ircd/newconf: ignore invalid connect block passwords (#261)
Also, ignore a connect block that requests certfp authentication without setting the ssl flag, as it will then go on to fail anyway. Finally, correct an erroneous error message about class blocks.
This commit is contained in:
parent
f6b73103d6
commit
95898abbb1
1 changed files with 57 additions and 19 deletions
|
@ -768,7 +768,7 @@ conf_end_class(struct TopConf *tc)
|
||||||
|
|
||||||
if(EmptyString(yy_class->class_name))
|
if(EmptyString(yy_class->class_name))
|
||||||
{
|
{
|
||||||
conf_report_error("Ignoring connect block -- missing name.");
|
conf_report_error("Ignoring class block -- missing name.");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1231,40 +1231,51 @@ conf_begin_connect(struct TopConf *tc)
|
||||||
static int
|
static int
|
||||||
conf_end_connect(struct TopConf *tc)
|
conf_end_connect(struct TopConf *tc)
|
||||||
{
|
{
|
||||||
if(EmptyString(yy_server->name))
|
if (EmptyString(yy_server->name))
|
||||||
{
|
{
|
||||||
conf_report_error("Ignoring connect block -- missing name.");
|
conf_report_error("Ignoring connect block -- missing name.");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ServerInfo.name != NULL && !irccmp(ServerInfo.name, yy_server->name))
|
if (ServerInfo.name != NULL && !irccmp(ServerInfo.name, yy_server->name))
|
||||||
{
|
{
|
||||||
conf_report_error("Ignoring connect block for %s -- name is equal to my own name.",
|
conf_report_error("Ignoring connect block for %s -- name is "
|
||||||
yy_server->name);
|
"equal to my own name.", yy_server->name);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd)) && EmptyString(yy_server->certfp))
|
if ((EmptyString(yy_server->passwd) || EmptyString(yy_server->spasswd))
|
||||||
|
&& EmptyString(yy_server->certfp))
|
||||||
{
|
{
|
||||||
conf_report_error("Ignoring connect block for %s -- no fingerprint or password credentials provided.",
|
conf_report_error("Ignoring connect block for %s -- no "
|
||||||
yy_server->name);
|
"fingerprint or password credentials "
|
||||||
|
"provided.", yy_server->name);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if((yy_server->flags & SERVER_SSL) && EmptyString(yy_server->certfp))
|
if ((yy_server->flags & SERVER_SSL) && EmptyString(yy_server->certfp))
|
||||||
{
|
{
|
||||||
conf_report_error("Ignoring connect block for %s -- no fingerprint provided for SSL connection.",
|
conf_report_error("Ignoring connect block for %s -- no "
|
||||||
yy_server->name);
|
"fingerprint provided for SSL "
|
||||||
|
"connection.", yy_server->name);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(EmptyString(yy_server->connect_host)
|
if (! (yy_server->flags & SERVER_SSL) && ! EmptyString(yy_server->certfp))
|
||||||
&& GET_SS_FAMILY(&yy_server->connect4) != AF_INET
|
|
||||||
&& GET_SS_FAMILY(&yy_server->connect6) != AF_INET6
|
|
||||||
)
|
|
||||||
{
|
{
|
||||||
conf_report_error("Ignoring connect block for %s -- missing host.",
|
conf_report_error("Ignoring connect block for %s -- "
|
||||||
yy_server->name);
|
"fingerprint authentication has "
|
||||||
|
"been requested; but the ssl flag "
|
||||||
|
"is not set.", yy_server->name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (EmptyString(yy_server->connect_host)
|
||||||
|
&& GET_SS_FAMILY(&yy_server->connect4) != AF_INET
|
||||||
|
&& GET_SS_FAMILY(&yy_server->connect6) != AF_INET6)
|
||||||
|
{
|
||||||
|
conf_report_error("Ignoring connect block for %s -- missing "
|
||||||
|
"host.", yy_server->name);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1336,7 +1347,20 @@ conf_set_connect_send_password(void *data)
|
||||||
rb_free(yy_server->spasswd);
|
rb_free(yy_server->spasswd);
|
||||||
}
|
}
|
||||||
|
|
||||||
yy_server->spasswd = rb_strdup(data);
|
if (EmptyString((const char *) data))
|
||||||
|
{
|
||||||
|
yy_server->spasswd = NULL;
|
||||||
|
conf_report_warning("Invalid send_password for connect "
|
||||||
|
"block; must not be empty if provided");
|
||||||
|
}
|
||||||
|
else if (strpbrk(data, " :"))
|
||||||
|
{
|
||||||
|
yy_server->spasswd = NULL;
|
||||||
|
conf_report_error("Invalid send_password for connect "
|
||||||
|
"block; cannot contain spaces or colons");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
yy_server->spasswd = rb_strdup(data);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -1347,7 +1371,21 @@ conf_set_connect_accept_password(void *data)
|
||||||
memset(yy_server->passwd, 0, strlen(yy_server->passwd));
|
memset(yy_server->passwd, 0, strlen(yy_server->passwd));
|
||||||
rb_free(yy_server->passwd);
|
rb_free(yy_server->passwd);
|
||||||
}
|
}
|
||||||
yy_server->passwd = rb_strdup(data);
|
|
||||||
|
if (EmptyString((const char *) data))
|
||||||
|
{
|
||||||
|
yy_server->passwd = NULL;
|
||||||
|
conf_report_warning("Invalid accept_password for connect "
|
||||||
|
"block; must not be empty if provided");
|
||||||
|
}
|
||||||
|
else if (strpbrk(data, " :"))
|
||||||
|
{
|
||||||
|
yy_server->passwd = NULL;
|
||||||
|
conf_report_error("Invalid accept_password for connect "
|
||||||
|
"block; cannot contain spaces or colons");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
yy_server->passwd = rb_strdup(data);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
Loading…
Reference in a new issue