Commit graph

117 commits

Author SHA1 Message Date
Simon Arlott
62c0ac4124
ircd: s_conf: fix use of strlcpy in strip_tabs
strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.
2017-06-25 19:54:39 +01:00
Aaron Jones
2afd965b21
TLS: Partially backport the SubjectPublicKeyInfo digesting functionality
This backports the code responsible for SPKI digests from release/4.

It also adjusts doc/reference.conf to note that SPKI digests are now
supported, and how to generate them. It does NOT backport the mkfingerprint
program -- the instructions in reference.conf are sufficient. I am ofcourse
open to anyone else backporting the program, but I don't see the need.
2016-11-15 12:30:09 +00:00
William Pitcock
bc2eeb0992
Do not shadow OpenSSL-internal symbol "ssl_ok".
This is a backport of commit bfc44622
2016-06-01 16:32:26 +00:00
Aaron Jones
f55078bdc7
ircd_lexer: fix crash with very large config option strings 2016-05-14 23:58:07 +00:00
William Pitcock
d513218a9e LIST: allow channel display threshold to be configured (closes #109) 2015-12-26 22:23:28 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
63eb8567cb implement configurable channel modes (closes #31)
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time.  This is more efficient, and allows us
to report errors as part of the configuration phase.
2015-12-11 15:36:53 -06:00
William Pitcock
13d8f0edba allow certfp method to be configured 2015-12-07 01:49:30 -06:00
Jilles Tjoelker
b4a7304c94 s_conf: Split out a function. 2015-09-13 22:59:03 +02:00
Jail Bird
29c92cf95f Spring cleaning redux:
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls

Thanks Jilles!
2015-04-20 00:55:20 -05:00
Aaron Jones
c9b5cd623b Remove network_desc configuration option, never actually used anywhere 2015-03-26 14:46:54 -05:00
William Pitcock
bb2a50509a config: further EGD removal 2015-03-01 01:06:58 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Jilles Tjoelker
483987a464 Explicitly pass the current time to deactivate_conf().
Some places depend on the ban not being destroyed.
2014-09-21 15:02:43 +02:00
Keith Buck
55abcbb20a Remove trailing whitespace from all .c and .h files.
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
Keith Buck
00533129dc s_conf: Don't leak log file paths when loading default conf
This change prevents the log file paths from being leaked when
rehashing. Additionally, fname_killlog was added to two places where it
was previously forgotten.
2014-03-03 04:12:07 +00:00
Keith Buck
010c4fbdc5 s_conf: Don't leak strings when loading default conf
This change prevents conf strings from being leaked when resetting the
conf to default prior to a rehash. Additionally, some default strings
are now rb_strdup'd into the ConfigFileEntry structure after loading the
conf so that they aren't allocated and then immediately freed by the
conf loading process.
2014-03-03 03:58:40 +00:00
Keith Buck
7f3382fe98 Remove duplicate default-value code.
Default values for default_floodcount and default_ident_timeout are set
in s_conf.c. Remove code that checks for missing values in ircd.c.
Additionally, reset default_ident_timeout to 5 if an invalid value (i.e.
0) is provided.
2013-10-29 09:32:28 +00:00
Keith Buck
77d3d2dbaf Remove s_assert definition from ircd_defs.h and add it to its own header.
s_assert requires some higher-level functionality that shouldn't be
present in ircd_defs.h. ircd_defs.h is used by ssld, which has no notion
of logging or sending IRC messages. Additionally, some of the headers
s_assert depends on result in conflicting definitions in ssld.c.

This change also fixes the compile when using --enable-assert=soft.
2013-09-10 06:10:14 +00:00
Quora Dodrill
2c0450fb60 src/s_conf: Avoid re-inventing the wheel 2013-08-14 15:45:35 -07:00
Quora Dodrill
a576a0fe64 src/s_conf: More detailed error messages conforming to POSIX errno
When the configuration file is unreadable or not existing, charybdis will now report the POSIX error message from the failed call. This is a compromise between the behavior in f951460ae9 and f6f049070e.
2013-08-14 15:30:15 -07:00
Quora Dodrill
f951460ae9 src/s_conf: Moved error notification to proper place
Previously it was in src/ircd.c, but accroding to jilles, this is a better place for the notification.

This changes a patch made in adef4da10c and amended in 65d921173c and f6f049070e.
2013-08-14 14:28:11 -07:00
Keith Buck
7d60375446 Add new conf_read_start and conf_read_end hooks. 2012-05-21 20:22:07 +00:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00
Jilles Tjoelker
d42e6915cf Pace aways.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).

Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
2012-02-18 16:32:57 +01:00
Keith Buck
e88a1f1b15 Add ratelimit for high-bandwidth commands. 2012-02-18 03:54:44 +00:00
William Pitcock
b583faf970 Add support for customizing the usable nick length.
This adds a new ISUPPORT token, NICKLEN_USABLE which is strictly an informative value.
NICKLEN is always the maximum runtime NICKLEN supported by the IRCd, as other servers may
have their own usable NICKLEN settings.  As NICKLEN_USABLE is strictly informative, and
NICKLEN is always the maximum possible NICKLEN, any clients which depend on NICKLEN for
memory preallocation will be unaffected by runtime changes to NICKLEN_USABLE.

