summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/commands/cmd_motd.cpp2
-rw-r--r--src/commands/cmd_rules.cpp2
-rw-r--r--src/commands/cmd_whois.cpp2
-rw-r--r--src/configparser.cpp9
-rw-r--r--src/configreader.cpp10
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp50
-rw-r--r--src/modules/m_spanningtree/idle.cpp2
-rw-r--r--src/modules/m_spanningtree/treesocket2.cpp6
-rw-r--r--src/server.cpp11
9 files changed, 77 insertions, 17 deletions
diff --git a/src/commands/cmd_motd.cpp b/src/commands/cmd_motd.cpp
index 8e227723e..869a9c353 100644
--- a/src/commands/cmd_motd.cpp
+++ b/src/commands/cmd_motd.cpp
@@ -53,7 +53,7 @@ CmdResult CommandMotd::Handle (const std::vector<std::string>& parameters, User
if (parameters.size() > 0 && parameters[0] != ServerInstance->Config->ServerName)
return CMD_SUCCESS;
- ConfigTag* tag = NULL;
+ ConfigTag* tag = ServerInstance->Config->EmptyTag;
if (IS_LOCAL(user))
tag = user->GetClass()->config;
std::string motd_name = tag->getString("motd", "motd");
diff --git a/src/commands/cmd_rules.cpp b/src/commands/cmd_rules.cpp
index 5d41aa4b8..17de9f3f2 100644
--- a/src/commands/cmd_rules.cpp
+++ b/src/commands/cmd_rules.cpp
@@ -51,7 +51,7 @@ CmdResult CommandRules::Handle (const std::vector<std::string>& parameters, User
if (parameters.size() > 0 && parameters[0] != ServerInstance->Config->ServerName)
return CMD_SUCCESS;
- ConfigTag* tag = NULL;
+ ConfigTag* tag = ServerInstance->Config->EmptyTag;
if (IS_LOCAL(user))
tag = user->GetClass()->config;
std::string rules_name = tag->getString("rules", "rules");
diff --git a/src/commands/cmd_whois.cpp b/src/commands/cmd_whois.cpp
index ba2ad9c15..ab0b82fff 100644
--- a/src/commands/cmd_whois.cpp
+++ b/src/commands/cmd_whois.cpp
@@ -76,7 +76,7 @@ CmdResult CommandWhois::Handle (const std::vector<std::string>& parameters, User
*/
if (IS_LOCAL(dest) && (ServerInstance->Config->HideWhoisServer.empty() || parameters.size() > 1))
{
- idle = abs((long)((dest->idle_lastmsg)-ServerInstance->Time()));
+ idle = labs((long)((dest->idle_lastmsg)-ServerInstance->Time()));
signon = dest->signon;
}
diff --git a/src/configparser.cpp b/src/configparser.cpp
index 825dfc966..94192a71b 100644
--- a/src/configparser.cpp
+++ b/src/configparser.cpp
@@ -390,8 +390,17 @@ bool ParseStack::ParseExec(const std::string& name, int flags, const std::string
bool ConfigTag::readString(const std::string& key, std::string& value, bool allow_lf)
{
+#ifdef __clang__
+# pragma clang diagnostic push
+# pragma clang diagnostic ignored "-Wunknown-pragmas"
+# pragma clang diagnostic ignored "-Wundefined-bool-conversion"
+#endif
+ // TODO: this is undefined behaviour but changing the API is too risky for 2.0.
