Commit graph

3740 commits

Author SHA1 Message Date
Ed Kellett
9274c0f3f4
Align check_one_kline better with find_kline 2020-04-19 11:53:38 +01:00
Ed Kellett
de0673d7ad
Move ipv4-in-ipv6 handling to find_conf_by_address
This removes some inconsistencies: first of all it applies to both
CONF_KILL searches by IP in find_address_conf, and secondly it applies
to find_kline, which would have been an edge case before.
2020-04-19 11:53:38 +01:00
Ed Kellett
f53d2f45de
Refactor check_one_kline a tiny bit 2020-04-19 01:45:33 +01:00
jesopo
310f88cfb1 rectify comment for Message handler indexes 2020-04-19 00:01:29 +01:00
Ed Kellett
55ed78dab1
Don't match iline-spoofed IPs for channel bans 2020-04-12 12:35:18 +01:00
Ed Kellett
a7d4a0ab81
Centralise banmask matching logic 2020-04-12 12:35:18 +01:00
Aaron Jones
baef55657e
Merge pull request #311 from qaisjp/patch-2
readme: fix macOS instructions
2020-03-15 22:14:26 +00:00
Qais Patankar
c0d82abefc
readme: fix macOS instructions 2020-03-15 22:06:42 +00:00
Aaron Jones
6cfb19943a
extensions/extb_ssl.c: make certfp parameter case-insensitive
I had the idea that maybe these should be case-sensitive because some
encodings (like Base-64) are. But it turns out it's better to
prioritise not breaking existing configurations / channel mode lists,
and just revisit this in future maybe.

[ci skip]
2020-01-28 20:48:23 +00:00
Aaron Jones
e0a8d121fa
extensions/extb_ssl.c: port e0f1c3b5bc & 5572f43834
Reported-by: Opal Hart <opal@wowana.me>
2020-01-28 20:37:39 +00:00
Simon Arlott
155ecb7a7a
tests: Check sendto_wallops_flags works with format strings 2020-01-11 16:26:10 +00:00
Aaron Jones
b50e5b28d4
Merge pull request #308 from edk0/with-asan
Add --with-asan to build with asan
2020-01-10 15:36:06 +00:00
Ed Kellett
30a14c5884
Link asan in a clang-friendly way 2020-01-10 15:32:35 +00:00
Ed Kellett
6d17463554
Add --with-asan to build with asan 2020-01-06 23:46:44 +00:00
Aaron Jones
673fd77dd1
Merge pull request #304 from edk0/reject-expired
reject: Don't reject for expired K-lines
2020-01-03 17:33:10 +00:00
Ed Kellett
6cd12661af
reject: reorder to avoid leaks 2020-01-03 17:07:25 +00:00
Ed Kellett
b9c43bc08a
reject: Don't reject for expired K-lines 2020-01-03 16:24:36 +00:00
Aaron Jones
6cac5cce0f
Merge pull request #302 from edk0/sasl-usercloak
Import extensions/sasl_usercloak from ircd-seven
2020-01-02 20:31:06 +00:00
Aaron Jones
28e12fad3c
Merge pull request #297 from bmwiedemann/date
Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
2020-01-02 20:29:13 +00:00
Aaron Jones
1a7927bb87
Merge pull request #303 from edk0/modreload-uaf
modules: fix use-after-free when reloading
2020-01-02 17:24:44 +00:00
Aaron Jones
cd39eef71e
Merge pull request #301 from edk0/reject-free-fix-fix
Remove from the list of propagated bans on expiry
2020-01-02 17:24:25 +00:00
Ed Kellett
6aa5c725ff
modules: fix use-after-free when reloading 2020-01-02 16:45:15 +00:00
Ed Kellett
b44f6669d8
sasl_usercloak: fix typo in format string
thanks @ProgVal
2020-01-02 16:29:23 +00:00
Ed Kellett
cdeca37ec3
sasl_usercloak: make the magic string more specific
Require '/account' at the end of the spoof, rather than
'account' anywhere.
2020-01-02 16:15:51 +00:00
Ed Kellett
5d5603b6ef
sasl_usercloak: modernize 2020-01-02 16:15:50 +00:00
Ed Kellett
11ae52095f
Remove duplicated notify_banned_client 2020-01-02 03:36:34 +00:00
Ed Kellett
5958d6b99b
sasl_usercloak: check K-lines after host change 2020-01-02 03:36:34 +00:00
Ed Kellett
40c4d9d85b
Revert "recheck users after applying SASL account cloaks"
This reverts commit 4d401d3c60019cf96b07a012106cab9678b7a79d.
2020-01-02 03:36:34 +00:00
Ed Kellett
5aeeea187e
recheck users after applying SASL account cloaks
(so K-lines on them will take effect properly)
2020-01-02 03:36:34 +00:00
Stephen Bennett
dae6f5dbee
Make sasl_usercloak.so update the original host, as well as the visible host if it hasn't already changed. Allows for the sasl spoof to be used to override services ones in some circumstances. 2020-01-02 03:36:34 +00:00
Stephen Bennett
271ddd99d7
Be sure to zero out host buffer before using it 2020-01-02 03:36:34 +00:00
Stephen Bennett
721410d575
Add sasl_usercloak module, to allow injecting SASL account name into a user's host on connection 2020-01-02 03:36:24 +00:00
Ed Kellett
0a7faba63d
Remove from the list of propagated bans on expiry
Fixes a use-after-free introduced in 548e31d3b, which fixed a related
use-after-free introduced in a9536f755.
2020-01-02 00:03:06 +00:00
Aaron Jones
b21c1403c6
Merge pull request #300 from edk0/reject-free-fix
Fix a use-after-free introduced in #298
2020-01-01 08:57:52 +00:00
Ed Kellett
548e31d3bd
Fix a place aconfs could be freed while referenced
(not a bug until a9536f755 since bans were not referenced before)
2020-01-01 08:51:53 +00:00
Aaron Jones
5eb10743f9
Merge pull request #299 from edk0/tkline-reason
Add config option to hide durations of temporary K/D-lines
2019-12-31 08:00:24 +00:00
Aaron Jones
008a1b9d8d
Merge pull request #298 from edk0/rejectcache
Remember and send reasons for rejectcache rejections
2019-12-31 07:59:56 +00:00
Ed Kellett
6292d72bbf
Add hide_tkdline_duration to documentation .confs 2019-12-31 01:56:05 +00:00
Ed Kellett
9914c013b4
Add general::hide_tkdline_duration 2019-12-31 01:56:01 +00:00
Ed Kellett
a9536f755c
reject: Remember and send reasons for rejections
rejectcache entries can now use either a K-line aconf or a static
string as a reason. This will be sent in a 465 numeric before the usual
ERROR. In the case of K-lines, it resembles the 465 you would have been
sent without being rejected:

; nc -s 127.6.6.6 127.0.0.1 5000
:staberinde.local 465 * :You are banned from this server- Temporary
    K-line 4320 min. - abc123 (2019/12/31 01.07)
ERROR :Closing Link: (*** Banned (cache))
; nc -s 127.128.0.0 127.0.0.1 5000
:staberinde.local 465 * :You are not authorised to use this server.
ERROR :Closing Link: (*** Banned (cache))
2019-12-31 01:35:31 +00:00
Bernhard M. Wiedemann
1b0319448c Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
to make the package build reproducible by default without
everyone having to discover the custom variable.

See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

This code assigns the plain integer to keep the code simple.
Otherwise we would have to deal with differences between GNU date
and BSD date or include extra build deps like perl or python.
2019-12-06 18:32:46 +01:00
Aaron Jones
7b8e4c0967
Merge pull request #296 from edk0/modreload
m_modules: make modreload work like restart
2019-11-17 19:12:03 +00:00
Ed Kellett
7b6410135b
m_modules: make modreload work like restart
/modrestart used to be implemented as a normal command and could crash
when used remotely because it would reload m_encap, which was on the
call stack at the time. This was fixed in 41390bfe5f. However,
/modreload has exactly the same problem, so I'm giving it the
same treatment.

Incidentally: This bug was first discovered in ircd-seven, where the
`/mod*` commands themselves live in the core, so m_encap was the only way
the crash could happen (and it didn't most of the time, because m_encap
would only be moved if you got unlucky). But `/mod*` are in modules in
charybdis, so /modrestart would have unloaded the code it was in the
middle of executing. With that in mind, I'm not sure how it ever
appeared to work.
2019-11-17 18:01:51 +00:00
Aaron Jones
58a7048006
Merge pull request #287 from edk0/filter
Add extensions/filter (port from ircd-seven)
2019-10-22 18:33:51 +00:00
Ed Kellett
09784400f2
filter: avoid a memory leak per @amdj 2019-10-22 18:44:19 +01:00
Aaron Jones
a52d84f723
Merge pull request #293 from edk0/webirc
m_webirc: improve TLS handling
2019-10-22 16:17:33 +00:00
Aaron Jones
9e6c36d571
Merge pull request #294 from edk0/deny-webirc-auth
m_webirc: deny using webirc. as a real auth block
2019-10-22 16:16:36 +00:00
Ed Kellett
8ffc517321
m_webirc: deny using webirc. as a real auth block 2019-10-20 18:41:39 +01:00
Ed Kellett
cccda2ff2f
m_webirc: it's "TLS" to you 2019-10-20 18:18:32 +01:00
Ed Kellett
11ef0e2b98
m_webirc: don't bail out when denying 'secure' 2019-10-20 18:18:32 +01:00