Commit graph

900 commits

Author SHA1 Message Date
Elizabeth Myers
e6bbb41030 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:14:02 -06:00
William Pitcock
bbccb09a90 newconf: TLS listener ports should always be defer_accept
TLS clients are required to send ClientHello upon connection, the server may not reply with ServerHello until this has happened
2015-12-04 22:53:04 -06:00
William Pitcock
7f2cc0eacb Revert "supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway"
This reverts commit ff2f68e617.
2015-11-19 23:10:36 -06:00
William Pitcock
4a5330bb4d cap: implement ircv3.2 chghost cap 2015-11-19 22:53:55 -06:00
William Pitcock
583f064fef send: add negation argument to sendto_common_channels_local() and friends 2015-11-19 22:43:45 -06:00
William Pitcock
8e9e22b4d3 parse: handle_encap(): remove parv[0] initialization, anything using parv[0] should crash the ircd 2015-11-19 17:13:04 -06:00
William Pitcock
ff2f68e617 supported: remove TARGMAX, nothing really uses it, and the information conveyed is useless anyway 2015-11-16 15:01:57 -06:00
Jilles Tjoelker
439bf4db58 monitor: Show 005 entry only if m_monitor.so is actually loaded.
This only affects the MONITOR=<max> entry, not TARGMAX=...,MONITOR:
which is harder to modify from a module.
2015-11-15 22:57:23 +01:00
Andrew Wilcox
7a40c9a5b4 monitor: don't use already-freed pointer, unlike the moronic atheme developers 2015-10-15 17:32:02 -05:00
Andrew Wilcox
5f8fb56d02 Revert "remove MONITOR for now pending a complete rewrite"
This reverts commit 87fa262fec.
2015-10-15 17:31:55 -05:00
William Pitcock
87fa262fec remove MONITOR for now pending a complete rewrite 2015-10-15 09:39:48 -05:00
William Pitcock
7485e86073 monitor: additional cleanups, and add a missing free_monitor() in m_monitor 2015-10-11 19:11:01 -05:00
William Pitcock
d5f856c68e monitor: fix the resource leak properly, unlike the moronic elemental-ircd developers 2015-10-11 18:48:53 -05:00
Jilles Tjoelker
dd64bf8dad Fix build on glibc (no strlcpy). 2015-10-01 22:55:07 +02:00
Jilles Tjoelker
0e17ce0612 Use new info when sending away-notify after QJM. 2015-09-20 15:20:05 +02:00
Jilles Tjoelker
b4a7304c94 s_conf: Split out a function. 2015-09-13 22:59:03 +02:00
Jilles Tjoelker
2125182293 Remove the unneeded username parameter to register_local_user(). 2015-09-13 22:59:03 +02:00
Jilles Tjoelker
83e5941c87 Check CIDR ban IP address for validity.
Otherwise, we compare to uninitialized stack data. This is wrong but seems
harmless.

Closes #103
2015-09-13 22:59:03 +02:00
Elizabeth Myers
34c10ca8b7 Relocate report_Klines to proper home
This function is not used anywhere else but m_stats, so should be put
there.
2015-08-08 17:25:29 -05:00
Jail Bird
29c92cf95f Spring cleaning redux:
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls

Thanks Jilles!
2015-04-20 00:55:20 -05:00
Aaron Jones
32fb589528 Misc code cleanups
* src/packet.c: Remove a dead store
* src/res.c: Remove a dead store
* src/sslproc.c: Remove a dead store
* src/sslproc.c: Don't call the same accessor twice

