Commit graph

190 commits

Author SHA1 Message Date
Ed Kellett
6292d72bbf
Add hide_tkdline_duration to documentation .confs 2019-12-31 01:56:05 +00:00
Simon Arlott
912d118fa2
Merge branch 'check-one-kline' of https://github.com/edk0/charybdis into edk0-check-one-kline 2019-08-31 15:05:11 +01:00
Aaron Jones
e2a0687835
Correct OPM port configuration variables
[ci skip]
2019-07-07 19:35:58 +01:00
Ed Kellett
6ca9ff0ea1
Remove unused kline_delay config option 2019-04-27 14:53:04 +01:00
Aaron Jones
3cc262f006
doc/reference.conf: clarify that server link fingerprints aren't optional
[ci skip]
2017-11-04 07:41:54 +00:00
Aaron Jones
28f877462d
Documentation: Comment-out the OPM block and its options by default
The feature is not yet stable and is causing several issues.
2016-12-28 23:41:32 +00:00
Aaron Jones
a49b954f98
reference.conf: Use proper IPv6 RFC Documentation Range Subnet
[ci skip]
2016-11-27 20:51:06 +00:00
Aaron Jones
4381284e72
reference.conf: document that SPKI is supported in version 3.5 now 2016-11-15 12:36:01 +00:00
William Pitcock
087555a00f ircd: introduce 'no-export' links
Links that are 'no-export' are not distributed to the rest of the IRC network (including local peers).
This provides a core primitive for 'anycasting' services (but the actual issue of synchronizing data in
a services package is left to the authors of the services package).
2016-09-16 17:18:55 -05:00
Aaron Jones
6621472435
reference.conf: Document fingerprint generation
[ci skip]
2016-07-16 05:42:09 +00:00
William Pitcock
be2447b850 config: document websocket options 2016-05-14 17:24:20 -05:00
James Lu
cdc31cc55f doc: add extensions/chm_nonotice to example confs 2016-05-11 21:39:42 -07:00
Aaron Jones
9d6b870d7b
[Documentation] Increase bitlength recommendation for DH parameters
Also clarify the behaviour of TLS backends and the consequences for
not providing any parameters at all.

[ci skip]
2016-05-05 04:20:16 +00:00
Aaron Jones
70a70462e5
[Documentation] Reflect that ssl_private_key is now optional
[ci skip]
2016-05-05 04:20:07 +00:00
Simon Arlott
7380ded584
ircd.conf.example: use certfp_method = spki_sha256
SHA1 is insecure. SHA2-512 is a bit long. Hashes of the full certificate
are really impractical and people need to stop using them.
2016-04-25 23:52:18 +01:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT 2016-04-25 20:12:27 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.

Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.

Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Mantas Mikulėnas
3bb3dcf7f5
doc: fix whitespace in example configs [ci skip] 2016-04-23 17:57:07 +03:00
Elizabeth Myers
a2b7ef92a1 Make directions more clear for disabling OPM 2016-04-11 11:26:15 -05:00
Elizabeth Myers
cfb9253671 Update warnings in the opm default configs [ci skip] 2016-04-02 23:42:23 -05:00
Elizabeth Myers
4dbed1ed61 conf: in OPM, it's listen_port, not port. [ci skip] 2016-04-02 19:53:24 -05:00
Elizabeth Myers
eb0814b3cb opm: add support for HTTPS CONNECT proxies.
TBD: do we need an SSL listener for these?
2016-04-02 18:38:21 -05:00
Elizabeth Myers
0ed0a9fe0a Move m_locops module to extensions.
Many networks do not use local ops and therefore should not be required
to have this around all the time.
2016-04-02 05:20:30 -05:00
Elizabeth Myers
9bba0f6143 opm: add adjustable timeout values 2016-04-02 03:33:27 -05:00
Elizabeth Myers
fabe8b94c5 Add HTTP CONNECT proxy scanning 2016-04-02 03:11:30 -05:00
Elizabeth Myers
81a05933bf add proxy_exempt to conf files 2016-04-02 02:49:38 -05:00
Elizabeth Myers
51fa2ab8a3 opm: allow scanners to be configurable 2016-04-02 02:29:48 -05:00
Elizabeth Myers
8275e2700d Add opm stuff to default configs 2016-04-01 04:11:04 -05:00
Elizabeth Myers
f105844aad StaticBox is dead, so let's not reference it in the conf files. 2016-04-01 03:45:45 -05:00
Matt Ullman
5c0df0e743 doc: Cleanup trailing whitespace 2016-03-29 10:09:52 -04:00
Aaron Jones
ed2efe7664
Add extb_usermode module to example configuration files
[ci skip]
2016-03-28 03:29:57 +01:00
Aaron Jones
6c5fa2f6b3
Document extb_usermode module
[ci skip]
2016-03-28 03:28:12 +01:00
William Pitcock
1859e9d7d7 ircd: remove basically entirely pointless ServerInfo.hub (closes #167) 2016-03-19 23:05:07 -05:00
Elizabeth Myers
0e1f366732 reference.conf: fix me being an incompetent fuckwit.
Blind search and replace ruined this file. Remember to check your
regexes, people.
2016-03-12 20:27:37 -06:00
Elizabeth Myers
9abdcf1c64 modules: can .la suffix.
.la archives are prohibited by most Linux distributions because they
clutter up the linker. They may get caught up as victims in scripts that
purge .la files. Besides, .la files don't matter for simple loadable
modules on most systems.

