Commit graph

1026 commits

Author SHA1 Message Date
Stephen Bennett
ed775e9bb4
Make auto-accept on message conditional on oper:always_message, not oper:general. This updates the test to match current behaviour of +g 2022-11-03 14:43:59 +00:00
Aaron Jones
1548c14021
extensions/umode_hide_idle_time: mask times for hidden sources (#373)
If the user performing a WHOIS has hidden their idle time (is umode +I),
also prevent them from seeing other user's idle times, even if said users
are not themselves umode +I.

Suggested-by: @Unit193
2022-10-21 08:01:41 +00:00
Ed Kellett
06c5309534 m_sasl: Remove implicit abort on registration
This doesn't make sense in a world where post-registration SASL is
allowed, and should fix one case of an annoying login desync that's seen
in the real world.

Specifically, when a client sends its final AUTHENTICATE and Atheme
receives it, it sends an SVSLOGIN for that client. If the client sends
us its CAP END *before* we see the SVSLOGIN, the implicit abort will try
to abort the SASL session that's already succeeded.

Atheme interprets this as an instruction to forget about the successful
SASL session; you'll connect unidentified. But it's already sent
SVSLOGIN, which will log the client in ircd-side, causing ircd and
services views to differ until the user authenticates again manually.

I think allowing a SASL session to be aborted when it has already
succeeded is an Atheme bug, and it can still be triggered without this
change. But our behaviour here seems silly anyway.
2022-10-06 17:06:28 -04:00
Jess Porter
00ba30c175
Add oper:free_target (#374)
Co-authored-by: Ed Kellett <e@kellett.im>
2022-09-26 19:50:11 +01:00
David Schultz
01fb744c40
Add umode +I to allow users to hide their idle time (#220) 2022-08-30 16:49:43 -04:00
jailbird777
8e9a741832 OpenSSL 3.0 compatibility
Edited by @aaronmdjones:

- Correct some data types and casts

- Minor style fixups (e.g. we put * on the variable name not the type)

- librb/src/openssl.c:

  - Defer call of BIO_free(3ssl) to the end of the conditional block
    to avoid having calls to it in multiple paths

  - Check the return value of SSL_CTX_set0_tmp_dh_pkey(3ssl) because if
    it fails then we must use EVP_PKEY_free(3ssl) to avoid a memory leak

    This could fail if, for example, the user supplied DSA parameters
    in the DH parameters file instead.

- ircd/newconf.c:

  - Check whether OSSL_DECODER_CTX_new_for_pkey(3ssl) was able to parse
    the given CHALLANGE public key as a valid RSA public key, and then
    check whether OSSL_DECODER_from_bio(3ssl) actually loads it
    successfully

- ircd/s_newconf.c:

  - Use EVP_PKEY_free(3ssl) instead of OPENSSL_free(3ssl) on EVP_PKEY
    pointers; this will avoid inadvertent memory leaks if the EVP_PKEY
    structure contains any dynamically-allocated child members

- modules/m_challenge.c:

  - Unconditionally use EVP(3ssl) to generate the SHA-1 digest of the
    random challenge; this API has been around for a very long time and
    is available in all supported versions of OpenSSL

  - Add lots of error checking to all steps of the process

Tested against 1.1.1 and 3.0; both with missing and provided DH parameters
(which works as you'd expect; the server will not negotiate a DHE cipher
without them), and CHALLENGE, including missing keys or keys of the wrong
type (e.g. when you supply an EdDSA key instead of an RSA key).

This does break compatibility with OpenSSL 1.1.0 and below, which are now
all end-of-life and unsupported anyway.

Closes #357
2022-08-25 00:36:47 +00:00
Doug Freed
689afc7c51 m_stats: z: remove unnecessary casting and fix format strings 2022-08-24 20:31:08 -04:00
Doug Freed
7c5b4dbba7 m_stats: z: restore total memory display 2022-08-24 20:31:08 -04:00
Doug Freed
b951e21b5d um_regonlymsg: prevent unregistered users from NOTICEing +R users too 2022-08-24 17:16:39 -04:00
Jess Porter
fdd8cad93f
EBMASK capab, to burst BMASK metadata (#354) 2022-08-20 01:35:54 +01:00
Jess Porter
a5192806a9
send "End of burst" snote to L_NETWIDE (#356) 2022-08-19 03:17:05 +01:00
Matthew Martin
5c01fc8bd7 Cast time_t to long long when printing 2022-07-01 03:43:36 -04:00
Jess Porter
12cee8ab78
global masktrace doesn't need to be an operspy action 2022-07-01 00:07:02 +01:00
Jess Porter
5a3e99829a
refuse opers setting an invalidly long k-line reason 2022-06-30 23:59:17 +01:00
JailBird
62f6351d90 Illumos fixes
- getexecname(3) returns const char *
- pid_t is long
2022-06-29 20:28:11 -04:00
Matthew Martin
57aa79acb8 Normalize snprintf size to use sizeof where possible 2022-06-24 01:42:08 -04:00
Jess Porter
8e239de831
don't truncate operspy WHO 2022-06-10 18:15:56 +01:00
Eric Mertens
48a06ae3d7
Add description parameter to auth blocks (#327) 2022-04-14 14:39:45 -07:00
Eric Mertens
b2fa28dd95
Apply cmode C to replies (#328) 2022-04-14 13:14:12 -07:00
Stephen Bennett
2f596395fa
Make opers talking through +g controllable by user mode +M (#275)
Times out after 30 minutes, and adds oper:always_message privilege for
bots and services to always talk through +g
2022-04-12 17:54:58 -04:00
Ed Kellett
b5bf350512 m_list: fail on invalid parameters
Loose port of 6ea60b2297948211925e22bd1f284179d680b4ae. I've chosen to
reduce indentation where it's convenient, and I'm allowing >-[0-9] as a
way of specifying a minimum of 0 because... I don't know, it just seems
neater to me.
2021-10-20 11:35:53 +01:00
Ed Kellett
e7f0aea682 m_list: Treat valid names with wildcards as masks
* and ? are valid characters for channel names on IRC, and ELIST M gives
no way to distinguish between `LIST #foo-*` that's meant to search for
channels beginning `#foo-` and `LIST #foo-*` that's meant to list one
channel named literally `#foo-*`.

