Commit graph

3526 commits

Author SHA1 Message Date
Ed Kellett
bdc87b5f37
m_grant: maintain privilegeset refcounts 2019-09-15 00:35:55 +01:00
Ed Kellett
6119faa9a0
charybdise m_grant 2019-09-15 00:35:55 +01:00
Ed Kellett
c1649fd04d
Use the m_grant from ircd-seven
Charybdis' rewritten m_grant introduces at least one serious bug without
providing any apparent benefit. I think the best solution here is the
easiest one.

The bug in question is that an empty mode change is triggered after
seven's grant has done its work, and this is necessary in order to
give umodes granted by oper privileges a chance to update. The rewrite
removes this, generating a mode change only if it wants to change the
state of +o, which means the grant victim can keep privileged modes they
no longer have access to, or fail to gain new ones.
2019-09-15 00:35:55 +01:00
Aaron Jones
8b7503c89a
Merge pull request #284 from edk0/drain
Add extensions/drain (port from ircd-seven)
2019-09-14 21:21:38 +00:00
Janik Kleinhoff
a0d1df9f38
extensions/drain: remove superfluous includes 2019-09-14 21:13:11 +01:00
Ed Kellett
b674a619eb
Add extensions/drain
This takes the simplest possible approach: load the module and you're in
drain mode.
2019-09-14 21:13:11 +01:00
Aaron Jones
b9da417b4e
Merge pull request #282 from edk0/propagate-oper
Propagate OPER
2019-09-13 12:15:06 +00:00
Ed Kellett
ed3ca2ff16
Propagate OPER
Move opername and privset storage to struct User, so it can exist for
remote opers.

On /oper and when bursting opers, send:

    :foo OPER opername privset

which sets foo's opername and privset. The contents of the privset on
remote servers come from the remote server's config, so the potential
for confusion exists if these do not match.

If an oper's privset does not exist on a server that sees it, it will
complain, but create a placeholder privset. If the privset is created by
a rehash, this will be reflected properly.

/privs is udpated to take an optional argument, the server to query, and
is now local by default:

    /privs [[nick_or_server] nick]
2019-09-13 10:08:27 +01:00
Aaron Jones
742ddc8fac
Merge pull request #279 from edk0/operhide
Rework oper hiding
2019-09-12 22:17:26 +00:00
Ed Kellett
1123eefcb0
Rework oper hiding
As it stands, oper hiding is rather messy and inconsistent. Add
SeesOper(target, source), which is true iff target should appear as an
oper to source. If I haven't missed something, all commands that reveal
oper status now use the same logic.

general::hide_opers_in_whois is a special case, and affects /whois only.

general::hide_opers is introduced, and has the same effect as giving
everyone oper:hidden. All commands that reveal oper status respect both.
2019-09-12 23:14:15 +01:00
Aaron Jones
f7f1c50494
Support ECDH X25519 for TLSv1.3 (OpenSSL 1.1.1) 2019-09-08 14:00:24 +00:00
Aaron Jones
95c84a44fd
Merge pull request #277 from edk0/helpops
Fix various bugs in extensions/helpops
2019-09-07 14:57:30 +00:00
Aaron Jones
a9118e5b81
Merge pull request #278 from edk0/override
Fix various bugs in extensions/override
2019-09-07 14:26:01 +00:00
Aaron Jones
d6c8286e3e
Merge pull request #275 from edk0/override-immunity
override: move kick immunity to its own module
2019-09-07 14:10:22 +00:00
Aaron Jones
84a969d686
Merge pull request #276 from edk0/deferred-cap-notify
Deferred capability notifications from modules
2019-09-07 14:08:19 +00:00
Ed Kellett
dbeda234e6
override: always check oper:override
It's possible to have the oper:override privilege removed by /grant.
/grant triggers an empty umode change event to allow privileged umodes
to be set or removed, so checking for oper:override on all umode changes
(and not just ones where +o or +p is changed) allows us to remove +p
when necessary.
2019-09-07 15:06:39 +01:00
Ed Kellett
6637a54728
override: don't leak the old expiry timer list 2019-09-07 15:06:39 +01:00
Ed Kellett
cc75db3f3f
override: start timers for +p clients on modinit
Reloading override previously would have the effect of cancelling +p
expiry. With this change, reloading the module just refreshes the
timers, so expiry is delayed a bit rather than forgotten entirely.
2019-09-07 15:06:39 +01:00
Ed Kellett
5339043003
helpops: remove +H if usermode:helpops is lost 2019-09-07 15:04:05 +01:00
Ed Kellett
0c5dd86cfc
helpops: handle the helper list properly on reload
Free the whole list on unload rather than leaking it, and initialise it
to the list of people with +H on load.
2019-09-07 15:04:05 +01:00
Ed Kellett
6c639159b0
helpops: fix umode handling
construct_umodebuf() can change the char->flag mapping (to restore an
orphaned mode). I don't love the use of a fake constant, so I think the
cleanest solution here is just to index user_modes with a macro for the
umode letter.
2019-09-07 15:04:05 +01:00
Ed Kellett
28cc8bb924
Deferred capability notifications from modules
Reloading modules sends CAP DEL followed by an immediate CAP NEW:

