Commit graph

187 commits

Author SHA1 Message Date
William Pitcock
13d8f0edba allow certfp method to be configured 2015-12-07 01:49:30 -06:00
Andrew Wilcox
5f8fb56d02 Revert "remove MONITOR for now pending a complete rewrite"
This reverts commit 87fa262fec.
2015-10-15 17:31:55 -05:00
William Pitcock
87fa262fec remove MONITOR for now pending a complete rewrite 2015-10-15 09:39:48 -05:00
Aaron Jones
c9b5cd623b Remove network_desc configuration option, never actually used anywhere 2015-03-26 14:46:54 -05:00
William Pitcock
bb2a50509a config: further EGD removal 2015-03-01 01:06:58 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Max Teufel
b3c4dfd7f2 example configs: change ssl_cert to etc/ssl.pem
The genssl script writes to etc/ssl.pem by default.
2014-07-13 18:12:54 +02:00
Jilles Tjoelker
a0998bcdd7 example confs: Remove AHBL blacklists, which are no longer available. 2014-04-06 12:34:03 +02:00
Jilles Tjoelker
cba8bbc3fc Use RFC5737 and RFC3849 addresses in example confs.
There are IPv4 and IPv6 ranges reserved for documentation and example code;
use these to minimize the risk if someone accidentally uses an unmodified
example conf.
2013-10-06 19:39:30 +02:00
Jilles Tjoelker
364e59f82a whowas: Use the normal rules for IP visibility.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().

Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
2013-09-14 12:26:32 +02:00
Jilles Tjoelker
0ef5377a36 Rename m_nokillservices.so to no_kill_services.so per the naming scheme. 2013-04-27 17:00:10 +02:00
Elizabeth Myers
f0bce9d95d Tweak docs.
Also, last commit fixes #16. :p
2013-04-20 20:52:34 -05:00
Elizabeth Myers
3c93d380e0 Add support for multiple forms of blacklist queries using matches.
It supports both literal and last octet matches from the dnsbl.
If matches is not present, the old behaviour is used.
2013-04-20 20:49:11 -05:00
Elizabeth Myers
15d7a31134 Add m_nokillservices to documentation 2013-04-20 01:14:54 -05:00
Jilles Tjoelker
f09c28e18f reference.conf: Correct description of general::client_exit.
It prefixes with "Quit: ", not "Client exit: ".
2013-01-01 18:07:37 +01:00
William Pitcock
f0c778d701 Merge pull request #2 from TheChrisAM/patch-1
Adding auth_user documentation for auth {} blocks.
2012-07-30 10:00:49 -07:00
Jilles Tjoelker
2b121c81f5 reference.conf: Extend documentation for max_number in server classes. 2012-07-28 15:31:44 +02:00
TheChrisAM
f9bb3e0d72 Adding auth_user documentation for auth {} blocks. 2012-05-31 21:26:52 -03:00
Jilles Tjoelker
8f5402d369 reference.conf: Remove need_ident from *@* auth block.
Few people want need_ident for everyone these days, so remove it from
reference.conf. It was not in example.conf.
2012-03-29 22:41:24 +02:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00
William Pitcock
02270e9602 Add listen::defer_accept option for controlling usage of TCP_DEFER_ACCEPT option. 2012-03-17 10:00:39 -05:00
Jilles Tjoelker
d42e6915cf Pace aways.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).

Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
2012-02-18 16:32:57 +01:00
Keith Buck
e88a1f1b15 Add ratelimit for high-bandwidth commands. 2012-02-18 03:54:44 +00:00
Jilles Tjoelker
b225bf93b7 Change default --with-nicklen to 31, like atheme-services. 2011-11-29 23:32:10 +01:00
William Pitcock
b583faf970 Add support for customizing the usable nick length.
This adds a new ISUPPORT token, NICKLEN_USABLE which is strictly an informative value.
NICKLEN is always the maximum runtime NICKLEN supported by the IRCd, as other servers may
have their own usable NICKLEN settings.  As NICKLEN_USABLE is strictly informative, and
NICKLEN is always the maximum possible NICKLEN, any clients which depend on NICKLEN for
memory preallocation will be unaffected by runtime changes to NICKLEN_USABLE.

