Commit graph

4119 commits

Author SHA1 Message Date
David Schultz
a445c2ed63 doc/connecting-servers: update example atheme protocol module
Atheme has had a protocol module designed specifically for Solanum for some time now that includes proper support for new IRCd features.
2023-05-15 17:50:58 -05:00
jonesman
e593329945 Add "automake" and "libtool" to the list of packages required for building 2023-02-21 15:45:16 -05:00
Doug Freed
4a47689a35 chmode: convert bants to a proper serial
This way it increments for every change. It need not be a timestamp, as
its actual value is not important.

This fixes an issue where a ban could be set, hit, and cleared all in
the same second, and the affected client would still be cached as banned
because the bants hadn't actually changed.
2023-01-23 04:27:25 -06:00
Doug Freed
2a64b1e5b9
um_callerid: increase hook priority to restore +Rg behavior
Before splitting things out into hooks, umode +Rg would only notify the
recipient if the sender satisfied +R. This restores that behavior by
making the +g hook happen after +R.
2023-01-18 17:21:30 -05:00
Aaron Jones
e02cc991bb ircd/authproc.c: avoid crash on lack of any configured DNSBLs
Fixes fbc97166a6
Closes #396
2023-01-11 21:31:50 +00:00
Aaron Jones
7285e5febf help/opers/: add HELP entry for DEHELPER 2023-01-11 05:37:11 +00:00
Aaron Jones
fbc97166a6
authd: fix crash/restart breaking DNSBL lookups (#394)
authd child processes are only told about configured DNSBLs when the
configuration is being parsed.

This is bad, because when authd crashes or is killed, IRCd will restart
it, but will not tell it about any configured DNSBLs until IRCd is next
rehashed.

We already have a dictionary that stores configured DNSBLs (for hit
statistics for `STATS n'), so store the additional needed fields in
that structure, and loop over that dictionary's entries when authd is
restarted, sending the fields just as if the configuration were being
reloaded.

Reported-By: @Unit193
2023-01-11 01:28:32 +00:00
Tobias Geerinckx-Rice
32d37a1660 strip_colour: Strip '\x11' (monospace) and '\x1e' (strikethrough)
Also clarify the comment: this function strips more than just colours.
2023-01-03 05:08:29 -06:00
Jess Porter
8e3239be2e
send RPL_LOGGEDIN to target_p upon ENCAP SU (#308) 2022-12-23 16:27:30 +00:00
JailBird
6f4dfd9c78 Remove the unused COMPRESSED flag and stats handler
- Null "compress" handler left as-is in newconf.c
2022-12-22 16:23:00 -06:00
Stephen Bennett
f26681c735 Don't crash on receiving GRANT from a server 2022-11-22 03:33:35 -06:00
JailBird
ab9f279a1d ssld: Remove unused zlib_ok variable 2022-11-09 18:14:41 -06:00
JailBird
21cc31f4e5 SET SPANNUM: Fix incorrect > 0 check to be >= 0 2022-11-09 17:56:15 -06:00
Jess Porter
3a4efe9081
CHGHOST when only case changes (#384) 2022-11-09 23:33:07 +00:00
Aaron Jones
63ee10379c
timeout_dead_authd_clients(): fix memory leak and order of operations (#385)
Ensure we deallocate the nodes created by the first loop, and zero out
the authd data after removing them from the authd clients dict.

The authd_abort_client() function already does the latter, so just call
that instead of authd_free_client().
2022-11-06 08:14:15 +00:00
Stephen Bennett
ed775e9bb4
Make auto-accept on message conditional on oper:always_message, not oper:general. This updates the test to match current behaviour of +g 2022-11-03 14:43:59 +00:00
Tobias Geerinckx-Rice
d03347cbb6 Note that messages caught in +g/+G are discarded 2022-10-26 14:08:07 -04:00
Doug Freed
7cd188a91f ircd.conf.example: reference.conf: fix invalid line wrapping 2022-10-26 12:45:49 -04:00
Aaron Jones
1548c14021
extensions/umode_hide_idle_time: mask times for hidden sources (#373)
If the user performing a WHOIS has hidden their idle time (is umode +I),
also prevent them from seeing other user's idle times, even if said users
are not themselves umode +I.

