Commit graph

613 commits

Author SHA1 Message Date
Keith Buck
a91a4515c9 mr_server: Handle certificate validation errors.
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
2016-12-09 10:01:22 +00:00
Keith Buck
5fd7e2bb8c m_rehash: Require admin privileges for REHASH SSLD.
This change enforces admin privileges for the REHASH SSLD command, as
originally intended.
2016-12-04 22:03:34 +00:00
Simon Arlott
598a7d3b7e mr_server: Report certificate fingerprint mismatches
Log the received certificate fingerprint when it causes a server to be
rejected.
2016-12-04 21:49:59 +00:00
Simon Arlott
8d0153ff55 mr_server: Handle unknown error codes
As mr_server is a module, it could potentially receive an unknown
error code from check_server().
2016-12-04 21:45:16 +00:00
Simon Arlott
d4b074a771 ircd: support restarting ssld processes
Add REHASH SSLD (admins only) that starts new sslds and marks the
existing ones as inactive until all their clients disconnect.

Very useful whenever the SSL library has a vulnerability because
new connections can use a new version of the library without
disconnecting existing clients/servers.

Add STATS S (admins only) to list ssld processes, status, and client
count.
2016-12-04 21:24:56 +00:00
Aaron Jones
866026ab70
whois: check target is an oper before assuming they have a privset
The CHALLENGE functionality will set opername but not privset --
if an oper performs a WHOIS on someone currently half-way through
a challenge we will perform a NULL dereference.

Related to ircd-seven commit d7b05f7583babf6
2016-09-20 13:46:40 +00:00
Aaron Jones
818a3fda94
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
2016-09-03 17:28:41 +00:00
William Pitcock
bc2eeb0992
Do not shadow OpenSSL-internal symbol "ssl_ok".
This is a backport of commit bfc44622
2016-06-01 16:32:26 +00:00
Aaron Jones
01fdef77e6
starttls: Allow command usage with backends other than OpenSSL 2016-05-14 00:27:27 +00:00
William Pitcock
18244e32f3 more ssld ipc improvements from 3.6 2016-04-02 17:20:15 -05:00
William Pitcock
e3af723d23 m_cap: ensure that CAP parameters are properly initialized to zero 2016-02-28 19:08:03 -06:00
William Pitcock
5810d36e0a whois: privset disclosure: we do not need to check if source user is the same as target, because they will always be opered 2016-01-05 18:55:23 -06:00
William Pitcock
9e07c8f70b whois: add a hook allowing for ShowChannel() behaviour to be overridden for channel visibility 2016-01-05 18:45:07 -06:00
Aaron Jones
5499771f0e
Fix erroneous comment 2016-01-01 09:31:55 +00:00
Aaron Jones
0e06053c33
Fix erroneous use of wrong string concatenation function
Avoids warning:

