Commit graph

2420 commits

Author SHA1 Message Date
Aaron Jones
1ea72c8f86
[ssld] Fix possible crash when DH parameters are not provided
This has ssld calling strlen() on a NULL value

[ci skip]
2016-05-03 17:48:04 +00:00
Aaron Jones
5c8da48264
Backport more TLS backend and ssld fixes & improvements from 3.6
openssl:
 * Don't manually initialise libssl 1.1.0 -- it does this automatically
 * SSL_library_init() should be called first otherwise
 * Move SSL_CTX construction to rb_setup_ssl_server()
 * Test for all required files (certificate & key) before doing anything
 * Free the old CTX before constructing a new one (Fixes #186)
 * Properly abort rb_setup_ssl_server() on CTX construction failures
 * Support ECDHE on more than one curve on OpenSSL 1.0.2 and above
 * Clean up ifdef indentation
 * Fix DH parameters memory leak

mbedtls:
 * Fix certificate fingerprint generation
 * Fix library linking order
 * Fix incorrect printf()-esque argument count
 * Return digest length for fingerprints instead of 1, consistent
   with the other backends

sslproc / ssld:
 * Fingerprint methods have no assocated file descriptors
 * Send TLS information (cipher, fingerprint) before data
 * Use correct header length for fingerprint method

Authored-by: Aaron Jones <aaronmdjones@gmail.com>
Authored-by: William Pitcock <nenolod@dereferenced.org>
Authored-by: Simon Arlott <sa.me.uk>
2016-04-30 21:39:05 +00:00
William Pitcock
1d2ba176ea
ircd: Channel.bants is not a serial but a timestamp.
Previously, the IRCd would increment bants instead of resyncing the timestamp, causing the potential of
false negatives from the bancache system.
2016-04-30 00:14:06 +00:00
Valerii Iatsko
bf9e0a6ed5 Fixed compilation w/ gnutls v3 2016-04-02 17:28:37 -05:00
William Pitcock
558bca8608 news for 3.5.1. 2016-04-02 17:22:14 -05:00
William Pitcock
db1b744e41 charybdis 3.5.1. 2016-04-02 17:21:06 -05:00
William Pitcock
18244e32f3 more ssld ipc improvements from 3.6 2016-04-02 17:20:15 -05:00
William Pitcock
987fa43982 sslproc: partial backport of 3.6 connid changes 2016-04-02 17:16:09 -05:00
William Pitcock
f76b0cee90 s_serv: ensure we use the actual assigned connid on an outbound connection 2016-04-02 17:15:01 -05:00
William Pitcock
d5ff7a9c3c ssld: do not shadow openssl-internal symbol "ssl_ok" (yeah, i know) 2016-04-02 17:12:28 -05:00
William Pitcock
1533b40304 ssld: we use uint8_t for IPC buffers, not char 2016-04-02 17:11:21 -05:00
Simon Arlott
b7cca0143d ssld: change_connid may be called with an unknown ID
If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
2016-04-02 17:11:08 -05:00
Valerii Iatsko
b1f028e5d4 ssld: fix memleak
same as r29199 ircd-ratbox:
free zlib_stream_t with the rest of the conn_t
2016-04-02 17:10:42 -05:00
Aaron Jones
56f1d769bd
Document extb_usermode module in reference.conf
Also add it to the example configuration files

[ci skip]
2016-03-28 03:34:36 +01:00
Aaron Jones
604ab13778
extensions: Fix duplicate extban character usage
extb_usermode and extb_hostmask both use the same extban character
('m'), resulting in only one of the modules being usable (depending
on module load order) and neither one functioning if one of them
is unloaded.

This changes the character for extb_usermode from 'm' to 'u'.

[ci skip]
2016-03-28 03:33:24 +01:00
William Pitcock
e3af723d23 m_cap: ensure that CAP parameters are properly initialized to zero 2016-02-28 19:08:03 -06:00
William Pitcock
e253d010ed libratbox: gnutls: add gnutls 3.4 support (closes #123) 2016-01-24 14:52:40 -05:00
William Pitcock
1ce6270904 charybdis 3.5.0. 2016-01-05 19:49:18 -06:00
William Pitcock
25eeb5ed55 last pass at NEWS 2016-01-05 19:49:13 -06:00
William Pitcock
947d2bba47 extb_oper: allow matching $o:<privset> as well as $o:<permission> as in 3.4 2016-01-05 19:12:38 -06:00
William Pitcock
2daf18131c chmode: sscanf(3) returns the number of items matched, so might as well use it 2016-01-05 19:06:05 -06:00
William Pitcock
90552e214c chmode: properly validate chm_throttle mode parameters 2016-01-05 19:02:44 -06:00
William Pitcock
5810d36e0a whois: privset disclosure: we do not need to check if source user is the same as target, because they will always be opered 2016-01-05 18:55:23 -06:00
William Pitcock
32d5702869 extensions: add the ability to hide uncommon channels in WHOIS, like in ircd-seven (closes #6) 2016-01-05 18:45:07 -06:00
William Pitcock
9e07c8f70b whois: add a hook allowing for ShowChannel() behaviour to be overridden for channel visibility 2016-01-05 18:45:07 -06:00
Aaron Jones
5499771f0e
Fix erroneous comment 2016-01-01 09:31:55 +00:00
Juuso Lapinlampi
6eb0267a90 messages.h: Remove 900-902 IRCv3.1 SASL trailing period
The IRCv3.1 SASL specification [1] has been updated today, and brings a
level of consistency with the trailing periods (or the lack of).