if (!this)
return false;
+#ifdef __clang__
+# pragma clang diagnostic pop
+#endif
for(std::vector<KeyVal>::iterator j = items.begin(); j != items.end(); ++j)
{
if(j->first != key)
diff --git a/src/configreader.cpp b/src/configreader.cpp
index 060f66d16..b5d2fdb16 100644
--- a/src/configreader.cpp
+++ b/src/configreader.cpp
@@ -48,6 +48,14 @@ ServerConfig::ServerConfig()
OperMaxChans = 30;
c_ipv4_range = 32;
c_ipv6_range = 128;
+
+ std::vector<KeyVal>* items;
+ EmptyTag = ConfigTag::create("empty", "<auto>", 0, items);
+}
+
+ServerConfig::~ServerConfig()
+{
+ delete EmptyTag;
}
void ServerConfig::Update005()
@@ -888,7 +896,7 @@ ConfigTag* ServerConfig::ConfValue(const std::string &tag)
{
ConfigTagList found = config_data.equal_range(tag);
if (found.first == found.second)
- return NULL;
+ return EmptyTag;
ConfigTag* rv = found.first->second;
found.first++;
if (found.first != found.second)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 33f848798..518712c00 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -102,10 +102,29 @@ class ModuleSSLOpenSSL : public Module
SSL_CTX* ctx;
SSL_CTX* clictx;
+ long ctx_options;
+ long clictx_options;
+
std::string sslports;
bool use_sha;
ServiceProvider iohook;
+
+ static void SetContextOptions(SSL_CTX* ctx, long defoptions, const std::string& ctxname, ConfigTag* tag)
+ {
+ long setoptions = tag->getInt(ctxname + "setoptions");
+ long clearoptions = tag->getInt(ctxname + "clearoptions");
+ ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Setting OpenSSL %s context options, default: %ld set: %ld clear: %ld", ctxname.c_str(), defoptions, clearoptions, setoptions);
+
+ // Clear everything
+ SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx));
+
+ // Set the default options and what is in the conf
+ SSL_CTX_set_options(ctx, defoptions | setoptions);
+ long final = SSL_CTX_clear_options(ctx, clearoptions);
+ ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final);
+ }
+
public:
ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK)
@@ -128,8 +147,20 @@ class ModuleSSLOpenSSL : public Module
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify);
SSL_CTX_set_verify(clictx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify);
- const unsigned char session_id[] = "inspircd";
- SSL_CTX_set_session_id_context(ctx, session_id, sizeof(session_id) - 1);
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+ SSL_CTX_set_session_cache_mode(clictx, SSL_SESS_CACHE_OFF);
+
+ long opts = SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE;
+ // Only turn options on if they exist
+#ifdef SSL_OP_SINGLE_ECDH_USE
+ opts |= SSL_OP_SINGLE_ECDH_USE;
+#endif
+#ifdef SSL_OP_NO_TICKET
+ opts |= SSL_OP_NO_TICKET;
+#endif
+
+ ctx_options = SSL_CTX_set_options(ctx, opts);
+ clictx_options = SSL_CTX_set_options(clictx, opts);
}
void init()
@@ -211,10 +242,17 @@ class ModuleSSLOpenSSL : public Module
throw ModuleException("Unknown hash type " + hash);
use_sha = (hash == "sha1");
+ if (conf->getBool("customcontextoptions"))
+ {
+ SetContextOptions(ctx, ctx_options, "server", conf);
+ SetContextOptions(clictx, clictx_options, "client", conf);
+ }
+
std::string ciphers = conf->getString("ciphers", "");
if (!ciphers.empty())
{
+ ERR_clear_error();
if ((!SSL_CTX_set_cipher_list(ctx, ciphers.c_str())) || (!SSL_CTX_set_cipher_list(clictx, ciphers.c_str())))
{
ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't set cipher list to %s.", ciphers.c_str());
@@ -225,12 +263,14 @@ class ModuleSSLOpenSSL : public Module
/* Load our keys and certificates
* NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck.
