Commit graph

101 commits

Author SHA1 Message Date
ManiacTwister
074e23e4e2 Added SNI support (OpenSSL) 2018-11-21 20:03:48 +01:00
ManiacTwister
0b79494ec9 Added fakechannels to /LIST 2018-10-27 21:47:25 +02:00
Aaron Jones
9d80b087cd
doc/reference.conf: clarify that server link fingerprints aren't optional
[ci skip]
2017-11-04 07:42:21 +00:00
Aaron Jones
e386d7f362
reference.conf: missed a line
(see previous commit) [ci skip]
2016-12-01 05:15:30 +00:00
Aaron Jones
2815967598
reference.conf: simplify SPKI fingerprint generation commands
[ci skip]
2016-12-01 05:08:15 +00:00
Aaron Jones
256e6fd251
reference.conf: Use proper IPv6 RFC Documentation Range Subnet
[ci skip]
2016-11-27 20:50:20 +00:00
Aaron Jones
785df805d7
reference.conf: bump the recommended digest algorithm from SHA-1 to SHA2-256
ircd.conf.example still has SHA-1 for the people who want to quickly deploy
by renaming that file and adjusting as appropriate.
2016-11-15 12:34:49 +00:00
Aaron Jones
2afd965b21
TLS: Partially backport the SubjectPublicKeyInfo digesting functionality
This backports the code responsible for SPKI digests from release/4.

It also adjusts doc/reference.conf to note that SPKI digests are now
supported, and how to generate them. It does NOT backport the mkfingerprint
program -- the instructions in reference.conf are sufficient. I am ofcourse
open to anyone else backporting the program, but I don't see the need.
2016-11-15 12:30:09 +00:00
Aaron Jones
419f0c6af7
reference.conf: Document fingerprint generation
[ci skip]
2016-07-16 05:42:00 +00:00
Aaron Jones
56f1d769bd
Document extb_usermode module in reference.conf
Also add it to the example configuration files

[ci skip]
2016-03-28 03:34:36 +01:00
William Pitcock
d513218a9e LIST: allow channel display threshold to be configured (closes #109) 2015-12-26 22:23:28 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
63eb8567cb implement configurable channel modes (closes #31)
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time.  This is more efficient, and allows us
to report errors as part of the configuration phase.
2015-12-11 15:36:53 -06:00
William Pitcock
98c645cadb document extb_combi and extb_hostmask bans (closes #74) 2015-12-10 02:27:08 -06:00
William Pitcock
13d8f0edba allow certfp method to be configured 2015-12-07 01:49:30 -06:00
Andrew Wilcox
5f8fb56d02 Revert "remove MONITOR for now pending a complete rewrite"
This reverts commit 87fa262fec.
2015-10-15 17:31:55 -05:00
William Pitcock
87fa262fec remove MONITOR for now pending a complete rewrite 2015-10-15 09:39:48 -05:00
Aaron Jones
c9b5cd623b Remove network_desc configuration option, never actually used anywhere 2015-03-26 14:46:54 -05:00
William Pitcock
bb2a50509a config: further EGD removal 2015-03-01 01:06:58 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Max Teufel
b3c4dfd7f2 example configs: change ssl_cert to etc/ssl.pem
The genssl script writes to etc/ssl.pem by default.
2014-07-13 18:12:54 +02:00
Jilles Tjoelker
a0998bcdd7 example confs: Remove AHBL blacklists, which are no longer available. 2014-04-06 12:34:03 +02:00
Jilles Tjoelker
cba8bbc3fc Use RFC5737 and RFC3849 addresses in example confs.
There are IPv4 and IPv6 ranges reserved for documentation and example code;
use these to minimize the risk if someone accidentally uses an unmodified
example conf.
2013-10-06 19:39:30 +02:00
Jilles Tjoelker
364e59f82a whowas: Use the normal rules for IP visibility.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().

Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
2013-09-14 12:26:32 +02:00
Jilles Tjoelker
0ef5377a36 Rename m_nokillservices.so to no_kill_services.so per the naming scheme. 2013-04-27 17:00:10 +02:00
Elizabeth Myers
f0bce9d95d Tweak docs.
Also, last commit fixes #16. :p
2013-04-20 20:52:34 -05:00
Elizabeth Myers
3c93d380e0 Add support for multiple forms of blacklist queries using matches.
It supports both literal and last octet matches from the dnsbl.
If matches is not present, the old behaviour is used.
2013-04-20 20:49:11 -05:00
Elizabeth Myers
15d7a31134 Add m_nokillservices to documentation 2013-04-20 01:14:54 -05:00
Jilles Tjoelker
f09c28e18f reference.conf: Correct description of general::client_exit.
It prefixes with "Quit: ", not "Client exit: ".
2013-01-01 18:07:37 +01:00
William Pitcock
f0c778d701 Merge pull request #2 from TheChrisAM/patch-1
Adding auth_user documentation for auth {} blocks.
2012-07-30 10:00:49 -07:00
Jilles Tjoelker
2b121c81f5 reference.conf: Extend documentation for max_number in server classes. 2012-07-28 15:31:44 +02:00
TheChrisAM
f9bb3e0d72 Adding auth_user documentation for auth {} blocks. 2012-05-31 21:26:52 -03:00
Jilles Tjoelker
8f5402d369 reference.conf: Remove need_ident from *@* auth block.
Few people want need_ident for everyone these days, so remove it from
reference.conf. It was not in example.conf.
2012-03-29 22:41:24 +02:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00
William Pitcock
02270e9602 Add listen::defer_accept option for controlling usage of TCP_DEFER_ACCEPT option. 2012-03-17 10:00:39 -05:00
Jilles Tjoelker
d42e6915cf Pace aways.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).

Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
2012-02-18 16:32:57 +01:00
Keith Buck
e88a1f1b15 Add ratelimit for high-bandwidth commands. 2012-02-18 03:54:44 +00:00
Jilles Tjoelker
b225bf93b7 Change default --with-nicklen to 31, like atheme-services. 2011-11-29 23:32:10 +01:00
William Pitcock
b583faf970 Add support for customizing the usable nick length.
This adds a new ISUPPORT token, NICKLEN_USABLE which is strictly an informative value.
NICKLEN is always the maximum runtime NICKLEN supported by the IRCd, as other servers may
have their own usable NICKLEN settings.  As NICKLEN_USABLE is strictly informative, and
NICKLEN is always the maximum possible NICKLEN, any clients which depend on NICKLEN for
memory preallocation will be unaffected by runtime changes to NICKLEN_USABLE.

The default NICKLEN is 50; the default serverinfo::nicklen in the config file is set to
30, which is the NICKLEN presently used on StaticBox.
2011-11-29 16:10:21 -06:00
Jilles Tjoelker
92236e376a Remove an obsolete TS5 reference. 2011-11-01 22:07:32 +01:00
Jilles Tjoelker
2da6f6ebd7 Put back use_forward. 2011-09-25 16:22:29 +02:00
Elizabeth Jennifer Myers
765d839d3c Port ircd-seven banfowards to charybdis.
nenolod gave the thumbs-up to port ircd-seven banfowards to charybdis to spb
for a while, and people have asked about it. Might as well do it since it's a
slow weekend.

Note that as a side effect use_forward is removed from the config and
unconditionally enabled!
2011-08-12 20:33:10 -04:00
Keith Buck
da1b891f9f Pedantry: Make indentation consistent in example and reference confs. 2011-05-13 23:42:27 -07:00
Stephen Bennett
e6e54763d9 Make flood control settings configurable by those who know exactly what they're doing.
From ircd-seven git changeset 29aa4203150337925a4f5c6e7da47be5394c2125 .
2011-03-27 16:35:26 -04:00
Elizabeth Jennifer Myers
0a1e77c27c Support IPv6 blacklists. Also add a conf file option allowing the use of IPv4, IPv6, or both for a blacklist.
Although few blacklists currently support IPv6 lookups, they will likely begin to do so in the near future as more net trash begins using IPv6.
2011-02-27 16:38:05 -05:00
Stephen Bennett
341f971efa Bring across disable_local_channels config option from ircd-seven 2010-12-21 20:38:04 +00:00
William Pitcock
ff0cc1e616 Add support for linking using SSL certificate fingerprints as the link credential rather than the traditional server-password pair. 2010-12-13 23:14:00 -06:00
William Pitcock
429cf1b74f Add oper-override (modehacking only) as a module.
I think if you are going to kick someone from a channel.
2010-12-06 23:44:55 -06:00
Jilles Tjoelker
45a27bf8b9 Change max_bans in reference.conf from 25 to 100, like example.conf. 2010-12-05 16:51:48 +01:00
JD Horelick
f1e5a31775 Change the filenames of the generated SSL key/cert to ssl.* instead of test.* so that they're a bit more descriptive. 2010-11-13 16:07:54 -05:00