Any hunted parameter with wildcards is now assumed
to be a server, never a user.
Reasons:
* fewer match() calls
* do not disclose existing nicknames
* more intuitive behaviour for CONNECT
m_trace has a copy of some hunt_server logic in it
(for the RPL_TRACELINK reply), so adjust that too.
The extended-join client capability extends the JOIN message with information clients typically
query using WHO including accountname, signon TS and realname.
The reason why we do this is because some clients are dependent on receiving a numeric
for every channel join failure, even due to this limit where it can be assumed that
subsequent joins failed.
This has a separate enabling option channel::channel_target_change.
It applies to PRIVMSG, NOTICE and TOPIC by unvoiced unopped non-opers.
The same slots are used for channels and users.
The code behind this capability was never implemented, and subsequent
discussions have agreed to approach the problem differently. There seems no
reason to continue advertising a capability that does nothing.
* does not apply to NOTICE (as those may well be automated)
* mirrors +g behaviour so that no useless accept entries are added for services
* respects max_accept, if it would be exceeded the message is dropped with numeric 494
* check moved up so this is checked before floodcount/tgchange
This shouldn't provide any way for a client to get on a CALLERID list
without authorization, as if a client is +g already, a CTCP request, for
example, won't be replied to.
(resv, cmode +m, cmode +b, cmode +q, etc.).
This is only checked for local users.
For optimal compatibility, a failure for this reason still
returns ERR_CHANOPRIVSNEEDED.
Side effect: normal users cannot change topics of resv'ed
channels, even if they have ops, just like they already
cannot send messages. This only matters if resv_forcepart
is disabled, as the user would have been removed from the
channel otherwise.
If this option is yes (default), KLINE by itself sets global (propagated) bans.
If this option is no, KLINE by itself sets a local kline following cluster{},
compatible with 3.2 and older versions.
Special modes like +j can be tracked easily just by adding the necessary
code to parse them to set_channel_mlock(). This will cover propagation
as well.
Such bans are not applied locally, but are propagated normally.
They can only be removed on a server that applies them.
Note that normally KLINE will not accept such bans.
This is mainly for services, differing min_wildcard and
ircd changes.
A KLINE command without the ON clause now sets a propagated
("global") ban. KLINE commands with the ON clause work as
before.
Propagated klines can only be removed with an UNKLINE command
without the ON clause, and this removes them everywhere.
In fact, they remain in a deactivated state until the latest
expiry ever used for the mask has passed.
Propagated klines are part of the netburst using a new BAN
message and capab. If such a burst has an effect, both the
server name and the original oper are shown in the server
notice.
No checks whatsoever are done on bursted klines at this time.
The system should be extended to XLINE and RESV later.
There is currently no way to list propagated klines,
but TESTLINE works normally.
The value 0 indicates the creation time is unknown (currently the case
for bandb).
Also store a creation time for xlines and resvs, but do not use it yet.
identd and SASL can cause source_p->user to be present without USER having been sent.
Without this change, that could cause a crash later on as localClient->fullcaps is not initialised.
The behaviour is the same as /msg except that where
/msg would send RPL_UMODEGMSG to the user, the /invite
is instead let through. This counts as a notification
for caller_id_wait like RPL_UMODEGMSG.
Checks are on the target user's server, which means an
error message will appear after RPL_INVITING.
This must be because the accept list is not globally
known.
Similar to /msg, inviting a user that is not in a channel
you have op or voice in requires a free target; opers always
have a free target.
Being invited adds the source as a reply target.
When a user receives a private message, notice or RPL_UMODEGMSG,
add the source to a special set of 5 target slots.
These slots are checked in the normal way when sending messages,
allowing a reply without using up a free target.
This feature will not be very useful if a user is being messaged
by many different users; to help this, messages blocked entirely
by +g or +R do not affect the targets. CTCP replies also remain
free in terms of targets.
