Commit graph

2366 commits

Author SHA1 Message Date
Simon Arlott
62c0ac4124
ircd: s_conf: fix use of strlcpy in strip_tabs
strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.
2017-06-25 19:54:39 +01:00
Aaron Jones
789bb31c92
configure: allow exact PID file prefix to be specified 2017-06-23 05:55:48 +00:00
Aaron Jones
1b7c6aff1a
MbedTLS: Don't use a dummy CA certificate on new library (no longer required) 2017-06-22 11:12:21 +00:00
Ellenor Malik
e0f1c3b5bc
extensions/extb_ssl.c: add support for matching by certificate fingerprint 2017-06-16 01:51:38 +00:00
Aaron Jones
68ba8e8125
README.md: Update channel
The domain expired and then someone else seems to have reacquired it,
so point users back at Freenode for now as recovery is unlikely.
2017-06-12 17:00:14 +00:00
Aaron Jones
8b96afb67b Merge pull request #241 from anarcat/rst-guide 2017-03-25 16:49:08 +00:00
Antoine Beaupré
7e7107a6b7
fix more headings 2017-03-25 12:35:29 -04:00
Antoine Beaupré
5bc633fd77
fix two headings to be toplevel 2017-03-25 12:33:06 -04:00
Antoine Beaupré
c14e0b9523
do not hardcode theme 2017-03-25 12:29:27 -04:00
Antoine Beaupré
f41c25c0c1
config.rst review 2017-03-25 12:22:36 -04:00
Antoine Beaupré
ea56df54f7
review commands.rst style 2017-03-25 12:07:37 -04:00
Antoine Beaupré
194a960192
fix style in ucommands.rst 2017-03-25 11:49:30 -04:00
Antoine Beaupré
79a69a8e43
fix syntax warning 2017-03-25 11:47:58 -04:00
Antoine Beaupré
8bb743a695
fix ucommands.rst style 2017-03-25 11:47:23 -04:00
Antoine Beaupré
689137420b
review umodes.rst 2017-03-25 11:45:22 -04:00
Antoine Beaupré
2838bd22d6
review oprivs.rst style 2017-03-25 11:44:51 -04:00
Antoine Beaupré
932350e189
review cmodes.rst style 2017-03-25 11:42:51 -04:00
Antoine Beaupré
bdfadfcb99
some styling
turn all +flags into preformatted flags, fix admonitions
2017-03-25 11:33:06 -04:00
Antoine Beaupré
bc9cb138a4
ignore build results 2017-03-25 11:15:08 -04:00
Antoine Beaupré
c74b47583e
fix duplicate headings, remove duplicate ToC 2017-03-25 11:15:03 -04:00
Antoine Beaupré
0da7307521
merge two index pages 2017-03-25 11:09:44 -04:00
Antoine Beaupré
2874f74c81
convert SGML guide to RST
the rationale behind switching away from SGML/Docbook is the following:

 * SGML is hard to edit for humans
 * the output is not much prettier
 * the toolchain is not well supported and missing from the build
 * the build is not hooked into anywhere, no automation

the reason why RST was chosen:

 * it allows for a strong structure like Docbook
 * the theme from Read The Docs is pretty
 * it also supports mobile devices
 * sphinx can easily output to PDF and ePUB formats
 * RST is plaintext that can be easily edited and diff'd
 * RST can be automatically built by ReadTheDocs and the toolchain is
   readily available
 * the output is also parsed by Github so documentation can be read
   straight from GH

the reason why Markdown was not chosen:

 * the current strong structure would be hard to replicate
 * markdown is not standardized and output varies according to the
   implementation

the docs were converted with Pandoc, using the following commands:

    mkdir oper-guide
    for source in sgml/oper-guide/*.sgml; do
        pandoc --toc -s -f docbook -t rst $source -o oper-guide/$(basename $source .sgml).rst
    done
    cd oper-guide
    sphinx-quickstart
    git add *.rst make.bat conf.py
    git add -f Makefile
    git rm -r ../sgml
2017-03-25 10:51:01 -04:00
Aaron Jones
6fa52d140c
Charybdis 3.5.5 2017-03-01 01:08:58 +00:00
Aaron Jones
d8df3c90de
GNUTLS: Log why fingerprint generation fails
This is rudimentary but at least 1 other backend logs why too.
2017-03-01 01:06:57 +00:00
Aaron Jones
5d8a480305
GNUTLS: Don't use VERS-TLS-ALL
It causes problems with older versions of the library.
2017-02-28 22:51:51 +00:00
Aaron Jones
b012874243 Merge pull request #238 from anarcat/gnutls-cert-count
properly call gnutls_x509_crt_list_import
2017-02-28 22:44:35 +00:00
Antoine Beaupré
9f21f1b353
properly call gnutls_x509_crt_list_import
the [manpage][] says:

>  unsigned int * cert_max
>      Initially must hold the maximum number of certs. It will be updated
>      with the number of certs available.

ratbox doesn't actually initialize that variable, so gnutls naturally
fails. i would also recommend considering dynamically allocating the
cert list to deal with that error in other ways than failing to
configured SSL completely in GnuTLS. the apache gnutls module has a
similar problem and came up with a [patch][] to do exactly this which
you may want to consider.

but since our cert chain is only (!) 5 certs long, our itched is
scratch by this particular patch.

