Commit graph

2190 commits

Author SHA1 Message Date
William Pitcock
6e3d57dc6b cap: remove SASL_REAUTH capability 2015-02-28 01:01:08 -06:00
William Pitcock
51535fcbce sasl: allow reauth without sasl-reauth capability (since it's being dropped) 2015-02-28 00:48:43 -06:00
William Pitcock
676032301e move README to markdown. 2015-02-24 20:32:08 -06:00
William Pitcock
74bae4c6ff remove references to LIBPATH (closes #26). 2015-02-24 20:25:34 -06:00
William Pitcock
654caa84fb ircd.conf.example: explain DH parameters size better (closes #68) 2015-02-18 12:36:00 -06:00
William Pitcock
dd28e3f2a4 Merge pull request #82 from grawity/sasl-send-conn-info
m_sasl: send information about the client connection
2015-02-18 12:29:57 -06:00
William Pitcock
95cce5f358 Revert "m_invite: add support for CAP invite-notify"
This reverts commit 93eb76cc32.
2015-02-16 17:50:51 -06:00
William Pitcock
4cb0a93d25 libratbox/gnutls: call gnutls_rnd_refresh() to ensure our PRNG is initialized 2015-02-16 17:40:25 -06:00
William Pitcock
cfa7b5fdb0 rebuild configure 2015-02-16 15:57:14 -06:00
William Pitcock
7585af0f3b configure: move some OS X toolchain checks around (closes #40) 2015-02-16 15:55:36 -06:00
Max Teufel
93eb76cc32 m_invite: add support for CAP invite-notify
Specification:
<https://github.com/ircv3/ircv3-specifications/blob/master/extensions/invite-notify-3.2.md>
2015-02-16 15:40:34 -06:00
William Pitcock
c6bc97fdcd m_sasl: move some struct members around for sasl-reauth 2015-02-16 15:39:36 -06:00
William Pitcock
3a48406b55 cap: fix compile 2015-02-15 17:40:20 -06:00
William Pitcock
ef3ab8e3a5 cap: allow clients to do sasl reauth if they requested sasl and sasl-reauth (ref ircv3/ircv3#103). 2015-02-15 17:11:28 -06:00
William Pitcock
0044d40050 cap: add notion of required dependency caps 2015-02-15 17:11:28 -06:00
William Pitcock
ce14240a02 Merge pull request #83 from maxteufel/feature/saslserv_config_option
m_sasl: add configuration option for the nick of the SASL agent
2015-02-14 15:23:00 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Jilles Tjoelker
f51b72de97 Ignore duplicate USER and PASS.
If SASL starts using USER/PASS for unregistered clients, this change stops
users from using one USER/PASS for SASL while using another for connecting.
2015-02-13 23:07:02 +01:00
Mantas Mikulėnas
a3fa9d81a2 m_sasl: send information about the client connection 2015-02-13 22:38:24 +02:00
William Pitcock
9299ce1371 Merge pull request #81 from attilamolnar/master+openssl
openssl: Disable session tickets and session caching
2015-02-09 14:59:56 -06:00
Attila Molnar
989652e7a8 openssl: Disable session caching 2015-02-09 21:19:09 +01:00
Attila Molnar
6b6a579925 openssl: Disable session tickets 2015-02-09 21:18:32 +01:00
William Pitcock
bc75c3ae0e fix target list generation edge case where WALLCHOPS was requested alongside normal users if the source user was not a channel op.
from ircd-hybrid r5457
2015-02-09 11:16:06 -06:00
Jilles Tjoelker
22e4a9bc2b Merge branch 'master+sjoin-deadcode' of https://github.com/attilamolnar/charybdis 2015-01-30 17:54:13 +01:00
Attila Molnar
407094721c SJOIN: Remove some dead code 2015-01-30 14:42:08 +01:00
Jilles Tjoelker
e9f86e320e introduce_client(): Remove redundant check for sockhost starting with colon.
Other code (inet_ntop6() in libratbox/src/commio.c and
extensions/m_webirc.c) ensures the sockhost does not start with a colon.
Checking only here does not make sense.

Reported by:	Attila
2015-01-25 22:11:16 +01:00
Jilles Tjoelker
3881a3ce5d Don't append a domain to names without dot from reverse lookup.
Some code to append "domain" from /etc/resolv.conf to unqualified names (for
server connections) erroneously applied to names from reverse DNS lookups as
well.

The effect was that "domain" from /etc/resolv.conf was appended to
"localhost", even though the DNS server intended "localhost" to be a fully
qualified name.
2015-01-16 23:23:56 +01:00
Aaron Jones
3c80b42532 Allow clients to have a resolved hostname of localhost
I slightly changed the patch to match surrounding style.