    :staberinde.local CAP * DEL :account-tag
    :staberinde.local CAP * NEW :account-tag

This isn't very nice. /modrestart is particularly bad. In order to avoid
doing this, we remember the capability set at the beginning of module
operations, compare that with the set afterwards, and report only the
differences with CAP {DEL,NEW}.
2019-09-07 14:59:33 +01:00
Aaron Jones
515b54ddf9
Merge pull request #274 from edk0/event-deletion
librb/event: delete indirectly via a dead flag
2019-09-07 13:56:17 +00:00
Ed Kellett
ead77e93aa
override: move kick immunity to its own module 2019-09-07 14:53:21 +01:00
Ed Kellett
3576d1b482
librb/event: delete indirectly via a dead flag
This avoids an issue where deleting an event inside the handler of a
different event puts the event iteration in an invalid state.
2019-09-07 14:50:42 +01:00
Simon Arlott
9ac0390734
Version 4.1.3-dev 2019-08-31 21:14:27 +01:00
Simon Arlott
efe1f312b5
Version 4.1.2 2019-08-31 21:12:44 +01:00
Simon Arlott
728c3ed5cb
travis: don't run the tests on macosx
overriding rb_gettimeofday and "me" doesn't work
2019-08-31 16:41:18 +01:00
Simon Arlott
ac4365f5a4
ircd: remove debug 2019-08-31 16:36:41 +01:00
Simon Arlott
eeeb228664
cap_server_time: Fix strftime return value check 2019-08-31 16:35:19 +01:00
Simon Arlott
493f729efc
tests: Fix use-after-free bug 2019-08-31 16:32:55 +01:00
Simon Arlott
17809d2db7
librb: Fix type of dst for rb_inet_pton_sock() 2019-08-31 16:10:50 +01:00
Simon Arlott
8b96670079
tests: Remove modules that don't exist 2019-08-31 15:38:48 +01:00
Simon Arlott
a006add93c
check_one_kline: Fix compiler warning 2019-08-31 15:31:45 +01:00
Simon Arlott
c6e707ae76
Merge branch 'edk0-check-one-kline' 2019-08-31 15:05:29 +01:00
Simon Arlott
b18dba6da8
Document the process shared by check_one_kline() and find_kline() 2019-08-31 15:05:20 +01:00
Simon Arlott
912d118fa2
Merge branch 'check-one-kline' of https://github.com/edk0/charybdis into edk0-check-one-kline 2019-08-31 15:05:11 +01:00
Simon Arlott
5a15b97696
Revert "ircd: Fix umode orphan scheme."
This reverts commit c1fc044c35.
2019-08-31 14:43:34 +01:00
Aaron Jones
e2a0687835
Correct OPM port configuration variables
[ci skip]
2019-07-07 19:35:58 +01:00
Simon Arlott
11b122dfd3
travis: run the tests 2019-07-07 19:35:13 +01:00
Ed Kellett
6ca9ff0ea1
Remove unused kline_delay config option 2019-04-27 14:53:04 +01:00
Ed Kellett
9834d3d5ba
Remove unused kline delay machinery 2019-04-27 14:51:27 +01:00
Ed Kellett
43037e1af3
m_ban: check only the added K-line 2019-04-27 14:51:17 +01:00
Ed Kellett
b068a4b518
m_kline: check only the added K-line 2019-04-27 14:47:33 +01:00
Ed Kellett
10df26d08f
Add check_one_kline, expose notify_banned_client 2019-04-27 14:47:28 +01:00
Aaron Jones
c87c8e5bfe
newconf: remove plaintext listeners warning
Closes #270

[ci skip]
2019-03-27 19:29:55 +00:00
Simon Arlott
40a766a0a0
m_sasl: Don't process authentication messages if SASL has been aborted, but track failures 2019-02-23 13:02:15 +00:00
Simon Arlott
958c354cca
tests: Verify behaviour if services authenticates a user after SASL is aborted 2019-02-23 13:02:15 +00:00
Simon Arlott
ac5a5a0cfa
set version back to -dev 2018-08-15 23:12:38 +01:00
Simon Arlott
17776e5274
charybdis 4.1.1 2018-08-15 23:03:50 +01:00