Commit graph

761 commits

Author SHA1 Message Date
Max Teufel
bbce62d2aa m_cap: do not allow sasl CAP when the agent is offline 2015-03-01 03:30:19 -06:00
William Pitcock
125652041b cap-notify: implement cap-notify for sasl service (closes #84) 2015-03-01 00:58:40 -06:00
William Pitcock
13de708352 cap-notify: add cap-notify cap 2015-03-01 00:26:23 -06:00
William Pitcock
8f05076d50 sasl: making the sasl capability actually sticky seems incompatible with broken implementations, so we make it just a formality instead. 2015-03-01 00:22:50 -06:00
William Pitcock
c23902ae00 sasl: fix null deref on remote client exit 2015-03-01 00:01:24 -06:00
William Pitcock
8bb9594bf3 sasl: ircv3 wg decided sasl capability should be sticky (ref ircv3/ircv3-specifications#103) 2015-02-28 01:12:25 -06:00
Max Teufel
1b54aa5c3b src/channel: add support for IRCv3.2 userhost-in-names 2015-02-28 01:06:38 -06:00
William Pitcock
6e3d57dc6b cap: remove SASL_REAUTH capability 2015-02-28 01:01:08 -06:00
William Pitcock
51535fcbce sasl: allow reauth without sasl-reauth capability (since it's being dropped) 2015-02-28 00:48:43 -06:00
William Pitcock
dd28e3f2a4 Merge pull request #82 from grawity/sasl-send-conn-info
m_sasl: send information about the client connection
2015-02-18 12:29:57 -06:00
William Pitcock
95cce5f358 Revert "m_invite: add support for CAP invite-notify"
This reverts commit 93eb76cc32.
2015-02-16 17:50:51 -06:00
Max Teufel
93eb76cc32 m_invite: add support for CAP invite-notify
Specification:
<https://github.com/ircv3/ircv3-specifications/blob/master/extensions/invite-notify-3.2.md>
2015-02-16 15:40:34 -06:00
William Pitcock
c6bc97fdcd m_sasl: move some struct members around for sasl-reauth 2015-02-16 15:39:36 -06:00
William Pitcock
3a48406b55 cap: fix compile 2015-02-15 17:40:20 -06:00
William Pitcock
ef3ab8e3a5 cap: allow clients to do sasl reauth if they requested sasl and sasl-reauth (ref ircv3/ircv3#103). 2015-02-15 17:11:28 -06:00
William Pitcock
0044d40050 cap: add notion of required dependency caps 2015-02-15 17:11:28 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Jilles Tjoelker
f51b72de97 Ignore duplicate USER and PASS.
If SASL starts using USER/PASS for unregistered clients, this change stops
users from using one USER/PASS for SASL while using another for connecting.
2015-02-13 23:07:02 +01:00
Mantas Mikulėnas
a3fa9d81a2 m_sasl: send information about the client connection 2015-02-13 22:38:24 +02:00
William Pitcock
bc75c3ae0e fix target list generation edge case where WALLCHOPS was requested alongside normal users if the source user was not a channel op.
from ircd-hybrid r5457
2015-02-09 11:16:06 -06:00
Attila Molnar
407094721c SJOIN: Remove some dead code 2015-01-30 14:42:08 +01:00
Jilles Tjoelker
2a17ae5483 ban: Fix build breakage.
A normal 'make' did not rebuild m_ban.c even though dependencies had
changed.
2014-09-21 18:28:24 +02:00
Jilles Tjoelker
dc336d1a63 server: Remove two dead stores. 2014-09-21 15:16:56 +02:00
Jilles Tjoelker
483987a464 Explicitly pass the current time to deactivate_conf().
Some places depend on the ban not being destroyed.
2014-09-21 15:02:43 +02:00
Keith Buck
8db50c03e6 BAN: Don't schedule check_klines for 0 seconds in the future.
When receiving bans from a bursting server, if kline_delay is set to 0
(the default), rb_event_addonce will be called to schedule an event for
0 seconds in the future. While this works fine for the fallback
rb_event_run function, the epoll implementation ends up scheduling a
timerfd for the event in the past, which is then never executed.

While fixing this, I also made rb_event_add and rb_event_addonce reject
attempts to add events scheduled for 0 seconds in the future; they're
instead rewritten to run 1 second in the future.
2014-08-17 09:06:01 +00:00
Jilles Tjoelker
b733b9faf4 SJOIN: Fix crash when both mode parameter and UID list are missing.
Closes #63
2014-08-15 17:10:24 +02:00
Mantas Mikulėnas
c72f15bcf5 m_version: remove spaces from version string
"to make it machine parseable again", as in ircd-seven commit 03b2176b88a1.
2014-05-06 16:28:23 +03:00
Mantas Mikulėnas
0f4ed4058d m_version: display charybdis version in /version
Otherwise it just crashes when /version is used.

Closes: #60
2014-05-06 16:27:03 +03:00
Jilles Tjoelker
bf77c3a1ef info: Change N-line to connect block. 2014-04-27 15:33:09 +02:00
Jilles Tjoelker
0455e7a927 Remove snotes on +r about GET/PUT/POST commands.
The server notice "HTTP Proxy disconnected: [<user>@<host>]" is
confusing and not particularly useful.
2014-03-04 23:02:40 +01:00
Keith Buck
55abcbb20a Remove trailing whitespace from all .c and .h files.
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
Keith Buck
00533129dc s_conf: Don't leak log file paths when loading default conf
This change prevents the log file paths from being leaked when
rehashing. Additionally, fname_killlog was added to two places where it
was previously forgotten.
2014-03-03 04:12:07 +00:00
Jilles Tjoelker
fea6157df0 Avoid possible null dereference. 2014-03-03 00:02:10 +01:00
Jilles Tjoelker
299e25a630 SIGNON: Do not send uninitialized data if login name starts with '*'. 2014-02-28 15:48:07 +01:00
Jilles Tjoelker
f76ca17848 stats c: Simplify construction of flags string.
Perhaps this avoids false positives in static analysis.
2014-02-24 00:10:42 +01:00
Jilles Tjoelker
77910830e3 Fix various printf arg types. 2014-02-23 23:01:59 +01:00
Jilles Tjoelker
29c451d0ce part: Fix constness issue with part hook. 2014-02-23 23:01:59 +01:00
Jilles Tjoelker
8a4b837775 m_services: Make sure to return a value from the modinit function. 2014-02-22 17:45:42 +01:00
Mantas Mikulėnas
dbd8ca2bf6 sasl: send RPL_SASLMECHS 2014-01-12 00:29:32 +02:00
Keith Buck
b647efa045 Fix parameter counts for me_dline and me_undline. 2013-09-23 09:34:30 +00:00
Jilles Tjoelker
364e59f82a whowas: Use the normal rules for IP visibility.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().

Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
2013-09-14 12:26:32 +02:00
Jilles Tjoelker
7a9a9000b7 Enable remote WHOWAS queries.
On ircd-seven, this will allow remote opers to see certain hidden IPs.
2013-09-13 22:29:26 +02:00
Keith Buck
77d3d2dbaf Remove s_assert definition from ircd_defs.h and add it to its own header.
s_assert requires some higher-level functionality that shouldn't be
present in ircd_defs.h. ircd_defs.h is used by ssld, which has no notion
of logging or sending IRC messages. Additionally, some of the headers
s_assert depends on result in conflicting definitions in ssld.c.

This change also fixes the compile when using --enable-assert=soft.
2013-09-10 06:10:14 +00:00
Jilles Tjoelker
35bfe0e644 join: Fix messages about join failures such as banned.
This was broken by 6f7b36d5d0 in February
2013, as join failures are the only situation where a non-trivial
numeric is passed through from other code to be sent to a client. Fix it
by porting more code from ircd-ratbox 3.1.
2013-07-07 23:50:20 +02:00
Jilles Tjoelker
b2c208be09 m_info: Correct description of general::client_exit like in example confs.
Reported by:	jackal
2013-06-16 11:35:04 +02:00
Jilles Tjoelker
373a04393b kill: Improve comment about kill hook. 2013-04-27 16:55:45 +02:00
Elizabeth Myers
9d745dbd21 Implement kill-cancelling hook.
With this comes an example module to block the killing of services.

NOTE: this will not cancel remote kills. Those are still accepted, per
the TS 6 specification.
2013-04-20 01:07:55 -05:00
Alex Iadicicco
fda96b89dc m_nick: Reject nicks with '~' in them, rather than cutting at the '~'
The behavior of cutting at the first '~' is confusing at first, and
looks too much like a bug.
2013-04-17 17:27:27 -07:00
Jilles Tjoelker
90e3d1b7e1 Update .depend files. 2013-03-23 23:32:46 +01:00
Jilles Tjoelker
ce782b68fe Don't send ERR_NICKCOLLISION to a user that will not be killed. 2013-03-23 22:57:28 +01:00
William Pitcock
6f7b36d5d0 Mostly enable support for checking format strings with -Wformat.
Basically derived from Ratbox 3.1.
2013-02-21 05:46:04 -06:00
Jilles Tjoelker
2ebef8d925 whois: Fix UID leak.
The second parameter of WHOIS is always a nick.
2013-02-14 23:45:22 +01:00
Jilles Tjoelker
e0c7937a9f UID/EUID: Add server's SID to invalid UID error message. 2013-02-03 20:31:52 +01:00
Jilles Tjoelker
561d7efc44 UID/EUID: Check that the UID starts with the server's SID.
If not, the local link that sent the command is broken, as with
syntactically invalid UIDs.
2013-02-03 19:38:46 +01:00
Jilles Tjoelker
9cbf72447c stats l: Don't care about away status. 2013-02-03 19:33:31 +01:00
Jilles Tjoelker
e69375f3ac Cope with rb_crypt() returning NULL. 2013-02-02 00:54:32 +01:00
Jilles Tjoelker
df2516e6d8 whowas: Abort listing if 90% of sendq is in use. 2013-02-02 00:50:03 +01:00
Jilles Tjoelker
b6e02c25b5 starttls: Don't send ERR_STARTTLS after successful STARTTLS. 2013-01-05 15:09:17 +01:00
Jilles Tjoelker
fce4df5473 server: Show the missing CAPABs when rejecting a server. 2013-01-02 21:00:18 +01:00
Jilles Tjoelker
22b24f637d server: Move required CAPAB check after authentication and add snote and log. 2013-01-02 20:07:28 +01:00
William Pitcock
ac0707aa61 m_capab: fix a possible remote crash triggered by the CAPAB parsing code. 2012-12-31 13:13:05 -06:00
Jilles Tjoelker
71eb2bb99b server: Fix required capabilities check if there is more than one capability. 2012-12-18 16:37:21 +01:00
Jilles Tjoelker
8ff07125c3 starttls: Explicitly reject starttls if TLS is not configured or not compiled in. 2012-11-03 15:50:43 +01:00
Jilles Tjoelker
c1cddb36c0 starttls: Don't corrupt the FD hash.
Altering localClient->F without updating the FD hash leaves the struct
Client in the FD hash indefinitely which causes a crash later if the
struct is reused for a remote client. It also prevents error messages
from ssld showing up on IRC properly.
2012-11-03 00:49:10 +01:00
William Pitcock
c4e81ae9e9 m_starttls: handle error condition with ERR_STARTTLS (691) numeric per tls-3.2 specification 2012-09-22 19:31:55 -05:00
William Pitcock
21f715a9a3 m_starttls: new module implementing ircv3 tls-3.1 optional extension 2012-09-22 16:30:01 -05:00
William Pitcock
538d4d6188 m_cap: add 'tls' core capability 2012-09-22 14:15:45 -05:00
William Pitcock
4727c0f586 m_stats: apply same logic to anonymous /stats l as /stats p 2012-09-18 20:01:53 -05:00
William Pitcock
e82bda18a5 m_stats: add optional constraint checking function pointer to stats_l_list(). 2012-09-18 19:55:49 -05:00
Jilles Tjoelker
e4ce3b5409 stats R: Make the CPU time display less ugly. 2012-06-04 00:49:59 +02:00
Keith Buck
c46a4ecd97 Move marking of services entirely to m_services.c; mark all services when m_services loads and unmark them when it unloads. 2012-05-21 21:03:56 +00:00
Keith Buck
ec57fe6779 Complain to opers if a server that isn't a service tries to SU/RSFNC/NICKDELAY/SVSLOGIN. 2012-05-21 17:27:02 +00:00
Jilles Tjoelker
69e7a2cdc3 list: Strip colours from channel topics.
This allows in-channel use of coloured topics (or via /topic out of
channel) but leaves channel listings clean.
2012-04-29 00:44:33 +02:00
Keith Buck
62cf5b4036 Call the privmsg_channel hook for part messages too. 2012-04-07 03:03:07 +00:00
Keith Buck
880db619be m_message: Remove some unused variables. 2012-04-03 21:51:09 +00:00
William Pitcock
b8c16fdaba if 0 some things out 2012-04-01 00:09:18 -05:00
William Pitcock
f30a5ee4c4 Remove MODE_NOCTCP from core, in favor of chm_noctcp. 2012-03-31 22:48:36 -05:00
William Pitcock
67aeaba593 Remove MODE_NOCOLOR from core, replacing it with modules/chm_nocolour.so. 2012-03-31 22:26:45 -05:00
William Pitcock
6eb033605c Check for empty string after permutation hooks have run. 2012-03-31 22:18:15 -05:00
William Pitcock
ca4c2a86ee Add support for hookifying PRIVMSG/NOTICE.
This will allow us to modularize message processing, e.g. having new modules to manipulate
channel and private messages in new ways.

