From f8b8a643c07f9c5c7858bc97f6da1208f87935bd Mon Sep 17 00:00:00 2001 From: brain Date: Mon, 14 Apr 2008 19:57:11 +0000 Subject: TRUNK CONFIG BREAKAGE WARNING: Move a bunch of options tag values into a new tag called 'security'. See example conf git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@9504 e03df62e-2008-0410-955e-edbf42e46eb7 --- docs/inspircd.conf.example | 201 ++++++++++++++++++----------------- src/configreader.cpp | 20 ++-- src/modules/m_spanningtree/utils.cpp | 6 +- 3 files changed, 116 insertions(+), 111 deletions(-) diff --git a/docs/inspircd.conf.example b/docs/inspircd.conf.example index 7cfecc4e3..36e3b9c99 100644 --- a/docs/inspircd.conf.example +++ b/docs/inspircd.conf.example @@ -834,58 +834,6 @@ # if defined sets a soft maxconnections value, has # # to be less than the ./configure maxclients # # # -# userstats - The userstats field is optional and specifies # -# which stats characters in /STATS may be requested # -# by non-operators. Stats characters in this field # -# are case sensitive and are allowed to users # -# independent of if they are in a module or the core # -# # -# operspywhois - If this is set then when an IRC operator uses # -# /WHOIS on a user they will see all channels, even # -# ones if channels are secret (+s), private (+p) or # -# if the target user is invisible +i. # -# # -# customversion - If you specify this configuration item, and it is # -# not set to an empty value, then when a user does # -# a /VERSION command on the ircd, this string will # -# be displayed as the second portion of the output, # -# replacing the system 'uname', compile flags and # -# socket engine/dns engine names. You may use this # -# to enhance security, or simply for vanity. # -# # -# maxtargets - The maxtargets field is optional, and if not # -# defined, defaults to 20. It indicates the maximum # -# number of targets which may be given to commands # -# such as PRIVMSG, KICK etc. # -# # -# hidesplits - When set to 'yes', will hide split server names # -# from non-opers. Non-opers will see '*.net *.split' # -# instead of the server names in the quit message, # -# identical to the way IRCu displays them. # -# # -# hidebans - When set to 'yes', will hide gline, kline, zline # -# and qline quit messages from non-opers. For # -# example, user A who is not an oper will just see # -# (G-Lined) while user B who is an oper will see the # -# text (G-Lined: Reason here) instead. # -# # -# hidewhois - When defined with a non-empty value, the given # -# text will be used in place of the user's server # -# in WHOIS, when a user is WHOISed by a non-oper. # -# For example, most nets will want to set this to # -# something like '*.netname.net' to conceal the # -# actual server the user is on. # -# # -# flatlinks - When you are using m_spanningtree.so, and this # -# value is set to yes, true or 1, /MAP and /LINKS # -# will be flattened when shown to a non-opers. # -# # -# hideulines - When you are using m_spanningtree.so, and this # -# value is set to yes, true or 1, then U-lined # -# servers will be hidden in /LINKS and /MAP for non # -# opers. Please be aware that this will also hide # -# any leaf servers of a U-lined server, e.g. jupes. # -# # # nouserdns - If set to yes, true or 1, no user DNS lookups # # will be performed for connecting users. This can # # save a lot of resources on very busy IRC servers. # @@ -911,40 +859,6 @@ # nick!user@host is shown for who set a TOPIC last. # # if set to no, then only the nickname is shown. # # # -# announceinvites # -# - If this option is set, then invites are announced # -# to the channel when a user invites another user. # -# If you consider this to be unnecessary noise, # -# set this to 'none'. To announce to all ops, set # -# this to 'ops' and to announce to all users set the # -# value to 'all'. # -# # -# The value 'dynamic' varies between 'ops' and 'all' # -# settings depending on if the channel is +i or not. # -# When the channel is +i, messages go only to ops, # -# and when the channel is not +i, messages go to # -# everyone. In short, the messages will go to every # -# user who has power of INVITE on the channel. This # -# is the recommended setting. # -# # -# disablehmac - If you are linking your InspIRCd to older versions # -# then you can specify this option and set it to # -# yes. 1.1.6 and above support HMAC and challenge- # -# response for password authentication. These can # -# greatly enhance security of your server to server # -# connections when you are not using SSL (as is the # -# case with a lot of larger networks). Linking to # -# older versions of InspIRCd should not *usually* be # -# a problem, but if you have problems with HMAC # -# authentication, this option can