Ed Kellett
d1239f613f
Document secure blocks
2020-10-31 16:00:02 +00:00
Ed Kellett
0f8ec93849
helpops: change umode char to h
2020-10-27 13:53:01 +00:00
Ed Kellett
7d84719d68
Unify oper:{global,local}_kill
2020-10-25 20:02:03 +00:00
jesopo
b9b28600d7
"server-side ignore" is an incorrect description of umode +g
2020-10-21 13:21:58 +01:00
Ed Kellett
19dc147459
Document max_number in reference.conf
2020-10-18 20:03:05 +01:00
Ed Kellett
7c7065b07e
Add class::max_autoconn configuration
2020-10-18 20:03:05 +01:00
Ed Kellett
a6f63a829e
Innovation by sed
2020-10-15 15:52:41 +01:00
Ed Kellett
f590bc6cec
Align reference.conf and ircd.conf.example
2020-08-04 22:58:31 +01:00
Ed Kellett
e06b75d23c
Document extension-only oper privs
2020-08-04 22:58:31 +01:00
Ed Kellett
734e774713
Document usermode:servnotice
2020-08-04 22:58:31 +01:00
Ed Kellett
2f68b6e203
Document the remaining new privs
2020-08-04 22:58:31 +01:00
Ed Kellett
58a490f9a4
Add oper:testline
2020-08-04 22:58:30 +01:00
Ed Kellett
6d5be11fb1
Add oper:privs
2020-08-04 22:58:30 +01:00
Ed Kellett
1cd6639a35
Add auspex:oper
2020-08-04 22:58:30 +01:00
Ed Kellett
80303ab70e
chm_staff: use oper:cmodes, don't check op status
2020-08-04 22:58:30 +01:00
Ed Kellett
d4f7eb4ce6
Replace most checks for +o with oper:general
...
I'm preparing to PR a succession of privs changes with the ultimate goal
of severely limiting the scope of the binary oper/user dichotomy and
move conceptually distinct oper functions into their own privs.
Accomplishing this is a non-trivial task, and can wait, but it's
inconvenient now to have such functions enabled by the same mechanism
that grants any privs at all--so I'm moving all of them to a
transitional priv with the intention of eroding that later.
2020-08-04 22:58:30 +01:00
Aaron Jones
e241d7979c
Merge pull request #346 from edk0/opmod-as-statusmsg
...
Port opmod_send_cprivmsg from ircd-seven, sans naming mistake
2020-07-06 10:52:15 +00:00
Janik Kleinhoff
04e5ed6c57
Make 5614c9e6f0b (opmod as fake statusmsg) optional
...
This adds a channel { ... } option, opmod_send_statusmsg, disabled by
default for compatibility reasons.
2020-07-06 10:36:35 +01:00
Ed Kellett
fff4f76353
Add general::tls_ciphers_oper_only
2020-07-05 23:06:51 +01:00
Stephen Bennett
b3a0099139
Rename connect_delay to post_registration_delay. This matches the ircd-ratbox feature, and better describes what it actually is. Also make sure to set localClient->firsttime on registration, so that the delay counts from the right time.
2020-06-07 19:22:36 +01:00
Stephen Bennett
1bb7964378
Add connect_delay to example and reference configs
2020-06-07 19:22:36 +01:00
Ed Kellett
57657a33a3
Document kline_spoof_ip
2020-04-20 11:10:39 +01:00
Ed Kellett
6292d72bbf
Add hide_tkdline_duration to documentation .confs
2019-12-31 01:56:05 +00:00
Simon Arlott
912d118fa2
Merge branch 'check-one-kline' of https://github.com/edk0/charybdis into edk0-check-one-kline
2019-08-31 15:05:11 +01:00
Aaron Jones
e2a0687835
Correct OPM port configuration variables
...
[ci skip]
2019-07-07 19:35:58 +01:00
Ed Kellett
6ca9ff0ea1
Remove unused kline_delay config option
2019-04-27 14:53:04 +01:00
Aaron Jones
3cc262f006
doc/reference.conf: clarify that server link fingerprints aren't optional
...
[ci skip]
2017-11-04 07:41:54 +00:00
Aaron Jones
28f877462d
Documentation: Comment-out the OPM block and its options by default
...
The feature is not yet stable and is causing several issues.
2016-12-28 23:41:32 +00:00
Aaron Jones
a49b954f98
reference.conf: Use proper IPv6 RFC Documentation Range Subnet
...
[ci skip]
2016-11-27 20:51:06 +00:00
Aaron Jones
4381284e72
reference.conf: document that SPKI is supported in version 3.5 now
2016-11-15 12:36:01 +00:00
William Pitcock
087555a00f
ircd: introduce 'no-export' links
...
Links that are 'no-export' are not distributed to the rest of the IRC network (including local peers).
This provides a core primitive for 'anycasting' services (but the actual issue of synchronizing data in
a services package is left to the authors of the services package).
2016-09-16 17:18:55 -05:00
Aaron Jones
6621472435
reference.conf: Document fingerprint generation
...
[ci skip]
2016-07-16 05:42:09 +00:00
William Pitcock
be2447b850
config: document websocket options
2016-05-14 17:24:20 -05:00
James Lu
cdc31cc55f
doc: add extensions/chm_nonotice to example confs
2016-05-11 21:39:42 -07:00
Aaron Jones
9d6b870d7b
[Documentation] Increase bitlength recommendation for DH parameters
...
Also clarify the behaviour of TLS backends and the consequences for
not providing any parameters at all.
[ci skip]
2016-05-05 04:20:16 +00:00
Aaron Jones
70a70462e5
[Documentation] Reflect that ssl_private_key is now optional
...
[ci skip]
2016-05-05 04:20:07 +00:00
Simon Arlott
7380ded584
ircd.conf.example: use certfp_method = spki_sha256
...
SHA1 is insecure. SHA2-512 is a bit long. Hashes of the full certificate
are really impractical and people need to stop using them.
2016-04-25 23:52:18 +01:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT
2016-04-25 20:12:27 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
...
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.
Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.
Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
...
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.
(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Mantas Mikulėnas
3bb3dcf7f5
doc: fix whitespace in example configs [ci skip]
2016-04-23 17:57:07 +03:00
Elizabeth Myers
a2b7ef92a1
Make directions more clear for disabling OPM
2016-04-11 11:26:15 -05:00
Elizabeth Myers
cfb9253671
Update warnings in the opm default configs [ci skip]
2016-04-02 23:42:23 -05:00
Elizabeth Myers
4dbed1ed61
conf: in OPM, it's listen_port, not port. [ci skip]
2016-04-02 19:53:24 -05:00
Elizabeth Myers
eb0814b3cb
opm: add support for HTTPS CONNECT proxies.
...
TBD: do we need an SSL listener for these?
2016-04-02 18:38:21 -05:00
Elizabeth Myers
0ed0a9fe0a
Move m_locops module to extensions.
...
Many networks do not use local ops and therefore should not be required
to have this around all the time.
2016-04-02 05:20:30 -05:00
Elizabeth Myers
9bba0f6143
opm: add adjustable timeout values
2016-04-02 03:33:27 -05:00
Elizabeth Myers
fabe8b94c5
Add HTTP CONNECT proxy scanning
2016-04-02 03:11:30 -05:00
Elizabeth Myers
81a05933bf
add proxy_exempt to conf files
2016-04-02 02:49:38 -05:00
Elizabeth Myers
51fa2ab8a3
opm: allow scanners to be configurable
2016-04-02 02:29:48 -05:00