Commit graph

879 commits

Author SHA1 Message Date
Ed Kellett
5e413b1372 Use linear channel list comparisons 2020-10-19 20:15:26 +01:00
Ed Kellett
7c7065b07e Add class::max_autoconn configuration 2020-10-18 20:03:05 +01:00
Ed Kellett
94613c78b6 Implement the solanum.chat/identify-msg vendor cap 2020-10-16 21:47:38 +01:00
Ed Kellett
a6f63a829e
Innovation by sed 2020-10-15 15:52:41 +01:00
Aaron Jones
59cfd72e68
Merge pull request #355 from edk0/kline-cidr
Improve [kd]line handling of invalid IP-like masks
2020-08-06 09:17:00 +00:00
Ed Kellett
64c9f5093f
Make opers with no known privset pass IsOperGeneral 2020-08-04 22:58:31 +01:00
Ed Kellett
d3fd88a406
Send hidden mode changes to auspex:cmodes 2020-08-04 22:58:30 +01:00
Ed Kellett
1cd6639a35
Add auspex:oper 2020-08-04 22:58:30 +01:00
Ed Kellett
d4f7eb4ce6
Replace most checks for +o with oper:general
I'm preparing to PR a succession of privs changes with the ultimate goal
of severely limiting the scope of the binary oper/user dichotomy and
move conceptually distinct oper functions into their own privs.

Accomplishing this is a non-trivial task, and can wait, but it's
inconvenient now to have such functions enabled by the same mechanism
that grants any privs at all--so I'm moving all of them to a
transitional priv with the intention of eroding that later.
2020-08-04 22:58:30 +01:00
Ed Kellett
7d9e8e9d77
Add error handling to parse_netmask() 2020-07-26 22:03:06 +01:00
Ariadne Conill
ace0c8655b callerid: align soft caller-id behavior with ircd-hybrid implementation 2020-07-10 18:18:28 -06:00
Ariadne Conill
8906ffd1b7 supported: make isupport_umode() public 2020-07-09 16:06:33 -06:00
Ariadne Conill
303e85c59e remove callerid definitions 2020-07-09 16:06:33 -06:00
Simon Arlott
ac09f70838
Merge remote-tracking branch 'ophion/upstream/dnsbl-rename' 2020-07-09 20:53:38 +01:00
Aaron Jones
860d2381cf
Merge pull request #345 from edk0/alias
m_alias: Preserve protocol framing characters
2020-07-07 09:16:38 +00:00
Aaron Jones
e241d7979c
Merge pull request #346 from edk0/opmod-as-statusmsg
Port opmod_send_cprivmsg from ircd-seven, sans naming mistake
2020-07-06 10:52:15 +00:00
Janik Kleinhoff
04e5ed6c57
Make 5614c9e6f0b (opmod as fake statusmsg) optional
This adds a channel { ... } option, opmod_send_statusmsg, disabled by
default for compatibility reasons.
2020-07-06 10:36:35 +01:00
Ariadne Conill
a389de2a25 authd: rename blacklist_provider to dnsbl_provider, change auth notices accordingly 2020-07-05 21:20:34 -06:00
Ariadne Conill
3321eef45a ircd: rename DNSBL entries from blacklist to dnsbl_entry. 2020-07-05 21:20:31 -06:00
Ariadne Conill