Yes: it can be used to intercept messages, but such modules are already out in the wild for
charybdis anyway -- so this doesn't really change anything there.

If you are changing the text, then it is your responsibility to provide a pointer to a new
buffer.  This buffer should be statically allocated and stored in your module's BSS segment.
We will not, and cannot, free your buffer in core, so dynamically allocated buffers will
cause a memory leak.

This will allow us to simplify m_message considerably, by moving channel mode logic out to
their own modules.
2012-03-31 21:23:01 -05:00
Keith Buck
bb73e588bc tginfo/certfp ENCAP: Specify the minimum number of parameters instead of checking parc. 2012-03-25 17:04:21 +00:00
Keith Buck
9120d0efb0 m_away: Add missing return value. 2012-03-25 02:47:39 +00:00
Keith Buck
2d537cae88 Remove unused variable cruft. 2012-03-25 02:37:41 +00:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00
Keith Buck
bc4dea6937 target change: Propagate restricted addresses. 2012-03-18 01:18:57 +00:00
Jilles Tjoelker
494d2b9dd4 Apply special CTCP handling to messages to @/+ channel as well:
* +C cmode blocks CTCPs
 * CTCPs to large channels relax some flood protection to allow all
   answers through.
2012-03-14 23:20:05 +01:00
Jilles Tjoelker
60dd1febe2 Apply colour stripping (cmode +c) to messages to @/+ channel as well. 2012-03-14 23:04:30 +01:00
Jilles Tjoelker
d1316b193b Keep forward channels in sync after a netjoin.
Arbitrarily prefer a forward channel to no forward channel and an
alphabetically higher forward channel to a lower one.

This is a simplistic implementation that generates one MODE message to
local clients for each ban removed (to be replaced).

For simplicity and to avoid amplification of incoming MODE messages,
regular modes may still desync the forward channel of a ban.
2012-03-03 23:45:52 +01:00
Nathan Phillip Brink
80e49b4ca8 Run make depend. 2012-03-01 03:51:33 +00:00
Nathan Phillip Brink
c74836dc4a Add explicit support for being installed into a system triggered with --enable-fhs-paths.
Add two mechanism for avoiding name-collisions in a system-wide
installation of charybdis. The ssld and bandb daemons, intended to be
directly used by ircd and not the user, install into libexec when
--enable-fhs-paths is set. For binaries which are meant to be in PATH
(bindir), such as ircd and viconf, there is now an option
--with-program-prefix=progprefix inspired by automake. If the user
specifies --with-program-prefix=charybdis, the ircd binary is named
charybdisircd when installed.

Add support for saving the pidfile to a rundir and storing the ban
database in localstatedir instead of in sysconfdir. This is, again,
conditional on --enable-fhs-paths.

Fix(?) genssl.sh to always write created SSL key/certificate/dh
parameters to the sysconfdir specified during ./configure. The
previous behavior was to assume that the user ran genssl.sh after
ensuring that his current working directory was either sysconfdir or a
sibling directory of sysconfdir.
2012-03-01 02:41:09 +00:00
Nathan Phillip Brink
d54e352b45 During installation, don't unconditionally create an empty `modules-old' directory. 2012-02-28 06:40:18 +00:00
Nathan Phillip Brink
f02e3a2628 Use LDFLAGS when compiling extensions or modules. 2012-02-28 04:36:00 +00:00
William Pitcock
dc0fd46236 Ensure AWAY pacing only affects local clients. 2012-02-21 21:09:33 -06:00
Jilles Tjoelker
725403fd7f Don't end the flood grace period with the first AWAY.
This allows clients to restore an away message early in the connection
process without breaking flood grace.
2012-02-18 16:35:31 +01:00
Jilles Tjoelker
d42e6915cf Pace aways.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).

Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
2012-02-18 16:32:57 +01:00
Keith Buck
7e132ff005 ratelimit: Add rate-limiting to MOTD, WHO, and remote WHOIS. 2012-02-18 03:56:47 +00:00
Keith Buck
e88a1f1b15 Add ratelimit for high-bandwidth commands. 2012-02-18 03:54:44 +00:00
Jilles Tjoelker
c25a890796 Remove some TS5 code from ms_bmask().
ms_bmask() used to send MODE messages to TS5 servers, but
TS5 support was removed long ago.
2012-02-17 00:36:12 +01:00
Jilles Tjoelker
23f6b63af6 Send forward channel when bans are added/removed because of TS/bursts.
If a netburst adds bans or a channel TS change removes bans, +b/-b modes
are generated. Make sure these contain the forward channel, if any.

