Commit graph

32 commits

Author SHA1 Message Date
jailbird777
8e9a741832 OpenSSL 3.0 compatibility
Edited by @aaronmdjones:

- Correct some data types and casts

- Minor style fixups (e.g. we put * on the variable name not the type)

- librb/src/openssl.c:

  - Defer call of BIO_free(3ssl) to the end of the conditional block
    to avoid having calls to it in multiple paths

  - Check the return value of SSL_CTX_set0_tmp_dh_pkey(3ssl) because if
    it fails then we must use EVP_PKEY_free(3ssl) to avoid a memory leak

    This could fail if, for example, the user supplied DSA parameters
    in the DH parameters file instead.

- ircd/newconf.c:

  - Check whether OSSL_DECODER_CTX_new_for_pkey(3ssl) was able to parse
    the given CHALLANGE public key as a valid RSA public key, and then
    check whether OSSL_DECODER_from_bio(3ssl) actually loads it
    successfully

- ircd/s_newconf.c:

  - Use EVP_PKEY_free(3ssl) instead of OPENSSL_free(3ssl) on EVP_PKEY
    pointers; this will avoid inadvertent memory leaks if the EVP_PKEY
    structure contains any dynamically-allocated child members

- modules/m_challenge.c:

  - Unconditionally use EVP(3ssl) to generate the SHA-1 digest of the
    random challenge; this API has been around for a very long time and
    is available in all supported versions of OpenSSL

  - Add lots of error checking to all steps of the process

Tested against 1.1.1 and 3.0; both with missing and provided DH parameters
(which works as you'd expect; the server will not negotiate a DHE cipher
without them), and CHALLENGE, including missing keys or keys of the wrong
type (e.g. when you supply an EdDSA key instead of an RSA key).

This does break compatibility with OpenSSL 1.1.0 and below, which are now
all end-of-life and unsupported anyway.

Closes #357
2022-08-25 00:36:47 +00:00
Doug Freed
73520cd1ed m_challenge: various fixes 2020-11-19 16:48:44 -05:00
jess
40ecb85a1d
add ConfigFileEntry.oper_secure_only, to require TLS to oper up (#76) 2020-11-18 14:29:08 +00:00
jess
a922755512
make more snotes L_NETWIDE 2020-11-08 14:30:41 -05:00
Ed Kellett
35eccf4930 Rename UMODE_SSLCLIENT, IsSSLClient 2020-10-31 16:00:02 +00:00
Ed Kellett
ed3ca2ff16
Propagate OPER
Move opername and privset storage to struct User, so it can exist for
remote opers.

On /oper and when bursting opers, send:

    :foo OPER opername privset

which sets foo's opername and privset. The contents of the privset on
remote servers come from the remote server's config, so the potential
for confusion exists if these do not match.

If an oper's privset does not exist on a server that sees it, it will
complain, but create a placeholder privset. If the privset is created by
a rehash, this will be reflected properly.

/privs is udpated to take an optional argument, the server to query, and
is now local by default:

    /privs [[nick_or_server] nick]
2019-09-13 10:08:27 +01:00
Elizabeth Myers
f956cb0f1f Use rb_* versions of nonportable string functions 2016-04-05 05:39:59 -05:00
Elizabeth Myers
3c7d6fcce7 Message handlers should return void.
Also fix up some return values and stuff to use bool (or void if
nothing). I just did it whilst I was here.

According to jilles, the return value used to signify whether or not the
client had exited. This was error-prone and was fixed a long, long time
ago, but the return value was left int for historical reasons.

Since the return type is not used (and has no clear use case anyway),
it's safe to just get rid of it.
2016-03-09 01:37:03 -06:00
Elizabeth Myers
eeabf33a7c Move module description headers to the top
This is cleaner.

