ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-10 02:59:01 -04:00
Code Issues Packages Projects Releases Wiki Activity

TRUNK CONFIG BREAKAGE WARNING: Move a bunch of options tag values into a new tag called 'security'. See example conf

Browse Source 
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@9504 e03df62e-2008-0410-955e-edbf42e46eb7
This commit is contained in:
brain 2008-04-14 19:57:11 +00:00
parent 2a8025dba8
commit f8b8a643c0
3 changed files with 116 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

201
docs/inspircd.conf.example
View File

@ -834,58 +834,6 @@
# if defined sets a soft maxconnections value, has # # if defined sets a soft maxconnections value, has #
# to be less than the ./configure maxclients # # to be less than the ./configure maxclients #
# # # #
# userstats - The userstats field is optional and specifies #
# which stats characters in /STATS may be requested #
# by non-operators. Stats characters in this field #
# are case sensitive and are allowed to users #
# independent of if they are in a module or the core #
# #
# operspywhois - If this is set then when an IRC operator uses #
# /WHOIS on a user they will see all channels, even #
# ones if channels are secret (+s), private (+p) or #
# if the target user is invisible +i. #
# #
# customversion - If you specify this configuration item, and it is #
# not set to an empty value, then when a user does #
# a /VERSION command on the ircd, this string will #
# be displayed as the second portion of the output, #
# replacing the system 'uname', compile flags and #
# socket engine/dns engine names. You may use this #
# to enhance security, or simply for vanity. #
# #
# maxtargets - The maxtargets field is optional, and if not #
# defined, defaults to 20. It indicates the maximum #
# number of targets which may be given to commands #
# such as PRIVMSG, KICK etc. #
# #
# hidesplits - When set to 'yes', will hide split server names #
# from non-opers. Non-opers will see '*.net *.split' #
# instead of the server names in the quit message, #
# identical to the way IRCu displays them. #
# #
# hidebans - When set to 'yes', will hide gline, kline, zline #
# and qline quit messages from non-opers. For #
# example, user A who is not an oper will just see #
# (G-Lined) while user B who is an oper will see the #
# text (G-Lined: Reason here) instead. #
# #
# hidewhois - When defined with a non-empty value, the given #
# text will be used in place of the user's server #
# in WHOIS, when a user is WHOISed by a non-oper. #
# For example, most nets will want to set this to #
# something like '*.netname.net' to conceal the #
# actual server the user is on. #
# #
# flatlinks - When you are using m_spanningtree.so, and this #
# value is set to yes, true or 1, /MAP and /LINKS #
# will be flattened when shown to a non-opers. #
# #
# hideulines - When you are using m_spanningtree.so, and this #
# value is set to yes, true or 1, then U-lined #
# servers will be hidden in /LINKS and /MAP for non #
# opers. Please be aware that this will also hide #
# any leaf servers of a U-lined server, e.g. jupes. #
# #
# nouserdns - If set to yes, true or 1, no user DNS lookups # # nouserdns - If set to yes, true or 1, no user DNS lookups #
# will be performed for connecting users. This can # # will be performed for connecting users. This can #
# save a lot of resources on very busy IRC servers. # # save a lot of resources on very busy IRC servers. #
@ -911,40 +859,6 @@
# nick!user@host is shown for who set a TOPIC last. # # nick!user@host is shown for who set a TOPIC last. #
# if set to no, then only the nickname is shown. # # if set to no, then only the nickname is shown. #
# # # #
# announceinvites #
# - If this option is set, then invites are announced #
# to the channel when a user invites another user. #
# If you consider this to be unnecessary noise, #
# set this to 'none'. To announce to all ops, set #
# this to 'ops' and to announce to all users set the #
# value to 'all'. #
# #
# The value 'dynamic' varies between 'ops' and 'all' #
# settings depending on if the channel is +i or not. #
# When the channel is +i, messages go only to ops, #
# and when the channel is not +i, messages go to #
# everyone. In short, the messages will go to every #
# user who has power of INVITE on the channel. This #
# is the recommended setting. #
# #
# disablehmac - If you are linking your InspIRCd to older versions #
# then you can specify this option and set it to #
# yes. 1.1.6 and above support HMAC and challenge- #
# response for password authentication. These can #
# greatly enhance security of your server to server #
# connections when you are not using SSL (as is the #
# case with a lot of larger networks). Linking to #
# older versions of InspIRCd should not *usually* be #
# a problem, but if you have problems with HMAC #
# authentication, this option can be used to turn it #
# off. #
# #
# hidemodes - If this option is enabled, then the listmodes #
# given (e.g. +eI), will be hidden from users below #
# halfop. This is not recommended to be set on mode #
# +b, as it may break some features in popular #
# clients such as mIRC. #
# #
# quietbursts - When synching or splitting from the network, a # # quietbursts - When synching or splitting from the network, a #
# server can generate a lot of connect and quit # # server can generate a lot of connect and quit #
# snotices to the +C and +Q snomasks. Setting this # # snotices to the +C and +Q snomasks. Setting this #
@ -994,32 +908,123 @@