This appears also broken in ircd-seven.
2012-02-17 00:09:39 +01:00
Jilles Tjoelker
65b8d06c71 Do not send unchanged away messages to other users via away-notify. 2012-02-14 23:14:42 +01:00
Keith Buck
c5bbc60375 Add away-notify client capability. 2012-02-14 14:15:44 +00:00
Jilles Tjoelker
e5520caf0a Allow opers to do /stats C.
In particular, this allows remote /stats C.
2012-02-11 23:17:04 +01:00
Jilles Tjoelker
ed11b18f0f Allow normal users to do PRIVS on themselves.
This basically shows a subset of the information shown by the notices
on connect like "*** You are exempt from K/X lines".
2012-02-06 23:15:03 +01:00
William Pitcock
ac37f16a3d m_stats: iterate capability indexes on /stats C 2012-02-04 21:33:54 -06:00
William Pitcock
806402515b m_server: make sure required_caps is non-zero. 2012-02-04 04:39:39 -06:00
William Pitcock
79d488b283 m_server: reenable required cap negotiation 2012-02-04 02:03:52 -06:00
William Pitcock
346fba9252 Migrate capability negotiation code to new dynamic capability management API.
This needs a lot of testing, obviously.
2012-02-04 01:47:46 -06:00
Jilles Tjoelker
97532cfafb Fix assertion failure when failing to join a channel and there is no forward.
This was harmless apart from the message.
2012-01-08 16:41:26 +01:00
Jilles Tjoelker
d9af501aa8 Fix a warning about const with forward channels. 2012-01-08 16:23:18 +01:00
Jilles Tjoelker
ae52fe0ff7 Show underlying IPv4 in a remote whois. 2012-01-08 15:51:48 +01:00
Keith Buck
9319a2e206 Remove double-quote restriction on dline, kline, resv, and xline reasons; remove colon restriction on xline reasons. 2011-12-30 17:29:58 +00:00
William Pitcock
b583faf970 Add support for customizing the usable nick length.
This adds a new ISUPPORT token, NICKLEN_USABLE which is strictly an informative value.
NICKLEN is always the maximum runtime NICKLEN supported by the IRCd, as other servers may
have their own usable NICKLEN settings.  As NICKLEN_USABLE is strictly informative, and
NICKLEN is always the maximum possible NICKLEN, any clients which depend on NICKLEN for
memory preallocation will be unaffected by runtime changes to NICKLEN_USABLE.

The default NICKLEN is 50; the default serverinfo::nicklen in the config file is set to
30, which is the NICKLEN presently used on StaticBox.
2011-11-29 16:10:21 -06:00
William Pitcock
e2606551a2 Fix potential buffer-overflow from malformed RSFNC request. 2011-11-29 15:50:54 -06:00
Jilles Tjoelker
0cce01d388 Fix -Wformat errors found in ircd-ratbox.
We cannot use -Wformat meaningfully but ircd-ratbox trunk can.
2011-11-13 00:22:09 +01:00
Jilles Tjoelker
a75bf40dad Fix weirdness with client_flood_burst_rate and client_flood_burst_max.
They are now in messages, even if client_flood_message_time is not 1.

If client_flood_message_time is not 1 (by default it is), this needs a
configuration change to maintain the same behaviour.
2011-10-04 00:57:49 +02:00
Jilles Tjoelker
d182b85454 Minor cleanup to command throttling code:
* Deduce allow_read from the client's state (IsFloodDone) rather than
   storing it in LocalUser.
 * Fix the documentation (in oper /info), however strange
   client_flood_burst_rate and client_flood_burst_max may seem, that is
   how they currently work.
2011-10-04 00:46:00 +02:00
Jilles Tjoelker
6a85e665db If use_forward=no, ignore any forwarding for joins by local users. 2011-09-25 17:26:01 +02:00
Jilles Tjoelker
2da6f6ebd7 Put back use_forward. 2011-09-25 16:22:29 +02:00
Keith Buck
2220472610 m_resv.c: replace erroneous UNXLINE cluster calls with UNRESV. 2011-08-18 03:48:40 +00:00
Elizabeth Jennifer Myers
765d839d3c Port ircd-seven banfowards to charybdis.
nenolod gave the thumbs-up to port ircd-seven banfowards to charybdis to spb
for a while, and people have asked about it. Might as well do it since it's a
slow weekend.

Note that as a side effect use_forward is removed from the config and
unconditionally enabled!
2011-08-12 20:33:10 -04:00
Elizabeth Jennifer Myers
7eec45bc9d Back out chanroles.
While what chanroles are trying to accomplish is a good idea, it is
apparently unclear this is the proper way to do it. Until we figure out
the exact way we wish to do this, it should be reverted for now.
2011-07-07 21:24:14 -04:00
Elizabeth Jennifer Myers
e1ee78ae30 Partially revert e794d39a80.
As jilles pointed out, it is best that the chanserv access list always
remain synced with the grant list. Thus, the ability for clients to set
this is not a good idea unless services knows about the grant, but this
leads to all sorts of messy issues and likely isn't worth it.
2011-07-06 18:14:57 -04:00
Elizabeth Jennifer Myers
e794d39a80 Add client interface for GRANT.
TODO: implement notifications of grant privilege changes to the target.
2011-07-06 17:25:26 -04:00
William Pitcock
460b6d9fb2 chanroles: ENCAP GRANT should work under the assumption that we want to zero out
this makes setting new roles on a user much easier as we're just setting the roles they
should be having, instead of having to try to revoke roles we don't necessarily know
about.
2011-07-06 15:04:45 -05:00
Elizabeth Jennifer Myers
8aabb973c0 Implement chanroles, as discussed with nenolod.
The theory behind this is that services sends an ENCAP * GRANT #channel
UID :+flagspec message specifying the chanroles the user has. They are
mapped into flag bits and applied to the membership of the user. They
then are restricted or permitted to what they can do based on the
permissions mask regardless of rank.

