Commit graph

133 commits

Author SHA1 Message Date
Ed Kellett
d6c813780f
m_webirc: respect ircv3's secure option 2019-10-20 18:17:34 +01:00
Ed Kellett
ed3ca2ff16
Propagate OPER
Move opername and privset storage to struct User, so it can exist for
remote opers.

On /oper and when bursting opers, send:

    :foo OPER opername privset

which sets foo's opername and privset. The contents of the privset on
remote servers come from the remote server's config, so the potential
for confusion exists if these do not match.

If an oper's privset does not exist on a server that sees it, it will
complain, but create a placeholder privset. If the privset is created by
a rehash, this will be reflected properly.

/privs is udpated to take an optional argument, the server to query, and
is now local by default:

    /privs [[nick_or_server] nick]
2019-09-13 10:08:27 +01:00
Ed Kellett
9834d3d5ba
Remove unused kline delay machinery 2019-04-27 14:51:27 +01:00
Ed Kellett
10df26d08f
Add check_one_kline, expose notify_banned_client 2019-04-27 14:47:28 +01:00
Simon Arlott
d4b2529a61
m_pass: store unverified SID in preClient for use in m_server 2018-08-15 22:48:20 +01:00
Simon Arlott
fe5fc851aa
gcc7 fixes: NICKLEN -> NAMELEN
Use NAMELEN instead of NICKLEN when accessing Client->name because it
could in theory be a HOSTLEN length string.
2018-01-19 23:26:20 +00:00
Simon Arlott
c6ad9b0c5f
Add basic SCTP listener support that binds to multiple addresses
This only supports two addresses as the intended use is 1 IPv4 and 1 IPv6
address on a single-homed host, and the only supported configuration of
outgoing connections to other servers is to bind a single IPv4 or IPv6
address.
2017-08-24 20:08:20 +01:00
Simon Arlott
f3564f47f4
msgbuf: correctly split buffers into IRCv3 tags and RFC1459 message data 2017-07-29 22:46:07 +01:00
Simon Arlott
50b1e5987c
listener: use exit_client instead of free_client
As well as leaking a connid and leaving the connection open,
these calls to free_client() leave the client in the unknown_list
causing check_unknowns_list() to crash when either ptr->data
(ptr being the freed client_p->localClient->tnode) is NULL or
when client_p->localClient is NULL.

Flag the client as an IO error so that we don't try to send it
any data (as this is not a normal plaintext connection).
2016-11-20 21:09:07 +00:00
Simon Arlott
da20854e83
random_ping: stop producing negative values that become 16 chars 2016-05-02 21:14:16 +01:00
Simon Arlott
762468f85d
authd: wait until the ssl connection is "open" before reading
It's useful to allow authd to run in parallel with ssl negotiation,
but if the ssld connection has plaintext data ready for reading
there's a race condition between authd calling read_packet() and
ssl_process_certfp() storing the certificate fingerprint. This
scenario would be bad for a server connecting because fingerprint
verification will fail.

Allow either operation to complete first, but wait until
ssl_process_open_fd() calls the ssl open callback before calling
read_packet().
2016-04-25 21:43:21 +01:00
Simon Arlott
53789fddda
sslproc: simplify ssl open callback
Don't use the librb callback type as we're always passing client_p.

Provide a return value so that the connect handler can exit_client()
and the accept handler can opt to use the default dead handler.
2016-04-25 21:12:44 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Mantas Mikulėnas
9d07a42d7a
m_sasl: rate-limit SASL REAUTH usage 2016-04-11 21:45:10 +03:00
Mantas Mikulėnas
37289346cd
m_sasl: temporarily reject clients after many failed attempts 2016-04-11 20:02:09 +03:00
Elizabeth Myers
ce58d2dc61 Remove extraneous whitespace [ci skip] 2016-04-10 09:23:14 -05:00
Elizabeth Myers
154dc91ef0 Wrap up authd preclient stuff in its own struct 2016-04-10 09:20:51 -05:00
Elizabeth Myers
66f7fe673b Get rid of flags2.
It seems to come from an era where long long didn't exist and 64-bit
machines weren't common. 32-bit machines are still common but I can't
imagine this will have much performance impact there.

This "fixes" #179 in title only, but see comments within.
2016-04-07 07:40:55 -05:00
William Pitcock
c53ca1e029 ircd: integrate ircd side of wsockd support 2016-04-02 02:56:22 -05:00
Elizabeth Myers
d3f6b80867 Replace s_auth/blacklist stuff with authd calls
This also does a lot of surgery on the conf system to reconfigure authd.

