Commit graph

88 commits

Author SHA1 Message Date
Elizabeth Myers
e232f35c63 Blacklist: fix accidentally clobbering previous filters 2013-04-21 11:10:57 -05:00
Elizabeth Myers
3c93d380e0 Add support for multiple forms of blacklist queries using matches.
It supports both literal and last octet matches from the dnsbl.
If matches is not present, the old behaviour is used.
2013-04-20 20:49:11 -05:00
Keith Buck
c46a4ecd97 Move marking of services entirely to m_services.c; mark all services when m_services loads and unmark them when it unloads. 2012-05-21 21:03:56 +00:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00
William Pitcock
02270e9602 Add listen::defer_accept option for controlling usage of TCP_DEFER_ACCEPT option. 2012-03-17 10:00:39 -05:00
Jilles Tjoelker
d42e6915cf Pace aways.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).

Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
2012-02-18 16:32:57 +01:00
Keith Buck
e88a1f1b15 Add ratelimit for high-bandwidth commands. 2012-02-18 03:54:44 +00:00
Jilles Tjoelker
ca8ff4830b Force nicklen (all flavours) to be at least 9. 2011-11-29 23:41:18 +01:00
William Pitcock
a83486bfe6 Remove nicklen_set barrier.
Since serverinfo::nicklen only controls NICKLEN_USABLE, we do not need to have a
barrier here.
2011-11-29 16:19:37 -06:00
William Pitcock
7b42eab627 Make sure ConfigFileEntry.nicklen follows the same semantics as real NICKLEN.
Otherwise, truncation would be one byte too short on nick changes.
2011-11-29 16:16:38 -06:00
William Pitcock
b583faf970 Add support for customizing the usable nick length.
This adds a new ISUPPORT token, NICKLEN_USABLE which is strictly an informative value.
NICKLEN is always the maximum runtime NICKLEN supported by the IRCd, as other servers may
have their own usable NICKLEN settings.  As NICKLEN_USABLE is strictly informative, and
NICKLEN is always the maximum possible NICKLEN, any clients which depend on NICKLEN for
memory preallocation will be unaffected by runtime changes to NICKLEN_USABLE.

The default NICKLEN is 50; the default serverinfo::nicklen in the config file is set to
30, which is the NICKLEN presently used on StaticBox.
2011-11-29 16:10:21 -06:00
Jilles Tjoelker
d74fa5b502 Prefer PATH_MAX to non-standard MAXPATHLEN. 2011-10-28 16:45:18 +02:00
Jilles Tjoelker
2da6f6ebd7 Put back use_forward. 2011-09-25 16:22:29 +02:00
Elizabeth Jennifer Myers
765d839d3c Port ircd-seven banfowards to charybdis.
nenolod gave the thumbs-up to port ircd-seven banfowards to charybdis to spb
for a while, and people have asked about it. Might as well do it since it's a
slow weekend.

Note that as a side effect use_forward is removed from the config and
unconditionally enabled!
2011-08-12 20:33:10 -04:00
Stephen Bennett
e6e54763d9 Make flood control settings configurable by those who know exactly what they're doing.
From ircd-seven git changeset 29aa4203150337925a4f5c6e7da47be5394c2125 .
2011-03-27 16:35:26 -04:00
Stephen Bennett
5fabe51369 Don't allow +Z to be set by default_umodes 2011-03-11 13:12:40 +00:00
Elizabeth Jennifer Myers
0a1e77c27c Support IPv6 blacklists. Also add a conf file option allowing the use of IPv4, IPv6, or both for a blacklist.
Although few blacklists currently support IPv6 lookups, they will likely begin to do so in the near future as more net trash begins using IPv6.
2011-02-27 16:38:05 -05:00
Jilles Tjoelker
462ae9d7a5 Fix memory leak of operator certfp fields. 2011-01-25 00:39:07 +01:00
Elizabeth Jennifer Myers
ed45dfe676 newconf: fix a warning 2011-01-23 16:56:36 -05:00
Elizabeth Jennifer Myers
63c7a68e19 newconf: fix certificate fingerprint auth.
yy_oper->certfp was not copied into yy_tmpoper->certfp, thus the information was lost and certfp auth was never really working, since the string was always empty.
2011-01-23 16:12:32 -05:00
Stephen Bennett
341f971efa Bring across disable_local_channels config option from ircd-seven 2010-12-21 20:38:04 +00:00
William Pitcock
c8f269066c Correct error message involving no fingerprint credentials or password credentials being available. 2010-12-14 21:25:44 -06:00
William Pitcock
ff0cc1e616 Add support for linking using SSL certificate fingerprints as the link credential rather than the traditional server-password pair. 2010-12-13 23:14:00 -06:00
Jilles Tjoelker
717238d2a2 Add target change for channels.
This has a separate enabling option channel::channel_target_change.

It applies to PRIVMSG, NOTICE and TOPIC by unvoiced unopped non-opers.