For backwards compatibility, the default permission bit (without a GRANT
statement) allows a user to to anything an existing op can do ONLY if
they are an op.

Todo: make CHANROLE_STATUS work (the ability to apply +ov to people),
which is at the moment controlled by CHANROLE_MODE.
2011-07-06 13:46:22 -04:00
William Pitcock
0351022738 RSFNC: allow RSFNC against a target which just changes the capitalization of the nickname
this is useful for gently changing a nickname from ReTARDeDNICk to Retardednick, see
ns_cleannick in atheme git.
2011-07-02 19:53:21 -05:00
Jilles Tjoelker
45ed883584 rsfnc/svslogin: Add server notices for kills.
When we broadcast a KILL message, this generates server notices on all
other servers (assuming the target user exists). Therefore, we should
also send a notice to our local opers.
2011-06-25 15:56:22 +02:00
Jilles Tjoelker
2b843a5bdd dline,kline: Avoid breaking the protocol with bad bans. 2011-06-25 11:34:34 +02:00
Jilles Tjoelker
b5d9427a78 invite: Remove useless IsChannelName check. 2011-06-25 11:34:16 +02:00
Jilles Tjoelker
0941f28e7d knock,topic: Remove useless IsChannelName checks.
If !IsChannelName(name), then certainly find_channel(name) == NULL.
2011-06-25 11:17:37 +02:00
Jilles Tjoelker
a4eeda898e operspy list: Show '!' prefix for otherwise hidden channels rather than +s ones.
This is consistent with operspy whois.
2011-05-24 00:30:45 +02:00
Keith Buck
bf0a45920d modules/m_list.c: Change operspy LIST syntax to match everything else that accepts operspy. 2011-05-22 20:30:49 -07:00
William Pitcock
f5493691ed branding: if CUSTOM_BRANDING is defined, display charybdis version in /info
(based on ircd-seven rebrand patch)
2011-05-08 09:06:19 -05:00
Jilles Tjoelker
a1574df4a2 Allow kick_on_split_riding to protect channels with mlocked keys.
Do kick_on_split_riding if services sends an SJOIN
with a lower TS and a different key. This relies on
services restoring TS (changets option in atheme) and
services not immediately parting after receiving the
KICK, which is the case in recent atheme.

For invite-only channels, still only do
kick_on_split_riding in netbursts. Services is
assumed to handle this itself (atheme does).
2011-04-06 19:05:08 +02:00
Jilles Tjoelker
572488e029 If the sasl mechanism is EXTERNAL, send the certfp in the initial S message. 2011-04-04 00:59:20 +02:00
Jilles Tjoelker
f62f94b094 Back out AUTHENTICATE EXTERNAL so I can do it differently.
The current approach is fundamentally broken as it allows
anyone in that knows the certfp and uses an old ircd as
their server.
2011-04-04 00:44:07 +02:00
Jilles Tjoelker
1b19fe8b5e Revert "sasl: remove checks for impossible conditions".
This check is not impossible and can be triggered by
sending a PASS command like a server would send first.

This backs out changeset 8cba4464feec.
2011-03-31 23:26:26 +02:00
William Pitcock
27126f911d sasl: first attempt at ircv3.1 AUTHENTICATE EXTERNAL support 2011-03-31 00:35:58 -05:00
William Pitcock
d8c45202e3 sasl: remove checks for impossible conditions 2011-03-31 00:18:32 -05:00
Stephen Bennett
e6e54763d9 Make flood control settings configurable by those who know exactly what they're doing.
From ircd-seven git changeset 29aa4203150337925a4f5c6e7da47be5394c2125 .
2011-03-27 16:35:26 -04:00
Elizabeth Jennifer Myers
6493f05d8c m_challenge: fix use of undefined behaviour.
GCC does what we expect, but other compilers could do just about anything.
2011-02-22 12:00:45 -05:00
Jilles Tjoelker
2fb0796158 hunt_server: Disallow wildcarded nicknames.
Any hunted parameter with wildcards is now assumed
to be a server, never a user.

Reasons:
* fewer match() calls
* do not disclose existing nicknames
* more intuitive behaviour for CONNECT

m_trace has a copy of some hunt_server logic in it
(for the RPL_TRACELINK reply), so adjust that too.
2011-01-08 17:47:05 +01:00
Keith Buck
4c3f066ab8 Move list-related isupport items to the list module itself. 2011-01-06 00:40:08 -08:00
Keith Buck
096570b9f8 Add topic TS and channel TS constraints for /LIST. 2011-01-05 21:15:36 -08:00
Keith Buck
bb55ebebe9 Implement operspy for /LIST. 2011-01-05 18:57:27 -08:00
Keith Buck
9ad393f677 Fix multiple RPL_LISTEND replies when aborting a /LIST. 2011-01-02 00:43:11 -08:00
Jilles Tjoelker
1987b5da5b Fix topic changes after 6af636dce2e6. 2010-12-27 17:31:11 +01:00
Stephen Bennett
341f971efa Bring across disable_local_channels config option from ircd-seven 2010-12-21 20:38:04 +00:00
William Pitcock
261e2f9399 Accountname should not be prefixed with a colon to allow future expansion. 2010-12-16 00:32:48 -06:00
William Pitcock
92052a5c24 Add extended-join client capability.
The extended-join client capability extends the JOIN message with information clients typically
query using WHO including accountname, signon TS and realname.
2010-12-16 00:24:54 -06:00
William Pitcock
805cfa5ab2 Use send_channel_join(). 2010-12-16 00:13:42 -06:00
William Pitcock
7a7f86d344 Rough implementation of the new account-notify client capability.
This replaces identify-msg in ircd-seven.
2010-12-15 23:04:57 -06:00
William Pitcock
7a948bdaa7 Add capability parameter to sendto_common_channels_local() and sendto_common_channels_local_butone(). 2010-12-15 22:55:05 -06:00
William Pitcock
cddbab51bb Send ERR_TOOMANYCHANNELS for each channel join that fails due to channel limits.
The reason why we do this is because some clients are dependent on receiving a numeric
for every channel join failure, even due to this limit where it can be assumed that
subsequent joins failed.
2010-12-14 02:24:23 -06:00
William Pitcock
ff0cc1e616 Add support for linking using SSL certificate fingerprints as the link credential rather than the traditional server-password pair. 2010-12-13 23:14:00 -06:00
B.Greenham
15484f02bd Move flood_attack_channel to channel.c so it can be used outside m_message.c 2010-12-09 18:29:56 -05:00
William Pitcock
0343b3c563 Use get_channel_access() for KICK/TOPIC. 2010-12-07 00:14:42 -06:00
William Pitcock
6ca4dec95a Extend hook_data_channel_activity moduledata with membership struct. 2010-12-06 22:57:04 -06:00
William Pitcock
1f679bfe7b Filter bogus CTCP ACTION messages. 2010-11-05 01:16:03 -05:00
Jilles Tjoelker
01b7a527a3 Show the services login name in WHOWAS.
The numeric is the same (330) as used in WHOIS.

