Commit graph

164 commits

Author SHA1 Message Date
Ed Kellett
4a8bd0b2fb Document general::hidden_caps 2020-11-08 14:08:38 +00:00
Ed Kellett
f57d88bc71 Remove shared blocks 2020-11-01 04:20:44 +00:00
Ed Kellett
d1239f613f Document secure blocks 2020-10-31 16:00:02 +00:00
Ed Kellett
0f8ec93849 helpops: change umode char to h 2020-10-27 13:53:01 +00:00
Ed Kellett
7d84719d68 Unify oper:{global,local}_kill 2020-10-25 20:02:03 +00:00
jesopo
b9b28600d7 "server-side ignore" is an incorrect description of umode +g 2020-10-21 13:21:58 +01:00
Ed Kellett
19dc147459 Document max_number in reference.conf 2020-10-18 20:03:05 +01:00
Ed Kellett
7c7065b07e Add class::max_autoconn configuration 2020-10-18 20:03:05 +01:00
Ed Kellett
a6f63a829e
Innovation by sed 2020-10-15 15:52:41 +01:00
Ed Kellett
f590bc6cec
Align reference.conf and ircd.conf.example 2020-08-04 22:58:31 +01:00
Ed Kellett
e06b75d23c
Document extension-only oper privs 2020-08-04 22:58:31 +01:00
Ed Kellett
734e774713
Document usermode:servnotice 2020-08-04 22:58:31 +01:00
Ed Kellett
2f68b6e203
Document the remaining new privs 2020-08-04 22:58:31 +01:00
Ed Kellett
58a490f9a4
Add oper:testline 2020-08-04 22:58:30 +01:00
Ed Kellett
6d5be11fb1
Add oper:privs 2020-08-04 22:58:30 +01:00
Ed Kellett
1cd6639a35
Add auspex:oper 2020-08-04 22:58:30 +01:00
Ed Kellett
80303ab70e
chm_staff: use oper:cmodes, don't check op status 2020-08-04 22:58:30 +01:00
Ed Kellett
d4f7eb4ce6
Replace most checks for +o with oper:general
I'm preparing to PR a succession of privs changes with the ultimate goal
of severely limiting the scope of the binary oper/user dichotomy and
move conceptually distinct oper functions into their own privs.

Accomplishing this is a non-trivial task, and can wait, but it's
inconvenient now to have such functions enabled by the same mechanism
that grants any privs at all--so I'm moving all of them to a
transitional priv with the intention of eroding that later.
2020-08-04 22:58:30 +01:00
Aaron Jones
e241d7979c
Merge pull request #346 from edk0/opmod-as-statusmsg
Port opmod_send_cprivmsg from ircd-seven, sans naming mistake
2020-07-06 10:52:15 +00:00
Janik Kleinhoff
04e5ed6c57
Make 5614c9e6f0b (opmod as fake statusmsg) optional
This adds a channel { ... } option, opmod_send_statusmsg, disabled by
default for compatibility reasons.
2020-07-06 10:36:35 +01:00
Ed Kellett
fff4f76353
Add general::tls_ciphers_oper_only 2020-07-05 23:06:51 +01:00
Stephen Bennett
b3a0099139
Rename connect_delay to post_registration_delay. This matches the ircd-ratbox feature, and better describes what it actually is. Also make sure to set localClient->firsttime on registration, so that the delay counts from the right time. 2020-06-07 19:22:36 +01:00
Stephen Bennett
1bb7964378
Add connect_delay to example and reference configs 2020-06-07 19:22:36 +01:00
Ed Kellett
57657a33a3
Document kline_spoof_ip 2020-04-20 11:10:39 +01:00
Ed Kellett
6292d72bbf
Add hide_tkdline_duration to documentation .confs 2019-12-31 01:56:05 +00:00
Simon Arlott
912d118fa2
Merge branch 'check-one-kline' of https://github.com/edk0/charybdis into edk0-check-one-kline 2019-08-31 15:05:11 +01:00
Aaron Jones
e2a0687835
Correct OPM port configuration variables
[ci skip]
2019-07-07 19:35:58 +01:00
Ed Kellett
6ca9ff0ea1
Remove unused kline_delay config option 2019-04-27 14:53:04 +01:00
Aaron Jones
3cc262f006
doc/reference.conf: clarify that server link fingerprints aren't optional
[ci skip]
2017-11-04 07:41:54 +00:00
Aaron Jones
28f877462d
Documentation: Comment-out the OPM block and its options by default
The feature is not yet stable and is causing several issues.
2016-12-28 23:41:32 +00:00
Aaron Jones
a49b954f98
reference.conf: Use proper IPv6 RFC Documentation Range Subnet
[ci skip]
2016-11-27 20:51:06 +00:00
Aaron Jones
4381284e72
reference.conf: document that SPKI is supported in version 3.5 now 2016-11-15 12:36:01 +00:00
William Pitcock
087555a00f ircd: introduce 'no-export' links
Links that are 'no-export' are not distributed to the rest of the IRC network (including local peers).
This provides a core primitive for 'anycasting' services (but the actual issue of synchronizing data in
a services package is left to the authors of the services package).
2016-09-16 17:18:55 -05:00
Aaron Jones
6621472435
reference.conf: Document fingerprint generation
[ci skip]
2016-07-16 05:42:09 +00:00
William Pitcock
be2447b850 config: document websocket options 2016-05-14 17:24:20 -05:00
James Lu
cdc31cc55f doc: add extensions/chm_nonotice to example confs 2016-05-11 21:39:42 -07:00
Aaron Jones
9d6b870d7b
[Documentation] Increase bitlength recommendation for DH parameters
Also clarify the behaviour of TLS backends and the consequences for
not providing any parameters at all.

[ci skip]
2016-05-05 04:20:16 +00:00
Aaron Jones
70a70462e5
[Documentation] Reflect that ssl_private_key is now optional
[ci skip]
2016-05-05 04:20:07 +00:00
Simon Arlott
7380ded584
ircd.conf.example: use certfp_method = spki_sha256
SHA1 is insecure. SHA2-512 is a bit long. Hashes of the full certificate
are really impractical and people need to stop using them.
2016-04-25 23:52:18 +01:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT 2016-04-25 20:12:27 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.

Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.

Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Mantas Mikulėnas
3bb3dcf7f5
doc: fix whitespace in example configs [ci skip] 2016-04-23 17:57:07 +03:00
Elizabeth Myers
a2b7ef92a1 Make directions more clear for disabling OPM 2016-04-11 11:26:15 -05:00
Elizabeth Myers
cfb9253671 Update warnings in the opm default configs [ci skip] 2016-04-02 23:42:23 -05:00
Elizabeth Myers
4dbed1ed61 conf: in OPM, it's listen_port, not port. [ci skip] 2016-04-02 19:53:24 -05:00
Elizabeth Myers
eb0814b3cb opm: add support for HTTPS CONNECT proxies.
TBD: do we need an SSL listener for these?
2016-04-02 18:38:21 -05:00
Elizabeth Myers
0ed0a9fe0a Move m_locops module to extensions.
Many networks do not use local ops and therefore should not be required
to have this around all the time.
2016-04-02 05:20:30 -05:00
Elizabeth Myers
9bba0f6143 opm: add adjustable timeout values 2016-04-02 03:33:27 -05:00
Elizabeth Myers
fabe8b94c5 Add HTTP CONNECT proxy scanning 2016-04-02 03:11:30 -05:00