Commit graph

2578 commits

Author SHA1 Message Date
William Pitcock
3a48406b55 cap: fix compile 2015-02-15 17:40:20 -06:00
William Pitcock
ef3ab8e3a5 cap: allow clients to do sasl reauth if they requested sasl and sasl-reauth (ref ircv3/ircv3#103). 2015-02-15 17:11:28 -06:00
William Pitcock
0044d40050 cap: add notion of required dependency caps 2015-02-15 17:11:28 -06:00
William Pitcock
ce14240a02 Merge pull request #83 from maxteufel/feature/saslserv_config_option
m_sasl: add configuration option for the nick of the SASL agent
2015-02-14 15:23:00 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Jilles Tjoelker
f51b72de97 Ignore duplicate USER and PASS.
If SASL starts using USER/PASS for unregistered clients, this change stops
users from using one USER/PASS for SASL while using another for connecting.
2015-02-13 23:07:02 +01:00
Mantas Mikulėnas
a3fa9d81a2 m_sasl: send information about the client connection 2015-02-13 22:38:24 +02:00
William Pitcock
9299ce1371 Merge pull request #81 from attilamolnar/master+openssl
openssl: Disable session tickets and session caching
2015-02-09 14:59:56 -06:00
Attila Molnar
989652e7a8 openssl: Disable session caching 2015-02-09 21:19:09 +01:00
Attila Molnar
6b6a579925 openssl: Disable session tickets 2015-02-09 21:18:32 +01:00
William Pitcock
bc75c3ae0e fix target list generation edge case where WALLCHOPS was requested alongside normal users if the source user was not a channel op.
from ircd-hybrid r5457
2015-02-09 11:16:06 -06:00
Jilles Tjoelker
22e4a9bc2b Merge branch 'master+sjoin-deadcode' of https://github.com/attilamolnar/charybdis 2015-01-30 17:54:13 +01:00
Attila Molnar
407094721c SJOIN: Remove some dead code 2015-01-30 14:42:08 +01:00
Jilles Tjoelker
e9f86e320e introduce_client(): Remove redundant check for sockhost starting with colon.
Other code (inet_ntop6() in libratbox/src/commio.c and
extensions/m_webirc.c) ensures the sockhost does not start with a colon.
Checking only here does not make sense.

Reported by:	Attila
2015-01-25 22:11:16 +01:00
Jilles Tjoelker
3881a3ce5d Don't append a domain to names without dot from reverse lookup.
Some code to append "domain" from /etc/resolv.conf to unqualified names (for
server connections) erroneously applied to names from reverse DNS lookups as
well.

The effect was that "domain" from /etc/resolv.conf was appended to
"localhost", even though the DNS server intended "localhost" to be a fully
qualified name.
2015-01-16 23:23:56 +01:00
Aaron Jones
3c80b42532 Allow clients to have a resolved hostname of localhost
I slightly changed the patch to match surrounding style.

(cherry picked from commit 0b06270fd6266c85d19e008efcd039605daf59d0)
2015-01-16 21:38:42 +01:00
Jilles Tjoelker
74b2fb72db pretty_mask(): Stop temporarily modifying the passed mask entirely. 2015-01-15 23:45:02 +01:00
Jilles Tjoelker
f4e893b515 pretty_mask(): Use explicit lengths instead of temporarily writing '\0'.
This is slightly simpler and should fix Coverity warnings.
2015-01-15 23:38:50 +01:00
Jilles Tjoelker
7db54a1f97 libratbox: Fix sizeof in two memsets.
This fixes a compiler warning. The necessary fields of the struct sigevent
were initialized so there was no problem.

Submitted by:	Aaron (via IRC)
Reviewed by:	Attila
2015-01-15 23:38:50 +01:00
Jilles Tjoelker
1c864688bb linebuf: Fix possible memory corruption when receiving many CR/LF.
The last byte of balloc.c's block pointer could be changed from 10 or 13 to
0. On amd64, this is not possible. On i386, this is possible and usually
causes a crash soon.
2014-11-05 21:42:35 +01:00
William Pitcock
5d4a99540b Merge pull request #73 from Argure/master
Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might break TLS-ca...
2014-11-05 04:52:50 -06:00
William Pitcock
070d8da8eb Merge pull request #75 from attilamolnar/master+nullcharfix
Fix sending null char after ERROR when the server is full
2014-11-04 23:26:40 -06:00
Attila Molnar
76d82c19ad Fix sending null char after ERROR when the server is full 2014-11-04 21:57:37 +01:00
Patrick Godschalk
d072eb2350 Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might break TLS-capable clients that still depend on SSLv23 handshake 2014-10-26 13:15:30 +01:00
Jilles Tjoelker
2a17ae5483 ban: Fix build breakage.
A normal 'make' did not rebuild m_ban.c even though dependencies had
changed.
2014-09-21 18:28:24 +02:00
Jilles Tjoelker
36e50ccfa5 tools: Remove Hybrid 6 conversion tools.
Hybrid 6 is old enough that the conversion tools can go away now.
They are for I and K lines; the ircd.conf converter was already removed.