The default NICKLEN is 50; the default serverinfo::nicklen in the config file is set to
30, which is the NICKLEN presently used on StaticBox.
2011-11-29 16:10:21 -06:00
Jilles Tjoelker
92236e376a Remove an obsolete TS5 reference. 2011-11-01 22:07:32 +01:00
Jilles Tjoelker
2da6f6ebd7 Put back use_forward. 2011-09-25 16:22:29 +02:00
Elizabeth Jennifer Myers
765d839d3c Port ircd-seven banfowards to charybdis.
nenolod gave the thumbs-up to port ircd-seven banfowards to charybdis to spb
for a while, and people have asked about it. Might as well do it since it's a
slow weekend.

Note that as a side effect use_forward is removed from the config and
unconditionally enabled!
2011-08-12 20:33:10 -04:00
Keith Buck
da1b891f9f Pedantry: Make indentation consistent in example and reference confs. 2011-05-13 23:42:27 -07:00
Stephen Bennett
e6e54763d9 Make flood control settings configurable by those who know exactly what they're doing.
From ircd-seven git changeset 29aa4203150337925a4f5c6e7da47be5394c2125 .
2011-03-27 16:35:26 -04:00
Elizabeth Jennifer Myers
0a1e77c27c Support IPv6 blacklists. Also add a conf file option allowing the use of IPv4, IPv6, or both for a blacklist.
Although few blacklists currently support IPv6 lookups, they will likely begin to do so in the near future as more net trash begins using IPv6.
2011-02-27 16:38:05 -05:00
Stephen Bennett
341f971efa Bring across disable_local_channels config option from ircd-seven 2010-12-21 20:38:04 +00:00
William Pitcock
ff0cc1e616 Add support for linking using SSL certificate fingerprints as the link credential rather than the traditional server-password pair. 2010-12-13 23:14:00 -06:00
William Pitcock
429cf1b74f Add oper-override (modehacking only) as a module.
I think if you are going to kick someone from a channel.
2010-12-06 23:44:55 -06:00
Jilles Tjoelker
45a27bf8b9 Change max_bans in reference.conf from 25 to 100, like example.conf. 2010-12-05 16:51:48 +01:00
JD Horelick
f1e5a31775 Change the filenames of the generated SSL key/cert to ssl.* instead of test.* so that they're a bit more descriptive. 2010-11-13 16:07:54 -05:00
Jilles Tjoelker
717238d2a2 Add target change for channels.
This has a separate enabling option channel::channel_target_change.

It applies to PRIVMSG, NOTICE and TOPIC by unvoiced unopped non-opers.

The same slots are used for channels and users.
2010-08-29 01:26:00 +02:00
William Pitcock
40e92fca0e Recommend EFNet's RBL instead of DroneBL due to trustworthiness issues.
(StaticBox policy change as of May 14, 2010.)
2010-05-14 08:49:26 -05:00
JD Horelick
944b0584ea Change config option for ident_timeout to default_ident_timeout as jilles
recommended.
2010-04-05 16:29:11 -04:00
JD Horelick
0ffb810660 Add a configuration option for ident_timeout. 2010-04-05 15:28:44 -04:00
Jilles Tjoelker
dca9e55257 Add propagated resvs, like klines and xlines. 2010-03-27 16:13:57 +01:00
Jilles Tjoelker
3cbbfb2556 Add propagated xlines, like klines. 2010-03-16 23:05:50 +01:00
Jilles Tjoelker
1702b69419 Add option general::use_propagated_bans to allow disabling new KLINE.
If this option is yes (default), KLINE by itself sets global (propagated) bans.
If this option is no, KLINE by itself sets a local kline following cluster{},
compatible with 3.2 and older versions.
2010-03-14 17:21:20 +01:00
William Pitcock
a8560affce Documentation updates for the ip_cloaking_4.0 transition. 2010-02-18 07:34:40 -06:00
William Pitcock
ff31db8473 Add support for client certificate fingerprints in o:lines. 2010-02-17 06:41:41 -06:00
Jilles Tjoelker
fa1a7bef02 Add two more reasons why ssld_count>1 can be useful: bugs and fd limits. 2009-11-18 00:00:07 +01:00
Jilles Tjoelker
b23244702a Note that blacklist{} only accepts host/reason pairs, no host+host+reason. 2009-10-18 21:08:37 +02:00
Jilles Tjoelker
c2c25552ca Force part local users (not resv_exempt) on channel resv.
A notice will be sent to any force parted users that the channel
is temporarily/permanently unavailable on the server.
A new config option channel::resv_forcepart can be used to disable this.

