- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls
Thanks Jilles!
* src/packet.c: Remove a dead store
* src/res.c: Remove a dead store
* src/sslproc.c: Remove a dead store
* src/sslproc.c: Don't call the same accessor twice
These silence some fairly harmless compiler warnings
sendto_local_clients_with_capability() sends to a subset of the list of
local clients and cannot visit the same client multiple times like
sendto_channel_flags() and sendto_common_channels_local() can.
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
Other code (inet_ntop6() in libratbox/src/commio.c and
extensions/m_webirc.c) ensures the sockhost does not start with a colon.
Checking only here does not make sense.
Reported by: Attila
Some code to append "domain" from /etc/resolv.conf to unqualified names (for
server connections) erroneously applied to names from reverse DNS lookups as
well.
The effect was that "domain" from /etc/resolv.conf was appended to
"localhost", even though the DNS server intended "localhost" to be a fully
qualified name.
When bandb sends the ban list, it first sends 'C', then all bans and
finally 'F'. Only when 'F' is sent is ircd supposed to apply the bans.
Because of a missing break, 'C' also did 'F', clearing the ircd active
permanent bans until bandb sent 'F'.
The effect is pretty limited because having bandb send the ban list via
/rehash bans is uncommon and most bans will be enforced when reset.
This check was erroneously removed when fixing /mode #channel f when +f is
mlocked. Mlock checks were restricted to the places requiring chanops
(other than viewing +eI lists); cmode +L/+P do not require chanops, but
still constitute a mode change that must be checked against mlock.
After a change for dynamic server capabilities, the code to send out mode
changes was changed to use the capabilities belonging to the last mode
being sent out. This does not make sense; therefore, just use no
capabilities and remove supporting infrastructure.
The code to send each channel mode only to servers supporting it was
broken a while ago and was not very useful anyway. Therefore, require
all connecting servers to support all standard channel modes.
Fixes compilation warning about losing const qualifier in assignment to
non-const variable
(cherry picked from commit 6d9c3f50944e1da3bf3a1be6454f85d6d6f7ab37)
This change prevents the log file paths from being leaked when
rehashing. Additionally, fname_killlog was added to two places where it
was previously forgotten.
This change prevents conf strings from being leaked when resetting the
conf to default prior to a rehash. Additionally, some default strings
are now rb_strdup'd into the ConfigFileEntry structure after loading the
conf so that they aren't allocated and then immediately freed by the
conf loading process.
The MASK_IP case in log_client_name() was broken (because of a missing
break, it behaved as HIDE_IP). However, log_client_name() with MASK_IP
does not make sense anyway and is not used.
If a listening port cannot be opened, send error messages to opers with
snomask +s and ircd.log, instead of snomask +d and the ioerror log, which
both are usually disabled.
Also, restore information about what listener is having problems. This
was lost when report_error() was replaced.
Charybdis currently leaks about 45-50k per configuration parse,
including every rehash. This change plugs these leaks by properly
iterating through all conf_parm_t structures to seek all strings that
should be freed and also by freeing the conf_parm_t structures
themselves.
These leaks have been present since the original rewrite of the
configuration parsing system in ircd-ratbox r11953.
Additionally, this change also cleans up and documents the parsing code
a bit.
Default values for default_floodcount and default_ident_timeout are set
in s_conf.c. Remove code that checks for missing values in ircd.c.
Additionally, reset default_ident_timeout to 5 if an invalid value (i.e.
0) is provided.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().
Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
For one, [draft-brocklesby-irc-isupport-02][1] already defines "ascii" as the
default value. According to section 2 ("Except as
explicitly stated in its definition, a parameter should not be sent
unless it changes this default value, or the default value is vague,
badly defined, or differs between IRC server implementations"), there is
no point in sending it.
For another, [version 03 of the same draft][2] removes CHARSET ("It was
found to be unworkable; a correct specification could not be devised to
represent its meaning across implementations."), and the token is not
present at all in [draft-hardy-irc-isupport-00][3].
[1]: https://tools.ietf.org/html/draft-brocklesby-irc-isupport-02#section-3.17
[2]: https://tools.ietf.org/html/draft-brocklesby-irc-isupport-03#section-4.8
[3]: https://tools.ietf.org/html/draft-hardy-irc-isupport-00
s_assert requires some higher-level functionality that shouldn't be
present in ircd_defs.h. ircd_defs.h is used by ssld, which has no notion
of logging or sending IRC messages. Additionally, some of the headers
s_assert depends on result in conflicting definitions in ssld.c.
This change also fixes the compile when using --enable-assert=soft.
When the configuration file is unreadable or not existing, charybdis will now report the POSIX error message from the failed call. This is a compromise between the behavior in f951460ae9 and f6f049070e.
Previously it was in src/ircd.c, but accroding to jilles, this is a better place for the notification.
This changes a patch made in adef4da10c and amended in 65d921173c and f6f049070e.
They will be treated as hostmasks only. In the case of dlines they will
be rejected as invalid.
hostmask.c entries such as dlines, klines and auth blocks can only be
added by opers or via ircd.conf.
A zero CAP_CAP caused duplicate CAPAB to go undetected, allowing a
mismatch between what is sent out via ENCAP GCAP and what applies locally.
A zero CAP_TS6 allowed server connections without SID (with a valid
connect block).
Currently, the resolver treats SERVFAIL, NOTIMP, and REFUSED queries the
same as NXDOMAIN, but this really should not be the case. Instead, if
the DNS server errors on our request or provides an invalid request, try
another server.
Also, count DNS server errors in addition to timeouts and avoid these
undesirable servers.