Note this was broken out of a much larger piece of work I did, so if
there's any problems, I apologise!
2016-03-09 01:29:41 -06:00
Elizabeth Myers
5544da98b8 Add AV2 descriptions to all m_c* modules. 2016-03-07 01:52:16 -06:00
Elizabeth Myers
105a4985b4 Migrate remaining modules to AV2
No descriptions yet. :(
2016-03-07 00:03:39 -06:00
Elizabeth Myers
cbeab4bc34 Remove $Id tags from everything.
These are obsolete and none have changed since 10 years gao...
2016-03-06 02:47:27 -06:00
William Pitcock
7baa37a9ef msg: remove last vestiges of the fakelag system. charybdis has never supported fakelag. 2016-02-19 16:43:39 -06:00
William Pitcock
428ca87b01 modules: chase MsgBuf API change 2016-02-10 20:54:17 -06:00
Keith Buck
55abcbb20a Remove trailing whitespace from all .c and .h files.
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
Elizabeth Jennifer Myers
6493f05d8c m_challenge: fix use of undefined behaviour.
GCC does what we expect, but other compilers could do just about anything.
2011-02-22 12:00:45 -05:00
Jilles Tjoelker
fad065bb95 challenge: Fix build. 2010-02-18 23:42:07 +01:00
William Pitcock
ed8b3d69ac Add certfp check to challenge too. 2010-02-17 23:01:25 -06:00
William Pitcock
76169ea734 Clarify ERR_NOOPERHOST and convert it to use sendto_one_numeric(). 2010-02-17 06:51:41 -06:00
Jilles Tjoelker
161f040940 Update comments for parv[0] removal. 2009-01-18 18:22:43 +01:00
Jilles Tjoelker
b159441429 Add need_ssl to auth{} and operator{}.
Specifying need_ssl on auth{} denies the connection if
it is not SSL/TLS, much like need_ident or need_sasl.
Specifying need_ssl on operator{} refuses opering with
ERR_NOOPERHOST if the connection is not SSL/TLS.
from ircd-ratbox
2008-09-07 01:18:58 +02:00
Valery Yatsko
4562c60489 irc_string.h -> match.h, irc_string.h; includes changed 2008-04-20 09:47:38 +04:00
Valery Yatsko
f427c8b00d strlcpy -> rb_strlcpy 2008-04-20 08:40:40 +04:00
Valery Yatsko
6af128685d Functions replacement: ircd_baseXX_{en,de}code -> rb_baseXX_{en,de}code 2008-04-20 08:36:28 +04:00
Valery Yatsko
f55930ac2e get_randomness() removed from m_challenge.c - we use rb_get_random() now from libratbox 2008-04-20 08:30:41 +04:00
William Pitcock
4016731b1c s_log.* -> logger.* (s_foo looks ugly, lets try to get rid of it) 2008-04-02 21:52:01 -05:00
Valery Yatsko
e335494516 CurrentTime -> rb_currenttime(); 2008-04-02 03:53:20 +04:00
Valery Yatsko
eddc2ab6d8 MyMalloc -> rb_malloc 2008-04-02 03:07:29 +04:00
Valery Yatsko
637c4932f6 Argh, wrong replace caused by MS VS 2005 interface. 2008-04-02 02:47:17 +04:00
Valery Yatsko
81af5bcb39 libcharybdis includes gone. 2008-04-02 02:39:19 +04:00
nenolod
5366977b4f [svn] Backport from early 3.x:
--
nenolod     2006/09/27 16:39:14 UTC	(20060927-2178)
  Log:
  - remove "Processing connection to foobar.net" message


  Changes:	Modified:
  +0 -3		trunk/src/s_auth.c (File Modified)


nenolod     2006/09/27 16:34:26 UTC	(20060927-2176)
  Log:
  - missed the processing connection one (actually, we can probably nuke this one)


  Changes:	Modified:
  +1 -2		trunk/src/s_auth.c (File Modified)


river       2006/09/27 16:33:05 UTC	(20060927-2174)
  Log:
  get_client_name = stupid



  Changes:	Modified:
  +10 -7	trunk/modules/core/m_kill.c (File Modified)


nenolod     2006/09/27 16:32:37 UTC	(20060927-2172)
  Log:
  - remove excessive arguments


  Changes:	Modified:
  +1 -2		trunk/src/s_conf.c (File Modified)
  +1 -1		trunk/src/s_user.c (File Modified)


nenolod     2006/09/27 16:30:59 UTC	(20060927-2170)
  Log:
  - use sendto_one_notice() for on-connect notices too.