d07feac7b2 client: drop no longer existent 'struct blacklist' definition.
This went away when authd was implemented.
2020-07-05 21:20:30 -06:00
Ed Kellett
fff4f76353
Add general::tls_ciphers_oper_only 2020-07-05 23:06:51 +01:00
Ed Kellett
4e14f9a413
m_alias: Preserve protocol framing characters 2020-07-05 01:15:03 +01:00
Ariadne Conill
968dee680f modularize usermode +R (registered users only) 2020-06-26 11:56:42 -06:00
Aaron Jones
17dc265c9d
Merge pull request #329 from edk0/reload-by-path
Reload modules by path
2020-06-25 17:32:58 +00:00
Aaron Jones
3ef1213be4
Merge pull request #335 from edk0/post-registration-delay
Import post_registration_delay from ircd-seven
2020-06-21 12:56:56 +00:00
Aaron Jones
4682079dd9
Merge pull request #327 from edk0/filter-quit
filter quit messages
2020-06-10 14:55:02 +00:00
Stephen Bennett
b3a0099139
Rename connect_delay to post_registration_delay. This matches the ircd-ratbox feature, and better describes what it actually is. Also make sure to set localClient->firsttime on registration, so that the delay counts from the right time. 2020-06-07 19:22:36 +01:00
Stephen Bennett
2d6562846f
Initial attempt at the conndelay hack 2020-06-07 19:22:36 +01:00
Ed Kellett
df7e3dabce
Reload modules by path 2020-06-02 16:17:26 +01:00
Ed Kellett
260fc2cc34
Add client_quit hook 2020-05-23 19:10:07 +01:00
Ed Kellett
91b1278224
Implement hook priorities 2020-05-01 17:44:15 +01:00
Ed Kellett
e0622d7519
m_invite: Add hooks
can_invite is called on the source server, can override channel access
invite is called on the target
2020-04-30 18:16:59 +01:00
Ed Kellett
67e05d5b67
Add an iline flag to match klines by spoof only 2020-04-20 11:10:39 +01:00
Aaron Jones
2c11ccb99e
Merge pull request #313 from edk0/spoof-chban
Don't match iline-spoofed IPs for channel bans
2020-04-19 12:11:19 +00:00
jesopo
b2ee72e448 remove LAST in comment too; it's a bit pointless 2020-04-19 13:05:01 +01:00
jesopo
310f88cfb1 rectify comment for Message handler indexes 2020-04-19 00:01:29 +01:00
Ed Kellett
a7d4a0ab81
Centralise banmask matching logic 2020-04-12 12:35:18 +01:00
Aaron Jones
5eb10743f9
Merge pull request #299 from edk0/tkline-reason
Add config option to hide durations of temporary K/D-lines
2019-12-31 08:00:24 +00:00
Ed Kellett
9914c013b4
Add general::hide_tkdline_duration 2019-12-31 01:56:01 +00:00
Ed Kellett
a9536f755c
reject: Remember and send reasons for rejections
rejectcache entries can now use either a K-line aconf or a static
string as a reason. This will be sent in a 465 numeric before the usual
ERROR. In the case of K-lines, it resembles the 465 you would have been
sent without being rejected:

; nc -s 127.6.6.6 127.0.0.1 5000
:staberinde.local 465 * :You are banned from this server- Temporary
    K-line 4320 min. - abc123 (2019/12/31 01.07)
ERROR :Closing Link: (*** Banned (cache))
; nc -s 127.128.0.0 127.0.0.1 5000
:staberinde.local 465 * :You are not authorised to use this server.
ERROR :Closing Link: (*** Banned (cache))
2019-12-31 01:35:31 +00:00
Ed Kellett
7b6410135b
m_modules: make modreload work like restart
/modrestart used to be implemented as a normal command and could crash
when used remotely because it would reload m_encap, which was on the
call stack at the time. This was fixed in 41390bfe5f. However,
/modreload has exactly the same problem, so I'm giving it the
same treatment.

Incidentally: This bug was first discovered in ircd-seven, where the
`/mod*` commands themselves live in the core, so m_encap was the only way
the crash could happen (and it didn't most of the time, because m_encap
would only be moved if you got unlucky). But `/mod*` are in modules in
charybdis, so /modrestart would have unloaded the code it was in the
middle of executing. With that in mind, I'm not sure how it ever
appeared to work.
2019-11-17 18:01:51 +00:00
Aaron Jones
58a7048006
Merge pull request #287 from edk0/filter
Add extensions/filter (port from ircd-seven)
2019-10-22 18:33:51 +00:00
Aaron Jones
a52d84f723
Merge pull request #293 from edk0/webirc
m_webirc: improve TLS handling
2019-10-22 16:17:33 +00:00
Ed Kellett
d6c813780f
m_webirc: respect ircv3's secure option 2019-10-20 18:17:34 +01:00
Janik Kleinhoff
12b3a184bc
strip_unprintable: clarify type conversion
This type conversion is more easily shown to work as intended than the
conversion introduced in 9dcb9e169.
2019-10-06 23:16:43 +01:00
Ed Kellett
9dcb9e1696
Fix strip_unprintable on high bit bytes 2019-10-06 23:14:28 +01:00
Ed Kellett
7bb7f89911
filter: send a numeric error for ACT_DROP 2019-10-06 19:24:30 +01:00
Simon Arlott
bcd241da68
Fix compiler warning for SeesOper 2019-09-15 10:00:56 +01:00
Ed Kellett
b674a619eb
Add extensions/drain
This takes the simplest possible approach: load the module and you're in
drain mode.
2019-09-14 21:13:11 +01:00
Ed Kellett
ed3ca2ff16
Propagate OPER
Move opername and privset storage to struct User, so it can exist for
remote opers.

On /oper and when bursting opers, send:

    :foo OPER opername privset

which sets foo's opername and privset. The contents of the privset on
remote servers come from the remote server's config, so the potential
for confusion exists if these do not match.

If an oper's privset does not exist on a server that sees it, it will
complain, but create a placeholder privset. If the privset is created by
a rehash, this will be reflected properly.

/privs is udpated to take an optional argument, the server to query, and
is now local by default:

    /privs [[nick_or_server] nick]
2019-09-13 10:08:27 +01:00
Ed Kellett
1123eefcb0
Rework oper hiding
As it stands, oper hiding is rather messy and inconsistent. Add
SeesOper(target, source), which is true iff target should appear as an
oper to source. If I haven't missed something, all commands that reveal
oper status now use the same logic.

general::hide_opers_in_whois is a special case, and affects /whois only.

general::hide_opers is introduced, and has the same effect as giving
everyone oper:hidden. All commands that reveal oper status respect both.
2019-09-12 23:14:15 +01:00
Ed Kellett
28cc8bb924
Deferred capability notifications from modules
Reloading modules sends CAP DEL followed by an immediate CAP NEW:

    :staberinde.local CAP * DEL :account-tag
    :staberinde.local CAP * NEW :account-tag

This isn't very nice. /modrestart is particularly bad. In order to avoid
doing this, we remember the capability set at the beginning of module
operations, compare that with the set afterwards, and report only the
differences with CAP {DEL,NEW}.
2019-09-07 14:59:33 +01:00
Ed Kellett
6ca9ff0ea1
Remove unused kline_delay config option 2019-04-27 14:53:04 +01:00
Ed Kellett
9834d3d5ba
Remove unused kline delay machinery 2019-04-27 14:51:27 +01:00
Ed Kellett
10df26d08f
Add check_one_kline, expose notify_banned_client 2019-04-27 14:47:28 +01:00
Simon Arlott
d4b2529a61
m_pass: store unverified SID in preClient for use in m_server 2018-08-15 22:48:20 +01:00
Simon Arlott
15b05f95f0
m_sasl: check if the agent is present after every client_exit
When a server disconnects the client_exit hook will only be called once
but there could be multiple servers and clients behind that server.