The same slots are used for channels and users.
2010-08-29 01:26:00 +02:00
JD Horelick
944b0584ea Change config option for ident_timeout to default_ident_timeout as jilles
recommended.
2010-04-05 16:29:11 -04:00
JD Horelick
0ffb810660 Add a configuration option for ident_timeout. 2010-04-05 15:28:44 -04:00
Jilles Tjoelker
1702b69419 Add option general::use_propagated_bans to allow disabling new KLINE.
If this option is yes (default), KLINE by itself sets global (propagated) bans.
If this option is no, KLINE by itself sets a local kline following cluster{},
compatible with 3.2 and older versions.
2010-03-14 17:21:20 +01:00
Jilles Tjoelker
27f616ddf5 Track who set a dline/kline/xline/resv as in ratbox3.
Like in ratbox3, there is no way to query this information
(other than bandb's tables, but they worked before this
commit).
2010-03-01 01:23:22 +01:00
William Pitcock
ff31db8473 Add support for client certificate fingerprints in o:lines. 2010-02-17 06:41:41 -06:00
Jilles Tjoelker
5f2df25109 Slightly tighten auth{} duplicate check:
If the existing auth{} block has no auth_user, it will
trump any auth{} block for the same u@h.
2010-01-31 01:40:43 +01:00
Jilles Tjoelker
3d1f32c07a Take auth_user into account when detecting redundant/duplicate auth{}.
from ircd-seven (spb)
2010-01-31 01:36:37 +01:00
Jilles Tjoelker
456e5b3d64 Fix crashes when there are no alias blocks in the conf. 2009-12-05 20:48:02 +01:00
Jilles Tjoelker
c2c25552ca Force part local users (not resv_exempt) on channel resv.
A notice will be sent to any force parted users that the channel
is temporarily/permanently unavailable on the server.
A new config option channel::resv_forcepart can be used to disable this.

from ircd-ratbox (dubkat)
2009-09-19 21:24:35 +02:00
Jilles Tjoelker
ad13bb7556 Rework remote rehash messages to apply to all server notices during rehash.
Previously various notices such as those applying
to modules were not sent to the remote oper.
2009-03-07 01:27:05 +01:00
Jilles Tjoelker
6865c0b099 Add channel::only_ascii_channels config option
to restrict channel names to printable ascii only.
Like disable_fake_channels this only applies to joins
by local users; unlike disable_fake_channels it applies
to opers as well.
2009-02-22 00:12:21 +01:00
Jilles Tjoelker
6e5e2b000a Warn about auth blocks after a *@* auth and duplicate auth blocks. 2009-01-31 18:42:03 +01:00
Jilles Tjoelker
ad08ad1876 For remote rehashes, send error messages to the requesting oper as well. 2009-01-30 00:11:12 +01:00
Aaron Sethman
a4165b42bf re-enable ziplinks + ssl 2008-12-13 23:20:59 +03:00
Valeriy Yatsko
b7a689d1e5 Remove irc_basename, replace it with rb_basename from libratbox. 2008-12-03 02:59:13 +03:00
Jilles Tjoelker
e33e589cbf Split cidr_bitlen into cidr_ipv4_bitlen and cidr_ipv6_bitlen.
Taken from ircd-ratbox 3 via shadowircd.
2008-11-30 13:31:59 +01:00
Jilles Tjoelker
10847f65d3 Remove old oper privilege flags. 2008-09-09 21:51:26 +02:00
Jilles Tjoelker
b159441429 Add need_ssl to auth{} and operator{}.
Specifying need_ssl on auth{} denies the connection if
it is not SSL/TLS, much like need_ident or need_sasl.
Specifying need_ssl on operator{} refuses opering with
ERR_NOOPERHOST if the connection is not SSL/TLS.
from ircd-ratbox
2008-09-07 01:18:58 +02:00
Jilles Tjoelker
7d5acab766 Fix crash if there is no privset= in an operator{}. 2008-08-18 00:55:12 +02:00
William Pitcock
49b0375d62 Make use of the new default privset!! 2008-08-17 08:08:23 -05:00
William Pitcock
065f67db89 fix another stupid bug, gah 2008-08-17 07:46:18 -05:00
William Pitcock
22c3b270ca Initial work on getting privsets working. 2008-08-17 07:40:27 -05:00
William Pitcock
f860687514 Add config magic for privset{} parsing. 2008-08-17 07:10:23 -05:00
Valery V Yatsko
33e65f0004 no more servlink - removed 'servlink_path' from reference.conf and source files 2008-08-16 22:23:56 +04:00
Jilles Tjoelker
43946961df Move to ratbox3 reject and throttle code.
Throttle replaces max_unknown_ip, reject is like before
(including the charybdis-specific unkline handling).
Both of these now apply before SSL negotiation.

This commit does not include the global_cidr and new dline code.

m_webirc is a bit nasty with throttling (unlike before
with max_unknown_ip), this may be fixed later (or
the webirc IP needs to be exempt{}ed).
2008-08-01 01:59:08 +02:00
Valery V Yatsko
40c1fd4799 PASS selector:password for auth{}, based on spb's patch for ircd-seven 2008-06-26 10:18:58 +04:00