This takes at most half a megabyte of memory (large network, 30 char nicks).
2010-08-29 22:30:54 +02:00
Jilles Tjoelker
5b383ce060 Move RPL_WHOISLOGGEDIN to sendto_one_numeric(). 2010-08-29 22:29:17 +02:00
Jilles Tjoelker
02e655aeac Provide an error message when a user does /quote ban. 2010-08-29 15:16:47 +02:00
Jilles Tjoelker
717238d2a2 Add target change for channels.
This has a separate enabling option channel::channel_target_change.

It applies to PRIVMSG, NOTICE and TOPIC by unvoiced unopped non-opers.

The same slots are used for channels and users.
2010-08-29 01:26:00 +02:00
Jilles Tjoelker
dd9b78dc92 Remove redundant MyClient check, it is already checked above. 2010-08-24 22:46:57 +02:00
Stephen Bennett
51269a8737 Merge backout of 8939a7e03d15 2010-08-24 21:31:55 +01:00
Stephen Bennett
0f1ab797e4 Backed out changeset 8939a7e03d15
The code behind this capability was never implemented, and subsequent
discussions have agreed to approach the problem differently. There seems no
reason to continue advertising a capability that does nothing.
2010-08-24 21:30:56 +01:00
William Pitcock
6fb6bd15ae Enforce TS rules on MLOCKs. 2010-08-23 20:22:59 -05:00
Jilles Tjoelker
f5455d2cd5 Tweak auto-accept:
* does not apply to NOTICE (as those may well be automated)
* mirrors +g behaviour so that no useless accept entries are added for services
* respects max_accept, if it would be exceeded the message is dropped with numeric 494
* check moved up so this is checked before floodcount/tgchange
2010-07-04 17:14:56 +02:00
William Pitcock
0770c9936e Stop griefing through taunting while hiding behind CALLERID.
This shouldn't provide any way for a client to get on a CALLERID list
without authorization, as if a client is +g already, a CTCP request, for
example, won't be replied to.
2010-07-03 00:44:55 -05:00
Jilles Tjoelker
76a2bba920 Propagate changed away messages to other servers,
even if the away status did not change.
2010-06-10 22:16:07 +02:00
Elly
15aa08eecb Fix memory leaks in PASS command, both in normal and repeated use. 2010-06-01 13:11:47 -04:00
Stephen Bennett
ca656bf815 Fix compiler warning 2010-05-02 21:25:58 +01:00
Stephen Bennett
6b8db2daf2 Allow the final parameter of MLOCK to be empty, to remove an existing mlock 2010-05-02 20:42:46 +01:00
Stephen Bennett
1916ed52f8 Branch merge 2010-04-30 22:03:42 +01:00
Stephen Bennett
78e6b731e4 Rework ircd-side MLOCK enforcement: instead of trying to track modes locked on or off, instead keep a simple list of mode letters that are locked, and reject any change to those modes. 2010-04-30 22:01:21 +01:00
Jilles Tjoelker
a0ce140ed6 Improve technical documentation of BAN protocol. 2010-04-29 00:26:49 +02:00
Jilles Tjoelker
406478d224 Do not allow a topic change if a user may not send to the channel
(resv, cmode +m, cmode +b, cmode +q, etc.).

This is only checked for local users.

For optimal compatibility, a failure for this reason still
returns ERR_CHANOPRIVSNEEDED.

Side effect: normal users cannot change topics of resv'ed
channels, even if they have ops, just like they already
cannot send messages. This only matters if resv_forcepart
is disabled, as the user would have been removed from the
channel otherwise.
2010-04-15 00:46:33 +02:00
William Pitcock
bd44fc7b09 Automated merge with ssh://hg.atheme.org//hg/charybdis 2010-04-06 17:14:51 -05:00
William Pitcock
c239b97f68 Hook up source-account-hostmask client protocol extension. 2010-04-06 17:14:44 -05:00
JD Horelick
944b0584ea Change config option for ident_timeout to default_ident_timeout as jilles
recommended.
2010-04-05 16:29:11 -04:00
JD Horelick
0ffb810660 Add a configuration option for ident_timeout. 2010-04-05 15:28:44 -04:00
Jilles Tjoelker
803ce385bf Fix various compiler warnings. 2010-03-27 20:09:46 +01:00
Jilles Tjoelker
5bd874eb41 Restore snotes, logs for UNRESV nick.
This bug was introduced when adding bandb.
2010-03-27 16:24:13 +01:00
Jilles Tjoelker
dca9e55257 Add propagated resvs, like klines and xlines. 2010-03-27 16:13:57 +01:00
Jilles Tjoelker
1b5d7c2e8a XLINE: Do not cluster unxlines ON specific servers.
This bug was introduced with BAN support for XLINE.
2010-03-27 16:09:26 +01:00
Jilles Tjoelker
a812a239c8 Remove unused variable. 2010-03-27 02:06:29 +01:00
Jilles Tjoelker
f89191ace9 BAN: xlines do not have oper reasons, their "reason" is already oper only. 2010-03-18 00:22:35 +01:00
Jilles Tjoelker
3cbbfb2556 Add propagated xlines, like klines. 2010-03-16 23:05:50 +01:00
Jilles Tjoelker
34e02db66b Fix a signedness comparison warning. 2010-03-16 19:13:09 +01:00
Jilles Tjoelker
1702b69419 Add option general::use_propagated_bans to allow disabling new KLINE.
If this option is yes (default), KLINE by itself sets global (propagated) bans.
If this option is no, KLINE by itself sets a local kline following cluster{},
compatible with 3.2 and older versions.
2010-03-14 17:21:20 +01:00
William Pitcock
8727cbe88a Add propagation of MLOCK state for simple modes.
Special modes like +j can be tracked easily just by adding the necessary
code to parse them to set_channel_mlock().  This will cover propagation
as well.
2010-03-07 23:13:39 -06:00
Jilles Tjoelker
5c2b9eaf48 BAN: Reject bans with insufficient non-wildcard characters.
Such bans are not applied locally, but are propagated normally.
They can only be removed on a server that applies them.