This implements the change made in
ircv3/ircv3-specifications@6d2ca77ffd.

[1]: http://ircv3.net/specs/extensions/sasl-3.1.html
2015-12-30 12:51:48 +02:00
Aaron Jones
0e06053c33
Fix erroneous use of wrong string concatenation function
Avoids warning:

  m_map.c:203:3: warning: implicit declaration of function ‘strlcat’
  [-Wimplicit-function-declaration]
2015-12-30 08:34:27 +00:00
Aaron Jones
63b120e53f Merge pull request #114 from grawity/tlstls
m_starttls: reject "STARTTLS" use over an existing TLS connection
2015-12-30 08:28:48 +00:00
Mantas Mikulėnas
2b17787939 m_starttls: reject "STARTTLS" use over an existing TLS connection 2015-12-30 09:28:53 +02:00
Jilles Tjoelker
f8d9a4c289 list: Remove a now obsolete comment. 2015-12-29 13:55:16 +01:00
William Pitcock
7e5f0af686 markdownify NEWS.md 2015-12-28 21:34:57 -06:00
Juuso Lapinlampi
e0160ec5a4 messages.h: Standardize 256 (RPL_ADMINME) with RFC 1459
RPL_ADMINME is a response the client receives using the ADMIN command.
Charybdis used to implement a non-standard version of this.

The RFC 1459 standard [1] says in section "6.2 Command responses.":

            256     RPL_ADMINME
                            "<server> :Administrative info"

This commit corrects the behavior to follow the standard.

[1]: https://tools.ietf.org/html/rfc1459
2015-12-28 21:19:47 -06:00
JD Horelick
7d2c91e767 Update Git repo references to new organization 2015-12-28 16:01:07 -08:00
William Pitcock
4d38dd60ed whois: bring permissions check in line with the same one in m_privs 2015-12-28 14:55:59 -06:00
William Pitcock
fb01429969 Merge pull request #112 from ProgVal/trailing-space
Remove trailing space in CAP ACK.
2015-12-28 11:14:37 -06:00
Valentin Lorentz
d855e13e01 Remove trailing space in CAP ACK.
Fixes https://github.com/atheme/charybdis/issues/110
2015-12-28 10:57:17 +01:00
William Pitcock
e00552d5ce whois: cosmetic improvement to opered-as numeric 2015-12-28 01:38:13 -06:00
William Pitcock
0817ad4cd0 messages.h: fix numeric 320 2015-12-28 01:36:40 -06:00
William Pitcock
72ad5c04fe whois: list active operator block and privset when appropriate 2015-12-28 01:33:09 -06:00
William Pitcock
c7b2fd3d66 MODE: allow 'q' banlist queries to bypass flood limits too 2015-12-28 00:48:46 -06:00
William Pitcock
0950390c77 version: update general copyright to 2016 since we will probably release later this week 2015-12-28 00:39:38 -06:00
William Pitcock
9603d01164 CREDITS: cosmetic updates 2015-12-28 00:31:03 -06:00
William Pitcock
6dedd21279 NEWS: last pass at updates for 3.5.0 2015-12-28 00:17:15 -06:00
William Pitcock
6dcf35b167 libratbox: don't build arc4random support if mbedtls is present. libratbox r29245 2015-12-27 21:21:33 -06:00
William Pitcock
5cc7ba2577 libratbox: fix scoping issue with alloca()'d buffer which could result in undefined behaviour.
this is ported from upstream libratbox r29267
2015-12-27 21:19:17 -06:00
William Pitcock
340b2512d4 sno_whois: fix resource leak, pointed out by mniip 2015-12-27 17:08:57 -06:00
William Pitcock
0b904d91bf supported: move ISUPPORT tokens provided by modules to their specific modules:
- m_cmessage: CPRIVMSG/CNOTICE
- m_etrace: ETRACE
- m_knock: KNOCK
- m_services: FNC
- m_who: WHOX
2015-12-26 22:41:09 -06:00
William Pitcock
d513218a9e LIST: allow channel display threshold to be configured (closes #109) 2015-12-26 22:23:28 -06:00
Jilles Tjoelker
e124e4b64c starttls: Update for client fd hash removal. 2015-12-24 23:01:37 +01:00