Commit graph

2304 commits

Author SHA1 Message Date
Jilles Tjoelker
e69375f3ac Cope with rb_crypt() returning NULL. 2013-02-02 00:54:32 +01:00
Jilles Tjoelker
df2516e6d8 whowas: Abort listing if 90% of sendq is in use. 2013-02-02 00:50:03 +01:00
Jilles Tjoelker
4e4a5fcc61 Skip cidr checking for hostmask.c entries with negative cidrlen.
They will be treated as hostmasks only. In the case of dlines they will
be rejected as invalid.

hostmask.c entries such as dlines, klines and auth blocks can only be
added by opers or via ircd.conf.
2013-01-29 23:43:20 +01:00
Jilles Tjoelker
441da2f245 Also restrict cidrlen for testmask/masktrace (match_ips()). 2013-01-29 23:31:39 +01:00
Jilles Tjoelker
4dbd5e07ad Skip cidr checking for bans with negative or too large cidrlen.
Upto some length, such bans could match the exact IP address.

Obtained from: ircd-ratbox (androsyn)
2013-01-29 23:29:34 +01:00
William Pitcock
3dae60ef47 cache: use rb_strdup() instead of a static buffer for cache lines.
BUFSIZE limitation is retained as there is no need to remove it, as all lines must be smaller than it
due to RFC1459 message requirements.
2013-01-15 16:24:33 -06:00
Jilles Tjoelker
b6e02c25b5 starttls: Don't send ERR_STARTTLS after successful STARTTLS. 2013-01-05 15:09:17 +01:00
Jilles Tjoelker
fce4df5473 server: Show the missing CAPABs when rejecting a server. 2013-01-02 21:00:18 +01:00
Jilles Tjoelker
22b24f637d server: Move required CAPAB check after authentication and add snote and log. 2013-01-02 20:07:28 +01:00
Mantas Mikulėnas
62c87179ef Add a Git .mailmap
...to make `git shortlog -es` look nicer.
2013-01-02 01:46:36 +02:00
Jilles Tjoelker
f09c28e18f reference.conf: Correct description of general::client_exit.
It prefixes with "Quit: ", not "Client exit: ".
2013-01-01 18:07:37 +01:00
William Pitcock
ac0707aa61 m_capab: fix a possible remote crash triggered by the CAPAB parsing code. 2012-12-31 13:13:05 -06:00
William Pitcock
d7e4ed772f capability: handle NULL passed to capability_get(). 2012-12-31 13:01:09 -06:00
Jilles Tjoelker
ce4fa4477b server: Simplify some code now ENCAP is mandatory. 2012-12-19 17:42:49 +01:00
Jilles Tjoelker
856df9a3c4 server: Remove code to send recursive QUITs/SQUITs for non-QS servers.
Now that QS is required, this code can no longer be activated.
2012-12-19 15:06:49 +01:00
Jilles Tjoelker
58b60c20cb server: As per the TS6 spec, require QS and ENCAP capabilities. 2012-12-19 14:53:06 +01:00
Jilles Tjoelker
22cae20f02 server: Make sure CAP_CAP and CAP_TS6 are non-zero.
A zero CAP_CAP caused duplicate CAPAB to go undetected, allowing a
mismatch between what is sent out via ENCAP GCAP and what applies locally.

A zero CAP_TS6 allowed server connections without SID (with a valid
connect block).
2012-12-18 17:03:59 +01:00
Jilles Tjoelker
71eb2bb99b server: Fix required capabilities check if there is more than one capability. 2012-12-18 16:37:21 +01:00
William Pitcock
5fd2dd9556 genssl: use DH params length of 2048 to appease the weechat idiots 2012-11-19 21:12:30 +00:00
William Pitcock
4cbed3b849 extensions/m_roleplay: merge in darkmyst changes 2012-11-04 03:35:58 +00:00
Jilles Tjoelker
8ff07125c3 starttls: Explicitly reject starttls if TLS is not configured or not compiled in. 2012-11-03 15:50:43 +01:00
Jilles Tjoelker
c1cddb36c0 starttls: Don't corrupt the FD hash.
Altering localClient->F without updating the FD hash leaves the struct
Client in the FD hash indefinitely which causes a crash later if the
struct is reused for a remote client. It also prevents error messages
from ssld showing up on IRC properly.
2012-11-03 00:49:10 +01:00
William Pitcock
e5149d6169 Add module which restricts unauthenticated users from doing anything as channel op. 2012-11-01 06:48:40 +00:00
Jilles Tjoelker
6387b5ad44 Fix a crash with testline, introduced with the "underlying ipv4" feature. 2012-10-15 02:09:07 +02:00
William Pitcock
1cf9ef50cd numeric: add 744 (ERR_TOPICLOCK) to list so we don't step on inspircd 2012-10-13 17:50:12 +00:00
Keith Buck
5bd79c2c56 res.c: Try other servers if errors or corrupt replies are encountered.
Currently, the resolver treats SERVFAIL, NOTIMP, and REFUSED queries the
same as NXDOMAIN, but this really should not be the case. Instead, if
the DNS server errors on our request or provides an invalid request, try
another server.

