This is in furtherance of commit 3fdf26aa19 which added
functionality to reply with a TLS record layer alert for D-Lined TLS
clients. It turns out that there are other plaintext error messages
in this same function that should receive the same treatment.
Also move another error string to a variable and use a compile-time
optimised-out strlen for it too, to use the same approach as an
existing error string.
Finally, use a different alert (internal_error) for the case where
IRCd is simply unable to accept more connections.
This allows reusing this function for other uses that just need to
remove this client from others' accept lists on nick change and not have
duplicates of this code everywhere
The snotice sent to other opers can be misleading. For example, it will say
host mismatch even if the host is correct but the username is wrong, or if
the oper name given does not exist in the configuration.
The snotice sent to other opers can be misleading. For example, it will say
host mismatch even if the host is correct but the username is wrong, or if
the oper name given does not exist in the configuration.
Fixes crash introduced by 0ab6dbbc65. It's
probably a regression since it defeats a system designed to stop this
from happening, but I didn't dig through the history.
rehash() closes listeners. If we happen to get a single epoll() result
that wants to first rehash and then accept a connection, the epoll info
will point to a freed rb_fde_t. Other selectors should have similar
problems, but we didn't investigate that.
rb_fde_ts are normally batched up and freed outside the event
processing, but as of the above commit close_listeners() screws that up
by closing pending FDs immediately in order to create new listeners.
I think it might be a bit better to revert this behaviour and simply not
close listeners if we are going to open new ones over them, but have
opted for the smallest reasonable change I can think of.
Helped-by: Eric Mertens <emertens@gmail.com>
This commit returns $x's old behavior as long as the mask does not
contain a #, otherwise it uses the new behavior that supports
CIDR notation.
This fixes `$x:*badword*` not matching realnames containing "badword".
This allows explicitly loading a module in the config so it's available
for later config items that might need it, and skips the double load
when main loads all modules, which would cause errors
If main is called more than once (like in tests), everything is
reinitialized except the loaded module list and module paths, so clear
them too so that modules are loaded again and the path list is correct.
This allows a channel operator to set a channel ban such as
"$x:*!*@192.0.2.0/24#*web.libera.chat*" and have it function
as intended.
Closessolanum-ircd/solanum#26
* Add extension extb_guest
This module provides an extban type that acts as a normal ban but
only matches unidentified users.
* Document extban g in help/opers/extban
* extensions/extb_guest: support CIDR masks in $g extbans
This allows a channel operator to set a channel ban such as
"$g:*!*@192.0.2.0/24#*web.libera.chat*" and have it function
as intended.
---------
Co-authored-by: Aaron Jones <me@aaronmdjones.net>
This way it increments for every change. It need not be a timestamp, as
its actual value is not important.
This fixes an issue where a ban could be set, hit, and cleared all in
the same second, and the affected client would still be cached as banned
because the bants hadn't actually changed.
Before splitting things out into hooks, umode +Rg would only notify the
recipient if the sender satisfied +R. This restores that behavior by
making the +g hook happen after +R.
authd child processes are only told about configured DNSBLs when the
configuration is being parsed.
This is bad, because when authd crashes or is killed, IRCd will restart
it, but will not tell it about any configured DNSBLs until IRCd is next
rehashed.
We already have a dictionary that stores configured DNSBLs (for hit
statistics for `STATS n'), so store the additional needed fields in
that structure, and loop over that dictionary's entries when authd is
restarted, sending the fields just as if the configuration were being
reloaded.
Reported-By: @Unit193
Ensure we deallocate the nodes created by the first loop, and zero out
the authd data after removing them from the authd clients dict.
The authd_abort_client() function already does the latter, so just call
that instead of authd_free_client().
If the user performing a WHOIS has hidden their idle time (is umode +I),
also prevent them from seeing other user's idle times, even if said users
are not themselves umode +I.
Suggested-by: @Unit193