These silence some fairly harmless compiler warnings
2015-03-27 23:07:20 +00:00
Aaron Jones
c9b5cd623b Remove network_desc configuration option, never actually used anywhere 2015-03-26 14:46:54 -05:00
Jilles Tjoelker
9279ad6461 Fix some compiler warnings about signed/unsigned comparison. 2015-03-01 23:46:20 +01:00
Jilles Tjoelker
4f0d2b588b conf: Correct message when serverinfo::nicklen is set too low (<9). 2015-03-01 16:12:12 +01:00
Jilles Tjoelker
bed692ca0e send: sendto_local_clients_with_capability() needn't use serial
sendto_local_clients_with_capability() sends to a subset of the list of
local clients and cannot visit the same client multiple times like
sendto_channel_flags() and sendto_common_channels_local() can.
2015-03-01 14:55:57 +01:00
William Pitcock
bb2a50509a config: further EGD removal 2015-03-01 01:06:58 -06:00
William Pitcock
e861902fd9 libratbox: remove RB_PRNG_EGD in its entirety (closes #85) 2015-03-01 01:05:14 -06:00
William Pitcock
984d80c988 cap-notify: add sendto_local_clients_with_capability() (ref #84) 2015-03-01 00:44:34 -06:00
Max Teufel
1b54aa5c3b src/channel: add support for IRCv3.2 userhost-in-names 2015-02-28 01:06:38 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Jilles Tjoelker
e9f86e320e introduce_client(): Remove redundant check for sockhost starting with colon.
Other code (inet_ntop6() in libratbox/src/commio.c and
extensions/m_webirc.c) ensures the sockhost does not start with a colon.
Checking only here does not make sense.

Reported by:	Attila
2015-01-25 22:11:16 +01:00
Jilles Tjoelker
3881a3ce5d Don't append a domain to names without dot from reverse lookup.
Some code to append "domain" from /etc/resolv.conf to unqualified names (for
server connections) erroneously applied to names from reverse DNS lookups as
well.

The effect was that "domain" from /etc/resolv.conf was appended to
"localhost", even though the DNS server intended "localhost" to be a fully
qualified name.
2015-01-16 23:23:56 +01:00
Aaron Jones
3c80b42532 Allow clients to have a resolved hostname of localhost
I slightly changed the patch to match surrounding style.

(cherry picked from commit 0b06270fd6266c85d19e008efcd039605daf59d0)
2015-01-16 21:38:42 +01:00
Jilles Tjoelker
74b2fb72db pretty_mask(): Stop temporarily modifying the passed mask entirely. 2015-01-15 23:45:02 +01:00
Jilles Tjoelker
f4e893b515 pretty_mask(): Use explicit lengths instead of temporarily writing '\0'.
This is slightly simpler and should fix Coverity warnings.
2015-01-15 23:38:50 +01:00
Attila Molnar
76d82c19ad Fix sending null char after ERROR when the server is full 2014-11-04 21:57:37 +01:00
Jilles Tjoelker
624d779127 bandb: Don't apply empty ban list when bandb starts sending bans.
When bandb sends the ban list, it first sends 'C', then all bans and
finally 'F'. Only when 'F' is sent is ircd supposed to apply the bans.
Because of a missing break, 'C' also did 'F', clearing the ircd active
permanent bans until bandb sent 'F'.

The effect is pretty limited because having bandb send the ban list via
/rehash bans is uncommon and most bans will be enforced when reset.
2014-09-21 18:09:18 +02:00
Jilles Tjoelker
5f1db61bdf server: Don't read beyond the bounds of ServerInfo.ip and ServerInfo.ip6. 2014-09-21 16:57:38 +02:00
Jilles Tjoelker
483987a464 Explicitly pass the current time to deactivate_conf().
Some places depend on the ban not being destroyed.
2014-09-21 15:02:43 +02:00
Jilles Tjoelker
2196b1825d Fix crash when there are two blacklist hosts without intervening reason.
This is invalid configuration; the first host is supposed to be ignored.
2014-09-21 14:42:14 +02:00
Byron Grobe
e8d7921a08 Removed comment from src/modules.c that states certain function were moved into a file that no longer exists. (Circa ~2002) 2014-09-09 08:13:42 +00:00
Jilles Tjoelker
aea6c4f9e6 chmode: Check mlock when a local oper changes cmode +L/+P.
This check was erroneously removed when fixing /mode #channel f when +f is
mlocked. Mlock checks were restricted to the places requiring chanops
(other than viewing +eI lists); cmode +L/+P do not require chanops, but
still constitute a mode change that must be checked against mlock.
2014-08-18 00:26:38 +02:00
Jilles Tjoelker
dfbf41a0ab conf: Make channel::channel_target_change option actually work.
Channel target change was forcibly enabled.
2014-08-08 11:57:09 +02:00
Jilles Tjoelker
67b7840a5d ircd_parser: Fix inconsistent declaration of yyerror(). 2014-05-29 23:23:50 +02:00
Jilles Tjoelker
0f8db0552e channel: Remove write-only field. 2014-05-29 17:41:35 +02:00
Jilles Tjoelker
51452a370b channel: Stop pretending to support per-mode server capabilities.
After a change for dynamic server capabilities, the code to send out mode
changes was changed to use the capabilities belonging to the last mode
being sent out. This does not make sense; therefore, just use no
capabilities and remove supporting infrastructure.
2014-05-29 17:40:16 +02:00
Jilles Tjoelker
d0c2fc8266 server: Require EX and IE capabilities (+e and +I cmodes).
The code to send each channel mode only to servers supporting it was
broken a while ago and was not very useful anyway. Therefore, require
all connecting servers to support all standard channel modes.
2014-05-29 16:24:42 +02:00
Adam
9744d53ec9 Fix buffer overflow in introduce_client and burst_TS6
If the client being introduced has more than 10 user modes send_umode()
will overflow ubuf
2014-05-13 19:33:41 -04:00
Douglas Freed
cea0689e80 Fix const qualifier on raw_mask
Fixes compilation warning about losing const qualifier in assignment to
non-const variable

