Ed Kellett
f53d2f45de
Refactor check_one_kline a tiny bit
2020-04-19 01:45:33 +01:00
Aaron Jones
baef55657e
Merge pull request #311 from qaisjp/patch-2
...
readme: fix macOS instructions
2020-03-15 22:14:26 +00:00
Qais Patankar
c0d82abefc
readme: fix macOS instructions
2020-03-15 22:06:42 +00:00
Aaron Jones
6cfb19943a
extensions/extb_ssl.c: make certfp parameter case-insensitive
...
I had the idea that maybe these should be case-sensitive because some
encodings (like Base-64) are. But it turns out it's better to
prioritise not breaking existing configurations / channel mode lists,
and just revisit this in future maybe.
[ci skip]
2020-01-28 20:48:23 +00:00
Aaron Jones
e0a8d121fa
extensions/extb_ssl.c: port e0f1c3b5bc
& 5572f43834
...
Reported-by: Opal Hart <opal@wowana.me>
2020-01-28 20:37:39 +00:00
Simon Arlott
155ecb7a7a
tests: Check sendto_wallops_flags works with format strings
2020-01-11 16:26:10 +00:00
Aaron Jones
b50e5b28d4
Merge pull request #308 from edk0/with-asan
...
Add --with-asan to build with asan
2020-01-10 15:36:06 +00:00
Ed Kellett
30a14c5884
Link asan in a clang-friendly way
2020-01-10 15:32:35 +00:00
Ed Kellett
6d17463554
Add --with-asan to build with asan
2020-01-06 23:46:44 +00:00
Aaron Jones
673fd77dd1
Merge pull request #304 from edk0/reject-expired
...
reject: Don't reject for expired K-lines
2020-01-03 17:33:10 +00:00
Ed Kellett
6cd12661af
reject: reorder to avoid leaks
2020-01-03 17:07:25 +00:00
Ed Kellett
b9c43bc08a
reject: Don't reject for expired K-lines
2020-01-03 16:24:36 +00:00
Aaron Jones
6cac5cce0f
Merge pull request #302 from edk0/sasl-usercloak
...
Import extensions/sasl_usercloak from ircd-seven
2020-01-02 20:31:06 +00:00
Aaron Jones
28e12fad3c
Merge pull request #297 from bmwiedemann/date
...
Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
2020-01-02 20:29:13 +00:00
Aaron Jones
1a7927bb87
Merge pull request #303 from edk0/modreload-uaf
...
modules: fix use-after-free when reloading
2020-01-02 17:24:44 +00:00
Aaron Jones
cd39eef71e
Merge pull request #301 from edk0/reject-free-fix-fix
...
Remove from the list of propagated bans on expiry
2020-01-02 17:24:25 +00:00
Ed Kellett
6aa5c725ff
modules: fix use-after-free when reloading
2020-01-02 16:45:15 +00:00
Ed Kellett
b44f6669d8
sasl_usercloak: fix typo in format string
...
thanks @ProgVal
2020-01-02 16:29:23 +00:00
Ed Kellett
cdeca37ec3
sasl_usercloak: make the magic string more specific
...
Require '/account' at the end of the spoof, rather than
'account' anywhere.
2020-01-02 16:15:51 +00:00
Ed Kellett
5d5603b6ef
sasl_usercloak: modernize
2020-01-02 16:15:50 +00:00
Ed Kellett
11ae52095f
Remove duplicated notify_banned_client
2020-01-02 03:36:34 +00:00
Ed Kellett
5958d6b99b
sasl_usercloak: check K-lines after host change
2020-01-02 03:36:34 +00:00
Ed Kellett
40c4d9d85b
Revert "recheck users after applying SASL account cloaks"
...
This reverts commit 4d401d3c60019cf96b07a012106cab9678b7a79d.
2020-01-02 03:36:34 +00:00
Ed Kellett
5aeeea187e
recheck users after applying SASL account cloaks
...
(so K-lines on them will take effect properly)
2020-01-02 03:36:34 +00:00
Stephen Bennett
dae6f5dbee
Make sasl_usercloak.so update the original host, as well as the visible host if it hasn't already changed. Allows for the sasl spoof to be used to override services ones in some circumstances.
2020-01-02 03:36:34 +00:00
Stephen Bennett
271ddd99d7
Be sure to zero out host buffer before using it
2020-01-02 03:36:34 +00:00
Stephen Bennett
721410d575
Add sasl_usercloak module, to allow injecting SASL account name into a user's host on connection
2020-01-02 03:36:24 +00:00
Ed Kellett
0a7faba63d
Remove from the list of propagated bans on expiry
...
Fixes a use-after-free introduced in 548e31d3b
, which fixed a related
use-after-free introduced in a9536f755
.
2020-01-02 00:03:06 +00:00
Aaron Jones
b21c1403c6
Merge pull request #300 from edk0/reject-free-fix
...
