,7 +116,7 @@ struct ModResult { * and numerical comparisons in preprocessor macros if they wish to support * multiple versions of InspIRCd in one file. */ -#define INSPIRCD_VERSION_API 8 +#define INSPIRCD_VERSION_API 9 /** * This #define allows us to call a method in all diff --git a/src/commands/cmd_motd.cpp b/src/commands/cmd_motd.cpp index 8e227723e..869a9c353 100644 --- a/src/commands/cmd_motd.cpp +++ b/src/commands/cmd_motd.cpp @@ -53,7 +53,7 @@ CmdResult CommandMotd::Handle (const std::vector<std::string>& parameters, User if (parameters.size() > 0 && parameters[0] != ServerInstance->Config->ServerName) return CMD_SUCCESS; - ConfigTag* tag = NULL; + ConfigTag* tag = ServerInstance->Config->EmptyTag; if (IS_LOCAL(user)) tag = user->GetClass()->config; std::string motd_name = tag->getString("motd", "motd"); diff --git a/src/commands/cmd_rules.cpp b/src/commands/cmd_rules.cpp index 5d41aa4b8..17de9f3f2 100644 --- a/src/commands/cmd_rules.cpp +++ b/src/commands/cmd_rules.cpp @@ -51,7 +51,7 @@ CmdResult CommandRules::Handle (const std::vector<std::string>& parameters, User if (parameters.size() > 0 && parameters[0] != ServerInstance->Config->ServerName) return CMD_SUCCESS; - ConfigTag* tag = NULL; + ConfigTag* tag = ServerInstance->Config->EmptyTag; if (IS_LOCAL(user)) tag = user->GetClass()->config; std::string rules_name = tag->getString("rules", "rules"); diff --git a/src/commands/cmd_whois.cpp b/src/commands/cmd_whois.cpp index ba2ad9c15..ab0b82fff 100644 --- a/src/commands/cmd_whois.cpp +++ b/src/commands/cmd_whois.cpp @@ -76,7 +76,7 @@ CmdResult CommandWhois::Handle (const std::vector<std::string>& parameters, User */ if (IS_LOCAL(dest) && (ServerInstance->Config->HideWhoisServer.empty() || parameters.size() > 1)) { - idle = abs((long)((dest->idle_lastmsg)-ServerInstance->Time())); + idle = labs((long)((dest->idle_lastmsg)-ServerInstance->Time())); signon = dest->signon; } diff --git a/src/configparser.cpp b/src/configparser.cpp index 825dfc966..94192a71b 100644 --- a/src/configparser.cpp +++ b/src/configparser.cpp @@ -390,8 +390,17 @@ bool ParseStack::ParseExec(const std::string& name, int flags, const std::string bool ConfigTag::readString(const std::string& key, std::string& value, bool allow_lf) { +#ifdef __clang__ +# pragma clang diagnostic push +# pragma clang diagnostic ignored "-Wunknown-pragmas" +# pragma clang diagnostic ignored "-Wundefined-bool-conversion" +#endif + // TODO: this is undefined behaviour but changing the API is too risky for 2.0. if (!this) return false; +#ifdef __clang__ +# pragma clang diagnostic pop +#endif for(std::vector<KeyVal>::iterator j = items.begin(); j != items.end(); ++j) { if(j->first != key) diff --git a/src/configreader.cpp b/src/configreader.cpp index 060f66d16..b5d2fdb16 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -48,6 +48,14 @@ ServerConfig::ServerConfig() OperMaxChans = 30; c_ipv4_range = 32; c_ipv6_range = 128; + + std::vector<KeyVal>* items; + EmptyTag = ConfigTag::create("empty", "<auto>", 0, items); +} + +ServerConfig::~ServerConfig() +{ + delete EmptyTag; } void ServerConfig::Update005() @@ -888,7 +896,7 @@ ConfigTag* ServerConfig::ConfValue(const std::string &tag) { ConfigTagList found = config_data.equal_range(tag); if (found.first == found.second) - return NULL; + return EmptyTag; ConfigTag* rv = found.first->second; found.first++; if (found.first != found.second) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 33f848798..518712c00 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -102,10 +102,29 @@ class