Commit graph

570 commits

Author SHA1 Message Date
Jilles Tjoelker
7a9a9000b7 Enable remote WHOWAS queries.
On ircd-seven, this will allow remote opers to see certain hidden IPs.
2013-09-13 22:29:26 +02:00
Keith Buck
77d3d2dbaf Remove s_assert definition from ircd_defs.h and add it to its own header.
s_assert requires some higher-level functionality that shouldn't be
present in ircd_defs.h. ircd_defs.h is used by ssld, which has no notion
of logging or sending IRC messages. Additionally, some of the headers
s_assert depends on result in conflicting definitions in ssld.c.

This change also fixes the compile when using --enable-assert=soft.
2013-09-10 06:10:14 +00:00
Jilles Tjoelker
35bfe0e644 join: Fix messages about join failures such as banned.
This was broken by 6f7b36d5d0 in February
2013, as join failures are the only situation where a non-trivial
numeric is passed through from other code to be sent to a client. Fix it
by porting more code from ircd-ratbox 3.1.
2013-07-07 23:50:20 +02:00
Jilles Tjoelker
b2c208be09 m_info: Correct description of general::client_exit like in example confs.
Reported by:	jackal
2013-06-16 11:35:04 +02:00
Jilles Tjoelker
373a04393b kill: Improve comment about kill hook. 2013-04-27 16:55:45 +02:00
Elizabeth Myers
9d745dbd21 Implement kill-cancelling hook.
With this comes an example module to block the killing of services.

NOTE: this will not cancel remote kills. Those are still accepted, per
the TS 6 specification.
2013-04-20 01:07:55 -05:00
Alex Iadicicco
fda96b89dc m_nick: Reject nicks with '~' in them, rather than cutting at the '~'
The behavior of cutting at the first '~' is confusing at first, and
looks too much like a bug.
2013-04-17 17:27:27 -07:00
Jilles Tjoelker
90e3d1b7e1 Update .depend files. 2013-03-23 23:32:46 +01:00
Jilles Tjoelker
ce782b68fe Don't send ERR_NICKCOLLISION to a user that will not be killed. 2013-03-23 22:57:28 +01:00
William Pitcock
6f7b36d5d0 Mostly enable support for checking format strings with -Wformat.
Basically derived from Ratbox 3.1.
2013-02-21 05:46:04 -06:00
Jilles Tjoelker
2ebef8d925 whois: Fix UID leak.
The second parameter of WHOIS is always a nick.
2013-02-14 23:45:22 +01:00
Jilles Tjoelker
e0c7937a9f UID/EUID: Add server's SID to invalid UID error message. 2013-02-03 20:31:52 +01:00
Jilles Tjoelker
561d7efc44 UID/EUID: Check that the UID starts with the server's SID.
If not, the local link that sent the command is broken, as with
syntactically invalid UIDs.
2013-02-03 19:38:46 +01:00
Jilles Tjoelker
9cbf72447c stats l: Don't care about away status. 2013-02-03 19:33:31 +01:00
Jilles Tjoelker
e69375f3ac Cope with rb_crypt() returning NULL. 2013-02-02 00:54:32 +01:00
Jilles Tjoelker
df2516e6d8 whowas: Abort listing if 90% of sendq is in use. 2013-02-02 00:50:03 +01:00
Jilles Tjoelker
b6e02c25b5 starttls: Don't send ERR_STARTTLS after successful STARTTLS. 2013-01-05 15:09:17 +01:00
Jilles Tjoelker
fce4df5473 server: Show the missing CAPABs when rejecting a server. 2013-01-02 21:00:18 +01:00
Jilles Tjoelker
22b24f637d server: Move required CAPAB check after authentication and add snote and log. 2013-01-02 20:07:28 +01:00
William Pitcock
ac0707aa61 m_capab: fix a possible remote crash triggered by the CAPAB parsing code. 2012-12-31 13:13:05 -06:00
Jilles Tjoelker
71eb2bb99b server: Fix required capabilities check if there is more than one capability. 2012-12-18 16:37:21 +01:00
Jilles Tjoelker
8ff07125c3 starttls: Explicitly reject starttls if TLS is not configured or not compiled in. 2012-11-03 15:50:43 +01:00
Jilles Tjoelker
c1cddb36c0 starttls: Don't corrupt the FD hash.
Altering localClient->F without updating the FD hash leaves the struct
Client in the FD hash indefinitely which causes a crash later if the
struct is reused for a remote client. It also prevents error messages
from ssld showing up on IRC properly.
2012-11-03 00:49:10 +01:00
William Pitcock
c4e81ae9e9 m_starttls: handle error condition with ERR_STARTTLS (691) numeric per tls-3.2 specification 2012-09-22 19:31:55 -05:00
William Pitcock
21f715a9a3 m_starttls: new module implementing ircv3 tls-3.1 optional extension 2012-09-22 16:30:01 -05:00
William Pitcock
538d4d6188 m_cap: add 'tls' core capability 2012-09-22 14:15:45 -05:00
William Pitcock
4727c0f586 m_stats: apply same logic to anonymous /stats l as /stats p 2012-09-18 20:01:53 -05:00
William Pitcock
e82bda18a5 m_stats: add optional constraint checking function pointer to stats_l_list(). 2012-09-18 19:55:49 -05:00
Jilles Tjoelker
e4ce3b5409 stats R: Make the CPU time display less ugly. 2012-06-04 00:49:59 +02:00
Keith Buck
c46a4ecd97 Move marking of services entirely to m_services.c; mark all services when m_services loads and unmark them when it unloads. 2012-05-21 21:03:56 +00:00
Keith Buck
ec57fe6779 Complain to opers if a server that isn't a service tries to SU/RSFNC/NICKDELAY/SVSLOGIN. 2012-05-21 17:27:02 +00:00
Jilles Tjoelker
69e7a2cdc3 list: Strip colours from channel topics.
This allows in-channel use of coloured topics (or via /topic out of
channel) but leaves channel listings clean.
2012-04-29 00:44:33 +02:00
Keith Buck
62cf5b4036 Call the privmsg_channel hook for part messages too. 2012-04-07 03:03:07 +00:00
Keith Buck
880db619be m_message: Remove some unused variables. 2012-04-03 21:51:09 +00:00
William Pitcock
b8c16fdaba if 0 some things out 2012-04-01 00:09:18 -05:00
William Pitcock
f30a5ee4c4 Remove MODE_NOCTCP from core, in favor of chm_noctcp. 2012-03-31 22:48:36 -05:00
William Pitcock
67aeaba593 Remove MODE_NOCOLOR from core, replacing it with modules/chm_nocolour.so. 2012-03-31 22:26:45 -05:00
William Pitcock
6eb033605c Check for empty string after permutation hooks have run. 2012-03-31 22:18:15 -05:00
William Pitcock
ca4c2a86ee Add support for hookifying PRIVMSG/NOTICE.
This will allow us to modularize message processing, e.g. having new modules to manipulate
channel and private messages in new ways.