(cherry picked from commit 0b06270fd6266c85d19e008efcd039605daf59d0)
2015-01-16 21:38:42 +01:00
Jilles Tjoelker
74b2fb72db pretty_mask(): Stop temporarily modifying the passed mask entirely. 2015-01-15 23:45:02 +01:00
Jilles Tjoelker
f4e893b515 pretty_mask(): Use explicit lengths instead of temporarily writing '\0'.
This is slightly simpler and should fix Coverity warnings.
2015-01-15 23:38:50 +01:00
Jilles Tjoelker
7db54a1f97 libratbox: Fix sizeof in two memsets.
This fixes a compiler warning. The necessary fields of the struct sigevent
were initialized so there was no problem.

Submitted by:	Aaron (via IRC)
Reviewed by:	Attila
2015-01-15 23:38:50 +01:00
Jilles Tjoelker
1c864688bb linebuf: Fix possible memory corruption when receiving many CR/LF.
The last byte of balloc.c's block pointer could be changed from 10 or 13 to
0. On amd64, this is not possible. On i386, this is possible and usually
causes a crash soon.
2014-11-05 21:42:35 +01:00
William Pitcock
5d4a99540b Merge pull request #73 from Argure/master
Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might break TLS-ca...
2014-11-05 04:52:50 -06:00
William Pitcock
070d8da8eb Merge pull request #75 from attilamolnar/master+nullcharfix
Fix sending null char after ERROR when the server is full
2014-11-04 23:26:40 -06:00
Attila Molnar
76d82c19ad Fix sending null char after ERROR when the server is full 2014-11-04 21:57:37 +01:00
Patrick Godschalk
d072eb2350 Explicitly drop SSLv3 connections (SSL_OP_NO_SSLv3) - might break TLS-capable clients that still depend on SSLv23 handshake 2014-10-26 13:15:30 +01:00
Jilles Tjoelker
2a17ae5483 ban: Fix build breakage.
A normal 'make' did not rebuild m_ban.c even though dependencies had
changed.
2014-09-21 18:28:24 +02:00
Jilles Tjoelker
36e50ccfa5 tools: Remove Hybrid 6 conversion tools.
Hybrid 6 is old enough that the conversion tools can go away now.
They are for I and K lines; the ircd.conf converter was already removed.

This removes compiler/analyzer warnings about these tools.
2014-09-21 18:20:39 +02:00
Jilles Tjoelker
624d779127 bandb: Don't apply empty ban list when bandb starts sending bans.
When bandb sends the ban list, it first sends 'C', then all bans and
finally 'F'. Only when 'F' is sent is ircd supposed to apply the bans.
Because of a missing break, 'C' also did 'F', clearing the ircd active
permanent bans until bandb sent 'F'.

The effect is pretty limited because having bandb send the ban list via
/rehash bans is uncommon and most bans will be enforced when reset.
2014-09-21 18:09:18 +02:00
Jilles Tjoelker
8c04f89623 libratbox: Add comment that case fallthrough is deliberate. 2014-09-21 17:44:34 +02:00
Jilles Tjoelker
367f61444a Gitignore vim swap files. 2014-09-21 16:58:06 +02:00
Jilles Tjoelker
5f1db61bdf server: Don't read beyond the bounds of ServerInfo.ip and ServerInfo.ip6. 2014-09-21 16:57:38 +02:00
Jilles Tjoelker
dc336d1a63 server: Remove two dead stores. 2014-09-21 15:16:56 +02:00
Jilles Tjoelker
483987a464 Explicitly pass the current time to deactivate_conf().
Some places depend on the ban not being destroyed.
2014-09-21 15:02:43 +02:00
Jilles Tjoelker
2196b1825d Fix crash when there are two blacklist hosts without intervening reason.
This is invalid configuration; the first host is supposed to be ignored.
2014-09-21 14:42:14 +02:00
William Pitcock
ed5d7eb122 Merge pull request #70 from grobe0ba/master
Remove incorrect comment regarding location of functions in src/modules.c
2014-09-09 10:19:35 -05:00
Byron Grobe
e8d7921a08 Removed comment from src/modules.c that states certain function were moved into a file that no longer exists. (Circa ~2002) 2014-09-09 08:13:42 +00:00
Mantas Mikulėnas
423d875b7f doc/sasl.txt: forgot to wrap lines and sort references 2014-09-08 22:37:40 +03:00
Mantas Mikulėnas
f3319b3b2e doc/sasl.txt: drop dead links, add links to IRCv3 spec and relevant SASL RFCs 2014-09-08 22:27:36 +03:00
Jilles Tjoelker
aea6c4f9e6 chmode: Check mlock when a local oper changes cmode +L/+P.
This check was erroneously removed when fixing /mode #channel f when +f is
mlocked. Mlock checks were restricted to the places requiring chanops
(other than viewing +eI lists); cmode +L/+P do not require chanops, but
still constitute a mode change that must be checked against mlock.
2014-08-18 00:26:38 +02:00