Commit graph

74 commits

Author SHA1 Message Date
Eric Mertens
f718aed2ae Replace free with rb_free 2023-11-06 14:22:55 +00:00
Ed Kellett
59ea3c6753 Delay rehashing until we're not processing events
Fixes crash introduced by 0ab6dbbc65. It's
probably a regression since it defeats a system designed to stop this
from happening, but I didn't dig through the history.

rehash() closes listeners. If we happen to get a single epoll() result
that wants to first rehash and then accept a connection, the epoll info
will point to a freed rb_fde_t. Other selectors should have similar
problems, but we didn't investigate that.

rb_fde_ts are normally batched up and freed outside the event
processing, but as of the above commit close_listeners() screws that up
by closing pending FDs immediately in order to create new listeners.

I think it might be a bit better to revert this behaviour and simply not
close listeners if we are going to open new ones over them, but have
opted for the smallest reasonable change I can think of.

Helped-by: Eric Mertens <emertens@gmail.com>
2023-11-06 14:22:55 +00:00
Eric Mertens
48a06ae3d7
Add description parameter to auth blocks (#327) 2022-04-14 14:39:45 -07:00
jess
bd38559fed
better standardised SNO_FULL. always show host AND ip 2021-11-14 17:59:58 +00:00
jess
78825899cd
explicitly show IP in SNO_BANNED snotes 2021-10-09 22:45:22 +01:00
jesopo
be52c4c062
add SNO_BANNED, snote for it on client k/x-line rejection (#242)
* add SNO_BANNED, snote for it on client k/x-line rejection

* add snomask help file line for SNO_BANNED
2021-08-11 17:08:31 +01:00
Melissa Draper
e4a62bbc85 Create configurations for user-facing messages within registration (#238) 2021-07-29 21:44:23 -04:00
Melissa Draper
05bc814d83 Create configurable client rejection message for SASL only (#236) 2021-07-29 21:44:23 -04:00
Ariadne Conill
81531536aa
Remove ziplinks (#218) 2021-06-26 17:45:52 +01:00
Ed Kellett
73d8a5aa23 Don't free propagated bans on dereference 2021-06-08 21:57:43 +01:00
Ed Kellett
ce376a21cc Keep propagated bans in a dictionary, not a list 2021-06-08 21:57:43 +01:00
Ed Kellett
dfeba65563 Add channel::ip_bans_through_vhost 2021-04-26 17:51:55 +01:00
Ed Kellett
8aadf0ce46 Track and inform modules of privset changes 2021-03-01 15:45:03 +00:00
jess
40ecb85a1d
add ConfigFileEntry.oper_secure_only, to require TLS to oper up (#76) 2020-11-18 14:29:08 +00:00
Ed Kellett
6485005214 Get rid of hub_mask/leaf_mask 2020-11-14 18:22:08 +00:00
Ed Kellett
e5e814b3db Use opernames not servernames for remote opers 2020-11-13 23:30:04 +00:00
Ed Kellett
1596fc8ffd Forget the old drain reason when rehashing 2020-11-09 21:10:55 +00:00
Ed Kellett
63ab1dd609 Add general::stats_l_oper_only 2020-11-08 19:38:19 +00:00
jess
a922755512
make more snotes L_NETWIDE 2020-11-08 14:30:41 -05:00
Ed Kellett
6ac21a70e2 Add general::hidden_caps 2020-11-08 14:08:38 +00:00
Ed Kellett
625cbb195b Refactor clear_out_address_conf* 2020-10-31 16:00:02 +00:00
Ed Kellett
d4f7eb4ce6
Replace most checks for +o with oper:general
I'm preparing to PR a succession of privs changes with the ultimate goal
of severely limiting the scope of the binary oper/user dichotomy and
move conceptually distinct oper functions into their own privs.

Accomplishing this is a non-trivial task, and can wait, but it's
inconvenient now to have such functions enabled by the same mechanism
that grants any privs at all--so I'm moving all of them to a
transitional priv with the intention of eroding that later.
2020-08-04 22:58:30 +01:00
Simon Arlott
ac09f70838
Merge remote-tracking branch 'ophion/upstream/dnsbl-rename' 2020-07-09 20:53:38 +01:00
Aaron Jones
e241d7979c
Merge pull request #346 from edk0/opmod-as-statusmsg
Port opmod_send_cprivmsg from ircd-seven, sans naming mistake
2020-07-06 10:52:15 +00:00
Janik Kleinhoff
04e5ed6c57
Make 5614c9e6f0b (opmod as fake statusmsg) optional
This adds a channel { ... } option, opmod_send_statusmsg, disabled by
default for compatibility reasons.
2020-07-06 10:36:35 +01:00
Ariadne Conill
3321eef45a ircd: rename DNSBL entries from blacklist to dnsbl_entry. 2020-07-05 21:20:31 -06:00
Ed Kellett
fff4f76353
Add general::tls_ciphers_oper_only 2020-07-05 23:06:51 +01:00
Ed Kellett
0a7faba63d
Remove from the list of propagated bans on expiry
Fixes a use-after-free introduced in 548e31d3b, which fixed a related
use-after-free introduced in a9536f755.
2020-01-02 00:03:06 +00:00
Ed Kellett
548e31d3bd
Fix a place aconfs could be freed while referenced
(not a bug until a9536f755 since bans were not referenced before)
2020-01-01 08:51:53 +00:00
Aaron Jones
5eb10743f9
Merge pull request #299 from edk0/tkline-reason
Add config option to hide durations of temporary K/D-lines
2019-12-31 08:00:24 +00:00
Ed Kellett
9914c013b4
Add general::hide_tkdline_duration 2019-12-31 01:56:01 +00:00
Ed Kellett
a9536f755c
reject: Remember and send reasons for rejections
rejectcache entries can now use either a K-line aconf or a static
string as a reason. This will be sent in a 465 numeric before the usual
ERROR. In the case of K-lines, it resembles the 465 you would have been
sent without being rejected:

; nc -s 127.6.6.6 127.0.0.1 5000
:staberinde.local 465 * :You are banned from this server- Temporary
    K-line 4320 min. - abc123 (2019/12/31 01.07)
ERROR :Closing Link: (*** Banned (cache))
; nc -s 127.128.0.0 127.0.0.1 5000
:staberinde.local 465 * :You are not authorised to use this server.
ERROR :Closing Link: (*** Banned (cache))
2019-12-31 01:35:31 +00:00
Ed Kellett
c4e6888ef7
Recheck umodes for opers after rehash 2019-10-06 21:56:13 +01:00
Ed Kellett
ed3ca2ff16
Propagate OPER
Move opername and privset storage to struct User, so it can exist for
remote opers.

On /oper and when bursting opers, send:

    :foo OPER opername privset

which sets foo's opername and privset. The contents of the privset on
remote servers come from the remote server's config, so the potential
for confusion exists if these do not match.

If an oper's privset does not exist on a server that sees it, it will
complain, but create a placeholder privset. If the privset is created by
a rehash, this will be reflected properly.

/privs is udpated to take an optional argument, the server to query, and
is now local by default:

    /privs [[nick_or_server] nick]
2019-09-13 10:08:27 +01:00
Ed Kellett
1123eefcb0
Rework oper hiding
As it stands, oper hiding is rather messy and inconsistent. Add
SeesOper(target, source), which is true iff target should appear as an
oper to source. If I haven't missed something, all commands that reveal
oper status now use the same logic.

general::hide_opers_in_whois is a special case, and affects /whois only.

general::hide_opers is introduced, and has the same effect as giving
everyone oper:hidden. All commands that reveal oper status respect both.
2019-09-12 23:14:15 +01:00
Ed Kellett
6ca9ff0ea1
Remove unused kline_delay config option 2019-04-27 14:53:04 +01:00
Simon Arlott
fe5fc851aa
gcc7 fixes: NICKLEN -> NAMELEN
Use NAMELEN instead of NICKLEN when accessing Client->name because it
could in theory be a HOSTLEN length string.
2018-01-19 23:26:20 +00:00
Simon Arlott
c6ad9b0c5f
Add basic SCTP listener support that binds to multiple addresses
This only supports two addresses as the intended use is 1 IPv4 and 1 IPv6
address on a single-homed host, and the only supported configuration of
outgoing connections to other servers is to bind a single IPv4 or IPv6
address.
2017-08-24 20:08:20 +01:00
Simon Arlott
de2934965c
remove RB_IPV6 2017-08-20 12:54:46 +01:00
Simon Arlott
86432f8f86
ircd: attach_conf: avoid clang static analysis warning
In the impossible scenario where ClassPtr(aconf) is NULL, reject the
client instead of dereferencing the NULL pointer.
2017-07-29 22:45:58 +01:00
Simon Arlott
89bb7d65fb
ircd: s_conf: fix use of strlcpy in strip_tabs
strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.
2017-06-25 19:48:49 +01:00
William Pitcock
01978a2c8c supported: add chantypes_update() 2016-09-16 13:49:02 -05:00
Aaron Jones
401cb2bb17
ircd_lexer: fix crash with very large config option strings 2016-05-15 00:00:23 +00:00
Aaron Jones
b143df9ac4
minor spring cleaning: remove/relocate duplicate/unused includes & macros
[ci skip]
2016-05-14 23:29:33 +00:00
Simon Arlott
f7b0c4b3d8
sslproc: use global ServerInfo configuration
There's no need to pass information around that sslproc already has access
to, so use ServerInfo directly. Remove the extra NULL checks as these are
already performed before setting ircd_ssl_ok = true.
2016-04-25 19:20:45 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.

Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.

Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Elizabeth Myers
2575a78b0e Add hook for when rehash is called.
This will be used by the future alias module.
2016-04-06 05:43:54 -05:00
Elizabeth Myers
f956cb0f1f Use rb_* versions of nonportable string functions 2016-04-05 05:39:59 -05:00
Elizabeth Myers
64fae2607a Rename authd.[ch] on ircd side to authproc.[ch] to prevent shadowing. 2016-04-02 16:44:04 -05:00