So, what we do now instead is just use the platform suffix detected by
libtool.
2016-03-12 20:10:46 -06:00
Elizabeth Myers
a5c46d31e4 Ginormous docs cleanup.
Purge a lot of really old and obsolete documents, and merge some together
where possible. Lots of efnet docs and the old ircd-ratbox manpage (lol)
was purged.

Reorganise everything nice and neatly as possible. Things describing
features can be found in features/, and some more technical documents
were moved to techinical/.

Old credits file was consolidated into credits-past.txt, and a reference
was added to it in the credits.
2016-03-05 22:39:50 -06:00
William Pitcock
71c955336e ircd: add general::hide_opers_in_whois to simulate ircd-seven operhide 2016-01-15 13:38:40 -06:00
William Pitcock
4d21f1e8e0 extensions/helpops: new module, implementing a helpops system.
if loaded, this module takes over /stats p, and displays people who are umode +H.
to get umode +H, one must have the "usermode:helpops" permission.
2016-01-14 08:08:40 -06:00
William Pitcock
14482679ce ircd: channel: implement an option to strip color codes from channel topics 2016-01-13 17:05:41 -06:00
William Pitcock
e118f2d431 extensions/chm_operpeace: new module which disallows kicking of operators on select channels 2016-01-13 16:52:56 -06:00
William Pitcock
88c48be58c extensions/sno_globalnickchange: import from ircd-seven 2016-01-12 07:10:39 -06:00
William Pitcock
15feac531c ircd: implement support for remote module load/unload/etc commands 2016-01-12 00:37:54 -06:00
William Pitcock
cc7ae51cdc Allow remote DIE and RESTART (from ircd-seven) 2016-01-12 00:04:54 -06:00
William Pitcock
a4721f5e9f ircd: implement EXTENDCHANS, based on ircd-seven (with some improvements from chatircd) 2016-01-11 23:32:23 -06:00
William Pitcock
fe749d3709 ircd: implement GRANT subsystem based on ircd-seven 2016-01-11 23:02:03 -06:00
William Pitcock
d76258f559 modules: revert lt_dlopenext() change 2016-01-06 01:57:24 -06:00
William Pitcock
30da589e9e modules: use lt_dlopenext() to make the config look nicer 2016-01-06 01:33:33 -06:00
William Pitcock
0fa09b8024 documentation updates for libltdl 2016-01-05 21:41:03 -06:00
William Pitcock
d513218a9e LIST: allow channel display threshold to be configured (closes #109) 2015-12-26 22:23:28 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
63eb8567cb implement configurable channel modes (closes #31)
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time.  This is more efficient, and allows us
to report errors as part of the configuration phase.
2015-12-11 15:36:53 -06:00
William Pitcock
98c645cadb document extb_combi and extb_hostmask bans (closes #74) 2015-12-10 02:27:08 -06:00
William Pitcock
13d8f0edba allow certfp method to be configured 2015-12-07 01:49:30 -06:00
Andrew Wilcox
5f8fb56d02 Revert "remove MONITOR for now pending a complete rewrite"
This reverts commit 87fa262fec.
2015-10-15 17:31:55 -05:00
William Pitcock
87fa262fec remove MONITOR for now pending a complete rewrite 2015-10-15 09:39:48 -05:00
Aaron Jones
c9b5cd623b Remove network_desc configuration option, never actually used anywhere 2015-03-26 14:46:54 -05:00
William Pitcock
bb2a50509a config: further EGD removal 2015-03-01 01:06:58 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Max Teufel
b3c4dfd7f2 example configs: change ssl_cert to etc/ssl.pem
The genssl script writes to etc/ssl.pem by default.
2014-07-13 18:12:54 +02:00
Jilles Tjoelker
a0998bcdd7 example confs: Remove AHBL blacklists, which are no longer available. 2014-04-06 12:34:03 +02:00
Jilles Tjoelker
cba8bbc3fc Use RFC5737 and RFC3849 addresses in example confs.
There are IPv4 and IPv6 ranges reserved for documentation and example code;
use these to minimize the risk if someone accidentally uses an unmodified
example conf.
2013-10-06 19:39:30 +02:00
Jilles Tjoelker
364e59f82a whowas: Use the normal rules for IP visibility.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().

Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
2013-09-14 12:26:32 +02:00
Jilles Tjoelker
0ef5377a36 Rename m_nokillservices.so to no_kill_services.so per the naming scheme. 2013-04-27 17:00:10 +02:00
Elizabeth Myers
f0bce9d95d Tweak docs.
Also, last commit fixes #16. :p
2013-04-20 20:52:34 -05:00
Elizabeth Myers
3c93d380e0 Add support for multiple forms of blacklist queries using matches.
It supports both literal and last octet matches from the dnsbl.
If matches is not present, the old behaviour is used.
2013-04-20 20:49:11 -05:00
Elizabeth Myers
15d7a31134 Add m_nokillservices to documentation 2013-04-20 01:14:54 -05:00
Jilles Tjoelker
f09c28e18f reference.conf: Correct description of general::client_exit.
It prefixes with "Quit: ", not "Client exit: ".
2013-01-01 18:07:37 +01:00
William Pitcock
f0c778d701 Merge pull request #2 from TheChrisAM/patch-1
Adding auth_user documentation for auth {} blocks.
2012-07-30 10:00:49 -07:00
Jilles Tjoelker
2b121c81f5 reference.conf: Extend documentation for max_number in server classes. 2012-07-28 15:31:44 +02:00
TheChrisAM
f9bb3e0d72 Adding auth_user documentation for auth {} blocks. 2012-05-31 21:26:52 -03:00
Jilles Tjoelker
8f5402d369 reference.conf: Remove need_ident from *@* auth block.
Few people want need_ident for everyone these days, so remove it from
reference.conf. It was not in example.conf.
2012-03-29 22:41:24 +02:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00
William Pitcock
02270e9602 Add listen::defer_accept option for controlling usage of TCP_DEFER_ACCEPT option. 2012-03-17 10:00:39 -05:00
Jilles Tjoelker
d42e6915cf Pace aways.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).

Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
2012-02-18 16:32:57 +01:00
Keith Buck
e88a1f1b15 Add ratelimit for high-bandwidth commands. 2012-02-18 03:54:44 +00:00
Jilles Tjoelker
b225bf93b7 Change default --with-nicklen to 31, like atheme-services. 2011-11-29 23:32:10 +01:00
William Pitcock
b583faf970 Add support for customizing the usable nick length.
This adds a new ISUPPORT token, NICKLEN_USABLE which is strictly an informative value.
NICKLEN is always the maximum runtime NICKLEN supported by the IRCd, as other servers may
have their own usable NICKLEN settings.  As NICKLEN_USABLE is strictly informative, and
NICKLEN is always the maximum possible NICKLEN, any clients which depend on NICKLEN for
memory preallocation will be unaffected by runtime changes to NICKLEN_USABLE.