from ircd-ratbox (dubkat)
2009-09-19 21:24:35 +02:00
Jilles Tjoelker
6865c0b099 Add channel::only_ascii_channels config option
to restrict channel names to printable ascii only.
Like disable_fake_channels this only applies to joins
by local users; unlike disable_fake_channels it applies
to opers as well.
2009-02-22 00:12:21 +01:00
Jilles Tjoelker
d9e7ca4960 BOPM/TCM do not need the ability to global kill, so remove it from server_bot
privset.
2008-12-28 23:24:43 +01:00
Jilles Tjoelker
bc7c44dc48 Update reference.conf for cidr change as well. 2008-11-30 13:33:43 +01:00
Jilles Tjoelker
3eae266ca3 Fix oper:remote in reference.conf. 2008-09-13 00:34:52 +02:00
Jilles Tjoelker
da77b103ef Document privsets in the example confs. 2008-09-13 00:32:22 +02:00
Jilles Tjoelker
10847f65d3 Remove old oper privilege flags. 2008-09-09 21:51:26 +02:00
Jilles Tjoelker
b159441429 Add need_ssl to auth{} and operator{}.
Specifying need_ssl on auth{} denies the connection if
it is not SSL/TLS, much like need_ident or need_sasl.
Specifying need_ssl on operator{} refuses opering with
ERR_NOOPERHOST if the connection is not SSL/TLS.
from ircd-ratbox
2008-09-07 01:18:58 +02:00
Valery V Yatsko
33e65f0004 no more servlink - removed 'servlink_path' from reference.conf and source files 2008-08-16 22:23:56 +04:00
Valery V Yatsko
67e6f4df3b Updated reference.conf 2008-08-13 23:17:43 +04:00
Jilles Tjoelker
43946961df Move to ratbox3 reject and throttle code.
Throttle replaces max_unknown_ip, reject is like before
(including the charybdis-specific unkline handling).
Both of these now apply before SSL negotiation.

This commit does not include the global_cidr and new dline code.