The default NICKLEN is 50; the default serverinfo::nicklen in the config file is set to
30, which is the NICKLEN presently used on StaticBox.
2011-11-29 16:10:21 -06:00
Jilles Tjoelker
c55b2782fc Properly update 004/005 when a rehash changes use_forward. 2011-10-25 00:38:27 +02:00
Jilles Tjoelker
894325fe41 Force client_flood_burst_rate and client_flood_burst_rate to at least rfc1459 values (5). 2011-10-04 22:16:01 +02:00
Jilles Tjoelker
41ca4cac35 Enforce the average allowed send rate is at least the one allowed by rfc1459. 2011-10-04 00:13:53 +02:00
Jilles Tjoelker
2da6f6ebd7 Put back use_forward. 2011-09-25 16:22:29 +02:00
Elizabeth Jennifer Myers
765d839d3c Port ircd-seven banfowards to charybdis.
nenolod gave the thumbs-up to port ircd-seven banfowards to charybdis to spb
for a while, and people have asked about it. Might as well do it since it's a
slow weekend.

Note that as a side effect use_forward is removed from the config and
unconditionally enabled!
2011-08-12 20:33:10 -04:00
Stephen Bennett
e6e54763d9 Make flood control settings configurable by those who know exactly what they're doing.
From ircd-seven git changeset 29aa4203150337925a4f5c6e7da47be5394c2125 .
2011-03-27 16:35:26 -04:00
Stephen Bennett
0c512421c5 Add default for disable_local_channels. Missed this last time. 2010-12-21 20:53:39 +00:00
JD Horelick
eac04554fd Fix some various warnings.
Some from ShadowIRCd, one from ircd-seven.
2010-11-14 16:51:27 -05:00
Jilles Tjoelker
717238d2a2 Add target change for channels.
This has a separate enabling option channel::channel_target_change.

It applies to PRIVMSG, NOTICE and TOPIC by unvoiced unopped non-opers.

The same slots are used for channels and users.
2010-08-29 01:26:00 +02:00
Jilles Tjoelker
15f92147c7 Make number_per_ident actually apply to unidented connections as well,
as documented in reference.conf.

Noticed by: spb
2010-06-09 21:22:47 +02:00
JD Horelick
944b0584ea Change config option for ident_timeout to default_ident_timeout as jilles
recommended.
2010-04-05 16:29:11 -04:00
JD Horelick
0ffb810660 Add a configuration option for ident_timeout. 2010-04-05 15:28:44 -04:00
Jilles Tjoelker
803ce385bf Fix various compiler warnings. 2010-03-27 20:09:46 +01:00
Jilles Tjoelker
3cbbfb2556 Add propagated xlines, like klines. 2010-03-16 23:05:50 +01:00
Jilles Tjoelker
1702b69419 Add option general::use_propagated_bans to allow disabling new KLINE.
If this option is yes (default), KLINE by itself sets global (propagated) bans.
If this option is no, KLINE by itself sets a local kline following cluster{},
compatible with 3.2 and older versions.
2010-03-14 17:21:20 +01:00
Jilles Tjoelker
778dd56bf2 Show d/kline setter to opers in stats/testline. 2010-03-06 22:37:42 +01:00
Jilles Tjoelker
5c2b9eaf48 BAN: Reject bans with insufficient non-wildcard characters.
Such bans are not applied locally, but are propagated normally.
They can only be removed on a server that applies them.

Note that normally KLINE will not accept such bans.
This is mainly for services, differing min_wildcard and
ircd changes.
2010-03-06 01:45:41 +01:00
Jilles Tjoelker
431a1a2784 Add propagated klines.
A KLINE command without the ON clause now sets a propagated
("global") ban. KLINE commands with the ON clause work as
before.

Propagated klines can only be removed with an UNKLINE command
without the ON clause, and this removes them everywhere.
In fact, they remain in a deactivated state until the latest
expiry ever used for the mask has passed.

Propagated klines are part of the netburst using a new BAN
message and capab. If such a burst has an effect, both the
server name and the original oper are shown in the server
notice.

No checks whatsoever are done on bursted klines at this time.

The system should be extended to XLINE and RESV later.

There is currently no way to list propagated klines,
but TESTLINE works normally.
2010-03-05 18:36:44 +01:00
Jilles Tjoelker
9197bc355e Add code to expire "propagated" bans.
The data structure is very simple: a dlink list of all propagated bans.
2010-03-04 00:21:22 +01:00
Jilles Tjoelker
27f616ddf5 Track who set a dline/kline/xline/resv as in ratbox3.
Like in ratbox3, there is no way to query this information
(other than bandb's tables, but they worked before this
commit).
2010-03-01 01:23:22 +01:00
Jilles Tjoelker
a12ad04472 Generate the "Temporary K-line %d min" part from aconf->hold - aconf->created. 2010-02-28 16:27:06 +01:00
Jilles Tjoelker
b52c294986 Store the creation time of klines and dlines as a time_t instead of as text.
The value 0 indicates the creation time is unknown (currently the case
for bandb).
Also store a creation time for xlines and resvs, but do not use it yet.
2010-02-28 00:46:56 +01:00
Jilles Tjoelker
1815320d3b Remove more old kline.conf stuff.
Make sure to recompile modules, stuff has been removed
close to the start of ConfigFileEntry.
2010-02-22 19:31:05 +01:00