[manpage]: https://manpages.debian.org/jessie/gnutls-doc/gnutls_x509_crt_list_import.3.en.html
[patch]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511573#35
2017-02-28 17:36:56 -05:00
Aaron Jones
9bd8c1c0dc
Charybdis 3.5.4 2017-02-28 21:28:20 +00:00
Simon Arlott
b04acc54ac
CREDITS: fix my nickname and update my email address 2017-01-06 21:51:05 +00:00
Aaron Jones
5633e89376
MbedTLS: Disable TLSv1.0 2016-12-30 18:00:45 +00:00
Aaron Jones
e140ba71d6
OpenSSL: Disable TLSv1.0 2016-12-30 18:00:43 +00:00
Aaron Jones
6bcfd29624
GNUTLS: Provide a default priority string, disable TLSv1.0 in it
The user can still override this choice with the ssl_cipher_list option
in ircd.conf -- this is the only backend that will allow you to do so.
2016-12-30 18:00:41 +00:00
Keith Buck
4574e77f43 extensions/extb_channel: Allow matching secret channels.
This change modifies extb_channel to allow matching users in secret
channels, which prevents trivial ban evasion by setting the target
channel +s. Information leak due to this change is unlikely since the
attacker would have to know that the target channel exists, the name of
the channel (or guess it), have a specific user they wanted to know
whether was in the channel (and not know already), and the target user
would need to have something like autojoin-on-invite enabled (or any of
the other various ways hostname cloaking is attacked).
2016-12-29 05:44:18 +00:00
Aaron Jones
db05a36210
MODRESTART: Defer restart to the event loop
When a remote MODRESTART command is received, it will pass through the
ENCAP module. The ms_encap function is responsible for dispatching the
command handler and then the modules will eventually be reloaded.

However, if the ENCAP module is reloaded to a different address, the
stack now contains the address of a function that no longer exists.

Return immediately from the command handler and have the event loop
call the function responsible for reloading the modules instead.

Reported-by: mniip (Freenode)
2016-12-28 20:15:39 +00:00
Aaron Jones
9cdd7270f9
mkpasswd: avoid strdup(NULL) and the like if rb_crypt() fails 2016-12-20 03:54:08 +00:00
Keith Buck
a91a4515c9 mr_server: Handle certificate validation errors.
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
2016-12-09 10:01:22 +00:00
Keith Buck
5fd7e2bb8c m_rehash: Require admin privileges for REHASH SSLD.
This change enforces admin privileges for the REHASH SSLD command, as
originally intended.
2016-12-04 22:03:34 +00:00
Simon Arlott
598a7d3b7e mr_server: Report certificate fingerprint mismatches
Log the received certificate fingerprint when it causes a server to be
rejected.
2016-12-04 21:49:59 +00:00
Simon Arlott
8d0153ff55 mr_server: Handle unknown error codes
As mr_server is a module, it could potentially receive an unknown
error code from check_server().
2016-12-04 21:45:16 +00:00
Simon Arlott
0264fe161f sslproc: don't send updated config to dead/shutdown sslds
They might be running older versions of the SSL library that
doesn't support the key type or ciphers being configured.
2016-12-04 21:40:08 +00:00
Simon Arlott
9c98c1f866 ircd: add missing sslproc function ssld_foreach_info()
Iterate through the ssl daemons and report their status.
2016-12-04 21:25:41 +00:00
Simon Arlott
d4b074a771 ircd: support restarting ssld processes
Add REHASH SSLD (admins only) that starts new sslds and marks the
existing ones as inactive until all their clients disconnect.

Very useful whenever the SSL library has a vulnerability because
new connections can use a new version of the library without
disconnecting existing clients/servers.

Add STATS S (admins only) to list ssld processes, status, and client
count.
2016-12-04 21:24:56 +00:00
Aaron Jones
e386d7f362
reference.conf: missed a line
(see previous commit) [ci skip]
2016-12-01 05:15:30 +00:00
Aaron Jones
2815967598
reference.conf: simplify SPKI fingerprint generation commands
[ci skip]
2016-12-01 05:08:15 +00:00
Aaron Jones
256e6fd251
reference.conf: Use proper IPv6 RFC Documentation Range Subnet
[ci skip]
2016-11-27 20:50:20 +00:00
Simon Arlott
65b9b1d06d
server_estab: don't try to send to a dead client
If the zlib setup fails the client will be exited, so don't send
to it before checking this.
2016-11-20 21:43:58 +00:00
Simon Arlott
aaf6039eea
listener: use exit_client instead of free_client
As well as leaking a connid and leaving the connection open,
these calls to free_client() leave the client in the unknown_list
causing check_unknowns_list() to crash when either ptr->data
(ptr being the freed client_p->localClient->tnode) is NULL or
when client_p->localClient is NULL.

Flag the client as an IO error so that we don't try to send it
any data (as this is not a normal plaintext connection).
2016-11-20 21:43:44 +00:00
Aaron Jones
785df805d7
reference.conf: bump the recommended digest algorithm from SHA-1 to SHA2-256
ircd.conf.example still has SHA-1 for the people who want to quickly deploy
by renaming that file and adjusting as appropriate.
2016-11-15 12:34:49 +00:00
Aaron Jones
2afd965b21
TLS: Partially backport the SubjectPublicKeyInfo digesting functionality
This backports the code responsible for SPKI digests from release/4.

It also adjusts doc/reference.conf to note that SPKI digests are now
supported, and how to generate them. It does NOT backport the mkfingerprint
program -- the instructions in reference.conf are sufficient. I am ofcourse
open to anyone else backporting the program, but I don't see the need.
2016-11-15 12:30:09 +00:00
Aaron Jones
0a9598655c
TLS backends: Move some library-dependent functions to the proper location
The comment incorrectly stated these were library-agnostic; infact, they
use library-dependent data types or macro names.
2016-11-15 12:11:12 +00:00