mirror of
https://github.com/pissnet/pissircd.git
synced 2025-08-13 05:31:36 +01:00
CMDLINE_CONFIG change & FAKELAG_CONFIGURABLE added:
- CMDLINE_CONFIG behavior change: command line configuration is now still permitted if #undef'ed (which is the default) if uid==euid && gid==egid, since it doesn't make any sense to disable it then and is in fact just plain annoying. - Added FAKELAG_CONFIGURABLE option in include/config.h, this enables an option called class::options::nofakelag, which disables "fake lag" for a certain class (that is: the artificial delay introduced by the ircd to prevent flooding is turned off, allowing the user to flood at full speed). IT'S USE IS DISCOURAGED UNLESS YOU REALLY KNOW WHAT YOU ARE DOING. Sorry, option is not in ./Config -advanced since I don't get autoconf working, but it's such a scary option that this might as well be a good idea to keep in config.h anyway. This feature has been suggested for several years (and refused), but the final suggestion (with implementation specific hints) came from Gilou in bug #0002207. - changed a comment slightly in m_tkl.c to get rid of harmless warning ;)
This commit is contained in:
Bram Matthys
parent
4c3681afb9
commit
1023df3cd3
7 changed files with 75 additions and 16 deletions
12
Changes
12
Changes
|
|
@ -846,3 +846,15 @@
|
|||
acceptable if it's really needed). This should fix bug #2083, reported by White_Magic.
|
||||
- Fixed a bug where an invalid /*line could cause a crash, reported by Gilou (#2629).
|
||||
- (5 minutes later..) Small update for above, fix was incorrect for ipv6.
|
||||
- CMDLINE_CONFIG behavior change: command line configuration is now still permitted
|
||||
if #undef'ed (which is the default) if uid==euid && gid==egid, since it doesn't make
|
||||
any sense to disable it then and is in fact just plain annoying.
|
||||
- Added FAKELAG_CONFIGURABLE option in include/config.h, this enables an option called
|
||||
class::options::nofakelag, which disables "fake lag" for a certain class (that is:
|
||||
the artificial delay introduced by the ircd to prevent flooding is turned off,
|
||||
allowing the user to flood at full speed).
|
||||
IT'S USE IS DISCOURAGED UNLESS YOU REALLY KNOW WHAT YOU ARE DOING.
|
||||
Sorry, option is not in ./Config -advanced since I don't get autoconf working, but it's
|
||||
such a scary option that this might as well be a good idea to keep in config.h anyway.
|
||||
This feature has been suggested for several years (and refused), but the final
|
||||
suggestion (with implementation specific hints) came from Gilou in bug #0002207.
|
||||
|
|
|
|||
|
|
@ -238,9 +238,25 @@
|
|||
* that the 'new' access lets them. Note also that defining this is
|
||||
* a major security hole if your ircd goes down and some other user
|
||||
* starts up the server with a new conf file that has some extra
|
||||
* O-lines. So don't use this unless you're debugging.
|
||||
* O-lines.
|
||||
* Naturally, for non-suid/sgid ircds, this setting does not matter,
|
||||
* hence command line parameters are always permitted then.
|
||||
*/
|
||||
#undef CMDLINE_CONFIG /* allow conf-file to be specified on command line */
|
||||
#undef CMDLINE_CONFIG
|
||||
|
||||
/** FAKELAG_CONFIGURABLE makes it possible to make certain classes exempted
|
||||
* from 'fake lag' (that is, the artificial delay that is added by the ircd
|
||||
* to prevent flooding, which causes the messages/commands of the user to
|
||||
* slow down). Naturally, incorrect use of this feature can cause SEVERE
|
||||
* issues, in fact it can easily bring your whole IRCd down if one of the
|
||||
* users with class::options::nofakelag does a good flood at full speed.
|
||||
* Hence, this is disabled by default, and you need to explicitly enable it
|
||||
* here IF YOU KNOW WHAT YOU ARE DOING. People complaining their ircd
|
||||
* ""crashed"" because of this setting will be shot. </DISCLAIMER>
|
||||
* Common usage for this are: a trusted bot ran by an IRCOp, that you only
|
||||
* want to give "flood access" and nothing else, and other such things.