(cherry picked from commit 6d9c3f50944e1da3bf3a1be6454f85d6d6f7ab37)
2014-03-09 19:13:25 +01:00
Jilles Tjoelker
0c5e50f430 Fix format string type mismatch in src/capability.c.
The type 'long' was correct on most machines but not according to the C
standard and Windows 64-bit.
2014-03-09 19:11:54 +01:00
Jilles Tjoelker
5457b10278 Fix fd leak if /dev/urandom can be opened but not read. 2014-03-09 14:54:45 +01:00
Jilles Tjoelker
0894d18b87 blacklist: Make the snote more like the +c one. 2014-03-07 21:55:43 +01:00
Keith Buck
48e409767f Add DNSBL snotes for snomask +r. 2014-03-05 08:12:22 +00:00
Keith Buck
55abcbb20a Remove trailing whitespace from all .c and .h files.
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
Keith Buck
00533129dc s_conf: Don't leak log file paths when loading default conf
This change prevents the log file paths from being leaked when
rehashing. Additionally, fname_killlog was added to two places where it
was previously forgotten.
2014-03-03 04:12:07 +00:00
Keith Buck
010c4fbdc5 s_conf: Don't leak strings when loading default conf
This change prevents conf strings from being leaked when resetting the
conf to default prior to a rehash. Additionally, some default strings
are now rb_strdup'd into the ConfigFileEntry structure after loading the
conf so that they aren't allocated and then immediately freed by the
conf loading process.
2014-03-03 03:58:40 +00:00
Keith Buck
023c36ae22 newconf.c: Remove end-of-line whitespace. 2014-03-03 01:43:33 +00:00
Keith Buck
e12981c028 conf parsing: Fix freeing section names upon section end. 2014-03-03 01:43:33 +00:00
Keith Buck
1d39324556 Fix a couple more string leaks. 2014-03-02 22:05:30 +00:00
Jilles Tjoelker
f1709d5ac8 sslproc: Add missing break, still allowing zlib when ssl cannot be set up. 2014-03-02 21:58:38 +01:00
Jilles Tjoelker
0e717d8eb4 log_client_name: Remove MASK_IP case.
The MASK_IP case in log_client_name() was broken (because of a missing
break, it behaved as HIDE_IP). However, log_client_name() with MASK_IP
does not make sense anyway and is not used.
2014-03-02 21:54:29 +01:00
Jilles Tjoelker
40173bcbb3 listener: Move error messages to something visible by default.
If a listening port cannot be opened, send error messages to opers with
snomask +s and ircd.log, instead of snomask +d and the ioerror log, which
both are usually disabled.

Also, restore information about what listener is having problems. This
was lost when report_error() was replaced.
2014-03-01 19:05:55 +01:00
Keith Buck
dceac3e4fb conf parsing: Fix memory leaks and clean up code a bit.
Charybdis currently leaks about 45-50k per configuration parse,
including every rehash. This change plugs these leaks by properly
iterating through all conf_parm_t structures to seek all strings that
should be freed and also by freeing the conf_parm_t structures
themselves.

