Commit graph

2121 commits

Author SHA1 Message Date
Jilles Tjoelker
e124e4b64c starttls: Update for client fd hash removal. 2015-12-24 23:01:37 +01:00
William Pitcock
a5ddb7df2e ssld: check conn->plain_fd when setting conn->plain_fd type to RB_FD_SOCKET 2015-12-16 07:32:12 -06:00
William Pitcock
a2bc8af8c5 extb_combi: relax recursion and complexity limits now that bancache for unjoined users is fixed 2015-12-13 11:38:27 -06:00
William Pitcock
bcbc6bd9e1 channel: actually store the last checked client pointer 2015-12-13 11:25:15 -06:00
William Pitcock
2749c37c43 extb_combi: tighten up recursion depth 2015-12-13 11:22:47 -06:00
William Pitcock
9145dc0956 extb_combi: allow up to 5 children nodes 2015-12-13 11:09:15 -06:00
William Pitcock
5984986bcf extb_combi: if there are more nodes than allowed, return EXTBAN_INVALID 2015-12-13 11:06:04 -06:00
William Pitcock
2e548a8a04 extb_combi: try limiting the number of allowed nodes per depth to 3 2015-12-13 10:58:05 -06:00
William Pitcock
0a604c72a3 sslproc: handle ssl_cipher_list being NULL better 2015-12-13 09:42:12 -06:00
William Pitcock
1e8138afb0 channel: actually, use bancache invalidation as the metric for the duplication check
any state change which would cause the duplicate check to change would invalidate bancache as a whole anyway
2015-12-13 08:17:04 -06:00
William Pitcock
2f9687c48c channel: cache duplicate calls to is_banned() and is_quieted() 2015-12-13 08:13:52 -06:00
William Pitcock
c42a66be2e sslproc: garbage collect dead ssld resources every minute 2015-12-13 07:58:50 -06:00
William Pitcock
d63f3f80f0 extb_combi: implement a recursion guard 2015-12-13 07:50:02 -06:00
Jilles Tjoelker
2d28539c68 Reduce clean_nick() code duplication further.
Side effect: hurt and monitor now allow nicks starting with a digit.
2015-12-13 00:22:21 +01:00
William Pitcock
e1fda0d81e map: make flatten_links dump a flattened map instead of blocking it (closes #48)
based on my patches in shadowircd legacy (4.0)
2015-12-12 09:24:37 -06:00
William Pitcock
413c61aaf5 monitor: ensure monitored nicknames are valid (ref. elemental-ircd/elemental-ircd#187) 2015-12-12 08:42:03 -06:00
William Pitcock
72dee03d50 clean up some code duplication when checking nicks for validity 2015-12-12 08:41:09 -06:00
William Pitcock
7233e364cc gnutls: fix typo 2015-12-12 08:19:58 -06:00
William Pitcock
673ec98e71 gnutls: allow priorities to be configured 2015-12-12 08:03:59 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
b5b4a0e79b client: use sequential connection ids for ssld connections in ssld RPC, instead of the file descriptor
this avoids race conditions when a file descriptor is reused and an ssld worker has not acked that the previous
connection was closed, which results in the new client being kicked.
2015-12-12 05:20:51 -06:00
William Pitcock
94356462c0 ssld: use uint64_t explicitly when we want 64-bit counters 2015-12-12 04:51:43 -06:00
William Pitcock
74ff144d33 ssld: fix a type warning pointed out by clang 2015-12-12 04:50:35 -06:00
William Pitcock
6cd1aca7f1 ssld: take inbuf/outbuf out of global scope, since its unnecessary 2015-12-12 04:50:15 -06:00
William Pitcock
4952e40b7e newconf: fix error message on channel::autochanmodes 2015-12-12 00:33:46 -06:00
William Pitcock
5225f83df1 libratbox: import zstring functions 2015-12-11 15:56:33 -06:00
William Pitcock
63eb8567cb implement configurable channel modes (closes #31)
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time.  This is more efficient, and allows us
to report errors as part of the configuration phase.
2015-12-11 15:36:53 -06:00
William Pitcock
bac8c4829f config.h.dist: resync with config.h (closes #14) 2015-12-11 12:14:34 -06:00
William Pitcock
7c16cc9085 libratbox: implement nossl variants of rb_get_ssl_certfp() and rb_get_ssl_cipher() 2015-12-11 08:36:21 -06:00
William Pitcock
42dbc23943 ssld: enable sending SSL cipher information if available 2015-12-11 08:32:19 -06:00
William Pitcock
833b2f9cbf libratbox: implement rb_get_ssl_cipher() 2015-12-11 08:32:02 -06:00
William Pitcock
427a8d5dbb WHOIS: use cipher string if available 2015-12-11 08:20:11 -06:00
William Pitcock
ebe33dbfab sslproc: set Client.localClient.cipher_string if sent by ssld 2015-12-11 08:19:50 -06:00
William Pitcock
196740c42b sslproc: likewise 2015-12-10 23:44:31 -06:00
William Pitcock
408a29c65a ssld: integrate some cleanups from ratbox 3.1 2015-12-10 23:40:24 -06:00
William Pitcock
d44660305f update NEWS documenting availability of combination extbans 2015-12-10 02:28:52 -06:00
William Pitcock
98c645cadb document extb_combi and extb_hostmask bans (closes #74) 2015-12-10 02:27:08 -06:00
William Pitcock
e2a9fa9cab extenions: add a $m: extban (ref #74) 2015-12-10 02:25:22 -06:00
William Pitcock
4ef511ebb8 import marienz's extb_combi module (ref #74) 2015-12-10 02:20:58 -06:00
William Pitcock
7801d174d7 Revert "extban: implement helper functions for stackable extbans (part 1) (ref #74)"
This reverts commit 304bd0d095.
2015-12-10 02:19:21 -06:00
William Pitcock
304bd0d095 extban: implement helper functions for stackable extbans (part 1) (ref #74) 2015-12-10 01:33:30 -06:00
William Pitcock
202d496644 override: only engage override code if we're needing to authorize a WRITE to a channel's state (closes #65) 2015-12-10 01:00:32 -06:00
William Pitcock
c7708a0994 ssld: update for protocol changes 2015-12-08 14:26:26 -06:00
William Pitcock
509088aaee update NEWS to note that CertFP methods are now configurable 2015-12-07 01:52:16 -06:00
William Pitcock
13d8f0edba allow certfp method to be configured 2015-12-07 01:49:30 -06:00
William Pitcock
772c95cc7a ssld: we only will continue supporting one fingerprint method at a time 2015-12-07 01:21:26 -06:00
William Pitcock
fced7b416b Merge branch 'master' of github.com:atheme/charybdis 2015-12-07 01:15:00 -06:00
Elizabeth Myers
e6bbb41030 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:14:02 -06:00
Elizabeth Myers
c33349ec21 Add ability to change CertFP hash.
Presently this only supports SHA1, as the machinery to actually change
the cipher is not hooked up to anything yet.
2015-12-07 01:11:12 -06:00
William Pitcock
653e3ca512 update copyright on NEWS (haha) 2015-12-05 07:18:35 -06:00