|
||||
*/
|
||||
#undef FAKELAG_CONFIGURABLE
|
||||
|
||||
/*
|
||||
* Size of the LISTEN request. Some machines handle this large
|
||||
|
|
|
|||
|
|
@ -1089,6 +1089,8 @@ struct _configitem_admin {
|
|||
char *line;
|
||||
};
|
||||
|
||||
#define CLASS_OPT_NOFAKELAG 0x1
|
||||
|
||||
struct _configitem_class {
|
||||
ConfigItem *prev, *next;
|
||||
ConfigFlag flag;
|
||||
|
|
@ -1097,6 +1099,7 @@ struct _configitem_class {
|
|||
int xrefcount; /* EXTRA reference count, 'clients' also acts as a reference count but
|
||||
* link blocks also refer to classes so a 2nd ref. count was needed.
|
||||
*/
|
||||
unsigned int options;
|
||||
};
|
||||
|
||||
struct _configflag_allow {
|
||||
|
|
|
|||
20
src/ircd.c
20
src/ircd.c
|
|
@ -754,14 +754,8 @@ extern TS check_pings(TS currenttime)
|
|||
static int bad_command(void)
|
||||
{
|
||||
#ifndef _WIN32
|
||||
#ifdef CMDLINE_CONFIG
|
||||
#define CMDLINE_CFG "[-f config] "
|
||||
#else
|
||||
#define CMDLINE_CFG ""
|
||||
#endif
|
||||
(void)printf
|
||||
("Usage: ircd %s[-h servername] [-p portnumber] [-x loglevel] [-t] [-H]\n",
|
||||
CMDLINE_CFG);
|
||||
("Usage: ircd [-f config] [-h servername] [-p portnumber] [-x loglevel] [-t] [-H]\n");
|
||||
(void)printf("Server not started\n\n");
|
||||
#else
|
||||
if (!IsService) {
|
||||
|
|
@ -917,6 +911,7 @@ int InitwIRCD(int argc, char *argv[])
|
|||
WSADATA wsaData;
|
||||
#else
|
||||
uid_t uid, euid;
|
||||
gid_t gid, egid;
|
||||
TS delay = 0;
|
||||
#endif
|
||||
#ifdef HAVE_PSTAT
|
||||
|
|
@ -937,6 +932,8 @@ int InitwIRCD(int argc, char *argv[])
|
|||
sbrk0 = (char *)sbrk((size_t)0);
|
||||
uid = getuid();
|
||||
euid = geteuid();
|
||||
gid = getgid();
|
||||
egid = getegid();
|
||||
# ifdef PROFIL
|
||||
(void)monstartup(0, etext);
|
||||
(void)moncontrol(1);
|
||||
|
|
@ -1062,12 +1059,17 @@ int InitwIRCD(int argc, char *argv[])
|
|||
bootopt |= BOOT_NOFORK;
|
||||
break;
|
||||
#ifndef _WIN32
|
||||
#ifdef CMDLINE_CONFIG
|
||||
case 'f':
|
||||
#ifndef CMDLINE_CONFIG
|
||||
if ((uid == euid) && (gid == egid))
|
||||
configfile = p;
|
||||
else
|
||||
printf("ERROR: Command line config with a setuid/setgid ircd is not allowed");
|
||||
#else
|
||||
(void)setuid((uid_t) uid);
|
||||
configfile = p;
|
||||
break;
|
||||
#endif
|
||||
break;
|
||||
case 'h':
|
||||
if (!strchr(p, '.')) {
|
||||
|
||||
|
|
|
|||
|
|
@ -2346,7 +2346,7 @@ char *str;
|
|||
/* Problem! viruschan selected, but we got a just connected user,
|
||||
* this causes severe problems (atm). [this check is also present
|
||||
* when adding the thing]. We just kill them instead for now...