Note that normally KLINE will not accept such bans.
This is mainly for services, differing min_wildcard and
ircd changes.
2010-03-06 01:45:41 +01:00
Jilles Tjoelker
416d868ed4 Add /stats g to show propagated (global) klines. 2010-03-06 00:31:51 +01:00
Jilles Tjoelker
6229f9f83b Among bans with the same creation time, prefer the one with longest lifetime. 2010-03-05 23:16:28 +01:00
Jilles Tjoelker
9470d75a42 BAN: Avoid fake direction. 2010-03-05 22:53:35 +01:00
Jilles Tjoelker
cedb7d05b4 Remove +/- from the BAN message, instead indicating unban with duration=0.
A kline must now last at least one second since its creation time.

Also add better logic for bans that have already expired
when they come in.
2010-03-05 22:51:47 +01:00
Jilles Tjoelker
431a1a2784 Add propagated klines.
A KLINE command without the ON clause now sets a propagated
("global") ban. KLINE commands with the ON clause work as
before.

Propagated klines can only be removed with an UNKLINE command
without the ON clause, and this removes them everywhere.
In fact, they remain in a deactivated state until the latest
expiry ever used for the mask has passed.

Propagated klines are part of the netburst using a new BAN
message and capab. If such a burst has an effect, both the
server name and the original oper are shown in the server
notice.

No checks whatsoever are done on bursted klines at this time.

The system should be extended to XLINE and RESV later.

There is currently no way to list propagated klines,
but TESTLINE works normally.
2010-03-05 18:36:44 +01:00
Jilles Tjoelker
c935336b64 kline: Fix oper reasons. 2010-03-05 18:28:59 +01:00
Jilles Tjoelker
97f44d343a Skip propagated bans in rehash txlines/tresvs. 2010-03-05 00:37:56 +01:00
Jilles Tjoelker
27f616ddf5 Track who set a dline/kline/xline/resv as in ratbox3.
Like in ratbox3, there is no way to query this information
(other than bandb's tables, but they worked before this
commit).
2010-03-01 01:23:22 +01:00
Jilles Tjoelker
a12ad04472 Generate the "Temporary K-line %d min" part from aconf->hold - aconf->created. 2010-02-28 16:27:06 +01:00
Jilles Tjoelker
b52c294986 Store the creation time of klines and dlines as a time_t instead of as text.
The value 0 indicates the creation time is unknown (currently the case
for bandb).
Also store a creation time for xlines and resvs, but do not use it yet.
2010-02-28 00:46:56 +01:00
Jilles Tjoelker
3102dbdc4f Use FLAGS_SENTUSER when checking whether to register when ping cookie is received. 2010-02-24 23:28:27 +01:00
Stephen Bennett
1fb3b1e1c4 Use FLAGS_SENTUSER instead of 'user' being non-empty to decide whether to register a user on CAP END.
identd and SASL can cause source_p->user to be present without USER having been sent.
Without this change, that could cause a crash later on as localClient->fullcaps is not initialised.
2010-02-23 22:35:58 +00:00
Jilles Tjoelker
ff91faaf76 Do not penalize for spambot checks if creating a new channel. 2010-02-21 01:45:51 +01:00
Jilles Tjoelker
4eb9a3ca0b JOIN 0: Make spambot check equivalent to PART's. 2010-02-21 01:12:04 +01:00
Jilles Tjoelker
9148f6aa7c Remove dead code: last_join_time is already updated by check_spambot_warning(). 2010-02-21 01:10:04 +01:00
Jilles Tjoelker
cf3564d61f Do not check for spambot if the user is not allowed to join the channel. 2010-02-21 01:07:32 +01:00
Jilles Tjoelker
fad065bb95 challenge: Fix build. 2010-02-18 23:42:07 +01:00
William Pitcock
ed8b3d69ac Add certfp check to challenge too. 2010-02-17 23:01:25 -06:00
William Pitcock
76169ea734 Clarify ERR_NOOPERHOST and convert it to use sendto_one_numeric(). 2010-02-17 06:51:41 -06:00
William Pitcock
ff31db8473 Add support for client certificate fingerprints in o:lines. 2010-02-17 06:41:41 -06:00
Jilles Tjoelker
0cce7774d5 Subject /invite to umodes +g and +R.
The behaviour is the same as /msg except that where
/msg would send RPL_UMODEGMSG to the user, the /invite
is instead let through. This counts as a notification
for caller_id_wait like RPL_UMODEGMSG.

Checks are on the target user's server, which means an
error message will appear after RPL_INVITING.
This must be because the accept list is not globally
known.
2010-02-15 23:07:14 +01:00
Jilles Tjoelker
40b79a3908 Add missing return value. 2010-02-15 22:18:00 +01:00
Jilles Tjoelker
890af0e7c5 Subject /invite to target change.
Similar to /msg, inviting a user that is not in a channel
you have op or voice in requires a free target; opers always
have a free target.