Suggested-by: @Unit193
2022-10-21 08:01:41 +00:00
Doug Freed
33822550e5 librb/helper: pass our fd limit to the child
Instead of arbitrarily limiting it to 256.  This avoids an issue with 
busy authds "running out" of fds because librb says no more.
2022-10-21 03:04:09 -04:00
Unit 193
f085388a74 Unify helper snotes and make netwide. 2022-10-21 03:00:22 -04:00
Ed Kellett
06c5309534 m_sasl: Remove implicit abort on registration
This doesn't make sense in a world where post-registration SASL is
allowed, and should fix one case of an annoying login desync that's seen
in the real world.

Specifically, when a client sends its final AUTHENTICATE and Atheme
receives it, it sends an SVSLOGIN for that client. If the client sends
us its CAP END *before* we see the SVSLOGIN, the implicit abort will try
to abort the SASL session that's already succeeded.

Atheme interprets this as an instruction to forget about the successful
SASL session; you'll connect unidentified. But it's already sent
SVSLOGIN, which will log the client in ircd-side, causing ircd and
services views to differ until the user authenticates again manually.

I think allowing a SASL session to be aborted when it has already
succeeded is an Atheme bug, and it can still be triggered without this
change. But our behaviour here seems silly anyway.
2022-10-06 17:06:28 -04:00
Jess Porter
687f290a6c
make some authd warnings L_NETWIDE 2022-10-03 20:00:21 +01:00
Doug Freed
cd219040a7
help/cmode: correct chm_regmsg help 2022-10-02 19:34:42 -04:00
David Schultz
0ea108fcee chm_regmsg: fix typo in description 2022-10-02 19:00:16 -04:00
David Schultz
6a0074bfaa add help for chm_regmsg 2022-10-02 19:00:16 -04:00
Stephen Bennett
8d67f0605c Make +R play nicely with +z 2022-10-01 17:04:25 -04:00
hello-smile6
5206a066f2
Add semicolon to fix a compile error in librb/src/arc4random.c 2022-09-30 18:27:26 +01:00
Jess Porter
00ba30c175
Add oper:free_target (#374)
Co-authored-by: Ed Kellett <e@kellett.im>
2022-09-26 19:50:11 +01:00
vulpine
1f8c7ce5ca remove old reference to the unsupported directory
the unsupported directory was removed by charybdis a while ago
2022-09-26 00:47:33 -04:00
David Schultz
01fb744c40
Add umode +I to allow users to hide their idle time (#220) 2022-08-30 16:49:43 -04:00
jailbird777
1e7fd14296 Remove missed Winsock2 check 2022-08-26 18:58:49 -04:00
jailbird777
3c586ccf3e
Remove ancient portability code (#361)
Remove portability code for systems that don't follow at least SUSv3.
This fairly closely aligns with ISO C99, which solanum already requires.
2022-08-24 20:53:52 -04:00
jailbird777
8e9a741832 OpenSSL 3.0 compatibility
Edited by @aaronmdjones:

- Correct some data types and casts

- Minor style fixups (e.g. we put * on the variable name not the type)

- librb/src/openssl.c:

  - Defer call of BIO_free(3ssl) to the end of the conditional block
    to avoid having calls to it in multiple paths

  - Check the return value of SSL_CTX_set0_tmp_dh_pkey(3ssl) because if
    it fails then we must use EVP_PKEY_free(3ssl) to avoid a memory leak

    This could fail if, for example, the user supplied DSA parameters
    in the DH parameters file instead.

- ircd/newconf.c:

  - Check whether OSSL_DECODER_CTX_new_for_pkey(3ssl) was able to parse
    the given CHALLANGE public key as a valid RSA public key, and then
    check whether OSSL_DECODER_from_bio(3ssl) actually loads it
    successfully

- ircd/s_newconf.c:

  - Use EVP_PKEY_free(3ssl) instead of OPENSSL_free(3ssl) on EVP_PKEY
    pointers; this will avoid inadvertent memory leaks if the EVP_PKEY
    structure contains any dynamically-allocated child members

- modules/m_challenge.c:

  - Unconditionally use EVP(3ssl) to generate the SHA-1 digest of the
    random challenge; this API has been around for a very long time and
    is available in all supported versions of OpenSSL

  - Add lots of error checking to all steps of the process

Tested against 1.1.1 and 3.0; both with missing and provided DH parameters
(which works as you'd expect; the server will not negotiate a DHE cipher
without them), and CHALLENGE, including missing keys or keys of the wrong
type (e.g. when you supply an EdDSA key instead of an RSA key).