After any client exits, check if the agent is still present.
2018-08-12 12:50:43 +01:00
Simon Arlott
fe5fc851aa
gcc7 fixes: NICKLEN -> NAMELEN
Use NAMELEN instead of NICKLEN when accessing Client->name because it
could in theory be a HOSTLEN length string.
2018-01-19 23:26:20 +00:00
Simon Arlott
6003ce763c
Add outgoing SCTP connect support 2017-08-24 20:08:21 +01:00
Simon Arlott
c6ad9b0c5f
Add basic SCTP listener support that binds to multiple addresses
This only supports two addresses as the intended use is 1 IPv4 and 1 IPv6
address on a single-homed host, and the only supported configuration of
outgoing connections to other servers is to bind a single IPv4 or IPv6
address.
2017-08-24 20:08:20 +01:00
Simon Arlott
de2934965c
remove RB_IPV6 2017-08-20 12:54:46 +01:00
Simon Arlott
4b1cce65ed
ircd: send tags on every message
Simplify linebuf by introducing fsnprint to manage a list of printfs.
Add a msgbuf unparse cache for send functions that loop.
2017-08-06 16:21:29 +01:00
Simon Arlott
f3564f47f4
msgbuf: correctly split buffers into IRCv3 tags and RFC1459 message data 2017-07-29 22:46:07 +01:00
Simon Arlott
b5ad4cdfde
make soft asserts better by allowing them to be used in expressions 2017-07-29 22:39:53 +01:00
Simon Arlott
e9f0d740e3
msgbuf: remove unused field parselen 2017-07-27 18:31:08 +01:00
Simon Arlott
169a1c3535
msgbuf: s_assert is not a substitute for proper code
(dns, m_alias, m_stats updated as msgbuf no longer includes s_assert.h)
2017-07-26 19:30:41 +01:00
Simon Arlott
e2d5ffd5dd
echo-message should work for privmsg/notice to another user
Build the same message but send it to the local client first,
so that the echo-message capability works. But don't do it when
sending a message to yourself.
2016-11-23 21:59:43 +00:00
Simon Arlott
50b1e5987c
listener: use exit_client instead of free_client
As well as leaking a connid and leaving the connection open,
these calls to free_client() leave the client in the unknown_list
causing check_unknowns_list() to crash when either ptr->data
(ptr being the freed client_p->localClient->tnode) is NULL or
when client_p->localClient is NULL.

Flag the client as an IO error so that we don't try to send it
any data (as this is not a normal plaintext connection).
2016-11-20 21:09:07 +00:00
Simon Arlott
5bc95eaf4a
Use const hook data where possible
core/m_nick.c: In function `change_remote_nick':
core/m_nick.c:745: warning: assignment discards qualifiers from pointer target type
2016-10-30 12:36:50 +00:00
William Pitcock
087555a00f ircd: introduce 'no-export' links
Links that are 'no-export' are not distributed to the rest of the IRC network (including local peers).
This provides a core primitive for 'anycasting' services (but the actual issue of synchronizing data in
a services package is left to the authors of the services package).
2016-09-16 17:18:55 -05:00
William Pitcock
1af4eff6f6 channels: fix IsChannelName() to actually use IsChanPrefix(). 2016-09-16 14:02:41 -05:00
William Pitcock
01978a2c8c supported: add chantypes_update() 2016-09-16 13:49:02 -05:00
William Pitcock
f3b84221d0 match: allow the CharAttrs table to be modified at runtime 2016-09-16 13:09:44 -05:00
William Pitcock
e55a9d6abc modules: serious cleanups 2016-06-18 00:52:16 -05:00
William Pitcock
92dad4831d modules: cleanups 2016-06-18 00:38:40 -05:00
William Pitcock
8e30e3def4 messages: fix format string warning reported by latest clang 2016-06-17 23:39:19 -05:00
Aaron Jones
aa7b99eb77
restart: functions that call exit(3) should be marked noreturn 2016-06-01 20:54:12 +00:00
Aaron Jones
df3db5d99b
ircd: functions that call exit(3) should be marked noreturn 2016-06-01 20:54:12 +00:00
Aaron Jones
341560ecf2
getopt: a function that calls exit(3) should be marked noreturn 2016-06-01 20:54:12 +00:00
Simon Arlott
da20854e83
random_ping: stop producing negative values that become 16 chars 2016-05-02 21:14:16 +01:00
Simon Arlott
f018ed844d
certfp: Move method name/prefix strings to a separate header file 2016-04-26 20:33:18 +01:00
Simon Arlott
5adde7a4ed
getopt: don't modify argv as it breaks restart() 2016-04-25 23:32:18 +01:00
Simon Arlott
762468f85d
authd: wait until the ssl connection is "open" before reading
It's useful to allow authd to run in parallel with ssl negotiation,
but if the ssld connection has plaintext data ready for reading
there's a race condition between authd calling read_packet() and
ssl_process_certfp() storing the certificate fingerprint. This
scenario would be bad for a server connecting because fingerprint
verification will fail.

