commit f78b0c61e967c66386803a3dc77069c66bd664de from: Alexander Barton date: Wed Sep 30 14:00:04 2009 UTC New configuration option "AllowRemoteOper" Added new configuration option "AllowRemoteOper" to control whether remote IRC operators are allowed to use administrative commands that affect this server or not This commit introduces the configuration variable, but actually no function is using it. That's up for the next patches to come ... commit - fa09883c72855768a0f827a330097bf3dc5c839e commit + f78b0c61e967c66386803a3dc77069c66bd664de blob - 0d0061bcba6bbc83c801f22bc14659830f074901 blob + b945224efdec1bc6e5d1d55b2cd7067639fdcd40 --- doc/sample-ngircd.conf +++ doc/sample-ngircd.conf @@ -114,6 +114,10 @@ # Mask IRC Operator mode requests as if they were coming from the # server? (This is a compatibility hack for ircd-irc2 servers) ;OperServerMode = no + + # Are remote IRC operators allowed to control this server, e. g. + # use commands like CONNECT, SQUIT, DIE, ...? + ;AllowRemoteOper = no # Allow Pre-Defined Channels only (see Section [Channels]) ;PredefChannelsOnly = no blob - a725af65342c469dd330600f46299b1eabea1987 blob + d9e6f4626c0f161f0019b2e463f07ba0680980fe --- man/ngircd.conf.5.tmpl +++ man/ngircd.conf.5.tmpl @@ -179,6 +179,11 @@ If \fBOperCanUseMode\fR is enabled, this may lead the Servers that run the ircd-irc2 Software. This Option "masks" mode requests by non-chanops as if they were coming from the server. Default: no. .TP +\fBAllowRemoteOper\fR +Are IRC operators connected to remote servers allowed to control this server, +e. g. are they allowed to use administrative commands like CONNECT, DIE, +SQUIT, ... that affect this server? Default: no. +.TP \fBPredefChannelsOnly\fR If enabled, no new channels can be created. Useful if you do not want to have channels other than those defined in blob - c50f8f9ff222bc8156047398aa77bc04d0164d02 blob + c728d55f504a40f3020c593dd4afd49991e98500 --- src/ngircd/conf.c +++ src/ngircd/conf.c @@ -263,7 +263,6 @@ Conf_Test( void ) printf( " PidFile = %s\n", Conf_PidFile); printf(" Listen = %s\n", Conf_ListenAddress); fputs(" Ports = ", stdout); - ports_puts(&Conf_ListenPorts); #ifdef SSL_SUPPORT fputs(" SSLPorts = ", stdout); @@ -272,29 +271,34 @@ Conf_Test( void ) config_valid = false; #endif - pwd = getpwuid( Conf_UID ); - if( pwd ) printf( " ServerUID = %s\n", pwd->pw_name ); - else printf( " ServerUID = %ld\n", (long)Conf_UID ); - grp = getgrgid( Conf_GID ); - if( grp ) printf( " ServerGID = %s\n", grp->gr_name ); - else printf( " ServerGID = %ld\n", (long)Conf_GID ); - printf( " PingTimeout = %d\n", Conf_PingTimeout ); - printf( " PongTimeout = %d\n", Conf_PongTimeout ); - printf( " ConnectRetry = %d\n", Conf_ConnectRetry ); - printf( " OperCanUseMode = %s\n", yesno_to_str(Conf_OperCanMode)); - printf( " OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); - printf( " PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); - printf( " NoDNS = %s\n", yesno_to_str(Conf_NoDNS)); - printf( " NoIdent = %s\n", yesno_to_str(Conf_NoIdent)); + pwd = getpwuid(Conf_UID); + if (pwd) + printf(" ServerUID = %s\n", pwd->pw_name); + else + printf(" ServerUID = %ld\n", (long)Conf_UID); + grp = getgrgid(Conf_GID); + if (grp) + printf(" ServerGID = %s\n", grp->gr_name); + else + printf(" ServerGID = %ld\n", (long)Conf_GID); + printf(" PingTimeout = %d\n", Conf_PingTimeout); + printf(" PongTimeout = %d\n", Conf_PongTimeout); + printf(" ConnectRetry = %d\n", Conf_ConnectRetry); + printf(" OperCanUseMode = %s\n", yesno_to_str(Conf_OperCanMode)); + printf(" OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); + printf(" AllowRemoteOper = %s\n", yesno_to_str(Conf_AllowRemoteOper)); + printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); + printf(" NoDNS = %s\n", yesno_to_str(Conf_NoDNS)); + printf(" NoIdent = %s\n", yesno_to_str(Conf_NoIdent)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); printf(" ConnectIPv6 = %s\n", yesno_to_str(Conf_ConnectIPv4)); #endif - printf( " MaxConnections = %ld\n", Conf_MaxConnections); - printf( " MaxConnectionsIP = %d\n", Conf_MaxConnectionsIP); - printf( " MaxJoins = %d\n", Conf_MaxJoins>0 ? Conf_MaxJoins : -1); - printf( " MaxNickLength = %u\n\n", Conf_MaxNickLength - 1); + printf(" MaxConnections = %ld\n", Conf_MaxConnections); + printf(" MaxConnectionsIP = %d\n", Conf_MaxConnectionsIP); + printf(" MaxJoins = %d\n", Conf_MaxJoins > 0 ? Conf_MaxJoins : -1); + printf(" MaxNickLength = %u\n\n", Conf_MaxNickLength - 1); for( i = 0; i < Conf_Oper_Count; i++ ) { if( ! Conf_Oper[i].name[0] ) continue; @@ -511,47 +515,47 @@ Conf_IsService(int ConfServer, const char *Nick) } /* Conf_IsService */ +/** + * Initialize configuration settings with their default values. + */ static void -Set_Defaults( bool InitServers ) +Set_Defaults(bool InitServers) { - /* Initialize configuration variables with default values. */ - int i; - strcpy( Conf_ServerName, "" ); - snprintf( Conf_ServerInfo, sizeof Conf_ServerInfo, "%s %s", PACKAGE_NAME, PACKAGE_VERSION ); - strcpy( Conf_ServerPwd, "" ); + strcpy(Conf_ServerName, ""); + snprintf(Conf_ServerInfo, sizeof Conf_ServerInfo, "%s %s", + PACKAGE_NAME, PACKAGE_VERSION); + strcpy(Conf_ServerPwd, ""); - strcpy( Conf_ServerAdmin1, "" ); - strcpy( Conf_ServerAdmin2, "" ); - strcpy( Conf_ServerAdminMail, "" ); + strcpy(Conf_ServerAdmin1, ""); + strcpy(Conf_ServerAdmin2, ""); + strcpy(Conf_ServerAdminMail, ""); - strlcpy( Conf_MotdFile, SYSCONFDIR, sizeof( Conf_MotdFile )); - strlcat( Conf_MotdFile, MOTD_FILE, sizeof( Conf_MotdFile )); + strlcpy(Conf_MotdFile, SYSCONFDIR, sizeof(Conf_MotdFile)); + strlcat(Conf_MotdFile, MOTD_FILE, sizeof(Conf_MotdFile)); + strlcpy(Conf_MotdPhrase, MOTD_PHRASE, sizeof(Conf_MotdPhrase)); - strlcpy( Conf_MotdPhrase, MOTD_PHRASE, sizeof( Conf_MotdPhrase )); - - strlcpy( Conf_Chroot, CHROOT_DIR, sizeof( Conf_Chroot )); - - strlcpy( Conf_PidFile, PID_FILE, sizeof( Conf_PidFile )); + Conf_UID = Conf_GID = 0; + strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot)); + strlcpy(Conf_PidFile, PID_FILE, sizeof(Conf_PidFile)); free(Conf_ListenAddress); Conf_ListenAddress = NULL; - Conf_UID = Conf_GID = 0; Conf_PingTimeout = 120; Conf_PongTimeout = 20; - Conf_ConnectRetry = 60; + Conf_NoDNS = false; + Conf_NoIdent = false; Conf_Oper_Count = 0; Conf_Channel_Count = 0; Conf_OperCanMode = false; - Conf_NoDNS = false; - Conf_NoIdent = false; - Conf_PredefChannelsOnly = false; Conf_OperServerMode = false; + Conf_AllowRemoteOper = false; + Conf_PredefChannelsOnly = false; Conf_ConnectIPv4 = true; Conf_ConnectIPv6 = true; @@ -562,7 +566,10 @@ Set_Defaults( bool InitServers ) Conf_MaxNickLength = CLIENT_NICK_LEN_DEFAULT; /* Initialize server configuration structures */ - if( InitServers ) for( i = 0; i < MAX_SERVERS; Init_Server_Struct( &Conf_Server[i++] )); + if (InitServers) { + for (i = 0; i < MAX_SERVERS; + Init_Server_Struct(&Conf_Server[i++])); + } } /* Set_Defaults */ @@ -974,6 +981,11 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) Conf_OperServerMode = Check_ArgIsTrue( Arg ); return; } + if(strcasecmp(Var, "AllowRemoteOper") == 0) { + /* Are remote IRC operators allowed to control this server? */ + Conf_AllowRemoteOper = Check_ArgIsTrue(Arg); + return; + } if( strcasecmp( Var, "MaxConnections" ) == 0 ) { /* Maximum number of connections. 0 -> "no limit". */ #ifdef HAVE_ISDIGIT blob - 9bdecdeee69fb44dcefbf888863a239733d84bd7 blob + 2308e4cbb83d3844c9baf8b01b3ab07afb05ef31 --- src/ngircd/conf.h +++ src/ngircd/conf.h @@ -140,6 +140,14 @@ GLOBAL bool Conf_PredefChannelsOnly; /* Are IRC operators allowed to always use MODE? */ GLOBAL bool Conf_OperCanMode; +/* If an IRC op gives chanop privileges without being a chanop, + * ircd2 will ignore the command. This enables a workaround: + * It masks the command as coming from the server */ +GLOBAL bool Conf_OperServerMode; + +/* Are remote IRC operators allowed to manage this server? */ +GLOBAL bool Conf_AllowRemoteOper; + /* Disable all DNS functions? */ GLOBAL bool Conf_NoDNS; @@ -155,11 +163,6 @@ GLOBAL bool Conf_ConnectIPv6; /* same as above, but for ipv4 hosts, default: yes */ GLOBAL bool Conf_ConnectIPv4; -/* If an IRC op gives chanop privileges without being a chanop, - * ircd2 will ignore the command. This enables a workaround: - * It masks the command as coming from the server */ -GLOBAL bool Conf_OperServerMode; - /* Maximum number of connections to this server */ GLOBAL long Conf_MaxConnections;