summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/inspircd.cpp3
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp93
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp14
-rw-r--r--src/modules/m_hostcycle.cpp4
-rw-r--r--src/usermanager.cpp26
-rw-r--r--src/users.cpp4
6 files changed, 104 insertions, 40 deletions
diff --git a/src/inspircd.cpp b/src/inspircd.cpp
index 5c4de52bd..69aa2619c 100644
--- a/src/inspircd.cpp
+++ b/src/inspircd.cpp
@@ -659,10 +659,7 @@ void InspIRCd::Run()
OLDTIME = TIME.tv_sec;
if ((TIME.tv_sec % 3600) == 0)
- {
- Users->GarbageCollect();
FOREACH_MOD(OnGarbageCollect, ());
- }
Timers.TickTimers(TIME.tv_sec);
Users->DoBackgroundUserStuff();
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 962e80d28..716a736f8 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -209,14 +209,6 @@ namespace GnuTLS
return dh;
}
- /** Generate */
- static std::auto_ptr<DHParams> Generate(unsigned int bits)
- {
- std::auto_ptr<DHParams> dh(new DHParams);
- ThrowOnError(gnutls_dh_params_generate2(dh->dh_params, bits), "Unable to generate DH params");
- return dh;
- }
-
~DHParams()
{
gnutls_dh_params_deinit(dh_params);
@@ -353,6 +345,40 @@ namespace GnuTLS
{
gnutls_priority_set(sess, priority);
}
+
+ static const char* GetDefault()
+ {
+ return "NORMAL:%SERVER_PRECEDENCE:-VERS-SSL3.0";
+ }
+
+ static std::string RemoveUnknownTokens(const std::string& prio)
+ {
+ std::string ret;
+ irc::sepstream ss(prio, ':');
+ for (std::string token; ss.GetToken(token); )
+ {
+ // Save current position so we can revert later if needed
+ const std::string::size_type prevpos = ret.length();
+ // Append next token
+ if (!ret.empty())
+ ret.push_back(':');
+ ret.append(token);
+
+ gnutls_priority_t test;
+ if (gnutls_priority_init(&test, ret.c_str(), NULL) < 0)
+ {
+ // The new token broke the priority string, revert to the previously working one
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Priority string token not recognized: \"%s\"", token.c_str());
+ ret.erase(prevpos);
+ }
+ else
+ {
+ // Worked
+ gnutls_priority_deinit(test);
+ }
+ }
+ return ret;
+ }
};
#else
/** Dummy class, used when gnutls_priority_set() is not available
@@ -362,7 +388,7 @@ namespace GnuTLS
public:
Priority(const std::string& priorities)
{
- if (priorities != "NORMAL")
+ if (priorities != GetDefault())
throw Exception("You've set a non-default priority string, but GnuTLS lacks support for it");
}
@@ -371,6 +397,17 @@ namespace GnuTLS
// Always set the default priorities
gnutls_set_default_priority(sess);
}
+
+ static const char* GetDefault()
+ {
+ return "NORMAL";
+ }
+
+ static std::string RemoveUnknownTokens(const std::string& prio)
+ {
+ // We don't do anything here because only NORMAL is accepted
+ return prio;
+ }
};
#endif
@@ -564,24 +601,40 @@ namespace GnuTLS
return ret;
}
+ static std::string GetPrioStr(const std::string& profilename, ConfigTag* tag)
+ {
+ // Use default priority string if this tag does not specify one
+ std::string priostr = GnuTLS::Priority::GetDefault();
+ bool found = tag->readString("priority", priostr);
+ // If the prio string isn't set in the config don't be strict about the default one because it doesn't work on all versions of GnuTLS
+ if (!tag->getBool("strictpriority", found))
+ {
+ std::string stripped = GnuTLS::Priority::RemoveUnknownTokens(priostr);
+ if (stripped.empty())
+ {
+ // Stripping failed, act as if a prio string wasn't set
+ stripped = GnuTLS::Priority::RemoveUnknownTokens(GnuTLS::Priority::GetDefault());
+ ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Priority string for profile \"%s\" contains unknown tokens and stripping it didn't yield a working one either, falling back to \"%s\"", profilename.c_str(), stripped.c_str());
+ }
+ else if ((found) && (stripped != priostr))
+ {
+ // Prio string was set in the config and we ended up with something that works but different
+ ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Priority string for profile \"%s\" contains unknown tokens, stripped to \"%s\"", profilename.c_str(), stripped.c_str());
+ }
+ priostr.swap(stripped);
+ }
+ return priostr;
+ }
+
public:
static reference<Profile> Create(const std::string& profilename, ConfigTag* tag)
{
std::string certstr = ReadFile(tag->getString("certfile", "cert.pem"));
std::string keystr = ReadFile(tag->getString("keyfile", "key.pem"));
- std::auto_ptr<DHParams> dh;
- int gendh = tag->getInt("gendh");
- if (gendh)
- {
- gendh = (gendh < 1024 ? 1024 : gendh);
- dh = DHParams::Generate(gendh);
- }
- else
- dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem")));
+ std::auto_ptr<DHParams> dh = DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem")));
- // Use default priority string if this tag does not specify one
- std::string priostr = tag->getString("priority", "NORMAL");
+ std::string priostr = GetPrioStr(profilename, tag);
unsigned int mindh = tag->getInt("mindhbits", 1024);
std::string hashstr = tag->getString("hash", "md5");
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 7dd834e13..c9ae14e11 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -269,10 +269,10 @@ namespace OpenSSL
long setoptions = tag->getInt(ctxname + "setoptions");
long clearoptions = tag->getInt(ctxname + "clearoptions");
#ifdef SSL_OP_NO_COMPRESSION
- if (!tag->getBool("compression", true))
+ if (!tag->getBool("compression", false)) // Disable compression by default
setoptions |= SSL_OP_NO_COMPRESSION;
#endif
- if (!tag->getBool("sslv3", true))
+ if (!tag->getBool("sslv3", false)) // Disable SSLv3 by default
setoptions |= SSL_OP_NO_SSLv3;
if (!tag->getBool("tlsv1", true))
setoptions |= SSL_OP_NO_TLSv1;
@@ -363,6 +363,14 @@ namespace OpenSSL
return 1;
}
+ static int destroy(BIO* bio)
+ {
+ // XXX: Dummy function to avoid a memory leak in OpenSSL.
