Commit graph

747 commits

Author SHA1 Message Date
Simon Arlott
762468f85d
authd: wait until the ssl connection is "open" before reading
It's useful to allow authd to run in parallel with ssl negotiation,
but if the ssld connection has plaintext data ready for reading
there's a race condition between authd calling read_packet() and
ssl_process_certfp() storing the certificate fingerprint. This
scenario would be bad for a server connecting because fingerprint
verification will fail.

Allow either operation to complete first, but wait until
ssl_process_open_fd() calls the ssl open callback before calling
read_packet().
2016-04-25 21:43:21 +01:00
Simon Arlott
53789fddda
sslproc: simplify ssl open callback
Don't use the librb callback type as we're always passing client_p.

Provide a return value so that the connect handler can exit_client()
and the accept handler can opt to use the default dead handler.
2016-04-25 21:12:44 +01:00
Simon Arlott
f7b0c4b3d8
sslproc: use global ServerInfo configuration
There's no need to pass information around that sslproc already has access
to, so use ServerInfo directly. Remove the extra NULL checks as these are
already performed before setting ircd_ssl_ok = true.
2016-04-25 19:20:45 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.

Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.

Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
3085734104
m_stats: display certificate fingerprint in STATS C 2016-04-24 01:06:51 +01:00
Elizabeth Myers
7445ece1d1
Revert "Implement the netsplit batch type."
This needs more work, see
https://github.com/ircv3/ircv3-specifications/issues/253

This reverts commit 2373891299.
2016-04-16 11:05:00 -05:00
Elizabeth Myers
2373891299
Implement the netsplit batch type.
This also lays the groundwork for the netjoin batch type, but that isn't
implemented yet. I don't like how some of this is implemented but it'll
have to do for now...

Compile tested, needs more testing.
2016-04-15 16:50:43 -05:00
Elizabeth Myers
4f2b9a4fd1
Don't use key member of dictionary iter objects after deletion 2016-04-12 09:43:50 -05:00
Elizabeth Myers
5e9a3f8674
Change the way authd configures opm
It's a bit of a hack, but better than before. Rather than rehashing
(which could get us into an endless loop), we now segregate the
configuration phase (creating entries ircd-side in case we restart authd
later) and sending phases (when configure_authd() is called). Since we
have to call configure_authd() no matter what (to send timeouts etc.)
and we have to send this data to configure authd anyway, and sending
duplicate data is bad, this is the only way I can think of for now.
2016-04-12 09:36:09 -05:00
Mantas Mikulėnas
9d07a42d7a
m_sasl: rate-limit SASL REAUTH usage 2016-04-11 21:45:10 +03:00
Mantas Mikulėnas
37289346cd
m_sasl: temporarily reject clients after many failed attempts 2016-04-11 20:02:09 +03:00
Elizabeth Myers
ce58d2dc61 Remove extraneous whitespace [ci skip] 2016-04-10 09:23:14 -05:00
Elizabeth Myers
154dc91ef0 Wrap up authd preclient stuff in its own struct 2016-04-10 09:20:51 -05:00
Elizabeth Myers
4eafa9e62f ipv4_from_ipv6: move to librb 2016-04-08 03:49:23 -05:00
Elizabeth Myers
5a22e9259b Fix overzealotry in flags fixing.
These flags are for oper confs, not for client flags.
2016-04-07 07:48:50 -05:00
Elizabeth Myers
66f7fe673b Get rid of flags2.
It seems to come from an era where long long didn't exist and 64-bit
machines weren't common. 32-bit machines are still common but I can't
imagine this will have much performance impact there.

This "fixes" #179 in title only, but see comments within.
2016-04-07 07:40:55 -05:00
Elizabeth Myers
9057170ce8 Cleanup defaults.h config file.
Clean up spaces/tabs mixing mess (bleh), add some defaults for authd
stuff, and get rid of CHARYBDIS_SOMAXCONN (just define SOMAXCONN if it's
available...).
2016-04-07 04:47:48 -05:00
Elizabeth Myers
78946542bb modules: move module loading/unloading commands to dedicated module.
There's no reason to really have these in the main ircd anymore, static
modules are dead and aren't coming back.