In order to deal with this, we will always assume a name with wildcards
is a mask. If it's also a channel name, that will be listed first.
2021-10-19 23:33:48 +01:00
Ed Kellett
1788e55713 Support *mask* and !*mask* in LIST 2021-10-19 23:33:48 +01:00
Ed Kellett
31db8f0094
m_names: use ITER_COMM_CHANNELS 2021-10-17 17:36:53 +01:00
Ryan Schmidt
cb317c5e4a
Send RPL_ENDOFTRACE on local /etrace 2021-09-23 20:49:30 +01:00
Eric Mertens
82436efb60
hook_fn casts were hiding UB (#265) 2021-08-19 20:09:40 -07:00
Eric Mertens
e83449d5be
Stop announcing SASL cap changes on services split/join (#263) 2021-08-15 16:25:46 -07:00
jesopo
540c3a8a05
ERR_USERONCHANNEL when following a forward is missing a param 2021-08-15 05:15:27 +01:00
jailbird777
8f0c3422e7 Remove Windows support 2021-07-30 14:17:47 -04:00
Melissa Draper
e4a62bbc85 Create configurations for user-facing messages within registration (#238) 2021-07-29 21:44:23 -04:00
Melissa Draper
05bc814d83 Create configurable client rejection message for SASL only (#236) 2021-07-29 21:44:23 -04:00
Aaron Jones
1854aa25a7
modules/core/m_message.c: align comments about idle time (#252) 2021-07-18 20:56:24 -07:00
Doug Freed
52f1947f56
m_services: delete nick delay on RSFNC 2021-07-16 12:24:33 -04:00
Ed Kellett
883ac66b20 kick,remove: don't confuse source and target membership 2021-07-13 23:50:03 +01:00
Ed Kellett
c7496b6fb7 m_dline: make the private reason private 2021-07-13 23:38:59 +01:00
Ed Kellett
c5d7c5ed44 um_regonlymsg: copy auto-accept logic from +g 2021-07-10 21:27:13 +01:00
Ariadne Conill
81531536aa
Remove ziplinks (#218) 2021-06-26 17:45:52 +01:00
Ed Kellett
ad0bbd9b3d um_callerid: Only people can have common channels 2021-06-24 18:30:59 +01:00
Ed Kellett
f1d265d177 m_userhost: hide user's own IP if iline spoofed 2021-06-13 18:26:49 +01:00
Ed Kellett
20066eae1f Manage IsDynSpoof when effecting a (post-reg) SIGNON 2021-06-08 23:17:18 +01:00
Ed Kellett
16a2d0c9d3 Use MayHavePrivilege for oper:message 2021-06-08 22:13:10 +01:00
Ed Kellett
ce376a21cc Keep propagated bans in a dictionary, not a list 2021-06-08 21:57:43 +01:00
Aaron Jones
8b7110d6ba modules/m_sasl.c: use IsSecure() instead of IsSSL()
Further to our implementation of the concept of "secure origins", we can
indicate to services that the client is connected securely, rather than
just that the client is using TLS. For example, connections from the
local host (from the IRCd's perspective) can be considered secure
against eavesdropping.

Allow this to factor into services' decision on whether to allow an SASL
negotiation or not. Atheme currently assumes this means the client is
using TLS, but I have changed that in atheme/atheme@412d50103c
2021-06-08 04:59:43 +00:00
Ed Kellett
ea51635c01 m_whois: show services even if they lack opernames 2021-06-05 20:21:45 +01:00
Ed Kellett
96f6804b24 m_whois: put opername/privset in RPL_WHOISOPERATOR
Show just the opername if you're an oper the target is not hidden from
and you don't have oper:privs.

close #100
2021-06-05 20:21:45 +01:00
Ed Kellett
eeaea74616 Allow privset-less OPER bursting 2021-06-05 19:42:18 +01:00
Ed Kellett
53b209c748 m_oper: receive ircd-seven-style opernames 2021-06-05 19:42:18 +01:00
megubyte
cad61c9d1a
m_invite: send message tags (#173) 2021-06-05 15:57:03 +01:00
Ariadne Conill
3fc0499e77
Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
Ed Kellett
3ff5a12e75
Allow temporary K-lines to extend shorter ones (#142)
* Temp K-lines may extend shorter temp K-lines

* /unkline removes multiple matching K-lines

* K-lines remove any temp K-lines they're replacing
2021-04-27 14:45:04 +01:00