Jilles Tjoelker
4dbd5e07ad
Skip cidr checking for bans with negative or too large cidrlen.
...
Upto some length, such bans could match the exact IP address.
Obtained from: ircd-ratbox (androsyn)
2013-01-29 23:29:34 +01:00
William Pitcock
3dae60ef47
cache: use rb_strdup() instead of a static buffer for cache lines.
...
BUFSIZE limitation is retained as there is no need to remove it, as all lines must be smaller than it
due to RFC1459 message requirements.
2013-01-15 16:24:33 -06:00
Jilles Tjoelker
b6e02c25b5
starttls: Don't send ERR_STARTTLS after successful STARTTLS.
2013-01-05 15:09:17 +01:00
Jilles Tjoelker
fce4df5473
server: Show the missing CAPABs when rejecting a server.
2013-01-02 21:00:18 +01:00
Jilles Tjoelker
22b24f637d
server: Move required CAPAB check after authentication and add snote and log.
2013-01-02 20:07:28 +01:00
Jilles Tjoelker
f09c28e18f
reference.conf: Correct description of general::client_exit.
...
It prefixes with "Quit: ", not "Client exit: ".
2013-01-01 18:07:37 +01:00
William Pitcock
ac0707aa61
m_capab: fix a possible remote crash triggered by the CAPAB parsing code.
2012-12-31 13:13:05 -06:00
William Pitcock
d7e4ed772f
capability: handle NULL passed to capability_get().
2012-12-31 13:01:09 -06:00
Jilles Tjoelker
ce4fa4477b
server: Simplify some code now ENCAP is mandatory.
2012-12-19 17:42:49 +01:00
Jilles Tjoelker
856df9a3c4
server: Remove code to send recursive QUITs/SQUITs for non-QS servers.
...
Now that QS is required, this code can no longer be activated.
2012-12-19 15:06:49 +01:00
Jilles Tjoelker
58b60c20cb
server: As per the TS6 spec, require QS and ENCAP capabilities.
2012-12-19 14:53:06 +01:00
Jilles Tjoelker
22cae20f02
server: Make sure CAP_CAP and CAP_TS6 are non-zero.
...
A zero CAP_CAP caused duplicate CAPAB to go undetected, allowing a
mismatch between what is sent out via ENCAP GCAP and what applies locally.
A zero CAP_TS6 allowed server connections without SID (with a valid
connect block).
2012-12-18 17:03:59 +01:00
Jilles Tjoelker
71eb2bb99b
server: Fix required capabilities check if there is more than one capability.
2012-12-18 16:37:21 +01:00
William Pitcock
5fd2dd9556
genssl: use DH params length of 2048 to appease the weechat idiots
2012-11-19 21:12:30 +00:00
William Pitcock
4cbed3b849
extensions/m_roleplay: merge in darkmyst changes
2012-11-04 03:35:58 +00:00
Jilles Tjoelker
8ff07125c3
starttls: Explicitly reject starttls if TLS is not configured or not compiled in.
2012-11-03 15:50:43 +01:00
Jilles Tjoelker
c1cddb36c0
starttls: Don't corrupt the FD hash.
...
Altering localClient->F without updating the FD hash leaves the struct
Client in the FD hash indefinitely which causes a crash later if the
struct is reused for a remote client. It also prevents error messages
from ssld showing up on IRC properly.
2012-11-03 00:49:10 +01:00
William Pitcock
e5149d6169
Add module which restricts unauthenticated users from doing anything as channel op.
2012-11-01 06:48:40 +00:00
Jilles Tjoelker
6387b5ad44
Fix a crash with testline, introduced with the "underlying ipv4" feature.
2012-10-15 02:09:07 +02:00
William Pitcock
1cf9ef50cd
numeric: add 744 (ERR_TOPICLOCK) to list so we don't step on inspircd
2012-10-13 17:50:12 +00:00
Keith Buck
5bd79c2c56
res.c: Try other servers if errors or corrupt replies are encountered.
...
Currently, the resolver treats SERVFAIL, NOTIMP, and REFUSED queries the
same as NXDOMAIN, but this really should not be the case. Instead, if
the DNS server errors on our request or provides an invalid request, try
another server.
Also, count DNS server errors in addition to timeouts and avoid these
undesirable servers.
2012-10-09 05:58:02 +00:00
William Pitcock
373d6d79e3
libratbox/crypt: remove blowfish support since it has the stupid advertising clause
2012-09-29 17:28:04 -05:00
William Pitcock
deb24d2b31
reslib: remove advertising clause, which was dropped as a requirement by the copyright holder.
...
(See http://svnweb.freebsd.org/base/head/COPYRIGHT?view=co ).
Closes #5 .