|
||||
* which seems the best alternative: adding shun/*lines is clearly
|
||||
* which seems the best alternative: adding shun and *lines is clearly
|
||||
* not what the oper/service wanted, blocking/tempshunning does not
|
||||
* give the user any hint about what is going in, and KILL is most
|
||||
* obvious/clear, and less intrussive (you remove the spamfilter and
|
||||
|
|
|
|||
|
|
@ -159,6 +159,9 @@ void ban_flooder(aClient *cptr)
|
|||
inline void parse_addlag(aClient *cptr, int cmdbytes)
|
||||
{
|
||||
if (!IsServer(cptr) &&
|
||||
#ifdef FAKELAG_CONFIGURABLE
|
||||
!(cptr->class && (cptr->class->options & CLASS_OPT_NOFAKELAG)) &&
|
||||
#endif
|
||||
#ifdef NO_FAKE_LAG_FOR_LOCOPS
|
||||
!IsAnOper(cptr))
|
||||
#else
|
||||
|
|
|
|||
31
src/s_conf.c
31
src/s_conf.c
|
|
@ -3409,7 +3409,7 @@ int _test_oper(ConfigFile *conf, ConfigEntry *ce)
|
|||
*/
|
||||
int _conf_class(ConfigFile *conf, ConfigEntry *ce)
|
||||
{
|
||||
ConfigEntry *cep;
|
||||
ConfigEntry *cep, *cep2;
|
||||
ConfigItem_class *class;
|
||||
unsigned char isnew = 0;
|
||||
|
||||
|
|
@ -3423,6 +3423,7 @@ int _conf_class(ConfigFile *conf, ConfigEntry *ce)
|
|||
{
|
||||
isnew = 0;
|
||||
class->flag.temporary = 0;
|
||||
class->options = 0; /* RESET OPTIONS */
|
||||
}
|
||||
ircstrdup(class->name, ce->ce_vardata);
|
||||
|
||||
|
|
@ -3438,6 +3439,12 @@ int _conf_class(ConfigFile *conf, ConfigEntry *ce)
|
|||
class->sendq = atol(cep->ce_vardata);
|
||||
else if (!strcmp(cep->ce_varname, "recvq"))
|
||||
class->recvq = atol(cep->ce_vardata);
|
||||
else if (!strcmp(cep->ce_varname, "options"))
|
||||
{
|
||||
for (cep2 = cep->ce_entries; cep2; cep2 = cep2->ce_next)
|
||||
if (!strcmp(cep2->ce_varname, "nofakelag"))
|
||||
class->options |= CLASS_OPT_NOFAKELAG;
|
||||
}
|
||||
}
|
||||
if (isnew)
|
||||
AddListItem(class, conf_class);
|
||||
|
|
@ -3446,7 +3453,7 @@ int _conf_class(ConfigFile *conf, ConfigEntry *ce)
|
|||
|
||||
int _test_class(ConfigFile *conf, ConfigEntry *ce)
|
||||
{
|
||||
ConfigEntry *cep;
|
||||
ConfigEntry *cep, *cep2;
|
||||
int errors = 0;
|
||||
char has_pingfreq = 0, has_connfreq = 0, has_maxclients = 0, has_sendq = 0;
|
||||
char has_recvq = 0;
|
||||
|
|
@ -3458,13 +3465,29 @@ int _test_class(ConfigFile *conf, ConfigEntry *ce)
|
|||
}
|
||||
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
|
||||
{
|
||||
if (config_is_blankorempty(cep, "class"))
|
||||
if (!strcmp(cep->ce_varname, "options"))
|
||||
{
|
||||
for (cep2 = cep->ce_entries; cep2; cep2 = cep2->ce_next)
|
||||
{
|
||||
#ifdef FAKELAG_CONFIGURABLE
|
||||
if (!strcmp(cep2->ce_varname, "nofakelag"))
|
||||
;
|
||||
else
|
||||
#endif
|
||||
{
|
||||
config_error("%s:%d: Unknown option '%s' in class::options",
|
||||
cep2->ce_fileptr->cf_filename, cep2->ce_varlinenum, cep2->ce_varname);
|
||||
errors++;
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (config_is_blankorempty(cep, "class"))
|
||||
{
|
||||
errors++;
|
||||
continue;
|
||||
}
|
||||
/* class::pingfreq */
|
||||
if (!strcmp(cep->ce_varname, "pingfreq"))
|
||||
else if (!strcmp(cep->ce_varname, "pingfreq"))
|
||||
{
|
||||
int v = atol(cep->ce_vardata);
|
||||
if (has_pingfreq)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue