Commit graph

3914 commits

Author SHA1 Message Date
Ed Kellett
5958d6b99b
sasl_usercloak: check K-lines after host change 2020-01-02 03:36:34 +00:00
Ed Kellett
40c4d9d85b
Revert "recheck users after applying SASL account cloaks"
This reverts commit 4d401d3c60019cf96b07a012106cab9678b7a79d.
2020-01-02 03:36:34 +00:00
Ed Kellett
5aeeea187e
recheck users after applying SASL account cloaks
(so K-lines on them will take effect properly)
2020-01-02 03:36:34 +00:00
Stephen Bennett
dae6f5dbee
Make sasl_usercloak.so update the original host, as well as the visible host if it hasn't already changed. Allows for the sasl spoof to be used to override services ones in some circumstances. 2020-01-02 03:36:34 +00:00
Stephen Bennett
271ddd99d7
Be sure to zero out host buffer before using it 2020-01-02 03:36:34 +00:00
Stephen Bennett
721410d575
Add sasl_usercloak module, to allow injecting SASL account name into a user's host on connection 2020-01-02 03:36:24 +00:00
Ed Kellett
0a7faba63d
Remove from the list of propagated bans on expiry
Fixes a use-after-free introduced in 548e31d3b, which fixed a related
use-after-free introduced in a9536f755.
2020-01-02 00:03:06 +00:00
Aaron Jones
b21c1403c6
Merge pull request #300 from edk0/reject-free-fix
Fix a use-after-free introduced in #298
2020-01-01 08:57:52 +00:00
Ed Kellett
548e31d3bd
Fix a place aconfs could be freed while referenced
(not a bug until a9536f755 since bans were not referenced before)
2020-01-01 08:51:53 +00:00
Aaron Jones
5eb10743f9
Merge pull request #299 from edk0/tkline-reason
Add config option to hide durations of temporary K/D-lines
2019-12-31 08:00:24 +00:00
Aaron Jones
008a1b9d8d
Merge pull request #298 from edk0/rejectcache
Remember and send reasons for rejectcache rejections
2019-12-31 07:59:56 +00:00
Ed Kellett
6292d72bbf
Add hide_tkdline_duration to documentation .confs 2019-12-31 01:56:05 +00:00
Ed Kellett
9914c013b4
Add general::hide_tkdline_duration 2019-12-31 01:56:01 +00:00
Ed Kellett
a9536f755c
reject: Remember and send reasons for rejections
rejectcache entries can now use either a K-line aconf or a static
string as a reason. This will be sent in a 465 numeric before the usual
ERROR. In the case of K-lines, it resembles the 465 you would have been
sent without being rejected:

; nc -s 127.6.6.6 127.0.0.1 5000
:staberinde.local 465 * :You are banned from this server- Temporary
    K-line 4320 min. - abc123 (2019/12/31 01.07)
ERROR :Closing Link: (*** Banned (cache))
; nc -s 127.128.0.0 127.0.0.1 5000
:staberinde.local 465 * :You are not authorised to use this server.
ERROR :Closing Link: (*** Banned (cache))
2019-12-31 01:35:31 +00:00
Bernhard M. Wiedemann
1b0319448c Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
to make the package build reproducible by default without
everyone having to discover the custom variable.

See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

This code assigns the plain integer to keep the code simple.
Otherwise we would have to deal with differences between GNU date
and BSD date or include extra build deps like perl or python.
2019-12-06 18:32:46 +01:00
Aaron Jones
7b8e4c0967
Merge pull request #296 from edk0/modreload
m_modules: make modreload work like restart
2019-11-17 19:12:03 +00:00
Ed Kellett
7b6410135b
m_modules: make modreload work like restart
/modrestart used to be implemented as a normal command and could crash
when used remotely because it would reload m_encap, which was on the
call stack at the time. This was fixed in 41390bfe5f. However,
/modreload has exactly the same problem, so I'm giving it the
same treatment.