Also, count DNS server errors in addition to timeouts and avoid these
undesirable servers.
2012-10-09 05:58:02 +00:00
William Pitcock
373d6d79e3 libratbox/crypt: remove blowfish support since it has the stupid advertising clause 2012-09-29 17:28:04 -05:00
William Pitcock
deb24d2b31 reslib: remove advertising clause, which was dropped as a requirement by the copyright holder.
(See http://svnweb.freebsd.org/base/head/COPYRIGHT?view=co).
Closes #5.
2012-09-29 17:08:40 -05:00
Jilles Tjoelker
f8cdda0573 help: Document whowas limit parameter. 2012-09-28 23:14:56 +02:00
William Pitcock
c4e81ae9e9 m_starttls: handle error condition with ERR_STARTTLS (691) numeric per tls-3.2 specification 2012-09-22 19:31:55 -05:00
William Pitcock
21f715a9a3 m_starttls: new module implementing ircv3 tls-3.1 optional extension 2012-09-22 16:30:01 -05:00
William Pitcock
538d4d6188 m_cap: add 'tls' core capability 2012-09-22 14:15:45 -05:00
William Pitcock
3e54d7bfb0 Define RPL_STARTTLS. 2012-09-22 14:04:57 -05:00
William Pitcock
4727c0f586 m_stats: apply same logic to anonymous /stats l as /stats p 2012-09-18 20:01:53 -05:00
William Pitcock
e82bda18a5 m_stats: add optional constraint checking function pointer to stats_l_list(). 2012-09-18 19:55:49 -05:00
Kiyoshi Aman
55a06c8910 GIT-Access: Our repos are on github now, so let's say so. 2012-08-20 06:25:21 -04:00
Keith Buck
0d0f34c322 chm_nonotice: Ignore CTCP and send ERR_CANNOTSENDTOCHAN if a message is being blocked. 2012-07-31 06:37:33 +00:00
William Pitcock
f0c778d701 Merge pull request #2 from TheChrisAM/patch-1
Adding auth_user documentation for auth {} blocks.
2012-07-30 10:00:49 -07:00
Jilles Tjoelker
2b121c81f5 reference.conf: Extend documentation for max_number in server classes. 2012-07-28 15:31:44 +02:00
William Pitcock
a85566b151 sigio: use siginfo_t instead of struct siginfo, per glibc commit r4efeffc1d5 2012-07-25 10:34:50 -05:00
Jilles Tjoelker
bdad42f050 tools/smoketest.sh: Remove DNSBL external dependency. 2012-07-14 14:51:55 +02:00
Jilles Tjoelker
96d5791220 tools: Add a simple test script.
It compiles and runs ircd, verifying if some aspects of PRIVMSG work.
2012-07-14 13:50:55 +02:00
Jilles Tjoelker
8d20b088f9 In capability_get(), if a capability is not found, return 0 instead of all-ones.
Returning all-ones will set all caps if an unknown cap name is passed.
2012-07-03 19:16:31 +02:00
Jilles Tjoelker
33b214fa42 Fix capability_index_list(), used e.g. in /stats ? capability output. 2012-07-03 19:15:25 +02:00
Jilles Tjoelker
89fd463e59 Add needed space between "TS6" or "SSL" and capabs from CAPAB in /stats ?. 2012-07-03 19:11:15 +02:00
Jilles Tjoelker
f3b3ad0b07 chmode: Allow mode queries on mlocked modes.
Check mlock at the same point where chanops are checked (except for
querying a +e/+I list) and abstract this check into a function.

In particular, /mode #channel f is now again allowed if +f is mlocked.
2012-06-19 00:33:29 +02:00
Jilles Tjoelker
e4ce3b5409 stats R: Make the CPU time display less ugly. 2012-06-04 00:49:59 +02:00
TheChrisAM
f9bb3e0d72 Adding auth_user documentation for auth {} blocks. 2012-05-31 21:26:52 -03:00
Jilles Tjoelker
294d32bf16 If umode +D or +g are oper-only, don't advertise them in 005. 2012-05-27 22:46:24 +02:00
William Pitcock
a9e557a171 Merge pull request #1 from dwfreed/master
Fix extensions/ip_cloaking* not correctly telling the net about your changed hostname
2012-05-24 06:11:45 -07:00