be used to turn it # -# off. # -# # -# hidemodes - If this option is enabled, then the listmodes # -# given (e.g. +eI), will be hidden from users below # -# halfop. This is not recommended to be set on mode # -# +b, as it may break some features in popular # -# clients such as mIRC. # -# # # quietbursts - When synching or splitting from the network, a # # server can generate a lot of connect and quit # # snotices to the +C and +Q snomasks. Setting this # @@ -994,32 +908,123 @@ deprotectothers="no" somaxconn="128" softlimit="12800" - userstats="Pu" - operspywhois="no" - customversion="" - maxtargets="20" - hidesplits="no" - hidebans="no" - hidewhois="" - flatlinks="no" - hideulines="no" nouserdns="no" syntaxhints="no" cyclehosts="yes" ircumsgprefix="no" announcets="yes" - disablehmac="no" hostintopic="yes" - hidemodes="eI" quietbursts="yes" pingwarning="15" serverpingfreq="60" allowhalfop="yes" defaultmodes="nt" - announceinvites="dynamic" moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help." exemptchanops=""> +#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # +# announceinvites # +# - If this option is set, then invites are announced # +# to the channel when a user invites another user. # +# If you consider this to be unnecessary noise, # +# set this to 'none'. To announce to all ops, set # +# this to 'ops' and to announce to all users set the # +# value to 'all'. # +# # +# The value 'dynamic' varies between 'ops' and 'all' # +# settings depending on if the channel is +i or not. # +# When the channel is +i, messages go only to ops, # +# and when the channel is not +i, messages go to # +# everyone. In short, the messages will go to every # +# user who has power of INVITE on the channel. This # +# is the recommended setting. # +# # +# disablehmac - If you are linking your InspIRCd to older versions # +# then you can specify this option and set it to # +# yes. 1.1.6 and above support HMAC and challenge- # +# response for password authentication. These can # +# greatly enhance security of your server to server # +# connections when you are not using SSL (as is the # +# case with a lot of larger networks). Linking to # +# older versions of InspIRCd should not *usually* be # +# a problem, but if you have problems with HMAC # +# authentication, this option can be used to turn it # +# off. # +# # +# hidemodes - If this option is enabled, then the listmodes # +# given (e.g. +eI), will be hidden from users below # +# halfop. This is not recommended to be set on mode # +# +b, as it may break some features in popular # +# clients such as mIRC. # +# # +# hidesplits - When set to 'yes', will hide split server names # +# from non-opers. Non-opers will see '*.net *.split' # +# instead of the server names in the quit message, # +# identical to the way IRCu displays them. # +# # +# hidebans - When set to 'yes', will hide gline, kline, zline # +# and qline quit messages from non-opers. For # +# example, user A who is not an oper will just see # +# (G-Lined) while user B who is an oper will see the # +# text (G-Lined: Reason here) instead. # +# # +# hidewhois - When defined with a non-empty value, the given # +# text will be used in place of the user's server # +# in WHOIS, when a user is WHOISed by a non-oper. # +# For example, most nets will want to set this to # +# something like '*.netname.net' to conceal the # +# actual server the user is on. # +# # +# flatlinks - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, /MAP and /LINKS # +# will be flattened when shown to a non-opers. # +# # +# hideulines - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, then U-lined # +# servers will be hidden in /LINKS and /MAP for non # +# opers. Please be aware that this will also hide # +# any leaf servers of a U-lined server, e.g. jupes. # +# # +# userstats - The userstats field is optional and specifies # +# which stats characters in /STATS may be requested # +# by non-operators. Stats characters in this field # +# are case sensitive and are allowed to users # +# independent of if they are in a module or the core # +# # +# operspywhois - If this is set then when an IRC operator uses # +# /WHOIS on a user they will see all channels, even # +# ones if channels are secret (+s), private (+p) or # +# if the target user is invisible +i. # +# # +# customversion - If you specify this configuration item, and it is # +# not set to an empty value, then when a user does # +# a /VERSION command on the ircd, this string will # +# be displayed as the second portion of the output, # +# replacing the system 'uname', compile flags and # +# socket engine/dns engine names. You may use this # +# to enhance security, or simply for vanity. # +# # +# maxtargets - The maxtargets