This removes compiler/analyzer warnings about these tools.
2014-09-21 18:20:39 +02:00
Jilles Tjoelker
624d779127 bandb: Don't apply empty ban list when bandb starts sending bans.
When bandb sends the ban list, it first sends 'C', then all bans and
finally 'F'. Only when 'F' is sent is ircd supposed to apply the bans.
Because of a missing break, 'C' also did 'F', clearing the ircd active
permanent bans until bandb sent 'F'.

The effect is pretty limited because having bandb send the ban list via
/rehash bans is uncommon and most bans will be enforced when reset.
2014-09-21 18:09:18 +02:00
Jilles Tjoelker
8c04f89623 libratbox: Add comment that case fallthrough is deliberate. 2014-09-21 17:44:34 +02:00
Jilles Tjoelker
367f61444a Gitignore vim swap files. 2014-09-21 16:58:06 +02:00
Jilles Tjoelker
5f1db61bdf server: Don't read beyond the bounds of ServerInfo.ip and ServerInfo.ip6. 2014-09-21 16:57:38 +02:00
Jilles Tjoelker
dc336d1a63 server: Remove two dead stores. 2014-09-21 15:16:56 +02:00
Jilles Tjoelker
483987a464 Explicitly pass the current time to deactivate_conf().
Some places depend on the ban not being destroyed.
2014-09-21 15:02:43 +02:00
Jilles Tjoelker
2196b1825d Fix crash when there are two blacklist hosts without intervening reason.
This is invalid configuration; the first host is supposed to be ignored.
2014-09-21 14:42:14 +02:00
William Pitcock
ed5d7eb122 Merge pull request #70 from grobe0ba/master
Remove incorrect comment regarding location of functions in src/modules.c
2014-09-09 10:19:35 -05:00
Byron Grobe
e8d7921a08 Removed comment from src/modules.c that states certain function were moved into a file that no longer exists. (Circa ~2002) 2014-09-09 08:13:42 +00:00
Mantas Mikulėnas
423d875b7f doc/sasl.txt: forgot to wrap lines and sort references 2014-09-08 22:37:40 +03:00
Mantas Mikulėnas
f3319b3b2e doc/sasl.txt: drop dead links, add links to IRCv3 spec and relevant SASL RFCs 2014-09-08 22:27:36 +03:00
Jilles Tjoelker
aea6c4f9e6 chmode: Check mlock when a local oper changes cmode +L/+P.
This check was erroneously removed when fixing /mode #channel f when +f is
mlocked. Mlock checks were restricted to the places requiring chanops
(other than viewing +eI lists); cmode +L/+P do not require chanops, but
still constitute a mode change that must be checked against mlock.
2014-08-18 00:26:38 +02:00
Keith Buck
8db50c03e6 BAN: Don't schedule check_klines for 0 seconds in the future.
When receiving bans from a bursting server, if kline_delay is set to 0
(the default), rb_event_addonce will be called to schedule an event for
0 seconds in the future. While this works fine for the fallback
rb_event_run function, the epoll implementation ends up scheduling a
timerfd for the event in the past, which is then never executed.

While fixing this, I also made rb_event_add and rb_event_addonce reject
attempts to add events scheduled for 0 seconds in the future; they're
instead rewritten to run 1 second in the future.
2014-08-17 09:06:01 +00:00
Jilles Tjoelker
1c38b9def0 Update 3.5 NEWS. 2014-08-15 22:38:56 +02:00
Jilles Tjoelker
b733b9faf4 SJOIN: Fix crash when both mode parameter and UID list are missing.
Closes #63
2014-08-15 17:10:24 +02:00
Jilles Tjoelker
dfbf41a0ab conf: Make channel::channel_target_change option actually work.
Channel target change was forcibly enabled.
2014-08-08 11:57:09 +02:00
Jilles Tjoelker
3bfac098f7 extensions/extb_channel: Allow the channel itself as target even if +s/+p. 2014-07-19 20:14:14 +02:00
Jilles Tjoelker
83aa910fb9 extensions/chm_sslonly: Use some 4xx numeric for the join failure. 2014-07-19 20:14:14 +02:00
Rylee Fowler
c1ca217a03 Merge pull request #64 from maxanton/fix_path_to_ssl_cert
example configs: change ssl_cert to etc/ssl.pem
2014-07-13 16:31:04 -04:00
Max Teufel
b3c4dfd7f2 example configs: change ssl_cert to etc/ssl.pem
The genssl script writes to etc/ssl.pem by default.
2014-07-13 18:12:54 +02:00
Jilles Tjoelker
a7fa7fff0d smoketest: Remove race conditions causing occasional test failures. 2014-06-12 23:43:05 +02:00
Jilles Tjoelker
f6b62c59bb Chase change from example.conf to ircd.conf.example in various places. 2014-06-12 23:43:05 +02:00
Jilles Tjoelker
1db8e00714 configure: Rerun autoconf. 2014-06-05 22:12:29 +02:00
Jilles Tjoelker
6573fa4c74 configure: Restore libratbox build.
This fixes building from scratch.
2014-06-05 22:12:19 +02:00