Being invited adds the source as a reply target.
2010-02-15 22:08:55 +01:00
Jilles Tjoelker
4f2685f3e1 Move target change code to src/tgchange.c,
so we can use it for /invite as well.
2010-02-15 21:58:34 +01:00
Jilles Tjoelker
c9f01c4f2f target change: Allow free replies.
When a user receives a private message, notice or RPL_UMODEGMSG,
add the source to a special set of 5 target slots.
These slots are checked in the normal way when sending messages,
allowing a reply without using up a free target.

This feature will not be very useful if a user is being messaged
by many different users; to help this, messages blocked entirely
by +g or +R do not affect the targets. CTCP replies also remain
free in terms of targets.
2010-02-15 01:07:07 +01:00
Jilles Tjoelker
179becdf5f target change: Overwrite the least recently used target with a new one. 2010-02-15 00:31:17 +01:00
Jilles Tjoelker
ad1d39a76f Make the number of targets tracked for target change a #define. 2010-02-13 15:18:17 +01:00
Jilles Tjoelker
96bfafc1f8 testline/testgecos: Send "not an oper" message if appropriate. 2010-02-07 17:57:36 +01:00
Jilles Tjoelker
8eda114a78 Pass certfp to other servers and show it in whois. Do not show it on connect.
The server protocol for this is
:<uid> ENCAP * CERTFP :<40 hex chars>
both in new user introductions and in burst.

As in oftc-hybrid, only the user themselves and opers can see the certfp.

Displaying the certfp on connect seems unnecessary to me,
the user can whois themselves if needed.
2010-02-06 00:18:27 +01:00
Jilles Tjoelker
114105b429 Fix /links buffer overflow. 2010-01-27 21:05:10 +01:00
Jilles Tjoelker
1fd171a547 Fix op-moderate (cmode +z) for channel names with '@'. 2010-01-24 19:37:00 +01:00
Jilles Tjoelker
641eb2c3c8 Put back fb7d6089158e, not setting large_ctcp_sent for CTCP ACTION. 2010-01-20 00:03:57 +01:00
William Pitcock
2e918bf515 Merge +C (no CTCP to channels) from ircd-seven. 2010-01-19 02:11:04 -06:00
Jilles Tjoelker
3d0bbdcbe1 Do not set large_ctcp_sent for CTCP ACTION as it does not request a reply. 2010-01-14 01:12:16 +01:00
Jilles Tjoelker
a990586f4d If a removed resv was temporary, mention this in the server notice.
This agrees with xline.
2010-01-09 22:14:53 +01:00
Jilles Tjoelker
1a9ea263fa Add back unresv (permanent resv) notices. 2010-01-09 22:12:06 +01:00
Jilles Tjoelker
43d4d72ca9 Put back resv_forcepart.
This undoes erroneous revert in a3c064b3b8a2.
2010-01-09 19:08:48 +01:00
Jilles Tjoelker
70ea02ebd6 Complete the move of xlines and resvs from aconf->name to aconf->host. 2010-01-08 18:46:29 +01:00
Jilles Tjoelker
4418166c7e Do not change \s in xlines to spaces, match_esc() treats \s correctly.
This undoes erroneous revert in a3c064b3b8a2.
2010-01-08 18:13:47 +01:00
William Pitcock
00c036b172 Add back missing notices. 2010-01-07 18:17:08 -06:00
William Pitcock
23959371d0 Fix up more things with bandb. 2010-01-07 18:14:15 -06:00
William Pitcock
d4c273075e Make this work again. 2010-01-07 17:50:49 -06:00
William Pitcock
f36d4fdd54 Make this work again. 2010-01-07 17:49:08 -06:00
William Pitcock
9964e93509 Readd some oper notices. 2010-01-07 17:37:52 -06:00
William Pitcock
8bbeb278ec Update modules to use bandb_add()/bandb_del(). 2010-01-07 17:19:03 -06:00
Jilles Tjoelker
0b5cf476f5 SCAN UMODES: default list-max to 500, like a global WHO. 2010-01-01 22:55:25 +01:00
Stephen Bennett
6657de63ac Merge 2009-12-08 19:23:32 +00:00
Stephen Bennett
c127b45b83 Revert all presence-related changes 2009-12-08 19:22:55 +00:00
Jilles Tjoelker
f4d319c7ae Use full (:n!u@h) prefix for sending ETB from a user to clients. 2009-09-20 00:44:47 +02:00
Jilles Tjoelker
c2c25552ca Force part local users (not resv_exempt) on channel resv.
A notice will be sent to any force parted users that the channel
is temporarily/permanently unavailable on the server.
A new config option channel::resv_forcepart can be used to disable this.

from ircd-ratbox (dubkat)
2009-09-19 21:24:35 +02:00
Jilles Tjoelker
72d36704fc Disallow changing away status via /presence.
Allowing this desynchronizes clients and servers that
do not know about this extension without good reason.
If you want to allow this, change it to spit out the
usual AWAY protocol.
2009-06-04 00:01:57 +02:00
Jilles Tjoelker
50325a6667 Reject presence updates with too long keys, instead of truncating them
and causing soft assertion failures. Values are still
silently truncated though.
2009-06-03 23:49:50 +02:00
Jilles Tjoelker
331c548d9d Correct minimum parameter counts for PRESENCE. 2009-06-03 20:03:15 +02:00
Jilles Tjoelker
5beadfb00f ENCAPs cannot come from local clients, no need to check. 2009-06-03 19:57:27 +02:00
Jilles Tjoelker
beafd0ee32 Remove special CAP presence handling of /whois away message.
This cannot work because /whois is executed remotely too
and CAPs aren't known remotely.
2009-06-03 19:54:49 +02:00
William Pitcock
0fc5aeca53 presence: m_presence module: Use safer get_metadata() where appropriate, to avoid crash possibilities. 2009-06-02 02:55:45 -05:00
William Pitcock
f72de72bf4 presence: Use RPL_WHOISMETADATA. 2009-06-02 02:44:31 -05:00
William Pitcock
8f2d1ccf7f presence: If CLICAP_PRESENCE is enabled, then RPL_AWAY is replaced by the "away" keyword in the presence dataset.
As such, only fall back to legacy RPL_AWAY if CLICAP_PRESENCE is not set on source_p.
2009-06-02 02:17:42 -05:00