ModuleSSLOpenSSL : public Module SSL_CTX* ctx; SSL_CTX* clictx; + long ctx_options; + long clictx_options; + std::string sslports; bool use_sha; ServiceProvider iohook; + + static void SetContextOptions(SSL_CTX* ctx, long defoptions, const std::string& ctxname, ConfigTag* tag) + { + long setoptions = tag->getInt(ctxname + "setoptions"); + long clearoptions = tag->getInt(ctxname + "clearoptions"); + ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Setting OpenSSL %s context options, default: %ld set: %ld clear: %ld", ctxname.c_str(), defoptions, clearoptions, setoptions); + + // Clear everything + SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx)); + + // Set the default options and what is in the conf + SSL_CTX_set_options(ctx, defoptions | setoptions); + long final = SSL_CTX_clear_options(ctx, clearoptions); + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final); + } + public: ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK) @@ -128,8 +147,20 @@ class ModuleSSLOpenSSL : public Module SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify); SSL_CTX_set_verify(clictx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify); - const unsigned char session_id[] = "inspircd"; - SSL_CTX_set_session_id_context(ctx, session_id, sizeof(session_id) - 1); + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + SSL_CTX_set_session_cache_mode(clictx, SSL_SESS_CACHE_OFF); + + long opts = SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE; + // Only turn options on if they exist +#ifdef SSL_OP_SINGLE_ECDH_USE + opts |= SSL_OP_SINGLE_ECDH_USE; +#endif +#ifdef SSL_OP_NO_TICKET + opts |= SSL_OP_NO_TICKET; +#endif + + ctx_options = SSL_CTX_set_options(ctx, opts); + clictx_options = SSL_CTX_set_options(clictx, opts); } void init() @@ -211,10 +242,17 @@ class ModuleSSLOpenSSL : public Module throw ModuleException("Unknown hash type " + hash); use_sha = (hash == "sha1"); + if (conf->getBool("customcontextoptions")) + { + SetContextOptions(ctx, ctx_options, "server", conf); + SetContextOptions(clictx, clictx_options, "client", conf); + } + std::string ciphers = conf->getString("ciphers", ""); if (!ciphers.empty()) { + ERR_clear_error(); if ((!SSL_CTX_set_cipher_list(ctx, ciphers.c_str())) || (!SSL_CTX_set_cipher_list(clictx, ciphers.c_str()))) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't set cipher list to %s.", ciphers.c_str()); @@ -225,12 +263,14 @@ class ModuleSSLOpenSSL : public Module /* Load our keys and certificates * NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck. */ + ERR_clear_error(); if ((!SSL_CTX_use_certificate_chain_file(ctx, certfile.c_str())) || (!SSL_CTX_use_certificate_chain_file(clictx, certfile.c_str()))) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't read certificate file %s. %s", certfile.c_str(), strerror(errno)); ERR_print_errors_cb(error_callback, this); } + ERR_clear_error(); if (((!SSL_CTX_use_PrivateKey_file(ctx, keyfile.c_str(), SSL_FILETYPE_PEM))) || (!SSL_CTX_use_PrivateKey_file(clictx, keyfile.c_str(), SSL_FILETYPE_PEM))) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't read key file %s. %s", keyfile.c_str(), strerror(errno)); @@ -238,6 +278,7 @@ class ModuleSSLOpenSSL : public Module } /* Load the CAs we trust*/ + ERR_clear_error(); if (((!SSL_CTX_load_verify_locations(ctx, cafile.c_str(), 0))) || (!SSL_CTX_load_verify_locations(clictx, cafile.c_str(), 0))) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't read CA list from %s. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: %s", cafile.c_str(), strerror(errno)); @@ -264,6 +305,8 @@ class ModuleSSLOpenSSL : public Module #else ret = PEM_read_DHparams(dhpfile, NULL, NULL, NULL); #endif + + ERR_clear_error(); if ((SSL_CTX_set_tmp_dh(ctx, ret) < 0) || (SSL_CTX_set_tmp_dh(clictx, ret) < 0)) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Couldn't set DH parameters %s. SSL errors follow:", dhfile.c_str()); @@ -426,6 +469,7 @@ class ModuleSSLOpenSSL : public Module if (session->status == ISSL_OPEN) { + ERR_clear_error(); char* buffer = ServerInstance->GetReadBuffer(); size_t bufsiz = ServerInstance->Config->NetBufferSize; int ret = SSL_read(session->sess, buffer, bufsiz); @@ -496,6 +540,7 @@ class ModuleSSLOpenSSL : public Module if (session->status == ISSL_OPEN) { + ERR_clear_error(); int ret = SSL_write(session->sess, buffer.data(), buffer.size()); if (ret == (int)buffer.length()) { @@ -542,6 +587,7 @@ class ModuleSSLOpenSSL : public Module { int ret; + ERR_clear_error(); if (session->outbound) ret = SSL_connect(session->sess); else diff --git a/src/modules/m_spanningtree/idle.cpp b/src/modules/m_spanningtree/idle.cpp index 0ea06a3cc..18aeb0ad5 100644 --- a/src/modules/m_spanningtree/idle.cpp +++ b/src/modules/m_spanningtree/idle.cpp @@ -40,7 +40,7 @@ bool TreeSocket::Whois(const std::string &prefix, parameterlist ¶ms) User* x = ServerInstance->FindNick(params[0]); if ((x) && (IS_LOCAL(x))) { - long idle = abs((long)((x->idle_lastmsg) - ServerInstance->Time())); + long idle = labs((long)((x->idle_lastmsg) - ServerInstance->Time())); parameterlist par; par.push_back(prefix); par.push_back(ConvToStr(x->signon)); diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp index fb658c9c7..acb822fbf 100644 --- a/src/modules/m_spanningtree/treesocket2.cpp +++ b/src/modules/m_spanningtree/treesocket2.cpp @@ -155,13 +155,13 @@ void TreeSocket::ProcessLine(std::string &line) time_t delta = them - ServerInstance->Time(); if ((delta < -600) || (delta > 600)) { - ServerInstance->SNO->WriteGlobalSno('l',"\2ERROR\2: Your clocks are out by %d seconds (this is more than five minutes). Link aborted, \2PLEASE SYNC YOUR CLOCKS!\2",abs((long)delta)); - SendError("Your clocks are out by "+ConvToStr(abs((long)delta))+" seconds (this is more than five minutes). Link aborted, PLEASE SYNC YOUR CLOCKS!"); + ServerInstance->SNO->WriteGlobalSno('l',"\2ERROR\2: Your clocks are out by %ld seconds (this is more than five minutes). Link aborted, \2PLEASE SYNC YOUR CLOCKS!\2",labs((long)delta)); + SendError("Your clocks are out by "+ConvToStr(labs((long)delta))+" seconds (this is more than five minutes). Link aborted, PLEASE SYNC YOUR CLOCKS!"); return; } else if ((delta < -30) || (delta > 30)) { - ServerInstance->SNO->WriteGlobalSno('l',"\2WARNING\2: Your clocks are out by %d seconds. Please consider synching your clocks.", abs((long)delta)); + ServerInstance->SNO->WriteGlobalSno('l',"\2WARNING\2: Your clocks are out by %ld seconds. Please consider synching your clocks.", labs((long)delta)); } } diff --git a/src/server.cpp b/src/server.cpp index 4741f942d..d05ece8a4 100644 --- a/src/server.cpp +++ b/src/server.cpp @@ -46,13 +46,10 @@ void InspIRCd::Exit(int status) #ifdef _WIN32 SetServiceStopped(status); #endif - if (this) - { - this->SendError("Exiting with status " + ConvToStr(status) + " (" + std::string(ExitCodes[status]) + ")"); - this->Cleanup(); - delete this; - ServerInstance = NULL; - } + this->SendError("Exiting with status " + ConvToStr(status) + " (" + std::string(ExitCodes[status]) + ")"); + this->Cleanup(); + delete this; + ServerInstance = NULL; exit (status); } |