diff --git a/include/dynconf.h b/include/dynconf.h index 796264e5b..969f8c69c 100644 --- a/include/dynconf.h +++ b/include/dynconf.h @@ -92,11 +92,11 @@ struct zConfiguration { char *static_quit; char *static_part; SSLOptions *ssl_options; - PlaintextPolicy plaintext_policy_user; + Policy plaintext_policy_user; char *plaintext_policy_user_message; - PlaintextPolicy plaintext_policy_oper; + Policy plaintext_policy_oper; char *plaintext_policy_oper_message; - PlaintextPolicy plaintext_policy_server; + Policy plaintext_policy_server; enum UHAllowed userhost_allowed; char *restrict_usermodes; char *restrict_channelmodes; diff --git a/include/h.h b/include/h.h index 2769497a9..da5233951 100644 --- a/include/h.h +++ b/include/h.h @@ -785,9 +785,9 @@ extern int invisible_user_in_channel(aClient *target, aChannel *chptr); extern MODVAR int ssl_client_index; extern SSLOptions *FindSSLOptionsForUser(aClient *acptr); extern int IsWebsocket(aClient *acptr); -extern PlaintextPolicy plaintextpolicy_strtoval(char *s); -extern char *plaintextpolicy_valtostr(PlaintextPolicy policy); -extern char plaintextpolicy_valtochar(PlaintextPolicy policy); +extern Policy policy_strtoval(char *s); +extern char *policy_valtostr(Policy policy); +extern char policy_valtochar(Policy policy); extern int verify_certificate(SSL *ssl, char *hostname, char **errstr); extern char *certificate_name(SSL *ssl); extern int cipher_check(SSL_CTX *ctx, char **errstr); diff --git a/include/struct.h b/include/struct.h index 8724a8766..29ef40fe6 100644 --- a/include/struct.h +++ b/include/struct.h @@ -1785,10 +1785,10 @@ int throttle_can_connect(aClient *); #define MATCH_USE_IDENT 0x0100 typedef enum { - PLAINTEXT_POLICY_ALLOW=1, - PLAINTEXT_POLICY_WARN=2, - PLAINTEXT_POLICY_DENY=3 -} PlaintextPolicy; + POLICY_ALLOW=1, + POLICY_WARN=2, + POLICY_DENY=3 +} Policy; #define NO_EXIT_CLIENT 99 diff --git a/src/modules/cap/plaintext-policy.c b/src/modules/cap/plaintext-policy.c index 95bade26c..fecc1aff1 100644 --- a/src/modules/cap/plaintext-policy.c +++ b/src/modules/cap/plaintext-policy.c @@ -57,9 +57,9 @@ char *plaintext_policy_capability_parameter(aClient *acptr) static char buf[128]; snprintf(buf, sizeof(buf), "user=%s,oper=%s,server=%s", - plaintextpolicy_valtostr(iConf.plaintext_policy_user), - plaintextpolicy_valtostr(iConf.plaintext_policy_oper), - plaintextpolicy_valtostr(iConf.plaintext_policy_server)); + policy_valtostr(iConf.plaintext_policy_user), + policy_valtostr(iConf.plaintext_policy_oper), + policy_valtostr(iConf.plaintext_policy_server)); return buf; } diff --git a/src/modules/m_nick.c b/src/modules/m_nick.c index cd46e71c2..6a550164a 100644 --- a/src/modules/m_nick.c +++ b/src/modules/m_nick.c @@ -1576,7 +1576,7 @@ int _register_user(aClient *cptr, aClient *sptr, char *nick, char *username, cha sendto_one(sptr, rpl_str(RPL_SNOMASK), me.name, sptr->name, get_snostr(user->snomask)); - if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_WARN)) + if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_user == POLICY_WARN)) sendnotice(sptr, "%s", iConf.plaintext_policy_user_message); /* Make creation time the real 'online since' time, excluding registration time. @@ -1692,7 +1692,7 @@ int AllowClient(aClient *cptr, struct hostent *hp, char *sockhost, char *usernam static char uhost[HOSTLEN + USERLEN + 3]; static char fullname[HOSTLEN + 1]; - if (!IsSecure(cptr) && !IsLocal(cptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY)) + if (!IsSecure(cptr) && !IsLocal(cptr) && (iConf.plaintext_policy_user == POLICY_DENY)) { return exit_client(cptr, cptr, &me, iConf.plaintext_policy_user_message); } diff --git a/src/modules/m_oper.c b/src/modules/m_oper.c index 3ac35139e..708d2f702 100644 --- a/src/modules/m_oper.c +++ b/src/modules/m_oper.c @@ -114,7 +114,7 @@ CMD_FUNC(m_oper) name = parv[1]; password = (parc > 2) ? parv[2] : ""; - if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_DENY)) + if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_oper == POLICY_DENY)) { /* Reject early */ sendnotice(sptr, "%s", iConf.plaintext_policy_oper_message); @@ -304,7 +304,7 @@ CMD_FUNC(m_oper) return FLUSH_BUFFER; } - if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_WARN)) + if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_oper == POLICY_WARN)) { sendnotice(sptr, "%s", iConf.plaintext_policy_oper_message); sendto_snomask_global diff --git a/src/modules/m_sasl.c b/src/modules/m_sasl.c index 4f836beb2..b43cdb77c 100644 --- a/src/modules/m_sasl.c +++ b/src/modules/m_sasl.c @@ -312,7 +312,7 @@ int sasl_capability_visible(aClient *sptr) if (!SASL_SERVER || !find_server(SASL_SERVER, NULL)) return 0; - if (sptr && !IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY)) + if (sptr && !IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_user == POLICY_DENY)) return 0; return 1; diff --git a/src/modules/m_server.c b/src/modules/m_server.c index b96a6b400..18e343c04 100644 --- a/src/modules/m_server.c +++ b/src/modules/m_server.c @@ -400,7 +400,7 @@ skip_host_check: get_client_name(cptr, TRUE)); return exit_client(cptr, cptr, &me, "Full class"); } - if (!IsLocal(cptr) && (iConf.plaintext_policy_server == PLAINTEXT_POLICY_DENY) && !IsSecure(cptr)) + if (!IsLocal(cptr) && (iConf.plaintext_policy_server == POLICY_DENY) && !IsSecure(cptr)) { sendto_one(cptr, "ERROR :Servers need to use SSL/TLS (set::plaintext-policy::server is 'deny')"); sendto_ops_and_log("Rejected insecure server %s. See https://www.unrealircd.org/docs/FAQ#ERROR:_Servers_need_to_use_SSL.2FTLS", cptr->name); @@ -867,7 +867,7 @@ int m_server_synch(aClient *cptr, ConfigItem_link *aconf) * Yeah.. there are still other cases when non-SSL links are fine (eg: local IP * of the same machine), we won't bother with detecting that. -- Syzop */ - if (!IsLocal(cptr) && (iConf.plaintext_policy_server == PLAINTEXT_POLICY_WARN)) + if (!IsLocal(cptr) && (iConf.plaintext_policy_server == POLICY_WARN)) { sendto_realops("\002WARNING:\002 This link is unencrypted (non-SSL). We highly recommend to use " "SSL server linking. See https://www.unrealircd.org/docs/Linking_servers"); diff --git a/src/modules/m_stats.c b/src/modules/m_stats.c index 24ce8df1d..bcd219e59 100644 --- a/src/modules/m_stats.c +++ b/src/modules/m_stats.c @@ -1320,11 +1320,11 @@ int stats_set(aClient *sptr, char *para) sendto_one(sptr, ":%s %i %s :check-target-nick-bans: %s", me.name, RPL_TEXT, sptr->name, CHECK_TARGET_NICK_BANS ? "yes" : "no"); sendto_one(sptr, ":%s %i %s :plaintext-policy::user: %s", me.name, RPL_TEXT, - sptr->name, plaintextpolicy_valtostr(iConf.plaintext_policy_user)); + sptr->name, policy_valtostr(iConf.plaintext_policy_user)); sendto_one(sptr, ":%s %i %s :plaintext-policy::oper: %s", me.name, RPL_TEXT, - sptr->name, plaintextpolicy_valtostr(iConf.plaintext_policy_oper)); + sptr->name, policy_valtostr(iConf.plaintext_policy_oper)); sendto_one(sptr, ":%s %i %s :plaintext-policy::server: %s", me.name, RPL_TEXT, - sptr->name, plaintextpolicy_valtostr(iConf.plaintext_policy_server)); + sptr->name, policy_valtostr(iConf.plaintext_policy_server)); RunHook2(HOOKTYPE_STATS, sptr, "S"); return 1; } diff --git a/src/s_conf.c b/src/s_conf.c index 5fc9e5775..9cd6c56be 100644 --- a/src/s_conf.c +++ b/src/s_conf.c @@ -721,41 +721,41 @@ char chfl_to_chanmode(int s) /* NOT REACHED */ } -PlaintextPolicy plaintextpolicy_strtoval(char *s) +Policy policy_strtoval(char *s) { if (!s) return 0; if (!strcmp(s, "allow")) - return PLAINTEXT_POLICY_ALLOW; + return POLICY_ALLOW; if (!strcmp(s, "warn")) - return PLAINTEXT_POLICY_WARN; + return POLICY_WARN; if (!strcmp(s, "deny")) - return PLAINTEXT_POLICY_DENY; + return POLICY_DENY; return 0; } -char *plaintextpolicy_valtostr(PlaintextPolicy policy) +char *policy_valtostr(Policy policy) { - if (policy == PLAINTEXT_POLICY_ALLOW) + if (policy == POLICY_ALLOW) return "allow"; - if (policy == PLAINTEXT_POLICY_WARN) + if (policy == POLICY_WARN) return "warn"; - if (policy == PLAINTEXT_POLICY_DENY) + if (policy == POLICY_DENY) return "deny"; return "???"; } -char plaintextpolicy_valtochar(PlaintextPolicy policy) +char policy_valtochar(Policy policy) { - if (policy == PLAINTEXT_POLICY_ALLOW) + if (policy == POLICY_ALLOW) return 'a'; - if (policy == PLAINTEXT_POLICY_WARN) + if (policy == POLICY_WARN) return 'w'; - if (policy == PLAINTEXT_POLICY_DENY) + if (policy == POLICY_DENY) return 'd'; return '?'; } @@ -1521,9 +1521,9 @@ void config_setdefaultsettings(aConfiguration *i) i->ssl_options->ecdh_curves = strdup(UNREALIRCD_DEFAULT_ECDH_CURVES); #endif - i->plaintext_policy_user = PLAINTEXT_POLICY_ALLOW; - i->plaintext_policy_oper = PLAINTEXT_POLICY_WARN; - i->plaintext_policy_server = PLAINTEXT_POLICY_DENY; + i->plaintext_policy_user = POLICY_ALLOW; + i->plaintext_policy_oper = POLICY_WARN; + i->plaintext_policy_server = POLICY_DENY; i->reject_message_password_mismatch = strdup("Password mismatch"); i->reject_message_too_many_connections = strdup("Too many connections from your IP"); @@ -1543,18 +1543,18 @@ void postconf_defaults(void) if (!iConf.plaintext_policy_user_message) { /* The message depends on whether it's reject or warn.. */ - if (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY) + if (iConf.plaintext_policy_user == POLICY_DENY) safestrdup(iConf.plaintext_policy_user_message, "Insecure connection. Please reconnect using SSL/TLS."); - else if (iConf.plaintext_policy_user == PLAINTEXT_POLICY_WARN) + else if (iConf.plaintext_policy_user == POLICY_WARN) safestrdup(iConf.plaintext_policy_user_message, "WARNING: Insecure connection. Please consider using SSL/TLS."); } if (!iConf.plaintext_policy_oper_message) { /* The message depends on whether it's reject or warn.. */ - if (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_DENY) + if (iConf.plaintext_policy_oper == POLICY_DENY) safestrdup(iConf.plaintext_policy_oper_message, "You need to use a secure connection (SSL/TLS) in order to /OPER."); - else if (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_WARN) + else if (iConf.plaintext_policy_oper == POLICY_WARN) safestrdup(iConf.plaintext_policy_oper_message, "WARNING: You /OPER'ed up from an insecure connection. Please consider using SSL/TLS."); } @@ -7974,11 +7974,11 @@ int _conf_set(ConfigFile *conf, ConfigEntry *ce) for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) { if (!strcmp(cepp->ce_varname, "user")) - tempiConf.plaintext_policy_user = plaintextpolicy_strtoval(cepp->ce_vardata); + tempiConf.plaintext_policy_user = policy_strtoval(cepp->ce_vardata); else if (!strcmp(cepp->ce_varname, "oper")) - tempiConf.plaintext_policy_oper = plaintextpolicy_strtoval(cepp->ce_vardata); + tempiConf.plaintext_policy_oper = policy_strtoval(cepp->ce_vardata); else if (!strcmp(cepp->ce_varname, "server")) - tempiConf.plaintext_policy_server = plaintextpolicy_strtoval(cepp->ce_vardata); + tempiConf.plaintext_policy_server = policy_strtoval(cepp->ce_vardata); else if (!strcmp(cepp->ce_varname, "user-message")) safestrdup(tempiConf.plaintext_policy_user_message, cepp->ce_vardata); else if (!strcmp(cepp->ce_varname, "oper-message")) @@ -8853,9 +8853,9 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce) !strcmp(cepp->ce_varname, "oper") || !strcmp(cepp->ce_varname, "server")) { - PlaintextPolicy policy; + Policy policy; CheckNull(cepp); - policy = plaintextpolicy_strtoval(cepp->ce_vardata); + policy = policy_strtoval(cepp->ce_vardata); if (!policy) { config_error("%s:%i: set::plaintext-policy::%s: needs to be one of: 'allow', 'warn' or 'reject'",