deprotectothers="no" deprotectothers="no"
somaxconn="128" somaxconn="128"
softlimit="12800" softlimit="12800"
userstats="Pu"
operspywhois="no"
customversion=""
maxtargets="20"
hidesplits="no"
hidebans="no"
hidewhois=""
flatlinks="no"
hideulines="no"
nouserdns="no" nouserdns="no"
syntaxhints="no" syntaxhints="no"
cyclehosts="yes" cyclehosts="yes"
ircumsgprefix="no" ircumsgprefix="no"
announcets="yes" announcets="yes"
disablehmac="no"
hostintopic="yes" hostintopic="yes"
hidemodes="eI"
quietbursts="yes" quietbursts="yes"
pingwarning="15" pingwarning="15"
serverpingfreq="60" serverpingfreq="60"
allowhalfop="yes" allowhalfop="yes"
defaultmodes="nt" defaultmodes="nt"
announceinvites="dynamic"
moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help." moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help."
exemptchanops=""> exemptchanops="">
#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
# announceinvites #
# - If this option is set, then invites are announced #
# to the channel when a user invites another user. #
# If you consider this to be unnecessary noise, #
# set this to 'none'. To announce to all ops, set #
# this to 'ops' and to announce to all users set the #
# value to 'all'. #
# #
# The value 'dynamic' varies between 'ops' and 'all' #
# settings depending on if the channel is +i or not. #
# When the channel is +i, messages go only to ops, #
# and when the channel is not +i, messages go to #
# everyone. In short, the messages will go to every #
# user who has power of INVITE on the channel. This #
# is the recommended setting. #
# #
# disablehmac - If you are linking your InspIRCd to older versions #
# then you can specify this option and set it to #
# yes. 1.1.6 and above support HMAC and challenge- #
# response for password authentication. These can #
# greatly enhance security of your server to server #
# connections when you are not using SSL (as is the #
# case with a lot of larger networks). Linking to #
# older versions of InspIRCd should not *usually* be #
# a problem, but if you have problems with HMAC #
# authentication, this option can be used to turn it #
# off. #
# #
# hidemodes - If this option is enabled, then the listmodes #
# given (e.g. +eI), will be hidden from users below #
# halfop. This is not recommended to be set on mode #
# +b, as it may break some features in popular #
# clients such as mIRC. #
# #
# hidesplits - When set to 'yes', will hide split server names #
# from non-opers. Non-opers will see '*.net *.split' #
# instead of the server names in the quit message, #
# identical to the way IRCu displays them. #
# #
# hidebans - When set to 'yes', will hide gline, kline, zline #
# and qline quit messages from non-opers. For #
# example, user A who is not an oper will just see #
# (G-Lined) while user B who is an oper will see the #
# text (G-Lined: Reason here) instead. #
# #
# hidewhois - When defined with a non-empty value, the given #
# text will be used in place of the user's server #
# in WHOIS, when a user is WHOISed by a non-oper. #
# For example, most nets will want to set this to #
# something like '*.netname.net' to conceal the #
# actual server the user is on. #
# #
# flatlinks - When you are using m_spanningtree.so, and this #
# value is set to yes, true or 1, /MAP and /LINKS #
# will be flattened when shown to a non-opers. #
# #
# hideulines - When you are using m_spanningtree.so, and this #
# value is set to yes, true or 1, then U-lined #
# servers will be hidden in /LINKS and /MAP for non #
# opers. Please be aware that this will also hide #
# any leaf servers of a U-lined server, e.g. jupes. #
# #
# userstats - The userstats field is optional and specifies #
# which stats characters in /STATS may be requested #
# by non-operators. Stats characters in this field #
# are case sensitive and are allowed to users #
# independent of if they are in a module or the core #
# #
# operspywhois - If this is set then when an IRC operator uses #
# /WHOIS on a user they will see all channels, even #
# ones if channels are secret (+s), private (+p) or #
# if the target user is invisible +i. #
# #
# customversion - If you specify this configuration item, and it is #
# not set to an empty value, then when a user does #
# a /VERSION command on the ircd, this string will #
# be displayed as the second portion of the output, #
# replacing the system 'uname', compile flags and #
# socket engine/dns engine names. You may use this #
# to enhance security, or simply for vanity. #
# #
# maxtargets - The maxtargets field is optional, and if not #
# defined, defaults to 20. It indicates the maximum #
# number of targets which may be given to commands #
# such as PRIVMSG, KICK etc. #
# #
<security announceinvites="dynamic"
hidemodes="eI"
disablehmac="no"
hideulines="no"
flatlinks="no"
hidewhois=""
hidebans="no"
hidekills=""
hidesplits="no"
maxtargets="20"
customversion=""
operspywhois="no"
userstats="Pu">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Logging # Logging
# ------- # -------

