Commit graph

636 commits

Author SHA1 Message Date
Aaron Jones
a589946b42
Revert "m_sasl: Don't process authentication messages if SASL has been aborted"
SASL does not work with this commit in the tree.

This reverts commit f44a0d7ea2.
2019-06-08 20:59:36 +00:00
Simon Arlott
f44a0d7ea2
m_sasl: Don't process authentication messages if SASL has been aborted 2019-02-23 13:19:13 +00:00
ManiacTwister
908f1c30c4 Proper range for fakechannel user count 2018-11-26 20:13:37 +01:00
ManiacTwister
a4e5c2fa61 Added fakechannels to /LIST 2018-11-21 20:19:41 +01:00
Simon Arlott
3ea954da3a
m_nick/m_sasl/m_user: restore check for mixing of client and server protocol 2018-08-15 22:48:08 +01:00
Simon Arlott
28caceba33
m_pass: store unverified SID in preClient for use in m_server 2018-08-15 22:48:07 +01:00
Simon Arlott
03f04cd80e
m_sasl: check if the agent is present after every client_exit
When a server disconnects the client_exit hook will only be called once
but there could be multiple servers and clients behind that server.

After any client exits, check if the agent is still present.
2018-08-12 13:06:20 +01:00
Aaron Jones
bfffef7436
modules/m_sasl.c: prevent abort_sasl() sending 906 twice 2018-04-06 20:05:48 +00:00
Aaron Jones
11d111c3fa
modules/m_sasl.c: abort session if we receive '*' as data
Otherwise we'd send the * on to services as actual data, which is likely
to fail to decode it (it's not valid Base-64) and reply with an SASL ...
D F which will result in us sending a 904 numeric instead of a 906.

cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287

Reported-By: James Wheare
2018-04-06 19:45:56 +00:00
Aaron Jones
e1d4ebda4d
modules/static_modules.c.SH: use correct header file
Commit 4016731b1c missed a file.

Reported-by: mniip (Freenode)

[ci skip]
2017-10-15 06:38:33 +00:00
Simon Arlott
754c1edf2e
m_sasl: indicate client connection type for SASL 2017-08-13 21:52:04 +01:00
Simon Arlott
c41d0c0f5f
modules/core/m_join.c: remove global variable parabuf
Edit by @aaronmdjones: m_join() doesn't need it
2017-08-04 12:32:58 +00:00
Simon Arlott
75399a9334
modules/core/m_join.c: remove global variable modebuf 2017-08-04 12:32:58 +00:00
Simon Arlott
18823bcfca
modules/core/m_join.c: remove global variable para 2017-08-04 12:32:58 +00:00
Simon Arlott
1c2012f03b
modules/core/m_join.c: remove global variable pargs 2017-08-04 12:32:58 +00:00
Simon Arlott
6420b39ad0
modules/core/m_join.c: remove global variable mbuf 2017-08-04 12:32:58 +00:00
Aaron Jones
3109b8a636
modules/core/m_mode.c: misc cleanup for compiler warning
core/m_mode.c:378:11: warning: possible misuse of comma operator here
                      [-Wcomma]
2017-08-04 12:32:57 +00:00
Aaron Jones
8952f21843
modules/m_rehash.c: misc cleanups for compiler warnings
m_rehash.c:380:17: warning: possible misuse of comma operator here
                   [-Wcomma]

    (... and 3 more of the same)
2017-08-04 12:32:57 +00:00
Aaron Jones
82e920102f
lots of misc cleanups for compiler warnings
ratbox_lib.c:159:1: warning: function 'rb_lib_restart' could be declared
                    with attribute 'noreturn' [-Wmissing-noreturn]

ratbox_lib.c:220:1: warning: function 'rb_lib_loop' could be declared
                    with attribute 'noreturn' [-Wmissing-noreturn]

restart.c:55:1: warning: function 'server_reboot' could be declared with
                attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:57 +00:00
Aaron Jones
efc60d52a3
modules/core/m_server.c: misc cleanup for compiler warnings
core/m_server.c:138:3: warning: 'break' will never be executed
                       [-Wunreachable-code-break]

    (... and 3 more of the same)

Why put an unreachable comment in the code *and then write a
statement following it* ? O_o
2017-08-04 12:32:57 +00:00
Aaron Jones
81e245be5b
modules/core/m_die.c: misc cleanup for compiler warning
core/m_die.c:76:9: warning: 'return' will never be executed
                   [-Wunreachable-code-return]
2017-08-04 12:32:57 +00:00
Aaron Jones
ee0a3970c8
modules/m_whois.c: misc cleanup for compiler warning
m_whois.c:331:8: warning: declaration shadows a local variable [-Wshadow]
2017-08-04 12:32:56 +00:00
Aaron Jones
b253a53c51
modules/m_stats.c: misc cleanup for compiler warnings
m_stats.c:181:22: warning: this function declaration is not a prototype
                  [-Wstrict-prototypes]