Yes: it can be used to intercept messages, but such modules are already out in the wild for
charybdis anyway -- so this doesn't really change anything there.

If you are changing the text, then it is your responsibility to provide a pointer to a new
buffer.  This buffer should be statically allocated and stored in your module's BSS segment.
We will not, and cannot, free your buffer in core, so dynamically allocated buffers will
cause a memory leak.

This will allow us to simplify m_message considerably, by moving channel mode logic out to
their own modules.
2012-03-31 21:23:01 -05:00
Keith Buck
bb73e588bc tginfo/certfp ENCAP: Specify the minimum number of parameters instead of checking parc. 2012-03-25 17:04:21 +00:00
Keith Buck
9120d0efb0 m_away: Add missing return value. 2012-03-25 02:47:39 +00:00
Keith Buck
2d537cae88 Remove unused variable cruft. 2012-03-25 02:37:41 +00:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00
Keith Buck
bc4dea6937 target change: Propagate restricted addresses. 2012-03-18 01:18:57 +00:00
Jilles Tjoelker
494d2b9dd4 Apply special CTCP handling to messages to @/+ channel as well:
* +C cmode blocks CTCPs
 * CTCPs to large channels relax some flood protection to allow all
   answers through.
2012-03-14 23:20:05 +01:00
Jilles Tjoelker
60dd1febe2 Apply colour stripping (cmode +c) to messages to @/+ channel as well. 2012-03-14 23:04:30 +01:00
Jilles Tjoelker
d1316b193b Keep forward channels in sync after a netjoin.
Arbitrarily prefer a forward channel to no forward channel and an
alphabetically higher forward channel to a lower one.