20
src/configreader.cpp
View File

@ -792,22 +792,22 @@ void ServerConfig::Read(bool bail, User* user)
{"dns", "timeout", "5", new ValueContainerInt (&this->dns_timeout), DT_INTEGER, NoValidation}, {"dns", "timeout", "5", new ValueContainerInt (&this->dns_timeout), DT_INTEGER, NoValidation},
{"options", "moduledir", MOD_PATH, new ValueContainerChar (this->ModPath), DT_CHARPTR, NoValidation}, {"options", "moduledir", MOD_PATH, new ValueContainerChar (this->ModPath), DT_CHARPTR, NoValidation},
{"disabled", "commands", "", new ValueContainerChar (this->DisabledCommands), DT_CHARPTR, NoValidation}, {"disabled", "commands", "", new ValueContainerChar (this->DisabledCommands), DT_CHARPTR, NoValidation},
{"options", "userstats", "", new ValueContainerChar (this->UserStats), DT_CHARPTR, NoValidation}, {"security", "userstats", "", new ValueContainerChar (this->UserStats), DT_CHARPTR, NoValidation},
{"options", "customversion","", new ValueContainerChar (this->CustomVersion), DT_CHARPTR, NoValidation}, {"security", "customversion","", new ValueContainerChar (this->CustomVersion), DT_CHARPTR, NoValidation},
{"options", "hidesplits", "0", new ValueContainerBool (&this->HideSplits), DT_BOOLEAN, NoValidation}, {"security", "hidesplits", "0", new ValueContainerBool (&this->HideSplits), DT_BOOLEAN, NoValidation},
{"options", "hidebans", "0", new ValueContainerBool (&this->HideBans), DT_BOOLEAN, NoValidation}, {"security", "hidebans", "0", new ValueContainerBool (&this->HideBans), DT_BOOLEAN, NoValidation},
{"options", "hidewhois", "", new ValueContainerChar (this->HideWhoisServer), DT_NOSPACES, NoValidation}, {"security", "hidewhois", "", new ValueContainerChar (this->HideWhoisServer), DT_NOSPACES, NoValidation},
{"options", "hidekills", "", new ValueContainerChar (this->HideKillsServer), DT_NOSPACES, NoValidation}, {"security", "hidekills", "", new ValueContainerChar (this->HideKillsServer), DT_NOSPACES, NoValidation},
{"options", "operspywhois", "0", new ValueContainerBool (&this->OperSpyWhois), DT_BOOLEAN, NoValidation}, {"security", "operspywhois", "0", new ValueContainerBool (&this->OperSpyWhois), DT_BOOLEAN, NoValidation},
{"options", "nouserdns", "0", new ValueContainerBool (&this->NoUserDns), DT_BOOLEAN, NoValidation}, {"options", "nouserdns", "0", new ValueContainerBool (&this->NoUserDns), DT_BOOLEAN, NoValidation},
{"options", "syntaxhints", "0", new ValueContainerBool (&this->SyntaxHints), DT_BOOLEAN, NoValidation}, {"options", "syntaxhints", "0", new ValueContainerBool (&this->SyntaxHints), DT_BOOLEAN, NoValidation},
{"options", "cyclehosts", "0", new ValueContainerBool (&this->CycleHosts), DT_BOOLEAN, NoValidation}, {"options", "cyclehosts", "0", new ValueContainerBool (&this->CycleHosts), DT_BOOLEAN, NoValidation},