/!\ WARNING! ACHTUNG! ADVERTENCIA! ATTENTION! AVVERTIMENTO! /!\
This code has not been run-time tested yet (though it compiles)!
2016-03-28 02:11:16 -05:00
William Pitcock
de7cf7e009 ircd: client: substantially rework the connid registry system
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
2016-03-25 19:50:29 -05:00
Elizabeth Myers
9b8e9eb321 config.h delenda est 2016-03-19 19:14:26 -05:00
Elizabeth Myers
638d286293 Change some RATBOX_FOO defines to CHARYBDIS_FOO. 2016-03-07 05:01:31 -06:00
Elizabeth Myers
cbeab4bc34 Remove $Id tags from everything.
These are obsolete and none have changed since 10 years gao...
2016-03-06 02:47:27 -06:00
William Pitcock
ddf62b10f9 m_cap: add support for CAP LS 302 2016-02-28 01:13:08 -06:00
William Pitcock
32df5e96a6 cap: substantial rewrite leveraging the ircd capabilities framework for client caps 2016-02-27 01:41:36 -06:00
William Pitcock
ddedc60398 cap: register the account-tag capability 2016-02-20 17:26:35 -06:00
William Pitcock
b47f8a4fda ircd: import modified version of ratbox 3.1 whowas code 2016-01-23 11:16:34 -05:00
William Pitcock
999fab778c Revert "LIST: use new sendq system to reimplement SAFELIST differently."
This reverts commit e835592cfc.
2016-01-20 22:26:55 -05:00
William Pitcock
a4721f5e9f ircd: implement EXTENDCHANS, based on ircd-seven (with some improvements from chatircd) 2016-01-11 23:32:23 -06:00
William Pitcock
730b914c17 LIST: more cleanups 2016-01-09 23:34:52 -06:00
William Pitcock
1eeb046930 ircd: remove internal resolver, no longer used 2016-01-08 06:39:51 -06:00
William Pitcock
1d02144f8b ircd: move DNS resolution over to authd 2016-01-08 06:31:08 -06:00
Jilles Tjoelker
2d28539c68 Reduce clean_nick() code duplication further.
Side effect: hurt and monitor now allow nicks starting with a digit.
2015-12-13 00:22:21 +01:00
William Pitcock
72dee03d50 clean up some code duplication when checking nicks for validity 2015-12-12 08:41:09 -06:00
William Pitcock
b5b4a0e79b client: use sequential connection ids for ssld connections in ssld RPC, instead of the file descriptor
this avoids race conditions when a file descriptor is reused and an ssld worker has not acked that the previous
connection was closed, which results in the new client being kicked.
2015-12-12 05:20:51 -06:00
William Pitcock
ebe33dbfab sslproc: set Client.localClient.cipher_string if sent by ssld 2015-12-11 08:19:50 -06:00
William Pitcock
4a5330bb4d cap: implement ircv3.2 chghost cap 2015-11-19 22:53:55 -06:00
William Pitcock
13de708352 cap-notify: add cap-notify cap 2015-03-01 00:26:23 -06:00
Max Teufel
1b54aa5c3b src/channel: add support for IRCv3.2 userhost-in-names 2015-02-28 01:06:38 -06:00
William Pitcock
6e3d57dc6b cap: remove SASL_REAUTH capability 2015-02-28 01:01:08 -06:00
William Pitcock
95cce5f358 Revert "m_invite: add support for CAP invite-notify"
This reverts commit 93eb76cc32.
2015-02-16 17:50:51 -06:00
Max Teufel
93eb76cc32 m_invite: add support for CAP invite-notify
Specification:
<https://github.com/ircv3/ircv3-specifications/blob/master/extensions/invite-notify-3.2.md>
2015-02-16 15:40:34 -06:00
William Pitcock
c6bc97fdcd m_sasl: move some struct members around for sasl-reauth 2015-02-16 15:39:36 -06:00
William Pitcock
ef3ab8e3a5 cap: allow clients to do sasl reauth if they requested sasl and sasl-reauth (ref ircv3/ircv3#103). 2015-02-15 17:11:28 -06:00
Keith Buck
55abcbb20a Remove trailing whitespace from all .c and .h files.
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
Jilles Tjoelker
364e59f82a whowas: Use the normal rules for IP visibility.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().

Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
2013-09-14 12:26:32 +02:00
Jilles Tjoelker
2635cc8089 Fix parameter name in header file for show_ip_conf(). 2013-09-14 12:26:24 +02:00
William Pitcock
538d4d6188 m_cap: add 'tls' core capability 2012-09-22 14:15:45 -05:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00