This is a simplistic implementation that generates one MODE message to
local clients for each ban removed (to be replaced).

For simplicity and to avoid amplification of incoming MODE messages,
regular modes may still desync the forward channel of a ban.
2012-03-03 23:45:52 +01:00
Nathan Phillip Brink
80e49b4ca8 Run make depend. 2012-03-01 03:51:33 +00:00
Nathan Phillip Brink
c74836dc4a Add explicit support for being installed into a system triggered with --enable-fhs-paths.
Add two mechanism for avoiding name-collisions in a system-wide
installation of charybdis. The ssld and bandb daemons, intended to be
directly used by ircd and not the user, install into libexec when
--enable-fhs-paths is set. For binaries which are meant to be in PATH
(bindir), such as ircd and viconf, there is now an option
--with-program-prefix=progprefix inspired by automake. If the user
specifies --with-program-prefix=charybdis, the ircd binary is named
charybdisircd when installed.

Add support for saving the pidfile to a rundir and storing the ban
database in localstatedir instead of in sysconfdir. This is, again,
conditional on --enable-fhs-paths.

Fix(?) genssl.sh to always write created SSL key/certificate/dh
parameters to the sysconfdir specified during ./configure. The
previous behavior was to assume that the user ran genssl.sh after
ensuring that his current working directory was either sysconfdir or a
sibling directory of sysconfdir.
2012-03-01 02:41:09 +00:00
Nathan Phillip Brink
d54e352b45 During installation, don't unconditionally create an empty `modules-old' directory. 2012-02-28 06:40:18 +00:00
Nathan Phillip Brink
f02e3a2628 Use LDFLAGS when compiling extensions or modules. 2012-02-28 04:36:00 +00:00
William Pitcock
dc0fd46236 Ensure AWAY pacing only affects local clients. 2012-02-21 21:09:33 -06:00
Jilles Tjoelker
725403fd7f Don't end the flood grace period with the first AWAY.
This allows clients to restore an away message early in the connection
process without breaking flood grace.
2012-02-18 16:35:31 +01:00
Jilles Tjoelker
d42e6915cf Pace aways.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).

Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
2012-02-18 16:32:57 +01:00
Keith Buck
7e132ff005 ratelimit: Add rate-limiting to MOTD, WHO, and remote WHOIS. 2012-02-18 03:56:47 +00:00
Keith Buck
e88a1f1b15 Add ratelimit for high-bandwidth commands. 2012-02-18 03:54:44 +00:00
Jilles Tjoelker
c25a890796 Remove some TS5 code from ms_bmask().
ms_bmask() used to send MODE messages to TS5 servers, but
TS5 support was removed long ago.
2012-02-17 00:36:12 +01:00
Jilles Tjoelker
23f6b63af6 Send forward channel when bans are added/removed because of TS/bursts.
If a netburst adds bans or a channel TS change removes bans, +b/-b modes
are generated. Make sure these contain the forward channel, if any.

This appears also broken in ircd-seven.
2012-02-17 00:09:39 +01:00
Jilles Tjoelker
65b8d06c71 Do not send unchanged away messages to other users via away-notify. 2012-02-14 23:14:42 +01:00
Keith Buck
c5bbc60375 Add away-notify client capability. 2012-02-14 14:15:44 +00:00
Jilles Tjoelker
e5520caf0a Allow opers to do /stats C.
In particular, this allows remote /stats C.
2012-02-11 23:17:04 +01:00
Jilles Tjoelker
ed11b18f0f Allow normal users to do PRIVS on themselves.
This basically shows a subset of the information shown by the notices
on connect like "*** You are exempt from K/X lines".
2012-02-06 23:15:03 +01:00
William Pitcock
ac37f16a3d m_stats: iterate capability indexes on /stats C 2012-02-04 21:33:54 -06:00
William Pitcock
806402515b m_server: make sure required_caps is non-zero. 2012-02-04 04:39:39 -06:00
William Pitcock
79d488b283 m_server: reenable required cap negotiation 2012-02-04 02:03:52 -06:00
William Pitcock
346fba9252 Migrate capability negotiation code to new dynamic capability management API.
This needs a lot of testing, obviously.
2012-02-04 01:47:46 -06:00
Jilles Tjoelker
97532cfafb Fix assertion failure when failing to join a channel and there is no forward.
This was harmless apart from the message.
2012-01-08 16:41:26 +01:00
Jilles Tjoelker
d9af501aa8 Fix a warning about const with forward channels. 2012-01-08 16:23:18 +01:00
Jilles Tjoelker
ae52fe0ff7 Show underlying IPv4 in a remote whois. 2012-01-08 15:51:48 +01:00
Keith Buck
9319a2e206 Remove double-quote restriction on dline, kline, resv, and xline reasons; remove colon restriction on xline reasons. 2011-12-30 17:29:58 +00:00
William Pitcock
b583faf970 Add support for customizing the usable nick length.
This adds a new ISUPPORT token, NICKLEN_USABLE which is strictly an informative value.
NICKLEN is always the maximum runtime NICKLEN supported by the IRCd, as other servers may
have their own usable NICKLEN settings.  As NICKLEN_USABLE is strictly informative, and
NICKLEN is always the maximum possible NICKLEN, any clients which depend on NICKLEN for
memory preallocation will be unaffected by runtime changes to NICKLEN_USABLE.

