As it stands, oper hiding is rather messy and inconsistent. Add
SeesOper(target, source), which is true iff target should appear as an
oper to source. If I haven't missed something, all commands that reveal
oper status now use the same logic.
general::hide_opers_in_whois is a special case, and affects /whois only.
general::hide_opers is introduced, and has the same effect as giving
everyone oper:hidden. All commands that reveal oper status respect both.
This only supports two addresses as the intended use is 1 IPv4 and 1 IPv6
address on a single-homed host, and the only supported configuration of
outgoing connections to other servers is to bind a single IPv4 or IPv6
address.
strlcpy should be called with the size of the destination buffer, not
the length of the source string.
When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.
This could also cause a buffer overflow on very long invalid config
lines.
There's no need to pass information around that sslproc already has access
to, so use ServerInfo directly. Remove the extra NULL checks as these are
already performed before setting ircd_ssl_ok = true.
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.
Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.
Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.
(The same fingerprint is also used by DANE)
This also does a lot of surgery on the conf system to reconfigure authd.
/!\ WARNING! ACHTUNG! ADVERTENCIA! ATTENTION! AVVERTIMENTO! /!\
This code has not been run-time tested yet (though it compiles)!
