diff options
| -rwxr-xr-x | configure | 2 | ||||
| -rw-r--r-- | docs/conf/modules.conf.example | 8 | ||||
| -rw-r--r-- | include/users.h | 5 | ||||
| -rw-r--r-- | src/configparser.cpp | 2 | ||||
| -rw-r--r-- | src/configreader.cpp | 8 | ||||
| -rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 50 | ||||
| -rw-r--r-- | src/modules/m_joinflood.cpp | 13 | ||||
| -rw-r--r-- | src/modules/m_lockserv.cpp | 32 | ||||
| -rw-r--r-- | src/modules/m_nickflood.cpp | 15 | ||||
| -rw-r--r-- | src/users.cpp | 13 | ||||
| -rwxr-xr-x | tools/genssl | 2 | ||||
| -rwxr-xr-x | tools/test-build | 3 |
12 files changed, 116 insertions, 37 deletions
@@ -37,9 +37,11 @@ use warnings FATAL => qw(all); use File::Basename qw(basename); use File::Copy (); use File::Spec::Functions qw(rel2abs); +use FindBin qw($RealDir); use Getopt::Long qw(GetOptions); use POSIX qw(getgid getuid); +use lib $RealDir; use make::common; use make::configure; use make::console; diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 4352b0a09..5aa5bb158 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1007,8 +1007,11 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Join flood module: Adds support for join flood protection +j X:Y. -# Closes the channel for 60 seconds if X users join in Y seconds. +# Closes the channel for N seconds if X users join in Y seconds. #<module name="joinflood"> +# +# The number of seconds to close the channel for: +#<joinflood duration="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Jump server module: Adds support for the RPL_REDIR numeric. @@ -1215,6 +1218,9 @@ # Nickchange flood protection module: Provides channel mode +F X:Y # which allows up to X nick changes in Y seconds. #<module name="nickflood"> +# +# The number of seconds to prevent nick changes for: +#<nickflood duration="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Nicklock module: Let opers change a user's nick and then stop that diff --git a/include/users.h b/include/users.h index ae76d2eb3..fc31a8297 100644 --- a/include/users.h +++ b/include/users.h @@ -135,6 +135,11 @@ struct CoreExport ConnectClass : public refcountbase */ bool resolvehostnames; + /** + * If non-empty the server ports which this user has to be using + */ + insp::flat_set<int> ports; + /** Create a new connect class with no settings. */ ConnectClass(ConfigTag* tag, char type, const std::string& mask); diff --git a/src/configparser.cpp b/src/configparser.cpp index 3be1ac9c5..8bf9aaec2 100644 --- a/src/configparser.cpp +++ b/src/configparser.cpp @@ -173,7 +173,7 @@ struct Parser } else if (ch == '"') break; - else + else if (ch != '\r') value.push_back(ch); } diff --git a/src/configreader.cpp b/src/configreader.cpp index 7a1c8b8ce..9d327532b 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -328,6 +328,14 @@ void ServerConfig::CrossCheckConnectBlocks(ServerConfig* current) me->limit = tag->getInt("limit", me->limit); me->resolvehostnames = tag->getBool("resolvehostnames", me->resolvehostnames); + std::string ports = tag->getString("port"); + if (!ports.empty()) + { + irc::portparser portrange(ports, false); + while (int port = portrange.GetToken()) + me->ports.insert(port); + } + ClassMap::iterator oldMask = oldBlocksByMask.find(typeMask); if (oldMask != oldBlocksByMask.end()) { diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 7cff5da8a..370f855ed 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -58,6 +58,15 @@ #define INSPIRCD_OPENSSL_ENABLE_ECDH #endif +// BIO is opaque in OpenSSL 1.1 but the access API does not exist in 1.0 and older. +#if OPENSSL_VERSION_NUMBER < 0x10100000L +# define BIO_get_data(BIO) BIO->ptr +# define BIO_set_data(BIO, VALUE) BIO->ptr = VALUE; +# define BIO_set_init(BIO, VALUE) BIO->init = VALUE; +#else +# define INSPIRCD_OPENSSL_OPAQUE_BIO +#endif + enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN }; static bool SelfSigned = false; @@ -372,7 +381,7 @@ namespace OpenSSL { static int create(BIO* bio) { - bio->init = 1; + BIO_set_init(bio, 1); return 1; } @@ -393,9 +402,25 @@ namespace OpenSSL static int read(BIO* bio, char* buf, int len); static int write(BIO* bio, const char* buf, int len); + +#ifdef INSPIRCD_OPENSSL_OPAQUE_BIO + static BIO_METHOD* alloc() + { + BIO_METHOD* meth = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "inspircd"); + BIO_meth_set_write(meth, OpenSSL::BIOMethod::write); + BIO_meth_set_read(meth, OpenSSL::BIOMethod::read); + BIO_meth_set_ctrl(meth, OpenSSL::BIOMethod::ctrl); + BIO_meth_set_create(meth, OpenSSL::BIOMethod::create); + BIO_meth_set_destroy(meth, OpenSSL::BIOMethod::destroy); + return meth; + } +#endif } } +// BIO_METHOD is opaque in OpenSSL 1.1 so we can't do this. +// See OpenSSL::BIOMethod::alloc for the new method. +#ifndef INSPIRCD_OPENSSL_OPAQUE_BIO static BIO_METHOD biomethods = { (100 | BIO_TYPE_SOURCE_SINK), @@ -409,6 +434,9 @@ static BIO_METHOD biomethods = OpenSSL::BIOMethod::destroy, // destroy, does nothing, see function body for more info NULL // callback_ctrl }; +#else +static BIO_METHOD* biomethods; +#endif static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx) { @@ -558,7 +586,7 @@ class OpenSSLIOHook : public SSLIOHook // to ISSL_NONE so CheckRenego() closes the session status = ISSL_NONE; BIO* bio = SSL_get_rbio(sess); - EventHandler* eh = static_cast<StreamSocket*>(bio->ptr); + EventHandler* eh = static_cast<StreamSocket*>(BIO_get_data(bio)); SocketEngine::Shutdown(eh, 2); } } @@ -601,8 +629,12 @@ class OpenSSLIOHook : public SSLIOHook , profile(sslprofile) { // Create BIO instance and store a pointer to the socket in it which will be used by the read and write functions +#ifdef INSPIRCD_OPENSSL_OPAQUE_BIO + BIO* bio = BIO_new(biomethods); +#else BIO* bio = BIO_new(&biomethods); - bio->ptr = sock; +#endif + BIO_set_data(bio, sock); SSL_set_bio(sess, bio, bio); SSL_set_ex_data(sess, exdataindex, this); @@ -759,7 +791,7 @@ static int OpenSSL::BIOMethod::write(BIO* bio, const char* buffer, int size) { BIO_clear_retry_flags(bio); - StreamSocket* sock = static_cast<StreamSocket*>(bio->ptr); + StreamSocket* sock = static_cast<StreamSocket*>(BIO_get_data(bio)); if (sock->GetEventMask() & FD_WRITE_WILL_BLOCK) { // Writes blocked earlier, don't retry syscall @@ -782,7 +814,7 @@ static int OpenSSL::BIOMethod::read(BIO* bio, char* buffer, int size) { BIO_clear_retry_flags(bio); - StreamSocket* sock = static_cast<StreamSocket*>(bio->ptr); + StreamSocket* sock = static_cast<StreamSocket*>(BIO_get_data(bio)); if (sock->GetEventMask() & FD_READ_WILL_BLOCK) { // Reads blocked earlier, don't retry syscall @@ -892,6 +924,14 @@ class ModuleSSLOpenSSL : public Module // Initialize OpenSSL SSL_library_init(); SSL_load_error_strings(); +#ifdef INSPIRCD_OPENSSL_OPAQUE_BIO + biomethods = OpenSSL::BIOMethod::alloc(); + } + + ~ModuleSSLOpenSSL() + { + BIO_meth_free(biomethods); +#endif } void init() CXX11_OVERRIDE diff --git a/src/modules/m_joinflood.cpp b/src/modules/m_joinflood.cpp index 56131f0be..077ceff52 100644 --- a/src/modules/m_joinflood.cpp +++ b/src/modules/m_joinflood.cpp @@ -23,6 +23,9 @@ #include "inspircd.h" +// The number of seconds the channel will be closed for. +static unsigned int duration; + /** Holds settings and state associated with channel mode +j */ class joinfloodsettings @@ -71,7 +74,7 @@ class joinfloodsettings void lock() { - unlocktime = ServerInstance->Time() + 60; + unlocktime = ServerInstance->Time() + duration; } bool operator==(const joinfloodsettings& other) const @@ -129,6 +132,12 @@ class ModuleJoinFlood : public Module { } + void ReadConfig(ConfigStatus&) CXX11_OVERRIDE + { + ConfigTag* tag = ServerInstance->Config->ConfValue("joinflood"); + duration = tag->getDuration("duration", 60, 10, 