The default NICKLEN is 50; the default serverinfo::nicklen in the config file is set to
30, which is the NICKLEN presently used on StaticBox.
2011-11-29 16:10:21 -06:00
William Pitcock
e2606551a2 Fix potential buffer-overflow from malformed RSFNC request. 2011-11-29 15:50:54 -06:00
Jilles Tjoelker
0cce01d388 Fix -Wformat errors found in ircd-ratbox.
We cannot use -Wformat meaningfully but ircd-ratbox trunk can.
2011-11-13 00:22:09 +01:00
Jilles Tjoelker
a75bf40dad Fix weirdness with client_flood_burst_rate and client_flood_burst_max.
They are now in messages, even if client_flood_message_time is not 1.

If client_flood_message_time is not 1 (by default it is), this needs a
configuration change to maintain the same behaviour.
2011-10-04 00:57:49 +02:00
Jilles Tjoelker
d182b85454 Minor cleanup to command throttling code:
* Deduce allow_read from the client's state (IsFloodDone) rather than
   storing it in LocalUser.
 * Fix the documentation (in oper /info), however strange
   client_flood_burst_rate and client_flood_burst_max may seem, that is
   how they currently work.
2011-10-04 00:46:00 +02:00
Jilles Tjoelker
6a85e665db If use_forward=no, ignore any forwarding for joins by local users. 2011-09-25 17:26:01 +02:00
Jilles Tjoelker
2da6f6ebd7 Put back use_forward. 2011-09-25 16:22:29 +02:00
Keith Buck
2220472610 m_resv.c: replace erroneous UNXLINE cluster calls with UNRESV. 2011-08-18 03:48:40 +00:00
Elizabeth Jennifer Myers
765d839d3c Port ircd-seven banfowards to charybdis.
nenolod gave the thumbs-up to port ircd-seven banfowards to charybdis to spb
for a while, and people have asked about it. Might as well do it since it's a
slow weekend.

Note that as a side effect use_forward is removed from the config and
unconditionally enabled!
2011-08-12 20:33:10 -04:00
Elizabeth Jennifer Myers
7eec45bc9d Back out chanroles.
While what chanroles are trying to accomplish is a good idea, it is
apparently unclear this is the proper way to do it. Until we figure out
the exact way we wish to do this, it should be reverted for now.
2011-07-07 21:24:14 -04:00
Elizabeth Jennifer Myers
e1ee78ae30 Partially revert e794d39a80.
As jilles pointed out, it is best that the chanserv access list always
remain synced with the grant list. Thus, the ability for clients to set
this is not a good idea unless services knows about the grant, but this
leads to all sorts of messy issues and likely isn't worth it.
2011-07-06 18:14:57 -04:00
Elizabeth Jennifer Myers
e794d39a80 Add client interface for GRANT.
TODO: implement notifications of grant privilege changes to the target.
2011-07-06 17:25:26 -04:00
William Pitcock
460b6d9fb2 chanroles: ENCAP GRANT should work under the assumption that we want to zero out
this makes setting new roles on a user much easier as we're just setting the roles they
should be having, instead of having to try to revoke roles we don't necessarily know
about.
2011-07-06 15:04:45 -05:00
Elizabeth Jennifer Myers
8aabb973c0 Implement chanroles, as discussed with nenolod.
The theory behind this is that services sends an ENCAP * GRANT #channel
UID :+flagspec message specifying the chanroles the user has. They are
mapped into flag bits and applied to the membership of the user. They
then are restricted or permitted to what they can do based on the
permissions mask regardless of rank.