Fix a use-after-free introduced in #298
2020-01-01 08:57:52 +00:00
Ed Kellett
548e31d3bd
Fix a place aconfs could be freed while referenced
...
(not a bug until a9536f755
since bans were not referenced before)
2020-01-01 08:51:53 +00:00
Aaron Jones
5eb10743f9
Merge pull request #299 from edk0/tkline-reason
...
Add config option to hide durations of temporary K/D-lines
2019-12-31 08:00:24 +00:00
Aaron Jones
008a1b9d8d
Merge pull request #298 from edk0/rejectcache
...
Remember and send reasons for rejectcache rejections
2019-12-31 07:59:56 +00:00
Ed Kellett
6292d72bbf
Add hide_tkdline_duration to documentation .confs
2019-12-31 01:56:05 +00:00
Ed Kellett
9914c013b4
Add general::hide_tkdline_duration
2019-12-31 01:56:01 +00:00
Ed Kellett
a9536f755c
reject: Remember and send reasons for rejections
...
rejectcache entries can now use either a K-line aconf or a static
string as a reason. This will be sent in a 465 numeric before the usual
ERROR. In the case of K-lines, it resembles the 465 you would have been
sent without being rejected:
; nc -s 127.6.6.6 127.0.0.1 5000
:staberinde.local 465 * :You are banned from this server- Temporary
K-line 4320 min. - abc123 (2019/12/31 01.07)
ERROR :Closing Link: (*** Banned (cache))
; nc -s 127.128.0.0 127.0.0.1 5000
:staberinde.local 465 * :You are not authorised to use this server.
ERROR :Closing Link: (*** Banned (cache))
2019-12-31 01:35:31 +00:00
Bernhard M. Wiedemann
1b0319448c
Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
...
to make the package build reproducible by default without
everyone having to discover the custom variable.
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.
This code assigns the plain integer to keep the code simple.
Otherwise we would have to deal with differences between GNU date
and BSD date or include extra build deps like perl or python.
2019-12-06 18:32:46 +01:00
Aaron Jones
7b8e4c0967
Merge pull request #296 from edk0/modreload
...
m_modules: make modreload work like restart
2019-11-17 19:12:03 +00:00
Ed Kellett
7b6410135b
m_modules: make modreload work like restart
...
/modrestart used to be implemented as a normal command and could crash
when used remotely because it would reload m_encap, which was on the
call stack at the time. This was fixed in 41390bfe5f
. However,
/modreload has exactly the same problem, so I'm giving it the
same treatment.
Incidentally: This bug was first discovered in ircd-seven, where the
`/mod*` commands themselves live in the core, so m_encap was the only way
the crash could happen (and it didn't most of the time, because m_encap
would only be moved if you got unlucky). But `/mod*` are in modules in
charybdis, so /modrestart would have unloaded the code it was in the
middle of executing. With that in mind, I'm not sure how it ever
appeared to work.
2019-11-17 18:01:51 +00:00
Aaron Jones
58a7048006
Merge pull request #287 from edk0/filter
...
Add extensions/filter (port from ircd-seven)
2019-10-22 18:33:51 +00:00
Ed Kellett
09784400f2
filter: avoid a memory leak per @amdj
2019-10-22 18:44:19 +01:00
Aaron Jones
a52d84f723
Merge pull request #293 from edk0/webirc
...
m_webirc: improve TLS handling
2019-10-22 16:17:33 +00:00
Aaron Jones
9e6c36d571
Merge pull request #294 from edk0/deny-webirc-auth
...
m_webirc: deny using webirc. as a real auth block
2019-10-22 16:16:36 +00:00
Ed Kellett
8ffc517321
m_webirc: deny using webirc. as a real auth block
2019-10-20 18:41:39 +01:00
Ed Kellett
cccda2ff2f
m_webirc: it's "TLS" to you
2019-10-20 18:18:32 +01:00
Ed Kellett
11ef0e2b98
m_webirc: don't bail out when denying 'secure'
2019-10-20 18:18:32 +01:00
Ed Kellett
a6b97b7d88
m_webirc: const-correctness
2019-10-20 18:18:27 +01:00
Ed Kellett
d6c813780f
m_webirc: respect ircv3's secure
option
2019-10-20 18:17:34 +01:00
Ed Kellett
ab4420cbbe
m_webirc: enforce need_ssl
2019-10-20 18:17:33 +01:00
Aaron Jones
ac0ae805d7
tests/Makefile.am: check-local: don't depend on extensions/*
...
This breaks if a file in extensions/ doesn't get built due to
conditional compilation, and the tests don't need anything
under extensions/ anyway.
2019-10-07 03:49:00 +00:00
Aaron Jones
2357449084
Merge pull request #286 from edk0/strip-unprintable
...
strip_unprintable: Don't strip all bytes with the MSB set
2019-10-06 22:23:59 +00:00