{"options", "ircumsgprefix","0", new ValueContainerBool (&this->UndernetMsgPrefix), DT_BOOLEAN, NoValidation}, {"options", "ircumsgprefix","0", new ValueContainerBool (&this->UndernetMsgPrefix), DT_BOOLEAN, NoValidation},
{"options", "announceinvites", "1", new ValueContainerChar (announceinvites), DT_CHARPTR, ValidateInvite}, {"security", "announceinvites", "1", new ValueContainerChar (announceinvites), DT_CHARPTR, ValidateInvite},
{"options", "hostintopic", "1", new ValueContainerBool (&this->FullHostInTopic), DT_BOOLEAN, NoValidation}, {"options", "hostintopic", "1", new ValueContainerBool (&this->FullHostInTopic), DT_BOOLEAN, NoValidation},
{"options", "hidemodes", "", new ValueContainerChar (hidemodes), DT_CHARPTR, ValidateModeLists}, {"security", "hidemodes", "", new ValueContainerChar (hidemodes), DT_CHARPTR, ValidateModeLists},
{"options", "exemptchanops","", new ValueContainerChar (exemptchanops), DT_CHARPTR, ValidateExemptChanOps}, {"options", "exemptchanops","", new ValueContainerChar (exemptchanops), DT_CHARPTR, ValidateExemptChanOps},
{"options", "maxtargets", "20", new ValueContainerUInt (&this->MaxTargets), DT_INTEGER, ValidateMaxTargets}, {"security", "maxtargets", "20", new ValueContainerUInt (&this->MaxTargets), DT_INTEGER, ValidateMaxTargets},
{"options", "defaultmodes", "nt", new ValueContainerChar (this->DefaultModes), DT_CHARPTR, NoValidation}, {"options", "defaultmodes", "nt", new ValueContainerChar (this->DefaultModes), DT_CHARPTR, NoValidation},
{"pid", "file", "", new ValueContainerChar (this->PID), DT_CHARPTR, NoValidation}, {"pid", "file", "", new ValueContainerChar (this->PID), DT_CHARPTR, NoValidation},
{"whowas", "groupsize", "10", new ValueContainerInt (&this->WhoWasGroupSize), DT_INTEGER, NoValidation}, {"whowas", "groupsize", "10", new ValueContainerInt (&this->WhoWasGroupSize), DT_INTEGER, NoValidation},

6
src/modules/m_spanningtree/utils.cpp
View File

@ -439,10 +439,10 @@ void SpanningTreeUtilities::ReadConfiguration(bool rebind)
} }
} }
} }
FlatLinks = Conf->ReadFlag("options","flatlinks",0); FlatLinks = Conf->ReadFlag("security","flatlinks",0);
HideULines = Conf->ReadFlag("options","hideulines",0); HideULines = Conf->ReadFlag("security","hideulines",0);
AnnounceTSChange = Conf->ReadFlag("options","announcets",0); AnnounceTSChange = Conf->ReadFlag("options","announcets",0);
ChallengeResponse = !Conf->ReadFlag("options", "disablehmac", 0); ChallengeResponse = !Conf->ReadFlag("security", "disablehmac", 0);
quiet_bursts = Conf->ReadFlag("options", "quietbursts", 0); quiet_bursts = Conf->ReadFlag("options", "quietbursts", 0);
PingWarnTime = Conf->ReadInteger("options", "pingwarning", 0, true); PingWarnTime = Conf->ReadInteger("options", "pingwarning", 0, true);
PingFreq = Conf->ReadInteger("options", "serverpingfreq", 0, true); PingFreq = Conf->ReadInteger("options", "serverpingfreq", 0, true);