m_webirc is a bit nasty with throttling (unlike before
with max_unknown_ip), this may be fixed later (or
the webirc IP needs to be exempt{}ed).
2008-08-01 01:59:08 +02:00
Jilles Tjoelker
d8d2cb0a62 Mention shared dline flags in reference.conf. 2008-04-21 01:42:19 +02:00
Valery Yatsko
bf870ceb50 Hope these were the last things left from glines 2008-04-11 19:16:43 +04:00
Valery Yatsko
170703fe3a Removing glines 2008-04-11 18:47:03 +04:00
Valery Yatsko
dbbe26fa00 New extensions documented + typo fixed 2008-04-08 23:24:47 +04:00
Valery Yatsko
b8730cbf86 SSL options added to configuration files 2008-04-07 15:45:15 +04:00
Valery Yatsko
c6d7203732 ssl sync with http://hg.angelforce.ru/charybdis-old 2008-04-06 18:52:42 +04:00
Valery Yatsko
101db4c443 Much clear maxconnections stuff - ported from ratbox3. 2008-04-05 23:56:15 +04:00
Jilles Tjoelker
cdd5b26189 Remove idle time checking (auto disconnecting users idle too long). 2008-01-01 23:04:34 +01:00
Jilles Tjoelker
922aa82644 More helpful ERROR server notices.
- Do not use hide_error_messages for certain "safe" ERRORs.
- If hide_error_messages hides an ERROR from a handshake,
  send a server notice anyway, but without the message
  text.
- Send server notices about ERRORs from handshakes network
  wide if it was a remote connect.
2007-12-28 01:31:56 +01:00
Jilles Tjoelker
a6f4368b96 Add mass_notice oper priv, enabled by default for compatibility.
Controls /wallops and masked notices/privmsgs.
2007-12-24 21:47:05 +01:00
Jilles Tjoelker
420b2c9a10 Remove dot_in_ip6_addr config option. 2007-12-24 18:24:23 +01:00
Jilles Tjoelker
1ef5b43053 Require resv oper privilege to set cmode +L or +P. 2007-12-18 00:24:05 +01:00
Jilles Tjoelker
1ebe6ffc92 Add resv oper priv, enabled by default for compatibility. 2007-12-17 02:20:14 +01:00
Jilles Tjoelker
994544c294 Merge links_cache into scache and rework scache.
This changes flattened /links output to disclose less
routing information and slightly increases memory "leak"
from server names that do not come back anymore.
2007-11-23 22:11:25 +01:00
Jilles Tjoelker
4acf228113 Clarify meaning of some serverhide options. 2007-11-23 21:51:00 +01:00
jilles
407b1826e6 [svn] Update description of oper privileges a bit. 2007-11-17 13:55:48 -08:00
jilles
b0dc8e031c [svn] Clarify format of IPv6 addresses in auth{} and connect{}. 2007-08-29 15:04:45 -07:00
nenolod
cda8e9b8db [svn] - TS6 is always enabled now.
There is no reason for it to not be enabled on a proper charybdis network.
2007-08-08 23:47:26 -07:00
nenolod
57b8cb0fcf [svn] - blacklist{}: add notes about DroneBL and enable it by default. AHBL is still not enabled by default due
to their policies indicating that they wish to be contacted before their services are used.
2007-05-26 22:35:06 -07:00
jilles
297c7db408 [svn] Move sno_channeljoin to unsupported, due to the privacy
issue and the fact that any oper with admin or hidden_admin
can load extensions.
2007-05-24 08:10:06 -07:00
nenolod
59e2698a9f [svn] - sno_channeljoin: implements snomask +j and sends channel join notices there from local users 2007-05-23 21:16:02 -07:00
nenolod
446d88ddd4 [svn] - update config files 2007-05-23 21:02:33 -07:00
jilles
b808adf9d3 [svn] - fold conf_connect_allowed() into accept_connection()
- extend add_connection() so that exempt{}s apply to max unregistered
  connections per ip
from ratbox
2007-05-18 13:31:33 -07:00
jilles
54015b5fea [svn] Apply ratbox flood fix. 2007-05-14 15:21:16 -07:00
jilles
23836ead45 [svn] By default, leave MAX_BUFFER fds free for log files,
server connections, ident lookups, exceed_limit clients,
etc. Mention this in example.conf and reference.conf.
2007-04-04 17:12:55 -07:00
jilles
307328bb13 [svn] Remove invite_ops_only, forcing it to YES. 2007-03-13 09:09:28 -07:00
nenolod
c2d96fcbff [svn] - add config option for setting max_clients. 2007-03-05 10:58:38 -08:00
nenolod
92fb5c3175 [svn] - keyword-subst from charybdis 2.2. 2007-01-24 23:08:21 -08:00
nenolod
212380e3f4 [svn] - the new plan:
+ branches/release-2.1 -> 2.2 base
  + 3.0 -> branches/cxxconversion
  + backport some immediate 3.0 functionality for 2.2
  + other stuff
2007-01-24 22:40:21 -08:00