+ // The memory leak happens in BIO_free() (bio_lib.c) when the destroy func of the BIO is NULL.
+ // This is fixed in OpenSSL but some distros still ship the unpatched version hence we provide this workaround.
+ return 1;
+ }
+
static long ctrl(BIO* bio, int cmd, long num, void* ptr)
{
if (cmd == BIO_CTRL_FLUSH)
@@ -385,7 +393,7 @@ static BIO_METHOD biomethods =
NULL, // gets
OpenSSL::BIOMethod::ctrl,
OpenSSL::BIOMethod::create,
- NULL, // destroy, NULL causes older OpenSSL to leak memory in BIO_free() (bio_lib.c)
+ OpenSSL::BIOMethod::destroy, // destroy, does nothing, see function body for more info
NULL // callback_ctrl
};
diff --git a/src/modules/m_hostcycle.cpp b/src/modules/m_hostcycle.cpp
index e8a0abbf1..d4def6473 100644
--- a/src/modules/m_hostcycle.cpp
+++ b/src/modules/m_hostcycle.cpp
@@ -29,8 +29,8 @@ class ModuleHostCycle : public Module
// GetFullHost() returns the original data at the time this function is called
const std::string quitline = ":" + user->GetFullHost() + " QUIT :" + quitmsg;
- already_sent_t silent_id = ++LocalUser::already_sent_id;
- already_sent_t seen_id = ++LocalUser::already_sent_id;
+ already_sent_t silent_id = ServerInstance->Users.NextAlreadySentId();
+ already_sent_t seen_id = ServerInstance->Users.NextAlreadySentId();
IncludeChanList include_chans(user->chans.begin(), user->chans.end());
std::map<User*,bool> exceptions;
diff --git a/src/usermanager.cpp b/src/usermanager.cpp
index 41061f6d1..ba6bbf36b 100644
--- a/src/usermanager.cpp
+++ b/src/usermanager.cpp
@@ -49,7 +49,8 @@ namespace
}
UserManager::UserManager()
- : unregistered_count(0)
+ : already_sent_id(0)
+ , unregistered_count(0)
{
}
@@ -278,14 +279,6 @@ void UserManager::ServerNoticeAll(const char* text, ...)
}
}
-void UserManager::GarbageCollect()
-{
- // Reset the already_sent IDs so we don't wrap it around and drop a message
- LocalUser::already_sent_id = 0;
- for (LocalList::const_iterator i = local_users.begin(); i != local_users.end(); ++i)
- (**i).already_sent = 0;
-}
-
/* this returns true when all modules are satisfied that the user should be allowed onto the irc server
* (until this returns true, a user will block in the waiting state, waiting to connect up to the
* registration timeout maximum seconds)
@@ -368,3 +361,18 @@ void UserManager::DoBackgroundUserStuff()
}
}
}
+
+already_sent_t UserManager::NextAlreadySentId()
+{
+ if (++already_sent_id == 0)
+ {
+ // Wrapped around, reset the already_sent ids of all users
+ already_sent_id = 1;
+ for (LocalList::iterator i = local_users.begin(); i != local_users.end(); ++i)
+ {
+ LocalUser* user = *i;
+ user->already_sent = 0;
+ }
+ }
+ return already_sent_id;
+}
diff --git a/src/users.cpp b/src/users.cpp
index d503844e7..93fd8d065 100644
--- a/src/users.cpp
+++ b/src/users.cpp
@@ -26,8 +26,6 @@
#include "inspircd.h"
#include "xline.h"
-already_sent_t LocalUser::already_sent_id = 0;
-
bool User::IsNoticeMaskSet(unsigned char sm)
{
if (!isalpha(sm))
@@ -873,7 +871,7 @@ void User::ForEachNeighbor(ForEachNeighborHandler& handler, bool include_self)
FOREACH_MOD(OnBuildNeighborList, (this, include_chans, exceptions));
// Get next id, guaranteed to differ from the already_sent field of all users
- const already_sent_t newid = ++LocalUser::already_sent_id;
+ const already_sent_t newid = ServerInstance->Users.NextAlreadySentId();
// Handle exceptions first
for (std::map<User*, bool>::const_iterator i = exceptions.begin(); i != exceptions.end(); ++i)