The default NICKLEN is 50; the default serverinfo::nicklen in the config file is set to
30, which is the NICKLEN presently used on StaticBox.
2011-11-29 16:10:21 -06:00
Jilles Tjoelker
92236e376a Remove an obsolete TS5 reference. 2011-11-01 22:07:32 +01:00
Jilles Tjoelker
2da6f6ebd7 Put back use_forward. 2011-09-25 16:22:29 +02:00
Elizabeth Jennifer Myers
765d839d3c Port ircd-seven banfowards to charybdis.
nenolod gave the thumbs-up to port ircd-seven banfowards to charybdis to spb
for a while, and people have asked about it. Might as well do it since it's a
slow weekend.

Note that as a side effect use_forward is removed from the config and
unconditionally enabled!
2011-08-12 20:33:10 -04:00
Keith Buck
da1b891f9f Pedantry: Make indentation consistent in example and reference confs. 2011-05-13 23:42:27 -07:00
Stephen Bennett
e6e54763d9 Make flood control settings configurable by those who know exactly what they're doing.
From ircd-seven git changeset 29aa4203150337925a4f5c6e7da47be5394c2125 .
2011-03-27 16:35:26 -04:00
Elizabeth Jennifer Myers
0a1e77c27c Support IPv6 blacklists. Also add a conf file option allowing the use of IPv4, IPv6, or both for a blacklist.
Although few blacklists currently support IPv6 lookups, they will likely begin to do so in the near future as more net trash begins using IPv6.
2011-02-27 16:38:05 -05:00
Stephen Bennett
341f971efa Bring across disable_local_channels config option from ircd-seven 2010-12-21 20:38:04 +00:00
William Pitcock
ff0cc1e616 Add support for linking using SSL certificate fingerprints as the link credential rather than the traditional server-password pair. 2010-12-13 23:14:00 -06:00
William Pitcock
429cf1b74f Add oper-override (modehacking only) as a module.
I think if you are going to kick someone from a channel.
2010-12-06 23:44:55 -06:00
Jilles Tjoelker
45a27bf8b9 Change max_bans in reference.conf from 25 to 100, like example.conf. 2010-12-05 16:51:48 +01:00
JD Horelick
f1e5a31775 Change the filenames of the generated SSL key/cert to ssl.* instead of test.* so that they're a bit more descriptive. 2010-11-13 16:07:54 -05:00
Jilles Tjoelker
717238d2a2 Add target change for channels.
This has a separate enabling option channel::channel_target_change.

It applies to PRIVMSG, NOTICE and TOPIC by unvoiced unopped non-opers.

The same slots are used for channels and users.
2010-08-29 01:26:00 +02:00
William Pitcock
40e92fca0e Recommend EFNet's RBL instead of DroneBL due to trustworthiness issues.
(StaticBox policy change as of May 14, 2010.)
2010-05-14 08:49:26 -05:00
JD Horelick
944b0584ea Change config option for ident_timeout to default_ident_timeout as jilles
recommended.
2010-04-05 16:29:11 -04:00
JD Horelick
0ffb810660 Add a configuration option for ident_timeout. 2010-04-05 15:28:44 -04:00
Jilles Tjoelker
dca9e55257 Add propagated resvs, like klines and xlines. 2010-03-27 16:13:57 +01:00
Jilles Tjoelker
3cbbfb2556 Add propagated xlines, like klines. 2010-03-16 23:05:50 +01:00
Jilles Tjoelker
1702b69419 Add option general::use_propagated_bans to allow disabling new KLINE.
If this option is yes (default), KLINE by itself sets global (propagated) bans.
If this option is no, KLINE by itself sets a local kline following cluster{},
compatible with 3.2 and older versions.
2010-03-14 17:21:20 +01:00
William Pitcock
a8560affce Documentation updates for the ip_cloaking_4.0 transition. 2010-02-18 07:34:40 -06:00
William Pitcock
ff31db8473 Add support for client certificate fingerprints in o:lines. 2010-02-17 06:41:41 -06:00
Jilles Tjoelker
fa1a7bef02 Add two more reasons why ssld_count>1 can be useful: bugs and fd limits. 2009-11-18 00:00:07 +01:00
Jilles Tjoelker
b23244702a Note that blacklist{} only accepts host/reason pairs, no host+host+reason. 2009-10-18 21:08:37 +02:00