The server protocol for this is
:<uid> ENCAP * CERTFP :<40 hex chars>
both in new user introductions and in burst.
As in oftc-hybrid, only the user themselves and opers can see the certfp.
Displaying the certfp on connect seems unnecessary to me,
the user can whois themselves if needed.
A notice will be sent to any force parted users that the channel
is temporarily/permanently unavailable on the server.
A new config option channel::resv_forcepart can be used to disable this.
from ircd-ratbox (dubkat)
Allowing this desynchronizes clients and servers that
do not know about this extension without good reason.
If you want to allow this, change it to spit out the
usual AWAY protocol.
A large group is any $$ or $# or a channel with more than
floodcount/2 local members, checked on each server separately.
Note that floodcount checks are done on the sender's server.
The special treatment is active for 15 seconds.
The change also applies to xlines sent to other servers.
Note that the backslash must be supplied in an unxline.
Incoming xlines containing '",' are rejected to avoid
inconsistency between servers.
Spaces in xline.conf files are changed to \s in memory
and recognized on unxline, but are not changed in the
file. New xlines are added to xline.conf files with \s.
xline.conf written by this commit or newer will not work
properly with charybdis older than 1124:131254925f32 (which
introduced \s support in match_esc()).
(provided channelTS != 0).
ETB is controlled by the EOPMOD capab. Fairly complicated
stuff is needed for older servers.
ETB can come from clients or servers, but at this time it
should only be sent from clients, as otherwise it is not
always possible to update older servers.
to restrict channel names to printable ascii only.
Like disable_fake_channels this only applies to joins
by local users; unlike disable_fake_channels it applies
to opers as well.
Note that in some cases (different TS delta settings,
heavy lag) it is possible only one of the servers
detects the problem and autoconnect may be left enabled.
The mechanism used for disabling is the same as
/quote set autoconn <server> 0; the A flag in /stats c
disappears and a rehash or /quote set autoconn can put
it back.
Author: Stephen Bennett <spb@exherbo.org>
Date: Sun Jan 18 16:30:27 2009 +0000
Make testline show oper reason and setter information for K:lines, where applicable
This should currently be impossible, but may be
possible with extremely long server/nick names and
additional fields.
In case of overflow, the string sent to to the user is
truncated and if it was the first overflow since the
module was loaded a notice is sent to snomask +d.
This gives a useful meaning to the cmode combo +mz-n:
messages from ops and voices go to all channel members,
messages from anyone else (on or off channel) go to ops.
With +mnz, messages from outside are not allowed at all.
Use /quote help who for details.
The format code "o" (oplevel) is not documented,
but implemented showing dummy information (999 for
chanop, n/a otherwise).
A juped server is defined as a server that already
exists with a service{} server as uplink.
If a juped server is introduced by another server,
this generates snotes/logs as before.
Specifying need_ssl on auth{} denies the connection if
it is not SSL/TLS, much like need_ident or need_sasl.
Specifying need_ssl on operator{} refuses opering with
ERR_NOOPERHOST if the connection is not SSL/TLS.
from ircd-ratbox
Local-only server notices kept here because
hub_mask/leaf_mask tends to be specific to a (hub)
server. The same information is now available in
Netsplit notices.
These come from the name field which is empty for unknown
connections attempting to become a server.
Instead, put [@255.255.255.255] just like ratbox3 does.
Throttle replaces max_unknown_ip, reject is like before
(including the charybdis-specific unkline handling).
Both of these now apply before SSL negotiation.
This commit does not include the global_cidr and new dline code.
m_webirc is a bit nasty with throttling (unlike before
with max_unknown_ip), this may be fixed later (or
the webirc IP needs to be exempt{}ed).
These are unreliable in general and only useful
for violating certain restrictions.
Sending such messages to remote servers is still
possible, for securely messaging pseudoservers whether
service{}'ed or not. The special oper-only syntax
opers@server remains as well.