These leaks have been present since the original rewrite of the
configuration parsing system in ircd-ratbox r11953.

Additionally, this change also cleans up and documents the parsing code
a bit.
2014-02-28 17:35:51 +00:00
Jilles Tjoelker
e8cfec47c6 ircd_parser: Fix whitespace errors. 2014-02-28 15:51:52 +01:00
Jilles Tjoelker
a1f7ec5be0 server: Use rb_strlcpy() instead of strcpy().
An overflow should be impossible here, but be paranoid.
2014-02-24 00:04:11 +01:00
Jilles Tjoelker
26c6ac3dc7 Simplify module path list, removing strcpy use. 2014-02-23 23:47:27 +01:00
Jilles Tjoelker
b84e58f905 Fix use after free. 2014-02-23 23:46:57 +01:00
Jilles Tjoelker
12edf3e3d2 conf: Remove dead store. 2014-02-23 23:04:52 +01:00
Jilles Tjoelker
77910830e3 Fix various printf arg types. 2014-02-23 23:01:59 +01:00
Jilles Tjoelker
a9f1281448 modlist: Fix address display on 64-bit systems. 2014-02-23 22:55:40 +01:00
Jilles Tjoelker
1e170010e7 modules: Fix bad sizeofs. 2014-02-23 22:39:42 +01:00
Jilles Tjoelker
5ef68b1398 Replace double semicolons with single; place null statement on its own line.
No functional change is intended.
2014-02-23 22:23:34 +01:00
Jilles Tjoelker
43f45e81fb conf: Do not leak memory when modules::module is already loaded. 2014-02-23 22:20:43 +01:00
Jilles Tjoelker
b45b2daef9 startup: Check return value of open /dev/null. Don't fclose stdin/stdout/stderr.
Open /dev/null for standard fds earlier, so a failure can be reported.
Do not fclose stdin/stdout/stderr but just overwrite the fds with
/dev/null.
2014-02-23 21:51:19 +01:00
Jilles Tjoelker
071e376d9e Remove an unused variable. 2014-01-17 00:23:09 +01:00
Jilles Tjoelker
0c2ea0c3ce Avoid wrong detection of redundant/duplicate auth blocks with auth_user.
If there was more than one user= per auth block, the check for redundant
or duplicate auth blocks did not take auth_user into account.
2014-01-17 00:22:47 +01:00
Keith Buck
c8729b08fb bandb: Don't attempt to write to a NULL helper. 2014-01-12 01:38:48 +00:00
Keith Buck
7f3382fe98 Remove duplicate default-value code.
Default values for default_floodcount and default_ident_timeout are set
in s_conf.c. Remove code that checks for missing values in ircd.c.
Additionally, reset default_ident_timeout to 5 if an invalid value (i.e.
0) is provided.
2013-10-29 09:32:28 +00:00
Jilles Tjoelker
364e59f82a whowas: Use the normal rules for IP visibility.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().

Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
2013-09-14 12:26:32 +02:00
Jilles Tjoelker
f1fe7b4b28 Merge branch 'isupport-charset' of github.com:grawity/charybdis 2013-09-13 22:34:11 +02:00
Keith Buck
7fc09bc4f0 Abort blacklist queries at the same time as auth queries.
This fixes an assert(MyConnect(...)) being hit in
register_local_user(...).
2013-09-12 08:23:59 +00:00
Mantas Mikulėnas
e1a9785abe Remove CHARSET=ascii from ISUPPORT
For one, [draft-brocklesby-irc-isupport-02][1] already defines "ascii" as the
default value. According to section 2 ("Except as
explicitly stated in its definition, a parameter should not be sent
unless it changes this default value, or the default value is vague,
badly defined, or differs between IRC server implementations"), there is
no point in sending it.

For another, [version 03 of the same draft][2] removes CHARSET ("It was
found to be unworkable;  a correct specification could not be devised to
represent its meaning across implementations."), and the token is not
present at all in [draft-hardy-irc-isupport-00][3].