For backwards compatibility, the default permission bit (without a GRANT
statement) allows a user to to anything an existing op can do ONLY if
they are an op.

Todo: make CHANROLE_STATUS work (the ability to apply +ov to people),
which is at the moment controlled by CHANROLE_MODE.
2011-07-06 13:46:22 -04:00
William Pitcock
0351022738 RSFNC: allow RSFNC against a target which just changes the capitalization of the nickname
this is useful for gently changing a nickname from ReTARDeDNICk to Retardednick, see
ns_cleannick in atheme git.
2011-07-02 19:53:21 -05:00
Jilles Tjoelker
45ed883584 rsfnc/svslogin: Add server notices for kills.
When we broadcast a KILL message, this generates server notices on all
other servers (assuming the target user exists). Therefore, we should
also send a notice to our local opers.
2011-06-25 15:56:22 +02:00
Jilles Tjoelker
2b843a5bdd dline,kline: Avoid breaking the protocol with bad bans. 2011-06-25 11:34:34 +02:00
Jilles Tjoelker
b5d9427a78 invite: Remove useless IsChannelName check. 2011-06-25 11:34:16 +02:00
Jilles Tjoelker
0941f28e7d knock,topic: Remove useless IsChannelName checks.
If !IsChannelName(name), then certainly find_channel(name) == NULL.
2011-06-25 11:17:37 +02:00
Jilles Tjoelker
a4eeda898e operspy list: Show '!' prefix for otherwise hidden channels rather than +s ones.
This is consistent with operspy whois.
2011-05-24 00:30:45 +02:00
Keith Buck
bf0a45920d modules/m_list.c: Change operspy LIST syntax to match everything else that accepts operspy. 2011-05-22 20:30:49 -07:00
William Pitcock
f5493691ed branding: if CUSTOM_BRANDING is defined, display charybdis version in /info
(based on ircd-seven rebrand patch)
2011-05-08 09:06:19 -05:00
Jilles Tjoelker
a1574df4a2 Allow kick_on_split_riding to protect channels with mlocked keys.
Do kick_on_split_riding if services sends an SJOIN
with a lower TS and a different key. This relies on
services restoring TS (changets option in atheme) and
services not immediately parting after receiving the
KICK, which is the case in recent atheme.

For invite-only channels, still only do
kick_on_split_riding in netbursts. Services is
assumed to handle this itself (atheme does).
2011-04-06 19:05:08 +02:00
Jilles Tjoelker
572488e029 If the sasl mechanism is EXTERNAL, send the certfp in the initial S message. 2011-04-04 00:59:20 +02:00
Jilles Tjoelker
f62f94b094 Back out AUTHENTICATE EXTERNAL so I can do it differently.
The current approach is fundamentally broken as it allows
anyone in that knows the certfp and uses an old ircd as
their server.
2011-04-04 00:44:07 +02:00
Jilles Tjoelker
1b19fe8b5e Revert "sasl: remove checks for impossible conditions".
This check is not impossible and can be triggered by
sending a PASS command like a server would send first.

This backs out changeset 8cba4464feec.
2011-03-31 23:26:26 +02:00
William Pitcock
27126f911d sasl: first attempt at ircv3.1 AUTHENTICATE EXTERNAL support 2011-03-31 00:35:58 -05:00
William Pitcock
d8c45202e3 sasl: remove checks for impossible conditions 2011-03-31 00:18:32 -05:00
Stephen Bennett
e6e54763d9 Make flood control settings configurable by those who know exactly what they're doing.
From ircd-seven git changeset 29aa4203150337925a4f5c6e7da47be5394c2125 .
2011-03-27 16:35:26 -04:00
Elizabeth Jennifer Myers
6493f05d8c m_challenge: fix use of undefined behaviour.
GCC does what we expect, but other compilers could do just about anything.
2011-02-22 12:00:45 -05:00