  Changes:	Modified:
  +10 -10	trunk/src/s_auth.c (File Modified)


nenolod     2006/09/27 16:27:01 UTC	(20060927-2168)
  Log:
  - use sendto_one_notice() in the core, too.


  Changes:	Modified:
  +2 -2		trunk/src/chmode.c (File Modified)
  +8 -15	trunk/src/modules.c (File Modified)
  +3 -5		trunk/src/s_conf.c (File Modified)
  +1 -2		trunk/src/s_newconf.c (File Modified)
  +20 -57	trunk/src/s_user.c (File Modified)


river       2006/09/27 16:19:25 UTC	(20060927-2166)
  Log:
  the KILL command will use get_client_name(, SHOW_IP) instead of
  target->name, and will show a more useful error for local opers



  Changes:	Modified:
  +6 -4		trunk/modules/core/m_kill.c (File Modified)


nenolod     2006/09/27 16:09:48 UTC	(20060927-2164)
  Log:
  - fix bugs in sendto_one_notice()/sendto_one_numeric() where a client identifier won't be sent to unregistered clients


  Changes:	Modified:
  +4 -2		trunk/src/send.c (File Modified)


nenolod     2006/09/27 16:05:46 UTC	(20060927-2161)
  Log:
  - back out r2159


  Changes:	Modified:
  +1 -1		trunk/include/client.h (File Modified)


nenolod     2006/09/27 16:04:05 UTC	(20060927-2159)
  Log:
  - get_id(): fall back to "*" if client has no known name


  Changes:	Modified:
  +1 -1		trunk/include/client.h (File Modified)


nenolod     2006/09/27 16:01:29 UTC	(20060927-2157)
  Log:
  - convert to sendto_one_notice().


  Changes:	Modified:
  +2 -3		trunk/unsupported/m_clearchan.c (File Modified)
  +4 -6		trunk/unsupported/m_force.c (File Modified)


nenolod     2006/09/27 15:57:11 UTC	(20060927-2155)
  Log:
  - use sendto_one_notice() in many places instead of
sendto_one(source_p, ":%s NOTICE %s :", ...);


  Changes:	Modified:
  +10 -25	trunk/extensions/example_module.c (File Modified)
  +5 -14	trunk/extensions/hurt.c (File Modified)
  +1 -2		trunk/extensions/m_42.c (File Modified)
  +7 -12	trunk/extensions/m_mkpasswd.c (File Modified)
  +1 -2		trunk/extensions/m_ojoin.c (File Modified)
  +1 -2		trunk/extensions/m_opme.c (File Modified)
  +3 -3		trunk/extensions/spy_whois_notice.c (File Modified)
  +3 -3		trunk/extensions/spy_whois_notice_global.c (File Modified)
  +3 -7		trunk/modules/core/m_die.c (File Modified)
  +2 -4		trunk/modules/core/m_kill.c (File Modified)
  +2 -2		trunk/modules/core/m_squit.c (File Modified)
  +1 -2		trunk/modules/m_challenge.c (File Modified)
  +11 -15	trunk/modules/m_connect.c (File Modified)
  +20 -28	trunk/modules/m_dline.c (File Modified)
  +2 -2		trunk/modules/m_etrace.c (File Modified)
  +11 -21	trunk/modules/m_gline.c (File Modified)
  +2 -4		trunk/modules/m_kline.c (File Modified)
  +1 -2		trunk/modules/m_rehash.c (File Modified)
  +3 -7		trunk/modules/m_restart.c (File Modified)
  +31 -45	trunk/modules/m_set.c (File Modified)
  +2 -4		trunk/modules/m_testmask.c (File Modified)
  +5 -8		trunk/modules/m_unreject.c (File Modified)
  +2 -5		trunk/modules/m_xline.c (File Modified)
--
2007-01-24 23:23:01 -08:00
nenolod
212380e3f4 [svn] - the new plan:
+ branches/release-2.1 -> 2.2 base
  + 3.0 -> branches/cxxconversion
  + backport some immediate 3.0 functionality for 2.2
  + other stuff
2007-01-24 22:40:21 -08:00