This does break compatibility with OpenSSL 1.1.0 and below, which are now
all end-of-life and unsupported anyway.

Closes #357
2022-08-25 00:36:47 +00:00
Doug Freed
689afc7c51 m_stats: z: remove unnecessary casting and fix format strings 2022-08-24 20:31:08 -04:00
Doug Freed
7c5b4dbba7 m_stats: z: restore total memory display 2022-08-24 20:31:08 -04:00
Aaron Jones
ae510cce12 librb/src/crypt.c: rb_sha*_crypt_r: avoid UB pointer math
This code is doing (foo - (char*)0) to convert foo from a pointer
value into a numeric value. Unfortunately, this is undefined
behaviour, which clang-14 is now warning about [1].

Cast to uintptr_t instead. Same result, but well-defined.

[1] cf. commit 0302f1532b
2022-08-24 20:03:22 -04:00
Doug Freed
0302f1532b CI: Modernize 2022-08-24 19:38:32 -04:00
jailbird777
c8025927ae Fix assert = hard assignments
The spaces surrounding the = is bad syntax, which causes the shell to try to
execute 'assert'.

Granted, all of this is just cosmetic, as the only use of $assert seems to be
in the echo at the end of the configure run.
2022-08-24 18:15:43 -04:00
jailbird777
1b64bfa05e Fix SCTP support on FreeBSD & NetBSD
Unlike Linux, Solaris, and Illumos (and probably others), the 2 BSDs that still
support SCTP didn't put SCTP into its own library, they put it into libc.

They, unlike Linux, don't set SOL_SCTP for us. The official method appears to
be calling getprotobyname("sctp") & endprotoent(), with getprotobyname()
returning a struct that has a p_proto entry. This all reads from
/etc/protocols. However, SCTP is assigned 132 by IANA, so it's 132 everywhere,
so I just set SOL_SCTP to 132 if it's not already set.
2022-08-24 18:02:12 -04:00
Doug Freed
b951e21b5d um_regonlymsg: prevent unregistered users from NOTICEing +R users too 2022-08-24 17:16:39 -04:00
Jess Porter
fdd8cad93f
EBMASK capab, to burst BMASK metadata (#354) 2022-08-20 01:35:54 +01:00
Jess Porter
a5192806a9
send "End of burst" snote to L_NETWIDE (#356) 2022-08-19 03:17:05 +01:00
Doug Freed
860187d028 chm_regmsg: don't duplicate nick in 415
sendto_one_numeric already includes the nick, so there's no need to 
duplicate it. OFTC does not.
2022-07-11 23:35:25 -04:00
Aaron Jones
a6b99c07d1
serv_connect(): ensure both sa_bind[]/sa_connect[] are always populated (#352)
Due to [1], linking with SCTP sometimes does not multi-home correctly.
This is triggered by the rand() on the lines immediately above these.

The connect{} blocks already support an `aftype` parameter to instruct
IRCd to prefer IPv4 or IPv6. This commit additionally ensures that the
other structure is always populated with the other address (if any) if
this parameter is specified.

This will allow SCTP server-linking users to work around the bug and
ensure that it always multi-homes by setting `connect::aftype` to IPv4.
Without this commit, that would cause Solanum to not include the IPv6
addresses (if any) in the connect block in its SCTP setup.

If there isn't a valid IP address in the other sockaddr, this should be
of no consequence, because it will not be used by rb_connect_tcp(), and
both rb_connect_sctp() and rb_sctp_bindx_only() already verify that
there is a valid IP address in the sockaddr before making use of it.

[1] https://marc.info/?l=linux-sctp&m=165684809726472&w=2
2022-07-05 06:01:26 +00:00
Matthew Martin
5c01fc8bd7 Cast time_t to long long when printing 2022-07-01 03:43:36 -04:00
Jess Porter
12cee8ab78
global masktrace doesn't need to be an operspy action 2022-07-01 00:07:02 +01:00
Jess Porter
9d2e66c08d
ERROR instead of NOTICE for failed WEBIRC 2022-07-01 00:02:53 +01:00
Jess Porter
5a3e99829a
refuse opers setting an invalidly long k-line reason 2022-06-30 23:59:17 +01:00
Aaron Jones
3fdf26aa19 ircd/listener: return a TLS record layer alert to D-Lined TLS clients 2022-06-30 18:55:41 -04:00