DareNET IRCd Configuration/1.5

This is a reference guide for ircd-darenet 1.4.1+'s configuration file.

The configuration format consists of various blocks, each containing name-value pairs, tags and/or string data. It is designed to be easily readable by both human and ircd.

A block consists of a block name, an opening '{' brace, statements, a closing '}' brace, and a ';' semicolon. A statement consists of a name possibly followed by an '=' equals sign and a value, ending with a semicolon. All strings are surrounded by '"' double quotes.

All elements of the configuration are separated by whitespace, and can be packed on one line, or broken up over several lines. Whitespace is defined as space, tab or carriage return/linefeed. Three form of comments are allowed:

* C style single/multi-line

* C++ style single-line

Times / durations are written as:

* A number in seconds (e.g., 60)

* An arithmetic expression (e.g., 1*60+20)

 

 

* Decade, year, month, week, day, hour, minute, second

 

 

 

Sizes and times may be specified as singular or plural.

{| class="simpletable"

<html><pre><strong>general</strong> {

     numeric = <span class="integer"> 999</span>;

{| class="simpletable"

<html><pre><strong>admin</strong> {

{| class="simpletable"

<html><pre><strong>class</strong> {

     <span class="comment">/* usermode: an optional list of user modes that should be set

<strong>class</strong> {

<strong>class</strong> {

<strong>class</strong> {

{| class="simpletable"

<html><pre><strong>client</strong> {

     * if you are using the ip mask to match against.

The server uses a default deny policy for incoming connections; at least one Client block must be supplied if you wish to use your server.

The <code>host</code> and <code>ip</code> tokens specify which connections the block matches. The server always performs DNS and ident lookups for connections. If DNS cannot find a hostname, the IP is used instead. If ident cannot get a valid response, "unknown" is used during this state. The client's resolved hostname, IP address, ident reply, and username (from the USER line) are used according to the results of the matches described below.

Note: There is a special case for UNIX domain sockets and localhost connections. In these cases, the <code><ip mask></code> field is compared with the name of the server (thus not with any IP number representation). The name of the server is the one returned in the numeric 002 reply.

For example: <code>002 Your host is 2.darenet.org[jolan.ppro]. running version ...</code>

In the above example, "jolan.ppro" is the name used for matching; therefore, UNIX domain sockets and connections to localhost would match a block containing: <code>host = "*@jolan.ppro";</code>

The <code>host</code> token attempts to match first against the resolved hostname if available, then against the IP address. To include the connection's ident response in the match, use a mask in the form "ident@host". If a client matches this token, it appears on IRC using its resolved name.

The <code>ip</code> token attempts to match against the IP address only. An ident may be specified to match against, as well.

 

If the matching mask used ident ("ident@host" instead of "host"), and no ident response was received from the client, it appears on IRC with its username prefixed with '~'. If the matching mask used only the "host" form, the client's username is not prefixed. If a valid ident response was received, it is always used (without prefixed), regardless of the mask form.

 

Only one of the <code>host</code> and <code>ip</code> tokens is needed; if both are used, host is matched first. For typical configurations, using only the <code>host</code> token with a "*@host" or "ident@host" mask is recommended.

{| class="simpletable"

<html><pre><strong>motd</strong> {

More then one 'host' entry may be present in an Motd block.

{| class="simpletable"

<html><pre><strong>connect</strong> {

     host = <span class="qstring">"192.168.0.50"</span>;

{| class="simpletable"

<html><pre><strong>crules</strong> {

{| class="simpletable"

<html><pre><strong>port</strong> {

The mask setting should only contain IP addresses or '*' if used. This does not use DNS in any way, so you cannot use it to allow *.nl or *.uk, for example. Attempting to specify anything other than IP addresses will result in the port allowing connections from anyone (as if you used '*').

If a bind address (vhost) is not specified, the server will listen on all available interfaces for that port.

== Operator Block ==

{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"

| Requirement:

| SUGGESTED

| Old conf format equivalents:

| O:line

The Operator {} block defines a server operator. Oper status grants some special privileges to a user, like the power to make the server break or (try to) establish a connection with another server. and to "kill" users off the network.

More than one host = "mask"; entry may be present in one block; this has the same effect as one Operator block for each host entry, but makes it easier to update operator nicks, passwords, classes, and privileges.

There may be multiple Operator {} blocks.

<pre>Operator

  name = "opername";

  host = "host/IP mask";

  password = "encryptedpass";

  flags = "oper flags";

  class = "classname";

  snomask = "snomask";

};</pre>

'''Required tokens:''' <code>name, host, password, flags</code>

'''Optional tokens:''' <code>class, snomask</code>

By default, the password is hashed using the system's native crypt() function. Other password mechanisms are available; the umkpasswd utility located in the ircd directory can hash passwords using those mechanisms. If you use a password format that is NOT generated by umkpasswd, ircd-darenet will not recognize the oper's password. If you want to use a non-encrypted password, prefix the password with $PLAIN$ (e.g., "$PLAIN$aPplE123"). NOTE: Plain passwords are not allowed on DareNET.

A SSL client certificate fingerprint can be used in place of a password. To use this method, specify the fingerprint as the password, and add the S flag to the blocks oper flag string. This will allow the oper to simply use "/OPER opername" to oper, provided they are connected using SSL and have a matching certificate fingerprint.

If you want to use a even more secure password authentication system then generate a 1024bit RSA key, specify the path to the key as the password and add R as the oper flag. This will use the /CHALLENGE system instead of /OPER. See doc/challenge.txt for more information.

Note that the <connection class> is optional, but omitting it puts the oper in class "default". which usually only accepts one connection at a time. If you want users to be able to /OPER more than once per block, then use a connection class that allows more than one connection.

Once you /OPER, your connection class changes no matter where you are or what your previous connection class was. If the defined connections class is Opers for the Operator {} block, then your new connection class is Opers.

Operator privileges may be specified within the Operator {} block itself. A privilege defined for a single operator will override any privilege settings that may be present in the specified Class {} block, and the default setting.

NOTE: On DareNET, adding privileges you have not been authorized to your operator block may result in it being removed during periodic audits and/or the server being juped.

For a list of all supported privileges, go [[Operator Privileges|here]].

There are currently 9 different oper flags:

* o - Local Operator

* r - Operator {} block an be used from remote servers

* F - Allowed to set user mode +F (flood exempt)

Note that you need at least an o or O flag for your block. Additionally, you cannot specify <code>*@*</code> in the host field.