m_stats.c:1502:24: warning: format string is not a string literal
                   [-Wformat-nonliteral]
    (... and 2 more of the same)
2017-08-04 12:32:56 +00:00
Keith Buck
a91a4515c9 mr_server: Handle certificate validation errors.
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
2016-12-09 10:01:22 +00:00
Keith Buck
5fd7e2bb8c m_rehash: Require admin privileges for REHASH SSLD.
This change enforces admin privileges for the REHASH SSLD command, as
originally intended.
2016-12-04 22:03:34 +00:00
Simon Arlott
598a7d3b7e mr_server: Report certificate fingerprint mismatches
Log the received certificate fingerprint when it causes a server to be
rejected.
2016-12-04 21:49:59 +00:00
Simon Arlott
8d0153ff55 mr_server: Handle unknown error codes
As mr_server is a module, it could potentially receive an unknown
error code from check_server().
2016-12-04 21:45:16 +00:00
Simon Arlott
d4b074a771 ircd: support restarting ssld processes
Add REHASH SSLD (admins only) that starts new sslds and marks the
existing ones as inactive until all their clients disconnect.

Very useful whenever the SSL library has a vulnerability because
new connections can use a new version of the library without
disconnecting existing clients/servers.

Add STATS S (admins only) to list ssld processes, status, and client
count.
2016-12-04 21:24:56 +00:00
Aaron Jones
866026ab70
whois: check target is an oper before assuming they have a privset
The CHALLENGE functionality will set opername but not privset --
if an oper performs a WHOIS on someone currently half-way through
a challenge we will perform a NULL dereference.

Related to ircd-seven commit d7b05f7583babf6
2016-09-20 13:46:40 +00:00
Aaron Jones
818a3fda94
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
2016-09-03 17:28:41 +00:00
William Pitcock
bc2eeb0992
Do not shadow OpenSSL-internal symbol "ssl_ok".
This is a backport of commit bfc44622
2016-06-01 16:32:26 +00:00
Aaron Jones
01fdef77e6
starttls: Allow command usage with backends other than OpenSSL 2016-05-14 00:27:27 +00:00
William Pitcock
18244e32f3 more ssld ipc improvements from 3.6 2016-04-02 17:20:15 -05:00
William Pitcock
e3af723d23 m_cap: ensure that CAP parameters are properly initialized to zero 2016-02-28 19:08:03 -06:00
William Pitcock
5810d36e0a whois: privset disclosure: we do not need to check if source user is the same as target, because they will always be opered 2016-01-05 18:55:23 -06:00
William Pitcock
9e07c8f70b whois: add a hook allowing for ShowChannel() behaviour to be overridden for channel visibility 2016-01-05 18:45:07 -06:00
Aaron Jones
5499771f0e
Fix erroneous comment 2016-01-01 09:31:55 +00:00
Aaron Jones
0e06053c33
Fix erroneous use of wrong string concatenation function
Avoids warning:

  m_map.c:203:3: warning: implicit declaration of function ‘strlcat’
  [-Wimplicit-function-declaration]
2015-12-30 08:34:27 +00:00
Mantas Mikulėnas
2b17787939 m_starttls: reject "STARTTLS" use over an existing TLS connection 2015-12-30 09:28:53 +02:00
Jilles Tjoelker
f8d9a4c289 list: Remove a now obsolete comment. 2015-12-29 13:55:16 +01:00
William Pitcock
4d38dd60ed whois: bring permissions check in line with the same one in m_privs 2015-12-28 14:55:59 -06:00
Valentin Lorentz
d855e13e01 Remove trailing space in CAP ACK.
Fixes https://github.com/atheme/charybdis/issues/110
2015-12-28 10:57:17 +01:00
William Pitcock
e00552d5ce whois: cosmetic improvement to opered-as numeric 2015-12-28 01:38:13 -06:00
William Pitcock
72ad5c04fe whois: list active operator block and privset when appropriate 2015-12-28 01:33:09 -06:00
William Pitcock
c7b2fd3d66 MODE: allow 'q' banlist queries to bypass flood limits too 2015-12-28 00:48:46 -06:00
William Pitcock
0b904d91bf supported: move ISUPPORT tokens provided by modules to their specific modules:
- m_cmessage: CPRIVMSG/CNOTICE
- m_etrace: ETRACE
- m_knock: KNOCK
- m_services: FNC
- m_who: WHOX
2015-12-26 22:41:09 -06:00
William Pitcock
d513218a9e LIST: allow channel display threshold to be configured (closes #109) 2015-12-26 22:23:28 -06:00
Jilles Tjoelker
e124e4b64c starttls: Update for client fd hash removal. 2015-12-24 23:01:37 +01:00
Jilles Tjoelker
2d28539c68 Reduce clean_nick() code duplication further.
Side effect: hurt and monitor now allow nicks starting with a digit.
2015-12-13 00:22:21 +01:00
William Pitcock
e1fda0d81e map: make flatten_links dump a flattened map instead of blocking it (closes #48)
based on my patches in shadowircd legacy (4.0)
2015-12-12 09:24:37 -06:00