Incidentally: This bug was first discovered in ircd-seven, where the
`/mod*` commands themselves live in the core, so m_encap was the only way
the crash could happen (and it didn't most of the time, because m_encap
would only be moved if you got unlucky). But `/mod*` are in modules in
charybdis, so /modrestart would have unloaded the code it was in the
middle of executing. With that in mind, I'm not sure how it ever
appeared to work.
2019-11-17 18:01:51 +00:00
Aaron Jones
58a7048006
Merge pull request #287 from edk0/filter
Add extensions/filter (port from ircd-seven)
2019-10-22 18:33:51 +00:00
Ed Kellett
09784400f2
filter: avoid a memory leak per @amdj 2019-10-22 18:44:19 +01:00
Aaron Jones
a52d84f723
Merge pull request #293 from edk0/webirc
m_webirc: improve TLS handling
2019-10-22 16:17:33 +00:00
Aaron Jones
9e6c36d571
Merge pull request #294 from edk0/deny-webirc-auth
m_webirc: deny using webirc. as a real auth block
2019-10-22 16:16:36 +00:00
Ed Kellett
8ffc517321
m_webirc: deny using webirc. as a real auth block 2019-10-20 18:41:39 +01:00
Ed Kellett
cccda2ff2f
m_webirc: it's "TLS" to you 2019-10-20 18:18:32 +01:00
Ed Kellett
11ef0e2b98
m_webirc: don't bail out when denying 'secure' 2019-10-20 18:18:32 +01:00
Ed Kellett
a6b97b7d88
m_webirc: const-correctness 2019-10-20 18:18:27 +01:00
Ed Kellett
d6c813780f
m_webirc: respect ircv3's secure option 2019-10-20 18:17:34 +01:00
Ed Kellett
ab4420cbbe
m_webirc: enforce need_ssl 2019-10-20 18:17:33 +01:00
Aaron Jones
ac0ae805d7
tests/Makefile.am: check-local: don't depend on extensions/*
This breaks if a file in extensions/ doesn't get built due to
conditional compilation, and the tests don't need anything
under extensions/ anyway.
2019-10-07 03:49:00 +00:00
Aaron Jones
2357449084
Merge pull request #286 from edk0/strip-unprintable
strip_unprintable: Don't strip all bytes with the MSB set
2019-10-06 22:23:59 +00:00
Janik Kleinhoff
12b3a184bc
strip_unprintable: clarify type conversion
This type conversion is more easily shown to work as intended than the
conversion introduced in 9dcb9e169.
2019-10-06 23:16:43 +01:00
Ed Kellett
9dcb9e1696
Fix strip_unprintable on high bit bytes 2019-10-06 23:14:28 +01:00
Aaron Jones
3aab744e13
Merge pull request #290 from edk0/quiet-override
override: don't spam about (un)setting the mode
2019-10-06 21:57:42 +00:00
Aaron Jones
1aff5a5647
Merge pull request #289 from edk0/rehash-privileged-modes
Recheck umodes for opers after rehash
2019-10-06 21:51:20 +00:00
Ed Kellett
e5742a172b
override: don't spam about (un)setting the mode
We will spam about any uses of it, so this just seems like extra noise.
2019-10-06 22:28:19 +01:00
Ed Kellett
c4e6888ef7
Recheck umodes for opers after rehash 2019-10-06 21:56:13 +01:00
Ed Kellett
0cbb1ba9f0
filter: explicit type conversion 2019-10-06 19:41:06 +01:00
Ed Kellett
aecdd8237c
Add hyperscan to CI deps 2019-10-06 19:35:17 +01:00
Ed Kellett
eb06afc3fa
filter: correct type for modinit 2019-10-06 19:24:35 +01:00
Ed Kellett
9fe8bccba0
Fix build when hyperscan is missing 2019-10-06 19:24:34 +01:00
Ed Kellett
a8f402e909
filter: use AV2 2019-10-06 19:24:34 +01:00
Ed Kellett
344af24c2f
filter: add DROP and ABORT 2019-10-06 19:24:34 +01:00
Ed Kellett
dc141aad45
filter: require an extra "+" before data
This disambiguates it from control commands
2019-10-06 19:24:33 +01:00
Ed Kellett
8692240f51
filter: add modes to disable incoming filters 2019-10-06 19:24:33 +01:00
Ed Kellett
649bda6d5d
filter: make the kill reason more honest 2019-10-06 19:24:32 +01:00
Ed Kellett
d928bc7af3
filter: send the failure response only on PRIVMSG 2019-10-06 19:24:32 +01:00
Ed Kellett
744ac30804
filter: match in two passes, before and after stripping 2019-10-06 19:24:32 +01:00
Ed Kellett
fccc6d5669
filter: move to extensions 2019-10-06 19:24:31 +01:00
Ed Kellett
4950a9436c
filter: bump version 2019-10-06 19:24:31 +01:00
Ed Kellett
f982238e91
filter: use a static buffer instead of strdup 2019-10-06 19:24:31 +01:00
Ed Kellett
fc7fbe6d20
filter: add version number 2019-10-06 19:24:30 +01:00