To ensure people don't do something hopelessly retarded, this is a core
module.
2016-04-07 04:00:25 -05:00
Elizabeth Myers
999c42bad8 Remove useless alias_entry hits member 2016-04-06 11:47:13 -05:00
Elizabeth Myers
a559032938 Partially update a comment 2016-04-06 07:28:30 -05:00
Elizabeth Myers
d4fdeec0d8 s_conf: s_bsd's been gone for a long time... lol 2016-04-06 06:48:59 -05:00
Elizabeth Myers
2575a78b0e Add hook for when rehash is called.
This will be used by the future alias module.
2016-04-06 05:43:54 -05:00
Elizabeth Myers
aa483e55bd bool-ify modules stuff 2016-04-03 01:51:45 -05:00
Elizabeth Myers
3d2fc110e3 authproc: add more API's for opm management 2016-04-02 19:45:27 -05:00
Elizabeth Myers
64fae2607a Rename authd.[ch] on ircd side to authproc.[ch] to prevent shadowing. 2016-04-02 16:44:04 -05:00
Elizabeth Myers
6d0fafec99 authd: minor cleanups 2016-04-02 04:51:11 -05:00
William Pitcock
c53ca1e029 ircd: integrate ircd side of wsockd support 2016-04-02 02:56:22 -05:00
Elizabeth Myers
fbe8d087e7 Add exempt logic for open proxies 2016-04-02 02:42:11 -05:00
Elizabeth Myers
51fa2ab8a3 opm: allow scanners to be configurable 2016-04-02 02:29:48 -05:00
Elizabeth Myers
b1a577f224 ircd/authd: cleanups 2016-04-02 01:05:21 -05:00
Elizabeth Myers
34f16c467d authd: fix API boo boo 2016-04-01 02:56:03 -05:00
Elizabeth Myers
4f6119cd40 authd: add API for setting OPM listeners 2016-04-01 02:43:01 -05:00
Elizabeth Myers
7ad083b065 logger: add idebug
This only does something if debugging is enabled.
2016-03-28 19:06:31 -05:00
Elizabeth Myers
7b4d1de38d Merge branch 'master' into authd-framework 2016-03-28 14:44:47 -05:00
Elizabeth Myers
ad04380360 ircd/authd: respect auth_disabled config option 2016-03-28 02:42:20 -05:00
Elizabeth Myers
d3f6b80867 Replace s_auth/blacklist stuff with authd calls
This also does a lot of surgery on the conf system to reconfigure authd.

/!\ WARNING! ACHTUNG! ADVERTENCIA! ATTENTION! AVVERTIMENTO! /!\
This code has not been run-time tested yet (though it compiles)!
2016-03-28 02:11:16 -05:00
Matt Ullman
33d43d4fa4 ircd: Move signaled variables to volatile sig_atomic_t 2016-03-27 20:05:38 -04:00
Matt Ullman
aa7eff28f2 hash.c: Save some more bytes 2016-03-27 06:29:10 -04:00
William Pitcock
de7cf7e009 ircd: client: substantially rework the connid registry system
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
2016-03-25 19:50:29 -05:00
William Pitcock
4d8cfacd95 ircd: start staging for relocatable paths 2016-03-24 18:45:28 -05:00
Matt Ullman
a383180a0a chmode: Move add_id() to a boolean 2016-03-24 14:37:52 -04:00
Matt Ullman
3b9507d0e9 channel: Move flood_attack_channel() to a boolean 2016-03-24 02:25:26 -04:00
Matt Ullman
3a46803fef channel: Move check_channel_name() to a boolean 2016-03-24 01:54:39 -04:00
Matt Ullman
2e45f5d808 Cleanup more BSD-isms 2016-03-23 22:37:52 -04:00
Matt Ullman
4b11f39115 Move away from BSD data types 2016-03-23 19:11:42 -04:00
Elizabeth Myers
79435744c7 common.h: raison d'être is gone, so out it goes.
Fold whatever was left into ircd_defs.h
2016-03-23 09:33:56 -05:00
Elizabeth Myers
82236a2a65 IRCD_BUFSIZE is redundant with BUFSIZE, so kill it. 2016-03-23 09:22:55 -05:00
Elizabeth Myers
affc871dcb common: don't even attempt to define NULL.
stddef.h includes it, ISO C mandates NULL be in it, and if any platforms
don't have it, *tough shit*.
2016-03-23 09:13:31 -05:00
Elizabeth Myers
ab31d2b07e Send YES/NO to Davy Jones's Locker. 2016-03-23 08:52:32 -05:00