600); + } + ModResult OnUserPreJoin(LocalUser* user, Channel* chan, const std::string& cname, std::string& privs, const std::string& keygiven) CXX11_OVERRIDE { if (chan) @@ -159,7 +168,7 @@ class ModuleJoinFlood : public Module { f->clear(); f->lock(); - memb->chan->WriteNotice(InspIRCd::Format("This channel has been closed to new users for 60 seconds because there have been more than %d joins in %d seconds.", f->joins, f->secs)); + memb->chan->WriteNotice(InspIRCd::Format("This channel has been closed to new users for %u seconds because there have been more than %d joins in %d seconds.", duration, f->joins, f->secs)); } } } diff --git a/src/modules/m_lockserv.cpp b/src/modules/m_lockserv.cpp index ffcc04682..7c1bb5bd3 100644 --- a/src/modules/m_lockserv.cpp +++ b/src/modules/m_lockserv.cpp @@ -27,23 +27,24 @@ class CommandLockserv : public Command { - bool& locked; + std::string& locked; public: - CommandLockserv(Module* Creator, bool& lock) : Command(Creator, "LOCKSERV", 0), locked(lock) + CommandLockserv(Module* Creator, std::string& lock) : Command(Creator, "LOCKSERV", 0, 1), locked(lock) { + allow_empty_last_param = false; flags_needed = 'o'; } CmdResult Handle (const std::vector<std::string> ¶meters, User *user) { - if (locked) + if (!locked.empty()) { user->WriteNotice("The server is already locked."); return CMD_FAILURE; } - locked = true; + locked = parameters.empty() ? "Server is temporarily closed. Please try again later." : parameters[0]; user->WriteNumeric(988, user->server->GetName(), "Closed for new connections"); ServerInstance->SNO->WriteGlobalSno('a', "Oper %s used LOCKSERV to temporarily disallow new connections", user->nick.c_str()); return CMD_SUCCESS; @@ -52,23 +53,23 @@ class CommandLockserv : public Command class CommandUnlockserv : public Command { - bool& locked; + std::string& locked; public: - CommandUnlockserv(Module* Creator, bool &lock) : Command(Creator, "UNLOCKSERV", 0), locked(lock) + CommandUnlockserv(Module* Creator, std::string& lock) : Command(Creator, "UNLOCKSERV", 0), locked(lock) { flags_needed = 'o'; } CmdResult Handle (const std::vector<std::string> ¶meters, User *user) { - if (!locked) + if (locked.empty()) { user->WriteNotice("The server isn't locked."); return CMD_FAILURE; } - locked = false; + locked.clear(); user->WriteNumeric(989, user->server->GetName(), "Open for new connections"); ServerInstance->SNO->WriteGlobalSno('a', "Oper %s used UNLOCKSERV to allow new connections", user->nick.c_str()); return CMD_SUCCESS; @@ -77,7 +78,7 @@ class CommandUnlockserv : public Command class ModuleLockserv : public Module { - bool locked; + std::string locked; CommandLockserv lockcommand; CommandUnlockserv unlockcommand; @@ -86,23 +87,18 @@ class ModuleLockserv : public Module { } - void init() CXX11_OVERRIDE - { - locked = false; - } - void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE { // Emergency way to unlock if (!status.srcuser) - locked = false; + locked.clear(); } ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE { - if (locked) + if (!locked.empty()) { - ServerInstance->Users->QuitUser(user, "Server is temporarily closed. Please try again later."); + ServerInstance->Users->QuitUser(user, locked); return MOD_RES_DENY; } return MOD_RES_PASSTHRU; @@ -110,7 +106,7 @@ class ModuleLockserv : public Module ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE { - return locked ? MOD_RES_DENY : MOD_RES_PASSTHRU; + return !locked.empty() ? MOD_RES_DENY : MOD_RES_PASSTHRU; } Version GetVersion() CXX11_OVERRIDE diff --git a/src/modules/m_nickflood.cpp b/src/modules/m_nickflood.cpp index 39e097daa..abb3cdfaf 100644 --- a/src/modules/m_nickflood.cpp +++ b/src/modules/m_nickflood.cpp @@ -20,6 +20,9 @@ #include "inspircd.h" +// The number of seconds nickname changing will be blocked for. +static unsigned int duration; + /** Holds