Allow either operation to complete first, but wait until
ssl_process_open_fd() calls the ssl open callback before calling
read_packet().
2016-04-25 21:43:21 +01:00
Simon Arlott
53789fddda
sslproc: simplify ssl open callback
Don't use the librb callback type as we're always passing client_p.

Provide a return value so that the connect handler can exit_client()
and the accept handler can opt to use the default dead handler.
2016-04-25 21:12:44 +01:00
Simon Arlott
f7b0c4b3d8
sslproc: use global ServerInfo configuration
There's no need to pass information around that sslproc already has access
to, so use ServerInfo directly. Remove the extra NULL checks as these are
already performed before setting ircd_ssl_ok = true.
2016-04-25 19:20:45 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.

Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.

Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
3085734104
m_stats: display certificate fingerprint in STATS C 2016-04-24 01:06:51 +01:00
Elizabeth Myers
7445ece1d1
Revert "Implement the netsplit batch type."
This needs more work, see
https://github.com/ircv3/ircv3-specifications/issues/253

This reverts commit 2373891299.
2016-04-16 11:05:00 -05:00
Elizabeth Myers
2373891299
Implement the netsplit batch type.
This also lays the groundwork for the netjoin batch type, but that isn't
implemented yet. I don't like how some of this is implemented but it'll
have to do for now...

Compile tested, needs more testing.
2016-04-15 16:50:43 -05:00
Elizabeth Myers
4f2b9a4fd1
Don't use key member of dictionary iter objects after deletion 2016-04-12 09:43:50 -05:00
Elizabeth Myers
5e9a3f8674
Change the way authd configures opm
It's a bit of a hack, but better than before. Rather than rehashing
(which could get us into an endless loop), we now segregate the
configuration phase (creating entries ircd-side in case we restart authd
later) and sending phases (when configure_authd() is called). Since we
have to call configure_authd() no matter what (to send timeouts etc.)
and we have to send this data to configure authd anyway, and sending
duplicate data is bad, this is the only way I can think of for now.
2016-04-12 09:36:09 -05:00
Mantas Mikulėnas
9d07a42d7a
m_sasl: rate-limit SASL REAUTH usage 2016-04-11 21:45:10 +03:00
Mantas Mikulėnas
37289346cd
m_sasl: temporarily reject clients after many failed attempts 2016-04-11 20:02:09 +03:00
Elizabeth Myers
ce58d2dc61 Remove extraneous whitespace [ci skip] 2016-04-10 09:23:14 -05:00
Elizabeth Myers
154dc91ef0 Wrap up authd preclient stuff in its own struct 2016-04-10 09:20:51 -05:00
Elizabeth Myers
4eafa9e62f ipv4_from_ipv6: move to librb 2016-04-08 03:49:23 -05:00
Elizabeth Myers
5a22e9259b Fix overzealotry in flags fixing.
These flags are for oper confs, not for client flags.
2016-04-07 07:48:50 -05:00
Elizabeth Myers
66f7fe673b Get rid of flags2.
It seems to come from an era where long long didn't exist and 64-bit
machines weren't common. 32-bit machines are still common but I can't
imagine this will have much performance impact there.

This "fixes" #179 in title only, but see comments within.
2016-04-07 07:40:55 -05:00
Elizabeth Myers
9057170ce8 Cleanup defaults.h config file.
Clean up spaces/tabs mixing mess (bleh), add some defaults for authd
stuff, and get rid of CHARYBDIS_SOMAXCONN (just define SOMAXCONN if it's
available...).
2016-04-07 04:47:48 -05:00