*/
+ ERR_clear_error();
if ((!SSL_CTX_use_certificate_chain_file(ctx, certfile.c_str())) || (!SSL_CTX_use_certificate_chain_file(clictx, certfile.c_str())))
{
ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't read certificate file %s. %s", certfile.c_str(), strerror(errno));
ERR_print_errors_cb(error_callback, this);
}
+ ERR_clear_error();
if (((!SSL_CTX_use_PrivateKey_file(ctx, keyfile.c_str(), SSL_FILETYPE_PEM))) || (!SSL_CTX_use_PrivateKey_file(clictx, keyfile.c_str(), SSL_FILETYPE_PEM)))
{
ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't read key file %s. %s", keyfile.c_str(), strerror(errno));
@@ -238,6 +278,7 @@ class ModuleSSLOpenSSL : public Module
}
/* Load the CAs we trust*/
+ ERR_clear_error();
if (((!SSL_CTX_load_verify_locations(ctx, cafile.c_str(), 0))) || (!SSL_CTX_load_verify_locations(clictx, cafile.c_str(), 0)))
{
ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't read CA list from %s. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: %s", cafile.c_str(), strerror(errno));
@@ -264,6 +305,8 @@ class ModuleSSLOpenSSL : public Module
#else
ret = PEM_read_DHparams(dhpfile, NULL, NULL, NULL);
#endif
+
+ ERR_clear_error();
if ((SSL_CTX_set_tmp_dh(ctx, ret) < 0) || (SSL_CTX_set_tmp_dh(clictx, ret) < 0))
{
ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Couldn't set DH parameters %s. SSL errors follow:", dhfile.c_str());
@@ -426,6 +469,7 @@ class ModuleSSLOpenSSL : public Module
if (session->status == ISSL_OPEN)
{
+ ERR_clear_error();
char* buffer = ServerInstance->GetReadBuffer();
size_t bufsiz = ServerInstance->Config->NetBufferSize;
int ret = SSL_read(session->sess, buffer, bufsiz);
@@ -496,6 +540,7 @@ class ModuleSSLOpenSSL : public Module
if (session->status == ISSL_OPEN)
{
+ ERR_clear_error();
int ret = SSL_write(session->sess, buffer.data(), buffer.size());
if (ret == (int)buffer.length())
{
@@ -542,6 +587,7 @@ class ModuleSSLOpenSSL : public Module
{
int ret;
+ ERR_clear_error();
if (session->outbound)
ret = SSL_connect(session->sess);
else
diff --git a/src/modules/m_spanningtree/idle.cpp b/src/modules/m_spanningtree/idle.cpp
index 0ea06a3cc..18aeb0ad5 100644
--- a/src/modules/m_spanningtree/idle.cpp
+++ b/src/modules/m_spanningtree/idle.cpp
@@ -40,7 +40,7 @@ bool TreeSocket::Whois(const std::string &prefix, parameterlist &params)
User* x = ServerInstance->FindNick(params[0]);
if ((x) && (IS_LOCAL(x)))
{
- long idle = abs((long)((x->idle_lastmsg) - ServerInstance->Time()));
+ long idle = labs((long)((x->idle_lastmsg) - ServerInstance->Time()));
parameterlist par;
par.push_back(prefix);
par.push_back(ConvToStr(x->signon));
diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp
index fb658c9c7..acb822fbf 100644
--- a/src/modules/m_spanningtree/treesocket2.cpp
+++ b/src/modules/m_spanningtree/treesocket2.cpp
@@ -155,13 +155,13 @@ void TreeSocket::ProcessLine(std::string &line)
time_t delta = them - ServerInstance->Time();
if ((delta < -600) || (delta > 600))
{
- ServerInstance->SNO->WriteGlobalSno('l',"\2ERROR\2: Your clocks are out by %d seconds (this is more than five minutes). Link aborted, \2PLEASE SYNC YOUR CLOCKS!\2",abs((long)delta));
- SendError("Your clocks are out by "+ConvToStr(abs((long)delta))+" seconds (this is more than five minutes). Link aborted, PLEASE SYNC YOUR CLOCKS!");
+ ServerInstance->SNO->WriteGlobalSno('l',"\2ERROR\2: Your clocks are out by %ld seconds (this is more than five minutes). Link aborted, \2PLEASE SYNC YOUR CLOCKS!\2",labs((long)delta));
+ SendError("Your clocks are out by "+ConvToStr(labs((long)delta))+" seconds (this is more than five minutes). Link aborted, PLEASE SYNC YOUR CLOCKS!");
return;
}
else if ((delta < -30) || (delta > 30))
{
- ServerInstance->SNO->WriteGlobalSno('l',"\2WARNING\2: Your clocks are out by %d seconds. Please consider synching your clocks.", abs((long)delta));
+ ServerInstance->SNO->WriteGlobalSno('l',"\2WARNING\2: Your clocks are out by %ld seconds. Please consider synching your clocks.", labs((long)delta));
}
}
diff --git a/src/server.cpp b/src/server.cpp
index 4741f942d..d05ece8a4 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -46,13 +46,10 @@ void InspIRCd::Exit(int status)
#ifdef _WIN32
SetServiceStopped(status);
#endif
- if (this)
- {
- this->SendError("Exiting with status " + ConvToStr(status) + " (" + std::string(ExitCodes[status]) + ")");
- this->Cleanup();
- delete this;
- ServerInstance = NULL;
- }
+ this->SendError("Exiting with status " + ConvToStr(status) + " (" + std::string(ExitCodes[status]) + ")");
+ this->Cleanup();
+ delete this;
+ ServerInstance = NULL;
exit (status);
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-17 19:20:43 +0000