settings and state associated with channel mode +F */ class nickfloodsettings @@ -72,7 +75,7 @@ class nickfloodsettings void lock() { - unlocktime = ServerInstance->Time() + 60; + unlocktime = ServerInstance->Time() + duration; } }; @@ -126,6 +129,12 @@ class ModuleNickFlood : public Module { } + void ReadConfig(ConfigStatus&) CXX11_OVERRIDE + { + ConfigTag* tag = ServerInstance->Config->ConfValue("nickflood"); + duration = tag->getDuration("duration", 60, 10, 600); + } + ModResult OnUserPreNick(LocalUser* user, const std::string& newnick) CXX11_OVERRIDE { for (User::ChanList::iterator i = user->chans.begin(); i != user->chans.end(); i++) @@ -142,7 +151,7 @@ class ModuleNickFlood : public Module if (f->islocked()) { - user->WriteNumeric(ERR_CANTCHANGENICK, InspIRCd::Format("%s has been locked for nickchanges for 60 seconds because there have been more than %u nick changes in %u seconds", channel->name.c_str(), f->nicks, f->secs)); + user->WriteNumeric(ERR_CANTCHANGENICK, InspIRCd::Format("%s has been locked for nickchanges for %u seconds because there have been more than %u nick changes in %u seconds", channel->name.c_str(), duration, f->nicks, f->secs)); return MOD_RES_DENY; } @@ -150,7 +159,7 @@ class ModuleNickFlood : public Module { f->clear(); f->lock(); - channel->WriteNotice(InspIRCd::Format("No nick changes are allowed for 60 seconds because there have been more than %u nick changes in %u seconds.", f->nicks, f->secs)); + channel->WriteNotice(InspIRCd::Format("No nick changes are allowed for %u seconds because there have been more than %u nick changes in %u seconds.", duration, f->nicks, f->secs)); return MOD_RES_DENY; } } diff --git a/src/users.cpp b/src/users.cpp index 5d1c12b13..498a27d58 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -1096,14 +1096,14 @@ void LocalUser::SetClass(const std::string &explicit_name) } /* if it requires a port ... */ - int port = c->config->getInt("port"); - if (port) + if (!c->ports.empty()) { - ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Requires port (%d)", port); - /* and our port doesn't match, fail. */ - if (this->GetServerPort() != port) + if (!c->ports.count(this->GetServerPort())) + { + ServerInstance->Logs->Log("CONNECTCLASS", LOG_DEBUG, "Requires a different port, skipping"); continue; + } } if (regdone && !c->config->getString("password").empty()) @@ -1171,7 +1171,7 @@ ConnectClass::ConnectClass(ConfigTag* tag, char t, const std::string& mask, cons softsendqmax(parent.softsendqmax), hardsendqmax(parent.hardsendqmax), recvqmax(parent.recvqmax), penaltythreshold(parent.penaltythreshold), commandrate(parent.commandrate), maxlocal(parent.maxlocal), maxglobal(parent.maxglobal), maxconnwarn(parent.maxconnwarn), maxchans(parent.maxchans), - limit(parent.limit), resolvehostnames(parent.resolvehostnames) + limit(parent.limit), resolvehostnames(parent.resolvehostnames), ports(parent.ports) { } @@ -1195,4 +1195,5 @@ void ConnectClass::Update(const ConnectClass* src) maxchans = src->maxchans; limit = src->limit; resolvehostnames = src->resolvehostnames; + ports = src->ports; } diff --git a/tools/genssl b/tools/genssl index c88f9534f..b824f4ebe 100755 --- a/tools/genssl +++ b/tools/genssl @@ -36,7 +36,7 @@ use File::Temp(); sub prompt($$) { my ($question, $default) = @_; - return prompt_string(1, $question, $default) if eval 'use make::console; 1'; + return prompt_string(1, $question, $default) if eval 'use FindBin;use lib $FindBin::RealDir;use make::console; 1'; say $question; print "[$default] => "; chomp(my $answer = <STDIN>); diff --git a/tools/test-build b/tools/test-build index 17c98042b..2b9ee4ee2 100755 --- a/tools/test-build +++ b/tools/test-build @@ -30,6 +30,9 @@ use feature ':5.10'; use strict; use warnings FATAL => qw(all); +use FindBin qw($RealDir); + +use lib $RealDir; use make::common; use make::configure; |