[1]: https://tools.ietf.org/html/draft-brocklesby-irc-isupport-02#section-3.17
[2]: https://tools.ietf.org/html/draft-brocklesby-irc-isupport-03#section-4.8
[3]: https://tools.ietf.org/html/draft-hardy-irc-isupport-00
2013-09-11 01:20:56 +03:00
Keith Buck
77d3d2dbaf Remove s_assert definition from ircd_defs.h and add it to its own header.
s_assert requires some higher-level functionality that shouldn't be
present in ircd_defs.h. ircd_defs.h is used by ssld, which has no notion
of logging or sending IRC messages. Additionally, some of the headers
s_assert depends on result in conflicting definitions in ssld.c.

This change also fixes the compile when using --enable-assert=soft.
2013-09-10 06:10:14 +00:00
Quora Dodrill
2c0450fb60 src/s_conf: Avoid re-inventing the wheel 2013-08-14 15:45:35 -07:00
Quora Dodrill
a576a0fe64 src/s_conf: More detailed error messages conforming to POSIX errno
When the configuration file is unreadable or not existing, charybdis will now report the POSIX error message from the failed call. This is a compromise between the behavior in f951460ae9 and f6f049070e.
2013-08-14 15:30:15 -07:00
Jilles Tjoelker
7ddd614cd3 Ensure consistent indexing into user_modes independent on signedness of char. 2013-08-14 23:49:59 +02:00
Quora Dodrill
f951460ae9 src/s_conf: Moved error notification to proper place
Previously it was in src/ircd.c, but accroding to jilles, this is a better place for the notification.

This changes a patch made in adef4da10c and amended in 65d921173c and f6f049070e.
2013-08-14 14:28:11 -07:00
Quora Dodrill
f6f049070e src/ircd: fix -configfile argument 2013-07-10 08:44:27 -07:00
Quora Dodrill
65d921173c src/ircd: Missed case where ircd.conf is unreadable to the ircd 2013-07-09 20:16:04 -07:00
Quora Dodrill
adef4da10c src/ircd: Die if the configuration file does not exist 2013-07-09 20:04:45 -07:00
Elizabeth Myers
e232f35c63 Blacklist: fix accidentally clobbering previous filters 2013-04-21 11:10:57 -05:00
Elizabeth Myers
3c93d380e0 Add support for multiple forms of blacklist queries using matches.
It supports both literal and last octet matches from the dnsbl.
If matches is not present, the old behaviour is used.
2013-04-20 20:49:11 -05:00
Jilles Tjoelker
90e3d1b7e1 Update .depend files. 2013-03-23 23:32:46 +01:00
William Pitcock
6f7b36d5d0 Mostly enable support for checking format strings with -Wformat.
Basically derived from Ratbox 3.1.
2013-02-21 05:46:04 -06:00
William Pitcock
2db1f25df5 Atheme is not responsible for the mental health changes of IRC operators using charybdis. 2013-02-03 14:06:13 -06:00
Jilles Tjoelker
e69375f3ac Cope with rb_crypt() returning NULL. 2013-02-02 00:54:32 +01:00
Jilles Tjoelker
4e4a5fcc61 Skip cidr checking for hostmask.c entries with negative cidrlen.
They will be treated as hostmasks only. In the case of dlines they will
be rejected as invalid.

hostmask.c entries such as dlines, klines and auth blocks can only be
added by opers or via ircd.conf.
2013-01-29 23:43:20 +01:00
Jilles Tjoelker
441da2f245 Also restrict cidrlen for testmask/masktrace (match_ips()). 2013-01-29 23:31:39 +01:00
Jilles Tjoelker
4dbd5e07ad Skip cidr checking for bans with negative or too large cidrlen.
Upto some length, such bans could match the exact IP address.

Obtained from: ircd-ratbox (androsyn)
2013-01-29 23:29:34 +01:00
William Pitcock
3dae60ef47 cache: use rb_strdup() instead of a static buffer for cache lines.
BUFSIZE limitation is retained as there is no need to remove it, as all lines must be smaller than it
due to RFC1459 message requirements.
2013-01-15 16:24:33 -06:00