field is optional, and if not # +# defined, defaults to 20. It indicates the maximum # +# number of targets which may be given to commands # +# such as PRIVMSG, KICK etc. # +# # + + + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Logging # ------- diff --git a/src/configreader.cpp b/src/configreader.cpp index 16916653d..a5ca8bfce 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -792,22 +792,22 @@ void ServerConfig::Read(bool bail, User* user) {"dns", "timeout", "5", new ValueContainerInt (&this->dns_timeout), DT_INTEGER, NoValidation}, {"options", "moduledir", MOD_PATH, new ValueContainerChar (this->ModPath), DT_CHARPTR, NoValidation}, {"disabled", "commands", "", new ValueContainerChar (this->DisabledCommands), DT_CHARPTR, NoValidation}, - {"options", "userstats", "", new ValueContainerChar (this->UserStats), DT_CHARPTR, NoValidation}, - {"options", "customversion","", new ValueContainerChar (this->CustomVersion), DT_CHARPTR, NoValidation}, - {"options", "hidesplits", "0", new ValueContainerBool (&this->HideSplits), DT_BOOLEAN, NoValidation}, - {"options", "hidebans", "0", new ValueContainerBool (&this->HideBans), DT_BOOLEAN, NoValidation}, - {"options", "hidewhois", "", new ValueContainerChar (this->HideWhoisServer), DT_NOSPACES, NoValidation}, - {"options", "hidekills", "", new ValueContainerChar (this->HideKillsServer), DT_NOSPACES, NoValidation}, - {"options", "operspywhois", "0", new ValueContainerBool (&this->OperSpyWhois), DT_BOOLEAN, NoValidation}, + {"security", "userstats", "", new ValueContainerChar (this->UserStats), DT_CHARPTR, NoValidation}, + {"security", "customversion","", new ValueContainerChar (this->CustomVersion), DT_CHARPTR, NoValidation}, + {"security", "hidesplits", "0", new ValueContainerBool (&this->HideSplits), DT_BOOLEAN, NoValidation}, + {"security", "hidebans", "0", new ValueContainerBool (&this->HideBans), DT_BOOLEAN, NoValidation}, + {"security", "hidewhois", "", new ValueContainerChar (this->HideWhoisServer), DT_NOSPACES, NoValidation}, + {"security", "hidekills", "", new ValueContainerChar (this->HideKillsServer), DT_NOSPACES, NoValidation}, + {"security", "operspywhois", "0", new ValueContainerBool (&this->OperSpyWhois), DT_BOOLEAN, NoValidation}, {"options", "nouserdns", "0", new ValueContainerBool (&this->NoUserDns), DT_BOOLEAN, NoValidation}, {"options", "syntaxhints", "0", new ValueContainerBool (&this->SyntaxHints), DT_BOOLEAN, NoValidation}, {"options", "cyclehosts", "0", new ValueContainerBool (&this->CycleHosts), DT_BOOLEAN, NoValidation}, {"options", "ircumsgprefix","0", new ValueContainerBool (&this->UndernetMsgPrefix), DT_BOOLEAN, NoValidation}, - {"options", "announceinvites", "1", new ValueContainerChar (announceinvites), DT_CHARPTR, ValidateInvite}, + {"security", "announceinvites", "1", new ValueContainerChar (announceinvites), DT_CHARPTR, ValidateInvite}, {"options", "hostintopic", "1", new ValueContainerBool (&this->FullHostInTopic), DT_BOOLEAN, NoValidation}, - {"options", "hidemodes", "", new ValueContainerChar (hidemodes), DT_CHARPTR, ValidateModeLists}, + {"security", "hidemodes", "", new ValueContainerChar (hidemodes), DT_CHARPTR, ValidateModeLists}, {"options", "exemptchanops","", new ValueContainerChar (exemptchanops), DT_CHARPTR, ValidateExemptChanOps}, - {"options", "maxtargets", "20", new ValueContainerUInt (&this->MaxTargets), DT_INTEGER, ValidateMaxTargets}, + {"security", "maxtargets", "20", new ValueContainerUInt (&this->MaxTargets), DT_INTEGER, ValidateMaxTargets}, {"options", "defaultmodes", "nt", new ValueContainerChar (this->DefaultModes), DT_CHARPTR, NoValidation}, {"pid", "file", "", new ValueContainerChar (this->PID), DT_CHARPTR, NoValidation}, {"whowas", "groupsize", "10", new ValueContainerInt (&this->WhoWasGroupSize), DT_INTEGER, NoValidation}, diff --git a/src/modules/m_spanningtree/utils.cpp b/src/modules/m_spanningtree/utils.cpp index e6827d524..2a6efcdc1 100644 --- a/src/modules/m_spanningtree/utils.cpp +++ b/src/modules/m_spanningtree/utils.cpp @@ -439,10 +439,10 @@ void SpanningTreeUtilities::ReadConfiguration(bool rebind) } } } - FlatLinks = Conf->ReadFlag("options","flatlinks",0); - HideULines = Conf->ReadFlag("options","hideulines",0); + FlatLinks = Conf->ReadFlag("security","flatlinks",0); + HideULines = Conf->ReadFlag("security","hideulines",0); AnnounceTSChange = Conf->ReadFlag("options","announcets",0); - ChallengeResponse = !Conf->ReadFlag("options", "disablehmac", 0); + ChallengeResponse = !Conf->ReadFlag("security", "disablehmac", 0); quiet_bursts = Conf->ReadFlag("options", "quietbursts", 0); PingWarnTime = Conf->ReadInteger("options", "pingwarning", 0, true); PingFreq = Conf->ReadInteger("options", "serverpingfreq", 0, true); -- cgit v1.2.3