  m_map.c:203:3: warning: implicit declaration of function ‘strlcat’
  [-Wimplicit-function-declaration]
2015-12-30 08:34:27 +00:00
Mantas Mikulėnas
2b17787939 m_starttls: reject "STARTTLS" use over an existing TLS connection 2015-12-30 09:28:53 +02:00
Jilles Tjoelker
f8d9a4c289 list: Remove a now obsolete comment. 2015-12-29 13:55:16 +01:00
William Pitcock
4d38dd60ed whois: bring permissions check in line with the same one in m_privs 2015-12-28 14:55:59 -06:00
Valentin Lorentz
d855e13e01 Remove trailing space in CAP ACK.
Fixes https://github.com/atheme/charybdis/issues/110
2015-12-28 10:57:17 +01:00
William Pitcock
e00552d5ce whois: cosmetic improvement to opered-as numeric 2015-12-28 01:38:13 -06:00
William Pitcock
72ad5c04fe whois: list active operator block and privset when appropriate 2015-12-28 01:33:09 -06:00
William Pitcock
c7b2fd3d66 MODE: allow 'q' banlist queries to bypass flood limits too 2015-12-28 00:48:46 -06:00
William Pitcock
0b904d91bf supported: move ISUPPORT tokens provided by modules to their specific modules:
- m_cmessage: CPRIVMSG/CNOTICE
- m_etrace: ETRACE
- m_knock: KNOCK
- m_services: FNC
- m_who: WHOX
2015-12-26 22:41:09 -06:00
William Pitcock
d513218a9e LIST: allow channel display threshold to be configured (closes #109) 2015-12-26 22:23:28 -06:00
Jilles Tjoelker
e124e4b64c starttls: Update for client fd hash removal. 2015-12-24 23:01:37 +01:00
Jilles Tjoelker
2d28539c68 Reduce clean_nick() code duplication further.
Side effect: hurt and monitor now allow nicks starting with a digit.
2015-12-13 00:22:21 +01:00
William Pitcock
e1fda0d81e map: make flatten_links dump a flattened map instead of blocking it (closes #48)
based on my patches in shadowircd legacy (4.0)
2015-12-12 09:24:37 -06:00
William Pitcock
413c61aaf5 monitor: ensure monitored nicknames are valid (ref. elemental-ircd/elemental-ircd#187) 2015-12-12 08:42:03 -06:00
William Pitcock
72dee03d50 clean up some code duplication when checking nicks for validity 2015-12-12 08:41:09 -06:00
William Pitcock
63eb8567cb implement configurable channel modes (closes #31)
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time.  This is more efficient, and allows us
to report errors as part of the configuration phase.
2015-12-11 15:36:53 -06:00
William Pitcock
427a8d5dbb WHOIS: use cipher string if available 2015-12-11 08:20:11 -06:00
William Pitcock
202d496644 override: only engage override code if we're needing to authorize a WRITE to a channel's state (closes #65) 2015-12-10 01:00:32 -06:00
William Pitcock
a7433e330a m_message: use same behaviour for +R users as +g users (closes #96) 2015-12-05 06:48:38 -06:00
William Pitcock
4a5330bb4d cap: implement ircv3.2 chghost cap 2015-11-19 22:53:55 -06:00
William Pitcock
583f064fef send: add negation argument to sendto_common_channels_local() and friends 2015-11-19 22:43:45 -06:00
William Pitcock
e77879b0f6 modules/m_resv: update comments since parv[0] is not used anymore 2015-11-19 17:12:07 -06:00
Jilles Tjoelker
439bf4db58 monitor: Show 005 entry only if m_monitor.so is actually loaded.
This only affects the MONITOR=<max> entry, not TARGMAX=...,MONITOR:
which is harder to modify from a module.
2015-11-15 22:57:23 +01:00
Andrew Wilcox
5f8fb56d02 Revert "remove MONITOR for now pending a complete rewrite"
This reverts commit 87fa262fec.
2015-10-15 17:31:55 -05:00
William Pitcock
87fa262fec remove MONITOR for now pending a complete rewrite 2015-10-15 09:39:48 -05:00
William Pitcock
7485e86073 monitor: additional cleanups, and add a missing free_monitor() in m_monitor 2015-10-11 19:11:01 -05:00
Jilles Tjoelker
2125182293 Remove the unneeded username parameter to register_local_user(). 2015-09-13 22:59:03 +02:00
Elizabeth Myers
34c10ca8b7 Relocate report_Klines to proper home
This function is not used anywhere else but m_stats, so should be put
there.
2015-08-08 17:25:29 -05:00
Jail Bird
29c92cf95f Spring cleaning redux:
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls

Thanks Jilles!
2015-04-20 00:55:20 -05:00
Aaron Jones
cf3b152547 INFO: Be easier on human eyes 2015-03-26 14:47:36 -05:00
Aaron Jones
c9b5cd623b Remove network_desc configuration option, never actually used anywhere 2015-03-26 14:46:54 -05:00
William Pitcock
7dade6a811 cap: missed a spot on =sticky caps removal 2015-03-22 21:08:05 -05:00
William Pitcock
aaaf9faf1d cap: sasl is now enforced as sticky again 2015-03-10 08:21:46 -05:00
William Pitcock
eafae32681 cap: chase ircv3.2 interpretation of sticky/ack-required caps (basically dropping support other than serverside enforcement of stickyness)
change request @ ircv3/ircv3-specifications#122
2015-03-10 08:21:10 -05:00
Mantas Mikulėnas
6fb9f21449 sasl: reformat the other messages consistently 2015-03-06 17:19:16 +02:00
Mantas Mikulėnas
1cae2411d7 sasl: adjust 'H' message following commit 7d33cce8ef 2015-03-06 17:18:54 +02:00