2012-09-29 17:08:40 -05:00
Jilles Tjoelker
f8cdda0573
help: Document whowas limit parameter.
2012-09-28 23:14:56 +02:00
William Pitcock
c4e81ae9e9
m_starttls: handle error condition with ERR_STARTTLS (691) numeric per tls-3.2 specification
2012-09-22 19:31:55 -05:00
William Pitcock
21f715a9a3
m_starttls: new module implementing ircv3 tls-3.1 optional extension
2012-09-22 16:30:01 -05:00
William Pitcock
538d4d6188
m_cap: add 'tls' core capability
2012-09-22 14:15:45 -05:00
William Pitcock
3e54d7bfb0
Define RPL_STARTTLS.
2012-09-22 14:04:57 -05:00
William Pitcock
4727c0f586
m_stats: apply same logic to anonymous /stats l as /stats p
2012-09-18 20:01:53 -05:00
William Pitcock
e82bda18a5
m_stats: add optional constraint checking function pointer to stats_l_list().
2012-09-18 19:55:49 -05:00
Kiyoshi Aman
55a06c8910
GIT-Access: Our repos are on github now, so let's say so.
2012-08-20 06:25:21 -04:00
Keith Buck
0d0f34c322
chm_nonotice: Ignore CTCP and send ERR_CANNOTSENDTOCHAN if a message is being blocked.
2012-07-31 06:37:33 +00:00
William Pitcock
f0c778d701
Merge pull request #2 from TheChrisAM/patch-1
...
Adding auth_user documentation for auth {} blocks.
2012-07-30 10:00:49 -07:00
Jilles Tjoelker
2b121c81f5
reference.conf: Extend documentation for max_number in server classes.
2012-07-28 15:31:44 +02:00
William Pitcock
a85566b151
sigio: use siginfo_t instead of struct siginfo, per glibc commit r4efeffc1d5
2012-07-25 10:34:50 -05:00
Jilles Tjoelker
bdad42f050
tools/smoketest.sh: Remove DNSBL external dependency.
2012-07-14 14:51:55 +02:00
Jilles Tjoelker
96d5791220
tools: Add a simple test script.
...
It compiles and runs ircd, verifying if some aspects of PRIVMSG work.
2012-07-14 13:50:55 +02:00
Jilles Tjoelker
8d20b088f9
In capability_get(), if a capability is not found, return 0 instead of all-ones.
...
Returning all-ones will set all caps if an unknown cap name is passed.
2012-07-03 19:16:31 +02:00
Jilles Tjoelker
33b214fa42
Fix capability_index_list(), used e.g. in /stats ? capability output.
2012-07-03 19:15:25 +02:00
Jilles Tjoelker
89fd463e59
Add needed space between "TS6" or "SSL" and capabs from CAPAB in /stats ?.
2012-07-03 19:11:15 +02:00
Jilles Tjoelker
f3b3ad0b07
chmode: Allow mode queries on mlocked modes.
...
Check mlock at the same point where chanops are checked (except for
querying a +e/+I list) and abstract this check into a function.
In particular, /mode #channel f is now again allowed if +f is mlocked.
2012-06-19 00:33:29 +02:00
Jilles Tjoelker
e4ce3b5409
stats R: Make the CPU time display less ugly.
2012-06-04 00:49:59 +02:00
TheChrisAM
f9bb3e0d72
Adding auth_user documentation for auth {} blocks.
2012-05-31 21:26:52 -03:00
Jilles Tjoelker
294d32bf16
If umode +D or +g are oper-only, don't advertise them in 005.
2012-05-27 22:46:24 +02:00
William Pitcock
a9e557a171
Merge pull request #1 from dwfreed/master
...
Fix extensions/ip_cloaking* not correctly telling the net about your changed hostname
2012-05-24 06:11:45 -07:00
Douglas Freed
9f409b6333
extensions/ip_cloaking*: Fix a bug accidentally introduced in 29d224a1
where the cloaking module would change your cloak locally, but not correctly broadcast this to the network, and fail to tell you correctly in the RPL_HOSTHIDDEN reply
2012-05-24 11:06:20 +00:00
Keith Buck
c46a4ecd97
Move marking of services entirely to m_services.c; mark all services when m_services loads and unmark them when it unloads.
2012-05-21 21:03:56 +00:00
Keith Buck
7d60375446
Add new conf_read_start and conf_read_end hooks.
2012-05-21 20:22:07 +00:00
Keith Buck
ec57fe6779
Complain to opers if a server that isn't a service tries to SU/RSFNC/NICKDELAY/SVSLOGIN.
2012-05-21 17:27:02 +00:00
Aaron Sethman
21acd0961c
Disable timerfd/signalfd on openvz, it seems broken
...
(imported from libratbox r27395 by nenolod)
2012-05-18 21:16:13 -05:00