We remove characters like ^ and ~ from the ident string after checking
if it's valid. If it consisted entirely of those, we'd try to send an
empty string to ircd, which would break the protocol, so don't let that
happen.
Currently the DNS resolver handles CNAME by skipping that record in the answer and looking for the subsequent A/AAAA/PTR record. There are other record types which could be handled in the same way, e.g. DNAME, but their presence currently causes the answer parsing to be abandoned. A better approach would be to skip *any* other record and just use the first A, AAAA or PTR in the answer, regardless of what comes before it.
This only supports two addresses as the intended use is 1 IPv4 and 1 IPv6
address on a single-homed host, and the only supported configuration of
outgoing connections to other servers is to bind a single IPv4 or IPv6
address.
Otherwise ident returns without setting itself running causing problems.
Move opm/blacklist before ident/rdns so that they can receive completion
notifications.
I run into this code even with a single kind of scanner with a single
port, so I'm not even sure how it thinks it already exists.
Perhaps it's being parsed twice, or something similar.
c.f. issue #229
If there are holes in the auth_providers ID numbers, the array allocated
based on list length won't be large enough to handle all the IDs.
(auth->data could be converted to a dlink_list)
* long is too small on 32-bit systems, use unsigned long long if we want
to check for out of range values
* UINT32_MAX is a valid cid, and 0 isn't
* make auth->cid a uint32_t not uint16_t
Iteration is the primary thing done on these, so using a dictionary
doesn't help a lot. Furthermore (and most importantly), they are not
safe to delete from.
It's a bit of a hack, but better than before. Rather than rehashing
(which could get us into an endless loop), we now segregate the
configuration phase (creating entries ircd-side in case we restart authd
later) and sending phases (when configure_authd() is called). Since we
have to call configure_authd() no matter what (to send timeouts etc.)
and we have to send this data to configure authd anyway, and sending
duplicate data is bad, this is the only way I can think of for now.